feat(ai): anonymous AI assistant on public shares

Lets an unauthenticated viewer of a published share ask an AI scoped strictly
to that share's page tree. The authenticated agent is untouched; the security
boundary is the tool scope (no identity), and nothing is persisted.

Server:
- workspace toggle settings.ai.publicShareAssistant (default off) +
  optional settings.ai.provider.publicShareChatModel (cheap model id; reuses
  the chat driver/baseUrl/key). getChatModel(workspaceId, override) substitutes
  only the model id, falling back to chatModel.
- POST /api/shares/ai/stream (@Public, SSE). Guardrail funnel, each failing
  before streaming: toggle off -> 404; share missing/wrong-workspace/sharing
  off -> 404; pageId not in share tree -> 404; provider unconfigured -> 503;
  per-IP (5/min) and per-workspace (300/h, IP-independent) rate limits -> 429.
  Uniform 404s never confirm a private page's existence.
- forShare read-only in-process toolset: searchSharePages (existing shareId
  FTS branch, no spaceId/userId), getSharePage (getShareForPage gate +
  share.id check, content via the public sanitizer), listSharePages. No write/
  comment/history/cross-space/external-MCP tools.
- Locked share system prompt + immutable safety block; stepCountIs(5).
- /shares/page-info exposes an aiAssistant flag (gated behind isSharingAllowed).

Client: an ephemeral, text-only Ask-AI widget on the public shared page,
shown only when the flag is set; useChat -> /api/shares/ai/stream,
credentials omit. Admin toggle + model field in Settings -> AI.

Also adds a jest moduleNameMapper for src/-rooted imports (fixes pre-existing
unresolvable specs; additive).

Implements docs/public-share-assistant-plan.md.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

apps/server/src/integrations/ai/ai.service.ts

@@ -32,8 +32,17 @@ export class AiService {
   /**
    * Resolve the workspace config and build the chat language model.
    * Throws AiNotConfiguredException (→ 503) when the config is incomplete.
+   *
+   * `override.chatModel` substitutes ONLY the model id; the driver, baseUrl and
+   * apiKey are ALWAYS reused from the workspace's configured chat provider (the
+   * override is not an isolated provider/key). The public-share assistant uses
+   * this to run the cheap `publicShareChatModel` on the SAME provider. An
+   * empty/blank override falls back to the workspace `chatModel`.
    */
-  async getChatModel(workspaceId: string): Promise<LanguageModel> {
+  async getChatModel(
+    workspaceId: string,
+    override?: { chatModel?: string },
+  ): Promise<LanguageModel> {
     const cfg = await this.aiSettings.resolve(workspaceId);
     if (
       !cfg?.driver ||
@@ -43,6 +52,13 @@ export class AiService {
       throw new AiNotConfiguredException();
     }
 
+    // Effective model id: a non-blank override, else the workspace chatModel.
+    const overrideModel =
+      typeof override?.chatModel === 'string' && override.chatModel.trim()
+        ? override.chatModel.trim()
+        : undefined;
+    const modelId = overrideModel ?? cfg.chatModel;
+
     switch (cfg.driver) {
       case 'openai':
         // baseURL (when set) covers openai-compatible endpoints. Use Chat
@@ -52,13 +68,13 @@ export class AiService {
         // (OpenRouter, etc.) reject on multi-turn requests (history with
         // assistant messages) → 400.
         return createOpenAI({ apiKey: cfg.apiKey, baseURL: cfg.baseUrl }).chat(
-          cfg.chatModel,
+          modelId,
         );
       case 'gemini':
-        return createGoogleGenerativeAI({ apiKey: cfg.apiKey })(cfg.chatModel);
+        return createGoogleGenerativeAI({ apiKey: cfg.apiKey })(modelId);
       case 'ollama':
         // Ollama needs no API key.
-        return createOllama({ baseURL: cfg.baseUrl })(cfg.chatModel);
+        return createOllama({ baseURL: cfg.baseUrl })(modelId);
       default:
         throw new AiNotConfiguredException();
     }