@keystrokehq/docusign 0.0.11 → 0.0.15

package/dist/integration-BcEp_dFX.mjs

@@ -1,365 +0,0 @@
-import { CredentialSet, Operation } from "@keystrokehq/core";
-import { z } from "zod";
-
-//#region ../../packages/integration-authoring/dist/official/runtime.mjs
-const REGISTRY_KEY = "__ks_official_integration_metadata_registry";
-function getRegistry() {
-	const globalStore = globalThis;
-	if (!globalStore[REGISTRY_KEY]) globalStore[REGISTRY_KEY] = /* @__PURE__ */ new WeakMap();
-	return globalStore[REGISTRY_KEY];
-}
-function registerOfficialOperation(operation, metadata) {
-	getRegistry().set(operation, Object.freeze({ ...metadata }));
-}
-
-//#endregion
-//#region ../../packages/integration-authoring/dist/official/index.mjs
-const OFFICIAL_CREDENTIAL_SET_ID_PREFIX = "keystroke:";
-function officialCredentialSetId(id) {
-	return `${OFFICIAL_CREDENTIAL_SET_ID_PREFIX}${id}`;
-}
-function stripOfficialCredentialSetIdPrefix(id) {
-	return id.startsWith(OFFICIAL_CREDENTIAL_SET_ID_PREFIX) ? id.slice(10) : id;
-}
-/**
-* Creates a factory for Keystroke-official integration operations.
-*
-* It keeps the same flat `run(input, credentials)` ergonomics as the generic
-* operation factory, while registering official metadata for builder/runtime
-* operation metadata.
-*/
-function createOfficialOperationFactory(credentialSet) {
-	const integrationId = stripOfficialCredentialSetIdPrefix(credentialSet.id);
-	return (config) => {
-		const wrappedRun = async (input, ctx) => {
-			const creds = ctx.credentials[credentialSet.id];
-			return config.run(input, creds);
-		};
-		const operation = new Operation({
-			id: config.id,
-			name: config.name,
-			description: config.description,
-			input: config.input,
-			output: config.output,
-			credentialSets: [credentialSet],
-			...config.tags !== void 0 ? { tags: config.tags } : {},
-			...config.needsApproval !== void 0 ? { needsApproval: config.needsApproval } : {},
-			...config.requiredOAuthScopes !== void 0 ? { requiredOAuthScopes: config.requiredOAuthScopes } : {},
-			...config.retries !== void 0 ? { retries: config.retries } : {},
-			...config.timeout !== void 0 ? { timeout: config.timeout } : {},
-			...config.maxDurationMs !== void 0 ? { maxDurationMs: config.maxDurationMs } : {},
-			run: wrappedRun
-		});
-		registerOfficialOperation(operation, { integrationId });
-		return operation;
-	};
-}
-/**
-* Creates an official integration bundle from a single config object.
-*
-* - Creates the public `CredentialSet` internally.
-* - Accepts optional `internal` fields for Keystroke-owned platform credentials.
-*/
-function defineOfficialIntegration(config) {
-	const internalCredentialSets = config.internal ?? {};
-	const allInternalCredentialSets = [
-		...internalCredentialSets.providerApp ? [internalCredentialSets.providerApp] : [],
-		...internalCredentialSets.providerAppVariants ?? [],
-		...internalCredentialSets.webhookVerification ? [internalCredentialSets.webhookVerification] : [],
-		...internalCredentialSets.other ?? []
-	];
-	const credentialSet = new CredentialSet({
-		id: config.id,
-		name: config.name,
-		description: config.description,
-		auth: config.auth,
-		...config.connections ? { connections: config.connections } : {},
-		...config.proxy ? { proxy: config.proxy } : {},
-		...config.needsRawSecret === true ? { needsRawSecret: true } : {}
-	});
-	return Object.freeze({
-		integration: {
-			id: config.id,
-			name: config.name,
-			...config.description !== void 0 ? { description: config.description } : {},
-			auth: config.auth,
-			...config.proxy ? { proxy: config.proxy } : {},
-			...config.needsRawSecret === true ? { needsRawSecret: true } : {},
-			...config.connections ? { connections: config.connections } : {}
-		},
-		credentialSet,
-		internalCredentialSets,
-		allInternalCredentialSets
-	});
-}
-
-//#endregion
-//#region src/_official/provider-app.ts
-/**
-* Keystroke-owned OAuth client definition for the DocuSign public connection.
