@keystrokehq/docusign 0.0.1

package/README.md

@@ -0,0 +1,248 @@
+# @keystrokehq/docusign
+
+Official DocuSign integration for [Keystroke](https://github.com/keystrokehq/keystroke) — eSignature, templates, bulk send, Connect webhooks, and account/admin surfaces.
+
+- **342** typed operations across 48 domain modules, covering the full Composio DocuSign catalog (v1 ships full runtime for the eSignature + Connect slice; `rooms`, `clm`, `admin`, `click`, `monitor` ship as plan-gated stubs).
+- **25** direct-binding Connect webhook triggers with HMAC-SHA256 verification and multi-secret rotation.
+- **OAuth 2.0 Authorization Code Grant** with provider-specific hooks that resolve `baseUri` + `accountId` via `/oauth/userinfo` on every connect and refresh.
+- Hand-rolled typed `fetch` client — no Node-only dependencies. Runs in Cloudflare Workers / V8 isolates.
+
+## Install
+
+```bash
+pnpm add @keystrokehq/docusign
+```
+
+Required peer deps (already workspace-linked inside the monorepo): `@keystrokehq/core`, `@keystrokehq/integration-authoring`, `zod` v4.
+
+## Connect the account
+
+DocuSign connections are OAuth. Connect from the Keystroke CLI or a browser flow:
+
+```bash
+keystroke connect docusign
+```
+
+The OAuth exchange writes three values into the vault:
+
+- `DOCUSIGN_ACCESS_TOKEN` — refreshable access token
+- `DOCUSIGN_ACCOUNT_ID` — the default account id returned from `/oauth/userinfo`
+- `DOCUSIGN_BASE_URI` — the region-scoped base URI (e.g. `https://na1.docusign.net`)
+
+DocuSign routes accounts between regions (`na1..na4`, `eu`, `au`, `ca`). Every refresh re-resolves both `accountId` and `baseUri` so cached URIs never go stale.
+
+### Keystroke-managed DocuSign app
+
+To enable the OAuth flow, set two env vars on the platform (the Keystroke deployment, not the user):
+
+```bash
+KEYSTROKE_PLATFORM_DOCUSIGN_CLIENT_ID=<docusign-integrator-key>
+KEYSTROKE_PLATFORM_DOCUSIGN_CLIENT_SECRET=<docusign-client-secret>
+```
+
+To enable Connect webhook triggers, also configure the HMAC shared secrets (up to 10 for rotation, comma-separated, newest first):
+
+```bash
+KEYSTROKE_PLATFORM_DOCUSIGN_CONNECT_HMAC_SECRETS=rotating-secret-1,rotating-secret-2
+```
+
+## Subpath imports
+
+Authored code imports operations by domain. The package root is intentionally empty.
+
+```ts
+import { docusign } from '@keystrokehq/docusign/connection';
+import { createDocusignClient } from '@keystrokehq/docusign/client';
+import { DocusignApiError } from '@keystrokehq/docusign/errors';
+import { getEnvelope, sendEnvelope, voidEnvelope } from '@keystrokehq/docusign/envelopes';
+import { listAllTemplates } from '@keystrokehq/docusign/templates';
+import { webhooks } from '@keystrokehq/docusign/triggers';
+```
+
+### Full subpath catalog
+
+| Surface | Subpath | Notes |
+|---|---|---|
+| Public connection | `@keystrokehq/docusign/connection` | `docusign` CredentialSet + `DocusignCredentials` type |
+| Typed client | `@keystrokehq/docusign/client` | `createDocusignClient` — use inside custom operations |
+| Error class | `@keystrokehq/docusign/errors` | `DocusignApiError` with discriminated `kind` |
+| Shared schemas | `@keystrokehq/docusign/schemas` | `docusignEnvelopeSchema`, enums, helpers |
+| Connect events | `@keystrokehq/docusign/events` | Per-family event schemas + name enums |
+| Webhook triggers | `@keystrokehq/docusign/triggers` | `webhooks.*` direct-binding namespace |
+| Webhook verification | `@keystrokehq/docusign/verification` | Multi-secret HMAC verifier |
+| eSignature operations | `@keystrokehq/docusign/envelopes`, `/envelope-documents`, `/envelope-recipients`, `/envelope-tabs`, `/envelope-custom-fields`, `/envelope-attachments`, `/envelope-workflow`, `/envelope-views`, `/envelope-email`, `/envelope-notifications`, `/envelope-lock`, `/envelope-logs` | 95 operations |
