docs(18-03): complete user profiles and public sharing plan

- SUMMARY.md with 2 tasks, 25 tests passing, 9 files modified
- STATE.md updated with progress and decisions
- REQUIREMENTS.md: PROF-01 through PROF-05 marked complete

.planning/STATE.md

@@ -1,16 +1,16 @@
 ---
 gsd_state_version: 1.0
-milestone: v2.0
-milestone_name: Platform Foundation
+milestone: v1.3
+milestone_name: Research & Decision Tools
 status: planning
-stopped_at: null
-last_updated: "2026-04-03"
+stopped_at: Completed 18-03-PLAN.md
+last_updated: "2026-04-05T11:12:57.693Z"
 last_activity: 2026-04-03 — v2.0 roadmap created (Phases 14-18)
 progress:
-  total_phases: 5
-  completed_phases: 0
-  total_plans: 0
-  completed_plans: 0
+  total_phases: 8
+  completed_phases: 6
+  total_plans: 12
+  completed_plans: 11
   percent: 0
 ---
 
@@ -35,6 +35,7 @@ Progress: [----------] 0% (v2.0 milestone)
 ## Performance Metrics
 
 **Velocity:**
+
 - Total plans completed: 0 (v2.0 milestone)
 - Average duration: --
 - Total execution time: --
@@ -46,12 +47,14 @@ Progress: [----------] 0% (v2.0 milestone)
 ### Decisions
 
 Key decisions made during v2.0 planning:
+
 - Platform pivot: single-user to multi-user with discovery-first approach
 - External auth provider (self-hosted, open-source) — Logto vs Authentik OPEN decision
 - SQLite to Postgres migration — required by auth provider and multi-user concurrency
 - Structured UGC only — ratings and predefined fields, no freeform text until moderation
 - Separate globalItems table — not a flag on user items table
 - Single-user SQLite mode diverges at v2.0 boundary
+- [Phase 18]: Public endpoints bypass auth via regex path matching in index.ts middleware
 
 ### Pending Todos
 
@@ -64,6 +67,6 @@ None active.
 
 ## Session Continuity
 
-Last session: 2026-04-03
-Stopped at: v2.0 roadmap created with 5 phases (14-18) covering 30 requirements
+Last session: 2026-04-05T11:12:57.691Z
+Stopped at: Completed 18-03-PLAN.md
 Resume file: None