fix: per-persona session/file isolation + onboarding route order

- session_store: store sessions under home/{user}/persona/{name}/session_data/
  instead of the shared cortex/data/sessions/ bucket
- chat endpoints: add user/persona query params to /sessions, /history/*,
  /sessions/*, /note so they resolve the correct persona context
- files router: add user/persona query params to /files and /files/{name}
  so the file browser loads the right persona's files
- app.js: pass user/persona on all session, history, and file fetches;
  move _fileParams to top-level scope so it is available everywhere
- onboarding: fix FastAPI route ordering — register /persona before /{token}
  so the literal path wins and does not get captured as a token value
- ui.py: read Emoji field from IDENTITY.md and inject into CORTEX_CONFIG
  so the header icon reflects each persona's chosen emoji
- .gitignore: exclude home/**/session_data/ (runtime state)
- migrate scott/inara sessions from cortex/data/sessions/ to session_data/

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

cortex/routers/chat.py

@@ -1,6 +1,6 @@
 import asyncio
 import json
-from fastapi import APIRouter, HTTPException
+from fastapi import APIRouter, HTTPException, Query
 from fastapi.responses import StreamingResponse
 from pydantic import BaseModel
 from context_loader import load_context
@@ -143,18 +143,41 @@ async def set_backend(req: BackendRequest) -> dict:
     return {"primary": settings.primary_backend, "fallback": other}
 
 
+def _set_ctx(user: str, persona: str) -> None:
+    """Validate and set persona context from query params. Raises HTTPException on bad input."""
+    try:
+        u, p = validate_persona(user, persona)
+        set_context(u, p)
+    except ValueError as e:
+        raise HTTPException(status_code=404, detail=str(e))
+
+
 @router.get("/history/{session_id}")
-async def get_history(session_id: str) -> dict:
+async def get_history(
+    session_id: str,
+    user: str = Query("scott"),
+    persona: str = Query("inara"),
+) -> dict:
+    _set_ctx(user, persona)
     return {"session_id": session_id, "messages": load_session(session_id)}
 
 
 @router.get("/sessions")
-async def list_sessions() -> dict:
+async def list_sessions(
+    user: str = Query("scott"),
+    persona: str = Query("inara"),
+) -> dict:
+    _set_ctx(user, persona)
     return {"sessions": list_all()}
 
 
 @router.delete("/sessions/{session_id}")
-async def delete_session_endpoint(session_id: str) -> dict:
+async def delete_session_endpoint(
+    session_id: str,
+    user: str = Query("scott"),
+    persona: str = Query("inara"),
+) -> dict:
+    _set_ctx(user, persona)
     found = delete_session(session_id)
     if not found:
         raise HTTPException(status_code=404, detail=f"Session {session_id} not found")
@@ -162,8 +185,14 @@ async def delete_session_endpoint(session_id: str) -> dict:
 
 
 @router.put("/history/{session_id}")
-async def replace_history(session_id: str, req: HistoryUpdate) -> dict:
+async def replace_history(
+    session_id: str,
+    req: HistoryUpdate,
+    user: str = Query("scott"),
+    persona: str = Query("inara"),
+) -> dict:
     """Replace the full message list for a session (used by edit/delete UI)."""
+    _set_ctx(user, persona)
     save_session(session_id, req.messages)
     return {"ok": True, "session_id": session_id}
 
@@ -193,8 +222,13 @@ async def sse_events() -> StreamingResponse:
 
 
 @router.post("/note")
-async def add_note(req: NoteRequest) -> dict:
+async def add_note(
+    req: NoteRequest,
+    user: str = Query("scott"),
+    persona: str = Query("inara"),
+) -> dict:
     """Inject a public note into session history so the LLM sees it next turn."""
+    _set_ctx(user, persona)
     history = load_session(req.session_id)
     history.append({"role": "user", "content": f"[NOTE] {req.note}"})
     save_session(req.session_id, history)

cortex/routers/files.py

@@ -2,9 +2,9 @@
 Read/write the Inara identity markdown files.
 Only whitelisted filenames are accessible — no path traversal possible.
 """
-from fastapi import APIRouter, HTTPException
+from fastapi import APIRouter, HTTPException, Query
 from pydantic import BaseModel
-from persona import persona_path
+from persona import persona_path, set_context, validate as validate_persona
 
 router = APIRouter()
 
