diff --git a/astro/wiki/.gitignore b/astro/wiki/.gitignore
index ddce69b..96bc7a7 100644
--- a/astro/wiki/.gitignore
+++ b/astro/wiki/.gitignore
@@ -1,3 +1,4 @@
 node_modules/
 dist/
 .astro/
+src/content/
diff --git a/docs/wiki/mother-hive.md b/docs/wiki/mother-hive.md
index dd2e7ce..a03bd26 100644
--- a/docs/wiki/mother-hive.md
+++ b/docs/wiki/mother-hive.md
@@ -1,110 +1,111 @@
-# Mother hive
-
-← [index](./index.md)
-
-## What this is
-
-The mother node (OSA) coordinates USB operator nodes via MCP over SSH →
-PostgreSQL. USB nodes send hardware profiles; mother derives capabilities and
-maintains the hive registry. This page records the **decisions** behind the
-implementation — the rationale the code can't express. For setup instructions,
-architecture diagrams, and the first-run checklist, see
-[`packaging/mother/MOTHER-SETUP.md`](../packaging/mother/MOTHER-SETUP.md).
-
-## Decisions
-
-### Forced-command SSH boundary (not a listening daemon)
-
-USB nodes reach mother by spawning `ssh colibri@mother` (no remote command).
-On the mother side, `authorized_keys` enforces
-`command="/usr/local/bin/colibri-mcp-ssh",restrict,...` — the connection
-**cannot** run an interactive shell or any command except the wrapper.
-
-The wrapper (`colibri-mcp-ssh`) further allowlists `SSH_ORIGINAL_COMMAND` to
-`""` (stdio MCP mode) or `"tools"` (one-shot discovery). Every other value is
-rejected.
-
-**Why not a listening daemon** (HTTP, gRPC, raw TCP): Tailscale encrypts the
-wire, so the SSH layer adds authentication + confinement without extra
-infrastructure (no TLS certs, no auth tokens, no open ports). The forced-command
-boundary is a second lock on top of the SSH key — even a compromised USB that
-holds the key can only invoke the wrapper, and the wrapper only delegates to
-colibri-mcp. Defense in depth, deployed as one OpenSSH feature.
-
-→ [`colibri-mcp-ssh`](../packaging/mother/colibri-mcp-ssh), [`MOTHER-SETUP.md` §Security](../packaging/mother/MOTHER-SETUP.md#security-properties)
-
-### Single home for mother infra (colibri, not clawdie-iso)
-
-The mother MCP scripts (`node-register-mcp`, `geodesic-dome-mcp`, etc.) were
-originally copied into both repos. The clawdie-iso copy drifted — its
-`node-register-mcp` used `E'${...}'` string interpolation (SQL-injectable)
-while the colibri copy used parameterized `psql -v :'variable'`. The iso copy
-was removed in clawdie-iso PR #129.
-
-**Lesson**: a script in two repos **will** drift. The wiki lint is single-repo
-and can't see cross-repo duplicates. The mitigation is discipline: mother infra
-lives in one place.
-
-→ [naming-decisions §Structural](./naming-decisions.md#structural-decisions) ("Single home" row)
-
-### `hive_nodes` — not `usb_nodes`
-
-The original table name assumed only USB-booted nodes would register. But a
-node is any host that joins the hive — USB, NVMe, a jail. Renamed to
-`hive_nodes` with a `node_type` column (colibri #161). The `derive_capabilities()`
-trigger is table-agnostic and auto-computes `has_gpu`, `gpu_vendor`,
-`can_run_local_llm`, `has_wifi`, `max_model` on INSERT.
-
-→ [`mother_schema.sql`](../packaging/mother/mother_schema.sql),
-[naming-decisions](./naming-decisions.md) (`usb_nodes → hive_nodes` row)
-
-### PostgreSQL peer auth (no passwords)
-
-The `colibri` OS user connects to `mother_hive` via peer authentication — the
-kernel attests the Unix user, no password needed. `node-register-mcp` runs as
-this user and inherits the trust. No pgpass files, no env vars, no credential
-rotation. One moving part: the `pg_hba.conf` peer rule must precede any
-catch-all `local all all` line (first-match).
