fix(ai-service): add JwtStrategy — resolves Unknown authentication strategy jwt error

backend/services/ai-service/src/ai.module.ts

@@ -24,6 +24,9 @@ import { AiPricingService } from './application/services/ai-pricing.service';
 import { AiAnomalyService } from './application/services/ai-anomaly.service';
 import { AdminAgentService } from './application/services/admin-agent.service';
 
+// Infrastructure — auth
+import { JwtStrategy } from './infrastructure/strategies/jwt.strategy';
+
 // Interface — HTTP controllers
 import { AiController } from './interface/http/controllers/ai.controller';
 import { AdminAgentController } from './interface/http/controllers/admin-agent.controller';
@@ -46,6 +49,9 @@ import { AdminAgentController } from './interface/http/controllers/admin-agent.c
     { provide: AI_AGENT_CLIENT, useClass: AiAgentClient },
     { provide: CONVERSATION_REPOSITORY, useClass: ConversationRepository },
 
+    // Auth
+    JwtStrategy,
+
     // Application services
     AiChatService,
     AiCreditService,

backend/services/ai-service/src/infrastructure/strategies/jwt.strategy.ts

@@ -0,0 +1,18 @@
+import { Injectable } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
+  constructor() {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: false,
+      secretOrKey: process.env.JWT_ACCESS_SECRET || 'dev-access-secret',
+    });
+  }
+
+  async validate(payload: { sub: string; role: string; kycLevel: number; type: string }) {
+    return { id: payload.sub, role: payload.role, kycLevel: payload.kycLevel };
+  }
+}