@@ -22,6 +22,15 @@ ALLOWED = {
 }
 
 
+def _resolve(user: str, persona: str) -> None:
+    """Validate and set context from query params. Raises HTTPException on bad input."""
+    try:
+        u, p = validate_persona(user, persona)
+        set_context(u, p)
+    except ValueError as e:
+        raise HTTPException(status_code=404, detail=str(e))
+
+
 def _path(filename: str):
     if filename not in ALLOWED:
         raise HTTPException(status_code=404, detail=f"File not found: {filename}")
@@ -29,11 +38,15 @@ def _path(filename: str):
 
 
 @router.get("/files")
-async def list_files() -> dict:
-    inara_dir = persona_path()
+async def list_files(
+    user: str = Query("scott"),
+    persona: str = Query("inara"),
+) -> dict:
+    _resolve(user, persona)
+    persona_dir = persona_path()
     files = []
     for name in sorted(ALLOWED):
-        p = inara_dir / name
+        p = persona_dir / name
         files.append({
             "name": name,
             "exists": p.exists(),
@@ -43,7 +56,12 @@ async def list_files() -> dict:
 
 
 @router.get("/files/{filename}")
-async def get_file(filename: str) -> dict:
+async def get_file(
+    filename: str,
+    user: str = Query("scott"),
+    persona: str = Query("inara"),
+) -> dict:
+    _resolve(user, persona)
     p = _path(filename)
     if not p.exists():
         raise HTTPException(status_code=404, detail=f"{filename} does not exist")
@@ -55,7 +73,13 @@ class FileWrite(BaseModel):
 
 
 @router.put("/files/{filename}")
-async def save_file(filename: str, req: FileWrite) -> dict:
+async def save_file(
+    filename: str,
+    req: FileWrite,
+    user: str = Query("scott"),
+    persona: str = Query("inara"),
+) -> dict:
+    _resolve(user, persona)
     p = _path(filename)
     p.write_text(req.content)
     return {"ok": True, "name": filename, "size": len(req.content)}

cortex/routers/onboarding.py

@@ -41,79 +41,9 @@ def _setup_page(error: str = "", step: int = 1) -> str:
     return html
 
 
-# ---------------------------------------------------------------------------
-# Step 1 — invite token → set password
-# ---------------------------------------------------------------------------
-
-@router.get("/{token}", include_in_schema=False)
-async def setup_page(token: str, request: Request):
-    """Show the password setup page for a valid invite token."""
-    username = validate_invite(token)
-    if not username:
-        return HTMLResponse(
-            "<h1 style='font-family:sans-serif;padding:2rem'>This link is invalid or has expired.</h1>",
-            status_code=400,
-        )
-    return HTMLResponse(_setup_page())
-
-
-@router.post("/{token}", include_in_schema=False)
-async def setup_submit(
-    token: str,
-    step: str = Form(...),
-    password: str = Form(default=""),
-    confirm: str = Form(default=""),
-    persona_name: str = Form(default=""),
-    display_name: str = Form(default=""),
-    user_real_name: str = Form(default=""),
-    emoji: str = Form(default="✨"),
-    description: str = Form(default=""),
-):
-    username = validate_invite(token)
-    if not username:
-        return HTMLResponse(
-            "<h1 style='font-family:sans-serif;padding:2rem'>This link is invalid or has expired.</h1>",
-            status_code=400,
-        )
-
-    if step == "password":
-        if len(password) < 8:
-            return HTMLResponse(_setup_page("Password must be at least 8 characters."))
-        if password != confirm:
-            return HTMLResponse(_setup_page("Passwords do not match."))
-
-        set_password(username, password)
-        consume_invite(username)
-        logger.info("setup complete (password): %s", username)
-
-        # Log them in and move to persona step
-        resp = RedirectResponse(f"/setup/{token}/persona", status_code=302)
-        resp.set_cookie(
-            COOKIE_NAME,
-            create_token(username),
-            max_age=30 * 86400,
-            httponly=True,
-            samesite="lax",
-            secure=False,
-        )
-        return resp
-
-    return HTMLResponse(_setup_page("Unknown step."), status_code=400)
-
-
-# ---------------------------------------------------------------------------
-# Intermediate redirect so the token doesn't need to live in the persona URL
-# ---------------------------------------------------------------------------
-
-@router.get("/{token}/persona", include_in_schema=False)
-async def setup_persona_via_token(token: str, request: Request):
-    """After password setup, redirect to the generic /setup/persona page."""
-    # Cookie is already set — just redirect. Token is consumed so this is safe.
-    return RedirectResponse("/setup/persona", status_code=302)
-
-
 # ---------------------------------------------------------------------------
 # Step 2 — persona creation (requires active session)
+# IMPORTANT: must be registered before /{token} so "/persona" literal wins
 # ---------------------------------------------------------------------------
 
