feat(ai-chat): per-user AI agent backend — LLM config, read-only agent, provenance schema

WIP checkpoint of the gitmost AI-chat backend (plan stages A + B1 + B3a).
The agent acts under the requesting user's JWT (Docmost CASL enforces page
access); the external service-account /mcp endpoint is untouched.

LLM provider config (A2-A4):
- integrations/crypto: AES-256-GCM SecretBoxService (key derived from APP_SECRET,
  per-record salt/iv; clear error on rotation instead of crashing).
- ai_provider_credentials table/repo/types: encrypted API key stored outside
  workspace settings/baseFields, write-only (never returned by any endpoint).
- integrations/ai: per-workspace AI SDK v6 provider driver (openai/gemini/ollama),
  admin-gated GET(masked)/PATCH(write-only key)/Test endpoints; settings.ai.provider
  holds non-secret config incl. systemPrompt. Removed unused AI_* env getters (DB is
  the single source of truth).

Chat module (A1, A5-A8):
- ai_chats/ai_chat_messages repos (workspace-scoped, soft-delete, tsv never selected).
- core/ai-chat: CRUD + POST /ai-chat/stream (Fastify hijack + AI SDK v6
  pipeUIMessageStreamToResponse, abort on disconnect, persist user/assistant msgs).
- Agent loop: streamText + stepCountIs(8); read tools searchPages/getPage via a
  per-request DocmostClient over loopback REST under the user's minted access token.
- Gate settings.ai.chat (+ 503 when provider unconfigured); buildSystemPrompt with a
  non-removable safety/anti-prompt-injection framework. Per-user rate limit.

Per-user auth (B1):
- @docmost/mcp DocmostClient gains an additive getToken variant (carry a user JWT,
  re-fetch on 401) and exports DocmostClient; the email/password service-account path
  (external /mcp, stdio) is unchanged.

Agent-edit provenance backbone (B3a):
- Migration: pages/page_history (last_updated_source, last_updated_ai_chat_id) and
  comments (created_source, ai_chat_id, resolved_source).
- Signed actor/aiChatId claim in the collab token; onAuthenticate propagates it,
  onStoreDocument writes it with a sticky agent marker, saveHistory copies it.

Migrations auto-run on boot (additive). Write tools, frontend, RAG and external MCP
servers are not in this checkpoint.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

apps/server/src/integrations/environment/environment.service.ts

@@ -278,56 +278,9 @@ export class EnvironmentService {
       .toLowerCase();
   }
 
-  getAiDriver(): string {
-    return this.configService.get<string>('AI_DRIVER');
-  }
-
-  getAiEmbeddingModel(): string {
-    return this.configService.get<string>('AI_EMBEDDING_MODEL');
-  }
-
-  getAiCompletionModel(): string {
-    return this.configService.get<string>('AI_COMPLETION_MODEL');
-  }
-
-  getAiChatModel(): string {
-    return (
-      this.configService.get<string>('AI_CHAT_MODEL') ||
-      this.configService.get<string>('AI_COMPLETION_MODEL')
-    );
-  }
-
-  getAiEmbeddingDimension(): number {
-    return parseInt(
-      this.configService.get<string>('AI_EMBEDDING_DIMENSION'),
-      10,
-    );
-  }
-
-  getAiEmbeddingSupportsMrl(): boolean | undefined {
-    const val = this.configService.get<string>('AI_EMBEDDING_SUPPORTS_MRL');
-    if (val === undefined || val === null || val === '') return undefined;
-    return val === 'true';
-  }
-
-  getOpenAiApiKey(): string {
-    return this.configService.get<string>('OPENAI_API_KEY');
-  }
-
-  getOpenAiApiUrl(): string {
-    return this.configService.get<string>('OPENAI_API_URL');
-  }
-
-  getGeminiApiKey(): string {
-    return this.configService.get<string>('GEMINI_API_KEY');
-  }
-
-  getOllamaApiUrl(): string {
-    return this.configService.get<string>(
-      'OLLAMA_API_URL',
-      'http://localhost:11434',
-    );
-  }
+  // NOTE: AI_*/OPENAI_*/GEMINI_*/OLLAMA_* env getters were removed (D8/§14[M3]):
+  // provider/model/key config now lives solely in workspace settings +
+  // ai_provider_credentials, with no env fallback. APP_SECRET stays (getAppSecret).
 
   getEventStoreDriver(): string {
     return this.configService