diff --git a/pyproject.toml b/pyproject.toml
index 2264435..3add2bc 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -29,7 +29,9 @@ dependencies = [
     "pydantic>=2.0.0",
     "pydantic-settings>=2.0.0",
     "python-dotenv>=1.0.0",
-    "gitea-mcp-server>=0.1.0",
+    "starlette>=0.36.0",
+    # gitea-mcp-server - installed separately (not on PyPI yet)
+    # See: https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace
 ]
 
 [project.optional-dependencies]
@@ -53,7 +55,7 @@ where = ["src"]
 
 [tool.pytest.ini_options]
 asyncio_mode = "auto"
-testpaths = ["tests"]
+testpaths = ["src/gitea_http_wrapper/tests"]
 python_files = ["test_*.py"]
 python_classes = ["Test*"]
 python_functions = ["test_*"]
diff --git a/requirements.txt b/requirements.txt
index 75dd4f2..bd4db7b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,9 +1,11 @@
 # HTTP Transport Wrapper Dependencies
 mcp>=0.9.0
 uvicorn>=0.27.0
+starlette>=0.36.0
 pydantic>=2.0.0
 pydantic-settings>=2.0.0
 python-dotenv>=1.0.0
 
 # Official Gitea MCP Server (to be wrapped)
-gitea-mcp-server>=0.1.0
+# Install separately - not on PyPI yet
+# See: https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace
diff --git a/src/gitea_http_wrapper/middleware/auth.py b/src/gitea_http_wrapper/middleware/auth.py
index 15870ea..268b59b 100644
--- a/src/gitea_http_wrapper/middleware/auth.py
+++ b/src/gitea_http_wrapper/middleware/auth.py
@@ -54,6 +54,10 @@ class BearerAuthMiddleware(BaseHTTPMiddleware):
         if not self.auth_enabled:
             return await call_next(request)
 
+        # Skip authentication if marked by HealthCheckBypassMiddleware
+        if getattr(request.state, "skip_auth", False):
+            return await call_next(request)
+
         # Extract Authorization header
         auth_header = request.headers.get("Authorization")
 
@@ -133,8 +137,8 @@ class HealthCheckBypassMiddleware(BaseHTTPMiddleware):
         # Check if request is for a health check endpoint
         if request.url.path in self.health_check_paths:
             logger.debug(f"Bypassing auth for health check: {request.url.path}")
-            # Skip remaining middleware chain for health checks
-            return await call_next(request)
+            # Mark request to skip authentication in BearerAuthMiddleware
+            request.state.skip_auth = True
 
-        # Not a health check, continue to next middleware
+        # Continue to next middleware
         return await call_next(request)
diff --git a/src/gitea_http_wrapper/tests/test_config.py b/src/gitea_http_wrapper/tests/test_config.py
index b55f453..812ae80 100644
--- a/src/gitea_http_wrapper/tests/test_config.py
+++ b/src/gitea_http_wrapper/tests/test_config.py
@@ -18,7 +18,8 @@ class TestGiteaSettings:
             GiteaSettings()
 
         errors = exc_info.value.errors()
-        required_fields = {"gitea_url", "gitea_token", "gitea_owner", "gitea_repo"}
+        # Note: gitea_repo is optional (for PMO mode)
+        required_fields = {"gitea_url", "gitea_token", "gitea_owner"}
         error_fields = {error["loc"][0] for error in errors}
         assert required_fields.issubset(error_fields)