From 6dd44df6384c33bcafc807dd0f0d6825546b9f72 Mon Sep 17 00:00:00 2001
From: Gabriel Costa <gabrielcg@proton.me>
Date: Fri, 20 Mar 2026 21:59:07 +0000
Subject: [PATCH 1/2] feat(ui): add refresh tools button and overflow menu to
 gateways table

Closes #3765
Closes #3519

Adds a Fetch/Refresh Tools action to the gateways table for all gateway
auth types, not just OAuth. The label reads "Fetch Tools" on first use
(no tools registered yet) and switches to "Refresh Tools" once tools
exist, using the existing POST /gateways/{id}/tools/refresh endpoint.
On success, a toast shows the delta counts (added / updated / removed)
and the table reloads via HTMX.

A matching "Refresh from MCPs" button is added to the virtual server
edit form so users can pull the latest tools from selected gateways
without leaving the modal.

To support the contextual label, tool_count is added to GatewayRead
(serialised as toolCount) and DbGateway.tools is eagerly loaded in
the gateways partial query to avoid N+1 queries.

As a piggyback improvement, the stacked action buttons in the gateways
table are replaced with an Alpine.js overflow menu (...), housing all
actions including the new refresh button.

Signed-off-by: Gabriel Costa <gabrielcg@proton.me>
---
 mcpgateway/admin.py                        |   2 +-
 mcpgateway/schemas.py                      |   3 +
 mcpgateway/services/gateway_service.py     |   4 +
 mcpgateway/static/admin.js                 | 117 +++++++++++++++++++
 mcpgateway/templates/admin.html            |  20 +++-
 mcpgateway/templates/gateways_partial.html | 126 +++++++++++++++------
 6 files changed, 229 insertions(+), 43 deletions(-)

diff --git a/mcpgateway/admin.py b/mcpgateway/admin.py
index 2a30ff566..d88b19c64 100644
--- a/mcpgateway/admin.py
+++ b/mcpgateway/admin.py
@@ -9191,7 +9191,7 @@ async def admin_gateways_partial_html(
     team_ids = await _get_user_team_ids(user, db)
 
     # Build base query
-    query = select(DbGateway).options(joinedload(DbGateway.email_team))
+    query = select(DbGateway).options(joinedload(DbGateway.email_team), selectinload(DbGateway.tools))
 
     if not include_inactive:
         query = query.where(DbGateway.enabled.is_(True))
diff --git a/mcpgateway/schemas.py b/mcpgateway/schemas.py
index 7ed788b18..600d81e2d 100644
--- a/mcpgateway/schemas.py
+++ b/mcpgateway/schemas.py
@@ -3402,6 +3402,9 @@ class GatewayRead(BaseModelWithConfigDict):
 
     _normalize_visibility = field_validator("visibility", mode="before")(classmethod(lambda cls, v: _coerce_visibility(v)))
 
+    # Tool count (populated from the tools relationship; 0 when not loaded)
+    tool_count: int = Field(default=0, description="Number of tools registered for this gateway")
+
     @model_validator(mode="before")
     @classmethod
     def _mask_query_param_auth(cls, data: Any) -> Any:
diff --git a/mcpgateway/services/gateway_service.py b/mcpgateway/services/gateway_service.py
index 832f3cf97..2866838d3 100644
--- a/mcpgateway/services/gateway_service.py
+++ b/mcpgateway/services/gateway_service.py
@@ -4176,6 +4176,10 @@ def convert_gateway_to_read(self, gateway: DbGateway) -> GatewayRead:
         gateway_dict["version"] = getattr(gateway, "version", None)
         gateway_dict["team"] = getattr(gateway, "team", None)
 
+        # Populate tool count from the eagerly-loaded tools relationship when available
+        tools_rel = gateway.__dict__.get("tools")
+        gateway_dict["tool_count"] = len(tools_rel) if tools_rel is not None else 0
+
         return GatewayRead.model_validate(gateway_dict).masked()
 
     def _create_db_tool(
diff --git a/mcpgateway/static/admin.js b/mcpgateway/static/admin.js
index d503e682d..66d6e8946 100644
--- a/mcpgateway/static/admin.js
+++ b/mcpgateway/static/admin.js
@@ -20829,6 +20829,123 @@ async function fetchToolsForGateway(gatewayId, gatewayName) {
 // Expose fetch tools function to global scope
 window.fetchToolsForGateway = fetchToolsForGateway;
 
+/**
+ * Refresh (or first-time fetch) tools for a gateway via the unified refresh endpoint.
+ * Works for all auth types. Shows a toast with delta counts on success.
+ *
+ * @param {string} gatewayId - ID of the gateway
+ * @param {string} gatewayName - Display name for toast messages
+ * @param {HTMLElement|null} buttonEl - Optional button element for loading-state feedback
+ */
+async function refreshGatewayTools(gatewayId, gatewayName, buttonEl) {
+    const origText = buttonEl ? buttonEl.textContent : "";
+    if (buttonEl) {
+        buttonEl.disabled = true;
+        buttonEl.textContent = "⏳ Refreshing...";
+    }
+
+    try {
+        const response = await fetch(`${window.ROOT_PATH}/gateways/${gatewayId}/tools/refresh`, {
+            method: "POST",
+            credentials: "include",
+            headers: { Accept: "application/json" },
+        });
+
+        const data = await response.json();
+        if (!response.ok) {
+            throw new Error(data.detail || data.message || "Refresh failed");
+        }
+
+        // Check if the refresh operation itself succeeded (even if HTTP 200)
+        if (data.success === false || data.error) {
+            throw new Error(data.error || "Refresh failed on the server");
+        }
+
+        showSuccessMessage(
+            `${gatewayName}: ${data.toolsAdded ?? 0} added, ${data.toolsUpdated ?? 0} updated, ${data.toolsRemoved ?? 0} removed`,
+        );
+
+        // Reload the gateways partial table via HTMX to reflect updated tool counts / button labels
+        htmx.ajax("GET", `${window.ROOT_PATH}/admin/gateways/partial`, {
+            target: "#gateways-table",
+            swap: "outerHTML",
+        });
+    } catch (err) {
+        console.error("refreshGatewayTools error:", err);
+        showErrorMessage(`Failed to refresh tools for ${gatewayName}: ${err.message}`);
+        if (buttonEl) {
+            buttonEl.disabled = false;
+            buttonEl.textContent = origText;
+        }
+    }
+}
+
+window.refreshGatewayTools = refreshGatewayTools;
+
+/**
+ * Refresh tools for all currently selected gateways in the virtual server edit form.
+ * After completion, triggers an HTMX reload of the tools selector list.
+ *
+ * @param {HTMLElement} buttonEl - The button element clicked
+ */
+async function refreshToolsForSelectedGateways(buttonEl) {
+    const gwIds =
+        typeof getSelectedGatewayIds === "function" ? getSelectedGatewayIds() : [];
+    if (!gwIds.length) {
+        showErrorMessage("Select at least one MCP gateway first.");
+        return;
+    }
+
+    const origText = buttonEl.textContent;
+    buttonEl.disabled = true;
+    buttonEl.textContent = "⏳ Refreshing...";
+
+    let added = 0,
+        updated = 0,
+        removed = 0,
+        failed = 0;
+
+    await Promise.allSettled(
+        gwIds.map(async (gid) => {
+            try {
+                const res = await fetch(`${window.ROOT_PATH}/gateways/${gid}/tools/refresh`, {
+                    method: "POST",
+                    credentials: "include",
+                    headers: { Accept: "application/json" },
+                });
+                const data = await res.json();
+                if (res.ok && data.success !== false) {
+                    added += data.toolsAdded ?? 0;
+                    updated += data.toolsUpdated ?? 0;
+                    removed += data.toolsRemoved ?? 0;
+                } else {
+                    failed++;
+                }
+            } catch (_) {
+                failed++;
+            }
+        }),
+    );
+
+    buttonEl.disabled = false;
+    buttonEl.textContent = origText;
+
+    const msg = `${added} added, ${updated} updated, ${removed} removed`;
+    if (failed > 0) {
+        showErrorMessage(`Refresh completed with ${failed} error(s). ${msg}`);
+    } else {
+        showSuccessMessage(`Tools refreshed: ${msg}`);
+    }
+
+    // Reload the tools selector via HTMX to pick up newly discovered tools
+    const container = document.getElementById("edit-server-tools");
+    if (container) {
+        htmx.trigger(container, "load");
+    }
+}
+
+window.refreshToolsForSelectedGateways = refreshToolsForSelectedGateways;
+
 console.log("🛡️ ContextForge AI Gateway admin.js initialized");
 
