New document {items.map(it => ( {it.label} {it.count != null && it.count > 0 && {it.count}} ))} {user?.role === 'admin' && ( <>

Admin

Users Global audit )}

Settings

{user?.full_name}

{user?.email}

); }; const TopBarWired = ({ title, right }) => (

{title}

{right}

); const AppShell = ({ active, title, counts, children, topRight }) => (

{children}

); // ---------- Public pages ---------- const LandingPage = () => { const { user } = useAuth(); return (

Verify a document {user ? ( Open dashboard ) : ( <> Sign in Start free )}

EU‑hosted · eIDAS · GDPR

Sign and send,
without ceremony.

Drop a PDF, add signers, get it signed. Auditable, encrypted, and quietly fast — built from day one for European compliance.

{user ? ( Continue to dashboard ) : ( <> Create free account I have an account )}

SOC 2 Type IIeIDAS · SES + QESGDPREU data residency

{/* — Stats strip — */}

{[ { n: '3 min', l: 'From upload to first signature' }, { n: '99.99%', l: 'Edge availability (Cloudflare)' }, { n: 'Frankfurt', l: 'Primary data residency · EU' }, { n: '0', l: 'Cookies set before consent' }, ].map((s, i) => (

{s.n}

{s.l}

))}

{/* — Features — */}

What you get

Boring on purpose. Reliable by design.

Signing software shouldn't get in the way. Saign keeps the workflow tight, the audit trail tamper-evident, and the legal footing solid — without forcing you to read a 40-page manual.

{[ { icon: 'upload', t: 'Drop, add, send', d: 'Upload a PDF, type in signer emails, click send. The first email is out before your coffee cools.' }, { icon: 'shield', t: 'Tamper-evident audit', d: 'Every event hashes the previous one. Break the chain anywhere and the whole trail flags red.' }, { icon: 'lock', t: 'Encrypted at rest', d: 'PDFs in R2, metadata in D1, secrets sealed. EU-only by default — no transatlantic round-trips.' }, { icon: 'pen', t: 'Draw, type, or upload', d: 'Three signature methods, one consistent receipt. SES today, QES (eID) on the same flow.' }, { icon: 'map', t: 'Geo + IP forensics', d: 'Browser geolocation with consent, IP fallback, reverse-geocoded label. Stored masked on every display.' }, { icon: 'check', t: 'Public verification', d: 'Each completed document gets a code. Anyone can paste it on /verify and check the signature themselves.' }, ].map((f, i) => (

{f.t}

{f.d}

))}

{/* — How it works — */}

How it works

Three steps. No training required.

{[ { n: '01', t: 'Upload', d: 'Drag the PDF in. We hash it on arrival, count the pages, and pin the original to EU storage.' }, { n: '02', t: 'Add signers', d: 'Type in names and emails. Sequential or parallel. Each signer gets a unique, single-use link.' }, { n: '03', t: 'Get it signed', d: 'They draw, type, or upload a signature. The signed PDF, certificate, and audit chain land in your inbox.' }, ].map((s, i) => (

STEP {s.n}

{s.t}

{s.d}

))}

{/* — Use cases — */}

Built for

Whoever signs the most paperwork in the room.

{[ { t: 'Sales & contracts', d: 'Order forms, MSAs, NDAs. Send before the demo ends, sign before the call drops.', k: ['MSA', 'NDA', 'Order form', 'SoW'] }, { t: 'HR & people ops', d: 'Offer letters, contracts, onboarding paperwork. Templates, sequential flows, deadline reminders.', k: ['Offer', 'Employment contract', 'Onboarding', 'Termination'] }, { t: 'Legal & compliance', d: 'Tamper-evident chain, eIDAS-ready signatures, GDPR-clean retention. Built for audits, not theatre.', k: ['DPA', 'Power of attorney', 'Settlement', 'Disclosure'] }, { t: 'Real estate & finance', d: 'Lease agreements, loan docs, advisory mandates. KYC-friendly, geolocation-backed, certificate-issued.', k: ['Lease', 'Mandate', 'KYC', 'Loan'] }, ].map((u, i) => (

{u.t}

{u.d}

{u.k.map((tag, j) => ( {tag} ))}

))}

{/* — Security & Compliance — */}

Security & compliance

Compliance isn't a checkbox.

We sweat the details so your legal team doesn't have to. Hash-chained audit logs, EU data residency, MFA, encrypted verification codes, rate-limited public lookups, and a retention policy you can actually enforce.

Read the security overview

{[ { t: 'eIDAS-aligned', d: 'SES today, QES on the way' }, { t: 'GDPR by default', d: 'Art. 17 + 20 endpoints' }, { t: 'EU data residency', d: 'Frankfurt-pinned D1 + R2' }, { t: 'Hash-chained logs', d: 'Tamper-evident audit' }, { t: 'MFA / TOTP', d: 'Authenticator-app ready' }, { t: 'Rate limiting', d: 'Per-account + per-IP' }, ].map((b, i) => (

{b.t}

{b.d}

))}

{/* — Pricing teaser — */}

Pricing

Start free. Pay when it matters.

Simple, transparent tiers. No per-seat games, no surprise overage. Cancel any time, export everything.

{[ { name: 'Solo', price: '€0', per: 'forever', tag: 'Free', feats: ['Up to 3 documents / mo', 'Single signer per doc', 'Email signatures + receipts', 'Public verification page'] }, { name: 'Team', price: '€19', per: 'per user / month', tag: 'Most popular', highlight: true, feats: ['Unlimited documents', 'Sequential + parallel flows', 'Templates and reminders', 'Audit export (PDF + JSON)'] }, { name: 'Business', price: '€49', per: 'per user / month', tag: 'For regulated teams', feats: ['Everything in Team', 'SSO + SCIM provisioning', 'Custom retention windows', 'Priority support + DPA'] }, ].map((p, i) => (

{p.highlight && (

{p.tag}

)}

{p.name}

{p.price} {p.per}

{!p.highlight &&

{p.tag}

} {p.highlight &&

}

{p.price === '€0' ? 'Start free' : 'Try ' + p.name}

))}

{/* — FAQ — */}

Frequently asked

The questions we always get.

{[ { q: 'Are Saign signatures legally binding in the EU?', a: 'Yes — they qualify as Simple Electronic Signatures (SES) under eIDAS, which are admissible in court across all EU member states. For documents that legally require an Advanced or Qualified signature (some real-estate, banking and government use cases), QES is on the roadmap.' }, { q: 'Where is my data stored?', a: 'PDFs live in Cloudflare R2, metadata in D1, both pinned to the EU (Frankfurt primary). Nothing crosses the Atlantic by default. Subprocessors are listed on the /subprocessors page.' }, { q: 'How does verification work?', a: 'Every completed document gets a unique code, printed on the certificate. Anyone can drop it into /verify (or upload the signed PDF) to check it against our database — without an account. The lookup goes through an HMAC, the codes are encrypted at rest.' }, { q: 'Can I get my data out?', a: 'Always. There\'s a one-click export in account settings (GDPR Art. 20) that returns a full JSON dump of your account, documents and audit chain. Account deletion (Art. 17) wipes everything within 30 days.' }, { q: 'Do you support 2FA?', a: 'Yes — TOTP via any standard authenticator app (Google Authenticator, 1Password, Bitwarden, etc). Enrolment lives in account settings; recovery codes on the way.' }, { q: 'What happens to documents we no longer need?', a: 'You set a retention period in settings. Once a document hits it, the PDF and PII are purged on the next nightly sweep, with the audit chain preserved as a hash-only stub.' }, ].map((f, i) => (

{f.q}

{f.a}

))}

{/* — Final CTA — */}

Ready to send the first one?

Free to start. No card, no sales call. Three documents a month on the house — upgrade only if you out-grow it.

{user ? ( Open dashboard ) : ( <> Create free account Verify a document )}

Verify document Privacy Terms Cookies Subprocessors Security

); }; const LoginPage = () => { const { user, login } = useAuth(); const toast = useToast(); const [email, setEmail] = React.useState('admin@saign.local'); const [password, setPassword] = React.useState('admin123'); const [busy, setBusy] = React.useState(false); const [err, setErr] = React.useState(null); const [mfaPending, setMfaPending] = React.useState(false); const [code, setCode] = React.useState(''); React.useEffect(() => { if (user) navigate('/dashboard'); }, [user]); const submit = async (e) => { e.preventDefault(); setErr(null); setBusy(true); try { const out = await login(email, password); if (out?.mfa_required) { setMfaPending(true); return; } toast.push(`Signed in as ${out.email}`); navigate('/dashboard'); } catch (ex) { const code = ex.data?.error; setErr( code === 'rate_limited' ? 'Too many attempts from this network. Try again in a few minutes.' : code === 'account_locked' ? 'Account temporarily locked after failed attempts. Try again later.' : code === 'email_not_verified' ? 'Please verify your email first. Check your inbox or resend below.' : ex.status === 401 ? 'Wrong email or password.' : 'Login failed. Try again.' ); } finally { setBusy(false); } }; const submitTotp = async (e) => { e.preventDefault(); setErr(null); setBusy(true); try { const u = await api('/api/auth/login/totp', { method: 'POST', body: { code } }); // refetch /me to populate context const me = await api('/api/auth/me'); toast.push(`Signed in as ${me.email}`); window.location.hash = '/dashboard'; window.location.reload(); // simplest way to refresh AuthCtx with the new session } catch (ex) { setErr(ex.data?.error === 'invalid_code' ? 'That code didn\'t match. Try the next 30s window.' : ex.data?.error === 'no_pending_mfa' ? 'Login attempt expired. Sign in again.' : 'Verification failed.'); } finally { setBusy(false); } }; const resendVerify = async () => { try { const r = await api('/api/auth/resend-verify', { method: 'POST', body: { email } }); if (r.dev_url) toast.push('Dev mode: link logged below'); else toast.push('Verification email re-sent'); } catch { toast.push('Could not resend', 'err'); } }; return (

Simple electronic signatures

Sign and send,
without ceremony.

Drop a PDF, add signers, get it signed. Auditable, encrypted, and quietly fast.

SOC 2 Type IIeIDAS · SESGDPR

{mfaPending ? 'Two-factor code' : 'Welcome back.'}

{mfaPending ? 'Enter the 6-digit code from your authenticator app.' : 'Sign in to continue.'}

{!mfaPending ? ( ) : ( )}

New to Saign? Create an account

Debug accounts

admin@saign.local / admin123

alex@studio.co / demo1234

); }; const RegisterPage = () => { const { user, register } = useAuth(); const [form, setForm] = React.useState({ full_name: '', email: '', password: '' }); const [busy, setBusy] = React.useState(false); const [err, setErr] = React.useState(null); const [devUrl, setDevUrl] = React.useState(null); React.useEffect(() => { if (user) navigate('/dashboard'); }, [user]); const submit = async (e) => { e.preventDefault(); setErr(null); setBusy(true); try { const r = await register(form); const target = '/verify-email?email=' + encodeURIComponent(form.email) + (r?.verification?.dev_url ? '&dev_url=' + encodeURIComponent(r.verification.dev_url) : ''); navigate(target); } catch (ex) { setErr(ex.data?.error === 'email_taken' ? 'Email is already registered.' : ex.data?.error === 'invalid_input' ? 'Please check your inputs.' : 'Registration failed.'); } finally { setBusy(false); } }; return (

Free for solo · 14‑day team trial

Start signing in
under a minute.

No credit card. Cancel anytime. Your documents stay in the EU.

SOC 2 Type IIeIDAS · SESGDPR

Create your account.

Already have an account? Sign in

); }; const VerifyEmailPage = () => { const params = new URLSearchParams(window.location.hash.split('?')[1] || ''); const email = params.get('email') || 'your email'; const devUrl = params.get('dev_url'); const [busy, setBusy] = React.useState(false); const [msg, setMsg] = React.useState(null); const resend = async () => { setBusy(true); setMsg(null); try { const r = await api('/api/auth/resend-verify', { method: 'POST', body: { email } }); setMsg(r.dev_url ? `Dev URL: ${r.dev_url}` : 'New verification email sent.'); } catch { setMsg('Could not resend.'); } finally { setBusy(false); } }; return (

Verify your email

We sent a confirmation link to
{email}.
Click the link there to activate your account.

{devUrl && (

Dev mode link

{devUrl}

)} {msg &&

{msg}

} Continue to sign in

); }; const VerifyTokenPage = () => { const params = new URLSearchParams(window.location.hash.split('?')[1] || ''); const token = params.get('token'); const [state, setState] = React.useState('busy'); // busy | ok | err React.useEffect(() => { if (!token) { setState('err'); return; } api('/api/auth/verify-email', { method: 'POST', body: { token } }) .then(() => setState('ok')) .catch(() => setState('err')); }, [token]); return (

{state === 'busy' ? 'Verifying…' : state === 'ok' ? 'Email verified.' : 'Link invalid or expired.'}

{state === 'ok' ? 'You can now sign in.' : state === 'err' ? 'Request a new verification email below.' : ' '}

Continue to sign in

); }; // ---------- Authenticated pages ---------- const RequireAuth = ({ children }) => { const { user, loading } = useAuth(); React.useEffect(() => { if (!loading && !user) navigate('/login'); }, [loading, user]); if (loading) return ; if (!user) return null; return children; }; const StatusBadge = ({ state, label }) => ; // Mask IP for display — preserve coarse network info, hide host. GDPR-friendly. // IPv4: 192.168.1.42 → 192.168.1.• // IPv6: 2001:db8::1234 → 2001:db8::••• (keep first 4 hextets max) const maskIp = (ip) => { if (!ip) return '—'; if (ip.includes(':')) { const parts = ip.split(':'); if (parts.length <= 4) { // Compact form like "2001:db8::1" — replace tail group with ••• return ip.replace(/[^:]+$/, '•••'); } return parts.slice(0, 4).join(':') + ':•••'; } const m = ip.match(/^(\d+\.\d+\.\d+)\.\d+$/); if (m) return m[1] + '.•'; return '•••'; }; const RowMenu = ({ doc, onChange }) => { const [open, setOpen] = React.useState(false); const ref = React.useRef(null); const toast = useToast(); const isArchived = !!doc.archived_at; React.useEffect(() => { if (!open) return; const onDoc = (e) => { if (ref.current && !ref.current.contains(e.target)) setOpen(false); }; document.addEventListener('mousedown', onDoc); return () => document.removeEventListener('mousedown', onDoc); }, [open]); const archive = async (e) => { e.stopPropagation(); setOpen(false); const verb = isArchived ? 'unarchive' : 'archive'; try { await api(`/api/documents/${doc.id}/${verb}`, { method: 'POST' }); toast.push(isArchived ? 'Restored from archive' : 'Archived'); onChange?.(); } catch { toast.push('Could not update', 'err'); } }; const del = async (e) => { e.stopPropagation(); setOpen(false); if (!confirm(`Delete "${doc.title}"?\n\nSigning links will stop working. The audit trail is kept for compliance retention.`)) return; try { await api(`/api/documents/${doc.id}`, { method: 'DELETE' }); toast.push('Document deleted'); onChange?.(); } catch { toast.push('Could not delete', 'err'); } }; return (

{open && (

)}

); }; const useDocuments = (filter) => { const [data, setData] = React.useState({ documents: [], counts: {} }); const [loading, setLoading] = React.useState(true); const [error, setError] = React.useState(null); const reload = React.useCallback(() => { setLoading(true); const url = '/api/documents' + (filter && filter !== 'all' ? `?filter=${filter}` : ''); api(url).then(setData).catch(setError).finally(() => setLoading(false)); }, [filter]); React.useEffect(reload, [reload]); return { ...data, loading, error, reload }; }; const DashboardPage = ({ filter = 'all' }) => { const { documents, counts, loading, reload } = useDocuments(filter); const tabs = [ { id: 'all', label: 'All', to: '/dashboard' }, { id: 'sent', label: 'Awaiting', to: '/dashboard/sent' }, { id: 'signed', label: 'Signed', to: '/dashboard/signed' }, { id: 'draft', label: 'Drafts', to: '/dashboard/drafts' }, { id: 'archived', label: 'Archived', to: '/dashboard/archived' }, ]; const tabCounts = { all: counts.all || 0, sent: counts.sent || 0, signed: counts.signed || 0, draft: counts.draft || 0, archived: counts.archived || 0, }; const sideCounts = { all: tabCounts.all, draft: counts.draft||0, sent: counts.sent||0, signed: counts.signed||0, archived: counts.archived||0, }; return (

{tabs.map(t => ( {t.label} {tabCounts[t.id]} ))}

New document

{loading ? (

Loading…

) : documents.length === 0 ? (

No documents here yet.

