docs: translate CLAUDE.md to English

Per the committed=English rule.

.gitea/workflows/update-pkgver.yaml

@@ -1,22 +1,22 @@
-# ABOUTME: Updates pkgver in moonarch-pkgbuilds after a push to main.
-# ABOUTME: Ensures paru detects new versions of this package.
+# ABOUTME: Updates pkgver in moonarch-pkgbuilds when a new moongreet tag is pushed.
+# ABOUTME: Reads the latest version tag and bumps the PKGBUILD + .SRCINFO.
 
 name: Update PKGBUILD version
 
 on:
   push:
-    branches:
-      - main
+    tags:
+      - 'v*'
 
 jobs:
   update-pkgver:
     runs-on: moonarch
     steps:
-      - name: Checkout source repo
+      - name: Determine pkgver from latest tag
         run: |
           git clone --bare http://gitea:3000/nevaforget/greetd-moongreet.git source.git
           cd source.git
-          PKGVER=$(git describe --long --tags | sed 's/^v//;s/-/.r/;s/-/./')
+          PKGVER=$(git describe --tags --abbrev=0 | sed 's/^v//')
           echo "New pkgver: $PKGVER"
           echo "$PKGVER" > /tmp/pkgver
 
@@ -26,18 +26,18 @@ jobs:
           git clone http://gitea:3000/nevaforget/moonarch-pkgbuilds.git pkgbuilds
           cd pkgbuilds
 
-          OLD_VER=$(grep '^pkgver=' moongreet-git/PKGBUILD | cut -d= -f2)
+          OLD_VER=$(grep '^pkgver=' moongreet/PKGBUILD | cut -d= -f2)
           if [ "$OLD_VER" = "$PKGVER" ]; then
             echo "pkgver already up to date ($PKGVER)"
             exit 0
           fi
 
-          sed -i "s/^pkgver=.*/pkgver=$PKGVER/" moongreet-git/PKGBUILD
-          sed -i "s/^\tpkgver = .*/\tpkgver = $PKGVER/" moongreet-git/.SRCINFO
+          sed -i "s/^pkgver=.*/pkgver=$PKGVER/" moongreet/PKGBUILD
+          sed -i "s/^\tpkgver = .*/\tpkgver = $PKGVER/" moongreet/.SRCINFO
           echo "Updated pkgver: $OLD_VER → $PKGVER"
 
           git config user.name "pkgver-bot"
           git config user.email "gitea@moonarch.de"
-          git add moongreet-git/PKGBUILD moongreet-git/.SRCINFO
-          git commit -m "chore(moongreet-git): bump pkgver to $PKGVER"
+          git add moongreet/PKGBUILD moongreet/.SRCINFO
+          git commit -m "chore(moongreet): bump pkgver to $PKGVER"
           git -c http.extraHeader="Authorization: token ${{ secrets.PKGBUILD_TOKEN }}" push

CLAUDE.md

@@ -1,69 +1,69 @@
 # Moongreet
 
-## Projekt
+## Project
 
-Moongreet ist ein greetd-Greeter für Wayland, gebaut mit Rust + gtk4-rs + gtk4-layer-shell.
-Teil des Moonarch-Ökosystems.
+Moongreet is a greetd greeter for Wayland, built with Rust + gtk4-rs + gtk4-layer-shell.
+Part of the Moonarch ecosystem.
 
-## Tech-Stack
+## Tech Stack
 
-- Rust (Edition 2024), gtk4-rs 0.11, glib 0.22
-- gtk4-layer-shell 0.8 für Wayland Layer Shell (TOP Layer)
-- greetd IPC über Unix Domain Socket (length-prefixed JSON)
-- `cargo test` für Unit-Tests
+- Rust (edition 2024), gtk4-rs 0.11, glib 0.22
+- gtk4-layer-shell 0.8 for the Wayland Layer Shell (TOP layer)
+- greetd IPC over a Unix domain socket (length-prefixed JSON)
+- `cargo test` for unit tests
 