 // ===================================================================
diff --git a/mcpgateway/templates/admin.html b/mcpgateway/templates/admin.html
index 9a81825e2..9fdc2de6d 100644
--- a/mcpgateway/templates/admin.html
+++ b/mcpgateway/templates/admin.html
@@ -11134,12 +11134,20 @@ <h3 class="text-lg font-medium text-gray-900 dark:text-gray-100">
                     <div
                       class="p-4 bg-white dark:bg-gray-800 rounded-lg shadow-lg border border-gray-600"
                     >
-                      <label
-                        for="edit-server-tools"
-                        class="block text-sm font-semibold text-gray-700 dark:text-gray-300 mb-2"
-                      >
-                        Associated Tools
-                      </label>
+                      <div class="flex items-center justify-between mb-2">
+                        <label
+                          for="edit-server-tools"
+                          class="block text-sm font-semibold text-gray-700 dark:text-gray-300"
+                        >
+                          Associated Tools
+                        </label>
+                        <button
+                          type="button"
+                          onclick="refreshToolsForSelectedGateways(this)"
+                          class="px-2 py-1 text-xs font-medium text-green-700 dark:text-green-400 border border-green-600 dark:border-green-500 rounded-md hover:bg-green-50 dark:hover:bg-green-900/20 transition-colors"
+                          x-tooltip="'Re-fetch tools from selected MCP gateways and reload this list'"
+                        >Refresh from MCPs</button>
+                      </div>
                        <input
                         type="text"
                         id="searchEditTools"
diff --git a/mcpgateway/templates/gateways_partial.html b/mcpgateway/templates/gateways_partial.html
index 57ae2a0bd..b105b10fa 100644
--- a/mcpgateway/templates/gateways_partial.html
+++ b/mcpgateway/templates/gateways_partial.html
@@ -21,50 +21,104 @@
       {% set can_modify = is_admin or gateway.ownerEmail == current_user_email or (gateway.visibility == 'team' and gateway.teamId and user_team_roles.get(gateway.teamId|string) == 'owner') %}
       <tr id="gateway-row-{{ gateway.id }}" data-enabled="{{ gateway.enabled|lower }}" data-owner-email="{{ gateway.ownerEmail }}" data-team-id="{{ gateway.teamId or '' }}" data-visibility="{{ gateway.visibility }}">
         <td class="px-6 py-4 whitespace-nowrap text-sm font-medium">
-          <div class="flex flex-col gap-y-1 max-w-48">
-            <!-- Row 1: Test -->
+          <div class="relative" x-data="{ menuOpen: false }" @click.away="menuOpen = false">
+            <!-- Three-dot trigger -->
             <button
-              onclick="testGateway({{ gateway.url|tojson_attr }})"
-              class="flex items-center justify-center px-2 py-1 text-xs font-medium rounded-md text-purple-600 hover:text-purple-900 hover:bg-purple-50 dark:text-purple-400 dark:hover:bg-purple-900/20 transition-colors"
-              x-tooltip="'💡Test this gateway with sample arguments'"
+              type="button"
+              @click="menuOpen = !menuOpen"
+              class="p-1.5 rounded-md text-gray-500 hover:text-gray-700 hover:bg-gray-100 dark:text-gray-400 dark:hover:text-gray-200 dark:hover:bg-gray-700 transition-colors"
+              :aria-expanded="menuOpen"
+              x-tooltip="'Actions'"
             >
-              Test
+              <svg class="w-5 h-5" fill="currentColor" viewBox="0 0 20 20">
+                <path d="M6 10a2 2 0 11-4 0 2 2 0 014 0zm6 0a2 2 0 11-4 0 2 2 0 014 0zm6 0a2 2 0 11-4 0 2 2 0 014 0z"/>
+              </svg>
             </button>
 
-            {% if gateway.authType == 'oauth' and can_modify %}
-            <!-- Row 2: OAuth Authorize -->
-            <a href="{{ root_path }}/oauth/authorize/{{ gateway.id }}"
-              class="flex items-center justify-center px-2 py-1 text-xs font-medium rounded-md text-indigo-600 hover:text-indigo-900 hover:bg-indigo-50 dark:text-indigo-400 dark:hover:bg-indigo-900/20 transition-colors"
-              x-tooltip="'🔐 Authorize Users for OAuth'">
-              🔐 Authorize
-            </a>
-            <!-- Row 3:  Fetch Tools -->
-            <button onclick="fetchToolsForGateway({{ gateway.id|tojson_attr }}, {{ gateway.name|tojson_attr }})"
-              class="flex items-center justify-center px-2 py-1 text-xs font-medium rounded-md text-green-600 hover:text-green-900 hover:bg-green-50 dark:text-green-400 dark:hover:bg-green-900/20 transition-colors"
-              x-tooltip="'🔧 Fetch Tools from MCP Server'" id="fetch-tools-{{ gateway.id }}">
-              🔧 Fetch Tools
-            </button>
-            {% endif %}
+            <!-- Dropdown menu -->
+            <div
+              x-show="menuOpen"
+              x-transition:enter="transition ease-out duration-100"
+              x-transition:enter-start="opacity-0 scale-95"
+              x-transition:enter-end="opacity-100 scale-100"
+              x-transition:leave="transition ease-in duration-75"
+              x-transition:leave-start="opacity-100 scale-100"
+              x-transition:leave-end="opacity-0 scale-95"
+              class="absolute left-0 mt-1 w-44 bg-white dark:bg-gray-800 rounded-lg shadow-xl border border-gray-200 dark:border-gray-700 z-50 py-1"
+              style="display:none"
+              role="menu"
+            >
+              <!-- Test -->
+              <button
+                type="button"
+                role="menuitem"
+                @click="menuOpen = false; testGateway({{ gateway.url|tojson_attr }})"
+                class="w-full flex items-center px-4 py-2 text-sm text-gray-700 dark:text-gray-200 hover:bg-gray-100 dark:hover:bg-gray-700"
+              >Test</button>
+
+              {% if gateway.authType == 'oauth' and can_modify %}
+              <!-- OAuth Authorize -->
+              <a
+                href="{{ root_path }}/oauth/authorize/{{ gateway.id }}"
+                @click="menuOpen = false"
+                role="menuitem"
+                class="flex items-center px-4 py-2 text-sm text-gray-700 dark:text-gray-200 hover:bg-gray-100 dark:hover:bg-gray-700"
+              >🔐 Authorize</a>
+              {% endif %}
 
