overhaul: single-session deployment + redesigned frontend

Backend simplification:
- The server now loads ONE pool JSON from $QUIZ_POOL_PATH at startup and
  upserts a single canonical session. The session id comes from the pool
  JSON's optional "session_id" field, falling back to $QUIZ_SESSION_ID.
- The multi-quiz / multi-session CRUD API is gone:
    DELETED  GET/POST /admin/api/quizzes
    DELETED  POST    /admin/api/quizzes/upload
    DELETED  GET/POST /admin/api/sessions
    DELETED  GET     /admin/login (HTML stub)
    DELETED  GET     /admin/api/sessions/{sid}/csv (replaced by /admin/api/csv)
  Replaced with a single-session control surface:
    GET  /admin/                — serves admin.html unconditionally
    GET  /admin/api/state       — admin-gated; pool meta + state + QR + join URL
    POST /admin/api/reset       — admin-gated; wipe submissions + back to lobby
    POST /admin/logout          — clear admin cookie
    GET  /admin/api/csv         — single-session results
    WS   /ws/instructor/{sid}   — kept; new commands "next" + "reset"
- Instructor "Next" button is now a single state-driving command
  (RoomManager.advance_to_next): from lobby it opens Q0; from question_open
  it closes the current Q and opens the next; from question_closed it
  opens the next; if past the last question it ends the session.
- New RoomManager.reset wipes submissions, participants, and per-question
  state, then broadcasts a clean lobby.
- Student GET / now redirects to /?sid=<canonical> when no sid is given,
  so the QR / share URL is fully deterministic.

Frontend rewrite (functional baseline; visual polish to follow):
- /admin/ is now a single SPA: GET /admin/api/state decides login form
  vs dashboard. No separate /admin/login URL bar.
- Admin dashboard is state-driven with one primary action per state.
  QR code, join URL, and live participant list are always visible on the
  left so the operator can leave the page on a projector.
- Student answer buttons are big and tappable; reveal screen highlights
  correct/wrong choice + shows score, total, and rank.
- Static admin/student SPAs share a CSS palette with light/dark support.

Tests rewritten around the single canonical session id.
The auto-bootstrapped session lets each test fixture skip the old
quiz/session creation dance. 39/39 tests pass.

Cleanup:
- Deleted CODEX_PROMPT.md, IMPLEMENTATION_REPORT.md, NOTES.md, SPEC.md,
  static/observer.html (obsolete codex-build artifacts and the unused
  observer view).
- .gitignore now blocks /pool.json (the runtime file the operator drops
  on the server) and the leftover .codex_done / codex_run.log / etc.
- bootstrap.sh seeds /opt/quiz/pool.json from examples/pool_example.json
  on first deploy so a fresh box reaches a usable state without manual
  intervention; .env now includes QUIZ_POOL_PATH.

deploy/bootstrap.sh

@@ -25,14 +25,14 @@ fi
 
 stage() { printf '\n==> Stage %s\n' "$*"; }
 
-stage "1/8: apt update + base packages"
+stage "1/9: apt update + base packages"
 apt-get update -q
 DEBIAN_FRONTEND=noninteractive apt-get install -y -q \
     git curl ca-certificates gnupg \
     python3 python3-venv python3-pip \
     debian-keyring debian-archive-keyring apt-transport-https
 
-stage "2/8: install Caddy (skip if present)"
+stage "2/9: install Caddy (skip if present)"
 if ! command -v caddy >/dev/null 2>&1; then
     curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' \
         | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
@@ -42,12 +42,12 @@ if ! command -v caddy >/dev/null 2>&1; then
     apt-get install -y -q caddy
 fi
 
-stage "3/8: create $APP_USER system user (skip if present)"
+stage "3/9: create $APP_USER system user (skip if present)"
 if ! id "$APP_USER" >/dev/null 2>&1; then
     useradd --system --shell /usr/sbin/nologin --home-dir "$APP_DIR" "$APP_USER"
 fi
 
-stage "4/8: clone or update repo into $APP_DIR"
+stage "4/9: clone or update repo into $APP_DIR"
 if [ -d "$APP_DIR/.git" ]; then
     git -C "$APP_DIR" fetch origin
     git -C "$APP_DIR" reset --hard "origin/$BRANCH"
@@ -57,12 +57,12 @@ else
 fi
 chown -R "$APP_USER":"$APP_USER" "$APP_DIR"
 
-stage "5/8: build venv + install dependencies"
+stage "5/9: build venv + install dependencies"
 sudo -u "$APP_USER" -H python3 -m venv "$APP_DIR/.venv"
 sudo -u "$APP_USER" -H "$APP_DIR/.venv/bin/pip" install --quiet --upgrade pip
 sudo -u "$APP_USER" -H "$APP_DIR/.venv/bin/pip" install --quiet -e "$APP_DIR"
 
-stage "6/8: configure environment (.env)"
+stage "6/9: configure environment (.env)"
 ENV_FILE="$APP_DIR/.env"
 if [ ! -f "$ENV_FILE" ]; then
     if [ -f /root/.quiz.env ]; then
@@ -85,6 +85,7 @@ if [ ! -f "$ENV_FILE" ]; then
         echo
         cat > "$ENV_FILE" <<EOF
 QUIZ_DB_PATH=$APP_DIR/quiz.db
+QUIZ_POOL_PATH=$APP_DIR/pool.json
 QUIZ_SECRET_KEY=$QUIZ_SECRET_KEY
 QUIZ_ADMIN_PASSWORD=$QUIZ_ADMIN_PASSWORD
 QUIZ_HOST=127.0.0.1
@@ -97,12 +98,21 @@ EOF
     chmod 600 "$ENV_FILE"
 fi
 
-stage "7/8: install systemd unit"
+stage "7/9: seed pool.json (if not already present)"
+POOL_FILE="$APP_DIR/pool.json"
+if [ ! -f "$POOL_FILE" ]; then
+    cp "$APP_DIR/examples/pool_example.json" "$POOL_FILE"
+    chown "$APP_USER":"$APP_USER" "$POOL_FILE"
+    echo "Seeded $POOL_FILE from examples/pool_example.json — replace with your real pool when ready."
+fi
+
+stage "8/9: install systemd unit"
 install -m 644 "$APP_DIR/deploy/quiz.service" /etc/systemd/system/quiz.service
 systemctl daemon-reload
-systemctl enable --now quiz.service
+systemctl enable quiz.service
+systemctl restart quiz.service
 
-stage "8/8: configure Caddy"
+stage "9/9: configure Caddy"
 sed "s/__DOMAIN__/$DOMAIN/g" "$APP_DIR/deploy/Caddyfile.tpl" > /etc/caddy/Caddyfile
 systemctl reload caddy