diff --git a/CLAUDE.md b/CLAUDE.md
index 488231b..78d489a 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -1,69 +1,69 @@
 # Moongreet
 
-## Projekt
+## Project
 
-Moongreet ist ein greetd-Greeter für Wayland, gebaut mit Rust + gtk4-rs + gtk4-layer-shell.
-Teil des Moonarch-Ökosystems.
+Moongreet is a greetd greeter for Wayland, built with Rust + gtk4-rs + gtk4-layer-shell.
+Part of the Moonarch ecosystem.
 
-## Tech-Stack
+## Tech Stack
 
-- Rust (Edition 2024), gtk4-rs 0.11, glib 0.22
-- gtk4-layer-shell 0.8 für Wayland Layer Shell (TOP Layer)
-- greetd IPC über Unix Domain Socket (length-prefixed JSON)
-- `cargo test` für Unit-Tests
+- Rust (edition 2024), gtk4-rs 0.11, glib 0.22
+- gtk4-layer-shell 0.8 for the Wayland Layer Shell (TOP layer)
+- greetd IPC over a Unix domain socket (length-prefixed JSON)
+- `cargo test` for unit tests
 
-## Projektstruktur
+## Project Structure
 
-- `src/` — Rust-Quellcode (main.rs, greeter.rs, ipc.rs, config.rs, users.rs, sessions.rs, i18n.rs, power.rs)
-- `resources/` — GResource-Assets (style.css, default-avatar.svg)
-- `config/` — Beispiel-Konfigurationsdateien für `/etc/moongreet/` und `/etc/greetd/`
-- `pkg/` — PKGBUILD für Arch-Linux-Paketierung (`makepkg -sf`)
+- `src/` — Rust source code (main.rs, greeter.rs, ipc.rs, config.rs, users.rs, sessions.rs, i18n.rs, power.rs)
+- `resources/` — GResource assets (style.css, default-avatar.svg)
+- `config/` — example configuration files for `/etc/moongreet/` and `/etc/greetd/`
+- `pkg/` — PKGBUILD for Arch Linux packaging (`makepkg -sf`)
 
-## Kommandos
+## Commands
 
 ```bash
-# Tests ausführen
+# Run tests
 cargo test
 
-# Release-Build
+# Release build
 cargo build --release
 
-# Greeter im Fenster starten (ohne greetd/Layer Shell)
+# Start the greeter in a window (without greetd/Layer Shell)
 MOONGREET_NO_LAYER_SHELL=1 ./target/release/moongreet
 
-# Paket bauen und installieren
+# Build and install the package
 cd pkg && makepkg -sf && sudo pacman -U moongreet-git-<version>-x86_64.pkg.tar.zst
 ```
 