-            <!-- Row 4:  View | Edit -->
-            <div class="flex gap-x-2">
-              <button onclick="viewGateway({{ gateway.id|tojson_attr }})" class="flex-1 flex items-center justify-center px-2 py-1 text-xs font-medium rounded-md text-indigo-600 hover:text-indigo-900 hover:bg-indigo-50 dark:text-indigo-400 dark:hover:bg-indigo-900/20 transition-colors">View</button>
               {% if can_modify %}
-              <button onclick="editGateway({{ gateway.id|tojson_attr }})" class="flex-1 flex items-center justify-center px-2 py-1 text-xs font-medium rounded-md text-green-600 hover:text-green-900 hover:bg-green-50 dark:text-green-400 dark:hover:bg-green-900/20 transition-colors">Edit</button>
+              <!-- Fetch / Refresh Tools (all auth types) -->
+              <button
+                type="button"
+                role="menuitem"
+                id="refresh-tools-{{ gateway.id }}"
+                @click="menuOpen = false; refreshGatewayTools({{ gateway.id|tojson_attr }}, {{ gateway.name|tojson_attr }}, $event.currentTarget)"
+                class="w-full flex items-center px-4 py-2 text-sm text-gray-700 dark:text-gray-200 hover:bg-gray-100 dark:hover:bg-gray-700"
+                x-tooltip="'{% if gateway.toolCount == 0 %}First-time fetch from MCP server{% else %}Re-fetch latest tools from MCP server{% endif %}'"
+              >{% if gateway.toolCount == 0 %}Fetch Tools{% else %}Refresh Tools{% endif %}</button>
               {% endif %}
-            </div>
 
-            {% if can_modify %}
-            <!-- Row 5:  Activate/Deactivate -->
-            <form method="POST" action="{{ root_path }}/admin/gateways/{{ gateway.id }}/state" class="contents" onsubmit="return handleToggleSubmit(event, 'gateways')">
-              <input type="hidden" name="activate" value="{{ 'false' if gateway.enabled else 'true' }}" />
-              <button type="submit" class="flex items-center justify-center px-2 py-1 text-xs font-medium rounded-md {% if gateway.enabled %}text-yellow-600 hover:text-yellow-900 hover:bg-yellow-50 dark:text-yellow-400 dark:hover:bg-yellow-900/20{% else %}text-green-600 hover:text-green-900 hover:bg-green-50 dark:text-green-400 dark:hover:bg-green-900/20{% endif %}">{% if gateway.enabled %}Deactivate{% else %}Activate{% endif %}</button>
-            </form>
-            <!-- Row 6:  Delete -->
-            <form method="POST" action="{{ root_path }}/admin/gateways/{{ gateway.id }}/delete" class="contents" onsubmit="return handleDeleteSubmit(event, 'gateway', {{ gateway_label|tojson_attr }}, 'gateways')">
-              <button type="submit" class="flex items-center justify-center px-2 py-1 text-xs font-medium rounded-md text-red-600 hover:text-red-900 hover:bg-red-50 dark:text-red-400 dark:hover:bg-red-900/20 transition-colors">Delete</button>
-            </form>
-            {% endif %}
+              <hr class="border-gray-200 dark:border-gray-600 my-1">
+
+              <!-- View -->
+              <button
+                type="button"
+                role="menuitem"
+                @click="menuOpen = false; viewGateway({{ gateway.id|tojson_attr }})"
+                class="w-full flex items-center px-4 py-2 text-sm text-gray-700 dark:text-gray-200 hover:bg-gray-100 dark:hover:bg-gray-700"
+              >View</button>
+
+              {% if can_modify %}
+              <!-- Edit -->
+              <button
+                type="button"
+                role="menuitem"
+                @click="menuOpen = false; editGateway({{ gateway.id|tojson_attr }})"
+                class="w-full flex items-center px-4 py-2 text-sm text-gray-700 dark:text-gray-200 hover:bg-gray-100 dark:hover:bg-gray-700"
+              >Edit</button>
+
+              <hr class="border-gray-200 dark:border-gray-600 my-1">
+
+              <!-- Activate / Deactivate -->
+              <form method="POST" action="{{ root_path }}/admin/gateways/{{ gateway.id }}/state" class="contents" onsubmit="return handleToggleSubmit(event, 'gateways')">
+                <input type="hidden" name="activate" value="{{ 'false' if gateway.enabled else 'true' }}" />
+                <button
+                  type="submit"
+                  role="menuitem"
+                  class="w-full flex items-center px-4 py-2 text-sm {% if gateway.enabled %}text-yellow-600 dark:text-yellow-400{% else %}text-green-600 dark:text-green-400{% endif %} hover:bg-gray-100 dark:hover:bg-gray-700"
+                >{% if gateway.enabled %}Deactivate{% else %}Activate{% endif %}</button>
+              </form>
+
+              <!-- Delete -->
+              <form method="POST" action="{{ root_path }}/admin/gateways/{{ gateway.id }}/delete" class="contents" onsubmit="return handleDeleteSubmit(event, 'gateway', {{ gateway_label|tojson_attr }}, 'gateways')">
+                <button
+                  type="submit"
+                  role="menuitem"
+                  class="w-full flex items-center px-4 py-2 text-sm text-red-600 dark:text-red-400 hover:bg-gray-100 dark:hover:bg-gray-700"
+                >Delete</button>
+              </form>
+              {% endif %}
+            </div>
           </div>
         </td>
         <td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900 dark:text-gray-100">{{ (pagination.page - 1) * pagination.per_page + loop.index }}</td>

From 14c44f785d529538fe347f9d1416e53c0163988d Mon Sep 17 00:00:00 2001
From: Gabriel Costa <gabrielcg@proton.me>
Date: Fri, 20 Mar 2026 23:51:20 +0000
Subject: [PATCH 2/2] Adjust playwright tests to overflow menu

Signed-off-by: Gabriel Costa <gabrielcg@proton.me>
---
 CHANGELOG.md                                  | 18 ++++
 mcpgateway/admin.py                           | 30 +++----
 mcpgateway/main.py                            |  4 +-
 mcpgateway/services/gateway_service.py        |  8 +-
 mcpgateway/static/admin.js                    | 85 ++++++++++++++-----
 mcpgateway/templates/admin.html               | 22 +++--
 mcpgateway/templates/gateways_partial.html    | 36 ++++++--
 tests/playwright/pages/gateways_page.py       | 38 ++++++++-
 .../test_iframe_embedding_security.py         | 80 +++++++++++++----
 tests/playwright/test_admin_url_context.py    | 76 +++++++++++++----
 tests/playwright/test_gateways.py             | 26 ++++--
 11 files changed, 320 insertions(+), 103 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4893ee44c..f401e9b3a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,24 @@
 
 > **Migration**: Switch to PostgreSQL for production deployments. Update `DATABASE_URL` to a `postgresql+psycopg://` connection string. SQLite (`sqlite:///./mcp.db`) remains available for local development and testing.
 
