Initial skills documentation — 25 categories, all SKILL.md + references + scripts

This commit is contained in:
root
2026-07-15 17:42:20 -04:00
commit 1b4fcd4427
976 changed files with 188344 additions and 0 deletions
@@ -0,0 +1,85 @@
# Document Signing — DocuSeal Deployment
## Deploy
```yaml
# docker-compose.yml — deployed at /root/docker/docuseal/
services:
docuseal:
image: docuseal/docuseal:latest
container_name: docuseal
restart: always
ports:
- "127.0.0.1:3000:3000"
volumes:
- ./data:/data
environment:
- HOST=http://localhost:3000
- FORCE_SSL=false
```
Deploy:
```bash
docker compose -f /root/docker/docuseal/docker-compose.yml up -d
```
## Live Status (Jul 7, 2026)
- **URL:** https://sign.itpropartner.com — LIVE with HTTPS via Caddy
- **Caddy config:** `/etc/caddy/Caddyfile` — reverse proxy to 127.0.0.1:3000
- **Admin:** info@itpropartner.com (Germaine Brown)
- **API Token:** yyQ39y1fPtvWzUzFPZXfGBJhGD9ko3o7ACZLc3388sz
- **Docker:** docuseal/docuseal:latest on Core (netcup)
- **Data:** `/root/docker/docuseal/data/` (SQLite)
- **Port 443 freed by:** Stopping Tailscale Serve (which was serving portal mockups)
## API Usage
```bash
curl -s -H "X-Auth-Token: <token>" https://sign.itpropartner.com/api/user
```
## Why DocuSeal over Documenso
| Factor | Documenso | DocuSeal |
|---|---|---|
| Docker image | 690 MB | 227 MB |
| Database | PostgreSQL required | SQLite (no extra service) |
| Embed SDK | Paid (~$300/yr) | Free (React, Vue, Angular, JS) |
| Webhooks | Basic | Auto-retry |
| Features | Core signing | Bulk CSV send, conditional fields, SMS |
## Usage across entities
- **Debt Recovery Experts** — LPOA notarization via Proof API + service agreements via DocuSeal
- **Forefront Wireless** — customer service agreements, waivers
- **BoxPilot Logistics** — intake forms, LPOA
- **Apex Track Experience** — liability waivers (alternative to WPForms)
## Planned Webhook (DRE)
When the DRE portal builds: `https://debtrecoveryexperts.com/api/webhooks/docuseal` — events: document signed, completed, signer link opened.
## Note on Notarized Documents (LPOA)
DocuSeal handles digital signatures (ESIGN/UETA compliant). For **Remote Online Notarization** (RON) of Limited Power of Attorney forms, use **Proof** (formerly Notarize) API — ~$25-35 per notarization, with on-demand notaries 24/7. Texas RON compliant (HB 3496, SB 1624).
## Digest timestamp server
In DocuSeal e-signature settings, set the RFC 3161 timestamp server to: `http://timestamp.digicert.com` (DigiCert, free, no auth, universally trusted). This embeds a cryptographic timestamp in every signed document for long-term verification validity. Backup option: `http://timestamp.sectigo.com`.
## TLS setup (blocked port 443)
Tailscale Serve uses port 443 for tailnet HTTPS. To run a public-facing web service on port 443 alongside Tailscale, either:
- Stop Tailscale Serve (`tailscale serve --https=443 off`) — frees port 443 for Caddy/nginx. The portal mockups will lose their tailscale URL until re-served on a different port or redirected.
- Or use **Cloudflare Tunnel** (cloudflared) — creates an outbound-only tunnel to Cloudflare's edge, lives on an ephemeral port, never conflicts with other services. Requires `cloudflared tunnel login` (browser-based OAuth to Cloudflare account). The tunnel cert file is created in `~/.cloudflared/`. After auth, create the tunnel, route the DNS, and configure ingress.
**Pitfall:** `cloudflared tunnel login` prints a URL that must be opened in a browser OUTSIDE the terminal — it's an OAuth flow. If there's no browser available (headless server), use a different approach.
## DocuSeal auth setup
After first deployment at `https://sign.itpropartner.com`, the initial visit redirects to `/setup` — create the admin account (name, email, password, company). After setup, generate an API token from Settings → API tokens. Token format: `yyQ39y...` (JWT-like string). The token read-only endpoint: `GET /api/user` with `X-Auth-Token` header.
## Backup Required
`/root/docker/docuseal/data/` contains the SQLite DB (all users, templates, signed documents). NOT yet in the nightly S3 backup rotation — needs to be added.