feat(ai): anonymous AI assistant on public shares

Lets an unauthenticated viewer of a published share ask an AI scoped strictly
to that share's page tree. The authenticated agent is untouched; the security
boundary is the tool scope (no identity), and nothing is persisted.

Server:
- workspace toggle settings.ai.publicShareAssistant (default off) +
  optional settings.ai.provider.publicShareChatModel (cheap model id; reuses
  the chat driver/baseUrl/key). getChatModel(workspaceId, override) substitutes
  only the model id, falling back to chatModel.
- POST /api/shares/ai/stream (@Public, SSE). Guardrail funnel, each failing
  before streaming: toggle off -> 404; share missing/wrong-workspace/sharing
  off -> 404; pageId not in share tree -> 404; provider unconfigured -> 503;
  per-IP (5/min) and per-workspace (300/h, IP-independent) rate limits -> 429.
  Uniform 404s never confirm a private page's existence.
- forShare read-only in-process toolset: searchSharePages (existing shareId
  FTS branch, no spaceId/userId), getSharePage (getShareForPage gate +
  share.id check, content via the public sanitizer), listSharePages. No write/
  comment/history/cross-space/external-MCP tools.
- Locked share system prompt + immutable safety block; stepCountIs(5).
- /shares/page-info exposes an aiAssistant flag (gated behind isSharingAllowed).

Client: an ephemeral, text-only Ask-AI widget on the public shared page,
shown only when the flag is set; useChat -> /api/shares/ai/stream,
credentials omit. Admin toggle + model field in Settings -> AI.

Also adds a jest moduleNameMapper for src/-rooted imports (fixes pre-existing
unresolvable specs; additive).

Implements docs/public-share-assistant-plan.md.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

