fix: validate owner/repo split in create_issue.html before submission

Add client-side validation to ensure a repository is selected before
form submission. Split owner/repo on both change and submit events.
Show inline error messages via form-error div. Update CreateIssue
handler to return HTMX-friendly HTML error fragments on 400/500.

Closes leeworks-agents/gitea-mobile#30

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.air.toml

@@ -1,44 +0,0 @@
-root = "."
-testdata_dir = "testdata"
-tmp_dir = "tmp"
-
-[build]
-  args_bin = []
-  bin = "./tmp/main"
-  cmd = "go build -o ./tmp/main ./cmd/server"
-  delay = 500
-  exclude_dir = ["assets", "tmp", "vendor", "testdata", ".git", "node_modules"]
-  exclude_file = []
-  exclude_regex = ["_test\\.go$"]
-  exclude_unchanged = false
-  follow_symlink = false
-  full_bin = ""
-  include_dir = []
-  include_ext = ["go", "html", "css", "js"]
-  include_file = []
-  kill_delay = "0s"
-  log = "build-errors.log"
-  poll = false
-  poll_interval = 0
-  rerun = false
-  rerun_delay = 500
-  send_interrupt = false
-  stop_on_error = false
-
-[color]
-  app = ""
-  build = "yellow"
-  main = "magenta"
-  runner = "green"
-  watcher = "cyan"
-
-[log]
-  main_only = false
-  time = false
-
-[misc]
-  clean_on_exit = true
-
-[screen]
-  clear_on_rebuild = false
-  keep_scroll = true

.gitea/workflows/build.yaml

@@ -16,7 +16,7 @@ jobs:
           go-version: '1.22'
 
       - name: Run tests
-        run: go test -race ./...
+        run: go test ./...
 
   build:
     runs-on: ubuntu-latest

Dockerfile

@@ -1,7 +1,7 @@
 # Stage 1: Build
 FROM golang:1.22-alpine AS builder
 WORKDIR /app
-COPY go.mod ./
+COPY go.mod go.sum ./
 RUN go mod download
 COPY . .
 RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /gitea-mobile ./cmd/server

cmd/server/main.go

@@ -33,7 +33,7 @@ func main() {
 
 	// Apply middleware chain: logging -> auth.
 	var handler http.Handler = mux
-	handler = middleware.Auth(cfg.SessionSecret, cfg.GiteaToken)(handler)
+	handler = middleware.Auth(cfg.SessionSecret)(handler)
 	handler = middleware.Logging()(handler)
 
 	slog.Info("server starting", "addr", cfg.ListenAddr, "gitea_url", cfg.GiteaURL)

internal/gitea/client.go

@@ -8,11 +8,8 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"log/slog"
-	"math"
 	"net/http"
 	"sort"
-	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -30,11 +27,6 @@ type Client struct {
 	maxConcurrent int
 	// cacheTTL controls how long cache entries remain valid.
 	cacheTTL time.Duration
-
-	// maxRetries is the maximum number of retries for rate-limited requests.
-	maxRetries int
-	// baseRetryDelay is the initial backoff delay before the first retry.
-	baseRetryDelay time.Duration
 }
 
 type cacheEntry struct {
@@ -113,9 +105,8 @@ type PullRequest struct {
 	Deletions int    `json:"deletions"`
 	CreatedAt time.Time `json:"created_at"`
 	UpdatedAt time.Time `json:"updated_at"`
-	RepoOwner   string `json:"-"` // populated after fetch
-	RepoName    string `json:"-"` // populated after fetch
-	ReviewState string `json:"-"` // aggregated review state: "approved", "changes_requested", "pending", or ""
+	RepoOwner string    `json:"-"` // populated after fetch
+	RepoName  string    `json:"-"` // populated after fetch
 }
 
 // TriageItem represents an item in the triage queue.
@@ -137,102 +128,39 @@ func NewClient(baseURL string) *Client {
 		httpClient: &http.Client{
 			Timeout: 30 * time.Second,
 		},
-		cache:          make(map[string]*cacheEntry),
-		maxConcurrent:  5,
-		cacheTTL:       30 * time.Second,
-		maxRetries:     3,
-		baseRetryDelay: 1 * time.Second,
+		cache:         make(map[string]*cacheEntry),
+		maxConcurrent: 5,
+		cacheTTL:      30 * time.Second,
 	}
 }
 
 // doRequest performs an authenticated HTTP request to the Gitea API.
-// It automatically retries on HTTP 429 (rate limit) responses with
-// exponential backoff, respecting the Retry-After header when present.
 func (c *Client) doRequest(ctx context.Context, token, method, path string, body io.Reader) (*http.Response, error) {
 	url := c.baseURL + "/api/v1" + path
 
-	// Read the body once so we can replay it on retries.
-	var bodyBytes []byte
+	req, err := http.NewRequestWithContext(ctx, method, url, body)
+	if err != nil {
+		return nil, fmt.Errorf("creating request: %w", err)
+	}
+
+	req.Header.Set("Authorization", "token "+token)
+	req.Header.Set("Accept", "application/json")
 	if body != nil {
-		var err error
-		bodyBytes, err = io.ReadAll(body)
-		if err != nil {
-			return nil, fmt.Errorf("reading request body: %w", err)
-		}
+		req.Header.Set("Content-Type", "application/json")
 	}
 
-	var lastErr error
-	for attempt := 0; attempt <= c.maxRetries; attempt++ {
-		// Recreate the body reader for each attempt.
-		var reqBody io.Reader
-		if bodyBytes != nil {
-			reqBody = strings.NewReader(string(bodyBytes))
-		}
-
-		req, err := http.NewRequestWithContext(ctx, method, url, reqBody)
-		if err != nil {
-			return nil, fmt.Errorf("creating request: %w", err)
-		}
-
-		req.Header.Set("Authorization", "token "+token)
-		req.Header.Set("Accept", "application/json")
-		if bodyBytes != nil {
-			req.Header.Set("Content-Type", "application/json")
-		}
-
-		resp, err := c.httpClient.Do(req)
-		if err != nil {
-			return nil, fmt.Errorf("executing request: %w", err)
-		}
-
-		// Not rate-limited: handle normally.
-		if resp.StatusCode != http.StatusTooManyRequests {
-			if resp.StatusCode >= 400 {
-				defer resp.Body.Close()
-				respBody, _ := io.ReadAll(resp.Body)
-				return nil, fmt.Errorf("API error %d: %s", resp.StatusCode, string(respBody))
-			}
-			return resp, nil
-		}
-
-		// Rate-limited (429): close body and compute retry delay.
-		resp.Body.Close()
-
-		if attempt == c.maxRetries {
-			lastErr = fmt.Errorf("API rate limit exceeded after %d retries (429)", c.maxRetries)
-			break
-		}
-
-		delay := c.retryDelay(resp, attempt)
-		slog.Warn("rate limited by Gitea API, retrying",
-			"attempt", attempt+1,
-			"max_retries", c.maxRetries,
-			"delay", delay,
-			"path", path,
-		)
-
-		select {
-		case <-ctx.Done():
-			return nil, ctx.Err()
-		case <-time.After(delay):
-			// Continue to next attempt.
-		}
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("executing request: %w", err)
 	}
 
-	return nil, lastErr
-}
-
-// retryDelay computes the delay before the next retry attempt. It uses the
-// Retry-After header value (in seconds) if present, otherwise falls back to
-// exponential backoff: baseRetryDelay * 2^attempt.
-func (c *Client) retryDelay(resp *http.Response, attempt int) time.Duration {
-	if ra := resp.Header.Get("Retry-After"); ra != "" {
-		if seconds, err := strconv.Atoi(ra); err == nil && seconds > 0 {
-			return time.Duration(seconds) * time.Second
-		}
+	if resp.StatusCode >= 400 {
+		defer resp.Body.Close()
+		respBody, _ := io.ReadAll(resp.Body)
+		return nil, fmt.Errorf("API error %d: %s", resp.StatusCode, string(respBody))
 	}
-	// Exponential backoff: 1s, 2s, 4s, ...
-	return c.baseRetryDelay * time.Duration(math.Pow(2, float64(attempt)))
+
+	return resp, nil
 }
 
 // getFromCache returns cached data if still valid.
@@ -380,274 +308,173 @@ func (c *Client) ListOrgsAndRepos(ctx context.Context, token string) (map[string
 	return result, nil
 }
 
-// PageSize is the number of items returned per page for paginated listings.
-const PageSize = 20
-
-// PaginatedIssues holds a page of issues along with pagination metadata.
-type PaginatedIssues struct {
-	Issues  []Issue
-	HasMore bool
-}
-
-// PaginatedPulls holds a page of pull requests along with pagination metadata.
-type PaginatedPulls struct {
-	Pulls   []PullRequest
-	HasMore bool
-}
-
-// ListAllIssues fetches issues across all repos in the given orgs,
-// using concurrent requests with a semaphore. Results are paginated.
-// The label parameter filters issues by label name (empty string means no filter).
-// The repoFilter parameter narrows results to a single repo name (empty means all repos).
-func (c *Client) ListAllIssues(ctx context.Context, token string, orgs []string, state string, page int, label string, repoFilter string) (PaginatedIssues, error) {
-	if state == "" {
-		state = "open"
-	}
-	if page < 1 {
-		page = 1
+// ListAllIssues fetches all open issues across all repos in the given orgs,
+// using concurrent requests with a semaphore.
+func (c *Client) ListAllIssues(ctx context.Context, token string, orgs []string) ([]Issue, error) {
+	cacheKey := fmt.Sprintf("issues-%s", strings.Join(orgs, ","))
+	if cached, ok := c.getFromCache(cacheKey); ok {
+		return cached.([]Issue), nil
 	}
 
-	cacheKey := fmt.Sprintf("issues-%s-%s-%s-%s", state, strings.Join(orgs, ","), label, repoFilter)
+	// First, collect all repos for the given orgs.
+	var allRepos []Repo
+	for _, org := range orgs {
+		repos, err := c.ListOrgRepos(ctx, token, org)
+		if err != nil {
+			return nil, fmt.Errorf("listing repos for %s: %w", org, err)
+		}
+		allRepos = append(allRepos, repos...)
+	}
+
+	// Fan out issue fetching across repos.
 	var allIssues []Issue
-	if cached, ok := c.getFromCache(cacheKey); ok {
-		allIssues = cached.([]Issue)
-	} else {
-		// First, collect all repos for the given orgs.
-		var allRepos []Repo
-		for _, org := range orgs {
-			repos, err := c.ListOrgRepos(ctx, token, org)
+	var mu sync.Mutex
+	sem := make(chan struct{}, c.maxConcurrent)
+	var wg sync.WaitGroup
+	var firstErr error
+
+	for _, repo := range allRepos {
+		wg.Add(1)
+		go func(r Repo) {
+			defer wg.Done()
+			sem <- struct{}{}
+			defer func() { <-sem }()
+
+			path := fmt.Sprintf("/repos/%s/issues?state=open&type=issues&limit=50", r.FullName)
+			resp, err := c.doRequest(ctx, token, http.MethodGet, path, nil)
 			if err != nil {
-				return PaginatedIssues{}, fmt.Errorf("listing repos for %s: %w", org, err)
-			}
-			allRepos = append(allRepos, repos...)
-		}
-
-		// Filter to a single repo if specified.
-		if repoFilter != "" {
-			var filtered []Repo
-			for _, r := range allRepos {
-				if r.Name == repoFilter {
-					filtered = append(filtered, r)
-				}
-			}
-			allRepos = filtered
-		}
-
-		// Fan out issue fetching across repos.
-		var mu sync.Mutex
-		sem := make(chan struct{}, c.maxConcurrent)
-		var wg sync.WaitGroup
-		var firstErr error
-
-		for _, repo := range allRepos {
-			wg.Add(1)
-			go func(r Repo) {
-				defer wg.Done()
-				sem <- struct{}{}
-				defer func() { <-sem }()
-
-				path := fmt.Sprintf("/repos/%s/issues?state=%s&type=issues&limit=50", r.FullName, state)
-				if label != "" {
-					path += "&labels=" + label
-				}
-				resp, err := c.doRequest(ctx, token, http.MethodGet, path, nil)
-				if err != nil {
-					mu.Lock()
-					if firstErr == nil {
-						firstErr = fmt.Errorf("fetching issues for %s: %w", r.FullName, err)
-					}
-					mu.Unlock()
-					return
-				}
-				defer resp.Body.Close()
-
-				var issues []Issue
-				if err := json.NewDecoder(resp.Body).Decode(&issues); err != nil {
-					mu.Lock()
-					if firstErr == nil {
-						firstErr = fmt.Errorf("decoding issues for %s: %w", r.FullName, err)
-					}
-					mu.Unlock()
-					return
-				}
-
-				// Tag each issue with repo info.
-				for i := range issues {
-					issues[i].RepoOwner = r.Owner.Login
-					issues[i].RepoName = r.Name
-				}
-
 				mu.Lock()
-				allIssues = append(allIssues, issues...)
+				if firstErr == nil {
+					firstErr = fmt.Errorf("fetching issues for %s: %w", r.FullName, err)
+				}
 				mu.Unlock()
-			}(repo)
-		}
+				return
+			}
+			defer resp.Body.Close()
 
-		wg.Wait()
+			var issues []Issue
+			if err := json.NewDecoder(resp.Body).Decode(&issues); err != nil {
+				mu.Lock()
+				if firstErr == nil {
+					firstErr = fmt.Errorf("decoding issues for %s: %w", r.FullName, err)
+				}
+				mu.Unlock()
+				return
+			}
 
