MokoConsulting/MokoSuite
0
0
Fork 0
Code Issues 73 Pull Requests 1 Releases 1 Wiki Activity

Native e-signature component for MokoSuite CRM #197

New Issue
Open
opened 2026-06-06 17:14:17 +00:00 by jmiller · 1 comment
jmiller commented 2026-06-06 17:14:17 +00:00
Owner
Copy Link
Copy Source

Summary

Build a Joomla-native e-signature system for MokoWaaS CRM, based on the feature set of MokoDoliSign (Dolibarr module ID 185050). This is a self-contained signature solution — no third-party e-signature service dependency.

Parent issue: #192

Features (from MokoDoliSign blueprint)

Signature Request Workflow

  • Full lifecycle: Draft → Pending → InProgress → Completed / Declined / Expired / Cancelled
  • Multi-signer support with independent secure tokens (no Joomla login required for signers)
  • Configurable expiry with automated cron-based expiration
  • Batch operations: send to multiple signers simultaneously

Document Management

  • WYSIWYG editor for inline agreement creation
  • PDF, DOC, DOCX file uploads
  • Auto-generate PDF from description text (TCPDF or Joomla PDF library)
  • Secure document storage under Joomla media directory

Signature Capture

  • HTML5 Canvas with responsive drawing
  • Touch-friendly (mobile, tablet, stylus, finger)
  • Real-time signature preview
  • Multiple types: draw, upload, text-based

Identity Verification (Configurable per request)

  • Selfie capture via device camera
  • Government ID photo capture
  • GPS geolocation (latitude, longitude, accuracy)
  • IP address and user agent tracking

Audit Trail

  • Complete event log: CREATED, SENT, VIEWED, SIGNED, DECLINED, EXPIRED, CANCELLED, REMINDED
  • Public verification page (no auth required)
  • Timestamped with IP, user agent, geolocation

Email Integration

  • Automated signing link emails with secure tokens
  • Completion, decline, expiry, reminder notifications
  • Decline reason capture

Self-Service Portal

  • Signer enters email → sees all pending requests
  • No Joomla login required — token-based access

Database Tables

#__mokowaas_crm_esign_requests

  • id, ref (auto: SIG-000001), title, description
  • document_path, status (draft/pending/inprogress/completed/declined/expired/cancelled)
  • require_selfie, require_id, require_otp
  • date_creation, date_sent, date_expiry, date_signature
  • created_by, contact_id (FK to Joomla contact)

#__mokowaas_crm_esign_signers

  • id, request_id (FK), role, email, firstname, lastname
  • token (128-char unique), status (pending/viewed/signed/declined)
  • signature_data (base64 PNG), signature_type
  • selfie_path, id_path, ip_address, user_agent
  • geo_lat, geo_lon, geo_country, geo_city
  • date_sent, date_viewed, date_signed

#__mokowaas_crm_esign_events

  • id, request_id (FK), signer_id (FK, nullable)
  • code (CREATED/SENT/VIEWED/SIGNED/etc.), label, description
  • ip, user_agent, created

Implementation

  • New plugin or extend plg_system_mokowaas_crm
  • Public signing pages (no auth): /component/mokowaas/?view=sign&token=xxx
  • Public verification: /component/mokowaas/?view=verify&id=xxx
  • REST API endpoints for CRUD operations
  • Scheduled tasks: expire, remind, purge (via plg_task_mokowaas_esign)

