@keystrokehq/docusign 0.0.1

package/dist/groups.d.mts

@@ -0,0 +1,191 @@
+import { z } from "zod";
+import * as _keystrokehq_core0 from "@keystrokehq/core";
+import * as _keystrokehq_core_credential_set0 from "@keystrokehq/core/credential-set";
+
+//#region src/groups.d.ts
+declare const createGroupsForAccount: _keystrokehq_core0.Operation<z.ZodObject<{
+  groups: z.ZodArray<z.ZodObject<{
+    [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+  }, z.core.$catchall<z.ZodUnknown>>>;
+}, z.core.$strip>, z.ZodObject<{
+  resultSetSize: z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodString]>>;
+  totalSetSize: z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodString]>>;
+  startPosition: z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodString]>>;
+  endPosition: z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodString]>>;
+  nextUri: z.ZodOptional<z.ZodString>;
+  previousUri: z.ZodOptional<z.ZodString>;
+  groups: z.ZodOptional<z.ZodArray<z.ZodObject<{
+    groupId: z.ZodOptional<z.ZodString>;
+    groupName: z.ZodOptional<z.ZodString>;
+    groupType: z.ZodOptional<z.ZodString>;
+    permissionProfileId: z.ZodOptional<z.ZodString>;
+  }, z.core.$catchall<z.ZodUnknown>>>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const getGroupsInformationForAccount: _keystrokehq_core0.Operation<z.ZodObject<{
+  startPosition: z.ZodOptional<z.ZodNumber>;
+  count: z.ZodOptional<z.ZodNumber>;
+  groupType: z.ZodOptional<z.ZodString>;
+  searchText: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+  resultSetSize: z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodString]>>;
+  totalSetSize: z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodString]>>;
+  startPosition: z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodString]>>;
+  endPosition: z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodString]>>;
+  nextUri: z.ZodOptional<z.ZodString>;
+  previousUri: z.ZodOptional<z.ZodString>;
+  groups: z.ZodOptional<z.ZodArray<z.ZodObject<{
+    groupId: z.ZodOptional<z.ZodString>;
+    groupName: z.ZodOptional<z.ZodString>;
+    groupType: z.ZodOptional<z.ZodString>;
+    permissionProfileId: z.ZodOptional<z.ZodString>;
+  }, z.core.$catchall<z.ZodUnknown>>>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const updateGroupInformation: _keystrokehq_core0.Operation<z.ZodObject<{
+  groups: z.ZodArray<z.ZodObject<{
+    [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+  }, z.core.$catchall<z.ZodUnknown>>>;
+}, z.core.$strip>, z.ZodObject<{
+  resultSetSize: z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodString]>>;
+  totalSetSize: z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodString]>>;
+  startPosition: z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodString]>>;
+  endPosition: z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodString]>>;
+  nextUri: z.ZodOptional<z.ZodString>;
+  previousUri: z.ZodOptional<z.ZodString>;
+  groups: z.ZodOptional<z.ZodArray<z.ZodObject<{
+    groupId: z.ZodOptional<z.ZodString>;
+    groupName: z.ZodOptional<z.ZodString>;
+    groupType: z.ZodOptional<z.ZodString>;
+    permissionProfileId: z.ZodOptional<z.ZodString>;
+  }, z.core.$catchall<z.ZodUnknown>>>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const deleteUserGroup: _keystrokehq_core0.Operation<z.ZodObject<{
+  groups: z.ZodArray<z.ZodObject<{
+    [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+  }, z.core.$catchall<z.ZodUnknown>>>;
+}, z.core.$strip>, z.ZodObject<{
+  success: z.ZodBoolean;
+}, z.core.$strip>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const addUsersToExistingGroup: _keystrokehq_core0.Operation<z.ZodObject<{
+  groupId: z.ZodString;
+  users: z.ZodArray<z.ZodObject<{
+    [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+  }, z.core.$catchall<z.ZodUnknown>>>;
+}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const getUsersInGroup: _keystrokehq_core0.Operation<z.ZodObject<{
+  groupId: z.ZodString;
+  startPosition: z.ZodOptional<z.ZodNumber>;
+  count: z.ZodOptional<z.ZodNumber>;
+}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const deleteUsersFromGroup: _keystrokehq_core0.Operation<z.ZodObject<{
+  groupId: z.ZodString;
+  users: z.ZodArray<z.ZodObject<{
+    [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+  }, z.core.$catchall<z.ZodUnknown>>>;
+}, z.core.$strip>, z.ZodObject<{
+  success: z.ZodBoolean;
+}, z.core.$strip>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const addExistingBrandToGroup: _keystrokehq_core0.Operation<z.ZodObject<{
+  groupId: z.ZodString;
+  brands: z.ZodArray<z.ZodObject<{
+    [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+  }, z.core.$catchall<z.ZodUnknown>>>;
+}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const deleteBrandFromGroup: _keystrokehq_core0.Operation<z.ZodObject<{
+  groupId: z.ZodString;
+  brandId: z.ZodString;
+}, z.core.$strip>, z.ZodObject<{
+  success: z.ZodBoolean;
+}, z.core.$strip>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+declare const getBrandsInformationForGroup: _keystrokehq_core0.Operation<z.ZodObject<{
+  groupId: z.ZodString;
+}, z.core.$strip>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+//#endregion
+export { addExistingBrandToGroup, addUsersToExistingGroup, createGroupsForAccount, deleteBrandFromGroup, deleteUserGroup, deleteUsersFromGroup, getBrandsInformationForGroup, getGroupsInformationForAccount, getUsersInGroup, updateGroupInformation };

