fix(python): parse Fio 2-digit-year dates + add make sync-debug

Fio's transparent page now serves recent rows as DD.MM.YY while older
rows stay DD.MM.YYYY. parse_czech_date only knew the 4-digit form so
every recent transfer was silently dropped — make sync-2026 reported
zero new transactions. Adds %d.%m.%y and %d/%m/%y to the format list,
mirroring the Go-side fix from 2026-05-07.

Also adds a Python analog of make go-sync-debug:
- --dry-run skips header write / append / sort and prints "would …" lines
- --print-fio-table prints aligned per-txn table with NEW/DUP status
- make sync-debug [DAYS=N] wrapper (default DAYS=30)
- always-on stderr diagnostics in fio_utils: which fetcher was chosen
  (with FIO_API_TOKEN-unset lag warning) + raw-vs-filtered counts, so
  this class of "scraper drops everything" bug surfaces immediately.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

CHANGELOG.md

@@ -1,5 +1,55 @@
 # Changelog
 
+## 2026-05-11 22:56 CEST — fix(python): parse Fio 2-digit-year dates + add `make sync-debug` dry-run tool
+
+- Fix: `scripts/fio_utils.py` `parse_czech_date` now accepts `DD.MM.YY` / `D.M.YY` in addition to the 4-digit-year variants. Fio's transparent page now mixes both forms in the same response; the 2-digit rows were being silently dropped, which caused `make sync-2026` to miss every recent transfer. Mirrors the Go-side fix from 2026-05-07 (CHANGELOG entry below).
+- Added `--dry-run` and `--print-fio-table` flags to `scripts/sync_fio_to_sheets.py`, plus a `make sync-debug [DAYS=N]` Makefile target. Mirrors `make go-sync-debug`: fetches from Fio and dedupes against the sheet, prints `STATUS=NEW/DUP` per transaction, and prints per-row `Dry run: would append …` lines + `would sort by date` instead of touching the sheet.
+- Added always-on stderr diagnostics in `scripts/fio_utils.py`: which fetcher was selected (authenticated API vs. transparent-page scraper with `FIO_API_TOKEN`-unset warning), and raw-vs-after-filter transaction counts on both paths — so this class of "scraper drops everything" bug surfaces immediately.
+
+## 2026-05-08 14:55 CEST — feat(go): M6.6.1 — Pay-button QR popup modal
+
+- Restored the Python `showPayQR` in-page modal UX that was lost in M6.6 (Pay buttons were navigating the tab to the raw `/qr` PNG).
+- Replaced `<a href="{{qrHref ...}}">Pay</a>` with `<button data-name|amount|month|raw-month>` on `/adults` and `/juniors`; click is handled by a new `static/js/payment-qr.js` IIFE module that opens `#qrModal` with title, account, amount, message, and the QR image.
+- Added `#qrModal` markup to both templates; CSS `display:none` / `.active{display:flex}` rules added (content rules were already present from M6.1). `Esc`, `[close]`, and outside-click all dismiss; coexists with the M6.5 member-detail modal.
+- Removed the now-dead `qrHref` / `qrHrefAll` template helpers from `render.go`.
+- Markup tests in `html_handler_test.go` assert modal IDs, script tag, `data-bank-account`, and that no bare `href="/qr"` links remain.
+- Key files: `go/internal/web/static/js/payment-qr.js`, `go/internal/web/templates/adults.tmpl`, `go/internal/web/templates/juniors.tmpl`, `go/internal/web/render.go`, `go/internal/web/static/css/app.css`.
+
+## 2026-05-08 13:57 CEST — feat(go): M6.6 — /qr, /sync-bank, /flush-cache, /version
+
+- Added `GET /qr`: generates Czech QR Platba PNG from SPD payload (account, amount, message query params); ports Python's `qr_code()` handler exactly including account validation, amount clamping, and `*` stripping.
+- Implemented `GET /sync-bank`: runs Fio sync → infer payments → cache flush, captures output into `sync.tmpl` page with success/error banner.
+- Implemented `GET /flush-cache` + `POST /flush-cache`: form + action that deletes cache files and shows deleted count.
+- Added `GET /version` as a JSON alias of `GET /api/version` (Python parity).
+- Added `FlushCache() (int, error)` to `membership.Sources` interface; implemented on `realSources` via `cache.FileCache.Flush()`.
+- Introduced `web.ActionHandlers{BankSync}` — closure-based dep injection for sync, constructed in `serverCmd` with fio + sheets clients.
+- New dependency: `github.com/skip2/go-qrcode`.
+- Key files: `go/internal/web/qr.go`, `go/internal/web/html_handler.go`, `go/internal/web/server.go`, `go/internal/services/membership/loader.go`, `go/internal/web/templates/sync.tmpl`, `go/internal/web/templates/flush_cache.tmpl`.
+
+## 2026-05-08 13:19 CEST — feat(go): M6.5 — member-detail modal JS module
+
+- Added `static/js/member-detail.js`: fetches `/api/adults` or `/api/juniors` once on page load, caches the response, renders a per-member detail modal on `[i]` row click.
+- Modal sections: status-per-month table, fee exceptions, other transactions, matched payment history, toggleable raw-payments debug view.
+- Keyboard nav: `Esc` closes, `↑`/`↓` walk visible (name-filtered) rows; click outside modal content closes it.
+- Added `[i]` info icon and `#memberModal` markup to `adults.tmpl` and `juniors.tmpl`; all CSS was already in place from M6.1.
+- Added `TestModalMarkup` assertions to `html_handler_test.go`.
+
+## 2026-05-08 12:48 CEST — feat(go): M6.4 — Go-native /payments page
+
+- Extracted `AssemblePayments(ctx)` from the inlined JSON handler body, following the M6.2/M6.3 `AssembleAdults`/`AssembleJuniors` pattern.
+- Added `PaymentsPageData` to `render.go`; wired `HTMLHandler.ServePayments` to call `AssemblePayments` and render the new template.
+- Replaced the "Coming in M6.4" placeholder in `payments.tmpl` with the full grouped-by-person ledger: alphabetical `<h2>` member blocks, each with a `txn-table` (Date / Amount / Purpose / Bank Message), newest-first rows, `"Unmatched / Unknown"` bucket.
+- Appended ledger CSS classes to `app.css` (`.ledger-container`, `.member-block`, `.txn-table`, `.txn-{date,amount,purpose,message}`, `tr:hover`).
+- Added `TestPaymentsPage` markup test. No filters, no JS — matches the Python page.
+
+## 2026-05-08 11:25 CEST — feat(go): M6.3 — Go-native /juniors page
+
+- Extracted `AssembleJuniors(ctx)` from the JSON handler so HTML and JSON share one view-model path (mirrors `AssembleAdults`).
+- Added `JuniorsPageData` to `render.go`; wired `HTMLHandler.ServeJuniors` to call `AssembleJuniors` and render the new template.
+- Replaced the 4-line "Coming in M6.3" placeholder in `juniors.tmpl` with the full template: member table, name/month-range filters, totals row, Credits + Debts sections, Pay / Pay All links to `/qr`. No Unmatched section (parity with Python).
+- J/A attendance breakdown and `"?"` sentinel rendered via `MonthCell.Text` produced by `buildJuniorMemberRow` — no extra template logic.
+- `make parity` reports 3/3 routes OK; all Go tests pass.
+
 ## 2026-05-08 11:11 CEST — fix: period selector showed only Dec 2025+ on adults
 
 - Restored the `2025-09 → 2025-10` adult merge in `scripts/attendance.py` and `go/internal/services/membership/sources.go` (commented-out by `1257f0d`); the `2025-12 → 2026-01` mapping stays disabled per product decision (Dec and Jan are billed separately for adults).

Makefile

@@ -35,6 +35,7 @@ help:
 	@echo "  make sync        - Sync Fio transactions to Google Sheets"
 	@echo "  make sync-2025   - Sync Fio transactions for Q4 2025 (Oct-Dec)"
 	@echo "  make sync-2026   - Sync Fio transactions for the whole year of 2026"
+	@echo "  make sync-debug [DAYS=N] - Dry-run Python sync with Fio diagnostics and txn table (default DAYS=30)"
 	@echo "  make infer       - Infer payment details (Person, Purpose, Amount) in the sheet"
 	@echo "  make reconcile   - Show balance report using Google Sheets data"
 	@echo "  make venv        - Sync virtual environment with pyproject.toml"
@@ -125,6 +126,9 @@ sync-2025: $(PYTHON)
 sync-2026: $(PYTHON)
 	$(PYTHON) scripts/sync_fio_to_sheets.py --credentials .secret/fuj-management-bot-credentials.json --from 2026-01-01 --to 2026-12-31 --sort-by-date
 
+sync-debug: $(PYTHON)  ## Dry-run Python sync with Fio diagnostics and txn table (default DAYS=30)
+	$(PYTHON) scripts/sync_fio_to_sheets.py --credentials .secret/fuj-management-bot-credentials.json --days $(DAYS) --dry-run --print-fio-table
+
 infer: $(PYTHON)
 	$(PYTHON) scripts/infer_payments.py --credentials $(CREDENTIALS)
 

docs/plans/2026-05-03-2349-go-backend-rewrite-progress.md

@@ -4,7 +4,7 @@ Companion to [2026-05-03-2349-go-backend-rewrite.md](2026-05-03-2349-go-backend-
 
 **Current milestone:** M6 — Go-native HTML frontend
 **Started:** 2026-05-04
-**Last updated:** 2026-05-08 (M6.2 merged)
+**Last updated:** 2026-05-08 (M6.6 + M6.6.1 merged)
 
 ## How to use
 
@@ -112,10 +112,11 @@ Goal: feature-equivalent UX on the Go side, designed cleanly. Not a Jinja port.
 
 - [x] **M6.1** Template skeleton: base layout, nav (Adults/Juniors/Payments/Sync/Flush), terminal-green-on-black theme; `embed.FS` for `templates/` + `static/` — `78e5059`
 - [x] **M6.2** `/adults` page: table, name filter input, month range filter, totals row, credits/debts/unmatched sections, Pay buttons that link to `/qr` — `c85748b`
-- [ ] **M6.3** `/juniors` page: same structure + per-month J/A attendance breakdown + `"?"` sentinel rendering
-- [ ] **M6.4** `/payments` page: grouped-by-person ledger view
-- [ ] **M6.5** Modal JS module (`static/js/member-detail.js`): fetches `/api/adults` (or juniors), renders status/exceptions/transactions on row click; keyboard nav (Esc, ↑/↓)
-- [ ] **M6.6** `/qr`, `/sync-bank`, `/flush-cache`, `/version` pages
+- [x] **M6.3** `/juniors` page: same structure + per-month J/A attendance breakdown + `"?"` sentinel rendering — `9564103`
+- [x] **M6.4** `/payments` page: grouped-by-person ledger view — `689f1c0`
+- [x] **M6.5** Modal JS module (`static/js/member-detail.js`): fetches `/api/adults` (or juniors), renders status/exceptions/transactions on row click; keyboard nav (Esc, ↑/↓) — `e53e238`
+- [x] **M6.6** `/qr`, `/sync-bank`, `/flush-cache`, `/version` pages — `f6ba85b`
+- [x] **M6.6.1** Pay-button QR popup modal (`payment-qr.js`); restores Python `showPayQR` UX lost in M6.6 — `4276d7b`
 - [ ] **M6.7** Wire `embed.FS` into handlers; verify single-binary deployment includes all assets
 
 **Gate:** Browser smoke on :8080: all pages render, name+month filters work, modal opens with correct data, QR loads, sync/flush work end-to-end.

docs/plans/2026-05-08-1123-go-m6-3-juniors-page.md

@@ -0,0 +1,67 @@
+# M6.3 — Go-native `/juniors` page
+
+## Context
+
+The Go rewrite is in milestone M6 (Go-native HTML frontend). M6.2 shipped the `/adults` page in commit `c85748b`; the [progress tracker](../../srv/personal/fuj-management/docs/plans/2026-05-03-2349-go-backend-rewrite-progress.md) line 115 names M6.3 as:
+
+> `/juniors` page: same structure + per-month J/A attendance breakdown + `"?"` sentinel rendering
+
+The Go side already has `buildJuniorsResponse` (M5.2) that produces the full JSON view model, and the JuniorsResponse uses the same `MemberRow`/`MonthCell`/`TotalCell` types as `AdultsResponse`. Critically, `buildJuniorMemberRow` ([go/internal/web/api/build_juniors.go:142](../../srv/personal/fuj-management/go/internal/web/api/build_juniors.go#L142)) already bakes the J/A breakdown (e.g. `"3/500 CZK (4:2J,2A)"`) and the `"?"` sentinel into `MonthCell.Text` — no template-level junior-specific logic is required for the M6.3 table.
+
+Today `juniors.tmpl` is a 4-line "Coming in M6.3" placeholder and `HTMLHandler.ServeJuniors` ([html_handler.go:35](../../srv/personal/fuj-management/go/internal/web/html_handler.go#L35)) just renders that placeholder. Goal of M6.3: produce a working `/juniors` page that mirrors the structure of `/adults` and reaches feature parity with the Python `/juniors` route.
+
+## Approach
+
+Mirror the M6.2 pattern exactly:
+
+1. **Extract `AssembleJuniors(ctx)`** from the JSON handler so HTML + JSON share one view-model assembly path (the parity contract).
+2. **Add `JuniorsPageData`** wrapper type next to `AdultsPageData` in `render.go`.
+3. **Replace `juniors.tmpl`** with an adults-shaped layout. Because `JuniorsResponse` shares the same field names used by `adults.tmpl` (`Months`, `RawMonths`, `Results`, `Totals`, `Credits`, `Debts`, `AttendanceURL`, `PaymentsURL`, `BankAccount`, `CurrentMonth`), the template body is essentially copy/paste with one parity tweak (see "Decisions" below).
+4. **Wire `HTMLHandler.ServeJuniors`** to call `AssembleJuniors` and render the new template, parallel to `ServeAdults`.
+
+No new CSS, no new JS — `filters.js` and the `cell-*` classes (lifted in M6.1) already cover juniors.
+
+## Files to modify
+
+| File | Change |
+| --- | --- |
+| [go/internal/web/api/handler.go](../../srv/personal/fuj-management/go/internal/web/api/handler.go) | Add `AssembleJuniors(ctx) (JuniorsResponse, error)`; refactor existing `ServeJuniors` to call it (mirrors `AssembleAdults` at line 47). |
+| [go/internal/web/render.go](../../srv/personal/fuj-management/go/internal/web/render.go) | Add `JuniorsPageData` struct (PageData + `Data api.JuniorsResponse` + `Error string`). |
+| [go/internal/web/html_handler.go](../../srv/personal/fuj-management/go/internal/web/html_handler.go) | Replace stub `ServeJuniors` with the same shape as `ServeAdults` (lines 20–33). |
+| [go/internal/web/templates/juniors.tmpl](../../srv/personal/fuj-management/go/internal/web/templates/juniors.tmpl) | Replace placeholder with a structurally identical copy of [adults.tmpl](../../srv/personal/fuj-management/go/internal/web/templates/adults.tmpl), with the title swapped to "Juniors Dashboard" and the Unmatched section removed (parity with Python). |
+| [docs/plans/2026-05-03-2349-go-backend-rewrite-progress.md](../../srv/personal/fuj-management/docs/plans/2026-05-03-2349-go-backend-rewrite-progress.md) | Tick `M6.3` once merged, append merge SHA. |
+| [CHANGELOG.md](../../srv/personal/fuj-management/CHANGELOG.md) | New top-most entry per CLAUDE.md format. |
+
+## Decisions captured
+
+- **No "Unmatched Transactions" section on `/juniors`.** Python's [templates/juniors.html](../../srv/personal/fuj-management/templates/juniors.html) renders only Credits + Debts (no Unmatched block). Although `JuniorsResponse.Unmatched` is populated, parity says we don't render it on juniors. The data stays available for the modal in M6.5.
+- **Reuse `qrHref` / `qrHrefAll` template funcs** from [render.go:35–57](../../srv/personal/fuj-management/go/internal/web/render.go#L35-L57). They are name-only (not adult-specific) and already on `tmplFuncs`.
+- **Reuse the existing `cell-empty / cell-unpaid / cell-unpaid-current / cell-ok / cell-overridden` cell-class branching** from `adults.tmpl` lines 60–67 verbatim. The "?" sentinel is rendered as plain `{{$cell.Text}}` text — no template branch needed because `buildJuniorMemberRow` produces `"?"` or `"? CZK"` already.
+- **No template helper extraction** (e.g. shared `_table_section.tmpl`). The two templates will be near-duplicates, but extracting a shared partial now is premature — wait until M6.4 or later when patterns settle. M6.2 didn't extract one either.
+- **Branch**: `feat/go-m6-3-juniors-page`, MR via `tea pr create` per CLAUDE.md.
+
+## Verification
+
+End-to-end smoke (parallel-running both backends as in M5/M6.2):
+
+1. `cd go && make run` (or whatever target boots the Go server on :8080).
+2. Browser-load `http://localhost:8080/juniors`. Confirm:
+   - Member rows render with cells containing fee + attendance breakdown like `0/500 CZK (3:2J,1A)`.
+   - At least one `"?"` cell visible (any junior with exactly one session in some month).
+   - Filter input narrows rows by name; From/To month selects hide columns via `data-month-idx`.
+   - `Pay` button visible on past-month unpaid cells; clicking links to `/qr?...`. (The QR endpoint itself lands in M6.6 — only the link target is in scope here.)
+   - `Pay All` visible on rows with `Balance < 0`.
+   - TOTAL row sums correctly per month.
+   - Credits + Debts sections render when present; no Unmatched section.
+3. JSON parity: `make parity` against the M3 fixture corpus must still report zero non-allowlisted diffs for `/api/juniors` (the `AssembleJuniors` extraction must not change wire output).
+4. Compare side-by-side against Python `/juniors` on :5001 for the same fixture; the table cells should match cell-for-cell modulo the known M5 allowlist.
+
+## Out of scope
+
+- Modal (`[i]` info button + `#memberModal`) — that is M6.5.
+- QR endpoint, `/sync-bank`, `/flush-cache`, `/version` pages — M6.6.
+- Embed.FS deploy verification — M6.7.
+
+## Plan-file relocation
+
+Per [CLAUDE.md](../../srv/personal/fuj-management/CLAUDE.md) "Plans" section, plan files belong in `docs/plans/YYYY-MM-DD-HHMM-<slug>.md` inside the repo. Plan mode forced this draft into `~/.claude/plans/`; first step after ExitPlanMode is to copy this file to `docs/plans/2026-05-08-HHMM-go-m6-3-juniors-page.md` (resolving the timestamp at that moment) and commit it on the feature branch alongside the implementation.