-
-**Why not a password or certificate**: passwords rotate and leak; certificates
-need a CA. Peer auth is built into PostgreSQL on every Unix and works for a
-localhost connection with zero configuration beyond one `pg_hba.conf` line.
-
-→ [`MOTHER-SETUP.md` §Setup step 6](../packaging/mother/MOTHER-SETUP.md#setup-one-time)
-
-### Key on seed partition, not in the image
-
-The `mother-mcp` private key is placed on the CLAWDIESEED partition, not baked
-into the ISO. The build script has a release guard that **refuses** to bake it
-into a release image. The seed importer (`clawdie-live-seed`) installs it at
-boot time.
-
-**Why**: a release ISO is a downloadable artifact. Baking a private key into it
-would give every downloader access to the mother MCP. The seed partition is a
-separate physical medium that the operator controls. Even without a seed, the
-ISO boots and runs — the daemon's external MCP connection to mother fails
-gracefully (SSH: "config file not found"), and the node operates standalone.
-
-→ [naming-decisions](./naming-decisions.md) ("Known residue"), clawdie-iso #133
-
-### Daemon user, not operator
-
-The colibri daemon runs as the `colibri` user (`/var/db/colibri`), not as the
-operator (`clawdie`, `/home/clawdie`). The external MCP SSH connection to mother
-is spawned by the daemon — so the SSH key, config, and known_hosts must be in
-the daemon's home. The seed importer installs SSH material to **both** homes
-(operator + daemon).
-
-**Why not just put it in clawdie's home and `sudo`**: the daemon is not the
-operator. Running as a separate user means the blast radius of a daemon
-compromise is limited to what the `colibri` user can do — MCP calls to mother,
-not operator files or `sudo`.
-
-→ [`clawdie-live-seed` (clawdie-iso)](https://code.smilepowered.org/clawdie/clawdie-iso/src/branch/main/live/operator-session/clawdie-live-seed),
-[`MOTHER-SETUP.md` §Key management](../packaging/mother/MOTHER-SETUP.md#key-management)
-
-## See also
-
-- [agent-harness](./agent-harness.md) — the zot/Colibri split; autospawn
-- [naming-decisions](./naming-decisions.md) — `usb_nodes → hive_nodes`, autospawn flag rename
-- [quality-gates](./quality-gates.md) — the gate that should catch drift at PR time
+1|# Mother hive
+2|
+3|← [index](./index.md)
+4|
+5|## What this is
+6|
+7|The mother node (OSA) coordinates USB operator nodes via MCP over SSH →
+8|PostgreSQL. USB nodes send hardware profiles; mother derives capabilities and
+9|maintains the hive registry. This page records the **decisions** behind the
+10|implementation — the rationale the code can't express. For setup instructions,
+11|architecture diagrams, and the first-run checklist, see
+12|[`packaging/mother/MOTHER-SETUP.md`](../../packaging/mother/MOTHER-SETUP.md).
+13|
+14|## Decisions
+15|
+16|### Forced-command SSH boundary (not a listening daemon)
+17|
+18|USB nodes reach mother by spawning `ssh colibri@mother` (no remote command).
+19|On the mother side, `authorized_keys` enforces
+20|`command="/usr/local/bin/colibri-mcp-ssh",restrict,...` — the connection
+21|**cannot** run an interactive shell or any command except the wrapper.
+22|
+23|The wrapper (`colibri-mcp-ssh`) further allowlists `SSH_ORIGINAL_COMMAND` to
+24|`""` (stdio MCP mode) or `"tools"` (one-shot discovery). Every other value is
+25|rejected.
+26|
+27|**Why not a listening daemon** (HTTP, gRPC, raw TCP): Tailscale encrypts the
+28|wire, so the SSH layer adds authentication + confinement without extra
+29|infrastructure (no TLS certs, no auth tokens, no open ports). The forced-command
+30|boundary is a second lock on top of the SSH key — even a compromised USB that
+31|holds the key can only invoke the wrapper, and the wrapper only delegates to
+32|colibri-mcp. Defense in depth, deployed as one OpenSSH feature.
