Cortex-Inara/README.md

# Cortex / Inara — Project Root

**Owner:** Scott Idem (One Sky IT / Danger Zone)
**Started:** 2026-03-04
**Status:** Active development

> *"You can't stop the signal."*

Cortex is a self-hosted multi-agent AI platform. It supports multiple users, each with their own named AI persona.

---

## Quick Orientation

| Directory | What it is |
|---|---|
| `cortex/` | FastAPI service — dispatcher, routing, LLM backends, session management |
| `home/` | User and persona data (`home/{username}/persona/{name}/`) |
| `docs/` | Integration reference docs (NC Talk bot, Google Chat bot) |
| `documentation/` | Architecture decisions, project plans, agent task lists |

---

## Multi-User Layout

Persona data lives in a two-level tree modelled on Linux home directories:

```
home/
  scott/
    persona/
      inara/       ← IDENTITY.md, SOUL.md, MEMORY_*.md, sessions/, TASKS.json, …
  holly/
    persona/
      tina/
  [username]/
    persona/
      [name]/
```

Each HTTP request includes `user` and `persona` fields. The service validates both against
the `home/` tree before routing. ContextVars ensure per-request isolation in async code.

**Naming rules** (same as Linux usernames): lowercase letters, digits, `_`, `-`; must start
with a letter or underscore; max 32 characters. Example: `scott`, `holly`, `my_ai-v2`.

---

## Running Cortex

Cortex runs as a **systemd user service** (no sudo required).

```bash
# Start / stop / restart
systemctl --user start cortex
systemctl --user stop cortex
systemctl --user restart cortex

# Status and logs
systemctl --user status cortex
journalctl --user -u cortex -f

# Web UI
http://localhost:8000   (or cortex.dgrzone.com on WireGuard)
```

The service starts automatically at boot via `loginctl enable-linger`.
Service file: `~/.config/systemd/user/cortex.service`

Config lives in `cortex/config.py` and `cortex/.env` (not tracked — see `cortex/.env.example`).

---

## Key Documentation

| File | Purpose |
|---|---|
| `documentation/TODO__Agents.md` | Active task list — read first |
| `documentation/ARCH__Intelligence_Layer.md` | Intelligence layer architecture (orchestrator, dev agents, knowledge) |
| `docs/NEXTCLOUD_TALK_BOT.md` | NC Talk bot setup and troubleshooting |
| `docs/GOOGLE_CHAT_BOT.md` | Google Chat Add-on setup and troubleshooting |
| `cortex/static/HELP.md` | Shared in-app help content (rendered in UI for all users) |
| `home/scott/persona/inara/PROTOCOLS.md` | Inara behavioral protocols (template for all personas) |
| `~/agents_sync/projects/CORTEX.md` | High-level project vision and phases |

---

## Architecture at a Glance

```
[User / Cron / Webhook]
        ↓
  Cortex Dispatcher  (FastAPI, cortex/)
    ├─ POST /chat                          — direct to LLM (streaming SSE)
    ├─ POST /orchestrate                   — Gemini tool loop → Claude response
    ├─ POST /webhook/nextcloud/{username}  — Nextcloud Talk bot (per-user)
    └─ POST /channels/google-chat/{username} — Google Chat Add-on (per-user)
        ↓
  LLM Backend(s)
  • Claude CLI   — primary reasoning, coding, long-context
  • Gemini CLI   — secondary / cost routing
  • Gemini API   — orchestrator tool loop (separate from Gemini CLI)
  • Ollama       — offline/private (scott_gaming, future)
        ↓
  Persona context loaded from home/{user}/persona/{name}/
```

See `documentation/ARCH__Intelligence_Layer.md` for the orchestrator/responder and dev-agent architecture.

---

## Personas

Each persona has its own identity, memory, and session history.
They are not tied to a specific LLM model — the name is fixed, the backend varies.
Context is loaded at request time from `home/{user}/persona/{name}/` via `cortex/context_loader.py`.

| User | Persona | Description |
|---|---|---|
| scott | inara | Scott's primary AI assistant |
| scott | developer | Scott's dev-focused persona |
| holly | tina | Holly's primary AI assistant |
| brian | wintermute | Brian's primary AI assistant |

---

## Channels

Webhook endpoints are per-user — each user configures their own secrets in `home/{username}/channels.json`.

| Channel | Status | Endpoint |
|---|---|---|
| Web UI | Live | `https://cortex.dgrzone.com` — session auth (login form + JWT cookie) |
| Nextcloud Talk | Live | `POST /webhook/nextcloud/{username}` — HMAC-signed, async reply |
| Google Chat | Live | `POST /channels/google-chat/{username}` — Workspace Add-on, JWT auth |

See `docs/NEXTCLOUD_TALK_BOT.md` and `docs/GOOGLE_CHAT_BOT.md` for setup instructions.

---

## User Management

```bash
cd cortex

# Create a user directory and send an invite email
.venv/bin/python manage_passwords.py invite <username> <email>

# Register a Google account for sign-in (run after user completes onboarding)
.venv/bin/python manage_passwords.py google-add <username> <email>

# List users with password, Google, and email status
.venv/bin/python manage_passwords.py list

# Set/check a password directly
.venv/bin/python manage_passwords.py set <username>
.venv/bin/python manage_passwords.py check <username>
```

New users receive a link to `/setup/{token}` where they set their own password and create their first persona. Invite tokens expire in 72 hours and are one-time-use.

To enable a channel for a user, create `home/{username}/channels.json` — see the relevant doc in `docs/`.

---

## Testing

```bash
cd cortex
.venv/bin/python -m pytest tests/ -q
```

80 tests covering API endpoints, persona routing, tool functions, and security.

---

## Related Projects

| Project | Path |
|---|---|
| Aether Platform API | `~/OSIT_dev/aether_api_fastapi/` |
| Aether Frontend | `~/OSIT_dev/aether_app_sveltekit/` |
| Fleet coordination | `~/agents_sync/` |