From 77b0244beb11ebf87e13bffd255036705e15eb29 Mon Sep 17 00:00:00 2001
From: Mohammed Sayed <49954985+cersho@users.noreply.github.com>
Date: Sat, 21 Mar 2026 14:12:26 +0200
Subject: [PATCH 1/2] refactor: Add UI functionality for deleting connections
 and pagination for runs

- Implemented integration tests for deleting connections from the UI, ensuring successful deletion and confirmation messages.
- Added pagination support for runs in the UI, allowing users to navigate between pages of run records.
- Enhanced the HTML templates with new styles for action buttons and menus, improving the user experience.
- Introduced confirmation dialogs for destructive actions like deleting connections and notifications, ensuring user awareness of irreversible actions.
- Updated JavaScript functions to handle new UI interactions and maintain state across different forms and dialogs.
---
 internal/repository/repository.go       |  16 +
 internal/ui/handler.go                  | 404 ++++++++++++++++++-
 internal/ui/handler_integration_test.go |  67 ++++
 internal/ui/templates/app.html          | 504 ++++++++++++++++++++++--
 4 files changed, 944 insertions(+), 47 deletions(-)

diff --git a/internal/repository/repository.go b/internal/repository/repository.go
index 50642c6..aa2e658 100644
--- a/internal/repository/repository.go
+++ b/internal/repository/repository.go
@@ -1232,6 +1232,22 @@ func (r *Repository) ListRecentRuns(ctx context.Context, limit int) ([]models.Ba
 	return items, err
 }
 
+func (r *Repository) ListRecentRunsPage(ctx context.Context, offset, limit int) ([]models.BackupRun, error) {
+	if limit <= 0 {
+		limit = 50
+	}
+	if offset < 0 {
+		offset = 0
+	}
+	var items []models.BackupRun
+	err := r.db.WithContext(ctx).
+		Order("started_at desc").
+		Offset(offset).
+		Limit(limit).
+		Find(&items).Error
+	return items, err
+}
+
 func (r *Repository) ListRunsSince(ctx context.Context, since time.Time) ([]models.BackupRun, error) {
 	var items []models.BackupRun
 	err := r.db.WithContext(ctx).
diff --git a/internal/ui/handler.go b/internal/ui/handler.go
index f493274..98aed2b 100644
--- a/internal/ui/handler.go
+++ b/internal/ui/handler.go
@@ -53,6 +53,10 @@ type pageData struct {
 	Runs                     []models.BackupRun
 	RunItems                 []runListItem
 	RunLog                   []runLogLine
+	RunsPage                 int
+	RunsPageSize             int
+	RunsHasPrev              bool
+	RunsHasNext              bool
 	SelectedRunID            string
 	SelectedRun              runListItem
 	HasSelectedRun           bool
@@ -110,6 +114,15 @@ type runLogLine struct {
 
 func NewHandler(repo *repository.Repository, scheduler *scheduler.Scheduler, cfg config.Config) *Handler {
 	tmpl := template.Must(template.New("app").Funcs(template.FuncMap{
+		"inc": func(v int) int {
+			return v + 1
+		},
+		"dec": func(v int) int {
+			if v <= 1 {
+				return 1
+			}
+			return v - 1
+		},
 		"isEnabled": func(v bool) string {
 			if v {
 				return "enabled"
@@ -210,21 +223,27 @@ func (h *Handler) Router() http.Handler {
 	r.Get("/connections", h.connectionsPage)
 	r.Get("/connections/section", h.connectionsSection)
 	r.Post("/connections", h.createConnection)
+	r.Post("/connections/{id}/update", h.updateConnection)
+	r.Post("/connections/{id}/delete", h.deleteConnection)
 	r.Post("/connections/test", h.testConnection)
 	r.Post("/connections/test-all", h.testAllConnections)
 	r.Post("/connections/{id}/test", h.testSavedConnection)
 	r.Get("/remotes", h.remotesPage)
 	r.Get("/remotes/section", h.remotesSection)
 	r.Post("/remotes", h.createRemote)
+	r.Post("/remotes/{id}/update", h.updateRemote)
+	r.Post("/remotes/{id}/delete", h.deleteRemote)
 	r.Get("/notifications", h.notificationsPage)
 	r.Get("/notifications/section", h.notificationsSection)
 	r.Post("/notifications", h.createNotification)
+	r.Post("/notifications/{id}/update", h.updateNotification)
 	r.Post("/notifications/{id}/test", h.testNotification)
 	r.Post("/notifications/{id}/delete", h.deleteNotification)
 	r.Post("/notifications/bindings", h.saveNotificationBindings)
 	r.Get("/health-checks", h.healthChecksPage)
 	r.Get("/health-checks/section", h.healthChecksSection)
 	r.Post("/health-checks/{id}/settings", h.updateHealthCheckSettings)
+	r.Post("/health-checks/{id}/archive", h.archiveHealthCheck)
 	r.Post("/health-checks/{id}/run", h.runHealthCheckNow)
 	r.Post("/health-checks/bindings", h.saveHealthCheckBindings)
 	r.Get("/backups", h.backupsPage)
@@ -232,6 +251,7 @@ func (h *Handler) Router() http.Handler {
 	r.Get("/backups/section", h.backupsSection)
 	r.Get("/schedules/section", h.backupsSection)
 	r.Post("/backups", h.createBackup)
+	r.Post("/backups/{id}/update", h.updateBackup)
 	r.Post("/backups/{id}/run", h.runBackupNow)
 	r.Post("/backups/{id}/toggle", h.toggleBackup)
 	r.Post("/backups/{id}/delete", h.deleteBackup)
@@ -365,7 +385,11 @@ func (h *Handler) backupRuns(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *Handler) runsPage(w http.ResponseWriter, r *http.Request) {
-	data, err := h.loadRunsData(r.Context(), strings.TrimSpace(r.URL.Query().Get("run_id")))
+	data, err := h.loadRunsData(
+		r.Context(),
+		strings.TrimSpace(r.URL.Query().Get("run_id")),
+		parsePositiveInt(r.URL.Query().Get("page"), 1),
+	)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -375,7 +399,11 @@ func (h *Handler) runsPage(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *Handler) runsSection(w http.ResponseWriter, r *http.Request) {
-	data, err := h.loadRunsData(r.Context(), strings.TrimSpace(r.URL.Query().Get("run_id")))
+	data, err := h.loadRunsData(
+		r.Context(),
+		strings.TrimSpace(r.URL.Query().Get("run_id")),
+		parsePositiveInt(r.URL.Query().Get("page"), 1),
+	)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -383,7 +411,13 @@ func (h *Handler) runsSection(w http.ResponseWriter, r *http.Request) {
 	h.render(w, "runs_section", data)
 }
 
-func (h *Handler) loadRunsData(ctx context.Context, selectedRunID string) (pageData, error) {
+func (h *Handler) loadRunsData(ctx context.Context, selectedRunID string, page int) (pageData, error) {
+	if page < 1 {
+		page = 1
+	}
+	const pageSize = 15
+	offset := (page - 1) * pageSize
+
 	backups, err := h.repo.ListBackups(ctx)
 	if err != nil {
 		return pageData{}, err
@@ -395,11 +429,16 @@ func (h *Handler) loadRunsData(ctx context.Context, selectedRunID string) (pageD
 		backupByID[item.ID] = item
 	}
 
-	runs, err := h.repo.ListRecentRuns(ctx, 60)
+	runs, err := h.repo.ListRecentRunsPage(ctx, offset, pageSize+1)
 	if err != nil {
 		return pageData{}, err
 	}
 
+	hasNext := len(runs) > pageSize
+	if hasNext {
+		runs = runs[:pageSize]
+	}
+
 	runItems := make([]runListItem, 0, len(runs))
 	for _, run := range runs {
 		backup := backupByID[run.BackupID]
@@ -416,7 +455,14 @@ func (h *Handler) loadRunsData(ctx context.Context, selectedRunID string) (pageD
 		})
 	}
 
-	data := pageData{Backups: backups, RunItems: runItems}
+	data := pageData{
+		Backups:      backups,
+		RunItems:     runItems,
+		RunsPage:     page,
+		RunsPageSize: pageSize,
+		RunsHasPrev:  page > 1,
+		RunsHasNext:  hasNext,
+	}
 	if len(runItems) == 0 {
 		return data, nil
 	}
@@ -438,6 +484,96 @@ func (h *Handler) loadRunsData(ctx context.Context, selectedRunID string) (pageD
 	return data, nil
 }
 
