feat(agentex): forward user session cookie to agent pods via acp headers

[cdvillegas]

Pull Request Summary

PR #245 added x-acting-user-api-key for API-key callers. Browser and Ops Hub users authenticate with the _identityJwt session cookie, so agent pods still had no delegatable credential.

This PR extends runtime delegation v1 for cookie-based auth:

• After auth validates a user principal (not agent-as-self), agentex builds outbound ACP headers from the inbound request.
• x-api-key present: forward as x-acting-user-api-key (unchanged from feat(agentex): forward user api key to agent pods via acp headers #245).
• Session cookie only: parse the inbound Cookie header and forward only allowlisted name=value pairs on x-acting-user-cookie. Never replay the full browser Cookie header (no CSRF, analytics, or third-party cookies).
• Default allowlist: _identityJwt (Scale Ops Hub / EGP / Spark). No Helm change required for default deployments.
• Override: AGENTEX_DELEGATION_SESSION_COOKIE_NAMES (comma-separated). Unset = default. Empty string = cookie delegation disabled (API key path only).
• Precedence: API key wins when both API key and cookie are sent.
• Anti-spoofing: x-acting-user-cookie, x-selected-account-id, x-api-key, and raw cookie remain blocked on client passthrough; delegation values are server-set only.
• Logging: inbound request logs redact keys matching cookie (in addition to existing api-key redaction).

Agent SDK PassthroughResolver and agent-side SGP consumption remain follow-up work.

Test Plan

• tests/unit/domain/test_delegation_headers.py: API key and cookie paths, API key precedence, env unset/empty/override for cookie names, skip when no principal or agent identity, no credential.
• test_send_message_includes_cookie_delegation_headers on AgentACPService: asserts only _identityJwt is forwarded when extra cookies are present.
• TestFilterRequestHeaders: acting cookie and selected-account-id spoof headers stripped from passthrough.

Linear Issue

Resolves AGX1-293

Greptile Summary

This PR extends runtime delegation for browser/Ops Hub users who authenticate with the _identityJwt session cookie rather than an API key. When a validated user principal is present, agentex parses the inbound Cookie header and forwards only allowlisted name-value pairs via a new x-acting-user-cookie ACP header to agent pods.

• delegation_headers.py: Adds _minimal_session_cookie() (allowlist-only cookie filtering via SimpleCookie) and extends build_delegation_headers() with a cookie fallback path when no API key is present; cookie name allowlist is env-configurable with _identityJwt as the default.
• agent_acp_service.py: Blocks x-acting-user-cookie and x-selected-account-id from client passthrough in BLOCKED_HEADERS to prevent spoofing.
• request_utils.py: Adds r\"cookie\" to the log-redaction blacklist so inbound cookie headers are scrubbed from request logs.

Confidence Score: 5/5

Safe to merge — cookie filtering is allowlist-only, spoofing protection is in place, and all credential paths are covered by tests.

The allowlist approach in _minimal_session_cookie is the right design: only explicitly named cookies ever leave agentex. Adding x-acting-user-cookie and x-selected-account-id to BLOCKED_HEADERS closes the client-spoofing vector before delegation headers are written. The env-based override lets operators disable cookie delegation entirely. Test coverage is thorough across all branches.

No files require special attention.

Important Files Changed

Filename	Overview
agentex/src/domain/delegation_headers.py	Core delegation logic — adds cookie allowlist parsing and env-based config; logic is correct and mirrors the PR spec exactly.
agentex/src/domain/services/agent_acp_service.py	Adds x-acting-user-cookie and x-selected-account-id to BLOCKED_HEADERS, preventing client spoofing through the passthrough path.
agentex/src/utils/request_utils.py	Adds r'cookie' to the log-redaction regexp blacklist; conservatively redacts any key containing 'cookie' from request logs.
agentex/tests/unit/domain/test_delegation_headers.py	New unit tests cover all key branches: default/empty/override env, API-key precedence, cookie allowlist filtering, and no-credential/no-principal short-circuits.
agentex/tests/unit/services/test_agent_acp_service.py	Integration-level test validates end-to-end cookie delegation in send_message and confirms spoofed headers are stripped from client passthrough.

_{Reviews (4): Last reviewed commit: "Merge branch 'main' into chris-villegas/..." | Re-trigger Greptile}

[cdvillegas]

@greptile