Adds /api/users endpoints (admin only) plus /api/users/assignable
(admin + technician) used by the aftersales reassign picker. Guards
prevent self-demotion, self-deletion, and removing the last admin.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
User-requested format: zjbf-sh-260501 (26=year, 05=month, 01=monthly seq).
Sequence resets each month and skips soft-deleted entries to avoid reuse.
Also documents aftersales API and new technician role in AGENTS.md / README.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
FindAll search query and tests still referenced the old column name,
causing vet errors and runtime SQL failures.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- AftersalesOrder model with state machine (created/pending_confirmation/closed/rejected)
- Public scan-to-confirm flow with phone last-4 verification and rate limiting
- Technician role and middleware for ownership-scoped operations
- QR code generation pointing to /aftersales/{serialNumber}
- Admin overrides: reassign, force-close, delete
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>