+### Added
+
+#### **Refresh Tools Button for All Gateway Types** ([#3765](https://github.com/IBM/mcp-context-forge/issues/3765))
+
+Users can now pull the latest tools from any registered MCP without re-registering the gateway.
+
+* A **Fetch Tools** / **Refresh Tools** action is available for all gateway auth types (previously limited to OAuth only) via the new overflow menu in the gateways table
+* The label reads **Fetch Tools** on first use (no tools registered yet) and automatically switches to **Refresh Tools** once tools exist, driven by the new `toolCount` field on `GatewayRead`
+* On success, a toast notification shows the delta: tools added / updated / removed
+* The table reloads via HTMX to reflect updated tool counts and button labels without a full page refresh
+* A **Refresh from MCPs** button is also available in the virtual server edit form, allowing users to pull the latest tools from all currently selected gateways and reload the tools selector without leaving the modal
+* Backed by the existing `POST /gateways/{id}/tools/refresh` API endpoint
+
+#### **Overflow Menu for Gateways Table** ([#3519](https://github.com/IBM/mcp-context-forge/issues/3519))
+
+* Replaced the stacked action buttons in the gateways table with a single overflow menu (three-dot button), reducing visual clutter and aligning with the Carbon Design System overflow menu pattern
+* All existing actions (Test, OAuth Authorize, Fetch/Refresh Tools, View, Edit, Activate/Deactivate, Delete) remain fully accessible inside the menu
+
 ## [1.0.0-RC2] - 2026-03-09 - Hardening, Admin UI Polish, Plugin Framework & Quality
 
 ### Overview
diff --git a/mcpgateway/admin.py b/mcpgateway/admin.py
index d88b19c64..cf8a603cf 100644
--- a/mcpgateway/admin.py
+++ b/mcpgateway/admin.py
@@ -1379,19 +1379,6 @@ def _resolve_root_path(request: Request) -> str:
     return root_path.rstrip("/")
 
 
-def _admin_cookie_path(request: Request) -> str:
-    """Build admin cookie path honoring ASGI root_path.
-
-    Args:
-        request: Incoming request used to read ASGI ``root_path``.
-
-    Returns:
-        Admin cookie path scoped under the deployed app root.
-    """
-    root_path = _resolve_root_path(request)
-    return f"{root_path}/admin" if root_path else "/admin"
-
-
 def _normalize_origin_parts(scheme: str, netloc: str) -> tuple[str, str, int]:
     """Normalize origin components for exact same-origin comparisons.
 
@@ -1495,11 +1482,12 @@ def _set_admin_csrf_cookie(request: Request, response: Response) -> str:
 
     use_secure = (settings.environment == "production") or settings.secure_cookies
     max_age = max(300, int(getattr(settings, "token_expiry", 60)) * 60)
+    cookie_path = _resolve_root_path(request) or "/"
     response.set_cookie(
         key=ADMIN_CSRF_COOKIE_NAME,
         value=csrf_token,
         max_age=max_age,
-        path=_admin_cookie_path(request),
+        path=cookie_path,
         httponly=False,
         secure=use_secure,
         samesite="strict",
@@ -1517,7 +1505,7 @@ def _clear_admin_csrf_cookie(request: Request, response: Response) -> None:
     use_secure = (settings.environment == "production") or settings.secure_cookies
     response.delete_cookie(
         key=ADMIN_CSRF_COOKIE_NAME,
-        path=_admin_cookie_path(request),
+        path=_resolve_root_path(request) or "/",
         secure=use_secure,
         httponly=False,
         samesite="strict",
@@ -7724,9 +7712,7 @@ async def admin_create_user(
         )
 
         # If the user was created with the default password, optionally force password change
-        if (
-            settings.password_change_enforcement_enabled and getattr(settings, "require_password_change_for_default_password", True) and password == settings.default_user_password.get_secret_value()
-        ):  # nosec B105
+        if settings.password_change_enforcement_enabled and getattr(settings, "require_password_change_for_default_password", True) and password == settings.default_user_password.get_secret_value():  # nosec B105
             new_user.password_change_required = True
             db.commit()
 
@@ -7856,12 +7842,16 @@ async def admin_get_user_edit(
                     <input type="text" name="full_name" value="{user_obj.full_name or ""}" required
                            class="mt-1 block w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-md shadow-sm focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 dark:bg-gray-700 text-gray-900 dark:text-white">
                 </div>
-                {"" if is_editing_self else f'''<div>
+                {
+            ""
+            if is_editing_self
+            else f'''<div>
                     <label class="block text-sm font-medium text-gray-700 dark:text-gray-300">
                         <input type="checkbox" name="is_admin" {"checked" if user_obj.is_admin else ""}
                                class="mr-2"> Administrator
                     </label>
-                </div>'''}
+                </div>'''
+        }
                 <div>
                     <label class="block text-sm font-medium text-gray-700 dark:text-gray-300">
                         <input type="checkbox" name="email_verified" {"checked" if user_obj.is_email_verified() else ""}
diff --git a/mcpgateway/main.py b/mcpgateway/main.py
index f8ea70098..77d43a98c 100644
--- a/mcpgateway/main.py
+++ b/mcpgateway/main.py
@@ -72,7 +72,7 @@
 # Import the admin routes from the new module
 from mcpgateway import __version__
 from mcpgateway import version as version_module
-from mcpgateway.admin import admin_router, set_logging_service
+from mcpgateway.admin import admin_router, enforce_admin_csrf, set_logging_service
 from mcpgateway.auth import _check_token_revoked_sync, _lookup_api_token_sync, get_current_user, get_user_team_roles, normalize_token_teams, resolve_session_teams
 from mcpgateway.bootstrap_db import main as bootstrap_db
 from mcpgateway.cache import ResourceCache, SessionRegistry
@@ -6577,7 +6577,7 @@ async def delete_gateway(gateway_id: str, db: Session = Depends(get_db), user=De
         raise HTTPException(status_code=400, detail=str(e))
 
 
-@gateway_router.post("/{gateway_id}/tools/refresh", response_model=GatewayRefreshResponse)
+@gateway_router.post("/{gateway_id}/tools/refresh", response_model=GatewayRefreshResponse, dependencies=[Depends(enforce_admin_csrf)])
 @require_permission("gateways.update")
 async def refresh_gateway_tools(
     gateway_id: str,
diff --git a/mcpgateway/services/gateway_service.py b/mcpgateway/services/gateway_service.py
index 2866838d3..1ae7aafea 100644
--- a/mcpgateway/services/gateway_service.py
+++ b/mcpgateway/services/gateway_service.py
@@ -63,7 +63,7 @@
 from mcp.client.sse import sse_client
 from mcp.client.streamable_http import streamablehttp_client
 from pydantic import ValidationError
-from sqlalchemy import and_, delete, desc, or_, select, update
+from sqlalchemy import and_, delete, desc, inspect as sa_inspect, or_, select, update
 from sqlalchemy.exc import IntegrityError
 from sqlalchemy.orm import joinedload, selectinload, Session
 
@@ -4176,9 +4176,9 @@ def convert_gateway_to_read(self, gateway: DbGateway) -> GatewayRead:
         gateway_dict["version"] = getattr(gateway, "version", None)
         gateway_dict["team"] = getattr(gateway, "team", None)
 
-        # Populate tool count from the eagerly-loaded tools relationship when available
-        tools_rel = gateway.__dict__.get("tools")
-        gateway_dict["tool_count"] = len(tools_rel) if tools_rel is not None else 0
+        # Use official SQLAlchemy inspect API; returns 0 if tools relationship is not loaded
+        tools_loaded = sa_inspect(gateway).attrs["tools"].loaded_value
+        gateway_dict["tool_count"] = len(tools_loaded) if isinstance(tools_loaded, list) else 0
 
         return GatewayRead.model_validate(gateway_dict).masked()
 
diff --git a/mcpgateway/static/admin.js b/mcpgateway/static/admin.js
index 66d6e8946..677ebdf9d 100644
--- a/mcpgateway/static/admin.js
+++ b/mcpgateway/static/admin.js
@@ -20845,11 +20845,22 @@ async function refreshGatewayTools(gatewayId, gatewayName, buttonEl) {
     }
 
     try {
-        const response = await fetch(`${window.ROOT_PATH}/gateways/${gatewayId}/tools/refresh`, {
-            method: "POST",
-            credentials: "include",
-            headers: { Accept: "application/json" },
-        });
+        const csrfToken =
+            document.cookie
+                .split("; ")
+                .find((row) => row.startsWith("mcpgateway_csrf_token="))
+                ?.split("=")[1] ?? "";
+        const response = await fetch(
+            `${window.ROOT_PATH}/gateways/${gatewayId}/tools/refresh`,
+            {
+                method: "POST",
+                credentials: "include",
+                headers: {
+                    Accept: "application/json",
+                    "x-csrf-token": csrfToken,
+                },
+            },
+        );
 
         const data = await response.json();
         if (!response.ok) {
@@ -20861,9 +20872,14 @@ async function refreshGatewayTools(gatewayId, gatewayName, buttonEl) {
             throw new Error(data.error || "Refresh failed on the server");
         }
 
