feat(webui): replace TUI with full web UI + local openbox desktop

- Remove audit/internal/tui/ (~3000 LOC, bubbletea/lipgloss/reanimator deps)
- Add /api/* REST+SSE endpoints: audit, SAT (nvidia/memory/storage/cpu),
  services, network, export, tools, live metrics stream
- Add async job manager with SSE streaming for long-running operations
- Add platform.SampleLiveMetrics() for live fan/temp/power/GPU polling
- Add multi-page web UI (vanilla JS): Dashboard, Metrics charts, Tests,
  Burn-in, Network, Services, Export, Tools
- Add bee-desktop.service: openbox + Xorg + Chromium opening http://localhost/
- Add openbox/tint2/xorg/xinit/xterm/chromium to ISO package list
- Update .profile, bee.sh, and bible-local docs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

bible-local/architecture/system-overview.md

@@ -26,9 +26,9 @@ Fills gaps where Redfish/logpile is blind:
 - Automatic boot audit with operator-facing local console and SSH access
 - NVIDIA proprietary driver loaded at boot for GPU enrichment via `nvidia-smi`
 - SSH access (OpenSSH) always available for inspection and debugging
-- Interactive Go TUI via `bee tui` for network setup, service management, and acceptance tests
-- Read-only web viewer via `bee web`, rendering the latest audit snapshot through the embedded Reanimator Chart
-- Local `tty1` operator UX: `bee` autologin, `menu` auto-start, privileged actions via `sudo -n`
+- Full web UI via `bee web` on port 80: interactive control panel with live metrics, SAT tests, network config, service management, export, and tools
+- Local operator desktop: openbox + Xorg + Chromium auto-opening `http://localhost/`
+- Local `tty1` operator UX: `bee` autologin, openbox desktop auto-starts with Chromium on `http://localhost/`
 
 ## Network isolation — CRITICAL
 
@@ -76,9 +76,10 @@ Fills gaps where Redfish/logpile is blind:
 ## Operator UX
 
 - On the live ISO, `tty1` autologins as `bee`
-- The login profile auto-runs `menu`, which enters the Go TUI
-- The TUI itself executes privileged actions as `root` via `sudo -n`
+- `bee-desktop.service` starts X11 + openbox + Chromium on display `:0`
+- Chromium opens `http://localhost/` — the full web UI
 - SSH remains available independently of the local console path
+- Remote operators can open `http://<ip>/` in any browser on the same LAN
 - VM-oriented builds also include `qemu-guest-agent` and serial console support for debugging
 - The ISO boots with `toram`, so loss of the original USB/BMC virtual media after boot should not break already-installed runtime binaries
 
@@ -103,7 +104,10 @@ Fills gaps where Redfish/logpile is blind:
 | `internal/chart/` | Git submodule with `reanimator/chart`, embedded into `bee web` |
 | `iso/builder/VERSIONS` | Pinned versions: Debian, Go, NVIDIA driver, kernel ABI |
 | `iso/builder/smoketest.sh` | Post-boot smoke test — run via SSH to verify live ISO |
-| `iso/overlay/etc/profile.d/bee.sh` | `menu` helper + tty1 auto-start policy |
-| `iso/overlay/home/bee/.profile` | `bee` shell profile for local console startup |
+| `iso/overlay/etc/profile.d/bee.sh` | tty1 welcome message with web UI URLs |
+| `iso/overlay/home/bee/.profile` | `bee` shell profile (PATH only) |
+| `iso/overlay/etc/systemd/system/bee-desktop.service` | starts X11 + openbox + chromium |
+| `iso/overlay/usr/local/bin/bee-desktop` | startx wrapper for bee-desktop.service |
+| `iso/overlay/usr/local/bin/bee-openbox-session` | xinitrc: tint2 + chromium + openbox |
 | `dist/` | Build outputs (gitignored) |
 | `iso/out/` | Downloaded ISO files (gitignored) |