Protected Local App
This gate protects the web UI and API routes without changing the Supabase data path.
The app is unlocked locally with an HttpOnly session cookie.