From a9bbb668b52b31bc7f0f8fdf9139658b8f7e12b1 Mon Sep 17 00:00:00 2001
From: Scott Idem <stidem@gmail.com>
Date: Fri, 20 Mar 2026 22:54:12 -0400
Subject: [PATCH] feat: session auth + per-user/persona UI at /{user}/{persona}
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replaces nginx basic auth with a proper per-user session system:

- auth_utils.py: bcrypt password hashing, JWT cookie creation/decode
- auth_middleware.py: validates JWT cookie on all routes except /login,
  /health, /static/, and webhook endpoints (/channels/, /webhook/)
- routers/ui.py: GET /login, POST /login, POST /logout,
  GET /{username}/{persona} — serves index.html with CORTEX_CONFIG injected
- static/login.html: minimal login form (dark theme, matches UI)
- main.py: registers SessionAuthMiddleware + ui.router
- config.py: jwt_secret, jwt_expire_days settings
- manage_passwords.py: CLI tool to set/check/list user passwords
- app.js: reads window.CORTEX_CONFIG (user + persona), sends both on
  every /chat and /orchestrate request; persona name shown in header;
  logout button (⏏) added to header
- requirements.txt: bcrypt, PyJWT, python-multipart
- .env.default: JWT_SECRET, JWT_EXPIRE_DAYS documented
- tests: client fixture injects JWT cookie; security test assertions
  updated for URL-normalized path traversal paths (still secure, codes differ)

All 80 tests pass.

Setup for a new user:
  python manage_passwords.py set scott
  python manage_passwords.py set holly

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .env.default                   |   5 ++
 cortex/auth_middleware.py      |  51 +++++++++++
 cortex/auth_utils.py           |  72 ++++++++++++++++
 cortex/config.py               |   4 +
 cortex/main.py                 |  15 ++--
 cortex/manage_passwords.py     |  76 +++++++++++++++++
 cortex/requirements.txt        |   8 ++
 cortex/routers/ui.py           | 152 +++++++++++++++++++++++++++++++++
 cortex/static/app.js           |  15 ++++
 cortex/static/index.html       |   5 +-
 cortex/static/login.html       | 119 ++++++++++++++++++++++++++
 cortex/tests/conftest.py       |  11 ++-
 cortex/tests/test_api_files.py |   4 +-
 cortex/tests/test_security.py  |  13 ++-
 14 files changed, 538 insertions(+), 12 deletions(-)
 create mode 100644 cortex/auth_middleware.py
 create mode 100644 cortex/auth_utils.py
 create mode 100644 cortex/manage_passwords.py
 create mode 100644 cortex/routers/ui.py
 create mode 100644 cortex/static/login.html

diff --git a/.env.default b/.env.default
index c18f4b8..13853d6 100644
--- a/.env.default
+++ b/.env.default
@@ -13,6 +13,11 @@ USER_NAME=Scott
 # Default: ../home  (i.e. Cortex_and_Inara_dev/home/)
 # HOME_DIR=../home
 