-		if firstErr != nil {
-			return PaginatedIssues{}, firstErr
-		}
+			// Tag each issue with repo info.
+			for i := range issues {
+				issues[i].RepoOwner = r.Owner.Login
+				issues[i].RepoName = r.Name
+			}
 
-		// Sort by updated time, newest first.
-		sort.Slice(allIssues, func(i, j int) bool {
-			return allIssues[i].UpdatedAt.After(allIssues[j].UpdatedAt)
-		})
-
-		c.setCache(cacheKey, allIssues)
+			mu.Lock()
+			allIssues = append(allIssues, issues...)
+			mu.Unlock()
+		}(repo)
 	}
 
-	// Paginate.
-	start := (page - 1) * PageSize
-	if start >= len(allIssues) {
-		return PaginatedIssues{}, nil
-	}
-	end := start + PageSize
-	hasMore := end < len(allIssues)
-	if end > len(allIssues) {
-		end = len(allIssues)
+	wg.Wait()
+
+	if firstErr != nil {
+		return nil, firstErr
 	}
 
-	return PaginatedIssues{Issues: allIssues[start:end], HasMore: hasMore}, nil
+	// Sort by updated time, newest first.
+	sort.Slice(allIssues, func(i, j int) bool {
+		return allIssues[i].UpdatedAt.After(allIssues[j].UpdatedAt)
+	})
+
+	c.setCache(cacheKey, allIssues)
+	return allIssues, nil
 }
 
-// ListAllPullRequests fetches PRs across all repos in the given orgs.
-// Results are paginated. The label parameter filters PRs by label name.
-// The repoFilter parameter narrows results to a single repo name.
-func (c *Client) ListAllPullRequests(ctx context.Context, token string, orgs []string, state string, page int, label string, repoFilter string) (PaginatedPulls, error) {
-	if state == "" {
-		state = "open"
-	}
-	if page < 1 {
-		page = 1
-	}
-
-	cacheKey := fmt.Sprintf("pulls-%s-%s-%s-%s", state, strings.Join(orgs, ","), label, repoFilter)
-	var allPRs []PullRequest
+// ListAllPullRequests fetches all open PRs across all repos in the given orgs.
+func (c *Client) ListAllPullRequests(ctx context.Context, token string, orgs []string) ([]PullRequest, error) {
+	cacheKey := fmt.Sprintf("pulls-%s", strings.Join(orgs, ","))
 	if cached, ok := c.getFromCache(cacheKey); ok {
-		allPRs = cached.([]PullRequest)
-	} else {
-		var allRepos []Repo
-		for _, org := range orgs {
-			repos, err := c.ListOrgRepos(ctx, token, org)
+		return cached.([]PullRequest), nil
+	}
+
+	var allRepos []Repo
+	for _, org := range orgs {
+		repos, err := c.ListOrgRepos(ctx, token, org)
+		if err != nil {
+			return nil, fmt.Errorf("listing repos for %s: %w", org, err)
+		}
+		allRepos = append(allRepos, repos...)
+	}
+
+	var allPRs []PullRequest
+	var mu sync.Mutex
+	sem := make(chan struct{}, c.maxConcurrent)
+	var wg sync.WaitGroup
+	var firstErr error
+
+	for _, repo := range allRepos {
+		wg.Add(1)
+		go func(r Repo) {
+			defer wg.Done()
+			sem <- struct{}{}
+			defer func() { <-sem }()
+
+			path := fmt.Sprintf("/repos/%s/pulls?state=open&limit=50", r.FullName)
+			resp, err := c.doRequest(ctx, token, http.MethodGet, path, nil)
 			if err != nil {
-				return PaginatedPulls{}, fmt.Errorf("listing repos for %s: %w", org, err)
-			}
-			allRepos = append(allRepos, repos...)
-		}
-
-		// Filter to a single repo if specified.
-		if repoFilter != "" {
-			var filtered []Repo
-			for _, r := range allRepos {
-				if r.Name == repoFilter {
-					filtered = append(filtered, r)
-				}
-			}
-			allRepos = filtered
-		}
-
-		var mu sync.Mutex
-		sem := make(chan struct{}, c.maxConcurrent)
-		var wg sync.WaitGroup
-		var firstErr error
-
-		for _, repo := range allRepos {
-			wg.Add(1)
-			go func(r Repo) {
-				defer wg.Done()
-				sem <- struct{}{}
-				defer func() { <-sem }()
-
-				path := fmt.Sprintf("/repos/%s/pulls?state=%s&limit=50", r.FullName, state)
-				if label != "" {
-					path += "&labels=" + label
-				}
-				resp, err := c.doRequest(ctx, token, http.MethodGet, path, nil)
-				if err != nil {
-					mu.Lock()
-					if firstErr == nil {
-						firstErr = fmt.Errorf("fetching PRs for %s: %w", r.FullName, err)
-					}
-					mu.Unlock()
-					return
-				}
-				defer resp.Body.Close()
-
-				var prs []PullRequest
-				if err := json.NewDecoder(resp.Body).Decode(&prs); err != nil {
-					mu.Lock()
-					if firstErr == nil {
-						firstErr = fmt.Errorf("decoding PRs for %s: %w", r.FullName, err)
-					}
-					mu.Unlock()
-					return
-				}
-
-				for i := range prs {
-					prs[i].RepoOwner = r.Owner.Login
-					prs[i].RepoName = r.Name
-				}
-
 				mu.Lock()
-				allPRs = append(allPRs, prs...)
+				if firstErr == nil {
+					firstErr = fmt.Errorf("fetching PRs for %s: %w", r.FullName, err)
+				}
 				mu.Unlock()
-			}(repo)
-		}
+				return
+			}
+			defer resp.Body.Close()
 
-		wg.Wait()
+			var prs []PullRequest
+			if err := json.NewDecoder(resp.Body).Decode(&prs); err != nil {
+				mu.Lock()
+				if firstErr == nil {
+					firstErr = fmt.Errorf("decoding PRs for %s: %w", r.FullName, err)
+				}
+				mu.Unlock()
+				return
+			}
 
-		if firstErr != nil {
-			return PaginatedPulls{}, firstErr
-		}
+			for i := range prs {
+				prs[i].RepoOwner = r.Owner.Login
+				prs[i].RepoName = r.Name
+			}
 
-		sort.Slice(allPRs, func(i, j int) bool {
-			return allPRs[i].UpdatedAt.After(allPRs[j].UpdatedAt)
-		})
-
-		c.setCache(cacheKey, allPRs)
+			mu.Lock()
+			allPRs = append(allPRs, prs...)
+			mu.Unlock()
+		}(repo)
 	}
 
-	// Paginate.
-	start := (page - 1) * PageSize
-	if start >= len(allPRs) {
-		return PaginatedPulls{}, nil
-	}
-	end := start + PageSize
-	hasMore := end < len(allPRs)
-	if end > len(allPRs) {
-		end = len(allPRs)
+	wg.Wait()
+
+	if firstErr != nil {
+		return nil, firstErr
 	}
 
-	return PaginatedPulls{Pulls: allPRs[start:end], HasMore: hasMore}, nil
+	sort.Slice(allPRs, func(i, j int) bool {
+		return allPRs[i].UpdatedAt.After(allPRs[j].UpdatedAt)
+	})
+
+	c.setCache(cacheKey, allPRs)
+	return allPRs, nil
 }
 
 // GetTriageQueue returns unassigned issues and PRs needing review, sorted by priority.
 func (c *Client) GetTriageQueue(ctx context.Context, token string, orgs []string) ([]TriageItem, error) {
-	// Collect all open issues across all pages.
-	var issues []Issue
-	for page := 1; ; page++ {
-		result, err := c.ListAllIssues(ctx, token, orgs, "open", page, "", "")
-		if err != nil {
-			return nil, fmt.Errorf("fetching issues for triage: %w", err)
-		}
-		issues = append(issues, result.Issues...)
-		if !result.HasMore {
-			break
-		}
+	issues, err := c.ListAllIssues(ctx, token, orgs)
+	if err != nil {
+		return nil, fmt.Errorf("fetching issues for triage: %w", err)
 	}
 
-	// Collect all open PRs across all pages.
-	var prs []PullRequest
-	for page := 1; ; page++ {
-		result, err := c.ListAllPullRequests(ctx, token, orgs, "open", page, "", "")
-		if err != nil {
-			return nil, fmt.Errorf("fetching PRs for triage: %w", err)
-		}
-		prs = append(prs, result.Pulls...)
-		if !result.HasMore {
-			break
-		}
+	prs, err := c.ListAllPullRequests(ctx, token, orgs)
+	if err != nil {
+		return nil, fmt.Errorf("fetching PRs for triage: %w", err)
 	}
 
 	var queue []TriageItem
@@ -856,49 +683,6 @@ func (c *Client) ApplyLabel(ctx context.Context, token, owner, repo string, inde
 	return nil
 }
 
-// ListCollaborators fetches the list of collaborators (users with access) for a repo.
-func (c *Client) ListCollaborators(ctx context.Context, token, owner, repo string) ([]string, error) {
-	path := fmt.Sprintf("/repos/%s/%s/collaborators?limit=50", owner, repo)
-	resp, err := c.doRequest(ctx, token, http.MethodGet, path, nil)
-	if err != nil {
-		return nil, fmt.Errorf("fetching collaborators: %w", err)
-	}
-	defer resp.Body.Close()
-
-	var users []struct {
-		Login string `json:"login"`
-	}
-	if err := json.NewDecoder(resp.Body).Decode(&users); err != nil {
-		return nil, fmt.Errorf("decoding collaborators: %w", err)
-	}
-
-	var logins []string
-	for _, u := range users {
-		logins = append(logins, u.Login)
-	}
-	return logins, nil
-}
-
-// AssignIssue sets the assignees on an issue.
-func (c *Client) AssignIssue(ctx context.Context, token, owner, repo string, index int64, assignees []string) error {
-	payload, err := json.Marshal(map[string]interface{}{
-		"assignees": assignees,
-	})
-	if err != nil {
-		return fmt.Errorf("marshaling assignees: %w", err)
-	}
-
-	path := fmt.Sprintf("/repos/%s/%s/issues/%d", owner, repo, index)
-	resp, err := c.doRequest(ctx, token, http.MethodPatch, path, strings.NewReader(string(payload)))
-	if err != nil {
-		return fmt.Errorf("assigning issue: %w", err)
-	}
-	resp.Body.Close()
-
-	c.InvalidateAll()
-	return nil
-}
-
 // SubmitReview submits a review on a pull request.
 func (c *Client) SubmitReview(ctx context.Context, token, owner, repo string, index int64, reviewType, body string) error {
 	payload := map[string]interface{}{
@@ -922,168 +706,6 @@ func (c *Client) SubmitReview(ctx context.Context, token, owner, repo string, in
 	return nil
 }
 
