fix(posts): guard merge visibility leaks

[BunsDev]

Motivation

• Prevent accidental exposure of private/internal-board content when posts are merged across boards with different visibility settings.
• Ensure public portal endpoints only surface merge metadata, merged counts, and comments from posts on public boards.
• Add a small regression to catch cross-visibility merge attempts.

Description

• In mergePost validate both posts' board.isPublic by loading both boards and reject merges when isPublic differs, returning INCOMPATIBLE_MERGE_VISIBILITY and avoiding writing canonicalPostId.
• Add public-safe helpers getPublicMergedPosts and getPublicPostMergeInfo that only return merged posts and canonical metadata when related posts/boards are public, and update portal handlers to use them instead of the unrestricted helpers.
• Restrict the public post-detail comment SQL to include merged child posts only when the child post's board is public so private comments are not returned with a public canonical post.
• Add a regression unit test that asserts merges fail when the two posts' boards have different isPublic values and update existing mocks to account for isPublic.
• Key files changed: post.merge.ts, post.public.detail.ts, portal.ts, and the post-merge unit test.

Testing

• bunx prettier --check on the modified files succeeded.
• bun run typecheck could not complete in this environment due to missing dev type packages (@testing-library/jest-dom, bun types) because dependencies were not installed.
• Unit tests could not be executed in this environment: bun test produced an environment mismatch (vi.mock unavailable) and bun run test failed because the vitest executable is not present, and bun install --frozen-lockfile was blocked by registry 403 errors, preventing full test runs here.

---

Codex Task

[Copilot]

Pull request overview

This PR tightens merge-related visibility handling to prevent public endpoints from accidentally exposing private/internal-board content when posts are merged across boards with different isPublic settings.

Changes:

• Add a merge-time validation in mergePost that rejects merges when the two posts’ boards differ in isPublic (new INCOMPATIBLE_MERGE_VISIBILITY error).
• Add public-safe merge helpers (getPublicMergedPosts, getPublicPostMergeInfo) and update portal post-detail fetching to use them.
• Restrict the public post-detail comment query to include merged child posts only when the child post’s board is public; add a regression unit test for cross-visibility merge attempts.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
apps/web/src/lib/server/functions/portal.ts	Switch public post-detail merge metadata fetching to public-safe merge helpers.
apps/web/src/lib/server/domains/posts/post.public.detail.ts	Filter merged-child comment inclusion to only child posts on public boards to prevent comment leakage.
apps/web/src/lib/server/domains/posts/post.merge.ts	Enforce same-visibility merges; introduce public-safe merge info/list helpers for portal use.
apps/web/src/lib/server/domains/posts/tests/post-merge.test.ts	Update mocks for isPublic and add regression coverage for cross-visibility merge rejection.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.