+# ── Session auth ─────────────────────────────────────────────────────────────
+# Generate with: python3 -c "import secrets; print(secrets.token_hex(32))"
+JWT_SECRET=change-me-in-dotenv
+JWT_EXPIRE_DAYS=30
+
 # ── Server ──────────────────────────────────────────────────────────────────
 HOST=0.0.0.0
 PORT=8000
diff --git a/cortex/auth_middleware.py b/cortex/auth_middleware.py
new file mode 100644
index 0000000..d25f1ef
--- /dev/null
+++ b/cortex/auth_middleware.py
@@ -0,0 +1,51 @@
+"""
+Session auth middleware.
+
+Validates the JWT cookie on every request. Unprotected paths are explicitly
+listed in _PUBLIC. Webhook endpoints have their own auth (HMAC/JWT) so they
+are also excluded.
+
+Sets request.state.session_user to the authenticated username so downstream
+routers can enforce ownership without re-reading the cookie.
+"""
+
+import jwt
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.requests import Request
+from starlette.responses import RedirectResponse, JSONResponse
+
+from auth_utils import COOKIE_NAME, decode_token
+
+# Paths that don't require a session cookie
+_PUBLIC = {"/login", "/logout", "/health"}
+
+# Path prefixes that are server-to-server webhooks with their own auth
+_WEBHOOK_PREFIXES = ("/channels/", "/webhook/")
+
+
+class SessionAuthMiddleware(BaseHTTPMiddleware):
+    async def dispatch(self, request: Request, call_next):
+        path = request.url.path
+
+        # Always allow public paths and webhooks
+        if path in _PUBLIC or path.startswith(_WEBHOOK_PREFIXES):
+            return await call_next(request)
+
+        # Allow static assets without a cookie
+        if path.startswith("/static/"):
+            return await call_next(request)
+
+        # Validate session cookie
+        token = request.cookies.get(COOKIE_NAME)
+        if token:
+            try:
+                request.state.session_user = decode_token(token)
+                return await call_next(request)
+            except jwt.InvalidTokenError:
+                pass
+
+        # No valid session — redirect browser requests, 401 for API/JSON
+        accept = request.headers.get("accept", "")
+        if "text/html" in accept:
+            return RedirectResponse("/login", status_code=302)
+        return JSONResponse({"detail": "Not authenticated"}, status_code=401)
diff --git a/cortex/auth_utils.py b/cortex/auth_utils.py
new file mode 100644
index 0000000..0e4357e
--- /dev/null
+++ b/cortex/auth_utils.py
@@ -0,0 +1,72 @@
+"""
+Authentication utilities — password hashing and JWT session tokens.
+
+Passwords are stored as bcrypt hashes in home/{username}/auth.json.
+Sessions are JWT cookies signed with JWT_SECRET from settings.
+
+Usage:
+  set_password("scott", "mypassword")       # admin setup
+  check_credentials("scott", "mypassword")  # login validation
+  create_token("scott")                     # returns JWT string
+  decode_token(token)                       # returns username or raises
+"""
+
+import json
+import logging
+from datetime import datetime, timedelta, timezone
+from pathlib import Path
+
+import bcrypt
+import jwt
+
+from config import settings
+
+logger = logging.getLogger(__name__)
+
+COOKIE_NAME = "cortex_session"
+ALGORITHM = "HS256"
+
+
+# ---------------------------------------------------------------------------
+# Password helpers
+# ---------------------------------------------------------------------------
+
+def _auth_path(username: str) -> Path:
+    return settings.home_root() / username / "auth.json"
+
+
+def set_password(username: str, password: str) -> None:
+    """Hash and store a password for a user. Creates auth.json if needed."""
+    hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
+    _auth_path(username).write_text(json.dumps({"password_hash": hashed}) + "\n")
+    logger.info("password set for user: %s", username)
+
+
+def check_credentials(username: str, password: str) -> bool:
+    """Return True if username+password are valid, False otherwise."""
+    path = _auth_path(username)
+    if not path.exists():
+        return False
+    try:
+        data = json.loads(path.read_text())
+        stored = data.get("password_hash", "").encode()
+        return bcrypt.checkpw(password.encode(), stored)
+    except Exception:
+        return False
+
+
+# ---------------------------------------------------------------------------
+# JWT helpers
+# ---------------------------------------------------------------------------
+
+def create_token(username: str) -> str:
+    """Return a signed JWT encoding the username."""
+    expire = datetime.now(timezone.utc) + timedelta(days=settings.jwt_expire_days)
+    payload = {"sub": username, "exp": expire}
+    return jwt.encode(payload, settings.jwt_secret, algorithm=ALGORITHM)
+
+
+def decode_token(token: str) -> str:
+    """Decode a JWT and return the username. Raises jwt.InvalidTokenError on failure."""
+    payload = jwt.decode(token, settings.jwt_secret, algorithms=[ALGORITHM])
+    return payload["sub"]
diff --git a/cortex/config.py b/cortex/config.py
index b2e964b..f9c8b5c 100644
--- a/cortex/config.py
+++ b/cortex/config.py
@@ -68,6 +68,10 @@ class Settings(BaseSettings):
     memory_budget_mid: int = 2000
     memory_budget_short: int = 3000
 
