Sessions & caching

Each actor’s auth flow produces a session: a token plus extracted variables, with a configurable TTL. Sessions are cached across operations within a run; the engine automatically reuses them if live, refreshes them if expired (and session.refresh is configured), or re-authenticates on 401.