feat: render issue and PR body as markdown via Gitea API

Add RenderMarkdown method to gitea client that calls POST /api/v1/markdown to convert raw markdown text to safe HTML. Wire it into IssueDetail and PullDetail handlers to render body content as formatted markdown. Falls back gracefully to plain text if the API call fails. Templates updated to use RenderedBody (template.HTML) with fallback to raw Issue.Body/Pull.Body when rendering fails. Closes leeworks-agents/gitea-mobile#35 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 17:10:12 +00:00
25 changed files with 427 additions and 4500 deletions
@@ -1,44 +0,0 @@
 root = "."
 testdata_dir = "testdata"
 tmp_dir = "tmp"
 [build]
  args_bin = []
  bin = "./tmp/main"
  cmd = "go build -o ./tmp/main ./cmd/server"
  delay = 500
  exclude_dir = ["assets", "tmp", "vendor", "testdata", ".git", "node_modules"]
  exclude_file = []
  exclude_regex = ["_test\\.go$"]
  exclude_unchanged = false
  follow_symlink = false
  full_bin = ""
  include_dir = []
  include_ext = ["go", "html", "css", "js"]
  include_file = []
  kill_delay = "0s"
  log = "build-errors.log"
  poll = false
  poll_interval = 0
  rerun = false
  rerun_delay = 500
  send_interrupt = false
  stop_on_error = false
 [color]
  app = ""
  build = "yellow"
  main = "magenta"
  runner = "green"
  watcher = "cyan"
 [log]
  main_only = false
  time = false
 [misc]
  clean_on_exit = true
 [screen]
  clear_on_rebuild = false
  keep_scroll = true
@@ -15,11 +15,8 @@ jobs:
        with:
          go-version: '1.22'
      - name: Vet
        run: go vet ./...
      - name: Run tests
-        run: go test -race ./...
+        run: go test ./...
  build:
    runs-on: ubuntu-latest
@@ -1,7 +1,7 @@
 # Stage 1: Build
 FROM golang:1.22-alpine AS builder
 WORKDIR /app
-COPY go.mod ./
+COPY go.mod go.sum ./
 RUN go mod download
 COPY . .
 RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /gitea-mobile ./cmd/server
@@ -1,116 +0,0 @@
 # Gitea Mobile
 A mobile-first Progressive Web App (PWA) for managing Gitea issues and pull requests across multiple repositories and organizations from an iPhone. Built with Go, HTMX, and hand-rolled CSS -- no JavaScript frameworks, no build step, no node_modules.
 ## Tech Stack
 | Layer | Choice |
 |-------|--------|
 | Backend | Go + Gitea SDK (`code.gitea.io/sdk/gitea`) |
 | Frontend | HTMX + Go `html/template` + hand-rolled CSS |
 | Container | Multi-stage Dockerfile -> distroless (~15MB) |
 | Deployment | Kustomize manifests + FluxCD GitOps |
 ## Project Structure
 ```
 /
 ├── cmd/server/main.go          # entrypoint
 ├── internal/
 │   ├── config/config.go        # env-based configuration
 │   ├── gitea/client.go         # Gitea SDK wrapper / aggregation layer
 │   ├── handlers/               # HTTP handlers (issues, PRs, triage, settings)
 │   ├── auth/                   # cookie-based token auth
 │   ├── middleware/              # auth middleware, logging
 │   └── templates/              # Go html/template files (for HTMX)
 ├── static/                     # CSS, JS (htmx.min.js), icons, manifest
 ├── .gitea/workflows/build.yaml # CI pipeline (Gitea Actions)
 ├── Dockerfile
 ├── flake.nix                   # Nix dev shell with Go + air
 └── go.mod
 ```
 ## Local Development
 ### Prerequisites
 - [Nix](https://nixos.org/download/) with flakes enabled, **or** Go 1.22+
 - A Gitea instance with an API token
 ### Quick Start
 ```bash
 # Enter the Nix dev shell (provides Go, gopls, air)
 nix develop
 # Set required environment variables
 export GITEA_URL=https://gitea.leeworks.dev
 export SESSION_SECRET=$(openssl rand -hex 32)
 # Optional: set a default API token
 export GITEA_TOKEN=your-gitea-api-token
 # Start the server with live reload
 air
 ```
 If you are not using Nix, install Go 1.22+ and [air](https://github.com/air-verse/air) manually, then run the same commands above starting from the export lines.
 ### Environment Variables
 | Variable | Required | Default | Description |
 |----------|----------|---------|-------------|
 | `GITEA_URL` | Yes | -- | Base URL of the Gitea instance |
 | `SESSION_SECRET` | Yes | -- | HMAC key for signing session cookies (min 32 chars) |
 | `GITEA_TOKEN` | No | -- | Default API token (users can set their own via the settings page) |
 | `LISTEN_ADDR` | No | `:8080` | Server listen address |
 ### Live Reload with Air
 The dev shell includes [air](https://github.com/air-verse/air) for automatic recompilation on file changes. Configuration is in `.air.toml`. Air watches `.go` and `.html` files under `cmd/`, `internal/`, and `static/` and rebuilds/restarts the server automatically.
 ## Running Tests
 ```bash
 # Run all tests
 go test ./...
 # Run tests with race detection
 go test -race ./...
 ```
 ## Building the Container
 ```bash
 # Build the Docker image
 docker build -t gitea-mobile .
 # Run locally
 docker run -p 8080:8080 \
  -e GITEA_URL=https://gitea.leeworks.dev \
  -e SESSION_SECRET=$(openssl rand -hex 32) \
  gitea-mobile
 ```
 The Dockerfile uses a multi-stage build: Go binary compiled in an Alpine builder stage, then copied into a distroless image (~15MB final size).
 ## Deployment
 Kubernetes manifests for this app live in the Talos cluster repo under `testing1/first-cluster/apps/gitea-mobile/`. FluxCD syncs from that repo and handles automated image updates via `ImagePolicy` annotations.
 Key deployment resources:
 - `deployment.yaml` -- Pod spec with health checks
 - `service.yaml` -- ClusterIP service on port 8080
 - `ingressroute.yaml` -- Traefik IngressRoute for `gitea-mobile.testing.leeworks.dev`
 - `kustomization.yaml` -- Kustomize overlay
 ## Contributing
 1. Fork the repository
 2. Create a feature branch: `git checkout -b feature/your-feature`
 3. Make your changes and add tests
 4. Run `go test -race ./...` to verify
 5. Commit with a clear message referencing the issue number
 6. Push to your fork and open a pull request
 All PRs target the fork (`leeworks-agents/gitea-mobile`), not the upstream repo.
@@ -1,148 +0,0 @@
 # Post-Deployment Smoke Test Runbook
 Smoke test procedure for verifying gitea-mobile after deployment to the Talos cluster.
 ## Pre-conditions
 Before running the smoke test, confirm:
 - [ ] FluxCD has reconciled the latest manifests: `flux get kustomizations -n flux-system`
 - [ ] The gitea-mobile pod is Running: `kubectl get pods -n gitea-mobile`
 - [ ] The IngressRoute is active: `kubectl get ingressroute -n gitea-mobile`
 - [ ] DNS resolves `gitea-mobile.testing.leeworks.dev` to the cluster ingress
 ## Step 1: Pod Health
 ```bash
 # Verify the pod is running and ready
 kubectl get pods -n gitea-mobile
 # Expected: STATUS=Running, READY=1/1
 # Check pod logs for startup errors
 kubectl logs -n gitea-mobile deployment/gitea-mobile --tail=20
 # Expected: JSON log line with "server starting" message
 ```
 ## Step 2: Health Endpoint
 ```bash
 # Hit the health check endpoint from inside the cluster
 kubectl exec -n gitea-mobile deployment/gitea-mobile -- wget -qO- http://localhost:8080/health
 # Expected: HTTP 200
 # Hit the health check endpoint from outside the cluster
 curl -s -o /dev/null -w "%{http_code}" https://gitea-mobile.testing.leeworks.dev/health
 # Expected: 200
 ```
 ## Step 3: TLS and Ingress
 ```bash
 # Verify TLS certificate is valid
 curl -vI https://gitea-mobile.testing.leeworks.dev 2>&1 | grep "SSL certificate"
 # Expected: valid certificate from Let's Encrypt or cluster CA
 # Verify the app responds with HTML
 curl -s https://gitea-mobile.testing.leeworks.dev | head -5
 # Expected: HTML document with <html> tag
 ```
 ## Step 4: Authentication Flow
 1. Open `https://gitea-mobile.testing.leeworks.dev` in a browser
 2. Navigate to the Settings page (`/settings`)
 3. Enter a valid Gitea API token
 4. Submit the form
 5. **Expected**: Token is saved, page confirms success
 6. Navigate back to the Issues tab
 7. **Expected**: Issues load from the Gitea API using the saved token
 ## Step 5: Core Functionality -- Issues
 1. Navigate to the Issues tab (`/issues`)
 2. **Expected**: Cross-org issues load and display with titles, labels, and timestamps
 3. Tap on an issue to expand details
 4. **Expected**: Issue body renders correctly
 5. Use the filter dropdown to filter by repo or label
 6. **Expected**: List updates via HTMX without full page reload
 ## Step 6: Core Functionality -- Pull Requests
 1. Navigate to the PRs tab (`/pulls`)
 2. **Expected**: Pull requests load with review status icons
 3. Tap on a PR to see details
 4. **Expected**: PR diff summary or review status displays correctly
 ## Step 7: Core Functionality -- Dashboard / Triage Queue
 1. Navigate to the Dashboard/Triage tab (`/`)
 2. **Expected**: Unassigned issues and PRs awaiting review appear sorted by priority
 ## Step 8: Create Issue (Write Operation)
 1. Navigate to the new issue form
 2. Fill in title: `[smoke-test] Automated verification`
 3. Fill in body: `This issue was created during smoke testing. Safe to close.`
 4. Submit the form
 5. **Expected**: Issue is created successfully in Gitea
 6. Verify in Gitea web UI that the issue exists
 7. Close and delete the test issue after verification
 ## Step 9: Apply Label (Write Operation)
 1. On any test issue, attempt to apply a label
 2. **Expected**: Label is applied via the Gitea API and reflected in the UI
 ## Step 10: PWA / iPhone Safari
 1. Open `https://gitea-mobile.testing.leeworks.dev` on iPhone Safari
 2. **Expected**: App loads with mobile-optimized layout, no horizontal scroll
 3. Tap "Add to Home Screen" from the Safari share menu
 4. **Expected**: App icon appears on the home screen (apple-touch-icon)
 5. Launch from the home screen
 6. **Expected**: App opens in standalone mode (no Safari browser chrome)
 7. Verify bottom navigation does not overlap with iPhone home indicator
 8. Toggle device dark mode in Settings
 9. **Expected**: App switches between dark and light themes via `prefers-color-scheme`
 10. See issue #93 for the full PWA validation checklist
 ## Expected Results Summary
 | Step | Check | Expected |
 |------|-------|----------|
 | 1 | Pod status | Running, Ready 1/1 |
 | 2 | `/health` | HTTP 200 |
 | 3 | TLS | Valid cert, HTML response |
 | 4 | Auth | Token saved, API calls work |
 | 5 | Issues | List loads, filter works |
 | 6 | PRs | List loads with review status |
 | 7 | Dashboard/Triage | Queue displays correctly at `/` |
 | 8 | Create issue | Issue created in Gitea |
 | 9 | Apply label | Label applied via API |
 | 10 | PWA | Standalone mode, safe areas, dark mode |
 ## Rollback Procedure
 If the deployment is broken or the app is not functioning:
 ```bash
 # Roll back to the previous deployment revision
 kubectl rollout undo deployment/gitea-mobile -n gitea-mobile
 # Verify the rollback
 kubectl rollout status deployment/gitea-mobile -n gitea-mobile
 # Expected: "deployment successfully rolled out"
 # Check that the previous image tag is running
 kubectl get deployment gitea-mobile -n gitea-mobile -o jsonpath='{.spec.template.spec.containers[0].image}'
 ```
 If FluxCD keeps reconciling back to the broken version, suspend reconciliation temporarily:
 ```bash
 # Suspend Flux reconciliation
 flux suspend kustomization gitea-mobile -n flux-system
 # After fixing the issue, resume
 flux resume kustomization gitea-mobile -n flux-system
 ```
@@ -33,7 +33,7 @@ func main() {
 	// Apply middleware chain: logging -> auth.
 	var handler http.Handler = mux
-	handler = middleware.Auth(cfg.SessionSecret, cfg.GiteaToken)(handler)
+	handler = middleware.Auth(cfg.SessionSecret)(handler)
 	handler = middleware.Logging()(handler)
 	slog.Info("server starting", "addr", cfg.ListenAddr, "gitea_url", cfg.GiteaURL)
@@ -8,11 +8,8 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"log/slog"
 	"math"
 	"net/http"
 	"sort"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -30,11 +27,6 @@ type Client struct {
 	maxConcurrent int
 	// cacheTTL controls how long cache entries remain valid.
 	cacheTTL time.Duration
 	// maxRetries is the maximum number of retries for rate-limited requests.
 	maxRetries int
 	// baseRetryDelay is the initial backoff delay before the first retry.
 	baseRetryDelay time.Duration
 }
 type cacheEntry struct {
@@ -113,9 +105,8 @@ type PullRequest struct {
 	Deletions int    `json:"deletions"`
 	CreatedAt time.Time `json:"created_at"`
 	UpdatedAt time.Time `json:"updated_at"`
-	RepoOwner   string `json:"-"` // populated after fetch
+	RepoOwner string    `json:"-"` // populated after fetch
-	RepoName    string `json:"-"` // populated after fetch
+	RepoName  string    `json:"-"` // populated after fetch
 	ReviewState string `json:"-"` // aggregated review state: "approved", "changes_requested", "pending", or ""
 }
 // TriageItem represents an item in the triage queue.
@@ -137,102 +128,39 @@ func NewClient(baseURL string) *Client {
 		httpClient: &http.Client{
 			Timeout: 30 * time.Second,
 		},
-		cache:          make(map[string]*cacheEntry),
+		cache:         make(map[string]*cacheEntry),
-		maxConcurrent:  5,
+		maxConcurrent: 5,
-		cacheTTL:       30 * time.Second,
+		cacheTTL:      30 * time.Second,
 		maxRetries:     3,
 		baseRetryDelay: 1 * time.Second,
 	}
 }
 // doRequest performs an authenticated HTTP request to the Gitea API.
 // It automatically retries on HTTP 429 (rate limit) responses with
 // exponential backoff, respecting the Retry-After header when present.
 func (c *Client) doRequest(ctx context.Context, token, method, path string, body io.Reader) (*http.Response, error) {
 	url := c.baseURL + "/api/v1" + path
-	// Read the body once so we can replay it on retries.