-## Projektstruktur
+## Project Structure
 
-- `src/` — Rust-Quellcode (main.rs, greeter.rs, ipc.rs, config.rs, users.rs, sessions.rs, i18n.rs, power.rs)
-- `resources/` — GResource-Assets (style.css, default-avatar.svg)
-- `config/` — Beispiel-Konfigurationsdateien für `/etc/moongreet/` und `/etc/greetd/`
-- `pkg/` — PKGBUILD für Arch-Linux-Paketierung (`makepkg -sf`)
+- `src/` — Rust source code (main.rs, greeter.rs, ipc.rs, config.rs, users.rs, sessions.rs, i18n.rs, power.rs)
+- `resources/` — GResource assets (style.css, default-avatar.svg)
+- `config/` — example configuration files for `/etc/moongreet/` and `/etc/greetd/`
+- `pkg/` — PKGBUILD for Arch Linux packaging (`makepkg -sf`)
 
-## Kommandos
+## Commands
 
 ```bash
-# Tests ausführen
+# Run tests
 cargo test
 
-# Release-Build
+# Release build
 cargo build --release
 
-# Greeter im Fenster starten (ohne greetd/Layer Shell)
+# Start the greeter in a window (without greetd/Layer Shell)
 MOONGREET_NO_LAYER_SHELL=1 ./target/release/moongreet
 
-# Paket bauen und installieren
+# Build and install the package
 cd pkg && makepkg -sf && sudo pacman -U moongreet-git-<version>-x86_64.pkg.tar.zst
 ```
 
-## Architektur
+## Architecture
 
-- `ipc.rs` — greetd Socket-Kommunikation (4-byte LE header + JSON)
-- `users.rs` — Benutzer aus /etc/passwd, Avatare (AccountsService + ~/.face), Symlink-Rejection
-- `sessions.rs` — Wayland/X11 Sessions aus .desktop Files
-- `power.rs` — Reboot/Shutdown via systemctl (`--no-ask-password`)
-- `i18n.rs` — Locale-Erkennung (LANG / /etc/locale.conf) und String-Tabellen (DE/EN), alle UI- und Login-Fehlermeldungen
-- `fingerprint.rs` — fprintd D-Bus Probe (gio::DBusProxy) — Geräteerkennung und Enrollment-Check für UI-Feedback
-- `config.rs` — TOML-Config ([appearance] background, gtk-theme, cursor-theme, cursor-size, fingerprint-enabled) + Wallpaper-Fallback + Blur-Validierung (finite, clamp 0–200) + Cursor-Size-Validierung (range 1–256)
-- `greeter.rs` — GTK4 UI (Overlay-Layout), Login-Flow via greetd IPC (Multi-Stage-Auth für fprintd), Faillock-Warnung, Power-Confirm (Inline-Bestätigung vor Reboot/Shutdown, wie moonlock), Avatar-Cache, Last-User/Last-Session Persistence (0o700 Dirs, 0o600 Files)
-- `main.rs` — Entry Point, GTK App, Layer Shell Setup, ein Greeter-Fenster auf dem fokussierten Output (kein `set_monitor`), `KeyboardMode::Exclusive`, systemd-journal-logger
-- `resources/style.css` — Catppuccin-inspiriertes Theme
+- `ipc.rs` — greetd socket communication (4-byte LE header + JSON)
+- `users.rs` — users from /etc/passwd, avatars (AccountsService + ~/.face), symlink rejection
+- `sessions.rs` — Wayland/X11 sessions from .desktop files
+- `power.rs` — reboot/shutdown via systemctl (`--no-ask-password`)
+- `i18n.rs` — locale detection (LANG / /etc/locale.conf) and string tables (DE/EN), all UI and login error messages
+- `fingerprint.rs` — fprintd D-Bus probe (gio::DBusProxy) — device detection and enrollment check for UI feedback
+- `config.rs` — TOML config ([appearance] background, gtk-theme, cursor-theme, cursor-size, fingerprint-enabled) + wallpaper fallback + blur validation (finite, clamp 0–200) + cursor-size validation (range 1–256)
+- `greeter.rs` — GTK4 UI (overlay layout), login flow via greetd IPC (multi-stage auth for fprintd), faillock warning, power confirm (inline confirmation before reboot/shutdown, like moonlock), avatar cache, last-user/last-session persistence (0o700 dirs, 0o600 files)
+- `main.rs` — entry point, GTK app, Layer Shell setup, one greeter window on the focused output (no `set_monitor`), `KeyboardMode::Exclusive`, systemd-journal-logger
+- `resources/style.css` — Catppuccin-inspired theme
 
