feat: multi-user/multi-persona support with two-level home directory layout

Restructures persona storage from a flat personas/{name}/ layout to
home/{username}/persona/{name}/, mirroring Linux home directories.

Changes:
- persona.py: two ContextVars (user + persona), Linux-style name validation,
  set_context(), get_user(), get_persona(), validate(), list_users(),
  list_user_personas(); persona_path() takes (username, name)
- config.py: replaces personas_dir with home_dir + home_root()
- git mv personas/inara → home/scott/persona/inara (history preserved)
- home/holly/persona/tina/: Holly's persona stub added
- cron_runner.py: all storage functions take (username, persona) params
- tools/cron.py: stamps user + persona on jobs; APScheduler IDs are
  {user}:{persona}:{job_id} to prevent collisions across users
- memory_distiller.py: distill_short/mid/long take (username, persona);
  added missing Path + settings imports
- scheduler.py: _load_user_crons() iterates home/*/persona/* (two-level)
- routers/chat.py, orchestrator.py: user field added; set_context() called
- tests/conftest.py: home_root fixture with two-level structure;
  patches home_dir instead of personas_dir
- tests/test_persona.py: fully rewritten for two-level API
- tests/test_api_files.py: updated fixture name and path
- .env.default: documents HOME_DIR setting; scrubs stale API key
- CLAUDE.md, README.md: directory maps updated for new layout

All 80 tests pass.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

CLAUDE.md

@@ -21,41 +21,56 @@ Cortex_and_Inara_dev/
   cortex/                ← FastAPI service (the dispatcher)
     main.py              ← App entry point, router registration
     config.py            ← All settings (pydantic-settings, reads .env)
+    persona.py           ← Two-level identity: user + persona, path resolution, ContextVars
     llm_client.py        ← Claude CLI + Gemini CLI subprocess backends
     orchestrator_engine.py ← Gemini API ReAct tool loop → Claude handoff
-    context_loader.py    ← Loads Inara's system prompt from inara/ files
+    context_loader.py    ← Builds system prompt from persona files (tier 1–4)
     session_store.py     ← In-memory + file session persistence
-    session_logger.py    ← Writes session turns to inara/sessions/
+    session_logger.py    ← Writes session turns to home/{user}/persona/{name}/sessions/
     memory_distiller.py  ← Short/mid/long distill jobs (APScheduler)
-    scheduler.py         ← APScheduler setup
+    cron_runner.py       ← Cron job storage, schedule parsing, job execution
+    scheduler.py         ← APScheduler setup (distill + user crons)
     event_bus.py         ← Internal SSE pub/sub (NC Talk → browser)
     routers/
       chat.py            ← POST /chat (streaming SSE)
       orchestrator.py    ← POST /orchestrate, GET /orchestrate/{job_id}
       auth.py            ← GET /auth/status (Claude + Gemini CLI token checks)
       distill.py         ← POST /distill/*, GET /distill/status
-      files.py           ← GET /files (inara/ file browser)
+      files.py           ← GET /files (persona file browser)
       nextcloud_talk.py  ← POST /webhook/nextcloud (NC Talk bot)
-      google_chat.py     ← POST /webhook/google (Google Chat — stub)
+      google_chat.py     ← POST /webhook/google (Google Chat Add-on)
     tools/
       __init__.py        ← Tool registry (Gemini FunctionDeclarations + dispatcher)
       web.py             ← DuckDuckGo web_search tool
+      scratch.py         ← Scratchpad tools (scratch_read/write/append/clear)
+      tasks.py           ← Personal task management (task_create/list/update/complete)
+      cron.py            ← Scheduled job tools (cron_list/add/remove/toggle)
       system.py          ← Local machine tools (claude_allow_dir)
+    tests/               ← pytest test suite (80 tests)
     static/              ← Single-page web UI (index.html, style.css, app.js)
     data/sessions/       ← Persisted session JSON files
 
