chore: add go vet step to CI workflow before tests

Add a `go vet ./...` step that runs before `go test -race ./...` in the CI pipeline. This catches format string errors, unreachable code, and other static analysis issues early. Verified locally: `go vet ./...` exits 0 with no warnings. Closes leeworks-agents/gitea-mobile#154 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Merge pull request 'chore: improve light mode CSS and document size rationale' (#152 ) from feature/dark-mode-validation-119 into master
2026-03-28 23:06:43 +00:00 · 2026-03-28 22:03:54 +00:00 · 2026-03-28 22:03:46 +00:00 · 2026-03-28 22:03:32 +00:00 · 2026-03-28 22:03:28 +00:00 · 2026-03-28 21:05:36 +00:00
11 changed files with 1884 additions and 23 deletions
@@ -0,0 +1,44 @@
+root = "."
+testdata_dir = "testdata"
+tmp_dir = "tmp"
+
+[build]
+  args_bin = []
+  bin = "./tmp/main"
+  cmd = "go build -o ./tmp/main ./cmd/server"
+  delay = 500
+  exclude_dir = ["assets", "tmp", "vendor", "testdata", ".git", "node_modules"]
+  exclude_file = []
+  exclude_regex = ["_test\\.go$"]
+  exclude_unchanged = false
+  follow_symlink = false
+  full_bin = ""
+  include_dir = []
+  include_ext = ["go", "html", "css", "js"]
+  include_file = []
+  kill_delay = "0s"
+  log = "build-errors.log"
+  poll = false
+  poll_interval = 0
+  rerun = false
+  rerun_delay = 500
+  send_interrupt = false
+  stop_on_error = false
+
+[color]
+  app = ""
+  build = "yellow"
+  main = "magenta"
+  runner = "green"
+  watcher = "cyan"
+
+[log]
+  main_only = false
+  time = false
+
+[misc]
+  clean_on_exit = true
+
+[screen]
+  clear_on_rebuild = false
+  keep_scroll = true
@@ -15,6 +15,9 @@ jobs:
        with:
          go-version: '1.22'

+      - name: Vet
+        run: go vet ./...
+
      - name: Run tests
        run: go test -race ./...