Compliance

  • eIDAS (EU), ESIGN Act (US) compliant audit trail
  • GDPR: explicit/implicit consent modes
  • Complete chain of custody: who, when, where, how
## Summary Build a Joomla-native e-signature system for MokoWaaS CRM, based on the feature set of MokoDoliSign (Dolibarr module ID 185050). This is a self-contained signature solution — no third-party e-signature service dependency. **Parent issue:** #192 ## Features (from MokoDoliSign blueprint) ### Signature Request Workflow - Full lifecycle: Draft → Pending → InProgress → Completed / Declined / Expired / Cancelled - Multi-signer support with independent secure tokens (no Joomla login required for signers) - Configurable expiry with automated cron-based expiration - Batch operations: send to multiple signers simultaneously ### Document Management - WYSIWYG editor for inline agreement creation - PDF, DOC, DOCX file uploads - Auto-generate PDF from description text (TCPDF or Joomla PDF library) - Secure document storage under Joomla media directory ### Signature Capture - HTML5 Canvas with responsive drawing - Touch-friendly (mobile, tablet, stylus, finger) - Real-time signature preview - Multiple types: draw, upload, text-based ### Identity Verification (Configurable per request) - Selfie capture via device camera - Government ID photo capture - GPS geolocation (latitude, longitude, accuracy) - IP address and user agent tracking ### Audit Trail - Complete event log: CREATED, SENT, VIEWED, SIGNED, DECLINED, EXPIRED, CANCELLED, REMINDED - Public verification page (no auth required) - Timestamped with IP, user agent, geolocation ### Email Integration - Automated signing link emails with secure tokens - Completion, decline, expiry, reminder notifications - Decline reason capture ### Self-Service Portal - Signer enters email → sees all pending requests - No Joomla login required — token-based access ## Database Tables ### `#__mokowaas_crm_esign_requests` - `id`, `ref` (auto: SIG-000001), `title`, `description` - `document_path`, `status` (draft/pending/inprogress/completed/declined/expired/cancelled) - `require_selfie`, `require_id`, `require_otp` - `date_creation`, `date_sent`, `date_expiry`, `date_signature` - `created_by`, `contact_id` (FK to Joomla contact) ### `#__mokowaas_crm_esign_signers` - `id`, `request_id` (FK), `role`, `email`, `firstname`, `lastname` - `token` (128-char unique), `status` (pending/viewed/signed/declined) - `signature_data` (base64 PNG), `signature_type` - `selfie_path`, `id_path`, `ip_address`, `user_agent` - `geo_lat`, `geo_lon`, `geo_country`, `geo_city` - `date_sent`, `date_viewed`, `date_signed` ### `#__mokowaas_crm_esign_events` - `id`, `request_id` (FK), `signer_id` (FK, nullable) - `code` (CREATED/SENT/VIEWED/SIGNED/etc.), `label`, `description` - `ip`, `user_agent`, `created` ## Implementation - New plugin or extend `plg_system_mokowaas_crm` - Public signing pages (no auth): `/component/mokowaas/?view=sign&token=xxx` - Public verification: `/component/mokowaas/?view=verify&id=xxx` - REST API endpoints for CRUD operations - Scheduled tasks: expire, remind, purge (via `plg_task_mokowaas_esign`) ## Compliance - eIDAS (EU), ESIGN Act (US) compliant audit trail - GDPR: explicit/implicit consent modes - Complete chain of custody: who, when, where, how
jmiller commented 2026-06-06 17:59:34 +00:00
Author
Owner
Copy Link
Copy Source

DocuSign-Competitive Feature Parity

To compete with DocuSign, the e-signature system needs these features beyond what's already planned:

Document Preparation & Field Placement

  • Drag-and-drop field placement on PDF pages (signature, initials, date, text, checkbox, dropdown)
  • Template library — reusable document templates with pre-placed fields
  • Bulk send — send same template to many recipients at once
  • Multiple documents per envelope — group related docs in one signing session
  • Initials required per page (configurable per request)
  • Custom form fields — text input, checkbox, radio, dropdown that signers fill in

Signing Experience

  • Sequential or parallel signing — enforce signing order or allow simultaneous
  • In-person signing mode — hand device to signer, they sign in front of you
  • Mobile-optimized signing interface (responsive, touch-friendly)
  • Signer comments/questions — signers can ask questions without declining
  • Delegated signing — signer can delegate to someone else
  • Custom branding — tenant logo, colors, custom email templates on signing pages

Identity Verification (tiered, configurable)

  • Email verification (default — click link)
  • SMS/OTP verification (already planned: smart/always/never)
  • Selfie + ID photo (already in schema — encrypted at rest)
  • Knowledge-based authentication (future: security questions)
  • GPS geolocation capture (already in schema)

Lifecycle Management

  • Void — cancel a sent request, notify all signers
  • Correct and resend — fix a mistake without creating new request
  • Auto-reminders — configurable intervals (1 day, 3 days, 7 days)
  • Expiry warnings — email X days before expiry
  • Download signed PDF with signatures embedded on the document
  • Certificate of Completion — separate PDF with full audit trail

