services

package
v0.25.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 20, 2026 License: MIT Imports: 41 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DeliveryStatePending  = "pending"
	DeliveryStateRetrying = "retrying"
	DeliveryStateFailed   = "failed"
	DeliveryStateReady    = "ready"
	DeliveryStateSent     = "sent"
)
View Source 
const (
	GoogleProviderName = "google"
	// DefaultGoogleCredentialKeyID is the default active key id used for credential encryption.
	DefaultGoogleCredentialKeyID = "v1"

	EnvGoogleCredentialActiveKeyID = "ESIGN_GOOGLE_CREDENTIAL_ACTIVE_KEY_ID"
	EnvGoogleCredentialActiveKey   = "ESIGN_GOOGLE_CREDENTIAL_ACTIVE_KEY"
	EnvGoogleCredentialKeysJSON    = "ESIGN_GOOGLE_CREDENTIAL_KEYS_JSON"
)
View Source 
const (
	GoogleScopeDriveReadonly = "https://www.googleapis.com/auth/drive.readonly"
	GoogleScopeDriveFile     = "https://www.googleapis.com/auth/drive.file"
	GoogleScopeOpenID        = "openid"
	GoogleScopeUserinfoEmail = "https://www.googleapis.com/auth/userinfo.email"
)
View Source 
const (
	GoogleDriveMimeTypeDoc = "application/vnd.google-apps.document"
	GoogleDriveMimeTypePDF = "application/pdf"
)
View Source 
const (
	GoogleIngestionModeExportPDF      = "google_export_pdf"
	GoogleIngestionModeDrivePDFDirect = "drive_pdf_direct"
)
View Source 
const (
	GoogleProviderModeReal          = "real"
	GoogleProviderModeDeterministic = "deterministic"

	EnvGoogleProviderMode       = "ESIGN_GOOGLE_PROVIDER_MODE"
	EnvGoogleClientID           = "ESIGN_GOOGLE_CLIENT_ID"
	EnvGoogleClientSecret       = "ESIGN_GOOGLE_CLIENT_SECRET"
	EnvGoogleOAuthRedirectURI   = "ESIGN_GOOGLE_OAUTH_REDIRECT_URI"
	EnvGoogleTokenEndpoint      = "ESIGN_GOOGLE_TOKEN_ENDPOINT"
	EnvGoogleRevokeEndpoint     = "ESIGN_GOOGLE_REVOKE_ENDPOINT"
	EnvGoogleDriveBaseURL       = "ESIGN_GOOGLE_DRIVE_BASE_URL"
	EnvGoogleUserInfoEndpoint   = "ESIGN_GOOGLE_USERINFO_ENDPOINT"
	EnvGoogleHealthEndpoint     = "ESIGN_GOOGLE_HEALTH_ENDPOINT"
	EnvGoogleHTTPTimeoutSeconds = "ESIGN_GOOGLE_HTTP_TIMEOUT_SECONDS"
)
View Source 
const (
	SignerSessionStateActive    = "active"
	SignerSessionStateWaiting   = "waiting"
	SignerSessionStateBlocked   = "blocked"
	SignerSessionStateCompleted = "completed"
	SignerSessionStateTerminal  = "terminal"
	SignerSessionStateObserver  = "observer"
	SignerSessionStateInvalid   = "invalid"
)
View Source 
const (
	// DefaultDraftTTL defines wizard draft expiry from the last successful write.
	DefaultDraftTTL = 7 * 24 * time.Hour
)
View Source 
const (
	GoogleServicesProviderID = "google_drive"
)

Variables

View Source 
var DefaultGoogleOAuthScopes = []string{
	GoogleScopeDriveReadonly,
	GoogleScopeOpenID,
	GoogleScopeUserinfoEmail,
}

DefaultGoogleOAuthScopes is the least-privilege scope set required by the Google integration backend.

