# Feature Spec: Visitor Management & Access Control

**Priority**: 🔴 Critical (Compliance)  
**Phase**: 8  
**Status**: ✅ Implemented

---

## Overview

Track all visitors, contractors, and inspectors entering/exiting the facility. Generate badges with QR codes. Maintain audit trail for California DCC compliance.

---

## Models

### Visitor

- `id`: UUID
- `name`: string (required)
- `email`: string (optional)
- `phone`: string (optional)
- `company`: string (optional)
- `type`: enum (VISITOR, CONTRACTOR, INSPECTOR, VENDOR)
- `status`: enum (PENDING, CHECKED_IN, CHECKED_OUT)
- `photo`: string (optional, URL)
- `ndaSigned`: boolean
- `badgeNumber`: string (optional)

### VisitorLog

- `id`: UUID
- `visitorId`: FK to Visitor
- `entryTime`: datetime
- `exitTime`: datetime (optional)
- `escortId`: FK to User (optional)
- `approvedById`: FK to User
- `purpose`: string
- `areasAccessed`: string[]

### AccessZone

- `id`: UUID
- `name`: string
- `requiresEscort`: boolean
- `requiresNDA`: boolean
- `maxOccupancy`: number (optional)

---

## API Endpoints

### Visitors

- `GET /api/visitors` - List all visitors
- `POST /api/visitors` - Create new visitor
- `GET /api/visitors/:id` - Get visitor details
- `PUT /api/visitors/:id` - Update visitor
- `POST /api/visitors/:id/check-in` - Check in visitor
- `POST /api/visitors/:id/check-out` - Check out visitor
- `GET /api/visitors/active` - Get currently checked-in visitors

### Access Zones

- `GET /api/zones` - List zones
- `POST /api/zones` - Create zone
- `GET /api/zones/:id/occupancy` - Get zone occupancy
- `POST /api/zones/:id/enter` - Log zone entry

---

## Frontend Pages

### Visitor Kiosk (`/kiosk`)

- Tablet-friendly check-in interface
- New visitor registration
- Returning visitor search
- NDA acknowledgement
- Badge number display

### Visitor Management (`/visitors`)

- Active visitors dashboard
- All visitors list with search/filter
- Zone management
- Compliance reports

---

## Compliance Notes

- All visitor entries logged with timestamps
- NDA acknowledgement tracked
- Escort requirements enforced
- Badge numbers unique per day
- 7-year retention for audit purposes