diff --git a/Makefile b/Makefile
index 30bca30..a8de0d3 100644
--- a/Makefile
+++ b/Makefile
@@ -1,9 +1,9 @@
 .PHONY: build frontend-build dev clean test patch minor major
 
 LAST_TAG := $(shell git tag --sort=-v:refname | head -1)
-MAJOR := $(shell echo $(LAST_TAG) | sed 's/^v//' | cut -d. -f1)
-MINOR := $(shell echo $(LAST_TAG) | sed 's/^v//' | cut -d. -f2)
-PATCH := $(shell echo $(LAST_TAG) | sed 's/^v//' | cut -d. -f3)
+MAJOR := $(shell echo $(LAST_TAG) | cut -d. -f1)
+MINOR := $(shell echo $(LAST_TAG) | cut -d. -f2)
+PATCH := $(shell echo $(LAST_TAG) | cut -d. -f3)
 
 build: frontend-build
 	CGO_ENABLED=0 go build -ldflags "-X main.buildID=$$(git rev-parse --short HEAD)" -o turnpike .
@@ -25,13 +25,13 @@ clean:
 	rm -rf frontend/dist
 
 patch:
-	git tag v$(MAJOR).$(MINOR).$(shell echo $$(($(PATCH)+1)))
-	@echo "Tagged v$(MAJOR).$(MINOR).$(shell echo $$(($(PATCH)+1)))"
+	git tag $(MAJOR).$(MINOR).$(shell echo $$(($(PATCH)+1)))
+	@echo "Tagged $(MAJOR).$(MINOR).$(shell echo $$(($(PATCH)+1)))"
 
 minor:
-	git tag v$(MAJOR).$(shell echo $$(($(MINOR)+1))).0
-	@echo "Tagged v$(MAJOR).$(shell echo $$(($(MINOR)+1))).0"
+	git tag $(MAJOR).$(shell echo $$(($(MINOR)+1))).0
+	@echo "Tagged $(MAJOR).$(shell echo $$(($(MINOR)+1))).0"
 
 major:
-	git tag v$(shell echo $$(($(MAJOR)+1))).0.0
-	@echo "Tagged v$(shell echo $$(($(MAJOR)+1))).0.0"
+	git tag $(shell echo $$(($(MAJOR)+1))).0.0
+	@echo "Tagged $(shell echo $$(($(MAJOR)+1))).0.0"
diff --git a/README.md b/README.md
index b526fbe..71132c4 100644
--- a/README.md
+++ b/README.md
@@ -1,20 +1,21 @@
 # Turnpike
 
-Self-hosted event attendee and volunteer management. One instance, one event.
+Self-hosted event ticketing and volunteer management. One instance, one event.
 
 Turnpike handles gate check-in, volunteer scheduling, and department coordination for events ranging from a single evening to a multi-day festival. It works offline — gate volunteers can check people in without a network connection and sync when connectivity returns.
 
 ## Features
 
-- **Attendee management** — CSV import (CrowdWork/Zeffy auto-detected), party-size tracking, search, check-in
-- **Volunteer scheduling** — departments, shifts with capacity, conflict detection, drag-and-drop reordering
-- **Volunteer kiosk** — token-authenticated self-service shift signup, no login required
-- **Gate check-in** — full-screen UI with QR scanner, party check-in ("2/3 checked in"), volunteer dual check-in
-- **Schedule board** — department leads and coordinators manage shift assignments with conflict awareness
-- **Role-based access** — admin, coordinator, volunteer lead (department-scoped), gate
+- **Participant & ticket management** — CSV import (CrowdWork/Zeffy auto-detected), search, check-in
+- **Volunteer scheduling** — departments, shifts with capacity, conflict detection, reordering
+- **Public volunteer signup** — self-registration form with email confirmation, auto-participant linking
+- **Volunteer kiosk** — public volunteer flow: signup, email confirmation, code-authenticated shift self-scheduling
+- **Gate kiosk** — full-screen check-in UI with QR scanner for gatekeepers
+- **Schedule** — create shifts, assign volunteers, manage assignments with conflict awareness
+- **Role-based access** — admin, ticketing, staffing, colead (department-scoped), gatekeeper
 - **Offline-first PWA** — installs on phones/tablets, full offline check-in with background sync
 - **Real-time** — check-ins and changes broadcast live via SSE
-- **SMTP email** — send volunteer token links directly or export CSV for bulk email platforms
+- **SMTP email** — volunteer confirmation emails, kiosk link distribution when shift signups open
 - **Single binary** — Go backend embeds the frontend; no runtime dependencies
 
 ## Tech Stack
@@ -59,10 +60,11 @@ See [docs/INSTALLATION.md](docs/INSTALLATION.md) for systemd, Docker, NixOS, and
 
 | Role | Access |
 |------|--------|
-| `admin` | Full access: attendee import, user management, SMTP settings, all departments and shifts |
-| `coordinator` | All departments: volunteers, shifts, schedule board. No user management or settings |
-| `volunteer_lead` | Own department only: volunteers and shifts scoped to assigned department |
-| `gate` | Full-screen check-in UI with QR scanner. No access to other pages |
+| `admin` | Full access: participant import, user management, SMTP settings, all departments and shifts |
+| `ticketing` | Participants, tickets, import. No user management |
+| `staffing` | All departments: volunteers, shifts, schedule. No user management or settings |
+| `colead` | Own department only: volunteers and shifts scoped to assigned department(s) |
+| `gatekeeper` | Full-screen Gate Kiosk with QR scanner. No access to other pages |
 
 See [docs/USAGE.md](docs/USAGE.md) for detailed workflow documentation.
 
@@ -90,7 +92,7 @@ The Vite dev server runs on `:5173` and proxies `/api` requests to the Go server
 
 ## Documentation
 
-- [Usage Guide](docs/USAGE.md) — event setup, attendee import, volunteer kiosk, gate check-in, schedule board
+- [Usage Guide](docs/USAGE.md) — event setup, participant import, volunteer signup, volunteer kiosk, gate check-in, schedule
 - [Installation Guide](docs/INSTALLATION.md) — building, deploying, systemd, Docker, NixOS, reverse proxy, backup
 
 ## License
diff --git a/auth.go b/auth.go
index c2d11af..b675e6f 100644
--- a/auth.go
+++ b/auth.go
@@ -12,10 +12,10 @@ import (
 )
 
 type Claims struct {
-	UserID   int    `json:"uid"`
-	Username string `json:"sub"`
-	Role     string `json:"role"`
-	DeptIDs  []int  `json:"dept_ids,omitempty"`
+	ParticipantID int      `json:"pid"`
+	Email         string   `json:"sub"`
+	Roles         []string `json:"roles"`
+	DeptIDs       []int    `json:"dept_ids,omitempty"`
 	jwt.RegisteredClaims
 }
 
@@ -28,13 +28,13 @@ func checkPassword(hash, password string) bool {
 	return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil
 }
 
-func (app *App) signToken(u *User) (string, error) {
+func (app *App) signToken(s *User) (string, error) {
 	expiry := time.Duration(app.tokenExpiry) * time.Hour
 	claims := Claims{
-		UserID:   u.ID,
-		Username: u.Username,
-		Role:     u.Role,
-		DeptIDs:  u.DepartmentIDs,
+		ParticipantID: s.ID,
+		Email:         s.Email,
+		Roles:         s.Roles,
+		DeptIDs:       s.DepartmentIDs,
 		RegisteredClaims: jwt.RegisteredClaims{
 			ExpiresAt: jwt.NewNumericDate(time.Now().Add(expiry)),
 			IssuedAt:  jwt.NewNumericDate(time.Now()),
@@ -88,7 +88,7 @@ func (app *App) requireAuth(next http.HandlerFunc, roles ...string) http.Handler
 			writeError(w, "unauthorized", http.StatusUnauthorized)
 			return
 		}
-		if len(roles) > 0 && !hasRole(claims.Role, roles) {
+		if len(roles) > 0 && !hasAnyRole(claims.Roles, roles) {
 			writeError(w, "forbidden", http.StatusForbidden)
 			return
 		}
@@ -97,9 +97,25 @@ func (app *App) requireAuth(next http.HandlerFunc, roles ...string) http.Handler
 	}
 }
 
-func hasRole(role string, allowed []string) bool {
-	for _, r := range allowed {
-		if r == role {
+func hasAnyRole(roles []string, allowed []string) bool {
+	for _, r := range roles {
+		for _, a := range allowed {
+			if r == a {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func isCoLeadOnly(claims *Claims) bool {
+	return hasAnyRole(claims.Roles, []string{"colead"}) &&
+		!hasAnyRole(claims.Roles, []string{"admin", "staffing"})
+}
+
+func inSlice(v int, s []int) bool {
+	for _, x := range s {
+		if x == v {
 			return true
 		}
 	}
diff --git a/auth_test.go b/auth_test.go
index 1a16571..602c6cf 100644
--- a/auth_test.go
+++ b/auth_test.go
@@ -12,7 +12,7 @@ func TestLoginValid(t *testing.T) {
 	mux := testMux(app)
 
 	req := testRequest("POST", "/api/login", map[string]string{
-		"username": admin.Username,
+		"email":    admin.Email,
 		"password": "admin123",
 	})
 	w := httptest.NewRecorder()
@@ -26,7 +26,7 @@ func TestLoginValid(t *testing.T) {
 		t.Error("missing token in response")
 	}
 	user, ok := result["user"].(map[string]any)
-	if !ok || user["username"] != "admin" {
+	if !ok || user["email"] != "oberon@athens.example" {
 		t.Errorf("user = %v", result["user"])
 	}
 }
@@ -37,7 +37,7 @@ func TestLoginWrongPassword(t *testing.T) {
 	mux := testMux(app)
 
 	req := testRequest("POST", "/api/login", map[string]string{
-		"username": "admin",
+		"email":    "oberon@athens.example",
 		"password": "wrong",
 	})
 	w := httptest.NewRecorder()
@@ -53,7 +53,7 @@ func TestLoginNonexistentUser(t *testing.T) {
 	mux := testMux(app)
 
 	req := testRequest("POST", "/api/login", map[string]string{
-		"username": "nobody",
+		"email":    "nobody@test.com",
 		"password": "test",
 	})
 	w := httptest.NewRecorder()
@@ -94,8 +94,7 @@ func TestAuthMiddlewareRoleEnforcement(t *testing.T) {
 	app := testApp(t)
 	mux := testMux(app)
 
-	// Create a gate user — should not be able to access /api/users (admin only)
-	gate := testUserWithRole(t, app, "gateuser", "gate", []int{})
+	gate := testUserWithRoles(t, app, "Starveling", []string{"gatekeeper"}, []int{})
 	token := testToken(t, app, gate)
 
 	req := testAuthRequest("GET", "/api/users", nil, token)
@@ -121,7 +120,7 @@ func TestMeEndpoint(t *testing.T) {
 		t.Fatalf("status = %d", w.Code)
 	}
 	result := parseJSON(t, w)
-	if result["username"] != "admin" {
-		t.Errorf("username = %v", result["username"])
+	if result["email"] != "oberon@athens.example" {
+		t.Errorf("email = %v", result["email"])
 	}
 }
diff --git a/db.go b/db.go
index ef3a339..0ec6716 100644
--- a/db.go
+++ b/db.go
@@ -40,20 +40,6 @@ func migrate(db *sql.DB) error {
 		updated_at  TEXT NOT NULL DEFAULT (datetime('now'))
 	);
 
-	CREATE TABLE IF NOT EXISTS users (
-		id            INTEGER PRIMARY KEY AUTOINCREMENT,
-		username      TEXT NOT NULL UNIQUE,
-		password_hash TEXT NOT NULL,
-		role          TEXT NOT NULL CHECK(role IN ('admin','coordinator','gate','ticketing','volunteer_lead')),
-		created_at    TEXT NOT NULL DEFAULT (datetime('now'))
-	);
-
-	CREATE TABLE IF NOT EXISTS user_departments (
-		user_id       INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
-		department_id INTEGER NOT NULL REFERENCES departments(id) ON DELETE CASCADE,
-		PRIMARY KEY (user_id, department_id)
-	);
-
 	CREATE TABLE IF NOT EXISTS departments (
 		id          INTEGER PRIMARY KEY AUTOINCREMENT,
 		name        TEXT NOT NULL UNIQUE,
@@ -63,44 +49,25 @@ func migrate(db *sql.DB) error {
 		deleted_at  TEXT
 	);
 
-	CREATE TABLE IF NOT EXISTS attendees (
-		id               INTEGER PRIMARY KEY AUTOINCREMENT,
-		name             TEXT NOT NULL,
-		email            TEXT NOT NULL DEFAULT '',
-		phone            TEXT NOT NULL DEFAULT '',
-		ticket_id        TEXT NOT NULL DEFAULT '',
-		ticket_type      TEXT NOT NULL DEFAULT '',
-		volunteer_token  TEXT UNIQUE,
-		party_size       INTEGER NOT NULL DEFAULT 1,
-		checked_in       INTEGER NOT NULL DEFAULT 0,
-		checked_in_count INTEGER NOT NULL DEFAULT 0,
-		checked_in_at    TEXT,
-		checked_in_by    INTEGER REFERENCES users(id),
-		note             TEXT NOT NULL DEFAULT '',
-		created_at       TEXT NOT NULL DEFAULT (datetime('now')),
-		updated_at       TEXT NOT NULL DEFAULT (datetime('now')),
-		deleted_at       TEXT
-	);
-
-	CREATE UNIQUE INDEX IF NOT EXISTS idx_attendees_name_ticket
-		ON attendees(name, ticket_id) WHERE deleted_at IS NULL;
-
 	CREATE TABLE IF NOT EXISTS volunteers (
-		id            INTEGER PRIMARY KEY AUTOINCREMENT,
-		attendee_id   INTEGER REFERENCES attendees(id) ON DELETE SET NULL,
-		name          TEXT NOT NULL,
-		email         TEXT NOT NULL DEFAULT '',
-		phone         TEXT NOT NULL DEFAULT '',
-		department_id INTEGER REFERENCES departments(id) ON DELETE SET NULL,
-		is_lead       INTEGER NOT NULL DEFAULT 0,
-		checked_in    INTEGER NOT NULL DEFAULT 0,
-		checked_in_at TEXT,
-		note          TEXT NOT NULL DEFAULT '',
-		created_at    TEXT NOT NULL DEFAULT (datetime('now')),
-		updated_at    TEXT NOT NULL DEFAULT (datetime('now')),
-		deleted_at    TEXT
+		id             INTEGER PRIMARY KEY AUTOINCREMENT,
+		participant_id INTEGER NOT NULL REFERENCES participants(id) ON DELETE CASCADE,
+		department_id  INTEGER REFERENCES departments(id) ON DELETE SET NULL,
+		is_lead        INTEGER NOT NULL DEFAULT 0,
+		ready          INTEGER NOT NULL DEFAULT 0,
+		ready_at       TEXT,
+		confirmed      INTEGER NOT NULL DEFAULT 0,
+		confirmed_at   TEXT,
+		kiosk_code     TEXT,
+		note           TEXT NOT NULL DEFAULT '',
+		created_at     TEXT NOT NULL DEFAULT (datetime('now')),
+		updated_at     TEXT NOT NULL DEFAULT (datetime('now')),
+		deleted_at     TEXT
 	);
 
+	CREATE UNIQUE INDEX IF NOT EXISTS idx_volunteers_kiosk_code
+		ON volunteers(kiosk_code) WHERE kiosk_code IS NOT NULL;
+
 	CREATE TABLE IF NOT EXISTS shifts (
 		id            INTEGER PRIMARY KEY AUTOINCREMENT,
 		department_id INTEGER NOT NULL REFERENCES departments(id) ON DELETE CASCADE,
@@ -119,53 +86,71 @@ func migrate(db *sql.DB) error {
 		shift_id     INTEGER NOT NULL REFERENCES shifts(id) ON DELETE CASCADE,
 		confirmed    INTEGER NOT NULL DEFAULT 1,
 		updated_at   TEXT NOT NULL DEFAULT (datetime('now')),
+		deleted_at   TEXT,
 		PRIMARY KEY (volunteer_id, shift_id)
 	);
+
+	CREATE TABLE IF NOT EXISTS participants (
+		id                 INTEGER PRIMARY KEY AUTOINCREMENT,
+		email              TEXT NOT NULL DEFAULT '',
+		preferred_name     TEXT NOT NULL DEFAULT '',
+		ticket_name        TEXT NOT NULL DEFAULT '',
+		phone              TEXT NOT NULL DEFAULT '',
+		pronouns           TEXT NOT NULL DEFAULT '',
+		note               TEXT NOT NULL DEFAULT '',
+		email_confirmed    INTEGER NOT NULL DEFAULT 0,
+		confirmation_token TEXT,
+		password_hash      TEXT,
+		login_enabled      INTEGER NOT NULL DEFAULT 0,
+		created_at         TEXT NOT NULL DEFAULT (datetime('now')),
+		updated_at         TEXT NOT NULL DEFAULT (datetime('now')),
+		deleted_at         TEXT
+	);
+
+	CREATE UNIQUE INDEX IF NOT EXISTS idx_participants_email
+		ON participants(email) WHERE deleted_at IS NULL AND email != '';
+
+	CREATE TABLE IF NOT EXISTS tickets (
+		id             INTEGER PRIMARY KEY AUTOINCREMENT,
+		participant_id INTEGER REFERENCES participants(id) ON DELETE SET NULL,
+		name           TEXT NOT NULL DEFAULT '',
+		ticket_type    TEXT NOT NULL DEFAULT '',
+		source         TEXT NOT NULL DEFAULT 'manual',
+		external_id    TEXT NOT NULL DEFAULT '',
+		order_id       TEXT NOT NULL DEFAULT '',
+		code           TEXT UNIQUE,
+		checked_in_at  TEXT,
+		checked_in_by  INTEGER REFERENCES participants(id),
+		created_at     TEXT NOT NULL DEFAULT (datetime('now')),
+		updated_at     TEXT NOT NULL DEFAULT (datetime('now')),
+		deleted_at     TEXT
+	);
+
+	CREATE UNIQUE INDEX IF NOT EXISTS idx_tickets_source_external
+		ON tickets(source, external_id) WHERE external_id != '' AND deleted_at IS NULL;
+
+	CREATE TABLE IF NOT EXISTS participant_roles (
+		participant_id INTEGER NOT NULL REFERENCES participants(id) ON DELETE CASCADE,
+		role           TEXT NOT NULL CHECK(role IN ('admin','staffing','colead','gatekeeper')),
+		PRIMARY KEY (participant_id, role)
+	);
+
+	CREATE TABLE IF NOT EXISTS participant_departments (
+		participant_id INTEGER NOT NULL REFERENCES participants(id) ON DELETE CASCADE,
+		department_id  INTEGER NOT NULL REFERENCES departments(id) ON DELETE CASCADE,
+		PRIMARY KEY (participant_id, department_id)
+	);
+
+	CREATE TABLE IF NOT EXISTS sso_nonces (
+		nonce      TEXT PRIMARY KEY,
+		created_at TEXT NOT NULL DEFAULT (datetime('now'))
+	);
 	`)
-	if err != nil {
-		return err
-	}
-	return migrateV2(db)
-}
-
-// migrateV2 adds new columns to existing databases without data loss.
-func migrateV2(db *sql.DB) error {
-	addColumnIfMissing(db, "attendees", "volunteer_token TEXT UNIQUE")
-	addColumnIfMissing(db, "attendees", "party_size INTEGER NOT NULL DEFAULT 1")
-	addColumnIfMissing(db, "attendees", "checked_in_count INTEGER NOT NULL DEFAULT 0")
-	addColumnIfMissing(db, "shifts", "position INTEGER NOT NULL DEFAULT 0")
-	addColumnIfMissing(db, "volunteer_shifts", "deleted_at TEXT")
-	// Widen the uniqueness constraint from name-only to (name, ticket_id).
-	db.Exec(`DROP INDEX IF EXISTS idx_attendees_name`)
-	db.Exec(`CREATE UNIQUE INDEX IF NOT EXISTS idx_attendees_name_ticket ON attendees(name, ticket_id) WHERE deleted_at IS NULL`)
-	return nil
-}
-
-func addColumnIfMissing(db *sql.DB, table, colDef string) {
-	colName := strings.Fields(colDef)[0]
-	rows, err := db.Query(`PRAGMA table_info("` + table + `")`)
-	if err != nil {
-		return
-	}
-	defer rows.Close()
-	for rows.Next() {
-		var cid, notNull, pk int
-		var name, typ string
-		var dflt sql.NullString
-		rows.Scan(&cid, &name, &typ, &notNull, &dflt, &pk)
-		if name == colName {
-			return
-		}
-	}
-	db.Exec(`ALTER TABLE "` + table + `" ADD COLUMN ` + colDef)
+	return err
 }
 
 // --- Types ---
 
-const attendeeCols = `id, name, email, phone, ticket_id, ticket_type, volunteer_token,
-	party_size, checked_in, checked_in_count, checked_in_at, checked_in_by,
-	note, created_at, updated_at, deleted_at`
-
 const shiftCols = `id, department_id, name, day, start_time, end_time, capacity, position, updated_at, deleted_at`
 const shiftColsS = `s.id, s.department_id, s.name, s.day, s.start_time, s.end_time, s.capacity, s.position, s.updated_at, s.deleted_at`
 
@@ -181,30 +166,12 @@ type Event struct {
 }
 
 type User struct {
-	ID            int    `json:"id"`
-	Username      string `json:"username"`
-	Role          string `json:"role"`
-	DepartmentIDs []int  `json:"department_ids"`
-	CreatedAt     string `json:"created_at"`
-}
-
-type Attendee struct {
-	ID             int     `json:"id"`
-	Name           string  `json:"name"`
-	Email          string  `json:"email"`
-	Phone          string  `json:"phone"`
-	TicketID       string  `json:"ticket_id"`
-	TicketType     string  `json:"ticket_type"`
-	VolunteerToken *string `json:"volunteer_token,omitempty"`
-	PartySize      int     `json:"party_size"`
-	CheckedIn      bool    `json:"checked_in"`
-	CheckedInCount int     `json:"checked_in_count"`
-	CheckedInAt    *string `json:"checked_in_at,omitempty"`
-	CheckedInBy    *int    `json:"checked_in_by,omitempty"`
-	Note           string  `json:"note"`
-	CreatedAt      string  `json:"created_at"`
-	UpdatedAt      string  `json:"updated_at"`
-	DeletedAt      *string `json:"deleted_at,omitempty"`
+	ID            int      `json:"id"`
+	Email         string   `json:"email"`
+	PreferredName string   `json:"preferred_name"`
+	Roles         []string `json:"roles"`
+	DepartmentIDs []int    `json:"department_ids"`
+	CreatedAt     string   `json:"created_at"`
 }
 
 type Department struct {
@@ -217,19 +184,56 @@ type Department struct {
 }
 
 type Volunteer struct {
-	ID           int     `json:"id"`
-	AttendeeID   *int    `json:"attendee_id,omitempty"`
-	Name         string  `json:"name"`
-	Email        string  `json:"email"`
-	Phone        string  `json:"phone"`
-	DepartmentID *int    `json:"department_id,omitempty"`
-	IsLead       bool    `json:"is_lead"`
-	CheckedIn    bool    `json:"checked_in"`
-	CheckedInAt  *string `json:"checked_in_at,omitempty"`
-	Note         string  `json:"note"`
-	CreatedAt    string  `json:"created_at"`
-	UpdatedAt    string  `json:"updated_at"`
-	DeletedAt    *string `json:"deleted_at,omitempty"`
+	ID            int     `json:"id"`
+	ParticipantID int     `json:"participant_id"`
+	DepartmentID  *int    `json:"department_id,omitempty"`
+	IsLead        bool    `json:"is_lead"`
+	Ready         bool    `json:"ready"`
+	ReadyAt       *string `json:"ready_at,omitempty"`
+	Confirmed     bool    `json:"confirmed"`
+	ConfirmedAt   *string `json:"confirmed_at,omitempty"`
+	KioskCode     *string `json:"kiosk_code,omitempty"`
+	Note          string  `json:"note"`
+	CreatedAt     string  `json:"created_at"`
+	UpdatedAt     string  `json:"updated_at"`
+	DeletedAt     *string `json:"deleted_at,omitempty"`
+	// Populated via JOIN from participant, not stored on volunteers table:
+	Name           string `json:"name"`
+	Email          string `json:"email"`
+	Phone          string `json:"phone"`
+	Pronouns       string `json:"pronouns"`
+	EmailConfirmed bool   `json:"email_confirmed"`
+}
+
+type Participant struct {
+	ID                int     `json:"id"`
+	Email             string  `json:"email"`
+	PreferredName     string  `json:"preferred_name"`
+	TicketName        string  `json:"ticket_name"`
+	Phone             string  `json:"phone"`
+	Pronouns          string  `json:"pronouns"`
+	Note              string  `json:"note"`
+	EmailConfirmed    bool    `json:"email_confirmed"`
+	ConfirmationToken *string `json:"-"`
+	CreatedAt         string  `json:"created_at"`
+	UpdatedAt         string  `json:"updated_at"`
+	DeletedAt         *string `json:"deleted_at,omitempty"`
+}
+
+type Ticket struct {
+	ID            int     `json:"id"`
+	ParticipantID *int    `json:"participant_id,omitempty"`
+	Name          string  `json:"name"`
+	TicketType    string  `json:"ticket_type"`
+	Source        string  `json:"source"`
+	ExternalID    string  `json:"external_id"`
+	OrderID       string  `json:"order_id"`
+	Code          *string `json:"code,omitempty"`
+	CheckedInAt   *string `json:"checked_in_at,omitempty"`
+	CheckedInBy   *int    `json:"checked_in_by,omitempty"`
+	CreatedAt     string  `json:"created_at"`
+	UpdatedAt     string  `json:"updated_at"`
+	DeletedAt     *string `json:"deleted_at,omitempty"`
 }
 
 type Shift struct {
@@ -279,11 +283,45 @@ func (app *App) upsertEvent(e Event) error {
 	return err
 }
 
-// --- Users ---
+// --- Staff (participants with login_enabled) ---
 
-func (app *App) getUserDeptIDs(userID int) ([]int, error) {
+func (app *App) getParticipantRoles(participantID int) ([]string, error) {
 	rows, err := app.db.Query(
-		`SELECT department_id FROM user_departments WHERE user_id = ? ORDER BY department_id`, userID,
+		`SELECT role FROM participant_roles WHERE participant_id = ? ORDER BY role`, participantID,
+	)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var roles []string
+	for rows.Next() {
+		var r string
+		rows.Scan(&r)
+		roles = append(roles, r)
+	}
+	if roles == nil {
+		roles = []string{}
+	}
+	return roles, rows.Err()
+}
+
+func (app *App) setParticipantRoles(participantID int, roles []string) error {
+	if _, err := app.db.Exec(`DELETE FROM participant_roles WHERE participant_id = ?`, participantID); err != nil {
+		return err
+	}
+	for _, role := range roles {
+		if _, err := app.db.Exec(
+			`INSERT INTO participant_roles (participant_id, role) VALUES (?, ?)`, participantID, role,
+		); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (app *App) getUserDeptIDs(participantID int) ([]int, error) {
+	rows, err := app.db.Query(
+		`SELECT department_id FROM participant_departments WHERE participant_id = ? ORDER BY department_id`, participantID,
 	)
 	if err != nil {
 		return nil, err
@@ -301,14 +339,13 @@ func (app *App) getUserDeptIDs(userID int) ([]int, error) {
 	return ids, rows.Err()
 }
 
-func (app *App) setUserDeptIDs(userID int, deptIDs []int) error {
-	_, err := app.db.Exec(`DELETE FROM user_departments WHERE user_id = ?`, userID)
-	if err != nil {
+func (app *App) setUserDeptIDs(participantID int, deptIDs []int) error {
+	if _, err := app.db.Exec(`DELETE FROM participant_departments WHERE participant_id = ?`, participantID); err != nil {
 		return err
 	}
 	for _, deptID := range deptIDs {
 		if _, err := app.db.Exec(
-			`INSERT INTO user_departments (user_id, department_id) VALUES (?, ?)`, userID, deptID,
+			`INSERT INTO participant_departments (participant_id, department_id) VALUES (?, ?)`, participantID, deptID,
 		); err != nil {
 			return err
 		}
@@ -316,98 +353,157 @@ func (app *App) setUserDeptIDs(userID int, deptIDs []int) error {
 	return nil
 }
 
-func (app *App) getUserByUsername(username string) (*User, string, error) {
-	var u User
-	var hash string
+func (app *App) getLoginParticipant(email string) (*User, string, error) {
+	var s User
+	var hash sql.NullString
 	err := app.db.QueryRow(
-		`SELECT id, username, password_hash, role, created_at FROM users WHERE username = ?`, username,
-	).Scan(&u.ID, &u.Username, &hash, &u.Role, &u.CreatedAt)
+		`SELECT id, email, preferred_name, password_hash, created_at
+		 FROM participants WHERE LOWER(email) = LOWER(?) AND login_enabled = 1 AND deleted_at IS NULL`, email,
+	).Scan(&s.ID, &s.Email, &s.PreferredName, &hash, &s.CreatedAt)
 	if err == sql.ErrNoRows {
 		return nil, "", nil
 	}
 	if err != nil {
 		return nil, "", err
 	}
-	u.DepartmentIDs, err = app.getUserDeptIDs(u.ID)
-	return &u, hash, err
+	var hashStr string
+	if hash.Valid {
+		hashStr = hash.String
+	}
+	s.Roles, _ = app.getParticipantRoles(s.ID)
+	s.DepartmentIDs, _ = app.getUserDeptIDs(s.ID)
+	return &s, hashStr, nil
 }
 
-func (app *App) getUserByID(id int) (*User, error) {
-	var u User
+func (app *App) getUser(id int) (*User, error) {
+	var s User
 	err := app.db.QueryRow(
-		`SELECT id, username, role, created_at FROM users WHERE id = ?`, id,
-	).Scan(&u.ID, &u.Username, &u.Role, &u.CreatedAt)
+		`SELECT id, email, preferred_name, created_at
+		 FROM participants WHERE id = ? AND login_enabled = 1 AND deleted_at IS NULL`, id,
+	).Scan(&s.ID, &s.Email, &s.PreferredName, &s.CreatedAt)
 	if err == sql.ErrNoRows {
 		return nil, nil
 	}
 	if err != nil {
 		return nil, err
 	}
-	u.DepartmentIDs, err = app.getUserDeptIDs(u.ID)
-	return &u, err
+	s.Roles, _ = app.getParticipantRoles(s.ID)
+	s.DepartmentIDs, _ = app.getUserDeptIDs(s.ID)
+	return &s, nil
 }
 
 func (app *App) listUsers() ([]User, error) {
 	rows, err := app.db.Query(
-		`SELECT id, username, role, created_at FROM users ORDER BY username`,
+		`SELECT id, email, preferred_name, created_at
+		 FROM participants WHERE login_enabled = 1 AND deleted_at IS NULL ORDER BY preferred_name, email`,
 	)
 	if err != nil {
 		return nil, err
 	}
 	defer rows.Close()
-	var users []User
+	var staff []User
 	for rows.Next() {
-		var u User
-		if err := rows.Scan(&u.ID, &u.Username, &u.Role, &u.CreatedAt); err != nil {
+		var s User
+		if err := rows.Scan(&s.ID, &s.Email, &s.PreferredName, &s.CreatedAt); err != nil {
 			return nil, err
 		}
-		u.DepartmentIDs = []int{}
-		users = append(users, u)
+		s.Roles = []string{}
+		s.DepartmentIDs = []int{}
+		staff = append(staff, s)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, err
 	}
-	for i := range users {
-		users[i].DepartmentIDs, _ = app.getUserDeptIDs(users[i].ID)
+	for i := range staff {
+		staff[i].Roles, _ = app.getParticipantRoles(staff[i].ID)
+		staff[i].DepartmentIDs, _ = app.getUserDeptIDs(staff[i].ID)
 	}
-	return users, nil
+	return staff, nil
 }
 
-func (app *App) createUser(username, hash, role string, deptIDs []int) (*User, error) {
+func (app *App) createUser(email, preferredName, hash string, roles []string, deptIDs []int) (*User, error) {
+	// Find or create participant by email.
+	p, err := app.getParticipantByEmail(email)
+	if err != nil {
+		return nil, err
+	}
+	if p != nil {
+		// Participant exists — promote to staff.
+		if _, err := app.db.Exec(
+			`UPDATE participants SET password_hash = ?, login_enabled = 1, updated_at = ? WHERE id = ?`,
+			hash, now(), p.ID,
+		); err != nil {
+			return nil, err
+		}
+		if err := app.setParticipantRoles(p.ID, roles); err != nil {
+			return nil, err
+		}
+		if err := app.setUserDeptIDs(p.ID, deptIDs); err != nil {
+			return nil, err
+		}
+		return app.getUser(p.ID)
+	}
+	// Create new participant with auth.
 	res, err := app.db.Exec(
-		`INSERT INTO users (username, password_hash, role) VALUES (?, ?, ?)`,
-		username, hash, role,
+		`INSERT INTO participants (email, preferred_name, password_hash, login_enabled, updated_at)
+		 VALUES (?, ?, ?, 1, ?)`,
+		strings.ToLower(email), preferredName, hash, now(),
 	)
 	if err != nil {
 		return nil, err
 	}
 	id, _ := res.LastInsertId()
+	if err := app.setParticipantRoles(int(id), roles); err != nil {
+		return nil, err
+	}
 	if err := app.setUserDeptIDs(int(id), deptIDs); err != nil {
 		return nil, err
 	}
-	return app.getUserByID(int(id))
+	return app.getUser(int(id))
 }
 
-func (app *App) updateUser(id int, role string, deptIDs []int) error {
-	if _, err := app.db.Exec(`UPDATE users SET role = ? WHERE id = ?`, role, id); err != nil {
+func (app *App) updateUserRoles(id int, roles []string, deptIDs []int) error {
+	var enabled int
+	err := app.db.QueryRow(`SELECT login_enabled FROM participants WHERE id = ? AND deleted_at IS NULL`, id).Scan(&enabled)
+	if err != nil || enabled != 1 {
+		return fmt.Errorf("participant not found or not a staff member")
+	}
+	if err := app.setParticipantRoles(id, roles); err != nil {
 		return err
 	}
 	return app.setUserDeptIDs(id, deptIDs)
 }
 
 func (app *App) updateUserPassword(id int, hash string) error {
-	_, err := app.db.Exec(`UPDATE users SET password_hash = ? WHERE id = ?`, hash, id)
+	_, err := app.db.Exec(
+		`UPDATE participants SET password_hash = ?, updated_at = ? WHERE id = ? AND login_enabled = 1`, hash, now(), id,
+	)
 	return err
 }
 
-func (app *App) deleteUser(id int) error {
-	_, err := app.db.Exec(`DELETE FROM users WHERE id = ?`, id)
-	return err
+func (app *App) removeUser(id int) error {
+	tx, err := app.db.Begin()
+	if err != nil {
+		return err
+	}
+	defer tx.Rollback()
+	if _, err := tx.Exec(`DELETE FROM participant_roles WHERE participant_id = ?`, id); err != nil {
+		return err
+	}
+	if _, err := tx.Exec(`DELETE FROM participant_departments WHERE participant_id = ?`, id); err != nil {
+		return err
+	}
+	if _, err := tx.Exec(
+		`UPDATE participants SET login_enabled = 0, password_hash = NULL, updated_at = ? WHERE id = ?`, now(), id,
+	); err != nil {
+		return err
+	}
+	return tx.Commit()
 }
 
 func (app *App) countUsers() (int, error) {
 	var n int
-	err := app.db.QueryRow(`SELECT COUNT(*) FROM users`).Scan(&n)
+	err := app.db.QueryRow(`SELECT COUNT(*) FROM participants WHERE login_enabled = 1 AND deleted_at IS NULL`).Scan(&n)
 	return n, err
 }
 
@@ -434,7 +530,7 @@ func (app *App) generateUniqueToken() (string, error) {
 			return "", err
 		}
 		var count int
-		if err := app.db.QueryRow(`SELECT COUNT(*) FROM attendees WHERE volunteer_token = ?`, t).Scan(&count); err != nil {
+		if err := app.db.QueryRow(`SELECT COUNT(*) FROM tickets WHERE code = ?`, t).Scan(&count); err != nil {
 			return "", fmt.Errorf("check token uniqueness: %w", err)
 		}
 		if count == 0 {
@@ -444,19 +540,10 @@ func (app *App) generateUniqueToken() (string, error) {
 	return "", fmt.Errorf("failed to generate unique token")
 }
 
-func (app *App) getAttendeeByToken(token string) (*Attendee, error) {
-	rows, err := queryAttendees(app.db,
-		`SELECT `+attendeeCols+` FROM attendees WHERE volunteer_token = ? AND deleted_at IS NULL`, token)
-	if err != nil || len(rows) == 0 {
-		return nil, err
-	}
-	return &rows[0], nil
-}
-
-// generateTokensForAll creates tokens for every attendee that doesn't have one yet.
-func (app *App) generateTokensForAll() (int, error) {
+// generateCodesForAll generates codes for every ticket that doesn't have one yet.
+func (app *App) generateCodesForAll() (int, error) {
 	rows, err := app.db.Query(
-		`SELECT id FROM attendees WHERE volunteer_token IS NULL AND deleted_at IS NULL`,
+		`SELECT id FROM tickets WHERE code IS NULL AND deleted_at IS NULL`,
 	)
 	if err != nil {
 		return 0, err
@@ -466,7 +553,7 @@ func (app *App) generateTokensForAll() (int, error) {
 	for rows.Next() {
 		var id int
 		if err := rows.Scan(&id); err != nil {
-			return 0, fmt.Errorf("scan attendee id: %w", err)
+			return 0, fmt.Errorf("scan ticket id: %w", err)
 		}
 		ids = append(ids, id)
 	}
@@ -477,161 +564,256 @@ func (app *App) generateTokensForAll() (int, error) {
 		if err != nil {
 			continue
 		}
-		app.db.Exec(`UPDATE attendees SET volunteer_token=?, updated_at=? WHERE id=?`, t, now(), id)
+		app.db.Exec(`UPDATE tickets SET code=?, updated_at=? WHERE id=?`, t, now(), id)
 		count++
 	}
 	return count, nil
 }
 
-// incrementPartySize bumps party_size for an existing attendee matched by name+ticket_id.
-// Used during import to handle duplicate ticket rows from the same order.
-func (app *App) incrementPartySize(name, ticketID string) (bool, error) {
-	res, err := app.db.Exec(
-		`UPDATE attendees SET party_size = party_size + 1, updated_at = ?
-		 WHERE name = ? AND ticket_id = ? AND deleted_at IS NULL`,
-		now(), name, ticketID,
-	)
-	if err != nil {
-		return false, err
-	}
-	n, _ := res.RowsAffected()
-	return n > 0, nil
-}
+// --- Participants ---
 
-// --- Attendees ---
+const participantCols = `id, email, preferred_name, ticket_name, phone, pronouns, note, email_confirmed, confirmation_token, created_at, updated_at, deleted_at`
 
-func (app *App) listAttendees(search, ticketType, checkedIn string) ([]Attendee, error) {
-	q := `SELECT ` + attendeeCols + ` FROM attendees WHERE deleted_at IS NULL`
+func (app *App) listParticipants(search, since string) ([]Participant, error) {
+	var q string
 	var args []any
-	if search != "" {
-		q += ` AND (name LIKE ? OR email LIKE ? OR ticket_id LIKE ?)`
-		s := "%" + search + "%"
-		args = append(args, s, s, s)
+	if since != "" {
+		q = `SELECT ` + participantCols + ` FROM participants WHERE updated_at > ? ORDER BY preferred_name, email`
+		args = append(args, since)
+	} else {
+		q = `SELECT ` + participantCols + ` FROM participants WHERE deleted_at IS NULL`
+		if search != "" {
+			q += ` AND (preferred_name LIKE ? OR email LIKE ?)`
+			s := "%" + search + "%"
+			args = append(args, s, s)
+		}
+		q += ` ORDER BY preferred_name, email`
 	}
-	if ticketType != "" {
-		q += ` AND ticket_type = ?`
-		args = append(args, ticketType)
-	}
-	if checkedIn == "true" {
-		q += ` AND checked_in = 1`
-	} else if checkedIn == "false" {
-		q += ` AND checked_in = 0`
-	}
-	q += ` ORDER BY name ASC`
-	return queryAttendees(app.db, q, args...)
+	return queryParticipants(app.db, q, args...)
 }
 
-func (app *App) getAttendee(id int) (*Attendee, error) {
-	rows, err := queryAttendees(app.db,
-		`SELECT `+attendeeCols+` FROM attendees WHERE id = ?`, id)
+func (app *App) getParticipant(id int) (*Participant, error) {
+	rows, err := queryParticipants(app.db,
+		`SELECT `+participantCols+` FROM participants WHERE id = ?`, id)
 	if err != nil || len(rows) == 0 {
 		return nil, err
 	}
 	return &rows[0], nil
 }
 
-func (app *App) createAttendee(a Attendee) (*Attendee, error) {
+func (app *App) getParticipantByEmail(email string) (*Participant, error) {
+	rows, err := queryParticipants(app.db,
+		`SELECT `+participantCols+` FROM participants WHERE LOWER(email) = LOWER(?) AND deleted_at IS NULL LIMIT 1`, email)
+	if err != nil || len(rows) == 0 {
+		return nil, err
+	}
+	return &rows[0], nil
+}
+
+func (app *App) createParticipant(p Participant) (*Participant, error) {
 	res, err := app.db.Exec(
-		`INSERT INTO attendees (name, email, phone, ticket_id, ticket_type, note, updated_at)
-		 VALUES (?, ?, ?, ?, ?, ?, ?)`,
-		a.Name, a.Email, a.Phone, a.TicketID, a.TicketType, a.Note, now(),
+		`INSERT INTO participants (email, preferred_name, ticket_name, phone, pronouns, note, email_confirmed, confirmation_token, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+		strings.ToLower(p.Email), p.PreferredName, p.TicketName, p.Phone, p.Pronouns, p.Note, boolInt(p.EmailConfirmed), p.ConfirmationToken, now(),
 	)
 	if err != nil {
 		return nil, err
 	}
 	id, _ := res.LastInsertId()
-	return app.getAttendee(int(id))
+	return app.getParticipant(int(id))
 }
 
-func (app *App) updateAttendee(a Attendee) error {
+func (app *App) updateParticipant(p Participant) error {
 	_, err := app.db.Exec(
-		`UPDATE attendees SET name=?, email=?, phone=?, ticket_id=?, ticket_type=?, note=?, updated_at=?
-		 WHERE id = ? AND deleted_at IS NULL`,
-		a.Name, a.Email, a.Phone, a.TicketID, a.TicketType, a.Note, now(), a.ID,
+		`UPDATE participants SET email=?, preferred_name=?, ticket_name=?, phone=?, pronouns=?, note=?, updated_at=?
+		 WHERE id=? AND deleted_at IS NULL`,
+		strings.ToLower(p.Email), p.PreferredName, p.TicketName, p.Phone, p.Pronouns, p.Note, now(), p.ID,
 	)
 	return err
 }
 
-func (app *App) deleteAttendee(id int) error {
+func (app *App) deleteParticipant(id int) error {
 	_, err := app.db.Exec(
-		`UPDATE attendees SET deleted_at = ?, updated_at = ? WHERE id = ?`, now(), now(), id,
+		`UPDATE participants SET deleted_at=?, updated_at=? WHERE id=?`, now(), now(), id,
 	)
 	return err
 }
 
-// checkInAttendee increments checked_in_count by count (capped at party_size).
-// Sets checked_in and checked_in_at on the first check-in.
-func (app *App) checkInAttendee(id, userID, count int) (*Attendee, error) {
-	if count < 1 {
-		count = 1
+// mergeParticipants reassigns all tickets and volunteers from other → canonical, then soft-deletes other.
+func (app *App) mergeParticipants(canonicalID, otherID int) error {
+	ts := now()
+	if _, err := app.db.Exec(
+		`UPDATE tickets SET participant_id=?, updated_at=? WHERE participant_id=? AND deleted_at IS NULL`,
+		canonicalID, ts, otherID,
+	); err != nil {
+		return err
 	}
-	a, err := app.getAttendee(id)
-	if err != nil || a == nil {
-		return nil, err
+	if _, err := app.db.Exec(
+		`UPDATE volunteers SET participant_id=?, updated_at=? WHERE participant_id=? AND deleted_at IS NULL`,
+		canonicalID, ts, otherID,
+	); err != nil {
+		return err
 	}
-	remaining := a.PartySize - a.CheckedInCount
-	if count > remaining {
-		count = remaining
-	}
-	if count <= 0 {
-		return a, nil
-	}
-	t := now()
-	_, err = app.db.Exec(`
-		UPDATE attendees SET
-			checked_in_count = checked_in_count + ?,
-			checked_in       = CASE WHEN checked_in = 0 THEN 1 ELSE checked_in END,
-			checked_in_at    = CASE WHEN checked_in = 0 THEN ? ELSE checked_in_at END,
-			checked_in_by    = CASE WHEN checked_in = 0 THEN ? ELSE checked_in_by END,
-			updated_at       = ?
-		WHERE id = ? AND deleted_at IS NULL`,
-		count, t, userID, t, id,
+	app.db.Exec(`INSERT OR IGNORE INTO participant_roles (participant_id, role) SELECT ?, role FROM participant_roles WHERE participant_id = ?`, canonicalID, otherID)
+	app.db.Exec(`INSERT OR IGNORE INTO participant_departments (participant_id, department_id) SELECT ?, department_id FROM participant_departments WHERE participant_id = ?`, canonicalID, otherID)
+	_, err := app.db.Exec(
+		`UPDATE participants SET deleted_at=?, updated_at=? WHERE id=?`, ts, ts, otherID,
 	)
-	if err != nil {
-		return nil, err
-	}
-	return app.getAttendee(id)
+	return err
 }
 
-func (app *App) attendeesSince(since string) ([]Attendee, error) {
-	return queryAttendees(app.db,
-		`SELECT `+attendeeCols+` FROM attendees WHERE updated_at > ? ORDER BY updated_at ASC`, since)
-}
-
-func queryAttendees(db *sql.DB, q string, args ...any) ([]Attendee, error) {
+func queryParticipants(db *sql.DB, q string, args ...any) ([]Participant, error) {
 	rows, err := db.Query(q, args...)
 	if err != nil {
 		return nil, err
 	}
 	defer rows.Close()
-	var result []Attendee
+	var result []Participant
 	for rows.Next() {
-		var a Attendee
-		var checkedIn int
-		var token sql.NullString
+		var p Participant
+		var emailConfirmed int
+		var confirmationToken sql.NullString
 		if err := rows.Scan(
-			&a.ID, &a.Name, &a.Email, &a.Phone, &a.TicketID, &a.TicketType,
-			&token, &a.PartySize, &checkedIn, &a.CheckedInCount,
-			&a.CheckedInAt, &a.CheckedInBy, &a.Note,
-			&a.CreatedAt, &a.UpdatedAt, &a.DeletedAt,
+			&p.ID, &p.Email, &p.PreferredName, &p.TicketName, &p.Phone, &p.Pronouns, &p.Note,
+			&emailConfirmed, &confirmationToken,
+			&p.CreatedAt, &p.UpdatedAt, &p.DeletedAt,
 		); err != nil {
 			return nil, err
 		}
-		if token.Valid && token.String != "" {
-			a.VolunteerToken = &token.String
+		p.EmailConfirmed = emailConfirmed == 1
+		if confirmationToken.Valid {
+			p.ConfirmationToken = &confirmationToken.String
 		}
-		a.CheckedIn = checkedIn == 1
-		if a.PartySize < 1 {
-			a.PartySize = 1
-		}
-		result = append(result, a)
+		result = append(result, p)
 	}
 	return result, rows.Err()
 }
 