apps/client/src/features/share/components/share-ai-widget.tsx

@@ -0,0 +1,230 @@
+import { useMemo, useRef, useState } from "react";
+import { generateId } from "ai";
+import {
+  ActionIcon,
+  Affix,
+  Alert,
+  Box,
+  Group,
+  Paper,
+  ScrollArea,
+  Stack,
+  Text,
+  Textarea,
+  Tooltip,
+} from "@mantine/core";
+import {
+  IconAlertTriangle,
+  IconArrowUp,
+  IconSparkles,
+  IconX,
+} from "@tabler/icons-react";
+import { useTranslation } from "react-i18next";
+import { useChat, type UIMessage } from "@ai-sdk/react";
+import { DefaultChatTransport } from "ai";
+
+interface ShareAiWidgetProps {
+  /** The share id (or key) the assistant is scoped to. */
+  shareId: string;
+  /** The page the reader currently has open (context for "this page"). */
+  pageId: string;
+}
+
+/** Concatenate the visible text parts of a UIMessage. */
+function messageText(message: UIMessage): string {
+  return (message.parts ?? [])
+    .filter(
+      (p): p is { type: "text"; text: string } =>
+        p?.type === "text" && typeof (p as { text?: string }).text === "string",
+    )
+    .map((p) => p.text)
+    .join("");
+}
+
+/**
+ * Lightweight, EPHEMERAL "Ask AI" widget for a public shared page.
+ *
+ * A stripped version of the authenticated chat: text input only, no chat list,
+ * no history, no persistence, no voice input. The transcript lives only in
+ * memory (this component's `useChat` store) and is sent with `credentials:
+ * "omit"` to the anonymous `/api/shares/ai/stream` endpoint. The server stores
+ * nothing.
+ */
+export default function ShareAiWidget({ shareId, pageId }: ShareAiWidgetProps) {
+  const { t } = useTranslation();
+  const [open, setOpen] = useState(false);
+  const [input, setInput] = useState("");
+
+  // Stable per-mount store key (see ai-chat ChatThread for the rationale on why
+  // useChat needs a stable, non-undefined id to avoid re-creating its store).
+  const storeIdRef = useRef<string>(`share-ai-${generateId()}`);
+
+  const transport = useMemo(
+    () =>
+      new DefaultChatTransport<UIMessage>({
+        api: "/api/shares/ai/stream",
+        // Anonymous endpoint: never send cookies/credentials.
+        credentials: "omit",
+        prepareSendMessagesRequest: ({ messages, body }) => ({
+          body: {
+            ...body,
+            shareId,
+            pageId,
+            messages,
+          },
+        }),
+      }),
+    [shareId, pageId],
+  );
+
+  const { messages, sendMessage, status, stop, error } = useChat({
+    id: storeIdRef.current,
+    transport,
+  });
+
+  const isStreaming = status === "submitted" || status === "streaming";
+
+  const handleSend = () => {
+    const text = input.trim();
+    if (!text || isStreaming) return;
+    setInput("");
+    void sendMessage({ text });
+  };
+
+  if (!open) {
+    return (
+      <Affix position={{ bottom: 20, right: 20 }}>
+        <Tooltip label={t("Ask AI")} position="left">
+          <ActionIcon
+            size="xl"
+            radius="xl"
+            variant="filled"
+            aria-label={t("Ask AI")}
+            onClick={() => setOpen(true)}
+          >
+            <IconSparkles size={22} />
+          </ActionIcon>
+        </Tooltip>
+      </Affix>
+    );
+  }
+
+  return (
+    <Affix position={{ bottom: 20, right: 20 }}>
+      <Paper
+        shadow="md"
+        radius="md"
+        withBorder
+        style={{
+          width: 360,
+          maxWidth: "calc(100vw - 40px)",
+          height: 480,
+          maxHeight: "calc(100vh - 40px)",
+          display: "flex",
+          flexDirection: "column",
+        }}
+      >
+        <Group
+          justify="space-between"
+          p="xs"
+          style={{ borderBottom: "1px solid var(--mantine-color-default-border)" }}
+        >
+          <Group gap="xs">
+            <IconSparkles size={18} />
+            <Text fw={600} size="sm">
+              {t("Ask AI")}
+            </Text>
+          </Group>
+          <ActionIcon
+            variant="subtle"
+            aria-label={t("Close")}
+            onClick={() => setOpen(false)}
+          >
+            <IconX size={18} />
+          </ActionIcon>
+        </Group>
+
+        <ScrollArea style={{ flex: 1 }} p="sm" scrollbarSize={6} type="scroll">
+          {messages.length === 0 ? (
+            <Text size="sm" c="dimmed" ta="center" mt="lg">
+              {t("Ask a question about this documentation.")}
+            </Text>
+          ) : (
+            <Stack gap="sm">
+              {messages.map((message) => (
+                <Box
+                  key={message.id}
+                  style={{
+                    alignSelf:
+                      message.role === "user" ? "flex-end" : "flex-start",
+                    maxWidth: "85%",
+                  }}
+                >
+                  <Paper
+                    p="xs"
+                    radius="md"
+                    bg={
+                      message.role === "user"
+                        ? "var(--mantine-color-blue-light)"
+                        : "var(--mantine-color-default-hover)"
+                    }
+                  >
+                    <Text size="sm" style={{ whiteSpace: "pre-wrap" }}>
+                      {messageText(message) ||
+                        (isStreaming ? t("Thinking…") : "")}
+                    </Text>
+                  </Paper>
+                </Box>
+              ))}
+            </Stack>
+          )}
+
+          {error && (
+            <Alert
+              variant="light"
+              color="red"
+              icon={<IconAlertTriangle size={16} />}
+              mt="sm"
+              title={t("Something went wrong")}
+            >
+              {t("The assistant is unavailable right now. Please try again.")}
+            </Alert>
+          )}
+        </ScrollArea>
+
+        <Group
+          gap="xs"
+          p="xs"
+          align="flex-end"
+          style={{ borderTop: "1px solid var(--mantine-color-default-border)" }}
+        >
+          <Textarea
+            style={{ flex: 1 }}
+            autosize
+            minRows={1}
+            maxRows={4}
+            placeholder={t("Ask a question…")}
+            value={input}
+            onChange={(e) => setInput(e.currentTarget.value)}
+            onKeyDown={(e) => {
+              if (e.key === "Enter" && !e.shiftKey) {
+                e.preventDefault();
+                handleSend();
+              }
+            }}
+          />
+          <ActionIcon
+            size="lg"
+            radius="xl"
+            variant="filled"
+            aria-label={isStreaming ? t("Stop") : t("Send")}
+            onClick={isStreaming ? () => stop() : handleSend}
+            disabled={!isStreaming && input.trim().length === 0}
+          >
+            {isStreaming ? <IconX size={18} /> : <IconArrowUp size={18} />}
+          </ActionIcon>
+        </Group>
+      </Paper>
+    </Affix>
+  );
+}