-*
-* Used for: OAuth authorization-code exchange, refresh, and the embedded
-* `/oauth/userinfo` lookup that resolves an account's `baseUri`.
-*/
-const docusignAppCredentialSet = new CredentialSet({
-	id: officialCredentialSetId("docusign-app"),
-	exposure: "platform-only",
-	name: "DocuSign App",
-	auth: z.object({
-		clientId: z.string().min(1),
-		clientSecret: z.string().min(1)
-	})
-});
-/**
-* Keystroke-owned Connect webhook signing secrets.
-*
-* DocuSign Connect allows up to 10 concurrent HMAC shared secrets for rotation.
-* Each outbound webhook is signed with every enabled secret as a separate
-* `X-DocuSign-Signature-{N}` header. Verification accepts a delivery if any
-* header matches any configured secret under a constant-time compare.
-*
-* Secrets are parsed from `KEYSTROKE_OFFICIAL_DOCUSIGN_CONNECT_HMAC_SECRETS`,
-* a comma-separated list with newest first.
-*/
-const docusignConnectCredentialSet = new CredentialSet({
-	id: officialCredentialSetId("docusign-connect"),
-	exposure: "platform-only",
-	name: "DocuSign Connect",
-	auth: z.object({ hmacSecrets: z.array(z.string().min(1)).min(1) })
-});
-/**
-* Keystroke-owned JWT Grant integrator key + RSA private key.
-*
-* Declared for forward compatibility: runtime paths that require JWT Grant
-* (historical envelope replay, backend impersonation) will consume this
-* credential set in a follow-up without a registry change. Not wired to any
-* runtime path in v1 — any operation that would need JWT throws
-* `DocusignApiError.notImplemented({ kind: 'plan_gated' })` until then.
-*/
-const docusignJwtCredentialSet = new CredentialSet({
-	id: officialCredentialSetId("docusign-jwt"),
-	exposure: "platform-only",
-	name: "DocuSign JWT",
-	auth: z.object({
-		integratorKey: z.string().min(1),
-		impersonatedUserId: z.uuid(),
-		privateKeyPem: z.string().min(1),
-		oauthHost: z.enum(["account.docusign.com", "account-d.docusign.com"])
-	})
-});
-/**
-* Parse the comma-separated `KEYSTROKE_OFFICIAL_DOCUSIGN_CONNECT_HMAC_SECRETS`
-* env value into the array shape the internal credential set expects. Empty
-* input resolves to `[]`, which fails the `.min(1)` parse so Connect triggers
-* reject deliveries until the env is populated.
-*/
-function parseHmacSecrets(raw) {
-	if (!raw) return [];
-	return raw.split(",").map((secret) => secret.trim()).filter((secret) => secret.length > 0);
-}
-const docusignOfficialProviderSeed = {
-	provider: "docusign",
-	appRef: "docusign-platform",
-	displayName: "DocuSign Platform",
-	credentialSetName: "Keystroke DocuSign Platform App",
-	envShape: {
-		KEYSTROKE_OFFICIAL_DOCUSIGN_CLIENT_ID: z.string().optional(),
-		KEYSTROKE_OFFICIAL_DOCUSIGN_CLIENT_SECRET: z.string().optional()
-	},
-	requiredEnvKeys: ["KEYSTROKE_OFFICIAL_DOCUSIGN_CLIENT_ID", "KEYSTROKE_OFFICIAL_DOCUSIGN_CLIENT_SECRET"],
-	externalAppIdEnvKey: "KEYSTROKE_OFFICIAL_DOCUSIGN_CLIENT_ID",
-	buildCredentials: (env) => ({
-		clientId: env.KEYSTROKE_OFFICIAL_DOCUSIGN_CLIENT_ID,
-		clientSecret: env.KEYSTROKE_OFFICIAL_DOCUSIGN_CLIENT_SECRET
-	})
-};
-
-//#endregion
-//#region ../../packages/credential-connection/dist/defaults-YE9AvLIc.mjs
-/**
-* Shared OAuth 2.0 token-response plumbing.
-*
-* `parseOAuthTokenResponse` handles the two common wire formats (JSON and
-* form-urlencoded, the latter used by GitHub unless you explicitly ask for
-* JSON). `normalizeOAuthTokens` pulls the standard fields out of the parsed
-* body in both the flat form and Slack's nested `authed_user.access_token`
-* form. These helpers are exposed so integration authors overriding
-* `exchangeCode` / `refreshToken` do not have to re-implement them.