Create your first document →

) : (

{documents.map(d => ( navigate(`/documents/${d.id}`)}> ))}

	Document	Signers	Status	Updated
e.stopPropagation()}>	{d.title} {d.code}	{d.signers.slice(0, 3).map((s, j) => ( 0 ? -6 : 0 }}> ))} {d.total > 0 && ( {d.signed}/{d.total} )}	{d.archived_at && ( Archived )}	{new Date(d.updated_at + 'Z').toLocaleString()}	e.stopPropagation()}>

)}

); }; const DevMailBanner = () => { const { user } = useAuth(); if (user?.mail_provider !== 'dev') return null; return (

Dev mode — emails are not delivered.{' '} Use the link button next to each signer to copy their unique signing URL. Set{' '} RESEND_API_KEY {' '}to enable real delivery.

); }; const SignerRow = ({ signer: s, docId, isLast }) => { const toast = useToast(); const { user } = useAuth(); const [busy, setBusy] = React.useState(false); const apiBase = (typeof window !== 'undefined' && window.SAIGN_API) || ''; const publicBase = user?.public_url || (typeof window !== 'undefined' ? window.location.origin : ''); const link = `${publicBase}/#/sign/${s.access_token}`; const isPending = !['signed', 'declined'].includes(s.status); const copyLink = async () => { try { await navigator.clipboard.writeText(link); toast.push('Signing link copied'); } catch { // fallback for clipboard-blocked contexts const ta = document.createElement('textarea'); ta.value = link; document.body.appendChild(ta); ta.select(); document.execCommand('copy'); document.body.removeChild(ta); toast.push('Signing link copied'); } }; const resend = async () => { setBusy(true); try { const res = await fetch(apiBase + `/api/documents/${docId}/signers/${s.id}/resend`, { method: 'POST', credentials: 'same-origin', headers: csrfHeader(), }); const d = await res.json(); if (d.mode === 'resend' && d.ok) toast.push(`Email re-sent to ${s.email}`); else if (d.mode === 'dev') toast.push('No mail provider — copy link instead', 'err'); else toast.push(`Resend failed: ${d.reason || 'error'}`, 'err'); } catch (ex) { toast.push('Resend failed', 'err'); } finally { setBusy(false); } }; return (

{s.full_name}

{s.email}

{s.signed_geo_label && (

{s.signed_geo_label}

)}

{isPending && (

)}

); }; const DocumentDetailPage = ({ id }) => { const [doc, setDoc] = React.useState(null); const [error, setError] = React.useState(null); const [certBusy, setCertBusy] = React.useState(false); const [actBusy, setActBusy] = React.useState(false); const { user } = useAuth(); const toast = useToast(); const reload = React.useCallback(() => api(`/api/documents/${id}`).then(setDoc).catch(setError), [id]); React.useEffect(() => { reload(); }, [reload]); const downloadCert = async () => { if (!doc) return; setCertBusy(true); try { const audit = await api(`/api/documents/${doc.id}/audit`); const bytes = await buildCertificatePdf({ doc, signers: doc.signers, events: audit.events, generatedFor: user?.email || '', }); downloadBlob(bytes, `${doc.code || doc.id}-certificate.pdf`); toast.push('Certificate downloaded'); } catch (ex) { toast.push('Certificate failed: ' + ex.message, 'err'); } finally { setCertBusy(false); } }; const isArchived = !!doc?.archived_at; const toggleArchive = async () => { setActBusy(true); try { await api(`/api/documents/${doc.id}/${isArchived ? 'unarchive' : 'archive'}`, { method: 'POST' }); toast.push(isArchived ? 'Restored from archive' : 'Archived'); await reload(); } catch { toast.push('Could not update', 'err'); } finally { setActBusy(false); } }; const del = async () => { if (!confirm(`Delete "${doc.title}"?\n\nSigning links will stop working. The audit trail is kept for compliance retention.`)) return; setActBusy(true); try { await api(`/api/documents/${doc.id}`, { method: 'DELETE' }); toast.push('Document deleted'); navigate('/dashboard'); } catch { toast.push('Could not delete', 'err'); setActBusy(false); } }; if (error) return ; if (!doc) return

Loading…

; const firstPending = doc.signers.find(s => s.status !== 'signed' && s.status !== 'declined'); return (

Back to documents {doc.status !== 'signed' && doc.status !== 'declined' && firstPending && ( )}

Document · {doc.code}

{doc.title}

SHA‑256 {doc.sha256} · {doc.pages} pages · {(doc.size_bytes/1024).toFixed(0)} KB

{doc.verify_code && (

Verify code {doc.verify_code}

)}

{isArchived && ( Archived )}

{doc.status === 'signed' ? 'Signed PDF' : 'Original PDF'} Audit trail

(doc.fields || []) .filter(f => f.page === pageNum) .map(f => { const signerIdx = doc.signers.findIndex(s => s.id === f.signer_id); const colors = ['#4a3a2a', '#3d6b4d', '#a86b1a', '#9a3a2a', '#3a4a6b']; const c = colors[signerIdx % colors.length]; return (

{doc.signers[signerIdx]?.full_name || 'sign'}

); })} />

Signers ({doc.total})

{doc.signers.map((s, i) => ( ))}

{firstPending && ( Preview signer view )}

Verification

Email verification

SMS code

Qualified signature (QES)

); }; // ---------- Send flow ---------- const Stepper2 = ({ step }) => { const steps = ['Upload', 'Signers', 'Fields', 'Review']; return (

{steps.map((s, i) => (

{i < step ? : i + 1} {s}

{i < steps.length - 1 &&

} ))}

); }; // ---------- FieldPlacer (drag-drop signature boxes onto PDF pages) ---------- // Coordinates stored as fractions of page dims (page-relative) so they // survive any zoom level and PDF page size differences. const FieldPlacer = ({ url, signers, fields, setFields, withCredentials = false }) => { const SIGNER_COLORS = ['#4a3a2a', '#3d6b4d', '#a86b1a', '#9a3a2a', '#3a4a6b']; const [activeSigner, setActiveSigner] = React.useState(signers[0]?.signer_id); const [dragId, setDragId] = React.useState(null); const dragInfo = React.useRef(null); // Keep activeSigner in sync if signers list changes React.useEffect(() => { if (!activeSigner || !signers.find(s => s.signer_id === activeSigner)) { setActiveSigner(signers[0]?.signer_id); } }, [signers, activeSigner]); const ptOf = (e) => { const t = e.touches?.[0] || e.changedTouches?.[0]; return { clientX: t?.clientX ?? e.clientX, clientY: t?.clientY ?? e.clientY }; }; const placeField = (e, pageNum) => { if (e.target.closest('.sigfield')) return; // existing field gets its own handler if (!activeSigner) return; e.preventDefault(); const rect = e.currentTarget.getBoundingClientRect(); const { clientX, clientY } = ptOf(e); const x_pct = (clientX - rect.left) / rect.width; const y_pct = (clientY - rect.top) / rect.height; const w_pct = 0.22, h_pct = 0.06; const id = 'tmp_' + Math.random().toString(36).slice(2, 10); setFields(fs => [...fs, { id, signer_id: activeSigner, page: pageNum, x_pct: Math.max(0, Math.min(1 - w_pct, x_pct - w_pct/2)), y_pct: Math.max(0, Math.min(1 - h_pct, y_pct - h_pct/2)), w_pct, h_pct, field_type: 'signature', }]); }; const startDrag = (e, f, kind = 'move') => { e.stopPropagation(); e.preventDefault(); const pageEl = e.currentTarget.closest('.pdfv-page'); const r = pageEl.getBoundingClientRect(); const { clientX, clientY } = ptOf(e); dragInfo.current = { kind, fieldId: f.id, pageRect: r, startX: clientX, startY: clientY, origX: f.x_pct, origY: f.y_pct, origW: f.w_pct, origH: f.h_pct, }; setDragId(f.id); }; React.useEffect(() => { if (!dragId) return; const move = (e) => { const d = dragInfo.current; if (!d) return; const t = e.touches?.[0]; const cx = t?.clientX ?? e.clientX; const cy = t?.clientY ?? e.clientY; const dxPct = (cx - d.startX) / d.pageRect.width; const dyPct = (cy - d.startY) / d.pageRect.height; setFields(fs => fs.map(f => { if (f.id !== d.fieldId) return f; if (d.kind === 'move') { return { ...f, x_pct: Math.max(0, Math.min(1 - f.w_pct, d.origX + dxPct)), y_pct: Math.max(0, Math.min(1 - f.h_pct, d.origY + dyPct)), }; } return { ...f, w_pct: Math.max(0.05, Math.min(1 - f.x_pct, d.origW + dxPct)), h_pct: Math.max(0.02, Math.min(1 - f.y_pct, d.origH + dyPct)), }; })); }; const up = () => { dragInfo.current = null; setDragId(null); }; window.addEventListener('mousemove', move); window.addEventListener('mouseup', up); window.addEventListener('touchmove', move, { passive: false }); window.addEventListener('touchend', up); return () => { window.removeEventListener('mousemove', move); window.removeEventListener('mouseup', up); window.removeEventListener('touchmove', move); window.removeEventListener('touchend', up); }; }, [dragId, setFields]); const removeField = (id) => setFields(fs => fs.filter(f => f.id !== id)); const fieldsByPage = React.useMemo(() => { const m = {}; for (const f of fields) (m[f.page] ||= []).push(f); return m; }, [fields]); const signerLabel = (id) => { const idx = signers.findIndex(s => s.signer_id === id); return { name: signers[idx]?.full_name || 'signer', color: SIGNER_COLORS[idx % SIGNER_COLORS.length] }; }; const renderOverlay = (pageNum) => (

placeField(e, pageNum)} onTouchStart={(e) => placeField(e, pageNum)} style={{ position: 'absolute', inset: 0, zIndex: 2, cursor: activeSigner ? 'crosshair' : 'not-allowed', touchAction: 'none' }}> {(fieldsByPage[pageNum] || []).map(f => { const lbl = signerLabel(f.signer_id); return (

startDrag(e, f, 'move')} onTouchStart={(e) => startDrag(e, f, 'move')}> {lbl.name} · sign

startDrag(e, f, 'resize')} onTouchStart={(e) => startDrag(e, f, 'resize')} />

); })}

); if (signers.length === 0) { return (

Add a signer first

To place signature fields, you need at least one signer with both name and email. Go back to the previous step.

Back to signers

); } const activeSignerObj = signers.find(s => s.signer_id === activeSigner); const activeColor = activeSignerObj ? SIGNER_COLORS[signers.indexOf(activeSignerObj) % SIGNER_COLORS.length] : 'var(--ink-3)'; return (

{activeSignerObj ? ( <>Click anywhere on the PDF below to place a signature field for {activeSignerObj.full_name} ) : ( <>Pick a signer on the right → )}

Signers

Pick a signer, then click anywhere on the document to drop a signature field for them.

{signers.map((s, i) => { const c = SIGNER_COLORS[i % SIGNER_COLORS.length]; const count = fields.filter(f => f.signer_id === s.signer_id).length; const active = activeSigner === s.signer_id; return ( ); })}

Fields placed

{fields.length} total · {Object.keys(fieldsByPage).length} page(s)

{fields.length === 0 && (

Click on the PDF to place the first signature field. You can drag fields around or resize from the corner.

)}

); }; // In-memory draft (per tab; File can't be serialised so it's only on window.__saign_draft) const getDraft = () => (window.__saign_draft ||= { file: null, title: '', signers: [], fields: [], requireIdVerification: false, }); const useDraft = () => { const d = getDraft(); const [, force] = React.useReducer(x => x + 1, 0); return { file: d.file, title: d.title, signers: d.signers, fields: d.fields || [], requireIdVerification: !!d.requireIdVerification, setFile: (f) => { d.file = f; if (f && !d.title) d.title = f.name.replace(/\.pdf$/i, ''); force(); }, setTitle: (t) => { d.title = t; force(); }, setSigners: (s) => { d.signers = typeof s === 'function' ? s(d.signers) : s; force(); }, setFields: (fs) => { d.fields = typeof fs === 'function' ? fs(d.fields || []) : fs; force(); }, setRequireIdVerification: (v) => { d.requireIdVerification = !!v; force(); }, reset: () => { window.__saign_draft = { file: null, title: '', signers: [], fields: [], requireIdVerification: false }; force(); }, }; }; const NewDocStep1 = () => { const draft = useDraft(); const inputRef = React.useRef(null); const [active, setActive] = React.useState(false); const [error, setError] = React.useState(null); const accept = (f) => { setError(null); if (!f) return; if (f.type !== 'application/pdf' && !f.name.toLowerCase().endsWith('.pdf')) { setError('Only PDF files are accepted.'); return; } if (f.size > 10 * 1024 * 1024) { setError('File too large (max 10 MB on the free tier).'); return; } if (f.size === 0) { setError('Empty file.'); return; } draft.setFile(f); navigate('/documents/new/signers'); }; const onDrop = (e) => { e.preventDefault(); setActive(false); accept(e.dataTransfer.files?.[0]); }; const onDragOver = (e) => { e.preventDefault(); setActive(true); }; const onDragLeave = () => setActive(false); return (

Documents

New document

Upload a PDF to get started. Max 10 MB.

accept(e.target.files?.[0])} />

inputRef.current?.click()} onDrop={onDrop} onDragOver={onDragOver} onDragLeave={onDragLeave}>

{active ? 'Drop to upload' : 'Drop a PDF here'}

Stored on Cloudflare R2 (EU). SHA-256 of bytes goes into the audit trail.

{error && (

{error}

)} {draft.file && (

Pending: {draft.file.name} · {(draft.file.size/1024).toFixed(0)} KB {' '}Continue →

)}

Files stored in Cloudflare R2 (EU). Owner-only access.

); }; const NewDocStep2 = () => { const { file, title, setTitle, signers, setSigners } = useDraft(); React.useEffect(() => { if (!file) navigate('/documents/new'); }, [file]); React.useEffect(() => { if (signers.length === 0) setSigners([{ full_name: '', email: '', role: 'Counterparty' }]); }, []); const update = (i, patch) => setSigners(s => s.map((x, idx) => idx === i ? { ...x, ...patch } : x)); const add = () => setSigners(s => [...s, { full_name: '', email: '', role: 'Counterparty' }]); const remove = (i) => setSigners(s => s.filter((_, idx) => idx !== i)); const cont = () => navigate('/documents/new/fields'); if (!file) return null; return (

Upload

Add signers

They'll receive an email with a unique signing link.

