Domain deep dive — Time tracking

Purpose

Single D1 narrative for engineers changing time logging, project membership, or mobile/portal clients that call api/time_tracking.py. It ties together:

• Generated Time tracking DocType reference (all DocTypes live under time_tracking_module/)
• Time tracking module — architecture and allow_guest risks
• API inventory — whitelisted methods
• Socket.io realtime — optional push UX

Separate Frappe module

The generator assigns time_tracking_module DocTypes to the time-tracking category exclusively (mod === 'time_tracking_module'). They do not mix with Lee Kim Alliance ERP folders in the same sidebar group.

Domain boundary

In scope	Out of scope (link instead)
Time Tracker Settings, Time Tracking Project, Time Tracking User, check-in logs	ERPNext Project accounting — standard ERPNext docs
api/time_tracking.py	Unrelated REST surface — grep api/ for other modules
Work locations, user mapping child tables	Full HR attendance policy — product-specific

DocType cluster (generated)

Sub-theme	Examples
Settings	time_tracker_settings
Core entities	time_tracking_project, time_tracking_user
Attendance	time_tracking_employee_checkin, time_tracking_daily_user_log
Locations	work_location_list, work_location_type, user_checkin_mapping
Membership	project_users_list

Index: time-tracking.

Code map

Layer	Primary locations
API	leekimerp/api/time_tracking.py — log_time, app_data, login, etc. (see API inventory)
Module package	leekimerp/time_tracking_module/ — DocType controllers, modules.txt registration
Auth / guest	Mixed allow_guest — Security checklist

Flow (conceptual)

Overlay priority (for overlays.json)

Priority	DocType keys	Rationale
P1 — Overlays present	time_tracker_settings, time_tracking_project, time_tracking_user (see overlays.json)	Entry configuration and identity
P2	time_tracking_employee_checkin, user_checkin_mapping, work_location_type	Attendance edge cases
P3	time_tracking_daily_user_log, project_users_list	Volume tables; overlay if queries confuse support

Failure modes (where to look)

Symptom	First checks
API 403 / auth	User linkage Time Tracking User ↔ Frappe User; session cookies vs token
Guest abuse	Rate limits, API inventory allow_guest column
Wrong project hours	Project Users List assignments, log_time validation

Logs: Frappe Error Log, api/time_tracking.py tracebacks, reverse proxy access logs for brute force.

Related

• Engineering deliverables — governance policies (orthogonal to this domain narrative)
• Time tracking module
• Domain documentation strategy
• Documentation upgrade roadmap