lint: drive baseline to zero, drop only-new-issues gate

Cleanup pass over the repo so CI can enforce lint going forward
without the only-new-issues escape hatch:

* gofumpt -w across the tree (31 hits, all formatting)
* misspell --fix (25 hits, US-locale spelling) — but reverted on
  api.JobCancelled = "cancelled" since that literal is the wire +
  DB CHECK constraint value, plus matched the case in store/fleet.go
  back to "cancelled" and added //nolint:misspell on both for the
  next time someone reaches for the auto-fix
* Wrap every `defer rows.Close()` / `defer stmt.Close()` /
  `defer res.Body.Close()` in `defer func() { _ = .Close() }()`
  to satisfy errcheck without losing the close itself
* websocket.Dial callers (1 prod, 4 tests) now capture + close the
  upgrade response Body — coder/websocket can return res with a nil
  Body on success, so the test deferred-closes guard against that
* Annotate the two genuine-by-design nilerr cases with //nolint
  comments explaining why nil-on-error is the contract (cookie
  missing = no session; ctx cancelled mid-backoff = clean shutdown)
* Add brief godoc on the 10 exported const groups + types that
  revive flagged (api.HostOS/HostArch/JobKind/JobStatus/LogStream/
  ErrorCode, restic.EventKind, store.Role, web.FS)
* Drop the unused (*Server).userByID method
* Inline the unparam baseView(active) — every UI page is under
  the dashboard primary nav today

Result: `golangci-lint run ./...` reports 0 issues. CI lint job
no longer needs only-new-issues: true; X-06 follow-up entry in
tasks.md removed.

internal/server/http/agent_assets.go

@@ -57,7 +57,7 @@ func (s *Server) handleAgentBinary(w stdhttp.ResponseWriter, r *stdhttp.Request)
 }
 
 func (s *Server) handleInstallAsset(w stdhttp.ResponseWriter, r *stdhttp.Request) {
-	// chi's TrimPrefix-like behaviour: r.URL.Path is "/install/<file>".
+	// chi's TrimPrefix-like behavior: r.URL.Path is "/install/<file>".
 	rel := strings.TrimPrefix(r.URL.Path, "/install/")
 	// Reject any path traversal — must be a flat filename.
 	if rel == "" || strings.ContainsAny(rel, "/\\") {

internal/server/http/auth.go

@@ -137,7 +137,7 @@ func (s *Server) handleBootstrap(w stdhttp.ResponseWriter, r *stdhttp.Request) {
 		return
 	}
 	if n > 0 {
-		writeJSONError(w, stdhttp.StatusConflict, "already_initialised",
+		writeJSONError(w, stdhttp.StatusConflict, "already_initialized",
 			"a user already exists; bootstrap is disabled")
 		return
 	}

internal/server/http/auth_test.go

@@ -36,7 +36,7 @@ func newTestServer(t *testing.T, withBootstrapToken bool) (*Server, string) {
 	aead, _ := crypto.NewAEAD(key)
 
 	deps := Deps{
-		Cfg: config.Config{Listen: ":0", DataDir: dir, SecretKeyFile: keyPath},
+		Cfg:   config.Config{Listen: ":0", DataDir: dir, SecretKeyFile: keyPath},
 		Store: st,
 		AEAD:  aead,
 	}
@@ -125,7 +125,9 @@ func TestLoginAndLogout(t *testing.T) {
 	bs, _ := json.Marshal(bootstrapRequest{
 		Token: "test-token", Username: "alice", Password: "averylongpassword",
 	})
-	stdhttp.Post(url+"/api/bootstrap", "application/json", bytes.NewReader(bs)) //nolint:errcheck
+	if bsRes, err := stdhttp.Post(url+"/api/bootstrap", "application/json", bytes.NewReader(bs)); err == nil {
+		_ = bsRes.Body.Close()
+	}
 
