[comp] Production Deploy

[github-actions]

This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.

[cursor]

PR Summary

Medium Risk
Adds a new auth guard and changes assistant-chat access rules to reject API key/service token callers, which can break existing integrations and affects authentication/authorization flow for this endpoint.

Overview
Assistant chat endpoints now require a real user session. The AssistantChatController adds SessionOnlyGuard (between HybridAuthGuard and PermissionGuard) so requests authenticated via API key or service token are rejected.

This replaces the previous per-request isApiKey check inside getUserScopedContext with a centralized guard, standardizing the failure as a 403 Forbidden for non-session auth.

^{Written by Cursor Bugbot for commit 09b704d. This will update automatically on new commits. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
app (staging)	Skipped		Mar 14, 2026 9:44pm
portal (staging)	Skipped		Mar 14, 2026 9:44pm

[claudfuen]

🎉 This PR is included in version 3.6.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