ccopeland/red
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(06-01): complete signing foundation plan — SUMMARY, STATE, ROADMAP updated

Browse Source 
- created 06-01-SUMMARY.md with full task and decision documentation
- STATE.md: advanced to phase 6 plan 1, added 5 signing foundation decisions
- ROADMAP.md: marked 06-01-PLAN.md complete, Signing Flow at 1/6
- REQUIREMENTS.md: marked SIGN-02, LEGAL-01, LEGAL-02 complete
This commit is contained in:
Chandler Copeland
2026-03-20 11:27:07 -06:00
parent 2929581ab9
commit 4bca04f988
4 changed files with 158 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.planning/REQUIREMENTS.md
View File

@@ -43,7 +43,7 @@
### Signing Flow
- [ ] **SIGN-01**: Client receives an email with a unique link to sign the document (no account required)
- [ ] **SIGN-02**: Signing link expires after 72 hours and can only be used once
- [x] **SIGN-02**: Signing link expires after 72 hours and can only be used once
- [ ] **SIGN-03**: Client opens the link in any browser and sees the prepared PDF with signature fields highlighted
- [ ] **SIGN-04**: Client can draw a freehand signature on a canvas (works on mobile and desktop)
- [ ] **SIGN-05**: Client can save a default signature and click a signature field to apply it without redrawing
@@ -52,8 +52,8 @@
### Legal & Compliance
- [ ] **LEGAL-01**: System logs a complete audit trail for every signing ceremony — 6 server-side events: document prepared, email sent, link opened (with IP/user-agent), document viewed, signature submitted, final PDF hash computed
- [ ] **LEGAL-02**: System computes and stores a SHA-256 hash of the final signed PDF immediately after signature embedding (tamper-evident record)
- [x] **LEGAL-01**: System logs a complete audit trail for every signing ceremony — 6 server-side events: document prepared, email sent, link opened (with IP/user-agent), document viewed, signature submitted, final PDF hash computed
- [x] **LEGAL-02**: System computes and stores a SHA-256 hash of the final signed PDF immediately after signature embedding (tamper-evident record)
- [ ] **LEGAL-03**: Signed PDFs are stored in private storage — never accessible via public or guessable URLs; agent downloads via authenticated presigned URLs only
- [ ] **LEGAL-04**: DNS (SPF/DKIM/DMARC) configured for teressacopelandhomes.com before first signing link is sent to a real client
@@ -126,13 +126,13 @@ Which phases cover which requirements. Updated during roadmap creation.
| DOC-05 | Phase 5 | Complete |
| DOC-06 | Phase 5 | Complete |
| SIGN-01 | Phase 6 | Pending |
| SIGN-02 | Phase 6 | Pending |
| SIGN-02 | Phase 6 | Complete |
| SIGN-03 | Phase 6 | Pending |
| SIGN-04 | Phase 6 | Pending |
| SIGN-05 | Phase 6 | Pending |
| SIGN-06 | Phase 6 | Pending |
| LEGAL-01 | Phase 6 | Pending |
| LEGAL-02 | Phase 6 | Pending |
| LEGAL-01 | Phase 6 | Complete |
| LEGAL-02 | Phase 6 | Complete |
| LEGAL-04 | Phase 6 | Pending |
| SIGN-07 | Phase 7 | Pending |
| LEGAL-03 | Phase 7 | Pending |