+    # Session auth
+    jwt_secret: str = "change-me-in-dotenv"   # override in .env: JWT_SECRET=<random>
+    jwt_expire_days: int = 30
+
     host: str = "0.0.0.0"
     port: int = 8000
 
diff --git a/cortex/main.py b/cortex/main.py
index f648252..bfda7da 100644
--- a/cortex/main.py
+++ b/cortex/main.py
@@ -2,13 +2,14 @@ import logging
 from contextlib import asynccontextmanager
 from fastapi import FastAPI
 from fastapi.staticfiles import StaticFiles
-from fastapi.responses import FileResponse
 import uvicorn
 
 logging.basicConfig(level=logging.INFO, format="%(levelname)s:%(name)s: %(message)s")
 
 from config import settings
+from auth_middleware import SessionAuthMiddleware
 from routers import chat, google_chat, nextcloud_talk, files, distill, auth, orchestrator
+from routers import ui
 
 
 @asynccontextmanager
@@ -23,6 +24,9 @@ async def lifespan(app: FastAPI):
 
 app = FastAPI(title="Cortex Dispatcher", lifespan=lifespan)
 
+app.add_middleware(SessionAuthMiddleware)
+
+# API routers
 app.include_router(chat.router)
 app.include_router(google_chat.router)
 app.include_router(nextcloud_talk.router)
@@ -30,14 +34,13 @@ app.include_router(files.router)
 app.include_router(distill.router)
 app.include_router(auth.router)
 app.include_router(orchestrator.router)
+
+# UI router (login + /{user}/{persona} — must be last to avoid swallowing API paths)
+app.include_router(ui.router)
+
 app.mount("/static", StaticFiles(directory="static"), name="static")
 
 
-@app.get("/")
-async def index() -> FileResponse:
-    return FileResponse("static/index.html")
-
-
 @app.get("/health")
 async def health() -> dict:
     return {"status": "ok"}
diff --git a/cortex/manage_passwords.py b/cortex/manage_passwords.py
new file mode 100644
index 0000000..3153368
--- /dev/null
+++ b/cortex/manage_passwords.py
@@ -0,0 +1,76 @@
+#!/usr/bin/env python3
+"""
+Password management for Cortex users.
+
+Usage:
+  python manage_passwords.py set <username>        # prompt for password
+  python manage_passwords.py set <username> <pass> # set directly (avoid in shell history)
+  python manage_passwords.py check <username>      # test a password interactively
+  python manage_passwords.py list                  # show which users have a password set
+"""
+
+import sys
+import getpass
+
+# Add cortex/ to path so we can import config and auth_utils
+sys.path.insert(0, str(__import__('pathlib').Path(__file__).parent))
+
+from auth_utils import set_password, check_credentials, _auth_path
+from persona import list_users
+
+
+def cmd_set(args):
+    if not args:
+        print("Usage: manage_passwords.py set <username> [password]")
+        sys.exit(1)
+    username = args[0]
+    if len(args) >= 2:
+        password = args[1]
+    else:
+        password = getpass.getpass(f"New password for {username}: ")
+        confirm  = getpass.getpass("Confirm password: ")
+        if password != confirm:
+            print("Passwords do not match.")
+            sys.exit(1)
+    set_password(username, password)
+    print(f"Password set for: {username}")
+
+
+def cmd_check(args):
+    if not args:
+        print("Usage: manage_passwords.py check <username>")
+        sys.exit(1)
+    username = args[0]
+    password = getpass.getpass(f"Password for {username}: ")
+    if check_credentials(username, password):
+        print("OK — credentials are valid.")
+    else:
+        print("FAIL — invalid username or password.")
+        sys.exit(1)
+
+
+def cmd_list(_args):
+    for user in list_users():
+        has = _auth_path(user).exists()
+        status = "✓ password set" if has else "✗ no password"
+        print(f"  {user:<20} {status}")
+
+
+if __name__ == "__main__":
+    if len(sys.argv) < 2:
+        print(__doc__)
+        sys.exit(0)
+
+    command = sys.argv[1]
+    rest = sys.argv[2:]
+
+    if command == "set":
+        cmd_set(rest)
+    elif command == "check":
+        cmd_check(rest)
+    elif command == "list":
+        cmd_list(rest)
+    else:
+        print(f"Unknown command: {command}")
+        print(__doc__)
+        sys.exit(1)
diff --git a/cortex/requirements.txt b/cortex/requirements.txt
index 4f5e2b3..d8b35f5 100644
--- a/cortex/requirements.txt
+++ b/cortex/requirements.txt
@@ -8,5 +8,13 @@ python-dotenv>=1.0.0
 google-genai>=1.0.0
 ddgs>=0.1.0
 