+| Template operations | `/templates`, `/template-documents`, `/template-custom-fields`, `/template-workflow`, `/template-lock`, `/template-sharing` | 47 operations |
+| Bulk & transport | `/bulk-send`, `/chunked-uploads` | 13 operations |
+| People | `/contacts`, `/users`, `/user-signatures`, `/user-profile`, `/user-authorizations`, `/user-custom-settings`, `/cloud-storage`, `/signing-groups`, `/groups`, `/permission-profiles` | 65 operations |
+| Account admin | `/account`, `/account-custom-fields`, `/account-tabs`, `/account-stamps`, `/brands`, `/billing` | 66 operations |
+| Integrations | `/connect`, `/workspaces`, `/notary`, `/enote`, `/bcc-archive`, `/power-forms`, `/auth` | 46 operations + 2 auth helpers |
+| Plan-gated (stubs) | `/rooms`, `/clm`, `/admin`, `/click`, `/monitor` | Throw `DocusignApiError.notImplemented({ kind: 'plan_gated' })` |
+
+Hidden surfaces used by the Keystroke platform only:
+
+- `@keystrokehq/docusign/_official` — bundle definition; consumed by `@keystrokehq/official-integration-catalog`
+- `@keystrokehq/docusign/_runtime` — hosted-runtime hooks
+- `@keystrokehq/docusign/messaging` — internal credential sets (DocuSign App, Connect HMAC, JWT)
+
+Do not import the hidden surfaces from end-user code.
+
+## Quickstart
+
+### Send an envelope
+
+```ts
+import { sendEnvelope } from '@keystrokehq/docusign/envelopes';
+import { Workflow } from '@keystrokehq/core';
+import { z } from 'zod';
+
+export const sendContract = new Workflow({
+  id: 'send-contract',
+  name: 'Send Contract',
+  input: z.object({
+    email: z.email(),
+    name: z.string().min(1),
+    documentBase64: z.string().min(1),
+  }),
+  output: z.object({ envelopeId: z.string().min(1) }),
+  run: async (input, ctx) => {
+    const result = await ctx.step(sendEnvelope, {
+      emailSubject: `Please sign — ${input.name}`,
+      status: 'sent',
+      documents: [
+        {
+          documentId: '1',
+          name: 'contract.pdf',
+          fileExtension: 'pdf',
+          documentBase64: input.documentBase64,
+        },
+      ],
+      recipients: {
+        signers: [
+          {
+            email: input.email,
+            name: input.name,
+            recipientId: '1',
+            routingOrder: '1',
+          },
+        ],
+      },
+    });
+    return { envelopeId: result.envelopeId ?? '' };
+  },
+});
+```
+
+### Bind a Connect webhook
+
+```ts
+import { webhooks } from '@keystrokehq/docusign/triggers';
+import { Workflow } from '@keystrokehq/core';
+import { z } from 'zod';
+
+export const onEnvelopeCompleted = new Workflow({
+  id: 'on-envelope-completed',
+  name: 'On Envelope Completed',
+  trigger: webhooks.envelopeCompleted({
+    filter: (payload) => payload.data.envelopeSummary?.status === 'completed',
+    transform: (payload) => ({
+      envelopeId: payload.data.envelopeId,
+      signedAt: payload.generatedDateTime,
+    }),
+  }),
+  input: z.object({ envelopeId: z.string(), signedAt: z.string().optional() }),
+  output: z.object({ success: z.boolean() }),
+  run: async () => ({ success: true }),
+});
+```
+
+### Void an envelope
+
+```ts
+import { voidEnvelope } from '@keystrokehq/docusign/envelopes';
+
+// DocuSign has no standalone `voidEnvelope` endpoint — voiding is a PUT on the
+// envelope with `status: 'voided'` + `voidedReason`. This package models it as
+// a dedicated named operation for DX while sharing the underlying slug.
+await ctx.step(voidEnvelope, {
+  envelopeId: 'envelope-123',
+  voidedReason: 'Customer requested cancellation',
+});
+```
+
