fix(signing): filter fields by signer on sign page — was passing all fields unfiltered

teressa-copeland-homes/src/app/sign/[token]/page.tsx

@@ -1,7 +1,7 @@
 import { verifySigningToken } from '@/lib/signing/token';
 import { logAuditEvent } from '@/lib/signing/audit';
 import { db } from '@/lib/db';
-import { signingTokens, documents } from '@/lib/db/schema';
+import { signingTokens, documents, isClientVisibleField } from '@/lib/db/schema';
 import { eq } from 'drizzle-orm';
 import { headers } from 'next/headers';
 import { SigningPageClientWrapper } from './_components/SigningPageClientWrapper';
@@ -57,11 +57,21 @@ export default async function SignPage({ params }: Props) {
     db.update(documents).set({ status: 'Viewed' }).where(eq(documents.id, payload.documentId)),
   ]);
 
+  // Filter fields to this signer's fields only (same logic as GET /api/sign/[token])
+  const allFields = doc.signatureFields ?? [];
+  const visibleFields = allFields.filter((field) => {
+    if (!isClientVisibleField(field)) return false;
+    if (tokenRow.signerEmail !== null) {
+      return field.signerEmail === tokenRow.signerEmail;
+    }
+    return true; // legacy null-signer token: show all client-visible fields
+  });
+
   return (
     <SigningPageClientWrapper
       token={token}
       documentName={doc.name}
-      signatureFields={doc.signatureFields ?? []}
+      signatureFields={visibleFields}
     />
   );
 }