PDF Generation

  • Merge signatures onto PDF — embed signature images at placed coordinates
  • Flatten PDF — produce final non-editable signed document
  • Certificate page appended to signed document (who, when, where, IP, geolocation)
  • QR code on certificate linking to public verification page

Payment at Signing

  • Collect payment during signing — Stripe/PayPal integration at checkout step
  • Links to ERP invoicing — auto-generate invoice on signature completion

Reporting & Analytics

  • Completion rates (% of requests fully signed)
  • Average time to sign
  • Signer activity dashboard
  • Declined/expired trends

API & Embedding

  • Full REST API for programmatic request creation (already built)
  • Embeddable signing — iframe/JS widget for embedding in external sites
  • Webhook notifications on status changes (signed, declined, expired)

New Database Tables Needed

#__mokowaas_erp_esign_templates — Reusable document templates

id, title, description, document_path, fields (JSON), 
require_selfie, require_id, require_otp,
created_by, created, modified

#__mokowaas_erp_esign_fields — Placed fields on document pages

id, request_id, signer_id, page, type (signature/initials/date/text/checkbox/dropdown),
x, y, width, height, required, label, options (JSON for dropdown),
value, completed

#__mokowaas_erp_esign_comments — Signer questions/comments

id, request_id, signer_id, body, created

Competitive Positioning vs DocuSign

Feature DocuSign MokoWaaS+ERP
Pricing $10-65/user/month Included in ERP license
Self-hosted No (cloud only) Yes — full data ownership
ERP integration Via Zapier/API Native (same database)
Custom branding Enterprise plan only All tiers
ID verification Add-on cost Built-in
Payment collection Via integration Native Stripe/PayPal
API access Developer plan All tiers
Data sovereignty US/EU cloud regions Your server, your data
## DocuSign-Competitive Feature Parity To compete with DocuSign, the e-signature system needs these features beyond what's already planned: ### Document Preparation & Field Placement - [ ] **Drag-and-drop field placement** on PDF pages (signature, initials, date, text, checkbox, dropdown) - [ ] **Template library** — reusable document templates with pre-placed fields - [ ] **Bulk send** — send same template to many recipients at once - [ ] **Multiple documents per envelope** — group related docs in one signing session - [ ] **Initials required per page** (configurable per request) - [ ] **Custom form fields** — text input, checkbox, radio, dropdown that signers fill in ### Signing Experience - [ ] **Sequential or parallel signing** — enforce signing order or allow simultaneous - [ ] **In-person signing mode** — hand device to signer, they sign in front of you - [ ] **Mobile-optimized** signing interface (responsive, touch-friendly) - [ ] **Signer comments/questions** — signers can ask questions without declining - [ ] **Delegated signing** — signer can delegate to someone else - [ ] **Custom branding** — tenant logo, colors, custom email templates on signing pages ### Identity Verification (tiered, configurable) - [ ] **Email verification** (default — click link) - [ ] **SMS/OTP verification** (already planned: smart/always/never) - [ ] **Selfie + ID photo** (already in schema — encrypted at rest) - [ ] **Knowledge-based authentication** (future: security questions) - [ ] **GPS geolocation capture** (already in schema) ### Lifecycle Management - [ ] **Void** — cancel a sent request, notify all signers - [ ] **Correct and resend** — fix a mistake without creating new request - [ ] **Auto-reminders** — configurable intervals (1 day, 3 days, 7 days) - [ ] **Expiry warnings** — email X days before expiry - [ ] **Download signed PDF** with signatures embedded on the document - [ ] **Certificate of Completion** — separate PDF with full audit trail ### PDF Generation - [ ] **Merge signatures onto PDF** — embed signature images at placed coordinates - [ ] **Flatten PDF** — produce final non-editable signed document - [ ] **Certificate page** appended to signed document (who, when, where, IP, geolocation) - [ ] **QR code** on certificate linking to public verification page ### Payment at Signing - [ ] **Collect payment during signing** — Stripe/PayPal integration at checkout step - [ ] Links to ERP invoicing — auto-generate invoice on signature completion ### Reporting & Analytics - [ ] Completion rates (% of requests fully signed) - [ ] Average time to sign - [ ] Signer activity dashboard - [ ] Declined/expired trends ### API & Embedding - [ ] Full