+	req, err := http.NewRequestWithContext(ctx, method, url, body)
-	var bodyBytes []byte
+	if err != nil {
 		return nil, fmt.Errorf("creating request: %w", err)
 	}
 	req.Header.Set("Authorization", "token "+token)
 	req.Header.Set("Accept", "application/json")
 	if body != nil {
-		var err error
+		req.Header.Set("Content-Type", "application/json")
 		bodyBytes, err = io.ReadAll(body)
 		if err != nil {
 			return nil, fmt.Errorf("reading request body: %w", err)
 		}
 	}
-	var lastErr error
+	resp, err := c.httpClient.Do(req)
-	for attempt := 0; attempt <= c.maxRetries; attempt++ {
+	if err != nil {
-		// Recreate the body reader for each attempt.
+		return nil, fmt.Errorf("executing request: %w", err)
 		var reqBody io.Reader
 		if bodyBytes != nil {
 			reqBody = strings.NewReader(string(bodyBytes))
 		}
 		req, err := http.NewRequestWithContext(ctx, method, url, reqBody)
 		if err != nil {
 			return nil, fmt.Errorf("creating request: %w", err)
 		}
 		req.Header.Set("Authorization", "token "+token)
 		req.Header.Set("Accept", "application/json")
 		if bodyBytes != nil {
 			req.Header.Set("Content-Type", "application/json")
 		}
 		resp, err := c.httpClient.Do(req)
 		if err != nil {
 			return nil, fmt.Errorf("executing request: %w", err)
 		}
 		// Not rate-limited: handle normally.
 		if resp.StatusCode != http.StatusTooManyRequests {
 			if resp.StatusCode >= 400 {
 				defer resp.Body.Close()
 				respBody, _ := io.ReadAll(resp.Body)
 				return nil, fmt.Errorf("API error %d: %s", resp.StatusCode, string(respBody))
 			}
 			return resp, nil
 		}
 		// Rate-limited (429): close body and compute retry delay.
 		resp.Body.Close()
 		if attempt == c.maxRetries {
 			lastErr = fmt.Errorf("API rate limit exceeded after %d retries (429)", c.maxRetries)
 			break
 		}
 		delay := c.retryDelay(resp, attempt)
 		slog.Warn("rate limited by Gitea API, retrying",
 			"attempt", attempt+1,
 			"max_retries", c.maxRetries,
 			"delay", delay,
 			"path", path,
 		)
 		select {
 		case <-ctx.Done():
 			return nil, ctx.Err()
 		case <-time.After(delay):
 			// Continue to next attempt.
 		}
 	}
-	return nil, lastErr
+	if resp.StatusCode >= 400 {
-}
+		defer resp.Body.Close()
-
+		respBody, _ := io.ReadAll(resp.Body)
-// retryDelay computes the delay before the next retry attempt. It uses the
+		return nil, fmt.Errorf("API error %d: %s", resp.StatusCode, string(respBody))
 // Retry-After header value (in seconds) if present, otherwise falls back to
 // exponential backoff: baseRetryDelay * 2^attempt.
 func (c *Client) retryDelay(resp *http.Response, attempt int) time.Duration {
 	if ra := resp.Header.Get("Retry-After"); ra != "" {
 		if seconds, err := strconv.Atoi(ra); err == nil && seconds > 0 {
 			return time.Duration(seconds) * time.Second
 		}
 	}
-	// Exponential backoff: 1s, 2s, 4s, ...
+
-	return c.baseRetryDelay * time.Duration(math.Pow(2, float64(attempt)))
+	return resp, nil
 }
 // getFromCache returns cached data if still valid.
@@ -380,274 +308,173 @@ func (c *Client) ListOrgsAndRepos(ctx context.Context, token string) (map[string
 	return result, nil
 }
-// PageSize is the number of items returned per page for paginated listings.
+// ListAllIssues fetches all open issues across all repos in the given orgs,
-const PageSize = 20
+// using concurrent requests with a semaphore.
-
+func (c *Client) ListAllIssues(ctx context.Context, token string, orgs []string) ([]Issue, error) {
-// PaginatedIssues holds a page of issues along with pagination metadata.
+	cacheKey := fmt.Sprintf("issues-%s", strings.Join(orgs, ","))
-type PaginatedIssues struct {
+	if cached, ok := c.getFromCache(cacheKey); ok {
-	Issues  []Issue
+		return cached.([]Issue), nil
 	HasMore bool
 }
 // PaginatedPulls holds a page of pull requests along with pagination metadata.
 type PaginatedPulls struct {
 	Pulls   []PullRequest
 	HasMore bool
 }
 // ListAllIssues fetches issues across all repos in the given orgs,
 // using concurrent requests with a semaphore. Results are paginated.
 // The label parameter filters issues by label name (empty string means no filter).
 // The repoFilter parameter narrows results to a single repo name (empty means all repos).
 func (c *Client) ListAllIssues(ctx context.Context, token string, orgs []string, state string, page int, label string, repoFilter string) (PaginatedIssues, error) {
 	if state == "" {
 		state = "open"
 	}
 	if page < 1 {
 		page = 1
 	}
-	cacheKey := fmt.Sprintf("issues-%s-%s-%s-%s", state, strings.Join(orgs, ","), label, repoFilter)
+	// First, collect all repos for the given orgs.
 	var allRepos []Repo
 	for _, org := range orgs {
 		repos, err := c.ListOrgRepos(ctx, token, org)
 		if err != nil {
 			return nil, fmt.Errorf("listing repos for %s: %w", org, err)
 		}
 		allRepos = append(allRepos, repos...)
 	}
 	// Fan out issue fetching across repos.
 	var allIssues []Issue
-	if cached, ok := c.getFromCache(cacheKey); ok {
+	var mu sync.Mutex
-		allIssues = cached.([]Issue)
+	sem := make(chan struct{}, c.maxConcurrent)
-	} else {
+	var wg sync.WaitGroup
-		// First, collect all repos for the given orgs.
+	var firstErr error
-		var allRepos []Repo
+
-		for _, org := range orgs {
+	for _, repo := range allRepos {
-			repos, err := c.ListOrgRepos(ctx, token, org)
+		wg.Add(1)
 		go func(r Repo) {
 			defer wg.Done()
 			sem <- struct{}{}
 			defer func() { <-sem }()
 			path := fmt.Sprintf("/repos/%s/issues?state=open&type=issues&limit=50", r.FullName)
 			resp, err := c.doRequest(ctx, token, http.MethodGet, path, nil)
 			if err != nil {
 				return PaginatedIssues{}, fmt.Errorf("listing repos for %s: %w", org, err)
 			}
 			allRepos = append(allRepos, repos...)
 		}
 		// Filter to a single repo if specified.
 		if repoFilter != "" {
 			var filtered []Repo
 			for _, r := range allRepos {
 				if r.Name == repoFilter {
 					filtered = append(filtered, r)
 				}
 			}
 			allRepos = filtered
 		}
 		// Fan out issue fetching across repos.
 		var mu sync.Mutex
 		sem := make(chan struct{}, c.maxConcurrent)
 		var wg sync.WaitGroup
 		var firstErr error
 		for _, repo := range allRepos {
 			wg.Add(1)
 			go func(r Repo) {
 				defer wg.Done()
 				sem <- struct{}{}
 				defer func() { <-sem }()
 				path := fmt.Sprintf("/repos/%s/issues?state=%s&type=issues&limit=50", r.FullName, state)
 				if label != "" {
 					path += "&labels=" + label
 				}
 				resp, err := c.doRequest(ctx, token, http.MethodGet, path, nil)
 				if err != nil {
 					mu.Lock()
 					if firstErr == nil {
 						firstErr = fmt.Errorf("fetching issues for %s: %w", r.FullName, err)
 					}
 					mu.Unlock()
 					return
 				}
 				defer resp.Body.Close()
 				var issues []Issue
 				if err := json.NewDecoder(resp.Body).Decode(&issues); err != nil {
 					mu.Lock()
 					if firstErr == nil {
 						firstErr = fmt.Errorf("decoding issues for %s: %w", r.FullName, err)
 					}
 					mu.Unlock()
 					return
 				}
 				// Tag each issue with repo info.
 				for i := range issues {
 					issues[i].RepoOwner = r.Owner.Login
 					issues[i].RepoName = r.Name
 				}
 				mu.Lock()
-				allIssues = append(allIssues, issues...)
+				if firstErr == nil {
 					firstErr = fmt.Errorf("fetching issues for %s: %w", r.FullName, err)
 				}
 				mu.Unlock()
-			}(repo)
+				return
-		}
+			}
 			defer resp.Body.Close()
-		wg.Wait()
+			var issues []Issue
 			if err := json.NewDecoder(resp.Body).Decode(&issues); err != nil {
 				mu.Lock()
 				if firstErr == nil {
 					firstErr = fmt.Errorf("decoding issues for %s: %w", r.FullName, err)
 				}
 				mu.Unlock()
 				return
 			}
-		if firstErr != nil {
+			// Tag each issue with repo info.
-			return PaginatedIssues{}, firstErr
+			for i := range issues {
-		}
+				issues[i].RepoOwner = r.Owner.Login
 				issues[i].RepoName = r.Name
 			}
-		// Sort by updated time, newest first.
+			mu.Lock()
-		sort.Slice(allIssues, func(i, j int) bool {
+			allIssues = append(allIssues, issues...)
-			return allIssues[i].UpdatedAt.After(allIssues[j].UpdatedAt)
+			mu.Unlock()
-		})
+		}(repo)
 		c.setCache(cacheKey, allIssues)
 	}
-	// Paginate.
+	wg.Wait()
-	start := (page - 1) * PageSize
+
-	if start >= len(allIssues) {
+	if firstErr != nil {
-		return PaginatedIssues{}, nil
+		return nil, firstErr
 	}
 	end := start + PageSize
 	hasMore := end < len(allIssues)
 	if end > len(allIssues) {
 		end = len(allIssues)
 	}
-	return PaginatedIssues{Issues: allIssues[start:end], HasMore: hasMore}, nil
+	// Sort by updated time, newest first.
 	sort.Slice(allIssues, func(i, j int) bool {
 		return allIssues[i].UpdatedAt.After(allIssues[j].UpdatedAt)
 	})
 	c.setCache(cacheKey, allIssues)
 	return allIssues, nil
 }
-// ListAllPullRequests fetches PRs across all repos in the given orgs.
+// ListAllPullRequests fetches all open PRs across all repos in the given orgs.
-// Results are paginated. The label parameter filters PRs by label name.
+func (c *Client) ListAllPullRequests(ctx context.Context, token string, orgs []string) ([]PullRequest, error) {
-// The repoFilter parameter narrows results to a single repo name.
+	cacheKey := fmt.Sprintf("pulls-%s", strings.Join(orgs, ","))
 func (c *Client) ListAllPullRequests(ctx context.Context, token string, orgs []string, state string, page int, label string, repoFilter string) (PaginatedPulls, error) {
 	if state == "" {
 		state = "open"
 	}
 	if page < 1 {
 		page = 1
 	}
 	cacheKey := fmt.Sprintf("pulls-%s-%s-%s-%s", state, strings.Join(orgs, ","), label, repoFilter)
 	var allPRs []PullRequest
 	if cached, ok := c.getFromCache(cacheKey); ok {
-		allPRs = cached.([]PullRequest)
+		return cached.([]PullRequest), nil
-	} else {
+	}
-		var allRepos []Repo
+
-		for _, org := range orgs {
+	var allRepos []Repo
-			repos, err := c.ListOrgRepos(ctx, token, org)
+	for _, org := range orgs {
 		repos, err := c.ListOrgRepos(ctx, token, org)
 		if err != nil {
 			return nil, fmt.Errorf("listing repos for %s: %w", org, err)
 		}
 		allRepos = append(allRepos, repos...)
 	}
 	var allPRs []PullRequest
 	var mu sync.Mutex
 	sem := make(chan struct{}, c.maxConcurrent)
 	var wg sync.WaitGroup
 	var firstErr error
 	for _, repo := range allRepos {
 		wg.Add(1)
 		go func(r Repo) {
 			defer wg.Done()
 			sem <- struct{}{}
 			defer func() { <-sem }()
 			path := fmt.Sprintf("/repos/%s/pulls?state=open&limit=50", r.FullName)
 			resp, err := c.doRequest(ctx, token, http.MethodGet, path, nil)
 			if err != nil {
 				return PaginatedPulls{}, fmt.Errorf("listing repos for %s: %w", org, err)
 			}
 			allRepos = append(allRepos, repos...)
 		}
 		// Filter to a single repo if specified.
 		if repoFilter != "" {
 			var filtered []Repo
 			for _, r := range allRepos {
 				if r.Name == repoFilter {
 					filtered = append(filtered, r)
 				}
 			}
 			allRepos = filtered
 		}
 		var mu sync.Mutex
 		sem := make(chan struct{}, c.maxConcurrent)
 		var wg sync.WaitGroup
 		var firstErr error
 		for _, repo := range allRepos {
 			wg.Add(1)
 			go func(r Repo) {
 				defer wg.Done()
 				sem <- struct{}{}
 				defer func() { <-sem }()
 				path := fmt.Sprintf("/repos/%s/pulls?state=%s&limit=50", r.FullName, state)
 				if label != "" {
 					path += "&labels=" + label
 				}
 				resp, err := c.doRequest(ctx, token, http.MethodGet, path, nil)
 				if err != nil {
 					mu.Lock()
 					if firstErr == nil {
 						firstErr = fmt.Errorf("fetching PRs for %s: %w", r.FullName, err)
 					}
 					mu.Unlock()
 					return
 				}
 				defer resp.Body.Close()
 				var prs []PullRequest
 				if err := json.NewDecoder(resp.Body).Decode(&prs); err != nil {
 					mu.Lock()
 					if firstErr == nil {
 						firstErr = fmt.Errorf("decoding PRs for %s: %w", r.FullName, err)
 					}
 					mu.Unlock()
 					return
 				}
 				for i := range prs {
 					prs[i].RepoOwner = r.Owner.Login
 					prs[i].RepoName = r.Name
 				}
 				mu.Lock()
-				allPRs = append(allPRs, prs...)
