Drop redundant brand/title top bar from the private /v viewer

[isuttell]

Summary

The private published viewer (/v/$artifactId) shipped a top bar with the Agent Paste wordmark and the artifact title. A member only reaches /v after authenticating through a publish handoff, so that brand/title chrome is redundant. The anti-phishing brand affordance belongs only on the public /al/$publicId access-link viewer, where the recipient is unauthenticated and needs proof of origin (that bar was built in AP-310). This removes the header and renders the live viewer full-bleed.

Changes

• apps/web/src/routes/v.$artifactId.tsx: remove the <header> (Wordmark + artifact title) and the now-unused Wordmark / Link imports; render ArtifactLiveViewer (still chrome={false}) inside a full-height h-screen wrapper.

Risk: LOW

• Areas touched: one web route component (/v private viewer). Login wall (loadAuthedSessionFn) and member provisioning are unchanged.
• Security: none. The change does not touch auth, the public /al viewer, or any data path. The /al anti-phishing brand bar is unaffected.
• Performance: negligible (renders one fewer header element).
• Breaking: none. No public contract, schema, or API change.

Test plan

• pnpm verify (full local gate, green)
• pnpm --filter @agent-paste/web test (331 passed)
• Confirmed no test asserts the removed /v header; /al brand bar untouched

Issue: AP-329

@coderabbitai ignore

[cursor]

First-pass review

Risk: simple
Decision: approve

Ticket triage (AP-329)

• Intended change: Remove the redundant Wordmark + artifact-title header from the login-walled private /v/$artifactId viewer so the live iframe renders full-bleed.
• Scope match: Yes — single-file change in apps/web/src/routes/v.$artifactId.tsx exactly as specified. /al and dashboard routes untouched.

Review findings

Blocking: None.

Non-blocking:

• apps/web/test/v-route.test.tsx still mocks @agent-paste/ui Wordmark even though the route no longer imports it. Harmless today; could be dropped in a follow-up for test hygiene.

Merge checklist

• Ticket linked: AP-329 attached
• Scope matches ticket: yes
• Checks green: Validate + Local smoke succeeded; Postgres smoke, CodeQL, secret scan passed
• Tests/docs appropriate: existing /v route tests cover the security-relevant loader contract and chrome={false} render; no new tests required for pure chrome removal
• No blocking findings: yes
• No high-risk areas: UI-only; auth gate and member provisioning unchanged
• Merge-safe: yes

Why this is safe

The private viewer is already login-walled via loadAuthedSessionFn; removing dashboard navigation chrome does not weaken auth. The anti-phishing brand affordance correctly remains on /al only (per AP-310). Layout uses h-screen + ArtifactLiveViewer chrome={false} (h-full), which should fill the viewport without the old flex header offset.

  

_{Sent by Cursor Automation: First Pass PR Reviewer}

[github-actions]

agent-paste PR preview resources were cleaned up. The shared Preview GitHub Environment is retained for future preview deploys.