package/dist/groups.mjs

@@ -0,0 +1,146 @@
+import { docusignGenericObjectSchema, docusignGroupListSchema, docusignListPaginationInputSchema, docusignLooseObjectSchema, docusignSuccessSchema } from "./schemas/index.mjs";
+import { r as defineRestOperation } from "./operation-helpers-BMTArRh9.mjs";
+import { z } from "zod";
+
+//#region src/groups.ts
+/**
+* Account groups (groups + brands + users). Covers PLAN.md § 6.28.
+*/
+const groupId = z.object({ groupId: z.string().min(1) });
+const groupBrand = groupId.extend({ brandId: z.string().min(1) });
+const createGroupsForAccount = defineRestOperation({
+	id: "create_groups_for_account",
+	slug: "DOCUSIGN_CREATE_GROUPS_FOR_ACCOUNT",
+	name: "Create Groups For Account",
+	description: "Create new groups on the account.",
+	needsApproval: true,
+	method: "POST",
+	path: "/groups",
+	input: z.object({ groups: z.array(docusignLooseObjectSchema()).min(1) }),
+	output: docusignGroupListSchema,
+	body: (input) => ({ groups: input.groups })
+});
+const getGroupsInformationForAccount = defineRestOperation({
+	id: "get_groups_information_for_account",
+	slug: "DOCUSIGN_GET_GROUPS_INFORMATION_FOR_ACCOUNT",
+	name: "Get Groups For Account",
+	description: "List groups on the account.",
+	method: "GET",
+	path: "/groups",
+	input: docusignListPaginationInputSchema.extend({
+		groupType: z.string().optional(),
+		searchText: z.string().optional()
+	}),
+	output: docusignGroupListSchema,
+	query: (input) => ({
+		start_position: input.startPosition,
+		count: input.count,
+		group_type: input.groupType,
+		search_text: input.searchText
+	})
+});
+const updateGroupInformation = defineRestOperation({
+	id: "update_group_information",
+	slug: "DOCUSIGN_UPDATE_GROUP_INFORMATION",
+	name: "Update Group Information",
+	description: "Update information on a group.",
+	needsApproval: true,
+	method: "PUT",
+	path: "/groups",
+	input: z.object({ groups: z.array(docusignLooseObjectSchema()).min(1) }),
+	output: docusignGroupListSchema,
+	body: (input) => ({ groups: input.groups })
+});
+const deleteUserGroup = defineRestOperation({
+	id: "delete_user_group",
+	slug: "DOCUSIGN_DELETE_USER_GROUP",
+	name: "Delete User Group",
+	description: "Delete groups by id.",
+	needsApproval: true,
+	method: "DELETE",
+	path: "/groups",
+	input: z.object({ groups: z.array(docusignLooseObjectSchema()).min(1) }),
+	output: docusignSuccessSchema,
+	body: (input) => ({ groups: input.groups }),
+	transformResponse: () => ({ success: true })
+});
+const addUsersToExistingGroup = defineRestOperation({
+	id: "add_users_to_existing_group",
+	slug: "DOCUSIGN_ADD_USERS_TO_EXISTING_GROUP",
+	name: "Add Users To Existing Group",
+	description: "Add users to an existing group.",
+	needsApproval: true,
+	method: "PUT",
+	path: (ctx) => `/groups/${ctx.encode(String(ctx.input.groupId))}/users`,
+	input: groupId.extend({ users: z.array(docusignLooseObjectSchema()).min(1) }),