+### Use the raw client inside custom code
+
+```ts
+import { createDocusignClient } from '@keystrokehq/docusign/client';
+import { DocusignApiError } from '@keystrokehq/docusign/errors';
+
+async function searchEnvelopesByStatus(
+  credentials: Parameters<typeof createDocusignClient>[0],
+  status: string
+) {
+  const client = createDocusignClient(credentials);
+  try {
+    return await client.request<{ envelopes?: unknown[] }>({
+      path: '/envelopes',
+      query: { status, from_date: '2026-01-01' },
+    });
+  } catch (error) {
+    if (error instanceof DocusignApiError && error.kind === 'rate_limit') {
+      // use `error.retryAfterMs` to back off in a calling step
+    }
+    throw error;
+  }
+}
+```
+
+## Connect configuration
+
+To receive webhooks at `/docusign`:
+
+1. In the DocuSign admin console, create a Connect configuration and set the publish URL to your Keystroke callback.
+2. Enable HMAC signing and configure at least one shared secret. Optionally configure up to 10 for rotation.
+3. Copy the secrets into the `KEYSTROKE_PLATFORM_DOCUSIGN_CONNECT_HMAC_SECRETS` env var (comma-separated).
+
+The package's `verifyDocusignConnectRequest` helper accepts a delivery if **any** of the `X-DocuSign-Signature-{N}` headers matches **any** configured secret under a constant-time compare. Rotating secrets is safe: add the new secret, let DocuSign start signing with it, then remove the old one once no old-signature deliveries remain in flight.
+
+## Plan-gated surfaces
+
+`rooms`, `clm`, `admin`, `click`, `monitor`, and the historical-envelope replay (`submitBatchHistoricalEnvelopesToWebhook`) live in the package so the slug surface is complete, but throw `DocusignApiError.notImplemented({ kind: 'plan_gated' })` in v1. Each has its own gating rationale:
+
+- **Rooms** — different base host, requires Rooms license.
+- **CLM / SpringCM** — region-specific host, separate OAuth app.
+- **Admin** — requires `organization_read`/`permission_read` scopes not in the v1 scope set.
+- **Click** — requires `click.manage`/`click.send` scopes.
+- **Monitor** — separate host (`lens.docusign.net`) and license.
+- **Historical-replay** — requires JWT Grant + admin consent (see [JWT follow-up](#jwt-grant-follow-up)).
+
+## JWT Grant follow-up
+
+DocuSign also supports JWT Grant for server-to-server impersonation. v1 declares an internal `docusign-jwt` CredentialSet for forward compatibility but does not wire a runtime path. When JWT Grant ships, existing workflows keep working — only historical-replay operations change from throwing `plan_gated` to executing.
+
+## Errors
+
+All operations throw `DocusignApiError` on failure. The class exposes a discriminated `kind`:
+
+- `'http'` — generic 4xx/5xx
+- `'rate_limit'` — 429, carries `retryAfterMs`
+- `'auth'` — 401/403; the runtime also flags the credential as revoked
+- `'validation'` — input validation at the client boundary
+- `'plan_gated'` / `'not_implemented'` — surfaces the package intentionally ships but doesn't execute
+- `'webhook_signature'` — HMAC verification failed
+- `'network'` — `fetch` threw after all retries
+
+## Testing
+
+```bash
+turbo run lint --filter=@keystrokehq/docusign
+turbo run typecheck --filter=@keystrokehq/docusign
+turbo run build --filter=@keystrokehq/docusign
+turbo run test:unit --filter=@keystrokehq/docusign
+```
+
+## References
+
+- [DocuSign eSignature REST v2.1](https://developers.docusign.com/docs/esign-rest-api/)
+- [DocuSign Connect (HMAC)](https://developers.docusign.com/platform/webhooks/connect/hmac/)
+- [Authorization Code Grant](https://developers.docusign.com/platform/auth/authcode/)
+- [JWT Grant](https://developers.docusign.com/platform/auth/jwt/)