 @router.get("/persona", include_in_schema=False)
@@ -185,3 +115,66 @@ async def persona_submit(
     )
     logger.info("persona created: %s/%s", username, persona_name)
     return RedirectResponse(f"/{username}/{persona_name}", status_code=302)
+
+
+# ---------------------------------------------------------------------------
+# Step 1 — invite token → set password
+# IMPORTANT: registered after /persona so the literal path wins above
+# ---------------------------------------------------------------------------
+
+@router.get("/{token}", include_in_schema=False)
+async def setup_page(token: str, request: Request):
+    """Show the password setup page for a valid invite token."""
+    username = validate_invite(token)
+    if not username:
+        return HTMLResponse(
+            "<h1 style='font-family:sans-serif;padding:2rem'>This link is invalid or has expired.</h1>",
+            status_code=400,
+        )
+    return HTMLResponse(_setup_page())
+
+
+@router.get("/{token}/persona", include_in_schema=False)
+async def setup_persona_via_token(token: str, request: Request):
+    """After password setup, redirect to the generic /setup/persona page."""
+    # Cookie is already set — just redirect. Token is consumed so this is safe.
+    return RedirectResponse("/setup/persona", status_code=302)
+
+
+@router.post("/{token}", include_in_schema=False)
+async def setup_submit(
+    token: str,
+    step: str = Form(...),
+    password: str = Form(default=""),
+    confirm: str = Form(default=""),
+):
+    username = validate_invite(token)
+    if not username:
+        return HTMLResponse(
+            "<h1 style='font-family:sans-serif;padding:2rem'>This link is invalid or has expired.</h1>",
+            status_code=400,
+        )
+
+    if step == "password":
+        if len(password) < 8:
+            return HTMLResponse(_setup_page("Password must be at least 8 characters."))
+        if password != confirm:
+            return HTMLResponse(_setup_page("Passwords do not match."))
+
+        set_password(username, password)
+        consume_invite(username)
+        logger.info("setup complete (password): %s", username)
+
+        # Log them in and move to persona step
+        resp = RedirectResponse(f"/setup/{token}/persona", status_code=302)
+        resp.set_cookie(
+            COOKIE_NAME,
+            create_token(username),
+            max_age=30 * 86400,
+            httponly=True,
+            samesite="lax",
+            secure=False,
+        )
+        return resp
+
+    return HTMLResponse(_setup_page("Unknown step."), status_code=400)

cortex/routers/ui.py

@@ -11,6 +11,7 @@ Routes:
 """
 
 import logging
+import re
 from pathlib import Path
 
 import jwt
@@ -18,7 +19,7 @@ from fastapi import APIRouter, Form, Request
 from fastapi.responses import HTMLResponse, RedirectResponse, Response
 
 from auth_utils import COOKIE_NAME, check_credentials, create_token, decode_token
-from persona import list_users, list_user_personas, validate as validate_persona
+from persona import list_users, list_user_personas, validate as validate_persona, persona_path
 
 logger = logging.getLogger(__name__)
 router = APIRouter()
@@ -152,11 +153,19 @@ async def serve_ui(username: str, persona: str, request: Request):
     except ValueError:
         return RedirectResponse(f"/{username}/{_first_persona(username) or ''}", status_code=302)
 
-    # Serve index.html with user/persona injected
+    # Read emoji from IDENTITY.md (| Emoji | <value> | line)
+    emoji = "✨"
+    identity_path = persona_path(username, persona) / "IDENTITY.md"
+    if identity_path.exists():
+        m = re.search(r"\|\s*Emoji\s*\|\s*(.+?)\s*\|", identity_path.read_text())
+        if m:
+            emoji = m.group(1).strip()
+
+    # Serve index.html with user/persona/emoji injected
     html = (_STATIC / "index.html").read_text()
     config_tag = (
         f'<script>window.CORTEX_CONFIG = '
-        f'{{user: "{username}", persona: "{persona}"}};</script>'
+        f'{{user: "{username}", persona: "{persona}", emoji: "{emoji}"}};</script>'
     )
     html = html.replace("</head>", f"{config_tag}\n</head>", 1)
     return HTMLResponse(html)

cortex/session_store.py

@@ -3,6 +3,7 @@ import random
 from pathlib import Path
 from datetime import datetime
 from config import settings
+from persona import persona_path
 