+	output: docusignGenericObjectSchema,
+	body: (input) => ({ users: input.users })
+});
+const getUsersInGroup = defineRestOperation({
+	id: "get_users_in_group",
+	slug: "DOCUSIGN_GET_USERS_IN_GROUP",
+	name: "Get Users In Group",
+	description: "List users in a group.",
+	method: "GET",
+	path: (ctx) => `/groups/${ctx.encode(String(ctx.input.groupId))}/users`,
+	input: groupId.extend({
+		startPosition: z.number().int().nonnegative().optional(),
+		count: z.number().int().positive().optional()
+	}),
+	output: docusignGenericObjectSchema,
+	query: (input) => ({
+		start_position: input.startPosition,
+		count: input.count
+	})
+});
+const deleteUsersFromGroup = defineRestOperation({
+	id: "delete_users_from_group",
+	slug: "DOCUSIGN_DELETE_USERS_FROM_GROUP",
+	name: "Delete Users From Group",
+	description: "Remove users from a group.",
+	needsApproval: true,
+	method: "DELETE",
+	path: (ctx) => `/groups/${ctx.encode(String(ctx.input.groupId))}/users`,
+	input: groupId.extend({ users: z.array(docusignLooseObjectSchema()).min(1) }),
+	output: docusignSuccessSchema,
+	body: (input) => ({ users: input.users }),
+	transformResponse: () => ({ success: true })
+});
+const addExistingBrandToGroup = defineRestOperation({
+	id: "add_existing_brand_to_group",
+	slug: "DOCUSIGN_ADD_EXISTING_BRAND_TO_GROUP",
+	name: "Add Existing Brand To Group",
+	description: "Associate an existing brand with a group.",
+	needsApproval: true,
+	method: "PUT",
+	path: (ctx) => `/groups/${ctx.encode(String(ctx.input.groupId))}/brands`,
+	input: groupId.extend({ brands: z.array(docusignLooseObjectSchema()).min(1) }),
+	output: docusignGenericObjectSchema,
+	body: (input) => ({ brands: input.brands })
+});
+const deleteBrandFromGroup = defineRestOperation({
+	id: "delete_brand_from_group",
+	slug: "DOCUSIGN_DELETE_BRAND_FROM_GROUP",
+	name: "Delete Brand From Group",
+	description: "Disassociate a brand from a group.",
+	needsApproval: true,
+	method: "DELETE",
+	path: (ctx) => `/groups/${ctx.encode(String(ctx.input.groupId))}/brands`,
+	input: groupBrand,
+	output: docusignSuccessSchema,
+	body: (input) => ({ brands: [{ brandId: input.brandId }] }),
+	transformResponse: () => ({ success: true })
+});
+const getBrandsInformationForGroup = defineRestOperation({
+	id: "get_brands_information_for_group",
+	slug: "DOCUSIGN_GET_BRANDS_INFORMATION_FOR_GROUP",
+	name: "Get Brands For Group",
+	description: "List brands associated with a group.",
+	method: "GET",
+	path: (ctx) => `/groups/${ctx.encode(String(ctx.input.groupId))}/brands`,
+	input: groupId,
+	output: docusignGenericObjectSchema
+});
+
+//#endregion
+export { addExistingBrandToGroup, addUsersToExistingGroup, createGroupsForAccount, deleteBrandFromGroup, deleteUserGroup, deleteUsersFromGroup, getBrandsInformationForGroup, getGroupsInformationForAccount, getUsersInGroup, updateGroupInformation };

