feat: audit log, usage tracking UI, OpenAI orchestrator compaction, onboarding + docs

Tool audit log:
- Every orchestrator tool call logged to home/{user}/tool_audit/YYYY-MM-DD.jsonl
- Files panel sidebar: audit log group (collapsed), date-linked read-only table
- Admin endpoints: /api/audit/files, /api/audit/day, /api/audit/recent, /api/audit/stats
- Engine and model name recorded per entry

OpenAI orchestrator improvements:
- Context budget enforcement: 75% of model context_k (min 16k)
- Message compaction: truncates old tool results when approaching budget
- max_rounds respected per model config (intersected with server cap)

OpenRouter onboarding (setup.html, onboarding.py, app.js, settings.html):
- Step 3 of 3: /setup/model with curated model picker
- Chat banner for users on server-default model (informational, not alarmist)
- Settings quick-link card; /setup/model works standalone for existing users

Model registry + session store:
- set_role_config / get_role_config for per-role tool lists and system_append
- session_store: session rename, session name backfill endpoint

UI updates (app.js, index.html, style.css, local_llm.html):
- Role toggle in context panel
- Off-the-record mode
- Agent notes read-only viewer
- OPERATIONS.md loaded at T2+ in context

Documentation:
- HELP.md: full tool table, per-role tool sets, Agent Notes, usage tracking
- TOOLS.md: Agent Notes section, count corrected to 44
- ARCH__SYSTEM.md, ARCH__BACKENDS.md, MASTER.md updated to match reality
- CLAUDE.md: onboarding flow, documentation philosophy sections
- README.md: stack in practice, DeepSeek TUI mention, architecture diagram updated
- TODO__Agents.md: onboarding task completed with deviation notes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

cortex/openai_orchestrator.py

@@ -273,18 +273,20 @@ async def _run_from_messages(
     final_response = ""
     budget = _context_budget(model_cfg)
 
-    for round_num in range(starting_round, settings.orchestrator_max_rounds):
+    per_model_limit = (model_cfg or {}).get("max_rounds") or settings.orchestrator_max_rounds
+    effective_limit = min(per_model_limit, settings.orchestrator_max_rounds)
+
+    for round_num in range(starting_round, effective_limit):
         messages = _compact_messages(messages, budget)
         est = _estimate_tokens(messages)
         logger.info("OpenAI orchestrator round %d / %d  model=%s  ~%d tokens",
-                    round_num + 1, settings.orchestrator_max_rounds, model_name, est)
+                    round_num + 1, effective_limit, model_name, est)
 
-        response = await client.chat.completions.create(
-            model=model_name,
-            messages=messages,
-            tools=active_tools,
-            tool_choice="auto",
-        )
+        call_kwargs: dict = {"model": model_name, "messages": messages}
+        if active_tools:
+            call_kwargs["tools"] = active_tools
+            call_kwargs["tool_choice"] = "auto"
+        response = await client.chat.completions.create(**call_kwargs)
 
         choice = response.choices[0]
         msg = choice.message
@@ -339,12 +341,11 @@ async def _run_from_messages(
                     tool_call_log.append({"tool": pt["name"], "args": pt["args"], "result": "[awaiting confirmation]"})
                     messages.append({"role": "tool", "tool_call_id": pt["tool_call_id"], "content": placeholder})
 
-                conf_resp = await client.chat.completions.create(
-                    model=model_name,
-                    messages=messages,
-                    tools=active_tools,
-                    tool_choice="none",
-                )
+                messages = _compact_messages(messages, budget)
+                conf_call: dict = {"model": model_name, "messages": messages, "tool_choice": "none"}
+                if active_tools:
+                    conf_call["tools"] = active_tools
+                conf_resp = await client.chat.completions.create(**conf_call)
                 final_response = conf_resp.choices[0].message.content or (
                     "This action requires your explicit confirmation before it can proceed."
                 )
@@ -375,9 +376,9 @@ async def _run_from_messages(
             break
 
     else:
-        logger.warning("OpenAI orchestrator hit max rounds (%d)", settings.orchestrator_max_rounds)
+        logger.warning("OpenAI orchestrator hit max rounds (%d)", effective_limit)
         final_response = (
-            f"Reached the tool iteration limit ({settings.orchestrator_max_rounds} rounds). "
+            f"Reached the tool iteration limit ({effective_limit} rounds). "
             "Here is what was gathered:\n\n"
             + "\n\n".join(f"**{t['tool']}**: {t['result'][:500]}" for t in tool_call_log)
         )
@@ -405,7 +406,10 @@ def _build_client(
     if host_type == "openwebui":
         base_url = base_url + "/api"
     client = AsyncOpenAI(base_url=base_url, api_key=api_key)
-    active_tools = get_openai_tools_for_role(user_role, tool_list)
+    if model_cfg.get("tools") is False:
+        active_tools = []
+    else:
+        active_tools = get_openai_tools_for_role(user_role, tool_list)
     return client, model_name, active_tools