---
phase: 06-signing-flow
task: post-execution bug fixes
status: in_progress
last_updated: 2026-03-21T16:15:33.200Z
---

<current_state>
Phase 6 execution is complete (all 6 plans committed, verification passed 9/9). We are in post-execution bug-fix mode — fixing issues discovered during real end-to-end testing. Three bugs were found and fixed, one more was partially fixed and needs verification.
</current_state>

<completed_work>

- Phase 6 fully executed: 6/6 plans complete (schema, email, signing page, modal+submission, confirmation+download, DNS gate)
- DNS configured: Resend.com verified for tcopelandhomes.com, DKIM propagated
- fix: domain updated teressacopelandhomes.com → tcopelandhomes.com in signing-mailer.tsx and .env.local
- fix: PreparePanel was calling /prepare but never /send — signing email was never sent. Now chains /prepare → /send
- fix: agent portal PDF viewer now serves signedFilePath (signed PDF) when available, falling back to filePath
- fix: document_viewed audit event + status→Viewed was added to GET /api/sign/[token] route — but this was WRONG PLACE
- fix (in progress): Viewed status fix moved to correct location: signing page server component (src/app/sign/[token]/page.tsx) — this is the code path that actually runs when a client opens the link. Committed as bf6d361. NOT YET VERIFIED by user.

</completed_work>

<remaining_work>

- Verify that Viewed status fix actually works now (user reported it still wasn't working before last fix — needs re-test)
- The GET /api/sign/[token] route ALSO still has the status update code from the earlier (wrong) fix — that's harmless but could be cleaned up
- Phase 7 (Audit Trail and Download) has not been started yet — it's the final phase

</remaining_work>

<decisions_made>

- Used Resend.com (free tier) for transactional email instead of Google Workspace or raw Gmail
- SMTP config: smtp.resend.com port 465 (SSL), user=resend, pass=API key
- Domain changed to tcopelandhomes.com (Squarespace/Google Domains nameservers)
- Viewed status must be set in the PAGE SERVER COMPONENT (src/app/sign/[token]/page.tsx) not in the API route — the page does direct DB calls and never hits the API route

</decisions_made>

<blockers>

- None hard-blocking. Viewed status fix is committed but not user-verified yet.

</blockers>

<context>
Phase 6 is done. We hit real bugs during end-to-end testing:
1. Email not sending → PreparePanel never called /send (only /prepare)
2. Signed PDF not showing in portal → file route always served original filePath
3. Viewed status not updating → audit/status code was in API route but signing page never calls that API route — it validates token and queries DB directly in the server component

The Viewed fix (commit bf6d361) puts the logAuditEvent + db.update(status→Viewed) directly in page.tsx, which is the correct place. This should work — but user needs to re-test.

After confirming Viewed works, the natural next step is Phase 7 (Audit Trail and Download): agent download of signed PDFs via authenticated presigned URL, private storage enforcement, and dashboard status display.
</context>

<next_action>
Ask user to re-test the signing flow — open a fresh signing link and confirm the document status changes to "Viewed" in the portal. If it works, move to Phase 7 with /gsd:progress then /gsd:plan-phase 7.
</next_action>