-*/
-var TokenExchangeError = class extends Error {
-	httpStatus;
-	constructor(httpStatus) {
-		super(`Token exchange failed: HTTP ${httpStatus}`);
-		this.name = "TokenExchangeError";
-		this.httpStatus = httpStatus;
-	}
-};
-async function parseOAuthTokenResponse(response) {
-	const contentType = response.headers.get("content-type")?.toLowerCase() ?? "";
-	if (contentType.includes("application/json")) return await response.json();
-	const text = await response.text();
-	if (!text.trim()) return {};
-	if (contentType.includes("application/x-www-form-urlencoded") || text.includes("=")) {
-		const params = new URLSearchParams(text);
-		return Object.fromEntries(params.entries());
-	}
-	throw new Error(`Unsupported OAuth token response content type: ${contentType || "unknown"}`);
-}
-function normalizeOAuthTokens(tokenData) {
-	const authedUser = tokenData.authed_user;
-	const rawAccessToken = tokenData.access_token ?? authedUser?.access_token;
-	const rawRefreshToken = tokenData.refresh_token;
-	const rawExpiresIn = tokenData.expires_in;
-	const rawInstanceUrl = tokenData.instance_url;
-	return {
-		accessToken: typeof rawAccessToken === "string" ? rawAccessToken : void 0,
-		refreshToken: typeof rawRefreshToken === "string" ? rawRefreshToken : void 0,
-		expiresIn: typeof rawExpiresIn === "number" ? rawExpiresIn : typeof rawExpiresIn === "string" ? Number(rawExpiresIn) || void 0 : void 0,
-		instanceUrl: typeof rawInstanceUrl === "string" ? rawInstanceUrl : void 0
-	};
-}
-
-//#endregion
-//#region src/oauth-connection.ts
-const DOCUSIGN_OAUTH_HOST = "account.docusign.com";
-const DOCUSIGN_AUTH_URL = `https://${DOCUSIGN_OAUTH_HOST}/oauth/auth`;
-const DOCUSIGN_TOKEN_URL = `https://${DOCUSIGN_OAUTH_HOST}/oauth/token`;
-const DOCUSIGN_REVOKE_URL = `https://${DOCUSIGN_OAUTH_HOST}/oauth/revoke`;
-const DOCUSIGN_USERINFO_URL = `https://${DOCUSIGN_OAUTH_HOST}/oauth/userinfo`;
-const DOCUSIGN_OAUTH_SCOPES = ["signature", "extended"];
-function basicAuthHeader(clientId, clientSecret) {
-	return `Basic ${Buffer.from(`${clientId}:${clientSecret}`, "utf8").toString("base64")}`;
-}
-async function postDocusignToken(body, authHeader) {
-	const response = await fetch(DOCUSIGN_TOKEN_URL, {
-		method: "POST",
-		headers: {
-			Accept: "application/json",
-			"Content-Type": "application/x-www-form-urlencoded",
-			Authorization: authHeader
-		},
-		body
-	});
-	if (!response.ok) throw new TokenExchangeError(response.status);
-	const raw = await parseOAuthTokenResponse(response);
-	const { accessToken, refreshToken, expiresIn } = normalizeOAuthTokens(raw);
-	if (!accessToken) throw new Error("No access token in DocuSign response");
-	return {
-		accessToken,
-		refreshToken,
-		expiresIn,
-		raw
-	};
-}
-async function fetchDocusignUserinfo(accessToken) {
-	const response = await fetch(DOCUSIGN_USERINFO_URL, { headers: {
-		Accept: "application/json",
-		Authorization: `Bearer ${accessToken}`
-	} });
-	if (!response.ok) throw new Error(`DocuSign userinfo lookup failed with status ${response.status} while resolving base URI.`);
-	return await response.json();
-}
-function pickDefaultAccount(userinfo) {
-	const accounts = userinfo.accounts ?? [];
-	if (accounts.length === 0) return void 0;
-	const explicitDefault = accounts.find((account) => account.is_default === true && typeof account.account_id === "string" && typeof account.base_uri === "string");
-	if (explicitDefault) return {
-		accountId: explicitDefault.account_id,