REST API for programmatic request creation (already built) - [ ] **Embeddable signing** — iframe/JS widget for embedding in external sites - [ ] Webhook notifications on status changes (signed, declined, expired) ### New Database Tables Needed **`#__mokowaas_erp_esign_templates`** — Reusable document templates ``` id, title, description, document_path, fields (JSON), require_selfie, require_id, require_otp, created_by, created, modified ``` **`#__mokowaas_erp_esign_fields`** — Placed fields on document pages ``` id, request_id, signer_id, page, type (signature/initials/date/text/checkbox/dropdown), x, y, width, height, required, label, options (JSON for dropdown), value, completed ``` **`#__mokowaas_erp_esign_comments`** — Signer questions/comments ``` id, request_id, signer_id, body, created ``` ### Competitive Positioning vs DocuSign | Feature | DocuSign | MokoWaaS+ERP | |---------|----------|-------------| | Pricing | $10-65/user/month | Included in ERP license | | Self-hosted | No (cloud only) | Yes — full data ownership | | ERP integration | Via Zapier/API | Native (same database) | | Custom branding | Enterprise plan only | All tiers | | ID verification | Add-on cost | Built-in | | Payment collection | Via integration | Native Stripe/PayPal | | API access | Developer plan | All tiers | | Data sovereignty | US/EU cloud regions | Your server, your data |
jmiller changed title from Native e-signature component for MokoWaaS CRM to Native e-signature component for MokoSuite CRM 2026-06-07 15:15:20 +00:00
Sign in to join this conversation.
Labels
Clear labels
architecture
automation
Automated processes or scripts
 breaking-change
Breaking API or functionality change
 bug
build
Build system changes
 ci-cd
CI/CD pipeline changes
 config
Configuration file changes
 css
CSS/styling changes
 dependencies
Dependency updates
 deploy-failure
Automated deploy failure tracking
 docker
Docker configuration changes
 documentation
Documentation changes
 dolibarr
Dolibarr module or extension
 duplicate
enhancement
generic
Generic project or library
 good first issue
Good for newcomers
 health-check
Repository health check results
 health: excellent
Health score 90-100
 health: fair
Health score 50-69
 health: good
Health score 70-89
 health: poor
Health score below 50
 help wanted
Extra attention needed
 html
HTML template changes
 invalid
javascript
JavaScript code changes
 joomla
Joomla extension or component
 major-release
Major version release (breaking changes)
 minor-release
Minor version release (XX.YY.00)
 mokostandards
MokoStandards compliance
 needs-review
Awaiting code review
 needs-testing
Requires manual or automated testing
 patch-release
Patch version release (XX.YY.ZZ)
 php
PHP code changes
 priority: critical
priority: high
priority: low
priority: medium
push-failure
File push failure requiring attention
 python
Python code changes
 question
regression
Regression from a previous working state
 release-candidate
Release candidate build
 security
Security-related changes
 size/l
Large change (101-300 lines)
 size/m
Medium change (31-100 lines)
 size/s
Small change (11-30 lines)
 size/xl
Extra large change (301-1000 lines)
 size/xs
Extra small change (1-10 lines)
 size/xxl
Extremely large change (1000+ lines)
 standards-drift
Repository drifted from MokoStandards
 standards-update
MokoStandards sync update
 standards-violation
Standards compliance failure
 status: blocked
status: in-progress
status: needs-review
status: on-hold
Temporarily on hold
 status: pending
Pending action or decision
 status: wontfix
This will not be worked on
 sync-failure
Bulk sync failure requiring attention
 sync-report
Bulk sync run report
 template-validation-failure
Template workflow validation failure
 test-failure
Automated test failure
 tests
Test suite changes
 type: bug
Something isn't working
 type: chore
Maintenance tasks
 type: enhancement
Enhancement to existing feature
 type: feature
New feature or request
 type: refactor
Code refactoring
 type: release
Release preparation or tracking
 type: test
Test suite additions or changes
 type: version
Version-related change
 typescript
TypeScript code changes
 version
Version bump or release
 version-branch
Version branch related
 version-drift
Version mismatch detected
 work-in-progress
Work in progress, not ready for merge
No labels
Priority Medium
Type Feature
Milestone
No items
No Milestone
Assignees
Clear assignees
jmiller (Jonathan Miller)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoSuite#197
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?