cfaf4657ce
Real per-tech Odoo sessions on PIN unlock (not just attribution). Closes the audit-trail gap from Phase 1 permissions overhaul: today the tablet runs as a persistent 'shopfloor service' user and the PIN is just an OWL overlay — every action is attributed to whoever the session user is, not the tech who tapped their tile. Locked decisions: 1. Real per-tech sessions (impersonation, cookie swap) 2. Idle timeout 10min + manual lock + 8hr hard ceiling 3. Dedicated kiosk user (fp_tablet_kiosk, near-zero ACL) 4. No manager override — Mgr/Owner PIN in as themselves 5. Two-step deploy with 1-week overlap; OLD endpoint removed after successful rollout Audit: fp.tablet.session.event append-only log captures unlock / manual_lock / idle_lock / ceiling_lock / force_lock / failed_unlock / admin_reset events with ip, ua, session hash, duration. Effort: ~4 dev days + 1 week observation. Plan via writing-plans skill next. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>