-func (app *App) attendeeTicketTypes() ([]string, error) {
+// upsertParticipant finds a participant by email or creates one.
+// Returns the participant and whether it was newly created.
+func (app *App) upsertParticipant(email, name string) (*Participant, bool, error) {
+	p, err := app.getParticipantByEmail(email)
+	if err != nil {
+		return nil, false, err
+	}
+	if p != nil {
+		return p, false, nil
+	}
+	created, err := app.createParticipant(Participant{
+		Email:         email,
+		PreferredName: name,
+	})
+	return created, true, err
+}
+
+// --- Tickets ---
+
+const ticketCols = `id, participant_id, name, ticket_type, source, external_id, order_id, code, checked_in_at, checked_in_by, created_at, updated_at, deleted_at`
+
+func (app *App) listTickets(participantID *int, since string) ([]Ticket, error) {
+	q := `SELECT ` + ticketCols + ` FROM tickets WHERE 1=1`
+	var args []any
+	if since != "" {
+		q += ` AND updated_at > ?`
+		args = append(args, since)
+	} else {
+		q += ` AND deleted_at IS NULL`
+	}
+	if participantID != nil {
+		q += ` AND participant_id = ?`
+		args = append(args, *participantID)
+	}
+	q += ` ORDER BY created_at`
+	return queryTickets(app.db, q, args...)
+}
+
+func (app *App) getTicket(id int) (*Ticket, error) {
+	rows, err := queryTickets(app.db,
+		`SELECT `+ticketCols+` FROM tickets WHERE id = ?`, id)
+	if err != nil || len(rows) == 0 {
+		return nil, err
+	}
+	return &rows[0], nil
+}
+
+func (app *App) createTicket(t Ticket) (*Ticket, error) {
+	res, err := app.db.Exec(
+		`INSERT INTO tickets (participant_id, name, ticket_type, source, external_id, order_id, code, updated_at)
+		 VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
+		t.ParticipantID, t.Name, t.TicketType, t.Source, t.ExternalID, t.OrderID, t.Code, now(),
+	)
+	if err != nil {
+		return nil, err
+	}
+	id, _ := res.LastInsertId()
+	return app.getTicket(int(id))
+}
+
+func (app *App) checkInTicket(id, userID int) (*Ticket, error) {
+	t := now()
+	_, err := app.db.Exec(`
+		UPDATE tickets SET
+			checked_in_at = CASE WHEN checked_in_at IS NULL THEN ? ELSE checked_in_at END,
+			checked_in_by = CASE WHEN checked_in_at IS NULL THEN ? ELSE checked_in_by END,
+			updated_at    = ?
+		WHERE id = ? AND deleted_at IS NULL`,
+		t, userID, t, id,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return app.getTicket(id)
+}
+
+func (app *App) deleteTicket(id int) error {
+	_, err := app.db.Exec(
+		`UPDATE tickets SET deleted_at=?, updated_at=? WHERE id=?`, now(), now(), id,
+	)
+	return err
+}
+
+func queryTickets(db *sql.DB, q string, args ...any) ([]Ticket, error) {
+	rows, err := db.Query(q, args...)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var result []Ticket
+	for rows.Next() {
+		var t Ticket
+		var participantID, checkedInBy sql.NullInt64
+		var code sql.NullString
+		if err := rows.Scan(
+			&t.ID, &participantID, &t.Name, &t.TicketType, &t.Source, &t.ExternalID, &t.OrderID,
+			&code, &t.CheckedInAt, &checkedInBy, &t.CreatedAt, &t.UpdatedAt, &t.DeletedAt,
+		); err != nil {
+			return nil, err
+		}
+		if participantID.Valid {
+			id := int(participantID.Int64)
+			t.ParticipantID = &id
+		}
+		if checkedInBy.Valid {
+			id := int(checkedInBy.Int64)
+			t.CheckedInBy = &id
+		}
+		if code.Valid && code.String != "" {
+			t.Code = &code.String
+		}
+		result = append(result, t)
+	}
+	return result, rows.Err()
+}
+
+// ticketCounts returns total and checked-in ticket counts for participants page.
+func (app *App) ticketCounts() (total, checkedIn int, err error) {
+	app.db.QueryRow(`SELECT COUNT(*) FROM tickets WHERE deleted_at IS NULL`).Scan(&total)
+	app.db.QueryRow(`SELECT COUNT(*) FROM tickets WHERE checked_in_at IS NOT NULL AND deleted_at IS NULL`).Scan(&checkedIn)
+	return
+}
+
+func (app *App) ticketTypes() ([]string, error) {
 	rows, err := app.db.Query(
-		`SELECT DISTINCT ticket_type FROM attendees WHERE ticket_type != '' AND deleted_at IS NULL ORDER BY ticket_type`,
+		`SELECT DISTINCT ticket_type FROM tickets WHERE ticket_type != '' AND deleted_at IS NULL ORDER BY ticket_type`,
 	)
 	if err != nil {
 		return nil, err
@@ -646,12 +828,6 @@ func (app *App) attendeeTicketTypes() ([]string, error) {
 	return types, rows.Err()
 }
 
-func (app *App) attendeeCounts() (total, checkedIn int, err error) {
-	app.db.QueryRow(`SELECT COUNT(*) FROM attendees WHERE deleted_at IS NULL`).Scan(&total)
-	app.db.QueryRow(`SELECT COUNT(*) FROM attendees WHERE checked_in=1 AND deleted_at IS NULL`).Scan(&checkedIn)
-	return
-}
-
 // --- Departments ---
 
 func (app *App) listDepartments(since string) ([]Department, error) {
@@ -719,42 +895,44 @@ func queryDepartments(db *sql.DB, q string, args ...any) ([]Department, error) {
 
 // --- Volunteers ---
 
-const volunteerCols = `id, attendee_id, name, email, phone, department_id, is_lead, checked_in, checked_in_at, note, created_at, updated_at, deleted_at`
+const volunteerSelect = `v.id, v.participant_id,
+	p.preferred_name, p.email, p.phone, p.pronouns,
+	v.department_id, v.is_lead, v.ready, v.ready_at,
+	v.confirmed, v.confirmed_at,
+	p.email_confirmed, v.kiosk_code, v.note,
+	v.created_at, v.updated_at, v.deleted_at`
+const volunteerFrom = `FROM volunteers v INNER JOIN participants p ON p.id = v.participant_id`
 
-func (app *App) listVolunteers(search string, deptID *int, since string) ([]Volunteer, error) {
-	q := `SELECT ` + volunteerCols + ` FROM volunteers WHERE 1=1`
+func (app *App) listVolunteers(search string, deptIDs []int, since string) ([]Volunteer, error) {
+	q := `SELECT ` + volunteerSelect + ` ` + volunteerFrom + ` WHERE 1=1`
 	var args []any
 	if since != "" {
-		q += ` AND updated_at > ?`
+		q += ` AND v.updated_at > ?`
 		args = append(args, since)
 	} else {
-		q += ` AND deleted_at IS NULL`
+		q += ` AND v.deleted_at IS NULL`
 	}
 	if search != "" {
-		q += ` AND (name LIKE ? OR email LIKE ?)`
+		q += ` AND (p.preferred_name LIKE ? OR p.email LIKE ?)`
 		s := "%" + search + "%"
 		args = append(args, s, s)
 	}
-	if deptID != nil {
-		q += ` AND department_id = ?`
-		args = append(args, *deptID)
+	if len(deptIDs) == 1 {
+		q += ` AND v.department_id = ?`
+		args = append(args, deptIDs[0])
+	} else if len(deptIDs) > 1 {
+		q += ` AND v.department_id IN (` + placeholders(len(deptIDs)) + `)`
+		for _, id := range deptIDs {
+			args = append(args, id)
+		}
 	}
-	q += ` ORDER BY name`
+	q += ` ORDER BY p.preferred_name`
 	return queryVolunteers(app.db, q, args...)
 }
 
 func (app *App) getVolunteer(id int) (*Volunteer, error) {
 	rows, err := queryVolunteers(app.db,
-		`SELECT `+volunteerCols+` FROM volunteers WHERE id = ?`, id)
-	if err != nil || len(rows) == 0 {
-		return nil, err
-	}
-	return &rows[0], nil
-}
-
-func (app *App) getVolunteerByAttendeeID(attendeeID int) (*Volunteer, error) {
-	rows, err := queryVolunteers(app.db,
-		`SELECT `+volunteerCols+` FROM volunteers WHERE attendee_id = ? AND deleted_at IS NULL LIMIT 1`, attendeeID)
+		`SELECT `+volunteerSelect+` `+volunteerFrom+` WHERE v.id = ?`, id)
 	if err != nil || len(rows) == 0 {
 		return nil, err
 	}
@@ -763,9 +941,9 @@ func (app *App) getVolunteerByAttendeeID(attendeeID int) (*Volunteer, error) {
 
 func (app *App) createVolunteer(v Volunteer) (*Volunteer, error) {
 	res, err := app.db.Exec(
-		`INSERT INTO volunteers (attendee_id, name, email, phone, department_id, is_lead, note, updated_at)
-		 VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
-		v.AttendeeID, v.Name, v.Email, v.Phone, v.DepartmentID, boolInt(v.IsLead), v.Note, now(),
+		`INSERT INTO volunteers (participant_id, department_id, is_lead, note, updated_at)
+		 VALUES (?, ?, ?, ?, ?)`,
+		v.ParticipantID, v.DepartmentID, boolInt(v.IsLead), v.Note, now(),
 	)
 	if err != nil {
 		return nil, err
@@ -776,9 +954,9 @@ func (app *App) createVolunteer(v Volunteer) (*Volunteer, error) {
 
 func (app *App) updateVolunteer(v Volunteer) error {
 	_, err := app.db.Exec(
-		`UPDATE volunteers SET attendee_id=?, name=?, email=?, phone=?, department_id=?, is_lead=?, note=?, updated_at=?
+		`UPDATE volunteers SET department_id=?, is_lead=?, note=?, updated_at=?
 		 WHERE id=? AND deleted_at IS NULL`,
-		v.AttendeeID, v.Name, v.Email, v.Phone, v.DepartmentID, boolInt(v.IsLead), v.Note, now(), v.ID,
+		v.DepartmentID, boolInt(v.IsLead), v.Note, now(), v.ID,
 	)
 	return err
 }
@@ -790,26 +968,30 @@ func (app *App) deleteVolunteer(id int) error {
 	return err
 }
 
-// checkInVolunteer marks the volunteer as checked in and, if linked to an attendee,
-// also increments the attendee's checked_in_count.
-func (app *App) checkInVolunteer(id, userID int) (*Volunteer, error) {
+func (app *App) markVolunteerReady(id, userID int) (*Volunteer, error) {
 	t := now()
 	_, err := app.db.Exec(
-		`UPDATE volunteers SET checked_in=1, checked_in_at=?, updated_at=?
-		 WHERE id=? AND deleted_at IS NULL AND checked_in=0`,
+		`UPDATE volunteers SET ready=1, ready_at=?, updated_at=?
+		 WHERE id=? AND deleted_at IS NULL AND ready=0`,
 		t, t, id,
 	)
 	if err != nil {
 		return nil, err
 	}
-	v, err := app.getVolunteer(id)
-	if err != nil || v == nil {
-		return v, err
+	return app.getVolunteer(id)
+}
+
+func (app *App) confirmVolunteer(id int) (*Volunteer, error) {
+	t := now()
+	_, err := app.db.Exec(
+		`UPDATE volunteers SET confirmed=1, confirmed_at=?, updated_at=?
+		 WHERE id=? AND deleted_at IS NULL AND confirmed=0`,
+		t, t, id,
+	)
+	if err != nil {
+		return nil, err
 	}
-	if v.AttendeeID != nil {
-		app.checkInAttendee(*v.AttendeeID, userID, 1)
-	}
-	return v, nil
+	return app.getVolunteer(id)
 }
 
 func queryVolunteers(db *sql.DB, q string, args ...any) ([]Volunteer, error) {
@@ -821,33 +1003,119 @@ func queryVolunteers(db *sql.DB, q string, args ...any) ([]Volunteer, error) {
 	var result []Volunteer
 	for rows.Next() {
 		var v Volunteer
-		var attendeeID, deptID sql.NullInt64
-		var isLead, checkedIn int
+		var deptID sql.NullInt64
+		var isLead, ready, confirmed, emailConfirmed int
+		var confirmedAt, kioskCode sql.NullString
 		if err := rows.Scan(
-			&v.ID, &attendeeID, &v.Name, &v.Email, &v.Phone, &deptID,
-			&isLead, &checkedIn, &v.CheckedInAt, &v.Note,
+			&v.ID, &v.ParticipantID,
+			&v.Name, &v.Email, &v.Phone, &v.Pronouns,
+			&deptID, &isLead, &ready, &v.ReadyAt,
+			&confirmed, &confirmedAt,
+			&emailConfirmed, &kioskCode, &v.Note,
 			&v.CreatedAt, &v.UpdatedAt, &v.DeletedAt,
 		); err != nil {
 			return nil, err
 		}
-		if attendeeID.Valid {
-			id := int(attendeeID.Int64)
-			v.AttendeeID = &id
-		}
 		if deptID.Valid {
 			id := int(deptID.Int64)
 			v.DepartmentID = &id
 		}
+		if confirmedAt.Valid {
+			v.ConfirmedAt = &confirmedAt.String
+		}
+		if kioskCode.Valid {
+			v.KioskCode = &kioskCode.String
+		}
 		v.IsLead = isLead == 1
-		v.CheckedIn = checkedIn == 1
+		v.Ready = ready == 1
+		v.Confirmed = confirmed == 1
+		v.EmailConfirmed = emailConfirmed == 1
 		result = append(result, v)
 	}
 	return result, rows.Err()
 }
 
+func (app *App) getVolunteerByEmail(email string) (*Volunteer, error) {
+	rows, err := queryVolunteers(app.db,
+		`SELECT `+volunteerSelect+` `+volunteerFrom+` WHERE LOWER(p.email) = LOWER(?) AND v.deleted_at IS NULL LIMIT 1`, email)
+	if err != nil || len(rows) == 0 {
+		return nil, err
+	}
+	return &rows[0], nil
+}
+
+func (app *App) getVolunteerByConfirmationToken(token string) (*Volunteer, error) {
+	rows, err := queryVolunteers(app.db,
+		`SELECT `+volunteerSelect+` `+volunteerFrom+` WHERE p.confirmation_token = ? AND v.deleted_at IS NULL LIMIT 1`, token)
+	if err != nil || len(rows) == 0 {
+		return nil, err
+	}
+	return &rows[0], nil
+}
+
+func (app *App) confirmParticipantEmail(participantID int) error {
+	_, err := app.db.Exec(
+		`UPDATE participants SET email_confirmed = 1, confirmation_token = NULL, updated_at = ? WHERE id = ?`,
+		now(), participantID)
+	return err
+}
+
+func (app *App) setParticipantConfirmationToken(participantID int, token string) error {
+	_, err := app.db.Exec(
+		`UPDATE participants SET confirmation_token = ?, updated_at = ? WHERE id = ?`,
+		token, now(), participantID)
+	return err
+}
+
+func (app *App) getVolunteerByKioskCode(code string) (*Volunteer, error) {
+	rows, err := queryVolunteers(app.db,
+		`SELECT `+volunteerSelect+` `+volunteerFrom+` WHERE v.kiosk_code = ? AND v.deleted_at IS NULL LIMIT 1`, code)
+	if err != nil || len(rows) == 0 {
+		return nil, err
+	}
+	return &rows[0], nil
+}
+
+func (app *App) assignKioskCode(id int, code string) error {
+	_, err := app.db.Exec(
+		`UPDATE volunteers SET kiosk_code=?, updated_at=? WHERE id=?`, code, now(), id)
+	return err
+}
+
+func (app *App) listVolunteersNeedingKioskCode() ([]Volunteer, error) {
+	return queryVolunteers(app.db, `
+		SELECT `+volunteerSelect+` `+volunteerFrom+`
+		WHERE p.email_confirmed = 1 AND v.kiosk_code IS NULL AND v.deleted_at IS NULL`)
+}
+
+func (app *App) generateVolunteerKioskCode() (string, error) {
+	for range 10 {
+		t, err := generateToken()
+		if err != nil {
+			return "", err
+		}
+		var count int
+		if err := app.db.QueryRow(`SELECT COUNT(*) FROM volunteers WHERE kiosk_code = ?`, t).Scan(&count); err != nil {
+			return "", fmt.Errorf("check kiosk code uniqueness: %w", err)
+		}
+		if count == 0 {
+			return t, nil
+		}
+	}
+	return "", fmt.Errorf("failed to generate unique kiosk code")
+}
+
+func generateConfirmationToken() (string, error) {
+	b := make([]byte, 16)
+	if _, err := rand.Read(b); err != nil {
+		return "", fmt.Errorf("read random: %w", err)
+	}
+	return fmt.Sprintf("%x", b), nil
+}
+
 // --- Shifts ---
 
-func (app *App) listShifts(deptID *int, day, since string) ([]Shift, error) {
+func (app *App) listShifts(deptIDs []int, day, since string) ([]Shift, error) {
 	q := `SELECT ` + shiftCols + ` FROM shifts WHERE 1=1`
 	var args []any
 	if since != "" {
@@ -856,9 +1124,14 @@ func (app *App) listShifts(deptID *int, day, since string) ([]Shift, error) {
 	} else {
 		q += ` AND deleted_at IS NULL`
 	}
-	if deptID != nil {
+	if len(deptIDs) == 1 {
 		q += ` AND department_id = ?`
-		args = append(args, *deptID)
+		args = append(args, deptIDs[0])
+	} else if len(deptIDs) > 1 {
+		q += ` AND department_id IN (` + placeholders(len(deptIDs)) + `)`
+		for _, id := range deptIDs {
+			args = append(args, id)
+		}
 	}
 	if day != "" {
 		q += ` AND day = ?`
@@ -1029,7 +1302,7 @@ var errShiftFull = fmt.Errorf("shift is full")
 
 func (app *App) unassignShift(volunteerID, shiftID int) error {
 	_, err := app.db.Exec(
-		`UPDATE volunteer_shifts SET deleted_at = ?, updated_at = ? WHERE volunteer_id=? AND shift_id=?`,
+		`UPDATE volunteer_shifts SET deleted_at=?, updated_at=? WHERE volunteer_id=? AND shift_id=?`,
 		now(), now(), volunteerID, shiftID,
 	)
 	return err
@@ -1082,6 +1355,27 @@ func (app *App) listOpenShiftsForDept(deptID int) ([]Shift, error) {
 		ORDER BY s.day, s.position, s.start_time`, deptID)
 }
 
+// --- SSO Nonces ---
+
+func (app *App) createSSONonce(nonce string) error {
+	_, err := app.db.Exec(`INSERT INTO sso_nonces (nonce) VALUES (?)`, nonce)
+	return err
+}
+
+func (app *App) consumeSSONonce(nonce string) (bool, error) {
+	res, err := app.db.Exec(
+		`DELETE FROM sso_nonces WHERE nonce = ? AND created_at > datetime('now', '-10 minutes')`, nonce)
+	if err != nil {
+		return false, err
+	}
+	n, _ := res.RowsAffected()
+	return n > 0, nil
+}
+
+func (app *App) cleanExpiredNonces() {
+	app.db.Exec(`DELETE FROM sso_nonces WHERE created_at < datetime('now', '-10 minutes')`)
+}
+
 // --- Helpers ---
 
 func now() string {
@@ -1094,3 +1388,10 @@ func boolInt(b bool) int {
 	}
 	return 0
 }
+
+func placeholders(n int) string {
+	if n <= 0 {
+		return ""
+	}
+	return strings.Repeat("?,", n-1) + "?"
+}
diff --git a/db_test.go b/db_test.go
index 0d453bb..5755d08 100644
--- a/db_test.go
+++ b/db_test.go
@@ -7,7 +7,7 @@ import (
 func TestMigrate(t *testing.T) {
 	app := testApp(t)
 	// Verify tables exist by querying each one
-	tables := []string{"event", "users", "attendees", "departments", "volunteers", "shifts", "volunteer_shifts"}
+	tables := []string{"event", "participants", "participant_roles", "departments", "volunteers", "shifts", "volunteer_shifts"}
 	for _, table := range tables {
 		var count int
 		err := app.db.QueryRow("SELECT COUNT(*) FROM " + table).Scan(&count)
@@ -17,98 +17,6 @@ func TestMigrate(t *testing.T) {
 	}
 }
 
-func TestAttendeesCRUD(t *testing.T) {
-	app := testApp(t)
-
-	a, err := app.createAttendee(Attendee{Name: "Titania", Email: "titania@test.com", TicketType: "GA"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if a.ID == 0 || a.Name != "Titania" {
-		t.Errorf("create: got %+v", a)
-	}
-
-	got, err := app.getAttendee(a.ID)
-	if err != nil || got == nil {
-		t.Fatal("get: not found")
-	}
-	if got.Email != "titania@test.com" {
-		t.Errorf("get: email = %q", got.Email)
-	}
-
-	got.Name = "Titania Fairweather"
-	if err := app.updateAttendee(*got); err != nil {
-		t.Fatal(err)
-	}
-	got2, _ := app.getAttendee(a.ID)
-	if got2.Name != "Titania Fairweather" {
-		t.Errorf("update: name = %q", got2.Name)
-	}
-
-	if err := app.deleteAttendee(a.ID); err != nil {
-		t.Fatal(err)
-	}
-	// getAttendee returns soft-deleted records; listAttendees filters them
-	attendees, _ := app.listAttendees("", "", "")
-	for _, at := range attendees {
-		if at.ID == a.ID {
-			t.Error("delete: still visible in list")
-		}
-	}
-}
-
-func TestIncrementPartySize(t *testing.T) {
-	app := testApp(t)
-
-	app.createAttendee(Attendee{Name: "Oberon", TicketID: "ORD-100"})
-
-	merged, err := app.incrementPartySize("Oberon", "ORD-100")
-	if err != nil || !merged {
-		t.Fatalf("increment: merged=%v, err=%v", merged, err)
-	}
-
-	a, _ := app.getAttendee(1)
-	if a.PartySize != 2 {
-		t.Errorf("party_size = %d, want 2", a.PartySize)
-	}
-
-	// Different ticket_id should not merge
-	merged2, _ := app.incrementPartySize("Oberon", "ORD-200")
-	if merged2 {
-		t.Error("should not merge different ticket_id")
-	}
-}
-
-func TestCheckInAttendee(t *testing.T) {
-	app := testApp(t)
-	admin := testAdminUser(t, app)
-
-	app.createAttendee(Attendee{Name: "Puck"})
-	// Set party_size directly since createAttendee defaults to 1
-	app.db.Exec(`UPDATE attendees SET party_size = 3 WHERE id = 1`)
-
-	// Check in 1
-	a, err := app.checkInAttendee(1, admin.ID, 1)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if a.CheckedInCount != 1 || !a.CheckedIn {
-		t.Errorf("after 1: count=%d, checked_in=%v", a.CheckedInCount, a.CheckedIn)
-	}
-
-	// Check in 2 more (should cap at party_size=3)
-	a, _ = app.checkInAttendee(1, admin.ID, 5)
-	if a.CheckedInCount != 3 {
-		t.Errorf("after cap: count=%d, want 3", a.CheckedInCount)
-	}
-
-	// Check in again — already full, should stay at 3
-	a, _ = app.checkInAttendee(1, admin.ID, 1)
-	if a.CheckedInCount != 3 {
-		t.Errorf("after full: count=%d, want 3", a.CheckedInCount)
-	}
-}
-
 func TestGenerateToken(t *testing.T) {
 	token, err := generateToken()
 	if err != nil {
@@ -197,7 +105,8 @@ func TestAssignAndUnassignShift(t *testing.T) {
 	dept, _ := app.createDepartment(Department{Name: "Gate"})
 	deptID := dept.ID
 	s, _ := app.createShift(Shift{DepartmentID: deptID, Name: "AM", Day: "2026-03-15", StartTime: "08:00", EndTime: "12:00", Capacity: 2})
-	v, _ := app.createVolunteer(Volunteer{Name: "Helena", DepartmentID: &deptID})
+	p, _ := app.createParticipant(Participant{PreferredName: "Helena", Email: "helena@test.com"})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptID})
 
 	if err := app.assignShift(v.ID, s.ID); err != nil {
 		t.Fatal(err)
@@ -221,7 +130,8 @@ func TestCheckShiftConflict(t *testing.T) {
 
 	dept, _ := app.createDepartment(Department{Name: "Gate"})
 	deptID := dept.ID
-	v, _ := app.createVolunteer(Volunteer{Name: "Hermia", DepartmentID: &deptID})
+	p, _ := app.createParticipant(Participant{PreferredName: "Hermia", Email: "hermia@test.com"})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptID})
 
 	s1, _ := app.createShift(Shift{DepartmentID: deptID, Name: "Morning", Day: "2026-03-15", StartTime: "08:00", EndTime: "12:00"})
 	s2, _ := app.createShift(Shift{DepartmentID: deptID, Name: "Overlap", Day: "2026-03-15", StartTime: "10:00", EndTime: "14:00"})
@@ -250,7 +160,8 @@ func TestCheckShiftConflictMidnight(t *testing.T) {
 
 	dept, _ := app.createDepartment(Department{Name: "Sound"})
 	deptID := dept.ID
-	v, _ := app.createVolunteer(Volunteer{Name: "Lysander", DepartmentID: &deptID})
+	p, _ := app.createParticipant(Participant{PreferredName: "Lysander", Email: "lysander@test.com"})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptID})
 
 	// Night shift: 22:00-02:00 (spans midnight)
 	night, _ := app.createShift(Shift{DepartmentID: deptID, Name: "Night", Day: "2026-03-15", StartTime: "22:00", EndTime: "02:00"})
diff --git a/docs/INSTALLATION.md b/docs/INSTALLATION.md
index 1f9a967..9bc0dbc 100644
--- a/docs/INSTALLATION.md
+++ b/docs/INSTALLATION.md
@@ -105,23 +105,27 @@ docker run -p 8180:8180 \
 
 ## NixOS
 
-Turnpike builds with `buildGoModule` using the pure-Go SQLite driver (no CGO):
+Turnpike builds with `buildGoModule` + `buildNpmPackage` (pure-Go SQLite, no CGO). The frontend is built separately and copied into the Go build:
 
 ```nix
+frontendDist = pkgs.buildNpmPackage {
+  pname = "turnpike-frontend";
+  src = "${src}/frontend";
+  npmDepsHash = "sha256-...";
+  buildPhase = "npm run build";
+  installPhase = "cp -r dist $out";
+};
+
 turnpike = pkgs.buildGoModule {
   pname = "turnpike";
-  version = "0.1.0";
-  src = ./path/to/turnpike;  # must include vendor/ and frontend/dist/
-  vendorHash = null;
+  src = fetchgit { url = "..."; rev = "v2.0.0"; hash = "sha256-..."; };
+  vendorHash = "sha256-...";
   env.CGO_ENABLED = 0;
+  preBuild = "cp -r ${frontendDist} frontend/dist";
 };
 ```
 
-The source directory must contain:
-- Go source files and `vendor/` (run `go mod vendor`)
-- Pre-built frontend at `frontend/dist/` (run `cd frontend && npm run build`)
-
-A complete NixOS module example with `DynamicUser`, `StateDirectory`, and agenix secrets is in the project's `homelab/turnpike.nix`.
+A complete NixOS module with `DynamicUser`, `StateDirectory`, and secrets is in the project's `homelab/turnpike.nix`.
 
 ## Reverse Proxy
 
diff --git a/docs/USAGE.md b/docs/USAGE.md
index 80b25f0..c08ec50 100644
--- a/docs/USAGE.md
+++ b/docs/USAGE.md
@@ -12,23 +12,22 @@ After logging in, create accounts for your team under **Users**. Each user gets
 
 | Role | What they see | What they can do |
 |------|--------------|------------------|
-| **admin** | All pages + Settings | Everything: attendee import, user management, SMTP config, departments, shifts, volunteers |
-| **coordinator** | Dashboard, Schedule Board, Volunteers, Departments, Shifts | Manage volunteers, departments, and shifts across all departments. Cannot manage users or settings |
-| **volunteer_lead** | Schedule Board, Volunteers, Departments | Manage volunteers and shifts within their assigned department only |
-| **gate** | Full-screen Gate UI | Check in attendees (search + QR scan). No access to other pages |
+| **admin** | All pages + Settings | Everything: participant import, user management, SMTP config, departments, shifts, volunteers |
+| **ticketing** | Participants, Tickets, Import | Manage participants and tickets, run CSV imports |
+| **staffing** | Dashboard, Schedule, Volunteers, Departments | Manage volunteers, departments, and shifts across all departments. No user management or settings |
+| **colead** | Dashboard, Schedule, Volunteers | Manage volunteers and shifts within their assigned department(s) only |
+| **gatekeeper** | Full-screen Gate Kiosk | Check in ticket holders (search + QR scan). No access to other pages |
 
-Ticketing and ops staff should use the **admin** role. The `ticketing` role exists in the codebase but is effectively unused — admin covers all ticketing functions.
-
-Volunteer leads are scoped to a single department. When creating a volunteer_lead user, assign their department.
+Coleads are scoped to one or more departments. When creating a colead user, assign their department(s).
 
 ## Event Setup
 
-1. **Configure your event** — go to the Dashboard and set the event name and dates.
+1. **Configure your event** — go to **Settings** and set the event name, venue, dates, and timezone. These appear on the Dashboard and volunteer signup page.
 2. **Create departments** — under Departments, add each department your event needs (e.g., Gate, Greeters, Rangers, Build, LNT).
-3. **Import attendees** — see next section.
-4. **Create shifts** — under Shifts, create shifts for each department with day, start/end time, and capacity.
+3. **Import participants** — see next section.
+4. **Create shifts** — under Schedule, create shifts for each department with day, start/end time, and capacity.
 
-## Importing Attendees
+## Importing Participants
 
 Go to **Import** and upload a CSV file. Turnpike auto-detects two formats:
 
@@ -36,7 +35,7 @@ Go to **Import** and upload a CSV file. Turnpike auto-detects two formats:
 
 | Column | Maps to |
 |--------|---------|
-| `Patron Name` | Name |
+| `Patron Name` | Ticket name |
 | `Patron Email` | Email |
 | `Order Number` | Ticket ID |
 | `Tier Name` | Ticket type |
@@ -45,7 +44,7 @@ Go to **Import** and upload a CSV file. Turnpike auto-detects two formats:
 
 | Column | Maps to |
 |--------|---------|
-| `name` (required) | Name |
+| `name` (required) | Ticket name |
 | `email` | Email |
 | `ticket_id` | Ticket ID |
 | `ticket_type` | Ticket type |
@@ -53,32 +52,67 @@ Go to **Import** and upload a CSV file. Turnpike auto-detects two formats:
 
 Column matching is case-insensitive. Extra columns are ignored. BOM-encoded files (Windows Excel exports) are handled automatically.
 
-### Party-size dedup
+### Participants and tickets
 
-CrowdWork exports one row per ticket, even when the same person bought multiple tickets in one order. Turnpike handles this automatically:
+Each row in the CSV creates one **ticket**. Participants are deduplicated by email — multiple tickets with the same email address are linked to a single participant record. The import result shows `inserted` (new tickets) and `skipped` (exact duplicates).
 
-- First row for "Titania Fairweather" (order 1234) creates a record with `party_size=1`
-- Subsequent rows with the same name + order number increment `party_size` (no duplicate record)
-- Result: one attendee record, `party_size=3` if three tickets were purchased
+Re-importing the same CSV is safe — exact duplicates are skipped, not duplicated.
 
-The import result shows `inserted` (new records), `grouped` (merged into existing party), and `skipped` (exact duplicates).
+## Volunteer Signup
 
-Re-importing the same CSV is safe — existing records are skipped, not duplicated.
+Turnpike provides a public signup form for volunteers at `/volunteer-signup`. No login is required.
+
+### Signup flow
+
+1. Volunteer visits the signup form and fills in: preferred name (required), ticket name, email (required), pronouns, phone, department preference, and an optional note.
+2. Turnpike creates a volunteer record and auto-links it to an existing participant by email match, or creates a new participant record.
+3. A confirmation email is sent with a unique link (`/confirm/{token}`).
+4. The volunteer clicks the link to confirm their email.
+5. If shift signups are already open, the confirmation page includes a link to the kiosk for shift selection.
+
+Duplicate signups with the same email silently succeed — no error is shown and no duplicate is created. This prevents email enumeration.
+
+### Configuring the signup form
+
+In **Settings**, the "Volunteer Signup" card controls:
+
+- **Note field label** — customize the label shown on the form (default: "Additional note")
+- **Note field required** — when checked, volunteers must fill in the note to submit
+
+### Opening shift signups
+
+In **Settings**, the "Shift Signups" card has an open/close toggle:
+
+- **Opening** signups generates kiosk codes for all registered (email-confirmed) volunteers and emails them their shift signup links. A confirmation dialog warns before sending.
+- **Closing** signups prevents new kiosk links from being issued on confirmation, but existing links continue to work.
+
+If a volunteer confirms their email while signups are already open, they receive their kiosk link immediately in the confirmation response and via email.
 
 ## Managing Volunteers
 
 Under **Volunteers**, you can:
 
-- Create volunteers manually (name, email, department)
-- Link a volunteer to an existing attendee record (for dual check-in at the gate)
-- Assign volunteers to departments
-- Check in volunteers
+- Create volunteers manually (name, email, department, co-lead, note)
+- Edit existing volunteers (department, co-lead, note) via the inline Edit button
+- Confirm registered volunteers (admin, staffing, colead)
+- Mark volunteers as ready (briefed at the volunteer station)
 
-Volunteers are separate from attendees. A person can be both an attendee (ticket holder) and a volunteer (shift worker). Linking them enables the gate team to check in both records simultaneously.
+### Volunteer statuses
+
+| Status | Meaning | Who sets it |
+|--------|---------|-------------|
+| **Unconfirmed** | Signed up but hasn't confirmed their email | Automatic (not yet done) |
+| **Registered** | Email confirmed — volunteer is in the system | Automatic (email link) |
+| **Confirmed** | Staff has verified the volunteer is assigned and ready to be scheduled | Admin, staffing, or co-lead |
+| **Ready** | Briefed at the volunteer station, cleared to report for shifts | Gate staff at check-in |
+
+**Confirmation** is a deliberate staff action — it signals that you're expecting the volunteer for shifts. Use the **Confirm** button on a registered volunteer's row. Marking a volunteer as a co-lead (`is_lead`) automatically confirms them.
+
+Volunteers are separate from participants. A person can be both a ticket holder and a volunteer. When a volunteer signs up via the public form, they are automatically linked to their participant record by email.
 
 ## Shift Scheduling
 
-Under **Shifts**, create shifts for each department:
+Under **Schedule**, create shifts for each department:
 
 - **Day** — the date of the shift
 - **Start/end time** — HH:MM format
@@ -86,27 +120,29 @@ Under **Shifts**, create shifts for each department:
 
 ### Assigning volunteers
 
-From the Shifts page or the Schedule Board, assign volunteers to shifts. Turnpike checks for conflicts — if a volunteer already has a shift on the same day with overlapping times, you'll see a warning and can choose to force the assignment.
+From the Schedule page, assign volunteers to shifts. Turnpike checks for conflicts — if a volunteer already has a shift on the same day with overlapping times, you'll see a warning and can choose to force the assignment.
 
 ### Reordering
 
-Shifts can be reordered within a department to reflect priority or sequence. The Schedule Board supports drag-and-drop reordering.
+Shifts can be reordered within a department to reflect priority or sequence using the up/down buttons on each shift card.
 
 ## Volunteer Kiosk
 
-The kiosk lets volunteers self-select shifts without logging in.
+The Volunteer Kiosk is the public-facing flow for volunteers: signup, email confirmation, and shift self-scheduling. The shift scheduling page lets volunteers self-select shifts without logging in.
 
 ### Setup
 
-1. **Generate tokens** — on the Attendees page, click "Generate Tokens." This creates a unique 8-character code for every attendee that doesn't have one.
-2. **Distribute tokens** — two options:
-   - **Export CSV** — downloads a file with columns `Email Address`, `First Name`, `Token`, `Signup Link`. Import this into MailChimp, Zeffy, or any email platform.
-   - **Email directly** — if SMTP is configured (see below), use "Email All" to send token links, or email individually per attendee.
-3. **Set base URL** — in Settings, set the public base URL (e.g., `https://turnpike.example.com`). Token links use this URL.
+Kiosk links are generated and distributed automatically through the volunteer signup flow:
+
+1. Volunteers sign up via the public signup form (`/volunteer-signup`) and confirm their email.
+2. In **Settings**, open shift signups. This generates kiosk codes for all registered (email-confirmed) volunteers and emails them their links. A confirmation dialog warns before sending.
+3. If a volunteer confirms their email while signups are already open, they receive their kiosk link immediately.
+
+**Set base URL** — in Settings, set the public base URL (e.g., `https://turnpike.example.com`). Kiosk links use this URL.
 
 ### Volunteer experience
 
-Each volunteer receives a link like `https://turnpike.example.com/#/v/ABC12345`. This opens a mobile-friendly page showing:
+Each volunteer receives a link like `https://turnpike.example.com/v/ABC12345`. This opens a mobile-friendly page showing:
 
 - Their name and department
 - Currently assigned shifts
@@ -114,43 +150,45 @@ Each volunteer receives a link like `https://turnpike.example.com/#/v/ABC12345`.
 
 Claiming a shift checks for time conflicts. If a conflict exists, the volunteer sees which shifts overlap and can confirm to proceed anyway.
 
-No login is required. The 8-character token authenticates the request.
+No login is required. The kiosk code authenticates the request.
 
-### Token format
+### Code format
 
-Tokens use the character set `A-Z, 2-9` (excluding 0/O, 1/I/L to avoid ambiguity when reading aloud or on printed badges).
+Kiosk codes use the character set `A-Z, 2-9` (excluding 0/O, 1/I/L to avoid ambiguity when reading aloud or on printed badges).
 
-## Gate Check-In
+## Gate Kiosk
 
-Users with the **gate** role see a dedicated full-screen UI:
+Users with the **gatekeeper** role see a dedicated full-screen Gate Kiosk:
 
 - **QR scanner** — uses the device camera via the BarcodeDetector API. Scanned codes populate the search field.
-- **Search** — type a name to filter attendees in real-time (searches local IndexedDB, works offline).
-- **Party check-in** — for attendees with `party_size > 1`, the gate UI shows progress ("2/3 checked in") and offers "Check in 1" or "Check in all remaining."
-- **Volunteer dual check-in** — if an attendee is linked to a volunteer record, the gate UI shows their volunteer status and offers to check in both simultaneously.
+- **Search** — type a name to filter tickets in real-time (searches local IndexedDB, works offline).
 - **Recent check-ins** — the last 10 check-ins are shown for quick reference.
 
+Admins and ticketing leads can also check in tickets directly from the **Participants** page by expanding a participant's tickets.
+
 Gate devices should install Turnpike as a PWA (Add to Home Screen) for the best experience. Check-ins are stored locally and sync when connectivity is available.
 
-## Schedule Board
+## Schedule
 
-The Schedule Board is the primary UI for coordinators and volunteer leads. It shows:
+The Schedule page is the primary UI for managing shifts and volunteer assignments. It shows:
 
 - Shifts grouped by department and day
 - Each shift card shows: name, time, capacity (used/total), assigned volunteers
 - Conflict badges when a volunteer has overlapping shifts on the same day
 
-**Coordinators and admins** see all departments. **Volunteer leads** see only their assigned department.
+**Admins and staffing** see all departments. **Coleads** see only their assigned department(s).
 
 Actions available:
+- Create new shifts (+ Add shift button)
+- Edit shift details inline
+- Delete shifts
 - Assign volunteers to shifts from a dropdown
 - Remove volunteer assignments
 - Reorder shifts within a department
-- Edit shift details inline
 
 ## SMTP Configuration
 
-SMTP enables token email distribution and test emails. Configure in **Settings** (admin only):
+SMTP enables volunteer confirmation emails, kiosk link distribution, and test emails. Configure in **Settings** (admin only):
 
 | Field | Description |
 |-------|-------------|
@@ -171,13 +209,13 @@ Turnpike is a Progressive Web App (PWA). After the first load, it works offline:
 
 - **Gate check-ins** are stored in the browser's IndexedDB and sync when connectivity returns.
 - **Real-time updates** use Server-Sent Events (SSE). When the connection drops, the client reconnects automatically.
-- **Sync** pulls all changes from the server on startup and periodically thereafter. Local changes are queued in an outbox and flushed in order.
+- **Sync** pulls all changes from the server on startup and periodically thereafter.
 
 Install Turnpike as a PWA (Add to Home Screen on mobile, or Install App in desktop Chrome) for the best offline experience.
 
 ## CSV Exports
 
-Two CSV exports are available from the Attendees page:
+CSV exports are available from the Participants page:
 
-- **Attendee export** — all attendee records with check-in status
-- **Token link export** — columns: `Email Address`, `First Name`, `Token`, `Signup Link`. Only includes attendees with tokens. Compatible with MailChimp and Zeffy for bulk email campaigns.
+- **Participant export** — all participant records with check-in status
+- **Ticket export** — all ticket records with codes and check-in status
diff --git a/email.go b/email.go
index 05c94f0..41a7a55 100644
--- a/email.go
+++ b/email.go
@@ -106,35 +106,73 @@ func sendEmail(cfg SMTPConfig, to, subject, body string) error {
 	return smtp.SendMail(addr, auth, cfg.From, []string{to}, []byte(msg))
 }
 
-// sendTokenEmail sends a volunteer token link to the attendee's email address.
-func (app *App) sendTokenEmail(a Attendee) error {
-	if a.Email == "" {
-		return fmt.Errorf("attendee has no email address")
-	}
-	if a.VolunteerToken == nil || *a.VolunteerToken == "" {
-		return fmt.Errorf("attendee has no volunteer token")
-	}
-
-	cfg := app.loadSMTPConfig()
-
+func (app *App) resolveBaseURL() string {
 	baseURL := app.baseURL
 	if baseURL == "" {
 		app.db.QueryRow(`SELECT value FROM config WHERE key = 'base_url'`).Scan(&baseURL)
 	}
-	baseURL = strings.TrimRight(baseURL, "/")
+	return strings.TrimRight(baseURL, "/")
+}
 
+func (app *App) eventName() string {
 	event, _ := app.getEvent()
-	eventName := "the event"
 	if event != nil && event.Name != "" {
-		eventName = event.Name
+		return event.Name
+	}
+	return "the event"
+}
+
+// sendTicketTokenEmail sends a volunteer token link for a ticket to its participant's email.
+func (app *App) sendTicketTokenEmail(tk Ticket) error {
+	if tk.Code == nil || *tk.Code == "" {
+		return fmt.Errorf("ticket has no code")
+	}
+	if tk.ParticipantID == nil {
+		return fmt.Errorf("ticket has no participant")
+	}
+	p, err := app.getParticipant(*tk.ParticipantID)
+	if err != nil || p == nil {
+		return fmt.Errorf("participant not found")
+	}
+	if p.Email == "" {
+		return fmt.Errorf("participant has no email address")
 	}
 
-	link := fmt.Sprintf("%s/#/v/%s", baseURL, *a.VolunteerToken)
+	cfg := app.loadSMTPConfig()
+	eventName := app.eventName()
+	link := fmt.Sprintf("%s/v/%s", app.resolveBaseURL(), *tk.Code)
+	name := p.PreferredName
+	if name == "" {
+		name = tk.Name
+	}
 	subject := fmt.Sprintf("Your volunteer link for %s", eventName)
 	body := fmt.Sprintf(
 		"Hi %s,\n\nThank you for volunteering at %s!\n\nYour volunteer token: %s\nYour signup link: %s\n\nUse this link to sign up for available shifts in your department.\n\nSee you there!\n",
-		a.Name, eventName, *a.VolunteerToken, link,
+		name, eventName, *tk.Code, link,
 	)
 
-	return sendEmail(cfg, a.Email, subject, body)
+	return sendEmail(cfg, p.Email, subject, body)
+}
+
+func (app *App) sendConfirmationEmail(to, name, confirmToken string) error {
+	cfg := app.loadSMTPConfig()
+	eventName := app.eventName()
+	link := fmt.Sprintf("%s/confirm/%s", app.resolveBaseURL(), confirmToken)
+	subject := fmt.Sprintf("Please confirm your email for %s", eventName)
+	body := fmt.Sprintf(
+		"Hi %s,\n\nThank you for signing up to volunteer at %s!\n\nPlease confirm your email address by visiting:\n%s\n\nIf you did not sign up, you can safely ignore this email.\n",
+		name, eventName, link,
+	)
+	return sendEmail(cfg, to, subject, body)
+}
+
+func (app *App) sendShiftSignupEmail(to, name, kioskLink string) error {
+	cfg := app.loadSMTPConfig()
+	eventName := app.eventName()
+	subject := fmt.Sprintf("Shift signups are open for %s!", eventName)
+	body := fmt.Sprintf(
+		"Hi %s,\n\nShift signups are now open for %s!\n\nUse this link to sign up for available shifts:\n%s\n\nSee you there!\n",
+		name, eventName, kioskLink,
+	)
+	return sendEmail(cfg, to, subject, body)
 }
diff --git a/frontend/src/App.svelte b/frontend/src/App.svelte
index 52ed392..ac0957e 100644
--- a/frontend/src/App.svelte
+++ b/frontend/src/App.svelte
@@ -1,17 +1,18 @@
 <script>
   import { onMount } from 'svelte'
-  import { getSession, clearSession } from './db.js'
+  import { getSession, saveSession, clearSession } from './db.js'
   import { syncPull, startSSE, startSyncLoop } from './sync.js'
   import Login from './pages/Login.svelte'
   import Dashboard from './pages/Dashboard.svelte'
-  import Attendees from './pages/Attendees.svelte'
+  import Participants from './pages/Participants.svelte'
   import Volunteers from './pages/Volunteers.svelte'
   import Departments from './pages/Departments.svelte'
-  import Shifts from './pages/Shifts.svelte'
   import Users from './pages/Users.svelte'
   import Import from './pages/Import.svelte'
-  import Kiosk from './pages/Kiosk.svelte'
-  import GateUI from './pages/GateUI.svelte'
+  import VolunteerKiosk from './pages/VolunteerKiosk.svelte'
+  import VolunteerSignup from './pages/VolunteerSignup.svelte'
+  import ConfirmEmail from './pages/ConfirmEmail.svelte'
+  import GateKiosk from './pages/GateKiosk.svelte'
   import ScheduleBoard from './pages/ScheduleBoard.svelte'
   import Settings from './pages/Settings.svelte'
   import Nav from './components/Nav.svelte'
@@ -21,12 +22,23 @@
 
   let session = $state(null)
   let loading = $state(true)
-  let route = $state(window.location.hash || '#/')
+  let route = $state(window.location.pathname)
   let updateAvailable = $state(false)
   let mobileNavOpen = $state(false)
+  let ssoError = $state('')
 
-  // Check if this is a kiosk token URL before doing anything else
-  const kioskToken = $derived(window.location.hash.match(/^#\/v\/([A-Z0-9]+)/i)?.[1] ?? '')
+  // Check if this is a public page (no auth needed)
+  const kioskToken = $derived(route.match(/^\/v\/([A-Z0-9]+)/i)?.[1] ?? '')
+  const isVolunteerSignup = $derived(route.startsWith('/volunteer-signup'))
+  const isConfirmEmail = $derived(route.startsWith('/confirm/'))
+  const isPublicPage = $derived(!!kioskToken || isVolunteerSignup || isConfirmEmail)
+
+  function navigate(path) {
+    history.pushState(null, '', path)
+    route = path
+    mobileNavOpen = false
+    window.scrollTo(0, 0)
+  }
 
   async function checkVersion() {
     try {
@@ -39,20 +51,45 @@
   onMount(async () => {
     checkVersion()
 