View Source 
var DomainErrorCodes = []coreadmin.DomainErrorCode{
	{
		Code:        string(ErrorCodeTokenExpired),
		Description: "Signing token has expired.",
		Category:    goerrors.CategoryAuthz,
		HTTPStatus:  410,
	},
	{
		Code:        string(ErrorCodeTokenRevoked),
		Description: "Signing token has been revoked.",
		Category:    goerrors.CategoryAuthz,
		HTTPStatus:  410,
	},
	{
		Code:        string(ErrorCodeTokenInvalid),
		Description: "Signing token is invalid.",
		Category:    goerrors.CategoryAuthz,
		HTTPStatus:  401,
	},
	{
		Code:        string(ErrorCodeAssetUnavailable),
		Description: "Requested signer asset is unavailable for this token.",
		Category:    goerrors.CategoryNotFound,
		HTTPStatus:  404,
	},
	{
		Code:        string(ErrorCodeAgreementImmutable),
		Description: "Agreement is immutable after send.",
		Category:    goerrors.CategoryConflict,
		HTTPStatus:  409,
	},
	{
		Code:        string(ErrorCodeMissingRequiredFields),
		Description: "Required fields are missing.",
		Category:    goerrors.CategoryValidation,
		HTTPStatus:  400,
	},
	{
		Code:        string(ErrorCodeInvalidSignerState),
		Description: "Signer action is invalid for the current agreement state.",
		Category:    goerrors.CategoryBadInput,
		HTTPStatus:  409,
	},
	{
		Code:        string(ErrorCodeScopeDenied),
		Description: "Tenant or organization scope access is denied.",
		Category:    goerrors.CategoryAuthz,
		HTTPStatus:  403,
	},
	{
		Code:        string(ErrorCodeRateLimited),
		Description: "Request has been rate limited.",
		Category:    goerrors.CategoryRateLimit,
		HTTPStatus:  429,
	},
	{
		Code:        string(ErrorCodeTransportSecurity),
		Description: "TLS transport is required for this endpoint.",
		Category:    goerrors.CategoryAuthz,
		HTTPStatus:  426,
	},
	{
		Code:        string(ErrorCodeStorageEncryption),
		Description: "Encrypted object storage is required for e-sign artifacts.",
		Category:    goerrors.CategoryBadInput,
		HTTPStatus:  500,
	},
	{
		Code:        string(ErrorCodeGooglePermissionDenied),
		Description: "Google provider denied permission for the requested operation.",
		Category:    goerrors.CategoryAuthz,
		HTTPStatus:  403,
	},
	{
		Code:        string(ErrorCodeGoogleRateLimited),
		Description: "Google provider rate limit exceeded.",
		Category:    goerrors.CategoryRateLimit,
		HTTPStatus:  429,
	},
	{
		Code:        string(ErrorCodeGoogleAccessRevoked),
		Description: "Google integration access was revoked.",
		Category:    goerrors.CategoryAuthz,
		HTTPStatus:  401,
	},
	{
		Code:        string(ErrorCodeGoogleScopeViolation),
		Description: "Google OAuth scopes do not match the least-privilege policy.",
		Category:    goerrors.CategoryValidation,
		HTTPStatus:  400,
	},
	{
		Code:        string(ErrorCodeGoogleUnsupportedType),
		Description: "Google file type is unsupported for import in this workflow.",
		Category:    goerrors.CategoryValidation,
		HTTPStatus:  422,
	},
	{
		Code:        string(ErrorCodeGoogleIntegrationOff),
		Description: "Google integration is disabled by feature flag.",
		Category:    goerrors.CategoryAuthz,
		HTTPStatus:  404,
	},
	{
		Code:        string(ErrorCodeGoogleProviderDegraded),
		Description: "Google provider is degraded or unavailable.",
		Category:    goerrors.CategoryBadInput,
		HTTPStatus:  503,
	},
	{
		Code:        string(ErrorCodeIntegrationMapping),
		Description: "Integration mapping specification is invalid.",
		Category:    goerrors.CategoryValidation,
		HTTPStatus:  400,
	},
	{
		Code:        string(ErrorCodeIntegrationConflict),
		Description: "Integration conflict requires explicit resolution.",
		Category:    goerrors.CategoryConflict,
		HTTPStatus:  409,
	},
	{
		Code:        string(ErrorCodeIntegrationReplay),
		Description: "Integration mutation idempotency replay detected.",
		Category:    goerrors.CategoryConflict,
		HTTPStatus:  409,
	},
}

DomainErrorCodes is the phase-0 e-sign error namespace registration payload.