 	// Login.
 	body, _ := json.Marshal(loginRequest{Username: "alice", Password: "averylongpassword"})

internal/server/http/enrollment.go

@@ -3,6 +3,7 @@ package http
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"log/slog"
 	stdhttp "net/http"
@@ -142,7 +143,7 @@ func (s *Server) handleAgentEnroll(w stdhttp.ResponseWriter, r *stdhttp.Request)
 
 	// Seed the host's "default" source group with whatever paths the
 	// operator typed into Add-host (empty allowed; group is editable
-	// from the Sources tab post-enrol). Also seed the host's
+	// from the Sources tab post-enroll). Also seed the host's
 	// repo-maintenance row with default cadences so forget/prune/check
 	// start ticking on their own. Auto-init dispatch lands in Phase 6
 	// of the redesign.
@@ -222,12 +223,11 @@ func (s *Server) handleCreateEnrollmentToken(w stdhttp.ResponseWriter, r *stdhtt
 		return
 	}
 	token, expiresAt, err := s.mintEnrollmentToken(r.Context(), req.RepoURL, req.RepoUsername, req.RepoPassword, req.InitialPaths)
-	switch err {
-	case nil:
+	switch {
+	case err == nil:
 		writeJSON(w, stdhttp.StatusCreated, enrollOperatorResponse{Token: token, ExpiresAt: expiresAt})
-	case errMissingRepoCreds:
-		writeJSONError(w, stdhttp.StatusBadRequest, "missing_field",
-			"repo_url and repo_password are required so the agent can run backups on first connect")
+	case errors.Is(err, errMissingRepoCreds):
+		writeJSONError(w, stdhttp.StatusBadRequest, "missing_field", "repo_url and repo_password are required so the agent can run backups on first connect")
 	default:
 		writeJSONError(w, stdhttp.StatusInternalServerError, "internal", "")
 	}

internal/server/http/host_credentials.go

@@ -162,7 +162,7 @@ func (s *Server) handleSetHostCredentials(w stdhttp.ResponseWriter, r *stdhttp.R
 	w.WriteHeader(stdhttp.StatusNoContent)
 }
 
-// pushRepoCredsToAgent serialises blob into a config.update envelope
+// pushRepoCredsToAgent serializes blob into a config.update envelope
 // and ships it down the agent's WS. Returns an error from the hub
 // (no-op if not connected — caller is expected to check first when it
 // matters).

internal/server/http/hosts.go

@@ -10,23 +10,23 @@ import (
 // store row, but with explicit time-strings so wire format is stable
 // across DB driver changes.
 type hostView struct {
-	ID                string  `json:"id"`
-	Name              string  `json:"name"`
-	OS                string  `json:"os"`
-	Arch              string  `json:"arch"`
-	AgentVersion      string  `json:"agent_version,omitempty"`
-	ResticVersion     string  `json:"restic_version,omitempty"`
-	ProtocolVersion   int     `json:"protocol_version"`
-	EnrolledAt        string  `json:"enrolled_at"`
-	LastSeenAt        *string `json:"last_seen_at,omitempty"`
-	Status            string  `json:"status"`
-	Tags              []string `json:"tags"`
-	CurrentJobID      *string `json:"current_job_id,omitempty"`
-	LastBackupAt      *string `json:"last_backup_at,omitempty"`
-	LastBackupStatus  *string `json:"last_backup_status,omitempty"`
-	RepoSizeBytes     int64   `json:"repo_size_bytes"`
-	SnapshotCount     int     `json:"snapshot_count"`
-	OpenAlertCount    int     `json:"open_alert_count"`
+	ID               string   `json:"id"`
+	Name             string   `json:"name"`
+	OS               string   `json:"os"`
+	Arch             string   `json:"arch"`
+	AgentVersion     string   `json:"agent_version,omitempty"`
+	ResticVersion    string   `json:"restic_version,omitempty"`
+	ProtocolVersion  int      `json:"protocol_version"`
+	EnrolledAt       string   `json:"enrolled_at"`
+	LastSeenAt       *string  `json:"last_seen_at,omitempty"`
+	Status           string   `json:"status"`
+	Tags             []string `json:"tags"`
+	CurrentJobID     *string  `json:"current_job_id,omitempty"`
+	LastBackupAt     *string  `json:"last_backup_at,omitempty"`
+	LastBackupStatus *string  `json:"last_backup_status,omitempty"`
+	RepoSizeBytes    int64    `json:"repo_size_bytes"`
+	SnapshotCount    int      `json:"snapshot_count"`
+	OpenAlertCount   int      `json:"open_alert_count"`
 }
 
