Every session now mints a CapabilityToken on creation and revokes it on
terminate / destroy / cleanup. setMode re-attenuates instead of mutating;
plan→execute widening is rejected by the token's mode lattice. Subagent
delegation goes through attenuateForSubagent so child authority is always
a strict subset of the parent. Spec page introduces the typed-action,
mode, and label-flow model; build page shows the plan→execute pattern.
Co-authored-by: Cursor <cursoragent@cursor.com>
