feat: multi-persona support (single Cortex, multiple users)

- Add cortex/persona.py: ContextVar-based per-request routing with
  path traversal protection and persona validation
- Migrate inara/ → personas/inara/ (git history preserved via git mv)
- config.py: add personas_root(), inara_path() delegates to personas/inara
- All 14 settings.inara_path() call sites replaced with persona_path()
- ChatRequest + OrchestrateRequest: add persona field (default: "inara")
  with validation at request entry before any processing
- memory_distiller: add optional persona param for future per-persona distill
- cron_runner/tools/cron: stamp persona on jobs, prefix APScheduler IDs
  (persona:job_id) to prevent collisions across personas
- scheduler: _load_user_crons() iterates all personas at startup

Adding a new persona: create personas/<name>/ with IDENTITY.md + SOUL.md.
Auth: handled at nginx level (inject X-Cortex-Persona header per subdomain).
Future: persona maps to Aether account_id_random for full integration.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

cortex/routers/chat.py

@@ -8,6 +8,7 @@ from llm_client import complete
 from session_logger import log_turn
 from session_store import load as load_session, save as save_session, list_all, generate_session_id, delete as delete_session
 from config import settings
+from persona import set_persona, validate as validate_persona
 import event_bus
 
 
@@ -22,6 +23,7 @@ class ChatRequest(BaseModel):
     include_long: bool = True
     include_mid: bool = True
     include_short: bool = True
+    persona: str = "inara"
 
 
 class BackendRequest(BaseModel):
@@ -49,6 +51,12 @@ async def _stream_chat(req: ChatRequest):
               "backend": "...", "fallback_used": bool}
       data: {"type": "error", "message": "..."}
     """
+    try:
+        set_persona(validate_persona(req.persona))
+    except ValueError as e:
+        yield f"data: {json.dumps({'type': 'error', 'message': str(e)})}\n\n"
+        return
+
     session_id = req.session_id or generate_session_id()
     tier = req.tier or settings.default_tier
 

cortex/routers/files.py

@@ -4,7 +4,7 @@ Only whitelisted filenames are accessible — no path traversal possible.
 """
 from fastapi import APIRouter, HTTPException
 from pydantic import BaseModel
-from config import settings
+from persona import persona_path
 
 router = APIRouter()
 
@@ -25,12 +25,12 @@ ALLOWED = {
 def _path(filename: str):
     if filename not in ALLOWED:
         raise HTTPException(status_code=404, detail=f"File not found: {filename}")
-    return settings.inara_path() / filename
+    return persona_path() / filename
 
 
 @router.get("/files")
 async def list_files() -> dict:
-    inara_dir = settings.inara_path()
+    inara_dir = persona_path()
     files = []
     for name in sorted(ALLOWED):
         p = inara_dir / name

cortex/routers/orchestrator.py

@@ -20,6 +20,7 @@ from pydantic import BaseModel
 
 from config import settings
 from context_loader import load_context
+from persona import set_persona, validate as validate_persona
 import orchestrator_engine
 
 logger = logging.getLogger(__name__)
@@ -46,6 +47,7 @@ class OrchestrateRequest(BaseModel):
     include_long: bool = True
     include_mid: bool = True
     include_short: bool = True
+    persona: str = "inara"
 
 
 class OrchestrateResponse(BaseModel):
@@ -74,6 +76,12 @@ class JobStatusResponse(BaseModel):
 @router.post("", response_model=OrchestrateResponse)
 async def orchestrate(req: OrchestrateRequest) -> OrchestrateResponse:
     """Submit a task to the orchestrator. Returns a job_id to poll."""
+    try:
+        set_persona(validate_persona(req.persona))
+    except ValueError as e:
+        from fastapi import HTTPException
+        raise HTTPException(status_code=400, detail=str(e))
+
     job_id = str(uuid.uuid4())
     now = datetime.now(timezone.utc).isoformat()