fix(06): update status to Viewed on link open; serve signedFilePath in agent portal after signing

teressa-copeland-homes/src/app/api/documents/[id]/file/route.ts

@@ -21,7 +21,9 @@ export async function GET(
   });
   if (!doc || !doc.filePath) return new Response('Not found', { status: 404 });
 
-  const filePath = path.join(UPLOADS_BASE, doc.filePath);
+  // Serve signed PDF for completed documents, original otherwise
+  const relativePath = doc.signedFilePath ?? doc.filePath;
+  const filePath = path.join(UPLOADS_BASE, relativePath);
 
   // Path traversal guard — critical security check
   if (!filePath.startsWith(UPLOADS_BASE)) {

teressa-copeland-homes/src/app/api/sign/[token]/route.ts

@@ -72,20 +72,12 @@ export async function GET(
     return NextResponse.json({ status: 'invalid' }, { status: 200 });
   }
 
-  // 5 & 6. Log audit events: link_opened + document_viewed
-  await logAuditEvent({
-    documentId: payload.documentId,
-    eventType: 'link_opened',
-    ipAddress: ip,
-    userAgent: ua,
-  });
-
-  await logAuditEvent({
-    documentId: payload.documentId,
-    eventType: 'document_viewed',
-    ipAddress: ip,
-    userAgent: ua,
-  });
+  // 5 & 6. Log audit events + update status to Viewed
+  await Promise.all([
+    logAuditEvent({ documentId: payload.documentId, eventType: 'link_opened', ipAddress: ip, userAgent: ua }),
+    logAuditEvent({ documentId: payload.documentId, eventType: 'document_viewed', ipAddress: ip, userAgent: ua }),
+    db.update(documents).set({ status: 'Viewed' }).where(eq(documents.id, payload.documentId)),
+  ]);
 
   // 7. Return pending state with document data
   return NextResponse.json({