From e135c305a41ec353fa6f0baf5cda7e6e057b9610 Mon Sep 17 00:00:00 2001
From: Sam & Claude <hello@clawdie.si>
Date: Thu, 25 Jun 2026 06:08:14 +0200
Subject: [PATCH] docs(firstboot): make the skip message honest about unsecured
 state
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The '.secured' marker is written but not yet consumed by colibri, so the gate
must not imply colibri/zot are blocked. Reword the skip message to state the
node is UNSECURED and the agent SHOULD NOT register/run while unsecured — true
as a policy statement, without claiming enforcement we haven't built. Upgrade to
'will not' once the colibri .secured interlock lands.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 live/operator-session/clawdie-firstboot-rootpw | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/live/operator-session/clawdie-firstboot-rootpw b/live/operator-session/clawdie-firstboot-rootpw
index e95bd736..ed4379eb 100644
--- a/live/operator-session/clawdie-firstboot-rootpw
+++ b/live/operator-session/clawdie-firstboot-rootpw
@@ -140,7 +140,9 @@ clawdie_firstboot_rootpw_start() {
         printf '  Node secured.\n'
         _rootpw_continue_countdown 3
     else
-        printf '\n\n  [skipped] passwords NOT set — this node remains OPEN.\n'
+        printf '\n\n  [skipped] root/operator passwords NOT set — node is UNSECURED.\n'
+        printf '  Treat this node as untrusted until a password is set. The colibri\n'
+        printf '  agent should not register with mother or run tasks while unsecured.\n'
         printf '  You will be prompted again on the next boot.\n'
         _rootpw_continue_countdown 3
     fi