package/dist/index.d.mts

@@ -0,0 +1 @@
+export { };

package/dist/index.mjs

@@ -0,0 +1 @@
+export {  };

package/dist/integration-CmRztL9R.mjs

@@ -0,0 +1,229 @@
+import { defineOfficialIntegration } from "@keystrokehq/integration-authoring/official";
+import { z } from "zod";
+import { CredentialSet } from "@keystrokehq/core";
+import { TokenExchangeError, normalizeOAuthTokens, parseOAuthTokenResponse } from "@keystrokehq/credential-connection";
+
+//#region src/_official/provider-app.ts
+/**
+* Keystroke-owned OAuth client definition for the DocuSign public connection.
+*
+* Used for: OAuth authorization-code exchange, refresh, and the embedded
+* `/oauth/userinfo` lookup that resolves an account's `baseUri`.
+*/
+const docusignAppCredentialSet = new CredentialSet({
+	id: "docusign-app",
+	exposure: "platform-only",
+	name: "DocuSign App",
+	auth: z.object({
+		clientId: z.string().min(1),
+		clientSecret: z.string().min(1)
+	})
+});
+/**
+* Keystroke-owned Connect webhook signing secrets.
+*
+* DocuSign Connect allows up to 10 concurrent HMAC shared secrets for rotation.
+* Each outbound webhook is signed with every enabled secret as a separate
+* `X-DocuSign-Signature-{N}` header. Verification accepts a delivery if any
+* header matches any configured secret under a constant-time compare.
+*
+* Secrets are parsed from `KEYSTROKE_PLATFORM_DOCUSIGN_CONNECT_HMAC_SECRETS`,
+* a comma-separated list with newest first.
+*/
+const docusignConnectCredentialSet = new CredentialSet({
+	id: "docusign-connect",
+	exposure: "platform-only",
+	name: "DocuSign Connect",
+	auth: z.object({ hmacSecrets: z.array(z.string().min(1)).min(1) })
+});
+/**
+* Keystroke-owned JWT Grant integrator key + RSA private key.
+*
+* Declared for forward compatibility: runtime paths that require JWT Grant
+* (historical envelope replay, backend impersonation) will consume this
+* credential set in a follow-up without a registry change. Not wired to any
+* runtime path in v1 — any operation that would need JWT throws
+* `DocusignApiError.notImplemented({ kind: 'plan_gated' })` until then.
+*/
+const docusignJwtCredentialSet = new CredentialSet({
+	id: "docusign-jwt",
+	exposure: "platform-only",
+	name: "DocuSign JWT",
+	auth: z.object({
+		integratorKey: z.string().min(1),
+		impersonatedUserId: z.uuid(),
+		privateKeyPem: z.string().min(1),
+		oauthHost: z.enum(["account.docusign.com", "account-d.docusign.com"])
+	})
+});
+/**
+* Parse the comma-separated `KEYSTROKE_PLATFORM_DOCUSIGN_CONNECT_HMAC_SECRETS`
+* env value into the array shape the internal credential set expects. Empty
+* input resolves to `[]`, which fails the `.min(1)` parse so Connect triggers
+* reject deliveries until the env is populated.
+*/
+function parseHmacSecrets(raw) {
+	if (!raw) return [];
+	return raw.split(",").map((secret) => secret.trim()).filter((secret) => secret.length > 0);
+}
+const docusignPlatformProviderSeed = {
+	provider: "docusign",
+	appRef: "docusign-platform",
+	displayName: "DocuSign Platform",
+	credentialSetName: "Keystroke DocuSign Platform App",
+	envShape: {
+		KEYSTROKE_PLATFORM_DOCUSIGN_CLIENT_ID: z.string().optional(),
+		KEYSTROKE_PLATFORM_DOCUSIGN_CLIENT_SECRET: z.string().optional()