 // handleListHosts returns the full fleet as JSON. Authenticated; the

internal/server/http/jobs.go

@@ -16,8 +16,8 @@ import (
 
 // runNowRequest is the body of POST /api/hosts/:id/jobs.
 type runNowRequest struct {
-	Kind  api.JobKind `json:"kind"`
-	Args  []string    `json:"args,omitempty"`  // restic CLI args (paths for backup, etc.)
+	Kind api.JobKind `json:"kind"`
+	Args []string    `json:"args,omitempty"` // restic CLI args (paths for backup, etc.)
 }
 
 type runNowResponse struct {

internal/server/http/p2r01_test.go

@@ -215,24 +215,30 @@ func TestSchedulesCRUDValidation(t *testing.T) {
 
 	// Bad cron → 400.
 	status, body := doJSON(t, url, "POST", "/api/hosts/"+hostID+"/schedules",
-		map[string]any{"cron": "not-a-cron", "enabled": true,
-			"source_group_ids": []string{"x"}}, cookie)
+		map[string]any{
+			"cron": "not-a-cron", "enabled": true,
+			"source_group_ids": []string{"x"},
+		}, cookie)
 	if status != 400 {
 		t.Fatalf("bad cron: want 400, got %d (body=%+v)", status, body)
 	}
 
 	// Missing groups → 400.
 	status, _ = doJSON(t, url, "POST", "/api/hosts/"+hostID+"/schedules",
-		map[string]any{"cron": "0 3 * * *", "enabled": true,
-			"source_group_ids": []string{}}, cookie)
+		map[string]any{
+			"cron": "0 3 * * *", "enabled": true,
+			"source_group_ids": []string{},
+		}, cookie)
 	if status != 400 {
 		t.Errorf("missing groups: want 400, got %d", status)
 	}
 
 	// Group not on host → 400.
 	status, _ = doJSON(t, url, "POST", "/api/hosts/"+hostID+"/schedules",
-		map[string]any{"cron": "0 3 * * *", "enabled": true,
-			"source_group_ids": []string{"non-existent"}}, cookie)
+		map[string]any{
+			"cron": "0 3 * * *", "enabled": true,
+			"source_group_ids": []string{"non-existent"},
+		}, cookie)
 	if status != 400 {
 		t.Errorf("bogus group: want 400, got %d", status)
 	}
@@ -247,8 +253,10 @@ func TestSchedulesCRUDValidation(t *testing.T) {
 
 	// Happy create.
 	status, body = doJSON(t, url, "POST", "/api/hosts/"+hostID+"/schedules",
-		map[string]any{"cron": "0 3 * * *", "enabled": true,
-			"source_group_ids": []string{gid}}, cookie)
+		map[string]any{
+			"cron": "0 3 * * *", "enabled": true,
+			"source_group_ids": []string{gid},
+		}, cookie)
 	if status != 201 {
 		t.Fatalf("create: %d body=%+v", status, body)
 	}
@@ -269,8 +277,10 @@ func TestSchedulesCRUDValidation(t *testing.T) {
 
