DoSign Platform

План и статус

Overall 62% / Stage 3 95%
Текущ фокус

Stage 3: Workflow Engine

В момента държим подписващите сесии защитени и tenant-scoped, без публични signing links, raw session tokens, реално PDF подписване или final legal evidence claims.

Overall 62% Stage 3 95%
Build
Tests passing
Testlab
testlab.dosign.cc
MVP
Browser + 2FA
Evidence
Scaffold only
Admin
Safe lookup
Overall 62%

Roadmap progress across platform stages.

Current stage 95%

Workflow engine read/setup/command and UI safety is in place.

Security Tenant-scoped

Rate-limit, API authorization and audit hooks stay in front.

Shelf Wacom/QES/GA

Vendor signing, cloud QES/KEP, analytics and anti-abuse stay documented for later.

Roadmap

Етапи и статус

docs/ROADMAP.md
0
Done

Stage 0 - Foundation

100%

Environment, solution structure and first project guardrails.

  • Solution skeleton and baseline web/API projects.
  • Initial docs and roadmap tracking.
  • Smoke-test path for local status checks.
1
Done

Stage 1 - Tenant and API Core

100%

Tenant isolation, API keys and guarded integration entry points.

  • Tenant-aware API authorization.
  • Protected integration headers and safe error responses.
  • Baseline admin/smoke coverage.
2
Done

Stage 2 - Storage, Evidence and Guardrails

100%

Private encrypted storage plus protected artifact/status/download boundaries.

  • Private encrypted storage and field-level signer protection.
  • Protected workflow/document status, download, artifact, start, cancel and expire boundaries.
  • No-store/no-cache/nosniff headers on protected streams and safe JSON responses.
  • PostgreSQL-backed rate-limit policy, counter admin and cleanup.
  • Evidence ZIP/report scaffolds without real PDF sealing or final evidence generation.
  • Legal policy admin, ERP/CRM smoke examples and redaction coverage.
  • +18 още guardrails са проследени в roadmap/docs.
3
In progress

Stage 3 - Workflow Engine

95%

Signer-role workflows, safe session setup/read models, guarded command routes and display-only task surfaces.

  • WorkflowTemplate, signer steps, transition rules and EF-backed evidence events.
  • Protected engine-status and admin/template visibility.
  • Signer command preflight and execution endpoints for viewed, signed, decline and resend.
  • Fingerprint-only signer-session proof setup with bounded lifetime and cleanup.
  • Protected task-session read model with no session material or command execution in the DTO.
  • GET/POST method closure plus OPTIONS/HEAD no-CORS hardening for signer runtime paths.
  • Protected admin signer task-session lookup renders the shared display-only panel.
  • Protected admin signer-command preflight visibility renders the shared display-only panel.
  • Protected admin signer-session setup renders the shared display-only setup panel.
  • Admin signer task/setup/preflight validation closes unsafe markers before tenant or identity lookup.
  • Shared signer-command execution results render through a DTO-only display panel.
  • MAUI shell placeholder renders shared task/preflight/setup/execution panels with null DTOs only.
  • MAUI CSS shell guardrails block remote assets and hidden signer task panels.
4
Next

Stage 4 - ERP/CRM Packaging

45%

Package repeatable operator flows and external system handoff examples.

  • Keep smoke examples aligned with protected workflow APIs.
  • Document operator handoff and failure-mode playbooks.
  • Preserve no-public-link and no-delivery-surprise defaults.
5
Planned

Stage 5 - PDF Signing and Legal Evidence

32%

Implement real PDF sealing only after the current guardrails are stable.

  • Real PDF signing remains disabled.
  • Final legal evidence generation remains disabled.
  • Existing placeholders must keep saying they are placeholders.
6
Shelved

Stage 6 - Cloud/Virtual QES/KEP

18%

Keep external trust-service integrations documented while the browser + 2FA MVP proves out.

  • Provider metadata must stay out of safe DTOs until implemented.
  • No provider SDK, callback, public link or signing session wiring in the MVP.
  • Secrets stay server-side when the shelf is reopened.
7
Planned

Stage 7 - MAUI App

10%

Mobile/desktop client work after runtime signing surfaces are safe.

  • Use protected APIs only.
  • No embedded public signing links.
  • No raw session material in client-visible state.
  • Wacom/S Pen/biometric SDK capture stays shelved.
8
Planned

Stage 8 - Product Hardening

14%

Polish observability, training materials and later analytics/anti-abuse setup.

  • GA and reCAPTCHA stay on the shelf until explicit runtime work starts.
  • Training and readiness docs continue to track shipped behavior.
  • Hardening tests stay close to every newly opened surface.
An unhandled error has occurred. Reload 🗙

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please retry or reload the page.