Harden explorer AI runtime and API ownership

frontend/public/explorer-spa.js

@@ -1,6 +1,8 @@
         const API_BASE = '/api';
+        const EXPLORER_API_BASE = '/explorer-api';
+        const EXPLORER_API_V1_BASE = EXPLORER_API_BASE + '/v1';
         const TOKEN_AGGREGATION_API_BASE = '/token-aggregation/api';
-        const EXPLORER_AI_API_BASE = API_BASE + '/v1/ai';
+        const EXPLORER_AI_API_BASE = EXPLORER_API_V1_BASE + '/ai';
         const FETCH_TIMEOUT_MS = 15000;
         const RPC_HEALTH_TIMEOUT_MS = 5000;
         const FETCH_MAX_RETRIES = 3;
@@ -908,7 +910,7 @@
         // Load feature flags from API
         async function loadFeatureFlags() {
             try {
-                const response = await fetch('/api/v1/features', {
+                const response = await fetch(EXPLORER_API_V1_BASE + '/features', {
                     headers: authToken ? { 'Authorization': `Bearer ${authToken}` } : {}
                 });
                 if (response.ok) {
@@ -947,7 +949,7 @@
                 const address = accounts[0];
                 
                 // Request nonce
-                const nonceResp = await fetch('/api/v1/auth/nonce', {
+                const nonceResp = await fetch(EXPLORER_API_V1_BASE + '/auth/nonce', {
                     method: 'POST',
                     headers: { 'Content-Type': 'application/json' },
                     body: JSON.stringify({ address })
@@ -960,7 +962,7 @@
                 const signature = await signer.signMessage(message);
                 
                 // Authenticate
-                const authResp = await fetch('/api/v1/auth/wallet', {
+                const authResp = await fetch(EXPLORER_API_V1_BASE + '/auth/wallet', {
                     method: 'POST',
                     headers: { 'Content-Type': 'application/json' },
                     body: JSON.stringify({ address, signature, nonce: nonceData.nonce })