-  inara/                 ← Inara identity, memory, context files
-    IDENTITY.md          ← Who Inara is
-    SOUL.md              ← Values, personality, voice
-    PROTOCOLS.md         ← Behavioral rules
-    CONTEXT_TIERS.md     ← What each tier (1–3) includes in the system prompt
-    USER.md              ← Scott's profile (loaded into context)
-    HELP.md              ← In-app help content (rendered in UI)
-    MEMORY.md            ← Persistent facts (written by distiller or manually)
-    MEMORY_SHORT.md      ← Rolling short-term memory (auto-distilled daily)
-    MEMORY_MID.md        ← Mid-term memory (auto-distilled weekly)
-    MEMORY_LONG.md       ← Long-term memory (auto-distilled monthly)
-    sessions/            ← Session turn logs (YYYY-MM-DD_<id>.md)
+  home/                  ← User and persona data (Linux home layout)
+    scott/
+      persona/
+        inara/           ← Inara identity, memory, context, sessions
+          IDENTITY.md    ← Who Inara is
+          SOUL.md        ← Values, personality, voice
+          PROTOCOLS.md   ← Behavioral rules
+          CONTEXT_TIERS.md ← What each tier (1–4) includes in the system prompt
+          USER.md        ← Scott's profile (loaded into context)
+          HELP.md        ← In-app help content (rendered in UI)
+          MEMORY_LONG.md ← Long-term memory (auto-distilled monthly)
+          MEMORY_MID.md  ← Mid-term memory (auto-distilled weekly)
+          MEMORY_SHORT.md ← Short-term memory (auto-distilled daily)
+          REMINDERS.md   ← Pending reminders (auto-surfaced in context at tier 2+)
+          SCRATCH.md     ← Ephemeral scratchpad
+          TASKS.json     ← Personal task list
+          CRONS.json     ← Scheduled jobs
+          sessions/      ← Session turn logs (YYYY-MM-DD.md)
+    holly/
+      persona/
+        tina/            ← Tina (Holly's persona) — same structure as inara/
 
   docs/                  ← Integration reference docs
     NEXTCLOUD_TALK_BOT.md
@@ -130,7 +145,8 @@ http://localhost:8000/docs
 - **Never `rm`** — move files to `~/tmp/gemini_trash`
 - **Never commit secrets** — `.env` is gitignored; use `.env.default` as the reference
 - `NEXTCLOUD_TALK_BOT_SECRET` and `GEMINI_API_KEY` live in `.env` only
-- Cortex should only be accessible via WireGuard — never internet-exposed without VPN
+- `/channels/*` and `/health` are publicly exposed (webhook auth is handled at app layer — JWT/HMAC)
+- All other Cortex routes are behind nginx basic auth and should stay that way
 
 ---
 
@@ -184,13 +200,33 @@ clearly asked for a directory to be unblocked.
 
 ---
 
-## Active Tasks
+## Current State (2026-03-20)
 
-See `documentation/TODO__Agents.md` for the current task list.
-High priority items as of 2026-03-18:
-- Ollama backend (third LLM option — local, no API cost)
-- NC Talk integration stabilization
-- Knowledge consolidation (markdown → AE Journals)
+Cortex is running and stable. All three primary channels are live:
+
+| Channel | Status | Notes |
+|---|---|---|
+| Web UI | ✅ Live | `https://cortex.dgrzone.com` (basic auth) |
+| Nextcloud Talk | ✅ Live | HMAC-signed webhook, async reply |
+| Google Chat | ✅ Live | Workspace Add-on, `hostAppDataAction` response format |
+
+### Active Tasks
+
+See `documentation/TODO__Agents.md` for the full list. Current priorities:
+
+- **[High]** Ollama backend — local LLM via `scott_gaming` over WireGuard
+- **[Medium]** NC Talk — complete bot registration docs (`docs/NEXTCLOUD_TALK_BOT.md`)
+- **[Medium]** Knowledge consolidation — markdown → AE Journals
+- **[Medium]** Persona onboarding flow — CLI or POST endpoint to bootstrap a new user/persona
+
+### Recently Completed
+
+- ✅ Multi-user/multi-persona support (`home/{username}/persona/{name}/` two-level layout) — 2026-03-20
+- ✅ Scratchpad, task management, and cron/scheduled job tools — 2026-03-20
+- ✅ Test suite (80 tests) covering API, persona routing, tools, security — 2026-03-20
+- ✅ Google Chat bot (Workspace Add-on, JWT auth, `hostAppDataAction` format) — 2026-03-20
+- ✅ Orchestrator Agent mode UI + session persistence — 2026-03-18
+- ✅ Memory distiller (APScheduler, short/mid/long) — 2026-03
 
 ---