Document title setTitle(e.target.value)} />

{signers.map((s, i) => (

{i + 1}

update(i, { full_name: e.target.value })} />

update(i, { email: e.target.value })} />

))}

Document

{file.name}

{(file.size/1024).toFixed(0)} KB · application/pdf

Signers ({signers.length})

{signers.map((s, i) => (

{s.full_name || '(unnamed)'} · {s.email || 'no email'}

))}

← Change file

); }; // Step 3 — drag/drop signature fields onto the PDF (uses local file URL for preview) const NewDocStep3Fields = () => { const draft = useDraft(); const { file, signers, fields, setFields } = draft; const previewUrl = React.useMemo(() => file ? URL.createObjectURL(file) : null, [file]); React.useEffect(() => () => previewUrl && URL.revokeObjectURL(previewUrl), [previewUrl]); React.useEffect(() => { if (!file) navigate('/documents/new'); }, [file]); if (!file) return null; // Map draft signers (no real IDs yet) → stable per-position IDs for the placer. // We map ALL signers (even incomplete ones) so the placer can show a clear // hint when none are valid yet. const placerSigners = signers .map((s, idx) => ({ ...s, signer_id: `local_${idx}` })) .filter(s => s.email && s.full_name); const validFields = fields.filter(f => placerSigners.some(s => s.signer_id === f.signer_id)); const cont = () => navigate('/documents/new/review'); return (

Signers

← Back to signers

{validFields.length === 0 ? 'Tip: skipping field placement = a default field on the last page' : `${validFields.length} field(s) placed`}

); }; const NewDocStep3 = () => { const draft = useDraft(); const { file, title, signers, fields, reset, requireIdVerification, setRequireIdVerification } = draft; const toast = useToast(); const [busy, setBusy] = React.useState(false); const previewUrl = React.useMemo(() => file ? URL.createObjectURL(file) : null, [file]); React.useEffect(() => () => previewUrl && URL.revokeObjectURL(previewUrl), [previewUrl]); React.useEffect(() => { if (!file) navigate('/documents/new'); }, [file]); if (!file) return null; const send = async (asDraft = false) => { setBusy(true); try { const valid = signers.filter(s => s.email && s.full_name); if (valid.length === 0) { toast.push('Add at least one signer', 'err'); setBusy(false); return; } const apiBase = (typeof window !== 'undefined' && window.SAIGN_API) || ''; // 1. upload doc + signers const fd = new FormData(); fd.append('file', file, file.name); fd.append('title', title || file.name.replace(/\.pdf$/i, '')); fd.append('signers', JSON.stringify(valid)); fd.append('send', asDraft ? 'false' : 'true'); if (requireIdVerification) fd.append('require_id_verification', 'true'); const res = await fetch(apiBase + '/api/documents', { method: 'POST', body: fd, credentials: 'same-origin', headers: csrfHeader() }); const data = await res.json(); if (!res.ok) throw new Error(data.error || 'upload_failed'); // 2. resolve local signer indices → server signer ids, then PUT fields const serverFields = (fields || []).map(f => { const idx = parseInt((f.signer_id || '').replace('local_', ''), 10); const target = data.signers?.[idx]; return target ? { signer_id: target.id, page: f.page, x_pct: f.x_pct, y_pct: f.y_pct, w_pct: f.w_pct, h_pct: f.h_pct, field_type: f.field_type || 'signature', } : null; }).filter(Boolean); if (serverFields.length > 0) { await fetch(apiBase + `/api/documents/${data.id}/fields`, { method: 'PUT', credentials: 'same-origin', headers: { 'Content-Type': 'application/json', ...csrfHeader() }, body: JSON.stringify({ fields: serverFields }), }); } reset(); toast.push(asDraft ? 'Saved as draft' : `Sent to ${valid.length} signer(s)`); navigate(asDraft ? `/documents/${data.id}` : '/dashboard'); } catch (ex) { toast.push(ex.message || 'Failed to send', 'err'); } finally { setBusy(false); } }; return (

Fields

Review and send

Once sent, signers will receive a unique link.

Document

{file.name}

SES · {(file.size/1024).toFixed(0)} KB · {file.type || 'application/pdf'}

Signers ({signers.length})

{signers.map((s, i) => (

{i + 1}.

{s.full_name}

{s.email}

))}

Verification

Email verification

SMS code

Qualified signature (QES)

setRequireIdVerification(e.target.checked)} />

Require ID verification

Each signer uploads an ID photo and confirms name, date of birth and address before they can sign. Details land on the certificate.