-## Architektur
+## Architecture
 
-- `ipc.rs` — greetd Socket-Kommunikation (4-byte LE header + JSON)
-- `users.rs` — Benutzer aus /etc/passwd, Avatare (AccountsService + ~/.face), Symlink-Rejection
-- `sessions.rs` — Wayland/X11 Sessions aus .desktop Files
-- `power.rs` — Reboot/Shutdown via systemctl (`--no-ask-password`)
-- `i18n.rs` — Locale-Erkennung (LANG / /etc/locale.conf) und String-Tabellen (DE/EN), alle UI- und Login-Fehlermeldungen
-- `fingerprint.rs` — fprintd D-Bus Probe (gio::DBusProxy) — Geräteerkennung und Enrollment-Check für UI-Feedback
-- `config.rs` — TOML-Config ([appearance] background, gtk-theme, cursor-theme, cursor-size, fingerprint-enabled) + Wallpaper-Fallback + Blur-Validierung (finite, clamp 0–200) + Cursor-Size-Validierung (range 1–256)
-- `greeter.rs` — GTK4 UI (Overlay-Layout), Login-Flow via greetd IPC (Multi-Stage-Auth für fprintd), Faillock-Warnung, Power-Confirm (Inline-Bestätigung vor Reboot/Shutdown, wie moonlock), Avatar-Cache, Last-User/Last-Session Persistence (0o700 Dirs, 0o600 Files)
-- `main.rs` — Entry Point, GTK App, Layer Shell Setup, ein Greeter-Fenster auf dem fokussierten Output (kein `set_monitor`), `KeyboardMode::Exclusive`, systemd-journal-logger
-- `resources/style.css` — Catppuccin-inspiriertes Theme
+- `ipc.rs` — greetd socket communication (4-byte LE header + JSON)
+- `users.rs` — users from /etc/passwd, avatars (AccountsService + ~/.face), symlink rejection
+- `sessions.rs` — Wayland/X11 sessions from .desktop files
+- `power.rs` — reboot/shutdown via systemctl (`--no-ask-password`)
+- `i18n.rs` — locale detection (LANG / /etc/locale.conf) and string tables (DE/EN), all UI and login error messages
+- `fingerprint.rs` — fprintd D-Bus probe (gio::DBusProxy) — device detection and enrollment check for UI feedback
+- `config.rs` — TOML config ([appearance] background, gtk-theme, cursor-theme, cursor-size, fingerprint-enabled) + wallpaper fallback + blur validation (finite, clamp 0–200) + cursor-size validation (range 1–256)
+- `greeter.rs` — GTK4 UI (overlay layout), login flow via greetd IPC (multi-stage auth for fprintd), faillock warning, power confirm (inline confirmation before reboot/shutdown, like moonlock), avatar cache, last-user/last-session persistence (0o700 dirs, 0o600 files)
+- `main.rs` — entry point, GTK app, Layer Shell setup, one greeter window on the focused output (no `set_monitor`), `KeyboardMode::Exclusive`, systemd-journal-logger
+- `resources/style.css` — Catppuccin-inspired theme
 
