EP-MEL-09 — Lock & Key Integration with Offline Issuance

Companion: Backlog README · EPICS.md · canonical: 07-epics-and-user-stories.md §11

Summary

Wave	R1 (+ Salto, Assa Abloy production in R2)
Priority	P0
Primary owner	lock-integration-service
Participating services	reservation-service, notification-service, ai-orchestrator-service (anomaly detection)
Journeys realised	J-06 (Lock issuance), J-09 (Lost-key revoke), J-10 (Offline encoder)
Workflows	WF-04, WF-08
Frontend surfaces	Electron Desktop (Front-Desk + offline encoder) · Mobile (mobile-key invite)
Story count	9

Outcome

Keys are issued, updated, and revoked through a single vendor-abstracted port with adapters for TTLock, Salto, Assa Abloy, and generic Wiegand. Mobile keys, RFID encoding, and PIN-based budget keys all supported. Offline encoder fallback works during 12+ hour outages. Lock-event anomalies surface via ai-orchestrator-service.

Cross-cutting AC for this epic

• Vendor secrets in Secret Manager + KMS-encrypted; rotation documented.
• Every issuance/update/revoke emits lock.key.{issued|updated|revoked}.v1 with key_id, room_id, reservation_id, tenant_id.
• Offline issuance uses time-bounded device-bound credentials; sync reconciles on reconnect.
• PCI-grade handling for any payment-coupled credentials; PII minimised in events.

Stories

ID	Title
US-MEL-0073	Issue mobile-key invite at check-in
US-MEL-0074	Encode RFID card at front desk
US-MEL-0075	PIN-based key for budget rooms
US-MEL-0076	Update key on date or room change
US-MEL-0077	Revoke key on early checkout / cancel / lost-key
US-MEL-0078	Offline encoder fallback
US-MEL-0079	Lock event anomaly detection
US-MEL-0080	Vendor adapter abstraction (TTLock, Salto, Assa Abloy, Wiegand)
US-MEL-0081	Lock vendor secret rotation

Full AC in ../07-epics-and-user-stories.md §11.

Cross-references

• Lock & key architecture: ../09-lock-and-key-integration.md
• Service readiness: ../roadmap/service-readiness-gates.md
• Definition of Done: ../standards/DEFINITION_OF_DONE.md