Harden generic Cortex plugin owner context

[100yenadmin]

Summary

Audit follow-up from the Cortex Core Recovery sprint: Company Brain explicit tools are on a safe path in PR #32, but the older generic Cortex memory tools still need hosted multi-tenant owner-hardening.

Finding

The current plugin surface still has generic tools that accept or derive owner_id from config/body selectors for flows such as retrieve, remember, search, ask, contradictions, commitments, and open loops. That is not the path we want for hosted Company Brain or production dashboard-backed multi-tenant use.

Scope

• Make generic Cortex memory/entity/graph tools receive explicit owner-bound context from the host/proxy, or route through HTTP endpoints that resolve owner server-side.
• Do not use shared hosted plugin.storage or config-owner assumptions for multi-tenant pilot data.
• Preserve the Company Brain context bridge as a distinct <company-brain-context> block.
• Keep write/action candidates approval-gated.

Acceptance

• Plugin tests prove generic memory tools cannot override the effective hosted owner with request/body config.
• Company Brain tools continue to preserve citations, insufficient-evidence state, visibility scope, action readiness, and requires-approval metadata.
• A manual OpenClaw smoke can recall memories, list entities, query graph/company context, and not cross tenant/company boundaries.

Related: #31, #32, electricsheephq/electric-sheep#2050.