diff --git a/Application/Migration/1744416000-seed-admin-user.sql b/Application/Migration/1744416000-seed-admin-user.sql
index c5583e5..7ee7c2b 100644
--- a/Application/Migration/1744416000-seed-admin-user.sql
+++ b/Application/Migration/1744416000-seed-admin-user.sql
@@ -1,6 +1,7 @@
 -- Seed default admin user for initial local deployment.
 -- Password: admin1234!
--- Hash generated with bcrypt cost 10 (compatible with IHP's authenticate @User).
+-- Hash generated with pwstore-fast (Crypto.PasswordStore.makePassword, strength 17)
+-- which is the format IHP's verifyPassword uses. NOT bcrypt.
 -- IMPORTANT: Change this password immediately after first login via the profile settings.
 -- Workplan: IHUB-WP-0014 (A4 — admin user seeding)
 
@@ -8,7 +9,7 @@ INSERT INTO users (id, email, password_hash, name, failed_login_attempts, create
 VALUES (
     uuid_generate_v4(),
     'admin@inter-hub.local',
-    '$2b$10$c3imjL8nLkR1TSbBifvR3eFzlCUurGPXsN7K5trDjmZL6Af3zLqH.',
+    'sha256|17|hyVUQpp0hhegCg2oM0lUHQ==|jSwCi+tJUlKCW6sT6nn23/r71fd0GSiVOo48JSrXyWc=',
     'Admin',
     0,
     now()
diff --git a/Web/Controller/Api/V2/Registries.hs b/Web/Controller/Api/V2/Registries.hs
index fd408ad..5ecd981 100644
--- a/Web/Controller/Api/V2/Registries.hs
+++ b/Web/Controller/Api/V2/Registries.hs
@@ -16,21 +16,21 @@ instance Controller ApiV2RegistriesController where
     action ApiV2ListWidgetTypesAction = do
         types <- query @WidgetTypeRegistry
             |> filterWhere (#status, "active")
-            |> orderByAsc #label_
+            |> orderByAsc #name
             |> fetch
         renderJson $ map wtToJson types
 
     action ApiV2ListEventTypesAction = do
         types <- query @EventTypeRegistry
             |> filterWhere (#status, "active")
-            |> orderByAsc #label_
+            |> orderByAsc #name
             |> fetch
         renderJson $ map etToJson types
 
     action ApiV2ListAnnotationCategoriesAction = do
         cats <- query @AnnotationCategoryRegistry
             |> filterWhere (#status, "active")
-            |> orderByAsc #label_
+            |> orderByAsc #name
             |> fetch
         renderJson $ map acToJson cats
 
diff --git a/Web/Controller/TypeRegistries.hs b/Web/Controller/TypeRegistries.hs
index 168bf5a..86383c9 100644
--- a/Web/Controller/TypeRegistries.hs
+++ b/Web/Controller/TypeRegistries.hs
@@ -16,7 +16,7 @@ instance Controller TypeRegistriesController where
 
     action WidgetTypeRegistryAction = do
         entries <- query @WidgetTypeRegistry
-            |> orderByAsc #label_
+            |> orderByAsc #name
             |> fetch
         hubs <- query @Hub |> fetch
         render WidgetTypesView { entries, hubs }
@@ -83,7 +83,7 @@ instance Controller TypeRegistriesController where
 
     action EventTypeRegistryAction = do
         entries <- query @EventTypeRegistry
-            |> orderByAsc #label_
+            |> orderByAsc #name
             |> fetch
         hubs <- query @Hub |> fetch
         render EventTypesView { entries, hubs }
@@ -149,7 +149,7 @@ instance Controller TypeRegistriesController where
 
     action AnnotationCategoryRegistryAction = do
         entries <- query @AnnotationCategoryRegistry
-            |> orderByAsc #label_
+            |> orderByAsc #name
             |> fetch
         hubs <- query @Hub |> fetch
         render AnnotationCategoriesView { entries, hubs }
@@ -215,7 +215,7 @@ instance Controller TypeRegistriesController where
 