 	// Update — change cron, keep group.
 	status, body = doJSON(t, url, "PUT", "/api/hosts/"+hostID+"/schedules/"+sid,
-		map[string]any{"cron": "@hourly", "enabled": false,
-			"source_group_ids": []string{gid}}, cookie)
+		map[string]any{
+			"cron": "@hourly", "enabled": false,
+			"source_group_ids": []string{gid},
+		}, cookie)
 	if status != 200 {
 		t.Fatalf("update: %d body=%+v", status, body)
 	}
@@ -484,5 +494,7 @@ func equalStrings(a, b []string) bool {
 }
 
 // keep fmt import live — used for occasional debug.
-var _ = fmt.Sprintf
-var _ = strings.HasPrefix
+var (
+	_ = fmt.Sprintf
+	_ = strings.HasPrefix
+)

internal/server/http/p2r01_ws_test.go

@@ -6,8 +6,8 @@ package http
 import (
 	"context"
 	"encoding/json"
-	"net/http/httptest"
 	stdhttp "net/http"
+	"net/http/httptest"
 	"strings"
 	"testing"
 	"time"
@@ -29,13 +29,18 @@ func agentDial(t *testing.T, srv *Server, ts *httptest.Server, hostID, token str
 	url := "ws" + strings.TrimPrefix(ts.URL, "http") + "/ws/agent"
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
-	c, _, err := websocket.Dial(ctx, url, &websocket.DialOptions{
+	c, res, err := websocket.Dial(ctx, url, &websocket.DialOptions{
 		HTTPHeader: stdhttp.Header{"Authorization": []string{"Bearer " + token}},
 	})
 	if err != nil {
 		t.Fatalf("dial: %v", err)
 	}
-	t.Cleanup(func() { _ = c.CloseNow() })
+	t.Cleanup(func() {
+		_ = c.CloseNow()
+		if res != nil && res.Body != nil {
+			_ = res.Body.Close()
+		}
+	})
 	return c
 }
 
@@ -76,7 +81,7 @@ func drainUntil(t *testing.T, c *websocket.Conn, wantType api.MessageType) api.E
 	return api.Envelope{}
 }
 
-// enrolHostForWS pre-enrols a host with bound repo creds so the server
+// enrolHostForWS pre-enrolls a host with bound repo creds so the server
 // will treat it as ready to receive command.run.
 func enrolHostForWS(t *testing.T, srv *Server, st *store.Store, name string) (hostID, token string) {
 	t.Helper()

internal/server/http/repo_maintenance.go

@@ -142,4 +142,3 @@ func (s *Server) handleUpdateRepoMaintenance(w stdhttp.ResponseWriter, r *stdhtt
 	}
 	writeJSON(w, stdhttp.StatusOK, toRepoMaintenanceView(m))
 }
-

internal/server/http/schedule_push.go

@@ -4,7 +4,7 @@
 // The slim-schedule wire shape is built here from the (Schedule,
 // SourceGroup) pair. Each schedule is sent with its resolved source
 // groups inlined so the agent doesn't have to keep its own copy of
-// the group catalogue. Cron + enabled drive the agent's local timer;
+// the group catalog. Cron + enabled drive the agent's local timer;
 // when an entry fires the agent ships back a schedule.fire and
 // dispatchScheduledJob below resolves the schedule's groups and
 // dispatches one backup command.run per group.

internal/server/http/schedules.go

@@ -212,7 +212,7 @@ func (s *Server) validateScheduleRequest(r *stdhttp.Request, hostID string, req
 	for _, gid := range req.SourceGroupIDs {
 		g, err := s.deps.Store.GetSourceGroup(r.Context(), hostID, gid)
 		if err != nil || g == nil {
-			return "invalid_group", "source group "+gid+" not found on this host", false
+			return "invalid_group", "source group " + gid + " not found on this host", false
 		}
 	}
 	return "", "", true

internal/server/http/server.go

@@ -184,7 +184,7 @@ func (s *Server) routes(r chi.Router) {
 		// Durable post-Add-host page (operator can refresh / come
 		// back; password decrypted from the token row each render).
 		// Polled fragment under /awaiting flips to "connected" once
-		// the agent enrols.
+		// the agent enrolls.
 		r.Get("/hosts/pending/{token}", s.handleUIPendingHost)
 		r.Get("/hosts/pending/{token}/awaiting", s.handleUIPendingAwaiting)
 		// Host detail (Snapshots tab is the default).

