phase G: data minimisation + passwordless auth + DeepSeek-first LLM

Server no longer holds portfolios. Holdings live in the browser
(localStorage); the server publishes an anonymous ticker_universe and a
gzipped /api/universe payload identical for every authenticated user, so
access patterns can't betray which tickers a user holds. AI commentary
is generated ephemerally from the browser-supplied pie and the cost
ledger row records no positions. Migrations 0009-0011 added the
universe table and dropped positions / portfolio_snapshots /
portfolios.

Authentication is now e-mail OTP only. Migration 0010 dropped
password_hash and email_verified (every active session is by
construction proof of email control). The /signup endpoint is gone;
signup and login share a single email-entry page. Email rendering is
HTML+plain-text multipart with a shared brand palette (app/branding.py)
asserted in sync with the CSS by a drift-detection test.

LLM provider defaults to DeepSeek-direct (cheaper, api.deepseek.com)
with OpenRouter as automatic fallback if DeepSeek fails. ai_log_job and
indicator_summary_job now iterate the two tones (NOVICE, INTERMEDIATE)
per cycle so the dashboard's tone toggle is instant; PROMPT_VERSION
bumped to 6 with an educational anti-TA / anti-gambling stance baked
into _CORE. NOVICE mode renders a curated glossary inline (CBOE VIX,
yield curve, HY OAS, etc.) with JS-positioned tooltips that survive
viewport edges and sticky bars. Model name and tokens hidden from the
user UI; still recorded in StrategicLog.model and AICall for admin.

Layout adds a sticky top nav, a sticky bottom markets bar (one chip per
exchange with status LED + headline index + 1d change), and
Phase H feedback reporting is queued in tasks/todo.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

app/services/csv_import.py

@@ -1,19 +1,15 @@
-"""Defensive parser for Trading 212 pie-export CSVs + writer that persists
-the parsed pie into PortfolioSnapshot/Position rows.
+"""Defensive parser for Trading 212 pie-export CSVs.
 
-The parser is pure: no DB, no HTTP, no I/O. The writer (`persist_pie`)
-takes a ParsedPie and resolves each position's Slice via InstrumentMap
-to find its Yahoo ticker + canonical name before persisting.
+The parser is pure: no DB, no HTTP, no I/O. Returns a ParsedPie that
+`/api/portfolio/parse` ships to the browser; in Phase G the browser
+keeps the pie in localStorage and the server keeps only the anonymous
+ticker_universe.
 """
 from __future__ import annotations
 
 import csv
 import io
 from dataclasses import dataclass
-from typing import TYPE_CHECKING
-
-if TYPE_CHECKING:
-    from sqlalchemy.ext.asyncio import AsyncSession
 
 
 class CSVImportError(ValueError):
@@ -200,96 +196,7 @@ def parse_t212_csv(content: str | bytes) -> ParsedPie:
     )
 
 
-# --- Persist parsed pie into portfolio/snapshot/positions -------------------
-
-
-@dataclass
-class PersistResult:
-    portfolio_id: int
-    snapshot_id: int
-    positions_written: int
-    unmapped_slices: list[str]    # slices we couldn't resolve to a Yahoo ticker
-    portfolio_name: str
-    is_new_portfolio: bool
-
-
-async def persist_pie(
-    session: "AsyncSession",
-    pie: ParsedPie,
-    *,
-    portfolio_name: str | None = None,
-    source: str = "t212-csv",
-    currency: str = "GBP",
-) -> PersistResult:
-    """Write a ParsedPie into Portfolio/PortfolioSnapshot/Position.
-
-    - Portfolio is created on first sight of a given name; subsequent uploads
-      stack as new snapshots under the same portfolio.
-    - Each position's Slice is resolved to a T212 ticker + name via the
-      InstrumentMap. Unmapped slices still get stored using their raw CSV
-      values; we collect them in `unmapped_slices` for the UI to surface.
-    """
-    # Late imports keep this module dependency-light for unit tests.
-    from sqlalchemy import select
-
-    from app.db import utcnow
-    from app.models import Portfolio, PortfolioSnapshot, Position
-    from app.services.instrument_map import resolve_slice
-
-    name = portfolio_name or pie.name or "Imported pie"
-    name = name.strip()[:64]
-
-    portfolio = (await session.execute(
-        select(Portfolio).where(Portfolio.name == name)
-    )).scalar_one_or_none()
-    is_new = portfolio is None
-    if portfolio is None:
-        portfolio = Portfolio(name=name, source=source, currency=currency)
-        session.add(portfolio)
-        await session.flush()
-
-    snap = PortfolioSnapshot(
-        portfolio_id=portfolio.id,
-        snapshot_at=utcnow(),
-        total_value=pie.value,
-        cash=None,
-        invested=pie.invested,
-        raw_json={
-            "source": source,
-            "pie_name": pie.name,
-            "result": pie.result,
-        },
-    )
-    session.add(snap)
-    await session.flush()
-
-    unmapped: list[str] = []
-    for p in pie.positions:
-        resolved = await resolve_slice(session, p.slice)
-        if resolved and resolved.t212_ticker:
-            ticker = resolved.t212_ticker
-            position_name = resolved.name or p.name
-        else:
-            ticker = p.slice
-            position_name = p.name
-            unmapped.append(p.slice)
-
-        session.add(Position(
-            snapshot_id=snap.id,
-            ticker=ticker,
-            name=position_name[:128] if position_name else None,
-            quantity=p.quantity,
-            average_price=p.average_price,
-            current_price=p.current_price,
-            ppl=p.result,
-        ))
-
-    await session.commit()
-    return PersistResult(
-        portfolio_id=portfolio.id,
-        snapshot_id=snap.id,
-        positions_written=len(pie.positions),
-        unmapped_slices=unmapped,
-        portfolio_name=name,
-        is_new_portfolio=is_new,
-    )
+# persist_pie removed in Phase G — the parsed pie is returned to the
+# browser by /api/portfolio/parse and lives in localStorage. The server
+# now keeps only the anonymous ticker_universe (see
+# app/services/ticker_universe.py).