-    // Kiosk pages don't need auth
-    if (kioskToken) {
+    // Public pages don't need auth
+    if (isPublicPage) {
       loading = false
       return
     }
-    session = await getSession()
+
+    // Handle SSO callback in URL fragment
+    const hash = window.location.hash
+    if (hash.startsWith('#sso_token=')) {
+      const token = decodeURIComponent(hash.slice('#sso_token='.length))
+      history.replaceState(null, '', '/')
+      try {
+        const res = await fetch('/api/me', { headers: { Authorization: `Bearer ${token}` } })
+        if (res.ok) {
+          const user = await res.json()
+          await saveSession(token, user)
+          session = { token, user }
+        } else {
+          ssoError = 'SSO login failed. Please try again.'
+        }
+      } catch {
+        ssoError = 'SSO login failed. Please try again.'
+      }
+    } else if (hash.startsWith('#sso_error=')) {
+      ssoError = decodeURIComponent(hash.slice('#sso_error='.length))
+      history.replaceState(null, '', '/')
+    }
+
+    if (!session) {
+      session = await getSession()
+    }
     loading = false
     if (session) {
       await syncPull()
       startSSE()
       startSyncLoop()
     }
-    window.addEventListener('hashchange', () => {
-      route = window.location.hash || '#/'
+    window.addEventListener('popstate', () => {
+      route = window.location.pathname
       mobileNavOpen = false
     })
 
@@ -62,18 +99,18 @@
 
   function onLogin(s) {
     session = s
-    window.location.hash = '#/'
+    navigate('/')
     syncPull().then(() => { startSSE(); startSyncLoop() })
   }
 
   async function onLogout() {
     await clearSession()
     session = null
-    window.location.hash = '#/login'
+    navigate('/login')
   }
 
-  const path = $derived(route.replace(/^#/, '') || '/')
-  const role = $derived(session?.user?.role ?? '')
+  const path = $derived(route || '/')
+  const roles = $derived(session?.user?.roles ?? [])
 </script>
 
 {#if updateAvailable}
@@ -86,19 +123,23 @@
 {#if loading}
   <!-- checking session -->
 {:else if kioskToken}
-  <Kiosk />
+  <VolunteerKiosk />
+{:else if isVolunteerSignup}
+  <VolunteerSignup />
+{:else if isConfirmEmail}
+  <ConfirmEmail />
 {:else if !session}
-  <Login onlogin={onLogin} />
-{:else if role === 'gate'}
-  <!-- Gate users get the full-screen GateUI instead of the standard layout -->
-  <GateUI {session} {onLogout} />
+  <Login onlogin={onLogin} error={ssoError} />
+{:else if roles.length === 1 && roles[0] === 'gatekeeper'}
+  <!-- Gate-only users get the full-screen GateKiosk instead of the standard layout -->
+  <GateKiosk {session} {onLogout} />
 {:else}
   <div class="layout">
     <!-- svelte-ignore a11y_no_static_element_interactions -->
     {#if mobileNavOpen}
       <div class="nav-overlay" onclick={() => mobileNavOpen = false} onkeydown={() => {}}></div>
     {/if}
-    <Nav {session} {onLogout} active={path} open={mobileNavOpen} />
+    <Nav {session} {onLogout} {navigate} active={path} open={mobileNavOpen} />
     <div class="main">
       <header class="mobile-header">
         <button class="hamburger" onclick={() => mobileNavOpen = !mobileNavOpen} aria-label="Menu">
@@ -107,19 +148,17 @@
         <span class="mobile-brand">Turn<span class="accent">pike</span></span>
       </header>
       {#if path === '/' || path === ''}
-        {#if role === 'volunteer_lead'}
+        {#if roles.length === 1 && roles[0] === 'colead'}
           <ScheduleBoard {session} />
         {:else}
-          <Dashboard {session} />
+          <Dashboard {session} {navigate} />
         {/if}
-      {:else if path.startsWith('/attendees')}
-        <Attendees {session} />
+      {:else if path.startsWith('/participants')}
+        <Participants {session} />
       {:else if path.startsWith('/volunteers')}
         <Volunteers {session} />
       {:else if path.startsWith('/departments')}
         <Departments {session} />
-      {:else if path.startsWith('/shifts')}
-        <Shifts {session} />
       {:else if path.startsWith('/schedule')}
         <ScheduleBoard {session} />
       {:else if path.startsWith('/users')}
diff --git a/frontend/src/api.js b/frontend/src/api.js
index c6f6e11..d15abc4 100644
--- a/frontend/src/api.js
+++ b/frontend/src/api.js
@@ -1,4 +1,4 @@
-import { db } from './db.js'
+import { db, clearSession } from './db.js'
 
 async function getToken() {
   const session = await db.session.get(1)
@@ -17,8 +17,8 @@ export async function apiFetch(path, options = {}) {
 
   const res = await fetch(path, { ...options, headers })
   if (res.status === 401) {
-    await db.session.clear()
-    window.location.hash = '#/login'
+    await clearSession()
+    window.location.pathname = '/login'
     throw new Error('unauthorized')
   }
   return res
@@ -48,28 +48,29 @@ async function kioskFetch(path, options = {}) {
 }
 
 export const api = {
-  login: (username, password) =>
-    apiJSON('/api/login', { method: 'POST', body: JSON.stringify({ username, password }) }),
+  login: (email, password) =>
+    apiJSON('/api/login', { method: 'POST', body: JSON.stringify({ email, password }) }),
   logout: () => apiFetch('/api/logout', { method: 'POST' }),
   me: () => apiJSON('/api/me'),
   event: {
     get: () => apiJSON('/api/event'),
     update: (data) => apiJSON('/api/event', { method: 'PUT', body: JSON.stringify(data) }),
   },
-  attendees: {
-    list: (params = {}) => apiJSON('/api/attendees?' + new URLSearchParams(params)),
-    get: (id) => apiJSON(`/api/attendees/${id}`),
-    create: (data) => apiJSON('/api/attendees', { method: 'POST', body: JSON.stringify(data) }),
-    update: (id, data) => apiJSON(`/api/attendees/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
-    delete: (id) => apiFetch(`/api/attendees/${id}`, { method: 'DELETE' }),
-    checkIn: (id, opts = {}) =>
-      apiJSON(`/api/attendees/${id}/checkin`, { method: 'POST', body: JSON.stringify(opts) }),
-    generateTokens: () =>
-      apiJSON('/api/attendees/generate-tokens', { method: 'POST' }),
-    emailToken: (id) =>
-      apiJSON(`/api/attendees/${id}/email-token`, { method: 'POST' }),
-    emailAllTokens: () =>
-      apiJSON('/api/attendees/email-tokens', { method: 'POST' }),
+  participants: {
+    list: (params = {}) => apiJSON('/api/participants?' + new URLSearchParams(params)),
+    get: (id) => apiJSON(`/api/participants/${id}`),
+    create: (data) => apiJSON('/api/participants', { method: 'POST', body: JSON.stringify(data) }),
+    update: (id, data) => apiJSON(`/api/participants/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
+    delete: (id) => apiFetch(`/api/participants/${id}`, { method: 'DELETE' }),
+    merge: (id, otherId) => apiJSON(`/api/participants/${id}/merge/${otherId}`, { method: 'POST' }),
+  },
+  tickets: {
+    list: () => apiJSON('/api/tickets'),
+    create: (data) => apiJSON('/api/tickets', { method: 'POST', body: JSON.stringify(data) }),
+    checkIn: (id) => apiJSON(`/api/tickets/${id}/checkin`, { method: 'POST' }),
+    generateCodes: () => apiJSON('/api/tickets/generate-codes', { method: 'POST' }),
+    emailCode: (id) => apiJSON(`/api/tickets/${id}/email-code`, { method: 'POST' }),
+    emailAllCodes: () => apiJSON('/api/tickets/email-codes', { method: 'POST' }),
   },
   volunteers: {
     list: (params = {}) => apiJSON('/api/volunteers?' + new URLSearchParams(params)),
@@ -77,7 +78,8 @@ export const api = {
     create: (data) => apiJSON('/api/volunteers', { method: 'POST', body: JSON.stringify(data) }),
     update: (id, data) => apiJSON(`/api/volunteers/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
     delete: (id) => apiFetch(`/api/volunteers/${id}`, { method: 'DELETE' }),
-    checkIn: (id) => apiJSON(`/api/volunteers/${id}/checkin`, { method: 'POST' }),
+    markReady: (id) => apiJSON(`/api/volunteers/${id}/ready`, { method: 'POST' }),
+    confirm: (id) => apiJSON(`/api/volunteers/${id}/confirm`, { method: 'POST' }),
     assignShift: (id, shiftId) => apiFetch(`/api/volunteers/${id}/shifts`, { method: 'POST', body: JSON.stringify({ shift_id: shiftId }) }),
     unassignShift: (id, shiftId) => apiFetch(`/api/volunteers/${id}/shifts/${shiftId}`, { method: 'DELETE' }),
   },
@@ -109,6 +111,21 @@ export const api = {
     get: () => apiJSON('/api/settings'),
     update: (data) => apiJSON('/api/settings', { method: 'PUT', body: JSON.stringify(data) }),
     testEmail: (to) => apiJSON('/api/settings/test-email', { method: 'POST', body: JSON.stringify({ to }) }),
+    toggleShiftSignups: (open) => apiJSON('/api/settings/shift-signups', { method: 'POST', body: JSON.stringify({ open }) }),
+    resetTickets: () => apiJSON('/api/settings/reset-tickets', { method: 'POST' }),
+    resetVolunteers: () => apiJSON('/api/settings/reset-volunteers', { method: 'POST' }),
+    resetShifts: () => apiJSON('/api/settings/reset-shifts', { method: 'POST' }),
+    resetDepartments: () => apiJSON('/api/settings/reset-departments', { method: 'POST' }),
+    resetVolunteerShifts: () => apiJSON('/api/settings/reset-volunteer-shifts', { method: 'POST' }),
+  },
+  sso: {
+    enabled: () => kioskFetch('/api/public/sso-enabled'),
+    init: () => kioskFetch('/api/sso/init'),
+  },
+  signup: {
+    config: () => kioskFetch('/api/public/signup-config'),
+    submit: (data) => kioskFetch('/api/public/signup', { method: 'POST', body: JSON.stringify(data) }),
+    confirm: (token) => kioskFetch('/api/public/confirm', { method: 'POST', body: JSON.stringify({ token }) }),
   },
   import: async (formData) => {
     const res = await apiFetch('/api/import', { method: 'POST', body: formData })
diff --git a/frontend/src/api.test.js b/frontend/src/api.test.js
index 25e0dd9..a725f32 100644
--- a/frontend/src/api.test.js
+++ b/frontend/src/api.test.js
@@ -64,23 +64,23 @@ describe('apiJSON', () => {
 describe('api methods', () => {
   it('login calls correct endpoint', async () => {
     const f = mockFetch({ token: 'tok', user: { id: 1 } })
-    await api.login('admin', 'pass')
+    await api.login('admin@example.com', 'pass')
     const [url, opts] = f.mock.calls[0]
     expect(url).toBe('/api/login')
     expect(opts.method).toBe('POST')
-    expect(JSON.parse(opts.body)).toEqual({ username: 'admin', password: 'pass' })
+    expect(JSON.parse(opts.body)).toEqual({ email: 'admin@example.com', password: 'pass' })
   })
 
-  it('attendees.list calls correct endpoint', async () => {
-    const f = mockFetch({ attendees: [] })
-    await api.attendees.list({ search: 'test' })
-    expect(f.mock.calls[0][0]).toBe('/api/attendees?search=test')
+  it('participants.list calls correct endpoint', async () => {
+    const f = mockFetch({ participants: [] })
+    await api.participants.list({ search: 'test' })
+    expect(f.mock.calls[0][0]).toBe('/api/participants?search=test')
   })
 
-  it('attendees.delete uses DELETE method', async () => {
+  it('participants.delete uses DELETE method', async () => {
     const f = mockFetch({}, 204)
-    await api.attendees.delete(5)
-    expect(f.mock.calls[0][0]).toBe('/api/attendees/5')
+    await api.participants.delete(5)
+    expect(f.mock.calls[0][0]).toBe('/api/participants/5')
     expect(f.mock.calls[0][1].method).toBe('DELETE')
   })
 
@@ -96,3 +96,50 @@ describe('api methods', () => {
     expect(f.mock.calls[0][0]).toBe('/api/sync/pull')
   })
 })
+
+describe('signup methods', () => {
+  it('signup.config fetches config without auth', async () => {
+    const f = mockFetch({ departments: [], volunteer_note_label: 'Note' })
+    await api.signup.config()
+    const [url, opts] = f.mock.calls[0]
+    expect(url).toBe('/api/public/signup-config')
+    expect(opts.headers['Authorization']).toBeUndefined()
+  })
+
+  it('signup.submit posts form data without auth', async () => {
+    const f = mockFetch({ ok: true })
+    await api.signup.submit({ preferred_name: 'Titania', email: 'titania@example.com' })
+    const [url, opts] = f.mock.calls[0]
+    expect(url).toBe('/api/public/signup')
+    expect(opts.method).toBe('POST')
+    expect(JSON.parse(opts.body)).toEqual({ preferred_name: 'Titania', email: 'titania@example.com' })
+    expect(opts.headers['Authorization']).toBeUndefined()
+  })
+
+  it('signup.confirm posts token without auth', async () => {
+    const f = mockFetch({ status: 'confirmed' })
+    await api.signup.confirm('abc123')
+    const [url, opts] = f.mock.calls[0]
+    expect(url).toBe('/api/public/confirm')
+    expect(opts.method).toBe('POST')
+    expect(JSON.parse(opts.body)).toEqual({ token: 'abc123' })
+    expect(opts.headers['Authorization']).toBeUndefined()
+  })
+
+  it('signup.submit throws on 400', async () => {
+    mockFetch({ error: 'preferred name and email are required' }, 400)
+    await expect(api.signup.submit({})).rejects.toThrow('preferred name and email are required')
+  })
+})
+
+describe('settings shift signups', () => {
+  it('toggleShiftSignups posts open flag', async () => {
+    await saveSession('tok', { id: 1 })
+    const f = mockFetch({ shift_signups_open: true })
+    await api.settings.toggleShiftSignups(true)
+    const [url, opts] = f.mock.calls[0]
+    expect(url).toBe('/api/settings/shift-signups')
+    expect(opts.method).toBe('POST')
+    expect(JSON.parse(opts.body)).toEqual({ open: true })
+  })
+})
diff --git a/frontend/src/app.css b/frontend/src/app.css
index f10e75b..3a685ae 100644
--- a/frontend/src/app.css
+++ b/frontend/src/app.css
@@ -66,6 +66,9 @@ a:hover { color: var(--c-accent-h); }
 
 /* Cards */
 .card { background: var(--c-surface); border: 1px solid var(--c-border); border-radius: var(--radius-lg); padding: 1.25rem; }
+.card + .card, .card + form, form + .card, form + form { margin-top: 1.5rem; }
+.card-title { font-size: 0.95rem; font-weight: 700; margin-bottom: 1rem; }
+.card-hint { font-size: 0.78rem; color: var(--c-muted); }
 
 /* Stats */
 .stats { display: grid; grid-template-columns: repeat(auto-fill, minmax(160px, 1fr)); gap: 1rem; margin-bottom: 1.5rem; }
@@ -103,8 +106,15 @@ input, select, textarea {
   width: 100%; font-family: var(--font);
   transition: border-color var(--transition);
 }
+input[type="checkbox"] { width: auto; }
+input[type="date"], input[type="time"], input[type="datetime-local"] { -webkit-appearance: none; appearance: none; min-height: 2.35rem; }
 input:focus, select:focus, textarea:focus { outline: none; border-color: var(--c-accent); }
 input::placeholder { color: var(--c-muted); }
+.form-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 1rem; }
+.form-grid-3 { display: grid; grid-template-columns: 1fr 1fr auto; gap: 1rem; align-items: end; }
+.form-grid .full { grid-column: 1 / -1; }
+.checkbox-label { display: inline-flex; align-items: center; gap: 0.5rem; font-size: 0.875rem; cursor: pointer; }
+.checkbox-label-sm { display: inline-flex; align-items: center; gap: 0.3rem; font-size: 0.82rem; cursor: pointer; color: var(--c-text); }
 
 /* Search */
 .search-bar { display: flex; gap: 0.5rem; align-items: center; margin-bottom: 1rem; }
@@ -129,8 +139,12 @@ tr:hover td { background: rgba(255,255,255,0.02); }
   font-size: 0.72rem; font-weight: 600;
   text-transform: uppercase; letter-spacing: 0.04em;
 }
-.badge-checked   { background: rgba(34,197,94,0.15); color: var(--c-success); }
-.badge-unchecked { background: rgba(122,127,150,0.15); color: var(--c-muted); }
+* + .badge { margin-left: 0.3rem; }
+.badge-checked     { background: rgba(34,197,94,0.15); color: var(--c-success); }
+.badge-confirmed   { background: rgba(99,102,241,0.15); color: var(--c-accent-h); }
+.badge-registered  { background: rgba(14,165,233,0.15); color: #0ea5e9; }
+.badge-unchecked   { background: rgba(122,127,150,0.15); color: var(--c-muted); }
+.badge-partial   { background: rgba(245,158,11,0.15); color: var(--c-warn); }
 .badge-role      { background: rgba(99,102,241,0.15); color: var(--c-accent-h); }
 .badge-lead      { background: rgba(245,158,11,0.15); color: var(--c-warn); }
 
@@ -205,4 +219,33 @@ tr:hover td { background: rgba(255,255,255,0.02); }
   }
   .page { padding: 1rem; }
   .stats { grid-template-columns: repeat(2, 1fr); }
+
+  /* Touch targets */
+  .btn { min-height: 44px; padding: 0.6rem 1rem; }
+  .btn-sm { min-height: 44px; padding: 0.5rem 0.75rem; font-size: 0.85rem; }
+
+  /* Page header & actions */
+  .page-header { flex-wrap: wrap; gap: 0.75rem; }
+  .page-title { width: 100%; }
+  .actions { flex-wrap: wrap; }
+
+  /* Search bar */
+  .search-bar { flex-wrap: wrap; }
+  .search-bar input { max-width: none; flex: 1 1 100%; }
+
+  /* Table → card layout */
+  .table-wrap { overflow-x: visible; }
+  table { display: block; }
+  thead { display: none; }
+  tbody { display: flex; flex-direction: column; gap: 0.5rem; }
+  tr { display: flex; flex-wrap: wrap; gap: 0.25rem 0.75rem; align-items: center;
+       padding: 0.75rem; border: 1px solid var(--c-border); border-radius: var(--radius-lg);
+       background: var(--c-surface); }
+  tr:hover td { background: transparent; }
+  td { display: inline; padding: 0; border: none; }
+  td:empty { display: none; }
+
+  /* Forms — 16px prevents iOS auto-zoom on focus */
+  input, select, textarea { font-size: 16px; }
+  .form-grid, .form-grid-3 { grid-template-columns: 1fr !important; }
 }
diff --git a/frontend/src/components/CheckInButton.svelte b/frontend/src/components/CheckInButton.svelte
index b3ce533..cbd4bd2 100644
--- a/frontend/src/components/CheckInButton.svelte
+++ b/frontend/src/components/CheckInButton.svelte
@@ -9,5 +9,5 @@
 </script>
 
 <button class="btn btn-success btn-sm" onclick={handle} disabled={loading}>
-  {loading ? '…' : '✓ Check in'}
+  {loading ? '…' : 'Mark ready'}
 </button>
diff --git a/frontend/src/components/Nav.svelte b/frontend/src/components/Nav.svelte
index 46384d2..61015f5 100644
--- a/frontend/src/components/Nav.svelte
+++ b/frontend/src/components/Nav.svelte
@@ -1,53 +1,48 @@
 <script>
-  import { LayoutDashboard, ClipboardCheck, Heart, Hexagon, Clock, CalendarDays, Upload, Users, Settings, LogOut } from 'lucide-svelte'
+  import { LayoutDashboard, Heart, Hexagon, CalendarDays, Upload, Users, Settings, LogOut, Ticket } from 'lucide-svelte'
 
-  let { session, active, onLogout, open = false } = $props()
+  let { session, active, onLogout, navigate, open = false } = $props()
 
-  const role = $derived(session?.user?.role ?? '')
+  const roles = $derived(session?.user?.roles ?? [])
+  function hasRole(...allowed) { return roles.some(r => allowed.includes(r)) }
 
   const iconProps = { size: 18, strokeWidth: 1.75 }
 
   const links = $derived.by(() => {
-    if (role === 'ticketing') return [
-      { href: '#/attendees', label: 'Attendees', icon: ClipboardCheck },
-      { href: '#/import', label: 'Import', icon: Upload },
+    if (!hasRole('admin') && hasRole('colead') && !hasRole('staffing')) return [
+      { href: '/', label: 'Schedule', icon: CalendarDays },
+      { href: '/volunteers', label: 'Volunteers', icon: Heart },
+      { href: '/departments', label: 'Departments', icon: Hexagon },
     ]
-    if (role === 'volunteer_lead') return [
-      { href: '#/', label: 'Schedule', icon: CalendarDays },
-      { href: '#/volunteers', label: 'Volunteers', icon: Heart },
-      { href: '#/departments', label: 'Departments', icon: Hexagon },
-    ]
-    if (role === 'coordinator') return [
-      { href: '#/', label: 'Dashboard', icon: LayoutDashboard },
-      { href: '#/schedule', label: 'Schedule', icon: CalendarDays },
-      { href: '#/volunteers', label: 'Volunteers', icon: Heart },
-      { href: '#/departments', label: 'Departments', icon: Hexagon },
-      { href: '#/shifts', label: 'Shifts', icon: Clock },
+    if (!hasRole('admin') && hasRole('staffing')) return [
+      { href: '/', label: 'Dashboard', icon: LayoutDashboard },
+      { href: '/schedule', label: 'Schedule', icon: CalendarDays },
+      { href: '/volunteers', label: 'Volunteers', icon: Heart },
+      { href: '/departments', label: 'Departments', icon: Hexagon },
     ]
     return [
-      { href: '#/', label: 'Dashboard', icon: LayoutDashboard },
-      { href: '#/attendees', label: 'Attendees', icon: ClipboardCheck },
-      { href: '#/volunteers', label: 'Volunteers', icon: Heart },
-      { href: '#/departments', label: 'Departments', icon: Hexagon },
-      { href: '#/shifts', label: 'Shifts', icon: Clock },
-      { href: '#/schedule', label: 'Schedule', icon: CalendarDays },
-      { href: '#/import', label: 'Import', icon: Upload },
-      { href: '#/users', label: 'Users', icon: Users },
-      { href: '#/settings', label: 'Settings', icon: Settings },
+      { href: '/', label: 'Dashboard', icon: LayoutDashboard },
+      { href: '/participants', label: 'Participants', icon: Ticket },
+      { href: '/volunteers', label: 'Volunteers', icon: Heart },
+      { href: '/departments', label: 'Departments', icon: Hexagon },
+      { href: '/schedule', label: 'Schedule', icon: CalendarDays },
+      { href: '/import', label: 'Import', icon: Upload },
+      { href: '/users', label: 'Users', icon: Users },
+      { href: '/settings', label: 'Settings', icon: Settings },
     ]
   })
 
   function isActive(href) {
-    const p = href.replace(/^#/, '')
-    if (p === '/') return active === '/' || active === ''
-    return active.startsWith(p)
+    if (href === '/') return active === '/' || active === ''
+    return active.startsWith(href)
   }
 </script>
 
 <nav class="sidebar" class:open>
   <div class="sidebar-brand">Turn<span>pike</span></div>
   {#each links as link}
-    <a href={link.href} class="nav-link" class:active={isActive(link.href)}>
+    <a href={link.href} class="nav-link" class:active={isActive(link.href)}
+      onclick={(e) => { e.preventDefault(); navigate(link.href) }}>
       <link.icon {...iconProps} />
       {link.label}
     </a>
diff --git a/frontend/src/db.js b/frontend/src/db.js
index 258c76c..bd3b490 100644
--- a/frontend/src/db.js
+++ b/frontend/src/db.js
@@ -26,6 +26,42 @@ db.version(2).stores({
   outbox: '++id, table, op, synced_at',
 })
 
+db.version(3).stores({
+  session: 'id, token, user',
+  meta: 'key',
+  event: 'id',
+  attendees: 'id, name, ticket_type, checked_in, volunteer_token, deleted_at',
+  participants: 'id, email, preferred_name, updated_at, deleted_at',
+  tickets: 'id, participant_id, code, source, checked_in_at, updated_at, deleted_at',
+  departments: 'id, name, deleted_at',
+  volunteers: 'id, name, department_id, checked_in, attendee_id, participant_id, deleted_at',
+  shifts: 'id, department_id, day, position, deleted_at',
+  volunteer_shifts: '[volunteer_id+shift_id], volunteer_id, shift_id',
+  outbox: '++id, table, op, synced_at',
+})
+
+db.version(4).stores({
+  attendees: null,
+  outbox: null,
+  volunteers: 'id, name, department_id, checked_in, participant_id, deleted_at',
+})
+
+db.version(5).stores({
+  volunteers: 'id, participant_id, department_id, deleted_at',
+  participants: 'id, email, preferred_name, email_confirmed, updated_at, deleted_at',
+})
+
+db.version(6).stores({}).upgrade(async tx => {
+  await tx.table('session').clear()
+  await tx.table('meta').clear()
+  await tx.table('participants').clear()
+  await tx.table('tickets').clear()
+  await tx.table('departments').clear()
+  await tx.table('volunteers').clear()
+  await tx.table('shifts').clear()
+  await tx.table('volunteer_shifts').clear()
+})
+
 export async function getLastSync() {
   const m = await db.meta.get('last_sync')
   return m?.value ?? ''
@@ -44,6 +80,18 @@ export async function saveSession(token, user) {
 }
 
 export async function clearSession() {
-  await db.session.clear()
-  await db.meta.clear()
+  await db.transaction('rw',
+    [db.session, db.meta, db.event, db.participants, db.tickets, db.departments, db.volunteers, db.shifts, db.volunteer_shifts],
+    async () => {
+      await db.session.clear()
+      await db.meta.clear()
+      await db.event.clear()
+      await db.participants.clear()
+      await db.tickets.clear()
+      await db.departments.clear()
+      await db.volunteers.clear()
+      await db.shifts.clear()
+      await db.volunteer_shifts.clear()
+    }
+  )
 }
diff --git a/frontend/src/db.test.js b/frontend/src/db.test.js
index 36d3c5e..081ce1a 100644
--- a/frontend/src/db.test.js
+++ b/frontend/src/db.test.js
@@ -9,8 +9,8 @@ describe('db schema', () => {
   it('has expected tables', () => {
     const names = db.tables.map(t => t.name).sort()
     expect(names).toEqual([
-      'attendees', 'departments', 'event', 'meta',
-      'outbox', 'session', 'shifts', 'volunteer_shifts', 'volunteers',
+      'departments', 'event', 'meta',
+      'participants', 'session', 'shifts', 'tickets', 'volunteer_shifts', 'volunteers',
     ])
   })
 })
@@ -22,10 +22,10 @@ describe('session', () => {
   })
 
   it('saves and retrieves session', async () => {
-    await saveSession('tok123', { id: 1, username: 'admin', role: 'admin' })
+    await saveSession('tok123', { id: 1, email: 'admin@example.com', roles: ['admin'] })
     const s = await getSession()
     expect(s.token).toBe('tok123')
-    expect(s.user.username).toBe('admin')
+    expect(s.user.email).toBe('admin@example.com')
   })
 
   it('clears session and meta', async () => {
diff --git a/frontend/src/pages/Attendees.svelte b/frontend/src/pages/Attendees.svelte
deleted file mode 100644
index 72619b8..0000000
--- a/frontend/src/pages/Attendees.svelte
+++ /dev/null
@@ -1,274 +0,0 @@
-<script>
-  import { liveQuery } from 'dexie'
-  import { db } from '../db.js'
-  import { api } from '../api.js'
-  import CheckInButton from '../components/CheckInButton.svelte'
-
-  let { session } = $props()
-
-  let search = $state('')
-  let filterType = $state('')
-  let filterChecked = $state('')
-  let error = $state('')
-  let success = $state('')
-  let showAdd = $state(false)
-  let newName = $state('')
-  let newEmail = $state('')
-  let newPhone = $state('')
-  let newTicketID = $state('')
-  let newTicketType = $state('')
-  let newNote = $state('')
-  let adding = $state(false)
-  let generating = $state(false)
-  let emailing = $state(false)
-
-  const role = $derived(session?.user?.role ?? '')
-  const canManage = $derived(['admin', 'ticketing'].includes(role))
-  const canCheckIn = $derived(['admin', 'ticketing', 'gate'].includes(role))
-
-  const allAttendees = liveQuery(() => db.attendees.toArray())
-  const ticketTypes = liveQuery(() =>
-    db.attendees.orderBy('ticket_type').uniqueKeys()
-  )
-
-  const filtered = $derived.by(() => {
-    const list = $allAttendees ?? []
-    const s = search.toLowerCase()
-    return list
-      .filter(a => {
-        if (filterType && a.ticket_type !== filterType) return false
-        if (filterChecked === 'true' && !a.checked_in) return false
-        if (filterChecked === 'false' && a.checked_in) return false
-        if (s && !a.name.toLowerCase().includes(s) &&
-            !a.email.toLowerCase().includes(s) &&
-            !a.ticket_id.toLowerCase().includes(s)) return false
-        return true
-      })
-      .sort((a, b) => a.name.localeCompare(b.name))
-  })
-
-  async function checkIn(attendee) {
-    try {
-      const result = await api.attendees.checkIn(attendee.id)
-      if (result.attendee) await db.attendees.put(result.attendee)
-    } catch (err) {
-      error = err.message
-    }
-  }
-
-  async function addAttendee(e) {
-    e.preventDefault()
-    adding = true
-    error = ''
-    try {
-      const a = await api.attendees.create({
-        name: newName, email: newEmail, phone: newPhone,
-        ticket_id: newTicketID, ticket_type: newTicketType, note: newNote,
-      })
-      await db.attendees.put(a)
-      showAdd = false
-      newName = newEmail = newPhone = newTicketID = newTicketType = newNote = ''
-    } catch (err) {
-      error = err.message
-    } finally {
-      adding = false
-    }
-  }
-
-  async function generateTokens() {
-    generating = true
-    error = ''
-    success = ''
-    try {
-      const result = await api.attendees.generateTokens()
-      success = `Generated ${result.generated} token${result.generated !== 1 ? 's' : ''}.`
-    } catch (err) {
-      error = err.message
-    } finally {
-      generating = false
-    }
-  }
-
-  async function emailAll() {
-    if (!confirm('Send token emails to all attendees with a token and email address?')) return
-    emailing = true
-    error = ''
-    success = ''
-    try {
-      const result = await api.attendees.emailAllTokens()
-      success = `Sent ${result.sent} email${result.sent !== 1 ? 's' : ''}${result.skipped ? `, skipped ${result.skipped}` : ''}.`
-      if (result.errors?.length) error = result.errors.join('; ')
-    } catch (err) {
-      error = err.message
-    } finally {
-      emailing = false
-    }
-  }
-
-  async function emailToken(attendee) {
-    error = ''
-    success = ''
-    try {
-      await api.attendees.emailToken(attendee.id)
-      success = `Token email sent to ${attendee.name}.`
-    } catch (err) {
-      error = err.message
-    }
-  }
-</script>
-
-<div class="page">
-  <div class="page-header">
-    <h1 class="page-title">Attendees</h1>
-    <div class="actions">
-      {#if canManage}
-        <button class="btn btn-primary btn-sm" onclick={() => showAdd = !showAdd}>+ Add</button>
-        <a href="/api/attendees/export" class="btn btn-ghost btn-sm">Export CSV</a>
-        <button class="btn btn-ghost btn-sm" onclick={generateTokens} disabled={generating}>
-          {generating ? '…' : '⚿ Tokens'}
-        </button>
-        <a href="/api/attendees/export-tokens" class="btn btn-ghost btn-sm">Export Links</a>
-        <button class="btn btn-ghost btn-sm" onclick={emailAll} disabled={emailing}>
-          {emailing ? '…' : '✉ Email All'}
-        </button>
-      {/if}
-    </div>
-  </div>
-
-  {#if error}
-    <div class="alert alert-error">{error}</div>
-  {/if}
-  {#if success}
-    <div class="alert alert-success">{success}</div>
-  {/if}
-
-  {#if showAdd && canManage}
-    <div class="card" style="margin-bottom:1.5rem">
-      <form onsubmit={addAttendee}>
-        <div style="display:grid;grid-template-columns:1fr 1fr;gap:1rem">
-          <div class="form-group">
-            <label for="new-name">Name *</label>
-            <input id="new-name" bind:value={newName} required placeholder="Full name" />
-          </div>
-          <div class="form-group">
-            <label for="new-email">Email</label>
-            <input id="new-email" type="email" bind:value={newEmail} placeholder="email@example.com" />
-          </div>
-          <div class="form-group">
-            <label for="new-ticket-id">Ticket ID</label>
-            <input id="new-ticket-id" bind:value={newTicketID} placeholder="From ticketing system" />
-          </div>
-          <div class="form-group">
-            <label for="new-ticket-type">Ticket type</label>
-            <input id="new-ticket-type" bind:value={newTicketType} placeholder="e.g. General, VIP" />
-          </div>
-        </div>
-        <div class="form-group">
-          <label for="new-note">Note</label>
-          <input id="new-note" bind:value={newNote} placeholder="Optional note" />
-        </div>
-        <div class="actions">
-          <button type="submit" class="btn btn-primary" disabled={adding}>
-            {adding ? 'Adding…' : 'Add attendee'}
-          </button>
-          <button type="button" class="btn btn-ghost" onclick={() => showAdd = false}>Cancel</button>
-        </div>
-      </form>
-    </div>
-  {/if}
-
-  <div class="search-bar">
-    <input placeholder="Search name, email, ticket ID…" bind:value={search} />
-    {#if ($ticketTypes ?? []).length > 0}
-      <select bind:value={filterType} style="width:auto">
-        <option value="">All types</option>
-        {#each $ticketTypes ?? [] as t}
-          <option value={t}>{t}</option>
-        {/each}
-      </select>
-    {/if}
-    <select bind:value={filterChecked} style="width:auto">
-      <option value="">All</option>
-      <option value="false">Not checked in</option>
-      <option value="true">Checked in</option>
-    </select>
-    <span class="text-muted" style="font-size:0.85rem;white-space:nowrap">
-      {filtered.length} shown
-    </span>
-  </div>
-
-  {#if ($allAttendees ?? []).length === 0}
-    <div class="empty">
-      <strong>No attendees yet</strong>
-      <p>Import a CSV or add attendees manually.</p>
-    </div>
-  {:else}
-    <div class="table-wrap">
-      <table>
-        <thead>
-          <tr>
-            <th>Name</th>
-            <th>Ticket type</th>
-            <th>Email</th>
-            <th>Status</th>
-            {#if canCheckIn}<th></th>{/if}
-          </tr>
-        </thead>
-        <tbody>
-          {#each filtered as a (a.id)}
-            <tr>
-              <td>
-                <strong>{a.name}</strong>
-                {#if a.ticket_id}
-                  <span class="text-muted" style="font-size:0.8rem"> · {a.ticket_id}</span>
-                {/if}
-                {#if (a.party_size ?? 1) > 1}
-                  <span class="badge badge-lead" style="margin-left:0.3rem">×{a.party_size}</span>
-                {/if}
-                {#if a.note}
-                  <div class="text-muted" style="font-size:0.78rem">{a.note}</div>
-                {/if}
-              </td>
-              <td class="text-muted">{a.ticket_type || '—'}</td>
-              <td>
-                <div>{a.email || '—'}</div>
-                {#if a.volunteer_token && canManage}
-                  <div style="font-size:0.75rem;margin-top:0.15rem">
-                    <code style="color:var(--c-accent-h)">{a.volunteer_token}</code>
-                    {#if a.email}
-                      <button class="btn btn-ghost btn-sm" style="padding:0.1rem 0.4rem;margin-left:0.25rem"
-                        onclick={() => emailToken(a)}>✉</button>
-                    {/if}
-                  </div>
-                {/if}
-              </td>
-              <td>
-                {#if (a.party_size ?? 1) > 1}
-                  <span class="badge {a.checked_in ? 'badge-checked' : 'badge-unchecked'}">
-                    {a.checked_in_count ?? 0}/{a.party_size} in
-                  </span>
-                {:else}
-                  <span class="badge {a.checked_in ? 'badge-checked' : 'badge-unchecked'}">
-                    {a.checked_in ? 'Checked in' : 'Pending'}
-                  </span>
-                {/if}
-                {#if a.checked_in_at}
-                  <div class="text-muted" style="font-size:0.75rem">
-                    {new Date(a.checked_in_at).toLocaleTimeString()}
-                  </div>
-                {/if}
-              </td>
-              {#if canCheckIn}
-                <td>
-                  {#if (a.checked_in_count ?? 0) < (a.party_size ?? 1)}
-                    <CheckInButton onclick={() => checkIn(a)} />
-                  {/if}
-                </td>
-              {/if}
-            </tr>
-          {/each}
-        </tbody>
-      </table>
-    </div>
-  {/if}
-</div>
diff --git a/frontend/src/pages/ConfirmEmail.svelte b/frontend/src/pages/ConfirmEmail.svelte
new file mode 100644
index 0000000..256dce5
--- /dev/null
+++ b/frontend/src/pages/ConfirmEmail.svelte
@@ -0,0 +1,148 @@
+<script>
+  import { onMount } from 'svelte'
+  import { api } from '../api.js'
+
+  let status = $state('loading')
+  let kioskLink = $state('')
+  let error = $state('')
+
+  onMount(async () => {
+    const match = window.location.pathname.match(/^\/confirm\/(.+)/)
+    const token = match?.[1] ?? ''
+    if (!token) {
+      status = 'invalid'
+      return
+    }
+    try {
+      const result = await api.signup.confirm(token)
+      status = result.status ?? 'invalid'
+      if (result.kiosk_link) kioskLink = result.kiosk_link
+    } catch (err) {
+      error = err.message
+      status = 'error'
+    }
+  })
+</script>
+
+<div class="kiosk">
+  <div class="kiosk-header">
+    <div class="kiosk-brand">Turn<span>pike</span> &nbsp;<span class="kiosk-role">Email Confirmation</span></div>
+  </div>
+
+  <div class="kiosk-body">
+    {#if status === 'loading'}
+      <div class="kiosk-center">Confirming...</div>
+    {:else if status === 'confirmed'}
+      <div class="kiosk-card" style="text-align:center">
+        <div class="confirm-icon">&#10003;</div>
+        <h2 style="font-size:1.2rem;font-weight:700;margin-bottom:0.5rem">Email Confirmed</h2>
+        <p style="color:var(--c-muted);line-height:1.6;margin:0">
+          Your email address has been verified. Thank you for signing up!
+        </p>
+        {#if kioskLink}
+          <div class="kiosk-link-box">
+            <p style="color:var(--c-text);font-weight:600;margin-bottom:0.5rem">Shift signups are open!</p>
+            <a href={kioskLink} class="kbtn kbtn-primary">Choose Your Shifts</a>
+          </div>
+        {/if}
+      </div>
+    {:else if status === 'already_confirmed'}
+      <div class="kiosk-card" style="text-align:center">
+        <h2 style="font-size:1.2rem;font-weight:700;margin-bottom:0.5rem">Already Confirmed</h2>
+        <p style="color:var(--c-muted);line-height:1.6;margin:0">
+          This email address was already confirmed. No further action needed.
+        </p>
+      </div>
+    {:else if status === 'error'}
+      <div class="kiosk-error">{error}</div>
+    {:else}
+      <div class="kiosk-card" style="text-align:center">
+        <h2 style="font-size:1.2rem;font-weight:700;margin-bottom:0.5rem">Invalid Link</h2>
+        <p style="color:var(--c-muted);line-height:1.6;margin:0">
+          This confirmation link is not valid or has already been used.
+        </p>
+      </div>
+    {/if}
+  </div>
+</div>
+
+<style>
+  .kiosk {
+    min-height: 100vh;
+    background: var(--c-bg);
+    color: var(--c-text);
+    font-family: var(--font);
+    display: flex;
+    flex-direction: column;
+  }
+  .kiosk-header {
+    background: var(--c-surface);
+    border-bottom: 1px solid var(--c-border);
+    padding: 1rem 1.5rem;
+    display: flex;
+    align-items: center;
+  }
+  .kiosk-brand {
+    font-size: 1.1rem;
+    font-weight: 700;
+    letter-spacing: -0.02em;
+    color: var(--c-text);
+  }
+  .kiosk-brand span:first-of-type { color: var(--c-accent); }
+  .kiosk-role {
+    font-size: 0.8rem;
+    font-weight: 400;
+    color: var(--c-muted);
+    letter-spacing: 0;
+  }
+  .kiosk-body {
+    max-width: 540px;
+    margin: 0 auto;
+    padding: 1.5rem 1rem;
+    width: 100%;
+  }
+  .kiosk-center { display: flex; align-items: center; justify-content: center; padding: 2rem 0; }
+  .kiosk-card {
+    background: var(--c-surface);
+    border: 1px solid var(--c-border);
+    border-radius: 10px;
+    padding: 2rem 1.5rem;
+  }
+  .kiosk-error {
+    background: rgba(239,68,68,0.12);
+    border: 1px solid rgba(239,68,68,0.3);
+    color: #fca5a5;
+    padding: 1rem;
+    border-radius: 8px;
+    text-align: center;
+    line-height: 1.7;
+  }
+  .confirm-icon {
+    width: 48px;
+    height: 48px;
+    border-radius: 50%;
+    background: rgba(34,197,94,0.15);
+    color: #4ade80;
+    font-size: 1.5rem;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    margin: 0 auto 1rem;
+  }
+  .kiosk-link-box {
+    margin-top: 1.5rem;
+    padding-top: 1rem;
+    border-top: 1px solid var(--c-border);
+  }
+  .kbtn {
+    display: inline-flex; align-items: center; justify-content: center;
+    padding: 0.55rem 1.25rem; border-radius: 6px;
+    border: 1px solid transparent;
+    font-size: 0.875rem; font-weight: 500; cursor: pointer;
+    font-family: var(--font);
+    text-decoration: none;
+    transition: background 150ms;
+  }
+  .kbtn-primary { background: var(--c-accent); color: #fff; }
+  .kbtn-primary:hover { background: var(--c-accent-h); }
+</style>
diff --git a/frontend/src/pages/Dashboard.svelte b/frontend/src/pages/Dashboard.svelte
index c1ae495..73800d6 100644
--- a/frontend/src/pages/Dashboard.svelte
+++ b/frontend/src/pages/Dashboard.svelte
@@ -2,15 +2,57 @@
   import { liveQuery } from 'dexie'
   import { db } from '../db.js'
 
-  let { session } = $props()
+  let { session, navigate } = $props()
+
+  const roles = $derived(session?.user?.roles ?? [])
+  function hasRole(...allowed) { return roles.some(r => allowed.includes(r)) }
+  const myDeptIDs = $derived(session?.user?.department_ids ?? [])
+  const isAdmin = $derived(hasRole('admin'))
+  const isStaffing = $derived(hasRole('admin', 'staffing'))
+  const isColead = $derived(hasRole('colead'))
 
-  const attendees = liveQuery(() => db.attendees.toArray())
   const event = liveQuery(() => db.event.get(1))
+  const allTickets = liveQuery(() => db.tickets.toArray())
+  const allVolunteers = liveQuery(() => db.volunteers.filter(v => !v.deleted_at).toArray())
+  const allShifts = liveQuery(() => db.shifts.filter(s => !s.deleted_at).toArray())
+  const allDepts = liveQuery(() => db.departments.filter(d => !d.deleted_at).toArray())
+  const allVS = liveQuery(() => db.volunteer_shifts.toArray())
 
-  const total = $derived(($attendees ?? []).length)
-  const checkedIn = $derived(($attendees ?? []).filter(a => a.checked_in).length)
-  const remaining = $derived(total - checkedIn)
-  const pct = $derived(total > 0 ? Math.round((checkedIn / total) * 100) : 0)
+  // Ticket stats
+  const tickets = $derived($allTickets ?? [])
+  const ticketTotal = $derived(tickets.length)
+  const ticketCheckedIn = $derived(tickets.filter(t => t.checked_in_at).length)
+  const ticketRemaining = $derived(ticketTotal - ticketCheckedIn)
+  const ticketPct = $derived(ticketTotal > 0 ? Math.round((ticketCheckedIn / ticketTotal) * 100) : 0)
+
+  // Volunteer stats (scoped for colead)
+  const volunteers = $derived.by(() => {
+    const vols = $allVolunteers ?? []
+    if (isColead) return vols.filter(v => myDeptIDs.includes(v.department_id))
+    return vols
+  })
+  const volTotal = $derived(volunteers.length)
+  const volCheckedIn = $derived(volunteers.filter(v => v.ready).length)
+  const volLeads = $derived(volunteers.filter(v => v.is_lead).length)
+
+  // Shift stats (scoped for colead)
+  const shifts = $derived.by(() => {
+    const all = $allShifts ?? []
+    if (isColead) return all.filter(s => myDeptIDs.includes(s.department_id))
+    return all
+  })
+  const shiftTotal = $derived(shifts.length)
+  const shiftsFilled = $derived.by(() => {
+    const vs = $allVS ?? []
+    return shifts.filter(s => vs.some(a => a.shift_id === s.id)).length
+  })
+  const shiftFillPct = $derived(shiftTotal > 0 ? Math.round((shiftsFilled / shiftTotal) * 100) : 0)
+
+  // Department names for colead header
+  const myDeptNames = $derived.by(() => {
+    const depts = $allDepts ?? []
+    return myDeptIDs.map(id => depts.find(d => d.id === id)?.name).filter(Boolean)
+  })
 </script>
 
 <div class="page">
@@ -28,35 +70,113 @@
     </p>
   {/if}
 
-  <div class="stats">
-    <div class="stat">
-      <div class="stat-label">Total</div>
-      <div class="stat-value">{total}</div>
-    </div>
-    <div class="stat">
-      <div class="stat-label">Checked in</div>
-      <div class="stat-value" style="color:var(--c-success)">{checkedIn}</div>
-    </div>
-    <div class="stat">
-      <div class="stat-label">Remaining</div>
-      <div class="stat-value">{remaining}</div>
-    </div>
-    <div class="stat">
-      <div class="stat-label">Progress</div>
-      <div class="stat-value">{pct}%</div>
-    </div>
-  </div>
+  {#if isColead && myDeptNames.length > 0}
+    <p style="margin-bottom:1.5rem;font-size:0.9rem">
+      Your department{myDeptNames.length > 1 ? 's' : ''}:
+      <strong>{myDeptNames.join(', ')}</strong>
+    </p>
+  {/if}
 
-  {#if total > 0}
-    <div class="card" style="margin-bottom:1rem">
-      <div style="height:8px;background:var(--c-border);border-radius:99px;overflow:hidden">
-        <div style="height:100%;width:{pct}%;background:var(--c-success);border-radius:99px;transition:width 0.4s ease"></div>
+  <!-- Ticket check-in (admin) -->
+  {#if isAdmin}
+    <h2 class="dash-section">Ticket Check-in</h2>
+    <div class="stats">
+      <div class="stat">
+        <div class="stat-label">Total tickets</div>
+        <div class="stat-value">{ticketTotal}</div>
+      </div>
+      <div class="stat">
+        <div class="stat-label">Checked in</div>
+        <div class="stat-value" style="color:var(--c-success)">{ticketCheckedIn}</div>
+      </div>
+      <div class="stat">
+        <div class="stat-label">Remaining</div>
+        <div class="stat-value">{ticketRemaining}</div>
+      </div>
+      <div class="stat">
+        <div class="stat-label">Progress</div>
+        <div class="stat-value">{ticketPct}%</div>
+      </div>
+    </div>
+
+    {#if ticketTotal > 0}
+      <div style="height:8px;background:var(--c-border);border-radius:99px;overflow:hidden;margin-bottom:2rem">
+        <div style="height:100%;width:{ticketPct}%;background:var(--c-success);border-radius:99px;transition:width 0.4s ease"></div>
+      </div>
+    {/if}
+  {/if}
+
+  <!-- Volunteer stats (admin/staffing/colead) -->
+  {#if isStaffing || isColead}
+    <h2 class="dash-section">{isColead ? 'My Volunteers' : 'Volunteers'}</h2>
+    <div class="stats">
+      <div class="stat">
+        <div class="stat-label">Total</div>
+        <div class="stat-value">{volTotal}</div>
+      </div>
+      <div class="stat">
+        <div class="stat-label">Checked in</div>
+        <div class="stat-value" style="color:var(--c-success)">{volCheckedIn}</div>
+      </div>
+      <div class="stat">
+        <div class="stat-label">Leads</div>
+        <div class="stat-value">{volLeads}</div>
       </div>
     </div>
   {/if}
 
