Add NAVI_AUTH_ENABLED switch for optional auth ...

- Add navi_auth_enabled setting (default true) to navi/config.py and .env.example
- When disabled, treat every request as anonymous admin user (id='anonymous')
- Create/update fixed anonymous navi_users row on startup
- Bypass OAuth/cookie/API-token resolution in navi/auth/deps.py
- Update /auth/status to return {enabled, configured}
- Log security warning on startup when auth is disabled
- Update webclient: skip fetchMe/login screen, show Local mode footer,
  expose /admin link, warn in API keys panel
- Rebuild webclient production bundle
- Add unit and integration tests for no-auth mode
- Update docs: auth.md, config.md, api.md, api_tokens.md, sessions.md,
  websocket.md, mechanics.md, index.md

Co-Authored-By: Claude <noreply@anthropic.com>

Fix default gnauth profile path to /account/profile ...

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Revert "Fix avatar: use Gravatar instead of non-existent profile fields" ...

This reverts commit f485e54.

Fix avatar: use Gravatar instead of non-existent profile fields ...

Investigated gnexus-auth UserinfoController and found that the profile
response only contains: username, display_name, first_name, last_name,
phone, birth_date, country, city, locale, timezone. There is no picture
or avatar_url field.

- Add make_gravatar_url() helper in navi/auth/__init__.py
- Update deps.py to generate Gravatar URL from user email
- Update config.py default gnauth_profile_path to /account/profile
- Update .env.example comment accordingly
- Frontend already handles avatar_url correctly

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Add avatar display and gnexus-auth profile link ...

Backend:
- User model: add avatar_url field
- auth/deps.py: extract avatar_url from auth_user.profile (picture/avatar_url)
- auth.py /auth/me: return avatar_url + computed profile_url
- config.py: add gnauth_profile_path setting
- .env.example: document GNAUTH_PROFILE_PATH

Frontend:
- AppSidebar.vue: show user avatar (or initial fallback) next to name
- Clicking user info opens gnexus-auth profile in new tab
- Rebuild dist/

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Fix DDL race condition and PostgreSQL syntax error on startup ...

- _ensure_auth_tables now uses raw asyncpg.connect instead of get_session_store,
  avoiding PgSessionStore._MIGRATE running before navi_users exists
- Move _ensure_auth_tables before ensure_tables in startup so navi_users is
  created before any foreign-key references
- Replace invalid "ADD CONSTRAINT IF NOT EXISTS" with DO $$ block for
  memory_facts_user_cat_key

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Update deployment docs — PostgreSQL-only, new .env vars, pg_trgm notes ...

- README.md: remove SQLite, add PostgreSQL setup (Ubuntu/Arch/Docker),
  add pg_trgm notes, update .env example
- docs/config.md: remove DB_PATH, add OLLAMA_REQUEST_TIMEOUT / OPENAI_MODEL /
  OPENAI_BASE_URL, update example .env
- .env.example: rewrite with all current variables and comments

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Add Ollama multi-server fallback with in-memory blacklisting ...

- New FallbackOllamaBackend (navi/llm/fallback.py): tries servers and
  models in priority order; on LLMConnectionError blacklists the server
  for the process lifetime, on LLMModelNotFoundError blacklists the
  (server, model) pair — eliminates latency from repeated failed probes
- OllamaBackend now raises typed LLMConnectionError / LLMModelNotFoundError
  instead of bare LLMBackendError; accepts list[str] | str | None for model
- AgentProfile.model changed from str to list[str] (str auto-normalised);
  all profiles updated to ["gemma4:31b-cloud", "gemma4:26b-a4b-it-q4_K_M"]
- New config field OLLAMA_BACKENDS_FILE: path to [{host, api_key?}] JSON;
  when set, registry creates FallbackOllamaBackend instead of OllamaBackend
- ollama_backends.json template added (gitignored — contains API key)
- current_model ContextVar type widened to list[str] | str | None

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Use gemma4 cloud model by default

Support Ollama Cloud API key

SSH connection pooling: per-session, 20-minute TTL ...

- Pool keyed by session_id:host:port:username — parallel sessions share
  no state even when targeting the same server
- Per-key asyncio.Lock prevents concurrent connection creation races
- TTL (20 min) and is_closing() checked on every access; expired/closed
  connections are evicted and replaced transparently
- On disconnect error during command execution: evict + retry once with
  fresh connection
- current_session_id ContextVar (set by Agent before tool calls) is read
  in ssh_exec to build the pool key without changing tool signatures

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Switch all profiles to gemma4:e4b-it-q8_0 ...

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Filesystem tool: unrestricted mode by default ...

FS_ALLOWED_PATHS=* (default) allows any path, consistent with terminal.
Path check is now lazy (per-request) instead of module-level,
so config is always fresh after restart.
~ expansion added.

Unrestricted terminal mode and SSH tool ...

- Terminal: TERMINAL_ALLOWED_COMMANDS=* (default) runs via shell,
  supports pipes, redirects, subshells; allowlist mode still available
- FS_ALLOWED_PATHS expanded to cover /home /etc /var /opt
- New ssh_exec tool: execute commands on remote hosts via asyncssh,
  supports named connections (ssh_hosts.json) and inline user@host
- ssh_hosts.json gitignored, ssh_hosts.json.example added as reference
- ssh_exec added to server_admin and smart_home profiles

Initial implementation of the agent system core ...

- FastAPI server with REST API and WebSocket streaming
- Modular LLM backend abstraction (Ollama implemented, OpenAI stub)
- Tool system: web_search (ddgs), filesystem, http_request, code_exec, terminal
- Agent profiles: smart_home, server_admin, secretary
- Tool-calling loop with concurrent tool execution
- In-memory session store with SessionStore ABC for future persistence
- Registry pattern for tools, profiles, and backends
- Orchestrator stub as foundation for multi-agent scenarios