+33|
+34|→ [`colibri-mcp-ssh`](../../packaging/mother/colibri-mcp-ssh), [`MOTHER-SETUP.md` §Security](../../packaging/mother/MOTHER-SETUP.md#security-properties)
+35|
+36|### Single home for mother infra (colibri, not clawdie-iso)
+37|
+38|The mother MCP scripts (`node-register-mcp`, `geodesic-dome-mcp`, etc.) were
+39|originally copied into both repos. The clawdie-iso copy drifted — its
+40|`node-register-mcp` used `E'${...}'` string interpolation (SQL-injectable)
+41|while the colibri copy used parameterized `psql -v :'variable'`. The iso copy
+42|was removed in clawdie-iso PR #129.
+43|
+44|**Lesson**: a script in two repos **will** drift. The wiki lint is single-repo
+45|and can't see cross-repo duplicates. The mitigation is discipline: mother infra
+46|lives in one place.
+47|
+48|→ [naming-decisions §Structural](./naming-decisions.md#structural-decisions) ("Single home" row)
+49|
+50|### `hive_nodes` — not `usb_nodes`
+51|
+52|The original table name assumed only USB-booted nodes would register. But a
+53|node is any host that joins the hive — USB, NVMe, a jail. Renamed to
+54|`hive_nodes` with a `node_type` column (colibri #161). The `derive_capabilities()`
+55|trigger is table-agnostic and auto-computes `has_gpu`, `gpu_vendor`,
+56|`can_run_local_llm`, `has_wifi`, `max_model` on INSERT.
+57|
+58|→ [`mother_schema.sql`](../../packaging/mother/mother_schema.sql),
+59|[naming-decisions](./naming-decisions.md) (`usb_nodes → hive_nodes` row)
+60|
+61|### PostgreSQL peer auth (no passwords)
+62|
+63|The `colibri` OS user connects to `mother_hive` via peer authentication — the
+64|kernel attests the Unix user, no password needed. `node-register-mcp` runs as
+65|this user and inherits the trust. No pgpass files, no env vars, no credential
+66|rotation. One moving part: the `pg_hba.conf` peer rule must precede any
+67|catch-all `local all all` line (first-match).
+68|
+69|**Why not a password or certificate**: passwords rotate and leak; certificates
+70|need a CA. Peer auth is built into PostgreSQL on every Unix and works for a
+71|localhost connection with zero configuration beyond one `pg_hba.conf` line.
+72|
+73|→ [`MOTHER-SETUP.md` §Setup step 6](../../packaging/mother/MOTHER-SETUP.md#setup-one-time)
+74|
+75|### Key on seed partition, not in the image
+76|
+77|The `mother-mcp` private key is placed on the CLAWDIESEED partition, not baked
+78|into the ISO. The build script has a release guard that **refuses** to bake it
+79|into a release image. The seed importer (`clawdie-live-seed`) installs it at
+80|boot time.
+81|
+82|**Why**: a release ISO is a downloadable artifact. Baking a private key into it
+83|would give every downloader access to the mother MCP. The seed partition is a
+84|separate physical medium that the operator controls. Even without a seed, the
+85|ISO boots and runs — the daemon's external MCP connection to mother fails
+86|gracefully (SSH: "config file not found"), and the node operates standalone.
+87|
+88|→ [naming-decisions](./naming-decisions.md) ("Known residue"), clawdie-iso #133
+89|
+90|### Daemon user, not operator
+91|
+92|The colibri daemon runs as the `colibri` user (`/var/db/colibri`), not as the
+93|operator (`clawdie`, `/home/clawdie`). The external MCP SSH connection to mother
+94|is spawned by the daemon — so the SSH key, config, and known_hosts must be in
+95|the daemon's home. The seed importer installs SSH material to **both** homes
+96|(operator + daemon).
+97|
+98|**Why not just put it in clawdie's home and `sudo`**: the daemon is not the
+99|operator. Running as a separate user means the blast radius of a daemon
+100|compromise is limited to what the `colibri` user can do — MCP calls to mother,
+101|not operator files or `sudo`.