-// CloseIssue closes an issue by setting its state to "closed".
-func (c *Client) CloseIssue(ctx context.Context, token, owner, repo string, index int64) error {
-	return c.SetIssueState(ctx, token, owner, repo, index, "closed")
-}
-
-// SetIssueState sets an issue's state (e.g. "open" or "closed").
-func (c *Client) SetIssueState(ctx context.Context, token, owner, repo string, index int64, state string) error {
-	payload, err := json.Marshal(map[string]string{"state": state})
-	if err != nil {
-		return fmt.Errorf("marshaling state change: %w", err)
-	}
-
-	path := fmt.Sprintf("/repos/%s/%s/issues/%d", owner, repo, index)
-	resp, err := c.doRequest(ctx, token, http.MethodPatch, path, strings.NewReader(string(payload)))
-	if err != nil {
-		return fmt.Errorf("setting issue state: %w", err)
-	}
-	resp.Body.Close()
-
-	c.InvalidateAll()
-	return nil
-}
-
-// AddComment creates a comment on an issue and returns the created Comment.
-func (c *Client) AddComment(ctx context.Context, token, owner, repo string, index int64, body string) (*Comment, error) {
-	return c.PostComment(ctx, token, owner, repo, index, body)
-}
-
-// PostComment creates a comment on an issue and returns the created Comment.
-func (c *Client) PostComment(ctx context.Context, token, owner, repo string, index int64, body string) (*Comment, error) {
-	payload, err := json.Marshal(map[string]string{"body": body})
-	if err != nil {
-		return nil, fmt.Errorf("marshaling comment: %w", err)
-	}
-
-	path := fmt.Sprintf("/repos/%s/%s/issues/%d/comments", owner, repo, index)
-	resp, err := c.doRequest(ctx, token, http.MethodPost, path, strings.NewReader(string(payload)))
-	if err != nil {
-		return nil, fmt.Errorf("posting comment: %w", err)
-	}
-	defer resp.Body.Close()
-
-	var comment Comment
-	if err := json.NewDecoder(resp.Body).Decode(&comment); err != nil {
-		return nil, fmt.Errorf("decoding comment: %w", err)
-	}
-
-	// Populate convenience fields.
-	comment.User = comment.RawUser.Login
-	comment.CreatedAt = comment.RawCreatedAt.Format("Jan 2, 2006 15:04")
-
-	c.InvalidateAll()
-	return &comment, nil
-}
-
-// RenderMarkdown renders raw markdown text to HTML using the Gitea API.
-// Falls back to the raw text if the API call fails.
-func (c *Client) RenderMarkdown(ctx context.Context, token, text string) (string, error) {
-	payload, err := json.Marshal(map[string]string{
-		"Text": text,
-		"Mode": "gfm",
-	})
-	if err != nil {
-		return text, fmt.Errorf("marshaling markdown request: %w", err)
-	}
-
-	url := c.baseURL + "/api/v1/markdown"
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, strings.NewReader(string(payload)))
-	if err != nil {
-		return text, fmt.Errorf("creating markdown request: %w", err)
-	}
-
-	req.Header.Set("Authorization", "token "+token)
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Accept", "text/html")
-
-	resp, err := c.httpClient.Do(req)
-	if err != nil {
-		return text, fmt.Errorf("executing markdown request: %w", err)
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode >= 400 {
-		return text, fmt.Errorf("markdown API error %d", resp.StatusCode)
-	}
-
-	rendered, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return text, fmt.Errorf("reading markdown response: %w", err)
-	}
-
-	return string(rendered), nil
-}
-
-// Review represents a single review on a pull request.
-type Review struct {
-	ID   int64  `json:"id"`
-	Body string `json:"body"`
-	State string `json:"state"` // "APPROVED", "REQUEST_CHANGES", "COMMENT", "PENDING"
-	User  struct {
-		Login string `json:"login"`
-	} `json:"user"`
-}
-
-// GetPullReviewState fetches reviews for a PR and returns the aggregate state.
-// Priority: changes_requested > approved > pending > "" (no reviews).
-func (c *Client) GetPullReviewState(ctx context.Context, token, owner, repo string, index int64) string {
-	path := fmt.Sprintf("/repos/%s/%s/pulls/%d/reviews?limit=50", owner, repo, index)
-	resp, err := c.doRequest(ctx, token, http.MethodGet, path, nil)
-	if err != nil {
-		return ""
-	}
-	defer resp.Body.Close()
-
-	var reviews []Review
-	if err := json.NewDecoder(resp.Body).Decode(&reviews); err != nil {
-		return ""
-	}
-
-	if len(reviews) == 0 {
-		return ""
-	}
-
-	// Aggregate: last non-comment review per user wins, then pick the "worst" state.
-	userState := make(map[string]string)
-	for _, r := range reviews {
-		switch r.State {
-		case "APPROVED", "REQUEST_CHANGES":
-			userState[r.User.Login] = r.State
-		}
-	}
-
-	if len(userState) == 0 {
-		return "pending"
-	}
-
-	for _, s := range userState {
-		if s == "REQUEST_CHANGES" {
-			return "changes_requested"
-		}
-	}
-	return "approved"
-}
-
-// EnrichPullsWithReviewState fetches review state for each PR concurrently.
-func (c *Client) EnrichPullsWithReviewState(ctx context.Context, token string, pulls []PullRequest) {
-	sem := make(chan struct{}, c.maxConcurrent)
-	var wg sync.WaitGroup
-
-	for i := range pulls {
-		wg.Add(1)
-		go func(idx int) {
-			defer wg.Done()
-			sem <- struct{}{}
-			defer func() { <-sem }()
-
-			pulls[idx].ReviewState = c.GetPullReviewState(ctx, token, pulls[idx].RepoOwner, pulls[idx].RepoName, pulls[idx].Number)
-		}(i)
-	}
-	wg.Wait()
-}
-
 // priorityScore returns a numeric score for sorting (lower = higher priority).
 func priorityScore(labels []string) int {
 	for _, l := range labels {

internal/handlers/handlers.go

@@ -38,15 +38,8 @@ func (h *Handler) RegisterRoutes(mux *http.ServeMux) {
 
 	// Issues.
 	mux.HandleFunc("GET /issues", h.ListIssues)
-	mux.HandleFunc("GET /issues/new", h.NewIssue)
-	mux.HandleFunc("GET /issues/new/labels", h.NewIssueLabels)
 	mux.HandleFunc("POST /issues", h.CreateIssue)
 	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/labels", h.ApplyLabels)
-	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/assignees", h.AssignIssue)
-	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/close", h.CloseIssue)
-	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/state", h.SetIssueState)
-	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/comments", h.AddComment)
-	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/comment", h.AddComment)
 
 	// Issue detail.
 	mux.HandleFunc("GET /issues/{owner}/{repo}/{index}", h.IssueDetail)
@@ -55,7 +48,6 @@ func (h *Handler) RegisterRoutes(mux *http.ServeMux) {
 	mux.HandleFunc("GET /pulls", h.ListPulls)
 	mux.HandleFunc("GET /pulls/{owner}/{repo}/{index}", h.PullDetail)
 	mux.HandleFunc("POST /pulls/{owner}/{repo}/{index}/review", h.SubmitReview)
-	mux.HandleFunc("POST /pulls/{owner}/{repo}/{index}/state", h.SetPullState)
 
 	// Settings (handled separately for auth bypass).
 	settingsHandler := &SettingsHandler{
@@ -120,10 +112,6 @@ var basePage = template.Must(template.New("base").Parse(`<!DOCTYPE html>
   <script src="/static/htmx.min.js"></script>
 </head>
 <body>
-  <header class="top-bar">
-    <span class="top-bar-title">Gitea Mobile</span>
-    <button class="refresh-btn" hx-get="" hx-target="#main-content" hx-swap="innerHTML" aria-label="Refresh">&#8635;</button>
-  </header>
   <div class="content" id="main-content">
     {{.Content}}
   </div>
@@ -181,325 +169,169 @@ func renderPage(w http.ResponseWriter, r *http.Request, title, activeTab string,
 	}
 }
 
-// errorData holds the template data for error pages.
-type errorData struct {
-	Code    int
-	Title   string
-	Message string
-}
-
-// ErrorNotFound renders a mobile-friendly 404 error page.
-func (h *Handler) ErrorNotFound(w http.ResponseWriter, r *http.Request) {
-	data := errorData{
-		Code:    http.StatusNotFound,
-		Title:   "Page Not Found",
-		Message: "The page you are looking for does not exist or has been moved.",
-	}
-	h.renderError(w, r, data)
-}
-
-// ErrorInternal renders a mobile-friendly 500 error page.
-func (h *Handler) ErrorInternal(w http.ResponseWriter, r *http.Request) {
-	data := errorData{
-		Code:    http.StatusInternalServerError,
-		Title:   "Internal Server Error",
-		Message: "Something went wrong on our end. Please try again later.",
-	}
-	h.renderError(w, r, data)
-}
-
-// renderError renders the error template with the given data and status code.
-func (h *Handler) renderError(w http.ResponseWriter, r *http.Request, data errorData) {
-	tmpl, err := template.ParseFiles("internal/templates/error.html")
-	if err != nil {
-		slog.Error("failed to parse error template", "error", err)
-		http.Error(w, fmt.Sprintf("%d %s", data.Code, data.Title), data.Code)
-		return
-	}
-
-	var buf strings.Builder
-	if err := tmpl.ExecuteTemplate(&buf, "content", data); err != nil {
-		slog.Error("failed to execute error template", "error", err)
-		http.Error(w, fmt.Sprintf("%d %s", data.Code, data.Title), data.Code)
-		return
-	}
-
-	w.WriteHeader(data.Code)
-	renderPage(w, r, data.Title, "", buf.String())
-}
-
 // Dashboard handles GET / — the triage queue.
 func (h *Handler) Dashboard(w http.ResponseWriter, r *http.Request) {
 	// Only handle exact root path.
 	if r.URL.Path != "/" {
-		h.ErrorNotFound(w, r)
+		http.NotFound(w, r)
 		return
 	}
 
 	token := getToken(r)
 	orgs := h.getUserOrgs(r)
-	selectedOrg := r.URL.Query().Get("org")
-
-	type dashboardData struct {
-		Items       []giteaclient.TriageItem
-		Orgs        []string
-		SelectedOrg string
-		Error       string
-	}
-
-	data := dashboardData{
-		Orgs:        orgs,
-		SelectedOrg: selectedOrg,
-	}
 
 	if len(orgs) == 0 {
-		data.Error = "No organizations found. Check your token permissions."
-	} else {
-		// Determine which orgs to query.
-		queryOrgs := orgs
-		if selectedOrg != "" {
-			queryOrgs = []string{selectedOrg}
-		}
-
-		queue, err := h.Client.GetTriageQueue(r.Context(), token, queryOrgs)
-		if err != nil {
-			slog.Error("failed to get triage queue", "error", err)
-			data.Error = "Error loading triage queue."
-		} else {
-			data.Items = queue
-		}
+		renderPage(w, r, "Dashboard", "dashboard",
+			`<h1>Dashboard</h1><p class="empty">No organizations found. Check your token permissions.</p>`)
+		return
 	}
 
-	tmpl, err := template.ParseFiles("internal/templates/dashboard.html")
+	queue, err := h.Client.GetTriageQueue(r.Context(), token, orgs)
 	if err != nil {
-		slog.Error("failed to parse dashboard template", "error", err)
-		http.Error(w, "template error", http.StatusInternalServerError)
+		slog.Error("failed to get triage queue", "error", err)
+		renderPage(w, r, "Dashboard", "dashboard",
+			`<h1>Dashboard</h1><p class="empty">Error loading triage queue.</p>`)
 		return
 	}
 
-	var buf strings.Builder
-	if err := tmpl.ExecuteTemplate(&buf, "content", data); err != nil {
-		slog.Error("failed to execute dashboard template", "error", err)
-		http.Error(w, "template error", http.StatusInternalServerError)
+	if len(queue) == 0 {
+		renderPage(w, r, "Dashboard", "dashboard",
+			`<h1>Dashboard</h1><p class="empty">No items need attention. Nice work!</p>`)
 		return
 	}
 
-	renderPage(w, r, "Dashboard", "dashboard", buf.String())
+	content := `<h1>Dashboard</h1>`
+	for _, item := range queue {
+		typeBadge := `<span class="type-badge type-issue">issue</span>`
+		if item.Type == "pull" {
+			typeBadge = `<span class="type-badge type-pull">PR</span>`
+		}
+
+		labels := ""
+		for _, l := range item.Labels {
+			color := "#8b949e"
+			switch l {
+			case "P1":
+				color = "#f85149"
+			case "P2":
+				color = "#d29922"
+			case "P3":
+				color = "#58a6ff"
+			}
+			labels += fmt.Sprintf(`<span class="label" style="color:%s;border:1px solid %s">%s</span>`, color, color, template.HTMLEscapeString(l))
+		}
+
+		content += fmt.Sprintf(`<div class="card">
+  <div class="card-title">%s %s</div>
+  <div class="card-meta">%s/%s #%d %s</div>
+</div>`, typeBadge, template.HTMLEscapeString(item.Title),
+			template.HTMLEscapeString(item.RepoOwner),
+			template.HTMLEscapeString(item.RepoName),
+			item.Number, labels)
+	}
+
+	renderPage(w, r, "Dashboard", "dashboard", content)
 }
 
 // ListIssues handles GET /issues.
 func (h *Handler) ListIssues(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)
-	orgNames := h.getUserOrgs(r)
+	orgs := h.getUserOrgs(r)
 
-	type issuesData struct {
-		Issues        []giteaclient.Issue
-		Orgs          []string
-		SelectedOrg   string
-		SelectedState string
-		SelectedLabel string
-		SelectedRepo  string
-		Repos         []string
-		HasMore       bool
-		NextPage      int
-		Error         string
-	}
-
-	selectedOrg := r.URL.Query().Get("org")
-	selectedState := r.URL.Query().Get("state")
-	if selectedState == "" {
-		selectedState = "open"
-	}
-	selectedLabel := r.URL.Query().Get("label")
-	selectedRepo := r.URL.Query().Get("repo")
-	page, _ := strconv.Atoi(r.URL.Query().Get("page"))
-	if page < 1 {
-		page = 1
-	}
-
-	data := issuesData{
-		Orgs:          orgNames,
-		SelectedOrg:   selectedOrg,
-		SelectedState: selectedState,
-		SelectedLabel: selectedLabel,
-		SelectedRepo:  selectedRepo,
-	}
-
-	if len(orgNames) == 0 {
-		data.Error = "No organizations found."
-	} else {
-		// Filter to selected org if specified.
-		queryOrgs := orgNames
-		if selectedOrg != "" {
-			queryOrgs = []string{selectedOrg}
-
-			// Populate repo list for the selected org.
-			repos, err := h.Client.ListOrgRepos(r.Context(), token, selectedOrg)
-			if err != nil {
-				slog.Warn("failed to list repos for org filter", "error", err, "org", selectedOrg)
-			} else {
-				for _, repo := range repos {
-					data.Repos = append(data.Repos, repo.Name)
-				}
-			}
-		}
-
-		result, err := h.Client.ListAllIssues(r.Context(), token, queryOrgs, selectedState, page, selectedLabel, selectedRepo)
-		if err != nil {
-			slog.Error("failed to list issues", "error", err)
-			data.Error = "Error loading issues."
-		} else {
-			data.Issues = result.Issues
-			data.HasMore = result.HasMore
-			if result.HasMore {
-				data.NextPage = page + 1
-			}
-		}
-	}
-
-	// For HTMX infinite-scroll requests (page > 1), return only the card fragment.
-	if isHTMX(r) && page > 1 {
-		tmpl, err := template.ParseFiles("internal/templates/issues.html")
-		if err != nil {
-			slog.Error("failed to parse issues template", "error", err)
-			http.Error(w, "template error", http.StatusInternalServerError)
-			return
-		}
-		var buf strings.Builder
-		if err := tmpl.ExecuteTemplate(&buf, "cards", data); err != nil {
-			slog.Error("failed to execute issues cards template", "error", err)
-			http.Error(w, "template error", http.StatusInternalServerError)
-			return
-		}
-		w.Header().Set("Content-Type", "text/html; charset=utf-8")
-		fmt.Fprint(w, buf.String())
+	if len(orgs) == 0 {
+		renderPage(w, r, "Issues", "issues",
+			`<h1>Issues</h1><p class="empty">No organizations found.</p>`)
 		return
 	}
 