-        showSuccessMessage(
-            `${gatewayName}: ${data.toolsAdded ?? 0} added, ${data.toolsUpdated ?? 0} updated, ${data.toolsRemoved ?? 0} removed`,
-        );
+        const toolsAdded = data.toolsAdded ?? 0;
+        const toolsUpdated = data.toolsUpdated ?? 0;
+        const toolsRemoved = data.toolsRemoved ?? 0;
+        const deltaMsg =
+            toolsAdded || toolsUpdated || toolsRemoved
+                ? `${toolsAdded} added, ${toolsUpdated} updated, ${toolsRemoved} removed`
+                : "No changes detected";
+        showSuccessMessage(`${gatewayName}: ${deltaMsg}`);
 
         // Reload the gateways partial table via HTMX to reflect updated tool counts / button labels
         htmx.ajax("GET", `${window.ROOT_PATH}/admin/gateways/partial`, {
@@ -20872,7 +20888,9 @@ async function refreshGatewayTools(gatewayId, gatewayName, buttonEl) {
         });
     } catch (err) {
         console.error("refreshGatewayTools error:", err);
-        showErrorMessage(`Failed to refresh tools for ${gatewayName}: ${err.message}`);
+        showErrorMessage(
+            `Failed to refresh tools for ${gatewayName}: ${err.message}`,
+        );
         if (buttonEl) {
             buttonEl.disabled = false;
             buttonEl.textContent = origText;
@@ -20889,8 +20907,15 @@ window.refreshGatewayTools = refreshGatewayTools;
  * @param {HTMLElement} buttonEl - The button element clicked
  */
 async function refreshToolsForSelectedGateways(buttonEl) {
+    if (typeof getSelectedGatewayIds !== "function") {
+        console.warn(
+            "refreshToolsForSelectedGateways: getSelectedGatewayIds is not defined",
+        );
+    }
     const gwIds =
-        typeof getSelectedGatewayIds === "function" ? getSelectedGatewayIds() : [];
+        typeof getSelectedGatewayIds === "function"
+            ? getSelectedGatewayIds()
+            : [];
     if (!gwIds.length) {
         showErrorMessage("Select at least one MCP gateway first.");
         return;
@@ -20900,19 +20925,30 @@ async function refreshToolsForSelectedGateways(buttonEl) {
     buttonEl.disabled = true;
     buttonEl.textContent = "⏳ Refreshing...";
 
-    let added = 0,
-        updated = 0,
-        removed = 0,
-        failed = 0;
+    let added = 0;
+    let updated = 0;
+    let removed = 0;
+    let failed = 0;
 
     await Promise.allSettled(
         gwIds.map(async (gid) => {
             try {
-                const res = await fetch(`${window.ROOT_PATH}/gateways/${gid}/tools/refresh`, {
-                    method: "POST",
-                    credentials: "include",
-                    headers: { Accept: "application/json" },
-                });
+                const csrfToken =
+                    document.cookie
+                        .split("; ")
+                        .find((row) => row.startsWith("mcpgateway_csrf_token="))
+                        ?.split("=")[1] ?? "";
+                const res = await fetch(
+                    `${window.ROOT_PATH}/gateways/${gid}/tools/refresh`,
+                    {
+                        method: "POST",
+                        credentials: "include",
+                        headers: {
+                            Accept: "application/json",
+                            "x-csrf-token": csrfToken,
+                        },
+                    },
+                );
                 const data = await res.json();
                 if (res.ok && data.success !== false) {
                     added += data.toolsAdded ?? 0;
@@ -20930,11 +20966,16 @@ async function refreshToolsForSelectedGateways(buttonEl) {
     buttonEl.disabled = false;
     buttonEl.textContent = origText;
 
-    const msg = `${added} added, ${updated} updated, ${removed} removed`;
+    const deltaMsg =
+        added || updated || removed
+            ? `${added} added, ${updated} updated, ${removed} removed`
+            : "No changes detected";
     if (failed > 0) {
-        showErrorMessage(`Refresh completed with ${failed} error(s). ${msg}`);
+        showErrorMessage(
+            `Refresh completed with ${failed} error(s). ${deltaMsg}`,
+        );
     } else {
-        showSuccessMessage(`Tools refreshed: ${msg}`);
+        showSuccessMessage(`Tools refreshed: ${deltaMsg}`);
     }
 
     // Reload the tools selector via HTMX to pick up newly discovered tools
diff --git a/mcpgateway/templates/admin.html b/mcpgateway/templates/admin.html
index 9fdc2de6d..1a45c95a9 100644
--- a/mcpgateway/templates/admin.html
+++ b/mcpgateway/templates/admin.html
@@ -2987,12 +2987,20 @@ <h3 class="text-lg font-bold mb-4 dark:text-gray-200">
                 <div
                   class="p-4 bg-white dark:bg-gray-800 rounded-lg shadow-lg border border-gray-300 dark:border-gray-700"
                 >
-                  <label
-                    class="block text-sm font-semibold text-gray-700 dark:text-gray-300 mb-2"
-                    for="associatedTools"
-                  >
-                    Associated Tools
-                  </label>
+                  <div class="flex items-center justify-between mb-2">
+                    <label
+                      class="block text-sm font-semibold text-gray-700 dark:text-gray-300"
+                      for="associatedTools"
+                    >
+                      Associated Tools
+                    </label>
+                    <button
+                      type="button"
+                      onclick="refreshToolsForSelectedGateways(this)"
+                      class="px-2 py-1 text-xs font-medium text-green-700 dark:text-green-400 border border-green-600 dark:border-green-500 rounded-md hover:bg-green-50 dark:hover:bg-green-900/20 transition-colors"
+                      title="Re-fetch tools from selected MCP gateways and reload this list"
+                    >Refresh from MCPs</button>
+                  </div>
                   <input
                     type="text"
                     id="searchTools"
@@ -11145,7 +11153,7 @@ <h3 class="text-lg font-medium text-gray-900 dark:text-gray-100">
                           type="button"
                           onclick="refreshToolsForSelectedGateways(this)"
                           class="px-2 py-1 text-xs font-medium text-green-700 dark:text-green-400 border border-green-600 dark:border-green-500 rounded-md hover:bg-green-50 dark:hover:bg-green-900/20 transition-colors"
-                          x-tooltip="'Re-fetch tools from selected MCP gateways and reload this list'"
+                          title="Re-fetch tools from selected MCP gateways and reload this list"
                         >Refresh from MCPs</button>
                       </div>
                        <input
diff --git a/mcpgateway/templates/gateways_partial.html b/mcpgateway/templates/gateways_partial.html
index b105b10fa..c8f18a35b 100644
--- a/mcpgateway/templates/gateways_partial.html
+++ b/mcpgateway/templates/gateways_partial.html
@@ -21,22 +21,46 @@
       {% set can_modify = is_admin or gateway.ownerEmail == current_user_email or (gateway.visibility == 'team' and gateway.teamId and user_team_roles.get(gateway.teamId|string) == 'owner') %}
       <tr id="gateway-row-{{ gateway.id }}" data-enabled="{{ gateway.enabled|lower }}" data-owner-email="{{ gateway.ownerEmail }}" data-team-id="{{ gateway.teamId or '' }}" data-visibility="{{ gateway.visibility }}">
         <td class="px-6 py-4 whitespace-nowrap text-sm font-medium">
-          <div class="relative" x-data="{ menuOpen: false }" @click.away="menuOpen = false">
+          <div
+            x-data="{
+              menuOpen: false,
+              menuX: 0,
+              menuY: 0,
+              openMenu() {
+                const r = this.$refs.trigger.getBoundingClientRect();
+                this.menuX = r.left;
+                this.menuY = r.bottom + 4;
+                this.menuOpen = true;
+                this.$nextTick(() => this.$refs.menu.querySelector('[role=menuitem]')?.focus());
+              },
+              navigate(dir) {
+                const items = [...this.$refs.menu.querySelectorAll('[role=menuitem]')];
+                const idx = items.indexOf(document.activeElement);
+                items[(idx + dir + items.length) % items.length]?.focus();
+              }
+            }"
+            @click.away="menuOpen = false"
+            @keydown.escape="menuOpen = false; $refs.trigger.focus()"
+          >
             <!-- Three-dot trigger -->
             <button
               type="button"
-              @click="menuOpen = !menuOpen"
+              x-ref="trigger"
+              @click="menuOpen ? menuOpen = false : openMenu()"
+              @keydown.arrow-down.prevent="openMenu()"
               class="p-1.5 rounded-md text-gray-500 hover:text-gray-700 hover:bg-gray-100 dark:text-gray-400 dark:hover:text-gray-200 dark:hover:bg-gray-700 transition-colors"
+              aria-haspopup="menu"
               :aria-expanded="menuOpen"
               x-tooltip="'Actions'"
             >
-              <svg class="w-5 h-5" fill="currentColor" viewBox="0 0 20 20">
+              <svg class="w-5 h-5 rotate-90 md:rotate-0" fill="currentColor" viewBox="0 0 20 20">
                 <path d="M6 10a2 2 0 11-4 0 2 2 0 014 0zm6 0a2 2 0 11-4 0 2 2 0 014 0zm6 0a2 2 0 11-4 0 2 2 0 014 0z"/>
               </svg>
             </button>
 