-		baseUri: explicitDefault.base_uri
-	};
-	const firstWithBoth = accounts.find((account) => typeof account.account_id === "string" && typeof account.base_uri === "string");
-	if (firstWithBoth) return {
-		accountId: firstWithBoth.account_id,
-		baseUri: firstWithBoth.base_uri
-	};
-}
-const docusignOAuthConnection = {
-	kind: "oauth",
-	tokenType: "refreshable",
-	authUrl: DOCUSIGN_AUTH_URL,
-	tokenUrl: DOCUSIGN_TOKEN_URL,
-	revokeUrl: DOCUSIGN_REVOKE_URL,
-	scopes: [...DOCUSIGN_OAUTH_SCOPES],
-	oauth: { id: "official.docusign.oauth" },
-	vault: {
-		accessTokenKey: "DOCUSIGN_ACCESS_TOKEN",
-		build: (tokenResult) => {
-			const accountId = typeof tokenResult.raw._docusignAccountId === "string" ? tokenResult.raw._docusignAccountId : void 0;
-			const baseUri = typeof tokenResult.raw._docusignBaseUri === "string" ? tokenResult.raw._docusignBaseUri : void 0;
-			return {
-				DOCUSIGN_ACCESS_TOKEN: tokenResult.accessToken,
-				...accountId ? { DOCUSIGN_ACCOUNT_ID: accountId } : {},
-				...baseUri ? { DOCUSIGN_BASE_URI: baseUri } : {}
-			};
-		}
-	},
-	async exchangeCode({ oauthClient, code, redirectUri }) {
-		if (!code) throw new Error("Missing authorization code");
-		const tokenResult = await postDocusignToken(new URLSearchParams({
-			grant_type: "authorization_code",
-			code,
-			redirect_uri: redirectUri
-		}), basicAuthHeader(oauthClient.clientId, oauthClient.clientSecret));
-		const userinfo = await fetchDocusignUserinfo(tokenResult.accessToken);
-		const account = pickDefaultAccount(userinfo);
-		if (!account) throw new Error("DocuSign userinfo response did not include a resolvable account.");
-		tokenResult.raw._docusignAccountId = account.accountId;
-		tokenResult.raw._docusignBaseUri = account.baseUri;
-		tokenResult.raw._docusignUserinfo = userinfo;
-		return tokenResult;
-	},
-	async refreshToken({ oauthClient, refreshToken }) {
-		const tokenResult = await postDocusignToken(new URLSearchParams({
-			grant_type: "refresh_token",
-			refresh_token: refreshToken
-		}), basicAuthHeader(oauthClient.clientId, oauthClient.clientSecret));
-		const userinfo = await fetchDocusignUserinfo(tokenResult.accessToken);
-		const account = pickDefaultAccount(userinfo);
-		if (!account) throw new Error("DocuSign userinfo response did not include a resolvable account during refresh.");
-		tokenResult.raw._docusignAccountId = account.accountId;
-		tokenResult.raw._docusignBaseUri = account.baseUri;
-		tokenResult.raw._docusignUserinfo = userinfo;
-		return tokenResult;
-	},
-	extractInstallationInfo({ tokenResult }) {
-		const accountId = typeof tokenResult.raw._docusignAccountId === "string" ? tokenResult.raw._docusignAccountId : void 0;
-		const baseUri = typeof tokenResult.raw._docusignBaseUri === "string" ? tokenResult.raw._docusignBaseUri : void 0;
-		return {
-			externalInstallationId: accountId,
-			externalWorkspaceId: accountId,
-			metadata: accountId && baseUri ? {
-				accountId,
-				baseUri
-			} : void 0
-		};
-	}
-};
-
-//#endregion
-//#region src/integration.ts
-const docusignAuthSchema = z.object({
-	DOCUSIGN_ACCESS_TOKEN: z.string().min(1),
-	DOCUSIGN_ACCOUNT_ID: z.string().min(1),
-	DOCUSIGN_BASE_URI: z.url()
-});
-const docusignOfficialIntegration = {
-	id: "docusign",
-	name: "DocuSign",
-	description: "DocuSign eSignature, templates, bulk-send, Connect webhooks, and account/admin surfaces for Keystroke workflows",
-	auth: docusignAuthSchema,
-	connections: [{
-		id: "oauth",
-		...docusignOAuthConnection
-	}]
-};
