@keystrokehq/docusign 0.0.10 → 0.0.15

package/dist/integration-BykMcCMC.mjs

@@ -1,229 +0,0 @@
-import { defineOfficialIntegration, officialCredentialSetId } from "@keystrokehq/integration-authoring/official";
-import { z } from "zod";
-import { CredentialSet } from "@keystrokehq/core";
-import { TokenExchangeError, normalizeOAuthTokens, parseOAuthTokenResponse } from "@keystrokehq/credential-connection";
-
-//#region src/_official/provider-app.ts
-/**
-* Keystroke-owned OAuth client definition for the DocuSign public connection.
-*
-* Used for: OAuth authorization-code exchange, refresh, and the embedded
-* `/oauth/userinfo` lookup that resolves an account's `baseUri`.
-*/
-const docusignAppCredentialSet = new CredentialSet({
-	id: officialCredentialSetId("docusign-app"),
-	exposure: "platform-only",
-	name: "DocuSign App",
-	auth: z.object({
-		clientId: z.string().min(1),
-		clientSecret: z.string().min(1)
-	})
-});
-/**
-* Keystroke-owned Connect webhook signing secrets.
-*
-* DocuSign Connect allows up to 10 concurrent HMAC shared secrets for rotation.
-* Each outbound webhook is signed with every enabled secret as a separate
-* `X-DocuSign-Signature-{N}` header. Verification accepts a delivery if any
-* header matches any configured secret under a constant-time compare.
-*
-* Secrets are parsed from `KEYSTROKE_OFFICIAL_DOCUSIGN_CONNECT_HMAC_SECRETS`,
-* a comma-separated list with newest first.
-*/
-const docusignConnectCredentialSet = new CredentialSet({
-	id: officialCredentialSetId("docusign-connect"),
-	exposure: "platform-only",
-	name: "DocuSign Connect",
-	auth: z.object({ hmacSecrets: z.array(z.string().min(1)).min(1) })
-});
-/**
-* Keystroke-owned JWT Grant integrator key + RSA private key.
-*
-* Declared for forward compatibility: runtime paths that require JWT Grant
-* (historical envelope replay, backend impersonation) will consume this
-* credential set in a follow-up without a registry change. Not wired to any
-* runtime path in v1 — any operation that would need JWT throws
-* `DocusignApiError.notImplemented({ kind: 'plan_gated' })` until then.
-*/
-const docusignJwtCredentialSet = new CredentialSet({
-	id: officialCredentialSetId("docusign-jwt"),
-	exposure: "platform-only",
-	name: "DocuSign JWT",
-	auth: z.object({
-		integratorKey: z.string().min(1),
-		impersonatedUserId: z.uuid(),
-		privateKeyPem: z.string().min(1),
-		oauthHost: z.enum(["account.docusign.com", "account-d.docusign.com"])
-	})
-});
-/**
-* Parse the comma-separated `KEYSTROKE_OFFICIAL_DOCUSIGN_CONNECT_HMAC_SECRETS`
-* env value into the array shape the internal credential set expects. Empty
-* input resolves to `[]`, which fails the `.min(1)` parse so Connect triggers
-* reject deliveries until the env is populated.
