Karou's pick after U17: "lets do all small/cleanup first, then medium, then larger". U18 is the small wave — pulls 5 outstanding wins from the U15/U16/U17 punt lists into one slice. R8.2 dormant column finally dropped, backend sid mint stopped, JwtPayload.sid? removed, bulkArchive audit gap closed, R8.4 PIN-side Hyperdrive parity, and a Mode badge tooltip explaining createVariant immutability.
tenant_users.active_session_token on login. signAccessToken(user, sid) simplifies to signAccessToken(user); JWT no longer carries the sid claim. TenantUserRow type drops the field. Refresh-token path no longer threads the stale sid forward. last_login_at write stays.activeSessionToken from tenantUsers; JwtPayload.sid? removed from auth.ts. The U16 POS column (activePosSessionToken) and R8.4 PIN-side column stay.bulkArchiveProductsAction + bulkUnarchiveProductsAction now write audit rows (products.bulk_archived / products.bulk_unarchived) — one summary row per call with resourceId="bulk:N" + metadata: { ids, archived/unarchived }. Matches the V0.5 cashiers/registers bulk pattern.getPinSessionToken wrapped in db.transaction — defensive Hyperdrive bypass. Same SQL shape as getActivePosSessionToken which burned U16 mid-Gate-2; bringing the PIN side to parity prevents the same trap from biting if/when R8.4 kicks fire./cafe/settings/attributes Chip explains why Instant/Never is locked after creation (createVariant immutability per U15-C).| ✓ | Pre-flight: seed 2 throwaway templates (is_hidden=false) |
| ✓ | SSO login still works post-sid-cleanup (no JWT regression) |
| ✓ | Load-bearing: nix_session cookie's JWT payload has NO sid claim — confirms backend deploy |
| ✓ | /cafe/dashboard reachable post-login |
| ✓ | /cafe/settings/attributes renders + Chip mode badge has title tooltip mentioning "Mode is locked after creation" |
| ✓ | Bulk archive flow on /cafe/products → audit row products.bulk_archived with seeded UUIDs in metadata.ids |
| ✓ | Bulk unarchive flow → audit row products.bulk_unarchived |
| ✓ | No HTTP 5xx during the U18 flow |
| ✓ | Cleanup: delete seeded templates + audit rows |
Post-migration smoke: re-ran the full 9/9 suite AFTER applying the column-drop migration. All green — login works without the column, JWT still has no sid, audit rows still write.
product-row-check-, actual is product-row-select-{templateId}. feedback_grep_testids_before_guessing 4th burn.bulk-action-confirm, actual is products-bulk-confirm-run. Products page has its own confirm dialog, not the shared <BulkActionConfirmDialog>.is_hidden=true default — seeded templates default to hidden; the standard /cafe/products list filters them out. Set is_hidden=false on the seed.? placeholder collides with PostgreSQL JSONB ? operator — metadata->'ids' ? '<uuid>' confuses Knex (counts ? as a bind placeholder). Switched audit-row probe to metadata::text LIKE '%uuid%' since UUIDs are unique enough to avoid false matches.feedback_mkdir_before_bash_redirect.| test-phase1-prod.mjs | 11/11 |
| test-phase2-sso-outdoor-prod.mjs | 6/6 |
| test-m1-prod.mjs | 10/10 |
| test-r7-prod.mjs | 14/14 |
| test-r8-prod.mjs | 4/4 |
| test-phase2-cafe-multishop-prod.mjs | 6/6 |
feedback_phase2_cafe_multishop_solo_retry.