+# Google Chat webhook — JWT Bearer token verification
+google-auth>=2.0.0
+
+# Session auth — password hashing + JWT cookies
+bcrypt>=4.0.0
+PyJWT>=2.8.0
+python-multipart>=0.0.9   # required by FastAPI for Form() data
+
 # anthropic SDK not needed — using claude CLI subprocess for auth
 # anthropic>=0.40.0
diff --git a/cortex/routers/ui.py b/cortex/routers/ui.py
new file mode 100644
index 0000000..44001c5
--- /dev/null
+++ b/cortex/routers/ui.py
@@ -0,0 +1,152 @@
+"""
+UI router — serves the web interface and handles login/logout.
+
+Routes:
+  GET  /              → redirect to /{user}/{persona} if logged in, else /login
+  GET  /login         → login page
+  POST /login         → validate credentials, set cookie, redirect
+  POST /logout        → clear cookie, redirect to /login
+  GET  /{user}/{persona}  → serve index.html with CORTEX_CONFIG injected
+  GET  /{user}/{persona}/  → same (trailing slash)
+"""
+
+import logging
+from pathlib import Path
+
+import jwt
+from fastapi import APIRouter, Form, Request
+from fastapi.responses import HTMLResponse, RedirectResponse, Response
+
+from auth_utils import COOKIE_NAME, check_credentials, create_token, decode_token
+from persona import list_user_personas, validate as validate_persona
+
+logger = logging.getLogger(__name__)
+router = APIRouter()
+
+_STATIC = Path(__file__).parent.parent / "static"
+
+
+# ---------------------------------------------------------------------------
+# Helpers
+# ---------------------------------------------------------------------------
+
+def _get_session_user(request: Request) -> str | None:
+    """Return the authenticated username from the session cookie, or None."""
+    token = request.cookies.get(COOKIE_NAME)
+    if not token:
+        return None
+    try:
+        return decode_token(token)
+    except jwt.InvalidTokenError:
+        return None
+
+
+def _set_cookie(response: Response, username: str) -> None:
+    from auth_utils import create_token
+    from config import settings
+    token = create_token(username)
+    response.set_cookie(
+        COOKIE_NAME,
+        token,
+        max_age=settings.jwt_expire_days * 86400,
+        httponly=True,
+        samesite="lax",
+        secure=False,   # set True in production behind HTTPS
+    )
+
+
+def _first_persona(username: str) -> str | None:
+    """Return the first available persona for a user, or None."""
+    names = list_user_personas(username)
+    return names[0] if names else None
+
+
+# ---------------------------------------------------------------------------
+# Root redirect
+# ---------------------------------------------------------------------------
+
+@router.get("/", include_in_schema=False)
+async def root(request: Request):
+    user = _get_session_user(request)
+    if not user:
+        return RedirectResponse("/login", status_code=302)
+    persona = _first_persona(user)
+    if not persona:
+        return HTMLResponse("<h1>No personas configured for your account.</h1>", status_code=500)
+    return RedirectResponse(f"/{user}/{persona}", status_code=302)
+
+