-*/
-function parseHmacSecrets(raw) {
-	if (!raw) return [];
-	return raw.split(",").map((secret) => secret.trim()).filter((secret) => secret.length > 0);
-}
-const docusignOfficialProviderSeed = {
-	provider: "docusign",
-	appRef: "docusign-platform",
-	displayName: "DocuSign Platform",
-	credentialSetName: "Keystroke DocuSign Platform App",
-	envShape: {
-		KEYSTROKE_OFFICIAL_DOCUSIGN_CLIENT_ID: z.string().optional(),
-		KEYSTROKE_OFFICIAL_DOCUSIGN_CLIENT_SECRET: z.string().optional()
-	},
-	requiredEnvKeys: ["KEYSTROKE_OFFICIAL_DOCUSIGN_CLIENT_ID", "KEYSTROKE_OFFICIAL_DOCUSIGN_CLIENT_SECRET"],
-	externalAppIdEnvKey: "KEYSTROKE_OFFICIAL_DOCUSIGN_CLIENT_ID",
-	buildCredentials: (env) => ({
-		clientId: env.KEYSTROKE_OFFICIAL_DOCUSIGN_CLIENT_ID,
-		clientSecret: env.KEYSTROKE_OFFICIAL_DOCUSIGN_CLIENT_SECRET
-	})
-};
-
-//#endregion
-//#region src/oauth-connection.ts
-const DOCUSIGN_OAUTH_HOST = "account.docusign.com";
-const DOCUSIGN_AUTH_URL = `https://${DOCUSIGN_OAUTH_HOST}/oauth/auth`;
-const DOCUSIGN_TOKEN_URL = `https://${DOCUSIGN_OAUTH_HOST}/oauth/token`;
-const DOCUSIGN_REVOKE_URL = `https://${DOCUSIGN_OAUTH_HOST}/oauth/revoke`;
-const DOCUSIGN_USERINFO_URL = `https://${DOCUSIGN_OAUTH_HOST}/oauth/userinfo`;
-const DOCUSIGN_OAUTH_SCOPES = ["signature", "extended"];
-function basicAuthHeader(clientId, clientSecret) {
-	return `Basic ${Buffer.from(`${clientId}:${clientSecret}`, "utf8").toString("base64")}`;
-}
-async function postDocusignToken(body, authHeader) {
-	const response = await fetch(DOCUSIGN_TOKEN_URL, {
-		method: "POST",
-		headers: {
-			Accept: "application/json",
-			"Content-Type": "application/x-www-form-urlencoded",
-			Authorization: authHeader
-		},
-		body
-	});
-	if (!response.ok) throw new TokenExchangeError(response.status);
-	const raw = await parseOAuthTokenResponse(response);
-	const { accessToken, refreshToken, expiresIn } = normalizeOAuthTokens(raw);
-	if (!accessToken) throw new Error("No access token in DocuSign response");
-	return {
-		accessToken,
-		refreshToken,
-		expiresIn,
-		raw
-	};
-}
-async function fetchDocusignUserinfo(accessToken) {
-	const response = await fetch(DOCUSIGN_USERINFO_URL, { headers: {
-		Accept: "application/json",
-		Authorization: `Bearer ${accessToken}`
-	} });
-	if (!response.ok) throw new Error(`DocuSign userinfo lookup failed with status ${response.status} while resolving base URI.`);
-	return await response.json();
-}
-function pickDefaultAccount(userinfo) {
-	const accounts = userinfo.accounts ?? [];
-	if (accounts.length === 0) return void 0;
-	const explicitDefault = accounts.find((account) => account.is_default === true && typeof account.account_id === "string" && typeof account.base_uri === "string");
-	if (explicitDefault) return {
-		accountId: explicitDefault.account_id,
-		baseUri: explicitDefault.base_uri
-	};
-	const firstWithBoth = accounts.find((account) => typeof account.account_id === "string" && typeof account.base_uri === "string");
-	if (firstWithBoth) return {
-		accountId: firstWithBoth.account_id,
-		baseUri: firstWithBoth.base_uri
-	};
-}
-const docusignOAuthConnection = {
-	kind: "oauth",
-	tokenType: "refreshable",
-	authUrl: DOCUSIGN_AUTH_URL,
-	tokenUrl: DOCUSIGN_TOKEN_URL,
-	revokeUrl: DOCUSIGN_REVOKE_URL,
-	scopes: [...DOCUSIGN_OAUTH_SCOPES],