+				if firstErr == nil {
 					firstErr = fmt.Errorf("fetching PRs for %s: %w", r.FullName, err)
 				}
 				mu.Unlock()
-			}(repo)
+				return
-		}
+			}
 			defer resp.Body.Close()
-		wg.Wait()
+			var prs []PullRequest
 			if err := json.NewDecoder(resp.Body).Decode(&prs); err != nil {
 				mu.Lock()
 				if firstErr == nil {
 					firstErr = fmt.Errorf("decoding PRs for %s: %w", r.FullName, err)
 				}
 				mu.Unlock()
 				return
 			}
-		if firstErr != nil {
+			for i := range prs {
-			return PaginatedPulls{}, firstErr
+				prs[i].RepoOwner = r.Owner.Login
-		}
+				prs[i].RepoName = r.Name
 			}
-		sort.Slice(allPRs, func(i, j int) bool {
+			mu.Lock()
-			return allPRs[i].UpdatedAt.After(allPRs[j].UpdatedAt)
+			allPRs = append(allPRs, prs...)
-		})
+			mu.Unlock()
-
+		}(repo)
 		c.setCache(cacheKey, allPRs)
 	}
-	// Paginate.
+	wg.Wait()
-	start := (page - 1) * PageSize
+
-	if start >= len(allPRs) {
+	if firstErr != nil {
-		return PaginatedPulls{}, nil
+		return nil, firstErr
 	}
 	end := start + PageSize
 	hasMore := end < len(allPRs)
 	if end > len(allPRs) {
 		end = len(allPRs)
 	}
-	return PaginatedPulls{Pulls: allPRs[start:end], HasMore: hasMore}, nil
+	sort.Slice(allPRs, func(i, j int) bool {
 		return allPRs[i].UpdatedAt.After(allPRs[j].UpdatedAt)
 	})
 	c.setCache(cacheKey, allPRs)
 	return allPRs, nil
 }
 // GetTriageQueue returns unassigned issues and PRs needing review, sorted by priority.
 func (c *Client) GetTriageQueue(ctx context.Context, token string, orgs []string) ([]TriageItem, error) {
-	// Collect all open issues across all pages.
+	issues, err := c.ListAllIssues(ctx, token, orgs)
-	var issues []Issue
+	if err != nil {
-	for page := 1; ; page++ {
+		return nil, fmt.Errorf("fetching issues for triage: %w", err)
 		result, err := c.ListAllIssues(ctx, token, orgs, "open", page, "", "")
 		if err != nil {
 			return nil, fmt.Errorf("fetching issues for triage: %w", err)
 		}
 		issues = append(issues, result.Issues...)
 		if !result.HasMore {
 			break
 		}
 	}
-	// Collect all open PRs across all pages.
+	prs, err := c.ListAllPullRequests(ctx, token, orgs)
-	var prs []PullRequest
+	if err != nil {
-	for page := 1; ; page++ {
+		return nil, fmt.Errorf("fetching PRs for triage: %w", err)
 		result, err := c.ListAllPullRequests(ctx, token, orgs, "open", page, "", "")
 		if err != nil {
 			return nil, fmt.Errorf("fetching PRs for triage: %w", err)
 		}
 		prs = append(prs, result.Pulls...)
 		if !result.HasMore {
 			break
 		}
 	}
 	var queue []TriageItem
@@ -856,49 +683,6 @@ func (c *Client) ApplyLabel(ctx context.Context, token, owner, repo string, inde
 	return nil
 }
 // ListCollaborators fetches the list of collaborators (users with access) for a repo.
 func (c *Client) ListCollaborators(ctx context.Context, token, owner, repo string) ([]string, error) {
 	path := fmt.Sprintf("/repos/%s/%s/collaborators?limit=50", owner, repo)
 	resp, err := c.doRequest(ctx, token, http.MethodGet, path, nil)
 	if err != nil {
 		return nil, fmt.Errorf("fetching collaborators: %w", err)
 	}
 	defer resp.Body.Close()
 	var users []struct {
 		Login string `json:"login"`
 	}
 	if err := json.NewDecoder(resp.Body).Decode(&users); err != nil {
 		return nil, fmt.Errorf("decoding collaborators: %w", err)
 	}
 	var logins []string
 	for _, u := range users {
 		logins = append(logins, u.Login)
 	}
 	return logins, nil
 }
 // AssignIssue sets the assignees on an issue.
 func (c *Client) AssignIssue(ctx context.Context, token, owner, repo string, index int64, assignees []string) error {
 	payload, err := json.Marshal(map[string]interface{}{
 		"assignees": assignees,
 	})
 	if err != nil {
 		return fmt.Errorf("marshaling assignees: %w", err)
 	}
 	path := fmt.Sprintf("/repos/%s/%s/issues/%d", owner, repo, index)
 	resp, err := c.doRequest(ctx, token, http.MethodPatch, path, strings.NewReader(string(payload)))
 	if err != nil {
 		return fmt.Errorf("assigning issue: %w", err)
 	}
 	resp.Body.Close()
 	c.InvalidateAll()
 	return nil
 }
 // SubmitReview submits a review on a pull request.
 func (c *Client) SubmitReview(ctx context.Context, token, owner, repo string, index int64, reviewType, body string) error {
 	payload := map[string]interface{}{
@@ -922,61 +706,6 @@ func (c *Client) SubmitReview(ctx context.Context, token, owner, repo string, in
 	return nil
 }
 // CloseIssue closes an issue by setting its state to "closed".
 func (c *Client) CloseIssue(ctx context.Context, token, owner, repo string, index int64) error {
 	return c.SetIssueState(ctx, token, owner, repo, index, "closed")
 }
 // SetIssueState sets an issue's state (e.g. "open" or "closed").
 func (c *Client) SetIssueState(ctx context.Context, token, owner, repo string, index int64, state string) error {
 	payload, err := json.Marshal(map[string]string{"state": state})
 	if err != nil {
 		return fmt.Errorf("marshaling state change: %w", err)
 	}
 	path := fmt.Sprintf("/repos/%s/%s/issues/%d", owner, repo, index)
 	resp, err := c.doRequest(ctx, token, http.MethodPatch, path, strings.NewReader(string(payload)))
 	if err != nil {
 		return fmt.Errorf("setting issue state: %w", err)
 	}
 	resp.Body.Close()
 	c.InvalidateAll()
 	return nil
 }
 // AddComment creates a comment on an issue and returns the created Comment.
 func (c *Client) AddComment(ctx context.Context, token, owner, repo string, index int64, body string) (*Comment, error) {
 	return c.PostComment(ctx, token, owner, repo, index, body)
 }
 // PostComment creates a comment on an issue and returns the created Comment.
 func (c *Client) PostComment(ctx context.Context, token, owner, repo string, index int64, body string) (*Comment, error) {
 	payload, err := json.Marshal(map[string]string{"body": body})
 	if err != nil {
 		return nil, fmt.Errorf("marshaling comment: %w", err)
 	}
 	path := fmt.Sprintf("/repos/%s/%s/issues/%d/comments", owner, repo, index)
 	resp, err := c.doRequest(ctx, token, http.MethodPost, path, strings.NewReader(string(payload)))
 	if err != nil {
 		return nil, fmt.Errorf("posting comment: %w", err)
 	}
 	defer resp.Body.Close()
 	var comment Comment
 	if err := json.NewDecoder(resp.Body).Decode(&comment); err != nil {
 		return nil, fmt.Errorf("decoding comment: %w", err)
 	}
 	// Populate convenience fields.
 	comment.User = comment.RawUser.Login
 	comment.CreatedAt = comment.RawCreatedAt.Format("Jan 2, 2006 15:04")
 	c.InvalidateAll()
 	return &comment, nil
 }
 // RenderMarkdown renders raw markdown text to HTML using the Gitea API.
 // Falls back to the raw text if the API call fails.
 func (c *Client) RenderMarkdown(ctx context.Context, token, text string) (string, error) {
@@ -1016,74 +745,6 @@ func (c *Client) RenderMarkdown(ctx context.Context, token, text string) (string
 	return string(rendered), nil
 }
 // Review represents a single review on a pull request.
 type Review struct {
 	ID   int64  `json:"id"`
 	Body string `json:"body"`
 	State string `json:"state"` // "APPROVED", "REQUEST_CHANGES", "COMMENT", "PENDING"
 	User  struct {
 		Login string `json:"login"`
 	} `json:"user"`
 }
 // GetPullReviewState fetches reviews for a PR and returns the aggregate state.
 // Priority: changes_requested > approved > pending > "" (no reviews).
 func (c *Client) GetPullReviewState(ctx context.Context, token, owner, repo string, index int64) string {
 	path := fmt.Sprintf("/repos/%s/%s/pulls/%d/reviews?limit=50", owner, repo, index)
 	resp, err := c.doRequest(ctx, token, http.MethodGet, path, nil)
 	if err != nil {
 		return ""
 	}
 	defer resp.Body.Close()
 	var reviews []Review
 	if err := json.NewDecoder(resp.Body).Decode(&reviews); err != nil {
 		return ""
 	}
 	if len(reviews) == 0 {
 		return ""
 	}
 	// Aggregate: last non-comment review per user wins, then pick the "worst" state.
 	userState := make(map[string]string)
 	for _, r := range reviews {
 		switch r.State {
 		case "APPROVED", "REQUEST_CHANGES":
 			userState[r.User.Login] = r.State
 		}
 	}
 	if len(userState) == 0 {
 		return "pending"
 	}
 	for _, s := range userState {
 		if s == "REQUEST_CHANGES" {
 			return "changes_requested"
 		}
 	}
 	return "approved"
 }
 // EnrichPullsWithReviewState fetches review state for each PR concurrently.
 func (c *Client) EnrichPullsWithReviewState(ctx context.Context, token string, pulls []PullRequest) {
 	sem := make(chan struct{}, c.maxConcurrent)
 	var wg sync.WaitGroup
 	for i := range pulls {
 		wg.Add(1)
 		go func(idx int) {
 			defer wg.Done()
 			sem <- struct{}{}
 			defer func() { <-sem }()
 			pulls[idx].ReviewState = c.GetPullReviewState(ctx, token, pulls[idx].RepoOwner, pulls[idx].RepoName, pulls[idx].Number)
 		}(i)
 	}
 	wg.Wait()
 }
 // priorityScore returns a numeric score for sorting (lower = higher priority).
 func priorityScore(labels []string) int {
 	for _, l := range labels {
@@ -38,15 +38,8 @@ func (h *Handler) RegisterRoutes(mux *http.ServeMux) {
 	// Issues.
 	mux.HandleFunc("GET /issues", h.ListIssues)
 	mux.HandleFunc("GET /issues/new", h.NewIssue)
 	mux.HandleFunc("GET /issues/new/labels", h.NewIssueLabels)
 	mux.HandleFunc("POST /issues", h.CreateIssue)
 	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/labels", h.ApplyLabels)
 	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/assignees", h.AssignIssue)
 	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/close", h.CloseIssue)
 	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/state", h.SetIssueState)
 	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/comments", h.AddComment)
 	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/comment", h.AddComment)
 	// Issue detail.
 	mux.HandleFunc("GET /issues/{owner}/{repo}/{index}", h.IssueDetail)
@@ -55,7 +48,6 @@ func (h *Handler) RegisterRoutes(mux *http.ServeMux) {
 	mux.HandleFunc("GET /pulls", h.ListPulls)
 	mux.HandleFunc("GET /pulls/{owner}/{repo}/{index}", h.PullDetail)
 	mux.HandleFunc("POST /pulls/{owner}/{repo}/{index}/review", h.SubmitReview)
 	mux.HandleFunc("POST /pulls/{owner}/{repo}/{index}/state", h.SetPullState)
 	// Settings (handled separately for auth bypass).
 	settingsHandler := &SettingsHandler{
@@ -120,10 +112,6 @@ var basePage = template.Must(template.New("base").Parse(`<!DOCTYPE html>
  <script src="/static/htmx.min.js"></script>
 </head>
 <body>
  <header class="top-bar">
    <span class="top-bar-title">Gitea Mobile</span>
    <button class="refresh-btn" hx-get="" hx-target="#main-content" hx-swap="innerHTML" aria-label="Refresh">&#8635;</button>
  </header>
  <div class="content" id="main-content">
    {{.Content}}
  </div>
@@ -181,325 +169,169 @@ func renderPage(w http.ResponseWriter, r *http.Request, title, activeTab string,
 	}
 }
 // errorData holds the template data for error pages.
 type errorData struct {
 	Code    int
 	Title   string
 	Message string
 }
 // ErrorNotFound renders a mobile-friendly 404 error page.
 func (h *Handler) ErrorNotFound(w http.ResponseWriter, r *http.Request) {
 	data := errorData{
 		Code:    http.StatusNotFound,
 		Title:   "Page Not Found",
 		Message: "The page you are looking for does not exist or has been moved.",
 	}
 	h.renderError(w, r, data)
 }
 // ErrorInternal renders a mobile-friendly 500 error page.
 func (h *Handler) ErrorInternal(w http.ResponseWriter, r *http.Request) {
 	data := errorData{
 		Code:    http.StatusInternalServerError,
 		Title:   "Internal Server Error",
 		Message: "Something went wrong on our end. Please try again later.",
 	}
 	h.renderError(w, r, data)
 }
 // renderError renders the error template with the given data and status code.
 func (h *Handler) renderError(w http.ResponseWriter, r *http.Request, data errorData) {
 	tmpl, err := template.ParseFiles("internal/templates/error.html")
 	if err != nil {
 		slog.Error("failed to parse error template", "error", err)
 		http.Error(w, fmt.Sprintf("%d %s", data.Code, data.Title), data.Code)
 		return
 	}
 	var buf strings.Builder
 	if err := tmpl.ExecuteTemplate(&buf, "content", data); err != nil {
 		slog.Error("failed to execute error template", "error", err)
 		http.Error(w, fmt.Sprintf("%d %s", data.Code, data.Title), data.Code)
 		return
 	}
 	w.WriteHeader(data.Code)
 	renderPage(w, r, data.Title, "", buf.String())
 }
 // Dashboard handles GET / — the triage queue.
 func (h *Handler) Dashboard(w http.ResponseWriter, r *http.Request) {
 	// Only handle exact root path.
 	if r.URL.Path != "/" {
-		h.ErrorNotFound(w, r)
+		http.NotFound(w, r)
 		return
 	}
 	token := getToken(r)
 	orgs := h.getUserOrgs(r)
 	selectedOrg := r.URL.Query().Get("org")
 	type dashboardData struct {
 		Items       []giteaclient.TriageItem
 		Orgs        []string
 		SelectedOrg string
 		Error       string
 	}
 	data := dashboardData{
 		Orgs:        orgs,
 		SelectedOrg: selectedOrg,
 	}
 	if len(orgs) == 0 {
-		data.Error = "No organizations found. Check your token permissions."
