docs: define staff check-in flow

docs/adr/0006-staff-check-in-with-token-validation.md

@@ -0,0 +1,29 @@
+# ADR-0006: Staff Check-In with Token Validation
+
+Date: 2026-04-28
+
+## Status
+
+Accepted
+
+## Context
+
+Confirmed reservations need a simple entrance check-in process. Staff should be able to use a mobile-friendly web page to scan a visitor's QR code or enter the token manually.
+
+QR codes may be shown on smartphones, printed, forwarded, or photographed, so they must not expose personal data. Check-in must be restricted to authenticated staff or admin users and must prevent duplicate entrance.
+
+## Decision
+
+Use staff-only Django REST Framework endpoints for QR verification preview and check-in confirmation.
+
+The QR code will contain only an opaque verification token or URL. The backend will validate the token server-side, require a confirmed reservation, reject duplicate check-ins, and create or update a `CheckIn` record with timestamp and staff user on successful confirmation.
+
+No Celery, Redis, or separate check-in service is required.
+
+## Consequences
+
+- Staff can use a simple mobile web page for scanning or manual token entry.
+- QR codes remain privacy-preserving because they do not contain personal data.
+- Check-in decisions stay centralized in the Django backend and PostgreSQL state.
+- The entrance workflow depends on backend availability at the venue.
+- Duplicate check-ins can be blocked with application checks and database constraints.