-  <p class="text-muted" style="font-size:0.85rem">
-    Welcome, <strong style="color:var(--c-text)">{session?.user?.username}</strong>
-    · <span class="badge badge-role">{session?.user?.role}</span>
+  <!-- Shift coverage (admin/staffing/colead) -->
+  {#if isStaffing || isColead}
+    <h2 class="dash-section">{isColead ? 'My Shifts' : 'Shift Coverage'}</h2>
+    <div class="stats">
+      <div class="stat">
+        <div class="stat-label">Total shifts</div>
+        <div class="stat-value">{shiftTotal}</div>
+      </div>
+      <div class="stat">
+        <div class="stat-label">With volunteers</div>
+        <div class="stat-value">{shiftsFilled}</div>
+      </div>
+      <div class="stat">
+        <div class="stat-label">Fill rate</div>
+        <div class="stat-value">{shiftFillPct}%</div>
+      </div>
+    </div>
+  {/if}
+
+  <!-- Quick actions -->
+  {#if isAdmin}
+    <div class="dash-actions">
+      <a href="/import" class="btn btn-ghost btn-sm" onclick={(e) => { e.preventDefault(); navigate('/import') }}>Import CSV</a>
+      <a href="/participants" class="btn btn-ghost btn-sm" onclick={(e) => { e.preventDefault(); navigate('/participants') }}>Manage Participants</a>
+      <a href="/settings" class="btn btn-ghost btn-sm" onclick={(e) => { e.preventDefault(); navigate('/settings') }}>Settings</a>
+    </div>
+  {:else if isStaffing || isColead}
+    <div class="dash-actions">
+      <a href="/schedule" class="btn btn-ghost btn-sm" onclick={(e) => { e.preventDefault(); navigate('/schedule') }}>View Schedule</a>
+      <a href="/volunteers" class="btn btn-ghost btn-sm" onclick={(e) => { e.preventDefault(); navigate('/volunteers') }}>Manage Volunteers</a>
+    </div>
+  {/if}
+
+  <p class="text-muted" style="font-size:0.85rem;margin-top:2rem">
+    Welcome, <strong style="color:var(--c-text)">{session?.user?.preferred_name}</strong>
+    · {#each roles as r}<span class="badge badge-role">{r}</span>{/each}
   </p>
 </div>
+
+<style>
+  .dash-section {
+    font-size: 0.82rem;
+    font-weight: 600;
+    text-transform: uppercase;
+    letter-spacing: 0.06em;
+    color: var(--c-muted);
+    margin-bottom: 0.75rem;
+  }
+  .dash-actions {
+    display: flex;
+    gap: 0.5rem;
+    flex-wrap: wrap;
+    margin-top: 0.5rem;
+  }
+</style>
diff --git a/frontend/src/pages/Departments.svelte b/frontend/src/pages/Departments.svelte
index 81408d8..863c4a1 100644
--- a/frontend/src/pages/Departments.svelte
+++ b/frontend/src/pages/Departments.svelte
@@ -18,9 +18,10 @@
   let editDesc = $state('')
   let saving = $state(false)
 
-  const role = $derived(session?.user?.role ?? '')
-  const canCreate = $derived(['admin', 'coordinator'].includes(role))
-  const canDelete = $derived(role === 'admin')
+  const roles = $derived(session?.user?.roles ?? [])
+  function hasRole(...allowed) { return roles.some(r => allowed.includes(r)) }
+  const canCreate = $derived(hasRole('admin', 'staffing'))
+  const canDelete = $derived(hasRole('admin'))
 
   const allDepts = liveQuery(() =>
     db.departments.filter(d => !d.deleted_at).toArray()
@@ -100,7 +101,7 @@
   {#if showAdd && canCreate}
     <div class="card" style="margin-bottom:1.5rem">
       <form onsubmit={addDept}>
-        <div style="display:grid;grid-template-columns:1fr 1fr auto;gap:1rem;align-items:end">
+        <div class="form-grid-3">
           <div class="form-group" style="margin-bottom:0">
             <label for="d-name">Name *</label>
             <input id="d-name" bind:value={newName} required placeholder="e.g. Security" />
@@ -111,7 +112,7 @@
           </div>
           <div class="form-group" style="margin-bottom:0">
             <label for="d-color">Color</label>
-            <input id="d-color" type="color" bind:value={newColor} style="width:60px;padding:0.2rem;height:2.3rem;cursor:pointer" />
+            <input id="d-color" type="color" bind:value={newColor} class="color-input" />
           </div>
         </div>
         <div class="actions" style="margin-top:1rem">
@@ -127,7 +128,7 @@
   {#if ($allDepts ?? []).length === 0}
     <div class="empty">
       <strong>No departments yet</strong>
-      <p>Add departments to organize your volunteer teams.</p>
+      <p>Create departments to organize shifts and volunteer teams. Coleads are assigned to specific departments.</p>
     </div>
   {:else}
     <div class="table-wrap">
@@ -142,8 +143,8 @@
         <tbody>
           {#each $allDepts ?? [] as d (d.id)}
             {#if editID === d.id}
-              <tr>
-                <td>
+              <tr class="edit-row">
+                <td class="td-name">
                   <div style="display:flex;align-items:center;gap:0.5rem">
                     <input type="color" bind:value={editColor} style="width:36px;height:36px;padding:0.1rem;border-radius:4px;cursor:pointer;flex-shrink:0" />
                     <input bind:value={editName} required placeholder="Name" style="margin:0" />
@@ -153,7 +154,7 @@
                   <input bind:value={editDesc} placeholder="Description" style="margin:0" />
                 </td>
                 {#if canCreate}
-                  <td>
+                  <td class="td-actions">
                     <div class="actions">
                       <button class="btn btn-primary btn-sm" onclick={() => saveDept(d)} disabled={saving}>
                         {saving ? '…' : 'Save'}
@@ -165,13 +166,13 @@
               </tr>
             {:else}
               <tr>
-                <td>
+                <td class="td-name">
                   <span class="dept-dot" style="background:{d.color};margin-right:0.5rem"></span>
                   <strong>{d.name}</strong>
                 </td>
-                <td class="text-muted">{d.description || '—'}</td>
+                <td class="td-desc text-muted">{d.description || '—'}</td>
                 {#if canCreate}
-                  <td>
+                  <td class="td-actions">
                     <div class="actions">
                       <button class="btn btn-ghost btn-sm" onclick={() => startEdit(d)}>Edit</button>
                       {#if canDelete}
@@ -188,3 +189,13 @@
     </div>
   {/if}
 </div>
+
+<style>
+  .color-input { width: 60px; padding: 0.2rem; height: 2.3rem; cursor: pointer; }
+  @media (max-width: 640px) {
+    .td-name { width: 100%; }
+    .td-desc { width: 100%; }
+    .td-actions { width: 100%; display: flex; justify-content: flex-end; }
+    .edit-row td { width: 100%; }
+  }
+</style>
diff --git a/frontend/src/pages/GateUI.svelte b/frontend/src/pages/GateKiosk.svelte
similarity index 54%
rename from frontend/src/pages/GateUI.svelte
rename to frontend/src/pages/GateKiosk.svelte
index f3ea8a9..d1eeaa1 100644
--- a/frontend/src/pages/GateUI.svelte
+++ b/frontend/src/pages/GateKiosk.svelte
@@ -7,6 +7,8 @@
   let { session, onLogout } = $props()
 
   let search = $state('')
+  let manuallySelectedId = $state(null)
+  let showAll = $state(false)
   let error = $state('')
   let scannerMsg = $state('')
   let qrSupported = $state(false)
@@ -16,36 +18,89 @@
   let detector = $state(null)
   let scanInterval = $state(null)
 
-  const attendees = liveQuery(() =>
-    db.attendees.filter(a => !a.deleted_at).toArray()
+  const tickets = liveQuery(() =>
+    db.tickets.filter(t => !t.deleted_at).toArray()
+  )
+
+  const participants = liveQuery(() =>
+    db.participants.filter(p => !p.deleted_at).toArray()
   )
 
   const recentCheckIns = liveQuery(() =>
-    db.attendees
-      .filter(a => a.checked_in && !a.deleted_at)
+    db.tickets
+      .filter(t => !!t.checked_in_at && !t.deleted_at)
       .toArray()
       .then(arr => arr
-        .filter(a => a.checked_in_at)
         .sort((a, b) => b.checked_in_at.localeCompare(a.checked_in_at))
         .slice(0, 10)
       )
   )
 
-  const filtered = $derived.by(() => {
+  // Exact code/external_id match (QR scan or typed code)
+  const matchedTicket = $derived.by(() => {
+    const s = search.trim()
+    if (!s || s.length < 2) return null
+    const sl = s.toLowerCase()
+    const byCode = ($tickets ?? []).find(t => t.code?.toLowerCase() === sl)
+    if (byCode) return byCode
+    return ($tickets ?? []).find(t => t.external_id?.toLowerCase() === sl) ?? null
+  })
+
+  const allParticipantsSorted = $derived.by(() =>
+    ($participants ?? [])
+      .filter(p => !p.deleted_at)
+      .sort((a, b) => (a.preferred_name || a.email || '').localeCompare(b.preferred_name || b.email || ''))
+  )
+
+  // Clear manual selection whenever search text changes
+  $effect(() => {
+    search
+    manuallySelectedId = null
+  })
+
+  // Name/email/ticket-name search across participants
+  const filteredParticipants = $derived.by(() => {
+    if (matchedTicket) return []
     const s = search.trim().toLowerCase()
     if (!s || s.length < 2) return []
-    return ($attendees ?? [])
-      .filter(a => a.name.toLowerCase().includes(s) || a.ticket_id?.toLowerCase().includes(s) || a.email?.toLowerCase().includes(s))
-      .sort((a, b) => a.name.localeCompare(b.name))
+    const byTicketName = new Set(
+      ($tickets ?? [])
+        .filter(t => t.name?.toLowerCase().includes(s))
+        .map(t => t.participant_id)
+        .filter(Boolean)
+    )
+    return ($participants ?? [])
+      .filter(p =>
+        p.preferred_name?.toLowerCase().includes(s) ||
+        p.email?.toLowerCase().includes(s) ||
+        byTicketName.has(p.id)
+      )
+      .sort((a, b) => (a.preferred_name || '').localeCompare(b.preferred_name || ''))
       .slice(0, 8)
   })
 
-  const selected = $derived.by(() => {
-    if (filtered.length === 1) return filtered[0]
-    const s = search.trim().toLowerCase()
-    return filtered.find(a => a.ticket_id?.toLowerCase() === s) ?? null
+  // Manual selection takes priority; fall back to auto-select on single match
+  const selectedParticipant = $derived.by(() => {
+    if (manuallySelectedId) {
+      return ($participants ?? []).find(p => p.id === manuallySelectedId) ?? null
+    }
+    if (filteredParticipants.length === 1) return filteredParticipants[0]
+    return null
   })
 
+  function ticketsFor(participantId) {
+    return ($tickets ?? []).filter(t => t.participant_id === participantId && !t.deleted_at)
+  }
+
+  function participantFor(ticket) {
+    if (!ticket?.participant_id) return null
+    return ($participants ?? []).find(p => p.id === ticket.participant_id) ?? null
+  }
+
+  function nameFor(ticket) {
+    return ticket.name || participantFor(ticket)?.preferred_name || '(unknown)'
+  }
+
   onMount(() => {
     qrSupported = 'BarcodeDetector' in window
   })
@@ -96,40 +151,19 @@
     } catch {}
   }
 
-  async function checkIn(attendee, count = 1) {
+  async function checkInTicket(ticket) {
     error = ''
     try {
-      const result = await api.attendees.checkIn(attendee.id, { count })
-      if (result.attendee) {
-        await db.attendees.put(result.attendee)
+      const result = await api.tickets.checkIn(ticket.id)
+      if (result.ticket) {
+        await db.tickets.put(result.ticket)
+        search = ''
       }
     } catch (err) {
       error = err.message
     }
   }
 
-  async function checkInWithVolunteer(attendee) {
-    error = ''
-    try {
-      const result = await api.attendees.checkIn(attendee.id, { count: 1, also_volunteer: true })
-      if (result.attendee) await db.attendees.put(result.attendee)
-      if (result.volunteer) await db.volunteers.put(result.volunteer)
-    } catch (err) {
-      error = err.message
-    }
-  }
-
-  function remaining(a) {
-    return (a.party_size ?? 1) - (a.checked_in_count ?? 0)
-  }
-
-  function progressLabel(a) {
-    const ps = a.party_size ?? 1
-    const ci = a.checked_in_count ?? 0
-    if (ps <= 1) return null
-    return `${ci}/${ps} checked in`
-  }
-
   function fmt(ts) {
     if (!ts) return ''
     return new Date(ts).toLocaleTimeString([], { hour: '2-digit', minute: '2-digit' })
@@ -155,6 +189,9 @@
           {scanning ? '■ Stop' : '⊡ Scan QR'}
         </button>
       {/if}
+      <button class="gbtn gbtn-ghost" onclick={() => { showAll = !showAll; search = ''; manuallySelectedId = null }}>
+        {showAll ? '✕ Close' : '☰ Browse'}
+      </button>
     </div>
 
     {#if scanning}
@@ -172,74 +209,122 @@
       <div class="gate-msg gate-msg-error">{error}</div>
     {/if}
 
-    <!-- Matched attendee card -->
-    {#if selected}
-      {@const rem = remaining(selected)}
-      {@const prog = progressLabel(selected)}
+    <!-- Exact code/ID match card -->
+    {#if matchedTicket}
+      {@const p = participantFor(matchedTicket)}
       <div class="gate-match">
-        <div class="gate-match-name">{selected.name}</div>
-        {#if selected.ticket_type}
-          <div class="gate-match-sub">{selected.ticket_type}</div>
+        <div class="gate-match-name">{nameFor(matchedTicket)}</div>
+        {#if matchedTicket.ticket_type}
+          <div class="gate-match-sub">{matchedTicket.ticket_type}</div>
         {/if}
-        {#if selected.ticket_id}
-          <div class="gate-match-sub text-muted">#{selected.ticket_id}</div>
+        {#if matchedTicket.external_id}
+          <div class="gate-match-sub text-muted">#{matchedTicket.external_id}</div>
         {/if}
-        {#if prog}
-          <div class="gate-party">
-            <span class="gate-party-label">{prog}</span>
-          </div>
+        {#if p?.email}
+          <div class="gate-match-sub text-muted">{p.email}</div>
         {/if}
-
         <div class="gate-match-actions">
-          {#if rem > 0}
-            <button class="gbtn gbtn-success" onclick={() => checkIn(selected, 1)}>
-              ✓ Check in 1
+          {#if !matchedTicket.checked_in_at}
+            <button class="gbtn gbtn-success" onclick={() => checkInTicket(matchedTicket)}>
+              ✓ Check in
             </button>
-            {#if rem > 1}
-              <button class="gbtn gbtn-ghost" onclick={() => checkIn(selected, rem)}>
-                Check in all {rem}
-              </button>
-            {/if}
           {:else}
-            <span class="gate-done">All checked in</span>
-          {/if}
-
-          {#if selected.volunteer_token && !selected.checked_in}
-            <button class="gbtn gbtn-ghost" onclick={() => checkInWithVolunteer(selected)}>
-              + Volunteer
-            </button>
+            <span class="gate-done">✓ Checked in {fmt(matchedTicket.checked_in_at)}</span>
           {/if}
         </div>
       </div>
-    {:else if search.trim().length >= 2 && filtered.length > 1}
-      <!-- Multiple results list -->
+
+    <!-- Single participant match — show their tickets -->
+    {:else if selectedParticipant}
+      {@const pts = ticketsFor(selectedParticipant.id)}
+      <div class="gate-match">
+        <div class="gate-match-name-row">
+          <div class="gate-match-name">{selectedParticipant.preferred_name || selectedParticipant.email || '(unknown)'}</div>
+          {#if manuallySelectedId}
+            <button class="gbtn gbtn-ghost" style="font-size:0.8rem;padding:0.3rem 0.6rem"
+              onclick={() => manuallySelectedId = null}>← Back</button>
+          {/if}
+        </div>
+        {#if selectedParticipant.email}
+          <div class="gate-match-sub text-muted">{selectedParticipant.email}</div>
+        {/if}
+        {#if pts.length === 0}
+          <div class="gate-match-sub" style="margin-top:0.5rem;color:var(--c-warn)">No tickets on file</div>
+        {:else}
+          <div style="margin-top:0.75rem;display:flex;flex-direction:column;gap:0.4rem">
+            {#each pts as tk (tk.id)}
+              <div class="gate-ticket-row">
+                <span>
+                  <strong>{tk.name || '(unnamed)'}</strong>
+                  {#if tk.ticket_type}<span class="text-muted"> · {tk.ticket_type}</span>{/if}
+                </span>
+                {#if tk.checked_in_at}
+                  <span class="gate-done" style="font-size:0.8rem">✓ {fmt(tk.checked_in_at)}</span>
+                {:else}
+                  <button class="gbtn gbtn-success" style="padding:0.3rem 0.75rem;font-size:0.8rem"
+                    onclick={() => checkInTicket(tk)}>✓ Check in</button>
+                {/if}
+              </div>
+            {/each}
+          </div>
+        {/if}
+      </div>
+
+    <!-- Multiple participant matches -->
+    {:else if search.trim().length >= 2 && filteredParticipants.length > 1}
       <div class="gate-results">
-        {#each filtered as a}
-          <button class="gate-result-row" onclick={() => search = a.ticket_id || a.name}>
+        {#each filteredParticipants as p}
+          {@const pts = ticketsFor(p.id)}
+          {@const ci = pts.filter(t => t.checked_in_at).length}
+          <button class="gate-result-row" onclick={() => manuallySelectedId = p.id}>
             <span>
-              <strong>{a.name}</strong>
-              {#if a.ticket_type} · {a.ticket_type}{/if}
+              <strong>{p.preferred_name || p.email || '(unknown)'}</strong>
+              {#if p.email && p.preferred_name}
+                <span class="text-muted" style="font-size:0.8rem"> · {p.email}</span>
+              {/if}
             </span>
-            <span class="badge {a.checked_in ? 'badge-checked' : 'badge-unchecked'}">
-              {a.checked_in ? 'In' : 'Pending'}
+            <span class="badge {ci === pts.length && pts.length > 0 ? 'badge-checked' : ci > 0 ? 'badge-partial' : 'badge-unchecked'}">
+              {pts.length > 0 ? `${ci}/${pts.length}` : 'No ticket'}
+            </span>
+          </button>
+        {/each}
+      </div>
+
+    {:else if search.trim().length >= 2}
+      <div class="gate-msg gate-msg-warn">No matching participants or tickets found.</div>
+    {/if}
+
+    <!-- Browse all participants -->
+    {#if showAll && !matchedTicket && !selectedParticipant && search.trim().length < 2}
+      <div class="gate-results">
+        {#each allParticipantsSorted as p}
+          {@const pts = ticketsFor(p.id)}
+          {@const ci = pts.filter(t => t.checked_in_at).length}
+          <button class="gate-result-row" onclick={() => { manuallySelectedId = p.id; showAll = false }}>
+            <span>
+              <strong>{p.preferred_name || p.email || '(unknown)'}</strong>
+              {#if p.email && p.preferred_name}
+                <span class="text-muted" style="font-size:0.8rem"> · {p.email}</span>
+              {/if}
+            </span>
+            <span class="badge {ci === pts.length && pts.length > 0 ? 'badge-checked' : ci > 0 ? 'badge-partial' : 'badge-unchecked'}">
+              {pts.length > 0 ? `${ci}/${pts.length}` : 'No ticket'}
             </span>
           </button>
         {/each}
       </div>
-    {:else if search.trim().length >= 2 && filtered.length === 0}
-      <div class="gate-msg gate-msg-warn">No matching attendees found.</div>
     {/if}
 
     <!-- Recent check-ins -->
     <div class="gate-recent">
       <div class="gate-recent-title">Recent Check-ins</div>
       {#if ($recentCheckIns ?? []).length === 0}
-        <div class="gate-recent-empty">No check-ins yet today.</div>
+        <div class="gate-recent-empty">No check-ins yet.</div>
       {:else}
-        {#each $recentCheckIns ?? [] as a}
+        {#each $recentCheckIns ?? [] as tk}
           <div class="gate-recent-row">
-            <span>{a.name}</span>
-            <span class="text-muted">{fmt(a.checked_in_at)}</span>
+            <span>{nameFor(tk)}</span>
+            <span class="text-muted">{fmt(tk.checked_in_at)}</span>
           </div>
         {/each}
       {/if}
@@ -354,7 +439,8 @@
     padding: 1.25rem;
     margin-bottom: 1rem;
   }
-  .gate-match-name { font-size: 1.4rem; font-weight: 700; margin-bottom: 0.2rem; }
+  .gate-match-name-row { display: flex; align-items: center; justify-content: space-between; gap: 0.5rem; margin-bottom: 0.2rem; }
+  .gate-match-name { font-size: 1.4rem; font-weight: 700; }
   .gate-match-sub { color: var(--c-muted); font-size: 0.875rem; }
   .gate-party {
     margin: 0.5rem 0;
@@ -384,6 +470,16 @@
     align-items: center;
   }
 
+  .gate-ticket-row {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    padding: 0.4rem 0.6rem;
+    background: var(--c-bg);
+    border-radius: 6px;
+    font-size: 0.875rem;
+  }
+
   .gate-results {
     background: var(--c-surface);
     border: 1px solid var(--c-border);
diff --git a/frontend/src/pages/Import.svelte b/frontend/src/pages/Import.svelte
index a3f9ccc..17bff4d 100644
--- a/frontend/src/pages/Import.svelte
+++ b/frontend/src/pages/Import.svelte
@@ -53,7 +53,7 @@
         <strong style="color:var(--c-text)">Supported formats:</strong><br>
         <strong>CrowdWork / ticketing platform:</strong> columns <code>Patron Name</code>, <code>Patron Email</code>, <code>Tier Name</code>, <code>Order Number</code><br>
         <strong>Generic:</strong> columns <code>name</code>, <code>email</code>, <code>ticket_id</code>, <code>ticket_type</code>, <code>note</code><br>
-        Duplicate names are skipped.
+        Duplicate tickets (same source + external ID) are skipped. Participants are matched or created by email.
       </div>
 
       <button type="submit" class="btn btn-primary" disabled={!file || importing}>
diff --git a/frontend/src/pages/Login.svelte b/frontend/src/pages/Login.svelte
index de4f6af..5249231 100644
--- a/frontend/src/pages/Login.svelte
+++ b/frontend/src/pages/Login.svelte
@@ -1,20 +1,32 @@
 <script>
+  import { onMount } from 'svelte'
   import { api } from '../api.js'
   import { saveSession } from '../db.js'
 
-  let { onlogin } = $props()
+  let { onlogin, error: externalError = '' } = $props()
 
-  let username = $state('')
+  let email = $state('')
   let password = $state('')
   let error = $state('')
+
+  $effect(() => { if (externalError) error = externalError })
   let loading = $state(false)
+  let ssoEnabled = $state(false)
+  let ssoLoading = $state(false)
+
+  onMount(async () => {
+    try {
+      const res = await api.sso.enabled()
+      ssoEnabled = res.enabled
+    } catch {}
+  })
 
   async function submit(e) {
     e.preventDefault()
     error = ''
     loading = true
     try {
-      const { token, user } = await api.login(username, password)
+      const { token, user } = await api.login(email, password)
       await saveSession(token, user)
       onlogin({ token, user })
     } catch (err) {
@@ -23,6 +35,18 @@
       loading = false
     }
   }
+
+  async function startSSO() {
+    error = ''
+    ssoLoading = true
+    try {
+      const { redirect_url } = await api.sso.init()
+      window.location.href = redirect_url
+    } catch (err) {
+      error = err.message || 'SSO failed'
+      ssoLoading = false
+    }
+  }
 </script>
 
 <div class="login-wrap">
@@ -34,8 +58,8 @@
     {/if}
     <form onsubmit={submit}>
       <div class="form-group">
-        <label for="username">Username</label>
-        <input id="username" bind:value={username} autocomplete="username" required />
+        <label for="email">Email</label>
+        <input id="email" type="email" bind:value={email} autocomplete="email" required />
       </div>
       <div class="form-group">
         <label for="password">Password</label>
@@ -45,5 +69,28 @@
         {loading ? 'Signing in…' : 'Sign in'}
       </button>
     </form>
+    {#if ssoEnabled}
+      <div class="sso-divider"><span>or</span></div>
+      <button class="btn btn-ghost" style="width:100%" onclick={startSSO} disabled={ssoLoading}>
+        {ssoLoading ? 'Redirecting…' : 'Log in with Discourse'}
+      </button>
+    {/if}
   </div>
 </div>
+
+<style>
+  .sso-divider {
+    display: flex;
+    align-items: center;
+    margin: 1rem 0;
+    gap: 0.75rem;
+    color: var(--c-muted);
+    font-size: 0.8rem;
+  }
+  .sso-divider::before,
+  .sso-divider::after {
+    content: '';
+    flex: 1;
+    border-top: 1px solid var(--c-border);
+  }
+</style>
diff --git a/frontend/src/pages/Participants.svelte b/frontend/src/pages/Participants.svelte
new file mode 100644
index 0000000..0be1485
--- /dev/null
+++ b/frontend/src/pages/Participants.svelte
@@ -0,0 +1,528 @@
+<script>
+  import { liveQuery } from 'dexie'
+  import { db } from '../db.js'
+  import { api } from '../api.js'
+
+  let { session } = $props()
+
+  let search = $state('')
+  let error = $state('')
+  let success = $state('')
+  let generating = $state(false)
+  let emailing = $state(false)
+  let mergeMode = $state(false)
+  let mergeSource = $state(null)
+  let mergeTarget = $state(null)
+  let expandedId = $state(null)
+
+  // Add participant form
+  let showAdd = $state(false)
+  let adding = $state(false)
+  let newName = $state('')
+  let newTicketedName = $state('')
+  let newEmail = $state('')
+  let newPhone = $state('')
+  let newPronouns = $state('')
+  let newNote = $state('')
+
+  // Edit participant
+  let editId = $state(null)
+  let editName = $state('')
+  let editTicketedName = $state('')
+  let editEmail = $state('')
+  let editPhone = $state('')
+  let editPronouns = $state('')
+  let editNote = $state('')
+  let saving = $state(false)
+
+  // Add ticket form (per participant)
+  let addTicketFor = $state(null)   // participant id
+  let addingTicket = $state(false)
+  let newTicketName = $state('')
+  let newTicketType = $state('')
+  let newTicketExtId = $state('')
+
+  const roles = $derived(session?.user?.roles ?? [])
+  function hasRole(...allowed) { return roles.some(r => allowed.includes(r)) }
+  const canManage = $derived(hasRole('admin'))
+
+  const allParticipants = liveQuery(() => db.participants.toArray())
+  const allTickets = liveQuery(() => db.tickets.toArray())
+
+  const filtered = $derived.by(() => {
+    const list = $allParticipants ?? []
+    const s = search.toLowerCase().trim()
+    return list
+      .filter(p => {
+        if (!s) return true
+        return p.preferred_name?.toLowerCase().includes(s) ||
+               p.email?.toLowerCase().includes(s) ||
+               p.phone?.toLowerCase().includes(s)
+      })
+      .sort((a, b) => (a.preferred_name || a.email).localeCompare(b.preferred_name || b.email))
+  })
+
+  function ticketsFor(participantId) {
+    return ($allTickets ?? []).filter(t => t.participant_id === participantId)
+  }
+
+
+  function checkedInCount(participantId) {
+    return ticketsFor(participantId).filter(t => t.checked_in_at).length
+  }
+
+  function toggleExpand(id) {
+    expandedId = expandedId === id ? null : id
+  }
+
+  async function generateCodes() {
+    generating = true
+    error = ''
+    success = ''
+    try {
+      const result = await api.tickets.generateCodes()
+      success = `Generated ${result.generated} code${result.generated !== 1 ? 's' : ''}.`
+    } catch (err) {
+      error = err.message
+    } finally {
+      generating = false
+    }
+  }
+
+  async function emailAll() {
+    if (!confirm('Send code emails to all participants with a ticket code and email?')) return
+    emailing = true
+    error = ''
+    success = ''
+    try {
+      const result = await api.tickets.emailAllCodes()
+      success = `Sent ${result.sent} email${result.sent !== 1 ? 's' : ''}${result.skipped ? `, skipped ${result.skipped}` : ''}.`
+      if (result.errors?.length) error = result.errors.join('; ')
+    } catch (err) {
+      error = err.message
+    } finally {
+      emailing = false
+    }
+  }
+
+  function startMerge(p) {
+    mergeMode = true
+    mergeSource = p
+    mergeTarget = null
+    error = ''
+  }
+
+  function cancelMerge() {
+    mergeMode = false
+    mergeSource = null
+    mergeTarget = null
+  }
+
+  async function confirmMerge() {
+    if (!mergeSource || !mergeTarget) return
+    error = ''
+    try {
+      const result = await api.participants.merge(mergeTarget.id, mergeSource.id)
+      success = `Merged "${mergeSource.preferred_name || mergeSource.email}" into "${mergeTarget.preferred_name || mergeTarget.email}".`
+      if (result.participant) await db.participants.put(result.participant)
+      if (result.tickets?.length) await db.tickets.bulkPut(result.tickets)
+      await db.participants.delete(mergeSource.id)
+      cancelMerge()
+    } catch (err) {
+      error = err.message
+    }
+  }
+
+  async function checkInTicket(tk) {
+    error = ''
+    try {
+      const result = await api.tickets.checkIn(tk.id)
+      if (result.ticket) await db.tickets.put(result.ticket)
+    } catch (err) {
+      error = err.message
+    }
+  }
+
+  function fmtTime(ts) {
+    if (!ts) return ''
+    return new Date(ts).toLocaleTimeString([], { hour: '2-digit', minute: '2-digit' })
+  }
+
+  async function addParticipant(e) {
+    e.preventDefault()
+    adding = true; error = ''
+    try {
+      const p = await api.participants.create({
+        preferred_name: newName, ticket_name: newTicketedName, email: newEmail,
+        phone: newPhone, pronouns: newPronouns, note: newNote,
+      })
+      await db.participants.put(p)
+      showAdd = false
+      newName = newTicketedName = newEmail = newPhone = newPronouns = newNote = ''
+    } catch (err) {
+      error = err.message
+    } finally {
+      adding = false
+    }
+  }
+
+  function startEdit(p) {
+    editId = p.id
+    editName = p.preferred_name
+    editTicketedName = p.ticket_name || ''
+    editEmail = p.email
+    editPhone = p.phone
+    editPronouns = p.pronouns
+    editNote = p.note
+  }
+
+  async function saveEdit(e) {
+    e.preventDefault()
+    saving = true; error = ''
+    try {
+      const p = await api.participants.update(editId, {
+        preferred_name: editName, ticket_name: editTicketedName, email: editEmail,
+        phone: editPhone, pronouns: editPronouns, note: editNote,
+      })
+      await db.participants.put(p)
+      editId = null
+    } catch (err) {
+      error = err.message
+    } finally {
+      saving = false
+    }
+  }
+
+  async function deleteParticipant(id) {
+    if (!confirm('Permanently delete this participant and all their records?')) return
+    error = ''
+    try {
+      await api.participants.delete(id)
+      await db.participants.delete(id)
+      editId = null
+    } catch (err) {
+      error = err.message
+    }
+  }
+
+  async function addTicket(e, participantId) {
+    e.preventDefault()
+    addingTicket = true; error = ''
+    try {
+      const tk = await api.tickets.create({
+        participant_id: participantId,
+        name: newTicketName,
+        ticket_type: newTicketType,
+        external_id: newTicketExtId,
+        source: 'manual',
+      })
+      await db.tickets.put(tk)
+      addTicketFor = null
+      newTicketName = newTicketType = newTicketExtId = ''
+    } catch (err) {
+      error = err.message
+    } finally {
+      addingTicket = false
+    }
+  }
+</script>
+
+<div class="page">
+  <div class="page-header">
+    <h1 class="page-title">Participants</h1>
+    <div class="actions">
+      {#if canManage}
+        <button class="btn btn-primary btn-sm" onclick={() => showAdd = !showAdd}>+ Add</button>
+        <a href="/api/participants/export" class="btn btn-ghost btn-sm">Export CSV</a>
+        <button class="btn btn-ghost btn-sm" onclick={generateCodes} disabled={generating}>
+          {generating ? '…' : '⚿ Generate Codes'}
+        </button>
+        <a href="/api/tickets/export-links" class="btn btn-ghost btn-sm">Export Links</a>
+        <button class="btn btn-ghost btn-sm" onclick={emailAll} disabled={emailing}>
+          {emailing ? '…' : '✉ Email All'}
+        </button>
+      {/if}
+    </div>
+  </div>
+
+  {#if showAdd && canManage}
+    <div class="card" style="margin-bottom:1.5rem">
+      <form onsubmit={addParticipant}>
+        <div class="form-grid">
+          <div class="form-group">
+            <label for="p-name">Preferred Name</label>
+            <input id="p-name" bind:value={newName} placeholder="Preferred name" />
+          </div>
+          <div class="form-group">
+            <label for="p-tname">Ticketed Name</label>
+            <input id="p-tname" bind:value={newTicketedName} placeholder="Legal/ticketed name" />
+          </div>
+          <div class="form-group">
+            <label for="p-email">Email</label>
+            <input id="p-email" type="email" bind:value={newEmail} placeholder="email@example.com" />
+          </div>
+          <div class="form-group">
+            <label for="p-phone">Phone</label>
+            <input id="p-phone" bind:value={newPhone} placeholder="Optional" />
+          </div>
+          <div class="form-group">
+            <label for="p-pronouns">Pronouns</label>
+            <input id="p-pronouns" bind:value={newPronouns} placeholder="Optional" />
+          </div>
+        </div>
+        <div class="form-group">
+          <label for="p-note">Note</label>
+          <input id="p-note" bind:value={newNote} placeholder="Optional note" />
+        </div>
+        <div class="actions">
+          <button type="submit" class="btn btn-primary" disabled={adding || (!newName && !newEmail)}>
+            {adding ? 'Adding…' : 'Add participant'}
+          </button>
+          <button type="button" class="btn btn-ghost" onclick={() => showAdd = false}>Cancel</button>
+        </div>
+      </form>
+    </div>
+  {/if}
+
+  {#if mergeMode && mergeSource}
+    <div class="card" style="margin-bottom:1.5rem;border-color:var(--c-accent)">
+      <div style="margin-bottom:0.75rem">
+        <strong>Merge:</strong> "{mergeSource.preferred_name || mergeSource.email}" will be merged into the participant you select below.
+        All their tickets and volunteer records will move to the target.
+      </div>
+      {#if mergeTarget}
+        <div style="margin-bottom:0.75rem">
+          <strong>Target:</strong> {mergeTarget.preferred_name || mergeTarget.email} ({mergeTarget.email})
+        </div>
+        <div class="actions">
+          <button class="btn btn-primary" onclick={confirmMerge}>Confirm merge</button>
+          <button class="btn btn-ghost" onclick={cancelMerge}>Cancel</button>
+        </div>
+      {:else}
+        <div class="text-muted" style="font-size:0.875rem">Click a participant row below to select as merge target.</div>
+        <div class="actions" style="margin-top:0.5rem">
+          <button class="btn btn-ghost" onclick={cancelMerge}>Cancel</button>
+        </div>
+      {/if}
+    </div>
+  {/if}
+
+  {#if error}
+    <div class="alert alert-error">{error}</div>
+  {/if}
+  {#if success}
+    <div class="alert alert-success">{success}</div>
+  {/if}
+
+  <div class="search-bar">
+    <input placeholder="Search name or email…" bind:value={search} />
+    <span class="text-muted" style="font-size:0.85rem;white-space:nowrap">
+      {filtered.length} shown
+    </span>
+  </div>
+
+  {#if ($allParticipants ?? []).length === 0}
+    <div class="empty">
+      <strong>No participants yet</strong>
+      <p>Import a CSV or wait for volunteer signups.</p>
+    </div>
+  {:else}
+    <div class="table-wrap">
+      <table>
+        <thead>
+          <tr>
+            <th>Preferred Name</th>
+            <th>Email</th>
+            <th>Tickets</th>
+            <th>Status</th>
+            {#if canManage}<th></th>{/if}
+          </tr>
+        </thead>
+        <tbody>
+          {#each filtered as p (p.id)}
+            {@const pts = ticketsFor(p.id)}
+            {@const ci = checkedInCount(p.id)}
+            {@const isExpanded = expandedId === p.id}
+            {@const isMergeTarget = mergeMode && mergeSource?.id !== p.id}
+            {@const isEditing = editId === p.id}
+            {#if isEditing}
+              <tr class="edit-row">
+                <td colspan={canManage ? 5 : 4}>
+                  <form class="participant-edit-form" onsubmit={saveEdit}>
+                    <div class="edit-fields">
+                      <input bind:value={editName} placeholder="Preferred name" />
+                      <input bind:value={editTicketedName} placeholder="Ticketed name" />
+                      <input type="email" bind:value={editEmail} placeholder="Email" />
+                      <input bind:value={editPhone} placeholder="Phone" />
+                      <input bind:value={editPronouns} placeholder="Pronouns" />
+                      <input bind:value={editNote} placeholder="Note" style="flex:2" />
+                    </div>
+                    <div class="actions" style="margin-top:0.5rem">
+                      <button type="submit" class="btn btn-primary btn-sm" disabled={saving}>{saving ? 'Saving…' : 'Save'}</button>
+                      <button type="button" class="btn btn-ghost btn-sm" onclick={() => editId = null}>Cancel</button>
+                      <span class="spacer"></span>
+                      <button type="button" class="btn btn-danger btn-sm" onclick={() => deleteParticipant(editId)}>Delete</button>
+                    </div>
+                  </form>
+                </td>
+              </tr>
+            {:else}
+            <tr
+              class:merge-target={isMergeTarget}
+              onclick={mergeMode && mergeSource?.id !== p.id ? () => { mergeTarget = p } : null}
+              style={mergeMode && mergeSource?.id !== p.id ? 'cursor:pointer' : ''}
+            >
+              <td class="td-name">
+                <strong>{p.preferred_name || '—'}</strong>
+                {#if p.pronouns}
+                  <span class="text-muted" style="font-size:0.78rem"> · {p.pronouns}</span>
+                {/if}
+                {#if p.ticket_name && p.ticket_name !== p.preferred_name}
+                  <div class="text-muted" style="font-size:0.78rem">Ticket: {p.ticket_name}</div>
+                {/if}
+                {#if p.note}
+                  <div class="text-muted" style="font-size:0.78rem">{p.note}</div>
+                {/if}
+              </td>
+              <td class="text-muted">
+                {p.email || '—'}
+                {#if p.phone}
+                  <div style="font-size:0.78rem">{p.phone}</div>
+                {/if}
+              </td>
+              <td>
+                {#if pts.length > 0}
+                  <button class="btn btn-ghost btn-sm" onclick={(e) => { e.stopPropagation(); toggleExpand(p.id) }}>
+                    {pts.length} ticket{pts.length !== 1 ? 's' : ''}
+                    {isExpanded ? '▲' : '▼'}
+                  </button>
+                {:else}
+                  <span class="text-muted">—</span>
+                {/if}
+              </td>
+              <td>
+                {#if pts.length > 0}
+                  <span class="badge {ci === pts.length ? 'badge-checked' : ci > 0 ? 'badge-partial' : 'badge-unchecked'}">
+                    {ci}/{pts.length} in
+                  </span>
+                {:else}
+                  <span class="badge badge-unchecked">No ticket</span>
+                {/if}
+              </td>
+              {#if canManage}
+                <td class="td-actions">
+                  {#if !mergeMode}
+                    <button class="btn btn-ghost btn-sm" onclick={(e) => { e.stopPropagation(); startEdit(p) }}
+                      title="Edit participant">✎</button>
+                    <button class="btn btn-ghost btn-sm" onclick={(e) => { e.stopPropagation(); startMerge(p) }}
+                      title="Merge this participant into another">⇄</button>
+                  {/if}
+                </td>
+              {/if}
+            </tr>
+            {/if}
+            {#if isExpanded && !isEditing}
+              <tr class="ticket-rows">
+                <td colspan="5">
+                  <div class="ticket-list">
+                    {#each pts as tk (tk.id)}
+                      <div class="ticket-row">
+                        <div>
+                          <strong>{tk.name || '(unnamed)'}</strong>
+                          {#if tk.ticket_type}
+                            <span class="text-muted"> · {tk.ticket_type}</span>
+                          {/if}
+                          {#if tk.external_id}
+                            <span class="text-muted" style="font-size:0.78rem"> · #{tk.external_id}</span>
+                          {/if}
+                          {#if tk.code}
+                            <div style="font-size:0.75rem;margin-top:0.15rem">
+                              <code style="color:var(--c-accent-h)">{tk.code}</code>
+                              {#if p.email && canManage}
+                                <button class="btn btn-ghost btn-sm" style="padding:0.1rem 0.4rem;margin-left:0.25rem"
+                                  onclick={() => api.tickets.emailCode(tk.id).then(() => success = 'Email sent.').catch(e => error = e.message)}>✉</button>
+                              {/if}
+                            </div>
+                          {/if}
+                        </div>
+                        <div style="text-align:right">
+                          {#if tk.checked_in_at}
+                            <span class="badge badge-checked">Checked in {fmtTime(tk.checked_in_at)}</span>
+                          {:else}
+                            <button class="btn btn-success btn-sm" onclick={() => checkInTicket(tk)}>✓ Check in</button>
+                          {/if}
+                          <div class="text-muted" style="font-size:0.75rem">{tk.source}</div>
+                        </div>
+                      </div>
+                    {/each}
+                    {#if canManage}
+                      {#if addTicketFor === p.id}
+                        <form class="ticket-add-form" onsubmit={(e) => addTicket(e, p.id)}>
+                          <input bind:value={newTicketName} placeholder="Name on ticket (optional)" style="flex:2" />
+                          <input bind:value={newTicketType} placeholder="Type (optional)" style="flex:1" />
+                          <input bind:value={newTicketExtId} placeholder="External ID (optional)" style="flex:1" />
+                          <button type="submit" class="btn btn-primary btn-sm" disabled={addingTicket}>
+                            {addingTicket ? '…' : 'Add'}
+                          </button>
+                          <button type="button" class="btn btn-ghost btn-sm" onclick={() => addTicketFor = null}>Cancel</button>
+                        </form>
+                      {:else}
+                        <button class="btn btn-ghost btn-sm" style="align-self:flex-start;margin-top:0.25rem"
+                          onclick={() => { addTicketFor = p.id; newTicketName = newTicketType = newTicketExtId = '' }}>
+                          + Add ticket
+                        </button>
+                      {/if}
+                    {/if}
+                  </div>
+                </td>
+              </tr>
+            {/if}
+          {/each}
+        </tbody>
+      </table>
+    </div>
+  {/if}
+</div>
+
+<style>
+  .merge-target:hover { background: rgba(var(--c-accent-rgb, 99,102,241), 0.08); }
+  .ticket-rows td { padding: 0; background: var(--c-bg); }
+  .ticket-list { padding: 0.5rem 1rem 0.75rem; display: flex; flex-direction: column; gap: 0.4rem; }
+  .ticket-row {
+    display: flex;
+    justify-content: space-between;
+    align-items: flex-start;
+    padding: 0.4rem 0.6rem;
+    border-radius: 6px;
+    background: var(--c-surface);
+    font-size: 0.875rem;
+  }
+  .ticket-add-form {
+    display: flex;
+    gap: 0.4rem;
+    align-items: center;
+    flex-wrap: wrap;
+    padding: 0.4rem 0.6rem;
+    background: var(--c-bg);
+    border-radius: 6px;
+    border: 1px dashed var(--c-border);
+  }
+  .ticket-add-form input {
+    min-width: 0;
+    font-size: 0.825rem;
+    padding: 0.3rem 0.5rem;
+  }
+  .edit-row td { padding: 0.5rem 1rem; background: var(--c-bg); }
+  .participant-edit-form { display: flex; flex-direction: column; gap: 0.25rem; }
+  .edit-fields { display: flex; gap: 0.4rem; flex-wrap: wrap; }
+  .edit-fields input { flex: 1; min-width: 120px; font-size: 0.825rem; padding: 0.3rem 0.5rem; width: auto; }
+
+  @media (max-width: 640px) {
+    .td-name { width: 100%; }
+    .td-actions { width: 100%; display: flex; justify-content: flex-end; }
+    .ticket-rows { padding: 0; border: none; border-radius: 0; margin-top: -0.5rem; }
+    .ticket-rows td { width: 100%; }
+    .edit-row { padding: 0.75rem; }
+    .edit-row td { width: 100%; }
+  }
+</style>
diff --git a/frontend/src/pages/ScheduleBoard.svelte b/frontend/src/pages/ScheduleBoard.svelte
index 679469e..529264f 100644
--- a/frontend/src/pages/ScheduleBoard.svelte
+++ b/frontend/src/pages/ScheduleBoard.svelte
@@ -10,12 +10,24 @@
   let editShift = $state({})
   let saving = $state(false)
 
+  // Add shift form
+  let showAdd = $state(false)
+  let adding = $state(false)
+  let newDeptID = $state('')
+  let newName = $state('')
+  let newDay = $state('')
+  let newStart = $state('')
+  let newEnd = $state('')
+  let newCapacity = $state(0)
+
   // For volunteer assignment dropdown
   let assigningShiftID = $state(null)
   let assignVolID = $state(0)
   let assigning = $state(false)
 
-  const role = $derived(session?.user?.role ?? '')
+  const roles = $derived(session?.user?.roles ?? [])
+  function hasRole(...allowed) { return roles.some(r => allowed.includes(r)) }
+  const canManage = $derived(hasRole('admin', 'staffing', 'colead'))
   const myDeptIDs = $derived(session?.user?.department_ids ?? [])
 
   const allDepts = liveQuery(() =>
@@ -43,7 +55,7 @@
   // Departments visible to this user
   const visibleDepts = $derived.by(() => {
     const depts = $allDepts ?? []
-    if (role === 'volunteer_lead') return depts.filter(d => myDeptIDs.includes(d.id))
+    if (hasRole('colead') && !hasRole('admin', 'staffing')) return depts.filter(d => myDeptIDs.includes(d.id))
     return depts
   })
 
@@ -123,11 +135,13 @@
 
     try {
       const res = await api.shifts.reorder(positions)
-      if (res && !res.ok) throw new Error()
-      for (const p of positions) {
-        const s = await db.shifts.get(p.id)
-        if (s) await db.shifts.put({ ...s, position: p.position })
-      }
+      if (res && !res.ok) throw new Error('Reorder failed')
+      await db.transaction('rw', db.shifts, async () => {
+        for (const p of positions) {
+          const s = await db.shifts.get(p.id)
+          if (s) await db.shifts.put({ ...s, position: p.position })
+        }
+      })
     } catch (err) {
       error = err.message
     }
@@ -194,6 +208,48 @@
     }
   }
 
