docs: rename Ragnar to ClaudeCode in DECISIONS.md

Greeter used hardcoded colors (#1a1a2e, white, #ff6b6b) instead of
GTK theme variables, breaking theme consistency across the ecosystem.
Now uses @theme_bg_color, @theme_fg_color, @error_color etc. —
matching moonlock and moonset.

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "moongreet"
-version = "0.7.1"
+version = "0.7.2"
 edition = "2024"
 description = "A greetd greeter for Wayland with GTK4 and Layer Shell"
 license = "MIT"

DECISIONS.md

@@ -1,22 +1,29 @@
 # Decisions
 
+## 2026-04-02 – Replace hardcoded CSS colors with GTK theme variables
+
+- **Who**: ClaudeCode, Dom
+- **Why**: moongreet used hardcoded colors (#1a1a2e, white, #ff6b6b) while moonset already used @theme_bg_color, @theme_fg_color, @error_color etc. Inconsistent across the ecosystem and broke theme flexibility.
+- **Tradeoffs**: Depends on the active GTK theme defining standard color variables. Catppuccin Colloid provides all needed vars (@theme_bg_color, @theme_fg_color, @error_color, @success_color, @theme_selected_bg_color). Fallback behavior if a theme lacks vars is GTK's default colors — acceptable.
+- **How**: Replaced all hardcoded hex/named colors with GTK theme variables. Coordinated change across moongreet, moonlock, and moonset (all three now use identical pattern).
+
 ## 2026-03-31 – Fourth audit: power timeout, timing mitigation, release profile, GREETD_SOCK caching
 
-- **Who**: Ragnar, Dom
+- **Who**: ClaudeCode, Dom
 - **Why**: Fourth triple audit found moongreet power.rs had no timeout on loginctl (greeter could freeze), username enumeration via timing differential, GREETD_SOCK re-read on every login, missing release profile, and missing GResource compression.
 - **Tradeoffs**: 500ms minimum login response time adds slight delay on fast auth but prevents timing-based username enumeration. Power timeout (30s + SIGKILL) matches moonset pattern — aggressive but prevents greeter freeze.
 - **How**: (1) power.rs adapted from moonset with 30s timeout + SIGKILL (nix dependency added). (2) 500ms min response floor in attempt_login via Instant + glib::timeout_future. (3) GREETD_SOCK cached in GreeterState at startup. (4) `[profile.release]` with LTO, codegen-units=1, strip. (5) `compressed="true"` on GResource entries. (6) SYNC comments on duplicated blur/background functions.
 
 ## 2026-03-30 – Full audit fix: security, quality, performance (v0.6.2)
 
-- **Who**: Ragnar, Dom
+- **Who**: ClaudeCode, Dom
 - **Why**: Three parallel audits (security, code quality, performance) identified 10 actionable findings across the codebase — from world-readable cache dirs to a GPU blur geometry bug to a race condition in fingerprint probing.
 - **Tradeoffs**: `too_many_arguments` Clippy warnings suppressed with `#[allow]` rather than introducing a `UiWidgets` struct — GTK's `clone!` macro with `#[weak]` refs requires individual widget parameters, a struct would fight the idiom. Async avatar loading skipped because `Pixbuf` is `!Send`; cache already prevents repeat loads. TOCTOU socket pre-check removed entirely — `connect()` in login_worker already handles errors, the `metadata()` check gave false security guarantees.
 - **How**: Cache dirs use `DirBuilder::mode(0o700)` instead of `create_dir_all`. Blur config clamped to `0.0..=200.0` with `is_finite()` guard. Blur texture cached in `Rc<RefCell<Option<gdk::Texture>>>` across monitors. FingerprintProbe device proxy cached in `GreeterState` with generation counter to prevent stale async writes. GPU blur geometry fixed (`-pad` origin shift instead of texture stretching). `is_valid_gtk_theme` extracted as testable function. 9 new tests.
 