apps/client/src/features/share/types/share.types.ts

@@ -42,6 +42,9 @@ export interface ISharedPage extends IShare {
     sharedPage: { id: string; slugId: string; title: string; icon: string };
   };
   features?: string[];
+  // Whether the anonymous public-share AI assistant is enabled for the
+  // workspace (server-resolved). Gates the "Ask AI" widget.
+  aiAssistant?: boolean;
 }
 
 export interface IShareForPage extends IShare {

apps/client/src/features/workspace/components/settings/components/ai-provider-settings.tsx

@@ -44,6 +44,8 @@ import AiMcpServers from "./ai-mcp-servers.tsx";
 // (empty means "leave unchanged" unless explicitly cleared).
 const formSchema = z.object({
   chatModel: z.string(),
+  // Cheap model id for the anonymous public-share assistant; empty = use chatModel.
+  publicShareChatModel: z.string(),
   embeddingModel: z.string(),
   baseUrl: z.string(),
   // Embedding-specific base URL. Empty means "use the chat base URL".
@@ -114,9 +116,17 @@ export default function AiProviderSettings() {
   const [dictationEnabled, setDictationEnabled] = useState<boolean>(
     workspace?.settings?.ai?.dictation ?? false,
   );
+  const [publicShareAssistantEnabled, setPublicShareAssistantEnabled] =
+    useState<boolean>(
+      workspace?.settings?.ai?.publicShareAssistant ?? false,
+    );
   const [chatToggleLoading, setChatToggleLoading] = useState(false);
   const [searchToggleLoading, setSearchToggleLoading] = useState(false);
   const [dictationToggleLoading, setDictationToggleLoading] = useState(false);
+  const [
+    publicShareAssistantToggleLoading,
+    setPublicShareAssistantToggleLoading,
+  ] = useState(false);
 
   // Whether a key is currently stored server-side (drives the placeholder).
   const [hasApiKey, setHasApiKey] = useState(false);
@@ -136,6 +146,7 @@ export default function AiProviderSettings() {
     validate: zod4Resolver(formSchema),
     initialValues: {
       chatModel: "",
+      publicShareChatModel: "",
       embeddingModel: "",
       baseUrl: "",
       embeddingBaseUrl: "",
@@ -155,6 +166,7 @@ export default function AiProviderSettings() {
     if (!settings) return;
     form.setValues({
       chatModel: settings.chatModel ?? "",
+      publicShareChatModel: settings.publicShareChatModel ?? "",
       embeddingModel: settings.embeddingModel ?? "",
       baseUrl: settings.baseUrl ?? "",
       embeddingBaseUrl: settings.embeddingBaseUrl ?? "",
@@ -181,6 +193,9 @@ export default function AiProviderSettings() {
       // Everything is OpenAI-compatible.
       driver: "openai",
       chatModel: values.chatModel,
+      // Cheap model id for the anonymous public-share assistant; empty falls
+      // back to chatModel server-side.
+      publicShareChatModel: values.publicShareChatModel,
       embeddingModel: values.embeddingModel,
       // The embedding base URL is optional; empty falls back to the chat base
       // URL server-side.
@@ -344,6 +359,37 @@ export default function AiProviderSettings() {
     }
   }
 
