From ab298fd7f28582f5b604ed8d67df57ef1d58930a Mon Sep 17 00:00:00 2001
From: jester <admin@zerolaghub.com>
Date: Sun, 18 Jan 2026 22:49:23 +0000
Subject: [PATCH] Add Console Responsibility Split - clarify agent owns
 PTY/execution, API authenticates, portal renders UI only

---
 PORTAL_MIGRATION.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/PORTAL_MIGRATION.md b/PORTAL_MIGRATION.md
index d494f1e..97b9aec 100644
--- a/PORTAL_MIGRATION.md
+++ b/PORTAL_MIGRATION.md
@@ -126,3 +126,26 @@ It does not directly query agents, Proxmox, or exporters.
 - UI refresh reflects Redis state, not instant agent changes
 
 This model intentionally mirrors Pterodactyl semantics.
+
+---
+
+## Console Responsibility Split (Authoritative)
+
+### Agent
+- Owns PTY lifecycle
+- Owns process execution
+- Owns security boundary
+- Owns WebSocket console endpoint
+
+### API
+- Authenticates console access
+- Provides server metadata (vmid, type)
+- Does NOT proxy PTY traffic
+
+### Portal
+- Renders terminal UI
+- Sends raw input bytes
+- Displays streamed output
+- Must not assume process state
+
+This split is intentional and enforced to prevent drift.