-            <!-- Dropdown menu -->
+            <!-- Dropdown menu — fixed to viewport so it escapes overflow-x-auto -->
             <div
+              x-ref="menu"
               x-show="menuOpen"
               x-transition:enter="transition ease-out duration-100"
               x-transition:enter-start="opacity-0 scale-95"
@@ -44,9 +68,11 @@
               x-transition:leave="transition ease-in duration-75"
               x-transition:leave-start="opacity-100 scale-100"
               x-transition:leave-end="opacity-0 scale-95"
-              class="absolute left-0 mt-1 w-44 bg-white dark:bg-gray-800 rounded-lg shadow-xl border border-gray-200 dark:border-gray-700 z-50 py-1"
+              :class="`fixed w-44 bg-white dark:bg-gray-800 rounded-lg shadow-xl border border-gray-200 dark:border-gray-700 z-50 py-1 left-[${menuX}px] top-[${menuY}px]`"
               style="display:none"
               role="menu"
+              @keydown.arrow-down.prevent="navigate(1)"
+              @keydown.arrow-up.prevent="navigate(-1)"
             >
               <!-- Test -->
               <button
diff --git a/tests/playwright/pages/gateways_page.py b/tests/playwright/pages/gateways_page.py
index 5c94a1faf..49417f634 100644
--- a/tests/playwright/pages/gateways_page.py
+++ b/tests/playwright/pages/gateways_page.py
@@ -570,12 +570,33 @@ def get_gateway_count(self) -> int:
 
     # ==================== Gateway Row Actions ====================
 
+    def open_overflow_menu(self, gateway_row_or_index: int | Locator = 0) -> None:
+        """Open the overflow menu (three-dot menu) for a gateway row.
+
+        Args:
+            gateway_row_or_index: Either an integer index or a Locator for the gateway row (default: 0 for first gateway)
+        """
+        if isinstance(gateway_row_or_index, int):
+            gateway_row = self.gateway_rows.nth(gateway_row_or_index)
+        else:
+            gateway_row = gateway_row_or_index
+        
+        # Find the three-dot menu button (has SVG with three circles)
+        menu_button = gateway_row.locator('button[aria-expanded]')
+        self.click_locator(menu_button)
+        # Wait for dropdown menu to be visible
+        dropdown = gateway_row.locator('div[x-show="menuOpen"]')
+        self.wait_for_visible(dropdown)
+        # Wait for Alpine.js transition animation
+        self.page.wait_for_timeout(150)
+
     def click_test_button(self, gateway_index: int = 0) -> None:
         """Click the Test button for a gateway.
 
         Args:
             gateway_index: Index of the gateway row (default: 0 for first gateway)
         """
+        self.open_overflow_menu(gateway_index)
         gateway_row = self.gateway_rows.nth(gateway_index)
         test_btn = gateway_row.locator('button:has-text("Test")')
         self.click_locator(test_btn)
@@ -586,6 +607,7 @@ def click_view_button(self, gateway_index: int = 0) -> None:
         Args:
             gateway_index: Index of the gateway row (default: 0 for first gateway)
         """
+        self.open_overflow_menu(gateway_index)
         gateway_row = self.gateway_rows.nth(gateway_index)
         view_btn = gateway_row.locator('button:has-text("View")')
         self.click_locator(view_btn)
@@ -596,6 +618,7 @@ def click_edit_button(self, gateway_index: int = 0) -> None:
         Args:
             gateway_index: Index of the gateway row (default: 0 for first gateway)
         """
+        self.open_overflow_menu(gateway_index)
         gateway_row = self.gateway_rows.nth(gateway_index)
         edit_btn = gateway_row.locator('button:has-text("Edit")')
         self.click_locator(edit_btn)
@@ -606,6 +629,7 @@ def click_deactivate_button(self, gateway_index: int = 0) -> None:
         Args:
             gateway_index: Index of the gateway row (default: 0 for first gateway)
         """
+        self.open_overflow_menu(gateway_index)
         gateway_row = self.gateway_rows.nth(gateway_index)
         deactivate_btn = gateway_row.locator('button:has-text("Deactivate")')
         self.click_locator(deactivate_btn)
@@ -616,6 +640,7 @@ def click_activate_button(self, gateway_index: int = 0) -> None:
         Args:
             gateway_index: Index of the gateway row (default: 0 for first gateway)
         """
+        self.open_overflow_menu(gateway_index)
         gateway_row = self.gateway_rows.nth(gateway_index)
         activate_btn = gateway_row.locator('button:text-is("Activate")')
         self.click_locator(activate_btn)
@@ -664,7 +689,10 @@ def delete_gateway(self, gateway_index: int = 0, confirm: bool = True) -> None:
         # Scroll the row into view first
         gateway_row.scroll_into_view_if_needed()
 
-        # Find the delete button within the row's action column
+        # Open overflow menu
+        self.open_overflow_menu(gateway_row)
+
+        # Find the delete button within the dropdown
         delete_btn = gateway_row.locator('form[action*="/delete"] button[type="submit"]:has-text("Delete")')
         self._click_delete_and_wait(delete_btn, confirm)
 