+func (h *Handler) updateConnection(w http.ResponseWriter, r *http.Request) {
+	id := strings.TrimSpace(chi.URLParam(r, "id"))
+	if id == "" {
+		h.renderConnections(w, "", "connection id is required")
+		return
+	}
+	if err := r.ParseForm(); err != nil {
+		h.renderConnections(w, "", "Invalid form data")
+		return
+	}
+
+	port, err := parsePort(r.FormValue("port"))
+	if err != nil {
+		h.renderConnections(w, "", err.Error())
+		return
+	}
+
+	item := models.Connection{
+		Name:     strings.TrimSpace(r.FormValue("name")),
+		Type:     strings.ToLower(strings.TrimSpace(r.FormValue("type"))),
+		Host:     strings.TrimSpace(r.FormValue("host")),
+		Port:     port,
+		Database: strings.TrimSpace(r.FormValue("database")),
+		Username: strings.TrimSpace(r.FormValue("username")),
+		Password: r.FormValue("password"),
+		SSLMode:  strings.TrimSpace(r.FormValue("ssl_mode")),
+	}
+
+	if item.Name == "" || item.Type == "" || item.Host == "" {
+		h.renderConnections(w, "", "name, type, and host are required")
+		return
+	}
+	if item.Type != "postgres" && item.Type != "postgresql" && item.Type != "mysql" && item.Type != "convex" && item.Type != "d1" {
+		h.renderConnections(w, "", "type must be mysql, postgres, convex, or d1")
+		return
+	}
+	if item.Type == "d1" && item.Database == "" {
+		h.renderConnections(w, "", "database is required for d1")
+		return
+	}
+	if item.Type != "convex" && item.Type != "d1" && (item.Database == "" || item.Username == "") {
+		h.renderConnections(w, "", "database and username are required for mysql/postgres")
+		return
+	}
+	if item.Port == 0 {
+		switch item.Type {
+		case "postgres", "postgresql":
+			item.Port = 5432
+		case "mysql":
+			item.Port = 3306
+		}
+	}
+	if item.Type == "convex" {
+		if item.Database == "" {
+			item.Database = "convex"
+		}
+		if item.Username == "" {
+			item.Username = "convex"
+		}
+		item.SSLMode = ""
+	}
+	if item.Type == "d1" {
+		if item.Username == "" {
+			item.Username = "d1"
+		}
+		item.Port = 0
+		item.SSLMode = ""
+	}
+
+	if _, err := h.repo.UpdateConnection(r.Context(), id, &item); err != nil {
+		h.renderConnections(w, "", err.Error())
+		return
+	}
+
+	h.renderConnections(w, "Connection updated", "")
+}
+
+func (h *Handler) deleteConnection(w http.ResponseWriter, r *http.Request) {
+	id := strings.TrimSpace(chi.URLParam(r, "id"))
+	if id == "" {
+		h.renderConnections(w, "", "connection id is required")
+		return
+	}
+	if err := h.repo.DeleteConnection(r.Context(), id); err != nil {
+		h.renderConnections(w, "", "connection not found")
+		return
+	}
+	h.renderConnections(w, "Connection deleted", "")
+}
+
 func (h *Handler) downloadRun(w http.ResponseWriter, r *http.Request) {
 	runID := strings.TrimSpace(chi.URLParam(r, "id"))
 	if runID == "" {
@@ -815,6 +951,63 @@ func (h *Handler) createRemote(w http.ResponseWriter, r *http.Request) {
 	h.renderRemotes(w, "Remote created", "")
 }
 
+func (h *Handler) updateRemote(w http.ResponseWriter, r *http.Request) {
+	id := strings.TrimSpace(chi.URLParam(r, "id"))
+	if id == "" {
+		h.renderRemotes(w, "", "remote id is required")
+		return
+	}
+	if err := r.ParseForm(); err != nil {
+		h.renderRemotes(w, "", "Invalid form data")
+		return
+	}
+
+	provider := strings.ToLower(strings.TrimSpace(r.FormValue("provider")))
+	if provider == "" {
+		provider = "s3"
+	}
+
+	item := models.Remote{
+		Name:       strings.TrimSpace(r.FormValue("name")),
+		Provider:   provider,
+		Bucket:     strings.TrimSpace(r.FormValue("bucket")),
+		Region:     strings.TrimSpace(r.FormValue("region")),
+		Endpoint:   strings.TrimSpace(r.FormValue("endpoint")),
+		AccessKey:  strings.TrimSpace(r.FormValue("access_key")),
+		SecretKey:  strings.TrimSpace(r.FormValue("secret_key")),
+		PathPrefix: strings.TrimSpace(r.FormValue("path_prefix")),
+	}
+
+	if item.Name == "" || item.Bucket == "" || item.Region == "" {
+		h.renderRemotes(w, "", "name, bucket, and region are required")
+		return
+	}
+	if item.Provider != "s3" {
+		h.renderRemotes(w, "", "provider must be s3")
+		return
+	}
+
+	if _, err := h.repo.UpdateRemote(r.Context(), id, &item); err != nil {
+		h.renderRemotes(w, "", err.Error())
+		return
+	}
+
+	h.renderRemotes(w, "Remote updated", "")
+}
+
+func (h *Handler) deleteRemote(w http.ResponseWriter, r *http.Request) {
+	id := strings.TrimSpace(chi.URLParam(r, "id"))
+	if id == "" {
+		h.renderRemotes(w, "", "remote id is required")
+		return
+	}
+	if err := h.repo.DeleteRemote(r.Context(), id); err != nil {
+		h.renderRemotes(w, "", "remote not found")
+		return
+	}
+	h.renderRemotes(w, "Remote deleted", "")
+}
+
 func (h *Handler) createNotification(w http.ResponseWriter, r *http.Request) {
 	if err := r.ParseForm(); err != nil {
 		h.renderNotifications(w, "", "Invalid form data", strings.TrimSpace(r.FormValue("backup_id")))
@@ -864,6 +1057,68 @@ func (h *Handler) createNotification(w http.ResponseWriter, r *http.Request) {
 	h.renderNotifications(w, "Notification destination created", "", selectedBackupID)
 }
 
+func (h *Handler) updateNotification(w http.ResponseWriter, r *http.Request) {
+	id := strings.TrimSpace(chi.URLParam(r, "id"))
+	if id == "" {
+		h.renderNotifications(w, "", "notification id is required", strings.TrimSpace(r.FormValue("backup_id")))
+		return
+	}
+	if err := r.ParseForm(); err != nil {
+		h.renderNotifications(w, "", "Invalid form data", strings.TrimSpace(r.FormValue("backup_id")))
+		return
+	}
+
+	selectedBackupID := strings.TrimSpace(r.FormValue("backup_id"))
+	notificationType := strings.ToLower(strings.TrimSpace(r.FormValue("type")))
+	enabled := r.FormValue("enabled") == "on" || r.FormValue("enabled") == "true"
+
+	name := strings.TrimSpace(r.FormValue("name"))
+	discordWebhookURL := strings.TrimSpace(r.FormValue("discord_webhook_url"))
+	smtpHost := strings.TrimSpace(r.FormValue("smtp_host"))
+	smtpUsername := strings.TrimSpace(r.FormValue("smtp_username"))
+	smtpPassword := r.FormValue("smtp_password")
+	smtpFrom := strings.TrimSpace(r.FormValue("smtp_from"))
+	smtpTo := strings.TrimSpace(r.FormValue("smtp_to"))
+	smtpSecurity := strings.ToLower(strings.TrimSpace(r.FormValue("smtp_security")))
+
+	smtpPort := 587
+	portRaw := strings.TrimSpace(r.FormValue("smtp_port"))
+	portMode := strings.TrimSpace(r.FormValue("smtp_port_mode"))
+	if portMode != "" && portMode != "other" {
+		portRaw = portMode
+	}
+	if portMode == "other" {
+		portRaw = strings.TrimSpace(r.FormValue("smtp_port_custom"))
+	}
+	if portRaw != "" {
+		port, err := strconv.Atoi(portRaw)
+		if err != nil || port <= 0 || port > 65535 {
+			h.renderNotifications(w, "", "smtp_port must be between 1 and 65535", selectedBackupID)
+			return
+		}
+		smtpPort = port
+	}
+
+	if _, err := h.repo.UpdateNotification(r.Context(), id, repository.NotificationPatch{
+		Name:              stringPtr(name),
+		Type:              stringPtr(notificationType),
+		Enabled:           boolPtr(enabled),
+		DiscordWebhookURL: stringPtr(discordWebhookURL),
+		SMTPHost:          stringPtr(smtpHost),
+		SMTPPort:          intPtr(smtpPort),
+		SMTPUsername:      stringPtr(smtpUsername),
+		SMTPPassword:      stringPtr(smtpPassword),
+		SMTPFrom:          stringPtr(smtpFrom),
+		SMTPTo:            stringPtr(smtpTo),
+		SMTPSecurity:      stringPtr(smtpSecurity),
+	}); err != nil {
+		h.renderNotifications(w, "", err.Error(), selectedBackupID)
+		return
+	}
+
+	h.renderNotifications(w, "Notification destination updated", "", selectedBackupID)
+}
+
 func (h *Handler) testNotification(w http.ResponseWriter, r *http.Request) {
 	id := strings.TrimSpace(chi.URLParam(r, "id"))
 	selectedBackupID := strings.TrimSpace(r.URL.Query().Get("backup_id"))
@@ -1109,6 +1364,21 @@ func (h *Handler) saveHealthCheckBindings(w http.ResponseWriter, r *http.Request
 	h.renderHealthChecks(w, "Health check notifications updated", "", selectedHealthCheckID)
 }
 