-	tmpl, err := template.ParseFiles("internal/templates/issues.html")
+	issues, err := h.Client.ListAllIssues(r.Context(), token, orgs)
 	if err != nil {
-		slog.Error("failed to parse issues template", "error", err)
-		http.Error(w, "template error", http.StatusInternalServerError)
+		slog.Error("failed to list issues", "error", err)
+		renderPage(w, r, "Issues", "issues",
+			`<h1>Issues</h1><p class="empty">Error loading issues.</p>`)
 		return
 	}
 
-	var buf strings.Builder
-	if err := tmpl.ExecuteTemplate(&buf, "content", data); err != nil {
-		slog.Error("failed to execute issues template", "error", err)
-		http.Error(w, "template error", http.StatusInternalServerError)
+	if len(issues) == 0 {
+		renderPage(w, r, "Issues", "issues",
+			`<h1>Issues</h1><p class="empty">No open issues found.</p>`)
 		return
 	}
 
-	renderPage(w, r, "Issues", "issues", buf.String())
+	content := `<h1>Issues</h1>`
+	for _, issue := range issues {
+		labels := ""
+		for _, l := range issue.Labels {
+			labels += fmt.Sprintf(`<span class="label" style="color:#%s;border:1px solid #%s">%s</span>`,
+				l.Color, l.Color, template.HTMLEscapeString(l.Name))
+		}
+
+		assignee := ""
+		if issue.Assignee != nil {
+			assignee = fmt.Sprintf(` &middot; %s`, template.HTMLEscapeString(issue.Assignee.Login))
+		}
+
+		content += fmt.Sprintf(`<div class="card">
+  <div class="card-title">%s</div>
+  <div class="card-meta">%s/%s #%d %s%s</div>
+</div>`, template.HTMLEscapeString(issue.Title),
+			template.HTMLEscapeString(issue.RepoOwner),
+			template.HTMLEscapeString(issue.RepoName),
+			issue.Number, labels, assignee)
+	}
+
+	renderPage(w, r, "Issues", "issues", content)
 }
 
 // ListPulls handles GET /pulls.
 func (h *Handler) ListPulls(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)
-	orgNames := h.getUserOrgs(r)
+	orgs := h.getUserOrgs(r)
 
-	type pullsData struct {
-		Pulls         []giteaclient.PullRequest
-		Orgs          []string
-		SelectedOrg   string
-		SelectedState string
-		SelectedLabel string
-		SelectedRepo  string
-		Repos         []string
-		HasMore       bool
-		NextPage      int
-		Error         string
-	}
-
-	selectedOrg := r.URL.Query().Get("org")
-	selectedState := r.URL.Query().Get("state")
-	if selectedState == "" {
-		selectedState = "open"
-	}
-	selectedLabel := r.URL.Query().Get("label")
-	selectedRepo := r.URL.Query().Get("repo")
-	page, _ := strconv.Atoi(r.URL.Query().Get("page"))
-	if page < 1 {
-		page = 1
-	}
-
-	data := pullsData{
-		Orgs:          orgNames,
-		SelectedOrg:   selectedOrg,
-		SelectedState: selectedState,
-		SelectedLabel: selectedLabel,
-		SelectedRepo:  selectedRepo,
-	}
-
-	if len(orgNames) == 0 {
-		data.Error = "No organizations found."
-	} else {
-		queryOrgs := orgNames
-		if selectedOrg != "" {
-			queryOrgs = []string{selectedOrg}
-
-			// Populate repo list for the selected org.
-			repos, err := h.Client.ListOrgRepos(r.Context(), token, selectedOrg)
-			if err != nil {
-				slog.Warn("failed to list repos for org filter", "error", err, "org", selectedOrg)
-			} else {
-				for _, repo := range repos {
-					data.Repos = append(data.Repos, repo.Name)
-				}
-			}
-		}
-
-		result, err := h.Client.ListAllPullRequests(r.Context(), token, queryOrgs, selectedState, page, selectedLabel, selectedRepo)
-		if err != nil {
-			slog.Error("failed to list pull requests", "error", err)
-			data.Error = "Error loading pull requests."
-		} else {
-			data.Pulls = result.Pulls
-			data.HasMore = result.HasMore
-			if result.HasMore {
-				data.NextPage = page + 1
-			}
-			// Enrich PRs with review state for status icons.
-			if len(data.Pulls) > 0 {
-				h.Client.EnrichPullsWithReviewState(r.Context(), token, data.Pulls)
-			}
-		}
-	}
-
-	// For HTMX infinite-scroll requests (page > 1), return only the card fragment.
-	if isHTMX(r) && page > 1 {
-		tmpl, err := template.ParseFiles("internal/templates/pulls.html")
-		if err != nil {
-			slog.Error("failed to parse pulls template", "error", err)
-			http.Error(w, "template error", http.StatusInternalServerError)
-			return
-		}
-		var buf strings.Builder
-		if err := tmpl.ExecuteTemplate(&buf, "cards", data); err != nil {
-			slog.Error("failed to execute pulls cards template", "error", err)
-			http.Error(w, "template error", http.StatusInternalServerError)
-			return
-		}
-		w.Header().Set("Content-Type", "text/html; charset=utf-8")
-		fmt.Fprint(w, buf.String())
+	if len(orgs) == 0 {
+		renderPage(w, r, "Pull Requests", "pulls",
+			`<h1>Pull Requests</h1><p class="empty">No organizations found.</p>`)
 		return
 	}
 
-	tmpl, err := template.ParseFiles("internal/templates/pulls.html")
+	prs, err := h.Client.ListAllPullRequests(r.Context(), token, orgs)
 	if err != nil {
-		slog.Error("failed to parse pulls template", "error", err)
-		http.Error(w, "template error", http.StatusInternalServerError)
+		slog.Error("failed to list pull requests", "error", err)
+		renderPage(w, r, "Pull Requests", "pulls",
+			`<h1>Pull Requests</h1><p class="empty">Error loading pull requests.</p>`)
 		return
 	}
 
-	var buf strings.Builder
-	if err := tmpl.ExecuteTemplate(&buf, "content", data); err != nil {
-		slog.Error("failed to execute pulls template", "error", err)
-		http.Error(w, "template error", http.StatusInternalServerError)
+	if len(prs) == 0 {
+		renderPage(w, r, "Pull Requests", "pulls",
+			`<h1>Pull Requests</h1><p class="empty">No open pull requests found.</p>`)
 		return
 	}
 
-	renderPage(w, r, "Pull Requests", "pulls", buf.String())
+	content := `<h1>Pull Requests</h1>`
+	for _, pr := range prs {
+		labels := ""
+		for _, l := range pr.Labels {
+			labels += fmt.Sprintf(`<span class="label" style="color:#%s;border:1px solid #%s">%s</span>`,
+				l.Color, l.Color, template.HTMLEscapeString(l.Name))
+		}
+
+		stats := fmt.Sprintf(`<span style="color:#3fb950">+%d</span> <span style="color:#f85149">-%d</span>`, pr.Additions, pr.Deletions)
+		mergeStatus := ""
+		if pr.Mergeable {
+			mergeStatus = `<span style="color:#3fb950;font-size:0.7rem;">mergeable</span>`
+		}
+
+		content += fmt.Sprintf(`<div class="card">
+  <div class="card-title"><span class="type-badge type-pull">PR</span> %s</div>
+  <div class="card-meta">%s/%s #%d %s %s %s</div>
+</div>`, template.HTMLEscapeString(pr.Title),
+			template.HTMLEscapeString(pr.RepoOwner),
+			template.HTMLEscapeString(pr.RepoName),
+			pr.Number, labels, stats, mergeStatus)
+	}
+
+	renderPage(w, r, "Pull Requests", "pulls", content)
 }
 
 // IssueDetail handles GET /issues/{owner}/{repo}/{index}.
@@ -535,23 +367,6 @@ func (h *Handler) IssueDetail(w http.ResponseWriter, r *http.Request) {
 		labels = nil
 	}
 
-	collaborators, err := h.Client.ListCollaborators(r.Context(), token, owner, repo)
-	if err != nil {
-		slog.Error("failed to get collaborators", "error", err)
-		collaborators = nil
-	}
-
-	// Render markdown body if present.
-	var renderedBody template.HTML
-	if issue.Body != "" {
-		rendered, err := h.Client.RenderMarkdown(r.Context(), token, issue.Body)
-		if err != nil {
-			slog.Warn("failed to render issue body markdown, using plain text", "error", err)
-		} else {
-			renderedBody = template.HTML(rendered)
-		}
-	}
-
 	// Build the content HTML using the template.
 	tmpl, err := template.ParseFiles("internal/templates/issue_detail.html")
 	if err != nil {
@@ -562,18 +377,14 @@ func (h *Handler) IssueDetail(w http.ResponseWriter, r *http.Request) {
 
 	type templateData struct {
 		Issue           *giteaclient.Issue
-		RenderedBody    template.HTML
 		Comments        []giteaclient.Comment
 		AvailableLabels []giteaclient.Label
-		Collaborators   []string
 	}
 
 	data := templateData{
 		Issue:           issue,
-		RenderedBody:    renderedBody,
 		Comments:        comments,
 		AvailableLabels: labels,
-		Collaborators:   collaborators,
 	}
 
 	var buf strings.Builder
@@ -607,24 +418,6 @@ func (h *Handler) PullDetail(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// Render markdown body if present.
-	var renderedBody template.HTML
-	if pr.Body != "" {
-		rendered, err := h.Client.RenderMarkdown(r.Context(), token, pr.Body)
-		if err != nil {
-			slog.Warn("failed to render PR body markdown, using plain text", "error", err)
-		} else {
-			renderedBody = template.HTML(rendered)
-		}
-	}
-
-	// Fetch comments for this PR (Gitea uses the issues endpoint for PR comments).
-	comments, err := h.Client.GetIssueComments(r.Context(), token, owner, repo, index)
-	if err != nil {
-		slog.Warn("failed to fetch PR comments", "error", err, "owner", owner, "repo", repo, "index", index)
-		// Non-fatal: continue rendering without comments.
-	}
-
 	// Build the content HTML using the template.
 	tmpl, err := template.ParseFiles("internal/templates/pull_detail.html")
 	if err != nil {
@@ -634,15 +427,11 @@ func (h *Handler) PullDetail(w http.ResponseWriter, r *http.Request) {
 	}
 
 	type templateData struct {
-		Pull         *giteaclient.PullRequest
-		RenderedBody template.HTML
-		Comments     []giteaclient.Comment
+		Pull *giteaclient.PullRequest
 	}
 
 	data := templateData{
-		Pull:         pr,
-		RenderedBody: renderedBody,
-		Comments:     comments,
+		Pull: pr,
 	}
 
 	var buf strings.Builder
@@ -655,73 +444,6 @@ func (h *Handler) PullDetail(w http.ResponseWriter, r *http.Request) {
 	renderPage(w, r, fmt.Sprintf("PR #%d", index), "pulls", buf.String())
 }
 
-// NewIssue handles GET /issues/new — renders the create-issue form.
-func (h *Handler) NewIssue(w http.ResponseWriter, r *http.Request) {
-	token := getToken(r)
-
-	repos, err := h.Client.ListOrgsAndRepos(r.Context(), token)
-	if err != nil {
-		slog.Error("failed to list repos for new issue form", "error", err)
-		renderPage(w, r, "New Issue", "issues",
-			`<h1>New Issue</h1><p class="empty">Error loading repositories.</p>`)
-		return
-	}
-
-	tmpl, err := template.ParseFiles("internal/templates/create_issue.html")
-	if err != nil {
-		slog.Error("failed to parse create_issue template", "error", err)
-		http.Error(w, "template error", http.StatusInternalServerError)
-		return
-	}
-
-	type templateData struct {
-		Repos map[string][]giteaclient.Repo
-	}
-
-	data := templateData{Repos: repos}
-
-	var buf strings.Builder
-	if err := tmpl.ExecuteTemplate(&buf, "content", data); err != nil {
-		slog.Error("failed to execute create_issue template", "error", err)
-		http.Error(w, "template error", http.StatusInternalServerError)
-		return
-	}
-
-	renderPage(w, r, "New Issue", "issues", buf.String())
-}
-
-// NewIssueLabels handles GET /issues/new/labels — returns label checkboxes for a repo.
-func (h *Handler) NewIssueLabels(w http.ResponseWriter, r *http.Request) {
-	token := getToken(r)
-	owner := r.URL.Query().Get("owner")
-	repo := r.URL.Query().Get("repo")
-
-	if owner == "" || repo == "" {
-		w.Header().Set("Content-Type", "text/html; charset=utf-8")
-		fmt.Fprint(w, `<span class="empty">Select a repository first.</span>`)
-		return
-	}
-
-	labels, err := h.Client.GetRepoLabels(r.Context(), token, owner, repo)
-	if err != nil {
-		slog.Error("failed to fetch labels", "error", err, "owner", owner, "repo", repo)
-		w.Header().Set("Content-Type", "text/html; charset=utf-8")
-		fmt.Fprint(w, `<span class="empty">Error loading labels.</span>`)
-		return
-	}
-
-	w.Header().Set("Content-Type", "text/html; charset=utf-8")
-	if len(labels) == 0 {
-		fmt.Fprint(w, `<span class="empty">No labels available for this repository.</span>`)
-		return
-	}
-
-	for _, l := range labels {
-		fmt.Fprintf(w, `<label style="display:inline-block;margin:0.25rem 0.5rem 0.25rem 0;cursor:pointer;"><input type="checkbox" name="label_ids" value="%d" style="margin-right:0.25rem;"> <span class="label" style="color:#%s;border:1px solid #%s">%s</span></label>`,
-			l.ID, template.HTMLEscapeString(l.Color), template.HTMLEscapeString(l.Color), template.HTMLEscapeString(l.Name))
-	}
-}
-
 // CreateIssue handles POST /issues.
 func (h *Handler) CreateIssue(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)
@@ -735,15 +457,6 @@ func (h *Handler) CreateIssue(w http.ResponseWriter, r *http.Request) {
 	title := r.FormValue("title")
 	body := r.FormValue("body")
 