 ## 2026-03-29 – Fingerprint authentication via greetd multi-stage PAM
 
-- **Who**: Ragnar, Dom
+- **Who**: ClaudeCode, Dom
 - **Why**: moonlock supports fprintd but moongreet rejected multi-stage auth. Users with enrolled fingerprints couldn't use them at the login screen.
 - **Tradeoffs**: Direct fprintd D-Bus verification (like moonlock) can't start a greetd session — greetd controls session creation via PAM. Using greetd multi-stage means PAM decides the auth order (fingerprint first, then password fallback), not truly parallel. Acceptable — matches standard pam_fprintd behavior.
 - **How**: Replace single-pass auth with a loop over auth_message rounds. Secret prompts get the password, non-secret prompts (fprintd) get None and block until PAM resolves. fprintd D-Bus probe (gio::DBusProxy) only for UI — detecting device availability and enrolled fingers. 60s socket timeout when fingerprint available. Config option `fingerprint-enabled` (default true).
@@ -30,7 +37,7 @@
 
 ## 2026-03-28 – GPU blur via GskBlurNode replaces CPU blur
 
-- **Who**: Ragnar, Dom
+- **Who**: ClaudeCode, Dom
 - **Why**: CPU-side Gaussian blur (`image` crate) blocked the GTK main thread for 500ms–2s on 4K wallpapers at cold cache. Disk cache and async orchestration added significant complexity.
 - **Tradeoffs**: GPU blur quality is slightly different (box-blur approximation vs true Gaussian), acceptable for wallpaper backgrounds. Removes `image` crate dependency entirely (~15 transitive crates eliminated). No disk cache needed.
 - **How**: `Snapshot::push_blur()` + `GskRenderer::render_texture()` on `connect_realize`. Blur happens once on the GPU when the widget gets its renderer, producing a concrete `gdk::Texture`. Zero startup latency. Symmetric with moonlock and moonset.

resources/style.css

@@ -1,16 +1,16 @@
 /* ABOUTME: GTK4 CSS stylesheet for the Moongreet greeter. */
-/* ABOUTME: Defines styling for the login screen layout. */
+/* ABOUTME: Uses GTK theme colors for consistency with the active desktop theme. */
 
 /* Main window background */
 window.greeter {
-    background-color: #1a1a2e;
+    background-color: @theme_bg_color;
     background-size: cover;
     background-position: center;
 }
 
 /* Wallpaper-only window for secondary monitors */
 window.wallpaper {
-    background-color: #1a1a2e;
+    background-color: @theme_bg_color;
 }
 
 /* Central login area */
@@ -26,14 +26,14 @@ window.wallpaper {
     min-width: 128px;
     min-height: 128px;
     background-color: @theme_selected_bg_color;
-    border: 3px solid alpha(white, 0.3);
+    border: 3px solid alpha(@theme_fg_color, 0.3);
 }
 
 /* Username label */
 .username-label {
     font-size: 24px;
     font-weight: bold;
-    color: white;
+    color: @theme_fg_color;
     margin-top: 12px;
     margin-bottom: 40px;
 }
@@ -50,13 +50,13 @@ window.wallpaper {
 
 /* Error message label */
 .error-label {
-    color: #ff6b6b;
+    color: @error_color;
     font-size: 14px;
 }
 
 /* Fingerprint prompt label */
 .fingerprint-label {
-    color: alpha(white, 0.6);
+    color: alpha(@theme_fg_color, 0.6);
     font-size: 13px;
     margin-top: 8px;
 }
@@ -70,16 +70,16 @@ window.wallpaper {
 .user-list-item {
     padding: 8px 16px;
     border-radius: 8px;
-    color: white;
+    color: @theme_fg_color;
     font-size: 14px;
 }
 
 .user-list-item:hover {
-    background-color: alpha(white, 0.15);
+    background-color: alpha(@theme_fg_color, 0.15);
 }
 
 .user-list-item:selected {
-    background-color: alpha(white, 0.2);
+    background-color: alpha(@theme_fg_color, 0.2);
 }
 
 /* Power buttons on the bottom right */
@@ -88,12 +88,12 @@ window.wallpaper {
     min-height: 48px;
     padding: 0px;
     border-radius: 24px;
-    background-color: alpha(white, 0.1);
+    background-color: alpha(@theme_fg_color, 0.1);
-    color: white;
+    color: @theme_fg_color;
     border: none;
     margin: 4px;
 }
 
 .power-button:hover {
-    background-color: alpha(white, 0.25);
+    background-color: alpha(@theme_fg_color, 0.25);
 }