@@ -0,0 +1,116 @@
+# Gitea Mobile
+
+A mobile-first Progressive Web App (PWA) for managing Gitea issues and pull requests across multiple repositories and organizations from an iPhone. Built with Go, HTMX, and hand-rolled CSS -- no JavaScript frameworks, no build step, no node_modules.
+
+## Tech Stack
+
+| Layer | Choice |
+|-------|--------|
+| Backend | Go + Gitea SDK (`code.gitea.io/sdk/gitea`) |
+| Frontend | HTMX + Go `html/template` + hand-rolled CSS |
+| Container | Multi-stage Dockerfile -> distroless (~15MB) |
+| Deployment | Kustomize manifests + FluxCD GitOps |
+
+## Project Structure
+
+```
+/
+├── cmd/server/main.go          # entrypoint
+├── internal/
+│   ├── config/config.go        # env-based configuration
+│   ├── gitea/client.go         # Gitea SDK wrapper / aggregation layer
+│   ├── handlers/               # HTTP handlers (issues, PRs, triage, settings)
+│   ├── auth/                   # cookie-based token auth
+│   ├── middleware/              # auth middleware, logging
+│   └── templates/              # Go html/template files (for HTMX)
+├── static/                     # CSS, JS (htmx.min.js), icons, manifest
+├── .gitea/workflows/build.yaml # CI pipeline (Gitea Actions)
+├── Dockerfile
+├── flake.nix                   # Nix dev shell with Go + air
+└── go.mod
+```
+
+## Local Development
+
+### Prerequisites
+
+- [Nix](https://nixos.org/download/) with flakes enabled, **or** Go 1.22+
+- A Gitea instance with an API token
+
+### Quick Start
+
+```bash
+# Enter the Nix dev shell (provides Go, gopls, air)
+nix develop
+
+# Set required environment variables
+export GITEA_URL=https://gitea.leeworks.dev
+export SESSION_SECRET=$(openssl rand -hex 32)
+
+# Optional: set a default API token
+export GITEA_TOKEN=your-gitea-api-token
+
+# Start the server with live reload
+air
+```
+
+If you are not using Nix, install Go 1.22+ and [air](https://github.com/air-verse/air) manually, then run the same commands above starting from the export lines.
+
+### Environment Variables
+
+| Variable | Required | Default | Description |
+|----------|----------|---------|-------------|
+| `GITEA_URL` | Yes | -- | Base URL of the Gitea instance |
+| `SESSION_SECRET` | Yes | -- | HMAC key for signing session cookies (min 32 chars) |
+| `GITEA_TOKEN` | No | -- | Default API token (users can set their own via the settings page) |
+| `LISTEN_ADDR` | No | `:8080` | Server listen address |
+
+### Live Reload with Air
+
+The dev shell includes [air](https://github.com/air-verse/air) for automatic recompilation on file changes. Configuration is in `.air.toml`. Air watches `.go` and `.html` files under `cmd/`, `internal/`, and `static/` and rebuilds/restarts the server automatically.
+
+## Running Tests
+
+```bash
+# Run all tests
+go test ./...
+
+# Run tests with race detection
+go test -race ./...
+```
+
+## Building the Container
+
+```bash
+# Build the Docker image
+docker build -t gitea-mobile .
+
+# Run locally
+docker run -p 8080:8080 \
+  -e GITEA_URL=https://gitea.leeworks.dev \
+  -e SESSION_SECRET=$(openssl rand -hex 32) \
+  gitea-mobile
+```
+
+The Dockerfile uses a multi-stage build: Go binary compiled in an Alpine builder stage, then copied into a distroless image (~15MB final size).
+
+## Deployment
+
+Kubernetes manifests for this app live in the Talos cluster repo under `testing1/first-cluster/apps/gitea-mobile/`. FluxCD syncs from that repo and handles automated image updates via `ImagePolicy` annotations.
+
+Key deployment resources:
+- `deployment.yaml` -- Pod spec with health checks
+- `service.yaml` -- ClusterIP service on port 8080
+- `ingressroute.yaml` -- Traefik IngressRoute for `gitea-mobile.testing.leeworks.dev`
+- `kustomization.yaml` -- Kustomize overlay
+
+## Contributing
+
+1. Fork the repository
+2. Create a feature branch: `git checkout -b feature/your-feature`
+3. Make your changes and add tests
+4. Run `go test -race ./...` to verify
+5. Commit with a clear message referencing the issue number
+6. Push to your fork and open a pull request
+
+All PRs target the fork (`leeworks-agents/gitea-mobile`), not the upstream repo.
@@ -0,0 +1,148 @@
+# Post-Deployment Smoke Test Runbook
+
+Smoke test procedure for verifying gitea-mobile after deployment to the Talos cluster.
+
+## Pre-conditions
+
+Before running the smoke test, confirm:
+
+- [ ] FluxCD has reconciled the latest manifests: `flux get kustomizations -n flux-system`
+- [ ] The gitea-mobile pod is Running: `kubectl get pods -n gitea-mobile`
+- [ ] The IngressRoute is active: `kubectl get ingressroute -n gitea-mobile`
+- [ ] DNS resolves `gitea-mobile.testing.leeworks.dev` to the cluster ingress
+
+## Step 1: Pod Health
+
+```bash
+# Verify the pod is running and ready
+kubectl get pods -n gitea-mobile
+# Expected: STATUS=Running, READY=1/1
+
+# Check pod logs for startup errors
+kubectl logs -n gitea-mobile deployment/gitea-mobile --tail=20
+# Expected: JSON log line with "server starting" message
+```
+
+## Step 2: Health Endpoint