 ## Design Decisions
 
-- **TOP Layer statt OVERLAY**: Greeter läuft unter greetd, nicht über Waybar
-- **GResource-Bundle**: CSS, Wallpaper und Default-Avatar sind in die Binary kompiliert
-- **Async Login**: `glib::spawn_future_local` + `gio::spawn_blocking` statt raw Threads
-- **Socket-Cancellation**: `Arc<Mutex<Option<UnixStream>>>` + `AtomicBool` für saubere Abbrüche
-- **Avatar-Cache**: `HashMap<String, gdk::Texture>` in `Rc<RefCell<GreeterState>>`
-- **GPU-Blur via GskBlurNode**: `Snapshot::push_blur()` + `GskRenderer::render_texture()` im `connect_realize` Callback — kein CPU-Blur, kein Disk-Cache, kein `image`-Crate. Blurred Texture wird per `Rc<RefCell<Option<gdk::Texture>>>` über alle Monitore gecacht (1x GPU-Renderpass statt N).
-- **Fingerprint via greetd Multi-Stage PAM**: fprintd D-Bus nur als Probe (Gerät/Enrollment), eigentliche Verifizierung läuft über PAM im greetd-Auth-Loop. `auth_message_type: "secret"` → Passwort, alles andere → `None` (PAM entscheidet). 60s Socket-Timeout bei fprintd. Device-Proxy in `GreeterState` gecacht, Generation-Counter gegen Race Conditions bei schnellem User-Switch.
-- **Symmetrie mit moonlock/moonset**: Gleiche Patterns (i18n, config, users, power, GResource, GPU-Blur)
-- **Session-Validierung**: Relative Pfade erlaubt (greetd löst PATH auf), nur `..`/Null-Bytes werden abgelehnt
-- **GTK-Theme-Validierung**: Nur alphanumerisch + `_-+.` erlaubt, verhindert Path-Traversal über Config
-- **Cursor-Theme via GtkSettings**: GTK4 unter greetd liest `XCURSOR_THEME` env nicht zuverlässig — Cursor wird via `gtk::Settings::set_gtk_cursor_theme_name()` gesetzt, analog zu `gtk-theme`. Gleiche Validierung (`is_valid_gtk_theme`) gegen Path-Traversal.
-- **Journal-Logging**: `systemd-journal-logger` statt File-Logging — `journalctl -t moongreet`, Debug-Level per `MOONGREET_DEBUG` Env-Var
-- **File Permissions**: Cache-Verzeichnisse 0o700 via `DirBuilder::mode()`, Cache-Dateien 0o600
-- **Testbare Persistence**: `save_*_to`/`load_*_from` Varianten mit konfigurierbarem Pfad für Unit-Tests
-- **Shared Wallpaper Texture**: `gdk::Texture` wird einmal in `load_background_texture()` dekodiert und per Ref-Count an alle Fenster geteilt — vermeidet redundante JPEG-Dekodierung pro Monitor
-- **Wallpaper-Validierung**: GResource-Zweig via `resources_lookup_data()` + `from_bytes()` (kein Abort bei fehlendem Pfad), Dateigröße-Limit 50 MB, non-UTF-8-Pfade → `None`
-- **Error-Detail-Filterung**: GDK/greetd-Fehlerdetails nur auf `debug!`-Level, `warn!` ohne interne Details — verhindert Systeminfo-Leak ins Journal
+- **TOP layer instead of OVERLAY**: the greeter runs under greetd, not above Waybar
+- **GResource bundle**: CSS, wallpaper and default avatar are compiled into the binary
+- **Async login**: `glib::spawn_future_local` + `gio::spawn_blocking` instead of raw threads
+- **Socket cancellation**: `Arc<Mutex<Option<UnixStream>>>` + `AtomicBool` for clean cancellation
+- **Avatar cache**: `HashMap<String, gdk::Texture>` in `Rc<RefCell<GreeterState>>`
+- **GPU blur via GskBlurNode**: `Snapshot::push_blur()` + `GskRenderer::render_texture()` in the `connect_realize` callback — no CPU blur, no disk cache, no `image` crate. The blurred texture is cached across all monitors via `Rc<RefCell<Option<gdk::Texture>>>` (1 GPU render pass instead of N).
+- **Fingerprint via greetd multi-stage PAM**: fprintd D-Bus only as a probe (device/enrollment), the actual verification runs through PAM in the greetd auth loop. `auth_message_type: "secret"` → password, everything else → `None` (PAM decides). 60s socket timeout for fprintd. Device proxy cached in `GreeterState`, generation counter against race conditions on fast user switch.
+- **Symmetry with moonlock/moonset**: same patterns (i18n, config, users, power, GResource, GPU blur)
+- **Session validation**: relative paths allowed (greetd resolves PATH), only `..`/null bytes are rejected
+- **GTK theme validation**: only alphanumeric + `_-+.` allowed, prevents path traversal via config
+- **Cursor theme via GtkSettings**: GTK4 under greetd does not read the `XCURSOR_THEME` env reliably — the cursor is set via `gtk::Settings::set_gtk_cursor_theme_name()`, analogous to `gtk-theme`. Same validation (`is_valid_gtk_theme`) against path traversal.
+- **Journal logging**: `systemd-journal-logger` instead of file logging — `journalctl -t moongreet`, debug level via the `MOONGREET_DEBUG` env var
+- **File permissions**: cache directories 0o700 via `DirBuilder::mode()`, cache files 0o600
+- **Testable persistence**: `save_*_to`/`load_*_from` variants with a configurable path for unit tests
+- **Shared wallpaper texture**: the `gdk::Texture` is decoded once in `load_background_texture()` and shared by ref-count across all windows — avoids redundant JPEG decoding per monitor
+- **Wallpaper validation**: GResource branch via `resources_lookup_data()` + `from_bytes()` (no abort on a missing path), file-size limit 50 MB, non-UTF-8 paths → `None`
+- **Error-detail filtering**: GDK/greetd error details only at `debug!` level, `warn!` without internal details — prevents system-info leak into the journal

