ruff (#169)

* polish: streamline nav, extract inline styles, improve tablet UX

- Restructure desktop nav from 8+ flat links + overflow dropdown into
  5 grouped dropdowns (Core, Agents, Intel, System, More) matching
  the mobile menu structure to reduce decision fatigue
- Extract all inline styles from mission_control.html and base.html
  notification elements into mission-control.css with semantic classes
- Replace JS-built innerHTML with secure DOM construction in
  notification loader and chat history
- Add CONNECTING state to connection indicator (amber) instead of
  showing OFFLINE before WebSocket connects
- Add tablet breakpoint (1024px) with larger touch targets for
  Apple Pencil / stylus use and safe-area padding for iPad toolbar
- Add active-link highlighting in desktop dropdown menus
- Rename "Mission Control" page title to "System Overview" to
  disambiguate from the chat home page
- Add "Home — Timmy Time" page title to index.html

https://claude.ai/code/session_015uPUoKyYa8M2UAcyk5Gt6h

* fix(security): move auth-gate credentials to environment variables

Hardcoded username, password, and HMAC secret in auth-gate.py replaced
with os.environ lookups. Startup now refuses to run if any variable is
unset. Added AUTH_GATE_SECRET/USER/PASS to .env.example.

https://claude.ai/code/session_015uPUoKyYa8M2UAcyk5Gt6h

* refactor(tooling): migrate from black+isort+bandit to ruff

Replace three separate linting/formatting tools with a single ruff
invocation. Updates tox.ini (lint, format, pre-push, pre-commit envs),
.pre-commit-config.yaml, and CI workflow. Fixes all ruff errors
including unused imports, missing raise-from, and undefined names.
Ruff config maps existing bandit skips to equivalent S-rules.

https://claude.ai/code/session_015uPUoKyYa8M2UAcyk5Gt6h

---------

Co-authored-by: Claude <noreply@anthropic.com>

tests/dashboard/middleware/test_request_logging.py

@@ -1,11 +1,9 @@
 """Tests for request logging middleware."""
 
 import time
-from unittest.mock import Mock, patch
 
 import pytest
 from fastapi import FastAPI
-from fastapi.responses import JSONResponse
 from fastapi.testclient import TestClient
 
 
@@ -51,7 +49,7 @@ class TestRequestLoggingMiddleware:
         """Log should include response status code."""
         with caplog.at_level("INFO"):
             client = TestClient(app_with_logging)
-            response = client.get("/test")
+            client.get("/test")
 
         # Check log contains status code
         assert any("200" in record.message for record in caplog.records)
@@ -60,7 +58,7 @@ class TestRequestLoggingMiddleware:
         """Log should include request processing time."""
         with caplog.at_level("INFO"):
             client = TestClient(app_with_logging)
-            response = client.get("/slow")
+            client.get("/slow")
 
         # Check log contains duration (e.g., "0.1" or "100ms")
         assert any(
@@ -71,7 +69,7 @@ class TestRequestLoggingMiddleware:
         """Log should include client IP address."""
         with caplog.at_level("INFO"):
             client = TestClient(app_with_logging)
-            response = client.get("/test", headers={"X-Forwarded-For": "192.168.1.1"})
+            client.get("/test", headers={"X-Forwarded-For": "192.168.1.1"})
 
         # Check log contains IP
         assert any(
@@ -83,7 +81,7 @@ class TestRequestLoggingMiddleware:
         """Log should include User-Agent header."""
         with caplog.at_level("INFO"):
             client = TestClient(app_with_logging)
-            response = client.get("/test", headers={"User-Agent": "TestAgent/1.0"})
+            client.get("/test", headers={"User-Agent": "TestAgent/1.0"})
 
         # Check log contains user agent
         assert any("TestAgent" in record.message for record in caplog.records)
@@ -111,7 +109,7 @@ class TestRequestLoggingMiddleware:
 
         with caplog.at_level("INFO", logger="timmy.requests"):
             client = TestClient(app)
-            response = client.get("/health")
+            client.get("/health")
 
         # Should not log health check (only check our logger's records)
         timmy_records = [r for r in caplog.records if r.name == "timmy.requests"]
@@ -121,8 +119,8 @@ class TestRequestLoggingMiddleware:
         """Each request should have a unique correlation ID."""
         with caplog.at_level("INFO"):
             client = TestClient(app_with_logging)
-            response = client.get("/test")
+            client.get("/test")
 
         # Check for correlation ID format (UUID or similar)
-        log_messages = [record.message for record in caplog.records]
+        [record.message for record in caplog.records]
         assert any(len(record.message) > 20 for record in caplog.records)  # Rough check for ID