+
+```bash
+# Hit the health check endpoint from inside the cluster
+kubectl exec -n gitea-mobile deployment/gitea-mobile -- wget -qO- http://localhost:8080/health
+# Expected: HTTP 200
+
+# Hit the health check endpoint from outside the cluster
+curl -s -o /dev/null -w "%{http_code}" https://gitea-mobile.testing.leeworks.dev/health
+# Expected: 200
+```
+
+## Step 3: TLS and Ingress
+
+```bash
+# Verify TLS certificate is valid
+curl -vI https://gitea-mobile.testing.leeworks.dev 2>&1 | grep "SSL certificate"
+# Expected: valid certificate from Let's Encrypt or cluster CA
+
+# Verify the app responds with HTML
+curl -s https://gitea-mobile.testing.leeworks.dev | head -5
+# Expected: HTML document with <html> tag
+```
+
+## Step 4: Authentication Flow
+
+1. Open `https://gitea-mobile.testing.leeworks.dev` in a browser
+2. Navigate to the Settings page (`/settings`)
+3. Enter a valid Gitea API token
+4. Submit the form
+5. **Expected**: Token is saved, page confirms success
+6. Navigate back to the Issues tab
+7. **Expected**: Issues load from the Gitea API using the saved token
+
+## Step 5: Core Functionality -- Issues
+
+1. Navigate to the Issues tab (`/issues`)
+2. **Expected**: Cross-org issues load and display with titles, labels, and timestamps
+3. Tap on an issue to expand details
+4. **Expected**: Issue body renders correctly
+5. Use the filter dropdown to filter by repo or label
+6. **Expected**: List updates via HTMX without full page reload
+
+## Step 6: Core Functionality -- Pull Requests
+
+1. Navigate to the PRs tab (`/pulls`)
+2. **Expected**: Pull requests load with review status icons
+3. Tap on a PR to see details
+4. **Expected**: PR diff summary or review status displays correctly
+
+## Step 7: Core Functionality -- Triage Queue
+
+1. Navigate to the Triage tab (`/triage`)
+2. **Expected**: Unassigned issues and PRs awaiting review appear sorted by priority
+
+## Step 8: Create Issue (Write Operation)
+
+1. Navigate to the new issue form
+2. Fill in title: `[smoke-test] Automated verification`
+3. Fill in body: `This issue was created during smoke testing. Safe to close.`
+4. Submit the form
+5. **Expected**: Issue is created successfully in Gitea
+6. Verify in Gitea web UI that the issue exists
+7. Close and delete the test issue after verification
+
+## Step 9: Apply Label (Write Operation)
+
+1. On any test issue, attempt to apply a label
+2. **Expected**: Label is applied via the Gitea API and reflected in the UI
+
+## Step 10: PWA / iPhone Safari
+
+1. Open `https://gitea-mobile.testing.leeworks.dev` on iPhone Safari
+2. **Expected**: App loads with mobile-optimized layout, no horizontal scroll
+3. Tap "Add to Home Screen" from the Safari share menu
+4. **Expected**: App icon appears on the home screen (apple-touch-icon)
+5. Launch from the home screen
+6. **Expected**: App opens in standalone mode (no Safari browser chrome)
+7. Verify bottom navigation does not overlap with iPhone home indicator
+8. Toggle device dark mode in Settings
+9. **Expected**: App switches between dark and light themes via `prefers-color-scheme`
+10. See issue #93 for the full PWA validation checklist
+
+## Expected Results Summary
+
+| Step | Check | Expected |
+|------|-------|----------|
+| 1 | Pod status | Running, Ready 1/1 |
+| 2 | `/health` | HTTP 200 |
+| 3 | TLS | Valid cert, HTML response |
+| 4 | Auth | Token saved, API calls work |
+| 5 | Issues | List loads, filter works |
+| 6 | PRs | List loads with review status |
+| 7 | Triage | Queue displays correctly |
+| 8 | Create issue | Issue created in Gitea |
+| 9 | Apply label | Label applied via API |
+| 10 | PWA | Standalone mode, safe areas, dark mode |
+
+## Rollback Procedure
+
+If the deployment is broken or the app is not functioning:
+
+```bash
+# Roll back to the previous deployment revision
+kubectl rollout undo deployment/gitea-mobile -n gitea-mobile
+
+# Verify the rollback
+kubectl rollout status deployment/gitea-mobile -n gitea-mobile
+# Expected: "deployment successfully rolled out"
+
+# Check that the previous image tag is running
+kubectl get deployment gitea-mobile -n gitea-mobile -o jsonpath='{.spec.template.spec.containers[0].image}'
+```
+
+If FluxCD keeps reconciling back to the broken version, suspend reconciliation temporarily:
+
+```bash
+# Suspend Flux reconciliation
+flux suspend kustomization gitea-mobile -n flux-system
+
+# After fixing the issue, resume
+flux resume kustomization gitea-mobile -n flux-system
+```
@@ -8,8 +8,11 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"log/slog"
+	"math"
 	"net/http"
 	"sort"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -27,6 +30,11 @@ type Client struct {
 	maxConcurrent int
 	// cacheTTL controls how long cache entries remain valid.
 	cacheTTL time.Duration
+
+	// maxRetries is the maximum number of retries for rate-limited requests.
+	maxRetries int
+	// baseRetryDelay is the initial backoff delay before the first retry.
+	baseRetryDelay time.Duration
 }

