docs: update protocol + security notes

docs/gateway/protocol.md

@@ -153,11 +153,22 @@ Nodes declare capability claims at connect time:
 
 The Gateway treats these as **claims** and enforces server-side allowlists.
 
+## Presence
+
+- `system-presence` returns entries keyed by device identity.
+- Presence entries include `deviceId`, `roles`, and `scopes` so UIs can show a single row per device
+  even when it connects as both **operator** and **node**.
+
 ### Node helper methods
 
 - Nodes may call `skills.bins` to fetch the current list of skill executables
   for auto-allow checks.
 
+## Exec approvals
+
+- When an exec request needs approval, the gateway broadcasts `exec.approval.requested`.
+- Operator clients resolve by calling `exec.approval.resolve` (requires `operator.approvals` scope).
+
 ## Versioning
 
 - `PROTOCOL_VERSION` lives in `src/gateway/protocol/schema.ts`.
@@ -191,7 +202,7 @@ The Gateway treats these as **claims** and enforces server-side allowlists.
 
 - TLS is supported for WS connections.
 - Clients may optionally pin the gateway cert fingerprint (see `gateway.tls`
-  config and client TLS settings).
+  config plus `gateway.remote.tlsFingerprint` or CLI `--tls-fingerprint`).
 
 ## Scope