+102|
+103|→ [`clawdie-live-seed` (clawdie-iso)](https://code.smilepowered.org/clawdie/clawdie-iso/src/branch/main/live/operator-session/clawdie-live-seed),
+104|[`MOTHER-SETUP.md` §Key management](../../packaging/mother/MOTHER-SETUP.md#key-management)
+105|
+106|## See also
+107|
+108|- [agent-harness](./agent-harness.md) — the zot/Colibri split; autospawn
+109|- [naming-decisions](./naming-decisions.md) — `usb_nodes → hive_nodes`, autospawn flag rename
+110|- [quality-gates](./quality-gates.md) — the gate that should catch drift at PR time
+111|
\ No newline at end of file
diff --git a/docs/wiki/sl/mother-hive.md b/docs/wiki/sl/mother-hive.md
index 84cb68d..cb4e647 100644
--- a/docs/wiki/sl/mother-hive.md
+++ b/docs/wiki/sl/mother-hive.md
@@ -1,119 +1,120 @@
----
-title: Matični hive
-description: "Kako matično vozlišče (OSA) usklajuje USB-operaterska vozlišča prek MCP prek SSH → PostgreSQL."
----
-
-← [kazalo](./index.md)
-
-## Kaj je to
-
-Matično vozlišče (OSA) usklajuje USB-operaterska vozlišča prek MCP prek SSH →
-PostgreSQL. USB-vozlišča pošiljajo profile strojne opreme; mati izpelje
-zmožnosti in vzdržuje hive register. Ta stran beleži **odločitve**, ki stojijo
-za izvedbo — utemeljitve, ki jih koda ne more izraziti. Za navodila za
-namestitev, arhitekturne diagrame in kontrolni seznam prvega zagona glejte
-[`packaging/mother/MOTHER-SETUP.md`](../packaging/mother/MOTHER-SETUP.md).
-
-## Odločitve
-
-### Meja SSH s prisiljenim ukazom (ne poslušajoči ozadnji proces)
-
-USB-vozlišča dosežejo mater tako, da zaženejo `ssh colibri@mother` (brez
-oddaljenega ukaza). Na materini strani `authorized_keys` vsili
-`command="/usr/local/bin/colibri-mcp-ssh",restrict,...` — povezava **ne more**
-zagnati interaktivne lupine ali kateregakoli ukaza razen ovoja.
-
-Ovoj (`colibri-mcp-ssh`) dodatno dovoli `SSH_ORIGINAL_COMMAND` samo kot `""`
-(stdio MCP način) ali `"tools"` (enkratno odkritje). Vsaka druga vrednost je
-zavrnjena.
-
-**Zakaj ne poslušajoči ozadnji proces** (HTTP, gRPC, surovi TCP): Tailscale šifrira
-prenos, zato plast SSH doda avtentikacijo in omejitev brez dodatne
-infrastrukture (brez TLS certifikatov, brez avtentikacijskih žetonov, brez
-odprtih vrat). Meja s prisiljenim ukazom je druga ključavnica poleg SSH
-ključa — tudi ogroženi USB, ki drži ključ, lahko samo pokliče ovoj, ovoj pa
-samo delegira colibri-mcp. Obramba v globino, nameščena kot ena funkcija
-OpenSSH.
-
-→ [`colibri-mcp-ssh`](../packaging/mother/colibri-mcp-ssh),
-[`MOTHER-SETUP.md` §Varnost](../packaging/mother/MOTHER-SETUP.md#varnostne-lastnosti)
-
-### En sam dom za matično infrastrukturo (colibri, ne clawdie-iso)
-
-Matični MCP skripti (`node-register-mcp`, `geodesic-dome-mcp` itd.) so bili
-prvotno kopirani v oba repozitorija. Kopija v clawdie-iso je odnesla — njen
-`node-register-mcp` je uporabljal interpolacijo nizov `E'${...}'` (dovzetno
-za SQL-injekcijo), medtem ko je kopija v colibri uporabljala parametrizirani
-`psql -v :'variable'`. Kopija v iso je bila odstranjena v clawdie-iso PR #129.
-
-**Nauk**: skripta v dveh repozitorijih **bo** odnesla. Wiki lint je
-enorepozitorijski in ne vidi podvojenih skript med repozitoriji. Zmanjšanje
-tveganja je disciplina: matična infrastruktura živi na enem mestu.
