Context
"agent-portal-host" prompt menu currently exposed an "allow-session" option, but the backend only treats any "allow*" response as a one-shot allow decision.
To avoid implying behavior that does not exist yet, the UI option has been removed for now.
Goal
Implement real session-scoped authorization semantics for prompt decisions so "allow-session" works as users expect.
Suggested scope
- Define what a "session" means (container ID? client socket? request origin tuple?)
- Store session approvals with explicit TTL/lifecycle
- Enforce session cache lookup before prompting
- Add tests for allow-once vs allow-session behavior
- Re-introduce "allow-session" in prompt menu once fully implemented
Notes
Current temporary behavior: prompt only offers "allow-once" and "deny".
Context
"agent-portal-host" prompt menu currently exposed an "allow-session" option, but the backend only treats any "allow*" response as a one-shot allow decision.
To avoid implying behavior that does not exist yet, the UI option has been removed for now.
Goal
Implement real session-scoped authorization semantics for prompt decisions so "allow-session" works as users expect.
Suggested scope
Notes
Current temporary behavior: prompt only offers "allow-once" and "deny".