); }; // ---------- Public signing ---------- const typedSignatureToPng = (text, w = 480, h = 140) => { const c = document.createElement('canvas'); c.width = w; c.height = h; const ctx = c.getContext('2d'); ctx.fillStyle = '#1a1814'; ctx.font = '64px "Caveat", cursive, serif'; ctx.textBaseline = 'middle'; ctx.textAlign = 'center'; ctx.fillText(text, w / 2, h / 2); return c.toDataURL('image/png'); }; const dataUrlToBytes = (dataUrl) => { const b64 = dataUrl.split(',')[1]; const bin = atob(b64); const out = new Uint8Array(bin.length); for (let i = 0; i < bin.length; i++) out[i] = bin.charCodeAt(i); return out; }; const downloadBlob = (bytes, filename, mime = 'application/pdf') => { const url = URL.createObjectURL(new Blob([bytes], { type: mime })); const a = document.createElement('a'); a.href = url; a.download = filename; document.body.appendChild(a); a.click(); document.body.removeChild(a); setTimeout(() => URL.revokeObjectURL(url), 1000); }; // Build a PDF "Certificate of Completion" client-side using pdf-lib. // Single source of truth for both owner-side and signer-side downloads. const buildCertificatePdf = async ({ doc, signers, events, generatedFor }) => { const PDFLib = window.PDFLib; if (!PDFLib) throw new Error('pdf-lib not loaded'); const pdfDoc = await PDFLib.PDFDocument.create(); const helv = await pdfDoc.embedFont(PDFLib.StandardFonts.Helvetica); const helvB = await pdfDoc.embedFont(PDFLib.StandardFonts.HelveticaBold); const mono = await pdfDoc.embedFont(PDFLib.StandardFonts.Courier); const PAGE_W = 595, PAGE_H = 842; const M = 48; const ink = PDFLib.rgb(0.10, 0.094, 0.078); const ink2 = PDFLib.rgb(0.29, 0.275, 0.243); const ink3 = PDFLib.rgb(0.54, 0.518, 0.471); const accent = PDFLib.rgb(0.722, 0.459, 0.290); const line = PDFLib.rgb(0.847, 0.827, 0.78); const paper2 = PDFLib.rgb(0.937, 0.925, 0.898); const positive = PDFLib.rgb(0.18, 0.42, 0.27); const danger = PDFLib.rgb(0.62, 0.22, 0.18); let page = pdfDoc.addPage([PAGE_W, PAGE_H]); let y = PAGE_H - M; const newPage = () => { page = pdfDoc.addPage([PAGE_W, PAGE_H]); y = PAGE_H - M; }; const ensure = (h) => { if (y - h < M) newPage(); }; const text = (s, x, opts = {}) => { const f = opts.bold ? helvB : (opts.mono ? mono : helv); page.drawText(String(s), { x, y, size: opts.size || 10, font: f, color: opts.color || ink }); }; const wrap = (s, x, maxW, opts = {}) => { const f = opts.bold ? helvB : (opts.mono ? mono : helv); const sz = opts.size || 10; const words = String(s ?? '').split(/\s+/); const lines = []; let cur = ''; for (const w of words) { const next = cur ? cur + ' ' + w : w; if (f.widthOfTextAtSize(next, sz) > maxW && cur) { lines.push(cur); cur = w; } else cur = next; } if (cur) lines.push(cur); for (const ln of lines) { ensure(sz + 4); page.drawText(ln, { x, y, size: sz, font: f, color: opts.color || ink }); y -= sz + 2; } }; const hr = (color = line) => { ensure(8); page.drawLine({ start: { x: M, y }, end: { x: PAGE_W - M, y }, thickness: 0.5, color }); y -= 10; }; const gap = (h) => { y -= h; }; const kv = (k, v, opts = {}) => { ensure(14); text(k, M, { size: 9, color: ink3 }); const vText = (v == null || v === '') ? '—' : String(v); const f = opts.mono ? mono : helv; const w = f.widthOfTextAtSize(vText, 10); page.drawText(vText, { x: PAGE_W - M - w, y, size: 10, font: f, color: opts.color || ink }); y -= 14; }; // ----- Header ----- text('SAIGN', M, { bold: true, size: 13 }); page.drawText('CERTIFICATE OF COMPLETION', { x: PAGE_W - M - helvB.widthOfTextAtSize('CERTIFICATE OF COMPLETION', 9), y, size: 9, font: helvB, color: ink3, }); y -= 18; page.drawLine({ start: { x: M, y }, end: { x: PAGE_W - M, y }, thickness: 0.8, color: ink }); y -= 22; // ----- Document title ----- ensure(28); page.drawText('Document', { x: M, y, size: 9, font: helvB, color: ink3 }); y -= 12; ensure(22); page.drawText(doc.title || '—', { x: M, y, size: 18, font: helvB, color: ink }); y -= 18; text(`${doc.code || ''} · ${doc.pages || '?'} pages · ${doc.size_bytes ? (doc.size_bytes/1024).toFixed(1) + ' KB' : ''}`, M, { size: 10, color: ink2 }); y -= 18; hr(); // ----- Verification banner — most prominent thing on the page besides the title ----- if (doc.verify_code) { ensure(60); const bannerH = 50; page.drawRectangle({ x: M, y: y - bannerH, width: PAGE_W - 2 * M, height: bannerH, color: paper2, borderColor: ink, borderWidth: 0.8, }); page.drawText('VERIFY THIS DOCUMENT', { x: M + 14, y: y - 14, size: 8, font: helvB, color: ink3, }); page.drawText(doc.verify_code, { x: M + 14, y: y - 32, size: 18, font: helvB, color: ink, }); const verifyUrl = (typeof window !== 'undefined' && window.SAIGN_API ? window.SAIGN_API : (typeof window !== 'undefined' ? window.location.origin : 'https://saign.pages.dev')) + `/#/verify?code=${doc.verify_code}`; page.drawText(verifyUrl, { x: M + 14, y: y - 44, size: 7, font: mono, color: ink2, }); const hint = 'Anyone with this code can confirm authenticity at the URL above'; page.drawText(hint, { x: PAGE_W - M - helv.widthOfTextAtSize(hint, 7) - 14, y: y - 14, size: 7, font: helv, color: ink3, }); y -= bannerH + 16; } // ----- Document hashes ----- kv('Status', (doc.status || 'unknown').toUpperCase(), { color: doc.status === 'signed' ? positive : doc.status === 'declined' ? danger : ink }); kv('Document ID', doc.id || '—', { mono: true }); kv('Verify code', doc.verify_code || '—', { mono: true }); kv('SHA-256 (original)', doc.sha256 || '—', { mono: true }); kv('SHA-256 (signed)', doc.sha256_signed || '—', { mono: true }); if (doc.created_at) kv('Created at', doc.created_at, { mono: true }); if (doc.completed_at) kv('Completed at', doc.completed_at, { mono: true }); gap(6); hr(); // ----- Signers ----- ensure(20); page.drawText('Signers', { x: M, y, size: 9, font: helvB, color: ink3 }); y -= 14; const docTypeLabel = (t) => ({ passport: 'Passport', id_card: 'National ID card', drivers_license: "Driver's licence", }[t] || t || '—'); for (const s of signers) { const hasId = !!s.id_verified_at; // Base card height + extra room for the identity sub-block when present. const idBlockH = hasId ? 76 : 0; const cardH = 86 + idBlockH; ensure(cardH + 10); const cardTop = y + 4; page.drawRectangle({ x: M, y: cardTop - cardH, width: PAGE_W - 2 * M, height: cardH, color: paper2, borderColor: line, borderWidth: 0.5 }); let yy = cardTop - 14; page.drawText(s.full_name || s.email, { x: M + 12, y: yy, size: 11, font: helvB, color: ink }); const stPill = (s.status || 'pending').toUpperCase(); const pillColor = s.status === 'signed' ? positive : s.status === 'declined' ? danger : ink2; const pillW = helvB.widthOfTextAtSize(stPill, 8) + 12; page.drawText(stPill, { x: PAGE_W - M - 12 - pillW + 6, y: yy + 2, size: 8, font: helvB, color: pillColor }); yy -= 14; page.drawText(s.email || '', { x: M + 12, y: yy, size: 9, font: helv, color: ink2 }); yy -= 14; const row = (label, val, opts = {}) => { page.drawText(label, { x: M + 12, y: yy, size: 8, font: helv, color: ink3 }); const vstr = (val == null || val === '') ? '—' : String(val); const f = opts.mono ? mono : helv; page.drawText(vstr, { x: M + 110, y: yy, size: 9, font: f, color: opts.color || ink }); yy -= 11; }; row('Method', s.signed_method || '—'); row('Signed at', s.signed_at || '—'); row('IP address', maskIp(s.signed_ip)); const locLabel = s.signed_geo_label ? (s.signed_geo_source === 'browser' ? `${s.signed_geo_label} (precise)` : `${s.signed_geo_label} (ip)`) : '—'; row('Location', locLabel); if (s.signed_geo_lat != null && s.signed_geo_lon != null) { page.drawText('Coords', { x: M + 12, y: yy, size: 8, font: helv, color: ink3 }); page.drawText(`${s.signed_geo_lat.toFixed(5)}, ${s.signed_geo_lon.toFixed(5)}` + (s.signed_geo_accuracy ? ` ±${Math.round(s.signed_geo_accuracy)}m` : ''), { x: M + 110, y: yy, size: 9, font: mono, color: ink }); yy -= 11; } if (hasId) { // Divider above the identity block — keep it visually distinct. yy -= 4; page.drawLine({ start: { x: M + 12, y: yy + 2 }, end: { x: PAGE_W - M - 12, y: yy + 2 }, thickness: 0.4, color: line }); yy -= 6; page.drawText('IDENTITY (self-attested)', { x: M + 12, y: yy, size: 7, font: helvB, color: positive, }); const verifTime = s.id_verified_at || ''; const w = mono.widthOfTextAtSize(verifTime, 7); page.drawText(verifTime, { x: PAGE_W - M - 12 - w, y: yy, size: 7, font: mono, color: ink3 }); yy -= 11; row('Name', s.id_full_name || '—'); row('Date of birth', s.id_birth_date || '—'); const cc = s.id_country ? ` · ${s.id_country}` : ''; const docLine = `${docTypeLabel(s.id_doc_type)}${cc}${s.id_doc_number_last4 ? ' ····' + s.id_doc_number_last4 : ''}`; row('ID document', docLine); if (s.id_mrz_text) { page.drawText('MRZ', { x: M + 12, y: yy, size: 8, font: helv, color: ink3 }); page.drawText('captured', { x: M + 110, y: yy, size: 9, font: helv, color: positive }); yy -= 11; } // Address may wrap; render on a separate label/value pair using wrap() page.drawText('Address', { x: M + 12, y: yy, size: 8, font: helv, color: ink3 }); const addrLines = String(s.id_address || '—').split(/\r?\n/); let firstLine = true; for (const ln of addrLines) { page.drawText(ln, { x: M + 110, y: yy, size: 9, font: helv, color: ink }); yy -= 11; firstLine = false; } if (firstLine) yy -= 11; } y = cardTop - cardH - 8; } gap(2); hr(); // ----- Audit trail ----- ensure(20); page.drawText('Audit trail', { x: M, y, size: 9, font: helvB, color: ink3 }); page.drawText('hash-chained · sha-256', { x: PAGE_W - M - helv.widthOfTextAtSize('hash-chained · sha-256', 8), y, size: 8, font: helv, color: ink3, }); y -= 14; for (const e of events) { ensure(28); page.drawText(e.created_at || '', { x: M, y, size: 8, font: mono, color: ink3 }); page.drawText(e.action || '', { x: M + 110, y, size: 9, font: helvB, color: ink }); if (e.actor_email) { const w = helv.widthOfTextAtSize(e.actor_email, 8); page.drawText(e.actor_email, { x: PAGE_W - M - w, y, size: 8, font: helv, color: ink2 }); } y -= 11; if (e.detail) { wrap(e.detail, M + 110, PAGE_W - 2 * M - 110, { size: 8, color: ink2 }); } if (e.row_hash) { ensure(11); page.drawText('hash ' + e.row_hash.slice(0, 24) + '…', { x: M + 110, y, size: 7, font: mono, color: ink3 }); y -= 10; } if (e.ip) { const ipt = 'ip ' + maskIp(e.ip); const w = mono.widthOfTextAtSize(ipt, 7); page.drawText(ipt, { x: PAGE_W - M - w, y: y + 10, size: 7, font: mono, color: ink3 }); } y -= 4; } // ----- Footer on every page ----- const pages = pdfDoc.getPages(); const total = pages.length; pages.forEach((p, i) => { const footY = 24; p.drawLine({ start: { x: M, y: footY + 14 }, end: { x: PAGE_W - M, y: footY + 14 }, thickness: 0.3, color: line }); p.drawText(`Generated ${new Date().toISOString().slice(0, 19).replace('T', ' ')} UTC`, { x: M, y: footY, size: 8, font: helv, color: ink3 }); if (generatedFor) { p.drawText(`for ${generatedFor}`, { x: M + helv.widthOfTextAtSize(`Generated ${new Date().toISOString().slice(0, 19).replace('T', ' ')} UTC `, 8), y: footY, size: 8, font: helv, color: ink3, }); } const pn = `${i + 1} / ${total}`; p.drawText(pn, { x: PAGE_W - M - helv.widthOfTextAtSize(pn, 8), y: footY, size: 8, font: helv, color: ink3, }); p.drawText(doc.code || doc.id || '', { x: PAGE_W / 2 - mono.widthOfTextAtSize(doc.code || doc.id || '', 8) / 2, y: footY, size: 8, font: mono, color: ink3, }); }); return pdfDoc.save(); }; // Best-effort browser geolocation. Resolves with { lat, lon, accuracy } or null // (timed out / denied / unsupported). Never throws — signing must keep working // regardless of location consent. const getBrowserLocation = () => new Promise((resolve) => { if (!navigator.geolocation) return resolve(null); let done = false; const timer = setTimeout(() => { if (!done) { done = true; resolve(null); } }, 8000); navigator.geolocation.getCurrentPosition( (pos) => { if (done) return; done = true; clearTimeout(timer); resolve({ lat: pos.coords.latitude, lon: pos.coords.longitude, accuracy: pos.coords.accuracy }); }, () => { if (done) return; done = true; clearTimeout(timer); resolve(null); }, { enableHighAccuracy: false, timeout: 7000, maximumAge: 60_000 } ); }); // Reverse-geocode lat/lon to a "City, Region, Country" label using the public // Nominatim API. Best-effort — falls back to coordinate string on failure. const reverseGeocode = async (lat, lon) => { try { const url = `https://nominatim.openstreetmap.org/reverse?format=jsonv2&lat=${lat}&lon=${lon}&zoom=10`; const r = await fetch(url, { headers: { 'Accept': 'application/json' } }); if (!r.ok) throw new Error('http_' + r.status); const j = await r.json(); const a = j.address || {}; const city = a.city || a.town || a.village || a.municipality || a.county || null; const region = a.state || a.region || null; const country = a.country_code ? a.country_code.toUpperCase() : (a.country || null); const parts = [city, region, country].filter(Boolean); return parts.length ? parts.join(', ') : null; } catch { return null; } }; // ---------- ID document support: countries, MRZ parser, OCR loader ---------- // Countries that we have explicit rules for. Anything else falls back to the // per-doctype DEFAULT rule from the server. Sorted by likely audience. const ID_COUNTRIES = [ { code: 'DE', name: 'Germany' }, { code: 'AT', name: 'Austria' }, { code: 'CH', name: 'Switzerland' }, { code: 'FR', name: 'France' }, { code: 'IT', name: 'Italy' }, { code: 'ES', name: 'Spain' }, { code: 'NL', name: 'Netherlands' }, { code: 'BE', name: 'Belgium' }, { code: 'PL', name: 'Poland' }, { code: 'LU', name: 'Luxembourg' }, { code: 'GB', name: 'United Kingdom' }, { code: 'IE', name: 'Ireland' }, { code: 'US', name: 'United States' }, { code: 'CA', name: 'Canada' }, { code: 'OTHER', name: 'Other / not listed' }, ]; // MRZ check-digit algorithm (ICAO 9303). Used to validate the dates and // document number we read out of the machine-readable zone. const _mrzCharVal = (ch) => { if (ch === '<') return 0; if (ch >= '0' && ch <= '9') return ch.charCodeAt(0) - 48; if (ch >= 'A' && ch <= 'Z') return ch.charCodeAt(0) - 55; return 0; }; const mrzCheckDigit = (s) => { const w = [7, 3, 1]; let sum = 0; for (let i = 0; i < s.length; i++) sum += _mrzCharVal(s[i]) * w[i % 3]; return sum % 10; }; // Convert a 2-digit MRZ year (YYMMDD) to a full ISO date. Birth dates pivot // at +20: 25 → 2025 if it would otherwise be in the future, else 1925. const mrzDateToIso = (yy, mm, dd, kind) => { const Y = parseInt(yy, 10), M = parseInt(mm, 10), D = parseInt(dd, 10); if (!(Y >= 0 && M >= 1 && M <= 12 && D >= 1 && D <= 31)) return null; const cur = new Date().getFullYear() % 100; let full; if (kind === 'birth') full = (Y > cur + 20) ? 1900 + Y : 2000 + Y; else /* expiry */ full = (Y < cur - 50) ? 2100 + Y : 2000 + Y; return `${full}-${String(M).padStart(2, '0')}-${String(D).padStart(2, '0')}`; }; // Pull the MRZ block out of an arbitrary OCR string, then parse it. // Supports TD1 (3×30, modern EU IDs) and TD3 (2×44, passports). // Returns null if no recognisable MRZ found. const parseMrz = (raw) => { if (!raw) return null; const lines = raw.toUpperCase() .replace(/[ ]/g, ' ') .split(/\r?\n/) .map(l => l.replace(/[^A-Z0-9<]/g, '')) .filter(Boolean); // TD1 — three lines of 30 chars each. for (let i = 0; i + 2 < lines.length; i++) { const a = lines[i], b = lines[i + 1], c = lines[i + 2]; if (a.length === 30 && b.length === 30 && c.length === 30) { try { const docNumber = a.substring(5, 14).replace(/ p.replace(/ p.replace(/ String(s || '').toUpperCase() .replace(/[\s<]/g, '') .replace(/[OQ]/g, '0') .replace(/[ILT]/g, '1'); // Cross-check a parsed MRZ result against the form values. Returns // { ok, mismatches: [{ field, mrz, typed }] }. Missing-on-typed counts as // mismatch — the user has to confirm the field even if the MRZ is right. const crossCheckMrz = (mrz, typed) => { if (!mrz) return { ok: true, mismatches: [] }; const mismatches = []; if (mrz.doc_number && mrz.doc_number_ok) { if (_normIdValue(typed.docNum) !== _normIdValue(mrz.doc_number)) { mismatches.push({ field: 'doc_number', mrz: mrz.doc_number, typed: typed.docNum }); } } if (mrz.birth_date && mrz.birth_date_ok) { if (typed.birth !== mrz.birth_date) { mismatches.push({ field: 'birth_date', mrz: mrz.birth_date, typed: typed.birth }); } } if (mrz.full_name && typed.fullName) { // Tolerant name match: every word in the MRZ name must appear (case- // insensitive) somewhere in the typed name. Catches OCR noise + the user // adding/removing a middle name without rejecting valid IDs. const mrzWords = mrz.full_name.toUpperCase().split(/\s+/).filter(w => w.length > 1); const typedUp = typed.fullName.toUpperCase(); const allFound = mrzWords.every(w => typedUp.includes(w)); if (!allFound && mrzWords.length > 0) { mismatches.push({ field: 'full_name', mrz: mrz.full_name, typed: typed.fullName }); } } return { ok: mismatches.length === 0, mismatches }; }; // Lazy-load Tesseract.js from a CDN. Resolves with the global `Tesseract` // object, or rejects on script load failure / network error. Cached after // the first successful load — we only ever inject the script tag once. let _tesseractPromise = null; const loadTesseract = () => { if (typeof window === 'undefined') return Promise.reject(new Error('no_window')); if (window.Tesseract) return Promise.resolve(window.Tesseract); if (_tesseractPromise) return _tesseractPromise; _tesseractPromise = new Promise((resolve, reject) => { const s = document.createElement('script'); s.src = 'https://cdn.jsdelivr.net/npm/tesseract.js@5.0.5/dist/tesseract.min.js'; s.async = true; s.onload = () => window.Tesseract ? resolve(window.Tesseract) : reject(new Error('tesseract_missing')); s.onerror = () => { _tesseractPromise = null; reject(new Error('tesseract_load_failed')); }; document.head.appendChild(s); }); return _tesseractPromise; }; // Run OCR over an image File and try to extract MRZ + raw text. Best-effort: // returns `{ text, mrz, confidence }` even when MRZ parsing fails. Throws // on engine load failure so the caller can let the user keep typing manually. const ocrIdImage = async (file, onProgress) => { const Tesseract = await loadTesseract(); // Tesseract.recognize accepts File/Blob directly. We pass language 'eng' — // names + MRZ characters are A-Z/0-9 so English data is enough. const { data } = await Tesseract.recognize(file, 'eng', { logger: (m) => onProgress?.(m), }); const text = data?.text || ''; return { text, mrz: parseMrz(text), confidence: (data?.confidence ?? 0) / 100 }; }; // Self-attested identity verification card. Country picker + front/back // upload + optional client-side OCR (Tesseract.js) that auto-fills the form // from the MRZ when present. Once submitted successfully, the panel // collapses to a confirmation block. const IdVerificationCard = ({ token, apiBase, initialName, verified, disabled, onVerified }) => { const [rules, setRules] = React.useState(null); const [docType, setDocType] = React.useState('id_card'); const [country, setCountry] = React.useState('DE'); const [fullName, setFullName] = React.useState(initialName || ''); const [birth, setBirth] = React.useState(''); const [address, setAddress] = React.useState(''); const [docNum, setDocNum] = React.useState(''); const [front, setFront] = React.useState(null); const [back, setBack] = React.useState(null); const [mrz, setMrz] = React.useState(null); const [ocrConf, setOcrConf] = React.useState(null); const [ocrBusy, setOcrBusy] = React.useState(null); // 'front' | 'back' | null const [ocrMsg, setOcrMsg] = React.useState(null); const [busy, setBusy] = React.useState(false); const [err, setErr] = React.useState(null); const frontRef = React.useRef(null); const backRef = React.useRef(null); // Fetch rules once. React.useEffect(() => { fetch(`${apiBase}/api/id-rules`) .then(r => r.json()) .then(d => setRules(d.rules)) .catch(() => { /* server old? rules will be null, UI uses safe defaults */ }); }, [apiBase]); if (verified) { return (

Identity verified

Self-attested. Details printed on the certificate.

); } // Resolve the active rule for the chosen country/type. Falls back to the // doctype default when the country isn't in our explicit list. const rule = (() => { const fam = rules?.[docType]; if (!fam) return null; return fam[country] || fam.DEFAULT || null; })(); const requiresBack = !!rule?.has_back && docType !== 'passport'; const docNumberRegex = rule?.doc_number_pattern ? new RegExp('^' + rule.doc_number_pattern + '$', 'i') : null; const docNumberLooksOk = !docNumberRegex || (docNum && docNumberRegex.test(docNum)); // Handle a file pick: store the file, then attempt OCR + MRZ parse. const handleImage = async (file, side) => { if (!file) return; if (side === 'front') setFront(file); else setBack(file); setOcrMsg(null); setOcrBusy(side); try { let progressShown = false; const result = await ocrIdImage(file, (m) => { if (m?.status === 'recognizing text') { progressShown = true; setOcrMsg(`Reading ${side}… ${Math.round((m.progress || 0) * 100)}%`); } else if (!progressShown && m?.status) { setOcrMsg(`Loading scanner: ${m.status}…`); } }); setOcrConf(prev => (prev != null ? Math.max(prev, result.confidence) : result.confidence)); if (result.mrz) { setMrz(result.mrz); // Auto-fill from MRZ — the most reliable source we have. if (result.mrz.full_name && !fullName) setFullName(result.mrz.full_name); if (result.mrz.birth_date && result.mrz.birth_date_ok) setBirth(result.mrz.birth_date); if (result.mrz.doc_number && result.mrz.doc_number_ok) setDocNum(result.mrz.doc_number); // Map MRZ country code to alpha-2 for the picker. const c2 = (result.mrz.country || '').slice(0, 2); if (c2 && ID_COUNTRIES.some(x => x.code === c2)) setCountry(c2); setOcrMsg('MRZ recognised — fields pre-filled. Please double-check.'); } else { setOcrMsg('No MRZ detected on this side. You can still fill the fields manually below.'); } } catch (ex) { setOcrMsg('Couldn\'t run automatic scanner. Please fill the fields manually.'); } finally { setOcrBusy(null); } }; // Cross-check user input against MRZ if we found one. With a Personalausweis, // passport, or any other MRZ-bearing document we treat the MRZ as the // authoritative source — typed fields that disagree with it are rejected. const crossCheck = React.useMemo( () => crossCheckMrz(mrz, { docNum, birth, fullName }), [mrz, docNum, birth, fullName] ); // Hard requirement: when the issuing rules say a document is MRZ-readable // (modern EU IDs, all passports), we refuse to verify until OCR could // actually read the MRZ. Otherwise the form would just rubber-stamp // anything the user types — exactly the failure mode we just fixed. const mrzGateOpen = !!rule?.has_mrz && !mrz; const valid = front && (!requiresBack || back) && fullName.trim().length >= 2 && /^\d{4}-\d{2}-\d{2}$/.test(birth) && address.trim().length >= 4 && docNumberLooksOk && !mrzGateOpen && crossCheck.ok; const submit = async (e) => { e.preventDefault(); if (!valid || busy || disabled) return; setBusy(true); setErr(null); try { const fd = new FormData(); fd.append('id_image_front', front); if (back) fd.append('id_image_back', back); fd.append('doc_type', docType); if (docType !== 'passport' || country !== 'OTHER') fd.append('country', country); fd.append('full_name', fullName.trim()); fd.append('birth_date', birth); fd.append('address', address.trim()); fd.append('doc_number', docNum.trim()); if (mrz?.raw) fd.append('mrz_text', mrz.raw); if (ocrConf != null) fd.append('ocr_confidence', String(ocrConf)); const res = await fetch(`${apiBase}/api/sign/${token}/id-verify`, { method: 'POST', body: fd, credentials: apiBase ? 'include' : 'same-origin', }); const out = await res.json().catch(() => ({})); if (!res.ok) { throw Object.assign(new Error(out.error || 'verify_failed'), { hint: out.hint }); } onVerified?.(out); } catch (ex) { setErr( ex.message === 'invalid_birth_date' ? 'Date of birth must be YYYY-MM-DD.' : ex.message === 'image_too_large' ? 'ID image larger than 8 MB.' : ex.message === 'unsupported_image_type'? 'Use a JPG, PNG or WebP image.' : ex.message === 'invalid_doc_type' ? 'Pick a document type.' : ex.message === 'invalid_country' ? 'Pick a country for the document.' : ex.message === 'doc_number_format_mismatch' ? `ID number doesn't match the expected format. ${ex.hint || ''}` : ex.message === 'missing_back' ? 'Please upload the back side of the document.' : ex.message === 'missing_front' ? 'Please upload the front side of the document.' : 'Identity verification failed. Please check the fields and try again.' ); } finally { setBusy(false); } }; const fileBtn = (file, side, ref, busyHere) => (

handleImage(e.target.files?.[0] || null, side)} style={{ display: 'none' }} /> {file && !busyHere && (

{(file.size / 1024).toFixed(0)} KB · {file.type.split('/')[1]}

)}

); return (

Step 1 of 2 · required

Confirm your identity

Upload your ID. We try to read it with on-device OCR and pre-fill the fields. Self-attested — no third-party KYC.

