diff --git a/app.py b/app.py
index c2bd5b1..07312ec 100644
--- a/app.py
+++ b/app.py
@@ -11,7 +11,7 @@ import gitea_client
 import processor
 
 logging.basicConfig(
-    level=logging.DEBUG,
+    level=logging.INFO,
     format="%(asctime)s [%(levelname)s] %(name)s: %(message)s",
 )
 logger = logging.getLogger(__name__)
@@ -25,17 +25,11 @@ def _verify_signature(payload: bytes, signature_header: str | None) -> bool:
     Gitea sends X-Gitea-Signature as a raw hex digest (no scheme prefix).
     """
     if not signature_header:
-        logger.warning("Signature verification failed: no signature header received")
         return False
     expected = hmac.new(
         config.WEBHOOK_SECRET.encode(), payload, hashlib.sha256
     ).hexdigest()
-    logger.debug("Received signature: %s", signature_header.strip())
-    logger.debug("Expected signature: %s", expected)
-    match = hmac.compare_digest(expected, signature_header.strip())
-    if not match:
-        logger.warning("Signature mismatch — check WEBHOOK_SECRET matches the secret set in Gitea")
-    return match
+    return hmac.compare_digest(expected, signature_header.strip())
 
 
 def _handle_push(owner: str, repo: str, changed_files: list[str]) -> None:
@@ -76,7 +70,7 @@ def webhook():
     seen: set[str] = set()
     changed_files: list[str] = []
     for commit in data.get("commits", []):
-        for path in commit.get("added", []) + commit.get("modified", []):
+        for path in (commit.get("added") or []) + (commit.get("modified") or []):
             if path not in seen:
                 seen.add(path)
                 changed_files.append(path)