+	},
+	requiredEnvKeys: ["KEYSTROKE_PLATFORM_DOCUSIGN_CLIENT_ID", "KEYSTROKE_PLATFORM_DOCUSIGN_CLIENT_SECRET"],
+	externalAppIdEnvKey: "KEYSTROKE_PLATFORM_DOCUSIGN_CLIENT_ID",
+	buildCredentials: (env) => ({
+		clientId: env.KEYSTROKE_PLATFORM_DOCUSIGN_CLIENT_ID,
+		clientSecret: env.KEYSTROKE_PLATFORM_DOCUSIGN_CLIENT_SECRET
+	})
+};
+
+//#endregion
+//#region src/oauth-connection.ts
+const DOCUSIGN_OAUTH_HOST = "account.docusign.com";
+const DOCUSIGN_AUTH_URL = `https://${DOCUSIGN_OAUTH_HOST}/oauth/auth`;
+const DOCUSIGN_TOKEN_URL = `https://${DOCUSIGN_OAUTH_HOST}/oauth/token`;
+const DOCUSIGN_REVOKE_URL = `https://${DOCUSIGN_OAUTH_HOST}/oauth/revoke`;
+const DOCUSIGN_USERINFO_URL = `https://${DOCUSIGN_OAUTH_HOST}/oauth/userinfo`;
+const DOCUSIGN_OAUTH_SCOPES = ["signature", "extended"];
+function basicAuthHeader(clientId, clientSecret) {
+	return `Basic ${Buffer.from(`${clientId}:${clientSecret}`, "utf8").toString("base64")}`;
+}
+async function postDocusignToken(body, authHeader) {
+	const response = await fetch(DOCUSIGN_TOKEN_URL, {
+		method: "POST",
+		headers: {
+			Accept: "application/json",
+			"Content-Type": "application/x-www-form-urlencoded",
+			Authorization: authHeader
+		},
+		body
+	});
+	if (!response.ok) throw new TokenExchangeError(response.status);
+	const raw = await parseOAuthTokenResponse(response);
+	const { accessToken, refreshToken, expiresIn } = normalizeOAuthTokens(raw);
+	if (!accessToken) throw new Error("No access token in DocuSign response");
+	return {
+		accessToken,
+		refreshToken,
+		expiresIn,
+		raw
+	};
+}
+async function fetchDocusignUserinfo(accessToken) {
+	const response = await fetch(DOCUSIGN_USERINFO_URL, { headers: {
+		Accept: "application/json",
+		Authorization: `Bearer ${accessToken}`
+	} });
+	if (!response.ok) throw new Error(`DocuSign userinfo lookup failed with status ${response.status} while resolving base URI.`);
+	return await response.json();
+}
+function pickDefaultAccount(userinfo) {
+	const accounts = userinfo.accounts ?? [];
+	if (accounts.length === 0) return void 0;
+	const explicitDefault = accounts.find((account) => account.is_default === true && typeof account.account_id === "string" && typeof account.base_uri === "string");
+	if (explicitDefault) return {
+		accountId: explicitDefault.account_id,
+		baseUri: explicitDefault.base_uri
+	};
+	const firstWithBoth = accounts.find((account) => typeof account.account_id === "string" && typeof account.base_uri === "string");
+	if (firstWithBoth) return {
+		accountId: firstWithBoth.account_id,
+		baseUri: firstWithBoth.base_uri
+	};
+}
+const docusignOAuthConnection = {
+	kind: "oauth",
+	tokenType: "refreshable",
+	authUrl: DOCUSIGN_AUTH_URL,
+	tokenUrl: DOCUSIGN_TOKEN_URL,
+	revokeUrl: DOCUSIGN_REVOKE_URL,
+	scopes: [...DOCUSIGN_OAUTH_SCOPES],
+	oauth: { id: "official.docusign.oauth" },
+	vault: {
+		accessTokenKey: "DOCUSIGN_ACCESS_TOKEN",
+		build: (tokenResult) => {
+			const accountId = typeof tokenResult.raw._docusignAccountId === "string" ? tokenResult.raw._docusignAccountId : void 0;
+			const baseUri = typeof tokenResult.raw._docusignBaseUri === "string" ? tokenResult.raw._docusignBaseUri : void 0;
