LoanerControllerApp

← horaciovaldes.com

Loaner Controller App (Portfolio Overview)

Project Summary

Loaner Controller App is an offline, cross-platform desktop application built to manage loaner laser devices and support controlled payment activation workflows. The app focuses on reliability in constrained environments where internet access is unavailable or undesirable.

It provides a secure operational console for administrators to:

• Register and maintain loaner devices
• Generate pairing phrases for device onboarding
• Generate HOTP-based payment codes
• Confirm payments in a controlled, auditable workflow

Why This Project Exists

In many field or clinic deployments, equipment may be distributed as loaner units and require periodic authorization. This project solves a practical operational need:

• Keep activation workflows fully offline
• Prevent accidental counter drift in payment code generation
• Preserve traceability through audit logs
• Support both Windows and macOS with platform-appropriate security behavior

Core Capabilities

1. Device Management

The app supports full lifecycle management for loaner entries:

• Add
• Edit
• Delete

Each device record includes business-relevant metadata (serial number, type, ship date, interval, payment status fields). Each device also tracks a TotalPayments value (1..65535) used during device pairing.

2. Pairing Phrase Generation (Short v2)

The controller produces compact pairing phrases using a structured binary payload format and human-friendly encoding. Phrases are designed to be copy/paste friendly and suitable for manual handling when needed.

3. HOTP Payment Code Workflow

Payment codes are generated using HOTP (counter-based), not TOTP.

Important behavior:

• Generating a payment code does not mutate the persisted counter
• Counter increments only when payment is explicitly confirmed

This separation avoids state corruption from accidental or repeated code previews.

4. Payment Confirmation and Auditability

Payment confirmation is stored transactionally and audit events are captured with timestamps and contextual metadata for traceability.

5. Payment Code History

Generated payment codes are stored in history so operators can review prior generated entries if a new code is generated before the previous one is used.

Architecture and Engineering Design

Application Pattern

• Avalonia UI with MVVM
• ViewModels remain platform-agnostic
• Platform-specific behavior isolated in dedicated services

Data Layer

• SQLite for local persistence
• Dapper for lightweight data access
• Structured repository abstraction to keep business logic decoupled from storage

Schema migration behavior:

• On startup, the app ensures Lasers.TotalPayments exists.
• Existing databases are migrated with ALTER TABLE Lasers ADD COLUMN TotalPayments INTEGER NOT NULL DEFAULT 1.

Cross-Platform Security

The app uses an interface-driven secret protection model selected at runtime:

• Windows path uses system-native DPAPI protection for user-scoped encryption
• macOS path uses AES-GCM with a locally managed key file
• App unlock uses an operator-provided secret phrase to derive an org key for pairing/payment secret derivation
• Secret derivation is deterministic across devices for the same phrase + serial so paired apps can produce consistent outputs

This enables consistent behavior across platforms without introducing platform-specific code into UI logic.

Reliability-Oriented Behaviors

• Input validation on core fields
• Deterministic phrase/encoding logic with parse verification support
• Transactional payment confirmation updates
• Offline-first operation with no dependency on external APIs/services

UX Highlights

The interface is optimized for operational use:

• Data grid for laser records
• Focused action controls for pairing/payment tasks
• Modal dialogs for important generated outputs with copy support
• Optional audit log visibility to reduce visual clutter during normal workflows

What Makes This Portfolio Project Strong

This project demonstrates practical desktop engineering across several dimensions:

• Cross-platform application design in .NET
• Secure local data handling without cloud dependency
• Clear separation of concerns (UI, domain logic, data access, platform services)
• Operationally safe payment flow design
• Maintainable MVVM structure and repository abstractions

Privacy and Sensitive Information

This repository intentionally avoids exposing sensitive operational details such as:

• Real customer/device data
• Live secrets or keys
• Production environment identifiers
• Any external credential material

All examples and workflows are structured for demonstration and engineering review.

Releases

Latest downloadable Windows artifact:

• docs/LoanerControllerApp-win-x64-selfcontained

Contents:

• LoanerControllerApp.exe (self-contained, Windows x64)

Latest refresh:

• Published on February 22, 2026
• Includes LNR3 pairing (org-secret HMAC-tagged payload), secret-phrase verifier compatibility migration, payment-code flow fixes, and a single-file self-contained Windows x64 build (no sidecar DLLs)