     action PolicyScopeRegistryAction = do
         entries <- query @PolicyScopeRegistry
-            |> orderByAsc #label_
+            |> orderByAsc #name
             |> fetch
         hubs <- query @Hub |> fetch
         render PolicyScopesView { entries, hubs }
diff --git a/Web/FrontController.hs b/Web/FrontController.hs
index 6888739..400bf75 100644
--- a/Web/FrontController.hs
+++ b/Web/FrontController.hs
@@ -192,7 +192,10 @@ defaultLayout inner = [hsx|
                 <a href={AiGovernancePoliciesAction} class="text-sm text-gray-600 hover:text-gray-900">AI Gov</a>
                 <a href={LearningDashboardAction} class="text-sm text-gray-600 hover:text-gray-900">Learning</a>
                 <div class="ml-auto">
-                    <a href={DeleteSessionAction} class="text-sm text-gray-500 hover:text-gray-700">Sign out</a>
+                    <form method="POST" action={DeleteSessionAction} style="display:inline">
+                        <input type="hidden" name="_method" value="DELETE" />
+                        <button type="submit" class="text-sm text-gray-500 hover:text-gray-700 bg-transparent border-0 p-0 cursor-pointer">Sign out</button>
+                    </form>
                 </div>
             </nav>
             <main class="max-w-5xl mx-auto px-6 py-8">
diff --git a/Web/View/TypeRegistries/AnnotationCategories.hs b/Web/View/TypeRegistries/AnnotationCategories.hs
index 3d75be2..497fa57 100644
--- a/Web/View/TypeRegistries/AnnotationCategories.hs
+++ b/Web/View/TypeRegistries/AnnotationCategories.hs
@@ -115,7 +115,7 @@ typeForm entry hubs isNew = [hsx|
             {renderNameField isNew entry.name}
             <div>
                 <label class="block text-sm font-medium text-gray-700 mb-1">Label</label>
-                {(textField #label_) { fieldClass = "w-full border border-gray-300 rounded px-3 py-2 text-sm" }}
+                <input type="text" name="label_" value={entry.label_} required="required" class="w-full border border-gray-300 rounded px-3 py-2 text-sm focus:outline-none focus:ring-2 focus:ring-indigo-500" />
             </div>
             <div>
                 <label class="block text-sm font-medium text-gray-700 mb-1">Description <span class="text-gray-400 text-xs">(optional)</span></label>
diff --git a/Web/View/TypeRegistries/EventTypes.hs b/Web/View/TypeRegistries/EventTypes.hs
index f7ee0c1..396ba0e 100644
--- a/Web/View/TypeRegistries/EventTypes.hs
+++ b/Web/View/TypeRegistries/EventTypes.hs
@@ -115,7 +115,7 @@ typeForm entry hubs isNew = [hsx|
             {renderNameField isNew entry.name}
             <div>
                 <label class="block text-sm font-medium text-gray-700 mb-1">Label</label>
-                {(textField #label_) { fieldClass = "w-full border border-gray-300 rounded px-3 py-2 text-sm" }}
+                <input type="text" name="label_" value={entry.label_} required="required" class="w-full border border-gray-300 rounded px-3 py-2 text-sm focus:outline-none focus:ring-2 focus:ring-indigo-500" />
             </div>
             <div>
                 <label class="block text-sm font-medium text-gray-700 mb-1">Description <span class="text-gray-400 text-xs">(optional)</span></label>
diff --git a/Web/View/TypeRegistries/PolicyScopes.hs b/Web/View/TypeRegistries/PolicyScopes.hs
index 7a553dc..1581764 100644
--- a/Web/View/TypeRegistries/PolicyScopes.hs
+++ b/Web/View/TypeRegistries/PolicyScopes.hs
@@ -115,7 +115,7 @@ typeForm entry hubs isNew = [hsx|
             {renderNameField isNew entry.name}
             <div>
                 <label class="block text-sm font-medium text-gray-700 mb-1">Label</label>
-                {(textField #label_) { fieldClass = "w-full border border-gray-300 rounded px-3 py-2 text-sm" }}
+                <input type="text" name="label_" value={entry.label_} required="required" class="w-full border border-gray-300 rounded px-3 py-2 text-sm focus:outline-none focus:ring-2 focus:ring-indigo-500" />
             </div>
             <div>
                 <label class="block text-sm font-medium text-gray-700 mb-1">Description <span class="text-gray-400 text-xs">(optional)</span></label>
diff --git a/Web/View/TypeRegistries/WidgetTypes.hs b/Web/View/TypeRegistries/WidgetTypes.hs
index 08cf50e..c89e854 100644
--- a/Web/View/TypeRegistries/WidgetTypes.hs
+++ b/Web/View/TypeRegistries/WidgetTypes.hs
@@ -116,7 +116,7 @@ typeForm entry hubs isNew = [hsx|
             {renderNameField isNew entry.name}
             <div>
                 <label class="block text-sm font-medium text-gray-700 mb-1">Label</label>
-                {(textField #label_) { fieldClass = "w-full border border-gray-300 rounded px-3 py-2 text-sm" }}
+                <input type="text" name="label_" value={entry.label_} required="required" class="w-full border border-gray-300 rounded px-3 py-2 text-sm focus:outline-none focus:ring-2 focus:ring-indigo-500" />
             </div>
             <div>
                 <label class="block text-sm font-medium text-gray-700 mb-1">Description <span class="text-gray-400 text-xs">(optional)</span></label>
diff --git a/deploy/railiance/RUNBOOK.md b/deploy/railiance/RUNBOOK.md
index 5a23ce5..be5be04 100644
--- a/deploy/railiance/RUNBOOK.md
+++ b/deploy/railiance/RUNBOOK.md
@@ -124,9 +124,30 @@ curl -H "Authorization: Bearer <api-key>" https://hub.coulomb.social/api/v2/hubs
 
 ## Database Connection Check
 
+The IHP Nix image has no `/bin/sh`. Connect via the CNPG pod instead:
 ```bash
-kubectl exec -n inter-hub deploy/inter-hub -- \
-  /bin/sh -c 'psql $DATABASE_URL -c "SELECT version();"'
+kubectl exec -n databases net-kingdom-pg-1 -- psql -U postgres -d interhub -c "SELECT version();"
+```
+
+## Password Hashing
+
+IHP uses `pwstore-fast` (`Crypto.PasswordStore`) — **not bcrypt**. Hash format:
+```
+sha256|17|<base64-salt>|<base64-hash>
+```
+
+To generate a correct hash (requires GHC with pwstore-fast available on haskelseed):
+```bash
+ssh root@192.168.178.135
+cat > /tmp/genhash.hs << 'EOF'
+import qualified Crypto.PasswordStore as PS
+import qualified Data.ByteString.Char8 as B8
+main :: IO ()
+main = do
+    h <- PS.makePassword (B8.pack "yourpassword") 17
+    B8.putStrLn h
+EOF
+/nix/store/yp23474ys67f1fd2z2ff1nn3q5wrmjng-ghc-9.10.3-with-packages/bin/runghc /tmp/genhash.hs
 ```
 
 ## haskelseed Build VM