-	// Parse label IDs from form checkboxes.
-	var labelIDs []int64
-	for _, idStr := range r.Form["label_ids"] {
-		id, err := strconv.ParseInt(idStr, 10, 64)
-		if err == nil {
-			labelIDs = append(labelIDs, id)
-		}
-	}
-
 	if owner == "" || repo == "" || title == "" {
 		if isHTMX(r) {
 			w.Header().Set("Content-Type", "text/html; charset=utf-8")
@@ -755,7 +468,7 @@ func (h *Handler) CreateIssue(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	issue, err := h.Client.CreateIssue(r.Context(), token, owner, repo, title, body, labelIDs)
+	issue, err := h.Client.CreateIssue(r.Context(), token, owner, repo, title, body, nil)
 	if err != nil {
 		slog.Error("failed to create issue", "error", err)
 		if isHTMX(r) {
@@ -824,210 +537,6 @@ func (h *Handler) ApplyLabels(w http.ResponseWriter, r *http.Request) {
 	http.Redirect(w, r, fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
 }
 
-// AssignIssue handles POST /issues/{owner}/{repo}/{index}/assignees.
-func (h *Handler) AssignIssue(w http.ResponseWriter, r *http.Request) {
-	token := getToken(r)
-	owner := r.PathValue("owner")
-	repo := r.PathValue("repo")
-	indexStr := r.PathValue("index")
-
-	index, err := strconv.ParseInt(indexStr, 10, 64)
-	if err != nil {
-		http.Error(w, "invalid issue index", http.StatusBadRequest)
-		return
-	}
-
-	if err := r.ParseForm(); err != nil {
-		http.Error(w, "bad request", http.StatusBadRequest)
-		return
-	}
-
-	assignee := r.FormValue("assignee")
-	if assignee == "" {
-		http.Error(w, "assignee is required", http.StatusBadRequest)
-		return
-	}
-
-	if err := h.Client.AssignIssue(r.Context(), token, owner, repo, index, []string{assignee}); err != nil {
-		slog.Error("failed to assign issue", "error", err, "owner", owner, "repo", repo, "index", index, "assignee", assignee)
-		http.Error(w, "failed to assign issue", http.StatusInternalServerError)
-		return
-	}
-
-	if isHTMX(r) {
-		w.Header().Set("Content-Type", "text/html; charset=utf-8")
-		fmt.Fprintf(w, `<span style="color:#3fb950">Assigned to %s</span>`, template.HTMLEscapeString(assignee))
-		return
-	}
-
-	http.Redirect(w, r, fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
-}
-
-// CloseIssue handles POST /issues/{owner}/{repo}/{index}/close.
-func (h *Handler) CloseIssue(w http.ResponseWriter, r *http.Request) {
-	token := getToken(r)
-	owner := r.PathValue("owner")
-	repo := r.PathValue("repo")
-	indexStr := r.PathValue("index")
-
-	index, err := strconv.ParseInt(indexStr, 10, 64)
-	if err != nil {
-		http.Error(w, "invalid issue index", http.StatusBadRequest)
-		return
-	}
-
-	if err := h.Client.CloseIssue(r.Context(), token, owner, repo, index); err != nil {
-		slog.Error("failed to close issue", "error", err, "owner", owner, "repo", repo, "index", index)
-		http.Error(w, "failed to close issue", http.StatusInternalServerError)
-		return
-	}
-
-	if isHTMX(r) {
-		w.Header().Set("HX-Redirect", fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index))
-		w.WriteHeader(http.StatusOK)
-		return
-	}
-
-	http.Redirect(w, r, fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
-}
-
-// SetIssueState handles POST /issues/{owner}/{repo}/{index}/state.
-func (h *Handler) SetIssueState(w http.ResponseWriter, r *http.Request) {
-	token := getToken(r)
-	owner := r.PathValue("owner")
-	repo := r.PathValue("repo")
-	indexStr := r.PathValue("index")
-
-	index, err := strconv.ParseInt(indexStr, 10, 64)
-	if err != nil {
-		http.Error(w, "invalid issue index", http.StatusBadRequest)
-		return
-	}
-
-	if err := r.ParseForm(); err != nil {
-		http.Error(w, "bad request", http.StatusBadRequest)
-		return
-	}
-
-	state := r.FormValue("state")
-	if state != "open" && state != "closed" {
-		http.Error(w, "state must be 'open' or 'closed'", http.StatusBadRequest)
-		return
-	}
-
-	if err := h.Client.SetIssueState(r.Context(), token, owner, repo, index, state); err != nil {
-		slog.Error("failed to set issue state", "error", err, "owner", owner, "repo", repo, "index", index, "state", state)
-		http.Error(w, "failed to update issue state", http.StatusInternalServerError)
-		return
-	}
-
-	if isHTMX(r) {
-		w.Header().Set("Content-Type", "text/html; charset=utf-8")
-		if state == "closed" {
-			fmt.Fprintf(w, `<span class="state-closed" id="issue-state">closed</span>
-<button class="btn btn-secondary" hx-post="/issues/%s/%s/%d/state" hx-vals='{"state":"open"}' hx-target="#state-section" hx-swap="innerHTML">Reopen Issue</button>`,
-				template.HTMLEscapeString(owner), template.HTMLEscapeString(repo), index)
-		} else {
-			fmt.Fprintf(w, `<span class="state-open" id="issue-state">open</span>
-<button class="btn btn-danger" hx-post="/issues/%s/%s/%d/state" hx-vals='{"state":"closed"}' hx-target="#state-section" hx-swap="innerHTML">Close Issue</button>`,
-				template.HTMLEscapeString(owner), template.HTMLEscapeString(repo), index)
-		}
-		return
-	}
-
-	http.Redirect(w, r, fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
-}
-
-// SetPullState handles POST /pulls/{owner}/{repo}/{index}/state.
-func (h *Handler) SetPullState(w http.ResponseWriter, r *http.Request) {
-	token := getToken(r)
-	owner := r.PathValue("owner")
-	repo := r.PathValue("repo")
-	indexStr := r.PathValue("index")
-
-	index, err := strconv.ParseInt(indexStr, 10, 64)
-	if err != nil {
-		http.Error(w, "invalid pull request index", http.StatusBadRequest)
-		return
-	}
-
-	if err := r.ParseForm(); err != nil {
-		http.Error(w, "bad request", http.StatusBadRequest)
-		return
-	}
-
-	state := r.FormValue("state")
-	if state != "open" && state != "closed" {
-		http.Error(w, "state must be 'open' or 'closed'", http.StatusBadRequest)
-		return
-	}
-
-	if err := h.Client.SetIssueState(r.Context(), token, owner, repo, index, state); err != nil {
-		slog.Error("failed to set pull request state", "error", err, "owner", owner, "repo", repo, "index", index, "state", state)
-		http.Error(w, "failed to update pull request state", http.StatusInternalServerError)
-		return
-	}
-
-	if isHTMX(r) {
-		w.Header().Set("Content-Type", "text/html; charset=utf-8")
-		if state == "closed" {
-			fmt.Fprintf(w, `<span class="state-closed" id="pull-state">closed</span>
-<button class="btn btn-secondary" hx-post="/pulls/%s/%s/%d/state" hx-vals='{"state":"open"}' hx-target="#state-section" hx-swap="innerHTML">Reopen PR</button>`,
-				template.HTMLEscapeString(owner), template.HTMLEscapeString(repo), index)
-		} else {
-			fmt.Fprintf(w, `<span class="state-open" id="pull-state">open</span>
-<button class="btn btn-danger" hx-post="/pulls/%s/%s/%d/state" hx-vals='{"state":"closed"}' hx-target="#state-section" hx-swap="innerHTML">Close PR</button>`,
-				template.HTMLEscapeString(owner), template.HTMLEscapeString(repo), index)
-		}
-		return
-	}
-
-	http.Redirect(w, r, fmt.Sprintf("/pulls/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
-}
-
-// AddComment handles POST /issues/{owner}/{repo}/{index}/comment.
-func (h *Handler) AddComment(w http.ResponseWriter, r *http.Request) {
-	token := getToken(r)
-	owner := r.PathValue("owner")
-	repo := r.PathValue("repo")
-	indexStr := r.PathValue("index")
-
-	index, err := strconv.ParseInt(indexStr, 10, 64)
-	if err != nil {
-		http.Error(w, "invalid issue index", http.StatusBadRequest)
-		return
-	}
-
-	if err := r.ParseForm(); err != nil {
-		http.Error(w, "bad request", http.StatusBadRequest)
-		return
-	}
-
-	body := r.FormValue("body")
-	if body == "" {
-		http.Error(w, "comment body is required", http.StatusBadRequest)
-		return
-	}
-
-	comment, err := h.Client.PostComment(r.Context(), token, owner, repo, index, body)
-	if err != nil {
-		slog.Error("failed to post comment", "error", err, "owner", owner, "repo", repo, "index", index)
-		http.Error(w, "failed to post comment", http.StatusInternalServerError)
-		return
-	}
-
-	if isHTMX(r) {
-		w.Header().Set("Content-Type", "text/html; charset=utf-8")
-		fmt.Fprintf(w, `<div class="card comment">
-  <div class="card-meta">%s &middot; %s</div>
-  <div class="card-body">%s</div>
-</div>`, template.HTMLEscapeString(comment.User), template.HTMLEscapeString(comment.CreatedAt), template.HTMLEscapeString(comment.Body))
-		return
-	}
-
-	http.Redirect(w, r, fmt.Sprintf("/issues/%s/%s/%d", owner, repo, index), http.StatusSeeOther)
-}
-
 // SubmitReview handles POST /pulls/{owner}/{repo}/{index}/review.
 func (h *Handler) SubmitReview(w http.ResponseWriter, r *http.Request) {
 	token := getToken(r)

internal/handlers/handlers_test.go

@@ -135,135 +135,6 @@ func TestSubmitReview_MissingEventType(t *testing.T) {
 	}
 }
 
-func TestSetIssueState_InvalidState(t *testing.T) {
-	h := newTestHandler()
-	mux := http.NewServeMux()
-	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/state", h.SetIssueState)
-
-	req := httptest.NewRequest(http.MethodPost, "/issues/org/repo/1/state", nil)
-	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-	w := httptest.NewRecorder()
-
-	mux.ServeHTTP(w, req)
-
-	if w.Code != http.StatusBadRequest {
-		t.Errorf("status = %d, want %d", w.Code, http.StatusBadRequest)
-	}
-}
-
-func TestSetIssueState_InvalidIndex(t *testing.T) {
-	h := newTestHandler()
-	mux := http.NewServeMux()
-	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/state", h.SetIssueState)
-
-	req := httptest.NewRequest(http.MethodPost, "/issues/org/repo/abc/state", nil)
-	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-	w := httptest.NewRecorder()
-
-	mux.ServeHTTP(w, req)
-
-	if w.Code != http.StatusBadRequest {
-		t.Errorf("status = %d, want %d", w.Code, http.StatusBadRequest)
-	}
-}
-
-func TestAddComment_EmptyBody(t *testing.T) {
-	h := newTestHandler()
-	mux := http.NewServeMux()
-	mux.HandleFunc("POST /issues/{owner}/{repo}/{index}/comments", h.AddComment)
-
-	req := httptest.NewRequest(http.MethodPost, "/issues/org/repo/1/comments", nil)
-	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-	w := httptest.NewRecorder()
-
-	mux.ServeHTTP(w, req)
-
-	if w.Code != http.StatusBadRequest {
-		t.Errorf("status = %d, want %d", w.Code, http.StatusBadRequest)
-	}
-}
-
-func TestErrorNotFound(t *testing.T) {
-	h := newTestHandler()
-	req := httptest.NewRequest(http.MethodGet, "/nonexistent", nil)
-	w := httptest.NewRecorder()
-
-	h.ErrorNotFound(w, req)
-
-	if w.Code != http.StatusNotFound {
-		t.Errorf("status = %d, want %d", w.Code, http.StatusNotFound)
-	}
-	body := w.Body.String()
-	if body == "" {
-		t.Error("expected non-empty response body")
-	}
-	if !contains(body, "404") {
-		t.Error("expected body to contain '404'")
-	}
-	if !contains(body, "Page Not Found") {
-		t.Error("expected body to contain 'Page Not Found'")
-	}
-}
-
-func TestErrorInternal(t *testing.T) {
-	h := newTestHandler()
-	req := httptest.NewRequest(http.MethodGet, "/error", nil)
-	w := httptest.NewRecorder()
-
-	h.ErrorInternal(w, req)
-
-	if w.Code != http.StatusInternalServerError {
-		t.Errorf("status = %d, want %d", w.Code, http.StatusInternalServerError)
-	}
-	body := w.Body.String()
-	if body == "" {
-		t.Error("expected non-empty response body")
-	}
-	if !contains(body, "500") {
-		t.Error("expected body to contain '500'")
-	}
-	if !contains(body, "Internal Server Error") {
-		t.Error("expected body to contain 'Internal Server Error'")
-	}
-}
-
-func TestDashboard_NonRootPath_Returns404(t *testing.T) {
-	h := newTestHandler()
-	req := httptest.NewRequest(http.MethodGet, "/unknown/path", nil)
-	w := httptest.NewRecorder()
-
-	h.Dashboard(w, req)
-
-	if w.Code != http.StatusNotFound {
-		t.Errorf("status = %d, want %d", w.Code, http.StatusNotFound)
-	}
-	body := w.Body.String()
-	if !contains(body, "404") {
-		t.Error("expected body to contain '404' for non-root path")
-	}
-}
-
-func TestErrorNotFound_HTMX(t *testing.T) {
-	h := newTestHandler()
-	req := httptest.NewRequest(http.MethodGet, "/nonexistent", nil)
-	req.Header.Set("HX-Request", "true")
-	w := httptest.NewRecorder()
-
-	h.ErrorNotFound(w, req)
-
-	if w.Code != http.StatusNotFound {
-		t.Errorf("status = %d, want %d", w.Code, http.StatusNotFound)
-	}
-	body := w.Body.String()
-	// HTMX response should not contain DOCTYPE.
-	if contains(body, "<!DOCTYPE") {
-		t.Error("HTMX response should not contain DOCTYPE")
-	}
-	if !contains(body, "Page Not Found") {
-		t.Error("expected body to contain 'Page Not Found'")
-	}
-}
-
 func contains(s, substr string) bool {
 	return len(s) >= len(substr) && searchString(s, substr)
 }