Document type

Issuing country

{rule && (

{rule.label}{rule.has_mrz ? ' · MRZ-readable' : ''}{requiresBack ? ' · front + back required' : ' · front only'}

)}

{fileBtn(front, 'front', frontRef, ocrBusy === 'front')} {requiresBack && fileBtn(back, 'back', backRef, ocrBusy === 'back')}

{ocrMsg && (

{ocrMsg} {mrz && (

MRZ {mrz.format} · {mrz.country} · doc {mrz.doc_number_ok ? '✓' : '✗'} · DOB {mrz.birth_date_ok ? '✓' : '✗'}

)}

)} {/* MRZ gate — block submit when the issuing rules require an MRZ but we couldn't read one. Without this the form would happily accept any typed-in data, which is exactly the bug a user just hit. */} {mrzGateOpen && front && ocrBusy === null && (

MRZ couldn't be read.

{rule?.has_back ? <>This document type carries a machine-readable zone on the back side. Please re-take the back-side photo with better light, no glare, and the whole MRZ inside the frame. Without a readable MRZ we can't verify the ID. : <>This document carries a machine-readable zone. Please re-take the photo with better light and the whole MRZ visible.}

)} {/* Cross-check failure — the typed fields don't match what the MRZ actually says. Show the conflicts inline; block submit until fixed. */} {!crossCheck.ok && mrz && (

The fields you typed don't match the document.

{crossCheck.mismatches.map((m, i) => (

{m.field === 'doc_number' ? 'ID number' : m.field === 'birth_date' ? 'Date of birth' : 'Name'}: {' '}MRZ says {m.mrz || '—'}, you typed {m.typed || '—'}

))}

Update the fields to match the document, or upload a clearer photo so the MRZ reads correctly.

)}

Full name (as printed on ID) setFullName(e.target.value)} disabled={busy} required />

Date of birth setBirth(e.target.value)} disabled={busy} required />

ID number setDocNum(e.target.value)} disabled={busy} required placeholder={rule?.doc_number_pattern ? 'Format will be checked' : 'As printed'} className="mono" style={{ borderColor: docNum && !docNumberLooksOk ? 'var(--danger)' : undefined }} /> {docNum && !docNumberLooksOk && (

Doesn't match the expected format for {rule?.label || 'this document'}.

)}

Address

setAddress(e.target.value)} disabled={busy} required
                    rows={2} placeholder="Street, postcode, city, country" />
        </div>

{err && (
          <div style={{ fontSize: 11, color: 'var(--danger)', background: '#fbeae6',
                        padding: '8px 10px', borderRadius: 2, border: '1px solid #e8b8a8' }}>
            {err}
          </div>
        )}
        <button type="submit" disabled={!valid || busy || disabled} className="btn"
                style={{ width: '100%', justifyContent: 'center', opacity: (!valid || busy) ? 0.5 : 1 }}>
          {busy ? 'Submitting…' : <>Verify identity <Icon name="arrow" size={11} color="var(--paper)" /></>}
        </button>
        <div style={{ fontSize: 10, color: 'var(--ink-3)', lineHeight: 1.5 }}>
          Only the last 4 characters of the ID number are persisted in the database. Your photos and the rest of your details go on the certificate that the sender (and you) get. Public verification only shows the country and document type, never your name, date of birth or address.
        </div>
      </form>
    </div>
  );
};

// Modal shown when the browser cannot resolve a precise location (permission
// denied, OS-level location off, or timeout). The signer still continues
// without precise location — only the country from CF headers is recorded.
const GeolocationHelpModal = ({ onChoice, retried = false }) => {
  const [tab, setTab] = React.useState('win11');
  return (
    <div style={{
      position: 'fixed', inset: 0, background: 'rgba(26,24,20,0.45)', zIndex: 1000,
      display: 'flex', alignItems: 'center', justifyContent: 'center', padding: 24,
    }}>
      <div className="card" style={{ width: 'min(560px, 100%)', maxHeight: '90vh', overflow: 'auto', padding: 0 }}>
        <div style={{ padding: '18px 22px', borderBottom: '1px solid var(--line)',
                      display: 'flex', alignItems: 'center', gap: 12 }}>
          <div style={{
            width: 32, height: 32, borderRadius: '50%',
            background: retried ? '#fbeae6' : '#fbf4e6',
            display: 'flex', alignItems: 'center', justifyContent: 'center',
          }}>
            <Icon name={retried ? 'x' : 'map'} size={16} color={retried ? 'var(--danger)' : '#a86b1a'} />
          </div>
          <div style={{ flex: 1 }}>
            <div style={{ fontSize: 14, fontWeight: 500 }}>
              {retried ? 'Still no location' : 'Location services are off'}
            </div>
            <div style={{ fontSize: 11, color: 'var(--ink-3)' }}>
              {retried
                ? 'The browser still can\'t read a precise location. Settings sometimes only take effect after a page reload.'
                : 'Your browser couldn\'t read a precise location.'}
            </div>
          </div>
        </div>
        <div style={{ padding: '18px 22px', fontSize: 13, color: 'var(--ink-2)', lineHeight: 1.6 }}>
          You can still sign — we'll fall back to the country derived from your IP. If you'd like a precise location on the certificate, here's how to enable location services on Windows:

<div style={{ display: 'flex', gap: 0, marginTop: 18, marginBottom: 14,
                        border: '1px solid var(--line)', borderRadius: 2, padding: 2 }}>
            {[{ id: 'win11', label: 'Windows 11' }, { id: 'win10', label: 'Windows 10' }].map(o => (
              <button key={o.id} onClick={() => setTab(o.id)} type="button"
                style={{ flex: 1, border: 0, padding: '8px 6px',
                  background: tab === o.id ? 'var(--ink)' : 'transparent',
                  color: tab === o.id ? 'var(--paper)' : 'var(--ink-2)',
                  fontFamily: 'var(--sans)', fontSize: 11, fontWeight: 500,
                  cursor: 'pointer', borderRadius: 1 }}>
                {o.label}
              </button>
            ))}
          </div>

{tab === 'win11' && (
            <ol style={{ paddingLeft: 18, margin: 0, fontSize: 12, color: 'var(--ink-2)' }}>
              <li style={{ marginBottom: 6 }}>Press <strong>Windows + I</strong> to open <strong>Settings</strong>.</li>
              <li style={{ marginBottom: 6 }}>Go to <strong>Privacy & security → Location</strong>.</li>
              <li style={{ marginBottom: 6 }}>Switch <strong>Location services</strong> to <strong>On</strong>.</li>
              <li style={{ marginBottom: 6 }}>Scroll down and switch <strong>Let apps access your location</strong> to <strong>On</strong>.</li>
              <li style={{ marginBottom: 6 }}>Find your browser in the list below and switch it to <strong>On</strong>.</li>
              <li>Reload this page and click the location icon in the address bar to allow access.</li>
            </ol>
          )}
          {tab === 'win10' && (
            <ol style={{ paddingLeft: 18, margin: 0, fontSize: 12, color: 'var(--ink-2)' }}>
              <li style={{ marginBottom: 6 }}>Press <strong>Windows + I</strong> to open <strong>Settings</strong>.</li>
              <li style={{ marginBottom: 6 }}>Go to <strong>Privacy → Location</strong>.</li>
              <li style={{ marginBottom: 6 }}>Click <strong>Change</strong> and switch <strong>Location for this device</strong> to <strong>On</strong>.</li>
              <li style={{ marginBottom: 6 }}>Switch <strong>Allow apps to access your location</strong> to <strong>On</strong>.</li>
              <li style={{ marginBottom: 6 }}>Find your browser in the apps list and switch it to <strong>On</strong>.</li>
              <li>Reload this page and accept the browser's location prompt when it appears.</li>
            </ol>
          )}

<div style={{ marginTop: 16, padding: '10px 12px', background: 'var(--paper-2)',
                        border: '1px solid var(--line-2)', fontSize: 11, color: 'var(--ink-3)', borderRadius: 2 }}>
            Tip: if the browser already blocked Saign, click the lock icon next to the URL → Site settings → Location → Allow, then retry.
          </div>
        </div>
        <div style={{ padding: '14px 22px', borderTop: '1px solid var(--line)',
                      display: 'flex', gap: 10, justifyContent: 'flex-end' }}>
          <button type="button" onClick={() => onChoice('cancel')} className="btn btn-ghost">
            Cancel signing
          </button>
          <button type="button" onClick={() => onChoice('retry')} className="btn btn-ghost">
            I enabled it — retry
          </button>
          <button type="button" onClick={() => onChoice('continue')} className="btn">
            Sign without precise location
          </button>
        </div>
      </div>
    </div>
  );
};

React.useEffect(() => {
    api(`/api/sign/${token}`).then(d => {
      setData(d);
      if (d.signer.full_name) setTypedName(d.signer.full_name);
      if (d.signer.status === 'signed') setSigned(true);
      if (d.signer.id_verified_at) setIdVerified(true);
    }).catch(setError);
  }, [token]);

if (error) return <ErrorTokenPage />;
  if (!data) return <FullPageSpinner />;

const currentSig = method === 'type' ? (typedName ? typedSignatureToPng(typedName) : null) : drawnSig;
  const idGateOpen = !!data?.document?.require_id_verification && !idVerified;
  const canSubmit = !!currentSig && accepted && !signed && !busy && !idGateOpen;

const apply = async () => {
    if (!canSubmit) return;
    setBusy(true);

// Capture geolocation up-front (best-effort — never blocks signing).
    let geo = null;
    if (shareLoc) {
      setProgress('Confirming location…');
      geo = await getBrowserLocation();
      // If the browser denies / OS location is off / it times out, keep
      // re-prompting with the help modal until the user explicitly chooses
      // to continue without precise location, or cancels signing.
      let retried = false;
      while (!geo) {
        setProgress('');
        const choice = await new Promise(res => setGeoHelp({ onChoice: res, retried }));
        setGeoHelp(null);
        if (choice === 'cancel')   { setBusy(false); return; }
        if (choice === 'continue') break;
        // 'retry' — try once more; loop re-shows modal if still nothing.
        retried = true;
        setProgress('Retrying location…');
        geo = await getBrowserLocation();
      }
      if (geo) {
        setProgress('Resolving location…');
        const label = await reverseGeocode(geo.lat, geo.lon);
        if (label) geo.label = label;
      }
    }

setProgress('Loading PDF…');
    try {
      // 1. fetch the original PDF
      const pdfRes = await fetch(fileUrl, { credentials: apiBase ? 'include' : 'same-origin' });
      if (!pdfRes.ok) throw new Error('Could not load original PDF');
      const pdfBytes = new Uint8Array(await pdfRes.arrayBuffer());

// 2. embed the signature using pdf-lib — at every assigned field, or
      //    fall back to a single box on the last page if no fields exist.
      setProgress('Embedding signature…');
      const PDFLib = window.PDFLib;
      if (!PDFLib) throw new Error('pdf-lib not loaded');
      const pdfDoc = await PDFLib.PDFDocument.load(pdfBytes);
      const png = await pdfDoc.embedPng(dataUrlToBytes(currentSig));
      const pages = pdfDoc.getPages();
      const ts = new Date().toISOString().replace('T', ' ').slice(0, 19) + ' UTC';
      const locSuffix = geo?.label ? ` · ${geo.label}` : '';

const signedBytes = await pdfDoc.save();