 type cacheEntry struct {
@@ -132,21 +140,43 @@ func NewClient(baseURL string) *Client {
 		cache:          make(map[string]*cacheEntry),
 		maxConcurrent:  5,
 		cacheTTL:       30 * time.Second,
+		maxRetries:     3,
+		baseRetryDelay: 1 * time.Second,
 	}
 }

 // doRequest performs an authenticated HTTP request to the Gitea API.
+// It automatically retries on HTTP 429 (rate limit) responses with
+// exponential backoff, respecting the Retry-After header when present.
 func (c *Client) doRequest(ctx context.Context, token, method, path string, body io.Reader) (*http.Response, error) {
 	url := c.baseURL + "/api/v1" + path

-	req, err := http.NewRequestWithContext(ctx, method, url, body)
+	// Read the body once so we can replay it on retries.
+	var bodyBytes []byte
+	if body != nil {
+		var err error
+		bodyBytes, err = io.ReadAll(body)
+		if err != nil {
+			return nil, fmt.Errorf("reading request body: %w", err)
+		}
+	}
+
+	var lastErr error
+	for attempt := 0; attempt <= c.maxRetries; attempt++ {
+		// Recreate the body reader for each attempt.
+		var reqBody io.Reader
+		if bodyBytes != nil {
+			reqBody = strings.NewReader(string(bodyBytes))
+		}
+
+		req, err := http.NewRequestWithContext(ctx, method, url, reqBody)
 		if err != nil {
 			return nil, fmt.Errorf("creating request: %w", err)
 		}

 		req.Header.Set("Authorization", "token "+token)
 		req.Header.Set("Accept", "application/json")
-	if body != nil {
+		if bodyBytes != nil {
 			req.Header.Set("Content-Type", "application/json")
 		}

@@ -155,15 +185,56 @@ func (c *Client) doRequest(ctx context.Context, token, method, path string, body
 			return nil, fmt.Errorf("executing request: %w", err)
 		}

+		// Not rate-limited: handle normally.
+		if resp.StatusCode != http.StatusTooManyRequests {
 			if resp.StatusCode >= 400 {
 				defer resp.Body.Close()
 				respBody, _ := io.ReadAll(resp.Body)
 				return nil, fmt.Errorf("API error %d: %s", resp.StatusCode, string(respBody))
 			}
-
 			return resp, nil
 		}

