feat(mgmt): secured-write approve relays to site MxGateway write with CAS race guard (T14b)

src/ZB.MOM.WW.ScadaBridge.Commons/Interfaces/Repositories/ISecuredWriteRepository.cs

@@ -54,4 +54,29 @@ public interface ISecuredWriteRepository
         int skip,
         int take,
         CancellationToken ct = default);
+
+    /// <summary>
+    /// Atomically flips a row from <c>Pending</c> to <c>Approved</c>, stamping the
+    /// verifier identity, comment, and decision time, but ONLY if the row is still
+    /// <c>Pending</c>. This is the compare-and-swap guard for the two-verifier race
+    /// (M7 / T14b): two verifiers may approve the same write concurrently, but the
+    /// conditional <c>WHERE Status='Pending'</c> guarantees exactly one wins. The
+    /// loser observes <c>false</c> and must not relay the write.
+    /// </summary>
+    /// <param name="id">Identity of the pending secured write.</param>
+    /// <param name="verifierUser">The approving verifier's username.</param>
+    /// <param name="verifierComment">Optional free-text comment from the verifier.</param>
+    /// <param name="decidedAtUtc">UTC instant the approval decision was made.</param>
+    /// <param name="ct">Cancellation token.</param>
+    /// <returns>
+    /// A task resolving to <c>true</c> if this caller won the approval (exactly one
+    /// row transitioned), or <c>false</c> if the row was no longer <c>Pending</c>
+    /// (already decided by another verifier).
+    /// </returns>
+    Task<bool> TryMarkApprovedAsync(
+        long id,
+        string verifierUser,
+        string? verifierComment,
+        DateTime decidedAtUtc,
+        CancellationToken ct = default);
 }