docs/plans/2026-05-08-1220-go-m6-4-payments-page.md

@@ -0,0 +1,215 @@
+# M6.4 — Go-native `/payments` page (grouped-by-person ledger)
+
+> Plan-mode note: per project convention this plan should live at
+> `docs/plans/2026-05-08-1220-go-m6-4-payments-page.md`. The first execution
+> step after approval is to copy this file there.
+
+## Context
+
+The Go port of the Flask app is at milestone **M6.4**: replace the placeholder
+`/payments` template ([go/internal/web/templates/payments.tmpl](go/internal/web/templates/payments.tmpl))
+with a feature-equivalent grouped-by-person ledger view, matching the Python
+[templates/payments.html](templates/payments.html) page.
+
+Compared to M6.2 (`/adults`) and M6.3 (`/juniors`), this page is **structurally
+much simpler**:
+
+- No filters (no name input, no month-range selects).
+- No totals / credits / debts / unmatched-as-extra-section.
+- No JS (no `filters.js`, no modal — modal is M6.5 territory and Python's
+  payments page itself has none).
+- No QR / Pay buttons.
+- Single grouping dimension: **by person**, sorted alphabetically, with a
+  synthetic `"Unmatched / Unknown"` bucket appended.
+- Each person's transactions sorted **newest-first**.
+- Columns: Date, Amount (right-aligned, green), Purpose, Bank Message.
+
+The JSON API side is already done (`/api/payments` at
+[go/internal/web/api/handler.go:78-86](go/internal/web/api/handler.go#L78-L86)),
+returning a `PaymentsResponse{ GroupedPayments, SortedPeople, AttendanceURL,
+PaymentsURL }`. The HTML side just needs to consume it.
+
+## Approach
+
+Mirror the M6.2/M6.3 pattern: extract an `AssembleX(ctx)` method, add a typed
+`PageData` wrapper, render a real template, lift the page-specific CSS into the
+shared stylesheet.
+
+### 1. Extract `AssemblePayments(ctx) (PaymentsResponse, error)`
+
+In [go/internal/web/api/handler.go](go/internal/web/api/handler.go), refactor
+`ServePayments` (currently inlines the load+build at lines 78-86) to mirror
+`AssembleAdults` / `AssembleJuniors`:
+
+```go
+func (h *Handler) ServePayments(w http.ResponseWriter, r *http.Request) {
+    resp, err := h.AssemblePayments(r.Context())
+    if err != nil { h.writeError(w, r, err); return }
+    writeJSON(w, resp)
+}
+
+func (h *Handler) AssemblePayments(ctx context.Context) (PaymentsResponse, error) {
+    txns, err := h.Sources.LoadTransactions(ctx)
+    if err != nil { return PaymentsResponse{}, fmt.Errorf("load transactions: %w", err) }
+    return buildPaymentsResponse(txns, h.allMemberNames(ctx)), nil
+}
+```
+
+Pure refactor — `make parity` should report zero diffs on `/api/payments`.
+
+### 2. Add `PaymentsPageData` wrapper
+
+In [go/internal/web/render.go](go/internal/web/render.go), alongside
+`AdultsPageData` / `JuniorsPageData`:
+
+```go
+type PaymentsPageData struct {
+    PageData
+    Data  api.PaymentsResponse
+    Error string
+}
+```
+
+No changes needed to `pageNames` — `"payments"` is already registered.
+
+### 3. Rewire HTML handler
+
+Replace [go/internal/web/html_handler.go:50-52](go/internal/web/html_handler.go#L50-L52):
+
+```go
+func (h *HTMLHandler) ServePayments(w http.ResponseWriter, r *http.Request) {
+    data := PaymentsPageData{ PageData: PageData{Active: "payments", Build: h.build} }
+    resp, err := h.apiHandler.AssemblePayments(r.Context())
+    if err != nil { data.Error = err.Error() } else { data.Data = resp }
+    h.renderer.Render(w, "payments", data)
+}
+```
+
+### 4. Replace template stub
+
+Rewrite [go/internal/web/templates/payments.tmpl](go/internal/web/templates/payments.tmpl)
+(currently a 5-line placeholder). Structure:
+
+```gotmpl
+{{define "title"}}Payments Ledger{{end}}
+{{define "content"}}
+<h1>Payments Ledger</h1>
+<p class="description">
+  All bank transactions from the
+  <a href="{{.Data.PaymentsURL}}" target="_blank">payments sheet</a>,
+  grouped by member. Names are matched against the
+  <a href="{{.Data.AttendanceURL}}" target="_blank">attendance sheet</a>.
+</p>
+{{if .Error}}<p class="error">{{.Error}}</p>{{end}}
+<div class="ledger-container">
+{{range $person := .Data.SortedPeople}}
+  <div class="member-block">
+    <h2>{{$person}}</h2>
+    <table class="txn-table">
+      <thead><tr>
+        <th class="txn-date">Date</th>
+        <th class="txn-amount">Amount</th>
+        <th class="txn-purpose">Purpose</th>
+        <th class="txn-message">Bank Message</th>
+      </tr></thead>
+      <tbody>
+      {{range $tx := index $.Data.GroupedPayments $person}}
+        <tr>
+          <td class="txn-date">{{$tx.Date}}</td>
+          <td class="txn-amount">{{printf "%.0f" $tx.Amount}} CZK</td>
+          <td class="txn-purpose">{{$tx.Purpose}}</td>
+          <td class="txn-message">{{$tx.Message}}</td>
+        </tr>
+      {{end}}
+      </tbody>
+    </table>
+  </div>
+{{end}}
+</div>
+{{end}}
+```
+
+Notes:
+- `printf "%.0f"` matches the visual style of integer CZK amounts (Python prints
+  the float as-is, but bank-row amounts are always whole CZK). If the user
+  prefers exact Python parity (`750.0 CZK`), drop the `printf` and use
+  `{{$tx.Amount}}`.
+- Iterating a `map` requires using `.Data.SortedPeople` to drive order then
+  `index $.Data.GroupedPayments $person` — Go templates don't preserve map
+  insertion order.
+
+### 5. Add CSS classes to `app.css`
+
+Append the page-specific rules from [templates/payments.html:111-164](templates/payments.html#L111-L164)
+to [go/internal/web/static/css/app.css](go/internal/web/static/css/app.css):
+`.ledger-container`, `.member-block`, `.txn-table`, `.txn-table th/td`,
+`.txn-date`, `.txn-amount`, `.txn-purpose`, `.txn-message`, `tr:hover`. The
+terminal-green palette already matches.
+
+### 6. Unit test
+
+Add a markup-level test to `go/internal/web/html_handler_test.go` (the file
+created in M6.2/M6.3) following the same pattern: stub `Sources` returning a
+fixed transaction list, assert response is HTML 200, assert key strings appear
+(person names as `<h2>`, "Payments Ledger" `<h1>`, expected amount, "Unmatched
+/ Unknown" bucket when an unattributed tx exists).
+
+## Critical files
+
+| Action  | Path |
+|---------|------|
+| edit    | [go/internal/web/api/handler.go](go/internal/web/api/handler.go) — extract `AssemblePayments` |
+| edit    | [go/internal/web/render.go](go/internal/web/render.go) — add `PaymentsPageData` |
+| edit    | [go/internal/web/html_handler.go](go/internal/web/html_handler.go) — rewire `ServePayments` |
+| rewrite | [go/internal/web/templates/payments.tmpl](go/internal/web/templates/payments.tmpl) — real template |
+| edit    | [go/internal/web/static/css/app.css](go/internal/web/static/css/app.css) — append ledger CSS |
+| edit    | `go/internal/web/html_handler_test.go` — payments markup test |
+
+No changes to `server.go`, `assets.go`, `Sources` interface, `buildPaymentsResponse`,
+or any domain code — these were completed in M5 / M6.1.
+
+## Reused existing helpers
+
+- [go/internal/web/api/build_payments.go](go/internal/web/api/build_payments.go) — `buildPaymentsResponse` (existing, unchanged)
+- [go/internal/web/api/build_common.go:84-117](go/internal/web/api/build_common.go#L84-L117) — `groupRawPaymentsByPerson` handles canonicalization, comma-splitting, `[?]` stripping, newest-first sort
+- [go/internal/web/api/handler.go:116-129](go/internal/web/api/handler.go#L116-L129) — `allMemberNames`
+- [go/internal/web/templates/partials/nav.tmpl](go/internal/web/templates/partials/nav.tmpl) and `footer.tmpl` — already include the `[Payments Ledger]` nav link
+
+## Verification
+
+End-to-end:
+
+1. `cd go && make go-build go-test go-lint` — all green.
+2. `make parity` — confirm the `AssemblePayments` extraction is byte-equal on
+   `/api/payments`.
+3. `make web-go &` then:
+   - `curl -i localhost:8080/payments | head -30` — HTTP 200, `text/html`.
+   - Browser load `http://localhost:8080/payments`:
+     - "Payments Ledger" heading + description with two clickable sheet links.
+     - Alphabetical member blocks, each with a table.
+     - Amounts right-aligned, green, "CZK" suffix.
+     - Newest-first ordering inside each block.
+     - "Unmatched / Unknown" bucket sorts in alphabetical position (capital U →
+       near end).
+     - Hover on a row darkens the background.
+     - Nav highlights `[Payments Ledger]` as the active link.
+   - Cross-check with Python: `make web-py &` → `http://localhost:5001/payments`
+     should look visually identical except for nav styling.
+4. `make web-py & make web-go &` then `tea pr create` once committed (per
+   project branch-per-feature workflow).
+
+## Branching
+
+Create `feat/go-m6-4-payments-page` off `main`, push, open MR via `tea`.
+Follow project conventions: Co-Authored-By trailer, CHANGELOG entry once user
+confirms it works, tick **M6.4** in
+[docs/plans/2026-05-03-2349-go-backend-rewrite-progress.md:116](docs/plans/2026-05-03-2349-go-backend-rewrite-progress.md#L116)
+with the merge SHA after the user merges in Gitea.
+
+## Out of scope (deferred)
+
+- **Modal / `[i]` info button** — M6.5 (not present in Python `/payments` either).
+- **Period selector** — `/payments` has none in Python; not adding one.
+- **embed.FS deploy verification** — M6.7.
+- **Shared partial extraction** — payments structurally diverges from
+  adults/juniors enough that there's no obvious common partial to lift; defer.

docs/plans/2026-05-08-1259-go-m6-5-modal-js.md

@@ -0,0 +1,288 @@
+# M6.5 — Member-detail modal JS module (`/adults`, `/juniors`)
+
+> Plan-mode note: per project convention this plan should live at
+> `docs/plans/2026-05-08-HHMM-go-m6-5-modal-js.md` (use `date "+%Y-%m-%d-%H%M"`
+> when copying). The first execution step after approval is to copy this file
+> there. Branch: `feat/go-m6-5-modal-js` off `main`.
+
+## Context
+
+The Go port of the Flask app is at milestone **M6.5**: the `/adults` and
+`/juniors` pages currently render their tables ([go/internal/web/templates/adults.tmpl](go/internal/web/templates/adults.tmpl),
+[go/internal/web/templates/juniors.tmpl](go/internal/web/templates/juniors.tmpl))
+but have no row-click member-detail modal — the feature that lets a user click
+a member's row to inspect status per month, exception overrides, "other"
+transactions, the matched payment list, and a debug raw-payments view.
+
+The Python implementation lives inline in
+[templates/adults.html:718-993](templates/adults.html#L718-L993)
+(matching code in [templates/juniors.html](templates/juniors.html) — same
+modal markup and JS). It uses globals injected via Jinja:
+`memberData`, `sortedMonths`, `monthLabels`, `rawPaymentsByPerson`. M6.5
+replaces this with a clean static JS module.
+
+Per milestone wording — *"fetches `/api/adults` (or juniors), renders
+status/exceptions/transactions on row click; keyboard nav (Esc, ↑/↓)"* —
+and per the user's design choice: the JS module fetches `/api/<page>` **once
+on page load** and caches the response in a module-scoped variable. Subsequent
+row clicks render synchronously from cache. This keeps HTML purely
+server-rendered and reuses the parity-tested JSON contract already shipped in
+M5.
+
+All the building blocks are already in place:
+
+- **JSON API**: `/api/adults` and `/api/juniors` already return
+  `member_data`, `month_labels`, `raw_payments` as nested objects (see
+  [go/internal/web/api/adults.go:27-42](go/internal/web/api/adults.go#L27-L42)
+  and the analogous juniors response). Junior `Expected` serialises as `"?"`
+  for the unknown sentinel via custom `MarshalJSON`
+  ([go/internal/web/api/types.go:24-29](go/internal/web/api/types.go#L24-L29)) — JS sees a literal string `"?"`.
+- **CSS**: `#memberModal`, `.modal-content`, `.modal-section`, `.modal-table`,
+  `.tx-list`, `.tx-item`, `.tx-meta`, `.tx-amount`, `.info-icon`, `.raw-toggle`
+  were lifted whole during M6.1 and live in
+  [go/internal/web/static/css/app.css](go/internal/web/static/css/app.css)
+  (lines 168-487). No CSS work needed.
+- **Member-row hooks**: `tr.member-row[data-name="..."]` and `td.member-name`
+  are already rendered by both templates.
+- **JS module convention**: `static/js/filters.js` is loaded with `<script src="/static/js/filters.js" defer>`;
+  M6.5 adds a sibling `static/js/member-detail.js` with the same loading
+  pattern.
+
+## Approach
+
+### 1. Add `[i]` info icon + `#memberModal` markup to both templates
+
+In [go/internal/web/templates/adults.tmpl](go/internal/web/templates/adults.tmpl)
+and [go/internal/web/templates/juniors.tmpl](go/internal/web/templates/juniors.tmpl):
+
+a. Inside the `<td class="member-name">{{$row.Name}}</td>` cell (line 59 of
+   each template), append the icon button:
+
+   ```gotmpl
+   <td class="member-name">{{$row.Name}}<span class="info-icon" data-name="{{$row.Name}}" title="Show details">[i]</span></td>
+   ```
+
+   Using a `data-name` attribute and a CSS class (rather than `onclick="..."`)
+   keeps the template free of inline JS — the module wires up the listener
+   itself.
+
+b. After the closing `</div>` of the table-container / sections, before the
+   `<script>` tag at line 140 (adults) / 120 (juniors), inject the modal
+   markup. Mirror the Python structure verbatim
+   ([templates/adults.html:644-707](templates/adults.html#L644-L707)):
+
+   ```gotmpl
+   <div id="memberModal" class="modal" onclick="if (event.target === this) this.classList.remove('active')">
+     <div class="modal-content">
+       <div class="modal-header">
+         <span class="modal-title" id="modalMemberName">—</span>
+         <span id="modalTier" class="modal-tier"></span>
+         <a href="#" class="modal-close" onclick="event.preventDefault(); document.getElementById('memberModal').classList.remove('active')">[x]</a>
+       </div>
+
+       <div class="modal-section">
+         <div class="modal-section-title">Status by Month</div>
+         <table class="modal-table">
+           <thead><tr><th>Month</th><th>Sessions</th><th>Expected</th><th>Paid</th><th>Status</th></tr></thead>
+           <tbody id="modalStatusBody"></tbody>
+         </table>
+       </div>
+
+       <div class="modal-section" id="modalExceptionSection" style="display:none">
+         <div class="modal-section-title">Exception Overrides</div>
+         <div id="modalExceptionList" class="tx-list"></div>
+       </div>
+
+       <div class="modal-section" id="modalOtherSection" style="display:none">
+         <div class="modal-section-title">Other Payments</div>
+         <div id="modalOtherList" class="tx-list"></div>
+       </div>
+
+       <div class="modal-section">
+         <div class="modal-section-title">Matched Transactions</div>
+         <div id="modalTxList" class="tx-list"></div>
+       </div>
+
+       <div class="modal-section">
+         <div class="modal-section-title">
+           Raw Payments (debug)
+           <a href="#" id="rawPaymentsToggle" class="raw-toggle">[show]</a>
+         </div>
+         <div id="modalRawList" class="tx-list" style="display:none"></div>
+       </div>
+     </div>
+   </div>
+   ```
+
+c. Add the script tag alongside `filters.js`. To tell the module which API
+   endpoint to fetch, use a `data-page` attribute on `body` (or on the
+   filter container — already exists). Simplest: add `data-page="adults"` /
+   `data-page="juniors"` to the existing `<div id="filterContainer">`.
+   The module reads it on load.
+
+   ```gotmpl
+   <script src="/static/js/member-detail.js" defer></script>
+   ```
+
+### 2. Create [go/internal/web/static/js/member-detail.js](go/internal/web/static/js/member-detail.js)
+
+A single shared module — both pages use the same DOM contract, so the same
+JS works for both. Structure (vanilla ES, no build step, matches `filters.js`
+style — IIFE, `'use strict'`, no globals leaked):
+
+```js
+(function () {
+  'use strict';
+
+  const container = document.getElementById('filterContainer');
+  if (!container) return;
+  const page = container.dataset.page;        // "adults" | "juniors"
+  if (!page) return;
+
+  let apiData = null;          // cached /api/<page> response
+  let currentMemberName = null;
+
+  // ── Data load ─────────────────────────────────────────────────────────
+  async function loadData() {
+    if (apiData) return apiData;
+    const r = await fetch('/api/' + page);
+    if (!r.ok) throw new Error('failed to fetch /api/' + page);
+    apiData = await r.json();
+    return apiData;
+  }
+
+  // Pre-warm immediately so first click is instant.
+  loadData().catch(err => console.error('[member-detail]', err));
+
+  // ── Modal render ──────────────────────────────────────────────────────
+  async function showMember(name) { /* port of Python showMemberDetails */ }
+  function toggleRawPayments(ev)  { /* port */ }
+  function closeModal()           { document.getElementById('memberModal').classList.remove('active'); }
+  function navigateMember(dir)    { /* port — walk visible .member-row */ }
+
+  // ── Wiring ────────────────────────────────────────────────────────────
+  document.querySelectorAll('.info-icon[data-name]').forEach(el => {
+    el.addEventListener('click', ev => {
+      ev.stopPropagation();
+      showMember(el.dataset.name);
+    });
+  });
+  document.getElementById('rawPaymentsToggle').addEventListener('click', toggleRawPayments);
+
+  document.addEventListener('keydown', e => {
+    const modal = document.getElementById('memberModal');
+    if (e.key === 'Escape') { closeModal(); return; }
+    if (!modal.classList.contains('active')) return;
+    if (e.key === 'ArrowDown') { e.preventDefault(); navigateMember(1); }
+    if (e.key === 'ArrowUp')   { e.preventDefault(); navigateMember(-1); }
+  });
+}());
+```
+
+The four `port` functions transcribe Python literally, with two adjustments:
+
+- `data.tier` — read directly from the API response (already present as
+  `AdultsMemberData.Tier` / `JuniorsMemberData.Tier`).
+- Junior `expected` may equal the literal string `"?"` (sentinel from
+  `Expected.MarshalJSON`). The status-row formatter must treat string
+  `expected` as "unknown / single attendance" and skip the numeric
+  comparisons — same logic Python uses when it sees `"?"`.
+
+`navigateMember` walks `document.querySelectorAll('tr.member-row')` filtered
+by `style.display !== 'none'`, finds the index whose `dataset.name`
+matches `currentMemberName`, and calls `showMember` on the next/previous
+visible row. Identical to Python lines 944-962 but uses `dataset.name`
+instead of parsing `childNodes[0].textContent`.
+
+### 3. Wire `data-page` attribute
+
+Append `data-page="adults"` to the `filterContainer` div in `adults.tmpl`,
+`data-page="juniors"` in `juniors.tmpl`. One-line edit per template.
+
+### 4. Unit test
+
+Extend [go/internal/web/html_handler_test.go](go/internal/web/html_handler_test.go)
+with assertions that the rendered HTML for `/adults` and `/juniors` contains:
+
+- `class="info-icon"` with the expected `data-name` per fixture row,
+- `id="memberModal"`,
+- `<script src="/static/js/member-detail.js"`,
+- `data-page="adults"` / `data-page="juniors"` on the filter container.
+
+These are markup-level checks only — the JS module behaviour is not unit
+tested in Go (would require headless-browser tooling that is out of scope
+for this milestone). Manual browser verification covers it.
+
+## Critical files
+
+| Action | Path |
+|--------|------|
+| edit   | [go/internal/web/templates/adults.tmpl](go/internal/web/templates/adults.tmpl) — add `[i]` icon, modal markup, `data-page`, script tag |
+| edit   | [go/internal/web/templates/juniors.tmpl](go/internal/web/templates/juniors.tmpl) — same |
+| new    | `go/internal/web/static/js/member-detail.js` — modal module |
+| edit   | `go/internal/web/html_handler_test.go` — markup assertions |
+
+No changes to: `app.css` (already complete), `assets.go` (the `embed.FS`
+glob `static/js/*` already picks up new files), `server.go`, `render.go`,
+the API handlers, or any domain code.
+
+## Reused existing infrastructure
+
+- [go/internal/web/api/handler.go](go/internal/web/api/handler.go) — `/api/adults`, `/api/juniors` already serve the modal's data
+- [go/internal/web/api/adults.go:27-42](go/internal/web/api/adults.go#L27-L42), [go/internal/web/api/juniors.go](go/internal/web/api/juniors.go) — typed responses
+- [go/internal/web/api/types.go:24-29](go/internal/web/api/types.go#L24-L29) — `Expected` "?" sentinel marshalling
+- [go/internal/web/static/css/app.css](go/internal/web/static/css/app.css) — modal CSS already lifted
+- [go/internal/web/static/js/filters.js](go/internal/web/static/js/filters.js) — IIFE / `'use strict'` / `data-*` attribute style to match
+- [templates/adults.html:725-962](templates/adults.html#L725-L962) — Python reference implementation to port (logic, not literal copy)
+
+## Verification
+
+End-to-end:
+
+1. `cd go && make go-build go-test go-lint` — all green.
+2. `make web-go &` — boot Go on `:8080`.
+3. Browser: `http://localhost:8080/adults`
+   - Click `[i]` next to a member name → modal opens with that member's data.
+   - Status table populated; cells colour-coded (cell-ok / cell-unpaid).
+   - Exception section visible only if member has exceptions; exception
+     amount shown with "*" override style.
+   - "Other Payments" section visible only if member has other-purpose
+     transactions.
+   - Matched transactions list newest-first; raw-payments section starts
+     hidden, `[show]` toggles to `[hide]`.
+   - `Esc` closes the modal; `ArrowDown` / `ArrowUp` walk visible rows
+     (after applying name filter).
+   - Click outside the `.modal-content` closes the modal.
+   - Open DevTools Network tab → reload; confirm one request to `/api/adults`
+     fires on page load (data is pre-warmed), no further requests on row
+     click.
+4. Browser: `http://localhost:8080/juniors`
+   - Same checks; verify `expected = "?"` rows render the question-mark
+     status without throwing JS errors.
+5. Cross-check against Python: `make web-py &` → `http://localhost:5001/adults`
+   should look visually equivalent (modulo nav styling) for the same fixture.
+6. After commit: `tea pr create --base main --head feat/go-m6-5-modal-js`.
+
+## Branching
+
+Per [CLAUDE.md](CLAUDE.md): create `feat/go-m6-5-modal-js` off `main`,
+commit with `Co-Authored-By` trailer, push with `-u`, open MR via
+`tea pr create`. Do not merge from CLI. After the user merges in Gitea:
+
+- Add CHANGELOG entry (timestamp via `date "+%Y-%m-%d %H:%M %Z"`).
+- Tick **M6.5** in
+  [docs/plans/2026-05-03-2349-go-backend-rewrite-progress.md:117](docs/plans/2026-05-03-2349-go-backend-rewrite-progress.md#L117)
+  with the merge SHA.
+
+## Out of scope (deferred)
+
+- **`/qr` modal** — separate `#qrModal` element, lives in M6.6 alongside
+  `/sync-bank`, `/flush-cache`, `/version`.
+- **Pay buttons inside the modal** — Python's modal does not include
+  Pay-from-modal; current Go pages already render row-level Pay buttons
+  in M6.2/M6.3.
+- **Modal on `/payments`** — Python `/payments` has no modal, neither does
+  Go (confirmed in M6.4 plan).
+- **Deep-linking (`/adults#name=Foo`)** — not in Python, not adding.
+- **Headless-browser JS tests** — out of scope for this milestone; manual
+  browser verification per §Verification.