package/dist/_official/index.d.mts

@@ -0,0 +1,3 @@
+import { i as docusignOfficialIntegration, r as docusignBundle } from "../integration-DqwHRkRh.mjs";
+import { a as docusignConnectCredentialSet, c as parseHmacSecrets, i as docusignAppCredentialSet, n as DocusignConnectCredentials, o as docusignJwtCredentialSet, r as DocusignJwtCredentials, s as docusignPlatformProviderSeed, t as DocusignAppCredentials } from "../provider-app-CWp1SuI4.mjs";
+export { DocusignAppCredentials, DocusignConnectCredentials, DocusignJwtCredentials, docusignAppCredentialSet, docusignBundle, docusignConnectCredentialSet, docusignJwtCredentialSet, docusignOfficialIntegration, docusignPlatformProviderSeed, parseHmacSecrets };

package/dist/_official/index.mjs

@@ -0,0 +1,3 @@
+import { c as docusignJwtCredentialSet, l as docusignPlatformProviderSeed, n as docusignBundle, o as docusignAppCredentialSet, r as docusignOfficialIntegration, s as docusignConnectCredentialSet, u as parseHmacSecrets } from "../integration-CmRztL9R.mjs";
+
+export { docusignAppCredentialSet, docusignBundle, docusignConnectCredentialSet, docusignJwtCredentialSet, docusignOfficialIntegration, docusignPlatformProviderSeed, parseHmacSecrets };

package/dist/_runtime/index.d.mts

@@ -0,0 +1 @@
+export { };

package/dist/_runtime/index.mjs

@@ -0,0 +1 @@
+export {  };

package/dist/account-custom-fields.d.mts

@@ -0,0 +1,65 @@
+import { z } from "zod";
+import * as _keystrokehq_core0 from "@keystrokehq/core";
+import * as _keystrokehq_core_credential_set0 from "@keystrokehq/core/credential-set";
+
+//#region src/account-custom-fields.d.ts
+declare const createAccountCustomField: _keystrokehq_core0.Operation<z.ZodObject<{
+  applyToTemplates: z.ZodOptional<z.ZodBoolean>;
+  customField: z.ZodObject<{
+    [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+  }, z.core.$catchall<z.ZodUnknown>>;
+}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const updateAccountCustomField: _keystrokehq_core0.Operation<z.ZodObject<{
+  customFieldId: z.ZodString;
+  customField: z.ZodObject<{
+    [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+  }, z.core.$catchall<z.ZodUnknown>>;
+}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const deleteAccountCustomField: _keystrokehq_core0.Operation<z.ZodObject<{
+  customFieldId: z.ZodString;
+}, z.core.$strip>, z.ZodObject<{
+  success: z.ZodBoolean;
+}, z.core.$strip>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const retrieveAllAccountTabs: _keystrokehq_core0.Operation<z.ZodObject<{
+  customTabOnly: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+//#endregion
+export { createAccountCustomField, deleteAccountCustomField, retrieveAllAccountTabs, updateAccountCustomField };

package/dist/account-custom-fields.mjs

@@ -0,0 +1,63 @@
+import { docusignGenericObjectSchema, docusignLooseObjectSchema, docusignSuccessSchema } from "./schemas/index.mjs";
+import { r as defineRestOperation } from "./operation-helpers-BMTArRh9.mjs";
+import { z } from "zod";
+
+//#region src/account-custom-fields.ts
+/**
+* Account custom fields. Covers PLAN.md § 6.32.
+*/
+const fieldId = z.object({ customFieldId: z.string().min(1) });
+const createAccountCustomField = defineRestOperation({
+	id: "create_account_custom_field",
+	slug: "DOCUSIGN_CREATE_ACCOUNT_CUSTOM_FIELD",
+	name: "Create Account Custom Field",
+	description: "Create a custom field at the account level.",
+	needsApproval: true,
+	method: "POST",
+	path: "/custom_fields",
+	input: z.object({
+		applyToTemplates: z.boolean().optional(),
+		customField: docusignLooseObjectSchema()
+	}),
+	output: docusignGenericObjectSchema,
+	query: (input) => ({ apply_to_templates: input.applyToTemplates }),
+	body: (input) => input.customField
+});
+const updateAccountCustomField = defineRestOperation({
+	id: "update_account_custom_field",
+	slug: "DOCUSIGN_UPDATE_ACCOUNT_CUSTOM_FIELD",
+	name: "Update Account Custom Field",
+	description: "Update an account-level custom field.",
+	needsApproval: true,
+	method: "PUT",
+	path: (ctx) => `/custom_fields/${ctx.encode(String(ctx.input.customFieldId))}`,
+	input: fieldId.extend({ customField: docusignLooseObjectSchema() }),
+	output: docusignGenericObjectSchema,
+	body: (input) => input.customField
+});
+const deleteAccountCustomField = defineRestOperation({
+	id: "delete_account_custom_field",
+	slug: "DOCUSIGN_DELETE_ACCOUNT_CUSTOM_FIELD",
+	name: "Delete Account Custom Field",
+	description: "Delete an account-level custom field.",
+	needsApproval: true,
+	method: "DELETE",
+	path: (ctx) => `/custom_fields/${ctx.encode(String(ctx.input.customFieldId))}`,
+	input: fieldId,
+	output: docusignSuccessSchema,
+	transformResponse: () => ({ success: true })
+});
+const retrieveAllAccountTabs = defineRestOperation({
+	id: "retrieve_all_account_tabs",
+	slug: "DOCUSIGN_RETRIEVE_ALL_ACCOUNT_TABS",
+	name: "Retrieve All Account Tabs",
+	description: "Retrieve all tabs available on the account.",
+	method: "GET",
+	path: "/tabs",
+	input: z.object({ customTabOnly: z.boolean().optional() }),
+	output: docusignGenericObjectSchema,
+	query: (input) => ({ custom_tab_only: input.customTabOnly })
+});
+
+//#endregion
+export { createAccountCustomField, deleteAccountCustomField, retrieveAllAccountTabs, updateAccountCustomField };