+  async function addShift(e) {
+    e.preventDefault()
+    if (!newDeptID) return
+    adding = true
+    error = ''
+    try {
+      const s = await api.shifts.create({
+        department_id: parseInt(newDeptID),
+        name: newName,
+        day: newDay,
+        start_time: newStart,
+        end_time: newEnd,
+        capacity: parseInt(newCapacity) || 0,
+      })
+      await db.shifts.put(s)
+      showAdd = false
+      newName = newDay = newStart = newEnd = ''
+      newDeptID = ''
+      newCapacity = 0
+    } catch (err) {
+      error = err.message
+    } finally {
+      adding = false
+    }
+  }
+
+  async function deleteShift(s) {
+    if (!confirm(`Delete shift "${s.name}"?`)) return
+    try {
+      await api.shifts.delete(s.id)
+      await db.shifts.delete(s.id)
+    } catch (err) {
+      error = err.message
+    }
+  }
+
+  function formatDay(d) {
+    if (!d) return ''
+    const dt = new Date(d + 'T00:00:00')
+    return dt.toLocaleDateString(undefined, { weekday: 'short', month: 'short', day: 'numeric' })
+  }
+
   function fmt(t) {
     if (!t) return ''
     const [h, m] = t.split(':').map(Number)
@@ -204,17 +260,66 @@
 
 <div class="page">
   <div class="page-header">
-    <h1 class="page-title">Schedule Board</h1>
+    <h1 class="page-title">Schedule</h1>
+    {#if canManage}
+      <div class="actions">
+        <button class="btn btn-primary btn-sm" onclick={() => showAdd = !showAdd}>+ Add shift</button>
+      </div>
+    {/if}
   </div>
 
   {#if error}
     <div class="alert alert-error">{error}</div>
   {/if}
 
-  {#if ($allShifts ?? []).length === 0}
+  {#if showAdd && canManage}
+    <div class="card" style="margin-bottom:1.5rem">
+      <form onsubmit={addShift}>
+        <div class="form-grid">
+          <div class="form-group">
+            <label for="s-dept">Department *</label>
+            <select id="s-dept" bind:value={newDeptID} required>
+              <option value="">Select department…</option>
+              {#each visibleDepts as d}
+                <option value={String(d.id)}>{d.name}</option>
+              {/each}
+            </select>
+          </div>
+          <div class="form-group">
+            <label for="s-name">Shift name *</label>
+            <input id="s-name" bind:value={newName} required placeholder="e.g. Gate Morning" />
+          </div>
+          <div class="form-group">
+            <label for="s-day">Day *</label>
+            <input id="s-day" type="date" bind:value={newDay} required />
+          </div>
+          <div class="form-group">
+            <label for="s-cap">Capacity <span class="text-muted">(0 = unlimited)</span></label>
+            <input id="s-cap" type="number" min="0" bind:value={newCapacity} />
+          </div>
+          <div class="form-group">
+            <label for="s-start">Start time *</label>
+            <input id="s-start" type="time" bind:value={newStart} required />
+          </div>
+          <div class="form-group">
+            <label for="s-end">End time *</label>
+            <input id="s-end" type="time" bind:value={newEnd} required />
+          </div>
+        </div>
+        <div class="actions">
+          <button type="submit" class="btn btn-primary" disabled={adding}>
+            {adding ? 'Adding…' : 'Add shift'}
+          </button>
+          <button type="button" class="btn btn-ghost" onclick={() => showAdd = false}>Cancel</button>
+        </div>
+      </form>
+    </div>
+  {/if}
+
+  {#if ($allShifts ?? []).length === 0 && !showAdd}
     <div class="empty">
-      <strong>No shifts yet</strong>
-      <p>Create shifts in the Shifts page first.</p>
+      <strong>No shifts scheduled yet</strong>
+      <p>Create departments first, then add shifts here. Volunteers can self-select shifts via the kiosk.</p>
     </div>
   {:else}
     {#each board as { dept, days }}
@@ -226,7 +331,7 @@
           </div>
 
           {#each days as [day, rows]}
-            <div class="board-day-label">{day}</div>
+            <div class="board-day-label">{formatDay(day)}</div>
 
             {#each rows as { shift, assigned, hasConflict }, i}
               <div class="board-shift {hasConflict ? 'board-shift-conflict' : ''}">
@@ -275,17 +380,20 @@
                         <span class="board-cap">{assigned.length}</span>
                       {/if}
                       {#if hasConflict}
-                        <span class="badge badge-lead" style="margin-left:0.3rem">⚠ conflict</span>
+                        <span class="badge badge-lead">⚠ conflict</span>
                       {/if}
                     </div>
 
-                    <div class="board-shift-actions">
-                      <button class="btn btn-ghost btn-sm" onclick={() => startEdit(shift)}>Edit</button>
-                      <button class="btn btn-ghost btn-sm" title="Move up"
-                        onclick={() => reorder(shift.id, -1, rows)}>↑</button>
-                      <button class="btn btn-ghost btn-sm" title="Move down"
-                        onclick={() => reorder(shift.id, 1, rows)}>↓</button>
-                    </div>
+                    {#if canManage}
+                      <div class="board-shift-actions">
+                        <button class="btn btn-ghost btn-sm" onclick={() => startEdit(shift)}>Edit</button>
+                        <button class="btn btn-ghost btn-sm" title="Move up"
+                          onclick={() => reorder(shift.id, -1, rows)}>↑</button>
+                        <button class="btn btn-ghost btn-sm" title="Move down"
+                          onclick={() => reorder(shift.id, 1, rows)}>↓</button>
+                        <button class="btn btn-danger btn-sm" onclick={() => deleteShift(shift)}>Delete</button>
+                      </div>
+                    {/if}
                   </div>
 
                   <!-- Assigned volunteers -->
@@ -294,34 +402,42 @@
                       {#each assigned as { vs, volunteer }}
                         <div class="board-vol-chip">
                           {volunteer.name}
+                          {#if volunteer.is_lead}
+                            <span class="chip-lead">Co-Lead</span>
+                          {/if}
                           {#if checkConflict(volunteer.id, shift.id, $allVolunteerShifts ?? [], $allShifts ?? [])}
                             <span title="Scheduling conflict" style="color:var(--c-warn)">⚠</span>
                           {/if}
-                          <button class="board-vol-remove" onclick={() => unassign(shift.id, volunteer.id)} title="Remove">×</button>
+                          {#if canManage}<button class="board-vol-remove" onclick={() => unassign(shift.id, volunteer.id)} title="Remove">×</button>{/if}
                         </div>
                       {/each}
                     </div>
                   {/if}
 
                   <!-- Assign volunteer -->
-                  {#if assigningShiftID === shift.id}
-                    <div class="board-assign-row">
-                      <select bind:value={assignVolID} style="width:auto">
-                        <option value={0}>— Select volunteer —</option>
-                        {#each $allVolunteers ?? [] as v}
-                          <option value={v.id}>{v.name}</option>
-                        {/each}
-                      </select>
-                      <button class="btn btn-primary btn-sm" onclick={() => doAssign(shift.id)} disabled={!assignVolID || assigning}>
-                        {assigning ? '…' : 'Assign'}
-                      </button>
-                      <button class="btn btn-ghost btn-sm" onclick={() => doAssignForce(shift.id)} disabled={!assignVolID || assigning} title="Assign ignoring conflicts">
-                        Force
-                      </button>
-                      <button class="btn btn-ghost btn-sm" onclick={() => { assigningShiftID = null; assignVolID = 0 }}>Cancel</button>
-                    </div>
-                  {:else}
-                    <button class="board-add-vol" onclick={() => startAssign(shift.id)}>+ Assign volunteer</button>
+                  {#if canManage}
+                    {#if assigningShiftID === shift.id}
+                      <div class="board-assign-row">
+                        <select bind:value={assignVolID} style="width:auto">
+                          <option value={0}>— Select volunteer —</option>
+                          {#each ($allVolunteers ?? [])
+                            .filter(v => v.department_id === shift.department_id)
+                            .filter(v => !assigned.some(a => a.volunteer.id === v.id))
+                            as v}
+                            <option value={v.id}>{v.name}</option>
+                          {/each}
+                        </select>
+                        <button class="btn btn-primary btn-sm" onclick={() => doAssign(shift.id)} disabled={!assignVolID || assigning}>
+                          {assigning ? '…' : 'Assign'}
+                        </button>
+                        <button class="btn btn-ghost btn-sm" onclick={() => doAssignForce(shift.id)} disabled={!assignVolID || assigning} title="Assign ignoring conflicts">
+                          Force
+                        </button>
+                        <button class="btn btn-ghost btn-sm" onclick={() => { assigningShiftID = null; assignVolID = 0 }}>Cancel</button>
+                      </div>
+                    {:else}
+                      <button class="board-add-vol" onclick={() => startAssign(shift.id)}>+ Assign volunteer</button>
+                    {/if}
                   {/if}
                 {/if}
               </div>
@@ -411,6 +527,14 @@
     font-size: 0.78rem;
     font-weight: 500;
   }
+  .chip-lead {
+    font-size: 0.68rem;
+    font-weight: 600;
+    background: rgba(245,158,11,0.2);
+    color: var(--c-warn);
+    padding: 0.05rem 0.3rem;
+    border-radius: 99px;
+  }
   .board-vol-remove {
     background: none;
     border: none;
diff --git a/frontend/src/pages/Settings.svelte b/frontend/src/pages/Settings.svelte
index 060aefd..9df6b81 100644
--- a/frontend/src/pages/Settings.svelte
+++ b/frontend/src/pages/Settings.svelte
@@ -1,10 +1,13 @@
 <script>
   import { onMount } from 'svelte'
   import { api } from '../api.js'
+  import { db } from '../db.js'
 
   let loading = $state(true)
   let saving = $state(false)
+  let savingEvent = $state(false)
   let testing = $state(false)
+  let resetting = $state(false)
   let error = $state('')
   let success = $state('')
 
@@ -16,8 +19,28 @@
   let smtpFromName = $state('')
   let baseURL = $state('')
   let testEmail = $state('')
+  let noteLabel = $state('Additional note')
+  let noteRequired = $state(false)
+  let eventName = $state('')
+  let eventVenue = $state('')
+  let eventStartDate = $state('')
+  let eventEndDate = $state('')
+  let eventTimezone = $state('')
+  const timezones = Intl.supportedValuesOf('timeZone')
+  let discourseSSOUrl = $state('')
+  let discourseSSOSecret = $state('')
+  let shiftSignupsOpen = $state(false)
+  let togglingSignups = $state(false)
 
   onMount(async () => {
+    try {
+      const ev = await api.event.get()
+      eventName = ev.name ?? ''
+      eventVenue = ev.venue ?? ''
+      eventStartDate = ev.start_date ?? ''
+      eventEndDate = ev.end_date ?? ''
+      eventTimezone = ev.timezone ?? ''
+    } catch {}
     try {
       const s = await api.settings.get()
       smtpHost = s.smtp_host ?? ''
@@ -27,6 +50,11 @@
       smtpFrom = s.smtp_from ?? ''
       smtpFromName = s.smtp_from_name ?? ''
       baseURL = s.base_url ?? ''
+      noteLabel = s.volunteer_note_label ?? 'Additional note'
+      noteRequired = s.volunteer_note_required ?? false
+      discourseSSOUrl = s.discourse_sso_url ?? ''
+      discourseSSOSecret = ''
+      shiftSignupsOpen = s.shift_signups_open ?? false
     } catch (err) {
       error = err.message
     } finally {
@@ -34,6 +62,28 @@
     }
   })
 
+  async function saveEvent(e) {
+    e.preventDefault()
+    savingEvent = true
+    error = ''
+    success = ''
+    try {
+      const updated = await api.event.update({
+        name: eventName,
+        venue: eventVenue,
+        start_date: eventStartDate,
+        end_date: eventEndDate,
+        timezone: eventTimezone,
+      })
+      await db.event.put({ ...updated, id: 1 })
+      success = 'Event saved.'
+    } catch (err) {
+      error = err.message
+    } finally {
+      savingEvent = false
+    }
+  }
+
   async function save(e) {
     e.preventDefault()
     saving = true
@@ -44,12 +94,17 @@
         smtp_host: smtpHost,
         smtp_port: smtpPort,
         smtp_user: smtpUser,
-        smtp_password: smtpPassword, // empty = keep existing
+        smtp_password: smtpPassword,
         smtp_from: smtpFrom,
         smtp_from_name: smtpFromName,
         base_url: baseURL,
+        volunteer_note_label: noteLabel,
+        volunteer_note_required: noteRequired,
+        discourse_sso_url: discourseSSOUrl,
+        discourse_sso_secret: discourseSSOSecret,
       })
       smtpPassword = ''
+      discourseSSOSecret = ''
       success = 'Settings saved.'
     } catch (err) {
       error = err.message
@@ -58,6 +113,39 @@
     }
   }
 
+  async function toggleSignups() {
+    const opening = !shiftSignupsOpen
+    if (opening && !confirm('This will email all confirmed volunteers their shift signup links. Continue?')) return
+    togglingSignups = true
+    error = ''
+    success = ''
+    try {
+      const result = await api.settings.toggleShiftSignups(opening)
+      shiftSignupsOpen = result.shift_signups_open
+      success = opening ? 'Shift signups opened. Emails are being sent.' : 'Shift signups closed.'
+    } catch (err) {
+      error = err.message
+    } finally {
+      togglingSignups = false
+    }
+  }
+
+  async function resetModel(label, fn) {
+    if (resetting) return
+    if (!confirm(`PERMANENTLY DELETE all ${label}? This cannot be undone.`)) return
+    resetting = true
+    error = ''
+    success = ''
+    try {
+      const result = await fn()
+      success = `Deleted ${result.deleted} ${label}.`
+    } catch (err) {
+      error = err.message
+    } finally {
+      resetting = false
+    }
+  }
+
   async function sendTest() {
     if (!testEmail) return
     testing = true
@@ -89,12 +177,50 @@
   {#if loading}
     <div class="text-muted">Loading…</div>
   {:else}
-    <form onsubmit={save}>
-      <div class="card" style="margin-bottom:1.5rem">
-        <h2 style="font-size:0.95rem;font-weight:700;margin-bottom:1rem">SMTP Email</h2>
+    <form onsubmit={saveEvent}>
+      <div class="card">
+        <h2 class="card-title">Event</h2>
+        <div class="form-grid">
+          <div class="form-group full">
+            <label for="e-name">Event Name *</label>
+            <input id="e-name" bind:value={eventName} required placeholder="My Event 2026" />
+          </div>
+          <div class="form-group full">
+            <label for="e-venue">Venue</label>
+            <input id="e-venue" bind:value={eventVenue} placeholder="Location name" />
+          </div>
+          <div class="form-group">
+            <label for="e-start">Start Date *</label>
+            <input id="e-start" type="date" bind:value={eventStartDate} required />
+          </div>
+          <div class="form-group">
+            <label for="e-end">End Date *</label>
+            <input id="e-end" type="date" bind:value={eventEndDate} required />
+          </div>
+          <div class="form-group full">
+            <label for="e-tz">Timezone</label>
+            <input id="e-tz" bind:value={eventTimezone} placeholder="America/Chicago" list="tz-list" />
+            <datalist id="tz-list">
+              {#each timezones as tz}
+                <option value={tz} />
+              {/each}
+            </datalist>
+          </div>
+        </div>
+        <div class="actions">
+          <button type="submit" class="btn btn-primary" disabled={savingEvent}>
+            {savingEvent ? 'Saving…' : 'Save Event'}
+          </button>
+        </div>
+      </div>
+    </form>
 
-        <div style="display:grid;grid-template-columns:1fr 1fr;gap:1rem">
-          <div class="form-group" style="grid-column:1">
+    <form onsubmit={save}>
+      <div class="card">
+        <h2 class="card-title">SMTP Email</h2>
+
+        <div class="form-grid">
+          <div class="form-group">
             <label for="s-host">SMTP Host</label>
             <input id="s-host" bind:value={smtpHost} placeholder="smtp.fastmail.com" />
           </div>
@@ -122,10 +248,27 @@
         </div>
 
         <div class="form-group">
-          <label for="s-url">Base URL <span class="text-muted" style="font-weight:400">(for volunteer token links)</span></label>
+          <label for="s-url">Base URL <span class="card-hint" style="font-weight:400">(for kiosk links in emails)</span></label>
           <input id="s-url" bind:value={baseURL} placeholder="https://events.example.com" />
         </div>
 
+        <h2 class="card-title" style="margin-top:1.5rem">Discourse SSO</h2>
+        <p class="card-hint" style="margin-bottom:1rem">
+          Enable DiscourseConnect SSO so users can log in with their Discourse account.
+          Set the same secret in your Discourse admin under Connect &gt; discourse connect secret.
+        </p>
+        <div class="form-grid">
+          <div class="form-group full">
+            <label for="sso-url">Discourse URL</label>
+            <input id="sso-url" bind:value={discourseSSOUrl} placeholder="https://forum.example.com" />
+          </div>
+          <div class="form-group full">
+            <label for="sso-secret">SSO Secret</label>
+            <input id="sso-secret" type="password" bind:value={discourseSSOSecret}
+              placeholder="Leave blank to keep existing" autocomplete="new-password" />
+          </div>
+        </div>
+
         <div class="actions">
           <button type="submit" class="btn btn-primary" disabled={saving}>
             {saving ? 'Saving…' : 'Save Settings'}
@@ -136,7 +279,7 @@
 
     <!-- Test email -->
     <div class="card">
-      <h2 style="font-size:0.95rem;font-weight:700;margin-bottom:1rem">Test Email</h2>
+      <h2 class="card-title">Test Email</h2>
       <div style="display:flex;gap:0.5rem;align-items:flex-end">
         <div class="form-group" style="flex:1;margin-bottom:0">
           <label for="s-test">Send to</label>
@@ -147,5 +290,69 @@
         </button>
       </div>
     </div>
+
+    <!-- Volunteer Signup -->
+    <div class="card">
+      <h2 class="card-title">Volunteer Signup</h2>
+      <div class="form-group">
+        <label for="s-note-label">Note Field Label</label>
+        <input id="s-note-label" bind:value={noteLabel} placeholder="Additional note" />
+      </div>
+      <label class="checkbox-label">
+        <input type="checkbox" bind:checked={noteRequired} />
+        Note field is required
+      </label>
+      <p class="card-hint" style="margin-top:0.75rem">
+        Signup form: <a href="/volunteer-signup" target="_blank" style="color:var(--c-accent)">/volunteer-signup</a>
+      </p>
+    </div>
+
+    <!-- Shift Signups -->
+    <div class="card">
+      <h2 class="card-title">Shift Signups</h2>
+      <div style="display:flex;align-items:center;gap:1rem">
+        <span style="font-size:0.875rem">
+          Status: <strong>{shiftSignupsOpen ? 'Open' : 'Closed'}</strong>
+        </span>
+        <button class="btn {shiftSignupsOpen ? 'btn-ghost' : 'btn-primary'}"
+          onclick={toggleSignups} disabled={togglingSignups}>
+          {#if togglingSignups}
+            Working…
+          {:else}
+            {shiftSignupsOpen ? 'Close Signups' : 'Open Signups'}
+          {/if}
+        </button>
+      </div>
+      {#if !shiftSignupsOpen}
+        <p class="card-hint" style="margin-top:0.75rem">
+          Opening signups will email all confirmed volunteers their shift signup links.
+        </p>
+      {/if}
+    </div>
+
+    <!-- Data Management -->
+    <div class="card">
+      <h2 class="card-title" style="margin-bottom:0.5rem">Data Management</h2>
+      <p class="card-hint" style="margin-bottom:1rem">
+        Permanently delete all records of a given type. This cannot be undone.
+      </p>
+      <div style="display:flex;flex-wrap:wrap;gap:0.5rem">
+        <button class="btn btn-danger" disabled={resetting} onclick={() => resetModel('tickets', api.settings.resetTickets)}>
+          Delete All Tickets
+        </button>
+        <button class="btn btn-danger" disabled={resetting} onclick={() => resetModel('volunteers', api.settings.resetVolunteers)}>
+          Delete All Volunteers
+        </button>
+        <button class="btn btn-danger" disabled={resetting} onclick={() => resetModel('shifts', api.settings.resetShifts)}>
+          Delete All Shifts
+        </button>
+        <button class="btn btn-danger" disabled={resetting} onclick={() => resetModel('departments', api.settings.resetDepartments)}>
+          Delete All Departments
+        </button>
+        <button class="btn btn-danger" disabled={resetting} onclick={() => resetModel('volunteer shift assignments', api.settings.resetVolunteerShifts)}>
+          Delete All Shift Assignments
+        </button>
+      </div>
+    </div>
   {/if}
 </div>
diff --git a/frontend/src/pages/Shifts.svelte b/frontend/src/pages/Shifts.svelte
deleted file mode 100644
index e912491..0000000
--- a/frontend/src/pages/Shifts.svelte
+++ /dev/null
@@ -1,221 +0,0 @@
-<script>
-  import { liveQuery } from 'dexie'
-  import { db } from '../db.js'
-  import { api } from '../api.js'
-
-  let { session } = $props()
-
-  let error = $state('')
-  let showAdd = $state(false)
-  let adding = $state(false)
-  let newDeptID = $state('')
-  let newName = $state('')
-  let newDay = $state('')
-  let newStart = $state('')
-  let newEnd = $state('')
-  let newCapacity = $state(0)
-
-  const role = $derived(session?.user?.role ?? '')
-  const canManage = $derived(['admin', 'coordinator', 'volunteer_lead'].includes(role))
-
-  const allShifts = liveQuery(() =>
-    db.shifts.filter(s => !s.deleted_at).toArray()
-  )
-  const allDepts = liveQuery(() =>
-    db.departments.filter(d => !d.deleted_at).toArray()
-      .then(arr => arr.sort((a, b) => a.name.localeCompare(b.name)))
-  )
-
-  // Group shifts by department, then by day
-  const grouped = $derived.by(() => {
-    const shifts = $allShifts ?? []
-    const depts = $allDepts ?? []
-
-    const byDept = {}
-    for (const s of shifts) {
-      if (!byDept[s.department_id]) byDept[s.department_id] = {}
-      if (!byDept[s.department_id][s.day]) byDept[s.department_id][s.day] = []
-      byDept[s.department_id][s.day].push(s)
-    }
-
-    return depts
-      .filter(d => byDept[d.id])
-      .map(d => ({
-        dept: d,
-        days: Object.entries(byDept[d.id] || {})
-          .sort(([a], [b]) => a.localeCompare(b))
-          .map(([day, dayShifts]) => ({
-            day,
-            shifts: [...dayShifts].sort((a, b) => a.start_time.localeCompare(b.start_time)),
-          })),
-      }))
-  })
-
-  // Shifts not yet in any department group (e.g. orphaned)
-  const ungrouped = $derived.by(() => {
-    const shifts = $allShifts ?? []
-    const deptIDs = new Set(($allDepts ?? []).map(d => d.id))
-    return shifts.filter(s => !deptIDs.has(s.department_id))
-  })
-
-  async function addShift(e) {
-    e.preventDefault()
-    if (!newDeptID) return
-    adding = true
-    error = ''
-    try {
-      const s = await api.shifts.create({
-        department_id: parseInt(newDeptID),
-        name: newName,
-        day: newDay,
-        start_time: newStart,
-        end_time: newEnd,
-        capacity: parseInt(newCapacity) || 0,
-      })
-      await db.shifts.put(s)
-      showAdd = false
-      newName = newDay = newStart = newEnd = ''
-      newDeptID = ''
-      newCapacity = 0
-    } catch (err) {
-      error = err.message
-    } finally {
-      adding = false
-    }
-  }
-
-  async function deleteShift(s) {
-    if (!confirm(`Delete shift "${s.name}"?`)) return
-    try {
-      await api.shifts.delete(s.id)
-      await db.shifts.delete(s.id)
-    } catch (err) {
-      error = err.message
-    }
-  }
-
-  function formatTime(t) {
-    if (!t) return ''
-    // t is HH:MM, format nicely
-    const [h, m] = t.split(':').map(Number)
-    const ampm = h >= 12 ? 'pm' : 'am'
-    return `${h % 12 || 12}:${String(m).padStart(2, '0')}${ampm}`
-  }
-
-  function formatDay(d) {
-    if (!d) return ''
-    const dt = new Date(d + 'T00:00:00')
-    return dt.toLocaleDateString(undefined, { weekday: 'short', month: 'short', day: 'numeric' })
-  }
-</script>
-
-<div class="page">
-  <div class="page-header">
-    <h1 class="page-title">Shifts</h1>
-    {#if canManage}
-      <div class="actions">
-        <button class="btn btn-primary btn-sm" onclick={() => showAdd = !showAdd}>+ Add shift</button>
-      </div>
-    {/if}
-  </div>
-
-  {#if error}
-    <div class="alert alert-error">{error}</div>
-  {/if}
-
-  {#if showAdd && canManage}
-    <div class="card" style="margin-bottom:1.5rem">
-      <form onsubmit={addShift}>
-        <div style="display:grid;grid-template-columns:1fr 1fr;gap:1rem">
-          <div class="form-group">
-            <label for="s-dept">Department *</label>
-            <select id="s-dept" bind:value={newDeptID} required>
-              <option value="">Select department…</option>
-              {#each $allDepts ?? [] as d}
-                <option value={String(d.id)}>{d.name}</option>
-              {/each}
-            </select>
-          </div>
-          <div class="form-group">
-            <label for="s-name">Shift name *</label>
-            <input id="s-name" bind:value={newName} required placeholder="e.g. Gate Morning" />
-          </div>
-          <div class="form-group">
-            <label for="s-day">Day *</label>
-            <input id="s-day" type="date" bind:value={newDay} required />
-          </div>
-          <div class="form-group">
-            <label for="s-cap">Capacity <span class="text-muted">(0 = unlimited)</span></label>
-            <input id="s-cap" type="number" min="0" bind:value={newCapacity} />
-          </div>
-          <div class="form-group">
-            <label for="s-start">Start time *</label>
-            <input id="s-start" type="time" bind:value={newStart} required />
-          </div>
-          <div class="form-group">
-            <label for="s-end">End time *</label>
-            <input id="s-end" type="time" bind:value={newEnd} required />
-          </div>
-        </div>
-        <div class="actions">
-          <button type="submit" class="btn btn-primary" disabled={adding}>
-            {adding ? 'Adding…' : 'Add shift'}
-          </button>
-          <button type="button" class="btn btn-ghost" onclick={() => showAdd = false}>Cancel</button>
-        </div>
-      </form>
-    </div>
-  {/if}
-
-  {#if ($allShifts ?? []).length === 0}
-    <div class="empty">
-      <strong>No shifts yet</strong>
-      <p>Add shifts to schedule your volunteers.</p>
-    </div>
-  {:else}
-    {#each grouped as { dept, days }}
-      <div style="margin-bottom:2rem">
-        <div style="display:flex;align-items:center;gap:0.5rem;margin-bottom:0.75rem">
-          <span class="dept-dot" style="background:{dept.color}"></span>
-          <strong style="font-size:1rem">{dept.name}</strong>
-        </div>
-        {#each days as { day, shifts }}
-          <div style="margin-bottom:1rem">
-            <div class="text-muted" style="font-size:0.78rem;text-transform:uppercase;letter-spacing:0.06em;margin-bottom:0.4rem;padding-left:1rem">
-              {formatDay(day)}
-            </div>
-            <div class="table-wrap">
-              <table>
-                <tbody>
-                  {#each shifts as s (s.id)}
-                    <tr>
-                      <td><strong>{s.name}</strong></td>
-                      <td class="text-muted">{formatTime(s.start_time)} – {formatTime(s.end_time)}</td>
-                      <td class="text-muted">
-                        {#if s.capacity}
-                          Capacity: {s.capacity}
-                        {:else}
-                          Unlimited
-                        {/if}
-                      </td>
-                      {#if canManage}
-                        <td style="text-align:right">
-                          <button class="btn btn-danger btn-sm" onclick={() => deleteShift(s)}>Delete</button>
-                        </td>
-                      {/if}
-                    </tr>
-                  {/each}
-                </tbody>
-              </table>
-            </div>
-          </div>
-        {/each}
-      </div>
-    {/each}
-    {#if ungrouped.length > 0}
-      <div class="text-muted" style="font-size:0.85rem">
-        {ungrouped.length} shift(s) with unknown departments
-      </div>
-    {/if}
-  {/if}
-</div>
diff --git a/frontend/src/pages/Users.svelte b/frontend/src/pages/Users.svelte
index f141db1..f49c8c6 100644
--- a/frontend/src/pages/Users.svelte
+++ b/frontend/src/pages/Users.svelte
@@ -12,13 +12,14 @@
 
   let showAdd = $state(false)
   let adding = $state(false)
-  let newUsername = $state('')
+  let newEmail = $state('')
+  let newName = $state('')
   let newPassword = $state('')
-  let newRole = $state('gate')
+  let newRoles = $state([])
   let newDeptIDs = $state([])
 
   let editID = $state(null)
-  let editRole = $state('')
+  let editRoles = $state([])
   let editDeptIDs = $state([])
   let editPassword = $state('')
   let saving = $state(false)
@@ -28,7 +29,7 @@
       .then(arr => arr.sort((a, b) => a.name.localeCompare(b.name)))
   )
 
-  const roles = ['admin', 'coordinator', 'ticketing', 'gate', 'volunteer_lead']
+  const availableRoles = ['admin', 'staffing', 'colead', 'gatekeeper']
 
   const me = $derived(session?.user?.id)
 
@@ -51,15 +52,16 @@
     error = ''
     try {
       const u = await api.users.create({
-        username: newUsername,
+        email: newEmail,
+        preferred_name: newName,
         password: newPassword,
-        role: newRole,
+        roles: newRoles,
         department_ids: newDeptIDs,
       })
       users = [...users, u]
       showAdd = false
-      newUsername = newPassword = ''
-      newRole = 'gate'
+      newEmail = newName = newPassword = ''
+      newRoles = []
       newDeptIDs = []
     } catch (err) {
       error = err.message
@@ -70,7 +72,7 @@
 
   function startEdit(u) {
     editID = u.id
-    editRole = u.role
+    editRoles = [...(u.roles || [])]
     editDeptIDs = [...(u.department_ids || [])]
     editPassword = ''
   }
@@ -83,7 +85,7 @@
     saving = true
     error = ''
     try {
-      const payload = { role: editRole, department_ids: editDeptIDs }
+      const payload = { roles: editRoles, department_ids: editDeptIDs }
       if (editPassword) payload.password = editPassword
       const updated = await api.users.update(u.id, payload)
       users = users.map(x => x.id === u.id ? updated : x)
@@ -96,7 +98,7 @@
   }
 
   async function deleteUser(u) {
-    if (!confirm(`Delete user "${u.username}"? This cannot be undone.`)) return
+    if (!confirm(`Remove login access for "${u.preferred_name || u.email}"? Their participant record will be kept.`)) return
     try {
       await api.users.delete(u.id)
       users = users.filter(x => x.id !== u.id)
@@ -105,7 +107,7 @@
     }
   }
 
-  function toggleDept(id, list) {
+  function toggleItem(id, list) {
     const idx = list.indexOf(id)
     if (idx === -1) return [...list, id]
     return list.filter(x => x !== id)
@@ -117,7 +119,7 @@
   }
 
   function roleLabel(r) {
-    return { admin: 'Admin', coordinator: 'Coordinator', ticketing: 'Ticketing', gate: 'Gate', volunteer_lead: 'Vol. Lead' }[r] || r
+    return { admin: 'Admin', staffing: 'Staffing', colead: 'Colead', gatekeeper: 'Gatekeeper' }[r] || r
   }
 </script>
 
@@ -129,6 +131,14 @@
     </div>
   </div>
 
+  <p class="text-muted" style="font-size:0.82rem;margin-bottom:1.5rem;line-height:1.6">
+    <strong style="color:var(--c-text)">Roles:</strong>
+    admin — full access ·
+    staffing — volunteers, shifts, departments ·
+    colead — manage assigned departments only ·
+    gatekeeper — check-in only
+  </p>
+
   {#if loadError}
     <div class="alert alert-error">{loadError}</div>
   {/if}
@@ -139,22 +149,31 @@
   {#if showAdd}
     <div class="card" style="margin-bottom:1.5rem">
       <form onsubmit={addUser}>
-        <div style="display:grid;grid-template-columns:1fr 1fr 1fr;gap:1rem">
+        <div class="form-grid-3">
           <div class="form-group">
-            <label for="u-username">Username *</label>
-            <input id="u-username" bind:value={newUsername} required placeholder="username" autocomplete="off" />
+            <label for="u-email">Email *</label>
+            <input id="u-email" type="email" bind:value={newEmail} required placeholder="email@example.com" autocomplete="off" />
+          </div>
+          <div class="form-group">
+            <label for="u-name">Preferred Name</label>
+            <input id="u-name" bind:value={newName} placeholder="Preferred name" autocomplete="off" />
           </div>
           <div class="form-group">
             <label for="u-password">Password *</label>
             <input id="u-password" type="password" bind:value={newPassword} required autocomplete="new-password" />
           </div>
-          <div class="form-group">
-            <label for="u-role">Role *</label>
-            <select id="u-role" bind:value={newRole}>
-              {#each roles as r}
-                <option value={r}>{roleLabel(r)}</option>
-              {/each}
-            </select>
+        </div>
+        <div class="form-group">
+          <span style="font-size:0.82rem;color:var(--c-muted);font-weight:500">Roles</span>
+          <div style="display:flex;flex-wrap:wrap;gap:0.5rem;margin-top:0.35rem">
+            {#each availableRoles as r}
+              <label class="checkbox-label">
+                <input type="checkbox"
+                  checked={newRoles.includes(r)}
+                  onchange={() => newRoles = toggleItem(r, newRoles)} />
+                {roleLabel(r)}
+              </label>
+            {/each}
           </div>
         </div>
         {#if ($allDepts ?? []).length > 0}
@@ -162,10 +181,10 @@
             <span style="font-size:0.82rem;color:var(--c-muted);font-weight:500">Departments</span>
             <div style="display:flex;flex-wrap:wrap;gap:0.5rem;margin-top:0.35rem">
               {#each $allDepts ?? [] as d}
-                <label style="display:flex;align-items:center;gap:0.35rem;cursor:pointer;font-size:0.875rem;color:var(--c-text)">
-                  <input type="checkbox" style="width:auto"
+                <label class="checkbox-label">
+                  <input type="checkbox"
                     checked={newDeptIDs.includes(d.id)}
-                    onchange={() => newDeptIDs = toggleDept(d.id, newDeptIDs)} />
+                    onchange={() => newDeptIDs = toggleItem(d.id, newDeptIDs)} />
                   <span class="dept-dot" style="background:{d.color}"></span>
                   {d.name}
                 </label>
@@ -187,15 +206,16 @@
     <div class="text-muted" style="padding:2rem 0">Loading…</div>
   {:else if users.length === 0}
     <div class="empty">
-      <strong>No users yet</strong>
+      <strong>No additional users</strong>
+      <p>The admin account was created at setup. Add users above to delegate access.</p>
     </div>
   {:else}
     <div class="table-wrap">
       <table>
         <thead>
           <tr>
-            <th>Username</th>
-            <th>Role</th>
+            <th>Preferred Name</th>
+            <th>Roles</th>
             <th>Departments</th>
             <th></th>
           </tr>
@@ -203,23 +223,28 @@
         <tbody>
           {#each users as u (u.id)}
             {#if editID === u.id}
-              <tr>
-                <td><strong>{u.username}</strong> {#if u.id === me}<span class="badge badge-role">you</span>{/if}</td>
+              <tr class="edit-row">
+                <td class="td-name"><strong>{u.preferred_name || u.email}</strong> {#if u.id === me}<span class="badge badge-role">you</span>{/if}</td>
                 <td>
-                  <select bind:value={editRole} style="width:auto;margin:0">
-                    {#each roles as r}
-                      <option value={r}>{roleLabel(r)}</option>
+                  <div style="display:flex;flex-wrap:wrap;gap:0.4rem">
+                    {#each availableRoles as r}
+                      <label class="checkbox-label-sm">
+                        <input type="checkbox"
+                          checked={editRoles.includes(r)}
+                          onchange={() => editRoles = toggleItem(r, editRoles)} />
+                        {roleLabel(r)}
+                      </label>
                     {/each}
-                  </select>
+                  </div>
                 </td>
                 <td>
                   {#if ($allDepts ?? []).length > 0}
                     <div style="display:flex;flex-wrap:wrap;gap:0.4rem">
                       {#each $allDepts ?? [] as d}
-                        <label style="display:flex;align-items:center;gap:0.3rem;cursor:pointer;font-size:0.82rem;color:var(--c-text)">
-                          <input type="checkbox" style="width:auto"
+                        <label class="checkbox-label-sm">
+                          <input type="checkbox"
                             checked={editDeptIDs.includes(d.id)}
-                            onchange={() => editDeptIDs = toggleDept(d.id, editDeptIDs)} />
+                            onchange={() => editDeptIDs = toggleItem(d.id, editDeptIDs)} />
                           {d.name}
                         </label>
                       {/each}
@@ -229,7 +254,7 @@
                     placeholder="New password (leave blank to keep)"
                     style="margin-top:0.5rem" autocomplete="new-password" />
                 </td>
-                <td>
+                <td class="td-actions">
                   <div class="actions">
                     <button class="btn btn-primary btn-sm" onclick={() => saveUser(u)} disabled={saving}>
                       {saving ? '…' : 'Save'}
@@ -240,19 +265,20 @@
               </tr>
             {:else}
               <tr>
-                <td>
-                  <strong>{u.username}</strong>
+                <td class="td-name">
+                  <strong>{u.preferred_name || u.email}</strong>
                   {#if u.id === me}
-                    <span class="badge badge-role" style="margin-left:0.4rem">you</span>
+                    <span class="badge badge-role">you</span>
                   {/if}
+                  <br><span class="text-muted" style="font-size:0.8rem">{u.email}</span>
                 </td>
-                <td><span class="badge badge-role">{roleLabel(u.role)}</span></td>
+                <td>{#each u.roles ?? [] as r}<span class="badge badge-role">{roleLabel(r)}</span>{/each}</td>
                 <td class="text-muted">{deptNamesFor(u.department_ids || [])}</td>
-                <td>
+                <td class="td-actions">
                   <div class="actions">
                     <button class="btn btn-ghost btn-sm" onclick={() => startEdit(u)}>Edit</button>
                     {#if u.id !== me}
-                      <button class="btn btn-danger btn-sm" onclick={() => deleteUser(u)}>Delete</button>
+                      <button class="btn btn-danger btn-sm" onclick={() => deleteUser(u)}>Remove</button>
                     {/if}
                   </div>
                 </td>
@@ -264,3 +290,11 @@
     </div>
   {/if}
 </div>
+
+<style>
+  @media (max-width: 640px) {
+    .td-name { width: 100%; }
+    .td-actions { width: 100%; display: flex; justify-content: flex-end; }
+    .edit-row td { width: 100%; }
+  }
+</style>
diff --git a/frontend/src/pages/Kiosk.svelte b/frontend/src/pages/VolunteerKiosk.svelte
similarity index 98%
rename from frontend/src/pages/Kiosk.svelte
rename to frontend/src/pages/VolunteerKiosk.svelte
index 3f6aa27..c9eb58a 100644
--- a/frontend/src/pages/Kiosk.svelte
+++ b/frontend/src/pages/VolunteerKiosk.svelte
@@ -2,8 +2,7 @@
   import { onMount } from 'svelte'
   import { api } from '../api.js'
 
-  // Token comes from the URL hash: /#/v/TOKEN
-  const token = $derived(window.location.hash.match(/^#\/v\/([A-Z0-9]+)/i)?.[1] ?? '')
+  const token = $derived(window.location.pathname.match(/^\/v\/([A-Z0-9]+)/i)?.[1] ?? '')
 
   let state = $state(null)      // { volunteer, shifts, available }
   let loading = $state(true)
@@ -150,7 +149,7 @@
         <div class="kiosk-vol-name">{state.volunteer.name}</div>
         <div class="kiosk-vol-meta">
           {state.volunteer.email || ''}
-          {state.volunteer.is_lead ? ' · Department Lead' : ''}
+          {state.volunteer.is_lead ? ' · Co-Lead' : ''}
         </div>
         <div class="kiosk-token">Token: <code>{token}</code></div>
       </div>
diff --git a/frontend/src/pages/VolunteerSignup.svelte b/frontend/src/pages/VolunteerSignup.svelte
new file mode 100644
index 0000000..8681265
--- /dev/null
+++ b/frontend/src/pages/VolunteerSignup.svelte
@@ -0,0 +1,241 @@
+<script>
+  import { onMount } from 'svelte'
+  import { api } from '../api.js'
+
+  let loading = $state(true)
+  let submitting = $state(false)
+  let error = $state('')
+  let submitted = $state(false)
+
+  let config = $state(null)
+  let preferredName = $state('')
+  let ticketName = $state('')
+  let email = $state('')
+  let pronouns = $state('')
+  let phone = $state('')
+  let departmentId = $state('')
+  let note = $state('')
+
+  onMount(async () => {
+    try {
+      config = await api.signup.config()
+    } catch (err) {
+      error = err.message
+    } finally {
+      loading = false
+    }
+  })
+
+  async function submit(e) {
+    e.preventDefault()
+    submitting = true
+    error = ''
+    try {
+      const data = {
+        preferred_name: preferredName.trim(),
+        email: email.trim(),
+      }
+      if (ticketName.trim()) data.ticket_name = ticketName.trim()
+      if (pronouns.trim()) data.pronouns = pronouns.trim()
+      if (phone.trim()) data.phone = phone.trim()
+      if (departmentId) data.department_id = Number(departmentId)
+      if (note.trim()) data.note = note.trim()
+      await api.signup.submit(data)
+      submitted = true
+    } catch (err) {
+      error = err.message
+    } finally {
+      submitting = false
+    }
+  }
+</script>
+
+<div class="kiosk">
+  <div class="kiosk-header">
+    <div class="kiosk-brand">Turn<span>pike</span> &nbsp;<span class="kiosk-role">Volunteer Signup</span></div>
+  </div>
+
+  <div class="kiosk-body">
+    {#if loading}
+      <div class="kiosk-center">Loading...</div>
+    {:else if submitted}
+      <div class="kiosk-card" style="text-align:center">
+        <h2 style="font-size:1.3rem;font-weight:700;margin-bottom:0.75rem">Thank you!</h2>
+        <p style="color:var(--c-muted);line-height:1.6;margin:0">
+          We've sent a confirmation email to <strong style="color:var(--c-text)">{email}</strong>.
+          Please check your inbox and click the link to confirm your signup.
+        </p>
+      </div>
+    {:else}
+      {#if config?.event_name && config.event_name !== 'the event'}
+        <h2 class="signup-event-name">{config.event_name}</h2>
+      {/if}
+
+      {#if error}
+        <div class="kiosk-alert">{error}</div>
+      {/if}
+
+      <form onsubmit={submit}>
+        <div class="kiosk-card">
+          <div class="signup-field">
+            <label for="s-name">Preferred Name <span class="req">*</span></label>
+            <input id="s-name" bind:value={preferredName} required placeholder="What should we call you?" />
+          </div>
+
+          <div class="signup-field">
+            <label for="s-ticket">Ticket Name</label>
+            <input id="s-ticket" bind:value={ticketName} placeholder="Name on your ticket (if different)" />
+          </div>
+
+          <div class="signup-field">
+            <label for="s-email">Email <span class="req">*</span></label>
+            <input id="s-email" type="email" bind:value={email} required placeholder="you@example.com" />
+          </div>
+
+          <div class="signup-row">
+            <div class="signup-field">
+              <label for="s-pronouns">Pronouns</label>
+              <input id="s-pronouns" bind:value={pronouns} placeholder="e.g. she/her" />
+            </div>
+            <div class="signup-field">
+              <label for="s-phone">Phone</label>
+              <input id="s-phone" type="tel" bind:value={phone} placeholder="Optional" />
+            </div>
+          </div>
+
+          {#if config?.departments?.length > 0}
+            <div class="signup-field">
+              <label for="s-dept">Department Preference</label>
+              <select id="s-dept" bind:value={departmentId}>
+                <option value="">No preference</option>
+                {#each config.departments as dept}
+                  <option value={dept.id}>{dept.name}</option>
+                {/each}
+              </select>
+            </div>
+          {/if}
+
+          <div class="signup-field">
+            <label for="s-note">
+              {config?.volunteer_note_label ?? 'Additional note'}
+              {#if config?.volunteer_note_required}<span class="req">*</span>{/if}
+            </label>
+            <textarea id="s-note" bind:value={note} rows="3"
+              required={config?.volunteer_note_required}
+              placeholder=""></textarea>
+          </div>
+
+          <button type="submit" class="kbtn kbtn-primary" style="width:100%;margin-top:0.5rem" disabled={submitting}>
+            {submitting ? 'Submitting...' : 'Sign Up'}
+          </button>
+        </div>
+      </form>
+    {/if}
+  </div>
+</div>
+
+<style>
+  .kiosk {
+    min-height: 100vh;
+    background: var(--c-bg);
+    color: var(--c-text);
+    font-family: var(--font);
+    display: flex;
+    flex-direction: column;
+  }
+  .kiosk-header {
+    background: var(--c-surface);
+    border-bottom: 1px solid var(--c-border);
+    padding: 1rem 1.5rem;
+    display: flex;
+    align-items: center;
+  }
+  .kiosk-brand {
+    font-size: 1.1rem;
+    font-weight: 700;
+    letter-spacing: -0.02em;
+    color: var(--c-text);
+  }
+  .kiosk-brand span:first-of-type { color: var(--c-accent); }
+  .kiosk-role {
+    font-size: 0.8rem;
+    font-weight: 400;
+    color: var(--c-muted);
+    letter-spacing: 0;
+  }
+  .kiosk-body {
+    max-width: 540px;
+    margin: 0 auto;
+    padding: 1.5rem 1rem;
+    width: 100%;
+  }
+  .kiosk-center { display: flex; align-items: center; justify-content: center; }
+  .kiosk-alert {
+    background: rgba(239,68,68,0.1);
+    border: 1px solid rgba(239,68,68,0.25);
+    color: #fca5a5;
+    padding: 0.75rem 1rem;
+    border-radius: 6px;
+    margin-bottom: 1rem;
+    font-size: 0.875rem;
+  }
+  .kiosk-card {
+    background: var(--c-surface);
+    border: 1px solid var(--c-border);
+    border-radius: 10px;
+    padding: 1.25rem;
+  }
+  .signup-event-name {
+    font-size: 1.15rem;
+    font-weight: 700;
+    text-align: center;
+    margin-bottom: 1rem;
+    color: var(--c-text);
+  }
+  .signup-field {
+    margin-bottom: 1rem;
+  }
+  .signup-field label {
+    display: block;
+    font-size: 0.8rem;
+    font-weight: 600;
+    color: var(--c-muted);
+    margin-bottom: 0.3rem;
+  }
+  .signup-field input,
+  .signup-field select,
+  .signup-field textarea {
+    width: 100%;
+    padding: 0.55rem 0.75rem;
+    border: 1px solid var(--c-border);
+    border-radius: 6px;
+    background: var(--c-bg);
+    color: var(--c-text);
+    font-family: var(--font);
+    font-size: 0.875rem;
+    box-sizing: border-box;
+  }
+  .signup-field input:focus,
+  .signup-field select:focus,
+  .signup-field textarea:focus {
+    outline: none;
+    border-color: var(--c-accent);
+  }
+  .signup-row {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: 1rem;
+  }
+  .req { color: var(--c-accent); }
+  .kbtn {
+    display: inline-flex; align-items: center; justify-content: center;
+    padding: 0.55rem 1rem; border-radius: 6px;
+    border: 1px solid transparent;
+    font-size: 0.875rem; font-weight: 500; cursor: pointer;
+    font-family: var(--font);
+    transition: background 150ms;
+  }
+  .kbtn:disabled { opacity: 0.5; cursor: not-allowed; }
+  .kbtn-primary { background: var(--c-accent); color: #fff; }
+  .kbtn-primary:hover:not(:disabled) { background: var(--c-accent-h); }
+</style>
diff --git a/frontend/src/pages/Volunteers.svelte b/frontend/src/pages/Volunteers.svelte
index 2614272..8f5abe5 100644
--- a/frontend/src/pages/Volunteers.svelte
+++ b/frontend/src/pages/Volunteers.svelte
@@ -8,23 +8,43 @@
 
   let search = $state('')
   let filterDept = $state('')
-  let filterChecked = $state('')
+  let filterStatus = $state('')
   let error = $state('')
   let showAdd = $state(false)
   let adding = $state(false)
   let newName = $state('')
+  let newTicketName = $state('')
   let newEmail = $state('')
-  let newPhone = $state('')
   let newDeptID = $state('')
   let newIsLead = $state(false)
   let newNote = $state('')
 