internal/handlers/settings.go

@@ -2,7 +2,6 @@ package handlers
 
 import (
 	"html/template"
-	"log/slog"
 	"net/http"
 	"strings"
 
@@ -10,7 +9,89 @@ import (
 	"gitea.leeworks.dev/0xwheatyz/gitea-mobile/internal/middleware"
 )
 
-const settingsTemplatePath = "internal/templates/settings.html"
+var settingsTemplate = template.Must(template.New("settings").Parse(`<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover">
+  <title>Settings — Gitea Mobile</title>
+  <style>
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+      background: #0d1117; color: #e6edf3;
+      padding: 1rem;
+      padding-top: max(1rem, env(safe-area-inset-top));
+    }
+    h1 { font-size: 1.5rem; margin-bottom: 1rem; }
+    .card {
+      background: #161b22; border: 1px solid #30363d; border-radius: 8px;
+      padding: 1rem; margin-bottom: 1rem;
+    }
+    label { display: block; font-size: 0.875rem; color: #8b949e; margin-bottom: 0.5rem; }
+    input[type="text"], input[type="password"] {
+      width: 100%; padding: 0.5rem; font-size: 1rem;
+      background: #0d1117; border: 1px solid #30363d; border-radius: 6px;
+      color: #e6edf3; margin-bottom: 1rem;
+    }
+    input:focus { outline: none; border-color: #58a6ff; }
+    button {
+      width: 100%; padding: 0.75rem; font-size: 1rem; font-weight: 600;
+      background: #238636; color: #fff; border: none; border-radius: 6px;
+      cursor: pointer;
+    }
+    button:active { background: #2ea043; }
+    .message {
+      padding: 0.75rem; border-radius: 6px; margin-bottom: 1rem;
+      font-size: 0.875rem;
+    }
+    .message.success { background: #0d2818; border: 1px solid #238636; color: #3fb950; }
+    .message.error { background: #2d1117; border: 1px solid #da3633; color: #f85149; }
+    .message.info { background: #0c1d2e; border: 1px solid #1f6feb; color: #58a6ff; }
+    .hint { font-size: 0.75rem; color: #8b949e; margin-top: 0.25rem; margin-bottom: 1rem; }
+    .status { font-size: 0.875rem; color: #8b949e; }
+    .status .connected { color: #3fb950; }
+    .logout-btn {
+      background: #21262d; border: 1px solid #30363d; margin-top: 0.5rem;
+    }
+    .logout-btn:active { background: #30363d; }
+  </style>
+</head>
+<body>
+  <h1>Settings</h1>
+
+  {{if .Message}}
+  <div class="message {{.MessageType}}">{{.Message}}</div>
+  {{end}}
+
+  {{if .HasToken}}
+  <div class="card">
+    <p class="status">Status: <span class="connected">Connected</span></p>
+    <p class="hint">A Gitea API token is configured.</p>
+    <form method="POST" action="/settings">
+      <input type="hidden" name="action" value="logout">
+      <button type="submit" class="logout-btn">Remove Token</button>
+    </form>
+  </div>
+  {{end}}
+
+  <div class="card">
+    <form method="POST" action="/settings">
+      <input type="hidden" name="action" value="save">
+      <label for="token">Gitea API Token</label>
+      <input type="password" id="token" name="token" placeholder="Enter your Gitea API token" required>
+      <p class="hint">Generate a token at your Gitea instance under Settings &rarr; Applications.</p>
+      <button type="submit">{{if .HasToken}}Update Token{{else}}Save Token{{end}}</button>
+    </form>
+  </div>
+
+  {{if .HasToken}}
+  <p style="text-align:center; margin-top:1rem;">
+    <a href="/" style="color:#58a6ff; text-decoration:none;">Back to Dashboard</a>
+  </p>
+  {{end}}
+</body>
+</html>`))
 
 // SettingsHandler handles GET and POST requests for the settings page.
 type SettingsHandler struct {
@@ -45,7 +126,8 @@ func (h *SettingsHandler) handleGet(w http.ResponseWriter, r *http.Request) {
 	}
 
 	data := settingsData{HasToken: hasToken}
-	h.renderSettings(w, data)
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+	settingsTemplate.Execute(w, data)
 }
 
 func (h *SettingsHandler) handlePost(w http.ResponseWriter, r *http.Request) {
@@ -90,18 +172,6 @@ func (h *SettingsHandler) renderWithMessage(w http.ResponseWriter, r *http.Reque
 		Message:     msg,
 		MessageType: msgType,
 	}
-	h.renderSettings(w, data)
-}
-
-func (h *SettingsHandler) renderSettings(w http.ResponseWriter, data settingsData) {
-	tmpl, err := template.ParseFiles(settingsTemplatePath)
-	if err != nil {
-		slog.Error("failed to parse settings template", "error", err)
-		http.Error(w, "template error", http.StatusInternalServerError)
-		return
-	}
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
-	if err := tmpl.Execute(w, data); err != nil {
-		slog.Error("failed to execute settings template", "error", err)
-	}
+	settingsTemplate.Execute(w, data)
 }

internal/middleware/auth.go

@@ -23,12 +23,9 @@ func TokenFromContext(ctx context.Context) string {
 }
 
 // Auth returns middleware that checks for a valid token cookie.
-// If no cookie token is found and fallbackToken is non-empty, the fallback
-// token is used instead (useful for single-user or service-account deployments
-// where GITEA_TOKEN is set in the environment).
 // Unauthenticated requests are redirected to the settings page.
 // The /health, /settings, and /static/ paths are exempt from auth.
-func Auth(sessionSecret, fallbackToken string) func(http.Handler) http.Handler {
+func Auth(sessionSecret string) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			// Skip auth for exempt paths.
@@ -40,13 +37,6 @@ func Auth(sessionSecret, fallbackToken string) func(http.Handler) http.Handler {
 
 			token, err := auth.GetToken(r, sessionSecret)
 			if err != nil || token == "" {
-				// Fall back to environment token if available.
-				if fallbackToken != "" {
-					slog.Debug("using fallback token from environment", "path", path)
-					ctx := context.WithValue(r.Context(), TokenContextKey, fallbackToken)
-					next.ServeHTTP(w, r.WithContext(ctx))
-					return
-				}
 				slog.Debug("unauthenticated request, redirecting to settings", "path", path, "error", err)
 				http.Redirect(w, r, "/settings", http.StatusSeeOther)
 				return

internal/middleware/auth_test.go

@@ -11,7 +11,7 @@ import (
 const testSecret = "test-secret-that-is-at-least-32-chars-long"
 
 func TestAuth_HealthBypass(t *testing.T) {
-	handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	handler := Auth(testSecret)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	}))
 
@@ -25,7 +25,7 @@ func TestAuth_HealthBypass(t *testing.T) {
 }
 
 func TestAuth_SettingsBypass(t *testing.T) {
-	handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	handler := Auth(testSecret)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	}))
 
@@ -39,7 +39,7 @@ func TestAuth_SettingsBypass(t *testing.T) {
 }
 
 func TestAuth_RedirectWithoutToken(t *testing.T) {
-	handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	handler := Auth(testSecret)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	}))
 
@@ -57,7 +57,7 @@ func TestAuth_RedirectWithoutToken(t *testing.T) {
 
 func TestAuth_PassWithToken(t *testing.T) {
 	called := false
-	handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	handler := Auth(testSecret)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		called = true
 		token := TokenFromContext(r.Context())
 		if token != "my-token" {
@@ -83,72 +83,3 @@ func TestAuth_PassWithToken(t *testing.T) {
 		t.Errorf("status = %d, want %d", w.Code, http.StatusOK)
 	}
 }
-
-func TestAuth_FallbackToken_UsedWhenNoCookie(t *testing.T) {
-	called := false
-	handler := Auth(testSecret, "env-fallback-token")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		called = true
-		token := TokenFromContext(r.Context())
-		if token != "env-fallback-token" {
-			t.Errorf("token = %q, want %q", token, "env-fallback-token")
-		}
-		w.WriteHeader(http.StatusOK)
-	}))
-
-	req := httptest.NewRequest(http.MethodGet, "/", nil)
-	w := httptest.NewRecorder()
-	handler.ServeHTTP(w, req)
-
-	if !called {
-		t.Error("next handler was not called with fallback token")
-	}
-	if w.Code != http.StatusOK {
-		t.Errorf("status = %d, want %d", w.Code, http.StatusOK)
-	}
-}
-
-func TestAuth_FallbackToken_CookieTakesPrecedence(t *testing.T) {
-	called := false
-	handler := Auth(testSecret, "env-fallback-token")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		called = true
-		token := TokenFromContext(r.Context())
-		if token != "cookie-token" {
-			t.Errorf("token = %q, want %q (cookie should take precedence over fallback)", token, "cookie-token")
-		}
-		w.WriteHeader(http.StatusOK)
-	}))
-
-	// Set a cookie token.
-	cookieW := httptest.NewRecorder()
-	auth.SetTokenCookie(cookieW, "cookie-token", testSecret, false)
-	cookie := cookieW.Result().Cookies()[0]
-
-	req := httptest.NewRequest(http.MethodGet, "/", nil)
-	req.AddCookie(cookie)
-	w := httptest.NewRecorder()
-	handler.ServeHTTP(w, req)
-
-	if !called {
-		t.Error("next handler was not called")
-	}
-	if w.Code != http.StatusOK {
-		t.Errorf("status = %d, want %d", w.Code, http.StatusOK)
-	}
-}
-
-func TestAuth_NoFallbackToken_RedirectsWithoutCookie(t *testing.T) {
-	handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-	}))
-
-	req := httptest.NewRequest(http.MethodGet, "/issues", nil)
-	w := httptest.NewRecorder()
-	handler.ServeHTTP(w, req)
-
-	if w.Code != http.StatusSeeOther {
-		t.Errorf("status = %d, want %d", w.Code, http.StatusSeeOther)
-	}
-	if loc := w.Header().Get("Location"); loc != "/settings" {
-		t.Errorf("Location = %q, want %q", loc, "/settings")
-	}
-}

internal/templates/create_issue.html

@@ -6,24 +6,20 @@
 <form id="create-issue-form" hx-post="/issues" hx-swap="innerHTML" hx-target="#main-content">
   <div class="form-group">
     <label for="repo-select">Repository</label>
-    <input list="repo-options" id="repo-select" name="owner_repo"
-           placeholder="Type to search repositories..." required autocomplete="off">
-    <datalist id="repo-options">
+    <select id="repo-select" name="owner_repo" required>
+      <option value="">Select a repository...</option>
       {{range $org, $repos := .Repos}}
+      <optgroup label="{{$org}}">
         {{range $repos}}
         <option value="{{.Owner.Login}}/{{.Name}}">{{.FullName}}</option>
         {{end}}
+      </optgroup>
       {{end}}
-    </datalist>
+    </select>
     <input type="hidden" name="owner" id="owner-input">
     <input type="hidden" name="repo" id="repo-input">
   </div>
 
-  <div class="form-group" id="label-section" style="display:none;">
-    <label>Labels</label>
-    <div id="label-list"></div>
-  </div>
-
   <div class="form-group">
     <label for="title">Title</label>
     <input type="text" id="title" name="title" placeholder="Issue title" required>
@@ -44,16 +40,9 @@
     var repoInput = document.getElementById('repo-input');
     var formError = document.getElementById('form-error');
 