-
-→ [naming-decisions §Strukturne](./naming-decisions.md#strukturne-odločitve)
-(vrstica "En sam dom")
-
-### `hive_nodes` — ne `usb_nodes`
-
-Prvotno ime tabele je predpostavljalo, da se bodo registrirala samo
-USB-zagnana vozlišča. Toda vozlišče je vsak gostitelj, ki se pridruži hive —
-USB, NVMe, ječa. Preimenovano v `hive_nodes` s stolpcem `node_type` (colibri
-#161). Sprožilec `derive_capabilities()` je agnostičen glede tabele in ob
-INSERT samodejno izračuna `has_gpu`, `gpu_vendor`, `can_run_local_llm`,
-`has_wifi`, `max_model`.
-
-→ [`mother_schema.sql`](../packaging/mother/mother_schema.sql),
-[naming-decisions](./naming-decisions.md) (vrstica `usb_nodes → hive_nodes`)
-
-### PostgreSQL peer avtentikacija (brez gesel)
-
-Uporabnik OS `colibri` se poveže na `mother_hive` prek peer avtentikacije —
-jedro potrdi Unix uporabnika, geslo ni potrebno. `node-register-mcp` teče kot
-ta uporabnik in podeduje zaupanje. Brez datotek pgpass, brez spremenljivk
-okolja, brez vrtenja poverilnic. En gibljivi del: pravilo `peer` v
-`pg_hba.conf` mora biti pred morebitno vrstico `local all all` (prvo
-ujemanje).
-
-**Zakaj ne geslo ali certifikat**: gesla se vrtijo in uhajajo; certifikati
-potrebujejo CA. Peer avtentikacija je vgrajena v PostgreSQL na vsakem Unixu
-in deluje za povezavo localhost z nič konfiguracije razen ene vrstice v
-`pg_hba.conf`.
-
-→ [`MOTHER-SETUP.md` §Namestitev, 6. korak](../packaging/mother/MOTHER-SETUP.md#enkratna-namestitev)
-
-### Ključ na semenski particiji, ne v sliki
-
-Zasebni ključ `mother-mcp` je nameščen na particijo CLAWDIESEED, ne zapečen v
-ISO. Gradbeni skript ima varovalko za izdajo, ki **zavrne** vgradnjo ključa v
-sliko za izdajo. Uvoznik semena (`clawdie-live-seed`) ga namesti ob zagonu.
-
-**Zakaj**: ISO za izdajo je prenosljiv artefakt. Vgradnja zasebnega ključa
-vanj bi vsakemu prenašalcu dala dostop do materinega MCP. Semenska particija
-je ločen fizični medij, ki ga nadzoruje operater. Tudi brez semena se ISO
-zažene in deluje — zunanja MCP povezava ozadnjega procesa do matere odpove elegantno
-(SSH: "config file not found"), vozlišče pa deluje samostojno.
-
-→ [naming-decisions](./naming-decisions.md) ("Znani ostanek"), clawdie-iso #133
-
-### Demonov uporabnik, ne operater
-
-Colibri ozadnji proces teče kot uporabnik `colibri` (`/var/db/colibri`), ne kot
-operater (`clawdie`, `/home/clawdie`). Zunanjo MCP SSH povezavo do matere
-zažene ozadnji proces — zato morajo biti SSH ključ, konfiguracija in known_hosts v
-v domu ozadnjega procesa. Uvoznik semena namesti SSH gradivo v **oba** domova (operater
-
-- ozadnji proces).
-
-**Zakaj ne preprosto v clawdiejev dom in `sudo`**: ozadnji proces ni operater. Tek kot
-ločen uporabnik pomeni, da je domet ogroženega ozadnjega procesa omejen na tisto, kar
-uporabnik `colibri` lahko počne — MCP klici do matere, ne operaterske
-datoteke ali `sudo`.
-
-→ [`clawdie-live-seed` (clawdie-iso)](https://code.smilepowered.org/clawdie/clawdie-iso/src/branch/main/live/operator-session/clawdie-live-seed),
-[`MOTHER-SETUP.md` §Upravljanje ključev](../packaging/mother/MOTHER-SETUP.md#upravljanje-ključev)
-
-## Glej tudi
-
-- [agent-harness](./agent-harness.md) — razcep zot/Colibri; samodejni zagon
-- [naming-decisions](./naming-decisions.md) — `usb_nodes → hive_nodes`, preimenovanje zastavice autospawn
-- [quality-gates](./quality-gates.md) — preverjanje, ki bi moralo ujeti odmik ob času PR
+1|---
+2|title: Matični hive
+3|description: "Kako matično vozlišče (OSA) usklajuje USB-operaterska vozlišča prek MCP prek SSH → PostgreSQL."
