7.3 KiB
7.3 KiB
phase, plan, type, wave, depends_on, files_modified, autonomous, requirements, must_haves, user_setup
| phase | plan | type | wave | depends_on | files_modified | autonomous | requirements | must_haves | user_setup | ||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 06-signing-flow | 06 | execute | 5 |
|
false |
|
|
|
Purpose: LEGAL-04 — this is a non-negotiable compliance gate. Without SPF/DKIM/DMARC, signing emails will be spam-filtered or rejected, and the audit trail will be incomplete. Output: All three DNS records verified as passing in MXToolbox + a real test email received successfully.
<execution_context> @/Users/ccopeland/.claude/get-shit-done/workflows/execute-plan.md @/Users/ccopeland/.claude/get-shit-done/templates/summary.md </execution_context>
@.planning/ROADMAP.md @.planning/phases/06-signing-flow/06-CONTEXT.md @.planning/phases/06-signing-flow/06-RESEARCH.md Task 1: Automated DNS verification check Run DNS record checks using dig to show the current state before the human checkpoint:# Check existing SPF (CRITICAL: only one v=spf1 record allowed per RFC 7208)
dig TXT teressacopelandhomes.com | grep -i "v=spf"
# Check for DKIM records (selector depends on SMTP provider — common selectors: google, default, mail, zoho)
dig TXT google._domainkey.teressacopelandhomes.com
dig TXT default._domainkey.teressacopelandhomes.com
dig TXT mail._domainkey.teressacopelandhomes.com
# Check DMARC
dig TXT _dmarc.teressacopelandhomes.com
Report the current state of each record. If any is missing, flag it clearly.
Also run a test SMTP connection to confirm the configured SMTP credentials work:
# Quick SMTP auth test using Node.js (from teressa-copeland-homes/)
cd /Users/ccopeland/temp/red/teressa-copeland-homes && node -e "
const nodemailer = require('nodemailer');
require('dotenv').config({ path: '.env.local' });
const t = nodemailer.createTransport({
host: process.env.CONTACT_SMTP_HOST,
port: Number(process.env.CONTACT_SMTP_PORT || 587),
auth: { user: process.env.CONTACT_EMAIL_USER, pass: process.env.CONTACT_EMAIL_PASS }
});
t.verify().then(() => console.log('SMTP: OK')).catch(e => console.error('SMTP error:', e.message));
"
Output a summary of: which DNS records are present, which are missing, and whether SMTP auth succeeds. dig TXT teressacopelandhomes.com | grep -E "v=spf|ANSWER" && dig TXT _dmarc.teressacopelandhomes.com | grep -E "v=DMARC|ANSWER" DNS check output produced showing current state of SPF, DKIM, and DMARC records for teressacopelandhomes.com
Task 2: Human DNS configuration + MXToolbox verification gate Human task — cannot be automated. Configure SPF/DKIM/DMARC DNS records for teressacopelandhomes.com at your DNS provider and SMTP provider dashboard. See how-to-verify steps below. MISSING — human must verify using MXToolbox at https://mxtoolbox.com/spf.aspx, https://mxtoolbox.com/dkim.aspx, https://mxtoolbox.com/dmarc.aspx All three MXToolbox checks show green/pass; test email received in inbox (not spam) Automated DNS checks above show the current state of SPF, DKIM, and DMARC records for teressacopelandhomes.com. The signing flow code is complete (plans 01-05). This checkpoint verifies DNS is configured before any real client signing link is sent. STEP 1: Check existing SPF record to avoid duplicates - Run: dig TXT teressacopelandhomes.com | grep "v=spf" - If a record exists: MERGE your SMTP provider's include into it (do NOT add a second v=spf1 record) - If no record exists: Add: TXT @ "v=spf1 include:[your-smtp-provider-include] ~all"STEP 2: Add DKIM key (get from your SMTP provider dashboard)
- Google Workspace: Admin console > Apps > Google Workspace > Gmail > Authenticate email
- Namecheap Email / Zoho Mail: Domain settings > DKIM
- Add the TXT record they provide at [selector]._domainkey.teressacopelandhomes.com
STEP 3: Add DMARC (monitoring mode — start with p=none)
- Add TXT _dmarc record: "v=DMARC1; p=none; rua=mailto:teressa@teressacopelandhomes.com"
STEP 4: Wait for DNS propagation (5 min to 1 hour for most providers)
STEP 5: Verify all three pass at:
- SPF: https://mxtoolbox.com/spf.aspx (enter teressacopelandhomes.com)
- DKIM: https://mxtoolbox.com/dkim.aspx (enter domain + selector)
- DMARC: https://mxtoolbox.com/dmarc.aspx (enter teressacopelandhomes.com)
All three must show green/pass before sending any real client signing link.
STEP 6: Send a test signing email from the app to your own email address and confirm it is received (not in spam).
<success_criteria> LEGAL-04 satisfied when: SPF/DKIM/DMARC all show green in MXToolbox, a real test email is received without spam filtering, and Teressa confirms she has reviewed and approved the email template. After this checkpoint, signing links may be sent to real clients. </success_criteria>
After completion, create `.planning/phases/06-signing-flow/06-06-SUMMARY.md`