+		renderPage(w, r, "Dashboard", "dashboard",
-	} else {
+			`<h1>Dashboard</h1><p class="empty">No organizations found. Check your token permissions.</p>`)
-		// Determine which orgs to query.
+		return
 		queryOrgs := orgs
 		if selectedOrg != "" {
 			queryOrgs = []string{selectedOrg}
 		}
 		queue, err := h.Client.GetTriageQueue(r.Context(), token, queryOrgs)
 		if err != nil {
 			slog.Error("failed to get triage queue", "error", err)
 			data.Error = "Error loading triage queue."
 		} else {
 			data.Items = queue
 		}
 	}
-	tmpl, err := template.ParseFiles("internal/templates/dashboard.html")
+	queue, err := h.Client.GetTriageQueue(r.Context(), token, orgs)
 	if err != nil {
-		slog.Error("failed to parse dashboard template", "error", err)
+		slog.Error("failed to get triage queue", "error", err)
-		http.Error(w, "template error", http.StatusInternalServerError)
+		renderPage(w, r, "Dashboard", "dashboard",
 			`<h1>Dashboard</h1><p class="empty">Error loading triage queue.</p>`)
 		return
 	}
-	var buf strings.Builder
+	if len(queue) == 0 {
-	if err := tmpl.ExecuteTemplate(&buf, "content", data); err != nil {
+		renderPage(w, r, "Dashboard", "dashboard",
-		slog.Error("failed to execute dashboard template", "error", err)
+			`<h1>Dashboard</h1><p class="empty">No items need attention. Nice work!</p>`)
 		http.Error(w, "template error", http.StatusInternalServerError)
 		return
 	}
-	renderPage(w, r, "Dashboard", "dashboard", buf.String())
+	content := `<h1>Dashboard</h1>`
 	for _, item := range queue {
 		typeBadge := `<span class="type-badge type-issue">issue</span>`
 		if item.Type == "pull" {
 			typeBadge = `<span class="type-badge type-pull">PR</span>`
 		}
 		labels := ""
 		for _, l := range item.Labels {
 			color := "#8b949e"
 			switch l {
 			case "P1":
 				color = "#f85149"
 			case "P2":
 				color = "#d29922"
 			case "P3":
 				color = "#58a6ff"
 			}
 			labels += fmt.Sprintf(`<span class="label" style="color:%s;border:1px solid %s">%s</span>`, color, color, template.HTMLEscapeString(l))
 		}
 		content += fmt.Sprintf(`<div class="card">
  <div class="card-title">%s %s</div>
  <div class="card-meta">%s/%s #%d %s</div>
 </div>`, typeBadge, template.HTMLEscapeString(item.Title),
 			template.HTMLEscapeString(item.RepoOwner),
 			template.HTMLEscapeString(item.RepoName),
 			item.Number, labels)
 	}
 	renderPage(w, r, "Dashboard", "dashboard", content)
 }
 // ListIssues handles GET /issues.
 func (h *Handler) ListIssues(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)
-	orgNames := h.getUserOrgs(r)
+	orgs := h.getUserOrgs(r)
-	type issuesData struct {
+	if len(orgs) == 0 {
-		Issues        []giteaclient.Issue
+		renderPage(w, r, "Issues", "issues",
-		Orgs          []string
+			`<h1>Issues</h1><p class="empty">No organizations found.</p>`)
 		SelectedOrg   string
 		SelectedState string
 		SelectedLabel string
 		SelectedRepo  string
 		Repos         []string
 		HasMore       bool
 		NextPage      int
 		Error         string
 	}
 	selectedOrg := r.URL.Query().Get("org")
 	selectedState := r.URL.Query().Get("state")
 	if selectedState == "" {
 		selectedState = "open"
 	}
 	selectedLabel := r.URL.Query().Get("label")
 	selectedRepo := r.URL.Query().Get("repo")
 	page, _ := strconv.Atoi(r.URL.Query().Get("page"))
 	if page < 1 {
 		page = 1
 	}
 	data := issuesData{
 		Orgs:          orgNames,
 		SelectedOrg:   selectedOrg,
 		SelectedState: selectedState,
 		SelectedLabel: selectedLabel,
 		SelectedRepo:  selectedRepo,
 	}
 	if len(orgNames) == 0 {
 		data.Error = "No organizations found."
 	} else {
 		// Filter to selected org if specified.
 		queryOrgs := orgNames
 		if selectedOrg != "" {
 			queryOrgs = []string{selectedOrg}
 			// Populate repo list for the selected org.
 			repos, err := h.Client.ListOrgRepos(r.Context(), token, selectedOrg)
 			if err != nil {
 				slog.Warn("failed to list repos for org filter", "error", err, "org", selectedOrg)
 			} else {
 				for _, repo := range repos {
 					data.Repos = append(data.Repos, repo.Name)
 				}
 			}
 		}
 		result, err := h.Client.ListAllIssues(r.Context(), token, queryOrgs, selectedState, page, selectedLabel, selectedRepo)
 		if err != nil {
 			slog.Error("failed to list issues", "error", err)
 			data.Error = "Error loading issues."
 		} else {
 			data.Issues = result.Issues
 			data.HasMore = result.HasMore
 			if result.HasMore {
 				data.NextPage = page + 1
 			}
 		}
 	}
 	// For HTMX infinite-scroll requests (page > 1), return only the card fragment.
 	if isHTMX(r) && page > 1 {
 		tmpl, err := template.ParseFiles("internal/templates/issues.html")
 		if err != nil {
 			slog.Error("failed to parse issues template", "error", err)
 			http.Error(w, "template error", http.StatusInternalServerError)
 			return
 		}
 		var buf strings.Builder
 		if err := tmpl.ExecuteTemplate(&buf, "cards", data); err != nil {
 			slog.Error("failed to execute issues cards template", "error", err)
 			http.Error(w, "template error", http.StatusInternalServerError)
 			return
 		}
 		w.Header().Set("Content-Type", "text/html; charset=utf-8")
 		fmt.Fprint(w, buf.String())
 		return
 	}
-	tmpl, err := template.ParseFiles("internal/templates/issues.html")
+	issues, err := h.Client.ListAllIssues(r.Context(), token, orgs)
 	if err != nil {
-		slog.Error("failed to parse issues template", "error", err)
+		slog.Error("failed to list issues", "error", err)
-		http.Error(w, "template error", http.StatusInternalServerError)
+		renderPage(w, r, "Issues", "issues",
 			`<h1>Issues</h1><p class="empty">Error loading issues.</p>`)
 		return
 	}
-	var buf strings.Builder
+	if len(issues) == 0 {
-	if err := tmpl.ExecuteTemplate(&buf, "content", data); err != nil {
+		renderPage(w, r, "Issues", "issues",
-		slog.Error("failed to execute issues template", "error", err)
+			`<h1>Issues</h1><p class="empty">No open issues found.</p>`)
 		http.Error(w, "template error", http.StatusInternalServerError)
 		return
 	}
-	renderPage(w, r, "Issues", "issues", buf.String())
+	content := `<h1>Issues</h1>`
 	for _, issue := range issues {
 		labels := ""
 		for _, l := range issue.Labels {
 			labels += fmt.Sprintf(`<span class="label" style="color:#%s;border:1px solid #%s">%s</span>`,
 				l.Color, l.Color, template.HTMLEscapeString(l.Name))
 		}
 		assignee := ""
 		if issue.Assignee != nil {
 			assignee = fmt.Sprintf(` &middot; %s`, template.HTMLEscapeString(issue.Assignee.Login))
 		}
 		content += fmt.Sprintf(`<div class="card">
  <div class="card-title">%s</div>
  <div class="card-meta">%s/%s #%d %s%s</div>
 </div>`, template.HTMLEscapeString(issue.Title),
 			template.HTMLEscapeString(issue.RepoOwner),
 			template.HTMLEscapeString(issue.RepoName),
 			issue.Number, labels, assignee)
 	}
 	renderPage(w, r, "Issues", "issues", content)
 }
 // ListPulls handles GET /pulls.
 func (h *Handler) ListPulls(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)
-	orgNames := h.getUserOrgs(r)
+	orgs := h.getUserOrgs(r)
-	type pullsData struct {
+	if len(orgs) == 0 {
-		Pulls         []giteaclient.PullRequest
+		renderPage(w, r, "Pull Requests", "pulls",
-		Orgs          []string
+			`<h1>Pull Requests</h1><p class="empty">No organizations found.</p>`)
 		SelectedOrg   string
 		SelectedState string
 		SelectedLabel string
 		SelectedRepo  string
 		Repos         []string
 		HasMore       bool
 		NextPage      int
 		Error         string
 	}
 	selectedOrg := r.URL.Query().Get("org")
 	selectedState := r.URL.Query().Get("state")
 	if selectedState == "" {
 		selectedState = "open"
 	}
 	selectedLabel := r.URL.Query().Get("label")
 	selectedRepo := r.URL.Query().Get("repo")
 	page, _ := strconv.Atoi(r.URL.Query().Get("page"))
 	if page < 1 {
 		page = 1
 	}
 	data := pullsData{
 		Orgs:          orgNames,
 		SelectedOrg:   selectedOrg,
 		SelectedState: selectedState,
 		SelectedLabel: selectedLabel,
 		SelectedRepo:  selectedRepo,
 	}
 	if len(orgNames) == 0 {
 		data.Error = "No organizations found."
 	} else {
 		queryOrgs := orgNames
 		if selectedOrg != "" {
 			queryOrgs = []string{selectedOrg}
 			// Populate repo list for the selected org.
 			repos, err := h.Client.ListOrgRepos(r.Context(), token, selectedOrg)
 			if err != nil {
 				slog.Warn("failed to list repos for org filter", "error", err, "org", selectedOrg)
 			} else {
 				for _, repo := range repos {
 					data.Repos = append(data.Repos, repo.Name)
 				}
 			}
 		}
 		result, err := h.Client.ListAllPullRequests(r.Context(), token, queryOrgs, selectedState, page, selectedLabel, selectedRepo)
 		if err != nil {
 			slog.Error("failed to list pull requests", "error", err)
 			data.Error = "Error loading pull requests."
 		} else {
 			data.Pulls = result.Pulls
 			data.HasMore = result.HasMore
 			if result.HasMore {
 				data.NextPage = page + 1
 			}
 			// Enrich PRs with review state for status icons.
 			if len(data.Pulls) > 0 {
 				h.Client.EnrichPullsWithReviewState(r.Context(), token, data.Pulls)
 			}
 		}
 	}
 	// For HTMX infinite-scroll requests (page > 1), return only the card fragment.
 	if isHTMX(r) && page > 1 {
 		tmpl, err := template.ParseFiles("internal/templates/pulls.html")
 		if err != nil {
 			slog.Error("failed to parse pulls template", "error", err)
 			http.Error(w, "template error", http.StatusInternalServerError)
 			return
 		}
 		var buf strings.Builder
 		if err := tmpl.ExecuteTemplate(&buf, "cards", data); err != nil {
 			slog.Error("failed to execute pulls cards template", "error", err)
 			http.Error(w, "template error", http.StatusInternalServerError)
 			return
 		}
 		w.Header().Set("Content-Type", "text/html; charset=utf-8")
 		fmt.Fprint(w, buf.String())
 		return
 	}
-	tmpl, err := template.ParseFiles("internal/templates/pulls.html")
+	prs, err := h.Client.ListAllPullRequests(r.Context(), token, orgs)
 	if err != nil {
-		slog.Error("failed to parse pulls template", "error", err)
+		slog.Error("failed to list pull requests", "error", err)
-		http.Error(w, "template error", http.StatusInternalServerError)
+		renderPage(w, r, "Pull Requests", "pulls",
 			`<h1>Pull Requests</h1><p class="empty">Error loading pull requests.</p>`)
 		return
 	}
-	var buf strings.Builder
+	if len(prs) == 0 {
-	if err := tmpl.ExecuteTemplate(&buf, "content", data); err != nil {
+		renderPage(w, r, "Pull Requests", "pulls",
-		slog.Error("failed to execute pulls template", "error", err)
+			`<h1>Pull Requests</h1><p class="empty">No open pull requests found.</p>`)
 		http.Error(w, "template error", http.StatusInternalServerError)
 		return
 	}
-	renderPage(w, r, "Pull Requests", "pulls", buf.String())
+	content := `<h1>Pull Requests</h1>`
 	for _, pr := range prs {
 		labels := ""
 		for _, l := range pr.Labels {
 			labels += fmt.Sprintf(`<span class="label" style="color:#%s;border:1px solid #%s">%s</span>`,
 				l.Color, l.Color, template.HTMLEscapeString(l.Name))
 		}
 		stats := fmt.Sprintf(`<span style="color:#3fb950">+%d</span> <span style="color:#f85149">-%d</span>`, pr.Additions, pr.Deletions)
 		mergeStatus := ""
 		if pr.Mergeable {
 			mergeStatus = `<span style="color:#3fb950;font-size:0.7rem;">mergeable</span>`
 		}
 		content += fmt.Sprintf(`<div class="card">
  <div class="card-title"><span class="type-badge type-pull">PR</span> %s</div>
  <div class="card-meta">%s/%s #%d %s %s %s</div>
 </div>`, template.HTMLEscapeString(pr.Title),
 			template.HTMLEscapeString(pr.RepoOwner),
 			template.HTMLEscapeString(pr.RepoName),
 			pr.Number, labels, stats, mergeStatus)
 	}
 	renderPage(w, r, "Pull Requests", "pulls", content)
 }
 // IssueDetail handles GET /issues/{owner}/{repo}/{index}.
@@ -535,12 +367,6 @@ func (h *Handler) IssueDetail(w http.ResponseWriter, r *http.Request) {
 		labels = nil
 	}
 	collaborators, err := h.Client.ListCollaborators(r.Context(), token, owner, repo)
 	if err != nil {
 		slog.Error("failed to get collaborators", "error", err)
 		collaborators = nil
 	}
 	// Render markdown body if present.
 	var renderedBody template.HTML
 	if issue.Body != "" {
@@ -565,7 +391,6 @@ func (h *Handler) IssueDetail(w http.ResponseWriter, r *http.Request) {
 		RenderedBody    template.HTML
 		Comments        []giteaclient.Comment
 		AvailableLabels []giteaclient.Label
 		Collaborators   []string
 	}
 	data := templateData{
@@ -573,7 +398,6 @@ func (h *Handler) IssueDetail(w http.ResponseWriter, r *http.Request) {
 		RenderedBody:    renderedBody,
 		Comments:        comments,
 		AvailableLabels: labels,
 		Collaborators:   collaborators,
 	}
 	var buf strings.Builder
@@ -618,13 +442,6 @@ func (h *Handler) PullDetail(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 	// Fetch comments for this PR (Gitea uses the issues endpoint for PR comments).
 	comments, err := h.Client.GetIssueComments(r.Context(), token, owner, repo, index)
 	if err != nil {
 		slog.Warn("failed to fetch PR comments", "error", err, "owner", owner, "repo", repo, "index", index)
 		// Non-fatal: continue rendering without comments.