docs/plans/2026-05-08-1334-go-m6-6-action-pages.md

@@ -0,0 +1,124 @@
+# M6.6 — `/qr`, `/sync-bank`, `/flush-cache`, `/version` (Go parity)
+
+> On approval, relocate this file to `docs/plans/YYYY-MM-DD-HHMM-go-m6-6-action-pages.md` per the repo's `CLAUDE.md` "Plans" convention before starting work.
+
+## Context
+
+The Go-rewrite progress tracker ([2026-05-03-2349-go-backend-rewrite-progress.md:118](docs/plans/2026-05-03-2349-go-backend-rewrite-progress.md#L118)) lists M6.6 as:
+
+> `/qr, /sync-bank, /flush-cache, /version pages`
+
+After M6.4 (payments page) and M6.5 (member-detail modal JS), the only remaining pre-deployment HTML/action endpoints in Python that the Go binary doesn't yet implement are these four. The adults/juniors templates already produce `/qr?...` URLs via the `qrHref` / `qrHrefAll` helpers ([render.go:47-71](go/internal/web/render.go#L47-L71)) — the matching handler is the missing piece. `sync` and `flush_cache` templates exist as "Coming in M6.6" stubs and need real markup + working handlers. `/api/version` already serves build metadata; `/version` just needs to alias it (Python parity).
+
+After M6.6 the M6 gate ("Browser smoke on :8080: all pages render … QR loads, sync/flush work end-to-end") is reachable.
+
+## Confirmed design choices
+
+- **`/sync-bank`**: Python-faithful — GET both renders and triggers the sync, captures stdout/stderr into a log buffer, surfaces success/failure via a flag. Matches existing nav `[Sync Bank Data]` link.
+- **`/version`**: JSON alias of `/api/version`. No HTML page.
+- **QR library**: `github.com/skip2/go-qrcode`. Default level `qrcode.Medium`, size 256.
+
+## Scope per endpoint
+
+### 1. `GET /qr` — PNG only
+
+Match Python ([app.py:321-356](app.py#L321-L356)) verbatim semantics:
+
+1. Read `account` (default `cfg.BankAccount`), `amount` (default `"0"`), `message` (default `""`).
+2. Validate account against `^[A-Z]{2}\d{2,34}$|^\d{1,16}/\d{4}$`; on miss, silently fall back to `cfg.BankAccount`.
+3. Parse amount as float64; clamp to `[0, 10_000_000]`; format `%.2f`; on parse error → `"0.00"`.
+4. Truncate message to 60 runes; strip all `*`.
+5. If account contains `/`, split into `{number}*BC:{bankcode}`; else use raw.
+6. SPD payload: `SPD*1.0*ACC:{acc}*AM:{amount}*CC:CZK*MSG:{msg}` (no `BC:` key when IBAN — Python doesn't either).
+7. `qrcode.Encode(payload, qrcode.Medium, 256)` → write bytes with `Content-Type: image/png`.
+
+No template, no HTML.
+
+### 2. `GET /sync-bank` — triggers + renders
+
+Match Python ([app.py:124-151](app.py#L124-L151)):
+
+1. Build a `*bytes.Buffer` to capture step output.
+2. For each step write a header line then call:
+   - `banksync.SyncToSheets(ctx, cfg.PaymentsSheetID, fioClient, sheetsClient, banksync.SyncOpts{From: jan1ThisYear, To: dec31ThisYear, Sort: true})`
+   - `banksync.InferPayments(ctx, cfg.PaymentsSheetID, sheetsClient, sources, banksync.InferOpts{})`
+   - `cacheFlusher.Flush()` — append `"%d cache files deleted"`.
+3. On any error: append `err.Error()` + a stack trace via `runtime/debug.Stack()`, set `success=false`, continue rendering.
+4. Render `sync` template with `SyncPageData{ PageData; Output string; Success bool }`.
+
+The `banksync` package's stdout-printing functions can be redirected by passing an `io.Writer` — confirm during implementation; if they only print to `os.Stdout`, capture by tee'ing through a `slog` handler or briefly swapping `os.Stdout` (or extend the package with a `*Writer` option). **Preferred**: add a `Logger io.Writer` field to `banksync.SyncOpts` / `InferOpts`. This is a minor extension to existing services, not a rewrite.
+
+### 3. `/flush-cache` — GET form, POST action
+
+Match Python ([app.py:117-122](app.py#L117-L122)):
+
+- `GET` → render `flush_cache` with `Flushed=false`.
+- `POST` → call `cacheFlusher.Flush()`, render with `Flushed=true, Deleted=n`.
+
+### 4. `GET /version` — JSON
+
+One-liner: register the existing `api.VersionHandler` (or its inline equivalent in [api/version.go](go/internal/web/api/version.go)) on the `/version` path as well as `/api/version`. Output: `{"tag", "commit", "build_date"}`.
+
+## Files to create / modify
+
+### New files
+
+- **[go/internal/web/templates/qr.tmpl](go/internal/web/templates/qr.tmpl)** — *not actually needed*; remove from plan if `/qr` is PNG-only. (Decision: skip — no template.)
+- Replace stub **[go/internal/web/templates/sync.tmpl](go/internal/web/templates/sync.tmpl)** with full markup: title, status banner colored by `Success`, `<pre>` of `Output`, "Run again" link.
+- Replace stub **[go/internal/web/templates/flush_cache.tmpl](go/internal/web/templates/flush_cache.tmpl)** with: form (`POST /flush-cache` → `<button>[Flush Cache]</button>`), success banner when `Flushed`.
+
+### Modified files
+
+- **[go/go.mod](go/go.mod)** / `go.sum` — add `github.com/skip2/go-qrcode`.
+- **[go/internal/web/server.go](go/internal/web/server.go)** — register `GET /qr`, `GET /sync-bank` (replace stub), `GET /flush-cache` (form), `POST /flush-cache` (action), `GET /version`. Widen `Run(...)` signature to accept `fio.Client`, `sheets.Client`, and a `cache.Flusher` — these flow into a new `Deps` struct on `HTMLHandler`.
+- **[go/internal/web/html_handler.go](go/internal/web/html_handler.go)** — add `ServeQR`, real `ServeSync`, split `ServeFlushCacheGET` / `ServeFlushCachePOST`, add `ServeVersion` (delegates to api package).
+- **[go/internal/web/render.go](go/internal/web/render.go)** — add `SyncPageData{ PageData; Output string; Success bool }` and `FlushPageData{ PageData; Flushed bool; Deleted int }` view-models. (`pageNames` already includes `"sync"` and `"flush_cache"`; no change.)
+- **[go/internal/web/qr.go](go/internal/web/qr.go)** *(new file)* — pure helper: `BuildSPD(account, amount, message string, defaultAccount string) (payload string)` + `RenderQRCode(payload string) ([]byte, error)`. Easier to unit-test than a method on the handler.
+- **[go/internal/services/membership/loader.go](go/internal/services/membership/loader.go)** — add a small `CacheFlusher` interface (`Flush() (int, error)`); have `Sources` aggregate include it. *Alternative considered*: pass `*cache.FileCache` straight into `web.Run`. Choose whichever needs fewer test-stub edits — likely the direct-pass approach, since stubs in tests don't need cache behavior. **Decision: pass `cache.Flusher` directly into `web.Run` as a separate dependency, not through `Sources`.** Simpler, fewer interface changes.
+- **[go/internal/services/banksync/sync.go](go/internal/services/banksync/sync.go)** + `infer.go` — accept an optional `io.Writer` (in `SyncOpts.Logger` / `InferOpts.Logger`) and route progress prints through it; default to `os.Stdout` when nil for CLI parity.
+- **[go/cmd/fuj/main.go](go/cmd/fuj/main.go)** — in the `server` subcommand, build `fio.Client`, `sheets.Client`, and `cache.Flusher` (already constructed inside `membership.NewSources` — expose it or construct a sibling) and pass them into `web.Run`.
+
+## Reuse (already in the codebase)
+
+- **Bank sync**: `banksync.SyncToSheets` ([go/internal/services/banksync/sync.go](go/internal/services/banksync/sync.go)) and `banksync.InferPayments` ([go/internal/services/banksync/infer.go](go/internal/services/banksync/infer.go)) — same calls the CLI `sync` / `infer` subcommands use ([go/cmd/fuj/main.go:184](go/cmd/fuj/main.go#L184), [:222](go/cmd/fuj/main.go#L222)).
+- **Cache flush**: `(*cache.FileCache).Flush() (int, error)` ([go/internal/io/cache/filecache.go:92](go/internal/io/cache/filecache.go#L92)) — already returns the deleted count.
+- **Build metadata**: `BuildInfo{Version, Commit, BuildDate}` ([go/internal/web/server.go:28-35](go/internal/web/server.go#L28-L35)) is already plumbed everywhere; `/api/version` JSON shape is already correct ([go/internal/web/api/version.go](go/internal/web/api/version.go)).
+- **Template render pattern**: `Renderer.Render(w, name, data)` ([go/internal/web/render.go:98-108](go/internal/web/render.go#L98-L108)).
+- **Test scaffolding**: `web.NewRenderer()` + `httptest.NewRequest/NewRecorder` ([go/internal/web/html_handler_test.go:52-94](go/internal/web/html_handler_test.go#L52-L94)).
+
+## Tests
+
+Add to `go/internal/web/html_handler_test.go` (and one new `qr_test.go` for the SPD builder):
+
+- **`TestQRBuildSPD`** *(unit, in [go/internal/web/qr_test.go](go/internal/web/qr_test.go))* — table-driven: invalid account → fallback; `/`-account → `{num}*BC:{bc}`; IBAN → raw; amount `-1` → `0.00`; amount `99999999` → `9999999.00`; amount `"abc"` → `0.00`; message with `*` stripped; message length-clamped to 60.
+- **`TestServeQR`** — request `/qr?account=…&amount=10&message=Hi`; assert 200, `Content-Type: image/png`, body starts with PNG magic `\x89PNG\r\n\x1a\n`.
+- **`TestServeFlushCacheGet`** — assert form rendered, no banner.
+- **`TestServeFlushCachePost`** — fixture flusher returns 3; assert banner says "3" and `Flushed`.
+- **`TestServeSync`** — fixture banksync stubs return `(2, nil)` and `(1, nil)`, fixture flusher returns 4; assert page renders, status is success, output contains the section headers.
+- **`TestServeVersion`** — assert `application/json`, body `{"tag":"v0","commit":"abc1234","build_date":"2026-01-01"}`.
+- Extend the `TestHTMLHandlerSmoke` table to cover `/qr` and `/version`.
+
+## Verification (end-to-end)
+
+1. `cd go && go build ./... && go test ./...`
+2. `cd go && go run ./cmd/fuj server` — open http://localhost:8080
+3. Smoke:
+   - **/adults** → click `Pay` next to any unpaid month → modal shows QR image (this exercises `/qr`). Confirm a Czech banking app can scan it (visual check).
+   - Direct `/qr?account=2702008874/2010&amount=700&message=Test` → PNG renders.
+   - **/sync-bank** → click `[Sync Bank Data]` in nav → page shows "Syncing…", then sections + "Inferred Payments", "Cache Flushed", green status banner.
+   - **/flush-cache** → click `[Flush Cache]` → success banner with file count.
+   - **/version** in browser → JSON visible.
+   - Adults / juniors / payments still render (no regressions from `Run` signature change).
+4. Run the parity diff: `go run ./cmd/parity` — `/api/version` must still match Python.
+5. Append a CHANGELOG entry per `CLAUDE.md`; tick `M6.6` in [docs/plans/2026-05-03-2349-go-backend-rewrite-progress.md:118](docs/plans/2026-05-03-2349-go-backend-rewrite-progress.md#L118).
+
+## Branch / MR
+
+Per `CLAUDE.md` workflow: `feat/go-m6-6-action-pages` off `main`, push with `-u`, open with `tea pr create --base main --head feat/go-m6-6-action-pages`.
+
+## Out of scope (deferred)
+
+- Auth / CSRF protection on `/sync-bank` and `/flush-cache` — Python has none either; deferred to M8 hardening.
+- M6.7 (single-binary embed verification) — separate ticket.
+- Streaming progress for `/sync-bank` (currently buffered until completion, like Python).
+- Configurable QR error-correction level / size.