Cargo.lock

@@ -575,7 +575,7 @@ dependencies = [
 
 [[package]]
 name = "moongreet"
-version = "0.10.0"
+version = "0.10.1"
 dependencies = [
  "gdk-pixbuf",
  "gdk4",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "moongreet"
-version = "0.10.0"
+version = "0.10.1"
 edition = "2024"
 description = "A greetd greeter for Wayland with GTK4 and Layer Shell"
 license = "MIT"

DECISIONS.md

@@ -1,5 +1,12 @@
 # Decisions
 
+## 2026-06-02 – Align power-confirm to moonset's ActionDef pattern (v0.10.1)
+
+- **Who**: ClaudeCode, Dom
+- **Why**: Code review of v0.10.0 flagged the power-confirm code (ported verbatim from moonlock) as lower-altitude than moonset's: two near-identical reboot/shutdown handlers and a `show_power_confirm` taking loose `message`/`action_fn`/`error_message` params that can drift apart. moonset already solved this with an `ActionDef` table + button factory.
+- **Tradeoffs**: A `PowerAction` struct + `power_actions()` table + `create_power_button` factory is slightly more machinery for just two actions, but couples icon/prompt/error/action into one value (mismatch becomes unrepresentable) and makes a third action a one-line table entry. Kept in lockstep with moonlock (same change landed there). Did NOT touch `confirm_box: Rc<RefCell<Option<gtk::Box>>>` — moonset uses the same, it is the shared convention.
+- **How**: Replaced the two hand-wired handlers with a loop over `power_actions()`; `show_power_confirm`/`execute_power_action` now take `PowerAction` (Copy) instead of three loose strings. Re-introduced the in-flight re-trigger guard via `power_box.set_sensitive(false)` (re-enabled on failure) — this restores the protection that v0.10.0 dropped, superseding that entry's "no guard" tradeoff.
+
 ## 2026-06-02 – Inline power confirmation before reboot/shutdown (v0.10.0)
 
