← All tests

R1.7 — Customer Display (prod)

2026-04-23 on prod. Seventh cycle of R1 (NIX-OS-67 Phase 3 POS): a secondary customer-facing display synced to the cashier's POS via same-origin BroadcastChannel. Three states — idle (welcome), cart (live items + total), paid (thank-you with order number, auto-returns to idle after 6s). Public route at /cafe/display/[sessionId]?secret=...; auth gated only by the display_secret on cafe.sessions (rotated each shift, set by R1.3 createOpenNixSession). Middleware bypasses session-cookie auth for this path.

11/11 R1.7 prod click-through passed. Full flow: open shift on a register → click Display button in the top bar → display tab opens at idle with the welcome screen → add product in POS → display flips to cart with item + total via BroadcastChannel → validate payment → display flips to paid showing the order number (e.g. POS06-0001) → auto-returns to idle after 6s. Plus bad-secret URL returns 404 (route auth working).
Mid-gate fix: first run hit a race — after payment the Register publishes paid, then immediately publishes idle (because cart cleared), so the paid screen flashed for milliseconds. Fixed by pinning the paid screen for 6s on the display side and suppressing intervening cart/idle messages. Commit 550698a.
11/11 R1.7 + 33/33 prior-suite regression = 44/44 prod tests green. Regression suites unchanged from R1.6 sweep this morning — R1.7 only added a new public route + a Register publishing effect, neither touches existing surfaces.