 ## Design Decisions
 
-- **TOP Layer statt OVERLAY**: Greeter läuft unter greetd, nicht über Waybar
-- **GResource-Bundle**: CSS, Wallpaper und Default-Avatar sind in die Binary kompiliert
-- **Async Login**: `glib::spawn_future_local` + `gio::spawn_blocking` statt raw Threads
-- **Socket-Cancellation**: `Arc<Mutex<Option<UnixStream>>>` + `AtomicBool` für saubere Abbrüche
-- **Avatar-Cache**: `HashMap<String, gdk::Texture>` in `Rc<RefCell<GreeterState>>`
-- **GPU-Blur via GskBlurNode**: `Snapshot::push_blur()` + `GskRenderer::render_texture()` im `connect_realize` Callback — kein CPU-Blur, kein Disk-Cache, kein `image`-Crate. Blurred Texture wird per `Rc<RefCell<Option<gdk::Texture>>>` über alle Monitore gecacht (1x GPU-Renderpass statt N).
-- **Fingerprint via greetd Multi-Stage PAM**: fprintd D-Bus nur als Probe (Gerät/Enrollment), eigentliche Verifizierung läuft über PAM im greetd-Auth-Loop. `auth_message_type: "secret"` → Passwort, alles andere → `None` (PAM entscheidet). 60s Socket-Timeout bei fprintd. Device-Proxy in `GreeterState` gecacht, Generation-Counter gegen Race Conditions bei schnellem User-Switch.
-- **Symmetrie mit moonlock/moonset**: Gleiche Patterns (i18n, config, users, power, GResource, GPU-Blur)
-- **Session-Validierung**: Relative Pfade erlaubt (greetd löst PATH auf), nur `..`/Null-Bytes werden abgelehnt
-- **GTK-Theme-Validierung**: Nur alphanumerisch + `_-+.` erlaubt, verhindert Path-Traversal über Config
-- **Cursor-Theme via GtkSettings**: GTK4 unter greetd liest `XCURSOR_THEME` env nicht zuverlässig — Cursor wird via `gtk::Settings::set_gtk_cursor_theme_name()` gesetzt, analog zu `gtk-theme`. Gleiche Validierung (`is_valid_gtk_theme`) gegen Path-Traversal.
-- **Journal-Logging**: `systemd-journal-logger` statt File-Logging — `journalctl -t moongreet`, Debug-Level per `MOONGREET_DEBUG` Env-Var
-- **File Permissions**: Cache-Verzeichnisse 0o700 via `DirBuilder::mode()`, Cache-Dateien 0o600
-- **Testbare Persistence**: `save_*_to`/`load_*_from` Varianten mit konfigurierbarem Pfad für Unit-Tests
-- **Shared Wallpaper Texture**: `gdk::Texture` wird einmal in `load_background_texture()` dekodiert und per Ref-Count an alle Fenster geteilt — vermeidet redundante JPEG-Dekodierung pro Monitor
-- **Wallpaper-Validierung**: GResource-Zweig via `resources_lookup_data()` + `from_bytes()` (kein Abort bei fehlendem Pfad), Dateigröße-Limit 50 MB, non-UTF-8-Pfade → `None`
-- **Error-Detail-Filterung**: GDK/greetd-Fehlerdetails nur auf `debug!`-Level, `warn!` ohne interne Details — verhindert Systeminfo-Leak ins Journal
+- **TOP layer instead of OVERLAY**: the greeter runs under greetd, not above Waybar
+- **GResource bundle**: CSS, wallpaper and default avatar are compiled into the binary
+- **Async login**: `glib::spawn_future_local` + `gio::spawn_blocking` instead of raw threads
+- **Socket cancellation**: `Arc<Mutex<Option<UnixStream>>>` + `AtomicBool` for clean cancellation
+- **Avatar cache**: `HashMap<String, gdk::Texture>` in `Rc<RefCell<GreeterState>>`
+- **GPU blur via GskBlurNode**: `Snapshot::push_blur()` + `GskRenderer::render_texture()` in the `connect_realize` callback — no CPU blur, no disk cache, no `image` crate. The blurred texture is cached across all monitors via `Rc<RefCell<Option<gdk::Texture>>>` (1 GPU render pass instead of N).
+- **Fingerprint via greetd multi-stage PAM**: fprintd D-Bus only as a probe (device/enrollment), the actual verification runs through PAM in the greetd auth loop. `auth_message_type: "secret"` → password, everything else → `None` (PAM decides). 60s socket timeout for fprintd. Device proxy cached in `GreeterState`, generation counter against race conditions on fast user switch.
+- **Symmetry with moonlock/moonset**: same patterns (i18n, config, users, power, GResource, GPU blur)
+- **Session validation**: relative paths allowed (greetd resolves PATH), only `..`/null bytes are rejected
+- **GTK theme validation**: only alphanumeric + `_-+.` allowed, prevents path traversal via config
+- **Cursor theme via GtkSettings**: GTK4 under greetd does not read the `XCURSOR_THEME` env reliably — the cursor is set via `gtk::Settings::set_gtk_cursor_theme_name()`, analogous to `gtk-theme`. Same validation (`is_valid_gtk_theme`) against path traversal.
+- **Journal logging**: `systemd-journal-logger` instead of file logging — `journalctl -t moongreet`, debug level via the `MOONGREET_DEBUG` env var
+- **File permissions**: cache directories 0o700 via `DirBuilder::mode()`, cache files 0o600
+- **Testable persistence**: `save_*_to`/`load_*_from` variants with a configurable path for unit tests
+- **Shared wallpaper texture**: the `gdk::Texture` is decoded once in `load_background_texture()` and shared by ref-count across all windows — avoids redundant JPEG decoding per monitor
+- **Wallpaper validation**: GResource branch via `resources_lookup_data()` + `from_bytes()` (no abort on a missing path), file-size limit 50 MB, non-UTF-8 paths → `None`
+- **Error-detail filtering**: GDK/greetd error details only at `debug!` level, `warn!` without internal details — prevents system-info leak into the journal