docs/plans/2026-05-08-1439-go-m6-6-1-payment-qr-modal.md

@@ -0,0 +1,335 @@
+# M6.6.1 — Pay-button QR popup modal (`/adults`, `/juniors`)
+
+> Plan-mode note: per project convention this plan should live at
+> `docs/plans/2026-05-08-1439-go-m6-6-1-payment-qr-modal.md`. The first
+> execution step after approval is to copy this file there.
+> Branch: `feat/go-m6-6-1-payment-qr-modal` off `main`.
+
+## Context
+
+M6.6 ([docs/plans/2026-05-08-1334-go-m6-6-action-pages.md](docs/plans/2026-05-08-1334-go-m6-6-action-pages.md))
+landed the backend `/qr` PNG endpoint plus `/sync-bank`, `/flush-cache`,
+`/version`. While doing it, the **client-side** half of the Pay flow was
+collapsed from a modal-with-details into a plain `<a href="/qr?...">` —
+clicking Pay now navigates the whole tab to the raw PNG.
+
+The Python app instead opens an in-page `#qrModal` showing the QR image
+*plus* labelled details (account, amount, message, title), then closes
+the modal on outside-click or `[close]`
+([templates/adults.html:631-648](templates/adults.html#L631-L648),
+JS at [templates/adults.html:963-993](templates/adults.html#L963-L993)).
+This is the UX the user expects from the dashboard — staying on the
+table while displaying the QR is significantly more practical than
+losing context to a fullscreen image.
+
+M6.6.1 restores parity: the Pay/Pay-All buttons open an in-page
+`#qrModal`, identical in structure to the Python original, driven by a
+new vanilla-JS module `payment-qr.js` that mirrors the `member-detail.js`
+convention from M6.5.
+
+All the building blocks are already in place:
+
+- **`/qr` endpoint** ships PNGs ([go/internal/web/qr.go](go/internal/web/qr.go), tested by [TestServeQR](go/internal/web/html_handler_test.go#L207-L231)).
+- **CSS** for `#qrModal .modal-content`, `.qr-image`, `.qr-details` is
+  already in [go/internal/web/static/css/app.css:445-478](go/internal/web/static/css/app.css#L445-L478) — lifted during M6.1.
+- **Template helpers** `qrHref` / `qrHrefAll` ([go/internal/web/render.go:63-85](go/internal/web/render.go#L63-L85))
+  already produce the correct query string + Czech `MM/YYYY` format
+  for the `message=` param. They're useful for sanity (and for any
+  no-JS fallback) but become dead code post-M6.6.1 — see §Out of scope.
+- **Bank account** is already exposed as `$.Data.BankAccount` to every
+  template that has a Pay button.
+- **JS module convention**: `member-detail.js` is the M6.5 baseline —
+  IIFE, `'use strict'`, event delegation off `data-*` attributes, no
+  inline `onclick`, no globals leaked.
+
+## Approach
+
+### 1. Replace `<a href="{{qrHref ...}}">` with `<button data-...>`
+
+In [go/internal/web/templates/adults.tmpl](go/internal/web/templates/adults.tmpl)
+and [go/internal/web/templates/juniors.tmpl](go/internal/web/templates/juniors.tmpl)
+(both have identical Pay markup at lines 65 and 72):
+
+```gotmpl
+<button type="button" class="pay-btn"
+        data-name="{{$row.Name}}"
+        data-amount="{{$cell.Amount}}"
+        data-month="{{$cell.Month}}"
+        data-raw-month="{{$cell.RawMonth}}">Pay</button>
+```
+
+```gotmpl
+<button type="button" class="pay-btn"
+        data-name="{{$row.Name}}"
+        data-amount="{{$row.PayableAmount}}"
+        data-month="{{$row.UnpaidPeriods}}"
+        data-raw-month="{{$row.RawUnpaidPeriods}}"
+        data-pay-all="1">Pay All</button>
+```
+
+Why `<button type="button">` and not `<a>`: the click no longer
+navigates — the JS handles it. `type="button"` prevents accidental form
+submission. A no-JS fallback could be added later by re-introducing
+`href="{{qrHref ...}}"` and letting the JS call `e.preventDefault()` —
+deferred until anyone actually asks (see §Out of scope).
+
+`data-month` carries the human-readable period (e.g. `January 2026`,
+or `January 2026 + February 2026` for Pay-All) which the modal title
+displays. `data-raw-month` carries the machine format (`2026-01`,
+`2026-01+2026-02`) which the JS converts to `MM/YYYY` for the QR
+message — same conversion Python's `showPayQR` does at
+[templates/adults.html:966-968](templates/adults.html#L966-L968).
+`data-pay-all` is purely informational; the JS doesn't actually need
+it (the same code path handles single + multi-period), but keeping it
+helps debugging and any future analytics.
+
+### 2. Add `#qrModal` markup
+
+Append after the `#memberModal` block in both `adults.tmpl` and
+`juniors.tmpl` (around line 185 of adults, line 165 of juniors), mirroring
+[templates/adults.html:631-648](templates/adults.html#L631-L648) but
+using `class="active"` toggling (the convention M6.5 picked) instead of
+`style.display = 'block'`:
+
+```gotmpl
+<div id="qrModal" onclick="if(event.target===this)this.classList.remove('active')">
+  <div class="modal-content">
+    <div class="modal-header">
+      <div class="modal-title" id="qrTitle">Payment for —</div>
+      <div class="close-btn" onclick="document.getElementById('qrModal').classList.remove('active')">[close]</div>
+    </div>
+    <div class="qr-image">
+      <img id="qrImg" src="" alt="Payment QR Code">
+    </div>
+    <div class="qr-details">
+      <div>Account: <span id="qrAccount"></span></div>
+      <div>Amount: <span id="qrAmount"></span> CZK</div>
+      <div>Message: <span id="qrMessage"></span></div>
+    </div>
+  </div>
+</div>
+```
+
+The CSS already targets `#qrModal .modal-content` directly. To make the
+"hidden by default / visible when `.active`" toggle behave the same
+way `#memberModal` does, the existing CSS rules for `#memberModal`
+(`display:none`, `#memberModal.active { display: flex; }`) need a
+sibling pair for `#qrModal`. Audit `app.css` during implementation:
+- if `#qrModal` already has both rules, no change.
+- if it has only `display:none`, add `#qrModal.active { display: flex; }`.
+- if it has neither, add both.
+
+This is a 2-line CSS adjustment at most; tracked under §Critical files.
+
+### 3. Bank account on the page
+
+The modal needs the bank account string for the `qrAccount` label and
+for building the `/qr?account=…` URL. Two clean options:
+
+**(a)** Read it from the `<button>`'s `data-bank-account` attribute.
+Per-button duplication, but trivially done in templates and keeps the JS
+module's surface tiny.
+
+**(b)** Stamp it once on the page as `<body data-bank-account="…">`
+(or on the existing `#filterContainer`).
+
+**Decision: (b)** — single stamping site, follows the same pattern
+M6.5 used for `data-page` on `#filterContainer`. Add
+`data-bank-account="{{.Data.BankAccount}}"` to `#filterContainer` in
+both templates (one-line edit each).
+
+### 4. Create [go/internal/web/static/js/payment-qr.js](go/internal/web/static/js/payment-qr.js)
+
+A new module loaded with `<script src="/static/js/payment-qr.js" defer></script>`
+right after `member-detail.js` in both templates. Pure ES, no build
+step, IIFE, `'use strict'`. Skeleton — port of Python's `showPayQR`
+([templates/adults.html:963-986](templates/adults.html#L963-L986))
+plus event wiring:
+
+```js
+(function () {
+  'use strict';
+
+  const container = document.getElementById('filterContainer');
+  if (!container) return;
+  const bankAccount = container.dataset.bankAccount || '';
+
+  const modal      = document.getElementById('qrModal');
+  const titleEl    = document.getElementById('qrTitle');
+  const imgEl      = document.getElementById('qrImg');
+  const accountEl  = document.getElementById('qrAccount');
+  const amountEl   = document.getElementById('qrAmount');
+  const messageEl  = document.getElementById('qrMessage');
+  if (!modal || !titleEl || !imgEl || !accountEl || !amountEl || !messageEl) return;
+
+  // Convert "YYYY-MM" → "MM/YYYY"; "+"-joined ranges are converted piece-wise.
+  // Mirrors templates/adults.html:966-968.
+  function toCzechMonth(rawMonth) {
+    return rawMonth.split('+')
+      .map(p => p.replace(/^(\d{4})-(\d{2})$/, '$2/$1'))
+      .join('+');
+  }
+
+  function showQR(name, amount, month, rawMonth) {
+    const numericMonth = toCzechMonth(rawMonth);
+    const message = `${name}: ${numericMonth}`;
+
+    titleEl.innerText   = `Payment for ${month}`;
+    accountEl.innerText = bankAccount;
+    amountEl.innerText  = amount;
+    messageEl.innerText = message;
+
+    const url = '/qr?'
+      + 'account=' + encodeURIComponent(bankAccount)
+      + '&amount=' + encodeURIComponent(amount)
+      + '&message=' + encodeURIComponent(message);
+    imgEl.src = url;
+
+    modal.classList.add('active');
+  }
+
+  function closeQR() { modal.classList.remove('active'); }
+
+  // Event delegation: any .pay-btn click anywhere in the page.
+  document.addEventListener('click', ev => {
+    const btn = ev.target.closest('.pay-btn');
+    if (!btn) return;
+    ev.preventDefault();
+    showQR(
+      btn.dataset.name,
+      btn.dataset.amount,
+      btn.dataset.month,
+      btn.dataset.rawMonth,
+    );
+  });
+
+  document.addEventListener('keydown', e => {
+    if (e.key === 'Escape' && modal.classList.contains('active')) closeQR();
+  });
+}());
+```
+
+Notes:
+
+- **Event delegation** (single listener on `document`) handles both Pay
+  and Pay-All without enumerating buttons. It also survives any future
+  re-render of the table without needing rebinding.
+- **Coexistence with `member-detail.js`**: `member-detail.js` listens
+  for `Escape` too, but only acts when `#memberModal` is active; the
+  new module similarly only acts when `#qrModal` is active. No collision.
+- **Pre-warming**: nothing to pre-warm — `/qr` is a tiny on-demand PNG
+  and only fires when the user clicks.
+- **Inline `onclick`** on `[close]` and outside-click in the markup are
+  carried over from the M6.5 modal style; consistent with `#memberModal`.
+  (Switching the project's modal close pattern to data attributes is a
+  separate cleanup, out of scope here.)
+
+### 5. Tests
+
+Extend [go/internal/web/html_handler_test.go](go/internal/web/html_handler_test.go)
+with markup-level checks. Headless-browser JS is out of scope (same
+rationale as M6.5).
+
+In `TestModalMarkup` (or a sibling test, e.g. `TestPaymentQRMarkup`):
+
+- Body for `/adults` and `/juniors` contains
+  `<script src="/static/js/payment-qr.js"`.
+- Body contains `id="qrModal"`, `id="qrImg"`, `id="qrAccount"`,
+  `id="qrAmount"`, `id="qrMessage"`, `id="qrTitle"`.
+- The fixture row's Pay button is rendered as
+  `<button … class="pay-btn" … data-name="Test Member" data-amount="…" data-raw-month="2026-01"`.
+- The fixture row's `.pay-btn` does **not** include `href=`.
+- `#filterContainer` has `data-bank-account="CZ0000000000000000000000"`
+  (matching the test's `fixtureHandler` config).
+
+### 6. Decide fate of `qrHref` / `qrHrefAll` template helpers
+
+Once Pay/Pay-All buttons are JS-driven, the helpers in
+[render.go:63-85](go/internal/web/render.go#L63-L85) have no callers.
+**Decision: delete them**, plus their entries in `tmplFuncs`. A
+no-JS fallback is not on the roadmap; if it ever becomes one, the
+helpers are easy to resurrect from git.
+
+The unit-test file currently has no direct tests for these helpers —
+nothing to remove from tests.
+
+## Critical files
+
+| Action | Path |
+|--------|------|
+| edit   | [go/internal/web/templates/adults.tmpl](go/internal/web/templates/adults.tmpl) — Pay/Pay-All → `<button data-…>`; add `#qrModal`; add `data-bank-account` on filter container; add `<script src="/static/js/payment-qr.js" defer>` |
+| edit   | [go/internal/web/templates/juniors.tmpl](go/internal/web/templates/juniors.tmpl) — same |
+| new    | `go/internal/web/static/js/payment-qr.js` — modal module |
+| edit   | [go/internal/web/render.go](go/internal/web/render.go) — drop `qrHref`, `qrHrefAll`, and their `tmplFuncs` entries (and the `net/url`, `strconv` imports if no longer needed) |
+| edit   | [go/internal/web/static/css/app.css](go/internal/web/static/css/app.css) — verify / add `#qrModal { display:none; }` + `#qrModal.active { display:flex; }` rules |
+| edit   | [go/internal/web/html_handler_test.go](go/internal/web/html_handler_test.go) — markup assertions |
+
+No changes to: `assets.go` (`embed.FS` glob picks up new JS automatically),
+`server.go`, `html_handler.go`, the `/qr` handler, `cmd/fuj/main.go`, the
+API handlers, or any domain code.
+
+## Reused existing infrastructure
+
+- [go/internal/web/qr.go](go/internal/web/qr.go) — `/qr?account=…&amount=…&message=…` endpoint serves the PNG already
+- [go/internal/web/static/css/app.css:445-478](go/internal/web/static/css/app.css#L445-L478) — modal CSS already lifted whole
+- [go/internal/web/static/js/member-detail.js](go/internal/web/static/js/member-detail.js) — IIFE / `'use strict'` / `data-*` style to mirror
+- [go/internal/web/api/types.go](go/internal/web/api/types.go) — `MemberRow.UnpaidPeriods` and `RawUnpaidPeriods` already populated for Pay-All
+- [templates/adults.html:631-648,963-986](templates/adults.html#L631-L648) — Python reference for both modal markup and `showPayQR` JS (logic to port, not literal copy)
+
+## Verification
+
+End-to-end, after copying the plan into `docs/plans/`:
+
+1. `cd go && make go-build go-test go-lint` — all green.
+2. `make web-go &` — boot Go on `:8080`.
+3. Browser: `http://localhost:8080/adults`
+   - Click `Pay` on any unpaid month → `#qrModal` opens with
+     - title `Payment for <Month YYYY>`,
+     - `qrAccount` matching `BANK_ACCOUNT`,
+     - `qrAmount` matching the cell amount,
+     - `qrMessage` formatted as `<Name>: MM/YYYY`,
+     - QR image rendered from `/qr?…` (Network tab shows PNG response).
+   - Tab does **not** navigate; URL stays `/adults`.
+   - Click `Pay All` → modal opens with `+`-joined `MM/YYYY+MM/YYYY` message.
+   - Click outside the modal-content → modal closes.
+   - Click `[close]` → modal closes.
+   - Press `Esc` → modal closes.
+   - Open `[i]` member-detail modal first, then `Esc` → only that closes
+     (verify both modals don't fight each other).
+4. Browser: `http://localhost:8080/juniors` — same checks. Verify Pay
+   on a `"?"`-expected row doesn't appear (Pay button is conditional on
+   `unpaid`/`partial` cells).
+5. Cross-check against Python: `make web-py &` →
+   `http://localhost:5001/adults` modal looks visually equivalent for
+   the same fixture (modulo any nav / theme differences already accepted
+   in M6).
+6. Scan a QR with a Czech banking app (or `zbarimg` on the saved PNG) —
+   payload starts with `SPD*1.0*ACC:` and the message decodes to
+   `<Name>: MM/YYYY`.
+7. After the user merges in Gitea: append CHANGELOG entry (timestamp via
+   `date "+%Y-%m-%d %H:%M %Z"`); add a new tick line for **M6.6.1** in
+   [docs/plans/2026-05-03-2349-go-backend-rewrite-progress.md](docs/plans/2026-05-03-2349-go-backend-rewrite-progress.md)
+   immediately under the M6.6 line, in the same format as the other
+   sub-bullets.
+
+## Branching
+
+Per [CLAUDE.md](CLAUDE.md): create `feat/go-m6-6-1-payment-qr-modal` off
+`main`, commit with `Co-Authored-By` trailer, push with `-u`, open MR via
+`tea pr create`. Do not merge or delete from CLI.
+
+## Out of scope (deferred)
+
+- **Pay button no-JS fallback** — feasible to keep `qrHref` and have
+  the JS `preventDefault` an `<a>`, but no current need. Resurrect the
+  helpers if asked.
+- **Modal pattern unification** — `#memberModal` and `#qrModal` use
+  inline `onclick` for `[close]` and outside-click. Consistent with
+  M6.5 but worth a follow-up to delegate-event everything.
+- **Pay-from-modal inside `#memberModal`** — Python doesn't have it, and
+  no one's asked for it on the Go side.
+- **Per-button QR error-correction / size** — `/qr` is fixed at
+  Medium/256, same as M6.6. Configurable via query param can be added if
+  printing larger physical posters becomes a use case.
+- **`/payments` Pay buttons** — the payments page is a ledger view; it
+  doesn't render Pay buttons in either backend.

go/cmd/fuj/main.go

@@ -11,6 +11,7 @@ import (
 	"fuj-management/go/internal/services/banksync"
 	"fuj-management/go/internal/services/membership"
 	"fuj-management/go/internal/web"
+	"io"
 	"log/slog"
 	"os"
 	"time"
@@ -82,9 +83,40 @@ func serverCmd(args []string) {
 		os.Exit(1)
 	}
 
+	sheetsCli, err := sheets.New(ctx, cfg.CredentialsPath, cfg.DriveTimeout)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "fuj server: sheets client for sync: %v\n", err)
+		os.Exit(1)
+	}
+	fioCli := fio.New(cfg.FioAPIToken, config.IBANAccountNum(cfg.BankAccount), nil)
+
+	actions := web.ActionHandlers{
+		BankSync: func(ctx context.Context, out io.Writer) error {
+			yr := time.Now().Year()
+			from := time.Date(yr, 1, 1, 0, 0, 0, 0, time.UTC)
+			to := time.Date(yr, 12, 31, 23, 59, 59, 0, time.UTC)
+
+			fmt.Fprintln(out, "=== Sync Fio Transactions ===")
+			n, err := banksync.SyncToSheets(ctx, config.PaymentsSheetID, fioCli, sheetsCli,
+				banksync.SyncOpts{From: from, To: to, Sort: true})
+			if err != nil {
+				return fmt.Errorf("sync: %w", err)
+			}
+			fmt.Fprintf(out, "Synced %d new transaction(s).\n\n", n)
+
+			fmt.Fprintln(out, "=== Infer Payments ===")
+			n, err = banksync.InferPayments(ctx, config.PaymentsSheetID, sheetsCli, sources, banksync.InferOpts{})
+			if err != nil {
+				return fmt.Errorf("infer: %w", err)
+			}
+			fmt.Fprintf(out, "Inferred %d row(s).\n", n)
+			return nil
+		},
+	}
+
 	build := web.BuildInfo{Version: version, Commit: commit, BuildDate: buildDate}
 