// 3. POST to backend
      setProgress('Uploading signed copy…');
      const fd = new FormData();
      fd.append('signed_pdf', new Blob([signedBytes], { type: 'application/pdf' }), `${data.document.code}-signed.pdf`);
      fd.append('method', method);
      fd.append('signature_image', currentSig);
      if (geo) {
        fd.append('geo_lat', String(geo.lat));
        fd.append('geo_lon', String(geo.lon));
        if (geo.accuracy != null) fd.append('geo_accuracy', String(Math.round(geo.accuracy)));
        if (geo.label) fd.append('geo_label', geo.label);
      }
      const res = await fetch(`${apiBase}/api/sign/${token}/apply`, {
        method: 'POST', body: fd, credentials: apiBase ? 'include' : 'same-origin',
      });
      const out = await res.json();
      if (!res.ok) throw new Error(out.error || 'apply_failed');

setSigned(true); setProgress('');
      setTimeout(() => navigate(`/sign/${token}/done`), 600);
    } catch (ex) {
      setError({ message: ex.message });
    } finally { setBusy(false); }
  };

return (
    <div className="saign-app" style={{ display: 'flex', flexDirection: 'column', height: '100vh' }}>
      <div style={{ height: 52, borderBottom: '1px solid var(--line)', background: 'var(--paper)',
                    display: 'flex', alignItems: 'center', padding: '0 24px', gap: 16, flexShrink: 0 }}>
        <Logo size={14} />
        <div style={{ width: 1, height: 18, background: 'var(--line)' }} />
        <div style={{ fontSize: 12, color: 'var(--ink-2)' }}>
          <strong style={{ color: 'var(--ink)', fontWeight: 500 }}>{data.sender.name}</strong> sent you{' '}
          <strong style={{ fontWeight: 500 }}>{data.document.title}</strong>
        </div>
        <div style={{ flex: 1 }} />
        <a href={fileUrl} target="_blank" rel="noopener" className="btn btn-ghost btn-sm" style={{ textDecoration: 'none' }}>
          <Icon name="download" size={11} /> Download
        </a>
      </div>
      <div style={{ display: 'flex', alignItems: 'center', justifyContent: 'space-between', padding: '10px 24px',
                    background: '#fbf4e6', borderBottom: '1px solid #e8d4b0', fontSize: 12, flexShrink: 0 }}>
        <div style={{ display: 'flex', alignItems: 'center', gap: 8, color: '#8a5a18' }}>
          <Icon name="pen" size={12} color="#a86b1a" />
          {(data.fields?.length > 0)
            ? `${data.fields.length} signature${data.fields.length > 1 ? 's' : ''} required`
            : '1 signature required · last page'}
        </div>
        <div className="mono" style={{ color: '#a86b1a' }}>{data.document.code}</div>
      </div>
      <div style={{ flex: 1, display: 'grid', gridTemplateColumns: '1fr 380px', overflow: 'hidden' }}>
        <div style={{ background: 'var(--paper-2)', minHeight: 0 }}>
          <PdfViewer url={fileUrl} withCredentials={!!apiBase}
            renderOverlay={(pageNum) => (data.fields || [])
              .filter(f => f.page === pageNum)
              .map(f => (
                <div key={f.id} className="sigfield" data-signed={signed} data-mine={!signed}
                  style={{
                    left: `${f.x_pct * 100}%`, top: `${f.y_pct * 100}%`,
                    width: `${f.w_pct * 100}%`, height: `${f.h_pct * 100}%`,
                    cursor: 'default',
                  }}>
                  {signed ? <Icon name="check" size={11} color="var(--positive)" /> : 'Sign here'}
                </div>
              ))} />
        </div>
        <div style={{ borderLeft: '1px solid var(--line)', padding: 24, overflow: 'auto', display: 'flex', flexDirection: 'column' }}>
          {data.document.require_id_verification && (
            <IdVerificationCard
              token={token}
              apiBase={apiBase}
              initialName={data.signer.full_name}
              verified={idVerified}
              disabled={signed}
              onVerified={() => setIdVerified(true)}
            />
          )}
          <div style={{ marginBottom: 18 }}>
            <div className="eyebrow" style={{ marginBottom: 6 }}>
              {data.document.require_id_verification ? 'Step 2 of 2' : 'Step 1 of 1'}
            </div>
            <h2 className="display" style={{ fontSize: 20, margin: 0, marginBottom: 4 }}>Add your signature</h2>
            <p style={{ fontSize: 12, color: 'var(--ink-3)', margin: 0 }}>
              {idGateOpen
                ? <>First confirm your identity above, then choose how you'd like to sign.</>
                : <>Hi {data.signer.full_name}. Choose how you'd like to sign.</>}
            </p>
          </div>
          <div style={{ display: 'flex', gap: 0, marginBottom: 16, border: '1px solid var(--line)', borderRadius: 2, padding: 2 }}>
            {[{ id: 'draw', label: 'Draw', icon: 'draw' },
              { id: 'type', label: 'Type', icon: 'type' }].map(o => (
              <button key={o.id} onClick={() => setMethod(o.id)} disabled={signed} type="button"
                style={{ flex: 1, border: 0, padding: '8px 6px',
                  background: method === o.id ? 'var(--ink)' : 'transparent',
                  color: method === o.id ? 'var(--paper)' : 'var(--ink-2)',
                  fontFamily: 'var(--sans)', fontSize: 11, fontWeight: 500,
                  cursor: signed ? 'default' : 'pointer', display: 'flex', alignItems: 'center',
                  justifyContent: 'center', gap: 6, borderRadius: 1 }}>
                <Icon name={o.icon} size={11} color="currentColor" /> {o.label}
              </button>
            ))}
          </div>

{!signed && method === 'draw' && (
            <SignatureCanvas onChange={setDrawnSig} />
          )}
          {!signed && method === 'type' && (
            <div style={{ background: '#fff', border: '1px solid var(--line)', borderRadius: 2, padding: '24px 16px',
                          minHeight: 100, display: 'flex', alignItems: 'center', justifyContent: 'center' }}>
              <input value={typedName} onChange={e => setTypedName(e.target.value)}
                style={{ background: 'transparent', border: 'none', outline: 'none', fontFamily: '"Caveat", cursive',
                         fontSize: 44, color: 'var(--accent)', textAlign: 'center', width: '100%' }} />
            </div>
          )}
          {signed && (
            <div style={{ background: 'var(--paper-2)', border: '1px solid var(--line)', borderRadius: 2, padding: 24,
                          textAlign: 'center' }}>
              <Icon name="check" size={20} color="var(--positive)" />
              <div style={{ fontSize: 12, color: 'var(--positive)', marginTop: 6 }}>Signature applied</div>
            </div>
          )}

<div style={{ fontSize: 11, color: 'var(--ink-3)', display: 'flex', gap: 8, alignItems: 'flex-start', margin: '18px 0 10px' }}>
            <input type="checkbox" className="chk" checked={accepted} onChange={e => setAccepted(e.target.checked)} />
            <span>By signing, I agree this constitutes my electronic signature under eIDAS (SES). Audit trail will record IP, device, and SHA-256 of the signed PDF.</span>
          </div>
          <div style={{ fontSize: 11, color: 'var(--ink-3)', display: 'flex', gap: 8, alignItems: 'flex-start', margin: '0 0 14px' }}>
            <input type="checkbox" className="chk" checked={shareLoc} onChange={e => setShareLoc(e.target.checked)} />
            <span>Include my location on the certificate (optional). Your browser may ask for permission. If denied, only your country is recorded.</span>
          </div>
          {progress && (
            <div className="mono" style={{ fontSize: 10, color: 'var(--ink-3)', marginBottom: 10 }}>{progress}</div>
          )}
          <div style={{ flex: 1 }} />
          {idGateOpen && (
            <div style={{
              padding: '10px 12px', background: '#fbf4e6', border: '1px solid #e8d4b0',
              fontSize: 11, color: '#8a5a18', borderRadius: 2, marginBottom: 10,
            }}>
              Identity verification is required before you can sign this document.
            </div>
          )}
          <button onClick={apply} disabled={!canSubmit} className="btn btn-lg" type="button"
                  style={{ width: '100%', justifyContent: 'center', opacity: canSubmit ? 1 : 0.5 }}>
            {signed ? 'Done' : busy ? (progress || 'Submitting…') : <>Apply signature <Icon name="arrow" size={11} color="var(--paper)" /></>}
          </button>
        </div>
        {geoHelp && <GeolocationHelpModal onChoice={geoHelp.onChoice} retried={geoHelp.retried} />}
      </div>
    </div>
  );
};

if (!data) return <FullPageSpinner />;
  return (
    <div className="saign-app" style={{ minHeight: '100vh', display: 'flex', alignItems: 'center', justifyContent: 'center', padding: 32, background: 'var(--paper)' }}>
      <div style={{ width: 480, textAlign: 'center' }}>
        <div style={{ display: 'flex', justifyContent: 'center', marginBottom: 28 }}><Logo size={16} /></div>
        <div style={{ width: 64, height: 64, margin: '0 auto 22px', borderRadius: '50%',
          background: 'var(--paper-2)', display: 'flex', alignItems: 'center', justifyContent: 'center', border: '1px solid var(--line)' }}>
          <Icon name="check" size={26} color="var(--positive)" />
        </div>
        <h2 className="display" style={{ fontSize: 28, margin: 0, marginBottom: 10 }}>You signed.</h2>
        <p style={{ fontSize: 13, color: 'var(--ink-2)', margin: 0, marginBottom: 28, lineHeight: 1.5 }}>
          Your signature was applied to <strong style={{ color: 'var(--ink)' }}>{data.document.title}</strong>.<br/>
          A copy will be emailed once everyone has signed.
        </p>
        <div className="card" style={{ padding: 16, marginBottom: 22, textAlign: 'left' }}>
          <div className="eyebrow" style={{ marginBottom: 10 }}>Receipt</div>
          <div style={{ display: 'flex', justifyContent: 'space-between', fontSize: 12, marginBottom: 6 }}>
            <span style={{ color: 'var(--ink-3)' }}>Document</span><span>{data.document.code}</span>
          </div>
          <div style={{ display: 'flex', justifyContent: 'space-between', fontSize: 12, marginBottom: 6 }}>
            <span style={{ color: 'var(--ink-3)' }}>Signed at</span><span className="mono">{data.signer.signed_at || 'just now'}</span>
          </div>
          <div style={{ display: 'flex', justifyContent: 'space-between', fontSize: 12, marginBottom: 6 }}>
            <span style={{ color: 'var(--ink-3)' }}>Signer</span><span>{data.signer.full_name}</span>
          </div>
          {data.document.verify_code && (
            <div style={{ display: 'flex', justifyContent: 'space-between', fontSize: 12, marginBottom: 6 }}>
              <span style={{ color: 'var(--ink-3)' }}>Verify code</span>
              <Link to={`/verify?code=${data.document.verify_code}`} className="mono btn-link">{data.document.verify_code}</Link>
            </div>
          )}
          {data.signer.signed_geo_label && (
            <div style={{ display: 'flex', justifyContent: 'space-between', fontSize: 12, marginBottom: 6 }}>
              <span style={{ color: 'var(--ink-3)' }}>Location</span>
              <span>{data.signer.signed_geo_label}{' '}
                <span style={{ color: 'var(--ink-3)', fontSize: 10 }}>
                  ({data.signer.signed_geo_source === 'browser' ? 'precise' : 'ip'})
                </span>
              </span>
            </div>
          )}
          <div style={{ display: 'flex', justifyContent: 'space-between', fontSize: 12 }}>
            <span style={{ color: 'var(--ink-3)' }}>SHA‑256</span><span className="mono">{data.document.sha256}</span>
          </div>
        </div>
        <div style={{ display: 'flex', flexDirection: 'column', gap: 8 }}>
          <a href={`${(window.SAIGN_API||'')}/api/sign/${token}/file`} target="_blank" rel="noopener"
             className="btn" style={{ textDecoration: 'none', justifyContent: 'center' }}>
            <Icon name="download" size={11} color="var(--paper)" /> Download signed PDF
          </a>
          <button onClick={downloadCert} disabled={certBusy} type="button"
                  className="btn btn-ghost" style={{ justifyContent: 'center', opacity: certBusy ? 0.5 : 1 }}>
            <Icon name="shield" size={11} /> {certBusy ? 'Building…' : 'Download signing certificate'}
          </button>
        </div>
        <div style={{ marginTop: 14 }}>
          <Link to="/" className="btn-link" style={{ fontSize: 12 }}>Back to home</Link>
        </div>
      </div>
    </div>
  );
};

// ---------- Audit ----------
const AuditPage = ({ id }) => {
  const [doc, setDoc] = React.useState(null);
  const [events, setEvents] = React.useState([]);
  const [error, setError] = React.useState(null);
  const [certBusy, setCertBusy] = React.useState(false);
  const { user } = useAuth();
  const toast = useToast();
  React.useEffect(() => {
    Promise.all([
      api(`/api/documents/${id}`),
      api(`/api/documents/${id}/audit`),
    ]).then(([d, a]) => { setDoc(d); setEvents(a.events); }).catch(setError);
  }, [id]);
  const downloadCert = async () => {
    if (!doc) return;
    setCertBusy(true);
    try {
      const bytes = await buildCertificatePdf({
        doc, signers: doc.signers, events,
        generatedFor: user?.email || '',
      });
      downloadBlob(bytes, `${doc.code || doc.id}-certificate.pdf`);
      toast.push('Certificate downloaded');
    } catch (ex) {
      toast.push('Certificate failed: ' + ex.message, 'err');
    } finally { setCertBusy(false); }
  };
  if (error) return <NotFoundPage />;
  if (!doc) return <AppShell active="all" title="Audit"><div style={{ padding: 24, color: 'var(--ink-3)' }}>Loading…</div></AppShell>;
  const actionIcon  = { signed: 'check', viewed: 'eye', sent: 'send', created: 'upload', verified: 'shield', declined: 'x', completed: 'check' };
  const actionColor = { signed: 'var(--positive)', completed: 'var(--positive)', declined: 'var(--danger)', sent: 'var(--accent-2)', created: 'var(--ink-3)', viewed: 'var(--ink-3)', verified: 'var(--ink-2)' };
  return (
    <AppShell active="all" title="Audit trail">
      <div style={{ padding: '28px 48px', maxWidth: 980 }}>
        <Link to={`/documents/${doc.id}`} className="btn-link" style={{ display: 'inline-flex', alignItems: 'center', gap: 6, marginBottom: 18 }}>
          <Icon name="arrowL" size={11} /> Back to document
        </Link>
        <div style={{ display: 'flex', alignItems: 'flex-start', justifyContent: 'space-between', marginBottom: 28 }}>
          <div>
            <div className="eyebrow" style={{ marginBottom: 6 }}>Audit trail</div>
            <h2 className="display" style={{ fontSize: 24, margin: 0, marginBottom: 4 }}>{doc.title}</h2>
            <div className="mono" style={{ color: 'var(--ink-3)', fontSize: 11 }}>{doc.id} · SHA‑256 {doc.sha256}</div>
          </div>
          <div style={{ display: 'flex', gap: 8, alignItems: 'center' }}>
            <StatusBadge state={doc.status === 'draft' ? 'draft' : doc.status === 'signed' ? 'signed' : doc.status === 'declined' ? 'declined' : 'sent'} />
            <button className="btn btn-ghost btn-sm" onClick={downloadCert} disabled={certBusy}
                    style={{ opacity: certBusy ? 0.5 : 1 }}>
              <Icon name="download" size={11} /> {certBusy ? 'Building…' : 'Export certificate'}
            </button>
          </div>
        </div>
        <div className="card" style={{ padding: 0 }}>
          <div style={{ padding: '14px 20px', borderBottom: '1px solid var(--line-2)', display: 'flex', justifyContent: 'space-between', alignItems: 'center' }}>
            <div style={{ fontWeight: 500, fontSize: 13 }}>{events.length} events</div>
            <div className="mono" style={{ fontSize: 10, color: 'var(--ink-3)' }}>tamper‑evident · sha256 hash chain</div>
          </div>
          <div style={{ padding: '8px 0' }}>
            {events.map((e, i) => (
              <div key={e.id} style={{ display: 'grid', gridTemplateColumns: '32px 1fr 240px', gap: 16, padding: '12px 20px',
                                       borderBottom: i < events.length - 1 ? '1px solid var(--line-2)' : 'none', alignItems: 'flex-start' }}>
                <div style={{ width: 24, height: 24, borderRadius: '50%', background: 'var(--paper-2)',
                              display: 'flex', alignItems: 'center', justifyContent: 'center', border: '1px solid var(--line)' }}>
                  <Icon name={actionIcon[e.action] || 'activity'} size={11} color={actionColor[e.action] || 'var(--ink-3)'} />
                </div>
                <div>
                  <div style={{ fontSize: 12, color: 'var(--ink)', marginBottom: 2 }}>
                    <strong style={{ fontWeight: 500 }}>{e.actor_email || 'system'}</strong>
                    <span style={{ color: 'var(--ink-2)' }}> {e.action}</span>
                    {e.detail && <span style={{ color: 'var(--ink-2)' }}> — {e.detail}</span>}
                  </div>
                  <div className="mono" style={{ fontSize: 9, color: 'var(--ink-3)', wordBreak: 'break-all' }}>
                    hash {e.row_hash?.slice(0, 24)}…
                  </div>
                </div>
                <div style={{ textAlign: 'right' }}>
                  <div className="mono" style={{ fontSize: 10, color: 'var(--ink-2)' }}>{e.created_at}</div>
                  <div className="mono" style={{ fontSize: 10, color: 'var(--ink-3)', marginTop: 2 }} title="IP masked for privacy">{maskIp(e.ip)}</div>
                </div>
              </div>
            ))}
          </div>
        </div>
      </div>
    </AppShell>
  );
};