 
 _ADJECTIVES = [
@@ -42,7 +43,7 @@ def generate_session_id() -> str:
 
 
 def _path(session_id: str) -> Path:
-    d = settings.sessions_path()
+    d = persona_path() / "session_data"
     d.mkdir(parents=True, exist_ok=True)
     return d / f"{session_id}.json"
 
@@ -79,7 +80,7 @@ def delete(session_id: str) -> bool:
 
 
 def list_all() -> list[dict]:
-    d = settings.sessions_path()
+    d = persona_path() / "session_data"
     if not d.exists():
         return []
     results = []

cortex/static/app.js

@@ -17,6 +17,10 @@
         // User/persona injected by the server at /{user}/{persona}
         const CORTEX_USER    = (window.CORTEX_CONFIG || {}).user    || 'scott';
         const CORTEX_PERSONA = (window.CORTEX_CONFIG || {}).persona || 'inara';
+        const CORTEX_EMOJI   = (window.CORTEX_CONFIG || {}).emoji   || '✨';
+        const _fileParams    = `user=${encodeURIComponent(CORTEX_USER)}&persona=${encodeURIComponent(CORTEX_PERSONA)}`;
+
+        if (headerEmoji) headerEmoji.textContent = CORTEX_EMOJI;
 
         let sessionId        = null;
         let primaryBackend   = 'claude';
@@ -219,7 +223,7 @@
                 sessionsPanel.classList.remove('open');
                 return;
             }
-            const res = await fetch('/sessions');
+            const res = await fetch(`/sessions?${_fileParams}`);
             const data = await res.json();
             renderPanel(data.sessions);
             sessionsPanel.classList.add('open');
@@ -268,7 +272,7 @@
                 delBtn.title = 'Delete session';
                 delBtn.addEventListener('click', async (e) => {
                     e.stopPropagation();
-                    await fetch(`/sessions/${s.session_id}`, { method: 'DELETE' });
+                    await fetch(`/sessions/${s.session_id}?${_fileParams}`, { method: 'DELETE' });
                     if (sessionId === s.session_id) {
                         sessionId = null;
                         currentHistory = [];
@@ -276,7 +280,7 @@
                         sessionEl.textContent = '';
                         addMessage('system', 'Session deleted');
                     }
-                    const res = await fetch('/sessions');
+                    const res = await fetch(`/sessions?${_fileParams}`);
                     const data = await res.json();
                     renderPanel(data.sessions);
                 });
@@ -307,7 +311,7 @@
         async function resumeSession(id) {
             talkThinkingDiv = null;
             if (id && id.startsWith('nct_')) sessionsBtn.classList.remove('talk-badge');
-            const res = await fetch(`/history/${id}`);
+            const res = await fetch(`/history/${id}?${_fileParams}`);
             const data = await res.json();
 
             messagesEl.innerHTML = '';
@@ -524,7 +528,7 @@
         async function syncHistory() {
             if (!sessionId) return;
             try {
-                await fetch(`/history/${sessionId}`, {
+                await fetch(`/history/${sessionId}?${_fileParams}`, {
                     method: 'PUT',
                     headers: { 'Content-Type': 'application/json' },
                     body: JSON.stringify({ messages: currentHistory }),
@@ -856,7 +860,7 @@
         }
 
         async function loadFile(name) {
-            const res = await fetch(`/files/${encodeURIComponent(name)}`);
+            const res = await fetch(`/files/${encodeURIComponent(name)}?${_fileParams}`);
             if (!res.ok) { fileEditor.value = `Error loading ${name}`; return; }
             const data = await res.json();
             fileEditor.value = data.content;
@@ -866,7 +870,7 @@
 
         async function openFileModal() {
             // Populate the file list
-            const res = await fetch('/files');
+            const res = await fetch(`/files?${_fileParams}`);
             const data = await res.json();
             fileSelect.innerHTML = '';
             for (const f of data.files) {
@@ -888,7 +892,7 @@
 
         fileSaveBtn.addEventListener('click', async () => {
             const name = fileSelect.value;
-            const res = await fetch(`/files/${encodeURIComponent(name)}`, {
+            const res = await fetch(`/files/${encodeURIComponent(name)}?${_fileParams}`, {
                 method: 'PUT',
                 headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify({ content: fileEditor.value }),
@@ -1154,7 +1158,7 @@
             helpBody.textContent = 'Loading…';
             helpModal.classList.add('open');
             try {
-                const res = await fetch('/files/HELP.md');
+                const res = await fetch(`/files/HELP.md?${_fileParams}`);
                 if (!res.ok) throw new Error(`HTTP ${res.status}`);
                 const data = await res.json();
                 helpBody.innerHTML = marked.parse(data.content);