+		// Rate-limited (429): close body and compute retry delay.
+		resp.Body.Close()
+
+		if attempt == c.maxRetries {
+			lastErr = fmt.Errorf("API rate limit exceeded after %d retries (429)", c.maxRetries)
+			break
+		}
+
+		delay := c.retryDelay(resp, attempt)
+		slog.Warn("rate limited by Gitea API, retrying",
+			"attempt", attempt+1,
+			"max_retries", c.maxRetries,
+			"delay", delay,
+			"path", path,
+		)
+
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		case <-time.After(delay):
+			// Continue to next attempt.
+		}
+	}
+
+	return nil, lastErr
+}
+
+// retryDelay computes the delay before the next retry attempt. It uses the
+// Retry-After header value (in seconds) if present, otherwise falls back to
+// exponential backoff: baseRetryDelay * 2^attempt.
+func (c *Client) retryDelay(resp *http.Response, attempt int) time.Duration {
+	if ra := resp.Header.Get("Retry-After"); ra != "" {
+		if seconds, err := strconv.Atoi(ra); err == nil && seconds > 0 {
+			return time.Duration(seconds) * time.Second
+		}
+	}
+	// Exponential backoff: 1s, 2s, 4s, ...
+	return c.baseRetryDelay * time.Duration(math.Pow(2, float64(attempt)))
+}
+
 // getFromCache returns cached data if still valid.
 func (c *Client) getFromCache(key string) (interface{}, bool) {
 	c.mu.RLock()
@@ -1298,3 +1298,161 @@ func TestListAllPullRequests_Pagination(t *testing.T) {
 		t.Error("page 2: HasMore should be false")
 	}
 }
+
+func TestDoRequest_RateLimitRetry(t *testing.T) {
+	attempts := 0
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		attempts++
+		if attempts <= 2 {
+			w.Header().Set("Retry-After", "0")
+			w.WriteHeader(http.StatusTooManyRequests)
+			return
+		}
+		w.WriteHeader(http.StatusOK)
+		fmt.Fprint(w, `[{"username":"test-org"}]`)
+	}))
+	defer srv.Close()
+
+	c := NewClient(srv.URL)
+	c.maxRetries = 3
+	c.baseRetryDelay = 1 * time.Millisecond // Fast for tests.
+
+	resp, err := c.doRequest(context.Background(), "test-token", "GET", "/user/orgs", nil)
+	if err != nil {
+		t.Fatalf("expected success after retries, got: %v", err)
+	}
+	resp.Body.Close()
+
+	if attempts != 3 {
+		t.Errorf("expected 3 attempts, got %d", attempts)
+	}
+}
+
+func TestDoRequest_RateLimitExhausted(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusTooManyRequests)
+	}))
+	defer srv.Close()
+
+	c := NewClient(srv.URL)
+	c.maxRetries = 2
+	c.baseRetryDelay = 1 * time.Millisecond
+
+	_, err := c.doRequest(context.Background(), "test-token", "GET", "/user/orgs", nil)
+	if err == nil {
+		t.Fatal("expected error after exhausting retries")
+	}
+	if !strings.Contains(err.Error(), "rate limit exceeded") {
+		t.Errorf("expected rate limit error, got: %v", err)
+	}
+}
+
+func TestDoRequest_RateLimitWithRetryAfterHeader(t *testing.T) {
+	attempts := 0
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		attempts++
+		if attempts == 1 {
+			w.Header().Set("Retry-After", "1")
+			w.WriteHeader(http.StatusTooManyRequests)
+			return
+		}
+		w.WriteHeader(http.StatusOK)
+		fmt.Fprint(w, `[]`)
+	}))
+	defer srv.Close()
+
+	c := NewClient(srv.URL)
+	c.maxRetries = 3
+	c.baseRetryDelay = 1 * time.Millisecond
+
+	start := time.Now()
+	resp, err := c.doRequest(context.Background(), "test-token", "GET", "/user/orgs", nil)
+	elapsed := time.Since(start)
+	if err != nil {
+		t.Fatalf("expected success, got: %v", err)
+	}
+	resp.Body.Close()
+
+	// Retry-After: 1 means 1 second delay.
+	if elapsed < 900*time.Millisecond {
+		t.Errorf("expected at least ~1s delay from Retry-After header, got %v", elapsed)
+	}
+}
+
+func TestDoRequest_RateLimitCancelledContext(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Retry-After", "60")
+		w.WriteHeader(http.StatusTooManyRequests)
+	}))
+	defer srv.Close()
