feat: implement CloseIssue and PostComment methods in gitea client

Add CloseIssue (PATCH state=closed) and PostComment (POST comment body)
methods to the Gitea client with cache invalidation. Add corresponding
handler routes POST /issues/{owner}/{repo}/{index}/close and
POST /issues/{owner}/{repo}/{index}/comment with HTMX support.
Include unit tests for both client methods.

Closes leeworks-agents/gitea-mobile#36

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

internal/gitea/client.go

@@ -706,6 +706,51 @@ func (c *Client) SubmitReview(ctx context.Context, token, owner, repo string, in
 	return nil
 }
 
+// CloseIssue closes an issue by setting its state to "closed".
+func (c *Client) CloseIssue(ctx context.Context, token, owner, repo string, index int64) error {
+	payload, err := json.Marshal(map[string]string{"state": "closed"})
+	if err != nil {
+		return fmt.Errorf("marshaling close request: %w", err)
+	}
+
+	path := fmt.Sprintf("/repos/%s/%s/issues/%d", owner, repo, index)
+	resp, err := c.doRequest(ctx, token, http.MethodPatch, path, strings.NewReader(string(payload)))
+	if err != nil {
+		return fmt.Errorf("closing issue: %w", err)
+	}
+	resp.Body.Close()
+
+	c.InvalidateAll()
+	return nil
+}
+
+// PostComment creates a comment on an issue and returns the created Comment.
+func (c *Client) PostComment(ctx context.Context, token, owner, repo string, index int64, body string) (*Comment, error) {
+	payload, err := json.Marshal(map[string]string{"body": body})
+	if err != nil {
+		return nil, fmt.Errorf("marshaling comment: %w", err)
+	}
+
+	path := fmt.Sprintf("/repos/%s/%s/issues/%d/comments", owner, repo, index)
+	resp, err := c.doRequest(ctx, token, http.MethodPost, path, strings.NewReader(string(payload)))
+	if err != nil {
+		return nil, fmt.Errorf("posting comment: %w", err)
+	}
+	defer resp.Body.Close()
+
+	var comment Comment
+	if err := json.NewDecoder(resp.Body).Decode(&comment); err != nil {
+		return nil, fmt.Errorf("decoding comment: %w", err)
+	}
+
+	// Populate convenience fields.
+	comment.User = comment.RawUser.Login
+	comment.CreatedAt = comment.RawCreatedAt.Format("Jan 2, 2006 15:04")
+
+	c.InvalidateAll()
+	return &comment, nil
+}
+
 // priorityScore returns a numeric score for sorting (lower = higher priority).
 func priorityScore(labels []string) int {
 	for _, l := range labels {

internal/gitea/client_test.go

@@ -201,6 +201,97 @@ func TestGetTriageQueue_Sorting(t *testing.T) {
 	}
 }
 
+func TestCloseIssue(t *testing.T) {
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodPatch {
+			t.Errorf("expected PATCH, got %s", r.Method)
+		}
+		if r.URL.Path != "/api/v1/repos/owner1/repo1/issues/42" {
+			t.Errorf("unexpected path: %s", r.URL.Path)
+		}
+		if r.Header.Get("Authorization") != "token test-token" {
+			t.Error("missing or wrong Authorization header")
+		}
+
+		var body map[string]string
+		if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+			t.Fatalf("failed to decode body: %v", err)
+		}
+		if body["state"] != "closed" {
+			t.Errorf("expected state=closed, got %q", body["state"])
+		}
+
+		w.WriteHeader(http.StatusOK)
+		json.NewEncoder(w).Encode(map[string]string{"state": "closed"})
+	}))
+	defer server.Close()
+
+	c := NewClient(server.URL)
+	c.setCache("issues-org1", "should-be-invalidated")
+
+	err := c.CloseIssue(context.Background(), "test-token", "owner1", "repo1", 42)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	// Verify cache was invalidated.
+	_, ok := c.getFromCache("issues-org1")
+	if ok {
+		t.Error("expected cache to be invalidated after CloseIssue")
+	}
+}
+
+func TestPostComment(t *testing.T) {
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodPost {
+			t.Errorf("expected POST, got %s", r.Method)
+		}
+		if r.URL.Path != "/api/v1/repos/owner1/repo1/issues/42/comments" {
+			t.Errorf("unexpected path: %s", r.URL.Path)
+		}
+
+		var body map[string]string
+		if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+			t.Fatalf("failed to decode body: %v", err)
+		}
+		if body["body"] != "test comment" {
+			t.Errorf("expected body='test comment', got %q", body["body"])
+		}
+
+		comment := map[string]interface{}{
+			"id":   1,
+			"body": body["body"],
+			"user": map[string]string{"login": "testuser"},
+			"created_at": "2026-03-26T12:00:00Z",
+		}
+		json.NewEncoder(w).Encode(comment)
+	}))
+	defer server.Close()
+
+	c := NewClient(server.URL)
+	c.setCache("issues-org1", "should-be-invalidated")
+
+	comment, err := c.PostComment(context.Background(), "test-token", "owner1", "repo1", 42, "test comment")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if comment.Body != "test comment" {
+		t.Errorf("comment.Body = %q, want %q", comment.Body, "test comment")
+	}
+	if comment.User != "testuser" {
+		t.Errorf("comment.User = %q, want %q", comment.User, "testuser")
+	}
+	if comment.ID != 1 {
+		t.Errorf("comment.ID = %d, want 1", comment.ID)
+	}
+
+	// Verify cache was invalidated.
+	_, ok := c.getFromCache("issues-org1")
+	if ok {
+		t.Error("expected cache to be invalidated after PostComment")
+	}
+}
+
 // sortTriageQueue is a test helper applying the same sort as GetTriageQueue.
 func sortTriageQueue(queue []TriageItem) {
 	for i := 0; i < len(queue); i++ {

