Adds a demonstration doc showing every harness test mapped to the UI state
you should see on a correctly-configured CKBunker + Coldcard HSM. Each
screenshot is paired with the specific test that asserts the outcome,
plus guidance on what failure at that step means. Sensitive/site-specific
identifiers (IPs, domain, device serial, CF tunnel UUID) are generalised
so the doc reads as a template for any deployment.
15 screenshots in docs/images/ cover: physical rack installation, policy
config UI, message signing end-to-end, sub-threshold auto-sign via web
UI and CLI, the critical policy-rejection case, TOTP-authorised signing,
and dashboard counter verification.
3489ae6e8f