152e6d4328
fp.tablet.pin.reset stores hashed 4-digit codes emailed for self-
service PIN create/reset. Per CLAUDE.md Rule 24 + Rule 13l it follows
the defensive patterns established elsewhere in the shopfloor module:
- PBKDF2-SHA256 hashing (200k iterations, matches ResUsers PIN)
- 72h TTL per D4
- 5 wrong-attempt cap per D5 (invalidates code, used_at set)
- 3 requests/60min rate limit per D6 (raises UserError)
- SQL EXCLUDE constraint enforces one-active-row-per-user per D7
- HMAC-SHA256 reset_token (300s TTL, single-use) for step 3 of
the flow (set_pin via reset_token alternative to old_pin)
Audit event_type extended with 3 new values (pin_reset_requested,
pin_reset_code_verified, pin_set_after_reset). Manager-only ACL on
the new model; sudo when endpoints need access.
10 model-level tests cover generate / replace-active / rate-limit /
verify-correct / verify-wrong / 5-attempt-cap / expired / token sign
roundtrip / tampered-sig / purpose-mismatch.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Fusion Plating — Shop Floor
Tablet / operator ergonomics layer for the fusion_plating core.
Part of the Fusion Plating product family by Nexa Systems Inc. Copyright (c) 2026 Nexa Systems Inc. All rights reserved. Licensed under OPL-1 (Odoo Proprietary License v1.0).
What this module adds
| Feature | Model |
|---|---|
| Tablet station registration | fusion.plating.shopfloor.station |
| Bake oven master + chart recorder ref | fusion.plating.bake.oven |
| Hydrogen embrittlement bake-window enforcer | fusion.plating.bake.window |
| First-piece inspection gate | fusion.plating.first.piece.gate |
| Operator next-up queue (transient) | fusion.plating.operator.queue |
Bake-window enforcer
When a high-strength-steel part exits the plating tank, a clock starts. Customer specification dictates the window (typically 1-4 hours) inside which the relief bake must begin. Missing the window requires scrap or rework — there is no retroactive fix.
The module models this as a first-class entity with:
plate_exit_time— clock startwindow_hours— customer specbake_required_by— computed deadlinestate—awaiting_bake -> bake_in_progress -> baked, withmissed_window/scrappedexit paths- A 5-minute cron that flips records past their deadline to
missed_windowautomatically - A kanban board grouped by state with theme-aware status colours
Tablet client
A backend OWL component (Odoo 19 conventions) registered as the
fp_shopfloor_tablet client action. It hosts:
- QR scan input (wedge scanner or on-screen keyboard friendly)
- Live tank / bath / job preview cards
- One-tap Start Bake / End Bake buttons
- Live operator next-up queue
JSON-RPC endpoints (Odoo 19 type='jsonrpc'):
POST /fp/shopfloor/scanPOST /fp/shopfloor/log_chemistryPOST /fp/shopfloor/start_bakePOST /fp/shopfloor/end_bakePOST /fp/shopfloor/queue
QR code conventions
| Prefix | Resolves to |
|---|---|
FP-TANK:<code> |
fusion.plating.tank |
FP-BATH:<name> |
fusion.plating.bath |
FP-STATION:<code> |
fusion.plating.shopfloor.station |
FP-JOB:<name> |
fusion.plating.bake.window |
FP-OVEN:<code> |
fusion.plating.bake.oven |
Security
Reuses the four core Fusion Plating groups (operator, supervisor, manager,
admin) defined in fusion_plating. No new groups, no new privilege block.
ACLs are graded operator (read/write logs), supervisor (create), manager
(full).
Theme
All styling is theme-aware: CSS custom properties + color-mix() against
Bootstrap / Odoo tokens. No hex codes, no media queries — works in light
and dark mode out of the box.
Install / update
docker exec odoo-dev-app odoo -d fusion-dev -u fusion_plating_shopfloor --stop-after-init