+
+	c := NewClient(srv.URL)
+	c.maxRetries = 3
+	c.baseRetryDelay = 1 * time.Millisecond
+
+	ctx, cancel := context.WithTimeout(context.Background(), 50*time.Millisecond)
+	defer cancel()
+
+	_, err := c.doRequest(ctx, "test-token", "GET", "/user/orgs", nil)
+	if err == nil {
+		t.Fatal("expected error from cancelled context")
+	}
+}
+
+func TestDoRequest_NonRateLimitErrorNotRetried(t *testing.T) {
+	attempts := 0
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		attempts++
+		w.WriteHeader(http.StatusForbidden)
+		fmt.Fprint(w, `{"message":"forbidden"}`)
+	}))
+	defer srv.Close()
+
+	c := NewClient(srv.URL)
+	c.maxRetries = 3
+	c.baseRetryDelay = 1 * time.Millisecond
+
+	_, err := c.doRequest(context.Background(), "test-token", "GET", "/user/orgs", nil)
+	if err == nil {
+		t.Fatal("expected error for 403")
+	}
+	if attempts != 1 {
+		t.Errorf("expected only 1 attempt for non-429 error, got %d", attempts)
+	}
+}
+
+func TestRetryDelay_WithRetryAfterHeader(t *testing.T) {
+	c := NewClient("https://example.com")
+	c.baseRetryDelay = 1 * time.Second
+
+	resp := &http.Response{Header: http.Header{}}
+	resp.Header.Set("Retry-After", "5")
+
+	delay := c.retryDelay(resp, 0)
+	if delay != 5*time.Second {
+		t.Errorf("expected 5s from Retry-After, got %v", delay)
+	}
+}
+
+func TestRetryDelay_ExponentialBackoff(t *testing.T) {
+	c := NewClient("https://example.com")
+	c.baseRetryDelay = 1 * time.Second
+
+	resp := &http.Response{Header: http.Header{}}
+
+	tests := []struct {
+		attempt int
+		want    time.Duration
+	}{
+		{0, 1 * time.Second},
+		{1, 2 * time.Second},
+		{2, 4 * time.Second},
+	}
+
+	for _, tt := range tests {
+		delay := c.retryDelay(resp, tt.attempt)
+		if delay != tt.want {
+			t.Errorf("attempt %d: got %v, want %v", tt.attempt, delay, tt.want)
+		}
+	}
+}
@@ -181,11 +181,58 @@ func renderPage(w http.ResponseWriter, r *http.Request, title, activeTab string,
 	}
 }

+// errorData holds the template data for error pages.
+type errorData struct {
+	Code    int
+	Title   string
+	Message string
+}
+
+// ErrorNotFound renders a mobile-friendly 404 error page.
+func (h *Handler) ErrorNotFound(w http.ResponseWriter, r *http.Request) {
+	data := errorData{
+		Code:    http.StatusNotFound,
+		Title:   "Page Not Found",
+		Message: "The page you are looking for does not exist or has been moved.",
+	}
+	h.renderError(w, r, data)
+}
+
+// ErrorInternal renders a mobile-friendly 500 error page.
+func (h *Handler) ErrorInternal(w http.ResponseWriter, r *http.Request) {
+	data := errorData{
+		Code:    http.StatusInternalServerError,
+		Title:   "Internal Server Error",
+		Message: "Something went wrong on our end. Please try again later.",
+	}
+	h.renderError(w, r, data)
+}
+
+// renderError renders the error template with the given data and status code.
+func (h *Handler) renderError(w http.ResponseWriter, r *http.Request, data errorData) {
+	tmpl, err := template.ParseFiles("internal/templates/error.html")
+	if err != nil {
+		slog.Error("failed to parse error template", "error", err)
+		http.Error(w, fmt.Sprintf("%d %s", data.Code, data.Title), data.Code)
+		return
+	}
+
+	var buf strings.Builder
+	if err := tmpl.ExecuteTemplate(&buf, "content", data); err != nil {
+		slog.Error("failed to execute error template", "error", err)
+		http.Error(w, fmt.Sprintf("%d %s", data.Code, data.Title), data.Code)
+		return
+	}
+
+	w.WriteHeader(data.Code)
+	renderPage(w, r, data.Title, "", buf.String())
+}
+
 // Dashboard handles GET / — the triage queue.
 func (h *Handler) Dashboard(w http.ResponseWriter, r *http.Request) {
 	// Only handle exact root path.
 	if r.URL.Path != "/" {
-		http.NotFound(w, r)
+		h.ErrorNotFound(w, r)
 		return
 	}

