Cortex-Inara/documentation/TODO__Agents.md

Cortex / Inara — Agent Task List

Read this file before starting any work on this project. Status: Active development — ongoing.

---

🔴 High Priority

[Auth] Token expiry — sudo restart

• Cortex currently requires sudo systemctl restart cortex after OAuth token refresh
• This must be done manually by the user (cannot run interactively from Claude Code)
• Future: Explore hot-reload or token-passing mechanism so restart isn't required

[Backend] Ollama local model backend

• Add Ollama as a third LLM backend option (direct Ollama API, no CLI wrapper)
• Endpoint: http://scott-gaming:<port>/api/ (WireGuard)
• Model selection: configurable per-request or per-session
• Auth status check: ping /api/tags to confirm reachability

[Testing] Gitea SSH port 2222

• pfSense port forward configured but not yet verified end-to-end
• Test: ssh -p 2222 git@<external> from outside WireGuard
• Document result in this file

---

🟡 Medium Priority

[Intelligence] Orchestrator service — Phase 1 ✅ Complete

See ARCH__Intelligence_Layer.md for full design. Committed: ed472ce (2026-03-18)

• Add Gemini API (google-generativeai SDK) as a library dependency (not CLI)
• Create cortex/routers/orchestrator.py — POST /orchestrate endpoint
• Basic tool registry: web search (DuckDuckGo), AE API query, file read, task list
• ReAct loop: Gemini calls tools, assembles context, hands off to Claude for final response
• GET /orchestrate/{job_id} — poll for status/result
• Cron can trigger via HTTP POST (same endpoint)
• Note: Default model is gemini-2.5-flash — free tier key required (AI Studio)

[Intelligence] Knowledge consolidation — Phase 1

See ARCH__Intelligence_Layer.md for full design. Initial scope:

• Tool: ae_journal_search — search before creating to avoid duplicates
• Tool: ae_journal_entry_create — write a new entry with source metadata
• Import script: walk a markdown directory, chunk by H2 section, create entries
• Target: markdown files from ~/DgrZone_Nextcloud/ and ~/OSIT_Nextcloud/
• Tag strategy: source path, date, topic tags from frontmatter or filename

[Channel] Nextcloud Talk integration ✅ Complete

• NC Talk bot is implemented (cortex/routers/nextcloud_talk.py)
• HMAC: incoming uses random + raw_body; outgoing reply uses random + message_text — both correct
• Test end-to-end after any Cortex restart — confirmed working 2026-03-20
• Bot registration docs completed in docs/NEXTCLOUD_TALK_BOT.md — 2026-03-20
• Note: Currently uses default user/persona only — per-conversation persona routing is a future enhancement

[Multi-user] Holly onboarding

• Multi-user is built into Cortex — single instance, multiple users under home/
• home/holly/persona/tina/ directory created from template (stub content — needs real persona files)
• Send Holly's invite email: python manage_passwords.py invite holly holly.danner@gmail.com
• Walk Holly through onboarding flow (/setup/{token} → persona creation)
• Review and flesh out Tina's persona files (IDENTITY.md, SOUL.md, PROTOCOLS.md, USER.md)

---

🟢 Lower Priority / Future

[Intelligence] Dev agent pipeline

See ARCH__Intelligence_Layer.md. Full design not yet started.

• Specialist agent: frontend (SvelteKit) code changes
• Specialist agent: backend (FastAPI) code changes
• Supervisor agent: diff review, syntax check, test runner
• Gitea webhook integration: trigger on push/PR, report back
• Human approval gate before commit

[Intelligence] Supervisor agent

• Runs py_compile, svelte-check, unit tests after specialist agent work
• Reports pass/fail back to orchestrator
• Only commits on explicit approval

[Channel] Gitea webhooks

• Receive push/PR/issue events → route to appropriate agent
• cortex/routers/ already has pattern; add gitea.py
• Gitea Actions (CI) for "run tests on push" — simpler than custom runner

[Auth] Session auth + persona onboarding ✅ Complete

• bcrypt passwords stored in home/{username}/auth.json
• JWT session cookies (HS256, 30-day expiry) — auth_utils.py, auth_middleware.py
• Login/logout at /login, /logout
• Invite tokens (72h, one-time-use) — admin generates via manage_passwords.py invite <user> [email]
• Self-service onboarding: /setup/{token} (set password) → /setup/persona (create persona)
• Multi-persona switcher in UI header — /api/personas endpoint
• SMTP invite email — noreply@oneskyit.com, HTML + plain text body
• CSS routing fix — app.mount("/static") must precede app.include_router(ui.router)
• Committed: 2026-03-20

[Channel] Google Chat integration ✅ Complete

See cortex/routers/google_chat.py. Committed: 2026-03-20

• JWT verification via authorizationEventObject.systemIdToken (audience = endpoint URL, issuer = accounts.google.com)
• Workspace Add-on event format: event type inferred from payload key (messagePayload, addedToSpacePayload, etc.)
• Response format: hostAppDataAction.chatDataAction.createMessageAction.message.text
• Session management, LLM pipeline, session logging — same pattern as NC Talk
• Nginx: /channels/ prefix exposed without basic auth (covers all future channel integrations)
• Note: Google Chat API now forces the Workspace Add-on framework — legacy standalone bot format is gone. {"text": "..."} and renderActions do NOT work; hostAppDataAction is required.

[Distill] Monitor first auto_distill_long run

• Scheduled for ~April 1 at 04:00
• Manually review inara/MEMORY_LONG.md output before fully trusting
• Adjust distill prompts if needed

[Distill] Distill quality review

• Short/mid/long distill prompts live in cortex/memory_distiller.py
• After first few automatic runs, review quality and tune

[Backend] Intelligent model routing

• Currently hardcoded: Claude default, Gemini fallback
• Future: route by task type (code → Claude, search → Gemini, private → Ollama)
• Future: route by context length (Gemini 2.0 has 1M token context)

---

✅ Completed

[UI] Mobile-friendly header

• Backend toggle, font size, theme buttons moved into ⚙ settings panel
• Header reduced to 4 buttons: Sessions, Files, ⚙, ?
• Committed: mobile_header (2026-03)

[UI] Mobile text input

• flex-direction: column on #input-area at ≤520px
• font-size: 16px on #input (prevents iOS Safari auto-zoom)
• body { height: 100dvh } (handles soft keyboard)
• Committed: 23f8659 (2026-03)

[UI] Auth warning banner

• Claude CLI token expiry check (~/.claude/.credentials.json)
• Gemini CLI auth check (warns only if no refresh_token)
• Dismissible amber/red banner with re-auth instructions
• Committed: fe6561b (2026-03)

[UI] Distill schedule in ⚙ panel

• Shows next_run times for short/mid/long distill jobs
• Fetches from existing /distill/status endpoint

[UI] Help modal collapsible sections

• H2 sections collapse/expand via <details> elements
• Top 4 sections (Header Controls, Chat, Sessions, Notes) open by default

[Backend] Gemini CLI backend

• gemini -p subprocess, streaming output
• Auth check endpoint /auth/status

[Backend] Memory distiller

• APScheduler jobs: distill_short (6h), distill_mid (24h), distill_long (weekly)
• Writes to inara/MEMORY_SHORT.md, MEMORY_MID.md, MEMORY_LONG.md

[Backend] Session logging + file browser

• Sessions saved to inara/sessions/
• Files panel in UI browses inara/ directory

[Backend] Dispatcher core

• FastAPI service with streaming response
• claude -p and gemini -p subprocess backends
• Session context management (rolling window)
• Nextcloud Talk webhook handler