 	}
 	// Build the content HTML using the template.
 	tmpl, err := template.ParseFiles("internal/templates/pull_detail.html")
 	if err != nil {
@@ -636,13 +453,11 @@ func (h *Handler) PullDetail(w http.ResponseWriter, r *http.Request) {
 	type templateData struct {
 		Pull         *giteaclient.PullRequest
 		RenderedBody template.HTML
 		Comments     []giteaclient.Comment
 	}
 	data := templateData{
 		Pull:         pr,
 		RenderedBody: renderedBody,
 		Comments:     comments,
 	}
 	var buf strings.Builder
@@ -655,73 +470,6 @@ func (h *Handler) PullDetail(w http.ResponseWriter, r *http.Request) {
 	renderPage(w, r, fmt.Sprintf("PR #%d", index), "pulls", buf.String())
 }
 // NewIssue handles GET /issues/new — renders the create-issue form.
 func (h *Handler) NewIssue(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)
 	repos, err := h.Client.ListOrgsAndRepos(r.Context(), token)
 	if err != nil {
 		slog.Error("failed to list repos for new issue form", "error", err)
 		renderPage(w, r, "New Issue", "issues",
 			`<h1>New Issue</h1><p class="empty">Error loading repositories.</p>`)
 		return
 	}
 	tmpl, err := template.ParseFiles("internal/templates/create_issue.html")
 	if err != nil {
 		slog.Error("failed to parse create_issue template", "error", err)
 		http.Error(w, "template error", http.StatusInternalServerError)
 		return
 	}
 	type templateData struct {
 		Repos map[string][]giteaclient.Repo
 	}
 	data := templateData{Repos: repos}
 	var buf strings.Builder
 	if err := tmpl.ExecuteTemplate(&buf, "content", data); err != nil {
 		slog.Error("failed to execute create_issue template", "error", err)
 		http.Error(w, "template error", http.StatusInternalServerError)
 		return
 	}
 	renderPage(w, r, "New Issue", "issues", buf.String())
 }
 // NewIssueLabels handles GET /issues/new/labels — returns label checkboxes for a repo.
 func (h *Handler) NewIssueLabels(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)
 	owner := r.URL.Query().Get("owner")
 	repo := r.URL.Query().Get("repo")
 	if owner == "" || repo == "" {
 		w.Header().Set("Content-Type", "text/html; charset=utf-8")
 		fmt.Fprint(w, `<span class="empty">Select a repository first.</span>`)
 		return
 	}
 	labels, err := h.Client.GetRepoLabels(r.Context(), token, owner, repo)
 	if err != nil {
 		slog.Error("failed to fetch labels", "error", err, "owner", owner, "repo", repo)
 		w.Header().Set("Content-Type", "text/html; charset=utf-8")
 		fmt.Fprint(w, `<span class="empty">Error loading labels.</span>`)
 		return
 	}
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	if len(labels) == 0 {
 		fmt.Fprint(w, `<span class="empty">No labels available for this repository.</span>`)
 		return
 	}
 	for _, l := range labels {
 		fmt.Fprintf(w, `<label style="display:inline-block;margin:0.25rem 0.5rem 0.25rem 0;cursor:pointer;"><input type="checkbox" name="label_ids" value="%d" style="margin-right:0.25rem;"> <span class="label" style="color:#%s;border:1px solid #%s">%s</span></label>`,
 			l.ID, template.HTMLEscapeString(l.Color), template.HTMLEscapeString(l.Color), template.HTMLEscapeString(l.Name))
 	}
 }
 // CreateIssue handles POST /issues.
 func (h *Handler) CreateIssue(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)
@@ -735,35 +483,14 @@ func (h *Handler) CreateIssue(w http.ResponseWriter, r *http.Request) {
 	title := r.FormValue("title")
 	body := r.FormValue("body")
 	// Parse label IDs from form checkboxes.
 	var labelIDs []int64
 	for _, idStr := range r.Form["label_ids"] {
 		id, err := strconv.ParseInt(idStr, 10, 64)
 		if err == nil {
 			labelIDs = append(labelIDs, id)
 		}
 	}
 	if owner == "" || repo == "" || title == "" {
 		if isHTMX(r) {
 			w.Header().Set("Content-Type", "text/html; charset=utf-8")
 			w.WriteHeader(http.StatusBadRequest)
 			fmt.Fprint(w, `<span class="empty">owner, repo, and title are required</span>`)
 			return
 		}
 		http.Error(w, "owner, repo, and title are required", http.StatusBadRequest)
 		return
 	}
-	issue, err := h.Client.CreateIssue(r.Context(), token, owner, repo, title, body, labelIDs)
+	issue, err := h.Client.CreateIssue(r.Context(), token, owner, repo, title, body, nil)
 	if err != nil {
 		slog.Error("failed to create issue", "error", err)
 		if isHTMX(r) {
 			w.Header().Set("Content-Type", "text/html; charset=utf-8")
 			w.WriteHeader(http.StatusInternalServerError)
 			fmt.Fprint(w, `<span class="empty">Failed to create issue. Please try again.</span>`)
 			return
 		}
 		http.Error(w, "failed to create issue", http.StatusInternalServerError)
 		return
 	}
@@ -824,210 +551,6 @@ func (h *Handler) ApplyLabels(w http.ResponseWriter, r *http.Request) {
 	http.Redirect(w, r, fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
 }
 // AssignIssue handles POST /issues/{owner}/{repo}/{index}/assignees.
 func (h *Handler) AssignIssue(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)
 	owner := r.PathValue("owner")
 	repo := r.PathValue("repo")
 	indexStr := r.PathValue("index")
 	index, err := strconv.ParseInt(indexStr, 10, 64)
 	if err != nil {
 		http.Error(w, "invalid issue index", http.StatusBadRequest)
 		return
 	}
 	if err := r.ParseForm(); err != nil {
 		http.Error(w, "bad request", http.StatusBadRequest)
 		return
 	}
 	assignee := r.FormValue("assignee")
 	if assignee == "" {
 		http.Error(w, "assignee is required", http.StatusBadRequest)
 		return
 	}
 	if err := h.Client.AssignIssue(r.Context(), token, owner, repo, index, []string{assignee}); err != nil {
 		slog.Error("failed to assign issue", "error", err, "owner", owner, "repo", repo, "index", index, "assignee", assignee)
 		http.Error(w, "failed to assign issue", http.StatusInternalServerError)
 		return
 	}
 	if isHTMX(r) {
 		w.Header().Set("Content-Type", "text/html; charset=utf-8")
 		fmt.Fprintf(w, `<span style="color:#3fb950">Assigned to %s</span>`, template.HTMLEscapeString(assignee))
 		return
 	}
 	http.Redirect(w, r, fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
 }
 // CloseIssue handles POST /issues/{owner}/{repo}/{index}/close.
 func (h *Handler) CloseIssue(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)
 	owner := r.PathValue("owner")
 	repo := r.PathValue("repo")
 	indexStr := r.PathValue("index")
 	index, err := strconv.ParseInt(indexStr, 10, 64)
 	if err != nil {
 		http.Error(w, "invalid issue index", http.StatusBadRequest)
 		return
 	}
 	if err := h.Client.CloseIssue(r.Context(), token, owner, repo, index); err != nil {
 		slog.Error("failed to close issue", "error", err, "owner", owner, "repo", repo, "index", index)
 		http.Error(w, "failed to close issue", http.StatusInternalServerError)
 		return
 	}
 	if isHTMX(r) {
 		w.Header().Set("HX-Redirect", fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index))
 		w.WriteHeader(http.StatusOK)
 		return
 	}
 	http.Redirect(w, r, fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
 }
 // SetIssueState handles POST /issues/{owner}/{repo}/{index}/state.
 func (h *Handler) SetIssueState(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)
 	owner := r.PathValue("owner")
 	repo := r.PathValue("repo")
 	indexStr := r.PathValue("index")
 	index, err := strconv.ParseInt(indexStr, 10, 64)
 	if err != nil {
 		http.Error(w, "invalid issue index", http.StatusBadRequest)
 		return
 	}
 	if err := r.ParseForm(); err != nil {
 		http.Error(w, "bad request", http.StatusBadRequest)
 		return
 	}
 	state := r.FormValue("state")
 	if state != "open" && state != "closed" {
 		http.Error(w, "state must be 'open' or 'closed'", http.StatusBadRequest)
 		return
 	}
 	if err := h.Client.SetIssueState(r.Context(), token, owner, repo, index, state); err != nil {
 		slog.Error("failed to set issue state", "error", err, "owner", owner, "repo", repo, "index", index, "state", state)
 		http.Error(w, "failed to update issue state", http.StatusInternalServerError)
 		return
 	}
 	if isHTMX(r) {
 		w.Header().Set("Content-Type", "text/html; charset=utf-8")
 		if state == "closed" {
 			fmt.Fprintf(w, `<span class="state-closed" id="issue-state">closed</span>
 <button class="btn btn-secondary" hx-post="/issues/%s/%s/%d/state" hx-vals='{"state":"open"}' hx-target="#state-section" hx-swap="innerHTML">Reopen Issue</button>`,
 				template.HTMLEscapeString(owner), template.HTMLEscapeString(repo), index)
 		} else {
 			fmt.Fprintf(w, `<span class="state-open" id="issue-state">open</span>
 <button class="btn btn-danger" hx-post="/issues/%s/%s/%d/state" hx-vals='{"state":"closed"}' hx-target="#state-section" hx-swap="innerHTML">Close Issue</button>`,
 				template.HTMLEscapeString(owner), template.HTMLEscapeString(repo), index)
 		}
 		return
 	}
 	http.Redirect(w, r, fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
 }
 // SetPullState handles POST /pulls/{owner}/{repo}/{index}/state.
 func (h *Handler) SetPullState(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)
 	owner := r.PathValue("owner")
 	repo := r.PathValue("repo")
 	indexStr := r.PathValue("index")
 	index, err := strconv.ParseInt(indexStr, 10, 64)
 	if err != nil {
 		http.Error(w, "invalid pull request index", http.StatusBadRequest)
 		return
 	}
 	if err := r.ParseForm(); err != nil {
 		http.Error(w, "bad request", http.StatusBadRequest)
 		return
 	}
 	state := r.FormValue("state")
 	if state != "open" && state != "closed" {
 		http.Error(w, "state must be 'open' or 'closed'", http.StatusBadRequest)
 		return
 	}
 	if err := h.Client.SetIssueState(r.Context(), token, owner, repo, index, state); err != nil {
 		slog.Error("failed to set pull request state", "error", err, "owner", owner, "repo", repo, "index", index, "state", state)
 		http.Error(w, "failed to update pull request state", http.StatusInternalServerError)
 		return
 	}
 	if isHTMX(r) {
 		w.Header().Set("Content-Type", "text/html; charset=utf-8")
 		if state == "closed" {
 			fmt.Fprintf(w, `<span class="state-closed" id="pull-state">closed</span>
 <button class="btn btn-secondary" hx-post="/pulls/%s/%s/%d/state" hx-vals='{"state":"open"}' hx-target="#state-section" hx-swap="innerHTML">Reopen PR</button>`,
 				template.HTMLEscapeString(owner), template.HTMLEscapeString(repo), index)
 		} else {
 			fmt.Fprintf(w, `<span class="state-open" id="pull-state">open</span>
 <button class="btn btn-danger" hx-post="/pulls/%s/%s/%d/state" hx-vals='{"state":"closed"}' hx-target="#state-section" hx-swap="innerHTML">Close PR</button>`,
 				template.HTMLEscapeString(owner), template.HTMLEscapeString(repo), index)
 		}
 		return
 	}
 	http.Redirect(w, r, fmt.Sprintf("/pulls/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
 }
 // AddComment handles POST /issues/{owner}/{repo}/{index}/comment.
 func (h *Handler) AddComment(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)
 	owner := r.PathValue("owner")
 	repo := r.PathValue("repo")
 	indexStr := r.PathValue("index")
 	index, err := strconv.ParseInt(indexStr, 10, 64)
 	if err != nil {
 		http.Error(w, "invalid issue index", http.StatusBadRequest)
 		return
 	}
 	if err := r.ParseForm(); err != nil {
 		http.Error(w, "bad request", http.StatusBadRequest)
 		return
 	}
 	body := r.FormValue("body")
 	if body == "" {
 		http.Error(w, "comment body is required", http.StatusBadRequest)
 		return
 	}
 	comment, err := h.Client.PostComment(r.Context(), token, owner, repo, index, body)
 	if err != nil {
 		slog.Error("failed to post comment", "error", err, "owner", owner, "repo", repo, "index", index)
 		http.Error(w, "failed to post comment", http.StatusInternalServerError)
 		return
 	}
 	if isHTMX(r) {
 		w.Header().Set("Content-Type", "text/html; charset=utf-8")
 		fmt.Fprintf(w, `<div class="card comment">
  <div class="card-meta">%s &middot; %s</div>
  <div class="card-body">%s</div>
 </div>`, template.HTMLEscapeString(comment.User), template.HTMLEscapeString(comment.CreatedAt), template.HTMLEscapeString(comment.Body))
 		return
 	}
 	http.Redirect(w, r, fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
 }
 // SubmitReview handles POST /pulls/{owner}/{repo}/{index}/review.
