Swap H/V display mode to native panel resolution (720x1280) instead of
rotated (1280x720). The DRM/KMS pipeline handles rotation via connector
orientation property. Setting wrong horizontal resolution caused DSI
controller to send extra pixels per line, resulting in horizontal
repetition.
Add DCS-based panel detection in init_sequence2 as supplemental check.
Based on ak-rex/ClockworkPi-linux rpi-6.12.y branch panel-cwu50.c.
Replaces old 0008 patches (DSI_INIT0, BURST removal) that didn't fix
the issue.
- New module: modules/nixos/security/ai-worker-restricted.nix
- Bind mount for infra repo access (RW)
- Whitelisted sudo commands: nh, nixos-rebuild, nixpkgs-fmt, nix
- Audit logging for infra changes
- Documentation in README-ai-worker.md
- Updated users/ai-worker.nix:
- Enable services.aiWorkerAccess
- Lock password (SSH key only)
- Security documentation comments
- Updated flake.nix:
- Include new security module
SECURITY: AI must ask for user confirmation before running nh os switch
- Refactor all 12 compose stacks to use isolated networks with Traefik as the hub
- Add openclaw-ssh sidecar to ai stack for reverse tunneling (port 2425)
- Add sshnode entrypoint to Traefik configuration
- Add cyt-pi host configuration for Pi Zero 2 W (headless)
- Include kismet and target_detector_cli services for remote Wi-Fi monitoring
- Add reverse SSH tunnel service via autossh
- Add headless openclaw node systemd service for host execution
- Migrate from nix to lix package manager
- Permit openclaw-2026.3.12 (insecure package warning)
- Use ai-worker user for node service
