ThinkHaven v-next: plan-grill hero + shareable decision artifact + whole-site handoff (#40)

* research: add Nate Jones briefing + AI communication prompt kit

- docs/research/nate-jones-prompting-to-briefing.md — six-field brief framework, maps to three-mode structure
- docs/research/nate-jones-ai-communication-prompt-kit.md — benchmarks for Assessment, Stress Test, Executive Prep mode quality
- README table updated with both references

Both anchor briefing discipline as a candidate POV alongside Dan Hock's structured exploration thesis.

* docs(strategy): capture ThinkHaven direction and ideation

* feat(plan-grill): add docs-aware method pathway

* chore(planning): remove stale planning artifacts

* docs(ideation): process research inputs

* feat(site): land whole-site handoff U1–U6 + reconcile smoke gate

Verified and committed the in-flight whole-site design handoff (specs in
docs/specs/2026-05-22-product-e2e-handoff):

- U1 dev startup + branded protected-route recovery (next dev de-Turbopacked,
  app/app/layout.tsx recovery state, lib/auth/beta-access.ts)
- U2 Markdown crash fix (MarkdownRenderer className handling) + tests
- U3 mobile guest trial overflow (/try, GuestChatInterface, MessageInput)
- U4 Impeccable anti-pattern residue (bg-ink overlays, full borders)
- U5 pricing/assessment/waitlist copy aligned to artifact→decision→confidence
- U6 expanded public-route smoke (health.spec.ts) + helpers

Smoke gate reconciliation:
- Align app-layout test to shipped recovery copy
- Fix health.spec.ts waitlist heading (exact match vs recovery h1) and
  landing beta-access link assertion (viewport-robust)
- Ignore beta-checklist.spec.ts locally (production suite, run via test:prod)
- Remove sprint-verification.spec.ts (Sprint 0-3, superseded by health.spec.ts)

Gates: build green; lint 104 err/68 warn (no regression vs 107 baseline);
targeted unit suites green; local e2e smoke 46 passed / 2 skipped.

* feat(plan-grill): guest decision-record hero + shareable artifact

Finish the docs-aware plan-grill pathway and ship the hero use-case: a
non-user grills a plan and walks away with a shareable decision artifact,
no signup required.

Plan-grill (Phase 1):
- Add critical-discernment lens framing (critique / user feedback / socratic)
  and a wrap-up nudge toward the decision record in generatePlanGrillSection()
- Authed artifact loop already wired via ArtifactAwareContent (verified)

Guest hero (Phase 2):
- POST /api/chat/guest/artifact synthesizes a decision_record from the guest
  transcript (ClaudeClient.complete, no tools/persona); rate-limited + bounded
- DecisionArtifactDialog (Radix) renders the record with Download / Copy
- "Build my decision record" CTA in the guest header and limit-reached banner

Shareable artifact + API seam (Phase 3):
- Migration 033 public_artifacts (public read-by-token, service-role writes)
- Public POST /api/artifact/share (CORS, rate-limit, validation) — the seam a
  CLI/skill calls; returns /share/<token>
- /share/[token] public page renders the record read-only + plan-grill CTA
- Email lead capture via beta_access (source=plan_grill_artifact); Resend send
  is feature-flagged (RESEND_API_KEY), on-screen link is the guaranteed path
- Authed parity: ArtifactPanel "Create shareable link" button
- /share added to middleware public routes

Tests: share + guest-artifact endpoint unit tests; /share smoke test.
Gates: build green; lint 104 err/68 warn (no regression); unit + e2e smoke green.

* fix(review): address code-review findings on the shareable-artifact surface

From ce-code-review (multi-agent, 11 reviewers) on the v-next hero work:

Security / data:
- P0: drop the public SELECT USING(true) RLS policy on public_artifacts. Reads
  and writes both go through the service-role admin client, so the anon policy
  was unnecessary and exposed lead emails + all artifact content to any holder
  of the NEXT_PUBLIC anon key via PostgREST. RLS now denies the anon role.
- Validate share email with a real regex (was includes('@')) so junk does not
  reach beta_access leads or Resend.

Correctness / contract:
- Share API returns an absolute `absoluteUrl` (CLI/server callers got a bare
  /share/<token> path); derive origin from Origin header or request URL.
- Share API accepts an optional `token` to reuse an existing row, so emailing a
  link after creating one no longer mints a duplicate row + token.
- Guest synthesis: keep the opening plan (first user message) on transcript
  truncation instead of only the tail.
- Guest synthesis: map Anthropic errors (402 credit-exhausted, 429, 5xx) to
  distinct statuses instead of a blanket 500.
- Guest synthesis: add CORS headers + OPTIONS (parity with the share endpoint).
- Synthesis completion gets a 60s timeout (SDK default is 10m).
- Guard the "Build decision record" buttons while a message is still streaming.

Tests: share.test.ts covers absoluteUrl, token reuse (no insert), and malformed
email drop. build green; 128 unit; 48 e2e smoke; lint 104/68 (no new issues).

Surfaced for follow-up (not auto-applied): consolidate the 3 hand-rolled IP
rate limiters onto lib/security/rate-limiter.ts (pitfall #20); gate the email
relay before enabling Resend; durable rate limiting for the unauth synthesis
endpoint; share-token/content CHECK constraints + retention TTL.

Author: hollandkevint