+4|---
+5|
+6|← [kazalo](./index.md)
+7|
+8|## Kaj je to
+9|
+10|Matično vozlišče (OSA) usklajuje USB-operaterska vozlišča prek MCP prek SSH →
+11|PostgreSQL. USB-vozlišča pošiljajo profile strojne opreme; mati izpelje
+12|zmožnosti in vzdržuje hive register. Ta stran beleži **odločitve**, ki stojijo
+13|za izvedbo — utemeljitve, ki jih koda ne more izraziti. Za navodila za
+14|namestitev, arhitekturne diagrame in kontrolni seznam prvega zagona glejte
+15|[`packaging/mother/MOTHER-SETUP.md`](../../packaging/mother/MOTHER-SETUP.md).
+16|
+17|## Odločitve
+18|
+19|### Meja SSH s prisiljenim ukazom (ne poslušajoči ozadnji proces)
+20|
+21|USB-vozlišča dosežejo mater tako, da zaženejo `ssh colibri@mother` (brez
+22|oddaljenega ukaza). Na materini strani `authorized_keys` vsili
+23|`command="/usr/local/bin/colibri-mcp-ssh",restrict,...` — povezava **ne more**
+24|zagnati interaktivne lupine ali kateregakoli ukaza razen ovoja.
+25|
+26|Ovoj (`colibri-mcp-ssh`) dodatno dovoli `SSH_ORIGINAL_COMMAND` samo kot `""`
+27|(stdio MCP način) ali `"tools"` (enkratno odkritje). Vsaka druga vrednost je
+28|zavrnjena.
+29|
+30|**Zakaj ne poslušajoči ozadnji proces** (HTTP, gRPC, surovi TCP): Tailscale šifrira
+31|prenos, zato plast SSH doda avtentikacijo in omejitev brez dodatne
+32|infrastrukture (brez TLS certifikatov, brez avtentikacijskih žetonov, brez
+33|odprtih vrat). Meja s prisiljenim ukazom je druga ključavnica poleg SSH
+34|ključa — tudi ogroženi USB, ki drži ključ, lahko samo pokliče ovoj, ovoj pa
+35|samo delegira colibri-mcp. Obramba v globino, nameščena kot ena funkcija
+36|OpenSSH.
+37|
+38|→ [`colibri-mcp-ssh`](../../packaging/mother/colibri-mcp-ssh),
+39|[`MOTHER-SETUP.md` §Varnost](../../packaging/mother/MOTHER-SETUP.md#varnostne-lastnosti)
+40|
+41|### En sam dom za matično infrastrukturo (colibri, ne clawdie-iso)
+42|
+43|Matični MCP skripti (`node-register-mcp`, `geodesic-dome-mcp` itd.) so bili
+44|prvotno kopirani v oba repozitorija. Kopija v clawdie-iso je odnesla — njen
+45|`node-register-mcp` je uporabljal interpolacijo nizov `E'${...}'` (dovzetno
+46|za SQL-injekcijo), medtem ko je kopija v colibri uporabljala parametrizirani
+47|`psql -v :'variable'`. Kopija v iso je bila odstranjena v clawdie-iso PR #129.
+48|
+49|**Nauk**: skripta v dveh repozitorijih **bo** odnesla. Wiki lint je
+50|enorepozitorijski in ne vidi podvojenih skript med repozitoriji. Zmanjšanje
+51|tveganja je disciplina: matična infrastruktura živi na enem mestu.
+52|
+53|→ [naming-decisions §Strukturne](./naming-decisions.md#strukturne-odločitve)
+54|(vrstica "En sam dom")
+55|
+56|### `hive_nodes` — ne `usb_nodes`
+57|
+58|Prvotno ime tabele je predpostavljalo, da se bodo registrirala samo
+59|USB-zagnana vozlišča. Toda vozlišče je vsak gostitelj, ki se pridruži hive —
+60|USB, NVMe, ječa. Preimenovano v `hive_nodes` s stolpcem `node_type` (colibri
+61|#161). Sprožilec `derive_capabilities()` je agnostičen glede tabele in ob
+62|INSERT samodejno izračuna `has_gpu`, `gpu_vendor`, `can_run_local_llm`,
+63|`has_wifi`, `max_model`.
