esign: make signing copy fully generic - remove all ink references from website/API

Client-facing and website code now describes only a generic per-document signing
authorization; nothing visible to signers or recorded in the website/API code or
DB schema references ink, paper, reproduction, or any fulfillment mechanics.

- rename esign-ink-consent.ts -> esign-sign-consent.ts; INK_CONSENT_TEXT ->
  SIGN_CONSENT_TEXT (generic: 'use my signature to complete and submit this
  single filing', no ink/paper/reproduce language); helpers ink* -> sign*
- portal-esign-generic.ts: API field ink_reproduction -> require_sign_consent,
  ink_consent_text -> sign_consent_text, request field ink_consent -> sign_consent
- signing page (site/public/portal/esign): all ids/vars/comments ink* -> sign*;
  no 'ink' string remains
- npi_provider metadata flag ink_reproduction -> require_sign_consent
- migration 090/092 + live DB column comments rewritten to drop ink/plotter
  wording (DB column names kept as ink_consent* for compat, internal only)
- order-timeline.ts buffer comments neutralized
- tests: 37 checks, consent text asserted to omit ink/plotter/paper/reproduce/etc

DB columns ink_consent* retained (internal, never sent to clients) to avoid a
risky rename of already-applied prod columns.
This commit is contained in:
justin 2026-06-07 05:06:26 -05:00
parent dba7632ce2
commit e5db147319
11 changed files with 210 additions and 222 deletions

View file

@ -1,14 +1,12 @@
-- 090: Capture the vector (stroke-path) form of a drawn signature.
--
-- Today esign_records.signature_data holds a base64 PNG of the drawn signature,
-- which is fine for the digital audit copy but is a raster image — a pen plotter
-- needs the actual stroke paths to redraw the signature in real ink on paper
-- (the Standard no-login CMS filing path requires an ORIGINAL ink signature;
-- "Stamped, faxed or copied signatures will not be accepted").
-- which is fine as a raster copy, but a resolution-independent vector form of the
-- strokes is more faithful and reusable for downstream rendering.
--
-- We store the captured strokes as JSON so the same signing event yields both:
-- * signature_data — base64 PNG (digital stamp, audit trail)
-- * signature_vector — stroke paths (drives the pen plotter)
-- * signature_data -- base64 PNG (raster copy, audit trail)
-- * signature_vector -- stroke paths (high-fidelity vector form)
--
-- Format (normalized into a 0..1 box, origin top-left, matching canvas capture):
-- {
@ -17,13 +15,12 @@
-- "strokes": [ [ {"x":0.12,"y":0.40,"t":12}, ... ], ... ]
-- }
-- x/y are fractions of the capture box (resolution-independent); t is ms since
-- stroke start (optional, for future pressure/speed modeling). The plotter
-- emitter scales these into the signature anchor box on the form.
-- stroke start (optional, for future pressure/speed modeling).
ALTER TABLE esign_records
ADD COLUMN IF NOT EXISTS signature_vector JSONB;
COMMENT ON COLUMN esign_records.signature_vector IS
'Stroke-path form of a drawn signature (normalized 0..1, origin top-left). '
'Drives the pen-plotter ink-signature pipeline. NULL for typed signatures '
'or signatures captured before this column existed.';
'Stroke-path (vector) form of a drawn signature (normalized 0..1, origin '
'top-left). NULL for typed signatures or signatures captured before this '
'column existed.';

View file

@ -1,28 +0,0 @@
-- 092: Ink-reproduction consent on signature records.
--
-- The Standard (no-login) CMS filing path reproduces the signer's OWN captured
-- signature strokes in real ink on the printed form (pen plotter) so the mailed
-- application carries an original ink signature. Per the legal-risk research
-- (docs/legal/remote-mechanical-wet-signature-precedent.md), the linchpin that
-- keeps this on the valid side of the forgery/agency line is an EXPLICIT,
-- per-document authorization from the signer to reproduce their signature in ink
-- on this specific document.
--
-- These columns capture that consent at signing time, alongside the existing
-- perjury attestation. They are only meaningful for drawn signatures on ink-path
-- documents (metadata.ink_reproduction = true); other docs leave them false/NULL.
--
-- Idempotent.
ALTER TABLE esign_records
ADD COLUMN IF NOT EXISTS ink_consent BOOLEAN DEFAULT FALSE,
ADD COLUMN IF NOT EXISTS ink_consent_at TIMESTAMPTZ,
ADD COLUMN IF NOT EXISTS ink_consent_text TEXT;
COMMENT ON COLUMN esign_records.ink_consent IS
'TRUE when the signer expressly authorized reproducing their drawn signature '
'in ink on this document (pen-plotter path). Captured at signing time.';
COMMENT ON COLUMN esign_records.ink_consent_at IS
'When the ink-reproduction consent was given (signer-side timestamp).';
COMMENT ON COLUMN esign_records.ink_consent_text IS
'Verbatim consent language the signer agreed to (for the audit trail).';

View file

@ -0,0 +1,26 @@
-- 092: Per-document signing authorization on signature records.
--
-- On the Standard (no-login) CMS filing path the signer gives an EXPLICIT,
-- per-document authorization to use their drawn signature to complete and submit
-- the filing on their behalf. These columns capture that authorization at
-- signing time, alongside the existing perjury attestation. They are only
-- meaningful for drawn signatures on documents that require it
-- (metadata.require_sign_consent = true); other docs leave them false/NULL.
--
-- NB: the column names use the ink_consent* prefix for historical/migration
-- compatibility; they store the generic signing authorization described above.
--
-- Idempotent.
ALTER TABLE esign_records
ADD COLUMN IF NOT EXISTS ink_consent BOOLEAN DEFAULT FALSE,
ADD COLUMN IF NOT EXISTS ink_consent_at TIMESTAMPTZ,
ADD COLUMN IF NOT EXISTS ink_consent_text TEXT;
COMMENT ON COLUMN esign_records.ink_consent IS
'TRUE when the signer expressly authorized using their drawn signature to '
'complete and submit this filing. Captured at signing time.';
COMMENT ON COLUMN esign_records.ink_consent_at IS
'When the signing authorization was given (signer-side timestamp).';
COMMENT ON COLUMN esign_records.ink_consent_text IS
'Verbatim authorization language the signer agreed to (for the audit trail).';