Documenso — five specification gaps in an e-signature platform
Documenso is an open-source DocuSign alternative. We cloned it cold from GitHub, built a domain model from the Prisma schema, seeded a Neo4j graph, and ran SysEdge's AI-powered audit commands. No prior knowledge of the codebase. The findings are real — from the actual source and test files. Token savings are not the story this time. The story is what was never written.
Tools used:
coverage-review (AS-REQ 7-dimension spec audit), audit-test (AS-TEST-UC 7-dimension test quality audit), test-gapsTime from clone to findings: ~15 minutes. Neo4j + seed: 2 min. Three coverage-review runs: 4 min. One audit-test run: 90 sec. AI calls: haiku model, ~$0.30 total. No prior knowledge of the codebase required.
Finding 1 — No happy-path test for the expiration job
Documenso's expiration test suite (envelope-expiration-signing.spec.ts) tests what a recipient sees when trying to sign an expired envelope — the error page, the blocked form. That test is correct and passes. What has no test is the Inngest job handler that actually marks envelopes as expired: expire-recipients-sweep.handler.ts and process-recipient-expired.handler.ts in packages/lib/jobs/definitions/internal/. The entire jobs/ directory has zero test files. The job exists in the code and the UI correctly shows its effects — but whether the job itself runs correctly, handles partial failures, or fires the right webhooks is untested.
Finding 2 — Expiration exception paths never specified
Finding 3 — Void envelope exception paths unspecified
An envelope that is voided mid-write — status updated, webhook dispatched, but token invalidation interrupted by a database error — leaves signing tokens live against an envelope the sender believes is closed. For a legally-binding document, that is not an edge case. It is precisely the scenario the specification must address first.
Finding 4 — Zero specification derivation in all existing tests
None of Documenso's existing Playwright tests contain a comment linking the test to a named specification artefact — a UC step, a precondition, or an acceptance criterion. This is not cosmetic. A test that does not trace to the specification cannot demonstrate that the specification was tested. For a system asserting legal validity of signatures, the ability to say "this test verifies that specification clause" is precisely the evidence a compliance audit requires.
Finding 5 — Test coverage zero across all feature tiers
The graph shows zero component or integration tests linked to any of the 14 signing features — including F-SIG-003 (TSA timestamping) and F-SIG-004 (signature validation on completion). Documenso has 94 Playwright e2e tests and 3 unit test files (2 for webhook URL validation, 1 for CSS sanitization) — none cover the cryptographic signing pipeline. The include-document-certificate.spec.ts test verifies that a certificate appears in the completed PDF; it does not test signature validity or TSA timestamp integrity.
"The Inngest job handlers that process envelope expiration have no tests. The specification that describes what happens when it fails doesn't exist. Code review can't catch either — because there is no diff for the thing that was never written."
See what your specification is missing
SysEdge runs the same audit commands against your codebase that produced these findings — against a real open-source project with no prior knowledge of the code. The free CLI gives you the graph. The bootstrap kit adds the AI audit commands (coverage-review, audit-test) that surface the gaps.
Specification gaps are invisible until they are in the graph.
Five findings from a cold clone. No prior knowledge of the codebase. The Inngest job handlers that process envelope expiration have no tests. The void atomicity is unspecified. The cryptographic pipeline is uncovered at every tier. None of this is visible from the diff — because none of it was written. SysEdge makes the absence of specification a query result, not a discovery after the fact.