Multi-user: per-user isolation + agent ownership/sharing + access levels

[jaylfc]

Scoping captured 2026-06-03. Finish the modularity refactors first, then brainstorm this properly (brainstorm -> spec -> plan).

Already works (no action)

• Multi-user login (auth.py /auth/login + first-run /auth/setup).
• Admin account creation in Settings (SettingsApp/UsersPanel.tsx -> POST /auth/users, 8-digit invite-code flow), is_admin role, profile edit / password reset / delete.

Gaps to design + build

1. Per-user isolation (foundation). routes/user_memory.py and routes/chat.py hardcode USER_ID = "user"; agents (config.agents), secrets, and channels are global to the host with no user_id/owner. Stores need to key on the real session user.
2. Agent ownership model. Agents have no owner/shared_with. Add ownership + a sharing mechanism.
3. Graduated access levels. No per-user/per-agent access concept today (only the can_read_user_memory capability flag). Decide granularity (view / use / edit / manage / share).
4. Admin delegation. Admin assigns/shares agents to specific users and can manage agents on their behalf.
5. Data migration. Migrate today's single-user/global data into the (user_id, …) model without breaking existing installs.

Design questions for the brainstorm

• Ownership + shared_with list vs full RBAC roles?
• What are the access levels, exactly?
• How does 'admin manages an agent for a user' surface in the UI (the Users panel? the Agents app)?
• Visibility filtering at the route layer + session-user propagation everywhere.

Relates to multi-user separation intent. Sequenced after B3-B7 refactors.