@@ -183,6 +183,87 @@ func TestAddComment_EmptyBody(t *testing.T) {
 	}
 }

+func TestErrorNotFound(t *testing.T) {
+	h := newTestHandler()
+	req := httptest.NewRequest(http.MethodGet, "/nonexistent", nil)
+	w := httptest.NewRecorder()
+
+	h.ErrorNotFound(w, req)
+
+	if w.Code != http.StatusNotFound {
+		t.Errorf("status = %d, want %d", w.Code, http.StatusNotFound)
+	}
+	body := w.Body.String()
+	if body == "" {
+		t.Error("expected non-empty response body")
+	}
+	if !contains(body, "404") {
+		t.Error("expected body to contain '404'")
+	}
+	if !contains(body, "Page Not Found") {
+		t.Error("expected body to contain 'Page Not Found'")
+	}
+}
+
+func TestErrorInternal(t *testing.T) {
+	h := newTestHandler()
+	req := httptest.NewRequest(http.MethodGet, "/error", nil)
+	w := httptest.NewRecorder()
+
+	h.ErrorInternal(w, req)
+
+	if w.Code != http.StatusInternalServerError {
+		t.Errorf("status = %d, want %d", w.Code, http.StatusInternalServerError)
+	}
+	body := w.Body.String()
+	if body == "" {
+		t.Error("expected non-empty response body")
+	}
+	if !contains(body, "500") {
+		t.Error("expected body to contain '500'")
+	}
+	if !contains(body, "Internal Server Error") {
+		t.Error("expected body to contain 'Internal Server Error'")
+	}
+}
+
+func TestDashboard_NonRootPath_Returns404(t *testing.T) {
+	h := newTestHandler()
+	req := httptest.NewRequest(http.MethodGet, "/unknown/path", nil)
+	w := httptest.NewRecorder()
+
+	h.Dashboard(w, req)
+
+	if w.Code != http.StatusNotFound {
+		t.Errorf("status = %d, want %d", w.Code, http.StatusNotFound)
+	}
+	body := w.Body.String()
+	if !contains(body, "404") {
+		t.Error("expected body to contain '404' for non-root path")
+	}
+}
+
+func TestErrorNotFound_HTMX(t *testing.T) {
+	h := newTestHandler()
+	req := httptest.NewRequest(http.MethodGet, "/nonexistent", nil)
+	req.Header.Set("HX-Request", "true")
+	w := httptest.NewRecorder()
+
+	h.ErrorNotFound(w, req)
+
+	if w.Code != http.StatusNotFound {
+		t.Errorf("status = %d, want %d", w.Code, http.StatusNotFound)
+	}
+	body := w.Body.String()
+	// HTMX response should not contain DOCTYPE.
+	if contains(body, "<!DOCTYPE") {
+		t.Error("HTMX response should not contain DOCTYPE")
+	}
+	if !contains(body, "Page Not Found") {
+		t.Error("expected body to contain 'Page Not Found'")
+	}
+}
+
 func contains(s, substr string) bool {
 	return len(s) >= len(substr) && searchString(s, substr)
 }
@@ -0,0 +1,23 @@
+{{define "content"}}
+<div class="error-page">
+  <div class="error-icon">
+    {{if eq .Code 404}}
+    <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" width="64" height="64">
+      <circle cx="11" cy="11" r="8"/>
+      <line x1="21" y1="21" x2="16.65" y2="16.65"/>
+      <line x1="8" y1="11" x2="14" y2="11"/>
+    </svg>
+    {{else}}
+    <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" width="64" height="64">
+      <path d="M10.29 3.86L1.82 18a2 2 0 001.71 3h16.94a2 2 0 001.71-3L13.71 3.86a2 2 0 00-3.42 0z"/>
+      <line x1="12" y1="9" x2="12" y2="13"/>
+      <line x1="12" y1="17" x2="12.01" y2="17"/>
+    </svg>
+    {{end}}
+  </div>
+  <h1 class="error-code">{{.Code}}</h1>
+  <p class="error-title">{{.Title}}</p>
+  <p class="error-message">{{.Message}}</p>
+  <a href="/" class="error-home-link">Go to Dashboard</a>
+</div>
+{{end}}
@@ -1,4 +1,12 @@
-/* Gitea Mobile — Mobile-first CSS (~5KB target) */
+/* Gitea Mobile — Mobile-first CSS
+ * Dark-mode-first: dark colors are the :root defaults.
+ * Light mode is applied via @media (prefers-color-scheme: light).
+ *
+ * Size note: The original ~5KB target was based on the initial Phase 1 scope.
+ * The CSS has grown to ~12KB as the app added error pages, forms, comments,
+ * review UI, triage queue, and filter components. All rules are in active use.
+ * Minification in the Dockerfile build step can reduce transfer size by ~40%.
+ */

