Update

API/ROLAC.API/Controllers/OfferingEntryController.cs

@@ -85,4 +85,28 @@ public class OfferingEntryController : ControllerBase
         await _hub.Clients.Group(result.SessionDate).SendAsync("LineAdded", result);
         return Ok(result);
     }
+
+    // ── Paper-proof PDF for the date's session (merged client-side) ──────────
+    // Date-keyed so the anonymous page (which has no session id) can attach the
+    // count sheet / envelope photos. Mirrors OfferingSessionsController's proof
+    // validation; the desktop session page reviews/deletes the result.
+
+    [HttpGet("proof")]
+    public async Task<IActionResult> GetProof([FromQuery] DateOnly date)
+    {
+        var result = await _sessions.OpenProofForDateAsync(date);
+        if (result is null) return NoContent();   // no session/proof yet — client merges nothing
+        return File(result.Value.stream, result.Value.contentType);
+    }
+
+    [HttpPost("proof")]
+    [RequestSizeLimit(52_428_800)]   // 50 MB — a merged multi-image PDF is larger than one receipt
+    public async Task<IActionResult> UploadProof([FromForm] DateOnly date, IFormFile file)
+    {
+        if (file is null || file.Length == 0) return BadRequest(new { message = "No file." });
+        if (file.ContentType != "application/pdf") return BadRequest(new { message = "Proof must be a PDF." });
+        await using var stream = file.OpenReadStream();
+        await _sessions.SaveProofForDateAsync(date, stream, file.FileName);
+        return NoContent();
+    }
 }