d445c282c1
- Add POST handler to sign/[token]/route.ts with atomic one-time enforcement - UPDATE signing_tokens SET usedAt WHERE usedAt IS NULL RETURNING — 0 rows = 409 - Log signature_submitted and pdf_hash_computed audit events - Merge client dataURLs with server-stored field coordinates (NEVER trust client coords) - Call embedSignatureInPdf, store pdfHash + signedFilePath in documents table - Update document status to Signed with signedAt timestamp - Fire-and-forget sendAgentNotificationEmail (catches errors without failing response) - Create /sign/[token]/confirmed success page for POST redirect destination