From b2e9810d607f782c59b72992b00a6f8038606e11 Mon Sep 17 00:00:00 2001
From: Chandler Copeland <ccopeland@motivhealth.com>
Date: Sat, 21 Mar 2026 14:07:01 -0600
Subject: [PATCH] feat(11-02): prepare route fetches agentSignatureData, 422
 guard, passes to preparePdf

- Import users and getFieldType from @/lib/db/schema
- Strengthen session guard to !session?.user?.id (matches established pattern)
- Fetch agentSignatureData from users table for the authenticated agent
- 422 guard: return { error: 'agent-signature-missing' } when agent-sig fields exist but no signature saved
- Pass agentSignatureData as 5th arg to preparePdf()
---
 .../app/api/documents/[id]/prepare/route.ts   | 22 ++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/teressa-copeland-homes/src/app/api/documents/[id]/prepare/route.ts b/teressa-copeland-homes/src/app/api/documents/[id]/prepare/route.ts
index c0c477c..4b9af1b 100644
--- a/teressa-copeland-homes/src/app/api/documents/[id]/prepare/route.ts
+++ b/teressa-copeland-homes/src/app/api/documents/[id]/prepare/route.ts
@@ -1,6 +1,6 @@
 import { auth } from '@/lib/auth';
 import { db } from '@/lib/db';
-import { documents } from '@/lib/db/schema';
+import { documents, users, getFieldType } from '@/lib/db/schema';
 import { eq } from 'drizzle-orm';
 import { preparePdf } from '@/lib/pdf/prepare-document';
 import { logAuditEvent } from '@/lib/signing/audit';
@@ -13,7 +13,7 @@ export async function POST(
   { params }: { params: Promise<{ id: string }> }
 ) {
   const session = await auth();
-  if (!session) return new Response('Unauthorized', { status: 401 });
+  if (!session?.user?.id) return new Response('Unauthorized', { status: 401 });
 
   const { id } = await params;
   const body = await req.json() as {
@@ -40,7 +40,23 @@ export async function POST(
   const sigFields = (doc.signatureFields as import('@/lib/db/schema').SignatureFieldData[]) ?? [];
   const textFields = body.textFillData ?? {};
 
-  await preparePdf(srcPath, destPath, textFields, sigFields);
+  // Fetch agent's saved signature for embedding at agent-signature field coordinates
+  const agentUser = await db.query.users.findFirst({
+    where: eq(users.id, session.user.id),
+    columns: { agentSignatureData: true },
+  });
+  const agentSignatureData = agentUser?.agentSignatureData ?? null;
+
+  // Guard: if document has agent-signature fields but no signature saved, block prepare
+  const hasAgentSigFields = sigFields.some(f => getFieldType(f) === 'agent-signature');
+  if (hasAgentSigFields && !agentSignatureData) {
+    return Response.json(
+      { error: 'agent-signature-missing', message: 'No agent signature saved. Go to Profile to save your signature first.' },
+      { status: 422 }
+    );
+  }
+
+  await preparePdf(srcPath, destPath, textFields, sigFields, agentSignatureData);
 
   const [updated] = await db
     .update(documents)