docs: sync ADP changes from cloudv2 (2026-07-04)#125
Conversation
Document the new dataplane_adp_agent_session_{list,get,delete}
permissions introduced by the SessionService (agents/{agent}/sessions)
in cloudv2. list and get are granted to Writer and Reader; delete is
Writer-only. Adds a note that session_get exposes full conversation
content to the general-purpose Reader role.
Source: cloudv2 PR #27659 (commit 7093932), permissions_constants.go.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01D6G3MiyR6SvPh9JfzMXECz
✅ Deploy Preview for redpanda-agentic-data-plane ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
[adp-docs PR critic] Verdict: looks accurate. I reviewed the diff to Source-accuracy checks (all confirmed against cloudv2
Standards / correctness: AsciiDoc is well-formed — Completeness: The PR documents exactly the user-facing surface introduced by the source commit (the three new permissions + the Reader-trust caveat). No gaps found. No changes recommended. Generated by Claude Code |
Summary
Syncs one user-facing Agentic Data Plane change from cloudv2 into the docs: the new agent session permissions.
📄 Deploy preview: https://deploy-preview-125--redpanda-agentic-data-plane.netlify.app/agentic-data-plane/control/permissions-reference/
cloudv2 added a public
SessionService(agents/{agent}/sessions/{session}, protov1alpha1) for listing, viewing, and deleting a managed agent's persisted conversation sessions. It introduces three new permissions that the docs' permissions reference must enumerate:dataplane_adp_agent_session_listdataplane_adp_agent_session_getdataplane_adp_agent_session_deleteRole grants are taken from
writerRolePermissions/readRolePermissionsinpermissions_constants.go:listandgetare granted to both Writer and Reader;deleteis Writer-only.What changed in
modules/control/pages/permissions-reference.adocdataplane_adp_agent_session_getreturns full conversation content (prompts, tool inputs/outputs, model output) to the general-purpose Reader role — unlike the transcript permissions, which require the dedicated TranscriptReader role. Grounded in the source comment inpermissions_constants.goflagging thatsession_getsits at transcript-access trust level.Source commits
7093932—adp: move SessionService to adp-api as an AIP session resource(PR #27659, author @birdayz). Definessession.proto, the newdataplane_adp_agent_session_{list,get,delete}permissions, cedar schema, and role grants.Reviewer
Added @birdayz (author of the source commit) as an optional reviewer for a source-accuracy check. Their approval is not blocking.
Changes considered but not documented
The rest of the last 24 hours of cloudv2
mainwas out of scope for docs:52b3c15,9716715,4247889) — gated behind a default-off, internal cluster template knob (template.observability.traces_enabled); no customer-facing surface yet.rpk aiCLI hint/auth/env refactors — internal wording and bug fixes; therpk aireference is auto-generated and not hand-edited here. cloudv2 characterized v0.2.18 as a maintenance release.🤖 Generated with Claude Code
https://claude.ai/code/session_01D6G3MiyR6SvPh9JfzMXECz