+func (h *Handler) archiveHealthCheck(w http.ResponseWriter, r *http.Request) {
+	id := strings.TrimSpace(chi.URLParam(r, "id"))
+	selectedHealthCheckID := strings.TrimSpace(r.URL.Query().Get("health_check_id"))
+	if id == "" {
+		h.renderHealthChecks(w, "", "health check id is required", selectedHealthCheckID)
+		return
+	}
+	enabled := false
+	if _, err := h.repo.UpdateHealthCheck(r.Context(), id, repository.HealthCheckPatch{Enabled: &enabled}); err != nil {
+		h.renderHealthChecks(w, "", err.Error(), selectedHealthCheckID)
+		return
+	}
+	h.renderHealthChecks(w, "Health check archived", "", selectedHealthCheckID)
+}
+
 func (h *Handler) createBackup(w http.ResponseWriter, r *http.Request) {
 	if err := r.ParseForm(); err != nil {
 		h.renderBackups(w, "", "Invalid form data")
@@ -1203,6 +1473,110 @@ func (h *Handler) createBackup(w http.ResponseWriter, r *http.Request) {
 	h.renderBackups(w, "Backup created", "")
 }
 
+func (h *Handler) updateBackup(w http.ResponseWriter, r *http.Request) {
+	id := strings.TrimSpace(chi.URLParam(r, "id"))
+	if id == "" {
+		h.renderBackups(w, "", "backup id is required")
+		return
+	}
+	if err := r.ParseForm(); err != nil {
+		h.renderBackups(w, "", "Invalid form data")
+		return
+	}
+
+	retention, err := parseRetention(r.FormValue("retention_days"))
+	if err != nil {
+		h.renderBackups(w, "", err.Error())
+		return
+	}
+
+	targetType := strings.TrimSpace(r.FormValue("target_type"))
+	compression := strings.TrimSpace(r.FormValue("compression"))
+	if compression == "" {
+		compression = "gzip"
+	}
+	includeFileStorage := r.FormValue("include_file_storage") == "true" || r.FormValue("include_file_storage") == "on"
+	if targetType != "local" && targetType != "s3" {
+		h.renderBackups(w, "", "target_type must be local or s3")
+		return
+	}
+
+	cronExpr := strings.TrimSpace(r.FormValue("cron_expr"))
+	if _, err := cron.ParseStandard(cronExpr); err != nil {
+		h.renderBackups(w, "", "invalid cron_expr")
+		return
+	}
+
+	timezone := strings.TrimSpace(r.FormValue("timezone"))
+	if timezone == "" {
+		timezone = "UTC"
+	}
+
+	item := models.Backup{
+		Name:               strings.TrimSpace(r.FormValue("name")),
+		ConnectionID:       strings.TrimSpace(r.FormValue("connection_id")),
+		CronExpr:           cronExpr,
+		Timezone:           timezone,
+		TargetType:         targetType,
+		LocalPath:          strings.TrimSpace(r.FormValue("local_path")),
+		RetentionDays:      retention,
+		Compression:        compression,
+		IncludeFileStorage: includeFileStorage,
+	}
+
+	if item.Name == "" || item.ConnectionID == "" {
+		h.renderBackups(w, "", "name and connection are required")
+		return
+	}
+	conn, err := h.repo.GetConnection(r.Context(), item.ConnectionID)
+	if err != nil {
+		h.renderBackups(w, "", "connection_id not found")
+		return
+	}
+	if strings.EqualFold(conn.Type, "convex") {
+		item.Compression = "none"
+	} else {
+		item.IncludeFileStorage = false
+		if item.Compression != "gzip" && item.Compression != "none" {
+			h.renderBackups(w, "", "compression must be gzip or none")
+			return
+		}
+	}
+	if item.TargetType == "local" && item.LocalPath == "" {
+		h.renderBackups(w, "", "local_path is required for local target")
+		return
+	}
+	if item.TargetType == "s3" {
+		remoteID := strings.TrimSpace(r.FormValue("remote_id"))
+		if remoteID == "" {
+			h.renderBackups(w, "", "remote_id is required for s3 target")
+			return
+		}
+		if _, err := h.repo.GetRemote(r.Context(), remoteID); err != nil {
+			h.renderBackups(w, "", "remote_id not found")
+			return
+		}
+		item.RemoteID = &remoteID
+	}
+
+	updated, err := h.repo.UpdateBackup(r.Context(), id, &item)
+	if err != nil {
+		h.renderBackups(w, "", err.Error())
+		return
+	}
+
+	if updated.Enabled {
+		if err := h.scheduler.Upsert(r.Context(), id); err != nil {
+			h.renderBackups(w, "", err.Error())
+			return
+		}
+	} else {
+		h.scheduler.Delete(id)
+	}
+
+	h.renderBackups(w, "Backup updated", "")
+}
+
 func (h *Handler) runBackupNow(w http.ResponseWriter, r *http.Request) {
 	id := chi.URLParam(r, "id")
 	if _, err := h.repo.GetBackup(r.Context(), id); err != nil {
@@ -1609,6 +1983,26 @@ func parseRetention(value string) (int, error) {
 	return n, nil
 }
 
+func parsePositiveInt(value string, fallback int) int {
+	n, err := strconv.Atoi(strings.TrimSpace(value))
+	if err != nil || n <= 0 {
+		return fallback
+	}
+	return n
+}
+
+func stringPtr(v string) *string {
+	return &v
+}
+
+func boolPtr(v bool) *bool {
+	return &v
+}
+
+func intPtr(v int) *int {
+	return &v
+}
+
 func redactConnections(items []models.Connection) {
 	for i := range items {
 		items[i].Password = ""
diff --git a/internal/ui/handler_integration_test.go b/internal/ui/handler_integration_test.go
index a55a961..c69946d 100644
--- a/internal/ui/handler_integration_test.go
+++ b/internal/ui/handler_integration_test.go
@@ -2,6 +2,7 @@ package ui_test
 
 import (
 	"context"
+	"fmt"
 	"io"
 	"net/http"
 	"net/http/httptest"
@@ -268,3 +269,69 @@ func TestNotificationTestFromUI(t *testing.T) {
 		t.Fatal("expected webhook to be called")
 	}
 }
+
+func TestDeleteConnectionFromUI(t *testing.T) {
+	stack := testutil.NewStack(t)
+	h := ui.NewHandler(stack.Repo, stack.Scheduler, stack.Config)
+	server := httptest.NewServer(h.Router())
+	t.Cleanup(server.Close)
+
+	conn := testutil.MustCreateConnection(t, stack.Repo, "ui-delete-connection")
+
+	res, err := http.Post(server.URL+"/connections/"+conn.ID+"/delete", "application/x-www-form-urlencoded", strings.NewReader(""))
+	if err != nil {
+		t.Fatalf("post delete connection: %v", err)
+	}
+	defer func() { _ = res.Body.Close() }()
+
+	if res.StatusCode != http.StatusOK {
+		t.Fatalf("expected 200, got %d", res.StatusCode)
+	}
+
+	body, err := io.ReadAll(res.Body)
+	if err != nil {
+		t.Fatalf("read response body: %v", err)
+	}
+	if !strings.Contains(string(body), "Connection deleted") {
+		t.Fatalf("expected delete message, got %q", string(body))
+	}
+
+	items, err := stack.Repo.ListConnections(context.Background())
+	if err != nil {
+		t.Fatalf("list connections: %v", err)
+	}
+	if len(items) != 0 {
+		t.Fatalf("expected 0 connections after delete, got %d", len(items))
+	}
+}
+
+func TestRunsPaginationFromUI(t *testing.T) {
+	stack := testutil.NewStack(t)
+	h := ui.NewHandler(stack.Repo, stack.Scheduler, stack.Config)
+	server := httptest.NewServer(h.Router())
+	t.Cleanup(server.Close)
+
+	conn := testutil.MustCreateConnection(t, stack.Repo, "ui-runs-paging-connection")
+	backup := testutil.MustCreateLocalBackup(t, stack.Repo, "ui-runs-paging-backup", conn.ID, t.TempDir(), true)
+	for i := 0; i < 20; i++ {
+		testutil.MustCreateFinishedRun(t, stack.Repo, backup.ID, fmt.Sprintf("runs/%d.sql.gz", i))
+	}
+
+	res, err := http.Get(server.URL + "/runs/section?page=2")
+	if err != nil {
+		t.Fatalf("get runs section page 2: %v", err)
+	}
+	defer func() { _ = res.Body.Close() }()
+
+	if res.StatusCode != http.StatusOK {
+		t.Fatalf("expected 200, got %d", res.StatusCode)
+	}
+
+	body, err := io.ReadAll(res.Body)
+	if err != nil {
+		t.Fatalf("read response body: %v", err)
+	}
+	if !strings.Contains(string(body), "Page 2") {
+		t.Fatalf("expected pagination marker, got %q", string(body))
+	}
+}
diff --git a/internal/ui/templates/app.html b/internal/ui/templates/app.html
index 0584c63..5172cbe 100644
--- a/internal/ui/templates/app.html
+++ b/internal/ui/templates/app.html
@@ -410,6 +410,27 @@
     .btn-danger:hover { background: rgba(239, 68, 68, 0.2); }
     .btn-sm { padding: 5px 10px; font-size: 12px; border-radius: var(--radius-sm); }
 