-	if err := web.Run(logger, cfg.ServerAddr, build, sources, cfg); err != nil {
+	if err := web.Run(logger, cfg.ServerAddr, build, sources, cfg, actions); err != nil {
 		fmt.Fprintln(os.Stderr, err)
 		os.Exit(1)
 	}

go/go.mod

@@ -5,6 +5,7 @@ go 1.26.1
 require (
 	github.com/google/go-cmp v0.7.0
 	github.com/invopop/jsonschema v0.14.0
+	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
 	golang.org/x/net v0.53.0
 	golang.org/x/text v0.36.0
 	google.golang.org/api v0.278.0

go/go.sum

@@ -37,6 +37,8 @@ github.com/pb33f/ordered-map/v2 v2.3.1 h1:5319HDO0aw4DA4gzi+zv4FXU9UlSs3xGZ40wcP
 github.com/pb33f/ordered-map/v2 v2.3.1/go.mod h1:qxFQgd0PkVUtOMCkTapqotNgzRhMPL7VvaHKbd1HnmQ=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0=
+github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=

go/internal/services/membership/loader.go

@@ -25,11 +25,17 @@ type ExceptionLoader interface {
 	LoadExceptions(ctx context.Context) (map[reconcile.ExceptionKey]reconcile.Exception, error)
 }
 
+// CacheFlusher can invalidate all cached data.
+type CacheFlusher interface {
+	FlushCache() (int, error)
+}
+
 // Sources is the aggregate interface required by ReconcileReport.
 type Sources interface {
 	AttendanceLoader
 	TransactionLoader
 	ExceptionLoader
+	CacheFlusher
 }
 
 // NewStubSources returns a Sources whose every method returns ErrIOPending.
@@ -52,3 +58,5 @@ func (stubSources) LoadTransactions(_ context.Context) ([]reconcile.Transaction,
 func (stubSources) LoadExceptions(_ context.Context) (map[reconcile.ExceptionKey]reconcile.Exception, error) {
 	return nil, ErrIOPending
 }
+
+func (stubSources) FlushCache() (int, error) { return 0, nil }

go/internal/services/membership/reconcile_test.go

@@ -31,6 +31,8 @@ func (f fakeSources) LoadExceptions(_ context.Context) (map[reconcile.ExceptionK
 	return f.exceptions, nil
 }
 
+func (fakeSources) FlushCache() (int, error) { return 0, nil }
+
 func TestReconcileReport(t *testing.T) {
 	t.Parallel()
 	s := fakeSources{

go/internal/services/membership/sources.go

@@ -111,6 +111,9 @@ func (s *realSources) LoadTransactions(ctx context.Context) ([]reconcile.Transac
 	return parseTransactionRows(rows)
 }
 
+// FlushCache deletes all cached data files and resets in-memory cache state.
+func (s *realSources) FlushCache() (int, error) { return s.cache.Flush() }
+
 // LoadExceptions fetches the exceptions tab (cached).
 func (s *realSources) LoadExceptions(ctx context.Context) (map[reconcile.ExceptionKey]reconcile.Exception, error) {
 	rows, err := cache.Get(ctx, s.cache, "exceptions_dict",

go/internal/web/api/handler.go

@@ -23,6 +23,9 @@ type Handler struct {
 	Logger       *slog.Logger
 }
 
+// FlushCache invalidates all cached data via the underlying Sources.
+func (h *Handler) FlushCache() (int, error) { return h.Sources.FlushCache() }
+
 // ServeVersion handles GET /api/version.
 func (h *Handler) ServeVersion(w http.ResponseWriter, r *http.Request) {
 	writeJSON(w, VersionResponse{
@@ -55,25 +58,43 @@ func (h *Handler) AssembleAdults(ctx context.Context) (AdultsResponse, error) {
 
 // ServeJuniors handles GET /api/juniors.
 func (h *Handler) ServeJuniors(w http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	members, sortedMonths, txns, exceptions, err := h.loadAll(ctx, false)
+	resp, err := h.AssembleJuniors(r.Context())
 	if err != nil {
 		h.writeError(w, r, err)
 		return
 	}
+	writeJSON(w, resp)
+}
+
+// AssembleJuniors loads all data and builds the juniors view model.
+// Shared between the JSON API route and the HTML handler.
+func (h *Handler) AssembleJuniors(ctx context.Context) (JuniorsResponse, error) {
+	members, sortedMonths, txns, exceptions, err := h.loadAll(ctx, false)
+	if err != nil {
+		return JuniorsResponse{}, err
+	}
 	result := domreconcile.Reconcile(members, sortedMonths, txns, exceptions, time.Now().Year())
-	writeJSON(w, buildJuniorsResponse(members, sortedMonths, result, txns, h.Config, time.Now().Format("2006-01")))
+	return buildJuniorsResponse(members, sortedMonths, result, txns, h.Config, time.Now().Format("2006-01")), nil
 }
 
 // ServePayments handles GET /api/payments.
 func (h *Handler) ServePayments(w http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	txns, err := h.Sources.LoadTransactions(ctx)
+	resp, err := h.AssemblePayments(r.Context())
 	if err != nil {
-		h.writeError(w, r, fmt.Errorf("load transactions: %w", err))
+		h.writeError(w, r, err)
 		return
 	}
-	writeJSON(w, buildPaymentsResponse(txns, h.allMemberNames(ctx)))
+	writeJSON(w, resp)
+}
+
+// AssemblePayments loads transactions and builds the payments view model.
+// Shared between the JSON API route and the HTML handler.
+func (h *Handler) AssemblePayments(ctx context.Context) (PaymentsResponse, error) {
+	txns, err := h.Sources.LoadTransactions(ctx)
+	if err != nil {
+		return PaymentsResponse{}, fmt.Errorf("load transactions: %w", err)
+	}
+	return buildPaymentsResponse(txns, h.allMemberNames(ctx)), nil
 }
 
 func (h *Handler) loadAll(ctx context.Context, adults bool) (

go/internal/web/html_handler.go

@@ -1,8 +1,11 @@
 package web
 
 import (
+	"bytes"
+	"fmt"
 	"fuj-management/go/internal/web/api"
 	"net/http"
+	"runtime/debug"
 )
 
 // HTMLHandler serves the Go-native HTML frontend.
@@ -10,11 +13,12 @@ type HTMLHandler struct {
 	renderer   *Renderer
 	build      BuildInfo
 	apiHandler *api.Handler
+	actions    ActionHandlers
 }
 
 // NewHTMLHandler constructs an HTMLHandler.
-func NewHTMLHandler(r *Renderer, b BuildInfo, ah *api.Handler) *HTMLHandler {
-	return &HTMLHandler{renderer: r, build: b, apiHandler: ah}
+func NewHTMLHandler(r *Renderer, b BuildInfo, ah *api.Handler, actions ActionHandlers) *HTMLHandler {
+	return &HTMLHandler{renderer: r, build: b, apiHandler: ah, actions: actions}
 }
 
 func (h *HTMLHandler) ServeAdults(w http.ResponseWriter, r *http.Request) {
@@ -33,17 +37,107 @@ func (h *HTMLHandler) ServeAdults(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *HTMLHandler) ServeJuniors(w http.ResponseWriter, r *http.Request) {
-	h.renderer.Render(w, "juniors", PageData{Active: "juniors", Build: h.build})
+	data, err := h.apiHandler.AssembleJuniors(r.Context())
+	if err != nil {
+		h.renderer.Render(w, "juniors", JuniorsPageData{
+			PageData: PageData{Active: "juniors", Build: h.build},
+			Error:    err.Error(),
+		})
+		return
+	}
+	h.renderer.Render(w, "juniors", JuniorsPageData{
+		PageData: PageData{Active: "juniors", Build: h.build},
+		Data:     data,
+	})
 }
 
 func (h *HTMLHandler) ServePayments(w http.ResponseWriter, r *http.Request) {
-	h.renderer.Render(w, "payments", PageData{Active: "payments", Build: h.build})
+	data, err := h.apiHandler.AssemblePayments(r.Context())
+	if err != nil {
+		h.renderer.Render(w, "payments", PaymentsPageData{
+			PageData: PageData{Active: "payments", Build: h.build},
+			Error:    err.Error(),
+		})
+		return
+	}
+	h.renderer.Render(w, "payments", PaymentsPageData{
+		PageData: PageData{Active: "payments", Build: h.build},
+		Data:     data,
+	})
 }
 
+// ServeSync handles GET /sync-bank: runs sync+infer+flush then renders the result.
 func (h *HTMLHandler) ServeSync(w http.ResponseWriter, r *http.Request) {
-	h.renderer.Render(w, "sync", PageData{Active: "sync", Build: h.build})
+	pd := PageData{Active: "sync", Build: h.build}
+
+	if h.actions.BankSync == nil {
+		h.renderer.Render(w, "sync", SyncPageData{
+			PageData: pd,
+			Output:   "Bank sync is not configured.",
+			Success:  false,
+		})
+		return
+	}
+
+	var buf bytes.Buffer
+	success := true
+	if err := h.actions.BankSync(r.Context(), &buf); err != nil {
+		fmt.Fprintf(&buf, "\nError: %s\n\nStack trace:\n%s", err.Error(), debug.Stack())
+		success = false
+	}
+
+	fmt.Fprintln(&buf, "\n=== Flush Cache ===")
+	n, err := h.apiHandler.FlushCache()
+	if err != nil {
+		fmt.Fprintf(&buf, "flush error: %s\n", err.Error())
+		success = false
+	} else {
+		fmt.Fprintf(&buf, "%d cache file(s) deleted.\n", n)
+	}
+
+	h.renderer.Render(w, "sync", SyncPageData{
+		PageData: pd,
+		Output:   buf.String(),
+		Success:  success,
+	})
 }
 
-func (h *HTMLHandler) ServeFlushCache(w http.ResponseWriter, r *http.Request) {
-	h.renderer.Render(w, "flush_cache", PageData{Active: "flush", Build: h.build})
+// ServeFlushCacheGET handles GET /flush-cache: renders the confirmation form.
+func (h *HTMLHandler) ServeFlushCacheGET(w http.ResponseWriter, r *http.Request) {
+	h.renderer.Render(w, "flush_cache", FlushPageData{
+		PageData: PageData{Active: "flush", Build: h.build},
+	})
+}
+
+// ServeFlushCachePOST handles POST /flush-cache: flushes and re-renders with count.
+func (h *HTMLHandler) ServeFlushCachePOST(w http.ResponseWriter, r *http.Request) {
+	n, _ := h.apiHandler.FlushCache()
+	h.renderer.Render(w, "flush_cache", FlushPageData{
+		PageData: PageData{Active: "flush", Build: h.build},
+		Flushed:  true,
+		Deleted:  n,
+	})
+}
+
+// ServeQR handles GET /qr: generates and returns a Czech QR Platba PNG.
+func (h *HTMLHandler) ServeQR(w http.ResponseWriter, r *http.Request) {
+	q := r.URL.Query()
+	account := q.Get("account")
+	amount := q.Get("amount")
+	message := q.Get("message")
+	if account == "" {
+		account = h.apiHandler.Config.BankAccount
+	}
+	if amount == "" {
+		amount = "0"
+	}
+
+	payload := BuildSPD(account, amount, message, h.apiHandler.Config.BankAccount)
+	png, err := RenderQRCode(payload)
+	if err != nil {
+		http.Error(w, "qr encode: "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+	w.Header().Set("Content-Type", "image/png")
+	_, _ = w.Write(png)
 }

go/internal/web/html_handler_test.go

@@ -1,12 +1,15 @@
 package web_test
 
 import (
+	"bytes"
 	"context"
+	"encoding/json"
 	"fmt"
 	"fuj-management/go/internal/config"
 	"fuj-management/go/internal/domain/reconcile"
 	"fuj-management/go/internal/web"
 	"fuj-management/go/internal/web/api"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"strings"
@@ -41,6 +44,8 @@ func (fixtureSources) LoadExceptions(_ context.Context) (map[reconcile.Exception
 	return nil, nil
 }
 
+func (fixtureSources) FlushCache() (int, error) { return 0, nil }
+
 func fixtureHandler(t *testing.T) *api.Handler {
 	t.Helper()
 	return &api.Handler{
@@ -55,7 +60,7 @@ func TestHTMLHandlerSmoke(t *testing.T) {
 		t.Fatalf("NewRenderer: %v", err)
 	}
 	b := web.BuildInfo{Version: "v0", Commit: "abc1234", BuildDate: "2026-01-01"}
-	h := web.NewHTMLHandler(renderer, b, fixtureHandler(t))
+	h := web.NewHTMLHandler(renderer, b, fixtureHandler(t), web.ActionHandlers{})
 
 	cases := []struct {
 		path    string
@@ -65,7 +70,7 @@ func TestHTMLHandlerSmoke(t *testing.T) {
 		{"/juniors", h.ServeJuniors},
 		{"/payments", h.ServePayments},
 		{"/sync-bank", h.ServeSync},
-		{"/flush-cache", h.ServeFlushCache},
+		{"/flush-cache", h.ServeFlushCacheGET},
 	}
 
 	for _, tc := range cases {
@@ -99,7 +104,7 @@ func TestAdultsPage(t *testing.T) {
 		t.Fatalf("NewRenderer: %v", err)
 	}
 	b := web.BuildInfo{Version: "v0", Commit: "abc1234", BuildDate: "2026-01-01"}
-	h := web.NewHTMLHandler(renderer, b, fixtureHandler(t))
+	h := web.NewHTMLHandler(renderer, b, fixtureHandler(t), web.ActionHandlers{})
 
 	req := httptest.NewRequest(http.MethodGet, "/adults", nil)
 	w := httptest.NewRecorder()
@@ -126,3 +131,253 @@ func TestAdultsPage(t *testing.T) {
 		t.Error("body should not contain >OK<")
 	}
 }
+
+func TestModalMarkup(t *testing.T) {
+	renderer, err := web.NewRenderer()
+	if err != nil {
+		t.Fatalf("NewRenderer: %v", err)
+	}
+	b := web.BuildInfo{Version: "v0", Commit: "abc1234", BuildDate: "2026-01-01"}
+	h := web.NewHTMLHandler(renderer, b, fixtureHandler(t), web.ActionHandlers{})
+
+	cases := []struct {
+		path    string
+		handler http.HandlerFunc
+		page    string
+		wantRow string // data-name present only when the page has rows
+	}{
+		{"/adults", h.ServeAdults, "adults", `data-name="Test Member"`},
+		{"/juniors", h.ServeJuniors, "juniors", ""},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.path, func(t *testing.T) {
+			req := httptest.NewRequest(http.MethodGet, tc.path, nil)
+			w := httptest.NewRecorder()
+			tc.handler(w, req)
+			body := w.Body.String()
+
+			for _, want := range []string{
+				`data-page="` + tc.page + `"`,
+				`id="memberModal"`,
+				`/static/js/member-detail.js`,
+			} {
+				if !strings.Contains(body, want) {
+					t.Errorf("body missing %q", want)
+				}
+			}
+			if tc.wantRow != "" && !strings.Contains(body, tc.wantRow) {
+				t.Errorf("body missing info-icon row %q", tc.wantRow)
+			}
+		})
+	}
+}
+
+func TestPaymentsPage(t *testing.T) {
+	renderer, err := web.NewRenderer()
+	if err != nil {
+		t.Fatalf("NewRenderer: %v", err)
+	}
+	b := web.BuildInfo{Version: "v0", Commit: "abc1234", BuildDate: "2026-01-01"}
+	h := web.NewHTMLHandler(renderer, b, fixtureHandler(t), web.ActionHandlers{})
+
+	req := httptest.NewRequest(http.MethodGet, "/payments", nil)
+	w := httptest.NewRecorder()
+	h.ServePayments(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("status = %d, want 200", w.Code)
+	}
+
+	body := w.Body.String()
+
+	for _, want := range []string{
+		"Payments Ledger",
+		"<h2>Test Member</h2>",
+		"750 CZK",
+		"2026-01-01",
+		"2026-01",
+	} {
+		if !strings.Contains(body, want) {
+			t.Errorf("body missing %q", want)
+		}
+	}
+}
+
+func TestServeQR(t *testing.T) {
+	renderer, err := web.NewRenderer()
+	if err != nil {
+		t.Fatalf("NewRenderer: %v", err)
+	}
+	b := web.BuildInfo{Version: "v0", Commit: "abc1234", BuildDate: "2026-01-01"}
+	h := web.NewHTMLHandler(renderer, b, fixtureHandler(t), web.ActionHandlers{})
+
+	req := httptest.NewRequest(http.MethodGet, "/qr?account=2702008874%2F2010&amount=700&message=Test", nil)
+	w := httptest.NewRecorder()
+	h.ServeQR(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("status = %d, want 200", w.Code)
+	}
+	if ct := w.Header().Get("Content-Type"); ct != "image/png" {
+		t.Errorf("Content-Type = %q, want image/png", ct)
+	}
+	// PNG magic bytes: \x89PNG\r\n\x1a\n
+	magic := []byte{0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a}
+	body := w.Body.Bytes()
+	if len(body) < len(magic) || !bytes.Equal(body[:len(magic)], magic) {
+		t.Error("response body does not start with PNG magic bytes")
+	}
+}
+
+func TestServeFlushCacheGET(t *testing.T) {
+	renderer, err := web.NewRenderer()
+	if err != nil {
+		t.Fatalf("NewRenderer: %v", err)
+	}
+	b := web.BuildInfo{Version: "v0", Commit: "abc1234", BuildDate: "2026-01-01"}
+	h := web.NewHTMLHandler(renderer, b, fixtureHandler(t), web.ActionHandlers{})
+
+	req := httptest.NewRequest(http.MethodGet, "/flush-cache", nil)
+	w := httptest.NewRecorder()
+	h.ServeFlushCacheGET(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("status = %d, want 200", w.Code)
+	}
+	body := w.Body.String()
+	if !strings.Contains(body, "Flush Cache") {
+		t.Error("body missing Flush Cache heading")
+	}
+	if strings.Contains(body, "file(s) deleted") {
+		t.Error("GET should not show deleted count")
+	}
+}
+
+func TestServeFlushCachePOST(t *testing.T) {
+	renderer, err := web.NewRenderer()
+	if err != nil {
+		t.Fatalf("NewRenderer: %v", err)
+	}
+	b := web.BuildInfo{Version: "v0", Commit: "abc1234", BuildDate: "2026-01-01"}
+	h := web.NewHTMLHandler(renderer, b, fixtureHandler(t), web.ActionHandlers{})
+
+	req := httptest.NewRequest(http.MethodPost, "/flush-cache", nil)
+	w := httptest.NewRecorder()
+	h.ServeFlushCachePOST(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("status = %d, want 200", w.Code)
+	}
+	body := w.Body.String()
+	// fixtureSources.FlushCache returns 0
+	if !strings.Contains(body, "file(s) deleted") {
+		t.Error("POST should show deleted count")
+	}
+}
+
+func TestServeSync(t *testing.T) {
+	renderer, err := web.NewRenderer()
+	if err != nil {
+		t.Fatalf("NewRenderer: %v", err)
+	}
+	b := web.BuildInfo{Version: "v0", Commit: "abc1234", BuildDate: "2026-01-01"}
+
+	actions := web.ActionHandlers{
+		BankSync: func(_ context.Context, out io.Writer) error {
+			fmt.Fprintln(out, "=== Sync Fio Transactions ===")
+			fmt.Fprintln(out, "Synced 3 new transaction(s).")
+			fmt.Fprintln(out, "=== Infer Payments ===")
+			fmt.Fprintln(out, "Inferred 2 row(s).")
+			return nil
+		},
+	}
+	h := web.NewHTMLHandler(renderer, b, fixtureHandler(t), actions)
+
+	req := httptest.NewRequest(http.MethodGet, "/sync-bank", nil)
+	w := httptest.NewRecorder()
+	h.ServeSync(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("status = %d, want 200", w.Code)
+	}
+	body := w.Body.String()
+	for _, want := range []string{
+		"Sync Bank Data",
+		"Synced 3 new transaction(s).",
+		"Inferred 2 row(s).",
+		"Flush Cache",
+	} {
+		if !strings.Contains(body, want) {
+			t.Errorf("body missing %q", want)
+		}
+	}
+}
+
+func TestPaymentQRMarkup(t *testing.T) {
+	renderer, err := web.NewRenderer()
+	if err != nil {
+		t.Fatalf("NewRenderer: %v", err)
+	}
+	b := web.BuildInfo{Version: "v0", Commit: "abc1234", BuildDate: "2026-01-01"}
+	h := web.NewHTMLHandler(renderer, b, fixtureHandler(t), web.ActionHandlers{})
+
+	cases := []struct {
+		path    string
+		handler http.HandlerFunc
+	}{
+		{"/adults", h.ServeAdults},
+		{"/juniors", h.ServeJuniors},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.path, func(t *testing.T) {
+			req := httptest.NewRequest(http.MethodGet, tc.path, nil)
+			w := httptest.NewRecorder()
+			tc.handler(w, req)
+			body := w.Body.String()
+
+			for _, want := range []string{
+				`id="qrModal"`,
+				`id="qrImg"`,
+				`id="qrTitle"`,
+				`id="qrAccount"`,
+				`id="qrAmount"`,
+				`id="qrMessage"`,
+				`/static/js/payment-qr.js`,
+				`data-bank-account="CZ0000000000000000000000"`,
+			} {
+				if !strings.Contains(body, want) {
+					t.Errorf("body missing %q", want)
+				}
+			}
+
+			// Pay buttons must use <button>, never a bare href to /qr.
+			if strings.Contains(body, `href="/qr`) {
+				t.Error("body must not contain href=/qr (Pay buttons should be <button>, not <a>)")
+			}
+		})
+	}
+}
+
+func TestServeVersion(t *testing.T) {
+	req := httptest.NewRequest(http.MethodGet, "/api/version", nil)
+	w := httptest.NewRecorder()
+	fixtureHandler(t).ServeVersion(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("status = %d, want 200", w.Code)
+	}
+	if ct := w.Header().Get("Content-Type"); !strings.HasPrefix(ct, "application/json") {
+		t.Errorf("Content-Type = %q, want application/json", ct)
+	}
+	var raw map[string]json.RawMessage
+	if err := json.NewDecoder(w.Body).Decode(&raw); err != nil {
+		t.Fatalf("decode JSON: %v", err)
+	}
+	for _, key := range []string{"tag", "commit", "build_date"} {
+		if _, ok := raw[key]; !ok {
+			t.Errorf("JSON response missing key %q", key)
+		}
+	}
+}

