* polish: streamline nav, extract inline styles, improve tablet UX
- Restructure desktop nav from 8+ flat links + overflow dropdown into
5 grouped dropdowns (Core, Agents, Intel, System, More) matching
the mobile menu structure to reduce decision fatigue
- Extract all inline styles from mission_control.html and base.html
notification elements into mission-control.css with semantic classes
- Replace JS-built innerHTML with secure DOM construction in
notification loader and chat history
- Add CONNECTING state to connection indicator (amber) instead of
showing OFFLINE before WebSocket connects
- Add tablet breakpoint (1024px) with larger touch targets for
Apple Pencil / stylus use and safe-area padding for iPad toolbar
- Add active-link highlighting in desktop dropdown menus
- Rename "Mission Control" page title to "System Overview" to
disambiguate from the chat home page
- Add "Home — Timmy Time" page title to index.html
https://claude.ai/code/session_015uPUoKyYa8M2UAcyk5Gt6h
* fix(security): move auth-gate credentials to environment variables
Hardcoded username, password, and HMAC secret in auth-gate.py replaced
with os.environ lookups. Startup now refuses to run if any variable is
unset. Added AUTH_GATE_SECRET/USER/PASS to .env.example.
https://claude.ai/code/session_015uPUoKyYa8M2UAcyk5Gt6h
* refactor(tooling): migrate from black+isort+bandit to ruff
Replace three separate linting/formatting tools with a single ruff
invocation. Updates tox.ini (lint, format, pre-push, pre-commit envs),
.pre-commit-config.yaml, and CI workflow. Fixes all ruff errors
including unused imports, missing raise-from, and undefined names.
Ruff config maps existing bandit skips to equivalent S-rules.
https://claude.ai/code/session_015uPUoKyYa8M2UAcyk5Gt6h
---------
Co-authored-by: Claude <noreply@anthropic.com>
* Centralize all Python environments on tox
tox.ini is now the single source of truth for how every Python
environment runs — tests, linting, formatting, dev server, and CI.
No more bare `poetry run` outside of tox.
- Expand tox.ini from 4 to 15 environments (lint, format, typecheck,
unit, integration, functional, e2e, fast, ollama, ci, coverage,
coverage-html, pre-commit, dev, all)
- Rewire all Makefile test/lint/format/dev targets to delegate to tox
- Update .githooks/pre-commit to run `tox -e pre-commit`
- Update .pre-commit-config.yaml to use tox instead of poetry run
- Update CI workflow (lint + test jobs) to use `tox -e lint` and
`tox -e ci` instead of ad-hoc pytest/black/isort invocations
- Update CLAUDE.md to mandate tox usage and document all environments
https://claude.ai/code/session_01MTUpqms1fgezZFrodGA8H5
* refactor: modernize tox.ini for tox 4.x conventions
- Replace `skipsdist = true` (tox 3 alias) with `no_package = true`
- Use `poetry install --no-root --sync` for faster, cleaner dep installs
https://claude.ai/code/session_01MTUpqms1fgezZFrodGA8H5
* fix(ci): drop poetry install from lint/format tox envs
Lint and format only need black, isort, and bandit — not the full
project dependency tree. Override commands_pre to empty and use tox
deps instead. Fixes CI failure where poetry is not on PATH.
https://claude.ai/code/session_01MTUpqms1fgezZFrodGA8H5
* fix(ci): remove poetry run wrapper from all tox commands
Since commands_pre runs poetry install into the tox-managed venv,
all tools (pytest, mypy, black, etc.) are already on the venv PATH.
The poetry run wrapper is redundant and fails in CI where poetry
may not be installed globally.
https://claude.ai/code/session_01MTUpqms1fgezZFrodGA8H5
* fix(ci): remove poetry dependency, align local and CI processes
- Replace `poetry install` with `pip install -e ".[dev]"` in tox
commands_pre so all envs work without poetry installed
- Remove Poetry cache from GitHub Actions (only pip cache needed)
- Rename pre-commit env to pre-push: runs lint + full CI suite
(same checks as GitHub Actions, reports generated locally)
- Update CLAUDE.md to reflect new pre-push workflow
The local `tox -e pre-push` now runs the exact same lint + test +
coverage checks as CI, so failures are caught before pushing.
https://claude.ai/code/session_01MTUpqms1fgezZFrodGA8H5
---------
Co-authored-by: Claude <noreply@anthropic.com>
Workflow upgrades:
- permissions: checks: write + pull-requests: write (required for annotations)
- pytest now outputs --junitxml=reports/junit.xml and --cov-report=xml
- EnricoMi/publish-unit-test-result-action@v2: posts a "pytest results"
check annotation AND a PR comment showing pass/fail counts with
per-test breakdown — both visible in the GitHub mobile app
- actions/upload-artifact@v4: uploads coverage.xml (14-day retention)
browsable from the Actions tab on mobile
README:
- Live test badge at the top (green/red, links to Actions run history)
.gitignore:
- Add reports/ so generated junit.xml + coverage.xml are never committed
https://claude.ai/code/session_01M4L3R98N5fgXFZRvV8X9b6
Config (src/config.py):
- pydantic-settings Settings class: OLLAMA_URL, OLLAMA_MODEL, DEBUG
- Reads from .env (gitignored) with sane defaults
- settings singleton imported by health.py and agent.py
Removes two hardcodes:
- health.py: OLLAMA_URL="http://localhost:11434" → settings.ollama_url
- agent.py: Ollama(id="llama3.2") → settings.ollama_model
app.py:
- logging.basicConfig at INFO — requests/errors now visible in terminal
- docs_url/redoc_url gated on settings.debug (off by default)
pyproject.toml:
- pydantic-settings>=2.0.0 added to main dependencies
- hatch wheel config updated to include src/config.py
.env.example: documents all three env vars with inline comments
.gitignore: add !.env.example negation so the template gets committed
.github/workflows/tests.yml: runs pytest --cov on every push/PR
(ubuntu-latest, Python 3.11, pip cache)
All 27 tests pass.
https://claude.ai/code/session_01M4L3R98N5fgXFZRvV8X9b6