 - **Who**: ClaudeCode, Dom

src/greeter.rs

@@ -472,55 +472,17 @@ pub fn create_greeter_window(
     power_box.set_halign(gtk::Align::End);
     power_box.set_valign(gtk::Align::End);
 
-    let reboot_btn = gtk::Button::new();
-    reboot_btn.set_icon_name("system-reboot-symbolic");
-    reboot_btn.add_css_class("power-button");
-    reboot_btn.set_tooltip_text(Some(strings.reboot_tooltip));
-    reboot_btn.connect_clicked(clone!(
-        #[weak]
-        confirm_area,
-        #[strong]
-        confirm_box,
-        #[weak]
-        error_label,
-        move |_| {
-            show_power_confirm(
-                strings.reboot_confirm,
-                power::reboot,
-                strings.reboot_failed,
-                strings,
-                &confirm_area,
-                &confirm_box,
-                &error_label,
-            );
-        }
-    ));
-    power_box.append(&reboot_btn);
-
-    let shutdown_btn = gtk::Button::new();
-    shutdown_btn.set_icon_name("system-shutdown-symbolic");
-    shutdown_btn.add_css_class("power-button");
-    shutdown_btn.set_tooltip_text(Some(strings.shutdown_tooltip));
-    shutdown_btn.connect_clicked(clone!(
-        #[weak]
-        confirm_area,
-        #[strong]
-        confirm_box,
-        #[weak]
-        error_label,
-        move |_| {
-            show_power_confirm(
-                strings.shutdown_confirm,
-                power::shutdown,
-                strings.shutdown_failed,
-                strings,
-                &confirm_area,
-                &confirm_box,
-                &error_label,
-            );
-        }
-    ));
-    power_box.append(&shutdown_btn);
+    for action in power_actions() {
+        let button = create_power_button(
+            action,
+            strings,
+            &power_box,
+            &confirm_area,
+            &confirm_box,
+            &error_label,
+        );
+        power_box.append(&button);
+    }
 
     bottom_bar.append(&power_box);
     overlay.add_overlay(&bottom_bar);
@@ -1352,12 +1314,72 @@ fn login_worker(
     })
 }
 
