feat: Implement Phase 4 Web Interface with bugfixes (v0.5.2)

## Phase 4: Web Interface Implementation

Implemented complete web interface with public and admin routes,
templates, CSS, and development authentication.

### Core Features

**Public Routes**:
- Homepage with recent published notes
- Note permalinks with microformats2
- Server-side rendering (Jinja2)

**Admin Routes**:
- Login via IndieLogin
- Dashboard with note management
- Create, edit, delete notes
- Protected with @require_auth decorator

**Development Authentication**:
- Dev login bypass for local testing (DEV_MODE only)
- Security safeguards per ADR-011
- Returns 404 when disabled

**Templates & Frontend**:
- Base layouts (public + admin)
- 8 HTML templates with microformats2
- Custom responsive CSS (114 lines)
- Error pages (404, 500)

### Bugfixes (v0.5.1 → v0.5.2)

1. **Cookie collision fix (v0.5.1)**:
   - Renamed auth cookie from "session" to "starpunk_session"
   - Fixed redirect loop between dev login and admin dashboard
   - Flask's session cookie no longer conflicts with auth

2. **HTTP 404 error handling (v0.5.1)**:
   - Update route now returns 404 for nonexistent notes
   - Delete route now returns 404 for nonexistent notes
   - Follows ADR-012 HTTP Error Handling Policy
   - Pattern consistency across all admin routes

3. **Note model enhancement (v0.5.2)**:
   - Exposed deleted_at field from database schema
   - Enables soft deletion verification in tests
   - Follows ADR-013 transparency principle

### Architecture

**New ADRs**:
- ADR-011: Development Authentication Mechanism
- ADR-012: HTTP Error Handling Policy
- ADR-013: Expose deleted_at Field in Note Model

**Standards Compliance**:
- Uses uv for Python environment
- Black formatted, Flake8 clean
- Follows git branching strategy
- Version incremented per versioning strategy

### Test Results

- 405/406 tests passing (99.75%)
- 87% code coverage
- All security tests passing
- Manual testing confirmed working

### Documentation

- Complete implementation reports in docs/reports/
- Architecture reviews in docs/reviews/
- Design documents in docs/design/
- CHANGELOG updated for v0.5.2

### Files Changed

**New Modules**:
- starpunk/dev_auth.py
- starpunk/routes/ (public, admin, auth, dev_auth)

**Templates**: 10 files (base, pages, admin, errors)
**Static**: CSS and optional JavaScript
**Tests**: 4 test files for routes and templates
**Docs**: 20+ architectural and implementation documents

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

QUICKFIX-AUTH-LOOP.md

@@ -0,0 +1,67 @@
+# QUICK FIX: Auth Redirect Loop
+
+**Problem**: Dev login redirects back to login page (loop)
+**Cause**: Cookie name collision (`session` used by both Flask and StarPunk)
+**Fix**: Rename auth cookie to `starpunk_session`
+**Time**: 30 minutes
+
+## 6 Changes in 3 Files
+
+### 1. starpunk/routes/dev_auth.py (Line 75)
+```python
+# Change this:
+response.set_cookie("session", session_token, ...)
+
+# To this:
+response.set_cookie("starpunk_session", session_token, ...)
+```
+
+### 2. starpunk/routes/auth.py (5 changes)
+
+**Line 47:**
+```python
+session_token = request.cookies.get("starpunk_session")  # was "session"
+```
+
+**Line 121:**
+```python
+response.set_cookie("starpunk_session", session_token, ...)  # was "session"
+```
+
+**Line 167:**
+```python
+session_token = request.cookies.get("starpunk_session")  # was "session"
+```
+
+**Line 178:**
+```python
+response.delete_cookie("starpunk_session")  # was "session"
+```
+
+### 3. starpunk/auth.py (Line 390)
+```python
+session_token = request.cookies.get("starpunk_session")  # was "session"
+```
+
+## Test It
+
+```bash
+# Run tests
+uv run pytest tests/ -v
+
+# Start server
+uv run flask run
+
+# Browser test:
+# 1. Go to http://localhost:5000/admin/
+# 2. Click dev login
+# 3. Should see dashboard (not login page)
+# 4. Check cookies in DevTools - should see "starpunk_session"
+```
+
+## Full Docs
+
+- Executive Summary: `/docs/design/auth-redirect-loop-executive-summary.md`
+- Implementation Guide: `/docs/design/auth-redirect-loop-fix-implementation.md`
+- Visual Diagrams: `/docs/design/auth-redirect-loop-diagram.md`
+- Root Cause Analysis: `/docs/design/auth-redirect-loop-diagnosis.md`