@@ -692,6 +720,8 @@ def delete_gateway_by_name(self, gateway_name: str, confirm: bool = True) -> boo
                 gateway_row = self.get_gateway_row_by_name(gateway_name)
                 gateway_row.first.wait_for(state="attached", timeout=5000)
                 gateway_row.first.scroll_into_view_if_needed()
+                 # Open overflow menu
+                self.open_overflow_menu(gateway_row.first)
                 delete_btn = gateway_row.first.locator('form[action*="/delete"] button[type="submit"]:has-text("Delete")')
                 self._click_delete_and_wait(delete_btn, confirm)
                 return True
@@ -701,6 +731,9 @@ def delete_gateway_by_name(self, gateway_name: str, confirm: bool = True) -> boo
                     continue
                 raise
 
+        # Open overflow menu
+        self.open_overflow_menu(gateway_row.first)
+
         return False
 
     def delete_gateway_by_url(self, gateway_url: str, confirm: bool = True) -> bool:
@@ -740,6 +773,9 @@ def delete_gateway_by_url(self, gateway_url: str, confirm: bool = True) -> bool:
 
             # Get the delete button and use shared delete+navigation helper
             try:
+                # Open overflow menu
+                self.open_overflow_menu(gateway_row.first)
+                
                 delete_btn = gateway_row.first.locator('form[action*="/delete"] button[type="submit"]:has-text("Delete")')
                 self._click_delete_and_wait(delete_btn, confirm)
 
diff --git a/tests/playwright/security/test_iframe_embedding_security.py b/tests/playwright/security/test_iframe_embedding_security.py
index a4ec63a5a..1e22f8da1 100644
--- a/tests/playwright/security/test_iframe_embedding_security.py
+++ b/tests/playwright/security/test_iframe_embedding_security.py
@@ -727,13 +727,28 @@ def test_edit_gateway_via_iframe_modal(self, page: Page, iframe_host: FrameLocat
             self._reload_iframe(page, frame)
             self._navigate_to_gateways_tab(page, frame)
 
-            # Click the edit button for this specific gateway
-            edit_btn = frame.locator(f"button[onclick*=\"editGateway('{gw_id}')\"]")
+            # Open overflow menu for this gateway, then click edit
+            gateway_row = frame.locator(f'tr[id="gateway-row-{gw_id}"]')
+            menu_btn = gateway_row.locator('button[aria-expanded]')
             try:
-                edit_btn.wait_for(state="visible", timeout=15000)
+                menu_btn.wait_for(state="visible", timeout=15000)
             except PlaywrightTimeoutError:
-                pytest.skip(f"Edit button for gateway {gw_id} not visible")
-
+                pytest.skip(f"Overflow menu button for gateway {gw_id} not visible")
+            
+            menu_btn.click()
+            
+            # Wait for dropdown to be visible and Alpine.js transition to complete
+            dropdown = gateway_row.locator('div[x-show="menuOpen"]')
+            try:
+                dropdown.wait_for(state="visible", timeout=5000)
+            except PlaywrightTimeoutError:
+                pytest.skip("Overflow menu dropdown did not become visible")
+            
+            # Additional wait for Alpine.js transition animation (100ms enter duration)
+            page.wait_for_timeout(150)
+            
+            # Click edit button inside dropdown (scope to dropdown to avoid strict mode violation)
+            edit_btn = dropdown.locator('button:has-text("Edit")')
             edit_btn.click()
 
             # Wait for edit modal to appear
@@ -776,14 +791,29 @@ def test_delete_gateway_via_iframe(self, page: Page, iframe_host: FrameLocator,
             # Auto-accept confirmation dialogs on the HOST page
             page.on("dialog", lambda d: d.accept())
 
-            # Click delete button for this gateway (use .first — responsive layouts
-            # may render both a compact and full-width row for the same gateway)
-            delete_btn = frame.locator(f'form[action*="/gateways/{gw_id}/delete"] button[type="submit"]').first
+            # Open overflow menu for this gateway, then click delete
+            gateway_row = frame.locator(f'tr[id="gateway-row-{gw_id}"]')
+            menu_btn = gateway_row.locator('button[aria-expanded]')
             try:
-                delete_btn.wait_for(state="visible", timeout=15000)
+                menu_btn.wait_for(state="visible", timeout=15000)
             except PlaywrightTimeoutError:
-                pytest.skip(f"Delete button for gateway {gw_id} not visible")
-
+                pytest.skip(f"Overflow menu button for gateway {gw_id} not visible")
+            
+            menu_btn.click()
+            
+            # Wait for dropdown to be visible and Alpine.js transition to complete
+            dropdown = gateway_row.locator('div[x-show="menuOpen"]')
+            try:
+                dropdown.wait_for(state="visible", timeout=5000)
+            except PlaywrightTimeoutError:
+                pytest.skip("Overflow menu dropdown did not become visible")
+            
+            # Additional wait for Alpine.js transition animation (100ms enter duration)
+            page.wait_for_timeout(150)
+            
+            # Click delete button inside dropdown (scope to dropdown to avoid strict mode violation)
+            delete_btn = dropdown.locator('form[action*="/delete"] button[type="submit"]')
+            
             with page.expect_response(lambda r: f"/gateways/{gw_id}/delete" in r.url, timeout=15000):
                 delete_btn.click()
 
@@ -808,15 +838,31 @@ def test_toggle_gateway_state_via_iframe(self, page: Page, iframe_host: FrameLoc
             self._reload_iframe(page, frame)
             self._navigate_to_gateways_tab(page, frame)
 
-            # Click the deactivate/toggle button for this gateway
-            toggle_btn = frame.locator(f'form[action*="/gateways/{gw_id}/state"] button[type="submit"]')
+            # Open overflow menu for this gateway, then click deactivate
+            gateway_row = frame.locator(f'tr[id="gateway-row-{gw_id}"]')
+            menu_btn = gateway_row.locator('button[aria-expanded]')
             try:
-                toggle_btn.first.wait_for(state="visible", timeout=15000)
+                menu_btn.wait_for(state="visible", timeout=15000)
             except PlaywrightTimeoutError:
-                pytest.skip(f"Toggle button for gateway {gw_id} not visible")
-
+                pytest.skip(f"Overflow menu button for gateway {gw_id} not visible")
+            
+            menu_btn.click()
+            
+            # Wait for dropdown to be visible and Alpine.js transition to complete
+            dropdown = gateway_row.locator('div[x-show="menuOpen"]')
+            try:
+                dropdown.wait_for(state="visible", timeout=5000)
+            except PlaywrightTimeoutError:
+                pytest.skip("Overflow menu dropdown did not become visible")
+            
+            # Additional wait for Alpine.js transition animation (100ms enter duration)
+            page.wait_for_timeout(150)
+            
+            # Click deactivate button inside dropdown (scope to dropdown to avoid strict mode violation)
+            toggle_btn = dropdown.locator('form[action*="/state"] button[type="submit"]')
+            
             with page.expect_response(lambda r: f"/gateways/{gw_id}/state" in r.url, timeout=15000):
-                toggle_btn.first.click()
+                toggle_btn.click()
 