// ---------- Admin ----------
const AdminUsersPage = () => {
  const [users, setUsers] = React.useState(null);
  React.useEffect(() => { api('/api/admin/users').then(d => setUsers(d.users)).catch(() => setUsers([])); }, []);
  return (
    <AppShell active="all" title="Admin · Users">
      <div style={{ padding: '24px 28px' }}>
        <h2 className="display" style={{ fontSize: 22, margin: 0, marginBottom: 6 }}>All users</h2>
        <p style={{ fontSize: 12, color: 'var(--ink-3)', margin: 0, marginBottom: 22 }}>Admin‑only view of every account.</p>
        {!users ? <div style={{ color: 'var(--ink-3)' }}>Loading…</div> : (
          <div className="card">
            <table className="tbl">
              <thead><tr><th>Email</th><th>Name</th><th>Role</th><th>Verified</th><th>Docs</th><th>Created</th></tr></thead>
              <tbody>
                {users.map(u => (
                  <tr key={u.id}>
                    <td className="mono" style={{ fontSize: 11 }}>{u.email}</td>
                    <td>{u.full_name || '—'}</td>
                    <td><span className="pill" data-state={u.role === 'admin' ? 'sent' : 'draft'}><span className="pill-dot" />{u.role}</span></td>
                    <td>{u.email_verified ? <Icon name="check" size={12} color="var(--positive)" /> : <Icon name="x" size={12} color="var(--ink-3)" />}</td>
                    <td className="mono" style={{ fontSize: 11 }}>{u.doc_count}</td>
                    <td style={{ fontSize: 11, color: 'var(--ink-3)' }}>{u.created_at}</td>
                  </tr>
                ))}
              </tbody>
            </table>
          </div>
        )}
      </div>
    </AppShell>
  );
};

// ---------- Public verification ----------
const VerifyPage = () => {
  const params = new URLSearchParams(window.location.hash.split('?')[1] || '');
  const initialCode = params.get('code') || '';
  const [code, setCode] = React.useState(initialCode);
  const [busy, setBusy] = React.useState(false);
  const [result, setResult] = React.useState(null); // {verified, document, signers, ...} | {error}
  const [err, setErr] = React.useState(null);
  const fileRef = React.useRef(null);

// Auto-verify when ?code= is in the URL
  React.useEffect(() => { if (initialCode && initialCode.length >= 12) verifyByCode(initialCode); }, []);

return (
    <div className="saign-app" style={{ minHeight: '100vh', background: 'var(--paper)' }}>
      <div style={{ display: 'flex', alignItems: 'center', justifyContent: 'space-between',
                    padding: '20px 48px', borderBottom: '1px solid var(--line)' }}>
        <Link to="/" style={{ textDecoration: 'none' }}><Logo size={15} /></Link>
        <div style={{ fontSize: 12, color: 'var(--ink-3)' }}>
          Independent verification — no account needed
        </div>
      </div>
      <div style={{ maxWidth: 760, margin: '0 auto', padding: '48px 32px 64px' }}>
        <div className="eyebrow" style={{ marginBottom: 6 }}>Document verification</div>
        <h1 className="display" style={{ fontSize: 32, margin: 0, marginBottom: 8 }}>Is this signature legitimate?</h1>
        <p style={{ fontSize: 14, color: 'var(--ink-2)', margin: 0, marginBottom: 32, lineHeight: 1.55 }}>
          Enter the verification code printed on a Saign certificate, or drop in the signed PDF directly. We'll check it against the database and show you what we have on record.
        </p>

<div className="card" style={{ padding: 24, marginBottom: 18 }}>
          <h3 className="display" style={{ fontSize: 16, margin: 0, marginBottom: 12 }}>Verify by code</h3>
          <form onSubmit={(e) => { e.preventDefault(); verifyByCode(); }}
                style={{ display: 'flex', gap: 8, alignItems: 'flex-end' }}>
            <div className="field" style={{ flex: 1, marginBottom: 0 }}>
              <label>Verification code</label>
              <input value={code} onChange={e => setCode(e.target.value.toUpperCase())}
                     placeholder="VRF-XXXX-XXXX" maxLength={13} required
                     className="mono" style={{ fontSize: 16, letterSpacing: '0.1em' }} />
            </div>
            <button type="submit" className="btn" disabled={busy || code.length < 12}
                    style={{ opacity: (busy || code.length < 12) ? 0.5 : 1 }}>
              {busy ? 'Checking…' : <>Verify <Icon name="arrow" size={11} color="var(--paper)" /></>}
            </button>
          </form>
        </div>

<div className="card" style={{ padding: 24, marginBottom: 18 }}>
          <h3 className="display" style={{ fontSize: 16, margin: 0, marginBottom: 12 }}>Verify by file</h3>
          <p style={{ fontSize: 12, color: 'var(--ink-3)', margin: 0, marginBottom: 14, lineHeight: 1.55 }}>
            Drop a signed PDF (or any file) here. We compute its SHA-256 in your browser and check if it matches a document we have on record. The file never leaves your machine — only the hash is sent.
          </p>
          <input ref={fileRef} type="file" accept="application/pdf,.pdf"
                 onChange={(e) => verifyByFile(e.target.files?.[0])}
                 style={{ display: 'none' }} />
          <button type="button" onClick={() => fileRef.current?.click()}
                  className="btn btn-ghost" disabled={busy}>
            <Icon name="upload" size={11} /> Choose PDF to verify
          </button>
        </div>

{err && (
          <div style={{ background: '#fbeae6', border: '1px solid #e8b8a8', color: 'var(--danger)',
                        padding: '12px 14px', fontSize: 13, borderRadius: 2, marginBottom: 18 }}>
            {err}
          </div>
        )}

{result && <VerifyReport result={result} />}

<div style={{ marginTop: 32, padding: '14px 16px', background: 'var(--paper-2)',
                      border: '1px solid var(--line)', borderRadius: 2, fontSize: 11, color: 'var(--ink-3)', lineHeight: 1.55 }}>
          <strong style={{ color: 'var(--ink-2)', fontWeight: 500 }}>What this proves.</strong>{' '}
          A green result means the code or hash matches a record in Saign's database, and the document is referenced
          there with the audit trail shown. It does <em>not</em> currently prove eIDAS qualified-signature compliance —
          PAdES-LTA / TSA timestamps are on the roadmap.
        </div>
      </div>
    </div>
  );
};

<div className="eyebrow" style={{ marginBottom: 8 }}>Hashes</div>
        <div style={{ fontSize: 11, marginBottom: 18 }}>
          <div style={{ display: 'flex', gap: 8, alignItems: 'baseline', marginBottom: 6 }}>
            <span style={{ color: 'var(--ink-3)', minWidth: 90 }}>Original</span>
            <span className="mono" style={{ wordBreak: 'break-all', flex: 1 }}>{d.sha256 || '—'}</span>
          </div>
          <div style={{ display: 'flex', gap: 8, alignItems: 'baseline' }}>
            <span style={{ color: 'var(--ink-3)', minWidth: 90 }}>Signed copy</span>
            <span className="mono" style={{ wordBreak: 'break-all', flex: 1 }}>{d.sha256_signed || '—'}</span>
          </div>
        </div>

<div className="eyebrow" style={{ marginBottom: 8 }}>Signers</div>
        <div style={{ borderTop: '1px solid var(--line-2)' }}>
          {result.signers?.map((s, i) => (
            <div key={i} style={{ padding: '12px 0', borderBottom: '1px solid var(--line-2)' }}>
              <div style={{ display: 'flex', alignItems: 'center', gap: 8, marginBottom: 4, flexWrap: 'wrap' }}>
                <span style={{ fontWeight: 500, fontSize: 13 }}>{s.name}</span>
                <span style={{ fontSize: 11, color: 'var(--ink-3)' }}>·</span>
                <span style={{ fontSize: 11, color: 'var(--ink-3)' }}>{s.email}</span>
                <span style={{ flex: 1 }} />
                {s.id_verified && (
                  <span style={{ display: 'inline-flex', alignItems: 'center', gap: 4,
                                 fontSize: 10, padding: '2px 7px', background: '#e7f0ea',
                                 color: 'var(--positive)', border: '1px solid #9fbfa8',
                                 borderRadius: 1, fontWeight: 500 }}>
                    <Icon name="shield" size={9} color="var(--positive)" /> ID verified
                    {s.id_country && <span className="mono" style={{ opacity: 0.75 }}>· {s.id_country}</span>}
                  </span>
                )}
                <span className="pill" data-state={s.status === 'signed' ? 'signed' : s.status === 'declined' ? 'declined' : 'sent'}>
                  <span className="pill-dot" />{s.status}
                </span>
              </div>
              <div className="mono" style={{ fontSize: 10, color: 'var(--ink-3)' }}>
                {s.signed_at ? <>signed {s.signed_at}</> : 'not yet signed'}
                {s.signed_method && <> · {s.signed_method}</>}
                {s.ip_masked && <> · ip {s.ip_masked}</>}
                {s.location && <> · {s.location} ({s.location_source})</>}
              </div>
            </div>
          ))}
        </div>

{result.audit_chain_tip && (
          <>
            <div className="eyebrow" style={{ marginTop: 18, marginBottom: 6 }}>Audit chain tip</div>
            <div className="mono" style={{ fontSize: 10, color: 'var(--ink-3)', wordBreak: 'break-all' }}>
              {result.audit_chain_tip.action} @ {result.audit_chain_tip.created_at} · {result.audit_chain_tip.hash}
            </div>
          </>
        )}
      </div>
    </div>
  );
};

// ---------- Legal / static pages ----------
const LegalShell = ({ title, eyebrow, children }) => (
  <div className="saign-app" style={{ minHeight: '100vh', background: 'var(--paper)' }}>
    <div style={{ display: 'flex', alignItems: 'center', justifyContent: 'space-between',
                  padding: '20px 48px', borderBottom: '1px solid var(--line)' }}>
      <Link to="/" style={{ textDecoration: 'none' }}><Logo size={15} /></Link>
      <div style={{ display: 'flex', gap: 18, alignItems: 'center', fontSize: 12 }}>
        <Link to="/privacy" className="btn-link">Privacy</Link>
        <Link to="/terms" className="btn-link">Terms</Link>
        <Link to="/cookies" className="btn-link">Cookies</Link>
        <Link to="/subprocessors" className="btn-link">Subprocessors</Link>
        <Link to="/security" className="btn-link">Security</Link>
      </div>
    </div>
    <div style={{ maxWidth: 760, margin: '0 auto', padding: '48px 32px 80px' }}>
      <div className="eyebrow" style={{ marginBottom: 8 }}>{eyebrow}</div>
      <h1 className="display" style={{ fontSize: 36, margin: 0, marginBottom: 28 }}>{title}</h1>
      <div style={{ fontSize: 14, color: 'var(--ink-2)', lineHeight: 1.65 }}>{children}</div>
      <div style={{ marginTop: 40, fontSize: 11, color: 'var(--ink-3)' }}>
        Last updated 2026-04-27. This is a template — adapt to your jurisdiction with a lawyer before going live.
      </div>
    </div>
  </div>
);

// ---------- Settings ----------
const SettingsPage = () => {
  const { user } = useAuth();
  const toast = useToast();
  const [me, setMe] = React.useState(null);
  const [name, setName] = React.useState('');
  const [savingName, setSavingName] = React.useState(false);

const [pwCur, setPwCur] = React.useState('');
  const [pwNew, setPwNew] = React.useState('');
  const [pwNew2, setPwNew2] = React.useState('');
  const [pwBusy, setPwBusy] = React.useState(false);
  const [pwErr, setPwErr] = React.useState(null);

const [sessions, setSessions] = React.useState(null);

const SectionCard = ({ title, hint, children }) => (
    <div className="card" style={{ padding: 20, marginBottom: 18 }}>
      <div style={{ marginBottom: 14 }}>
        <h3 className="display" style={{ fontSize: 16, margin: 0, marginBottom: 4 }}>{title}</h3>
        {hint && <p style={{ fontSize: 11, color: 'var(--ink-3)', margin: 0 }}>{hint}</p>}
      </div>
      {children}
    </div>
  );

return (
    <AppShell active="settings" title="Account">
      <div style={{ padding: '28px 48px', maxWidth: 720 }}>
        <div className="eyebrow" style={{ marginBottom: 6 }}>Account</div>
        <h2 className="display" style={{ fontSize: 24, margin: 0, marginBottom: 22 }}>Settings</h2>

<SectionCard title="Profile" hint="Visible on signed documents and invitation emails.">
          {!me ? <div style={{ fontSize: 12, color: 'var(--ink-3)' }}>Loading…</div> : (
            <form onSubmit={saveName} style={{ display: 'flex', flexDirection: 'column', gap: 12 }}>
              <div className="field"><label>Email</label>
                <input value={me.email} disabled
                       style={{ background: 'var(--paper-2)', color: 'var(--ink-3)' }} />
                <div className="field-hint">Email cannot be changed self-service.</div>
              </div>
              <div className="field"><label>Full name</label>
                <input value={name} onChange={e => setName(e.target.value)} required maxLength={120} />
              </div>
              <div className="field"><label>Role</label>
                <input value={me.role} disabled style={{ background: 'var(--paper-2)', color: 'var(--ink-3)' }} />
              </div>
              <div className="field"><label>Member since</label>
                <input value={me.created_at || ''} disabled className="mono"
                       style={{ background: 'var(--paper-2)', color: 'var(--ink-3)', fontSize: 11 }} />
              </div>
              <div>
                <button type="submit" className="btn" disabled={savingName || name.trim() === (me.full_name || '')}
                        style={{ opacity: (savingName || name.trim() === (me.full_name || '')) ? 0.5 : 1 }}>
                  {savingName ? 'Saving…' : 'Save profile'}
                </button>
              </div>
            </form>
          )}
        </SectionCard>

<SectionCard title="Password" hint="Changing your password will sign out all other devices.">
          <form onSubmit={changePw} style={{ display: 'flex', flexDirection: 'column', gap: 12 }}>
            <div className="field"><label>Current password</label>
              <input type="password" autoComplete="current-password"
                     value={pwCur} onChange={e => setPwCur(e.target.value)} required />
            </div>
            <div className="field"><label>New password</label>
              <input type="password" autoComplete="new-password" minLength={8}
                     value={pwNew} onChange={e => setPwNew(e.target.value)} required />
              <div className="field-hint">Min. 8 characters. Hashed with PBKDF2-SHA256.</div>
            </div>
            <div className="field"><label>Confirm new password</label>
              <input type="password" autoComplete="new-password" minLength={8}
                     value={pwNew2} onChange={e => setPwNew2(e.target.value)} required />
            </div>
            {pwErr && (
              <div style={{ background: '#fbeae6', border: '1px solid #e8b8a8', color: 'var(--danger)',
                            padding: '8px 12px', fontSize: 12, borderRadius: 2 }}>{pwErr}</div>
            )}
            <div>
              <button type="submit" className="btn" disabled={pwBusy} style={{ opacity: pwBusy ? 0.5 : 1 }}>
                {pwBusy ? 'Changing…' : 'Change password'}
              </button>
            </div>
          </form>
        </SectionCard>