-	oauth: { id: "official.docusign.oauth" },
-	vault: {
-		accessTokenKey: "DOCUSIGN_ACCESS_TOKEN",
-		build: (tokenResult) => {
-			const accountId = typeof tokenResult.raw._docusignAccountId === "string" ? tokenResult.raw._docusignAccountId : void 0;
-			const baseUri = typeof tokenResult.raw._docusignBaseUri === "string" ? tokenResult.raw._docusignBaseUri : void 0;
-			return {
-				DOCUSIGN_ACCESS_TOKEN: tokenResult.accessToken,
-				...accountId ? { DOCUSIGN_ACCOUNT_ID: accountId } : {},
-				...baseUri ? { DOCUSIGN_BASE_URI: baseUri } : {}
-			};
-		}
-	},
-	async exchangeCode({ oauthClient, code, redirectUri }) {
-		if (!code) throw new Error("Missing authorization code");
-		const tokenResult = await postDocusignToken(new URLSearchParams({
-			grant_type: "authorization_code",
-			code,
-			redirect_uri: redirectUri
-		}), basicAuthHeader(oauthClient.clientId, oauthClient.clientSecret));
-		const userinfo = await fetchDocusignUserinfo(tokenResult.accessToken);
-		const account = pickDefaultAccount(userinfo);
-		if (!account) throw new Error("DocuSign userinfo response did not include a resolvable account.");
-		tokenResult.raw._docusignAccountId = account.accountId;
-		tokenResult.raw._docusignBaseUri = account.baseUri;
-		tokenResult.raw._docusignUserinfo = userinfo;
-		return tokenResult;
-	},
-	async refreshToken({ oauthClient, refreshToken }) {
-		const tokenResult = await postDocusignToken(new URLSearchParams({
-			grant_type: "refresh_token",
-			refresh_token: refreshToken
-		}), basicAuthHeader(oauthClient.clientId, oauthClient.clientSecret));
-		const userinfo = await fetchDocusignUserinfo(tokenResult.accessToken);
-		const account = pickDefaultAccount(userinfo);
-		if (!account) throw new Error("DocuSign userinfo response did not include a resolvable account during refresh.");
-		tokenResult.raw._docusignAccountId = account.accountId;
-		tokenResult.raw._docusignBaseUri = account.baseUri;
-		tokenResult.raw._docusignUserinfo = userinfo;
-		return tokenResult;
-	},
-	extractInstallationInfo({ tokenResult }) {
-		const accountId = typeof tokenResult.raw._docusignAccountId === "string" ? tokenResult.raw._docusignAccountId : void 0;
-		const baseUri = typeof tokenResult.raw._docusignBaseUri === "string" ? tokenResult.raw._docusignBaseUri : void 0;
-		return {
-			externalInstallationId: accountId,
-			externalWorkspaceId: accountId,
-			metadata: accountId && baseUri ? {
-				accountId,
-				baseUri
-			} : void 0
-		};
-	}
-};
-
-//#endregion
-//#region src/integration.ts
-const docusignAuthSchema = z.object({
-	DOCUSIGN_ACCESS_TOKEN: z.string().min(1),
-	DOCUSIGN_ACCOUNT_ID: z.string().min(1),
-	DOCUSIGN_BASE_URI: z.url()
-});
-const docusignOfficialIntegration = {
-	id: "docusign",
-	name: "DocuSign",
-	description: "DocuSign eSignature, templates, bulk-send, Connect webhooks, and account/admin surfaces for Keystroke workflows",
-	auth: docusignAuthSchema,
-	connections: [{
-		id: "oauth",
-		...docusignOAuthConnection
-	}]
-};
-const docusignBundle = defineOfficialIntegration({
-	...docusignOfficialIntegration,
-	internal: {
-		providerApp: docusignAppCredentialSet,
-		other: [docusignConnectCredentialSet, docusignJwtCredentialSet]
-	}
-});
-const docusign = docusignBundle.credentialSet;
-
-//#endregion