-const docusignBundle = defineOfficialIntegration({
-	...docusignOfficialIntegration,
-	internal: {
-		providerApp: docusignAppCredentialSet,
-		other: [docusignConnectCredentialSet, docusignJwtCredentialSet]
-	}
-});
-const docusign = docusignBundle.credentialSet;
-
-//#endregion
-export { fetchDocusignUserinfo as a, docusignJwtCredentialSet as c, createOfficialOperationFactory as d, DOCUSIGN_USERINFO_URL as i, docusignOfficialProviderSeed as l, docusignBundle as n, docusignAppCredentialSet as o, docusignOfficialIntegration as r, docusignConnectCredentialSet as s, docusign as t, parseHmacSecrets as u };

package/dist/integration-CdIRNjCz.d.mts

@@ -1,72 +0,0 @@
-import * as _keystrokehq_core0 from "@keystrokehq/core";
-import { z } from "zod";
-import * as _keystrokehq_core_credential_set0 from "@keystrokehq/core/credential-set";
-import { InferCredentialSetAuth } from "@keystrokehq/core/credential-set";
-
-//#region src/integration.d.ts
-declare const docusignOfficialIntegration: {
-  id: "docusign";
-  name: string;
-  description: string;
-  auth: z.ZodObject<{
-    DOCUSIGN_ACCESS_TOKEN: z.ZodString;
-    DOCUSIGN_ACCOUNT_ID: z.ZodString;
-    DOCUSIGN_BASE_URI: z.ZodURL;
-  }, z.core.$strip>;
-  connections: {
-    kind: "oauth";
-    tokenType: "refreshable";
-    authUrl: "https://account.docusign.com/oauth/auth";
-    tokenUrl: "https://account.docusign.com/oauth/token";
-    revokeUrl: "https://account.docusign.com/oauth/revoke";
-    scopes: readonly ["signature", "extended"];
-    oauth: {
-      readonly id: "official.docusign.oauth";
-    };
-    vault: {
-      readonly accessTokenKey: "DOCUSIGN_ACCESS_TOKEN";
-      readonly build: (tokenResult: _keystrokehq_core_credential_set0.TokenResult) => {
-        DOCUSIGN_BASE_URI?: string | undefined;
-        DOCUSIGN_ACCOUNT_ID?: string | undefined;
-        DOCUSIGN_ACCESS_TOKEN: string;
-      };
-    };
-    exchangeCode: ({
-      oauthClient,
-      code,
-      redirectUri
-    }: _keystrokehq_core_credential_set0.ExchangeCodeContext) => Promise<_keystrokehq_core_credential_set0.TokenResult>;
-    refreshToken: ({
-      oauthClient,
-      refreshToken
-    }: _keystrokehq_core_credential_set0.RefreshTokenContext) => Promise<_keystrokehq_core_credential_set0.TokenResult>;
-    extractInstallationInfo: ({
-      tokenResult
-    }: _keystrokehq_core_credential_set0.ExtractInstallationContext) => {
-      externalInstallationId: string | undefined;
-      externalWorkspaceId: string | undefined;
-      metadata: {
-        accountId: string;
-        baseUri: string;
-      } | undefined;
-    };
-    id: string;
-  }[];
-};
-declare const docusignBundle: undefined<"docusign", z.ZodObject<{
-  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
-  DOCUSIGN_ACCOUNT_ID: z.ZodString;
-  DOCUSIGN_BASE_URI: z.ZodURL;
-}, z.core.$strip>>;
-declare const docusign: _keystrokehq_core0.CredentialSet<"docusign", z.ZodObject<{
-  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
-  DOCUSIGN_ACCOUNT_ID: z.ZodString;
-  DOCUSIGN_BASE_URI: z.ZodURL;
-}, z.core.$strip>, readonly _keystrokehq_core_credential_set0.CredentialConnection<z.ZodObject<{
-  DOCUSIGN_ACCESS_TOKEN: z.ZodString;
-  DOCUSIGN_ACCOUNT_ID: z.ZodString;
-  DOCUSIGN_BASE_URI: z.ZodURL;
-}, z.core.$strip>>[] | undefined>;
-type DocusignCredentials = InferCredentialSetAuth<typeof docusign>;
-//#endregion
-export { docusignOfficialIntegration as i, docusign as n, docusignBundle as r, DocusignCredentials as t };