Update docs for current LiveCD flow

bible-local/architecture/runtime-flows.md

@@ -30,6 +30,26 @@ local-fs.target
 - `bee-audit.service` does not wait for `network-online.target`; audit is local and must run even if DHCP is broken.
 - `bee-audit.service` logs audit failures but does not turn partial collector problems into a boot blocker.
 
+## Console and login flow
+
+Local-console behavior:
+
+```text
+tty1
+  └── live-config autologin → bee
+        └── /home/bee/.profile
+              └── exec menu
+                    └── /usr/local/bin/bee-tui
+                          └── sudo -n /usr/local/bin/bee tui --runtime livecd
+```
+
+Rules:
+- local `tty1` lands in user `bee`, not directly in `root`
+- `menu` must work without typing `sudo`
+- TUI actions still run as `root` via `sudo -n`
+- SSH is independent from the tty1 path
+- serial console support is enabled for VM boot debugging
+
 ## ISO build sequence
 
 ```
@@ -80,6 +100,10 @@ Exit code 0 = all required checks pass. All `FAIL` lines must be zero before shi
 Key checks: NVIDIA modules loaded, `nvidia-smi` sees all GPUs, lib symlinks present,
 systemd services running, audit completed with NVIDIA enrichment, LAN reachability.
 
+Current validation state:
+- local/libvirt VM boot path is validated for `systemd`, SSH, `bee audit`, `bee-network`, and TUI startup
+- real hardware validation is still required before treating the ISO as release-ready
+
 ## Overlay mechanism
 
 `live-build` copies files from `config/includes.chroot/` into the ISO filesystem.

bible-local/architecture/system-overview.md

@@ -19,10 +19,11 @@ Fills gaps where Redfish/logpile is blind:
 ## In scope
 
 - Read-only hardware inventory: board, CPU, memory, storage, PCIe, PSU, GPU, NIC, RAID
-- Unattended operation — no user interaction required
+- Automatic boot audit with operator-facing local console and SSH access
 - NVIDIA proprietary driver loaded at boot for GPU enrichment via `nvidia-smi`
 - SSH access (OpenSSH) always available for inspection and debugging
 - Interactive Go TUI via `bee tui` for network setup, service management, and acceptance tests
+- Local `tty1` operator UX: `bee` autologin, `menu` auto-start, privileged actions via `sudo -n`
 
 ## Network isolation — CRITICAL
 
@@ -56,6 +57,14 @@ Fills gaps where Redfish/logpile is blind:
 | NVIDIA modules | Loaded via `insmod` from `/usr/local/lib/nvidia/` |
 | Builder | Debian 12 host/VM or Debian 12 container image |
 
+## Operator UX
+
+- On the live ISO, `tty1` autologins as `bee`
+- The login profile auto-runs `menu`, which enters the Go TUI
+- The TUI itself executes privileged actions as `root` via `sudo -n`
+- SSH remains available independently of the local console path
+- VM-oriented builds also include `qemu-guest-agent` and serial console support for debugging
+
 ## Runtime split
 
 - The main Go application must run both on a normal Linux host and inside the live ISO
@@ -75,5 +84,7 @@ Fills gaps where Redfish/logpile is blind:
 | `iso/vendor/` | Optional pre-built vendor binaries (storcli64, sas2ircu, sas3ircu, mstflint, …) |
 | `iso/builder/VERSIONS` | Pinned versions: Debian, Go, NVIDIA driver, kernel ABI |
 | `iso/builder/smoketest.sh` | Post-boot smoke test — run via SSH to verify live ISO |
+| `iso/overlay/etc/profile.d/bee.sh` | `menu` helper + tty1 auto-start policy |
+| `iso/overlay/home/bee/.profile` | `bee` shell profile for local console startup |
 | `dist/` | Build outputs (gitignored) |
 | `iso/out/` | Downloaded ISO files (gitignored) |