go/internal/web/qr.go

@@ -0,0 +1,50 @@
+package web
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+	"unicode/utf8"
+
+	qrcode "github.com/skip2/go-qrcode"
+)
+
+var validAccount = regexp.MustCompile(`^[A-Z]{2}\d{2,34}$|^\d{1,16}/\d{4}$`)
+
+// BuildSPD builds a Czech QR Platba SPD string, matching Python's qr_code handler.
+// Invalid account falls back to defaultAccount.
+// Amount is clamped to [0, 10_000_000]; non-numeric input becomes "0.00".
+// Message is truncated to 60 runes and stripped of '*' characters.
+func BuildSPD(account, amount, message, defaultAccount string) string {
+	if !validAccount.MatchString(account) {
+		account = defaultAccount
+	}
+
+	var amtStr string
+	var f float64
+	if _, err := fmt.Sscanf(amount, "%f", &f); err != nil || f < 0 || f > 10_000_000 {
+		amtStr = "0.00"
+	} else {
+		amtStr = fmt.Sprintf("%.2f", f)
+	}
+
+	if utf8.RuneCountInString(message) > 60 {
+		runes := []rune(message)
+		message = string(runes[:60])
+	}
+	message = strings.ReplaceAll(message, "*", "")
+
+	var accStr string
+	if parts := strings.SplitN(account, "/", 2); len(parts) == 2 {
+		accStr = parts[0] + "*BC:" + parts[1]
+	} else {
+		accStr = account
+	}
+
+	return fmt.Sprintf("SPD*1.0*ACC:%s*AM:%s*CC:CZK*MSG:%s", accStr, amtStr, message)
+}
+
+// RenderQRCode encodes payload as a PNG QR code (256×256, error correction Medium).
+func RenderQRCode(payload string) ([]byte, error) {
+	return qrcode.Encode(payload, qrcode.Medium, 256)
+}

go/internal/web/qr_test.go

@@ -0,0 +1,91 @@
+package web
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestQRBuildSPD(t *testing.T) {
+	const def = "2702008874/2010"
+
+	cases := []struct {
+		name    string
+		account string
+		amount  string
+		message string
+		want    string
+	}{
+		{
+			name:    "czech account",
+			account: "2702008874/2010",
+			amount:  "700",
+			message: "Test Member: 01/2026",
+			want:    "SPD*1.0*ACC:2702008874*BC:2010*AM:700.00*CC:CZK*MSG:Test Member: 01/2026",
+		},
+		{
+			name:    "IBAN account",
+			account: "CZ6508000000192000145399",
+			amount:  "500",
+			message: "hi",
+			want:    "SPD*1.0*ACC:CZ6508000000192000145399*AM:500.00*CC:CZK*MSG:hi",
+		},
+		{
+			name:    "invalid account falls back to default",
+			account: "NOTANACCOUNT",
+			amount:  "100",
+			message: "x",
+			want:    "SPD*1.0*ACC:2702008874*BC:2010*AM:100.00*CC:CZK*MSG:x",
+		},
+		{
+			name:    "empty account falls back to default",
+			account: "",
+			amount:  "0",
+			message: "",
+			want:    "SPD*1.0*ACC:2702008874*BC:2010*AM:0.00*CC:CZK*MSG:",
+		},
+		{
+			name:    "negative amount clamped to 0.00",
+			account: def,
+			amount:  "-1",
+			message: "",
+			want:    "SPD*1.0*ACC:2702008874*BC:2010*AM:0.00*CC:CZK*MSG:",
+		},
+		{
+			name:    "amount over 10M clamped to 0.00",
+			account: def,
+			amount:  "99999999",
+			message: "",
+			want:    "SPD*1.0*ACC:2702008874*BC:2010*AM:0.00*CC:CZK*MSG:",
+		},
+		{
+			name:    "non-numeric amount becomes 0.00",
+			account: def,
+			amount:  "abc",
+			message: "",
+			want:    "SPD*1.0*ACC:2702008874*BC:2010*AM:0.00*CC:CZK*MSG:",
+		},
+		{
+			name:    "asterisks stripped from message",
+			account: def,
+			amount:  "100",
+			message: "pay*now",
+			want:    "SPD*1.0*ACC:2702008874*BC:2010*AM:100.00*CC:CZK*MSG:paynow",
+		},
+		{
+			name:    "message truncated to 60 runes",
+			account: def,
+			amount:  "0",
+			message: strings.Repeat("á", 65),
+			want:    "SPD*1.0*ACC:2702008874*BC:2010*AM:0.00*CC:CZK*MSG:" + strings.Repeat("á", 60),
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			got := BuildSPD(tc.account, tc.amount, tc.message, def)
+			if got != tc.want {
+				t.Errorf("\ngot:  %s\nwant: %s", got, tc.want)
+			}
+		})
+	}
+}

go/internal/web/render.go

@@ -6,8 +6,6 @@ import (
 	"html/template"
 	"log/slog"
 	"net/http"
-	"net/url"
-	"strconv"
 )
 
 // PageData is the view model passed to every HTML template.
@@ -23,6 +21,34 @@ type AdultsPageData struct {
 	Error string
 }
 
+// JuniorsPageData is the view model for the /juniors HTML page.
+type JuniorsPageData struct {
+	PageData
+	Data  api.JuniorsResponse
+	Error string
+}
+
+// PaymentsPageData is the view model for the /payments HTML page.
+type PaymentsPageData struct {
+	PageData
+	Data  api.PaymentsResponse
+	Error string
+}
+
+// SyncPageData is the view model for the /sync-bank HTML page.
+type SyncPageData struct {
+	PageData
+	Output  string
+	Success bool
+}
+
+// FlushPageData is the view model for the /flush-cache HTML page.
+type FlushPageData struct {
+	PageData
+	Flushed bool
+	Deleted int
+}
+
 // Renderer parses and executes HTML templates from the embedded FS.
 type Renderer struct {
 	tmpls map[string]*template.Template
@@ -30,36 +56,7 @@ type Renderer struct {
 
 var pageNames = []string{"adults", "juniors", "payments", "sync", "flush_cache"}
 
-// qrHref builds the /qr query URL for a single-month Pay button.
-// rawMonth is "YYYY-MM"; it is converted to "MM/YYYY" in the QR message.
-func qrHref(account string, amount int, name, rawMonth string) string {
-	// Convert "YYYY-MM" → "MM/YYYY" to match Python's showPayQR JS.
-	if len(rawMonth) == 7 && rawMonth[4] == '-' {
-		rawMonth = rawMonth[5:] + "/" + rawMonth[:4]
-	}
-	msg := name + ": " + rawMonth
-	return "/qr?" + url.Values{
-		"account": {account},
-		"amount":  {strconv.Itoa(amount)},
-		"message": {msg},
-	}.Encode()
-}
-
-// qrHrefAll builds the /qr query URL for a Pay-All button.
-// rawPeriods is the "+" -joined MM/YYYY string from MemberRow.RawUnpaidPeriods.
-func qrHrefAll(account string, amount int, name, rawPeriods string) string {
-	msg := name + ": " + rawPeriods
-	return "/qr?" + url.Values{
-		"account": {account},
-		"amount":  {strconv.Itoa(amount)},
-		"message": {msg},
-	}.Encode()
-}
-
-var tmplFuncs = template.FuncMap{
-	"qrHref":    qrHref,
-	"qrHrefAll": qrHrefAll,
-}
+var tmplFuncs = template.FuncMap{}
 
 // NewRenderer parses all templates from the embedded FS.
 // A parse failure should be treated as a startup-time fatal error.

go/internal/web/server.go

@@ -1,11 +1,13 @@
 package web
 
 import (
+	"context"
 	"fmt"
 	"fuj-management/go/internal/config"
 	"fuj-management/go/internal/services/membership"
 	"fuj-management/go/internal/web/api"
 	"fuj-management/go/internal/web/middleware"
+	"io"
 	"io/fs"
 	"log/slog"
 	"net/http"
@@ -18,8 +20,16 @@ type BuildInfo struct {
 	BuildDate string
 }
 
+// ActionHandlers holds function closures for side-effectful operations that
+// require dependencies (fio, sheets) not present on the core API handler.
+type ActionHandlers struct {
+	// BankSync runs sync+infer and writes a human-readable log to out.
+	// nil disables the /sync-bank action (renders an error instead).
+	BankSync func(ctx context.Context, out io.Writer) error
+}
+
 // Run registers routes and starts the HTTP server on addr.
-func Run(logger *slog.Logger, addr string, build BuildInfo, sources membership.Sources, cfg config.Config) error {
+func Run(logger *slog.Logger, addr string, build BuildInfo, sources membership.Sources, cfg config.Config, actions ActionHandlers) error {
 	renderer, err := NewRenderer()
 	if err != nil {
 		return fmt.Errorf("init templates: %w", err)
@@ -33,7 +43,7 @@ func Run(logger *slog.Logger, addr string, build BuildInfo, sources membership.S
 		Config:       cfg,
 		Logger:       logger,
 	}
-	hh := NewHTMLHandler(renderer, build, ah)
+	hh := NewHTMLHandler(renderer, build, ah, actions)
 
 	staticSubFS, err := fs.Sub(staticFS, "static")
 	if err != nil {
@@ -50,13 +60,16 @@ func Run(logger *slog.Logger, addr string, build BuildInfo, sources membership.S
 	mux.HandleFunc("GET /juniors", hh.ServeJuniors)
 	mux.HandleFunc("GET /payments", hh.ServePayments)
 	mux.HandleFunc("GET /sync-bank", hh.ServeSync)
-	mux.HandleFunc("GET /flush-cache", hh.ServeFlushCache)
+	mux.HandleFunc("GET /flush-cache", hh.ServeFlushCacheGET)
+	mux.HandleFunc("POST /flush-cache", hh.ServeFlushCachePOST)
+	mux.HandleFunc("GET /qr", hh.ServeQR)
 
 	// Static files
 	mux.Handle("/static/", http.StripPrefix("/static/", http.FileServerFS(staticSubFS)))
 
 	// JSON API routes
 	mux.HandleFunc("GET /api/version", ah.ServeVersion)
+	mux.HandleFunc("GET /version", ah.ServeVersion)
 	mux.HandleFunc("GET /api/adults", ah.ServeAdults)
 	mux.HandleFunc("GET /api/juniors", ah.ServeJuniors)
 	mux.HandleFunc("GET /api/payments", ah.ServePayments)

go/internal/web/static/css/app.css

@@ -442,6 +442,23 @@ tr:hover {
 }
 
 /* QR Modal styles */
+#qrModal {
+    display: none !important;
+    position: fixed;
+    top: 0;
+    left: 0;
+    width: 100vw;
+    height: 100vh;
+    background-color: rgba(0, 0, 0, 0.9);
+    z-index: 9999;
+    justify-content: center;
+    align-items: center;
+}
+
+#qrModal.active {
+    display: flex !important;
+}
+
 #qrModal .modal-content {
     max-width: 400px;
     text-align: center;
@@ -476,3 +493,59 @@ tr:hover {
     color: #00ff00;
     font-family: monospace;
 }
+
+/* /payments ledger */
+.ledger-container {
+    width: 100%;
+    max-width: 1000px;
+    margin-bottom: 40px;
+}
+
+.member-block {
+    margin-bottom: 20px;
+}
+
+.txn-table {
+    border-collapse: collapse;
+    width: 100%;
+    margin-top: 5px;
+}
+
+.txn-table th,
+.txn-table td {
+    padding: 2px 8px;
+    text-align: left;
+    border-bottom: 1px dashed #222;
+}
+
+.txn-table th {
+    color: #555;
+    text-transform: lowercase;
+    font-weight: normal;
+    border-bottom: 1px solid #333;
+}
+
+.txn-date {
+    min-width: 80px;
+    color: #888;
+}
+
+.txn-amount {
+    min-width: 80px;
+    text-align: right !important;
+    color: #00ff00;
+}
+
+.txn-purpose {
+    min-width: 100px;
+    color: #aaa;
+}
+
+.txn-message {
+    color: #666;
+    font-style: italic;
+}
+
+.txn-table tr:hover {
+    background-color: #1a1a1a;
+}