 func (h *Handler) SubmitReview(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)
@@ -135,135 +135,6 @@ func TestSubmitReview_MissingEventType(t *testing.T) {
 	}
 }
 func TestSetIssueState_InvalidState(t *testing.T) {
 	h := newTestHandler()
 	mux := http.NewServeMux()
 	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/state", h.SetIssueState)
 	req := httptest.NewRequest(http.MethodPost, "/issues/org/repo/1/state", nil)
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	w := httptest.NewRecorder()
 	mux.ServeHTTP(w, req)
 	if w.Code != http.StatusBadRequest {
 		t.Errorf("status = %d, want %d", w.Code, http.StatusBadRequest)
 	}
 }
 func TestSetIssueState_InvalidIndex(t *testing.T) {
 	h := newTestHandler()
 	mux := http.NewServeMux()
 	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/state", h.SetIssueState)
 	req := httptest.NewRequest(http.MethodPost, "/issues/org/repo/abc/state", nil)
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	w := httptest.NewRecorder()
 	mux.ServeHTTP(w, req)
 	if w.Code != http.StatusBadRequest {
 		t.Errorf("status = %d, want %d", w.Code, http.StatusBadRequest)
 	}
 }
 func TestAddComment_EmptyBody(t *testing.T) {
 	h := newTestHandler()
 	mux := http.NewServeMux()
 	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/comments", h.AddComment)
 	req := httptest.NewRequest(http.MethodPost, "/issues/org/repo/1/comments", nil)
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	w := httptest.NewRecorder()
 	mux.ServeHTTP(w, req)
 	if w.Code != http.StatusBadRequest {
 		t.Errorf("status = %d, want %d", w.Code, http.StatusBadRequest)
 	}
 }
 func TestErrorNotFound(t *testing.T) {
 	h := newTestHandler()
 	req := httptest.NewRequest(http.MethodGet, "/nonexistent", nil)
 	w := httptest.NewRecorder()
 	h.ErrorNotFound(w, req)
 	if w.Code != http.StatusNotFound {
 		t.Errorf("status = %d, want %d", w.Code, http.StatusNotFound)
 	}
 	body := w.Body.String()
 	if body == "" {
 		t.Error("expected non-empty response body")
 	}
 	if !contains(body, "404") {
 		t.Error("expected body to contain '404'")
 	}
 	if !contains(body, "Page Not Found") {
 		t.Error("expected body to contain 'Page Not Found'")
 	}
 }
 func TestErrorInternal(t *testing.T) {
 	h := newTestHandler()
 	req := httptest.NewRequest(http.MethodGet, "/error", nil)
 	w := httptest.NewRecorder()
 	h.ErrorInternal(w, req)
 	if w.Code != http.StatusInternalServerError {
 		t.Errorf("status = %d, want %d", w.Code, http.StatusInternalServerError)
 	}
 	body := w.Body.String()
 	if body == "" {
 		t.Error("expected non-empty response body")
 	}
 	if !contains(body, "500") {
 		t.Error("expected body to contain '500'")
 	}
 	if !contains(body, "Internal Server Error") {
 		t.Error("expected body to contain 'Internal Server Error'")
 	}
 }
 func TestDashboard_NonRootPath_Returns404(t *testing.T) {
 	h := newTestHandler()
 	req := httptest.NewRequest(http.MethodGet, "/unknown/path", nil)
 	w := httptest.NewRecorder()
 	h.Dashboard(w, req)
 	if w.Code != http.StatusNotFound {
 		t.Errorf("status = %d, want %d", w.Code, http.StatusNotFound)
 	}
 	body := w.Body.String()
 	if !contains(body, "404") {
 		t.Error("expected body to contain '404' for non-root path")
 	}
 }
 func TestErrorNotFound_HTMX(t *testing.T) {
 	h := newTestHandler()
 	req := httptest.NewRequest(http.MethodGet, "/nonexistent", nil)
 	req.Header.Set("HX-Request", "true")
 	w := httptest.NewRecorder()
 	h.ErrorNotFound(w, req)
 	if w.Code != http.StatusNotFound {
 		t.Errorf("status = %d, want %d", w.Code, http.StatusNotFound)
 	}
 	body := w.Body.String()
 	// HTMX response should not contain DOCTYPE.
 	if contains(body, "<!DOCTYPE") {
 		t.Error("HTMX response should not contain DOCTYPE")
 	}
 	if !contains(body, "Page Not Found") {
 		t.Error("expected body to contain 'Page Not Found'")
 	}
 }
 func contains(s, substr string) bool {
 	return len(s) >= len(substr) && searchString(s, substr)
 }
@@ -2,7 +2,6 @@ package handlers
 import (
 	"html/template"
 	"log/slog"
 	"net/http"
 	"strings"
@@ -10,7 +9,89 @@ import (
 	"gitea.leeworks.dev/0xwheatyz/gitea-mobile/internal/middleware"
 )
-const settingsTemplatePath = "internal/templates/settings.html"
+var settingsTemplate = template.Must(template.New("settings").Parse(`<!DOCTYPE html>
 <html lang="en">
 <head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover">
  <title>Settings — Gitea Mobile</title>
  <style>
    * { box-sizing: border-box; margin: 0; padding: 0; }
    body {
      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
      background: #0d1117; color: #e6edf3;
      padding: 1rem;
      padding-top: max(1rem, env(safe-area-inset-top));
    }
    h1 { font-size: 1.5rem; margin-bottom: 1rem; }
    .card {
      background: #161b22; border: 1px solid #30363d; border-radius: 8px;
      padding: 1rem; margin-bottom: 1rem;
    }
    label { display: block; font-size: 0.875rem; color: #8b949e; margin-bottom: 0.5rem; }
    input[type="text"], input[type="password"] {
      width: 100%; padding: 0.5rem; font-size: 1rem;
      background: #0d1117; border: 1px solid #30363d; border-radius: 6px;
      color: #e6edf3; margin-bottom: 1rem;
    }
    input:focus { outline: none; border-color: #58a6ff; }
    button {
      width: 100%; padding: 0.75rem; font-size: 1rem; font-weight: 600;
      background: #238636; color: #fff; border: none; border-radius: 6px;
      cursor: pointer;
    }
    button:active { background: #2ea043; }
    .message {
      padding: 0.75rem; border-radius: 6px; margin-bottom: 1rem;
      font-size: 0.875rem;
    }
    .message.success { background: #0d2818; border: 1px solid #238636; color: #3fb950; }
    .message.error { background: #2d1117; border: 1px solid #da3633; color: #f85149; }
    .message.info { background: #0c1d2e; border: 1px solid #1f6feb; color: #58a6ff; }
    .hint { font-size: 0.75rem; color: #8b949e; margin-top: 0.25rem; margin-bottom: 1rem; }
    .status { font-size: 0.875rem; color: #8b949e; }
    .status .connected { color: #3fb950; }
    .logout-btn {
      background: #21262d; border: 1px solid #30363d; margin-top: 0.5rem;
    }
    .logout-btn:active { background: #30363d; }
  </style>
 </head>
 <body>
  <h1>Settings</h1>
  {{if .Message}}
  <div class="message {{.MessageType}}">{{.Message}}</div>
  {{end}}
  {{if .HasToken}}
  <div class="card">
    <p class="status">Status: <span class="connected">Connected</span></p>
    <p class="hint">A Gitea API token is configured.</p>
    <form method="POST" action="/settings">
      <input type="hidden" name="action" value="logout">
      <button type="submit" class="logout-btn">Remove Token</button>
    </form>
  </div>
  {{end}}
  <div class="card">
    <form method="POST" action="/settings">
      <input type="hidden" name="action" value="save">
      <label for="token">Gitea API Token</label>
      <input type="password" id="token" name="token" placeholder="Enter your Gitea API token" required>
      <p class="hint">Generate a token at your Gitea instance under Settings &rarr; Applications.</p>
      <button type="submit">{{if .HasToken}}Update Token{{else}}Save Token{{end}}</button>
    </form>
  </div>
  {{if .HasToken}}
  <p style="text-align:center; margin-top:1rem;">
    <a href="/" style="color:#58a6ff; text-decoration:none;">Back to Dashboard</a>
  </p>
  {{end}}
 </body>
 </html>`))
 // SettingsHandler handles GET and POST requests for the settings page.
 type SettingsHandler struct {
@@ -45,7 +126,8 @@ func (h *SettingsHandler) handleGet(w http.ResponseWriter, r *http.Request) {
 	}
 	data := settingsData{HasToken: hasToken}
-	h.renderSettings(w, data)
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	settingsTemplate.Execute(w, data)
 }
 func (h *SettingsHandler) handlePost(w http.ResponseWriter, r *http.Request) {
@@ -90,18 +172,6 @@ func (h *SettingsHandler) renderWithMessage(w http.ResponseWriter, r *http.Reque
 		Message:     msg,
 		MessageType: msgType,
 	}
 	h.renderSettings(w, data)
 }
 func (h *SettingsHandler) renderSettings(w http.ResponseWriter, data settingsData) {
 	tmpl, err := template.ParseFiles(settingsTemplatePath)
 	if err != nil {
 		slog.Error("failed to parse settings template", "error", err)
 		http.Error(w, "template error", http.StatusInternalServerError)
 		return
 	}
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
-	if err := tmpl.Execute(w, data); err != nil {
+	settingsTemplate.Execute(w, data)
 		slog.Error("failed to execute settings template", "error", err)
 	}
 }
@@ -23,12 +23,9 @@ func TokenFromContext(ctx context.Context) string {
 }
 // Auth returns middleware that checks for a valid token cookie.
 // If no cookie token is found and fallbackToken is non-empty, the fallback
 // token is used instead (useful for single-user or service-account deployments
 // where GITEA_TOKEN is set in the environment).
 // Unauthenticated requests are redirected to the settings page.
 // The /health, /settings, and /static/ paths are exempt from auth.
-func Auth(sessionSecret, fallbackToken string) func(http.Handler) http.Handler {
+func Auth(sessionSecret string) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			// Skip auth for exempt paths.
@@ -40,13 +37,6 @@ func Auth(sessionSecret, fallbackToken string) func(http.Handler) http.Handler {
 			token, err := auth.GetToken(r, sessionSecret)
 			if err != nil || token == "" {
 				// Fall back to environment token if available.
 				if fallbackToken != "" {
 					slog.Debug("using fallback token from environment", "path", path)
 					ctx := context.WithValue(r.Context(), TokenContextKey, fallbackToken)
 					next.ServeHTTP(w, r.WithContext(ctx))
 					return
 				}
 				slog.Debug("unauthenticated request, redirecting to settings", "path", path, "error", err)
 				http.Redirect(w, r, "/settings", http.StatusSeeOther)
 				return
@@ -11,7 +11,7 @@ import (
 const testSecret = "test-secret-that-is-at-least-32-chars-long"
 func TestAuth_HealthBypass(t *testing.T) {
-	handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	handler := Auth(testSecret)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	}))
@@ -25,7 +25,7 @@ func TestAuth_HealthBypass(t *testing.T) {
 }
 func TestAuth_SettingsBypass(t *testing.T) {
-	handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	handler := Auth(testSecret)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	}))
@@ -39,7 +39,7 @@ func TestAuth_SettingsBypass(t *testing.T) {
 }
 func TestAuth_RedirectWithoutToken(t *testing.T) {
-	handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	handler := Auth(testSecret)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	}))
@@ -57,7 +57,7 @@ func TestAuth_RedirectWithoutToken(t *testing.T) {
 func TestAuth_PassWithToken(t *testing.T) {
 	called := false
-	handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	handler := Auth(testSecret)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		called = true
 		token := TokenFromContext(r.Context())
 		if token != "my-token" {
@@ -83,72 +83,3 @@ func TestAuth_PassWithToken(t *testing.T) {
 		t.Errorf("status = %d, want %d", w.Code, http.StatusOK)
 	}
 }
 func TestAuth_FallbackToken_UsedWhenNoCookie(t *testing.T) {
 	called := false
 	handler := Auth(testSecret, "env-fallback-token")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		called = true
 		token := TokenFromContext(r.Context())
 		if token != "env-fallback-token" {
 			t.Errorf("token = %q, want %q", token, "env-fallback-token")
 		}
 		w.WriteHeader(http.StatusOK)
 	}))
 	req := httptest.NewRequest(http.MethodGet, "/", nil)
 	w := httptest.NewRecorder()
 	handler.ServeHTTP(w, req)
 	if !called {
 		t.Error("next handler was not called with fallback token")
 	}
 	if w.Code != http.StatusOK {
 		t.Errorf("status = %d, want %d", w.Code, http.StatusOK)
 	}
 }
 func TestAuth_FallbackToken_CookieTakesPrecedence(t *testing.T) {
 	called := false
 	handler := Auth(testSecret, "env-fallback-token")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		called = true
 		token := TokenFromContext(r.Context())
 		if token != "cookie-token" {
 			t.Errorf("token = %q, want %q (cookie should take precedence over fallback)", token, "cookie-token")
 		}
 		w.WriteHeader(http.StatusOK)
 	}))
 	// Set a cookie token.
 	cookieW := httptest.NewRecorder()
 	auth.SetTokenCookie(cookieW, "cookie-token", testSecret, false)
 	cookie := cookieW.Result().Cookies()[0]
 	req := httptest.NewRequest(http.MethodGet, "/", nil)
 	req.AddCookie(cookie)
 	w := httptest.NewRecorder()
 	handler.ServeHTTP(w, req)
 	if !called {
 		t.Error("next handler was not called")
 	}
 	if w.Code != http.StatusOK {
 		t.Errorf("status = %d, want %d", w.Code, http.StatusOK)
 	}
 }
 func TestAuth_NoFallbackToken_RedirectsWithoutCookie(t *testing.T) {
 	handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	}))
 	req := httptest.NewRequest(http.MethodGet, "/issues", nil)
 	w := httptest.NewRecorder()
 	handler.ServeHTTP(w, req)
 	if w.Code != http.StatusSeeOther {
 		t.Errorf("status = %d, want %d", w.Code, http.StatusSeeOther)
 	}
 	if loc := w.Header().Get("Location"); loc != "/settings" {
 		t.Errorf("Location = %q, want %q", loc, "/settings")
 	}
 }
@@ -1,8 +1,6 @@
 package middleware
 import (
 	"crypto/rand"
 	"encoding/hex"
 	"log/slog"
 	"net/http"
 	"time"
@@ -19,39 +17,21 @@ func (rw *responseWriter) WriteHeader(code int) {
 	rw.ResponseWriter.WriteHeader(code)
 }
-// generateRequestID creates a short random hex string for request tracing.