+  // Optimistic toggle for the anonymous public-share AI assistant
+  // (settings.ai.publicShareAssistant). When off, the public endpoint 404s.
+  async function handleTogglePublicShareAssistant(value: boolean) {
+    setPublicShareAssistantToggleLoading(true);
+    const previous = publicShareAssistantEnabled;
+    setPublicShareAssistantEnabled(value);
+    try {
+      const updated = await updateWorkspace({
+        aiPublicShareAssistant: value,
+      });
+      setWorkspace({
+        ...updated,
+        settings: {
+          ...updated.settings,
+          ai: { ...updated.settings?.ai, publicShareAssistant: value },
+        },
+      });
+      notifications.show({ message: t("Updated successfully") });
+    } catch (err) {
+      setPublicShareAssistantEnabled(previous);
+      const message = (err as { response?: { data?: { message?: string } } })
+        ?.response?.data?.message;
+      notifications.show({
+        message: message ?? t("Failed to update data"),
+        color: "red",
+      });
+    } finally {
+      setPublicShareAssistantToggleLoading(false);
+    }
+  }
+
   // Admins only — match the previous behavior.
   if (!isAdmin) {
     return (
@@ -455,6 +501,39 @@ export default function AiProviderSettings() {
           {t("Resolves to {{url}}", { url: chatResolved })}
         </Text>
 
+        {/* Anonymous public-share assistant: a single master toggle + an
+            optional cheaper model id. Reuses this card's driver/URL/key. */}
+        <Group justify="space-between" align="center" wrap="nowrap" mt="md">
+          <Text fw={600} size="sm">
+            {t("Public share assistant")}
+          </Text>
+          <Switch
+            label={t("Enabled")}
+            labelPosition="left"
+            checked={publicShareAssistantEnabled}
+            disabled={publicShareAssistantToggleLoading}
+            onChange={(e) =>
+              handleTogglePublicShareAssistant(e.currentTarget.checked)
+            }
+          />
+        </Group>
+        <Text size="xs" c="dimmed" mt={4} mb="xs">
+          {t(
+            "Let anonymous visitors of public shares ask an AI assistant scoped to that share's pages. You pay for the tokens.",
+          )}
+        </Text>
+        <TextInput
+          label={t("Public assistant model")}
+          placeholder={t("Defaults to the chat model")}
+          disabled={isLoading || !publicShareAssistantEnabled}
+          {...form.getInputProps("publicShareChatModel")}
+        />
+        <Text size="xs" c="dimmed" mt={4}>
+          {t(
+            "Optional cheaper model id for the public assistant. Empty uses the chat model above.",
+          )}
+        </Text>
+
         <Group mt="md" align="center">
           <Button
             variant="default"

apps/client/src/features/workspace/services/ai-settings-service.ts

@@ -16,6 +16,8 @@ export type SttApiStyle = "multipart" | "json";
 export interface IAiSettings {
   driver?: AiDriver;
   chatModel?: string;
+  // Cheap model id for the anonymous public-share assistant; empty = chatModel.
+  publicShareChatModel?: string;
   embeddingModel?: string;
   baseUrl?: string;
   embeddingBaseUrl?: string;
@@ -42,6 +44,7 @@ export interface IAiSettings {
 export interface IAiSettingsUpdate {
   driver?: AiDriver;
   chatModel?: string;
+  publicShareChatModel?: string;
   embeddingModel?: string;
   baseUrl?: string;
   embeddingBaseUrl?: string;

apps/client/src/features/workspace/types/workspace.types.ts

@@ -25,6 +25,7 @@ export interface IWorkspace {
   mcpEnabled?: boolean;
   aiChat?: boolean;
   aiDictation?: boolean;
+  aiPublicShareAssistant?: boolean;
   trashRetentionDays?: number;
   restrictApiToAdmins?: boolean;
   allowMemberTemplates?: boolean;
@@ -48,6 +49,7 @@ export interface IWorkspaceAiSettings {
   mcp?: boolean;
   chat?: boolean;
   dictation?: boolean;
+  publicShareAssistant?: boolean;
 }
 
 export interface IWorkspaceSharingSettings {