-  const role = $derived(session?.user?.role ?? '')
-  const canManage = $derived(['admin', 'coordinator', 'volunteer_lead'].includes(role))
+  let editID = $state(null)
+  let editDeptID = $state('')
+  let editIsLead = $state(false)
+  let editNote = $state('')
+  let saving = $state(false)
+  let confirmingID = $state(null)
+
+  const roles = $derived(session?.user?.roles ?? [])
+  function hasRole(...allowed) { return roles.some(r => allowed.includes(r)) }
+  const canManage = $derived(hasRole('admin', 'staffing', 'colead'))
+  const canConfirm = $derived(hasRole('admin', 'staffing', 'colead'))
+  const myDeptIDs = $derived(session?.user?.department_ids ?? [])
+
+  let deptInitialized = $state(false)
+  $effect(() => {
+    if (!deptInitialized && hasRole('colead') && !hasRole('admin', 'staffing') && myDeptIDs.length > 0) {
+      filterDept = String(myDeptIDs[0])
+      deptInitialized = true
+    }
+  })
 
   const allVolunteers = liveQuery(() =>
     db.volunteers.filter(v => !v.deleted_at).toArray()
   )
+  const allParticipants = liveQuery(() => db.participants.toArray())
+  const allTickets = liveQuery(() => db.tickets.filter(t => !t.deleted_at).toArray())
   const allDepts = liveQuery(() =>
     db.departments.filter(d => !d.deleted_at).toArray()
       .then(arr => arr.sort((a, b) => a.name.localeCompare(b.name)))
@@ -36,8 +56,10 @@
     return list
       .filter(v => {
         if (filterDept && v.department_id !== parseInt(filterDept)) return false
-        if (filterChecked === 'true' && !v.checked_in) return false
-        if (filterChecked === 'false' && v.checked_in) return false
+        if (filterStatus === 'unconfirmed' && v.email_confirmed) return false
+        if (filterStatus === 'registered' && (!v.email_confirmed || v.confirmed)) return false
+        if (filterStatus === 'confirmed' && (!v.confirmed || v.ready)) return false
+        if (filterStatus === 'ready' && !v.ready) return false
         if (s && !v.name.toLowerCase().includes(s) &&
             !(v.email || '').toLowerCase().includes(s)) return false
         return true
@@ -45,15 +67,28 @@
       .sort((a, b) => a.name.localeCompare(b.name))
   })
 
-  async function checkIn(v) {
+  async function markReady(v) {
     try {
-      const updated = await api.volunteers.checkIn(v.id)
+      const updated = await api.volunteers.markReady(v.id)
       await db.volunteers.put(updated)
     } catch (err) {
       error = err.message
     }
   }
 
+  async function confirmVolunteer(v) {
+    if (confirmingID) return
+    confirmingID = v.id
+    try {
+      const updated = await api.volunteers.confirm(v.id)
+      await db.volunteers.put(updated)
+    } catch (err) {
+      error = err.message
+    } finally {
+      confirmingID = null
+    }
+  }
+
   async function addVolunteer(e) {
     e.preventDefault()
     adding = true
@@ -61,8 +96,8 @@
     try {
       const data = {
         name: newName,
+        ticket_name: newTicketName,
         email: newEmail,
-        phone: newPhone,
         is_lead: newIsLead,
         note: newNote,
       }
@@ -70,7 +105,7 @@
       const v = await api.volunteers.create(data)
       await db.volunteers.put(v)
       showAdd = false
-      newName = newEmail = newPhone = newNote = ''
+      newName = newEmail = newTicketName = newNote = ''
       newDeptID = ''
       newIsLead = false
     } catch (err) {
@@ -90,9 +125,48 @@
     }
   }
 
+  function startEdit(v) {
+    editID = v.id
+    editDeptID = v.department_id ? String(v.department_id) : ''
+    editIsLead = v.is_lead
+    editNote = v.note ?? ''
+  }
+
+  function cancelEdit() {
+    editID = null
+  }
+
+  async function saveVolunteer(v) {
+    saving = true
+    error = ''
+    try {
+      const updated = await api.volunteers.update(v.id, {
+        ...v,
+        department_id: editDeptID ? parseInt(editDeptID) : null,
+        is_lead: editIsLead,
+        note: editNote,
+      })
+      await db.volunteers.put(updated)
+      editID = null
+    } catch (err) {
+      error = err.message
+    } finally {
+      saving = false
+    }
+  }
+
   function deptFor(id) {
     return ($allDepts ?? []).find(d => d.id === id)
   }
+
+  function participantHasTickets(participantId) {
+    if (!participantId) return false
+    return ($allTickets ?? []).some(t => t.participant_id === participantId)
+  }
+
+  function participantFor(id) {
+    return ($allParticipants ?? []).find(p => p.id === id) ?? null
+  }
 </script>
 
 <div class="page">
@@ -112,18 +186,18 @@
   {#if showAdd && canManage}
     <div class="card" style="margin-bottom:1.5rem">
       <form onsubmit={addVolunteer}>
-        <div style="display:grid;grid-template-columns:1fr 1fr;gap:1rem">
+        <div class="form-grid">
           <div class="form-group">
-            <label for="v-name">Name *</label>
-            <input id="v-name" bind:value={newName} required placeholder="Full name" />
+            <label for="v-name">Preferred Name *</label>
+            <input id="v-name" bind:value={newName} required placeholder="What they go by" />
           </div>
           <div class="form-group">
-            <label for="v-email">Email</label>
-            <input id="v-email" type="email" bind:value={newEmail} placeholder="email@example.com" />
+            <label for="v-ticket-name">Name on Ticket</label>
+            <input id="v-ticket-name" bind:value={newTicketName} placeholder="Legal/ticketed name" />
           </div>
           <div class="form-group">
-            <label for="v-phone">Phone</label>
-            <input id="v-phone" bind:value={newPhone} placeholder="Optional" />
+            <label for="v-email">Email *</label>
+            <input id="v-email" type="email" bind:value={newEmail} required placeholder="email@example.com" />
           </div>
           <div class="form-group">
             <label for="v-dept">Department</label>
@@ -140,8 +214,8 @@
           <input id="v-note" bind:value={newNote} placeholder="Optional note" />
         </div>
         <div style="margin-bottom:1rem">
-          <label style="display:flex;align-items:center;gap:0.5rem;cursor:pointer">
-            <input type="checkbox" style="width:auto" bind:checked={newIsLead} />
+          <label class="checkbox-label">
+            <input type="checkbox" bind:checked={newIsLead} />
             Department lead
           </label>
         </div>
@@ -165,10 +239,12 @@
         {/each}
       </select>
     {/if}
-    <select bind:value={filterChecked} style="width:auto">
-      <option value="">All</option>
-      <option value="false">Not checked in</option>
-      <option value="true">Checked in</option>
+    <select bind:value={filterStatus} style="width:auto">
+      <option value="">All statuses</option>
+      <option value="unconfirmed">Unregistered</option>
+      <option value="registered">Registered</option>
+      <option value="confirmed">Confirmed</option>
+      <option value="ready">Ready</option>
     </select>
     <span class="text-muted" style="font-size:0.85rem;white-space:nowrap">
       {filtered.length} shown
@@ -178,14 +254,14 @@
   {#if ($allVolunteers ?? []).length === 0}
     <div class="empty">
       <strong>No volunteers yet</strong>
-      <p>Add volunteers manually.</p>
+      <p>Add volunteers manually above, or enable public signup in Settings.</p>
     </div>
   {:else}
     <div class="table-wrap">
       <table>
         <thead>
           <tr>
-            <th>Name</th>
+            <th>Preferred Name</th>
             <th>Department</th>
             <th>Status</th>
             <th></th>
@@ -195,47 +271,112 @@
         <tbody>
           {#each filtered as v (v.id)}
             {@const dept = deptFor(v.department_id)}
-            <tr>
-              <td>
-                <strong>{v.name}</strong>
-                {#if v.is_lead}
-                  <span class="badge badge-lead" style="margin-left:0.4rem">Lead</span>
-                {/if}
-                {#if v.note}
-                  <div class="text-muted" style="font-size:0.78rem">{v.note}</div>
-                {/if}
-              </td>
-              <td class="text-muted">
-                {#if dept}
-                  <span class="dept-dot" style="background:{dept.color};margin-right:0.4rem"></span>{dept.name}
-                {:else}
-                  —
-                {/if}
-              </td>
-              <td>
-                <span class="badge {v.checked_in ? 'badge-checked' : 'badge-unchecked'}">
-                  {v.checked_in ? 'Checked in' : 'Pending'}
-                </span>
-                {#if v.checked_in_at}
-                  <div class="text-muted" style="font-size:0.75rem">
-                    {new Date(v.checked_in_at).toLocaleTimeString()}
-                  </div>
-                {/if}
-              </td>
-              <td>
-                {#if !v.checked_in}
-                  <CheckInButton onclick={() => checkIn(v)} />
-                {/if}
-              </td>
-              {#if canManage}
-                <td>
-                  <button class="btn btn-danger btn-sm" onclick={() => deleteVolunteer(v)}>Delete</button>
+            {#if editID === v.id}
+              <tr class="edit-row">
+                <td class="td-name" style="width:100%">
+                  <strong>{v.name}</strong>
+                  {#if v.email}<div class="text-muted" style="font-size:0.78rem">{v.email}</div>{/if}
                 </td>
-              {/if}
-            </tr>
+                <td class="td-edit-dept">
+                  <select bind:value={editDeptID} style="margin:0">
+                    <option value="">No department</option>
+                    {#each $allDepts ?? [] as d}
+                      <option value={String(d.id)}>{d.name}</option>
+                    {/each}
+                  </select>
+                </td>
+                <td class="td-edit-checks">
+                  <label class="checkbox-label-sm" style="white-space:nowrap">
+                    <input type="checkbox" bind:checked={editIsLead} /> Co-Lead
+                  </label>
+                </td>
+                <td class="td-edit-note">
+                  <input bind:value={editNote} placeholder="Note" style="margin:0" />
+                </td>
+                <td class="td-actions">
+                  <button class="btn btn-primary btn-sm" onclick={() => saveVolunteer(v)} disabled={saving}>
+                    {saving ? '…' : 'Save'}
+                  </button>
+                  <button class="btn btn-ghost btn-sm" onclick={cancelEdit}>Cancel</button>
+                </td>
+              </tr>
+            {:else}
+              {@const participant = participantFor(v.participant_id)}
+              <tr>
+                <td class="td-name">
+                  <strong>{v.name}</strong>
+                  {#if v.is_lead}
+                    <span class="badge badge-lead">Co-Lead</span>
+                  {/if}
+                  {#if !v.participant_id}
+                    <span class="badge badge-unchecked" title="Not linked to a participant">No ticket</span>
+                  {:else if !participantHasTickets(v.participant_id)}
+                    <span class="badge badge-partial" title="No ticket on file">No ticket</span>
+                  {/if}
+                  {#if participant?.ticket_name && participant.ticket_name !== v.name}
+                    <div class="text-muted" style="font-size:0.78rem">Ticket: {participant.ticket_name}</div>
+                  {/if}
+                  {#if v.email}
+                    <div class="text-muted" style="font-size:0.78rem">{v.email}</div>
+                  {/if}
+                  {#if v.note}
+                    <div class="text-muted" style="font-size:0.78rem">{v.note}</div>
+                  {/if}
+                </td>
+                <td class="td-dept text-muted">
+                  {#if dept}
+                    <span class="dept-dot" style="background:{dept.color};margin-right:0.4rem"></span>{dept.name}
+                  {:else}
+                    —
+                  {/if}
+                </td>
+                <td class="td-status">
+                  {#if v.ready}
+                    <span class="badge badge-checked">Ready</span>
+                  {:else if v.confirmed}
+                    <span class="badge badge-confirmed">Confirmed</span>
+                  {:else if v.email_confirmed}
+                    <span class="badge badge-registered">Registered</span>
+                  {:else}
+                    <span class="badge badge-unchecked">Unregistered</span>
+                  {/if}
+                  {#if v.ready_at}
+                    <div class="text-muted" style="font-size:0.75rem">
+                      {new Date(v.ready_at).toLocaleTimeString()}
+                    </div>
+                  {/if}
+                </td>
+                <td class="td-ready">
+                  {#if v.confirmed && !v.ready}
+                    <CheckInButton onclick={() => markReady(v)} />
+                  {/if}
+                </td>
+                {#if canManage}
+                  <td class="td-actions">
+                    {#if canConfirm && v.email_confirmed && !v.confirmed}
+                      <button class="btn btn-primary btn-sm" onclick={() => confirmVolunteer(v)} disabled={confirmingID === v.id}>Confirm</button>
+                    {/if}
+                    <button class="btn btn-ghost btn-sm" onclick={() => startEdit(v)}>Edit</button>
+                    <button class="btn btn-danger btn-sm" onclick={() => deleteVolunteer(v)}>Delete</button>
+                  </td>
+                {/if}
+              </tr>
+            {/if}
           {/each}
         </tbody>
       </table>
     </div>
   {/if}
 </div>
+
+<style>
+  @media (max-width: 640px) {
+    .td-name { flex: 1; min-width: 0; order: 1; }
+    .td-ready { flex-shrink: 0; align-self: flex-start; order: 2; }
+    .td-dept { width: 100%; order: 3; }
+    .td-status { width: 100%; order: 4; }
+    .td-actions { width: 100%; order: 5; display: flex; justify-content: flex-end; }
+    .edit-row td { width: 100%; }
+    .td-edit-dept, .td-edit-checks, .td-edit-note { width: 100%; }
+  }
+</style>
diff --git a/frontend/src/sync.js b/frontend/src/sync.js
index 05b16c0..ef22313 100644
--- a/frontend/src/sync.js
+++ b/frontend/src/sync.js
@@ -4,24 +4,54 @@ import { api } from './api.js'
 let syncing = false
 let sseSource = null
 
+async function checkBuildChanged() {
+  try {
+    const res = await fetch('/api/version')
+    const { build } = await res.json()
+    if (!build) return
+    const stored = await db.meta.get('build')
+    if (!stored || stored.value !== build) {
+      await db.transaction('rw',
+        [db.meta, db.event, db.participants, db.tickets, db.departments, db.volunteers, db.shifts, db.volunteer_shifts],
+        async () => {
+          await db.meta.clear()
+          await db.event.clear()
+          await db.participants.clear()
+          await db.tickets.clear()
+          await db.departments.clear()
+          await db.volunteers.clear()
+          await db.shifts.clear()
+          await db.volunteer_shifts.clear()
+          await db.meta.put({ key: 'build', value: build })
+        }
+      )
+    }
+  } catch {}
+}
+
 export async function syncPull() {
   if (syncing) return
   syncing = true
   try {
+    await checkBuildChanged()
     const since = await getLastSync()
     const data = await api.sync.pull(since)
 
     await db.transaction('rw',
-      [db.event, db.attendees, db.departments, db.volunteers, db.shifts, db.volunteer_shifts],
+      [db.event, db.participants, db.tickets, db.departments, db.volunteers, db.shifts, db.volunteer_shifts],
       async () => {
         if (data.event) {
           await db.event.put(data.event)
         }
-        if (data.attendees?.length) {
-          await db.attendees.bulkPut(data.attendees)
-          // Purge hard-deleted records from Dexie
-          const deleted = data.attendees.filter(a => a.deleted_at).map(a => a.id)
-          if (deleted.length) await db.attendees.bulkDelete(deleted)
+        if (data.participants?.length) {
+          await db.participants.bulkPut(data.participants)
+          const deleted = data.participants.filter(p => p.deleted_at).map(p => p.id)
+          if (deleted.length) await db.participants.bulkDelete(deleted)
+        }
+        if (data.tickets?.length) {
+          await db.tickets.bulkPut(data.tickets)
+          const deleted = data.tickets.filter(t => t.deleted_at).map(t => t.id)
+          if (deleted.length) await db.tickets.bulkDelete(deleted)
         }
         if (data.departments?.length) {
           await db.departments.bulkPut(data.departments)
@@ -47,7 +77,7 @@ export async function syncPull() {
       }
     )
 
-    await setLastSync(data.server_time)
+    if (data.server_time) await setLastSync(data.server_time)
     return true
   } catch (err) {
     console.warn('Sync pull failed:', err.message)
@@ -72,8 +102,8 @@ export function startSSE(onEvent) {
         try {
           const payload = JSON.parse(e.data)
           if (payload.event === 'checkin') {
-            if (payload.data?.type === 'attendee' && payload.data?.attendee) {
-              await db.attendees.put(payload.data.attendee)
+            if (payload.data?.type === 'ticket' && payload.data?.ticket) {
+              await db.tickets.put(payload.data.ticket)
             }
             if (payload.data?.type === 'volunteer' && payload.data?.volunteer) {
               await db.volunteers.put(payload.data.volunteer)
@@ -93,7 +123,7 @@ export function startSSE(onEvent) {
           syncPull()
         }, 5000)
       }
-    })
+    }).catch(() => {})
   }
 
   connect()
@@ -104,18 +134,23 @@ export function stopSSE() {
   sseSource = null
 }
 
-// Poll for sync when online, with exponential backoff on failure
 let syncInterval = null
+let onlineHandler = null
 
 export function startSyncLoop(intervalMs = 30000) {
   if (syncInterval) return
   syncInterval = setInterval(() => {
     if (navigator.onLine) syncPull()
   }, intervalMs)
-  window.addEventListener('online', () => syncPull())
+  onlineHandler = () => syncPull()
+  window.addEventListener('online', onlineHandler)
 }
 
 export function stopSyncLoop() {
   clearInterval(syncInterval)
   syncInterval = null
+  if (onlineHandler) {
+    window.removeEventListener('online', onlineHandler)
+    onlineHandler = null
+  }
 }
diff --git a/frontend/src/sync.test.js b/frontend/src/sync.test.js
index 2c8915e..21c213e 100644
--- a/frontend/src/sync.test.js
+++ b/frontend/src/sync.test.js
@@ -18,30 +18,31 @@ function mockFetch(body = {}, status = 200) {
 }
 
 describe('syncPull', () => {
-  it('writes attendees to Dexie', async () => {
+  it('writes participants to Dexie', async () => {
     mockFetch({
       server_time: '2026-03-01T12:00:00Z',
-      attendees: [{ id: 1, name: 'Titania' }],
+      participants: [{ id: 1, preferred_name: 'Titania', email: 'titania@example.com' }],
+      tickets: [],
       departments: [],
       volunteers: [],
       shifts: [],
       volunteer_shifts: [],
     })
-    // Import fresh to reset syncing guard
     const { syncPull } = await import('./sync.js')
     await syncPull()
 
-    const a = await db.attendees.get(1)
-    expect(a.name).toBe('Titania')
+    const p = await db.participants.get(1)
+    expect(p.preferred_name).toBe('Titania')
     expect(await getLastSync()).toBe('2026-03-01T12:00:00Z')
   })
 
-  it('deletes soft-deleted attendees from Dexie', async () => {
-    await db.attendees.put({ id: 1, name: 'Titania' })
+  it('deletes soft-deleted participants from Dexie', async () => {
+    await db.participants.put({ id: 1, preferred_name: 'Titania', email: 'titania@example.com' })
 
     mockFetch({
       server_time: '2026-03-01T13:00:00Z',
-      attendees: [{ id: 1, name: 'Titania', deleted_at: '2026-03-01T12:30:00Z' }],
+      participants: [{ id: 1, preferred_name: 'Titania', deleted_at: '2026-03-01T12:30:00Z' }],
+      tickets: [],
       departments: [],
       volunteers: [],
       shifts: [],
@@ -50,8 +51,8 @@ describe('syncPull', () => {
     const { syncPull } = await import('./sync.js')
     await syncPull()
 
-    const a = await db.attendees.get(1)
-    expect(a).toBeUndefined()
+    const p = await db.participants.get(1)
+    expect(p).toBeUndefined()
   })
 
   it('deletes soft-deleted volunteer_shifts from Dexie', async () => {
@@ -59,7 +60,8 @@ describe('syncPull', () => {
 
     mockFetch({
       server_time: '2026-03-01T13:00:00Z',
-      attendees: [],
+      participants: [],
+      tickets: [],
       departments: [],
       volunteers: [],
       shifts: [],
@@ -75,7 +77,8 @@ describe('syncPull', () => {
   it('sets lastSync timestamp', async () => {
     mockFetch({
       server_time: '2026-03-02T00:00:00Z',
-      attendees: [],
+      participants: [],
+      tickets: [],
       departments: [],
       volunteers: [],
       shifts: [],
diff --git a/handle_attendees.go b/handle_attendees.go
deleted file mode 100644
index 5e732ba..0000000
--- a/handle_attendees.go
+++ /dev/null
@@ -1,167 +0,0 @@
-package main
-
-import (
-	"encoding/csv"
-	"encoding/json"
-	"net/http"
-	"strconv"
-)
-
-func (app *App) handleListAttendees(w http.ResponseWriter, r *http.Request) {
-	q := r.URL.Query()
-	attendees, err := app.listAttendees(q.Get("search"), q.Get("ticket_type"), q.Get("checked_in"))
-	if err != nil {
-		writeError(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-	types, _ := app.attendeeTicketTypes()
-	total, checkedIn, _ := app.attendeeCounts()
-	writeJSON(w, map[string]any{
-		"attendees":    attendees,
-		"ticket_types": types,
-		"total":        total,
-		"checked_in":   checkedIn,
-	})
-}
-
-func (app *App) handleCreateAttendee(w http.ResponseWriter, r *http.Request) {
-	var a Attendee
-	if err := json.NewDecoder(r.Body).Decode(&a); err != nil {
-		writeError(w, "invalid request", http.StatusBadRequest)
-		return
-	}
-	if a.Name == "" {
-		writeError(w, "name is required", http.StatusBadRequest)
-		return
-	}
-	created, err := app.createAttendee(a)
-	if err != nil {
-		writeError(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-	w.WriteHeader(http.StatusCreated)
-	writeJSON(w, created)
-}
-
-func (app *App) handleGetAttendee(w http.ResponseWriter, r *http.Request) {
-	id, err := strconv.Atoi(r.PathValue("id"))
-	if err != nil {
-		writeError(w, "invalid id", http.StatusBadRequest)
-		return
-	}
-	a, err := app.getAttendee(id)
-	if err != nil || a == nil {
-		writeError(w, "not found", http.StatusNotFound)
-		return
-	}
-	writeJSON(w, a)
-}
-
-func (app *App) handleUpdateAttendee(w http.ResponseWriter, r *http.Request) {
-	id, err := strconv.Atoi(r.PathValue("id"))
-	if err != nil {
-		writeError(w, "invalid id", http.StatusBadRequest)
-		return
-	}
-	var a Attendee
-	if err := json.NewDecoder(r.Body).Decode(&a); err != nil {
-		writeError(w, "invalid request", http.StatusBadRequest)
-		return
-	}
-	if a.Name == "" {
-		writeError(w, "name is required", http.StatusBadRequest)
-		return
-	}
-	a.ID = id
-	if err := app.updateAttendee(a); err != nil {
-		writeError(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-	updated, _ := app.getAttendee(id)
-	writeJSON(w, updated)
-}
-
-func (app *App) handleDeleteAttendee(w http.ResponseWriter, r *http.Request) {
-	id, err := strconv.Atoi(r.PathValue("id"))
-	if err != nil {
-		writeError(w, "invalid id", http.StatusBadRequest)
-		return
-	}
-	if err := app.deleteAttendee(id); err != nil {
-		writeError(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-	w.WriteHeader(http.StatusNoContent)
-}
-
-// handleCheckInAttendee handles POST /api/attendees/:id/checkin.
-// Optional body: {"count": N, "also_volunteer": true}
-// Returns {"attendee": ..., "volunteer": ...} — volunteer is included if also_volunteer=true
-// and the attendee has a linked volunteer record.
-func (app *App) handleCheckInAttendee(w http.ResponseWriter, r *http.Request) {
-	id, err := strconv.Atoi(r.PathValue("id"))
-	if err != nil {
-		writeError(w, "invalid id", http.StatusBadRequest)
-		return
-	}
-
-	var body struct {
-		Count         int  `json:"count"`
-		AlsoVolunteer bool `json:"also_volunteer"`
-	}
-	body.Count = 1
-	json.NewDecoder(r.Body).Decode(&body)
-	if body.Count < 1 {
-		body.Count = 1
-	}
-
-	claims := claimsFromContext(r)
-	a, err := app.checkInAttendee(id, claims.UserID, body.Count)
-	if err != nil {
-		writeError(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-
-	result := map[string]any{"attendee": a}
-
-	if body.AlsoVolunteer {
-		v, _ := app.getVolunteerByAttendeeID(id)
-		if v != nil {
-			if !v.CheckedIn {
-				if v2, err := app.checkInVolunteer(v.ID, claims.UserID); err == nil {
-					result["volunteer"] = v2
-					app.broker.publish("checkin", map[string]any{"type": "volunteer", "volunteer": v2})
-				}
-			} else {
-				result["volunteer"] = v
-			}
-		}
-	}
-
-	app.broker.publish("checkin", map[string]any{"type": "attendee", "attendee": a})
-	writeJSON(w, result)
-}
-
-func (app *App) handleExportAttendees(w http.ResponseWriter, r *http.Request) {
-	attendees, err := app.listAttendees("", "", "")
-	if err != nil {
-		writeError(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-	w.Header().Set("Content-Type", "text/csv")
-	w.Header().Set("Content-Disposition", `attachment; filename="attendees.csv"`)
-	wr := csv.NewWriter(w)
-	wr.Write([]string{"name", "email", "phone", "ticket_id", "ticket_type", "party_size", "checked_in_count", "note", "checked_in"})
-	for _, a := range attendees {
-		ci := "no"
-		if a.CheckedIn {
-			ci = "yes"
-		}
-		wr.Write([]string{
-			a.Name, a.Email, a.Phone, a.TicketID, a.TicketType,
-			strconv.Itoa(a.PartySize), strconv.Itoa(a.CheckedInCount),
-			a.Note, ci,
-		})
-	}
-	wr.Flush()
-}
diff --git a/handle_attendees_test.go b/handle_attendees_test.go
index 827a4b2..7dd7ff8 100644
--- a/handle_attendees_test.go
+++ b/handle_attendees_test.go
@@ -6,14 +6,14 @@ import (
 	"testing"
 )
 
-func TestAttendeesListCreateDelete(t *testing.T) {
+func TestParticipantsListCreateDelete(t *testing.T) {
 	app := testApp(t)
 	admin := testAdminUser(t, app)
 	token := testToken(t, app, admin)
 	mux := testMux(app)
 
 	// Create
-	req := testAuthRequest("POST", "/api/attendees", map[string]string{"name": "Titania"}, token)
+	req := testAuthRequest("POST", "/api/participants", map[string]string{"preferred_name": "Titania", "email": "titania@example.com"}, token)
 	w := httptest.NewRecorder()
 	mux.ServeHTTP(w, req)
 	if w.Code != http.StatusCreated {
@@ -23,20 +23,20 @@ func TestAttendeesListCreateDelete(t *testing.T) {
 	id := created["id"].(float64)
 
 	// List
-	req = testAuthRequest("GET", "/api/attendees", nil, token)
+	req = testAuthRequest("GET", "/api/participants", nil, token)
 	w = httptest.NewRecorder()
 	mux.ServeHTTP(w, req)
 	if w.Code != http.StatusOK {
 		t.Fatalf("list: status = %d", w.Code)
 	}
 	list := parseJSON(t, w)
-	attendees := list["attendees"].([]any)
-	if len(attendees) != 1 {
-		t.Errorf("list: got %d, want 1", len(attendees))
+	participants := list["participants"].([]any)
+	if len(participants) != 2 { // admin + Titania
+		t.Errorf("list: got %d, want 2", len(participants))
 	}
 
 	// Delete
-	req = testAuthRequest("DELETE", "/api/attendees/"+itoa(int(id)), nil, token)
+	req = testAuthRequest("DELETE", "/api/participants/"+itoa(int(id)), nil, token)
 	w = httptest.NewRecorder()
 	mux.ServeHTTP(w, req)
 	if w.Code != http.StatusNoContent {
@@ -44,66 +44,66 @@ func TestAttendeesListCreateDelete(t *testing.T) {
 	}
 
 	// List again — should be empty
-	req = testAuthRequest("GET", "/api/attendees", nil, token)
+	req = testAuthRequest("GET", "/api/participants", nil, token)
 	w = httptest.NewRecorder()
 	mux.ServeHTTP(w, req)
 	list = parseJSON(t, w)
-	if a2, ok := list["attendees"].([]any); ok && len(a2) != 0 {
-		t.Errorf("after delete: got %d, want 0", len(a2))
+	if ps, ok := list["participants"].([]any); ok && len(ps) != 1 { // admin remains
+		t.Errorf("after delete: got %d, want 1", len(ps))
 	}
 }
 
-func TestCheckInAttendeeHandler(t *testing.T) {
+func TestCheckInTicketHandler(t *testing.T) {
 	app := testApp(t)
 	admin := testAdminUser(t, app)
 	token := testToken(t, app, admin)
 	mux := testMux(app)
 
-	app.createAttendee(Attendee{Name: "Oberon"})
-	app.db.Exec(`UPDATE attendees SET party_size = 3 WHERE id = 1`)
+	p, _ := app.createParticipant(Participant{PreferredName: "Oberon", Email: "oberon@example.com"})
+	tk, _ := app.createTicket(Ticket{ParticipantID: &p.ID, Name: "Oberon", Source: "manual"})
 
-	// Check in 1
-	req := testAuthRequest("POST", "/api/attendees/1/checkin", map[string]int{"count": 1}, token)
+	req := testAuthRequest("POST", "/api/tickets/"+itoa(tk.ID)+"/checkin", nil, token)
 	w := httptest.NewRecorder()
 	mux.ServeHTTP(w, req)
 	if w.Code != http.StatusOK {
 		t.Fatalf("checkin: status = %d\nbody: %s", w.Code, w.Body.String())
 	}
 	result := parseJSON(t, w)
-	attendee := result["attendee"].(map[string]any)
-	if attendee["checked_in_count"] != float64(1) {
-		t.Errorf("checked_in_count = %v, want 1", attendee["checked_in_count"])
+	ticket := result["ticket"].(map[string]any)
+	if ticket["checked_in_at"] == nil {
+		t.Error("checked_in_at should be set after check-in")
 	}
 }
 
-func TestGateRoleCanCheckIn(t *testing.T) {
+func TestGatekeeperRoleCanCheckIn(t *testing.T) {
 	app := testApp(t)
-	gate := testUserWithRole(t, app, "gateuser", "gate", []int{})
+	gate := testUserWithRoles(t, app, "Philostrate", []string{"gatekeeper"}, []int{})
 	token := testToken(t, app, gate)
 	mux := testMux(app)
 
-	app.createAttendee(Attendee{Name: "Puck"})
+	p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@example.com"})
+	tk, _ := app.createTicket(Ticket{ParticipantID: &p.ID, Name: "Puck", Source: "manual"})
 
-	req := testAuthRequest("POST", "/api/attendees/1/checkin", nil, token)
+	req := testAuthRequest("POST", "/api/tickets/"+itoa(tk.ID)+"/checkin", nil, token)
 	w := httptest.NewRecorder()
 	mux.ServeHTTP(w, req)
 	if w.Code != http.StatusOK {
-		t.Errorf("gate checkin: status = %d", w.Code)
+		t.Errorf("gatekeeper checkin: status = %d", w.Code)
 	}
 }
 
-func TestGateRoleCannotDelete(t *testing.T) {
+func TestGatekeeperRoleCannotDelete(t *testing.T) {
 	app := testApp(t)
-	gate := testUserWithRole(t, app, "gateuser", "gate", []int{})
+	gate := testUserWithRoles(t, app, "Philostrate", []string{"gatekeeper"}, []int{})
 	token := testToken(t, app, gate)
 	mux := testMux(app)
 
-	app.createAttendee(Attendee{Name: "Puck"})
+	p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@example.com"})
 
-	req := testAuthRequest("DELETE", "/api/attendees/1", nil, token)
+	req := testAuthRequest("DELETE", "/api/participants/"+itoa(p.ID), nil, token)
 	w := httptest.NewRecorder()
 	mux.ServeHTTP(w, req)
 	if w.Code != http.StatusForbidden {
-		t.Errorf("gate delete: status = %d, want 403", w.Code)
+		t.Errorf("gatekeeper delete: status = %d, want 403", w.Code)
 	}
 }
diff --git a/handle_auth.go b/handle_auth.go
index 282bd85..d75483b 100644
--- a/handle_auth.go
+++ b/handle_auth.go
@@ -7,7 +7,7 @@ import (
 
 func (app *App) handleLogin(w http.ResponseWriter, r *http.Request) {
 	var body struct {
-		Username string `json:"username"`
+		Email    string `json:"email"`
 		Password string `json:"password"`
 	}
 	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
@@ -15,7 +15,7 @@ func (app *App) handleLogin(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	user, hash, err := app.getUserByUsername(body.Username)
+	user, hash, err := app.getLoginParticipant(body.Email)
 	if err != nil {
 		writeError(w, "internal error", http.StatusInternalServerError)
 		return
@@ -40,9 +40,9 @@ func (app *App) handleLogout(w http.ResponseWriter, r *http.Request) {
 
 func (app *App) handleMe(w http.ResponseWriter, r *http.Request) {
 	claims := claimsFromContext(r)
-	user, err := app.getUserByID(claims.UserID)
+	user, err := app.getUser(claims.ParticipantID)
 	if err != nil || user == nil {
-		writeError(w, "not found", http.StatusNotFound)
+		writeError(w, "unauthorized", http.StatusUnauthorized)
 		return
 	}
 	writeJSON(w, user)
diff --git a/handle_import.go b/handle_import.go
index 359d8f9..7870e7a 100644
--- a/handle_import.go
+++ b/handle_import.go
@@ -10,7 +10,6 @@ import (
 
 type ImportResult struct {
 	Inserted int      `json:"inserted"`
-	Grouped  int      `json:"grouped"`
 	Skipped  int      `json:"skipped"`
 	Errors   []string `json:"errors"`
 }
@@ -57,12 +56,14 @@ func (app *App) importCSV(r io.Reader) (ImportResult, error) {
 	}
 
 	var (
-		nameIdx, emailIdx, ticketIDIdx, ticketTypeIdx, noteIdx int
-		hasEmail, hasTicketID, hasTicketType, hasNote          bool
+		nameIdx, emailIdx, ticketIDIdx, ticketTypeIdx int
+		hasEmail, hasTicketID, hasTicketType          bool
+		isCrowdWork                                   bool
 	)
 
 	if idx, ok := colIndex["patron name"]; ok {
 		// CrowdWork / ticketing platform format
+		isCrowdWork = true
 		nameIdx = idx
 		if idx, ok := colIndex["patron email"]; ok {
 			emailIdx, hasEmail = idx, true
@@ -85,9 +86,6 @@ func (app *App) importCSV(r io.Reader) (ImportResult, error) {
 		if idx, ok := colIndex["ticket_type"]; ok {
 			ticketTypeIdx, hasTicketType = idx, true
 		}
-		if idx, ok := colIndex["note"]; ok {
-			noteIdx, hasNote = idx, true
-		}
 	} else {
 		return ImportResult{}, fmt.Errorf("CSV must have a 'name' or 'patron name' column")
 	}
@@ -111,33 +109,49 @@ func (app *App) importCSV(r io.Reader) (ImportResult, error) {
 			continue
 		}
 
-		a := Attendee{Name: name}
+		email := ""
 		if hasEmail {
-			a.Email = strings.TrimSpace(csvGet(record, emailIdx))
+			email = strings.TrimSpace(csvGet(record, emailIdx))
 		}
+		externalID := ""
 		if hasTicketID {
-			a.TicketID = strings.TrimSpace(csvGet(record, ticketIDIdx))
+			externalID = strings.TrimSpace(csvGet(record, ticketIDIdx))
 		}
+		ticketType := ""
 		if hasTicketType {
-			a.TicketType = strings.TrimSpace(csvGet(record, ticketTypeIdx))
-		}
-		if hasNote {
-			a.Note = strings.TrimSpace(csvGet(record, noteIdx))
+			ticketType = strings.TrimSpace(csvGet(record, ticketTypeIdx))
 		}
 
-		_, err = app.createAttendee(a)
+		source := "manual"
+		orderID := ""
+		if isCrowdWork {
+			source = "crowdwork"
+			orderID = externalID
+		}
+
+		// Find or create participant when email is present.
+		var participantID *int
+		if email != "" {
+			p, _, err := app.upsertParticipant(email, name)
+			if err != nil {
+				result.Errors = append(result.Errors, fmt.Sprintf("line %d (%s): participant: %v", lineNum, name, err))
+				continue
+			}
+			if p != nil {
+				participantID = &p.ID
+			}
+		}
+
+		_, err = app.createTicket(Ticket{
+			ParticipantID: participantID,
+			Name:          name,
+			TicketType:    ticketType,
+			Source:        source,
+			ExternalID:    externalID,
+			OrderID:       orderID,
+		})
 		if err != nil {
 			if strings.Contains(err.Error(), "UNIQUE constraint failed") {
-				// CrowdWork exports one row per ticket under the purchaser's name.
-				// If we have a ticket_id and the same (name, ticket_id) already exists,
-				// increment party_size instead of skipping.
-				if hasTicketID && a.TicketID != "" {
-					merged, mergeErr := app.incrementPartySize(a.Name, a.TicketID)
-					if mergeErr == nil && merged {
-						result.Grouped++
-						continue
-					}
-				}
 				result.Skipped++
 			} else {
 				result.Errors = append(result.Errors, fmt.Sprintf("line %d (%s): %v", lineNum, name, err))
diff --git a/handle_import_test.go b/handle_import_test.go
index a062c53..2397ca2 100644
--- a/handle_import_test.go
+++ b/handle_import_test.go
@@ -61,13 +61,13 @@ func TestImportGenericFormat(t *testing.T) {
 	}
 }
 
-func TestImportPartySizeDedup(t *testing.T) {
+func TestImportDedup(t *testing.T) {
 	app := testApp(t)
 	admin := testAdminUser(t, app)
 	token := testToken(t, app, admin)
 	mux := testMux(app)
 
-	// 3 rows same name+order = 1 record, party_size=3
+	// 3 rows with same order number: first inserts, remaining 2 skip (same external_id)
 	csv := "Patron Name,Patron Email,Order Number,Tier Name\nTitania,titania@test.com,ORD-1,GA\nTitania,titania@test.com,ORD-1,GA\nTitania,titania@test.com,ORD-1,GA\n"
 	w := postCSV(t, mux, token, csv)
 
@@ -75,16 +75,16 @@ func TestImportPartySizeDedup(t *testing.T) {
 	if result["inserted"] != float64(1) {
 		t.Errorf("inserted = %v, want 1", result["inserted"])
 	}
-	if result["grouped"] != float64(2) {
-		t.Errorf("grouped = %v, want 2", result["grouped"])
+	if result["skipped"] != float64(2) {
+		t.Errorf("skipped = %v, want 2", result["skipped"])
 	}
 
-	attendees, _ := app.listAttendees("", "", "")
-	if len(attendees) != 1 {
-		t.Fatalf("attendee count = %d, want 1", len(attendees))
+	tickets, _ := app.listTickets(nil, "")
+	if len(tickets) != 1 {
+		t.Fatalf("ticket count = %d, want 1", len(tickets))
 	}
-	if attendees[0].PartySize != 3 {
-		t.Errorf("party_size = %d, want 3", attendees[0].PartySize)
+	if tickets[0].Source != "crowdwork" {
+		t.Errorf("source = %q, want crowdwork", tickets[0].Source)
 	}
 }
 
@@ -94,7 +94,8 @@ func TestImportReimportSkips(t *testing.T) {
 	token := testToken(t, app, admin)
 	mux := testMux(app)
 
-	csv := "name\nTitania\nOberon\n"
+	// Use ticket_ids so re-import dedup works via UNIQUE(source, external_id)
+	csv := "name,email,ticket_id\nTitania,titania@test.com,T001\nOberon,oberon@test.com,T002\n"
 	postCSV(t, mux, token, csv)
 
 	// Re-import same data
diff --git a/handle_kiosk.go b/handle_kiosk.go
index c782afb..773ccfe 100644
--- a/handle_kiosk.go
+++ b/handle_kiosk.go
@@ -6,23 +6,21 @@ import (
 	"strconv"
 )
 
+func (app *App) volunteerFromKioskToken(token string) (*Volunteer, error) {
+	return app.getVolunteerByKioskCode(token)
+}
+
 // handleKioskGet returns the volunteer's profile, current shift assignments, and
-// available open shifts in their department. Authenticated by volunteer token only —
+// available open shifts in their department. Authenticated by kiosk code only —
 // no JWT required.
 func (app *App) handleKioskGet(w http.ResponseWriter, r *http.Request) {
 	token := r.PathValue("token")
-	a, err := app.getAttendeeByToken(token)
-	if err != nil || a == nil {
+	v, err := app.volunteerFromKioskToken(token)
+	if err != nil || v == nil {
 		writeError(w, "not found", http.StatusNotFound)
 		return
 	}
 
-	v, _ := app.getVolunteerByAttendeeID(a.ID)
-	if v == nil {
-		writeError(w, "no volunteer record linked to this token", http.StatusNotFound)
-		return
-	}
-
 	assigned, _ := app.listShiftsForVolunteer(v.ID)
 	if assigned == nil {
 		assigned = []Shift{}
@@ -53,16 +51,11 @@ func (app *App) handleKioskClaim(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	a, err := app.getAttendeeByToken(token)
-	if err != nil || a == nil {
+	v, err := app.volunteerFromKioskToken(token)
+	if err != nil || v == nil {
 		writeError(w, "not found", http.StatusNotFound)
 		return
 	}
-	v, _ := app.getVolunteerByAttendeeID(a.ID)
-	if v == nil {
-		writeError(w, "no volunteer linked to this token", http.StatusNotFound)
-		return
-	}
 
 	force := r.URL.Query().Get("force") == "true"
 
@@ -110,16 +103,11 @@ func (app *App) handleKioskUnclaim(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	a, err := app.getAttendeeByToken(token)
-	if err != nil || a == nil {
+	v, err := app.volunteerFromKioskToken(token)
+	if err != nil || v == nil {
 		writeError(w, "not found", http.StatusNotFound)
 		return
 	}
-	v, _ := app.getVolunteerByAttendeeID(a.ID)
-	if v == nil {
-		writeError(w, "no volunteer linked to this token", http.StatusNotFound)
-		return
-	}
 
 	if err := app.unassignShift(v.ID, shiftID); err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
diff --git a/handle_kiosk_test.go b/handle_kiosk_test.go
index 0eb252b..2bac7cf 100644
--- a/handle_kiosk_test.go
+++ b/handle_kiosk_test.go
@@ -14,13 +14,11 @@ func setupKiosk(t *testing.T) (*App, *http.ServeMux, string) {
 	dept, _ := app.createDepartment(Department{Name: "Gate"})
 	deptID := dept.ID
 
-	// Create attendee with token
-	a, _ := app.createAttendee(Attendee{Name: "Titania", Email: "titania@test.com"})
-	token, _ := app.generateUniqueToken()
-	app.db.Exec(`UPDATE attendees SET volunteer_token = ? WHERE id = ?`, token, a.ID)
-
-	// Create linked volunteer
-	app.createVolunteer(Volunteer{Name: "Titania", AttendeeID: &a.ID, DepartmentID: &deptID})
+	// Create volunteer with a kiosk_code directly on the volunteer record
+	p, _ := app.createParticipant(Participant{Email: "titania@test.com", PreferredName: "Titania"})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptID})
+	token, _ := app.generateVolunteerKioskCode()
+	app.assignKioskCode(v.ID, token)
 