+    .icon-btn {
+      width: 30px;
+      height: 30px;
+      padding: 0;
+      border-radius: var(--radius-sm);
+      border: 1px solid var(--border-sub);
+      background: var(--bg-elevated);
+      color: var(--text-secondary);
+      cursor: pointer;
+      display: inline-flex;
+      align-items: center;
+      justify-content: center;
+    }
+
+    .icon-btn:hover {
+      background: var(--bg-hover);
+      color: var(--text-primary);
+    }
+
+    .icon-btn i { width: 14px; height: 14px; }
+
     .flash {
       margin-bottom: 12px;
       border-radius: var(--radius-md);
@@ -437,6 +458,8 @@
     .badge.err { background: var(--red-dim); color: var(--red); }
     .badge.muted { background: var(--bg-overlay); color: var(--text-secondary); border: 1px solid var(--border-sub); }
     .badge.info { background: var(--accent-dim); color: var(--accent); }
+    .badge.enabled { background: var(--green-dim); color: var(--green); }
+    .badge.disabled { background: var(--red-dim); color: var(--red); }
 
     .conn-grid {
       display: grid;
@@ -492,7 +515,7 @@
     .table-wrap {
       border: 1px solid var(--border-sub);
       border-radius: var(--radius-lg);
-      overflow: hidden;
+      overflow: visible;
       background: var(--bg-surface);
     }
 
@@ -524,6 +547,81 @@
     tbody tr:last-child td { border-bottom: none; }
     tbody tr:hover { background: var(--bg-hover); }
 
+    .row-actions {
+      display: flex;
+      justify-content: flex-end;
+      position: relative;
+      z-index: 2;
+    }
+
+    .actions-menu {
+      position: relative;
+    }
+
+    .actions-menu[open] {
+      z-index: 40;
+    }
+
+    .actions-menu summary {
+      list-style: none;
+      cursor: pointer;
+    }
+
+    .actions-menu summary::-webkit-details-marker {
+      display: none;
+    }
+
+    .actions-pop {
+      position: absolute;
+      right: 0;
+      top: calc(100% + 6px);
+      min-width: 150px;
+      background: var(--bg-elevated);
+      border: 1px solid var(--border-sub);
+      border-radius: var(--radius-sm);
+      box-shadow: 0 14px 30px rgba(0, 0, 0, 0.35);
+      padding: 6px;
+      display: grid;
+      gap: 4px;
+      z-index: 30;
+    }
+
+    .menu-item {
+      width: 100%;
+      border: none;
+      background: transparent;
+      color: var(--text-secondary);
+      text-decoration: none;
+      border-radius: var(--radius-sm);
+      font-size: 12px;
+      font-family: var(--font-ui);
+      text-align: left;
+      padding: 7px 8px;
+      cursor: pointer;
+      display: inline-flex;
+      align-items: center;
+      gap: 7px;
+    }
+
+    .menu-item i {
+      width: 13px;
+      height: 13px;
+    }
+
+    .menu-item:hover {
+      background: var(--bg-hover);
+      color: var(--text-primary);
+    }
+
+    .menu-item.danger {
+      color: #fca5a5;
+    }
+
+    .menu-item.danger:hover {
+      background: var(--red-dim);
+      color: #fecaca;
+    }
+
     .mono { font-family: var(--font-mono); font-size: 12px; color: var(--text-secondary); }
 
     .dialog-modal {
@@ -820,6 +918,19 @@
 
   {{if eq .CurrentPage "notifications"}}{{template "notifications_dialog" .}}{{end}}
   {{if eq .CurrentPage "schedules"}}{{template "schedule_dialog" .}}{{end}}
+  <dialog id="confirm-dialog" class="dialog-modal" style="width:min(440px,90vw);">
+    <div class="dialog-head">
+      <span data-confirm-title>Confirm action</span>
+      <button class="btn btn-ghost btn-sm" type="button" data-dialog-close>Close</button>
+    </div>
+    <div class="dialog-body">
+      <div data-confirm-body class="page-sub" style="margin-top:0;">This action cannot be undone.</div>
+    </div>
+    <div class="dialog-foot">
+      <button type="button" class="btn btn-secondary" data-dialog-close>Cancel</button>
+      <button type="button" class="btn btn-danger" data-confirm-run>Confirm</button>
+    </div>
+  </dialog>
 