+// Logging returns middleware that logs each HTTP request with structured logging.
 func generateRequestID() string {
 	b := make([]byte, 8)
 	if _, err := rand.Read(b); err != nil {
 		return "unknown"
 	}
 	return hex.EncodeToString(b)
 }
 // Logging returns middleware that logs each HTTP request with structured fields:
 // method, path, status, duration (ms), request-id, and remote address.
 func Logging() func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			start := time.Now()
 			requestID := generateRequestID()
 			rw := &responseWriter{ResponseWriter: w, statusCode: http.StatusOK}
 			// Set request ID header for downstream correlation.
 			w.Header().Set("X-Request-ID", requestID)
 			next.ServeHTTP(rw, r)
 			duration := time.Since(start)
 			slog.Info("http request",
 				"method", r.Method,
 				"path", r.URL.Path,
 				"status", rw.statusCode,
-				"duration_ms", duration.Milliseconds(),
+				"duration", time.Since(start).String(),
 				"duration", duration.String(),
 				"request_id", requestID,
 				"remote", r.RemoteAddr,
 				"user_agent", r.UserAgent(),
 			)
 		})
 	}
@@ -1,29 +1,23 @@
 {{define "content"}}
 <h1>Create Issue</h1>
-<div id="form-error" class="empty" style="display:none;"></div>
+<form hx-post="/issues" hx-swap="innerHTML" hx-target="#main-content">
 <form id="create-issue-form" hx-post="/issues" hx-swap="innerHTML" hx-target="#main-content">
  <div class="form-group">
    <label for="repo-select">Repository</label>
-    <input list="repo-options" id="repo-select" name="owner_repo"
+    <select id="repo-select" name="owner_repo" required>
-           placeholder="Type to search repositories..." required autocomplete="off">
+      <option value="">Select a repository...</option>
    <datalist id="repo-options">
      {{range $org, $repos := .Repos}}
      <optgroup label="{{$org}}">
        {{range $repos}}
        <option value="{{.Owner.Login}}/{{.Name}}">{{.FullName}}</option>
        {{end}}
      </optgroup>
      {{end}}
-    </datalist>
+    </select>
    <input type="hidden" name="owner" id="owner-input">
    <input type="hidden" name="repo" id="repo-input">
  </div>
  <div class="form-group" id="label-section" style="display:none;">
    <label>Labels</label>
    <div id="label-list"></div>
  </div>
  <div class="form-group">
    <label for="title">Title</label>
    <input type="text" id="title" name="title" placeholder="Issue title" required>
@@ -38,88 +32,11 @@
 </form>
 <script>
-  (function() {
+  // Split owner/repo from select into hidden fields.
-    var repoSelect = document.getElementById('repo-select');
+  document.getElementById('repo-select').addEventListener('change', function() {
-    var ownerInput = document.getElementById('owner-input');
+    var parts = this.value.split('/');
-    var repoInput = document.getElementById('repo-input');
+    document.getElementById('owner-input').value = parts[0] || '';
-    var formError = document.getElementById('form-error');
+    document.getElementById('repo-input').value = parts[1] || '';
-
+  });
    // Build a set of valid repo values for validation.
    var validRepos = {};
    var options = document.getElementById('repo-options').options;
    for (var i = 0; i < options.length; i++) {
      validRepos[options[i].value] = true;
    }
    function splitOwnerRepo() {
      var val = repoSelect.value;
      if (val && val.indexOf('/') !== -1) {
        var parts = val.split('/');
        ownerInput.value = parts[0] || '';
        repoInput.value = parts[1] || '';
      } else {
        ownerInput.value = '';
        repoInput.value = '';
      }
    }
    var debounceTimer = null;
    repoSelect.addEventListener('input', function() {
      clearTimeout(debounceTimer);
      debounceTimer = setTimeout(function() {
        splitOwnerRepo();
        var labelSection = document.getElementById('label-section');
        var labelList = document.getElementById('label-list');
        if (ownerInput.value && repoInput.value && validRepos[repoSelect.value]) {
          labelList.innerHTML = '<span class="empty">Loading labels...</span>';
          labelSection.style.display = 'block';
          htmx.ajax('GET', '/issues/new/labels?owner=' + encodeURIComponent(ownerInput.value) + '&repo=' + encodeURIComponent(repoInput.value), {target: '#label-list', swap: 'innerHTML'});
        } else {
          labelSection.style.display = 'none';
          labelList.innerHTML = '';
        }
      }, 300);
    });
    // Also handle the change event for when a datalist option is selected directly.
    repoSelect.addEventListener('change', function() {
      clearTimeout(debounceTimer);
      splitOwnerRepo();
      var labelSection = document.getElementById('label-section');
      var labelList = document.getElementById('label-list');
      if (ownerInput.value && repoInput.value && validRepos[repoSelect.value]) {
        labelList.innerHTML = '<span class="empty">Loading labels...</span>';
        labelSection.style.display = 'block';
        htmx.ajax('GET', '/issues/new/labels?owner=' + encodeURIComponent(ownerInput.value) + '&repo=' + encodeURIComponent(repoInput.value), {target: '#label-list', swap: 'innerHTML'});
      } else {
        labelSection.style.display = 'none';
        labelList.innerHTML = '';
      }
    });
    // Validate before HTMX submit.
    document.getElementById('create-issue-form').addEventListener('htmx:configRequest', function(evt) {
      splitOwnerRepo();
      if (!ownerInput.value || !repoInput.value) {
        evt.preventDefault();
        formError.textContent = 'Please select a repository before submitting.';
        formError.style.display = 'block';
        return false;
      }
      if (!validRepos[repoSelect.value]) {
        evt.preventDefault();
        formError.textContent = 'Please select a valid repository from the list.';
        formError.style.display = 'block';
        return false;
      }
      formError.style.display = 'none';
    });
    // Show server-side errors inline on HTMX error responses.
    document.getElementById('create-issue-form').addEventListener('htmx:responseError', function(evt) {
      formError.textContent = evt.detail.xhr.responseText || 'An error occurred. Please try again.';
      formError.style.display = 'block';
    });
  })();
 </script>
 {{end}}
@@ -1,17 +1,6 @@
 {{define "content"}}
 <h1>Dashboard</h1>
 {{if gt (len .Orgs) 1}}
 <div class="filter-bar">
  <select name="org" hx-get="/" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true">
    <option value="">All orgs</option>
    {{range .Orgs}}
    <option value="{{.}}" {{if eq . $.SelectedOrg}}selected{{end}}>{{.}}</option>
    {{end}}
  </select>
 </div>
 {{end}}
 {{if .Error}}
 <p class="empty">{{.Error}}</p>
 {{else if not .Items}}
@@ -1,23 +0,0 @@
 {{define "content"}}
 <div class="error-page">
  <div class="error-icon">
    {{if eq .Code 404}}
    <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" width="64" height="64">
      <circle cx="11" cy="11" r="8"/>
      <line x1="21" y1="21" x2="16.65" y2="16.65"/>
      <line x1="8" y1="11" x2="14" y2="11"/>
    </svg>
    {{else}}
    <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" width="64" height="64">
      <path d="M10.29 3.86L1.82 18a2 2 0 001.71 3h16.94a2 2 0 001.71-3L13.71 3.86a2 2 0 00-3.42 0z"/>
      <line x1="12" y1="9" x2="12" y2="13"/>
      <line x1="12" y1="17" x2="12.01" y2="17"/>
    </svg>
    {{end}}
  </div>
  <h1 class="error-code">{{.Code}}</h1>
  <p class="error-title">{{.Title}}</p>
  <p class="error-message">{{.Message}}</p>
  <a href="/" class="error-home-link">Go to Dashboard</a>
 </div>
 {{end}}
@@ -3,15 +3,7 @@
 <div class="card">
  <div class="card-meta">
-    <span id="state-section">
+    <span class="state-open">{{.Issue.State}}</span>
      {{if eq .Issue.State "closed"}}
      <span class="state-closed" id="issue-state">{{.Issue.State}}</span>
      <button class="btn btn-secondary" hx-post="/issues/{{.Issue.RepoOwner}}/{{.Issue.RepoName}}/{{.Issue.Number}}/state" hx-vals='{"state":"open"}' hx-target="#state-section" hx-swap="innerHTML">Reopen Issue</button>
      {{else}}
      <span class="state-open" id="issue-state">{{.Issue.State}}</span>
      <button class="btn btn-danger" hx-post="/issues/{{.Issue.RepoOwner}}/{{.Issue.RepoName}}/{{.Issue.Number}}/state" hx-vals='{"state":"closed"}' hx-target="#state-section" hx-swap="innerHTML">Close Issue</button>
      {{end}}
    </span>
    <span>{{.Issue.RepoOwner}}/{{.Issue.RepoName}} #{{.Issue.Number}}</span>
    {{range .Issue.Labels}}
    <span class="label" style="color:#{{.Color}};border:1px solid #{{.Color}}">{{.Name}}</span>
@@ -26,7 +18,6 @@
 {{if .Comments}}
 <h2>Comments</h2>
 <div id="comments-list">
 {{range .Comments}}
 <div class="comment">
  <div class="comment-header">
@@ -36,33 +27,10 @@
  <div class="comment-body">{{.Body}}</div>
 </div>
 {{end}}
 </div>
 {{else}}
 <div id="comments-list"></div>
 {{end}}
 <div class="card" style="margin-top:1rem;">
  <h2>Add Comment</h2>
  <form hx-post="/issues/{{.Issue.RepoOwner}}/{{.Issue.RepoName}}/{{.Issue.Number}}/comments" hx-target="#comments-list" hx-swap="beforeend" hx-on::after-request="if(event.detail.successful) this.reset()">
    <textarea name="body" rows="4" placeholder="Write a comment..." required style="width:100%;margin-bottom:0.5rem;"></textarea>
    <button type="submit" class="btn btn-primary" style="width:auto;padding:0.5rem 1rem;">Comment</button>
  </form>
 </div>
 <div class="card" style="margin-top:1rem;">
  <h2>Actions</h2>
  {{if .Collaborators}}
  <form hx-post="/issues/{{.Issue.RepoOwner}}/{{.Issue.RepoName}}/{{.Issue.Number}}/assignees" hx-swap="outerHTML" style="margin-bottom:0.5rem;">
    <div class="filter-bar" style="margin-bottom:0.5rem;">
      <select name="assignee">
        {{range .Collaborators}}
        <option value="{{.}}">{{.}}</option>
        {{end}}
      </select>
      <button type="submit" class="btn btn-secondary" style="width:auto;padding:0.5rem 1rem;">Assign</button>
    </div>
  </form>
  {{end}}
  <form hx-post="/issues/{{.Issue.RepoOwner}}/{{.Issue.RepoName}}/{{.Issue.Number}}/labels" hx-swap="outerHTML" style="margin-bottom:0.5rem;">
    <div class="filter-bar" style="margin-bottom:0.5rem;">
      <select name="label_id">
@@ -1,4 +1,25 @@
-{{define "cards"}}
+{{define "content"}}
 <h1>Issues</h1>
 <div class="filter-bar">
  <select name="org" hx-get="/issues" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='state']">
    <option value="">All orgs</option>
    {{range .Orgs}}
    <option value="{{.}}" {{if eq . $.SelectedOrg}}selected{{end}}>{{.}}</option>
    {{end}}
  </select>
  <select name="state" hx-get="/issues" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='org']">
    <option value="open" {{if eq .SelectedState "open"}}selected{{end}}>Open</option>
    <option value="closed" {{if eq .SelectedState "closed"}}selected{{end}}>Closed</option>
  </select>
 </div>
 {{if .Error}}
 <p class="empty">{{.Error}}</p>
 {{else if not .Issues}}
 <p class="empty">No issues found.</p>
 {{else}}
 <div id="issue-list">
  {{range .Issues}}
  <div class="card" hx-get="/issues/{{.RepoOwner}}/{{.RepoName}}/{{.Number}}" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true">
    <div class="card-title">{{.Title}}</div>
@@ -8,50 +29,16 @@
      <span class="label" style="color:#{{.Color}};border:1px solid #{{.Color}}">{{.Name}}</span>
      {{end}}
      {{if .Assignee}}
-      <img src="{{.Assignee.AvatarURL}}" alt="{{.Assignee.Login}}" class="avatar" title="Assigned to {{.Assignee.Login}}">
+      <span>{{.Assignee.Login}}</span>
      {{end}}
    </div>
  </div>
  {{end}}
  {{if .HasMore}}
-  <div class="scroll-sentinel" hx-get="/issues?page={{.NextPage}}&org={{.SelectedOrg}}&state={{.SelectedState}}&label={{.SelectedLabel}}&repo={{.SelectedRepo}}" hx-trigger="revealed" hx-swap="outerHTML" hx-target="this">
+  <div class="scroll-sentinel" hx-get="/issues?page={{.NextPage}}&org={{.SelectedOrg}}&state={{.SelectedState}}" hx-trigger="revealed" hx-swap="outerHTML" hx-target="this">
    <div class="spinner htmx-indicator"></div>
  </div>
  {{end}}
 {{end}}
 {{define "content"}}
 <h1>Issues</h1>
 <div class="filter-bar">
  <select name="org" hx-get="/issues" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='state'],[name='label']">
    <option value="">All orgs</option>
    {{range .Orgs}}
    <option value="{{.}}" {{if eq . $.SelectedOrg}}selected{{end}}>{{.}}</option>
    {{end}}
  </select>
  {{if .Repos}}
  <select name="repo" hx-get="/issues" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='org'],[name='state'],[name='label']">
    <option value="">All repos</option>
    {{range .Repos}}<option value="{{.}}" {{if eq . $.SelectedRepo}}selected{{end}}>{{.}}</option>{{end}}
  </select>
  {{end}}
  <select name="state" hx-get="/issues" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='org'],[name='repo'],[name='label']">
    <option value="open" {{if eq .SelectedState "open"}}selected{{end}}>Open</option>
    <option value="closed" {{if eq .SelectedState "closed"}}selected{{end}}>Closed</option>
  </select>
  <input type="text" name="label" placeholder="Filter by label..." value="{{.SelectedLabel}}"
         hx-get="/issues" hx-trigger="input changed delay:400ms" hx-target="#main-content"
         hx-swap="innerHTML" hx-push-url="true" hx-include="[name='org'],[name='state'],[name='repo']">
 </div>
 {{if .Error}}
 <p class="empty">{{.Error}}</p>
 {{else if not .Issues}}
 <p class="empty">No issues found.</p>
 {{else}}
 <div id="issue-list">
  {{template "cards" .}}
 </div>
 {{end}}
 {{end}}
@@ -13,10 +13,6 @@
  <script src="/static/htmx.min.js"></script>
 </head>
 <body>
  <header class="top-bar">
    <span class="top-bar-title">Gitea Mobile</span>
