phase G: data minimisation + passwordless auth + DeepSeek-first LLM

Server no longer holds portfolios. Holdings live in the browser
(localStorage); the server publishes an anonymous ticker_universe and a
gzipped /api/universe payload identical for every authenticated user, so
access patterns can't betray which tickers a user holds. AI commentary
is generated ephemerally from the browser-supplied pie and the cost
ledger row records no positions. Migrations 0009-0011 added the
universe table and dropped positions / portfolio_snapshots /
portfolios.

Authentication is now e-mail OTP only. Migration 0010 dropped
password_hash and email_verified (every active session is by
construction proof of email control). The /signup endpoint is gone;
signup and login share a single email-entry page. Email rendering is
HTML+plain-text multipart with a shared brand palette (app/branding.py)
asserted in sync with the CSS by a drift-detection test.

LLM provider defaults to DeepSeek-direct (cheaper, api.deepseek.com)
with OpenRouter as automatic fallback if DeepSeek fails. ai_log_job and
indicator_summary_job now iterate the two tones (NOVICE, INTERMEDIATE)
per cycle so the dashboard's tone toggle is instant; PROMPT_VERSION
bumped to 6 with an educational anti-TA / anti-gambling stance baked
into _CORE. NOVICE mode renders a curated glossary inline (CBOE VIX,
yield curve, HY OAS, etc.) with JS-positioned tooltips that survive
viewport edges and sticky bars. Model name and tokens hidden from the
user UI; still recorded in StrategicLog.model and AICall for admin.

Layout adds a sticky top nav, a sticky bottom markets bar (one chip per
exchange with status LED + headline index + 1d change), and
Phase H feedback reporting is queued in tasks/todo.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

app/templates/login.html

@@ -3,7 +3,7 @@
 <head>
   <meta charset="UTF-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Cassandra · Login</title>
+  <title>Cassandra · Sign in</title>
   <script>
     (function() {
       try { document.documentElement.dataset.theme = localStorage.getItem('cassandra.theme') || 'dark'; }
@@ -16,7 +16,12 @@
 <div class="auth-shell">
   <div class="auth-card">
     <div class="auth-card__brand">Cassandra</div>
-    <div class="auth-card__hint">log in to access the dashboard</div>
+    <div class="auth-card__hint">sign in with email</div>
+
+    <p class="auth-card__lede">
+      Enter your email and we'll send you a 6-digit code. No password.
+      First-time visitors get an account; returning visitors get a sign-in.
+    </p>
 
     {% if error %}<div class="auth-error">{{ error }}</div>{% endif %}
 
@@ -25,17 +30,8 @@
       <label>Email
         <input type="email" name="email" value="{{ email or '' }}" required autofocus>
       </label>
-      <label>Password
-        <input type="password" name="password" required>
-      </label>
-      <button type="submit">Sign in</button>
+      <button type="submit">Send code</button>
     </form>
-
-    {% if signup_enabled %}
-    <div class="auth-card__alt">
-      No account? <a href="/signup">Create one →</a>
-    </div>
-    {% endif %}
   </div>
 </div>
 </body>