+			return {
+				DOCUSIGN_ACCESS_TOKEN: tokenResult.accessToken,
+				...accountId ? { DOCUSIGN_ACCOUNT_ID: accountId } : {},
+				...baseUri ? { DOCUSIGN_BASE_URI: baseUri } : {}
+			};
+		}
+	},
+	async exchangeCode({ oauthClient, code, redirectUri }) {
+		if (!code) throw new Error("Missing authorization code");
+		const tokenResult = await postDocusignToken(new URLSearchParams({
+			grant_type: "authorization_code",
+			code,
+			redirect_uri: redirectUri
+		}), basicAuthHeader(oauthClient.clientId, oauthClient.clientSecret));
+		const userinfo = await fetchDocusignUserinfo(tokenResult.accessToken);
+		const account = pickDefaultAccount(userinfo);
+		if (!account) throw new Error("DocuSign userinfo response did not include a resolvable account.");
+		tokenResult.raw._docusignAccountId = account.accountId;
+		tokenResult.raw._docusignBaseUri = account.baseUri;
+		tokenResult.raw._docusignUserinfo = userinfo;
+		return tokenResult;
+	},
+	async refreshToken({ oauthClient, refreshToken }) {
+		const tokenResult = await postDocusignToken(new URLSearchParams({
+			grant_type: "refresh_token",
+			refresh_token: refreshToken
+		}), basicAuthHeader(oauthClient.clientId, oauthClient.clientSecret));
+		const userinfo = await fetchDocusignUserinfo(tokenResult.accessToken);
+		const account = pickDefaultAccount(userinfo);
+		if (!account) throw new Error("DocuSign userinfo response did not include a resolvable account during refresh.");
+		tokenResult.raw._docusignAccountId = account.accountId;
+		tokenResult.raw._docusignBaseUri = account.baseUri;
+		tokenResult.raw._docusignUserinfo = userinfo;
+		return tokenResult;
+	},
+	extractInstallationInfo({ tokenResult }) {
+		const accountId = typeof tokenResult.raw._docusignAccountId === "string" ? tokenResult.raw._docusignAccountId : void 0;
+		const baseUri = typeof tokenResult.raw._docusignBaseUri === "string" ? tokenResult.raw._docusignBaseUri : void 0;
+		return {
+			externalInstallationId: accountId,
+			externalWorkspaceId: accountId,
+			metadata: accountId && baseUri ? {
+				accountId,
+				baseUri
+			} : void 0
+		};
+	}
+};
+
+//#endregion
+//#region src/integration.ts
+const docusignAuthSchema = z.object({
+	DOCUSIGN_ACCESS_TOKEN: z.string().min(1),
+	DOCUSIGN_ACCOUNT_ID: z.string().min(1),
+	DOCUSIGN_BASE_URI: z.url()
+});
+const docusignOfficialIntegration = {
+	id: "docusign",
+	name: "DocuSign",
+	description: "DocuSign eSignature, templates, bulk-send, Connect webhooks, and account/admin surfaces for Keystroke workflows",
+	auth: docusignAuthSchema,
+	connections: [{
+		id: "oauth",
+		...docusignOAuthConnection
+	}]
+};
+const docusignBundle = defineOfficialIntegration({
+	...docusignOfficialIntegration,
+	internal: {
+		providerApp: docusignAppCredentialSet,
+		other: [docusignConnectCredentialSet, docusignJwtCredentialSet]
+	}
+});
+const docusign = docusignBundle.credentialSet;
+
+//#endregion
+export { fetchDocusignUserinfo as a, docusignJwtCredentialSet as c, DOCUSIGN_USERINFO_URL as i, docusignPlatformProviderSeed as l, docusignBundle as n, docusignAppCredentialSet as o, docusignOfficialIntegration as r, docusignConnectCredentialSet as s, docusign as t, parseHmacSecrets as u };