go/internal/web/static/js/member-detail.js

@@ -0,0 +1,245 @@
+// Member-detail modal for /adults and /juniors pages.
+// Fetches /api/<page> once on load, caches the response, renders on row click.
+// Mirrors templates/adults.html JS (lines 718-993) but as a standalone module.
+(function () {
+  'use strict';
+
+  const container = document.getElementById('filterContainer');
+  if (!container) return;
+  const page = container.dataset.page; // "adults" | "juniors"
+  if (!page) return;
+
+  let apiData = null;
+  let currentMemberName = null;
+
+  // ── Data load ─────────────────────────────────────────────────────────────
+
+  async function loadData() {
+    if (apiData) return apiData;
+    const r = await fetch('/api/' + page);
+    if (!r.ok) throw new Error('[member-detail] failed to fetch /api/' + page + ': ' + r.status);
+    apiData = await r.json();
+    return apiData;
+  }
+
+  // Pre-warm on page load so first click is instant.
+  loadData().catch(function (err) { console.error(err); });
+
+  // ── Modal render ──────────────────────────────────────────────────────────
+
+  async function showMember(name) {
+    currentMemberName = name;
+    const data = (await loadData());
+    const member = data.member_data[name];
+    if (!member) return;
+
+    document.getElementById('modalMemberName').textContent = name;
+    document.getElementById('modalTier').textContent = 'Tier: ' + (member.tier || '-');
+
+    const monthLabels = data.month_labels || {};
+    const statusBody = document.getElementById('modalStatusBody');
+    statusBody.innerHTML = '';
+
+    const allTransactions = [];
+    const monthKeys = Object.keys(member.months || {}).sort().reverse();
+
+    monthKeys.forEach(function (m) {
+      const md = member.months[m];
+      const expected = md.expected;          // int for adults; int or "?" for juniors
+      const paid = md.paid || 0;
+      const attendance = md.attendance_count || 0;
+      const originalExpected = md.original_expected;
+      const isUnknown = (expected === '?');
+
+      let status = '-';
+      let statusClass = '';
+      if (!isUnknown && (expected > 0 || paid > 0)) {
+        if (paid >= expected && expected > 0) {
+          status = paid + '/' + expected;
+          statusClass = 'cell-ok';
+        } else if (paid > 0) {
+          status = paid + '/' + expected;
+        } else {
+          status = '0/' + expected;
+          statusClass = 'cell-unpaid';
+        }
+      } else if (isUnknown) {
+        status = paid > 0 ? paid + '/?' : '?';
+      }
+
+      let expectedCell;
+      if (isUnknown) {
+        expectedCell = '?';
+      } else if (md.exception) {
+        expectedCell = '<span style="color: #ffaa00;" title="Overridden from ' + originalExpected + '">' + expected + '*</span>';
+      } else {
+        expectedCell = expected;
+      }
+
+      const displayMonth = monthLabels[m] || m;
+      const row = document.createElement('tr');
+      row.innerHTML =
+        '<td style="color: #888;">' + displayMonth + '</td>' +
+        '<td style="text-align: center; color: #ccc;">' + attendance + '</td>' +
+        '<td style="text-align: center; color: #ccc;">' + expectedCell + '</td>' +
+        '<td style="text-align: center; color: #ccc;">' + paid + '</td>' +
+        '<td style="text-align: right;" class="' + statusClass + '">' + status + '</td>';
+      statusBody.appendChild(row);
+
+      if (md.transactions) {
+        md.transactions.forEach(function (tx) {
+          allTransactions.push(Object.assign({ month: m }, tx));
+        });
+      }
+    });
+
+    // Exceptions
+    const exList = document.getElementById('modalExceptionList');
+    const exSection = document.getElementById('modalExceptionSection');
+    exList.innerHTML = '';
+    const exceptions = [];
+    monthKeys.forEach(function (m) {
+      if (member.months[m].exception) {
+        exceptions.push(Object.assign({ month: m }, member.months[m].exception));
+      }
+    });
+    if (exceptions.length > 0) {
+      exSection.style.display = 'block';
+      exceptions.forEach(function (ex) {
+        const displayMonth = monthLabels[ex.month] || ex.month;
+        const item = document.createElement('div');
+        item.className = 'tx-item';
+        item.innerHTML =
+          '<div class="tx-meta">' + displayMonth + '</div>' +
+          '<div class="tx-main"><span class="tx-amount" style="color: #ffaa00;">' + ex.amount + ' CZK</span></div>' +
+          '<div class="tx-msg">' + (ex.note || 'No details provided.') + '</div>';
+        exList.appendChild(item);
+      });
+    } else {
+      exSection.style.display = 'none';
+    }
+
+    // Other transactions
+    const otherList = document.getElementById('modalOtherList');
+    const otherSection = document.getElementById('modalOtherSection');
+    otherList.innerHTML = '';
+    if (member.other_transactions && member.other_transactions.length > 0) {
+      otherSection.style.display = 'block';
+      member.other_transactions.forEach(function (tx) {
+        const item = document.createElement('div');
+        item.className = 'tx-item';
+        item.innerHTML =
+          '<div class="tx-meta">' + tx.date + ' | ' + (tx.purpose || 'Other') + '</div>' +
+          '<div class="tx-main">' +
+            '<span class="tx-amount" style="color: #66ccff;">' + tx.amount + ' CZK</span>' +
+            '<span class="tx-sender">' + (tx.sender || '') + '</span>' +
+          '</div>' +
+          '<div class="tx-msg">' + (tx.message || '') + '</div>';
+        otherList.appendChild(item);
+      });
+    } else {
+      otherSection.style.display = 'none';
+    }
+
+    // Matched transactions (payment history)
+    const txList = document.getElementById('modalTxList');
+    txList.innerHTML = '';
+    if (allTransactions.length === 0) {
+      txList.innerHTML = '<div style="color: #444; font-style: italic; padding: 10px 0;">No transactions matched to this member.</div>';
+    } else {
+      allTransactions.sort(function (a, b) { return b.date.localeCompare(a.date); });
+      allTransactions.forEach(function (tx) {
+        const displayMonth = monthLabels[tx.month] || tx.month;
+        const item = document.createElement('div');
+        item.className = 'tx-item';
+        item.innerHTML =
+          '<div class="tx-meta">' + tx.date + ' | matched to ' + displayMonth + '</div>' +
+          '<div class="tx-main">' +
+            '<span class="tx-amount">' + tx.amount + ' CZK</span>' +
+            '<span class="tx-sender">' + (tx.sender || '') + '</span>' +
+          '</div>' +
+          '<div class="tx-msg">' + (tx.message || '') + '</div>';
+        txList.appendChild(item);
+      });
+    }
+
+    // Raw payments — hidden by default; reset toggle on each open
+    const rawList = document.getElementById('modalRawList');
+    const rawToggle = document.getElementById('rawPaymentsToggle');
+    rawList.style.display = 'none';
+    rawToggle.textContent = '[show]';
+    rawList.innerHTML = '';
+    const rawRows = (data.raw_payments || {})[name] || [];
+    if (rawRows.length === 0) {
+      rawList.innerHTML = '<div style="color: #444; font-style: italic; padding: 10px 0;">No raw payments tied to this member.</div>';
+    } else {
+      rawRows.forEach(function (tx) {
+        const inferredNote = (tx.inferred_amount && tx.inferred_amount !== '' && tx.inferred_amount !== tx.amount)
+          ? ' <span style="color:#888;">(inferred: ' + tx.inferred_amount + ')</span>'
+          : '';
+        const manualNote = tx.manual_fix ? ' <span style="color:#ffaa00;">[manual fix]</span>' : '';
+        const bankIdNote = tx.bank_id ? '<span style="color:#444;"> · bank_id: ' + tx.bank_id + '</span>' : '';
+        const item = document.createElement('div');
+        item.className = 'tx-item';
+        item.innerHTML =
+          '<div class="tx-meta">' + tx.date + ' | purpose: ' + (tx.purpose || '—') + manualNote + '</div>' +
+          '<div class="tx-main">' +
+            '<span class="tx-amount">' + tx.amount + ' CZK' + inferredNote + '</span>' +
+            '<span class="tx-sender">' + (tx.sender || '') + '</span>' +
+          '</div>' +
+          '<div class="tx-msg">' + (tx.message || '') + '</div>' +
+          '<div class="tx-meta">' + (tx.person || '') + bankIdNote + '</div>';
+        rawList.appendChild(item);
+      });
+    }
+
+    document.getElementById('memberModal').classList.add('active');
+  }
+
+  // ── Raw-payments toggle ───────────────────────────────────────────────────
+
+  function toggleRawPayments(ev) {
+    ev.preventDefault();
+    const list = document.getElementById('modalRawList');
+    const link = document.getElementById('rawPaymentsToggle');
+    const hidden = list.style.display === 'none';
+    list.style.display = hidden ? 'block' : 'none';
+    link.textContent = hidden ? '[hide]' : '[show]';
+  }
+
+  // ── Close + keyboard nav ──────────────────────────────────────────────────
+
+  function closeModal() {
+    document.getElementById('memberModal').classList.remove('active');
+  }
+
+  function navigateMember(direction) {
+    const rows = Array.from(document.querySelectorAll('tr.member-row'));
+    const visible = rows.filter(function (r) { return r.style.display !== 'none'; });
+    const idx = visible.findIndex(function (r) { return r.dataset.name === currentMemberName; });
+    if (idx === -1) return;
+    const next = idx + direction;
+    if (next >= 0 && next < visible.length) {
+      showMember(visible[next].dataset.name);
+    }
+  }
+
+  // ── Wiring ────────────────────────────────────────────────────────────────
+
+  document.querySelectorAll('.info-icon[data-name]').forEach(function (el) {
+    el.addEventListener('click', function (ev) {
+      ev.stopPropagation();
+      showMember(el.dataset.name);
+    });
+  });
+
+  document.getElementById('rawPaymentsToggle').addEventListener('click', toggleRawPayments);
+
+  document.addEventListener('keydown', function (e) {
+    if (e.key === 'Escape') { closeModal(); return; }
+    const modal = document.getElementById('memberModal');
+    if (!modal.classList.contains('active')) return;
+    if (e.key === 'ArrowDown') { e.preventDefault(); navigateMember(1); }
+    if (e.key === 'ArrowUp')   { e.preventDefault(); navigateMember(-1); }
+  });
+}());

go/internal/web/static/js/payment-qr.js

@@ -0,0 +1,60 @@
+(function () {
+  'use strict';
+
+  const container = document.getElementById('filterContainer');
+  if (!container) return;
+  const bankAccount = container.dataset.bankAccount || '';
+
+  const modal     = document.getElementById('qrModal');
+  const titleEl   = document.getElementById('qrTitle');
+  const imgEl     = document.getElementById('qrImg');
+  const accountEl = document.getElementById('qrAccount');
+  const amountEl  = document.getElementById('qrAmount');
+  const messageEl = document.getElementById('qrMessage');
+  if (!modal || !titleEl || !imgEl || !accountEl || !amountEl || !messageEl) return;
+
+  // Convert "YYYY-MM" → "MM/YYYY"; "+"-joined ranges converted piece-wise.
+  // Mirrors templates/adults.html showPayQR logic.
+  function toCzechMonth(rawMonth) {
+    return rawMonth.split('+')
+      .map(function (p) { return p.replace(/^(\d{4})-(\d{2})$/, '$2/$1'); })
+      .join('+');
+  }
+
+  function showQR(name, amount, month, rawMonth) {
+    var numericMonth = toCzechMonth(rawMonth);
+    var message = name + ': ' + numericMonth;
+
+    titleEl.innerText   = 'Payment for ' + month;
+    accountEl.innerText = bankAccount;
+    amountEl.innerText  = amount;
+    messageEl.innerText = message;
+
+    imgEl.src = '/qr?'
+      + 'account=' + encodeURIComponent(bankAccount)
+      + '&amount=' + encodeURIComponent(amount)
+      + '&message=' + encodeURIComponent(message);
+
+    modal.classList.add('active');
+  }
+
+  function closeQR() {
+    modal.classList.remove('active');
+  }
+
+  document.addEventListener('click', function (ev) {
+    var btn = ev.target.closest('.pay-btn');
+    if (!btn) return;
+    ev.preventDefault();
+    showQR(
+      btn.dataset.name,
+      btn.dataset.amount,
+      btn.dataset.month,
+      btn.dataset.rawMonth
+    );
+  });
+
+  document.addEventListener('keydown', function (e) {
+    if (e.key === 'Escape' && modal.classList.contains('active')) closeQR();
+  });
+}());

go/internal/web/templates/adults.tmpl

@@ -12,7 +12,7 @@
   <a href="{{.Data.PaymentsURL}}" target="_blank" rel="noopener">Payments Ledger</a>
 </div>
 
-<div class="filter-container" id="filterContainer" data-current-month="{{.Data.CurrentMonth}}">
+<div class="filter-container" id="filterContainer" data-current-month="{{.Data.CurrentMonth}}" data-page="adults" data-bank-account="{{.Data.BankAccount}}">
   <div class="filter-item">
     <label class="filter-label" for="nameFilter">Member</label>
     <input id="nameFilter" class="filter-input" type="text" placeholder="Filter by name…">
@@ -56,20 +56,20 @@
   <tbody>
     {{range $row := .Data.Results}}
     <tr class="member-row" data-name="{{$row.Name}}">
-      <td class="member-name">{{$row.Name}}</td>
+      <td class="member-name">{{$row.Name}}<span class="info-icon" data-name="{{$row.Name}}" title="Show details">[i]</span></td>
       {{range $i, $cell := $row.Months}}
       <td data-month-idx="{{$i}}" title="{{$cell.Tooltip}}"
           class="{{if eq $cell.Status "empty"}}cell-empty{{else if and (or (eq $cell.Status "unpaid") (eq $cell.Status "partial")) (ge $cell.RawMonth $.Data.CurrentMonth)}}cell-unpaid-current{{else if or (eq $cell.Status "unpaid") (eq $cell.Status "partial")}}cell-unpaid{{else if eq $cell.Status "ok"}}cell-ok{{end}}{{if $cell.Overridden}} cell-overridden{{end}}">
         {{$cell.Text}}
         {{if and (or (eq $cell.Status "unpaid") (eq $cell.Status "partial")) (lt $cell.RawMonth $.Data.CurrentMonth)}}
-        <a class="pay-btn" href="{{qrHref $.Data.BankAccount $cell.Amount $row.Name $cell.RawMonth}}">Pay</a>
+        <button type="button" class="pay-btn" data-name="{{$row.Name}}" data-amount="{{$cell.Amount}}" data-month="{{$cell.Month}}" data-raw-month="{{$cell.RawMonth}}">Pay</button>
         {{end}}
       </td>
       {{end}}
       <td class="{{if lt $row.Balance 0}}balance-neg{{else if gt $row.Balance 0}}balance-pos{{end}}" style="position: relative;">
         {{$row.Balance}}
         {{if gt $row.PayableAmount 0}}
-        <a class="pay-btn" href="{{qrHrefAll $.Data.BankAccount $row.PayableAmount $row.Name $row.RawUnpaidPeriods}}">Pay All</a>
+        <button type="button" class="pay-btn" data-name="{{$row.Name}}" data-amount="{{$row.PayableAmount}}" data-month="{{$row.UnpaidPeriods}}" data-raw-month="{{$row.RawUnpaidPeriods}}" data-pay-all="1">Pay All</button>
         {{end}}
       </td>
     </tr>
@@ -137,5 +137,71 @@
 
 {{end}}
 
+<div id="memberModal" onclick="if(event.target===this)this.classList.remove('active')">
+  <div class="modal-content">
+    <div class="modal-header">
+      <div class="modal-title" id="modalMemberName">Member Name</div>
+      <div class="close-btn" onclick="document.getElementById('memberModal').classList.remove('active')">[close]</div>
+    </div>
+
+    <div class="modal-section">
+      <div class="modal-section-title">Status Summary</div>
+      <div id="modalTier" style="margin-bottom: 10px; color: #888;">Tier: -</div>
+      <table class="modal-table">
+        <thead><tr>
+          <th>Month</th>
+          <th style="text-align: center;">Att.</th>
+          <th style="text-align: center;">Expected</th>
+          <th style="text-align: center;">Paid</th>
+          <th style="text-align: right;">Status</th>
+        </tr></thead>
+        <tbody id="modalStatusBody"></tbody>
+      </table>
+    </div>
+
+    <div class="modal-section" id="modalExceptionSection" style="display: none;">
+      <div class="modal-section-title">Fee Exceptions</div>
+      <div id="modalExceptionList" class="tx-list"></div>
+    </div>
+
+    <div class="modal-section" id="modalOtherSection" style="display: none;">
+      <div class="modal-section-title">Other Transactions</div>
+      <div id="modalOtherList" class="tx-list"></div>
+    </div>
+
+    <div class="modal-section">
+      <div class="modal-section-title">Payment History</div>
+      <div id="modalTxList" class="tx-list"></div>
+    </div>
+
+    <div class="modal-section">
+      <div class="modal-section-title">
+        Raw Payments
+        <a href="#" id="rawPaymentsToggle" class="raw-toggle">[show]</a>
+      </div>
+      <div id="modalRawList" class="tx-list" style="display: none;"></div>
+    </div>
+  </div>
+</div>
+
+<div id="qrModal" onclick="if(event.target===this)this.classList.remove('active')">
+  <div class="modal-content">
+    <div class="modal-header">
+      <div class="modal-title" id="qrTitle">Payment for —</div>
+      <div class="close-btn" onclick="document.getElementById('qrModal').classList.remove('active')">[close]</div>
+    </div>
+    <div class="qr-image">
+      <img id="qrImg" src="" alt="Payment QR Code">
+    </div>
+    <div class="qr-details">
+      <div>Account: <span id="qrAccount"></span></div>
+      <div>Amount: <span id="qrAmount"></span> CZK</div>
+      <div>Message: <span id="qrMessage"></span></div>
+    </div>
+  </div>
+</div>
+
 <script src="/static/js/filters.js" defer></script>
+<script src="/static/js/member-detail.js" defer></script>
+<script src="/static/js/payment-qr.js" defer></script>
 {{end}}

go/internal/web/templates/flush_cache.tmpl

@@ -1,5 +1,11 @@
 {{define "title"}}Flush Cache{{end}}
 {{define "content"}}
 <h1>Flush Cache</h1>
-<p class="description">Coming in M6.6</p>
+{{if .Flushed}}
+  <p class="status-ok">Cache flushed: {{.Deleted}} file(s) deleted.</p>
+{{end}}
+<p class="description">Deletes all cached data files so the next request fetches fresh data from Google Sheets.</p>
+<form method="POST" action="/flush-cache">
+  <button type="submit" class="btn">Flush Cache</button>
+</form>
 {{end}}