package/dist/account-stamps.d.mts

@@ -0,0 +1,164 @@
+import { z } from "zod";
+import * as _keystrokehq_core0 from "@keystrokehq/core";
+import * as _keystrokehq_core_credential_set0 from "@keystrokehq/core/credential-set";
+
+//#region src/account-stamps.d.ts
+declare const addOrUpdateAccountStamps: _keystrokehq_core0.Operation<z.ZodObject<{
+  stamps: z.ZodArray<z.ZodObject<{
+    [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+  }, z.core.$catchall<z.ZodUnknown>>>;
+}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const retrieveAvailableAccountStamps: _keystrokehq_core0.Operation<z.ZodObject<{
+  status: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const getSpecifiedAccountStampInfo: _keystrokehq_core0.Operation<z.ZodObject<{
+  stampId: z.ZodString;
+}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const getAccountStampImage: _keystrokehq_core0.Operation<z.ZodObject<{
+  stampId: z.ZodString;
+  stampFormat: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+  contentType: z.ZodOptional<z.ZodString>;
+  contentDisposition: z.ZodOptional<z.ZodString>;
+  status: z.ZodNumber;
+  body: z.ZodString;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const updateAccountStampById: _keystrokehq_core0.Operation<z.ZodObject<{
+  stampId: z.ZodString;
+  stamp: z.ZodObject<{
+    [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+  }, z.core.$catchall<z.ZodUnknown>>;
+}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const updateAccountStamps: _keystrokehq_core0.Operation<z.ZodObject<{
+  stamps: z.ZodArray<z.ZodObject<{
+    [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+  }, z.core.$catchall<z.ZodUnknown>>>;
+}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const deleteAccountStamp: _keystrokehq_core0.Operation<z.ZodObject<{
+  stampId: z.ZodString;
+}, z.core.$strip>, z.ZodObject<{
+  success: z.ZodBoolean;
+}, z.core.$strip>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const deleteStampImageForAccount: _keystrokehq_core0.Operation<z.ZodObject<{
+  stampId: z.ZodString;
+  stampFormat: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+  success: z.ZodBoolean;
+}, z.core.$strip>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const getWatermarkDetailsForAccount: _keystrokehq_core0.Operation<z.ZodObject<{}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const updateAccountWatermarkInformation: _keystrokehq_core0.Operation<z.ZodObject<{
+  watermark: z.ZodObject<{
+    [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+  }, z.core.$catchall<z.ZodUnknown>>;
+}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const updateAccountWatermarkPreview: _keystrokehq_core0.Operation<z.ZodObject<{
+  watermark: z.ZodObject<{
+    [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+  }, z.core.$catchall<z.ZodUnknown>>;
+}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+//#endregion
+export { addOrUpdateAccountStamps, deleteAccountStamp, deleteStampImageForAccount, getAccountStampImage, getSpecifiedAccountStampInfo, getWatermarkDetailsForAccount, retrieveAvailableAccountStamps, updateAccountStampById, updateAccountStamps, updateAccountWatermarkInformation, updateAccountWatermarkPreview };