cb7bef4e40
Replaces the single shared admin secret with named per-member enrollments — no more "one key for everyone". First visit bootstraps an 'owner' slot; further members are added from inside the admin panel, each scanning their own QR. Login accepts a code matching any active member and records who got in. Offboarding is a per-member revoke: that person's codes stop immediately, everyone else is unaffected, nobody re-enrolls. Old single-secret state migrates to an 'owner' member. Admin panel gains an Access Control table (member, enrolled, last used, revoke) + add-member form that shows the new QR once. 7 tests including revocation isolation; verified the full lifecycle live (bootstrap → add → authenticate → revoke → rejected while owner persists). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2.9 KiB
2.9 KiB