+/// Definition for a single power-action button (reboot, shutdown).
+/// Couples icon, prompt, error text and action so a button cannot be wired
+/// with a mismatched prompt/action pair. Mirrors moonset's `ActionDef`.
+#[derive(Clone, Copy)]
+struct PowerAction {
+    icon_name: &'static str,
+    tooltip_attr: fn(&Strings) -> &'static str,
+    confirm_attr: fn(&Strings) -> &'static str,
+    error_attr: fn(&Strings) -> &'static str,
+    action_fn: fn() -> Result<(), PowerError>,
+}
+
+/// The power actions offered by the greeter.
+fn power_actions() -> [PowerAction; 2] {
+    [
+        PowerAction {
+            icon_name: "system-reboot-symbolic",
+            tooltip_attr: |s| s.reboot_tooltip,
+            confirm_attr: |s| s.reboot_confirm,
+            error_attr: |s| s.reboot_failed,
+            action_fn: power::reboot,
+        },
+        PowerAction {
+            icon_name: "system-shutdown-symbolic",
+            tooltip_attr: |s| s.shutdown_tooltip,
+            confirm_attr: |s| s.shutdown_confirm,
+            error_attr: |s| s.shutdown_failed,
+            action_fn: power::shutdown,
+        },
+    ]
+}
+
+/// Build a power-action icon button wired to the confirmation flow.
+fn create_power_button(
+    action: PowerAction,
+    strings: &'static Strings,
+    power_box: &gtk::Box,
+    confirm_area: &gtk::Box,
+    confirm_box: &Rc<RefCell<Option<gtk::Box>>>,
+    error_label: &gtk::Label,
+) -> gtk::Button {
+    let button = gtk::Button::new();
+    button.set_icon_name(action.icon_name);
+    button.add_css_class("power-button");
+    button.set_tooltip_text(Some((action.tooltip_attr)(strings)));
+    button.connect_clicked(clone!(
+        #[weak]
+        power_box,
+        #[weak]
+        confirm_area,
+        #[strong]
+        confirm_box,
+        #[weak]
+        error_label,
+        move |_| {
+            show_power_confirm(action, strings, &power_box, &confirm_area, &confirm_box, &error_label);
+        }
+    ));
+    button
+}
+
 /// Show an inline confirmation prompt before executing a power action.
 fn show_power_confirm(
-    message: &'static str,
-    action_fn: fn() -> Result<(), PowerError>,
-    error_message: &'static str,
+    action: PowerAction,
     strings: &'static Strings,
+    power_box: &gtk::Box,
     confirm_area: &gtk::Box,
     confirm_box: &Rc<RefCell<Option<gtk::Box>>>,
     error_label: &gtk::Label,
@@ -1369,7 +1391,7 @@ fn show_power_confirm(
     new_box.set_halign(gtk::Align::Center);
     new_box.set_margin_top(16);
 
-    let confirm_label = gtk::Label::new(Some(message));
+    let confirm_label = gtk::Label::new(Some((action.confirm_attr)(strings)));
     confirm_label.add_css_class("confirm-label");
     new_box.append(&confirm_label);
 
@@ -1379,6 +1401,8 @@ fn show_power_confirm(
     let yes_btn = gtk::Button::with_label(strings.confirm_yes);
     yes_btn.add_css_class("confirm-yes");
     yes_btn.connect_clicked(clone!(
+        #[weak]
+        power_box,
         #[weak]
         confirm_area,
         #[strong]
@@ -1386,8 +1410,7 @@ fn show_power_confirm(
         #[weak]
         error_label,
         move |_| {
-            dismiss_power_confirm(&confirm_area, &confirm_box);
-            execute_power_action(action_fn, error_message, &error_label);
+            execute_power_action(action, strings, &power_box, &confirm_area, &confirm_box, &error_label);
         }
     ));
     button_row.append(&yes_btn);
@@ -1418,13 +1441,27 @@ fn dismiss_power_confirm(confirm_area: &gtk::Box, confirm_box: &Rc<RefCell<Optio
     }
 }
 
-/// Execute a power action in a background thread.
+/// Execute a power action in a background thread, guarding against re-trigger.
 fn execute_power_action(
-    action_fn: fn() -> Result<(), PowerError>,
-    error_message: &'static str,
+    action: PowerAction,
+    strings: &'static Strings,
+    power_box: &gtk::Box,
+    confirm_area: &gtk::Box,
+    confirm_box: &Rc<RefCell<Option<gtk::Box>>>,
     error_label: &gtk::Label,
 ) {
+    dismiss_power_confirm(confirm_area, confirm_box);
+
+    let action_fn = action.action_fn;
+    let error_message = (action.error_attr)(strings);
+
+    // Desensitize the power buttons so a double-click or keyboard repeat cannot
+    // fire the same action twice while it is in flight.
+    power_box.set_sensitive(false);
+
     glib::spawn_future_local(clone!(
+        #[weak]
+        power_box,
         #[weak]
         error_label,
         async move {
@@ -1436,11 +1473,13 @@ fn execute_power_action(
                     log::error!("Power action failed: {e}");
                     error_label.set_text(error_message);
                     error_label.set_visible(true);
+                    power_box.set_sensitive(true);
                 }
                 Err(_) => {
                     log::error!("Power action panicked");
                     error_label.set_text(error_message);
                     error_label.set_visible(true);
+                    power_box.set_sensitive(true);
                 }
             }
         }