   <script>
     (function () {
@@ -998,9 +1109,238 @@
         }
       }
 
+      function setConnectionCreateMode() {
+        var form = document.getElementById("connection-form");
+        if (!form) return;
+        form.reset();
+        form.setAttribute("hx-post", "/app/connections");
+        var title = document.getElementById("connection-dialog-title");
+        if (title) title.textContent = "Add Connection";
+        var submit = document.getElementById("connection-submit");
+        if (submit) submit.textContent = "Save Connection";
+        var hidden = form.querySelector("input[name='connection_id']");
+        if (hidden) hidden.value = "";
+        syncConnectionForm();
+      }
+
+      function setConnectionEditMode(trigger) {
+        var form = document.getElementById("connection-form");
+        if (!form || !trigger) return;
+        form.setAttribute("hx-post", "/app/connections/" + (trigger.getAttribute("data-connection-id") || "") + "/update");
+        var title = document.getElementById("connection-dialog-title");
+        if (title) title.textContent = "Edit Connection";
+        var submit = document.getElementById("connection-submit");
+        if (submit) submit.textContent = "Update Connection";
+        var hidden = form.querySelector("input[name='connection_id']");
+        if (hidden) hidden.value = trigger.getAttribute("data-connection-id") || "";
+        var typeEl = form.querySelector("select[name='type']");
+        if (typeEl) typeEl.value = trigger.getAttribute("data-connection-type") || "postgres";
+        var map = {
+          "name": "data-connection-name",
+          "host": "data-connection-host",
+          "port": "data-connection-port",
+          "database": "data-connection-database",
+          "username": "data-connection-username",
+          "ssl_mode": "data-connection-ssl-mode"
+        };
+        Object.keys(map).forEach(function (key) {
+          var field = form.querySelector("[name='" + key + "']");
+          if (!field) return;
+          field.value = trigger.getAttribute(map[key]) || "";
+        });
+        var pwd = form.querySelector("input[name='password']");
+        if (pwd) pwd.value = "";
+        syncConnectionForm();
+      }
+
+      function setRemoteCreateMode() {
+        var form = document.getElementById("remote-form");
+        if (!form) return;
+        form.reset();
+        form.setAttribute("hx-post", "/app/remotes");
+        var title = document.getElementById("remote-dialog-title");
+        if (title) title.textContent = "Add Remote";
+        var submit = document.getElementById("remote-submit");
+        if (submit) submit.textContent = "Save Remote";
+      }
+
+      function setRemoteEditMode(trigger) {
+        var form = document.getElementById("remote-form");
+        if (!form || !trigger) return;
+        form.setAttribute("hx-post", "/app/remotes/" + (trigger.getAttribute("data-remote-id") || "") + "/update");
+        var title = document.getElementById("remote-dialog-title");
+        if (title) title.textContent = "Edit Remote";
+        var submit = document.getElementById("remote-submit");
+        if (submit) submit.textContent = "Update Remote";
+        var map = {
+          "name": "data-remote-name",
+          "provider": "data-remote-provider",
+          "bucket": "data-remote-bucket",
+          "region": "data-remote-region",
+          "endpoint": "data-remote-endpoint",
+          "path_prefix": "data-remote-path-prefix"
+        };
+        Object.keys(map).forEach(function (key) {
+          var field = form.querySelector("[name='" + key + "']");
+          if (!field) return;
+          field.value = trigger.getAttribute(map[key]) || "";
+        });
+        ["access_key", "secret_key"].forEach(function (key) {
+          var field = form.querySelector("[name='" + key + "']");
+          if (field) field.value = "";
+        });
+      }
+
+      function setNotificationCreateMode() {
+        var form = document.getElementById("notification-form");
+        if (!form) return;
+        form.reset();
+        form.setAttribute("hx-post", "/app/notifications");
+        var title = document.getElementById("notification-dialog-title");
+        if (title) title.textContent = "Add Notification Destination";
+        var submit = document.getElementById("notification-submit");
+        if (submit) submit.textContent = "Save Destination";
+        syncNotificationForm();
+      }
+
+      function setNotificationEditMode(trigger) {
+        var form = document.getElementById("notification-form");
+        if (!form || !trigger) return;
+        form.setAttribute("hx-post", "/app/notifications/" + (trigger.getAttribute("data-notification-id") || "") + "/update");
+        var title = document.getElementById("notification-dialog-title");
+        if (title) title.textContent = "Edit Notification Destination";
+        var submit = document.getElementById("notification-submit");
+        if (submit) submit.textContent = "Update Destination";
+        var map = {
+          "name": "data-notification-name",
+          "type": "data-notification-type",
+          "smtp_host": "data-notification-smtp-host",
+          "smtp_username": "data-notification-smtp-username",
+          "smtp_from": "data-notification-smtp-from",
+          "smtp_to": "data-notification-smtp-to",
+          "smtp_security": "data-notification-smtp-security"
+        };
+        Object.keys(map).forEach(function (key) {
+          var field = form.querySelector("[name='" + key + "']");
+          if (!field) return;
+          field.value = trigger.getAttribute(map[key]) || "";
+        });
+        var smtpPort = trigger.getAttribute("data-notification-smtp-port") || "587";
+        var mode = form.querySelector("select[name='smtp_port_mode']");
+        var custom = form.querySelector("input[name='smtp_port_custom']");
+        if (mode) {
+          if (smtpPort === "25" || smtpPort === "465" || smtpPort === "587" || smtpPort === "2525") {
+            mode.value = smtpPort;
+            if (custom) custom.value = "";
+          } else {
+            mode.value = "other";
+            if (custom) custom.value = smtpPort;
+          }
+        }
+        var enabled = trigger.getAttribute("data-notification-enabled") === "true";
+        var enabledField = form.querySelector("input[name='enabled']");
+        if (enabledField) enabledField.checked = enabled;
+        var webhook = form.querySelector("input[name='discord_webhook_url']");
+        if (webhook) webhook.value = "";
+        var pass = form.querySelector("input[name='smtp_password']");
+        if (pass) pass.value = "";
+        syncNotificationForm();
+      }
+
+      function setScheduleCreateMode() {
+        var form = document.getElementById("backup-form");
+        if (!form) return;
+        form.reset();
+        form.setAttribute("hx-post", "/app/backups");
+        var title = document.getElementById("schedule-dialog-title");
+        if (title) title.textContent = "Add Schedule";
+        var submit = document.getElementById("schedule-submit");
+        if (submit) submit.textContent = "Create Schedule";
+      }
+
+      function setScheduleEditMode(trigger) {
+        var form = document.getElementById("backup-form");
+        if (!form || !trigger) return;
+        form.setAttribute("hx-post", "/app/backups/" + (trigger.getAttribute("data-schedule-id") || "") + "/update");
+        var title = document.getElementById("schedule-dialog-title");
+        if (title) title.textContent = "Edit Schedule";
+        var submit = document.getElementById("schedule-submit");
+        if (submit) submit.textContent = "Update Schedule";
+        var map = {
+          "name": "data-schedule-name",
+          "connection_id": "data-schedule-connection-id",
+          "cron_expr": "data-schedule-cron",
+          "timezone": "data-schedule-timezone",
+          "target_type": "data-schedule-target-type",
+          "remote_id": "data-schedule-remote-id",
+          "local_path": "data-schedule-local-path",
+          "retention_days": "data-schedule-retention-days",
+          "compression": "data-schedule-compression"
+        };
+        Object.keys(map).forEach(function (key) {
+          var field = form.querySelector("[name='" + key + "']");
+          if (!field) return;
+          field.value = trigger.getAttribute(map[key]) || "";
+        });
+      }
+
+      var pendingConfirm = null;
+
+      function openConfirmDialog(trigger) {
+        var dialog = document.getElementById("confirm-dialog");
+        if (!dialog) return;
+        var titleEl = dialog.querySelector("[data-confirm-title]");
+        var bodyEl = dialog.querySelector("[data-confirm-body]");
+        pendingConfirm = {
+          post: trigger.getAttribute("data-confirm-post") || "",
+          target: trigger.getAttribute("data-confirm-target") || "",
+          swap: trigger.getAttribute("data-confirm-swap") || "outerHTML"
+        };
+        if (titleEl) {
+          titleEl.textContent = trigger.getAttribute("data-confirm-title") || "Confirm action";
+        }
+        if (bodyEl) {
+          bodyEl.textContent = trigger.getAttribute("data-confirm-body") || "This action cannot be undone.";
+        }
+        openDialog("confirm-dialog");
+      }
+
+      function runConfirmedAction() {
+        if (!pendingConfirm || !pendingConfirm.post || !window.htmx) return;
+        window.htmx.ajax("POST", pendingConfirm.post, {
+          target: pendingConfirm.target || "body",
+          swap: pendingConfirm.swap || "outerHTML"
+        });
+        pendingConfirm = null;
+      }
+
       document.addEventListener("click", function (event) {
         var opener = event.target.closest("[data-dialog-open]");
         if (opener) {
+          if (opener.hasAttribute("data-connection-create")) {
+            setConnectionCreateMode();
+          }
+          if (opener.hasAttribute("data-connection-edit")) {
+            setConnectionEditMode(opener);
+          }
+          if (opener.hasAttribute("data-remote-create")) {
+            setRemoteCreateMode();
+          }
+          if (opener.hasAttribute("data-remote-edit")) {
+            setRemoteEditMode(opener);
+          }
+          if (opener.hasAttribute("data-notification-create")) {
+            setNotificationCreateMode();
+          }
+          if (opener.hasAttribute("data-notification-edit")) {
+            setNotificationEditMode(opener);
+          }
+          if (opener.hasAttribute("data-schedule-create")) {
+            setScheduleCreateMode();
+          }
+          if (opener.hasAttribute("data-schedule-edit")) {
+            setScheduleEditMode(opener);
+          }
           openDialog(opener.getAttribute("data-dialog-open"));
           return;
         }
@@ -1014,6 +1354,17 @@
           applyConnectionString();
           return;
         }
+        var confirmer = event.target.closest("[data-confirm-post]");
+        if (confirmer) {
+          openConfirmDialog(confirmer);
+          return;
+        }
+        var confirmerRun = event.target.closest("[data-confirm-run]");
+        if (confirmerRun) {
+          runConfirmedAction();
+          closeDialog(confirmerRun);
+          return;
+        }
         if (event.target.tagName === "DIALOG") {
           var rect = event.target.getBoundingClientRect();
           var inside = rect.top <= event.clientY && event.clientY <= rect.bottom && rect.left <= event.clientX && event.clientX <= rect.right;
@@ -1052,6 +1403,16 @@
         }
       });
 
+      document.addEventListener("toggle", function (event) {
+        var menu = event.target;
+        if (!menu || !menu.classList || !menu.classList.contains("actions-menu") || !menu.open) return;
+        document.querySelectorAll(".actions-menu[open]").forEach(function (node) {
+          if (node !== menu) {
+            node.removeAttribute("open");
+          }
+        });
+      });
+
       syncConnectionForm();
       syncNotificationForm();
       if (window.lucide && typeof window.lucide.createIcons === "function") {
@@ -1115,7 +1476,7 @@
         <i data-lucide="refresh-cw"></i>
         Test All
       </button>
-      <button class="btn btn-primary btn-sm" type="button" data-dialog-open="connection-dialog">
+      <button class="btn btn-primary btn-sm" type="button" data-dialog-open="connection-dialog" data-connection-create="true">
         <i data-lucide="plus"></i>
         Add Connection
       </button>
@@ -1137,12 +1498,23 @@
       <div class="conn-host">{{connectionAddress .}}</div>
       <div class="conn-meta">
         <span>{{ago .UpdatedAt}}</span>
-        <button class="btn btn-ghost btn-sm" type="button" hx-post="/app/connections/{{.ID}}/test" hx-target="#connections-section" hx-swap="outerHTML">Test</button>
+        <details class="actions-menu">
+          <summary>
+            <span class="icon-btn">
+              <i data-lucide="ellipsis"></i>
+            </span>
+          </summary>
+          <div class="actions-pop">
+            <button class="menu-item" type="button" hx-post="/app/connections/{{.ID}}/test" hx-target="#connections-section" hx-swap="outerHTML"><i data-lucide="plug-zap"></i>Test</button>
+            <button class="menu-item" type="button" data-dialog-open="connection-dialog" data-connection-edit="true" data-connection-id="{{.ID}}" data-connection-name="{{.Name}}" data-connection-type="{{.Type}}" data-connection-host="{{.Host}}" data-connection-port="{{.Port}}" data-connection-database="{{.Database}}" data-connection-username="{{.Username}}" data-connection-ssl-mode="{{.SSLMode}}"><i data-lucide="pencil"></i>Edit</button>
+            <button class="menu-item danger" type="button" data-confirm-post="/app/connections/{{.ID}}/delete" data-confirm-target="#connections-section" data-confirm-title="Delete connection" data-confirm-body="Delete {{.Name}} and related health checks? This cannot be undone."><i data-lucide="trash-2"></i>Delete</button>
+          </div>
+        </details>
       </div>
     </div>
     {{end}}
 