internal/server/http/ui_handlers.go

@@ -44,7 +44,11 @@ func staticHandler() stdhttp.Handler {
 func (s *Server) sessionUser(r *stdhttp.Request) (*ui.User, error) {
 	c, err := r.Cookie(sessionCookieName)
 	if err != nil {
-		return nil, nil
+		// Missing or invalid cookie just means the caller isn't logged
+		// in — that's a normal state, not a server error. Return
+		// (nil, nil) so callers can decide between "redirect to login"
+		// and "treat as anonymous".
+		return nil, nil //nolint:nilerr
 	}
 	sess, err := s.deps.Store.LookupSession(r.Context(), auth.HashToken(c.Value))
 	if err != nil {
@@ -81,11 +85,13 @@ func (s *Server) requireUIUser(w stdhttp.ResponseWriter, r *stdhttp.Request) *ui
 }
 
 // baseView populates the fields the nav partial needs on every
-// authenticated page.
-func (s *Server) baseView(u *ui.User, active string) ui.ViewData {
+// authenticated page. Every UI page sits under the dashboard primary
+// nav today; if a future page lives under a different primary nav
+// tab (e.g. Settings, Audit), accept an Active arg again.
+func (s *Server) baseView(u *ui.User) ui.ViewData {
 	return ui.ViewData{
 		User:    u,
-		Active:  active,
+		Active:  "dashboard",
 		Version: s.version(),
 	}
 }
@@ -200,7 +206,7 @@ func (s *Server) handleUIDashboard(w stdhttp.ResponseWriter, r *stdhttp.Request)
 		rows = append(rows, row)
 	}
 
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.OpenAlerts = summary.OpenAlerts
 	view.Page = dashboardPage{
 		Hosts:     rows,
@@ -249,16 +255,16 @@ type addHostPage struct {
 }
 
 // pendingHostPage is the GET /hosts/pending/{token} view. Lives
-// for as long as the token does (1h ttl); once the agent enrols,
+// for as long as the token does (1h ttl); once the agent enrolls,
 // the handler redirects to /hosts/{host_id} and this page is gone.
 type pendingHostPage struct {
-	Token             string
-	ServerURL         string
-	ExpiresAt         time.Time
-	RepoURL           string
-	RepoUsername      string
-	RepoPassword      string
-	InitialPaths      []string
+	Token        string
+	ServerURL    string
+	ExpiresAt    time.Time
+	RepoURL      string
+	RepoUsername string
+	RepoPassword string
+	InitialPaths []string
 }
 
 // handleUIAddHostGet renders the empty Add host form.
@@ -267,7 +273,7 @@ func (s *Server) handleUIAddHostGet(w stdhttp.ResponseWriter, r *stdhttp.Request
 	if u == nil {
 		return
 	}
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = "Add host · restic-manager"
 	view.Page = addHostPage{ServerURL: s.publicURL(r)}
 	if err := s.deps.UI.Render(w, "add_host", view); err != nil {
@@ -327,11 +333,11 @@ func (s *Server) handleUIAddHostPost(w stdhttp.ResponseWriter, r *stdhttp.Reques
 
 	if page.Error == "" {
 		token, _, err := s.mintEnrollmentToken(r.Context(), page.RepoURL, repoUsername, repoPassword, splitPaths(page.Paths))
-		switch err {
-		case nil:
+		switch {
+		case err == nil:
 			stdhttp.Redirect(w, r, "/hosts/pending/"+token, stdhttp.StatusSeeOther)
 			return
-		case errMissingRepoCreds:
+		case errors.Is(err, errMissingRepoCreds):
 			page.Error = "Repo URL and password are both required."
 		default:
 			slog.Error("ui add_host: mint token", "err", err)
@@ -339,7 +345,7 @@ func (s *Server) handleUIAddHostPost(w stdhttp.ResponseWriter, r *stdhttp.Reques
 		}
 	}
 