 /* Reset */
 *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
@@ -533,7 +541,7 @@ a:active {
  }
 }

-/* Dark mode is default; light mode override if needed */
+/* Dark mode is default; light mode override for prefers-color-scheme: light */
@media (prefers-color-scheme: light) {
  :root {
    --bg-primary: #ffffff;
@@ -543,5 +551,101 @@ a:active {
    --text-primary: #1f2328;
    --text-secondary: #656d76;
    --text-link: #0969da;
+    --accent-green: #1a7f37;
+    --accent-red: #cf222e;
+    --accent-yellow: #9a6700;
+    --accent-blue: #0969da;
+    --accent-purple: #8250df;
+  }
+
+  .message.success {
+    background: #dafbe1;
+    border-color: #1a7f37;
+  }
+
+  .message.error {
+    background: #ffebe9;
+    border-color: #cf222e;
+  }
+
+  .message.info {
+    background: #ddf4ff;
+    border-color: #0969da;
+  }
+
+  .btn-primary {
+    background: #1a7f37;
+  }
+
+  .btn-primary:active {
+    background: #116329;
+  }
+
+  .btn-danger {
+    background: #ffebe9;
+    border-color: #cf222e;
+  }
+
+  .type-issue {
+    background: rgba(9, 105, 218, 0.1);
+    border-color: rgba(9, 105, 218, 0.3);
+  }
+
+  .type-pull {
+    background: rgba(26, 127, 55, 0.1);
+    border-color: rgba(26, 127, 55, 0.3);
  }
 }
+
+/* Error page */
+.error-page {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  min-height: 60vh;
+  text-align: center;
+  padding: var(--spacing-lg);
+}
+
+.error-icon {
+  color: var(--text-secondary);
+  margin-bottom: var(--spacing-lg);
+}
+
+.error-code {
+  font-size: 4rem;
+  font-weight: 700;
+  color: var(--text-primary);
+  line-height: 1;
+  margin-bottom: var(--spacing-sm);
+}
+
+.error-title {
+  font-size: var(--font-xl);
+  color: var(--text-primary);
+  margin-bottom: var(--spacing-sm);
+}
+
+.error-message {
+  font-size: var(--font-base);
+  color: var(--text-secondary);
+  margin-bottom: var(--spacing-lg);
+  max-width: 300px;
+}
+
+.error-home-link {
+  display: inline-block;
+  padding: var(--spacing-sm) var(--spacing-lg);
+  background: var(--accent-blue);
+  color: #fff;
+  border-radius: var(--radius);
+  text-decoration: none;
+  font-size: var(--font-base);
+  font-weight: 500;
+  transition: opacity 0.15s;
+}
+
+.error-home-link:active {
+  opacity: 0.8;
+}
Author	SHA1	Message	Date
agent-company	c267bc86a8	chore: add go vet step to CI workflow before tests Add a `go vet ./...` step that runs before `go test -race ./...` in the CI pipeline. This catches format string errors, unreachable code, and other static analysis issues early. Verified locally: `go vet ./...` exits 0 with no warnings. Closes leeworks-agents/gitea-mobile#154 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 23:06:43 +00:00
AI-Manager	c790a7236c	Merge pull request 'chore: improve light mode CSS and document size rationale' (#152 ) from feature/dark-mode-validation-119 into master Build and Push / test (push) Failing after 8s Details Build and Push / build (push) Has been skipped Details	2026-03-28 22:03:54 +00:00
AI-Manager	0ef2184204	Merge pull request 'docs: add post-deployment smoke test runbook' (#151 ) from feature/smoke-test-runbook-116 into master Build and Push / build (push) Has been cancelled Details Build and Push / test (push) Has been cancelled Details	2026-03-28 22:03:46 +00:00
AI-Manager	ca3564a1ec	Merge pull request 'chore: add .air.toml for live reload dev workflow' (#150 ) from feature/air-toml-109 into master Build and Push / build (push) Has been cancelled Details Build and Push / test (push) Has been cancelled Details	2026-03-28 22:03:32 +00:00
AI-Manager	e6ca9a078d	Merge pull request 'docs: add README.md with project overview and dev setup' (#149 ) from feature/readme-148 into master Build and Push / test (push) Has started running Details Build and Push / build (push) Has been cancelled Details	2026-03-28 22:03:28 +00:00
agent-company	67973b27aa	chore: improve light mode CSS and document file size rationale - Add accent color overrides for light mode (better contrast on white bg) - Add light-mode-specific styles for messages, buttons, type badges - Document why CSS is ~12KB vs the original ~5KB target (all rules active) - safe-area-inset and tablet breakpoint already verified present Closes leeworks-agents/gitea-mobile#119 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 21:05:36 +00:00
agent-company	7d90b5eb4b	docs: add post-deployment smoke test runbook Covers pre-conditions, health check, TLS verification, auth flow, core functionality (issues, PRs, triage), write operations, PWA behavior on iPhone Safari, and rollback procedures. Closes leeworks-agents/gitea-mobile#116 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 21:05:32 +00:00
agent-company	faf5fc1797	chore: add .air.toml for live reload dev workflow Configures air to build ./cmd/server, watch .go/.html/.css/.js files under the project tree, and auto-restart on changes. Excludes test files and vendor directories. Closes leeworks-agents/gitea-mobile#109 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 21:05:30 +00:00
agent-company	af8e705919	docs: add README.md with project overview, dev setup, and deployment guide Covers tech stack, project structure, local development with nix develop and air live reload, environment variables, testing, container build, and deployment pointer to Talos repo manifests. Closes leeworks-agents/gitea-mobile#148 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 21:05:27 +00:00
AI-Manager	8c390e7505	Merge pull request 'test: add 43 integration tests for all HTTP handlers' (#146 ) from feature/integration-tests-batch1 into master Build and Push / test (push) Failing after 1m9s Details Build and Push / build (push) Has been skipped Details	2026-03-28 19:03:43 +00:00
AI-Manager	ffacea132c	Merge pull request 'test: add unit tests for GetTriageQueue aggregation' (#147 ) from feature/unit-tests-triage-queue-117 into master Build and Push / test (push) Has been cancelled Details Build and Push / build (push) Has been cancelled Details	2026-03-28 19:03:30 +00:00
AI-Manager	f44390a75a	Merge pull request 'feat: add rate-limit retry/backoff handling in Gitea API client' (#145 ) from feature/rate-limit-retry-132 into master Build and Push / test (push) Has been cancelled Details Build and Push / build (push) Has been cancelled Details	2026-03-28 19:03:24 +00:00
AI-Manager	a7b777cf7e	Merge pull request 'feat: add HTTP 404 and 500 error pages with mobile-friendly styling' (#144 ) from feature/error-handlers-131 into master Build and Push / test (push) Has been cancelled Details Build and Push / build (push) Has been cancelled Details	2026-03-28 19:03:12 +00:00
agent-company	2ea20da5ef	test: add 43 integration tests for all HTTP handlers Add comprehensive integration test suite using httptest with a mock Gitea API server. Tests cover GET and POST handlers for dashboard, issues, pulls, issue/PR detail, create issue, state changes, comments, labels, assignees, reviews, and settings. Both regular and HTMX request paths are tested. Includes TestMain to set working directory to project root for template loading. Covers issues: #140 #139 #138 #137 #136 #135 #134 #133 #124 #118 #113 #111 #110 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 18:12:53 +00:00
agent-company	e6ce6bc6c6	feat: add rate-limit retry with exponential backoff in Gitea API client Add automatic retry logic to doRequest for HTTP 429 responses. Uses Retry-After header when present, otherwise exponential backoff (1s, 2s, 4s). Respects context cancellation during waits. Defaults to 3 max retries with 1s base delay. Includes 7 new tests covering retry success, exhaustion, Retry-After header, context cancellation, non-429 errors, and backoff calculation. Closes leeworks-agents/gitea-mobile#132 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 18:08:48 +00:00
agent-company	25bc305fc9	feat: add mobile-friendly HTTP 404 and 500 error pages Add ErrorNotFound and ErrorInternal handler methods that render styled error pages using the error.html template, with proper status codes, responsive layout, SVG icons, and HTMX fragment support. Replace the plain-text http.NotFound call in Dashboard with the new styled handler. Closes leeworks-agents/gitea-mobile#131 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 18:06:10 +00:00