@keystrokehq/docusign 0.0.1

package/dist/provider-app-CWp1SuI4.d.mts

@@ -0,0 +1,88 @@
+import { z } from "zod";
+import { CredentialSet } from "@keystrokehq/core";
+import * as _keystrokehq_core_credential_set0 from "@keystrokehq/core/credential-set";
+
+//#region src/_official/provider-app.d.ts
+/**
+ * Keystroke-owned OAuth client definition for the DocuSign public connection.
+ *
+ * Used for: OAuth authorization-code exchange, refresh, and the embedded
+ * `/oauth/userinfo` lookup that resolves an account's `baseUri`.
+ */
+declare const docusignAppCredentialSet: CredentialSet<"docusign-app", z.ZodObject<{
+  clientId: z.ZodString;
+  clientSecret: z.ZodString;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  clientId: z.ZodString;
+  clientSecret: z.ZodString;
+}, z.core.$strip>>[] | undefined>;
+/**
+ * Keystroke-owned Connect webhook signing secrets.
+ *
+ * DocuSign Connect allows up to 10 concurrent HMAC shared secrets for rotation.
+ * Each outbound webhook is signed with every enabled secret as a separate
+ * `X-DocuSign-Signature-{N}` header. Verification accepts a delivery if any
+ * header matches any configured secret under a constant-time compare.
+ *
+ * Secrets are parsed from `KEYSTROKE_PLATFORM_DOCUSIGN_CONNECT_HMAC_SECRETS`,
+ * a comma-separated list with newest first.
+ */
+declare const docusignConnectCredentialSet: CredentialSet<"docusign-connect", z.ZodObject<{
+  hmacSecrets: z.ZodArray<z.ZodString>;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  hmacSecrets: z.ZodArray<z.ZodString>;
+}, z.core.$strip>>[] | undefined>;
+/**
+ * Keystroke-owned JWT Grant integrator key + RSA private key.
+ *
+ * Declared for forward compatibility: runtime paths that require JWT Grant
+ * (historical envelope replay, backend impersonation) will consume this
+ * credential set in a follow-up without a registry change. Not wired to any
+ * runtime path in v1 — any operation that would need JWT throws
+ * `DocusignApiError.notImplemented({ kind: 'plan_gated' })` until then.
+ */
+declare const docusignJwtCredentialSet: CredentialSet<"docusign-jwt", z.ZodObject<{
+  integratorKey: z.ZodString;
+  impersonatedUserId: z.ZodUUID;
+  privateKeyPem: z.ZodString;
+  oauthHost: z.ZodEnum<{
+    "account.docusign.com": "account.docusign.com";
+    "account-d.docusign.com": "account-d.docusign.com";
+  }>;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  integratorKey: z.ZodString;
+  impersonatedUserId: z.ZodUUID;
+  privateKeyPem: z.ZodString;
+  oauthHost: z.ZodEnum<{
+    "account.docusign.com": "account.docusign.com";
+    "account-d.docusign.com": "account-d.docusign.com";
+  }>;
+}, z.core.$strip>>[] | undefined>;
+/**
+ * Parse the comma-separated `KEYSTROKE_PLATFORM_DOCUSIGN_CONNECT_HMAC_SECRETS`
+ * env value into the array shape the internal credential set expects. Empty
+ * input resolves to `[]`, which fails the `.min(1)` parse so Connect triggers
+ * reject deliveries until the env is populated.
+ */
+declare function parseHmacSecrets(raw: string | undefined): readonly string[];
+declare const docusignPlatformProviderSeed: {
+  readonly provider: "docusign";
+  readonly appRef: "docusign-platform";
+  readonly displayName: "DocuSign Platform";
+  readonly credentialSetName: "Keystroke DocuSign Platform App";
+  readonly envShape: {
+    readonly KEYSTROKE_PLATFORM_DOCUSIGN_CLIENT_ID: z.ZodOptional<z.ZodString>;
+    readonly KEYSTROKE_PLATFORM_DOCUSIGN_CLIENT_SECRET: z.ZodOptional<z.ZodString>;
+  };
+  readonly requiredEnvKeys: readonly ["KEYSTROKE_PLATFORM_DOCUSIGN_CLIENT_ID", "KEYSTROKE_PLATFORM_DOCUSIGN_CLIENT_SECRET"];
+  readonly externalAppIdEnvKey: "KEYSTROKE_PLATFORM_DOCUSIGN_CLIENT_ID";
+  readonly buildCredentials: (env: Record<string, string | undefined>) => {
+    clientId: string | undefined;
+    clientSecret: string | undefined;
+  };
+};
+type DocusignAppCredentials = z.infer<typeof docusignAppCredentialSet.auth>;
+type DocusignConnectCredentials = z.infer<typeof docusignConnectCredentialSet.auth>;
+type DocusignJwtCredentials = z.infer<typeof docusignJwtCredentialSet.auth>;
+//#endregion
+export { docusignConnectCredentialSet as a, parseHmacSecrets as c, docusignAppCredentialSet as i, DocusignConnectCredentials as n, docusignJwtCredentialSet as o, DocusignJwtCredentials as r, docusignPlatformProviderSeed as s, DocusignAppCredentials as t };

package/dist/rooms.d.mts

@@ -0,0 +1,18 @@
+import { z } from "zod";
+import * as _keystrokehq_core0 from "@keystrokehq/core";
+import * as _keystrokehq_core_credential_set0 from "@keystrokehq/core/credential-set";
+
+//#region src/rooms.d.ts
+declare const roomsNotImplemented: _keystrokehq_core0.Operation<z.ZodObject<{}, z.core.$catchall<z.ZodUnknown>>, z.ZodObject<{
+  [x: string]: z.core.$ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>;
+}, z.core.$catchall<z.ZodUnknown>>, readonly [_keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
+  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
+  DOCUSIGN_ACCOUNT_ID: z.ZodString;
+  DOCUSIGN_BASE_URI: z.ZodURL;
+}, z.core.$strip>>[] | undefined>], undefined>;
+//#endregion
+export { roomsNotImplemented };

package/dist/rooms.mjs

@@ -0,0 +1,28 @@
+import { docusignGenericObjectSchema } from "./schemas/index.mjs";
+import { n as definePlanGatedOperation } from "./operation-helpers-BMTArRh9.mjs";
+import { z } from "zod";
+
+//#region src/rooms.ts
+/**
+* DocuSign Rooms API — plan-gated in v1.
+*
+* Rooms requires a separate product entitlement and different host
+* (`https://{server}.rooms.docusign.com/restapi/v2`). These operations are
+* declared so the slug surface stays complete, but each throws a typed
+* `plan_gated` error until the Rooms client is enabled.
+*
+* See `IMPLEMENTATION_NOTES.md` § 2 / § 7 Q1 for the rationale.
+*/
+const genericInput = z.object({}).catchall(z.unknown());
+const roomsNotImplemented = definePlanGatedOperation({
+	id: "rooms_not_implemented",
+	slug: "DOCUSIGN_ROOMS_NOT_IMPLEMENTED",
+	name: "DocuSign Rooms (not implemented)",
+	description: "Placeholder for the DocuSign Rooms API. Ships disabled until Rooms is enabled on the account and the Rooms client wiring lands (follow-up PR).",
+	input: genericInput,
+	output: docusignGenericObjectSchema,
+	reason: "DocuSign Rooms is a plan-gated product with a different base host and has not been enabled on this Keystroke deployment yet."
+});
+
+//#endregion
+export { roomsNotImplemented };