    <button class="refresh-btn" hx-get="" hx-target="#main-content" hx-swap="innerHTML" aria-label="Refresh">&#8635;</button>
  </header>
  <div class="content" id="main-content">
    {{template "content" .}}
  </div>
@@ -4,7 +4,7 @@
 <div class="card">
  <div class="card-meta">
    <span class="type-badge type-pull">PR</span>
-    {{if eq .Pull.State "closed"}}<span class="state-closed">{{.Pull.State}}</span>{{else}}<span class="state-open">{{.Pull.State}}</span>{{end}}
+    <span class="state-open">{{.Pull.State}}</span>
    <span>{{.Pull.RepoOwner}}/{{.Pull.RepoName}} #{{.Pull.Number}}</span>
    {{range .Pull.Labels}}
    <span class="label" style="color:#{{.Color}};border:1px solid #{{.Color}}">{{.Name}}</span>
@@ -15,17 +15,6 @@
    <span class="diff-del">-{{.Pull.Deletions}}</span>
    {{if .Pull.Mergeable}}<span style="color:var(--accent-green);">Mergeable</span>{{end}}
  </div>
  <div class="card-meta" style="margin-top:0.5rem;">
    <span id="state-section">
      {{if eq .Pull.State "closed"}}
      <span class="state-closed" id="pull-state">{{.Pull.State}}</span>
      <button class="btn btn-secondary" hx-post="/pulls/{{.Pull.RepoOwner}}/{{.Pull.RepoName}}/{{.Pull.Number}}/state" hx-vals='{"state":"open"}' hx-target="#state-section" hx-swap="innerHTML">Reopen PR</button>
      {{else}}
      <span class="state-open" id="pull-state">{{.Pull.State}}</span>
      <button class="btn btn-danger" hx-post="/pulls/{{.Pull.RepoOwner}}/{{.Pull.RepoName}}/{{.Pull.Number}}/state" hx-vals='{"state":"closed"}' hx-target="#state-section" hx-swap="innerHTML">Close PR</button>
      {{end}}
    </span>
  </div>
  {{if .RenderedBody}}
  <div class="card-body markdown-body">{{.RenderedBody}}</div>
  {{else if .Pull.Body}}
@@ -57,21 +46,4 @@
    <button type="submit" class="btn btn-primary">Submit Review</button>
  </form>
 </div>
 {{if .Comments}}
 <h2>Comments</h2>
 <div id="comments-list">
 {{range .Comments}}
 <div class="comment">
  <div class="comment-header">
    <strong>{{.User}}</strong>
    <span>{{.CreatedAt}}</span>
  </div>
  <div class="comment-body">{{.Body}}</div>
 </div>
 {{end}}
 </div>
 {{else}}
 <p class="empty" style="margin-top:1rem;">No comments yet.</p>
 {{end}}
 {{end}}
@@ -1,4 +1,21 @@
-{{define "cards"}}
+{{define "content"}}
 <h1>Pull Requests</h1>
 <div class="filter-bar">
  <select name="org" hx-get="/pulls" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true">
    <option value="">All orgs</option>
    {{range .Orgs}}
    <option value="{{.}}" {{if eq . $.SelectedOrg}}selected{{end}}>{{.}}</option>
    {{end}}
  </select>
 </div>
 {{if .Error}}
 <p class="empty">{{.Error}}</p>
 {{else if not .Pulls}}
 <p class="empty">No open pull requests found.</p>
 {{else}}
 <div id="pull-list">
  {{range .Pulls}}
  <div class="card" hx-get="/pulls/{{.RepoOwner}}/{{.RepoName}}/{{.Number}}" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true">
    <div class="card-title">
@@ -12,55 +29,10 @@
      {{end}}
      <span class="diff-add">+{{.Additions}}</span>
      <span class="diff-del">-{{.Deletions}}</span>
-      {{if eq .ReviewState "approved"}}<span class="review-badge review-approved" title="Approved">&#10003;</span>
+      {{if .Mergeable}}<span style="color:var(--accent-green);font-size:0.7rem;">mergeable</span>{{end}}
      {{else if eq .ReviewState "changes_requested"}}<span class="review-badge review-changes" title="Changes requested">&#10007;</span>
      {{else if eq .ReviewState "pending"}}<span class="review-badge review-pending" title="Awaiting review">&#9202;</span>
      {{end}}
      {{if .Mergeable}}<span class="merge-badge merge-ready" title="Ready to merge">&#9654; Ready</span>
      {{else}}<span class="merge-badge merge-conflicts" title="Has conflicts or not mergeable">Conflicts</span>
      {{end}}
    </div>
  </div>
  {{end}}
  {{if .HasMore}}
  <div class="scroll-sentinel" hx-get="/pulls?page={{.NextPage}}&org={{.SelectedOrg}}&state={{.SelectedState}}&label={{.SelectedLabel}}&repo={{.SelectedRepo}}" hx-trigger="revealed" hx-swap="outerHTML" hx-target="this">
    <div class="spinner htmx-indicator"></div>
  </div>
  {{end}}
 {{end}}
 {{define "content"}}
 <h1>Pull Requests</h1>
 <div class="filter-bar">
  <select name="org" hx-get="/pulls" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='state'],[name='label']">
    <option value="">All orgs</option>
    {{range .Orgs}}
    <option value="{{.}}" {{if eq . $.SelectedOrg}}selected{{end}}>{{.}}</option>
    {{end}}
  </select>
  {{if .Repos}}
  <select name="repo" hx-get="/pulls" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='org'],[name='state'],[name='label']">
    <option value="">All repos</option>
    {{range .Repos}}<option value="{{.}}" {{if eq . $.SelectedRepo}}selected{{end}}>{{.}}</option>{{end}}
  </select>
  {{end}}
  <select name="state" hx-get="/pulls" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='org'],[name='repo'],[name='label']">
    <option value="open" {{if eq .SelectedState "open"}}selected{{end}}>Open</option>
    <option value="closed" {{if eq .SelectedState "closed"}}selected{{end}}>Closed</option>
  </select>
  <input type="text" name="label" placeholder="Filter by label..." value="{{.SelectedLabel}}"
         hx-get="/pulls" hx-trigger="input changed delay:400ms" hx-target="#main-content"
         hx-swap="innerHTML" hx-push-url="true" hx-include="[name='org'],[name='state'],[name='repo']">
 </div>
 {{if .Error}}
 <p class="empty">{{.Error}}</p>
 {{else if not .Pulls}}
 <p class="empty">No {{.SelectedState}} pull requests found.</p>
 {{else}}
 <div id="pull-list">
  {{template "cards" .}}
 </div>
 {{end}}
 {{end}}
@@ -1,83 +0,0 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover">
  <title>Settings — Gitea Mobile</title>
  <style>
    * { box-sizing: border-box; margin: 0; padding: 0; }
    body {
      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
      background: #0d1117; color: #e6edf3;
      padding: 1rem;
      padding-top: max(1rem, env(safe-area-inset-top));
    }
    h1 { font-size: 1.5rem; margin-bottom: 1rem; }
    .card {
      background: #161b22; border: 1px solid #30363d; border-radius: 8px;
      padding: 1rem; margin-bottom: 1rem;
    }
    label { display: block; font-size: 0.875rem; color: #8b949e; margin-bottom: 0.5rem; }
    input[type="text"], input[type="password"] {
      width: 100%; padding: 0.5rem; font-size: 1rem;
      background: #0d1117; border: 1px solid #30363d; border-radius: 6px;
      color: #e6edf3; margin-bottom: 1rem;
    }
    input:focus { outline: none; border-color: #58a6ff; }
    button {
      width: 100%; padding: 0.75rem; font-size: 1rem; font-weight: 600;
      background: #238636; color: #fff; border: none; border-radius: 6px;
      cursor: pointer;
    }
    button:active { background: #2ea043; }
    .message {
      padding: 0.75rem; border-radius: 6px; margin-bottom: 1rem;
      font-size: 0.875rem;
    }
    .message.success { background: #0d2818; border: 1px solid #238636; color: #3fb950; }
    .message.error { background: #2d1117; border: 1px solid #da3633; color: #f85149; }
    .message.info { background: #0c1d2e; border: 1px solid #1f6feb; color: #58a6ff; }
    .hint { font-size: 0.75rem; color: #8b949e; margin-top: 0.25rem; margin-bottom: 1rem; }
    .status { font-size: 0.875rem; color: #8b949e; }
    .status .connected { color: #3fb950; }
    .logout-btn {
      background: #21262d; border: 1px solid #30363d; margin-top: 0.5rem;
    }
    .logout-btn:active { background: #30363d; }
  </style>
 </head>
 <body>
  <h1>Settings</h1>
  {{if .Message}}
  <div class="message {{.MessageType}}">{{.Message}}</div>
  {{end}}
  {{if .HasToken}}
  <div class="card">
    <p class="status">Status: <span class="connected">Connected</span></p>
    <p class="hint">A Gitea API token is configured.</p>
    <form method="POST" action="/settings">
      <input type="hidden" name="action" value="logout">
      <button type="submit" class="logout-btn">Remove Token</button>
    </form>
  </div>
  {{end}}
  <div class="card">
    <form method="POST" action="/settings">
      <input type="hidden" name="action" value="save">
      <label for="token">Gitea API Token</label>
      <input type="password" id="token" name="token" placeholder="Enter your Gitea API token" required>
      <p class="hint">Generate a token at your Gitea instance under Settings &rarr; Applications.</p>
      <button type="submit">{{if .HasToken}}Update Token{{else}}Save Token{{end}}</button>
    </form>
  </div>
  {{if .HasToken}}
  <p style="text-align:center; margin-top:1rem;">
    <a href="/" style="color:#58a6ff; text-decoration:none;">Back to Dashboard</a>
  </p>
  {{end}}
 </body>
 </html>
@@ -1,12 +1,4 @@
-/* Gitea Mobile — Mobile-first CSS
+/* Gitea Mobile — Mobile-first CSS (~5KB target) */
 * Dark-mode-first: dark colors are the :root defaults.
 * Light mode is applied via @media (prefers-color-scheme: light).
 *
 * Size note: The original ~5KB target was based on the initial Phase 1 scope.
 * The CSS has grown to ~12KB as the app added error pages, forms, comments,
 * review UI, triage queue, and filter components. All rules are in active use.
 * Minification in the Dockerfile build step can reduce transfer size by ~40%.
 */
 /* Reset */
 *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
@@ -55,53 +47,10 @@ body {
  -moz-osx-font-smoothing: grayscale;
 }
 /* Top bar */
 .top-bar {
  position: sticky;
  top: 0;
  z-index: 100;
  display: flex;
  align-items: center;
  justify-content: space-between;
  padding: var(--spacing-sm) var(--spacing-lg);
  padding-top: max(var(--spacing-sm), env(safe-area-inset-top));
  background: var(--bg-secondary);
  border-bottom: 1px solid var(--border);
 }
 .top-bar-title {
  font-size: var(--font-base);
  font-weight: 600;
  color: var(--text-primary);
 }
 .refresh-btn {
  background: none;
  border: none;
  color: var(--text-secondary);
  font-size: 1.4rem;
  padding: var(--spacing-xs) var(--spacing-sm);
  cursor: pointer;
  -webkit-tap-highlight-color: transparent;
  line-height: 1;
  border-radius: var(--radius-sm);
  transition: color 0.15s ease, background 0.15s ease;
 }
 .refresh-btn:active {
  color: var(--accent-blue);
  background: var(--bg-tertiary);
 }
 .refresh-btn.htmx-request {
  animation: spin 0.6s linear infinite;
  pointer-events: none;
 }
 /* Content area */
 .content {
  padding: var(--spacing-lg);
-  padding-top: var(--spacing-lg);
+  padding-top: max(var(--spacing-lg), env(safe-area-inset-top));
  max-width: 640px;
  margin: 0 auto;
 }
@@ -427,29 +376,6 @@ a:active {
  vertical-align: middle;
 }
 /* Review status badges */
 .review-badge {
  font-size: 0.7rem;
  font-weight: 600;
  padding: 1px 4px;
  border-radius: var(--radius-pill);
  vertical-align: middle;
 }
 .review-approved { color: var(--accent-green); }
 .review-changes { color: var(--accent-red); }
 .review-pending { color: var(--accent-yellow); }
 /* Merge status badges */
 .merge-badge {
  font-size: 0.65rem;
  font-weight: 600;
  padding: 1px 5px;
  border-radius: var(--radius-pill);
  vertical-align: middle;
 }
 .merge-ready { color: var(--accent-green); border: 1px solid var(--accent-green); }
 .merge-conflicts { color: var(--accent-red); border: 1px solid var(--accent-red); }
 /* Empty state */
 .empty {
  text-align: center;
@@ -518,17 +444,13 @@ a:active {
    max-width: 960px;
  }
-  .card-grid,
+  .card-grid {
  #issue-list,
  #pull-list {
    display: grid;
    grid-template-columns: repeat(2, 1fr);
    gap: var(--spacing-sm);
  }
-  .card-grid .card,
+  .card-grid .card {
  #issue-list .card,
  #pull-list .card {
    margin-bottom: 0;
  }
 }
@@ -541,7 +463,7 @@ a:active {
  }
 }
-/* Dark mode is default; light mode override for prefers-color-scheme: light */
+/* Dark mode is default; light mode override if needed */
@media (prefers-color-scheme: light) {
  :root {
    --bg-primary: #ffffff;
@@ -551,101 +473,5 @@ a:active {
    --text-primary: #1f2328;
    --text-secondary: #656d76;
    --text-link: #0969da;
    --accent-green: #1a7f37;
    --accent-red: #cf222e;
    --accent-yellow: #9a6700;
    --accent-blue: #0969da;
    --accent-purple: #8250df;
  }
  .message.success {
    background: #dafbe1;
    border-color: #1a7f37;
  }
  .message.error {
    background: #ffebe9;
    border-color: #cf222e;
  }
  .message.info {
    background: #ddf4ff;
    border-color: #0969da;
  }
  .btn-primary {
    background: #1a7f37;
  }
  .btn-primary:active {
    background: #116329;
  }
  .btn-danger {
    background: #ffebe9;
    border-color: #cf222e;
  }
  .type-issue {
    background: rgba(9, 105, 218, 0.1);
    border-color: rgba(9, 105, 218, 0.3);
  }
  .type-pull {
    background: rgba(26, 127, 55, 0.1);
    border-color: rgba(26, 127, 55, 0.3);
  }
 }
 /* Error page */
 .error-page {
  display: flex;
  flex-direction: column;
  align-items: center;
  justify-content: center;
  min-height: 60vh;
  text-align: center;
  padding: var(--spacing-lg);
 }
 .error-icon {
  color: var(--text-secondary);
  margin-bottom: var(--spacing-lg);
 }
 .error-code {
  font-size: 4rem;
  font-weight: 700;
  color: var(--text-primary);
  line-height: 1;
  margin-bottom: var(--spacing-sm);
 }
 .error-title {
  font-size: var(--font-xl);
  color: var(--text-primary);
  margin-bottom: var(--spacing-sm);
 }
 .error-message {
  font-size: var(--font-base);
  color: var(--text-secondary);
  margin-bottom: var(--spacing-lg);
  max-width: 300px;
 }
 .error-home-link {
  display: inline-block;
  padding: var(--spacing-sm) var(--spacing-lg);
  background: var(--accent-blue);
  color: #fff;
  border-radius: var(--radius);
  text-decoration: none;
  font-size: var(--font-base);
  font-weight: 500;
  transition: opacity 0.15s;
 }
 .error-home-link:active {
  opacity: 0.8;
 }