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = "Add host · restic-manager"
 	view.Page = page
 	w.WriteHeader(stdhttp.StatusUnprocessableEntity)
@@ -350,7 +356,7 @@ func (s *Server) handleUIAddHostPost(w stdhttp.ResponseWriter, r *stdhttp.Reques
 
 // handleUIPendingHost serves the durable Add-host result page —
 // shown after a successful POST /hosts/new and reachable until the
-// agent enrols (the page redirects to /hosts/{id} once that
+// agent enrolls (the page redirects to /hosts/{id} once that
 // happens) or the token expires (1h ttl). The password is
 // re-decrypted from the encrypted token row on every render so
 // the operator can refresh, bookmark, navigate away and come back.
@@ -406,7 +412,7 @@ func (s *Server) handleUIPendingHost(w stdhttp.ResponseWriter, r *stdhttp.Reques
 		}
 	}
 
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = "Pending host · restic-manager"
 	view.Page = page
 	if err := s.deps.UI.Render(w, "pending_host", view); err != nil {
@@ -546,7 +552,7 @@ func (s *Server) handleUIHostDetail(w stdhttp.ResponseWriter, r *stdhttp.Request
 		shown = shown[:cap]
 	}
 
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = host.Name + " · restic-manager"
 	view.Page = hostDetailPage{
 		hostChromeData: s.loadHostChrome(r, *host, "snapshots", "snapshots"),
@@ -645,7 +651,7 @@ func (s *Server) handleUIJobDetail(w stdhttp.ResponseWriter, r *stdhttp.Request)
 		nextSeq = logs[n-1].Seq
 	}
 
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = job.Kind + " · " + host.Name + " · restic-manager"
 	view.Page = jobDetailPage{
 		Job:      *job,
@@ -742,21 +748,6 @@ func buildSyntheticJobFinished(job *store.Job) (api.Envelope, error) {
 	})
 }
 
-// userByID fetches the full store.User the UI session represents.
-// Returns the user, ok-flag, error. Used by handlers that need the
-// store-side row (e.g. for audit_log.user_id) rather than just the
-// projected ui.User.
-func (s *Server) userByID(r *stdhttp.Request, id string) (*store.User, bool, error) {
-	u, err := s.deps.Store.GetUserByID(r.Context(), id)
-	if err != nil {
-		if errors.Is(err, store.ErrNotFound) {
-			return nil, false, nil
-		}
-		return nil, false, err
-	}
-	return u, true, nil
-}
-
 // handleUILoginGet renders the login form. If the user is already
 // signed in we redirect them home — login is for the unauthenticated.
 func (s *Server) handleUILoginGet(w stdhttp.ResponseWriter, r *stdhttp.Request) {

internal/server/http/ui_repo.go

@@ -143,7 +143,7 @@ func (s *Server) handleUIHostRepo(w stdhttp.ResponseWriter, r *stdhttp.Request)
 		return
 	}
 	page.SavedSection = r.URL.Query().Get("saved")
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = host.Name + " repo · restic-manager"
 	view.Page = *page
 	if err := s.deps.UI.Render(w, "host_repo", view); err != nil {
@@ -166,7 +166,7 @@ func (s *Server) renderRepoPage(w stdhttp.ResponseWriter, r *stdhttp.Request, u
 	page.CredentialsError = credErr
 	page.BandwidthError = bwErr
 	page.MaintenanceError = mntErr
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = host.Name + " repo · restic-manager"
 	view.Page = *page
 	w.WriteHeader(stdhttp.StatusUnprocessableEntity)

internal/server/http/ui_schedules.go

@@ -78,7 +78,7 @@ func (s *Server) handleUISchedulesList(w stdhttp.ResponseWriter, r *stdhttp.Requ
 	chrome.ScheduleCount = len(scheds)
 	chrome.SourceGroupCount = len(groups)
 