internal/handlers/handlers.go

@@ -40,6 +40,8 @@ func (h *Handler) RegisterRoutes(mux *http.ServeMux) {
 	mux.HandleFunc("GET /issues", h.ListIssues)
 	mux.HandleFunc("POST /issues", h.CreateIssue)
 	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/labels", h.ApplyLabels)
+	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/close", h.CloseIssue)
+	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/comment", h.AddComment)
 
 	// Issue detail.
 	mux.HandleFunc("GET /issues/{owner}/{repo}/{index}", h.IssueDetail)
@@ -525,6 +527,77 @@ func (h *Handler) ApplyLabels(w http.ResponseWriter, r *http.Request) {
 	http.Redirect(w, r, fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
 }
 
+// CloseIssue handles POST /issues/{owner}/{repo}/{index}/close.
+func (h *Handler) CloseIssue(w http.ResponseWriter, r *http.Request) {
+	token := getToken(r)
+	owner := r.PathValue("owner")
+	repo := r.PathValue("repo")
+	indexStr := r.PathValue("index")
+
+	index, err := strconv.ParseInt(indexStr, 10, 64)
+	if err != nil {
+		http.Error(w, "invalid issue index", http.StatusBadRequest)
+		return
+	}
+
+	if err := h.Client.CloseIssue(r.Context(), token, owner, repo, index); err != nil {
+		slog.Error("failed to close issue", "error", err, "owner", owner, "repo", repo, "index", index)
+		http.Error(w, "failed to close issue", http.StatusInternalServerError)
+		return
+	}
+
+	if isHTMX(r) {
+		w.Header().Set("HX-Redirect", fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index))
+		w.WriteHeader(http.StatusOK)
+		return
+	}
+
+	http.Redirect(w, r, fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
+}
+
+// AddComment handles POST /issues/{owner}/{repo}/{index}/comment.
+func (h *Handler) AddComment(w http.ResponseWriter, r *http.Request) {
+	token := getToken(r)
+	owner := r.PathValue("owner")
+	repo := r.PathValue("repo")
+	indexStr := r.PathValue("index")
+
+	index, err := strconv.ParseInt(indexStr, 10, 64)
+	if err != nil {
+		http.Error(w, "invalid issue index", http.StatusBadRequest)
+		return
+	}
+
+	if err := r.ParseForm(); err != nil {
+		http.Error(w, "bad request", http.StatusBadRequest)
+		return
+	}
+
+	body := r.FormValue("body")
+	if body == "" {
+		http.Error(w, "comment body is required", http.StatusBadRequest)
+		return
+	}
+
+	comment, err := h.Client.PostComment(r.Context(), token, owner, repo, index, body)
+	if err != nil {
+		slog.Error("failed to post comment", "error", err, "owner", owner, "repo", repo, "index", index)
+		http.Error(w, "failed to post comment", http.StatusInternalServerError)
+		return
+	}
+
+	if isHTMX(r) {
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		fmt.Fprintf(w, `<div class="card comment">
+  <div class="card-meta">%s &middot; %s</div>
+  <div class="card-body">%s</div>
+</div>`, template.HTMLEscapeString(comment.User), template.HTMLEscapeString(comment.CreatedAt), template.HTMLEscapeString(comment.Body))
+		return
+	}
+
+	http.Redirect(w, r, fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
+}
+
 // SubmitReview handles POST /pulls/{owner}/{repo}/{index}/review.
 func (h *Handler) SubmitReview(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)