-export { fetchDocusignUserinfo as a, docusignJwtCredentialSet as c, DOCUSIGN_USERINFO_URL as i, docusignOfficialProviderSeed as l, docusignBundle as n, docusignAppCredentialSet as o, docusignOfficialIntegration as r, docusignConnectCredentialSet as s, docusign as t, parseHmacSecrets as u };

package/dist/integration-SYThzunD.d.mts

@@ -1,73 +0,0 @@
-import * as _keystrokehq_integration_authoring_official0 from "@keystrokehq/integration-authoring/official";
-import { z } from "zod";
-import * as _keystrokehq_core0 from "@keystrokehq/core";
-import * as _keystrokehq_core_credential_set0 from "@keystrokehq/core/credential-set";
-import { InferCredentialSetAuth } from "@keystrokehq/core/credential-set";
-
-//#region src/integration.d.ts
-declare const docusignOfficialIntegration: {
-  id: "docusign";
-  name: string;
-  description: string;
-  auth: z.ZodObject<{
-    DOCUSIGN_ACCESS_TOKEN: z.ZodString;
-    DOCUSIGN_ACCOUNT_ID: z.ZodString;
-    DOCUSIGN_BASE_URI: z.ZodURL;
-  }, z.core.$strip>;
-  connections: {
-    kind: "oauth";
-    tokenType: "refreshable";
-    authUrl: "https://account.docusign.com/oauth/auth";
-    tokenUrl: "https://account.docusign.com/oauth/token";
-    revokeUrl: "https://account.docusign.com/oauth/revoke";
-    scopes: readonly ["signature", "extended"];
-    oauth: {
-      readonly id: "official.docusign.oauth";
-    };
-    vault: {
-      readonly accessTokenKey: "DOCUSIGN_ACCESS_TOKEN";
-      readonly build: (tokenResult: _keystrokehq_core_credential_set0.TokenResult) => {
-        DOCUSIGN_BASE_URI?: string | undefined;
-        DOCUSIGN_ACCOUNT_ID?: string | undefined;
-        DOCUSIGN_ACCESS_TOKEN: string;
-      };
-    };
-    exchangeCode: ({
-      oauthClient,
-      code,
-      redirectUri
-    }: _keystrokehq_core_credential_set0.ExchangeCodeContext) => Promise<_keystrokehq_core_credential_set0.TokenResult>;
-    refreshToken: ({
-      oauthClient,
-      refreshToken
-    }: _keystrokehq_core_credential_set0.RefreshTokenContext) => Promise<_keystrokehq_core_credential_set0.TokenResult>;
-    extractInstallationInfo: ({
-      tokenResult
-    }: _keystrokehq_core_credential_set0.ExtractInstallationContext) => {
-      externalInstallationId: string | undefined;
-      externalWorkspaceId: string | undefined;
-      metadata: {
-        accountId: string;
-        baseUri: string;
-      } | undefined;
-    };
-    id: string;
-  }[];
-};
-declare const docusignBundle: _keystrokehq_integration_authoring_official0.OfficialIntegrationBundle<"docusign", z.ZodObject<{
-  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
-  DOCUSIGN_ACCOUNT_ID: z.ZodString;
-  DOCUSIGN_BASE_URI: z.ZodURL;
-}, z.core.$strip>>;
-declare const docusign: _keystrokehq_core0.CredentialSet<"keystroke:docusign", z.ZodObject<{
-  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
-  DOCUSIGN_ACCOUNT_ID: z.ZodString;
-  DOCUSIGN_BASE_URI: z.ZodURL;
-}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
-  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
-  DOCUSIGN_ACCOUNT_ID: z.ZodString;
-  DOCUSIGN_BASE_URI: z.ZodURL;
-}, z.core.$strip>>[] | undefined>;
-type DocusignCredentials = InferCredentialSetAuth<typeof docusign>;
-//#endregion
-export { docusignOfficialIntegration as i, docusign as n, docusignBundle as r, DocusignCredentials as t };