chore: version 2.0.0-alpha.2 + changelog

Search view: read ?q from hash, call /api/search, group hits by kind
with rank + space_id; sidebar filters for kinds and space_id; updates
on Enter or filter change.

Bumps package.json + server.js VERSION to 2.0.0-alpha.2 and pins the
/health version assertion to match.

CHANGELOG: full Plan 2 entry covering API surface, capability tiering,
audit chain extension (approve/reject events), and the SPA shell.

Security: adds safeHref() to dom.js and applies it everywhere an
API-supplied URL becomes href / src (reference media block + reference
source_url anchor + resource url anchor). javascript: and other
non-http(s)/mailto schemes from agent-suggested content can no longer
execute in the owner's browser.

Plan 2 surface is feature-complete: 22/22 tasks landed, 185 tests
across 43 files, SPA renders end-to-end including the suggest -> approve
agent flow.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

public/dom.js

@@ -46,3 +46,15 @@ export function mount(node, ...children) {
   clear(node);
   appendAll(node, children);
 }
+
+// Validate a URL before using it as href/src. Agent-suggested content
+// could carry a `javascript:` scheme that would execute in the owner's
+// browser context when clicked. Only http(s)/mailto/relative pass.
+export function safeHref(u) {
+  if (!u) return '#';
+  try {
+    const url = new URL(u, location.origin);
+    if (url.protocol === 'http:' || url.protocol === 'https:' || url.protocol === 'mailto:') return url.href;
+    return '#';
+  } catch { return '#'; }
+}