-    <button type="button" class="conn-card" style="border-style:dashed;display:flex;align-items:center;justify-content:center;color:var(--text-muted);font-family:var(--font-mono);" data-dialog-open="connection-dialog">
+    <button type="button" class="conn-card" style="border-style:dashed;display:flex;align-items:center;justify-content:center;color:var(--text-muted);font-family:var(--font-mono);" data-dialog-open="connection-dialog" data-connection-create="true">
       + Add Connection
     </button>
   </div>
@@ -1152,11 +1524,12 @@
 
   <dialog id="connection-dialog" class="dialog-modal">
     <div class="dialog-head">
-      <span>Add Connection</span>
+      <span id="connection-dialog-title">Add Connection</span>
       <button class="btn btn-ghost btn-sm" type="button" data-dialog-close>Close</button>
     </div>
     <div class="dialog-body">
       <form id="connection-form" class="form-grid" hx-post="/app/connections" hx-target="#connections-section" hx-swap="outerHTML">
+        <input type="hidden" name="connection_id">
         <div class="full">
           <label>Connection String</label>
           <textarea name="connection_string" placeholder="postgres://user:pass@host:5432/dbname?sslmode=require"></textarea>
@@ -1209,7 +1582,7 @@
         </div>
         <div class="full dialog-foot" style="padding:0;border-top:none;justify-content:flex-end;">
           <button type="button" class="btn btn-secondary" hx-post="/app/connections/test" hx-include="#connection-form" hx-target="#connections-section" hx-swap="outerHTML">Test Connection</button>
-          <button type="submit" class="btn btn-primary">Save Connection</button>
+          <button type="submit" id="connection-submit" class="btn btn-primary">Save Connection</button>
         </div>
       </form>
     </div>
@@ -1225,7 +1598,7 @@
       <div class="page-sub">S3-compatible destinations for backup artifacts.</div>
     </div>
     <div class="page-actions">
-      <button class="btn btn-primary btn-sm" type="button" data-dialog-open="remote-dialog">Add Remote</button>
+      <button class="btn btn-primary btn-sm" type="button" data-dialog-open="remote-dialog" data-remote-create="true">Add Remote</button>
     </div>
   </div>
 
@@ -1242,6 +1615,7 @@
           <th>Region</th>
           <th>Endpoint</th>
           <th>Updated</th>
+          <th>Actions</th>
         </tr>
       </thead>
       <tbody>
@@ -1252,6 +1626,19 @@
           <td class="mono">{{.Region}}</td>
           <td class="mono">{{if .Endpoint}}{{.Endpoint}}{{else}}-{{end}}</td>
           <td class="mono">{{ago .UpdatedAt}}</td>
+          <td>
+            <div class="row-actions">
+              <details class="actions-menu">
+                <summary>
+                  <span class="icon-btn"><i data-lucide="ellipsis"></i></span>
+                </summary>
+                <div class="actions-pop">
+                  <button class="menu-item" type="button" data-dialog-open="remote-dialog" data-remote-edit="true" data-remote-id="{{.ID}}" data-remote-name="{{.Name}}" data-remote-provider="{{.Provider}}" data-remote-bucket="{{.Bucket}}" data-remote-region="{{.Region}}" data-remote-endpoint="{{.Endpoint}}" data-remote-path-prefix="{{.PathPrefix}}"><i data-lucide="pencil"></i>Edit</button>
+                  <button class="menu-item danger" type="button" data-confirm-post="/app/remotes/{{.ID}}/delete" data-confirm-target="#remotes-section" data-confirm-title="Delete remote" data-confirm-body="Delete remote {{.Name}}? This cannot be undone."><i data-lucide="trash-2"></i>Delete</button>
+                </div>
+              </details>
+            </div>
+          </td>
         </tr>
         {{end}}
       </tbody>
@@ -1263,11 +1650,12 @@
 
   <dialog id="remote-dialog" class="dialog-modal">
     <div class="dialog-head">
-      <span>Add Remote</span>
+      <span id="remote-dialog-title">Add Remote</span>
       <button class="btn btn-ghost btn-sm" type="button" data-dialog-close>Close</button>
     </div>
     <div class="dialog-body">
-      <form class="form-grid" hx-post="/app/remotes" hx-target="#remotes-section" hx-swap="outerHTML">
+      <form id="remote-form" class="form-grid" hx-post="/app/remotes" hx-target="#remotes-section" hx-swap="outerHTML">
+        <input type="hidden" name="remote_id">
         <div>
           <label>Name</label>
           <input name="name" placeholder="r2-primary" required>
@@ -1301,7 +1689,7 @@
           <input name="path_prefix" placeholder="backups/production/">
         </div>
         <div class="full dialog-foot" style="padding:0;border-top:none;">
-          <button type="submit" class="btn btn-primary">Save Remote</button>
+          <button type="submit" id="remote-submit" class="btn btn-primary">Save Remote</button>
         </div>
       </form>
     </div>
@@ -1321,7 +1709,7 @@
       <div class="page-sub">Create Discord and SMTP destinations, then bind them to schedules with success/failure rules.</div>
     </div>
     <div class="page-actions">
-      <button class="btn btn-primary btn-sm" type="button" data-dialog-open="notification-dialog">Add Destination</button>
+      <button class="btn btn-primary btn-sm" type="button" data-dialog-open="notification-dialog" data-notification-create="true">Add Destination</button>
     </div>
   </div>
 
@@ -1349,9 +1737,17 @@
               <td><span class="badge {{isEnabled .Enabled}}">{{isEnabled .Enabled}}</span></td>
               <td class="mono">{{ago .UpdatedAt}}</td>
               <td>
-                <div style="display:flex;gap:6px;flex-wrap:wrap;">
-                  <button class="btn btn-secondary btn-sm" hx-post="/app/notifications/{{.ID}}/test?backup_id={{$.SelectedBackupID}}" hx-target="#notifications-section" hx-swap="outerHTML">Test</button>
-                  <button class="btn btn-danger btn-sm" hx-post="/app/notifications/{{.ID}}/delete?backup_id={{$.SelectedBackupID}}" hx-target="#notifications-section" hx-swap="outerHTML">Delete</button>
+                <div class="row-actions">
+                  <details class="actions-menu">
+                    <summary>
+                      <span class="icon-btn"><i data-lucide="ellipsis"></i></span>
+                    </summary>
+                    <div class="actions-pop">
+                      <button class="menu-item" hx-post="/app/notifications/{{.ID}}/test?backup_id={{$.SelectedBackupID}}" hx-target="#notifications-section" hx-swap="outerHTML"><i data-lucide="send"></i>Test</button>
+                      <button class="menu-item" type="button" data-dialog-open="notification-dialog" data-notification-edit="true" data-notification-id="{{.ID}}" data-notification-name="{{.Name}}" data-notification-type="{{.Type}}" data-notification-enabled="{{.Enabled}}" data-notification-smtp-host="{{.SMTPHost}}" data-notification-smtp-port="{{.SMTPPort}}" data-notification-smtp-username="{{.SMTPUsername}}" data-notification-smtp-from="{{.SMTPFrom}}" data-notification-smtp-to="{{.SMTPTo}}" data-notification-smtp-security="{{.SMTPSecurity}}"><i data-lucide="pencil"></i>Edit</button>
+                      <button class="menu-item danger" type="button" data-confirm-post="/app/notifications/{{.ID}}/delete?backup_id={{$.SelectedBackupID}}" data-confirm-target="#notifications-section" data-confirm-title="Delete destination" data-confirm-body="Delete notification destination {{.Name}}? This cannot be undone."><i data-lucide="trash-2"></i>Delete</button>
+                    </div>
+                  </details>
                 </div>
               </td>
             </tr>
@@ -1471,9 +1867,19 @@
               <td class="mono">{{if .LastCheckedAt}}{{ago .LastCheckedAt.UTC}}{{else}}-{{end}}</td>
               <td class="mono">{{index $.HealthNotificationCounts .ID}} bound</td>
               <td>
-                <div style="display:flex;gap:6px;flex-wrap:wrap;">
-                  <button class="btn btn-secondary btn-sm" hx-post="/app/health-checks/{{.ID}}/run?health_check_id={{.ID}}" hx-target="#health-checks-section" hx-swap="outerHTML">Run now</button>
-                  <a class="btn btn-ghost btn-sm" href="/app/health-checks?health_check_id={{.ID}}" hx-get="/app/health-checks/section?health_check_id={{.ID}}" hx-target="#health-checks-section" hx-swap="outerHTML">Configure</a>
+                <div class="row-actions">
+                  <details class="actions-menu">
+                    <summary>
+                      <span class="icon-btn"><i data-lucide="ellipsis"></i></span>
+                    </summary>
+                    <div class="actions-pop">
+                      <button class="menu-item" hx-post="/app/health-checks/{{.ID}}/run?health_check_id={{.ID}}" hx-target="#health-checks-section" hx-swap="outerHTML"><i data-lucide="play"></i>Run now</button>
+                      <a class="menu-item" href="/app/health-checks?health_check_id={{.ID}}" hx-get="/app/health-checks/section?health_check_id={{.ID}}" hx-target="#health-checks-section" hx-swap="outerHTML"><i data-lucide="settings-2"></i>Configure</a>
+                      {{if .Enabled}}
+                      <button class="menu-item danger" type="button" data-confirm-post="/app/health-checks/{{.ID}}/archive?health_check_id={{$.SelectedHealthCheckID}}" data-confirm-target="#health-checks-section" data-confirm-title="Archive health check" data-confirm-body="Archive check for {{.Connection.Name}}? This will disable monitoring for it."><i data-lucide="archive"></i>Archive</button>
+                      {{end}}
+                    </div>
+                  </details>
                 </div>
               </td>
             </tr>
@@ -1590,7 +1996,7 @@
       <div class="page-sub">Configure cadence, retention, and execution controls.</div>
     </div>
     <div class="page-actions">
-      <button class="btn btn-primary btn-sm" type="button" data-dialog-open="schedule-dialog">Add Schedule</button>
+      <button class="btn btn-primary btn-sm" type="button" data-dialog-open="schedule-dialog" data-schedule-create="true">Add Schedule</button>
     </div>
   </div>
 