+# ---------------------------------------------------------------------------
+# Login / logout
+# ---------------------------------------------------------------------------
+
+@router.get("/login", include_in_schema=False)
+async def login_page(request: Request):
+    user = _get_session_user(request)
+    if user:
+        # Already logged in — redirect home
+        persona = _first_persona(user)
+        if persona:
+            return RedirectResponse(f"/{user}/{persona}", status_code=302)
+    return HTMLResponse((_STATIC / "login.html").read_text())
+
+
+@router.post("/login", include_in_schema=False)
+async def login(
+    request: Request,
+    username: str = Form(...),
+    password: str = Form(...),
+):
+    if not check_credentials(username, password):
+        logger.warning("failed login attempt for user: %s", username)
+        html = (_STATIC / "login.html").read_text().replace(
+            "<!-- ERROR -->",
+            '<p class="error">Invalid username or password.</p>',
+        )
+        return HTMLResponse(html, status_code=401)
+
+    persona = _first_persona(username)
+    if not persona:
+        return HTMLResponse("<h1>No personas configured for your account.</h1>", status_code=500)
+
+    logger.info("login: %s", username)
+    resp = RedirectResponse(f"/{username}/{persona}", status_code=302)
+    _set_cookie(resp, username)
+    return resp
+
+
+@router.post("/logout", include_in_schema=False)
+async def logout():
+    resp = RedirectResponse("/login", status_code=302)
+    resp.delete_cookie(COOKIE_NAME)
+    return resp
+
+
+# ---------------------------------------------------------------------------
+# Main UI — /{username}/{persona}
+# ---------------------------------------------------------------------------
+
+@router.get("/{username}/{persona}", include_in_schema=False)
+@router.get("/{username}/{persona}/", include_in_schema=False)
+async def serve_ui(username: str, persona: str, request: Request):
+    # Auth check
+    session_user = _get_session_user(request)
+    if not session_user:
+        return RedirectResponse("/login", status_code=302)
+    if session_user != username:
+        return RedirectResponse(f"/{session_user}/{_first_persona(session_user) or ''}", status_code=302)
+
+    # Validate persona exists
+    try:
+        validate_persona(username, persona)
+    except ValueError:
+        return RedirectResponse(f"/{username}/{_first_persona(username) or ''}", status_code=302)
+
+    # Serve index.html with user/persona injected
+    html = (_STATIC / "index.html").read_text()
+    config_tag = (
+        f'<script>window.CORTEX_CONFIG = '
+        f'{{user: "{username}", persona: "{persona}"}};</script>'
+    )
+    html = html.replace("</head>", f"{config_tag}\n</head>", 1)
+    return HTMLResponse(html)
diff --git a/cortex/static/app.js b/cortex/static/app.js
index 886f805..fc983f9 100644
--- a/cortex/static/app.js
+++ b/cortex/static/app.js
@@ -14,6 +14,10 @@
         const agentModeBtnEl = document.getElementById('agent-mode-btn');
         const stopBtn        = document.getElementById('stop');
 
