Description

Fixes missing agent-level isolation for watch task permissions.

Previously, watch task access for USER role was effectively scoped by account_id + user_id, which allowed one agent to read, update, or delete watch tasks created by another agent under the same user.

This PR tightens the permission check to account_id + user_id + agent_id for USER role while preserving the existing behavior for ADMIN and ROOT.

Related Issue

N/A

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Refactoring (no functional changes)
• Performance improvement
• Test update

Changes Made

• Updated WatchManager permission checks so USER access now requires both matching user_id and agent_id
• Propagated ctx.user.agent_id through ResourceService and scheduler paths when querying, updating, and deleting watch tasks
• Added regression tests covering cross-agent visibility, update/delete denial, admin cross-agent management, and service-layer conflict/cancel behavior

Testing

• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• I have tested this on the following platforms:
  • Linux
  • macOS
  • Windows

Test commands:

• .venv/bin/python -m pytest tests/resource/test_watch_manager.py tests/service/test_resource_service_watch.py -q

Additional validation:

• Verified with a real local agent/provider setup that:
  • agent A can see and cancel its own watch task
  • agent B cannot read or cancel agent A's watch task
  • agent B still receives URI conflict when attempting to create a duplicate watch on the same target

Checklist

• My code follows the project's coding style
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• Any dependent changes have been merged and published

Screenshots (if applicable)

N/A

Additional Notes

• This change intentionally keeps ADMIN behavior unchanged: admins can still manage watch tasks across agents within the same account.
• The goal of this PR is to align watch task ownership with the repository's existing user + agent isolation model for agent-scoped state.