@@ -1623,16 +2029,23 @@
           <td><span class="badge {{isEnabled .Enabled}}">{{isEnabled .Enabled}}</span></td>
           <td class="mono"><a href="/app/notifications?backup_id={{.ID}}">{{index $.BackupNotificationCounts .ID}} bound</a></td>
           <td>
-            <div style="display:flex;flex-wrap:wrap;gap:6px;">
-              <button class="btn btn-secondary btn-sm" hx-post="/app/backups/{{.ID}}/run" hx-target="#schedules-section" hx-swap="outerHTML">Run now</button>
-              <a class="btn btn-ghost btn-sm" href="/app/runs">View runs</a>
-              <button class="btn btn-ghost btn-sm" type="button">Restore</button>
-              {{if .Enabled}}
-              <button class="btn btn-ghost btn-sm" hx-post="/app/backups/{{.ID}}/toggle" hx-vals='{"enabled":"false"}' hx-target="#schedules-section" hx-swap="outerHTML">Disable</button>
-              {{else}}
-              <button class="btn btn-ghost btn-sm" hx-post="/app/backups/{{.ID}}/toggle" hx-vals='{"enabled":"true"}' hx-target="#schedules-section" hx-swap="outerHTML">Enable</button>
-              {{end}}
-              <button class="btn btn-danger btn-sm" hx-post="/app/backups/{{.ID}}/delete" hx-target="#schedules-section" hx-swap="outerHTML">Delete</button>
+            <div class="row-actions">
+              <details class="actions-menu">
+                <summary>
+                  <span class="icon-btn"><i data-lucide="ellipsis"></i></span>
+                </summary>
+                <div class="actions-pop">
+                  <button class="menu-item" hx-post="/app/backups/{{.ID}}/run" hx-target="#schedules-section" hx-swap="outerHTML"><i data-lucide="play"></i>Run now</button>
+                  <a class="menu-item" href="/app/runs"><i data-lucide="list"></i>View runs</a>
+                  <button class="menu-item" type="button" data-dialog-open="schedule-dialog" data-schedule-edit="true" data-schedule-id="{{.ID}}" data-schedule-name="{{.Name}}" data-schedule-connection-id="{{.ConnectionID}}" data-schedule-cron="{{.CronExpr}}" data-schedule-timezone="{{.Timezone}}" data-schedule-target-type="{{.TargetType}}" data-schedule-remote-id="{{if .RemoteID}}{{.RemoteID}}{{end}}" data-schedule-local-path="{{.LocalPath}}" data-schedule-retention-days="{{.RetentionDays}}" data-schedule-compression="{{.Compression}}"><i data-lucide="pencil"></i>Edit</button>
+                  {{if .Enabled}}
+                  <button class="menu-item" hx-post="/app/backups/{{.ID}}/toggle" hx-vals='{"enabled":"false"}' hx-target="#schedules-section" hx-swap="outerHTML"><i data-lucide="pause"></i>Disable</button>
+                  {{else}}
+                  <button class="menu-item" hx-post="/app/backups/{{.ID}}/toggle" hx-vals='{"enabled":"true"}' hx-target="#schedules-section" hx-swap="outerHTML"><i data-lucide="play"></i>Enable</button>
+                  {{end}}
+                  <button class="menu-item danger" type="button" data-confirm-post="/app/backups/{{.ID}}/delete" data-confirm-target="#schedules-section" data-confirm-title="Delete schedule" data-confirm-body="Delete schedule {{.Name}}? This cannot be undone."><i data-lucide="trash-2"></i>Delete</button>
+                </div>
+              </details>
             </div>
           </td>
         </tr>
@@ -1650,11 +2063,12 @@
 {{define "notifications_dialog"}}
 <dialog id="notification-dialog" class="dialog-modal">
   <div class="dialog-head">
-    <span>Add Notification Destination</span>
+    <span id="notification-dialog-title">Add Notification Destination</span>
     <button class="btn btn-ghost btn-sm" type="button" data-dialog-close>Close</button>
   </div>
   <div class="dialog-body">
     <form id="notification-form" class="form-grid" hx-post="/app/notifications" hx-target="#notifications-section" hx-swap="outerHTML">
+      <input type="hidden" name="notification_id">
       <input type="hidden" name="backup_id" value="{{.SelectedBackupID}}">
       <div>
         <label>Name</label>
@@ -1724,7 +2138,7 @@
       </div>
 
       <div class="full dialog-foot" style="padding:0;border-top:none;justify-content:flex-end;">
-        <button type="submit" class="btn btn-primary">Save Destination</button>
+        <button type="submit" id="notification-submit" class="btn btn-primary">Save Destination</button>
       </div>
     </form>
   </div>
@@ -1733,12 +2147,13 @@
 
 {{define "schedule_dialog"}}
 <dialog id="schedule-dialog" class="dialog-modal">
-  <div class="dialog-head">
-    <span>Add Schedule</span>
-    <button class="btn btn-ghost btn-sm" type="button" data-dialog-close>Close</button>
-  </div>
+    <div class="dialog-head">
+      <span id="schedule-dialog-title">Add Schedule</span>
+      <button class="btn btn-ghost btn-sm" type="button" data-dialog-close>Close</button>
+    </div>
   <div class="dialog-body">
-    <form id="backup-form" class="form-grid" hx-post="/app/backups" hx-target="#schedules-section" hx-swap="outerHTML">
+      <form id="backup-form" class="form-grid" hx-post="/app/backups" hx-target="#schedules-section" hx-swap="outerHTML">
+        <input type="hidden" name="backup_id">
       <div>
         <label>Name</label>
         <input name="name" placeholder="production-every-6h" required>
@@ -1787,10 +2202,10 @@
           <option value="none">none</option>
         </select>
       </div>
-      <div class="full dialog-foot" style="padding:0;border-top:none;">
-        <button type="submit" class="btn btn-primary">Create Schedule</button>
-      </div>
-    </form>
+        <div class="full dialog-foot" style="padding:0;border-top:none;">
+          <button type="submit" id="schedule-submit" class="btn btn-primary">Create Schedule</button>
+        </div>
+      </form>
   </div>
 </dialog>
 {{end}}
@@ -1809,9 +2224,9 @@
 
 {{define "runs_section"}}
 {{if .SelectedRunID}}
-<section id="runs-section" class="page-block" hx-get="/app/runs/section?run_id={{.SelectedRunID}}" hx-trigger="every 8s [!document.querySelector('dialog[open]')]" hx-target="this" hx-swap="outerHTML">
+<section id="runs-section" class="page-block" hx-get="/app/runs/section?run_id={{.SelectedRunID}}&page={{.RunsPage}}" hx-trigger="every 8s [!document.querySelector('dialog[open]')]" hx-target="this" hx-swap="outerHTML">
 {{else}}
-<section id="runs-section" class="page-block" hx-get="/app/runs/section" hx-trigger="every 8s [!document.querySelector('dialog[open]')]" hx-target="this" hx-swap="outerHTML">
+<section id="runs-section" class="page-block" hx-get="/app/runs/section?page={{.RunsPage}}" hx-trigger="every 8s [!document.querySelector('dialog[open]')]" hx-target="this" hx-swap="outerHTML">
 {{end}}
   {{if .RunsErr}}<div class="flash err">{{.RunsErr}}</div>{{end}}
 