-    // Build a set of valid repo values for validation.
-    var validRepos = {};
-    var options = document.getElementById('repo-options').options;
-    for (var i = 0; i < options.length; i++) {
-      validRepos[options[i].value] = true;
-    }
-
     function splitOwnerRepo() {
       var val = repoSelect.value;
-      if (val && val.indexOf('/') !== -1) {
+      if (val) {
         var parts = val.split('/');
         ownerInput.value = parts[0] || '';
         repoInput.value = parts[1] || '';
@@ -63,39 +52,7 @@
       }
     }
 
-    var debounceTimer = null;
-    repoSelect.addEventListener('input', function() {
-      clearTimeout(debounceTimer);
-      debounceTimer = setTimeout(function() {
-        splitOwnerRepo();
-        var labelSection = document.getElementById('label-section');
-        var labelList = document.getElementById('label-list');
-        if (ownerInput.value && repoInput.value && validRepos[repoSelect.value]) {
-          labelList.innerHTML = '<span class="empty">Loading labels...</span>';
-          labelSection.style.display = 'block';
-          htmx.ajax('GET', '/issues/new/labels?owner=' + encodeURIComponent(ownerInput.value) + '&repo=' + encodeURIComponent(repoInput.value), {target: '#label-list', swap: 'innerHTML'});
-        } else {
-          labelSection.style.display = 'none';
-          labelList.innerHTML = '';
-        }
-      }, 300);
-    });
-
-    // Also handle the change event for when a datalist option is selected directly.
-    repoSelect.addEventListener('change', function() {
-      clearTimeout(debounceTimer);
-      splitOwnerRepo();
-      var labelSection = document.getElementById('label-section');
-      var labelList = document.getElementById('label-list');
-      if (ownerInput.value && repoInput.value && validRepos[repoSelect.value]) {
-        labelList.innerHTML = '<span class="empty">Loading labels...</span>';
-        labelSection.style.display = 'block';
-        htmx.ajax('GET', '/issues/new/labels?owner=' + encodeURIComponent(ownerInput.value) + '&repo=' + encodeURIComponent(repoInput.value), {target: '#label-list', swap: 'innerHTML'});
-      } else {
-        labelSection.style.display = 'none';
-        labelList.innerHTML = '';
-      }
-    });
+    repoSelect.addEventListener('change', splitOwnerRepo);
 
     // Validate before HTMX submit.
     document.getElementById('create-issue-form').addEventListener('htmx:configRequest', function(evt) {
@@ -106,12 +63,6 @@
         formError.style.display = 'block';
         return false;
       }
-      if (!validRepos[repoSelect.value]) {
-        evt.preventDefault();
-        formError.textContent = 'Please select a valid repository from the list.';
-        formError.style.display = 'block';
-        return false;
-      }
       formError.style.display = 'none';
     });
 

internal/templates/dashboard.html

@@ -1,17 +1,6 @@
 {{define "content"}}
 <h1>Dashboard</h1>
 
-{{if gt (len .Orgs) 1}}
-<div class="filter-bar">
-  <select name="org" hx-get="/" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true">
-    <option value="">All orgs</option>
-    {{range .Orgs}}
-    <option value="{{.}}" {{if eq . $.SelectedOrg}}selected{{end}}>{{.}}</option>
-    {{end}}
-  </select>
-</div>
-{{end}}
-
 {{if .Error}}
 <p class="empty">{{.Error}}</p>
 {{else if not .Items}}

internal/templates/error.html

@@ -1,23 +0,0 @@
-{{define "content"}}
-<div class="error-page">
-  <div class="error-icon">
-    {{if eq .Code 404}}
-    <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" width="64" height="64">
-      <circle cx="11" cy="11" r="8"/>
-      <line x1="21" y1="21" x2="16.65" y2="16.65"/>
-      <line x1="8" y1="11" x2="14" y2="11"/>
-    </svg>
-    {{else}}
-    <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" width="64" height="64">
-      <path d="M10.29 3.86L1.82 18a2 2 0 001.71 3h16.94a2 2 0 001.71-3L13.71 3.86a2 2 0 00-3.42 0z"/>
-      <line x1="12" y1="9" x2="12" y2="13"/>
-      <line x1="12" y1="17" x2="12.01" y2="17"/>
-    </svg>
-    {{end}}
-  </div>
-  <h1 class="error-code">{{.Code}}</h1>
-  <p class="error-title">{{.Title}}</p>
-  <p class="error-message">{{.Message}}</p>
-  <a href="/" class="error-home-link">Go to Dashboard</a>
-</div>
-{{end}}

internal/templates/issue_detail.html

@@ -3,30 +3,19 @@
 
 <div class="card">
   <div class="card-meta">
-    <span id="state-section">
-      {{if eq .Issue.State "closed"}}
-      <span class="state-closed" id="issue-state">{{.Issue.State}}</span>
-      <button class="btn btn-secondary" hx-post="/issues/{{.Issue.RepoOwner}}/{{.Issue.RepoName}}/{{.Issue.Number}}/state" hx-vals='{"state":"open"}' hx-target="#state-section" hx-swap="innerHTML">Reopen Issue</button>
-      {{else}}
-      <span class="state-open" id="issue-state">{{.Issue.State}}</span>
-      <button class="btn btn-danger" hx-post="/issues/{{.Issue.RepoOwner}}/{{.Issue.RepoName}}/{{.Issue.Number}}/state" hx-vals='{"state":"closed"}' hx-target="#state-section" hx-swap="innerHTML">Close Issue</button>
-      {{end}}
-    </span>
+    <span class="state-open">{{.Issue.State}}</span>
     <span>{{.Issue.RepoOwner}}/{{.Issue.RepoName}} #{{.Issue.Number}}</span>
     {{range .Issue.Labels}}
     <span class="label" style="color:#{{.Color}};border:1px solid #{{.Color}}">{{.Name}}</span>
     {{end}}
   </div>
-  {{if .RenderedBody}}
-  <div class="card-body markdown-body">{{.RenderedBody}}</div>
-  {{else if .Issue.Body}}
+  {{if .Issue.Body}}
   <div class="card-body">{{.Issue.Body}}</div>
   {{end}}
 </div>
 
 {{if .Comments}}
 <h2>Comments</h2>
-<div id="comments-list">
 {{range .Comments}}
 <div class="comment">
   <div class="comment-header">
@@ -36,33 +25,10 @@
   <div class="comment-body">{{.Body}}</div>
 </div>
 {{end}}
-</div>
-{{else}}
-<div id="comments-list"></div>
 {{end}}
 
-<div class="card" style="margin-top:1rem;">
-  <h2>Add Comment</h2>
-  <form hx-post="/issues/{{.Issue.RepoOwner}}/{{.Issue.RepoName}}/{{.Issue.Number}}/comments" hx-target="#comments-list" hx-swap="beforeend" hx-on::after-request="if(event.detail.successful) this.reset()">
-    <textarea name="body" rows="4" placeholder="Write a comment..." required style="width:100%;margin-bottom:0.5rem;"></textarea>
-    <button type="submit" class="btn btn-primary" style="width:auto;padding:0.5rem 1rem;">Comment</button>
-  </form>
-</div>
-
 <div class="card" style="margin-top:1rem;">
   <h2>Actions</h2>
-  {{if .Collaborators}}
-  <form hx-post="/issues/{{.Issue.RepoOwner}}/{{.Issue.RepoName}}/{{.Issue.Number}}/assignees" hx-swap="outerHTML" style="margin-bottom:0.5rem;">
-    <div class="filter-bar" style="margin-bottom:0.5rem;">
-      <select name="assignee">
-        {{range .Collaborators}}
-        <option value="{{.}}">{{.}}</option>
-        {{end}}
-      </select>
-      <button type="submit" class="btn btn-secondary" style="width:auto;padding:0.5rem 1rem;">Assign</button>
-    </div>
-  </form>
-  {{end}}
   <form hx-post="/issues/{{.Issue.RepoOwner}}/{{.Issue.RepoName}}/{{.Issue.Number}}/labels" hx-swap="outerHTML" style="margin-bottom:0.5rem;">
     <div class="filter-bar" style="margin-bottom:0.5rem;">
       <select name="label_id">

internal/templates/issues.html

@@ -1,4 +1,25 @@
-{{define "cards"}}
+{{define "content"}}
+<h1>Issues</h1>
+
+<div class="filter-bar">
+  <select name="org" hx-get="/issues" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='state']">
+    <option value="">All orgs</option>
+    {{range .Orgs}}
+    <option value="{{.}}" {{if eq . $.SelectedOrg}}selected{{end}}>{{.}}</option>
+    {{end}}
+  </select>
+  <select name="state" hx-get="/issues" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='org']">
+    <option value="open" {{if eq .SelectedState "open"}}selected{{end}}>Open</option>
+    <option value="closed" {{if eq .SelectedState "closed"}}selected{{end}}>Closed</option>
+  </select>
+</div>
+
+{{if .Error}}
+<p class="empty">{{.Error}}</p>
+{{else if not .Issues}}
+<p class="empty">No issues found.</p>
+{{else}}
+<div id="issue-list">
   {{range .Issues}}
   <div class="card" hx-get="/issues/{{.RepoOwner}}/{{.RepoName}}/{{.Number}}" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true">
     <div class="card-title">{{.Title}}</div>
@@ -8,50 +29,16 @@
       <span class="label" style="color:#{{.Color}};border:1px solid #{{.Color}}">{{.Name}}</span>
       {{end}}
       {{if .Assignee}}
-      <img src="{{.Assignee.AvatarURL}}" alt="{{.Assignee.Login}}" class="avatar" title="Assigned to {{.Assignee.Login}}">
+      <span>{{.Assignee.Login}}</span>
       {{end}}
     </div>
   </div>
   {{end}}
   {{if .HasMore}}
-  <div class="scroll-sentinel" hx-get="/issues?page={{.NextPage}}&org={{.SelectedOrg}}&state={{.SelectedState}}&label={{.SelectedLabel}}&repo={{.SelectedRepo}}" hx-trigger="revealed" hx-swap="outerHTML" hx-target="this">
+  <div class="scroll-sentinel" hx-get="/issues?page={{.NextPage}}&org={{.SelectedOrg}}&state={{.SelectedState}}" hx-trigger="revealed" hx-swap="outerHTML" hx-target="this">
     <div class="spinner htmx-indicator"></div>
   </div>
   {{end}}
-{{end}}
-
-{{define "content"}}
-<h1>Issues</h1>
-
-<div class="filter-bar">
-  <select name="org" hx-get="/issues" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='state'],[name='label']">
-    <option value="">All orgs</option>
-    {{range .Orgs}}
-    <option value="{{.}}" {{if eq . $.SelectedOrg}}selected{{end}}>{{.}}</option>
-    {{end}}
-  </select>
-  {{if .Repos}}
-  <select name="repo" hx-get="/issues" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='org'],[name='state'],[name='label']">
-    <option value="">All repos</option>
-    {{range .Repos}}<option value="{{.}}" {{if eq . $.SelectedRepo}}selected{{end}}>{{.}}</option>{{end}}
-  </select>
-  {{end}}
-  <select name="state" hx-get="/issues" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='org'],[name='repo'],[name='label']">
-    <option value="open" {{if eq .SelectedState "open"}}selected{{end}}>Open</option>
-    <option value="closed" {{if eq .SelectedState "closed"}}selected{{end}}>Closed</option>
-  </select>
-  <input type="text" name="label" placeholder="Filter by label..." value="{{.SelectedLabel}}"
-         hx-get="/issues" hx-trigger="input changed delay:400ms" hx-target="#main-content"
-         hx-swap="innerHTML" hx-push-url="true" hx-include="[name='org'],[name='state'],[name='repo']">
-</div>
-
-{{if .Error}}
-<p class="empty">{{.Error}}</p>
-{{else if not .Issues}}
-<p class="empty">No issues found.</p>
-{{else}}
-<div id="issue-list">
-  {{template "cards" .}}
 </div>
 {{end}}
 {{end}}

internal/templates/layout.html

@@ -13,10 +13,6 @@
   <script src="/static/htmx.min.js"></script>
 </head>
 <body>
-  <header class="top-bar">
-    <span class="top-bar-title">Gitea Mobile</span>
-    <button class="refresh-btn" hx-get="" hx-target="#main-content" hx-swap="innerHTML" aria-label="Refresh">&#8635;</button>
-  </header>
   <div class="content" id="main-content">
     {{template "content" .}}
   </div>