             # Verify gateway is now inactive
             verify_resp = admin_api.get(f"/gateways/{gw_id}")
diff --git a/tests/playwright/test_admin_url_context.py b/tests/playwright/test_admin_url_context.py
index 3866f829e..f376501c9 100644
--- a/tests/playwright/test_admin_url_context.py
+++ b/tests/playwright/test_admin_url_context.py
@@ -162,7 +162,7 @@ def _click_add_gateway_btn(root) -> None:
 
 
 def _get_delete_gateway_btn(root, gw_id: str):
-    """Locate and return the delete button for a gateway. Waits for HTMX table load."""
+    """Locate and return the delete button for a gateway by opening overflow menu. Waits for HTMX table load."""
     # The gateways table body is loaded via HTMX partial — wait for it first.
     # FrameLocator (used in iframe tests) lacks wait_for_selector, so guard.
     if hasattr(root, "wait_for_selector"):
@@ -170,9 +170,23 @@ def _get_delete_gateway_btn(root, gw_id: str):
             root.wait_for_selector("#gateways-table-body", state="attached", timeout=30000)
         except PlaywrightTimeoutError:
             pass
-    delete_form = root.locator(f'form[action*="/gateways/{gw_id}/delete"]').first
+    
+    # Open overflow menu for this gateway
+    gateway_row = root.locator(f'tr[id="gateway-row-{gw_id}"]')
+    menu_btn = gateway_row.locator('button[aria-expanded]')
+    if menu_btn.count() == 0:
+        pytest.skip("Overflow menu button for gateway not visible — skipping.")
+    
+    menu_btn.click()
+    
+    # Wait for dropdown to be visible
+    dropdown = gateway_row.locator('div[x-show="menuOpen"]')
+    dropdown.wait_for(state="visible", timeout=5000)
+    
+    # Find delete button inside dropdown
+    delete_form = gateway_row.locator('form[action*="/delete"]')
     if delete_form.count() == 0:
-        pytest.skip("Delete form for created gateway not visible in UI — skipping.")
+        pytest.skip("Delete form for created gateway not visible in overflow menu — skipping.")
     return delete_form.locator('button[type="submit"]').first
 
 
@@ -306,9 +320,20 @@ def test_edit_gateway_preserves_gateways_fragment_and_team_id(
             page.wait_for_load_state("domcontentloaded")
             _wait_for_admin_content(page)
 
-            edit_btn = page.locator(f"button[onclick*=\"editGateway('{gw_id}')\"]").first
-            if edit_btn.count() == 0:
-                pytest.skip("Edit button for created gateway not visible — skipping.")
+            # Open overflow menu for this gateway, then click edit
+            gateway_row = page.locator(f'tr[id="gateway-row-{gw_id}"]')
+            menu_btn = gateway_row.locator('button[aria-expanded]')
+            if menu_btn.count() == 0:
+                pytest.skip("Overflow menu button for gateway not visible — skipping.")
+            
+            menu_btn.click()
+            
+            # Wait for dropdown to be visible
+            dropdown = gateway_row.locator('div[x-show="menuOpen"]')
+            dropdown.wait_for(state="visible", timeout=5000)
+            
+            # Click edit button inside dropdown
+            edit_btn = gateway_row.locator('button:has-text("Edit")')
             edit_btn.click()
 
             edit_form = page.locator("#edit-gateway-form")
@@ -533,12 +558,20 @@ def test_proxy_edit_gateway_preserves_fragment_and_params(
             page.wait_for_load_state("domcontentloaded")
             _wait_for_admin_content(page)
 
-            # Click the edit button in the DOM rather than calling editGateway()
-            # via evaluate — the 1.2 MB admin.js may not finish executing before
-            # domcontentloaded fires in the proxy context.
-            edit_btn = page.locator(f"button[onclick*=\"editGateway('{gw_id}')\"]").first
-            if edit_btn.count() == 0:
-                pytest.skip("Edit button for created gateway not visible — skipping.")
+            # Open overflow menu for this gateway, then click edit
+            gateway_row = page.locator(f'tr[id="gateway-row-{gw_id}"]')
+            menu_btn = gateway_row.locator('button[aria-expanded]')
+            if menu_btn.count() == 0:
+                pytest.skip("Overflow menu button for gateway not visible — skipping.")
+            
+            menu_btn.click()
+            
+            # Wait for dropdown to be visible
+            dropdown = gateway_row.locator('div[x-show="menuOpen"]')
+            dropdown.wait_for(state="visible", timeout=5000)
+            
+            # Click edit button inside dropdown
+            edit_btn = gateway_row.locator('button:has-text("Edit")')
             edit_btn.click()
 
             edit_form = page.locator("#edit-gateway-form")
@@ -833,11 +866,20 @@ def test_iframe_edit_gateway_preserves_proxy_prefix(
         frame_obj = self._frame(page)
 
         try:
-            # Click the edit button in the DOM rather than calling editGateway()
-            # via evaluate — admin.js may not finish executing in iframe context.
-            edit_btn = frame.locator(f"button[onclick*=\"editGateway('{gw_id}')\"]").first
-            if edit_btn.count() == 0:
-                pytest.skip("Edit button for created gateway not visible in iframe — skipping.")
+            # Open overflow menu for this gateway, then click edit
+            gateway_row = frame.locator(f'tr[id="gateway-row-{gw_id}"]')
+            menu_btn = gateway_row.locator('button[aria-expanded]')
+            if menu_btn.count() == 0:
+                pytest.skip("Overflow menu button for gateway not visible in iframe — skipping.")
+            
+            menu_btn.click()
+            
+            # Wait for dropdown to be visible
+            dropdown = gateway_row.locator('div[x-show="menuOpen"]')
+            dropdown.wait_for(state="visible", timeout=5000)
+            
+            # Click edit button inside dropdown
+            edit_btn = gateway_row.locator('button:has-text("Edit")')
             edit_btn.click()
 
             edit_form = frame.locator("#edit-gateway-form")
diff --git a/tests/playwright/test_gateways.py b/tests/playwright/test_gateways.py
index 2079b13e7..12b1912ce 100644
--- a/tests/playwright/test_gateways.py
+++ b/tests/playwright/test_gateways.py
@@ -513,7 +513,7 @@ class TestGatewayActions:
     """Test cases for gateway row actions."""
 
     def test_gateway_row_actions_visible(self, gateways_page: GatewaysPage):
-        """Test that all gateway row action buttons are visible."""
+        """Test that all gateway row action buttons are visible in overflow menu."""
         gateways_page.navigate_to_gateways_tab()
         gateways_page.wait_for_gateways_table_loaded()
 
@@ -524,18 +524,28 @@ def test_gateway_row_actions_visible(self, gateways_page: GatewaysPage):
         # Get first gateway row
         first_row = gateways_page.get_gateway_row(0)
 
-        # Verify all action buttons exist
-        expect(first_row.locator('button:has-text("Test")')).to_be_visible()
-        expect(first_row.locator('button:has-text("View")')).to_be_visible()
-        expect(first_row.locator('button:has-text("Edit")')).to_be_visible()
+        # Open overflow menu
+        menu_btn = first_row.locator('button[aria-expanded]')
+        expect(menu_btn).to_be_visible()
+        menu_btn.click()
+
+        # Wait for dropdown to be visible
+        dropdown = first_row.locator('div[x-show="menuOpen"]')
+        dropdown.wait_for(state="visible", timeout=5000)
+        gateways_page.page.wait_for_timeout(150)  # Alpine.js transition
+
+        # Verify all action buttons exist in dropdown
+        expect(dropdown.locator('button:has-text("Test")')).to_be_visible()
+        expect(dropdown.locator('button:has-text("View")')).to_be_visible()
+        expect(dropdown.locator('button:has-text("Edit")')).to_be_visible()
 
         # Either Activate or Deactivate should be visible
-        activate_btn = first_row.locator('button:text-is("Activate")')
-        deactivate_btn = first_row.locator('button:text-is("Deactivate")')
+        activate_btn = dropdown.locator('button:text-is("Activate")')
+        deactivate_btn = dropdown.locator('button:text-is("Deactivate")')
         assert activate_btn.is_visible() or deactivate_btn.is_visible()
 
         # Delete button should be visible
-        expect(first_row.locator('button:has-text("Delete")')).to_be_visible()
+        expect(dropdown.locator('button:has-text("Delete")')).to_be_visible()
 
     def test_test_button_click(self, gateways_page: GatewaysPage):
         """Test clicking the Test button for a gateway."""