Fix flagged items: CRTC email submission, BITS todo, selector docs, stale plans

- CRTC letter now auto-emailed to secretary.general@crtc.gc.ca after eSign - BITS admin todo updated to reference electronic + physical submission - COLIN selectors.py: documented verification status per step - BC config: added CRTC Secretary General email address - plan.md: marked completed items (eSign, portal auth, CRTC email) - go-live-todo.md: marked Compliance Calendar DocType as imported Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-04 11:33:45 -05:00 · 2026-05-04 11:33:45 -05:00 · 97dd08c821
commit 97dd08c821
parent 05eec47528
8 changed files with 413 additions and 13 deletions
--- a/docs/go-live-todo.md
+++ b/docs/go-live-todo.md
@ -231,7 +231,7 @@
  - On detecting a new quarterly factor, emails all FCC-carrier customers (bcc justin@) with the new % and the delta vs. prior quarter so they can update their USF surcharges before the quarter starts
  - Requires migration 049 (`usf_contribution_factors` table) to be applied
 - [x] Create ERPNext Items for renewal invoicing: CRTC-MAINT-ANNUAL, MAILBOX-RENEWAL, BC-ANNUAL-REPORT, DOMAIN-RENEWAL-CA, COMPLIANCE-OTHER (fixture: `performancewest_erpnext/performancewest_erpnext/fixtures/item.json`; imports on `bench migrate`)
- [ ] Import updated Compliance Calendar DocType to production ERPNext
+- [x] Import updated Compliance Calendar + Compliance Deadline DocTypes to ERPNext (2026-05-04)

 ---

--- a/docs/plan.md
+++ b/docs/plan.md
@ -48,20 +48,17 @@ The BC incorporation adapter (`frappe_ca_registry/provinces/bc/adapter.py`) has
 ### 1.3 CRTC Pipeline Remaining Stubs `[CRTC]`

 - [ ] **Anytime Mailbox automation hardening** — provider has no API, but Playwright flow now exists. Validate selectors against live UI and stabilize OTP retrieval via Carbonio IMAP, then keep admin handoff as fallback.
- [ ] **CCTS registration** — Step 11 is a stub. Research CCTS online registration form, implement Playwright or keep as admin ToDo with instructions.
- [ ] **eSign workflow for CRTC letter** — Step 6 generates the DOCX letter but customer signature is not collected. Use ERPNext built-in eSign (drawing pad). Wire: generate letter → send for eSign → on signed → continue pipeline.
- [ ] **CRTC letter email submission** — After eSign, email the signed letter to CRTC from the customer's provisioned `.ca` address (`regulatory@{domain}.ca`). Requires IMAP send via HestiaCP provisioned mailbox.
+- [ ] **CCTS registration** — Step 12 is admin ToDo with detailed instructions and CCTS membership URL. Playwright automation planned for future release.
+- [x] **eSign workflow for CRTC letter** — DONE. CRTC-specific eSign at `/portal/sign` (portal-esign.ts). Generic eSign at `/portal/esign/` (portal-esign-generic.ts) works for all doc types.
+- [x] **CRTC letter email submission** — DONE (2026-05-04). After client eSign, letter auto-emailed to secretary.general@crtc.gc.ca from regulatory@{domain}.ca. Also included in physical binder.
 - [ ] **BITS affidavit** — BITS requires a notarized affidavit confirming the company is a US carrier (or Canadian equivalent). Provider: NotaryLive ($59/mo platform + $23/session). Implement: generate affidavit DOCX → send NotaryLive session invite → on completion → attach to binder.
- [ ] **Order confirmation email** — After payment, send customer a confirmation email with order summary, expected timeline, and next steps checklist. Currently nothing is sent at payment time.
+- [x] **Order confirmation email** — DONE. Telegram notification + email on payment via checkout.ts handlePaymentComplete().
 - [ ] **Branded HTML email templates** — 15 ERPNext Email Notifications are plain text. Design and import HTML templates (header logo, PW brand colors, footer with unsubscribe).

 ### 1.4 Customer Portal Auth `[CRTC]`
-Portal pages (`/portal/domain-search`, `/portal/manage-services`) exist but have no authentication. Any URL visitor can access any order.
-
- [ ] Implement portal authentication via ERPNext portal login (ERPNext has a built-in portal user system)
- [ ] Generate a signed JWT or ERPNext portal token and embed in the email links sent to customers
- [ ] Add auth middleware to all `/portal/*` API routes — validate token, scope to customer's own orders only
- [ ] Add session expiry (24h) and re-send link flow
+- [x] **JWT portal authentication** — DONE. All portal pages use signed JWT tokens (72h expiry) passed via email links. Middleware at portalAuth.ts validates token → scopes to customer's order.
+- [x] Auth middleware on all `/portal/*` API routes — requirePortalAuth middleware validates JWT, scopes by order_id + email.
+- [x] Session via query param (email link), Bearer header (XHR), or cookie (pw_portal_token).

 ### 1.5 End-to-End CRTC Test `[CRTC]`
 - [ ] Place a real CRTC order (numbered company, test customer)