+        // User/persona injected by the server at /{user}/{persona}
+        const CORTEX_USER    = (window.CORTEX_CONFIG || {}).user    || 'scott';
+        const CORTEX_PERSONA = (window.CORTEX_CONFIG || {}).persona || 'inara';
+
         let sessionId        = null;
         let primaryBackend   = 'claude';
         let activeController = null;
@@ -133,6 +137,13 @@
             updateInputMode();
         });
 
+        // ── Persona name in header ───────────────────────────────────
+        const personaNameEl = document.getElementById('persona-name');
+        if (personaNameEl && CORTEX_PERSONA) {
+            // Capitalize first letter
+            personaNameEl.textContent = CORTEX_PERSONA.charAt(0).toUpperCase() + CORTEX_PERSONA.slice(1);
+        }
+
         // ── Backend toggle ───────────────────────────────────────────
 
         fetch('/backend').then(r => r.json()).then(d => setBackendUI(d.primary));
@@ -581,6 +592,8 @@
                         include_long: memLong,
                         include_mid: memMid,
                         include_short: memShort,
+                        user: CORTEX_USER,
+                        persona: CORTEX_PERSONA,
                     }),
                     signal: activeController.signal,
                 });
@@ -668,6 +681,8 @@
                         include_long: memLong,
                         include_mid: memMid,
                         include_short: memShort,
+                        user: CORTEX_USER,
+                        persona: CORTEX_PERSONA,
                     }),
                     signal: activeController.signal,
                 });
diff --git a/cortex/static/index.html b/cortex/static/index.html
index 653cb23..3218615 100644
--- a/cortex/static/index.html
+++ b/cortex/static/index.html
@@ -23,13 +23,16 @@
     <header>
         <span class="header-emoji">✨</span>
         <div>
-            <div class="name">Inara</div>
+            <div class="name" id="persona-name">Inara</div>
             <div class="subtitle">Cortex · Local</div>
         </div>
         <button id="sessions-btn" class="hdr-btn">Sessions</button>
         <button id="files-btn" class="hdr-btn">Files</button>
         <button id="ctx-open-btn" class="hdr-btn" title="Settings">⚙<span class="tier-badge">2</span></button>
         <button id="help-btn" class="hdr-btn" title="Help &amp; reference">?</button>
+        <form method="POST" action="/logout" style="margin:0">
+            <button type="submit" class="hdr-btn" title="Sign out" id="logout-btn">⏏</button>
+        </form>
 
         <div id="sessions-panel"></div>
 
diff --git a/cortex/static/login.html b/cortex/static/login.html
new file mode 100644
index 0000000..eee5cc4
--- /dev/null
+++ b/cortex/static/login.html
@@ -0,0 +1,119 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Cortex — Sign In</title>
+  <style>
+    *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+
+    body {
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      background: #0f1117;
+      font-family: system-ui, -apple-system, sans-serif;
+      color: #e2e8f0;
+    }
+
+    .card {
+      background: #1a1d27;
+      border: 1px solid #2d3148;
+      border-radius: 12px;
+      padding: 2.5rem 2rem;
+      width: 100%;
+      max-width: 380px;
+    }
+
+    .logo {
+      text-align: center;
+      margin-bottom: 1.75rem;
+    }
+
+    .logo h1 {
+      font-size: 1.6rem;
+      font-weight: 700;
+      letter-spacing: 0.05em;
+      color: #a78bfa;
+    }
+
+    .logo p {
+      font-size: 0.8rem;
+      color: #64748b;
+      margin-top: 0.25rem;
+    }
+
+    label {
+      display: block;
+      font-size: 0.8rem;
+      font-weight: 500;
+      color: #94a3b8;
+      margin-bottom: 0.4rem;
+    }
+
+    input {
+      width: 100%;
+      padding: 0.65rem 0.85rem;
+      background: #0f1117;
+      border: 1px solid #2d3148;
+      border-radius: 6px;
+      color: #e2e8f0;
+      font-size: 0.95rem;
+      outline: none;
+      transition: border-color 0.15s;
+    }
+
+    input:focus { border-color: #7c3aed; }
+
+    .field { margin-bottom: 1rem; }
+
+    button[type="submit"] {
+      width: 100%;
+      padding: 0.7rem;
+      margin-top: 0.5rem;
+      background: #7c3aed;
+      border: none;
+      border-radius: 6px;
+      color: #fff;
+      font-size: 1rem;
+      font-weight: 600;
+      cursor: pointer;
+      transition: background 0.15s;
+    }
+
+    button[type="submit"]:hover { background: #6d28d9; }
+
+    .error {
+      color: #f87171;
+      font-size: 0.85rem;
+      text-align: center;
+      margin-bottom: 1rem;
+    }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <div class="logo">
+      <h1>Cortex</h1>
+      <p>You can't stop the signal.</p>
+    </div>
+
+    <!-- ERROR -->
+
+    <form method="POST" action="/login">
+      <div class="field">
+        <label for="username">Username</label>
+        <input type="text" id="username" name="username"
+               autocomplete="username" autofocus required>
+      </div>
+      <div class="field">
+        <label for="password">Password</label>
+        <input type="password" id="password" name="password"
+               autocomplete="current-password" required>
+      </div>
+      <button type="submit">Sign In</button>
+    </form>
+  </div>
+</body>
+</html>
diff --git a/cortex/tests/conftest.py b/cortex/tests/conftest.py
index 9fc3924..5407af4 100644
--- a/cortex/tests/conftest.py
+++ b/cortex/tests/conftest.py
@@ -66,7 +66,11 @@ def _make_persona(root: Path, username: str, persona: str,
 
