new file mode 100644
index 0000000..1cff185
@@ -0,0 +1,129 @@
+---
+visibility: public
+---
+
+# Cortex inheritance map
+
+**Pinned to:** `IdeaFlowCo/cortex @ e93bf8c` (2026-04-23, GitHub latest as of verification run)
+**Previous pin:** `e55f129` (2026-04-23 earlier) — superseded. Delta since: `e93bf8c` docs(plan): OpenClaw gateway lifecycle alignment design. Non-breaking for picortex inheritance.
+
+## Research-ingestion cutoff
+
+**Do NOT mine Cortex commits before `af3a76f5` (2026-01-26, Tejas DC, "Implement Fly.io workspace infrastructure").**
+
+That commit marks the introduction of containerized workspaces. Everything before it is the **Piyush Jha era** (9 commits, 2026-01-20 → 2026-01-23): EC2 + SSH + Vercel + direct workspace access. That architecture was replaced wholesale and is not the source-of-truth for any pattern picortex uses.
+
+Concretely:
+
+- Pre-cutoff commits: `238052c4` → `d2d6a534` (Jan 20-23, 2026) — **SKIP**
+- Post-cutoff commits: `af3a76f5` (Jan 26, 2026) onward — **OK to ingest**
+
+Future Cortex diff-reviews (quarterly) must start from at least `af3a76f5`, ideally from the latest pinned SHA above. If a grep across Cortex turns up a Piyush-era file that still exists, it's a leftover — don't treat it as canonical.
+
+### Why this matters
+
+picortex's threat model, isolation model, and architectural language all descend from the containerized-workspace era. Reading Piyush's EC2 implementation would teach agents patterns that conflict with every current picortex ADR. Worse, it's a time sink: 9 commits of now-dead architecture.
+
+### Verification query
+
+```bash
+# Agents ingesting Cortex should filter commits since the cutoff:
+git -C ~/code/cortex log --since="2026-01-26" --all --oneline
+# Or by SHA reachability:
+git -C ~/code/cortex log af3a76f5..HEAD --oneline
+```
+**Primary source:** `~/code/cortex/docs/future-plans/texting-bot-groups/requirements.md`
+**Legend:** adopt • adapt • reject • defer
+
+When Cortex updates R-numbers or adds new Rs, this map is re-reviewed at the quarterly checkpoint. Adoption decisions cite specific picortex files where the implementation lives (or will live).
+
+## R1 — Bot as primary surface
+
+| # | Cortex text (paraphrase) | picortex decision | Notes |
+|---|---|---|---|
+| R1.1 | Bot is the main UI; web is supplementary | **adopt** | |
+| R1.2 | DM with bot = personal agent | **adopt** | iMessage 1:1 = picortex personal chat |
+| R1.3 | Group with bot = group agent | **adopt** | iMessage group with bot = group chat |
+
+## R2 — Workspace identity
+
+| # | Cortex | picortex | Notes |
+|---|---|---|---|
+| R2.1 | Each chat has own filesystem keyed on durable chat ID | **adapt** | Same invariant; Linux user instead of Docker container. [ADR-0002](../adrs/0002-linux-users-over-docker.md) |
+| R2.2 | Workspace survives restart | **adopt** | home dir persists |
+
+## R3 — Lifecycle
+
+| # | Cortex | picortex | Notes |
+|---|---|---|---|
+| R3.1 | Eager provisioning + warm pool | **adapt** | Eager yes; warm pool deferred to S6 |
+| R3.2 | Idle hibernation | **adopt** | 7 days |
+| R3.3 | 7-day destroy-but-keep-volume | **adapt** | 30-day archive-then-delete |
+
+## R4 — Attention gating
+
+| # | Cortex | picortex | Notes |
+|---|---|---|---|
+| R4.1 | Modes: always / mentions-only / discriminate / discriminate-quiet / silent | **adopt** | [Spec 005](../specs/005-attention-gating.md) |
+| R4.2 | Rules-first then LLM | **adopt** | |
+| R4.3 | Discriminator prompt is git-versioned `.cortex/prompts/discriminator.md` | **adapt** | Rename to `.picortex/` |
+
+## R5 — Backend authority
+
+| # | Cortex | picortex | Notes |
+|---|---|---|---|
+| R5.1 | Backend = canonical log; container cache only | **adopt** | SQLite instead of Cortex's DB |
+| R5.2 | Container can't authorize | **adopt** | |
+| R5.3 | Message edits / deletes are backend ops | **adopt** | |
+| R5.4 | Cross-chat ops need out-of-band challenge | **adopt** | |
+| R5.5 | Challenge is a DM reply | **adopt** | [Spec 009](../specs/) pending |
+| R5.6 | Never trust workspace-declared user identity | **adopt** | |
+
+## R6 — MCP cross-chat tools
+
+| # | Cortex | picortex | Notes |
+|---|---|---|---|
+| R6.* | `listMyChats`, `readChatTranscript`, `searchChat`, etc. | **defer** | Not in v0.1 |
+
+## R7 — Sharing bridge
+
+| # | Cortex | picortex | Notes |
+|---|---|---|---|
+| R7.1 | Personal→shared v1 | **adopt** | [Stage S9](../plans/2026-04-23-initial-roadmap.md#s9) |
+| R7.2 | Shared→personal v2 | **defer** | |
+| R7.3 | Every op = BridgeEvent row | **adopt** | |
+
+## R8 — Identity
+
+| # | Cortex | picortex | Notes |
+|---|---|---|---|
+| R8.1 | Phone as primary; SMS OTP login | **adapt** | Jacob's phone is the only admin; no OTP yet |
+| R8.2 | Email optional | **defer** | |
+| R8.3 | Per-chat scoped tokens | **adopt** | Noos OAuth scopes for web UI |
+| R8.4 | N groups = N tokens | **adopt** | |
+
+## R9 — Linq channel
+
+| # | Cortex | picortex | Notes |
+|---|---|---|---|
+| R9.1 | HMAC-SHA256 `{t}.{body}` on inbound | **adopt** | Identical |
+| R9.2 | 5-min skew, replay guard | **adopt** | |
+| R9.3 | Normalize Linq → internal event shape | **adopt** | |
+| R9.4 | Outbound retry with idempotency | **adopt** | |
+
+## R10–R19 — other
+
+Covered in the Cortex docs but not crystallized here. When picortex implements a subsystem, the PR adds a row above.
+
+## Divergences (major)
+
+| Picortex choice | Cortex equivalent | Why |
+|---|---|---|
+| Linux user per chat | Docker container per chat | Spin-up latency, resource cost |
+| SQLite | Postgres | Single-user simplicity |
+| No dashboard, just per-chat web terminal | Session management dashboard | Explicit user directive |
+| Mobile-first UI from day 1 | Desktop-first, mobile responsive | Jacob's use case is phone-led |
+
+## Upstream contributions
+
+- linq-sim thread/reply support (Stage S2) — picortex improves the shared simulator; PR goes back to IdeaFlowCo/cortex.
\ No newline at end of file