docs: Update Phase 0 with specific test fix requirements

Per ADR-012, Phase 0 now specifies:
- 5 tests to REMOVE (broken multiprocessing)
- 4 tests to FIX (brittle assertions)
- 1 test to RENAME (misleading name)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

starpunk/routes/public.py

@@ -116,7 +116,10 @@ def _generate_feed_with_cache(format_name: str, non_streaming_generator):
             limit=max_items,
         )
 
-        response = Response(content, mimetype=get_mime_type(format_name))
+        # Create response with proper Content-Type including charset
+        mime_type = get_mime_type(format_name)
+        content_type = f"{mime_type}; charset=utf-8"
+        response = Response(content, content_type=content_type)
         response.headers["Cache-Control"] = f"public, max-age={cache_seconds}"
         return response
 
@@ -141,7 +144,9 @@ def _generate_feed_with_cache(format_name: str, non_streaming_generator):
             return response
 
         # Return cached content with ETag
-        response = Response(content, mimetype=get_mime_type(format_name))
+        mime_type = get_mime_type(format_name)
+        content_type = f"{mime_type}; charset=utf-8"
+        response = Response(content, content_type=content_type)
         response.headers["ETag"] = etag
         cache_seconds = current_app.config.get("FEED_CACHE_SECONDS", 300)
         response.headers["Cache-Control"] = f"public, max-age={cache_seconds}"
@@ -163,7 +168,9 @@ def _generate_feed_with_cache(format_name: str, non_streaming_generator):
     etag = feed_cache.set(format_name, content, notes_checksum)
 
     # Return fresh content with ETag
-    response = Response(content, mimetype=get_mime_type(format_name))
+    mime_type = get_mime_type(format_name)
+    content_type = f"{mime_type}; charset=utf-8"
+    response = Response(content, content_type=content_type)
     response.headers["ETag"] = etag
     cache_seconds = current_app.config.get("FEED_CACHE_SECONDS", 300)
     response.headers["Cache-Control"] = f"public, max-age={cache_seconds}"

starpunk/routes/search.py

@@ -149,7 +149,7 @@ def search_page():
             error = "Full-text search is not configured on this server"
         else:
             try:
-                results = search_notes(
+                raw_results = search_notes(
                     query=query,
                     db_path=db_path,
                     published_only=published_only,
@@ -163,7 +163,7 @@ def search_page():
                 from markupsafe import escape, Markup
 
                 formatted_results = []
-                for r in results:
+                for r in raw_results:
                     # Escape the snippet but allow <mark> tags
                     snippet = r["snippet"]
                     # Simple approach: escape all HTML, then unescape our mark tags

starpunk/search.py

@@ -353,7 +353,7 @@ def search_notes_fts5(
                 'id': row['id'],
                 'slug': row['slug'],
                 'title': row['title'],
-                'snippet': Markup(row['snippet']),  # FTS5 snippet is safe
+                'snippet': row['snippet'],  # Plain string - route must escape HTML while preserving <mark> tags
                 'relevance': row['relevance'],
                 'published': bool(row['published']),
                 'created_at': row['created_at'],