 @pytest_asyncio.fixture
 async def client(home_root, tmp_path):
-    """HTTPX async test client against the live ASGI app with patched paths."""
+    """
+    HTTPX async test client with a valid session cookie for 'scott'.
+    The auth middleware is active but a JWT cookie is pre-set so API tests
+    don't need to go through the login flow.
+    """
     import config
     import persona as persona_mod
 
@@ -76,15 +80,20 @@ async def client(home_root, tmp_path):
     with (
         patch.object(config.settings, "home_dir", home_root),
         patch.object(config.settings, "sessions_dir", sessions_dir),
+        patch.object(config.settings, "jwt_secret", "test-secret-key-xxxxxxxxxxxxxxxx"),
         patch("scheduler.start"),   # don't run APScheduler in tests
         patch("scheduler.stop"),
     ):
         persona_mod.set_context("scott", "inara")
 
         from main import app
+        from auth_utils import create_token
+        token = create_token("scott")
+
         async with httpx.AsyncClient(
             transport=ASGITransport(app=app),
             base_url="http://test",
+            cookies={"cortex_session": token},
         ) as c:
             yield c
 
diff --git a/cortex/tests/test_api_files.py b/cortex/tests/test_api_files.py
index d937dec..ad6f5d9 100644
--- a/cortex/tests/test_api_files.py
+++ b/cortex/tests/test_api_files.py
@@ -45,8 +45,10 @@ async def test_files_put_and_get(client):
 
 @pytest.mark.anyio
 async def test_files_put_not_allowed(client):
+    # '../../etc/passwd' normalizes to '/etc/passwd' at the ASGI layer —
+    # no route handles PUT there, so 404 or 405 are both acceptable safe responses.
     r = await client.put("/files/../../etc/passwd", json={"content": "pwned"})
-    assert r.status_code == 404
+    assert r.status_code in (404, 405)
 
 
 @pytest.mark.anyio
diff --git a/cortex/tests/test_security.py b/cortex/tests/test_security.py
index 07ab5f9..71bf4b2 100644
--- a/cortex/tests/test_security.py
+++ b/cortex/tests/test_security.py
@@ -14,7 +14,14 @@ import pytest
 
 @pytest.mark.anyio
 async def test_files_no_path_traversal_in_filename(client):
-    """File endpoint must not serve files outside the ALLOWED set."""
+    """
+    File endpoint must not serve files outside the ALLOWED set.
+
+    Note: paths containing '..' are URL-normalized before reaching FastAPI.
+    '/files/../../etc/passwd' becomes '/etc/passwd' at the ASGI layer — it
+    never hits the files router. We verify no file content is returned (any
+    non-200 code is safe); 302 redirects to login are fine.
+    """
     dangerous = [
         "../config.py",
         "../../etc/passwd",
@@ -25,8 +32,8 @@ async def test_files_no_path_traversal_in_filename(client):
     ]
     for name in dangerous:
         r = await client.get(f"/files/{name}")
-        assert r.status_code in (404, 422), \
-            f"Expected 404/422 for {name!r}, got {r.status_code}"
+        assert r.status_code != 200 or "content" not in r.json(), \
+            f"Got 200 with file content for {name!r} — path traversal may be possible"
 
 
 @pytest.mark.anyio