Soften fingerprint conflict to log-only, never block login

With the new hardware-based fingerprint, legit users on shared dev machines,
Docker images with baked-in /etc/machine-id, CI runners, and corporate golden
images can all produce the same fingerprint. Hard-blocking in that case would
lock out coworkers behind whichever user logged in first.

Keep the "Fingerprint ownership conflict" warn log as input for async abuse
review, but always proceed to createCliSession so the signal never gates
login on its own.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: jahooma

freebuff/web/src/app/onboard/page.tsx

@@ -130,6 +130,9 @@ const Onboard = async ({ searchParams }: PageProps) => {
     )
   }
 
+  // Log fingerprint collisions as a signal for async abuse review, but don't
+  // block login — shared dev machines, Docker images with baked-in machine-ids,
+  // and CI runners can legitimately produce the same fingerprint across users.
   const { hasConflict, existingUserId } = await checkFingerprintConflict(
     fingerprintId,
     user.id,
@@ -139,13 +142,6 @@ const Onboard = async ({ searchParams }: PageProps) => {
       { fingerprintId, existingUserId, attemptedUserId: user.id },
       'Fingerprint ownership conflict',
     )
-    return (
-      <StatusCard
-        title="Unable to complete login"
-        description="Something went wrong during the login process."
-        message={`Please try generating a new login code. If the problem persists, contact ${env.NEXT_PUBLIC_SUPPORT_EMAIL} for assistance.`}
-      />
-    )
   }
 
   const sessionToken = await getSessionTokenFromCookies()

web/src/app/onboard/page.tsx

@@ -94,6 +94,9 @@ const Onboard = async ({ searchParams }: PageProps) => {
     )
   }
 
+  // Log fingerprint collisions as a signal for async abuse review, but don't
+  // block login — shared dev machines, Docker images with baked-in machine-ids,
+  // and CI runners can legitimately produce the same fingerprint across users.
   const { hasConflict, existingUserId } = await checkFingerprintConflict(
     fingerprintId,
     user.id,
@@ -103,18 +106,6 @@ const Onboard = async ({ searchParams }: PageProps) => {
       { fingerprintId, existingUserId, attemptedUserId: user.id },
       'Fingerprint ownership conflict',
     )
-    return (
-      <CardWithBeams
-        title="Unable to complete login"
-        description="Something went wrong during the login process."
-        content={
-          <p>
-            Please try generating a new login code. If the problem persists,
-            contact {env.NEXT_PUBLIC_SUPPORT_EMAIL} for assistance.
-          </p>
-        }
-      />
-    )
   }
 
   const sessionToken = await getSessionTokenFromCookies()