feat(compliance): admin verification gate + durable submission evidence

Per request: after the customer signs but BEFORE we submit to the government, hold
the order for a human to verify the prepared filing is correct.

- MCS-150 handler (mcs150-update + usdot-reactivation): new admin-verification gate
  after the signature gate -- if not admin_approved, set fulfillment_status=
  'ready_to_file', create a HIGH-priority 'VERIFY before filing' admin todo, and
  STOP (no FMCSA submission). job_server injects admin_approved from the dispatch
  payload (mirrors client_approved).
- New admin endpoint POST /api/v1/admin/compliance-orders/:id/approve-submit
  (requireAdmin): verifies status=ready_to_file, re-dispatches the worker with
  admin_approved=true to proceed to actual submission.
- Durable submission EVIDENCE: the web/fax submitters only wrote confirmation
  screenshots to an ephemeral temp dir. Now _upload_submission_evidence copies the
  FMCSA confirmation screenshot + attested PDF + fax_log_id to MinIO under
  filings/<slug>/<order>/evidence/ and records the keys on the order, so we keep
  proof of every government submission.

(state-trucking + the FCC handlers already gate via admin todos / auto_filing.py;
this brings MCS-150 to parity and adds evidence retention.)
This commit is contained in:
justin 2026-06-09 22:50:30 -05:00
parent e87715aee7
commit 058d4d426a
3 changed files with 205 additions and 0 deletions

View file

@ -1240,6 +1240,10 @@ def handle_process_compliance_service(payload: dict) -> dict:
order["esign_document_type"] = payload["esign_document_type"]
if payload.get("esign_signer_email"):
order["esign_signer_email"] = payload["esign_signer_email"]
# Inject admin-approval flag (set when an admin clears the post-signature
# verification gate and re-dispatches the order for submission).
if payload.get("admin_approved"):
order["admin_approved"] = True
# Final entity check before dispatch
ent = order.get("entity", {})