package/dist/integration-DqwHRkRh.d.mts

@@ -0,0 +1,73 @@
+import * as _keystrokehq_integration_authoring_official0 from "@keystrokehq/integration-authoring/official";
+import { z } from "zod";
+import * as _keystrokehq_core0 from "@keystrokehq/core";
+import * as _keystrokehq_core_credential_set0 from "@keystrokehq/core/credential-set";
+import { InferCredentialSetAuth } from "@keystrokehq/core/credential-set";
+
+//#region src/integration.d.ts
+declare const docusignOfficialIntegration: {
+  id: "docusign";
+  name: string;
+  description: string;
+  auth: z.ZodObject<{
+    DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+    DOCUSIGN_ACCOUNT_ID: z.ZodString;
+    DOCUSIGN_BASE_URI: z.ZodURL;
+  }, z.core.$strip>;
+  connections: {
+    kind: "oauth";
+    tokenType: "refreshable";
+    authUrl: "https://account.docusign.com/oauth/auth";
+    tokenUrl: "https://account.docusign.com/oauth/token";
+    revokeUrl: "https://account.docusign.com/oauth/revoke";
+    scopes: readonly ["signature", "extended"];
+    oauth: {
+      readonly id: "official.docusign.oauth";
+    };
+    vault: {
+      readonly accessTokenKey: "DOCUSIGN_ACCESS_TOKEN";
+      readonly build: (tokenResult: _keystrokehq_core_credential_set0.TokenResult) => {
+        DOCUSIGN_BASE_URI?: string | undefined;
+        DOCUSIGN_ACCOUNT_ID?: string | undefined;
+        DOCUSIGN_ACCESS_TOKEN: string;
+      };
+    };
+    exchangeCode: ({
+      oauthClient,
+      code,
+      redirectUri
+    }: _keystrokehq_core_credential_set0.ExchangeCodeContext) => Promise<_keystrokehq_core_credential_set0.TokenResult>;
+    refreshToken: ({
+      oauthClient,
+      refreshToken
+    }: _keystrokehq_core_credential_set0.RefreshTokenContext) => Promise<_keystrokehq_core_credential_set0.TokenResult>;
+    extractInstallationInfo: ({
+      tokenResult
+    }: _keystrokehq_core_credential_set0.ExtractInstallationContext) => {
+      externalInstallationId: string | undefined;
+      externalWorkspaceId: string | undefined;
+      metadata: {
+        accountId: string;
+        baseUri: string;
+      } | undefined;
+    };
+    id: string;
+  }[];
+};
+declare const docusignBundle: _keystrokehq_integration_authoring_official0.OfficialIntegrationBundle<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>;
+declare const docusign: _keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>;
+type DocusignCredentials = InferCredentialSetAuth<typeof docusign>;
+//#endregion
+export { docusignOfficialIntegration as i, docusign as n, docusignBundle as r, DocusignCredentials as t };

package/dist/messaging.d.mts

@@ -0,0 +1 @@
+export { };

package/dist/messaging.mjs

@@ -0,0 +1 @@
+export {  };

package/dist/monitor.d.mts

@@ -0,0 +1,18 @@
+import { z } from "zod";
+import * as _keystrokehq_core0 from "@keystrokehq/core";
+import * as _keystrokehq_core_credential_set0 from "@keystrokehq/core/credential-set";
+
+//#region src/monitor.d.ts
+declare const monitorNotImplemented: _keystrokehq_core0.Operation<z.ZodObject<{}, z.core.$catchall<z.ZodUnknown>>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+//#endregion
+export { monitorNotImplemented };