<SectionCard title="Active sessions" hint="Devices currently signed in. Sign out anything you don't recognise.">
          {!sessions ? <div style={{ fontSize: 12, color: 'var(--ink-3)' }}>Loading…</div> :
           sessions.length === 0 ? <div style={{ fontSize: 12, color: 'var(--ink-3)' }}>No active sessions.</div> : (
            <div style={{ borderTop: '1px solid var(--line-2)' }}>
              {sessions.map(s => (
                <div key={s.id} style={{ display: 'flex', alignItems: 'center', gap: 12,
                                          padding: '10px 0', borderBottom: '1px solid var(--line-2)' }}>
                  <div style={{ flex: 1, minWidth: 0 }}>
                    <div style={{ fontSize: 12, color: 'var(--ink)' }}>
                      {s.user_agent ? s.user_agent.slice(0, 60) + (s.user_agent.length > 60 ? '…' : '') : 'Unknown device'}
                      {s.current && (
                        <span className="pill" data-state="signed" style={{ marginLeft: 8, fontSize: 9 }}>
                          <span className="pill-dot" />Current
                        </span>
                      )}
                    </div>
                    <div className="mono" style={{ fontSize: 10, color: 'var(--ink-3)', marginTop: 2 }}>
                      {s.ip || '—'} · started {s.created_at} · expires {s.expires_at}
                    </div>
                  </div>
                  {!s.current && (
                    <button className="btn btn-ghost btn-sm" onClick={() => revoke(s.id)}>
                      <Icon name="x" size={11} /> Sign out
                    </button>
                  )}
                </div>
              ))}
            </div>
          )}
        </SectionCard>

<SectionCard title="Mail delivery" hint="How invitation emails leave Saign.">
          <div style={{ display: 'flex', alignItems: 'center', gap: 12 }}>
            <span className="pill" data-state={me?.mail_provider === 'resend' ? 'signed' : 'draft'}>
              <span className="pill-dot" />
              {me?.mail_provider === 'resend' ? 'Resend (live)' : 'Dev (no provider)'}
            </span>
            <span style={{ fontSize: 11, color: 'var(--ink-3)' }}>
              {me?.mail_provider === 'resend'
                ? 'Invitations are delivered via Resend.'
                : 'Set RESEND_API_KEY to enable real delivery. Until then, copy links manually.'}
            </span>
          </div>
        </SectionCard>

<SectionCard title="Danger zone"
                     hint="Permanently delete your account and all associated documents (GDPR Art. 17).">
          <DeleteAccountBlock />
        </SectionCard>
      </div>
    </AppShell>
  );
};

const TwoFactorBlock = ({ me, onChanged }) => {
  const toast = useToast();
  const [enrolling, setEnrolling] = React.useState(null); // { secret, otpauth_uri }
  const [code, setCode] = React.useState('');
  const [busy, setBusy] = React.useState(false);
  const [pw, setPw] = React.useState('');
  const [showDisable, setShowDisable] = React.useState(false);

if (me?.mfa_enabled) {
    return (
      <div>
        <div style={{ display: 'flex', alignItems: 'center', gap: 10, marginBottom: 12 }}>
          <span className="pill" data-state="signed"><span className="pill-dot" />Enabled</span>
          <span style={{ fontSize: 12, color: 'var(--ink-2)' }}>You'll need a code from your authenticator at every sign-in.</span>
        </div>
        {!showDisable ? (
          <button className="btn btn-ghost btn-sm" onClick={() => setShowDisable(true)}>
            <Icon name="x" size={11} /> Disable 2FA
          </button>
        ) : (
          <form onSubmit={disable} style={{ display: 'flex', gap: 8, alignItems: 'flex-end' }}>
            <div className="field" style={{ flex: 1, marginBottom: 0 }}>
              <label>Confirm with password</label>
              <input type="password" value={pw} onChange={e => setPw(e.target.value)} required autoFocus />
            </div>
            <button type="submit" className="btn btn-sm" disabled={busy} style={{ color: 'var(--danger)', opacity: busy ? 0.5 : 1 }}>
              Disable
            </button>
            <button type="button" className="btn btn-ghost btn-sm" onClick={() => { setShowDisable(false); setPw(''); }}>
              Cancel
            </button>
          </form>
        )}
      </div>
    );
  }

if (!enrolling) {
    return (
      <div>
        <div style={{ display: 'flex', alignItems: 'center', gap: 10, marginBottom: 12 }}>
          <span className="pill" data-state="draft"><span className="pill-dot" />Off</span>
          <span style={{ fontSize: 12, color: 'var(--ink-2)' }}>Recommended for any account that signs documents.</span>
        </div>
        <button className="btn" onClick={begin} disabled={busy} style={{ opacity: busy ? 0.5 : 1 }}>
          <Icon name="lock" size={11} color="var(--paper)" /> {busy ? 'Starting…' : 'Enable 2FA'}
        </button>
      </div>
    );
  }

return (
    <form onSubmit={confirm}>
      <div style={{ marginBottom: 14, fontSize: 12, color: 'var(--ink-2)', lineHeight: 1.55 }}>
        1. Scan this QR code with your authenticator app (Google Authenticator, Authy, 1Password, Microsoft Authenticator, etc.).
      </div>
      <div style={{ display: 'flex', gap: 16, marginBottom: 14, flexWrap: 'wrap', alignItems: 'flex-start' }}>
        <TotpQrCode uri={enrolling.otpauth_uri} size={200} />
        <div style={{ flex: 1, minWidth: 220 }}>
          <div className="eyebrow" style={{ marginBottom: 6 }}>Or enter the secret manually</div>
          <div className="mono" style={{ fontSize: 13, letterSpacing: '0.1em', wordBreak: 'break-all',
                                         padding: '8px 10px', background: 'var(--paper-2)',
                                         border: '1px solid var(--line)', borderRadius: 2, marginBottom: 8 }}>
            {enrolling.secret}
          </div>
          <button type="button" className="btn-link" style={{ fontSize: 11 }}
                  onClick={() => navigator.clipboard?.writeText(enrolling.secret).then(
                    () => toast.push('Secret copied'),
                    () => {})}>
            Copy secret
          </button>
          <div style={{ marginTop: 14, fontSize: 11, color: 'var(--ink-3)', lineHeight: 1.5 }}>
            Algorithm: SHA-1 · Digits: 6 · Period: 30s. The standard Google
            Authenticator defaults — should "just work" in any compliant app.
          </div>
        </div>
      </div>
      <div className="field"><label>2. Enter the current 6-digit code from your app</label>
        <input value={code} onChange={e => setCode(e.target.value.replace(/\D/g, '').slice(0, 6))}
               maxLength={6} inputMode="numeric" autoFocus required
               style={{ fontFamily: 'var(--mono)', fontSize: 22, letterSpacing: '0.4em', textAlign: 'center' }} />
      </div>
      <div style={{ display: 'flex', gap: 8, marginTop: 12 }}>
        <button type="submit" className="btn" disabled={busy || code.length !== 6}
                style={{ opacity: (busy || code.length !== 6) ? 0.5 : 1 }}>
          {busy ? 'Verifying…' : 'Confirm and enable'}
        </button>
        <button type="button" className="btn btn-ghost" onClick={() => setEnrolling(null)}>Cancel</button>
      </div>
    </form>
  );
};

const RetentionBlock = ({ me, onChanged }) => {
  const toast = useToast();
  const [years, setYears] = React.useState(me?.retention_years ?? 10);
  const [busy, setBusy] = React.useState(false);
  React.useEffect(() => { if (me?.retention_years != null) setYears(me.retention_years); }, [me?.retention_years]);

const exportData = () => {
    // Authenticated GET — open in new tab triggers download via Content-Disposition.
    const url = (typeof window !== 'undefined' && window.SAIGN_API ? window.SAIGN_API : '') + '/api/auth/export';
    window.open(url, '_blank', 'noopener');
  };

return (
    <div>
      <div style={{ display: 'flex', gap: 8, alignItems: 'flex-end', marginBottom: 16 }}>
        <div className="field" style={{ flex: 1, marginBottom: 0 }}>
          <label>Retention period (years)</label>
          <input type="number" min={1} max={30} value={years}
                 onChange={e => setYears(e.target.value)} />
          <div className="field-hint">Signed documents auto-purge after this many years (default 10).</div>
        </div>
        <button className="btn btn-sm" onClick={save} disabled={busy || Number(years) === me?.retention_years}
                style={{ opacity: busy || Number(years) === me?.retention_years ? 0.5 : 1 }}>
          {busy ? 'Saving…' : 'Save'}
        </button>
      </div>
      <button className="btn btn-ghost btn-sm" onClick={exportData}>
        <Icon name="download" size={11} /> Export all my data (JSON)
      </button>
    </div>
  );
};

const DeleteAccountBlock = () => {
  const { logout } = useAuth();
  const toast = useToast();
  const [open, setOpen] = React.useState(false);
  const [pw, setPw] = React.useState('');
  const [confirm, setConfirm] = React.useState('');
  const [busy, setBusy] = React.useState(false);

if (!open) return (
    <button className="btn btn-ghost" onClick={() => setOpen(true)} style={{ color: 'var(--danger)' }}>
      <Icon name="x" size={11} color="var(--danger)" /> Delete my account
    </button>
  );
  return (
    <form onSubmit={submit} style={{ display: 'flex', flexDirection: 'column', gap: 12 }}>
      <div style={{ background: '#fbeae6', border: '1px solid #e8b8a8', color: 'var(--danger)',
                    padding: '10px 12px', fontSize: 12, borderRadius: 2, lineHeight: 1.5 }}>
        <strong>This is permanent.</strong> All your draft and sent documents are removed from your view.
        Audit data is retained per legal retention policy. Signing links stop working immediately.
      </div>
      <div className="field"><label>Password</label>
        <input type="password" value={pw} onChange={e => setPw(e.target.value)} required autoFocus />
      </div>
      <div className="field"><label>Type <span className="mono">DELETE</span> to confirm</label>
        <input value={confirm} onChange={e => setConfirm(e.target.value)} required pattern="DELETE" />
      </div>
      <div style={{ display: 'flex', gap: 8 }}>
        <button type="submit" className="btn" disabled={busy || confirm !== 'DELETE'}
                style={{ background: 'var(--danger)', opacity: (busy || confirm !== 'DELETE') ? 0.5 : 1 }}>
          {busy ? 'Deleting…' : 'Permanently delete account'}
        </button>
        <button type="button" className="btn btn-ghost" onClick={() => { setOpen(false); setPw(''); setConfirm(''); }}>
          Cancel
        </button>
      </div>
    </form>
  );
};

// ---------- Error pages ----------
const NotFoundPage = () => (
  <div className="saign-app" style={{ minHeight: '100vh', display: 'flex', alignItems: 'center', justifyContent: 'center', padding: 32 }}>
    <div style={{ textAlign: 'center', maxWidth: 420 }}>
      <Logo size={16} />
      <h2 className="display" style={{ fontSize: 28, margin: '24px 0 8px' }}>Not found</h2>
      <p style={{ fontSize: 13, color: 'var(--ink-2)', margin: 0, marginBottom: 24 }}>That page doesn't exist or you don't have access.</p>
      <Link to="/dashboard" className="btn" style={{ textDecoration: 'none' }}>Back to documents</Link>
    </div>
  </div>
);

const ErrorTokenPage = () => (
  <div className="saign-app" style={{ minHeight: '100vh', display: 'flex', alignItems: 'center', justifyContent: 'center', padding: 32 }}>
    <div style={{ textAlign: 'center', maxWidth: 420 }}>
      <div style={{ width: 56, height: 56, margin: '0 auto 22px', borderRadius: '50%',
        background: 'var(--paper-2)', display: 'flex', alignItems: 'center', justifyContent: 'center', border: '1px solid var(--line)' }}>
        <Icon name="x" size={20} color="var(--danger)" />
      </div>
      <h2 className="display" style={{ fontSize: 24, margin: 0, marginBottom: 8 }}>This link is invalid or expired.</h2>
      <p style={{ fontSize: 13, color: 'var(--ink-2)', margin: 0, marginBottom: 24, lineHeight: 1.5 }}>
        Signing links are single‑use. Ask the sender to resend.
      </p>
      <Link to="/" className="btn-link">Back to home</Link>
    </div>
  </div>
);

// ---------- Router ----------
const Router = () => {
  const hash = useHash();
  const { path, seg } = parsePath(hash.split('?')[0]);

if (path === '/' || path === '')      return <LandingPage />;
  if (path === '/login')                return <LoginPage />;
  if (path === '/register')             return <RegisterPage />;
  if (path.startsWith('/verify-email')) return <VerifyEmailPage />;
  if (path.startsWith('/verify-token')) return <VerifyTokenPage />;
  if (path.startsWith('/verify'))       return <VerifyPage />;
  if (path === '/privacy')              return <LegalPage which="privacy" />;
  if (path === '/terms')                return <LegalPage which="terms" />;
  if (path === '/cookies')              return <LegalPage which="cookies" />;
  if (path === '/subprocessors')        return <LegalPage which="subprocessors" />;
  if (path === '/security')             return <LegalPage which="security" />;

if (seg[0] === 'sign' && seg[1]) {
    if (seg[2] === 'done') return <SignedReceiptPage token={seg[1]} />;
    return <PublicSignPage token={seg[1]} />;
  }

// Protected from here
  const protectedRoute = () => {
    if (seg[0] === 'dashboard') {
      const f = seg[1];
      const filter = f === 'drafts' ? 'draft' :
                     (f === 'sent' || f === 'signed' || f === 'archived') ? f : 'all';
      return <DashboardPage filter={filter} />;
    }
    if (seg[0] === 'documents' && seg[1] === 'new') {
      if (!seg[2])              return <NewDocStep1 />;
      if (seg[2] === 'signers') return <NewDocStep2 />;
      if (seg[2] === 'fields')  return <NewDocStep3Fields />;
      if (seg[2] === 'review')  return <NewDocStep3 />;
    }
    if (seg[0] === 'documents' && seg[1]) {
      if (seg[2] === 'audit') return <AuditPage id={seg[1]} />;
      return <DocumentDetailPage id={seg[1]} />;
    }
    if (seg[0] === 'admin') {
      if (seg[1] === 'users') return <AdminUsersPage />;
      if (seg[1] === 'audit') return <AdminAuditPage />;
    }
    if (seg[0] === 'settings' || seg[0] === 'account') return <SettingsPage />;
    return <NotFoundPage />;
  };

return <RequireAuth>{protectedRoute()}</RequireAuth>;
};

const App = () => (
  <AuthProvider>
    <ToastProvider>
      <Router />
      <CookieBanner />
    </ToastProvider>
  </AuthProvider>
);

ReactDOM.createRoot(document.getElementById('root')).render(<App />);

{title}

Sign and send, without ceremony.

Boring on purpose. Reliable by design.

Three steps. No training required.

Whoever signs the most paperwork in the room.

Compliance isn't a checkbox.

Start free. Pay when it matters.

The questions we always get.

Ready to send the first one?

Sign and send, without ceremony.

{mfaPending ? 'Two-factor code' : 'Welcome back.'}

Start signing in under a minute.

Create your account.

Verify your email

{state === 'busy' ? 'Verifying…' : state === 'ok' ? 'Email verified.' : 'Link invalid or expired.'}

{doc.title}

Add a signer first

New document

Add signers

Review and send

Confirm your identity

Sign and send,
without ceremony.

Sign and send,
without ceremony.

Start signing in
under a minute.