Resource-Scoped and Dashboard-Only Embed Sessions

Meshes embed sessions now support two new additive access shapes on top of the existing workspace session model.

What is new

• Resource sessions lock the iframe to one resource + resource_id pair
• Dashboard sessions expose a read-only dashboard-only embed
• launch_page replaces raw launch paths with a small initial-page enum
• Server-side enforcement now keeps resource and dashboard sessions constrained even when a token is used directly against the API

What resource sessions can do

• launch into dashboard, rules, or events
• view only in-scope rules and events
• create rules and emit or retry events only inside the locked resource scope
• open matching Event Detail when the event belongs to that resource pair

What dashboard sessions can do

• launch into dashboard
• read dashboard shell data and dashboard metrics
• stay read-only and dashboard-only

What changed for integrators

• use launch_page instead of raw route strings
• choose session_type when minting a session
• send resource and resource_id only for resource sessions

Learn more

• Embed overview
• Session API overview
• Workspace pages available in embed