@@ -1820,7 +2235,7 @@
     <div class="run-list">
       <div class="run-list-head">Recent Runs</div>
       {{range .RunItems}}
-      <a class="run-item {{if eq $.SelectedRunID .ID}}active{{end}}" href="/app/runs?run_id={{.ID}}" hx-get="/app/runs/section?run_id={{.ID}}" hx-target="#runs-section" hx-swap="outerHTML">
+      <a class="run-item {{if eq $.SelectedRunID .ID}}active{{end}}" href="/app/runs?run_id={{.ID}}&page={{$.RunsPage}}" hx-get="/app/runs/section?run_id={{.ID}}&page={{$.RunsPage}}" hx-target="#runs-section" hx-swap="outerHTML">
         <div class="run-item-row">
           <span class="run-item-name">{{if .BackupName}}{{.BackupName}}{{else}}backup{{end}}</span>
           <span class="badge {{runTone .Status}}">{{.Status}}</span>
@@ -1828,6 +2243,11 @@
         <div class="run-item-meta">{{.StartedAt.Format "2006-01-02 15:04:05"}} UTC - {{duration .StartedAt .FinishedAt}}</div>
       </a>
       {{end}}
+      <div style="display:flex;align-items:center;justify-content:space-between;padding:8px 10px;border-top:1px solid var(--border-dim);">
+        <button class="btn btn-ghost btn-sm" {{if not .RunsHasPrev}}disabled{{end}} hx-get="/app/runs/section?page={{if .RunsHasPrev}}{{dec .RunsPage}}{{else}}{{.RunsPage}}{{end}}" hx-target="#runs-section" hx-swap="outerHTML">Prev</button>
+        <span class="mono">Page {{.RunsPage}}</span>
+        <button class="btn btn-ghost btn-sm" {{if not .RunsHasNext}}disabled{{end}} hx-get="/app/runs/section?page={{if .RunsHasNext}}{{inc .RunsPage}}{{else}}{{.RunsPage}}{{end}}" hx-target="#runs-section" hx-swap="outerHTML">Next</button>
+      </div>
     </div>
 
     {{if .HasSelectedRun}}

From b6dd14fb382a465664d677376d2b0606d062c10a Mon Sep 17 00:00:00 2001
From: Mohammed Sayed <49954985+cersho@users.noreply.github.com>
Date: Sat, 21 Mar 2026 14:26:06 +0200
Subject: [PATCH 2/2] fix: address cubic comments for SMTP edit handling

---
 internal/ui/handler.go                  | 10 ++--
 internal/ui/handler_integration_test.go | 66 +++++++++++++++++++++++++
 internal/ui/templates/app.html          |  9 +++-
 3 files changed, 80 insertions(+), 5 deletions(-)

diff --git a/internal/ui/handler.go b/internal/ui/handler.go
index 98aed2b..eec238a 100644
--- a/internal/ui/handler.go
+++ b/internal/ui/handler.go
@@ -1099,7 +1099,7 @@ func (h *Handler) updateNotification(w http.ResponseWriter, r *http.Request) {
 		smtpPort = port
 	}
 
-	if _, err := h.repo.UpdateNotification(r.Context(), id, repository.NotificationPatch{
+	patch := repository.NotificationPatch{
 		Name:              stringPtr(name),
 		Type:              stringPtr(notificationType),
 		Enabled:           boolPtr(enabled),
@@ -1107,11 +1107,15 @@ func (h *Handler) updateNotification(w http.ResponseWriter, r *http.Request) {
 		SMTPHost:          stringPtr(smtpHost),
 		SMTPPort:          intPtr(smtpPort),
 		SMTPUsername:      stringPtr(smtpUsername),
-		SMTPPassword:      stringPtr(smtpPassword),
 		SMTPFrom:          stringPtr(smtpFrom),
 		SMTPTo:            stringPtr(smtpTo),
 		SMTPSecurity:      stringPtr(smtpSecurity),
-	}); err != nil {
+	}
+	if strings.TrimSpace(smtpPassword) != "" {
+		patch.SMTPPassword = stringPtr(smtpPassword)
+	}
+
+	if _, err := h.repo.UpdateNotification(r.Context(), id, patch); err != nil {
 		h.renderNotifications(w, "", err.Error(), selectedBackupID)
 		return
 	}
diff --git a/internal/ui/handler_integration_test.go b/internal/ui/handler_integration_test.go
index c69946d..e379a13 100644
--- a/internal/ui/handler_integration_test.go
+++ b/internal/ui/handler_integration_test.go
@@ -270,6 +270,72 @@ func TestNotificationTestFromUI(t *testing.T) {
 	}
 }
 
+func TestUpdateSMTPNotificationFromUIKeepsPasswordWhenBlank(t *testing.T) {
+	stack := testutil.NewStack(t)
+	h := ui.NewHandler(stack.Repo, stack.Scheduler, stack.Config)
+	server := httptest.NewServer(h.Router())
+	t.Cleanup(server.Close)
+
+	createForm := url.Values{}
+	createForm.Set("name", "ops-smtp")
+	createForm.Set("type", "smtp")
+	createForm.Set("smtp_host", "smtp.example.com")
+	createForm.Set("smtp_port_mode", "587")
+	createForm.Set("smtp_username", "alerts@example.com")
+	createForm.Set("smtp_password", "initial-secret")
+	createForm.Set("smtp_from", "alerts@example.com")
+	createForm.Set("smtp_to", "team@example.com")
+	createForm.Set("smtp_security", "starttls")
+
+	createRes, err := http.PostForm(server.URL+"/notifications", createForm)
+	if err != nil {
+		t.Fatalf("post smtp notification form: %v", err)
+	}
+	defer func() { _ = createRes.Body.Close() }()
+	if createRes.StatusCode != http.StatusOK {
+		t.Fatalf("expected 200, got %d", createRes.StatusCode)
+	}
+
+	notifications, err := stack.Repo.ListNotifications(context.Background())
+	if err != nil {
+		t.Fatalf("list notifications: %v", err)
+	}
+	if len(notifications) != 1 {
+		t.Fatalf("expected 1 notification, got %d", len(notifications))
+	}
+
+	updateForm := url.Values{}
+	updateForm.Set("name", "ops-smtp-updated")
+	updateForm.Set("type", "smtp")
+	updateForm.Set("smtp_host", "smtp.example.com")
+	updateForm.Set("smtp_port_mode", "587")
+	updateForm.Set("smtp_username", "alerts@example.com")
+	updateForm.Set("smtp_password", "")
+	updateForm.Set("smtp_from", "alerts@example.com")
+	updateForm.Set("smtp_to", "team@example.com")
+	updateForm.Set("smtp_security", "starttls")
+
+	updateRes, err := http.PostForm(server.URL+"/notifications/"+notifications[0].ID+"/update", updateForm)
+	if err != nil {
+		t.Fatalf("post update smtp notification form: %v", err)
+	}
+	defer func() { _ = updateRes.Body.Close() }()
+	if updateRes.StatusCode != http.StatusOK {
+		t.Fatalf("expected 200, got %d", updateRes.StatusCode)
+	}
+
+	updated, err := stack.Repo.GetNotification(context.Background(), notifications[0].ID)
+	if err != nil {
+		t.Fatalf("get updated notification: %v", err)
+	}
+	if updated.Name != "ops-smtp-updated" {
+		t.Fatalf("expected updated name, got %q", updated.Name)
+	}
+	if updated.SMTPPassword != "initial-secret" {
+		t.Fatalf("expected smtp password to remain unchanged")
+	}
+}
+
 func TestDeleteConnectionFromUI(t *testing.T) {
 	stack := testutil.NewStack(t)
 	h := ui.NewHandler(stack.Repo, stack.Scheduler, stack.Config)
diff --git a/internal/ui/templates/app.html b/internal/ui/templates/app.html
index 5172cbe..7685105 100644
--- a/internal/ui/templates/app.html
+++ b/internal/ui/templates/app.html
@@ -1200,6 +1200,8 @@
         if (title) title.textContent = "Add Notification Destination";
         var submit = document.getElementById("notification-submit");
         if (submit) submit.textContent = "Save Destination";
+        var pass = form.querySelector("input[name='smtp_password']");
+        if (pass) pass.setAttribute("placeholder", "Required when username is set");
         syncNotificationForm();
       }
 
@@ -1243,7 +1245,10 @@
         var webhook = form.querySelector("input[name='discord_webhook_url']");
         if (webhook) webhook.value = "";
         var pass = form.querySelector("input[name='smtp_password']");
-        if (pass) pass.value = "";
+        if (pass) {
+          pass.value = "";
+          pass.setAttribute("placeholder", "Leave blank to keep existing password");
+        }
         syncNotificationForm();
       }
 
@@ -2111,7 +2116,7 @@
       </div>
       <div class="notif-smtp-only">
         <label>SMTP Password</label>
-        <input name="smtp_password" type="password">
+        <input name="smtp_password" type="password" placeholder="Required when username is set">
       </div>
       <div class="notif-smtp-only">
         <label>SMTP From</label>