ruff (#169)

* polish: streamline nav, extract inline styles, improve tablet UX

- Restructure desktop nav from 8+ flat links + overflow dropdown into
  5 grouped dropdowns (Core, Agents, Intel, System, More) matching
  the mobile menu structure to reduce decision fatigue
- Extract all inline styles from mission_control.html and base.html
  notification elements into mission-control.css with semantic classes
- Replace JS-built innerHTML with secure DOM construction in
  notification loader and chat history
- Add CONNECTING state to connection indicator (amber) instead of
  showing OFFLINE before WebSocket connects
- Add tablet breakpoint (1024px) with larger touch targets for
  Apple Pencil / stylus use and safe-area padding for iPad toolbar
- Add active-link highlighting in desktop dropdown menus
- Rename "Mission Control" page title to "System Overview" to
  disambiguate from the chat home page
- Add "Home — Timmy Time" page title to index.html

https://claude.ai/code/session_015uPUoKyYa8M2UAcyk5Gt6h

* fix(security): move auth-gate credentials to environment variables

Hardcoded username, password, and HMAC secret in auth-gate.py replaced
with os.environ lookups. Startup now refuses to run if any variable is
unset. Added AUTH_GATE_SECRET/USER/PASS to .env.example.

https://claude.ai/code/session_015uPUoKyYa8M2UAcyk5Gt6h

* refactor(tooling): migrate from black+isort+bandit to ruff

Replace three separate linting/formatting tools with a single ruff
invocation. Updates tox.ini (lint, format, pre-push, pre-commit envs),
.pre-commit-config.yaml, and CI workflow. Fixes all ruff errors
including unused imports, missing raise-from, and undefined names.
Ruff config maps existing bandit skips to equivalent S-rules.

https://claude.ai/code/session_015uPUoKyYa8M2UAcyk5Gt6h

---------

Co-authored-by: Claude <noreply@anthropic.com>

tests/timmy/test_ollama_timeout.py

@@ -39,15 +39,17 @@ def test_base_agent_sets_timeout():
         # Verify Ollama was called with timeout
         if mock_ollama.called:
             _, kwargs = mock_ollama.call_args
-            assert (
-                kwargs.get("timeout") == 300
-            ), f"Expected timeout=300, got {kwargs.get('timeout')}"
+            assert kwargs.get("timeout") == 300, (
+                f"Expected timeout=300, got {kwargs.get('timeout')}"
+            )
 
 
 def test_main_agent_sets_timeout():
     """create_timmy() creates Ollama with timeout=300."""
-    with patch("timmy.agent.Ollama") as mock_ollama, patch("timmy.agent.SqliteDb"), patch(
-        "timmy.agent.Agent"
+    with (
+        patch("timmy.agent.Ollama") as mock_ollama,
+        patch("timmy.agent.SqliteDb"),
+        patch("timmy.agent.Agent"),
     ):
         mock_ollama.return_value = MagicMock()
 
@@ -60,6 +62,6 @@ def test_main_agent_sets_timeout():
 
         if mock_ollama.called:
             _, kwargs = mock_ollama.call_args
-            assert (
-                kwargs.get("timeout") == 300
-            ), f"Expected timeout=300, got {kwargs.get('timeout')}"
+            assert kwargs.get("timeout") == 300, (
+                f"Expected timeout=300, got {kwargs.get('timeout')}"
+            )