 	// Create shifts
 	app.createShift(Shift{DepartmentID: deptID, Name: "Morning", Day: "2026-03-15", StartTime: "08:00", EndTime: "12:00", Capacity: 2})
@@ -134,7 +132,8 @@ func TestKioskClaimFull(t *testing.T) {
 	// Shift 2 has capacity 1. Fill it with another volunteer.
 	dept, _ := app.createDepartment(Department{Name: "Build"})
 	deptID := dept.ID
-	other, _ := app.createVolunteer(Volunteer{Name: "Other", DepartmentID: &deptID})
+	otherP, _ := app.createParticipant(Participant{PreferredName: "Other", Email: "other@test.com"})
+	other, _ := app.createVolunteer(Volunteer{ParticipantID: otherP.ID, DepartmentID: &deptID})
 	app.assignShift(other.ID, 2) // fills the capacity-1 shift
 
 	req := httptest.NewRequest("POST", "/api/v/"+token+"/shifts/2", nil)
diff --git a/handle_participants.go b/handle_participants.go
new file mode 100644
index 0000000..52624d5
--- /dev/null
+++ b/handle_participants.go
@@ -0,0 +1,179 @@
+package main
+
+import (
+	"encoding/csv"
+	"encoding/json"
+	"net/http"
+	"strconv"
+)
+
+func (app *App) handleListParticipants(w http.ResponseWriter, r *http.Request) {
+	search := r.URL.Query().Get("search")
+	participants, err := app.listParticipants(search, "")
+	if err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	total, checkedIn, _ := app.ticketCounts()
+	types, _ := app.ticketTypes()
+	writeJSON(w, map[string]any{
+		"participants": participants,
+		"total":        total,
+		"checked_in":   checkedIn,
+		"ticket_types": types,
+	})
+}
+
+func (app *App) handleGetParticipant(w http.ResponseWriter, r *http.Request) {
+	id, err := strconv.Atoi(r.PathValue("id"))
+	if err != nil {
+		writeError(w, "invalid id", http.StatusBadRequest)
+		return
+	}
+	p, err := app.getParticipant(id)
+	if err != nil || p == nil {
+		writeError(w, "not found", http.StatusNotFound)
+		return
+	}
+	tickets, _ := app.listTickets(&id, "")
+	writeJSON(w, map[string]any{"participant": p, "tickets": tickets})
+}
+
+func (app *App) handleCreateParticipant(w http.ResponseWriter, r *http.Request) {
+	var p Participant
+	if err := json.NewDecoder(r.Body).Decode(&p); err != nil {
+		writeError(w, "invalid request", http.StatusBadRequest)
+		return
+	}
+	if p.PreferredName == "" && p.Email == "" {
+		writeError(w, "name or email is required", http.StatusBadRequest)
+		return
+	}
+	created, err := app.createParticipant(p)
+	if err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusCreated)
+	writeJSON(w, created)
+}
+
+func (app *App) handleUpdateParticipant(w http.ResponseWriter, r *http.Request) {
+	id, err := strconv.Atoi(r.PathValue("id"))
+	if err != nil {
+		writeError(w, "invalid id", http.StatusBadRequest)
+		return
+	}
+	var p Participant
+	if err := json.NewDecoder(r.Body).Decode(&p); err != nil {
+		writeError(w, "invalid request", http.StatusBadRequest)
+		return
+	}
+	p.ID = id
+	if err := app.updateParticipant(p); err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	updated, _ := app.getParticipant(id)
+	writeJSON(w, updated)
+}
+
+func (app *App) handleDeleteParticipant(w http.ResponseWriter, r *http.Request) {
+	id, err := strconv.Atoi(r.PathValue("id"))
+	if err != nil {
+		writeError(w, "invalid id", http.StatusBadRequest)
+		return
+	}
+	if err := app.deleteParticipant(id); err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusNoContent)
+}
+
+// handleMergeParticipants reassigns all tickets and volunteers from otherID to
+// canonicalID, then soft-deletes the other participant.
+func (app *App) handleMergeParticipants(w http.ResponseWriter, r *http.Request) {
+	id, err := strconv.Atoi(r.PathValue("id"))
+	if err != nil {
+		writeError(w, "invalid id", http.StatusBadRequest)
+		return
+	}
+	otherID, err := strconv.Atoi(r.PathValue("other_id"))
+	if err != nil {
+		writeError(w, "invalid other_id", http.StatusBadRequest)
+		return
+	}
+	if err := app.mergeParticipants(id, otherID); err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	p, _ := app.getParticipant(id)
+	tickets, _ := app.listTickets(&id, "")
+	writeJSON(w, map[string]any{"participant": p, "tickets": tickets})
+}
+
+func (app *App) handleExportParticipants(w http.ResponseWriter, r *http.Request) {
+	participants, err := app.listParticipants("", "")
+	if err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	w.Header().Set("Content-Type", "text/csv")
+	w.Header().Set("Content-Disposition", `attachment; filename="participants.csv"`)
+	wr := csv.NewWriter(w)
+	wr.Write([]string{"id", "email", "preferred_name", "phone", "pronouns", "note"})
+	for _, p := range participants {
+		wr.Write([]string{
+			strconv.Itoa(p.ID), p.Email, p.PreferredName, p.Phone, p.Pronouns, p.Note,
+		})
+	}
+	wr.Flush()
+}
+
+func (app *App) handleCreateTicket(w http.ResponseWriter, r *http.Request) {
+	var t Ticket
+	if err := json.NewDecoder(r.Body).Decode(&t); err != nil {
+		writeError(w, "invalid request", http.StatusBadRequest)
+		return
+	}
+	if t.ParticipantID == nil {
+		writeError(w, "participant_id is required", http.StatusBadRequest)
+		return
+	}
+	if t.Source == "" {
+		t.Source = "manual"
+	}
+	created, err := app.createTicket(t)
+	if err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusCreated)
+	writeJSON(w, created)
+}
+
+func (app *App) handleListTickets(w http.ResponseWriter, r *http.Request) {
+	tickets, err := app.listTickets(nil, "")
+	if err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	writeJSON(w, map[string]any{"tickets": tickets})
+}
+
+func (app *App) handleCheckInTicket(w http.ResponseWriter, r *http.Request) {
+	id, err := strconv.Atoi(r.PathValue("id"))
+	if err != nil {
+		writeError(w, "invalid id", http.StatusBadRequest)
+		return
+	}
+	claims := claimsFromContext(r)
+	tk, err := app.checkInTicket(id, claims.ParticipantID)
+	if err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	app.broker.publish("checkin", map[string]any{"type": "ticket", "ticket": tk})
+	writeJSON(w, map[string]any{"ticket": tk})
+}
diff --git a/handle_settings.go b/handle_settings.go
index bf19d13..5da8084 100644
--- a/handle_settings.go
+++ b/handle_settings.go
@@ -19,14 +19,35 @@ func (app *App) handleGetSettings(w http.ResponseWriter, r *http.Request) {
 		pass = "***"
 	}
 
+	var noteLabel, noteRequired, signupsOpen string
+	app.db.QueryRow(`SELECT value FROM config WHERE key = 'volunteer_note_label'`).Scan(&noteLabel)
+	app.db.QueryRow(`SELECT value FROM config WHERE key = 'volunteer_note_required'`).Scan(&noteRequired)
+	app.db.QueryRow(`SELECT value FROM config WHERE key = 'shift_signups_open'`).Scan(&signupsOpen)
+	if noteLabel == "" {
+		noteLabel = "Additional note"
+	}
+
+	var ssoURL, ssoSecret string
+	app.db.QueryRow(`SELECT value FROM config WHERE key = 'discourse_sso_url'`).Scan(&ssoURL)
+	app.db.QueryRow(`SELECT value FROM config WHERE key = 'discourse_sso_secret'`).Scan(&ssoSecret)
+	maskedSSOSecret := ""
+	if ssoSecret != "" {
+		maskedSSOSecret = "***"
+	}
+
 	writeJSON(w, map[string]any{
-		"smtp_host":      cfg.Host,
-		"smtp_port":      cfg.Port,
-		"smtp_user":      cfg.User,
-		"smtp_password":  pass,
-		"smtp_from":      cfg.From,
-		"smtp_from_name": cfg.FromName,
-		"base_url":       baseURL,
+		"smtp_host":              cfg.Host,
+		"smtp_port":              cfg.Port,
+		"smtp_user":              cfg.User,
+		"smtp_password":          pass,
+		"smtp_from":              cfg.From,
+		"smtp_from_name":         cfg.FromName,
+		"base_url":               baseURL,
+		"volunteer_note_label":   noteLabel,
+		"volunteer_note_required": noteRequired == "true",
+		"shift_signups_open":     signupsOpen == "true",
+		"discourse_sso_url":     ssoURL,
+		"discourse_sso_secret":  maskedSSOSecret,
 	})
 }
 
@@ -37,7 +58,8 @@ func (app *App) handleUpdateSettings(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	keys := []string{"smtp_host", "smtp_port", "smtp_user", "smtp_password", "smtp_from", "smtp_from_name", "base_url"}
+	keys := []string{"smtp_host", "smtp_port", "smtp_user", "smtp_password", "smtp_from", "smtp_from_name", "base_url",
+		"volunteer_note_label", "volunteer_note_required", "discourse_sso_url", "discourse_sso_secret"}
 	for _, k := range keys {
 		v, ok := body[k]
 		if !ok {
@@ -46,12 +68,18 @@ func (app *App) handleUpdateSettings(w http.ResponseWriter, r *http.Request) {
 		var val string
 		switch vv := v.(type) {
 		case string:
-			if k == "smtp_password" && vv == "" {
-				continue // don't erase the stored password with an empty value
+			if (k == "smtp_password" || k == "discourse_sso_secret") && (vv == "" || vv == "***") {
+				continue
 			}
 			val = vv
 		case float64:
 			val = strconv.Itoa(int(vv))
+		case bool:
+			if vv {
+				val = "true"
+			} else {
+				val = "false"
+			}
 		default:
 			continue
 		}
@@ -61,6 +89,66 @@ func (app *App) handleUpdateSettings(w http.ResponseWriter, r *http.Request) {
 	app.handleGetSettings(w, r)
 }
 
+func (app *App) handleResetTickets(w http.ResponseWriter, r *http.Request) {
+	ts := now()
+	result, err := app.db.Exec(`UPDATE tickets SET deleted_at=?, updated_at=? WHERE deleted_at IS NULL`, ts, ts)
+	if err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	n, _ := result.RowsAffected()
+	writeJSON(w, map[string]any{"deleted": n})
+}
+
+func (app *App) handleResetVolunteers(w http.ResponseWriter, r *http.Request) {
+	ts := now()
+	result, err := app.db.Exec(`UPDATE volunteers SET deleted_at=?, updated_at=? WHERE deleted_at IS NULL`, ts, ts)
+	if err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	n, _ := result.RowsAffected()
+	writeJSON(w, map[string]any{"deleted": n})
+}
+
+func (app *App) handleResetShifts(w http.ResponseWriter, r *http.Request) {
+	ts := now()
+	result, err := app.db.Exec(`UPDATE shifts SET deleted_at=?, updated_at=? WHERE deleted_at IS NULL`, ts, ts)
+	if err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	n, _ := result.RowsAffected()
+	// Also soft-delete orphaned volunteer_shifts
+	app.db.Exec(`UPDATE volunteer_shifts SET deleted_at=?, updated_at=? WHERE deleted_at IS NULL AND shift_id IN (SELECT id FROM shifts WHERE deleted_at IS NOT NULL)`, ts, ts)
+	writeJSON(w, map[string]any{"deleted": n})
+}
+
+func (app *App) handleResetDepartments(w http.ResponseWriter, r *http.Request) {
+	ts := now()
+	// Soft-delete shifts in these departments first (so sync picks them up)
+	app.db.Exec(`UPDATE volunteer_shifts SET deleted_at=?, updated_at=? WHERE deleted_at IS NULL AND shift_id IN (SELECT id FROM shifts WHERE department_id IN (SELECT id FROM departments WHERE deleted_at IS NULL))`, ts, ts)
+	app.db.Exec(`UPDATE shifts SET deleted_at=?, updated_at=? WHERE deleted_at IS NULL AND department_id IN (SELECT id FROM departments WHERE deleted_at IS NULL)`, ts, ts)
+	result, err := app.db.Exec(`UPDATE departments SET deleted_at=?, updated_at=? WHERE deleted_at IS NULL`, ts, ts)
+	if err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	n, _ := result.RowsAffected()
+	writeJSON(w, map[string]any{"deleted": n})
+}
+
+func (app *App) handleResetVolunteerShifts(w http.ResponseWriter, r *http.Request) {
+	ts := now()
+	result, err := app.db.Exec(`UPDATE volunteer_shifts SET deleted_at=?, updated_at=? WHERE deleted_at IS NULL`, ts, ts)
+	if err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	n, _ := result.RowsAffected()
+	writeJSON(w, map[string]any{"deleted": n})
+}
+
 func (app *App) handleTestEmail(w http.ResponseWriter, r *http.Request) {
 	var body struct {
 		To string `json:"to"`
diff --git a/handle_settings_test.go b/handle_settings_test.go
index 28db093..16ef59f 100644
--- a/handle_settings_test.go
+++ b/handle_settings_test.go
@@ -55,9 +55,83 @@ func TestUpdateSettings(t *testing.T) {
 	}
 }
 
+func TestResetTickets(t *testing.T) {
+	app := testApp(t)
+	admin := testAdminUser(t, app)
+	token := testToken(t, app, admin)
+	mux := testMux(app)
+
+	p1, _ := app.createParticipant(Participant{PreferredName: "Titania", Email: "titania@example.com"})
+	p2, _ := app.createParticipant(Participant{PreferredName: "Oberon", Email: "oberon@example.com"})
+	app.createTicket(Ticket{ParticipantID: &p1.ID, Name: "Titania", Source: "manual"})
+	app.createTicket(Ticket{ParticipantID: &p2.ID, Name: "Oberon", Source: "manual"})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("POST", "/api/settings/reset-tickets", nil, token))
+
+	if w.Code != 200 {
+		t.Fatalf("status = %d: %s", w.Code, w.Body.String())
+	}
+	result := parseJSON(t, w)
+	if result["deleted"] != float64(2) {
+		t.Fatalf("deleted = %v, want 2", result["deleted"])
+	}
+
+	tickets, _ := app.listTickets(nil, "")
+	if len(tickets) != 0 {
+		t.Fatalf("tickets remaining = %d, want 0", len(tickets))
+	}
+}
+
+func TestResetTicketsRequiresAdmin(t *testing.T) {
+	app := testApp(t)
+	gate := testUserWithRoles(t, app, "Snug", []string{"gatekeeper"}, []int{})
+	token := testToken(t, app, gate)
+	mux := testMux(app)
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("POST", "/api/settings/reset-tickets", nil, token))
+
+	if w.Code != 403 {
+		t.Fatalf("status = %d, want 403", w.Code)
+	}
+}
+
+func TestResetDepartmentsCascadesShifts(t *testing.T) {
+	app := testApp(t)
+	admin := testAdminUser(t, app)
+	token := testToken(t, app, admin)
+	mux := testMux(app)
+
+	dept, _ := app.createDepartment(Department{Name: "Rangers"})
+	app.createShift(Shift{DepartmentID: dept.ID, Day: "2026-03-01", StartTime: "09:00", EndTime: "12:00", Capacity: 5})
+
+	shifts, _ := app.listShifts(nil, "", "")
+	if len(shifts) != 1 {
+		t.Fatalf("shifts before reset = %d, want 1", len(shifts))
+	}
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("POST", "/api/settings/reset-departments", nil, token))
+
+	if w.Code != 200 {
+		t.Fatalf("status = %d: %s", w.Code, w.Body.String())
+	}
+
+	depts, _ := app.listDepartments("")
+	if len(depts) != 0 {
+		t.Fatalf("departments remaining = %d, want 0", len(depts))
+	}
+
+	shifts, _ = app.listShifts(nil, "", "")
+	if len(shifts) != 0 {
+		t.Fatalf("shifts should cascade-delete, remaining = %d", len(shifts))
+	}
+}
+
 func TestSettingsNonAdminRejected(t *testing.T) {
 	app := testApp(t)
-	gate := testUserWithRole(t, app, "gateuser", "gate", []int{})
+	gate := testUserWithRoles(t, app, "Quince", []string{"gatekeeper"}, []int{})
 	token := testToken(t, app, gate)
 	mux := testMux(app)
 
diff --git a/handle_shifts.go b/handle_shifts.go
index 460ed91..9299916 100644
--- a/handle_shifts.go
+++ b/handle_shifts.go
@@ -8,20 +8,19 @@ import (
 
 func (app *App) handleListShifts(w http.ResponseWriter, r *http.Request) {
 	q := r.URL.Query()
-	var deptID *int
+	var deptIDs []int
 	if d := q.Get("dept"); d != "" {
-		id, err := strconv.Atoi(d)
-		if err == nil {
-			deptID = &id
+		if id, err := strconv.Atoi(d); err == nil {
+			deptIDs = []int{id}
 		}
 	}
 
 	claims := claimsFromContext(r)
-	if claims.Role == "volunteer_lead" && deptID == nil && len(claims.DeptIDs) > 0 {
-		deptID = &claims.DeptIDs[0]
+	if isCoLeadOnly(claims) && len(deptIDs) == 0 {
+		deptIDs = claims.DeptIDs
 	}
 
-	shifts, err := app.listShifts(deptID, q.Get("day"), q.Get("since"))
+	shifts, err := app.listShifts(deptIDs, q.Get("day"), q.Get("since"))
 	if err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -40,7 +39,7 @@ func (app *App) handleCreateShift(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	claims := claimsFromContext(r)
-	if claims.Role == "volunteer_lead" && !inSlice(s.DepartmentID, claims.DeptIDs) {
+	if isCoLeadOnly(claims) && !inSlice(s.DepartmentID, claims.DeptIDs) {
 		writeError(w, "forbidden: outside your department", http.StatusForbidden)
 		return
 	}
@@ -65,7 +64,7 @@ func (app *App) handleUpdateShift(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	claims := claimsFromContext(r)
-	if claims.Role == "volunteer_lead" {
+	if isCoLeadOnly(claims) {
 		existing, _ := app.getShift(id)
 		if existing == nil || !inSlice(existing.DepartmentID, claims.DeptIDs) {
 			writeError(w, "forbidden: outside your department", http.StatusForbidden)
@@ -87,6 +86,14 @@ func (app *App) handleDeleteShift(w http.ResponseWriter, r *http.Request) {
 		writeError(w, "invalid id", http.StatusBadRequest)
 		return
 	}
+	claims := claimsFromContext(r)
+	if isCoLeadOnly(claims) {
+		s, _ := app.getShift(id)
+		if s == nil || !inSlice(s.DepartmentID, claims.DeptIDs) {
+			writeError(w, "forbidden: outside your department", http.StatusForbidden)
+			return
+		}
+	}
 	if err := app.deleteShift(id); err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -111,6 +118,14 @@ func (app *App) handleAssignShiftVolunteer(w http.ResponseWriter, r *http.Reques
 		writeError(w, "volunteer_id required", http.StatusBadRequest)
 		return
 	}
+	claims := claimsFromContext(r)
+	if isCoLeadOnly(claims) {
+		s, _ := app.getShift(shiftID)
+		if s == nil || !inSlice(s.DepartmentID, claims.DeptIDs) {
+			writeError(w, "forbidden: outside your department", http.StatusForbidden)
+			return
+		}
+	}
 
 	if !body.Force {
 		conflicts, err := app.checkShiftConflict(body.VolunteerID, shiftID)
@@ -149,6 +164,14 @@ func (app *App) handleUnassignShiftVolunteer(w http.ResponseWriter, r *http.Requ
 		writeError(w, "invalid volunteer id", http.StatusBadRequest)
 		return
 	}
+	claims := claimsFromContext(r)
+	if isCoLeadOnly(claims) {
+		s, _ := app.getShift(shiftID)
+		if s == nil || !inSlice(s.DepartmentID, claims.DeptIDs) {
+			writeError(w, "forbidden: outside your department", http.StatusForbidden)
+			return
+		}
+	}
 	if err := app.unassignShift(volunteerID, shiftID); err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -167,6 +190,16 @@ func (app *App) handleReorderShifts(w http.ResponseWriter, r *http.Request) {
 		writeError(w, "array of {id, position} required", http.StatusBadRequest)
 		return
 	}
+	claims := claimsFromContext(r)
+	if isCoLeadOnly(claims) {
+		for _, p := range raw {
+			s, _ := app.getShift(p.ID)
+			if s == nil || !inSlice(s.DepartmentID, claims.DeptIDs) {
+				writeError(w, "forbidden: outside your department", http.StatusForbidden)
+				return
+			}
+		}
+	}
 	positions := make([]struct{ ID, Position int }, len(raw))
 	for i, p := range raw {
 		positions[i] = struct{ ID, Position int }{p.ID, p.Position}
diff --git a/handle_shifts_test.go b/handle_shifts_test.go
index 8c629b1..19c49bf 100644
--- a/handle_shifts_test.go
+++ b/handle_shifts_test.go
@@ -55,7 +55,8 @@ func TestShiftAssignVolunteer(t *testing.T) {
 	dept, _ := app.createDepartment(Department{Name: "Gate"})
 	deptID := dept.ID
 	app.createShift(Shift{DepartmentID: deptID, Name: "AM", Day: "2026-03-15", StartTime: "08:00", EndTime: "12:00"})
-	app.createVolunteer(Volunteer{Name: "Titania", DepartmentID: &deptID})
+	p, _ := app.createParticipant(Participant{PreferredName: "Titania", Email: "titania@test.com"})
+	app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptID})
 
 	// Assign
 	req := testAuthRequest("POST", "/api/shifts/1/volunteers", map[string]any{
@@ -86,7 +87,8 @@ func TestShiftAssignConflict(t *testing.T) {
 	deptID := dept.ID
 	app.createShift(Shift{DepartmentID: deptID, Name: "AM", Day: "2026-03-15", StartTime: "08:00", EndTime: "12:00"})
 	app.createShift(Shift{DepartmentID: deptID, Name: "Overlap", Day: "2026-03-15", StartTime: "10:00", EndTime: "14:00"})
-	app.createVolunteer(Volunteer{Name: "Titania", DepartmentID: &deptID})
+	p, _ := app.createParticipant(Participant{PreferredName: "Titania", Email: "titania@test.com"})
+	app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptID})
 
 	// Assign to first shift
 	app.assignShift(1, 1)
@@ -102,6 +104,86 @@ func TestShiftAssignConflict(t *testing.T) {
 	}
 }
 
+func TestCoLeadDeleteShiftOtherDept(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	deptA, _ := app.createDepartment(Department{Name: "Gate"})
+	deptB, _ := app.createDepartment(Department{Name: "Build"})
+	colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
+	tok := testToken(t, app, colead)
+
+	s, _ := app.createShift(Shift{DepartmentID: deptB.ID, Name: "AM", Day: "2026-03-15", StartTime: "08:00", EndTime: "12:00"})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("DELETE", "/api/shifts/"+itoa(s.ID), nil, tok))
+	if w.Code != http.StatusForbidden {
+		t.Errorf("expected 403 for other dept, got %d", w.Code)
+	}
+}
+
+func TestCoLeadDeleteShiftOwnDept(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	deptA, _ := app.createDepartment(Department{Name: "Gate"})
+	colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
+	tok := testToken(t, app, colead)
+
+	s, _ := app.createShift(Shift{DepartmentID: deptA.ID, Name: "AM", Day: "2026-03-15", StartTime: "08:00", EndTime: "12:00"})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("DELETE", "/api/shifts/"+itoa(s.ID), nil, tok))
+	if w.Code != http.StatusNoContent {
+		t.Errorf("expected 204 for own dept, got %d: %s", w.Code, w.Body.String())
+	}
+}
+
+func TestCoLeadAssignShiftVolunteerOtherDept(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	deptA, _ := app.createDepartment(Department{Name: "Gate"})
+	deptB, _ := app.createDepartment(Department{Name: "Build"})
+	colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
+	tok := testToken(t, app, colead)
+
+	s, _ := app.createShift(Shift{DepartmentID: deptB.ID, Name: "AM", Day: "2026-03-15", StartTime: "08:00", EndTime: "12:00"})
+	deptBID := deptB.ID
+	p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@test.com"})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptBID})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("POST", "/api/shifts/"+itoa(s.ID)+"/volunteers", map[string]any{
+		"volunteer_id": v.ID,
+	}, tok))
+	if w.Code != http.StatusForbidden {
+		t.Errorf("expected 403 for other dept, got %d", w.Code)
+	}
+}
+
+func TestCoLeadReorderShiftsOtherDept(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	deptA, _ := app.createDepartment(Department{Name: "Gate"})
+	deptB, _ := app.createDepartment(Department{Name: "Build"})
+	colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
+	tok := testToken(t, app, colead)
+
+	s1, _ := app.createShift(Shift{DepartmentID: deptB.ID, Name: "A", Day: "2026-03-15", StartTime: "08:00", EndTime: "12:00"})
+	s2, _ := app.createShift(Shift{DepartmentID: deptB.ID, Name: "B", Day: "2026-03-15", StartTime: "12:00", EndTime: "16:00"})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("POST", "/api/shifts/reorder", []map[string]int{
+		{"id": s1.ID, "position": 2},
+		{"id": s2.ID, "position": 1},
+	}, tok))
+	if w.Code != http.StatusForbidden {
+		t.Errorf("expected 403 for other dept reorder, got %d", w.Code)
+	}
+}
+
 func TestShiftReorder(t *testing.T) {
 	app := testApp(t)
 	admin := testAdminUser(t, app)
diff --git a/handle_signup.go b/handle_signup.go
new file mode 100644
index 0000000..1f0fe2e
--- /dev/null
+++ b/handle_signup.go
@@ -0,0 +1,212 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"strings"
+)
+
+func (app *App) handlePublicSignupConfig(w http.ResponseWriter, r *http.Request) {
+	var noteLabel, noteRequired string
+	app.db.QueryRow(`SELECT value FROM config WHERE key = 'volunteer_note_label'`).Scan(&noteLabel)
+	app.db.QueryRow(`SELECT value FROM config WHERE key = 'volunteer_note_required'`).Scan(&noteRequired)
+	if noteLabel == "" {
+		noteLabel = "Additional note"
+	}
+
+	depts, _ := app.listDepartments("")
+	deptList := []map[string]any{}
+	for _, d := range depts {
+		deptList = append(deptList, map[string]any{"id": d.ID, "name": d.Name, "color": d.Color})
+	}
+
+	eventName := app.eventName()
+
+	writeJSON(w, map[string]any{
+		"event_name":             eventName,
+		"departments":            deptList,
+		"volunteer_note_label":   noteLabel,
+		"volunteer_note_required": noteRequired == "true",
+	})
+}
+
+func (app *App) handlePublicSignup(w http.ResponseWriter, r *http.Request) {
+	var body struct {
+		PreferredName string `json:"preferred_name"`
+		TicketName    string `json:"ticket_name"`
+		Email         string `json:"email"`
+		Pronouns      string `json:"pronouns"`
+		Phone         string `json:"phone"`
+		DepartmentID  *int   `json:"department_id"`
+		Note          string `json:"note"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+		writeError(w, "invalid request", http.StatusBadRequest)
+		return
+	}
+
+	body.PreferredName = strings.TrimSpace(body.PreferredName)
+	body.Email = strings.TrimSpace(body.Email)
+	if body.PreferredName == "" || body.Email == "" {
+		writeError(w, "preferred name and email are required", http.StatusBadRequest)
+		return
+	}
+
+	var noteRequired string
+	app.db.QueryRow(`SELECT value FROM config WHERE key = 'volunteer_note_required'`).Scan(&noteRequired)
+	if noteRequired == "true" && strings.TrimSpace(body.Note) == "" {
+		writeError(w, "note field is required", http.StatusBadRequest)
+		return
+	}
+
+	// Don't reveal whether email is already registered
+	existing, _ := app.getVolunteerByEmail(body.Email)
+	if existing != nil {
+		writeJSON(w, map[string]any{"ok": true})
+		return
+	}
+
+	// Find or create participant by email.
+	participant, _, err := app.upsertParticipant(body.Email, body.PreferredName)
+	if err != nil {
+		writeError(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+	// Update participant's personal details if they signed up with more info.
+	if body.Phone != "" || body.Pronouns != "" || body.TicketName != "" {
+		app.db.Exec(`UPDATE participants SET
+			phone       = CASE WHEN phone = '' THEN ? ELSE phone END,
+			pronouns    = CASE WHEN pronouns = '' THEN ? ELSE pronouns END,
+			ticket_name = CASE WHEN ticket_name = '' THEN ? ELSE ticket_name END,
+			updated_at = ?
+			WHERE id = ?`, body.Phone, body.Pronouns, body.TicketName, now(), participant.ID)
+	}
+
+	confirmToken, err := generateConfirmationToken()
+	if err != nil {
+		writeError(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+	app.setParticipantConfirmationToken(participant.ID, confirmToken)
+
+	vol := Volunteer{
+		ParticipantID: participant.ID,
+		DepartmentID:  body.DepartmentID,
+		Note:          body.Note,
+	}
+
+	if _, err := app.createVolunteer(vol); err != nil {
+		writeError(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+
+	go func() {
+		if err := app.sendConfirmationEmail(body.Email, body.PreferredName, confirmToken); err != nil {
+			log.Printf("confirmation email to %s failed: %v", body.Email, err)
+		}
+	}()
+
+	writeJSON(w, map[string]any{"ok": true})
+}
+
+func (app *App) handleConfirmEmail(w http.ResponseWriter, r *http.Request) {
+	var body struct {
+		Token string `json:"token"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&body); err != nil || body.Token == "" {
+		writeError(w, "invalid request", http.StatusBadRequest)
+		return
+	}
+
+	vol, err := app.getVolunteerByConfirmationToken(body.Token)
+	if err != nil || vol == nil {
+		writeJSON(w, map[string]any{"status": "invalid"})
+		return
+	}
+
+	if vol.EmailConfirmed {
+		writeJSON(w, map[string]any{"status": "already_confirmed"})
+		return
+	}
+
+	if err := app.confirmParticipantEmail(vol.ParticipantID); err != nil {
+		writeError(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+
+	response := map[string]any{"status": "confirmed"}
+
+	var signupsOpen string
+	app.db.QueryRow(`SELECT value FROM config WHERE key = 'shift_signups_open'`).Scan(&signupsOpen)
+
+	if signupsOpen == "true" {
+		code, err := app.generateVolunteerKioskCode()
+		if err == nil {
+			if err := app.assignKioskCode(vol.ID, code); err == nil {
+				kioskLink := fmt.Sprintf("%s/v/%s", app.resolveBaseURL(), code)
+				response["kiosk_link"] = kioskLink
+				go func() {
+					if err := app.sendShiftSignupEmail(vol.Email, vol.Name, kioskLink); err != nil {
+						log.Printf("shift signup email to %s failed: %v", vol.Email, err)
+					}
+				}()
+			}
+		}
+	}
+
+	writeJSON(w, response)
+}
+
+func (app *App) handleToggleShiftSignups(w http.ResponseWriter, r *http.Request) {
+	var body struct {
+		Open bool `json:"open"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+		writeError(w, "invalid request", http.StatusBadRequest)
+		return
+	}
+	val := "false"
+	if body.Open {
+		val = "true"
+	}
+	app.db.Exec(`INSERT OR REPLACE INTO config (key, value) VALUES ('shift_signups_open', ?)`, val)
+
+	if body.Open {
+		go app.openShiftSignups()
+	}
+	writeJSON(w, map[string]any{"shift_signups_open": body.Open})
+}
+
+func (app *App) openShiftSignups() {
+	// Assign kiosk codes to email-confirmed volunteers that don't have one yet.
+	vols, _ := app.listVolunteersNeedingKioskCode()
+	for _, v := range vols {
+		code, err := app.generateVolunteerKioskCode()
+		if err != nil {
+			continue
+		}
+		app.assignKioskCode(v.ID, code)
+	}
+
+	// Email all email-confirmed volunteers that now have a kiosk code.
+	confirmed, _ := queryVolunteers(app.db, `
+		SELECT `+volunteerSelect+` `+volunteerFrom+`
+		WHERE p.email_confirmed = 1 AND v.kiosk_code IS NOT NULL AND v.deleted_at IS NULL`)
+	baseURL := app.resolveBaseURL()
+	sent := 0
+
+	for _, v := range confirmed {
+		if v.Email == "" || v.KioskCode == nil {
+			continue
+		}
+		kioskLink := fmt.Sprintf("%s/v/%s", baseURL, *v.KioskCode)
+		if err := app.sendShiftSignupEmail(v.Email, v.Name, kioskLink); err == nil {
+			sent++
+		} else {
+			log.Printf("shift signup email to %s failed: %v", v.Email, err)
+		}
+	}
+	log.Printf("Shift signups opened: sent %d emails", sent)
+}
diff --git a/handle_signup_test.go b/handle_signup_test.go
new file mode 100644
index 0000000..62f59d1
--- /dev/null
+++ b/handle_signup_test.go
@@ -0,0 +1,390 @@
+package main
+
+import (
+	"net/http/httptest"
+	"testing"
+)
+
+func TestPublicSignupConfig(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	app.createDepartment(Department{Name: "Setup", Color: "#ff0000"})
+	app.createDepartment(Department{Name: "Teardown", Color: "#00ff00"})
+	app.db.Exec(`INSERT OR REPLACE INTO config (key, value) VALUES ('volunteer_note_label', 'Who sent you?')`)
+	app.db.Exec(`INSERT OR REPLACE INTO config (key, value) VALUES ('volunteer_note_required', 'true')`)
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testRequest("GET", "/api/public/signup-config", nil))
+	if w.Code != 200 {
+		t.Fatalf("expected 200, got %d", w.Code)
+	}
+	result := parseJSON(t, w)
+	depts, ok := result["departments"].([]any)
+	if !ok || len(depts) != 2 {
+		t.Fatalf("expected 2 departments, got %v", result["departments"])
+	}
+	if result["volunteer_note_label"] != "Who sent you?" {
+		t.Errorf("expected 'Who sent you?', got %v", result["volunteer_note_label"])
+	}
+	if result["volunteer_note_required"] != true {
+		t.Errorf("expected note required true, got %v", result["volunteer_note_required"])
+	}
+}
+
+func TestPublicSignup(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+	app.createDepartment(Department{Name: "Setup", Color: "#ff0000"})
+
+	w := httptest.NewRecorder()
+	deptID := 1
+	mux.ServeHTTP(w, testRequest("POST", "/api/public/signup", map[string]any{
+		"preferred_name": "Titania",
+		"email":          "titania@example.com",
+		"pronouns":       "she/they",
+		"department_id":  deptID,
+	}))
+	if w.Code != 200 {
+		t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	result := parseJSON(t, w)
+	if result["ok"] != true {
+		t.Fatalf("expected ok true, got %v", result)
+	}
+
+	// Volunteer should exist
+	vol, err := app.getVolunteerByEmail("titania@example.com")
+	if err != nil || vol == nil {
+		t.Fatal("volunteer not created")
+	}
+	if vol.Name != "Titania" {
+		t.Errorf("name = %q, want Titania", vol.Name)
+	}
+	if vol.Pronouns != "she/they" {
+		t.Errorf("pronouns = %q, want she/they", vol.Pronouns)
+	}
+	if vol.EmailConfirmed {
+		t.Error("should not be confirmed yet")
+	}
+
+	// Participant should be auto-created and linked
+	if vol.ParticipantID == 0 {
+		t.Fatal("expected participant to be linked")
+	}
+	p, _ := app.getParticipant(vol.ParticipantID)
+	if p == nil {
+		t.Fatal("linked participant not found")
+	}
+	if p.ConfirmationToken == nil || *p.ConfirmationToken == "" {
+		t.Error("expected confirmation token on participant")
+	}
+	if p.Email != "titania@example.com" {
+		t.Errorf("participant email = %q, want titania@example.com", p.Email)
+	}
+}
+
+func TestPublicSignupAutoMatchParticipant(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	// Pre-existing participant
+	existing, _ := app.createParticipant(Participant{PreferredName: "Titania Fairweather", Email: "titania@example.com"})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testRequest("POST", "/api/public/signup", map[string]any{
+		"preferred_name": "Titania",
+		"ticket_name":    "Titania Fairweather",
+		"email":          "titania@example.com",
+	}))
+	if w.Code != 200 {
+		t.Fatalf("expected 200, got %d", w.Code)
+	}
+
+	vol, _ := app.getVolunteerByEmail("titania@example.com")
+	if vol == nil {
+		t.Fatal("volunteer not created")
+	}
+	if vol.ParticipantID == 0 || vol.ParticipantID != existing.ID {
+		t.Errorf("expected volunteer linked to existing participant %d, got %d", existing.ID, vol.ParticipantID)
+	}
+}
+
+func TestPublicSignupDuplicateEmail(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	// First signup
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testRequest("POST", "/api/public/signup", map[string]any{
+		"preferred_name": "Titania",
+		"email":          "titania@example.com",
+	}))
+	if w.Code != 200 {
+		t.Fatalf("first signup: expected 200, got %d", w.Code)
+	}
+
+	// Second signup with same email — should silently succeed
+	w = httptest.NewRecorder()
+	mux.ServeHTTP(w, testRequest("POST", "/api/public/signup", map[string]any{
+		"preferred_name": "Puck",
+		"email":          "titania@example.com",
+	}))
+	if w.Code != 200 {
+		t.Fatalf("duplicate signup: expected 200, got %d", w.Code)
+	}
+	result := parseJSON(t, w)
+	if result["ok"] != true {
+		t.Fatalf("expected ok true for duplicate, got %v", result)
+	}
+
+	// Should still be only one volunteer
+	vols, _ := app.listVolunteers("", nil, "")
+	if len(vols) != 1 {
+		t.Errorf("expected 1 volunteer, got %d", len(vols))
+	}
+}
+
+func TestPublicSignupMissingFields(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	tests := []struct {
+		name string
+		body map[string]any
+	}{
+		{"no name", map[string]any{"email": "a@b.com"}},
+		{"no email", map[string]any{"preferred_name": "Titania"}},
+		{"empty both", map[string]any{}},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			w := httptest.NewRecorder()
+			mux.ServeHTTP(w, testRequest("POST", "/api/public/signup", tt.body))
+			if w.Code != 400 {
+				t.Errorf("expected 400, got %d", w.Code)
+			}
+		})
+	}
+}
+
+func TestPublicSignupNoteRequired(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+	app.db.Exec(`INSERT OR REPLACE INTO config (key, value) VALUES ('volunteer_note_required', 'true')`)
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testRequest("POST", "/api/public/signup", map[string]any{
+		"preferred_name": "Titania",
+		"email":          "titania@example.com",
+		"note":           "",
+	}))
+	if w.Code != 400 {
+		t.Fatalf("expected 400 when note required but empty, got %d", w.Code)
+	}
+
+	// With note provided
+	w = httptest.NewRecorder()
+	mux.ServeHTTP(w, testRequest("POST", "/api/public/signup", map[string]any{
+		"preferred_name": "Titania",
+		"email":          "titania@example.com",
+		"note":           "A friend sent me",
+	}))
+	if w.Code != 200 {
+		t.Fatalf("expected 200 with note, got %d: %s", w.Code, w.Body.String())
+	}
+}
+
+func TestConfirmEmail(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	token := "abc123def456"
+	p, _ := app.createParticipant(Participant{PreferredName: "Titania", Email: "titania@example.com", ConfirmationToken: &token})
+	app.createVolunteer(Volunteer{ParticipantID: p.ID})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testRequest("POST", "/api/public/confirm", map[string]any{"token": token}))
+	if w.Code != 200 {
+		t.Fatalf("expected 200, got %d", w.Code)
+	}
+	result := parseJSON(t, w)
+	if result["status"] != "confirmed" {
+		t.Errorf("expected confirmed, got %v", result["status"])
+	}
+
+	// Verify participant is email confirmed
+	vol, _ := app.getVolunteerByEmail("titania@example.com")
+	if vol == nil || !vol.EmailConfirmed {
+		t.Error("volunteer should show email confirmed via participant")
+	}
+	updatedP, _ := app.getParticipant(p.ID)
+	if updatedP.ConfirmationToken != nil {
+		t.Error("confirmation token should be cleared after confirmation")
+	}
+}
+
+func TestConfirmEmailInvalid(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testRequest("POST", "/api/public/confirm", map[string]any{"token": "nonexistent"}))
+	if w.Code != 200 {
+		t.Fatalf("expected 200, got %d", w.Code)
+	}
+	result := parseJSON(t, w)
+	if result["status"] != "invalid" {
+		t.Errorf("expected invalid, got %v", result["status"])
+	}
+}
+
+func TestConfirmEmailAlreadyConfirmed(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	token := "abc123def456"
+	p, _ := app.createParticipant(Participant{PreferredName: "Titania", Email: "titania@example.com", ConfirmationToken: &token})
+	app.createVolunteer(Volunteer{ParticipantID: p.ID})
+
+	// Confirm first time
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testRequest("POST", "/api/public/confirm", map[string]any{"token": token}))
+	if parseJSON(t, w)["status"] != "confirmed" {
+		t.Fatal("first confirm should succeed")
+	}
+
+	// Second confirm with same token should be invalid (token cleared)
+	w = httptest.NewRecorder()
+	mux.ServeHTTP(w, testRequest("POST", "/api/public/confirm", map[string]any{"token": token}))
+	result := parseJSON(t, w)
+	if result["status"] != "invalid" {
+		t.Errorf("expected invalid after token cleared, got %v", result["status"])
+	}
+}
+
+func TestConfirmEmailWithSignupsOpen(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	app.db.Exec(`INSERT OR REPLACE INTO config (key, value) VALUES ('shift_signups_open', 'true')`)
+	app.baseURL = "https://example.com"
+
+	token := "abc123def456"
+	participant, _ := app.createParticipant(Participant{PreferredName: "Titania", Email: "titania@example.com", ConfirmationToken: &token})
+	app.createVolunteer(Volunteer{ParticipantID: participant.ID})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testRequest("POST", "/api/public/confirm", map[string]any{"token": token}))
+	if w.Code != 200 {
+		t.Fatalf("expected 200, got %d", w.Code)
+	}
+	result := parseJSON(t, w)
+	if result["status"] != "confirmed" {
+		t.Fatalf("expected confirmed, got %v", result["status"])
+	}
+	kioskLink, ok := result["kiosk_link"].(string)
+	if !ok || kioskLink == "" {
+		t.Error("expected kiosk_link when signups are open")
+	}
+
+	// Volunteer should now have a kiosk_code, no stub ticket created.
+	vol, _ := app.getVolunteerByEmail("titania@example.com")
+	if vol == nil || vol.KioskCode == nil {
+		t.Error("volunteer should have a kiosk_code after confirm with signups open")
+	}
+	tickets, _ := app.listTickets(&participant.ID, "")
+	if len(tickets) != 0 {
+		t.Errorf("expected no stub tickets, got %d", len(tickets))
+	}
+}
+
+func TestPublicSignupTicketNameDoesNotOverwritePreferredName(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testRequest("POST", "/api/public/signup", map[string]any{
+		"preferred_name": "Titania",
+		"ticket_name":    "Titania Fairweather",
+		"email":          "titania@example.com",
+	}))
+	if w.Code != 200 {
+		t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+
+	vol, _ := app.getVolunteerByEmail("titania@example.com")
+	if vol == nil || vol.ParticipantID == 0 {
+		t.Fatal("volunteer/participant not created")
+	}
+	p, _ := app.getParticipant(vol.ParticipantID)
+	if p == nil {
+		t.Fatal("participant not found")
+	}
+	if p.PreferredName != "Titania" {
+		t.Errorf("participant preferred_name = %q, want %q (not ticket_name)", p.PreferredName, "Titania")
+	}
+	if p.TicketName != "Titania Fairweather" {
+		t.Errorf("participant.TicketName = %q, want %q", p.TicketName, "Titania Fairweather")
+	}
+}
+
+func TestConfirmEmailAssignsKioskCode(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	app.db.Exec(`INSERT OR REPLACE INTO config (key, value) VALUES ('shift_signups_open', 'true')`)
+	app.baseURL = "https://example.com"
+
+	token := "abc123def456"
+	participant, _ := app.createParticipant(Participant{PreferredName: "Titania", TicketName: "Titania Fairweather", Email: "titania@example.com", ConfirmationToken: &token})
+	app.createVolunteer(Volunteer{ParticipantID: participant.ID})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testRequest("POST", "/api/public/confirm", map[string]any{"token": token}))
+	if w.Code != 200 {
+		t.Fatalf("expected 200, got %d", w.Code)
+	}
+	result := parseJSON(t, w)
+	if result["status"] != "confirmed" {
+		t.Fatalf("expected confirmed, got %v", result["status"])
+	}
+	if result["kiosk_link"] == nil {
+		t.Error("expected kiosk_link in response when signups are open")
+	}
+
+	// Kiosk code should be on the volunteer record, not a stub ticket.
+	vol, _ := app.getVolunteerByEmail("titania@example.com")
+	if vol == nil || vol.KioskCode == nil {
+		t.Fatal("expected volunteer to have a kiosk_code")
+	}
+	// No stub ticket should have been created.
+	tickets, _ := app.listTickets(&participant.ID, "")
+	if len(tickets) != 0 {
+		t.Errorf("expected no stub tickets, got %d", len(tickets))
+	}
+}
+
+func TestToggleShiftSignups(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+	admin := testAdminUser(t, app)
+	tok := testToken(t, app, admin)
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("POST", "/api/settings/shift-signups", map[string]any{"open": true}, tok))
+	if w.Code != 200 {
+		t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	result := parseJSON(t, w)
+	if result["shift_signups_open"] != true {
+		t.Errorf("expected shift_signups_open true, got %v", result)
+	}
+
+	// Check config stored
+	var val string
+	app.db.QueryRow(`SELECT value FROM config WHERE key = 'shift_signups_open'`).Scan(&val)
+	if val != "true" {
+		t.Errorf("config not stored, got %q", val)
+	}
+}
diff --git a/handle_sso.go b/handle_sso.go
new file mode 100644
index 0000000..e97c887
--- /dev/null
+++ b/handle_sso.go
@@ -0,0 +1,190 @@
+package main
+
+import (
+	"crypto/hmac"
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/hex"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+func (app *App) getSSOConfig() (ssoURL, ssoSecret string) {
+	app.db.QueryRow(`SELECT value FROM config WHERE key = 'discourse_sso_url'`).Scan(&ssoURL)
+	app.db.QueryRow(`SELECT value FROM config WHERE key = 'discourse_sso_secret'`).Scan(&ssoSecret)
+	return
+}
+
+func (app *App) handleSSOEnabled(w http.ResponseWriter, r *http.Request) {
+	ssoURL, ssoSecret := app.getSSOConfig()
+	writeJSON(w, map[string]bool{"enabled": ssoURL != "" && ssoSecret != ""})
+}
+
+func (app *App) getBaseURL() string {
+	if app.baseURL != "" {
+		return app.baseURL
+	}
+	var u string
+	app.db.QueryRow(`SELECT value FROM config WHERE key = 'base_url'`).Scan(&u)
+	return u
+}
+
+func (app *App) handleSSOInit(w http.ResponseWriter, r *http.Request) {
+	ssoURL, ssoSecret := app.getSSOConfig()
+	if ssoURL == "" || ssoSecret == "" {
+		writeError(w, "SSO not configured", http.StatusNotFound)
+		return
+	}
+
+	baseURL := app.getBaseURL()
+	if baseURL == "" {
+		writeError(w, "base_url must be configured for SSO", http.StatusBadRequest)
+		return
+	}
+
+	b := make([]byte, 32)
+	rand.Read(b)
+	nonce := hex.EncodeToString(b)
+
+	app.cleanExpiredNonces()
+	if err := app.createSSONonce(nonce); err != nil {
+		writeError(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+
+	returnURL := strings.TrimRight(baseURL, "/") + "/api/sso/callback"
+
+	payload := fmt.Sprintf("nonce=%s&return_sso_url=%s", url.QueryEscape(nonce), url.QueryEscape(returnURL))
+	encoded := base64.StdEncoding.EncodeToString([]byte(payload))
+
+	mac := hmac.New(sha256.New, []byte(ssoSecret))
+	mac.Write([]byte(encoded))
+	sig := hex.EncodeToString(mac.Sum(nil))
+
+	redirect := fmt.Sprintf("%s/session/sso_provider?sso=%s&sig=%s",
+		strings.TrimRight(ssoURL, "/"), url.QueryEscape(encoded), url.QueryEscape(sig))
+
+	writeJSON(w, map[string]string{"redirect_url": redirect})
+}
+
+func (app *App) handleSSOCallback(w http.ResponseWriter, r *http.Request) {
+	baseURL := app.getBaseURL()
+
+	ssoRedirectError := func(msg string) {
+		if baseURL != "" {
+			http.Redirect(w, r, strings.TrimRight(baseURL, "/")+"/#sso_error="+url.QueryEscape(msg), http.StatusFound)
+		} else {
+			writeError(w, msg, http.StatusBadRequest)
+		}
+	}
+
+	_, ssoSecret := app.getSSOConfig()
+	if ssoSecret == "" {
+		ssoRedirectError("SSO not configured")
+		return
+	}
+
+	ssoParam := r.URL.Query().Get("sso")
+	sigParam := r.URL.Query().Get("sig")
+	if ssoParam == "" || sigParam == "" {
+		ssoRedirectError("Invalid SSO response")
+		return
+	}
+
+	mac := hmac.New(sha256.New, []byte(ssoSecret))
+	mac.Write([]byte(ssoParam))
+	expectedSig := hex.EncodeToString(mac.Sum(nil))
+	if !hmac.Equal([]byte(expectedSig), []byte(sigParam)) {
+		ssoRedirectError("Invalid SSO signature")
+		return
+	}
+
+	decoded, err := base64.StdEncoding.DecodeString(ssoParam)
+	if err != nil {
+		ssoRedirectError("Invalid SSO payload")
+		return
+	}
+
+	vals, err := url.ParseQuery(string(decoded))
+	if err != nil {
+		ssoRedirectError("Invalid SSO payload")
+		return
+	}
+
+	nonce := vals.Get("nonce")
+	valid, err := app.consumeSSONonce(nonce)
+	if err != nil || !valid {
+		ssoRedirectError("SSO session expired. Please try again.")
+		return
+	}
+
+	email := strings.ToLower(vals.Get("email"))
+	if email == "" {
+		ssoRedirectError("No email in SSO response")
+		return
+	}
+
+	name := vals.Get("name")
+	if name == "" {
+		name = vals.Get("username")
+	}
+
+	user, _, err := app.getLoginParticipant(email)
+	if err != nil {
+		ssoRedirectError("Login failed. Please try again.")
+		return
+	}
+
+	if user == nil {
+		p, err := app.getParticipantByEmail(email)
+		if err != nil {
+			ssoRedirectError("Login failed. Please try again.")
+			return
+		}
+		if p != nil {
+			if _, err := app.db.Exec(
+				`UPDATE participants SET login_enabled = 1, updated_at = ? WHERE id = ?`,
+				now(), p.ID,
+			); err != nil {
+				ssoRedirectError("Login failed. Please try again.")
+				return
+			}
+			user, err = app.getUser(p.ID)
+			if err != nil {
+				ssoRedirectError("Login failed. Please try again.")
+				return
+			}
+		}
+	}
+
+	if user == nil {
+		if name == "" {
+			name = strings.Split(email, "@")[0]
+		}
+		res, err := app.db.Exec(
+			`INSERT INTO participants (email, preferred_name, login_enabled, updated_at) VALUES (?, ?, 1, ?)`,
+			email, name, now(),
+		)
+		if err != nil {
+			ssoRedirectError("Login failed. Please try again.")
+			return
+		}
+		id, _ := res.LastInsertId()
+		user, err = app.getUser(int(id))
+		if err != nil || user == nil {
+			ssoRedirectError("Login failed. Please try again.")
+			return
+		}
+	}
+
+	token, err := app.signToken(user)
+	if err != nil {
+		ssoRedirectError("Login failed. Please try again.")
+		return
+	}
+
+	http.Redirect(w, r, strings.TrimRight(baseURL, "/")+"/#sso_token="+url.QueryEscape(token), http.StatusFound)
+}
diff --git a/handle_sync.go b/handle_sync.go
index 78725c5..f2171ce 100644
--- a/handle_sync.go
+++ b/handle_sync.go
@@ -12,14 +12,18 @@ func (app *App) handleSyncPull(w http.ResponseWriter, r *http.Request) {
 	since := r.URL.Query().Get("since")
 
 	event, _ := app.getEvent()
-	attendees, _ := app.attendeesSince(since)
+	participants, _ := app.listParticipants("", since)
+	tickets, _ := app.listTickets(nil, since)
 	departments, _ := app.listDepartments(since)
 	volunteers, _ := app.listVolunteers("", nil, since)
 	shifts, _ := app.listShifts(nil, "", since)
 	volunteerShifts, _ := app.listVolunteerShifts(since)
 