go/internal/web/templates/juniors.tmpl

@@ -1,5 +1,187 @@
 {{define "title"}}Juniors{{end}}
 {{define "content"}}
 <h1>Juniors Dashboard</h1>
-<p class="description">Coming in M6.3</p>
+
+{{if .Error}}
+<div class="description">Error loading data: {{.Error}}</div>
+{{else}}
+
+<div class="description">
+  Balances calculated by matching Google Sheet payments against attendance fees.<br>
+  Source: <a href="{{.Data.AttendanceURL}}" target="_blank" rel="noopener">Attendance Sheet</a> |
+  <a href="{{.Data.PaymentsURL}}" target="_blank" rel="noopener">Payments Ledger</a>
+</div>
+
+<div class="filter-container" id="filterContainer" data-current-month="{{.Data.CurrentMonth}}" data-page="juniors" data-bank-account="{{.Data.BankAccount}}">
+  <div class="filter-item">
+    <label class="filter-label" for="nameFilter">Member</label>
+    <input id="nameFilter" class="filter-input" type="text" placeholder="Filter by name…">
+  </div>
+  <div class="filter-item">
+    <label class="filter-label" for="fromMonth">From</label>
+    <select id="fromMonth" class="filter-select">
+      <option value="">All</option>
+      {{range $i, $m := .Data.Months}}
+      <option value="{{$i}}">{{$m}}</option>
+      {{end}}
+    </select>
+  </div>
+  <div class="filter-item">
+    <label class="filter-label" for="toMonth">To</label>
+    <select id="toMonth" class="filter-select">
+      <option value="">All</option>
+      {{range $i, $m := .Data.Months}}
+      <option value="{{$i}}">{{$m}}</option>
+      {{end}}
+    </select>
+  </div>
+  <div class="filter-item">
+    <button id="applyFilter" class="filter-select" type="button" style="cursor: pointer;">Apply</button>
+    <button id="clearFilter" class="filter-select" type="button" style="cursor: pointer;">All</button>
+  </div>
+</div>
+
+{{if .Data.Results}}
+<div class="table-container">
+<table>
+  <thead>
+    <tr>
+      <th>Member</th>
+      {{range $i, $m := .Data.Months}}
+      <th data-month-idx="{{$i}}" data-raw-month="{{index $.Data.RawMonths $i}}">{{$m}}</th>
+      {{end}}
+      <th>Balance</th>
+    </tr>
+  </thead>
+  <tbody>
+    {{range $row := .Data.Results}}
+    <tr class="member-row" data-name="{{$row.Name}}">
+      <td class="member-name">{{$row.Name}}<span class="info-icon" data-name="{{$row.Name}}" title="Show details">[i]</span></td>
+      {{range $i, $cell := $row.Months}}
+      <td data-month-idx="{{$i}}" title="{{$cell.Tooltip}}"
+          class="{{if eq $cell.Status "empty"}}cell-empty{{else if and (or (eq $cell.Status "unpaid") (eq $cell.Status "partial")) (ge $cell.RawMonth $.Data.CurrentMonth)}}cell-unpaid-current{{else if or (eq $cell.Status "unpaid") (eq $cell.Status "partial")}}cell-unpaid{{else if eq $cell.Status "ok"}}cell-ok{{end}}{{if $cell.Overridden}} cell-overridden{{end}}">
+        {{$cell.Text}}
+        {{if and (or (eq $cell.Status "unpaid") (eq $cell.Status "partial")) (lt $cell.RawMonth $.Data.CurrentMonth)}}
+        <button type="button" class="pay-btn" data-name="{{$row.Name}}" data-amount="{{$cell.Amount}}" data-month="{{$cell.Month}}" data-raw-month="{{$cell.RawMonth}}">Pay</button>
+        {{end}}
+      </td>
+      {{end}}
+      <td class="{{if lt $row.Balance 0}}balance-neg{{else if gt $row.Balance 0}}balance-pos{{end}}" style="position: relative;">
+        {{$row.Balance}}
+        {{if gt $row.PayableAmount 0}}
+        <button type="button" class="pay-btn" data-name="{{$row.Name}}" data-amount="{{$row.PayableAmount}}" data-month="{{$row.UnpaidPeriods}}" data-raw-month="{{$row.RawUnpaidPeriods}}" data-pay-all="1">Pay All</button>
+        {{end}}
+      </td>
+    </tr>
+    {{end}}
+    <tr class="totals-row" style="font-weight: bold; background-color: #111; border-top: 2px solid #333;">
+      <td style="text-align: left; padding: 6px 8px;">TOTAL</td>
+      {{range $i, $t := .Data.Totals}}
+      <td data-month-idx="{{$i}}" data-raw-month="{{index $.Data.RawMonths $i}}" class="{{if eq $t.Status "ok"}}cell-ok{{else if eq $t.Status "unpaid"}}cell-unpaid{{else if eq $t.Status "surplus"}}cell-overridden{{end}}" style="padding-top: 4px; padding-bottom: 4px;">
+        <span style="font-size: 0.6em; font-weight: normal; color: #666; text-transform: lowercase; display: block; margin-bottom: 2px;">received / expected</span>
+        {{$t.Text}}
+      </td>
+      {{end}}
+      <td></td>
+    </tr>
+  </tbody>
+</table>
+</div>
+{{else}}
+<div class="description">No members found.</div>
+{{end}}
+
+{{if .Data.Credits}}
+<h2>Credits (Advance Payments / Surplus)</h2>
+<div class="list-container">
+  {{range .Data.Credits}}
+  <div class="list-item">
+    <span class="list-item-name">{{.Name}}</span>
+    <span class="list-item-val">{{.Amount}} CZK</span>
+  </div>
+  {{end}}
+</div>
+{{end}}
+
+{{if .Data.Debts}}
+<h2>Debts (Missing Payments)</h2>
+<div class="list-container">
+  {{range .Data.Debts}}
+  <div class="list-item">
+    <span class="list-item-name">{{.Name}}</span>
+    <span class="list-item-val" style="color: #ff3333;">{{.Amount}} CZK</span>
+  </div>
+  {{end}}
+</div>
+{{end}}
+
+{{end}}
+
+<div id="memberModal" onclick="if(event.target===this)this.classList.remove('active')">
+  <div class="modal-content">
+    <div class="modal-header">
+      <div class="modal-title" id="modalMemberName">Member Name</div>
+      <div class="close-btn" onclick="document.getElementById('memberModal').classList.remove('active')">[close]</div>
+    </div>
+
+    <div class="modal-section">
+      <div class="modal-section-title">Status Summary</div>
+      <div id="modalTier" style="margin-bottom: 10px; color: #888;">Tier: -</div>
+      <table class="modal-table">
+        <thead><tr>
+          <th>Month</th>
+          <th style="text-align: center;">Att.</th>
+          <th style="text-align: center;">Expected</th>
+          <th style="text-align: center;">Paid</th>
+          <th style="text-align: right;">Status</th>
+        </tr></thead>
+        <tbody id="modalStatusBody"></tbody>
+      </table>
+    </div>
+
+    <div class="modal-section" id="modalExceptionSection" style="display: none;">
+      <div class="modal-section-title">Fee Exceptions</div>
+      <div id="modalExceptionList" class="tx-list"></div>
+    </div>
+
+    <div class="modal-section" id="modalOtherSection" style="display: none;">
+      <div class="modal-section-title">Other Transactions</div>
+      <div id="modalOtherList" class="tx-list"></div>
+    </div>
+
+    <div class="modal-section">
+      <div class="modal-section-title">Payment History</div>
+      <div id="modalTxList" class="tx-list"></div>
+    </div>
+
+    <div class="modal-section">
+      <div class="modal-section-title">
+        Raw Payments
+        <a href="#" id="rawPaymentsToggle" class="raw-toggle">[show]</a>
+      </div>
+      <div id="modalRawList" class="tx-list" style="display: none;"></div>
+    </div>
+  </div>
+</div>
+
+<div id="qrModal" onclick="if(event.target===this)this.classList.remove('active')">
+  <div class="modal-content">
+    <div class="modal-header">
+      <div class="modal-title" id="qrTitle">Payment for —</div>
+      <div class="close-btn" onclick="document.getElementById('qrModal').classList.remove('active')">[close]</div>
+    </div>
+    <div class="qr-image">
+      <img id="qrImg" src="" alt="Payment QR Code">
+    </div>
+    <div class="qr-details">
+      <div>Account: <span id="qrAccount"></span></div>
+      <div>Amount: <span id="qrAmount"></span> CZK</div>
+      <div>Message: <span id="qrMessage"></span></div>
+    </div>
+  </div>
+</div>
+
+<script src="/static/js/filters.js" defer></script>
+<script src="/static/js/member-detail.js" defer></script>
+<script src="/static/js/payment-qr.js" defer></script>
 {{end}}

go/internal/web/templates/payments.tmpl

@@ -1,5 +1,38 @@
 {{define "title"}}Payments Ledger{{end}}
 {{define "content"}}
 <h1>Payments Ledger</h1>
-<p class="description">Coming in M6.4</p>
+<p class="description">
+    All bank transactions from the
+    <a href="{{.Data.PaymentsURL}}" target="_blank">payments sheet</a>,
+    grouped by member. Names are matched against the
+    <a href="{{.Data.AttendanceURL}}" target="_blank">attendance sheet</a>.
+</p>
+{{if .Error}}<p class="error">{{.Error}}</p>{{end}}
+<div class="ledger-container">
+{{range $person := .Data.SortedPeople}}
+    <div class="member-block">
+        <h2>{{$person}}</h2>
+        <table class="txn-table">
+            <thead>
+                <tr>
+                    <th class="txn-date">Date</th>
+                    <th class="txn-amount">Amount</th>
+                    <th class="txn-purpose">Purpose</th>
+                    <th class="txn-message">Bank Message</th>
+                </tr>
+            </thead>
+            <tbody>
+            {{range $tx := index $.Data.GroupedPayments $person}}
+                <tr>
+                    <td class="txn-date">{{$tx.Date}}</td>
+                    <td class="txn-amount">{{printf "%.0f" $tx.Amount}} CZK</td>
+                    <td class="txn-purpose">{{$tx.Purpose}}</td>
+                    <td class="txn-message">{{$tx.Message}}</td>
+                </tr>
+            {{end}}
+            </tbody>
+        </table>
+    </div>
+{{end}}
+</div>
 {{end}}

go/internal/web/templates/sync.tmpl

@@ -1,5 +1,15 @@
 {{define "title"}}Sync Bank Data{{end}}
 {{define "content"}}
 <h1>Sync Bank Data</h1>
-<p class="description">Coming in M6.6</p>
+{{if .Output}}
+  {{if .Success}}
+    <p class="status-ok">Sync completed successfully.</p>
+  {{else}}
+    <p class="status-error">Sync failed — see log below.</p>
+  {{end}}
+  <pre class="sync-log{{if not .Success}} sync-log--error{{end}}">{{.Output}}</pre>
+{{else}}
+  <p class="description">Fetches Fio transactions for the current year, infers payment details, and flushes the cache.</p>
+{{end}}
+<p><a href="/sync-bank" class="btn">{{if .Output}}Run Again{{else}}Run Sync{{end}}</a></p>
 {{end}}

scripts/fio_utils.py

@@ -4,6 +4,7 @@
 import json
 import os
 import re
+import sys
 import urllib.request
 from datetime import datetime
 from html.parser import HTMLParser
@@ -89,9 +90,11 @@ def parse_czech_amount(s: str) -> float | None:
 
 
 def parse_czech_date(s: str) -> str | None:
-    """Parse 'DD.MM.YYYY' to 'YYYY-MM-DD'."""
+    """Parse a Czech date to 'YYYY-MM-DD'. Accepts 4-digit and 2-digit years
+    with dot or slash separators; Fio's transparent page mixes 'DD.MM.YYYY'
+    and 'DD.MM.YY' in the same response."""
     s = s.strip()
-    for fmt in ("%d.%m.%Y", "%d/%m/%Y"):
+    for fmt in ("%d.%m.%Y", "%d/%m/%Y", "%d.%m.%y", "%d/%m/%y"):
         try:
             return datetime.strptime(s, fmt).strftime("%Y-%m-%d")
         except ValueError:
@@ -146,6 +149,7 @@ def fetch_transactions_transparent(
             "bank_id": "", # HTML scraping doesn't give stable ID
         })
 
+    print(f"fio: transparent fetched {len(rows)} raw rows, {len(transactions)} transaction(s) after filtering", file=sys.stderr)
     return transactions
 
 
@@ -169,7 +173,8 @@ def fetch_transactions_api(
 
     transactions = []
     tx_list = data.get("accountStatement", {}).get("transactionList", {})
-    for tx in (tx_list.get("transaction") or []):
+    raw_list = tx_list.get("transaction") or []
+    for tx in raw_list:
         # Each field is {"value": ..., "name": ..., "id": ...} or null
         def val(col_id):
             col = tx.get(f"column{col_id}")
@@ -197,6 +202,7 @@ def fetch_transactions_api(
             "currency": str(val(14) or "CZK"), # column14 = Currency
         })
 
+    print(f"fio: api fetched {len(raw_list)} raw transaction(s), {len(transactions)} after filtering", file=sys.stderr)
     return transactions
 
 
@@ -204,8 +210,14 @@ def fetch_transactions(date_from: str, date_to: str) -> list[dict]:
     """Fetch transactions, using API if token available, else transparent page."""
     token = os.environ.get("FIO_API_TOKEN", "").strip()
     if token:
+        print(f"fio: using authenticated API, window {date_from}..{date_to}", file=sys.stderr)
         return fetch_transactions_api(token, date_from, date_to)
 
+    print(
+        f"fio: using transparent page (FIO_API_TOKEN unset — expect publishing lag), "
+        f"window {date_from}..{date_to}, account=2800359168",
+        file=sys.stderr,
+    )
     # Convert YYYY-MM-DD to DD.MM.YYYY for the transparent page URL
     from_dt = datetime.strptime(date_from, "%Y-%m-%d")
     to_dt = datetime.strptime(date_to, "%Y-%m-%d")

scripts/sync_fio_to_sheets.py

@@ -77,6 +77,35 @@ def generate_sync_id(tx: dict) -> str:
     return hashlib.sha256(raw_str.encode("utf-8")).hexdigest()
 
 
+def _trunc(s: str, n: int = 40) -> str:
+    s = str(s)
+    return s if len(s) <= n else s[: n - 1] + "…"
+
+
+def _print_fio_table(transactions: list[dict], statuses: list[str]) -> None:
+    headers = ["DATE", "AMOUNT", "SENDER", "VS", "MESSAGE", "BANKID", "STATUS"]
+    rows = [
+        [
+            str(tx.get("date", "")),
+            f"{float(tx.get('amount', 0)):.2f}",
+            str(tx.get("sender", "")),
+            str(tx.get("vs", "")),
+            _trunc(str(tx.get("message", ""))),
+            str(tx.get("bank_id", "")),
+            status,
+        ]
+        for tx, status in zip(transactions, statuses)
+    ]
+    widths = [
+        max(len(headers[i]), max((len(r[i]) for r in rows), default=0))
+        for i in range(len(headers))
+    ]
+    sep = "  "
+    print(sep.join(h.ljust(w) for h, w in zip(headers, widths)))
+    for row in rows:
+        print(sep.join(cell.ljust(w) for cell, w in zip(row, widths)))
+
+
 def sort_sheet_by_date(service, spreadsheet_id):
     """Sort the sheet by the Date column (Column B)."""
     # Get the sheet ID (gid) of the first sheet
@@ -104,12 +133,21 @@ def sort_sheet_by_date(service, spreadsheet_id):
     print("Sheet sorted by date.")
 
 
-def sync_to_sheets(spreadsheet_id: str, credentials_path: str, days: int = None, date_from_str: str = None, date_to_str: str = None, sort_by_date: bool = False):
+def sync_to_sheets(
+    spreadsheet_id: str,
+    credentials_path: str,
+    days: int = None,
+    date_from_str: str = None,
+    date_to_str: str = None,
+    sort_by_date: bool = False,
+    dry_run: bool = False,
+    print_fio_table: bool = False,
+):
     print(f"Connecting to Google Sheets using {credentials_path}...")
     service = get_sheets_service(credentials_path)
     sheet = service.spreadsheets()
 
-    # 1. Fetch existing IDs from Column G (last column in A-G range)
+    # 1. Read existing sync IDs from Column K
     print(f"Reading existing sync IDs from sheet...")
     try:
         result = sheet.values().get(
@@ -117,19 +155,22 @@ def sync_to_sheets(spreadsheet_id: str, credentials_path: str, days: int = None,
             range="A1:K" # Include header and all columns to check Sync ID
         ).execute()
         values = result.get("values", [])
-        
+
         # Check and insert labels if missing
         if not values or values[0] != COLUMN_LABELS:
-            print("Inserting column labels...")
-            sheet.values().update(
-                spreadsheetId=spreadsheet_id,
-                range="A1",
-                valueInputOption="USER_ENTERED",
-                body={"values": [COLUMN_LABELS]}
-            ).execute()
+            if dry_run:
+                print("Dry run: would write header row")
+            else:
+                print("Inserting column labels...")
+                sheet.values().update(
+                    spreadsheetId=spreadsheet_id,
+                    range="A1",
+                    valueInputOption="USER_ENTERED",
+                    body={"values": [COLUMN_LABELS]}
+                ).execute()
             existing_ids = set()
         else:
-            # Sync ID is now the last column (index 10)
+            # Sync ID is the last column (index 10)
             existing_ids = {row[10] for row in values[1:] if len(row) > 10}
     except Exception as e:
         print(f"Error reading sheet (maybe empty?): {e}")
@@ -150,8 +191,12 @@ def sync_to_sheets(spreadsheet_id: str, credentials_path: str, days: int = None,
     transactions = fetch_transactions(df_str, dt_str)
     print(f"Found {len(transactions)} transactions.")
 
-    # 3. Filter for new transactions
+    if dry_run:
+        print(f"Dry run: window {df_str} to {dt_str}, fetched {len(transactions)} transaction(s) from Fio")
+
+    # 3. Determine NEW/DUP for each transaction
     new_rows = []
+    tx_statuses = []
     for tx in transactions:
         sync_id = generate_sync_id(tx)
         if sync_id not in existing_ids:
@@ -169,24 +214,48 @@ def sync_to_sheets(spreadsheet_id: str, credentials_path: str, days: int = None,
                 tx.get("bank_id", ""),
                 sync_id,
             ])
+            tx_statuses.append("NEW")
+        else:
+            tx_statuses.append("DUP")
+
+    # 4. Print table (before early-return so all transactions are shown including DUPs)
+    if print_fio_table and transactions:
+        _print_fio_table(transactions, tx_statuses)
 
     if not new_rows:
-        print("No new transactions to sync.")
+        if dry_run:
+            print("Dry run: would sync 0 new transaction(s).")
+        else:
+            print("No new transactions to sync.")
         return
 
-    # 4. Append to sheet
-    print(f"Appending {len(new_rows)} new transactions to the sheet...")
-    body = {"values": new_rows}
-    sheet.values().append(
-        spreadsheetId=spreadsheet_id,
-        range="A2", # Appends to the end of the sheet
-        valueInputOption="USER_ENTERED",
-        body=body
-    ).execute()
-    print("Sync completed successfully.")
-
-    if sort_by_date:
-        sort_sheet_by_date(service, spreadsheet_id)
+    # 5. Append to sheet or print dry-run would-write lines
+    if dry_run:
+        for tx, status in zip(transactions, tx_statuses):
+            if status == "NEW":
+                print(
+                    f"Dry run: would append"
+                    f" date={tx.get('date', '')}"
+                    f" amount={tx.get('amount', '')}"
+                    f" sender={tx.get('sender', '')}"
+                    f" vs={tx.get('vs', '')}"
+                    f" message={tx.get('message', '')}"
+                )
+        if sort_by_date:
+            print("Dry run: would sort by date")
+        print(f"Dry run: would sync {len(new_rows)} new transaction(s).")
+    else:
+        print(f"Appending {len(new_rows)} new transactions to the sheet...")
+        body = {"values": new_rows}
+        sheet.values().append(
+            spreadsheetId=spreadsheet_id,
+            range="A2", # Appends to the end of the sheet
+            valueInputOption="USER_ENTERED",
+            body=body
+        ).execute()
+        print("Sync completed successfully.")
+        if sort_by_date:
+            sort_sheet_by_date(service, spreadsheet_id)
 
 
 def main():
@@ -197,16 +266,20 @@ def main():
     parser.add_argument("--from", dest="date_from", help="Start date YYYY-MM-DD")
     parser.add_argument("--to", dest="date_to", help="End date YYYY-MM-DD")
     parser.add_argument("--sort-by-date", action="store_true", help="Sort the sheet by date after sync")
+    parser.add_argument("--dry-run", action="store_true", help="Fetch and dedup without writing to the sheet")
+    parser.add_argument("--print-fio-table", action="store_true", help="Print aligned table of all fetched transactions with NEW/DUP status (use with --dry-run)")
     args = parser.parse_args()
 
     try:
         sync_to_sheets(
-            spreadsheet_id=args.sheet_id, 
+            spreadsheet_id=args.sheet_id,
             credentials_path=args.credentials,
             days=args.days,
             date_from_str=args.date_from,
             date_to_str=args.date_to,
-            sort_by_date=args.sort_by_date
+            sort_by_date=args.sort_by_date,
+            dry_run=args.dry_run,
+            print_fio_table=args.print_fio_table,
         )
     except Exception as e:
         print(f"Sync failed: {e}")