phase G: data minimisation + passwordless auth + DeepSeek-first LLM

Server no longer holds portfolios. Holdings live in the browser
(localStorage); the server publishes an anonymous ticker_universe and a
gzipped /api/universe payload identical for every authenticated user, so
access patterns can't betray which tickers a user holds. AI commentary
is generated ephemerally from the browser-supplied pie and the cost
ledger row records no positions. Migrations 0009-0011 added the
universe table and dropped positions / portfolio_snapshots /
portfolios.

Authentication is now e-mail OTP only. Migration 0010 dropped
password_hash and email_verified (every active session is by
construction proof of email control). The /signup endpoint is gone;
signup and login share a single email-entry page. Email rendering is
HTML+plain-text multipart with a shared brand palette (app/branding.py)
asserted in sync with the CSS by a drift-detection test.

LLM provider defaults to DeepSeek-direct (cheaper, api.deepseek.com)
with OpenRouter as automatic fallback if DeepSeek fails. ai_log_job and
indicator_summary_job now iterate the two tones (NOVICE, INTERMEDIATE)
per cycle so the dashboard's tone toggle is instant; PROMPT_VERSION
bumped to 6 with an educational anti-TA / anti-gambling stance baked
into _CORE. NOVICE mode renders a curated glossary inline (CBOE VIX,
yield curve, HY OAS, etc.) with JS-positioned tooltips that survive
viewport edges and sticky bars. Model name and tokens hidden from the
user UI; still recorded in StrategicLog.model and AICall for admin.

Layout adds a sticky top nav, a sticky bottom markets bar (one chip per
exchange with status LED + headline index + 1d change), and
Phase H feedback reporting is queued in tasks/todo.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

app/jobs/news_job.py

@@ -11,7 +11,7 @@ from sqlalchemy.dialects.mysql import insert as mysql_insert
 
 from app.db import utcnow
 from app.jobs._helpers import job_lifecycle, log
-from app.models import Feed, Headline, Portfolio, PortfolioSnapshot, Position
+from app.models import Feed, Headline, InstrumentMap, TickerUniverse
 from app.services.news import dedupe, fetch_feed, fetch_yahoo_news
 
 
@@ -42,20 +42,20 @@ async def run() -> None:
             await session.execute(select(Feed).where(Feed.enabled == True))
         ).scalars().all()
 
-        # Portfolio tickers + names now come from the latest T212 snapshot,
-        # not from TOML. The (ticker, name) pair lets fetch_yahoo_news skip
-        # the chart-meta round-trip and use the proper company name directly.
-        latest_snap_id = (await session.execute(
-            select(PortfolioSnapshot.id)
-            .order_by(desc(PortfolioSnapshot.snapshot_at))
-            .limit(1)
-        )).scalar_one_or_none()
+        # Per-ticker news: pull every Yahoo ticker in the anonymous
+        # universe (Phase G), pair each with its display name from
+        # instrument_map when available. No per-user attribution.
+        uni_tickers = (await session.execute(
+            select(TickerUniverse.yahoo_ticker)
+        )).scalars().all()
         ticker_pairs: list[tuple[str, str]] = []
-        if latest_snap_id is not None:
-            positions = (await session.execute(
-                select(Position).where(Position.snapshot_id == latest_snap_id)
-            )).scalars().all()
-            ticker_pairs = [(p.ticker, p.name or p.ticker) for p in positions]
+        if uni_tickers:
+            name_rows = (await session.execute(
+                select(InstrumentMap.yahoo_ticker, InstrumentMap.name)
+                .where(InstrumentMap.yahoo_ticker.in_(uni_tickers))
+            )).all()
+            names = {y: n for y, n in name_rows if y}
+            ticker_pairs = [(t, names.get(t) or t) for t in uni_tickers]
 
         async with httpx.AsyncClient(follow_redirects=True) as client:
             feed_results = await asyncio.gather(