+64|
+65|→ [`mother_schema.sql`](../../packaging/mother/mother_schema.sql),
+66|[naming-decisions](./naming-decisions.md) (vrstica `usb_nodes → hive_nodes`)
+67|
+68|### PostgreSQL peer avtentikacija (brez gesel)
+69|
+70|Uporabnik OS `colibri` se poveže na `mother_hive` prek peer avtentikacije —
+71|jedro potrdi Unix uporabnika, geslo ni potrebno. `node-register-mcp` teče kot
+72|ta uporabnik in podeduje zaupanje. Brez datotek pgpass, brez spremenljivk
+73|okolja, brez vrtenja poverilnic. En gibljivi del: pravilo `peer` v
+74|`pg_hba.conf` mora biti pred morebitno vrstico `local all all` (prvo
+75|ujemanje).
+76|
+77|**Zakaj ne geslo ali certifikat**: gesla se vrtijo in uhajajo; certifikati
+78|potrebujejo CA. Peer avtentikacija je vgrajena v PostgreSQL na vsakem Unixu
+79|in deluje za povezavo localhost z nič konfiguracije razen ene vrstice v
+80|`pg_hba.conf`.
+81|
+82|→ [`MOTHER-SETUP.md` §Namestitev, 6. korak](../../packaging/mother/MOTHER-SETUP.md#enkratna-namestitev)
+83|
+84|### Ključ na semenski particiji, ne v sliki
+85|
+86|Zasebni ključ `mother-mcp` je nameščen na particijo CLAWDIESEED, ne zapečen v
+87|ISO. Gradbeni skript ima varovalko za izdajo, ki **zavrne** vgradnjo ključa v
+88|sliko za izdajo. Uvoznik semena (`clawdie-live-seed`) ga namesti ob zagonu.
+89|
+90|**Zakaj**: ISO za izdajo je prenosljiv artefakt. Vgradnja zasebnega ključa
+91|vanj bi vsakemu prenašalcu dala dostop do materinega MCP. Semenska particija
+92|je ločen fizični medij, ki ga nadzoruje operater. Tudi brez semena se ISO
+93|zažene in deluje — zunanja MCP povezava ozadnjega procesa do matere odpove elegantno
+94|(SSH: "config file not found"), vozlišče pa deluje samostojno.
+95|
+96|→ [naming-decisions](./naming-decisions.md) ("Znani ostanek"), clawdie-iso #133
+97|
+98|### Demonov uporabnik, ne operater
+99|
+100|Colibri ozadnji proces teče kot uporabnik `colibri` (`/var/db/colibri`), ne kot
+101|operater (`clawdie`, `/home/clawdie`). Zunanjo MCP SSH povezavo do matere
+102|zažene ozadnji proces — zato morajo biti SSH ključ, konfiguracija in known_hosts v
+103|v domu ozadnjega procesa. Uvoznik semena namesti SSH gradivo v **oba** domova (operater
+104|
+105|- ozadnji proces).
+106|
+107|**Zakaj ne preprosto v clawdiejev dom in `sudo`**: ozadnji proces ni operater. Tek kot
+108|ločen uporabnik pomeni, da je domet ogroženega ozadnjega procesa omejen na tisto, kar
+109|uporabnik `colibri` lahko počne — MCP klici do matere, ne operaterske
+110|datoteke ali `sudo`.
+111|
+112|→ [`clawdie-live-seed` (clawdie-iso)](https://code.smilepowered.org/clawdie/clawdie-iso/src/branch/main/live/operator-session/clawdie-live-seed),
+113|[`MOTHER-SETUP.md` §Upravljanje ključev](../../packaging/mother/MOTHER-SETUP.md#upravljanje-ključev)
+114|
+115|## Glej tudi
+116|
+117|- [agent-harness](./agent-harness.md) — razcep zot/Colibri; samodejni zagon
+118|- [naming-decisions](./naming-decisions.md) — `usb_nodes → hive_nodes`, preimenovanje zastavice autospawn
+119|- [quality-gates](./quality-gates.md) — preverjanje, ki bi moralo ujeti odmik ob času PR
+120|
\ No newline at end of file