ALL SYSTEMS
CASE STUDY 03
Live SaaS Offering

Biometric Attendance System

ODOO · Python · Raspberry Pi · ZKTeco · Docker · Commercial SaaS

IoTHRPythonRaspberry PiDocker
Biometric Attendance System
SYSTEM_MONITOR // BIOMETRIC
SCROLL
THE PROBLEM

Attendance data lived on hardware. Payroll was calculated on paper. The gap between them was filled by hand.

ZKTeco biometric devices hold accurate, timestamped attendance records. Odoo HR holds the payroll logic. Between them: nothing. Every payroll cycle required manual data export, cross-referencing, and entry — error-prone and completely unauditable.

THE STANDARD APPROACH FAILS BECAUSE:

Manual data transfer introduces human error on every payroll cycle
ZKTeco exports are flat files — no structure that maps to Odoo HR
Branch network connectivity is unreliable — sync that assumes connection loses data
Same punch event can arrive via two protocols — double-counting without deduplication
THE ENGINEERING CHALLENGE

Devices speak ADMS push and direct polling. Neither is reliable alone. Production architecture handles both, with fallback behavior and no data loss when connectivity drops.

"Offline-first SQLite WAL queue at branch level — events survive connectivity failures before they reach Odoo."

— KEY ARCHITECTURAL DECISION

TECHNICAL DECISIONS // 5 MADE

01

Multi-channel ingestion (ADMS + Polling) with fallback

02

SQLite queue in WAL mode for local persistence

03

Event fingerprinting for robust deduplication

04

Token-based authentication and IP allowlisting

05

Full SaaS commercialization strategy

SYSTEM ARCHITECTURE
ZKTecoHardwareRaspberry Pi EdgeSQLite WAL QueueOffline-FirstOdoo IngestionDeduplicationOdoo HRPayroll EngineDaily Activity
PRODUCTION_EVIDENCE // VAULT_01
Buffer_Active
SSD_R_1.2GB/s
THE PROBLEM
THE PROBLEM

Port-forwarding failure — the naive approach

IMG_ID: 1042
WHAT WAS BUILT

Odoo Module

6 FEATURE GROUPS
  • Biometric User Registry — device-to-employee mapping with sync state
  • Daily Activity Engine — worked minutes, overtime, shift compliance
  • CTO Bank — compensatory time-off accumulation and usage tracking
  • Event Deduplication — fingerprint-based rejection of duplicate punches
  • HR Review & Adjustments — manager workflow with immutable audit trail
  • Payroll Export — structured payroll-ready CSV, zero manual steps

Edge Sync Service

DOCKER + RASPBERRY PI
  • ADMS push endpoint — ZKTeco device pushes events to edge service
  • Direct polling — edge service queries device on schedule
  • SQLite WAL queue — events persisted locally before Odoo transmission
  • Exponential backoff with jitter on sync failures
  • Health endpoint for remote monitoring
  • Structured logging and sync metrics

Security

PRODUCTION-GRADE
  • Token-based authentication on all ingestion endpoints
  • IP allowlist enforcement for ADMS push
  • Full audit fields on every manual override
  • RBAC via Odoo model security and record rules

NEXT SYSTEM

IT Asset Management System

IT assets were tracked in spreadsheets. Credentials lived in a WhatsApp group. Offboarding was manual.