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = host.Name + " schedules · restic-manager"
 	view.Page = hostSchedulesPage{
 		hostChromeData: chrome,
@@ -106,7 +106,7 @@ func (s *Server) handleUIScheduleNewGet(w stdhttp.ResponseWriter, r *stdhttp.Req
 		stdhttp.Error(w, "internal", stdhttp.StatusInternalServerError)
 		return
 	}
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = "New schedule · " + host.Name + " · restic-manager"
 	view.Page = scheduleEditPage{
 		hostChromeData:   s.loadHostChrome(r, *host, "schedules", "new schedule"),
@@ -152,7 +152,7 @@ func (s *Server) handleUIScheduleEditGet(w stdhttp.ResponseWriter, r *stdhttp.Re
 	for _, gid := range sc.SourceGroupIDs {
 		selected[gid] = true
 	}
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = "Edit schedule · " + host.Name + " · restic-manager"
 	view.Page = scheduleEditPage{
 		hostChromeData: s.loadHostChrome(r, *host, "schedules", "edit schedule"),
@@ -381,7 +381,7 @@ func (s *Server) renderScheduleFormError(w stdhttp.ResponseWriter, r *stdhttp.Re
 		saveAction = "/hosts/" + host.ID + "/schedules/" + sid + "/edit"
 		crumb = "edit schedule"
 	}
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = "Schedule · " + host.Name + " · restic-manager"
 	view.Page = scheduleEditPage{
 		hostChromeData:   s.loadHostChrome(r, *host, "schedules", crumb),

internal/server/http/ui_sources.go

@@ -119,7 +119,7 @@ func (s *Server) handleUIHostSources(w stdhttp.ResponseWriter, r *stdhttp.Reques
 	// loadHostChrome already counted groups; reuse count we just got.
 	chrome.SourceGroupCount = len(groups)
 
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = host.Name + " sources · restic-manager"
 	view.Page = hostSourcesPage{hostChromeData: chrome, Groups: rows}
 	if err := s.deps.UI.Render(w, "host_sources", view); err != nil {
@@ -137,7 +137,7 @@ func (s *Server) handleUISourceGroupNewGet(w stdhttp.ResponseWriter, r *stdhttp.
 	if !ok {
 		return
 	}
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = "New source group · " + host.Name + " · restic-manager"
 	view.Page = sourceGroupEditPage{
 		hostChromeData: s.loadHostChrome(r, *host, "sources", "new source group"),
@@ -171,7 +171,7 @@ func (s *Server) handleUISourceGroupEditGet(w stdhttp.ResponseWriter, r *stdhttp
 		stdhttp.Error(w, "internal", stdhttp.StatusInternalServerError)
 		return
 	}
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = g.Name + " · " + host.Name + " · restic-manager"
 	view.Page = sourceGroupEditPage{
 		hostChromeData: s.loadHostChrome(r, *host, "sources", g.Name),
@@ -341,7 +341,7 @@ func (s *Server) handleUISourceGroupDelete(w stdhttp.ResponseWriter, r *stdhttp.
 // typed input intact + an error banner. Returns 422 to signal "form
 // rejected" while still returning HTML (mirrors handleUIAddHostPost).
 func (s *Server) renderSourceFormError(w stdhttp.ResponseWriter, r *stdhttp.Request, u *ui.User, host *store.Host, gid string, isNew bool, form sourceFormData, msg string) {
-	view := s.baseView(u, "dashboard")
+	view := s.baseView(u)
 	view.Title = "Source group · " + host.Name + " · restic-manager"
 	saveAction := "/hosts/" + host.ID + "/sources/new"
 	crumb := "new source group"