-	if attendees == nil {
-		attendees = []Attendee{}
+	if participants == nil {
+		participants = []Participant{}
+	}
+	if tickets == nil {
+		tickets = []Ticket{}
 	}
 	if departments == nil {
 		departments = []Department{}
@@ -37,7 +41,8 @@ func (app *App) handleSyncPull(w http.ResponseWriter, r *http.Request) {
 	writeJSON(w, map[string]any{
 		"server_time":      time.Now().UTC().Format("2006-01-02T15:04:05Z"),
 		"event":            event,
-		"attendees":        attendees,
+		"participants":     participants,
+		"tickets":          tickets,
 		"departments":      departments,
 		"volunteers":       volunteers,
 		"shifts":           shifts,
diff --git a/handle_sync_test.go b/handle_sync_test.go
index c5d759a..000bc60 100644
--- a/handle_sync_test.go
+++ b/handle_sync_test.go
@@ -13,10 +13,10 @@ func TestSyncPullFull(t *testing.T) {
 	token := testToken(t, app, admin)
 	mux := testMux(app)
 
-	app.createAttendee(Attendee{Name: "Titania"})
+	p, _ := app.createParticipant(Participant{PreferredName: "Titania", Email: "titania@example.com"})
 	dept, _ := app.createDepartment(Department{Name: "Gate"})
 	deptID := dept.ID
-	app.createVolunteer(Volunteer{Name: "Titania", DepartmentID: &deptID})
+	app.createVolunteer(Volunteer{Name: "Titania", ParticipantID: p.ID, DepartmentID: &deptID})
 	app.createShift(Shift{DepartmentID: deptID, Name: "AM", Day: "2026-03-15", StartTime: "08:00", EndTime: "12:00"})
 
 	req := testAuthRequest("GET", "/api/sync/pull", nil, token)
@@ -31,9 +31,9 @@ func TestSyncPullFull(t *testing.T) {
 	if result["server_time"] == nil {
 		t.Error("missing server_time")
 	}
-	attendees := result["attendees"].([]any)
-	if len(attendees) != 1 {
-		t.Errorf("attendees = %d, want 1", len(attendees))
+	participants := result["participants"].([]any)
+	if len(participants) != 2 { // admin + Titania
+		t.Errorf("participants = %d, want 2", len(participants))
 	}
 	depts := result["departments"].([]any)
 	if len(depts) != 1 {
@@ -47,29 +47,30 @@ func TestSyncPullIncremental(t *testing.T) {
 	token := testToken(t, app, admin)
 	mux := testMux(app)
 
-	app.createAttendee(Attendee{Name: "Titania"})
-	// Backdate Titania so she falls before the "since" cutoff
-	app.db.Exec(`UPDATE attendees SET updated_at = '2026-01-01T00:00:00Z' WHERE name = 'Titania'`)
+	// Backdate admin participant so it falls before the "since" cutoff.
+	app.db.Exec(`UPDATE participants SET updated_at = '2026-01-01T00:00:00Z' WHERE id = ?`, admin.ID)
+
+	p1, _ := app.createParticipant(Participant{PreferredName: "Titania", Email: "titania@example.com"})
+	app.db.Exec(`UPDATE participants SET updated_at = '2026-01-01T00:00:00Z' WHERE id = ?`, p1.ID)
 
 	since := "2026-01-01T12:00:00Z"
 
-	// Oberon created with default updated_at (now), which is after our since
-	app.createAttendee(Attendee{Name: "Oberon"})
+	// Lysander created with default updated_at (now), which is after our since
+	app.createParticipant(Participant{PreferredName: "Lysander", Email: "lysander@example.com"})
 
 	req := testAuthRequest("GET", "/api/sync/pull?since="+since, nil, token)
 	w := httptest.NewRecorder()
 	mux.ServeHTTP(w, req)
 
 	result := parseJSON(t, w)
-	attendees := result["attendees"].([]any)
-	// Should only include Oberon (created after `since`)
-	if len(attendees) != 1 {
-		t.Errorf("incremental: got %d attendees, want 1", len(attendees))
+	participants := result["participants"].([]any)
+	if len(participants) != 1 {
+		t.Errorf("incremental: got %d participants, want 1", len(participants))
 	}
-	if len(attendees) == 1 {
-		a := attendees[0].(map[string]any)
-		if a["name"] != "Oberon" {
-			t.Errorf("name = %v, want Oberon", a["name"])
+	if len(participants) == 1 {
+		p := participants[0].(map[string]any)
+		if p["preferred_name"] != "Lysander" {
+			t.Errorf("preferred_name = %v, want Lysander", p["preferred_name"])
 		}
 	}
 }
@@ -80,31 +81,33 @@ func TestSyncPullIncludesSoftDeleted(t *testing.T) {
 	token := testToken(t, app, admin)
 	mux := testMux(app)
 
-	a, _ := app.createAttendee(Attendee{Name: "Titania"})
-	// Backdate Titania's creation so the since cutoff is between creation and deletion
-	app.db.Exec(`UPDATE attendees SET updated_at = '2026-01-01T00:00:00Z' WHERE id = ?`, a.ID)
+	// Backdate admin participant.
+	app.db.Exec(`UPDATE participants SET updated_at = '2026-01-01T00:00:00Z' WHERE id = ?`, admin.ID)
+
+	p, _ := app.createParticipant(Participant{PreferredName: "Titania", Email: "titania@example.com"})
+	app.db.Exec(`UPDATE participants SET updated_at = '2026-01-01T00:00:00Z' WHERE id = ?`, p.ID)
 
 	since := "2026-01-01T12:00:00Z"
 
 	// Delete updates updated_at to now(), which is after our since
-	app.deleteAttendee(a.ID)
+	app.deleteParticipant(p.ID)
 
 	req := testAuthRequest("GET", "/api/sync/pull?since="+since, nil, token)
 	w := httptest.NewRecorder()
 	mux.ServeHTTP(w, req)
 
 	var result struct {
-		Attendees []struct {
+		Participants []struct {
 			ID        int     `json:"id"`
 			DeletedAt *string `json:"deleted_at"`
-		} `json:"attendees"`
+		} `json:"participants"`
 	}
 	json.Unmarshal(w.Body.Bytes(), &result)
 
-	if len(result.Attendees) != 1 {
-		t.Fatalf("got %d attendees, want 1", len(result.Attendees))
+	if len(result.Participants) != 1 {
+		t.Fatalf("got %d participants, want 1", len(result.Participants))
 	}
-	if result.Attendees[0].DeletedAt == nil {
+	if result.Participants[0].DeletedAt == nil {
 		t.Error("deleted_at should be set for soft-deleted record")
 	}
 }
diff --git a/handle_tokens.go b/handle_tokens.go
index f2c0bf9..63e19a6 100644
--- a/handle_tokens.go
+++ b/handle_tokens.go
@@ -8,9 +8,9 @@ import (
 	"strings"
 )
 
-// handleGenerateTokens creates volunteer_token values for all attendees that don't have one.
+// handleGenerateTokens creates codes for all tickets that don't have one.
 func (app *App) handleGenerateTokens(w http.ResponseWriter, r *http.Request) {
-	count, err := app.generateTokensForAll()
+	count, err := app.generateCodesForAll()
 	if err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -21,7 +21,7 @@ func (app *App) handleGenerateTokens(w http.ResponseWriter, r *http.Request) {
 // handleExportTokenLinks streams a CSV download with token signup links,
 // compatible with MailChimp / Zeffy bulk-send workflows.
 func (app *App) handleExportTokenLinks(w http.ResponseWriter, r *http.Request) {
-	attendees, err := app.listAttendees("", "", "")
+	tickets, err := app.listTickets(nil, "")
 	if err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -37,55 +37,62 @@ func (app *App) handleExportTokenLinks(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Disposition", `attachment; filename="volunteer-tokens.csv"`)
 	wr := csv.NewWriter(w)
 	wr.Write([]string{"Email Address", "First Name", "Token", "Signup Link"})
-	for _, a := range attendees {
-		if a.VolunteerToken == nil {
+	for _, tk := range tickets {
+		if tk.Code == nil || tk.ParticipantID == nil {
 			continue
 		}
-		firstName := a.Name
-		if parts := strings.Fields(a.Name); len(parts) > 0 {
+		p, _ := app.getParticipant(*tk.ParticipantID)
+		if p == nil || p.Email == "" {
+			continue
+		}
+		firstName := p.PreferredName
+		if firstName == "" {
+			firstName = tk.Name
+		}
+		if parts := strings.Fields(firstName); len(parts) > 0 {
 			firstName = parts[0]
 		}
-		link := fmt.Sprintf("%s/#/v/%s", baseURL, *a.VolunteerToken)
-		wr.Write([]string{a.Email, firstName, *a.VolunteerToken, link})
+		link := fmt.Sprintf("%s/v/%s", baseURL, *tk.Code)
+		wr.Write([]string{p.Email, firstName, *tk.Code, link})
 	}
 	wr.Flush()
 }
 
-// handleEmailToken sends a token email to a single attendee.
+// handleEmailToken sends a token email to a single ticket's participant.
 func (app *App) handleEmailToken(w http.ResponseWriter, r *http.Request) {
 	id, err := strconv.Atoi(r.PathValue("id"))
 	if err != nil {
 		writeError(w, "invalid id", http.StatusBadRequest)
 		return
 	}
-	a, err := app.getAttendee(id)
-	if err != nil || a == nil {
+	tk, err := app.getTicket(id)
+	if err != nil || tk == nil {
 		writeError(w, "not found", http.StatusNotFound)
 		return
 	}
-	if err := app.sendTokenEmail(*a); err != nil {
+	if err := app.sendTicketTokenEmail(*tk); err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
 	writeJSON(w, map[string]any{"ok": true})
 }
 
-// handleEmailAllTokens bulk-sends token emails to all attendees that have both a token and email.
+// handleEmailAllTokens bulk-sends token emails to all tickets that have a code and participant email.
 func (app *App) handleEmailAllTokens(w http.ResponseWriter, r *http.Request) {
-	attendees, err := app.listAttendees("", "", "")
+	tickets, err := app.listTickets(nil, "")
 	if err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
 	var sent, skipped int
 	var errors []string
-	for _, a := range attendees {
-		if a.Email == "" || a.VolunteerToken == nil {
+	for _, tk := range tickets {
+		if tk.Code == nil || tk.ParticipantID == nil {
 			skipped++
 			continue
 		}
-		if err := app.sendTokenEmail(a); err != nil {
-			errors = append(errors, fmt.Sprintf("%s: %v", a.Name, err))
+		if err := app.sendTicketTokenEmail(tk); err != nil {
+			errors = append(errors, fmt.Sprintf("ticket %d: %v", tk.ID, err))
 			skipped++
 		} else {
 			sent++
diff --git a/handle_users.go b/handle_users.go
index 386e5b0..4de6109 100644
--- a/handle_users.go
+++ b/handle_users.go
@@ -17,17 +17,18 @@ func (app *App) handleListUsers(w http.ResponseWriter, r *http.Request) {
 
 func (app *App) handleCreateUser(w http.ResponseWriter, r *http.Request) {
 	var body struct {
-		Username      string `json:"username"`
-		Password      string `json:"password"`
-		Role          string `json:"role"`
-		DepartmentIDs []int  `json:"department_ids"`
+		Email         string   `json:"email"`
+		PreferredName string   `json:"preferred_name"`
+		Password      string   `json:"password"`
+		Roles         []string `json:"roles"`
+		DepartmentIDs []int    `json:"department_ids"`
 	}
 	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
 		writeError(w, "invalid request", http.StatusBadRequest)
 		return
 	}
-	if body.Username == "" || body.Password == "" || body.Role == "" {
-		writeError(w, "username, password, and role are required", http.StatusBadRequest)
+	if body.Email == "" || body.Password == "" || len(body.Roles) == 0 {
+		writeError(w, "email, password, and at least one role are required", http.StatusBadRequest)
 		return
 	}
 	hash, err := hashPassword(body.Password)
@@ -38,7 +39,7 @@ func (app *App) handleCreateUser(w http.ResponseWriter, r *http.Request) {
 	if body.DepartmentIDs == nil {
 		body.DepartmentIDs = []int{}
 	}
-	user, err := app.createUser(body.Username, hash, body.Role, body.DepartmentIDs)
+	user, err := app.createUser(body.Email, body.PreferredName, hash, body.Roles, body.DepartmentIDs)
 	if err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -53,10 +54,15 @@ func (app *App) handleUpdateUser(w http.ResponseWriter, r *http.Request) {
 		writeError(w, "invalid id", http.StatusBadRequest)
 		return
 	}
+	target, _ := app.getUser(id)
+	if target == nil {
+		writeError(w, "not found", http.StatusNotFound)
+		return
+	}
 	var body struct {
-		Role          string `json:"role"`
-		Password      string `json:"password"`
-		DepartmentIDs []int  `json:"department_ids"`
+		Roles         []string `json:"roles"`
+		Password      string   `json:"password"`
+		DepartmentIDs []int    `json:"department_ids"`
 	}
 	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
 		writeError(w, "invalid request", http.StatusBadRequest)
@@ -65,8 +71,8 @@ func (app *App) handleUpdateUser(w http.ResponseWriter, r *http.Request) {
 	if body.DepartmentIDs == nil {
 		body.DepartmentIDs = []int{}
 	}
-	if body.Role != "" {
-		if err := app.updateUser(id, body.Role, body.DepartmentIDs); err != nil {
+	if body.Roles != nil {
+		if err := app.updateUserRoles(id, body.Roles, body.DepartmentIDs); err != nil {
 			writeError(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
@@ -82,7 +88,7 @@ func (app *App) handleUpdateUser(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	}
-	user, _ := app.getUserByID(id)
+	user, _ := app.getUser(id)
 	writeJSON(w, user)
 }
 
@@ -93,11 +99,11 @@ func (app *App) handleDeleteUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	claims := claimsFromContext(r)
-	if claims.UserID == id {
+	if claims.ParticipantID == id {
 		writeError(w, "cannot delete yourself", http.StatusBadRequest)
 		return
 	}
-	if err := app.deleteUser(id); err != nil {
+	if err := app.removeUser(id); err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
diff --git a/handle_volunteers.go b/handle_volunteers.go
index 533428e..cd891d2 100644
--- a/handle_volunteers.go
+++ b/handle_volunteers.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"encoding/json"
+	"log"
 	"net/http"
 	"strconv"
 )
@@ -11,20 +12,19 @@ func (app *App) handleListVolunteers(w http.ResponseWriter, r *http.Request) {
 	search := q.Get("search")
 	since := q.Get("since")
 
-	var deptID *int
+	var deptIDs []int
 	if d := q.Get("dept"); d != "" {
-		id, err := strconv.Atoi(d)
-		if err == nil {
-			deptID = &id
+		if id, err := strconv.Atoi(d); err == nil {
+			deptIDs = []int{id}
 		}
 	}
 
 	claims := claimsFromContext(r)
-	if claims.Role == "volunteer_lead" && deptID == nil && len(claims.DeptIDs) > 0 {
-		deptID = &claims.DeptIDs[0]
+	if isCoLeadOnly(claims) && len(deptIDs) == 0 {
+		deptIDs = claims.DeptIDs
 	}
 
-	volunteers, err := app.listVolunteers(search, deptID, since)
+	volunteers, err := app.listVolunteers(search, deptIDs, since)
 	if err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -33,27 +33,65 @@ func (app *App) handleListVolunteers(w http.ResponseWriter, r *http.Request) {
 }
 
 func (app *App) handleCreateVolunteer(w http.ResponseWriter, r *http.Request) {
-	var v Volunteer
-	if err := json.NewDecoder(r.Body).Decode(&v); err != nil {
+	var body struct {
+		Name         string `json:"name"`
+		TicketName   string `json:"ticket_name"`
+		Email        string `json:"email"`
+		DepartmentID *int   `json:"department_id"`
+		IsLead       bool   `json:"is_lead"`
+		Note         string `json:"note"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
 		writeError(w, "invalid request", http.StatusBadRequest)
 		return
 	}
-	if v.Name == "" {
+	if body.Name == "" {
 		writeError(w, "name is required", http.StatusBadRequest)
 		return
 	}
+	if body.Email == "" {
+		writeError(w, "email is required", http.StatusBadRequest)
+		return
+	}
 	claims := claimsFromContext(r)
-	if claims.Role == "volunteer_lead" {
-		if v.DepartmentID == nil || !inSlice(*v.DepartmentID, claims.DeptIDs) {
+	if isCoLeadOnly(claims) {
+		if body.DepartmentID == nil || !inSlice(*body.DepartmentID, claims.DeptIDs) {
 			writeError(w, "forbidden: outside your department", http.StatusForbidden)
 			return
 		}
 	}
+	p, _ := app.getParticipantByEmail(body.Email)
+	if p == nil {
+		p, _ = app.createParticipant(Participant{PreferredName: body.Name, Email: body.Email, TicketName: body.TicketName})
+	} else if body.TicketName != "" && p.TicketName == "" {
+		app.db.Exec(`UPDATE participants SET ticket_name = ?, updated_at = ? WHERE id = ?`, body.TicketName, now(), p.ID)
+	}
+	if p == nil {
+		writeError(w, "failed to create participant", http.StatusInternalServerError)
+		return
+	}
+	confirmToken, err := generateConfirmationToken()
+	if err != nil {
+		writeError(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+	app.setParticipantConfirmationToken(p.ID, confirmToken)
+	v := Volunteer{
+		ParticipantID: p.ID,
+		DepartmentID:  body.DepartmentID,
+		IsLead:        body.IsLead,
+		Note:          body.Note,
+	}
 	created, err := app.createVolunteer(v)
 	if err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
+	go func() {
+		if err := app.sendConfirmationEmail(body.Email, body.Name, confirmToken); err != nil {
+			log.Printf("confirmation email to %s failed: %v", body.Email, err)
+		}
+	}()
 	w.WriteHeader(http.StatusCreated)
 	writeJSON(w, created)
 }
@@ -78,28 +116,40 @@ func (app *App) handleUpdateVolunteer(w http.ResponseWriter, r *http.Request) {
 		writeError(w, "invalid id", http.StatusBadRequest)
 		return
 	}
-	var v Volunteer
-	if err := json.NewDecoder(r.Body).Decode(&v); err != nil {
+	var body struct {
+		DepartmentID *int   `json:"department_id"`
+		IsLead       bool   `json:"is_lead"`
+		Note         string `json:"note"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
 		writeError(w, "invalid request", http.StatusBadRequest)
 		return
 	}
-	if v.Name == "" {
-		writeError(w, "name is required", http.StatusBadRequest)
-		return
-	}
 	claims := claimsFromContext(r)
-	if claims.Role == "volunteer_lead" {
+	if isCoLeadOnly(claims) {
 		existing, _ := app.getVolunteer(id)
 		if existing == nil || existing.DepartmentID == nil || !inSlice(*existing.DepartmentID, claims.DeptIDs) {
 			writeError(w, "forbidden: outside your department", http.StatusForbidden)
 			return
 		}
+		if body.DepartmentID != nil && !inSlice(*body.DepartmentID, claims.DeptIDs) {
+			writeError(w, "forbidden: cannot move volunteer to that department", http.StatusForbidden)
+			return
+		}
+	}
+	v := Volunteer{
+		ID:           id,
+		DepartmentID: body.DepartmentID,
+		IsLead:       body.IsLead,
+		Note:         body.Note,
 	}
-	v.ID = id
 	if err := app.updateVolunteer(v); err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
+	if v.IsLead {
+		app.confirmVolunteer(id)
+	}
 	updated, _ := app.getVolunteer(id)
 	writeJSON(w, updated)
 }
@@ -110,6 +160,14 @@ func (app *App) handleDeleteVolunteer(w http.ResponseWriter, r *http.Request) {
 		writeError(w, "invalid id", http.StatusBadRequest)
 		return
 	}
+	claims := claimsFromContext(r)
+	if isCoLeadOnly(claims) {
+		v, _ := app.getVolunteer(id)
+		if v == nil || v.DepartmentID == nil || !inSlice(*v.DepartmentID, claims.DeptIDs) {
+			writeError(w, "forbidden: outside your department", http.StatusForbidden)
+			return
+		}
+	}
 	if err := app.deleteVolunteer(id); err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -117,14 +175,21 @@ func (app *App) handleDeleteVolunteer(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusNoContent)
 }
 
-func (app *App) handleCheckInVolunteer(w http.ResponseWriter, r *http.Request) {
+func (app *App) handleMarkVolunteerReady(w http.ResponseWriter, r *http.Request) {
 	id, err := strconv.Atoi(r.PathValue("id"))
 	if err != nil {
 		writeError(w, "invalid id", http.StatusBadRequest)
 		return
 	}
 	claims := claimsFromContext(r)
-	v, err := app.checkInVolunteer(id, claims.UserID)
+	if isCoLeadOnly(claims) {
+		v, _ := app.getVolunteer(id)
+		if v == nil || v.DepartmentID == nil || !inSlice(*v.DepartmentID, claims.DeptIDs) {
+			writeError(w, "forbidden: outside your department", http.StatusForbidden)
+			return
+		}
+	}
+	v, err := app.markVolunteerReady(id, claims.ParticipantID)
 	if err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -133,6 +198,28 @@ func (app *App) handleCheckInVolunteer(w http.ResponseWriter, r *http.Request) {
 	writeJSON(w, v)
 }
 
+func (app *App) handleConfirmVolunteer(w http.ResponseWriter, r *http.Request) {
+	id, err := strconv.Atoi(r.PathValue("id"))
+	if err != nil {
+		writeError(w, "invalid id", http.StatusBadRequest)
+		return
+	}
+	claims := claimsFromContext(r)
+	if isCoLeadOnly(claims) {
+		v, _ := app.getVolunteer(id)
+		if v == nil || v.DepartmentID == nil || !inSlice(*v.DepartmentID, claims.DeptIDs) {
+			writeError(w, "forbidden: outside your department", http.StatusForbidden)
+			return
+		}
+	}
+	v, err := app.confirmVolunteer(id)
+	if err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	writeJSON(w, v)
+}
+
 func (app *App) handleAssignShift(w http.ResponseWriter, r *http.Request) {
 	volunteerID, err := strconv.Atoi(r.PathValue("id"))
 	if err != nil {
@@ -146,7 +233,24 @@ func (app *App) handleAssignShift(w http.ResponseWriter, r *http.Request) {
 		writeError(w, "shift_id required", http.StatusBadRequest)
 		return
 	}
-	if err := app.assignShift(volunteerID, body.ShiftID); err != nil {
+	claims := claimsFromContext(r)
+	if isCoLeadOnly(claims) {
+		v, _ := app.getVolunteer(volunteerID)
+		if v == nil || v.DepartmentID == nil || !inSlice(*v.DepartmentID, claims.DeptIDs) {
+			writeError(w, "forbidden: outside your department", http.StatusForbidden)
+			return
+		}
+	}
+	shift, err := app.getShift(body.ShiftID)
+	if err != nil || shift == nil {
+		writeError(w, "shift not found", http.StatusNotFound)
+		return
+	}
+	if err := app.assignShiftWithCapacity(volunteerID, body.ShiftID, shift.Capacity); err != nil {
+		if err == errShiftFull {
+			writeError(w, "shift is at capacity", http.StatusConflict)
+			return
+		}
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
@@ -164,6 +268,14 @@ func (app *App) handleUnassignShift(w http.ResponseWriter, r *http.Request) {
 		writeError(w, "invalid shift id", http.StatusBadRequest)
 		return
 	}
+	claims := claimsFromContext(r)
+	if isCoLeadOnly(claims) {
+		v, _ := app.getVolunteer(volunteerID)
+		if v == nil || v.DepartmentID == nil || !inSlice(*v.DepartmentID, claims.DeptIDs) {
+			writeError(w, "forbidden: outside your department", http.StatusForbidden)
+			return
+		}
+	}
 	if err := app.unassignShift(volunteerID, shiftID); err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -171,11 +283,3 @@ func (app *App) handleUnassignShift(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusNoContent)
 }
 
-func inSlice(v int, s []int) bool {
-	for _, x := range s {
-		if x == v {
-			return true
-		}
-	}
-	return false
-}
diff --git a/handle_volunteers_test.go b/handle_volunteers_test.go
new file mode 100644
index 0000000..dc61f28
--- /dev/null
+++ b/handle_volunteers_test.go
@@ -0,0 +1,264 @@
+package main
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestConfirmVolunteer(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+	admin := testAdminUser(t, app)
+	tok := testToken(t, app, admin)
+
+	dept, _ := app.createDepartment(Department{Name: "Gate"})
+	deptID := dept.ID
+	p, _ := app.createParticipant(Participant{PreferredName: "Titania", Email: "titania@test.com", EmailConfirmed: true})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptID})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("POST", "/api/volunteers/"+itoa(v.ID)+"/confirm", nil, tok))
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+
+	result := parseJSON(t, w)
+	vol := result["confirmed"]
+	if vol != true {
+		t.Error("expected confirmed=true in response")
+	}
+
+	got, _ := app.getVolunteer(v.ID)
+	if got == nil || !got.Confirmed {
+		t.Error("volunteer should be confirmed in DB")
+	}
+	if got.ConfirmedAt == nil {
+		t.Error("confirmed_at should be set")
+	}
+}
+
+func TestConfirmVolunteerIdempotent(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+	admin := testAdminUser(t, app)
+	tok := testToken(t, app, admin)
+
+	p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@test.com", EmailConfirmed: true})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID})
+
+	// Confirm twice — second should be a no-op, not an error.
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("POST", "/api/volunteers/"+itoa(v.ID)+"/confirm", nil, tok))
+	if w.Code != 200 {
+		t.Fatalf("first confirm: %d", w.Code)
+	}
+
+	w = httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("POST", "/api/volunteers/"+itoa(v.ID)+"/confirm", nil, tok))
+	if w.Code != 200 {
+		t.Fatalf("second confirm: %d", w.Code)
+	}
+}
+
+func TestConfirmVolunteerRequiresRole(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	// Gatekeeper role should NOT be able to confirm volunteers.
+	gatekeeper := testUserWithRoles(t, app, "Egeus", []string{"gatekeeper"}, []int{})
+	tok := testToken(t, app, gatekeeper)
+
+	p, _ := app.createParticipant(Participant{PreferredName: "Helena", EmailConfirmed: true})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("POST", "/api/volunteers/"+itoa(v.ID)+"/confirm", nil, tok))
+	if w.Code != http.StatusForbidden {
+		t.Errorf("expected 403 for gatekeeper role, got %d", w.Code)
+	}
+}
+
+func TestCoLeadDeleteVolunteerOwnDept(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	deptA, _ := app.createDepartment(Department{Name: "Gate"})
+	colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
+	tok := testToken(t, app, colead)
+
+	deptAID := deptA.ID
+	p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@test.com"})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptAID})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("DELETE", "/api/volunteers/"+itoa(v.ID), nil, tok))
+	if w.Code != http.StatusNoContent {
+		t.Errorf("expected 204 for own dept, got %d: %s", w.Code, w.Body.String())
+	}
+}
+
+func TestCoLeadDeleteVolunteerOtherDept(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	deptA, _ := app.createDepartment(Department{Name: "Gate"})
+	deptB, _ := app.createDepartment(Department{Name: "Build"})
+	colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
+	tok := testToken(t, app, colead)
+
+	deptBID := deptB.ID
+	p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@test.com"})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptBID})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("DELETE", "/api/volunteers/"+itoa(v.ID), nil, tok))
+	if w.Code != http.StatusForbidden {
+		t.Errorf("expected 403 for other dept, got %d", w.Code)
+	}
+}
+
+func TestCoLeadConfirmVolunteerOtherDept(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	deptA, _ := app.createDepartment(Department{Name: "Gate"})
+	deptB, _ := app.createDepartment(Department{Name: "Build"})
+	colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
+	tok := testToken(t, app, colead)
+
+	deptBID := deptB.ID
+	p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@test.com"})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptBID})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("POST", "/api/volunteers/"+itoa(v.ID)+"/confirm", nil, tok))
+	if w.Code != http.StatusForbidden {
+		t.Errorf("expected 403 for other dept, got %d", w.Code)
+	}
+}
+
+func TestCoLeadReadyVolunteerOtherDept(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	deptA, _ := app.createDepartment(Department{Name: "Gate"})
+	deptB, _ := app.createDepartment(Department{Name: "Build"})
+	colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
+	tok := testToken(t, app, colead)
+
+	deptBID := deptB.ID
+	p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@test.com"})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptBID})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("POST", "/api/volunteers/"+itoa(v.ID)+"/ready", nil, tok))
+	if w.Code != http.StatusForbidden {
+		t.Errorf("expected 403 for other dept, got %d", w.Code)
+	}
+}
+
+func TestCoLeadAssignShiftOtherDept(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	deptA, _ := app.createDepartment(Department{Name: "Gate"})
+	deptB, _ := app.createDepartment(Department{Name: "Build"})
+	colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
+	tok := testToken(t, app, colead)
+
+	deptBID := deptB.ID
+	p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@test.com"})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptBID})
+	s, _ := app.createShift(Shift{DepartmentID: deptB.ID, Name: "AM", Day: "2026-03-15", StartTime: "08:00", EndTime: "12:00"})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("POST", "/api/volunteers/"+itoa(v.ID)+"/shifts", map[string]any{
+		"shift_id": s.ID,
+	}, tok))
+	if w.Code != http.StatusForbidden {
+		t.Errorf("expected 403 for other dept, got %d", w.Code)
+	}
+}
+
+func TestCoLeadUpdateVolunteerTargetDeptForbidden(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+
+	deptA, _ := app.createDepartment(Department{Name: "Gate"})
+	deptB, _ := app.createDepartment(Department{Name: "Build"})
+	colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
+	tok := testToken(t, app, colead)
+
+	deptAID := deptA.ID
+	p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@test.com"})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptAID})
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("PUT", "/api/volunteers/"+itoa(v.ID), map[string]any{
+		"department_id": deptB.ID,
+	}, tok))
+	if w.Code != http.StatusForbidden {
+		t.Errorf("expected 403 moving to other dept, got %d: %s", w.Code, w.Body.String())
+	}
+}
+
+func TestUpdateVolunteerDepartment(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+	admin := testAdminUser(t, app)
+	tok := testToken(t, app, admin)
+
+	dept, _ := app.createDepartment(Department{Name: "Gate"})
+	p, _ := app.createParticipant(Participant{PreferredName: "Hermia"})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID})
+
+	// Assign department via update.
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("PUT", "/api/volunteers/"+itoa(v.ID), map[string]any{
+		"department_id": dept.ID,
+	}, tok))
+	if w.Code != 200 {
+		t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+
+	got, _ := app.getVolunteer(v.ID)
+	if got.DepartmentID == nil || *got.DepartmentID != dept.ID {
+		t.Errorf("department_id = %v, want %d", got.DepartmentID, dept.ID)
+	}
+}
+
+func TestUpdateVolunteerCoLeadAutoConfirms(t *testing.T) {
+	app := testApp(t)
+	mux := testMux(app)
+	admin := testAdminUser(t, app)
+	tok := testToken(t, app, admin)
+
+	dept, _ := app.createDepartment(Department{Name: "Build"})
+	deptID := dept.ID
+	p, _ := app.createParticipant(Participant{PreferredName: "Lysander", Email: "lys@test.com", EmailConfirmed: true})
+	v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptID})
+
+	// Verify not confirmed before update.
+	got, _ := app.getVolunteer(v.ID)
+	if got.Confirmed {
+		t.Fatal("should not be confirmed before update")
+	}
+
+	// Update is_lead=true should auto-confirm.
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, testAuthRequest("PUT", "/api/volunteers/"+itoa(v.ID), map[string]any{
+		"department_id": deptID, "is_lead": true,
+	}, tok))
+	if w.Code != 200 {
+		t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+
+	got, _ = app.getVolunteer(v.ID)
+	if !got.IsLead {
+		t.Error("expected is_lead=true")
+	}
+	if !got.Confirmed {
+		t.Error("co-lead should be auto-confirmed")
+	}
+}
diff --git a/main.go b/main.go
index aca8086..186362c 100644
--- a/main.go
+++ b/main.go
@@ -99,39 +99,44 @@ func (app *App) registerRoutes(mux *http.ServeMux) {
 	mux.HandleFunc("GET /api/event", auth(app.handleGetEvent))
 	mux.HandleFunc("PUT /api/event", auth(app.handleUpdateEvent, "admin"))
 
-	mux.HandleFunc("GET /api/attendees", auth(app.handleListAttendees, "admin", "ticketing", "gate"))
-	mux.HandleFunc("POST /api/attendees", auth(app.handleCreateAttendee, "admin", "ticketing"))
-	mux.HandleFunc("GET /api/attendees/export", auth(app.handleExportAttendees, "admin", "ticketing"))
-	mux.HandleFunc("POST /api/attendees/generate-tokens", auth(app.handleGenerateTokens, "admin", "ticketing"))
-	mux.HandleFunc("GET /api/attendees/export-tokens", auth(app.handleExportTokenLinks, "admin", "ticketing"))
-	mux.HandleFunc("POST /api/attendees/email-tokens", auth(app.handleEmailAllTokens, "admin", "ticketing"))
-	mux.HandleFunc("GET /api/attendees/{id}", auth(app.handleGetAttendee, "admin", "ticketing", "gate"))
-	mux.HandleFunc("PUT /api/attendees/{id}", auth(app.handleUpdateAttendee, "admin", "ticketing"))
-	mux.HandleFunc("DELETE /api/attendees/{id}", auth(app.handleDeleteAttendee, "admin", "ticketing"))
-	mux.HandleFunc("POST /api/attendees/{id}/checkin", auth(app.handleCheckInAttendee, "admin", "ticketing", "gate"))
-	mux.HandleFunc("POST /api/attendees/{id}/email-token", auth(app.handleEmailToken, "admin", "ticketing"))
+	mux.HandleFunc("GET /api/participants", auth(app.handleListParticipants, "admin", "gatekeeper"))
+	mux.HandleFunc("POST /api/participants", auth(app.handleCreateParticipant, "admin"))
+	mux.HandleFunc("GET /api/participants/export", auth(app.handleExportParticipants, "admin"))
+	mux.HandleFunc("GET /api/participants/{id}", auth(app.handleGetParticipant, "admin", "gatekeeper"))
+	mux.HandleFunc("PUT /api/participants/{id}", auth(app.handleUpdateParticipant, "admin"))
+	mux.HandleFunc("DELETE /api/participants/{id}", auth(app.handleDeleteParticipant, "admin"))
+	mux.HandleFunc("POST /api/participants/{id}/merge/{other_id}", auth(app.handleMergeParticipants, "admin"))
+
+	mux.HandleFunc("GET /api/tickets", auth(app.handleListTickets, "admin", "gatekeeper"))
+	mux.HandleFunc("POST /api/tickets", auth(app.handleCreateTicket, "admin"))
+	mux.HandleFunc("POST /api/tickets/{id}/checkin", auth(app.handleCheckInTicket, "admin", "gatekeeper"))
+	mux.HandleFunc("POST /api/tickets/generate-codes", auth(app.handleGenerateTokens, "admin"))
+	mux.HandleFunc("GET /api/tickets/export-links", auth(app.handleExportTokenLinks, "admin"))
+	mux.HandleFunc("POST /api/tickets/email-codes", auth(app.handleEmailAllTokens, "admin"))
+	mux.HandleFunc("POST /api/tickets/{id}/email-code", auth(app.handleEmailToken, "admin"))
 
 	mux.HandleFunc("GET /api/departments", auth(app.handleListDepartments))
-	mux.HandleFunc("POST /api/departments", auth(app.handleCreateDepartment, "admin", "coordinator"))
-	mux.HandleFunc("PUT /api/departments/{id}", auth(app.handleUpdateDepartment, "admin", "coordinator"))
+	mux.HandleFunc("POST /api/departments", auth(app.handleCreateDepartment, "admin", "staffing"))
+	mux.HandleFunc("PUT /api/departments/{id}", auth(app.handleUpdateDepartment, "admin", "staffing"))
 	mux.HandleFunc("DELETE /api/departments/{id}", auth(app.handleDeleteDepartment, "admin"))
 
-	mux.HandleFunc("GET /api/volunteers", auth(app.handleListVolunteers, "admin", "coordinator", "volunteer_lead"))
-	mux.HandleFunc("POST /api/volunteers", auth(app.handleCreateVolunteer, "admin", "coordinator", "volunteer_lead"))
-	mux.HandleFunc("GET /api/volunteers/{id}", auth(app.handleGetVolunteer, "admin", "coordinator", "volunteer_lead"))
-	mux.HandleFunc("PUT /api/volunteers/{id}", auth(app.handleUpdateVolunteer, "admin", "coordinator", "volunteer_lead"))
-	mux.HandleFunc("DELETE /api/volunteers/{id}", auth(app.handleDeleteVolunteer, "admin", "coordinator", "volunteer_lead"))
-	mux.HandleFunc("POST /api/volunteers/{id}/checkin", auth(app.handleCheckInVolunteer, "admin", "coordinator", "volunteer_lead"))
-	mux.HandleFunc("POST /api/volunteers/{id}/shifts", auth(app.handleAssignShift, "admin", "coordinator", "volunteer_lead"))
-	mux.HandleFunc("DELETE /api/volunteers/{id}/shifts/{shift_id}", auth(app.handleUnassignShift, "admin", "coordinator", "volunteer_lead"))
+	mux.HandleFunc("GET /api/volunteers", auth(app.handleListVolunteers, "admin", "staffing", "colead"))
+	mux.HandleFunc("POST /api/volunteers", auth(app.handleCreateVolunteer, "admin", "staffing", "colead"))
+	mux.HandleFunc("GET /api/volunteers/{id}", auth(app.handleGetVolunteer, "admin", "staffing", "colead"))
+	mux.HandleFunc("PUT /api/volunteers/{id}", auth(app.handleUpdateVolunteer, "admin", "staffing", "colead"))
+	mux.HandleFunc("DELETE /api/volunteers/{id}", auth(app.handleDeleteVolunteer, "admin", "staffing", "colead"))
+	mux.HandleFunc("POST /api/volunteers/{id}/ready", auth(app.handleMarkVolunteerReady, "admin", "staffing", "colead"))
+	mux.HandleFunc("POST /api/volunteers/{id}/confirm", auth(app.handleConfirmVolunteer, "admin", "staffing", "colead"))
+	mux.HandleFunc("POST /api/volunteers/{id}/shifts", auth(app.handleAssignShift, "admin", "staffing", "colead"))
+	mux.HandleFunc("DELETE /api/volunteers/{id}/shifts/{shift_id}", auth(app.handleUnassignShift, "admin", "staffing", "colead"))
 
-	mux.HandleFunc("GET /api/shifts", auth(app.handleListShifts, "admin", "coordinator", "volunteer_lead"))
-	mux.HandleFunc("POST /api/shifts", auth(app.handleCreateShift, "admin", "coordinator", "volunteer_lead"))
-	mux.HandleFunc("POST /api/shifts/reorder", auth(app.handleReorderShifts, "admin", "coordinator", "volunteer_lead"))
-	mux.HandleFunc("PUT /api/shifts/{id}", auth(app.handleUpdateShift, "admin", "coordinator", "volunteer_lead"))
-	mux.HandleFunc("DELETE /api/shifts/{id}", auth(app.handleDeleteShift, "admin", "coordinator", "volunteer_lead"))
-	mux.HandleFunc("POST /api/shifts/{id}/volunteers", auth(app.handleAssignShiftVolunteer, "admin", "coordinator", "volunteer_lead"))
-	mux.HandleFunc("DELETE /api/shifts/{id}/volunteers/{volunteer_id}", auth(app.handleUnassignShiftVolunteer, "admin", "coordinator", "volunteer_lead"))
+	mux.HandleFunc("GET /api/shifts", auth(app.handleListShifts, "admin", "staffing", "colead"))
+	mux.HandleFunc("POST /api/shifts", auth(app.handleCreateShift, "admin", "staffing", "colead"))
+	mux.HandleFunc("POST /api/shifts/reorder", auth(app.handleReorderShifts, "admin", "staffing", "colead"))
+	mux.HandleFunc("PUT /api/shifts/{id}", auth(app.handleUpdateShift, "admin", "staffing", "colead"))
+	mux.HandleFunc("DELETE /api/shifts/{id}", auth(app.handleDeleteShift, "admin", "staffing", "colead"))
+	mux.HandleFunc("POST /api/shifts/{id}/volunteers", auth(app.handleAssignShiftVolunteer, "admin", "staffing", "colead"))
+	mux.HandleFunc("DELETE /api/shifts/{id}/volunteers/{volunteer_id}", auth(app.handleUnassignShiftVolunteer, "admin", "staffing", "colead"))
 
 	mux.HandleFunc("GET /api/users", auth(app.handleListUsers, "admin"))
 	mux.HandleFunc("POST /api/users", auth(app.handleCreateUser, "admin"))
@@ -141,8 +146,13 @@ func (app *App) registerRoutes(mux *http.ServeMux) {
 	mux.HandleFunc("GET /api/settings", auth(app.handleGetSettings, "admin"))
 	mux.HandleFunc("PUT /api/settings", auth(app.handleUpdateSettings, "admin"))
 	mux.HandleFunc("POST /api/settings/test-email", auth(app.handleTestEmail, "admin"))
+	mux.HandleFunc("POST /api/settings/reset-tickets", auth(app.handleResetTickets, "admin"))
+	mux.HandleFunc("POST /api/settings/reset-volunteers", auth(app.handleResetVolunteers, "admin"))
+	mux.HandleFunc("POST /api/settings/reset-shifts", auth(app.handleResetShifts, "admin"))
+	mux.HandleFunc("POST /api/settings/reset-departments", auth(app.handleResetDepartments, "admin"))
+	mux.HandleFunc("POST /api/settings/reset-volunteer-shifts", auth(app.handleResetVolunteerShifts, "admin"))
 
-	mux.HandleFunc("POST /api/import", auth(app.handleImport, "admin", "ticketing"))
+	mux.HandleFunc("POST /api/import", auth(app.handleImport, "admin"))
 
 	mux.HandleFunc("GET /api/sync/pull", auth(app.handleSyncPull))
 	mux.HandleFunc("GET /api/sync/stream", auth(app.handleSyncStream))
@@ -151,6 +161,16 @@ func (app *App) registerRoutes(mux *http.ServeMux) {
 		writeJSON(w, map[string]string{"build": buildID})
 	})
 
+	mux.HandleFunc("POST /api/settings/shift-signups", auth(app.handleToggleShiftSignups, "admin", "staffing"))
+
+	// Public endpoints — no JWT required.
+	mux.HandleFunc("GET /api/public/sso-enabled", app.handleSSOEnabled)
+	mux.HandleFunc("GET /api/sso/init", app.handleSSOInit)
+	mux.HandleFunc("GET /api/sso/callback", app.handleSSOCallback)
+	mux.HandleFunc("GET /api/public/signup-config", app.handlePublicSignupConfig)
+	mux.HandleFunc("POST /api/public/signup", app.handlePublicSignup)
+	mux.HandleFunc("POST /api/public/confirm", app.handleConfirmEmail)
+
 	// Kiosk — authenticated by volunteer token, no JWT required.
 	mux.HandleFunc("GET /api/v/{token}", app.handleKioskGet)
 	mux.HandleFunc("POST /api/v/{token}/shifts/{id}", app.handleKioskClaim)
@@ -179,9 +199,9 @@ func (app *App) registerRoutes(mux *http.ServeMux) {
 }
 
 func (app *App) bootstrapAdmin() error {
-	adminUser := os.Getenv("TURNPIKE_ADMIN_USER")
+	adminEmail := os.Getenv("TURNPIKE_ADMIN_EMAIL")
 	adminPass := os.Getenv("TURNPIKE_ADMIN_PASSWORD")
-	if adminUser == "" || adminPass == "" {
+	if adminEmail == "" || adminPass == "" {
 		return nil
 	}
 	n, err := app.countUsers()
@@ -192,11 +212,11 @@ func (app *App) bootstrapAdmin() error {
 	if err != nil {
 		return err
 	}
-	_, err = app.createUser(adminUser, hash, "admin", []int{})
+	_, err = app.createUser(adminEmail, "Admin", hash, []string{"admin"}, []int{})
 	if err != nil {
 		return err
 	}
-	log.Printf("Created admin user: %s", adminUser)
+	log.Printf("Created admin user: %s", adminEmail)
 	return nil
 }
 
diff --git a/testutil_test.go b/testutil_test.go
index 8f58833..14351e5 100644
--- a/testutil_test.go
+++ b/testutil_test.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/http/httptest"
+	"strings"
 	"testing"
 )
 
@@ -16,7 +17,6 @@ func testApp(t *testing.T) *App {
 		t.Fatal(err)
 	}
 	t.Cleanup(func() { db.Close() })
-	// Ensure config table exists (normally created by getOrCreateSecret)
 	db.Exec(`CREATE TABLE IF NOT EXISTS config (key TEXT PRIMARY KEY, value TEXT NOT NULL)`)
 	return &App{
 		db:          db,
@@ -29,17 +29,18 @@ func testApp(t *testing.T) *App {
 func testAdminUser(t *testing.T, app *App) *User {
 	t.Helper()
 	hash, _ := hashPassword("admin123")
-	u, err := app.createUser("admin", hash, "admin", []int{})
+	u, err := app.createUser("oberon@athens.example", "Oberon", hash, []string{"admin"}, []int{})
 	if err != nil {
 		t.Fatal(err)
 	}
 	return u
 }
 
-func testUserWithRole(t *testing.T, app *App, username, role string, deptIDs []int) *User {
+func testUserWithRoles(t *testing.T, app *App, name string, roles []string, deptIDs []int) *User {
 	t.Helper()
-	hash, _ := hashPassword(username + "123")
-	u, err := app.createUser(username, hash, role, deptIDs)
+	email := strings.ToLower(name) + "@athens.example"
+	hash, _ := hashPassword(name + "123")
+	u, err := app.createUser(email, name, hash, roles, deptIDs)
 	if err != nil {
 		t.Fatal(err)
 	}