diff --git a/PLAN.md b/PLAN.md
index 7faea2a..66bd857 100644
--- a/PLAN.md
+++ b/PLAN.md
@@ -4,13 +4,13 @@ Hardware audit LiveCD for offline server inventory.
 Produces `HardwareIngestRequest` JSON compatible with core/reanimator.
 
 **Principle:** OS-level collection — reads hardware directly, not through BMC.
-Fully unattended — no user interaction required at any stage. Boot → update → audit → output → done.
-All errors are logged, never presented interactively. Every failure path has a silent fallback.
+Automatic boot audit plus operator console. Boot runs audit immediately, but local/SSH operators can rerun checks through the TUI and CLI.
+Errors are logged and should not block boot on partial collector failures.
 Fills the gaps where logpile/Redfish is blind: NVMe, DIMM serials, GPU serials, physical disks behind RAID, full SMART, NIC firmware.
 
 ---
 
-## Status snapshot (2026-03-06)
+## Status snapshot (2026-03-14)
 
 ### Phase 1 — Go Audit Binary
 
@@ -33,9 +33,14 @@ Fills the gaps where logpile/Redfish is blind: NVMe, DIMM serials, GPU serials,
 - Current implementation uses Debian 12 `live-build`, `systemd`, and OpenSSH.
 - Network bring-up on boot — **DONE**
 - Boot services (`bee-network`, `bee-nvidia`, `bee-audit`, `bee-sshsetup`) — **DONE**
+- Local console UX (`bee` autologin on `tty1`, `menu` auto-start, TUI privilege escalation via `sudo -n`) — **DONE**
+- VM/debug support (`qemu-guest-agent`, serial console, virtual GPU initramfs modules) — **DONE**
 - Vendor utilities in overlay — **DONE**
 - Build metadata + staged overlay injection — **DONE**
+- Builder container cache persisted outside container writable layer — **DONE**
+- ISO volume label `BEE` — **DONE**
 - Auto-update flow remains deferred; current focus is deterministic offline audit ISO behavior.
+- Real-hardware validation remains **PENDING**; current validation is limited to local/libvirt VM boot + service checks.
 
 ---
 
@@ -334,6 +339,8 @@ Planned code shape:
 ### 2.5 — Operator workflows
 
 - Automatic boot audit writes JSON to `/var/log/bee-audit.json`
+- `tty1` autologins into `bee` and auto-runs `menu`
+- `menu` launches the LiveCD wrapper `bee-tui`, which escalates to `root` via `sudo -n`
 - `bee tui` can rerun the audit manually
 - `bee tui` can export the latest audit JSON to removable media
 - removable export requires explicit target selection, mount, confirmation, copy, and cleanup
@@ -358,6 +365,7 @@ Missing optional tools do not fail the build or boot.
 Current release model:
 - shipping a new ISO means a full rebuild
 - build metadata is embedded into `/etc/bee-release` and `motd`
+- current ISO label is `BEE`
 - binary self-update remains deferred; no automatic USB/network patching is part of the current runtime
 
 ---
diff --git a/bible-local/architecture/runtime-flows.md b/bible-local/architecture/runtime-flows.md
index cdc5cb0..6421eb3 100644
--- a/bible-local/architecture/runtime-flows.md
+++ b/bible-local/architecture/runtime-flows.md
@@ -30,6 +30,26 @@ local-fs.target
 - `bee-audit.service` does not wait for `network-online.target`; audit is local and must run even if DHCP is broken.
 - `bee-audit.service` logs audit failures but does not turn partial collector problems into a boot blocker.
 
+## Console and login flow
+
+Local-console behavior:
+
+```text
+tty1
+  └── live-config autologin → bee
+        └── /home/bee/.profile
+              └── exec menu
+                    └── /usr/local/bin/bee-tui
+                          └── sudo -n /usr/local/bin/bee tui --runtime livecd
+```
+
+Rules:
+- local `tty1` lands in user `bee`, not directly in `root`
+- `menu` must work without typing `sudo`
+- TUI actions still run as `root` via `sudo -n`
+- SSH is independent from the tty1 path
+- serial console support is enabled for VM boot debugging
+
 ## ISO build sequence
 
 ```
@@ -80,6 +100,10 @@ Exit code 0 = all required checks pass. All `FAIL` lines must be zero before shi
 Key checks: NVIDIA modules loaded, `nvidia-smi` sees all GPUs, lib symlinks present,
 systemd services running, audit completed with NVIDIA enrichment, LAN reachability.
 
+Current validation state:
+- local/libvirt VM boot path is validated for `systemd`, SSH, `bee audit`, `bee-network`, and TUI startup
+- real hardware validation is still required before treating the ISO as release-ready
+
 ## Overlay mechanism
 
 `live-build` copies files from `config/includes.chroot/` into the ISO filesystem.
diff --git a/bible-local/architecture/system-overview.md b/bible-local/architecture/system-overview.md
index 51c2ed6..3d1926e 100644
--- a/bible-local/architecture/system-overview.md
+++ b/bible-local/architecture/system-overview.md
@@ -19,10 +19,11 @@ Fills gaps where Redfish/logpile is blind:
 ## In scope
 
 - Read-only hardware inventory: board, CPU, memory, storage, PCIe, PSU, GPU, NIC, RAID
-- Unattended operation — no user interaction required
+- Automatic boot audit with operator-facing local console and SSH access
 - NVIDIA proprietary driver loaded at boot for GPU enrichment via `nvidia-smi`
 - SSH access (OpenSSH) always available for inspection and debugging
 - Interactive Go TUI via `bee tui` for network setup, service management, and acceptance tests
+- Local `tty1` operator UX: `bee` autologin, `menu` auto-start, privileged actions via `sudo -n`
 
 ## Network isolation — CRITICAL
 
@@ -56,6 +57,14 @@ Fills gaps where Redfish/logpile is blind:
 | NVIDIA modules | Loaded via `insmod` from `/usr/local/lib/nvidia/` |
 | Builder | Debian 12 host/VM or Debian 12 container image |
 
+## Operator UX
+
+- On the live ISO, `tty1` autologins as `bee`
+- The login profile auto-runs `menu`, which enters the Go TUI
+- The TUI itself executes privileged actions as `root` via `sudo -n`
+- SSH remains available independently of the local console path
+- VM-oriented builds also include `qemu-guest-agent` and serial console support for debugging
+
 ## Runtime split
 
 - The main Go application must run both on a normal Linux host and inside the live ISO
@@ -75,5 +84,7 @@ Fills gaps where Redfish/logpile is blind:
 | `iso/vendor/` | Optional pre-built vendor binaries (storcli64, sas2ircu, sas3ircu, mstflint, …) |
 | `iso/builder/VERSIONS` | Pinned versions: Debian, Go, NVIDIA driver, kernel ABI |
 | `iso/builder/smoketest.sh` | Post-boot smoke test — run via SSH to verify live ISO |
+| `iso/overlay/etc/profile.d/bee.sh` | `menu` helper + tty1 auto-start policy |
+| `iso/overlay/home/bee/.profile` | `bee` shell profile for local console startup |
 | `dist/` | Build outputs (gitignored) |
 | `iso/out/` | Downloaded ISO files (gitignored) |