internal/templates/pull_detail.html

@@ -4,7 +4,7 @@
 <div class="card">
   <div class="card-meta">
     <span class="type-badge type-pull">PR</span>
-    {{if eq .Pull.State "closed"}}<span class="state-closed">{{.Pull.State}}</span>{{else}}<span class="state-open">{{.Pull.State}}</span>{{end}}
+    <span class="state-open">{{.Pull.State}}</span>
     <span>{{.Pull.RepoOwner}}/{{.Pull.RepoName}} #{{.Pull.Number}}</span>
     {{range .Pull.Labels}}
     <span class="label" style="color:#{{.Color}};border:1px solid #{{.Color}}">{{.Name}}</span>
@@ -15,20 +15,7 @@
     <span class="diff-del">-{{.Pull.Deletions}}</span>
     {{if .Pull.Mergeable}}<span style="color:var(--accent-green);">Mergeable</span>{{end}}
   </div>
-  <div class="card-meta" style="margin-top:0.5rem;">
-    <span id="state-section">
-      {{if eq .Pull.State "closed"}}
-      <span class="state-closed" id="pull-state">{{.Pull.State}}</span>
-      <button class="btn btn-secondary" hx-post="/pulls/{{.Pull.RepoOwner}}/{{.Pull.RepoName}}/{{.Pull.Number}}/state" hx-vals='{"state":"open"}' hx-target="#state-section" hx-swap="innerHTML">Reopen PR</button>
-      {{else}}
-      <span class="state-open" id="pull-state">{{.Pull.State}}</span>
-      <button class="btn btn-danger" hx-post="/pulls/{{.Pull.RepoOwner}}/{{.Pull.RepoName}}/{{.Pull.Number}}/state" hx-vals='{"state":"closed"}' hx-target="#state-section" hx-swap="innerHTML">Close PR</button>
-      {{end}}
-    </span>
-  </div>
-  {{if .RenderedBody}}
-  <div class="card-body markdown-body">{{.RenderedBody}}</div>
-  {{else if .Pull.Body}}
+  {{if .Pull.Body}}
   <div class="card-body">{{.Pull.Body}}</div>
   {{end}}
 </div>
@@ -57,21 +44,4 @@
     <button type="submit" class="btn btn-primary">Submit Review</button>
   </form>
 </div>
-
-{{if .Comments}}
-<h2>Comments</h2>
-<div id="comments-list">
-{{range .Comments}}
-<div class="comment">
-  <div class="comment-header">
-    <strong>{{.User}}</strong>
-    <span>{{.CreatedAt}}</span>
-  </div>
-  <div class="comment-body">{{.Body}}</div>
-</div>
-{{end}}
-</div>
-{{else}}
-<p class="empty" style="margin-top:1rem;">No comments yet.</p>
-{{end}}
 {{end}}

internal/templates/pulls.html

@@ -1,4 +1,21 @@
-{{define "cards"}}
+{{define "content"}}
+<h1>Pull Requests</h1>
+
+<div class="filter-bar">
+  <select name="org" hx-get="/pulls" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true">
+    <option value="">All orgs</option>
+    {{range .Orgs}}
+    <option value="{{.}}" {{if eq . $.SelectedOrg}}selected{{end}}>{{.}}</option>
+    {{end}}
+  </select>
+</div>
+
+{{if .Error}}
+<p class="empty">{{.Error}}</p>
+{{else if not .Pulls}}
+<p class="empty">No open pull requests found.</p>
+{{else}}
+<div id="pull-list">
   {{range .Pulls}}
   <div class="card" hx-get="/pulls/{{.RepoOwner}}/{{.RepoName}}/{{.Number}}" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true">
     <div class="card-title">
@@ -12,55 +29,10 @@
       {{end}}
       <span class="diff-add">+{{.Additions}}</span>
       <span class="diff-del">-{{.Deletions}}</span>
-      {{if eq .ReviewState "approved"}}<span class="review-badge review-approved" title="Approved">&#10003;</span>
-      {{else if eq .ReviewState "changes_requested"}}<span class="review-badge review-changes" title="Changes requested">&#10007;</span>
-      {{else if eq .ReviewState "pending"}}<span class="review-badge review-pending" title="Awaiting review">&#9202;</span>
-      {{end}}
-      {{if .Mergeable}}<span class="merge-badge merge-ready" title="Ready to merge">&#9654; Ready</span>
-      {{else}}<span class="merge-badge merge-conflicts" title="Has conflicts or not mergeable">Conflicts</span>
-      {{end}}
+      {{if .Mergeable}}<span style="color:var(--accent-green);font-size:0.7rem;">mergeable</span>{{end}}
     </div>
   </div>
   {{end}}
-  {{if .HasMore}}
-  <div class="scroll-sentinel" hx-get="/pulls?page={{.NextPage}}&org={{.SelectedOrg}}&state={{.SelectedState}}&label={{.SelectedLabel}}&repo={{.SelectedRepo}}" hx-trigger="revealed" hx-swap="outerHTML" hx-target="this">
-    <div class="spinner htmx-indicator"></div>
-  </div>
-  {{end}}
-{{end}}
-
-{{define "content"}}
-<h1>Pull Requests</h1>
-
-<div class="filter-bar">
-  <select name="org" hx-get="/pulls" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='state'],[name='label']">
-    <option value="">All orgs</option>
-    {{range .Orgs}}
-    <option value="{{.}}" {{if eq . $.SelectedOrg}}selected{{end}}>{{.}}</option>
-    {{end}}
-  </select>
-  {{if .Repos}}
-  <select name="repo" hx-get="/pulls" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='org'],[name='state'],[name='label']">
-    <option value="">All repos</option>
-    {{range .Repos}}<option value="{{.}}" {{if eq . $.SelectedRepo}}selected{{end}}>{{.}}</option>{{end}}
-  </select>
-  {{end}}
-  <select name="state" hx-get="/pulls" hx-trigger="change" hx-target="#main-content" hx-swap="innerHTML" hx-push-url="true" hx-include="[name='org'],[name='repo'],[name='label']">
-    <option value="open" {{if eq .SelectedState "open"}}selected{{end}}>Open</option>
-    <option value="closed" {{if eq .SelectedState "closed"}}selected{{end}}>Closed</option>
-  </select>
-  <input type="text" name="label" placeholder="Filter by label..." value="{{.SelectedLabel}}"
-         hx-get="/pulls" hx-trigger="input changed delay:400ms" hx-target="#main-content"
-         hx-swap="innerHTML" hx-push-url="true" hx-include="[name='org'],[name='state'],[name='repo']">
-</div>
-
-{{if .Error}}
-<p class="empty">{{.Error}}</p>
-{{else if not .Pulls}}
-<p class="empty">No {{.SelectedState}} pull requests found.</p>
-{{else}}
-<div id="pull-list">
-  {{template "cards" .}}
 </div>
 {{end}}
 {{end}}

internal/templates/settings.html

@@ -1,83 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover">
-  <title>Settings — Gitea Mobile</title>
-  <style>
-    * { box-sizing: border-box; margin: 0; padding: 0; }
-    body {
-      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
-      background: #0d1117; color: #e6edf3;
-      padding: 1rem;
-      padding-top: max(1rem, env(safe-area-inset-top));
-    }
-    h1 { font-size: 1.5rem; margin-bottom: 1rem; }
-    .card {
-      background: #161b22; border: 1px solid #30363d; border-radius: 8px;
-      padding: 1rem; margin-bottom: 1rem;
-    }
-    label { display: block; font-size: 0.875rem; color: #8b949e; margin-bottom: 0.5rem; }
-    input[type="text"], input[type="password"] {
-      width: 100%; padding: 0.5rem; font-size: 1rem;
-      background: #0d1117; border: 1px solid #30363d; border-radius: 6px;
-      color: #e6edf3; margin-bottom: 1rem;
-    }
-    input:focus { outline: none; border-color: #58a6ff; }
-    button {
-      width: 100%; padding: 0.75rem; font-size: 1rem; font-weight: 600;
-      background: #238636; color: #fff; border: none; border-radius: 6px;
-      cursor: pointer;
-    }
-    button:active { background: #2ea043; }
-    .message {
-      padding: 0.75rem; border-radius: 6px; margin-bottom: 1rem;
-      font-size: 0.875rem;
-    }
-    .message.success { background: #0d2818; border: 1px solid #238636; color: #3fb950; }
-    .message.error { background: #2d1117; border: 1px solid #da3633; color: #f85149; }
-    .message.info { background: #0c1d2e; border: 1px solid #1f6feb; color: #58a6ff; }
-    .hint { font-size: 0.75rem; color: #8b949e; margin-top: 0.25rem; margin-bottom: 1rem; }
-    .status { font-size: 0.875rem; color: #8b949e; }
-    .status .connected { color: #3fb950; }
-    .logout-btn {
-      background: #21262d; border: 1px solid #30363d; margin-top: 0.5rem;
-    }
-    .logout-btn:active { background: #30363d; }
-  </style>
-</head>
-<body>
-  <h1>Settings</h1>
-
-  {{if .Message}}
-  <div class="message {{.MessageType}}">{{.Message}}</div>
-  {{end}}
-
-  {{if .HasToken}}
-  <div class="card">
-    <p class="status">Status: <span class="connected">Connected</span></p>
-    <p class="hint">A Gitea API token is configured.</p>
-    <form method="POST" action="/settings">
-      <input type="hidden" name="action" value="logout">
-      <button type="submit" class="logout-btn">Remove Token</button>
-    </form>
-  </div>
-  {{end}}
-
-  <div class="card">
-    <form method="POST" action="/settings">
-      <input type="hidden" name="action" value="save">
-      <label for="token">Gitea API Token</label>
-      <input type="password" id="token" name="token" placeholder="Enter your Gitea API token" required>
-      <p class="hint">Generate a token at your Gitea instance under Settings &rarr; Applications.</p>
-      <button type="submit">{{if .HasToken}}Update Token{{else}}Save Token{{end}}</button>
-    </form>
-  </div>
-
-  {{if .HasToken}}
-  <p style="text-align:center; margin-top:1rem;">
-    <a href="/" style="color:#58a6ff; text-decoration:none;">Back to Dashboard</a>
-  </p>
-  {{end}}
-</body>
-</html>

static/style.css

@@ -47,53 +47,10 @@ body {
   -moz-osx-font-smoothing: grayscale;
 }
 
-/* Top bar */
-.top-bar {
-  position: sticky;
-  top: 0;
-  z-index: 100;
-  display: flex;
-  align-items: center;
-  justify-content: space-between;
-  padding: var(--spacing-sm) var(--spacing-lg);
-  padding-top: max(var(--spacing-sm), env(safe-area-inset-top));
-  background: var(--bg-secondary);
-  border-bottom: 1px solid var(--border);
-}
-
-.top-bar-title {
-  font-size: var(--font-base);
-  font-weight: 600;
-  color: var(--text-primary);
-}
-
-.refresh-btn {
-  background: none;
-  border: none;
-  color: var(--text-secondary);
-  font-size: 1.4rem;
-  padding: var(--spacing-xs) var(--spacing-sm);
-  cursor: pointer;
-  -webkit-tap-highlight-color: transparent;
-  line-height: 1;
-  border-radius: var(--radius-sm);
-  transition: color 0.15s ease, background 0.15s ease;
-}
-
-.refresh-btn:active {
-  color: var(--accent-blue);
-  background: var(--bg-tertiary);
-}
-
-.refresh-btn.htmx-request {
-  animation: spin 0.6s linear infinite;
-  pointer-events: none;
-}
-
 /* Content area */
 .content {
   padding: var(--spacing-lg);
-  padding-top: var(--spacing-lg);
+  padding-top: max(var(--spacing-lg), env(safe-area-inset-top));
   max-width: 640px;
   margin: 0 auto;
 }
@@ -419,29 +376,6 @@ a:active {
   vertical-align: middle;
 }
 
-/* Review status badges */
-.review-badge {
-  font-size: 0.7rem;
-  font-weight: 600;
-  padding: 1px 4px;
-  border-radius: var(--radius-pill);
-  vertical-align: middle;
-}
-.review-approved { color: var(--accent-green); }
-.review-changes { color: var(--accent-red); }
-.review-pending { color: var(--accent-yellow); }
-
-/* Merge status badges */
-.merge-badge {
-  font-size: 0.65rem;
-  font-weight: 600;
-  padding: 1px 5px;
-  border-radius: var(--radius-pill);
-  vertical-align: middle;
-}
-.merge-ready { color: var(--accent-green); border: 1px solid var(--accent-green); }
-.merge-conflicts { color: var(--accent-red); border: 1px solid var(--accent-red); }
-
 /* Empty state */
 .empty {
   text-align: center;
@@ -510,17 +444,13 @@ a:active {
     max-width: 960px;
   }
 
-  .card-grid,
-  #issue-list,
-  #pull-list {
+  .card-grid {
     display: grid;
     grid-template-columns: repeat(2, 1fr);
     gap: var(--spacing-sm);
   }
 
-  .card-grid .card,
-  #issue-list .card,
-  #pull-list .card {
+  .card-grid .card {
     margin-bottom: 0;
   }
 }
@@ -545,56 +475,3 @@ a:active {
     --text-link: #0969da;
   }
 }
-
-/* Error page */
-.error-page {
-  display: flex;
-  flex-direction: column;
-  align-items: center;
-  justify-content: center;
-  min-height: 60vh;
-  text-align: center;
-  padding: var(--spacing-lg);
-}
-
-.error-icon {
-  color: var(--text-secondary);
-  margin-bottom: var(--spacing-lg);
-}
-
-.error-code {
-  font-size: 4rem;
-  font-weight: 700;
-  color: var(--text-primary);
-  line-height: 1;
-  margin-bottom: var(--spacing-sm);
-}
-
-.error-title {
-  font-size: var(--font-xl);
-  color: var(--text-primary);
-  margin-bottom: var(--spacing-sm);
-}
-
-.error-message {
-  font-size: var(--font-base);
-  color: var(--text-secondary);
-  margin-bottom: var(--spacing-lg);
-  max-width: 300px;
-}
-
-.error-home-link {
-  display: inline-block;
-  padding: var(--spacing-sm) var(--spacing-lg);
-  background: var(--accent-blue);
-  color: #fff;
-  border-radius: var(--radius);
-  text-decoration: none;
-  font-size: var(--font-base);
-  font-weight: 500;
-  transition: opacity 0.15s;
-}
-
-.error-home-link:active {
-  opacity: 0.8;
-}