Functions

func ComposeGoogleScopedUserID 

func ComposeGoogleScopedUserID(userID, accountID string) string

ComposeGoogleScopedUserID composes a stable scoped user key for multi-account Google credentials.

func DeterministicIntegrationMutationKey 

func DeterministicIntegrationMutationKey(parts ...string) string

DeterministicIntegrationMutationKey produces stable idempotency keys for integration mutations.

func GenerateDeterministicPDF 

func GenerateDeterministicPDF(pageCount int) []byte

GenerateDeterministicPDF returns a compact, parser-valid PDF payload used by deterministic paths/tests.

func MapGoogleProviderError 

func MapGoogleProviderError(err error) error

MapGoogleProviderError maps provider-specific errors to typed domain/API-safe errors.

func NewGoogleProviderError 

func NewGoogleProviderError(code GoogleProviderErrorCode, message string, metadata map[string]any) error

NewGoogleProviderError constructs a typed provider error.

func ParseGoogleScopedUserID 

func ParseGoogleScopedUserID(value string) (string, string)

ParseGoogleScopedUserID extracts base user/account ids from a scoped Google user key.

func RedactIntegrationPayload 

func RedactIntegrationPayload(in map[string]any) map[string]any

RedactIntegrationPayload recursively redacts sensitive values in provider payloads.

func RegisterDomainErrorCodes 

func RegisterDomainErrorCodes()

RegisterDomainErrorCodes registers the phase-0 e-sign domain error namespace.

func ResolveGoogleProviderMode 

func ResolveGoogleProviderMode() string

ResolveGoogleProviderMode returns the configured runtime provider mode. Default is "real" so production wiring does not silently fall back to deterministic behavior.

Types

type AESGCMCredentialCipher 

type AESGCMCredentialCipher struct {
	// contains filtered or unexported fields
}

AESGCMCredentialCipher encrypts credential material using AES-GCM.

func NewAESGCMCredentialCipher 

func NewAESGCMCredentialCipher(keyMaterial []byte) AESGCMCredentialCipher

NewAESGCMCredentialCipher creates an AES-GCM cipher using a 32-byte key derived from the input bytes.

func (AESGCMCredentialCipher) Decrypt 

func (c AESGCMCredentialCipher) Decrypt(_ context.Context, ciphertext string) (string, error)

func (AESGCMCredentialCipher) Encrypt 

func (c AESGCMCredentialCipher) Encrypt(_ context.Context, plaintext string) (string, error)

type AgreementDeliveryDetail 

type AgreementDeliveryDetail struct {
	AgreementID          string   `json:"agreement_id"`
	ExecutedStatus       string   `json:"executed_status"`
	CertificateStatus    string   `json:"certificate_status"`
	DistributionStatus   string   `json:"distribution_status"`
	ExecutedObjectKey    string   `json:"executed_object_key,omitempty"`
	CertificateObjectKey string   `json:"certificate_object_key,omitempty"`
	LastError            string   `json:"last_error,omitempty"`
	CorrelationIDs       []string `json:"correlation_ids,omitempty"`
}

type AgreementEmailWorkflow 

type AgreementEmailWorkflow interface {
	OnAgreementSent(ctx context.Context, scope stores.Scope, notification AgreementNotification) error
	OnAgreementResent(ctx context.Context, scope stores.Scope, notification AgreementNotification) error
}

AgreementEmailWorkflow captures post-send and post-resend email dispatch behavior.

type AgreementNotification 

type AgreementNotification struct {
	AgreementID   string
	RecipientID   string
	CorrelationID string
	Type          AgreementNotificationType
	Token         stores.IssuedSigningToken
}

AgreementNotification carries canonical email notification payload context.

type AgreementNotificationType 

type AgreementNotificationType string

AgreementNotificationType defines notification policy kinds emitted by agreement lifecycle transitions. 

const (
	NotificationSigningInvitation AgreementNotificationType = "signing_invitation"
	NotificationSigningReminder   AgreementNotificationType = "signing_reminder"
	NotificationCompletionPackage AgreementNotificationType = "completion_delivery"
)

type AgreementPlacementOrchestrator 

type AgreementPlacementOrchestrator interface {
	Run(ctx context.Context, input placementengine.RunInput) (placementmodels.Run, error)
}

AgreementPlacementOrchestrator abstracts placement orchestration runtime behavior.

type AgreementPlacementPolicyResolver 

type AgreementPlacementPolicyResolver interface {
	Resolve(ctx context.Context, input placementengine.PolicyResolveInput) (placementmodels.Policy, error)
}

AgreementPlacementPolicyResolver resolves effective policy for a placement run.

type AgreementService 

type AgreementService struct {
	// contains filtered or unexported fields
}

AgreementService manages draft agreement lifecycle and recipient/field mutations.

func NewAgreementService 

func NewAgreementService(store stores.Store, opts ...AgreementServiceOption) AgreementService

func (AgreementService) ApplyPlacementRun 

func (s AgreementService) ApplyPlacementRun(ctx context.Context, scope stores.Scope, agreementID, placementRunID string, input ApplyPlacementRunInput) (ApplyPlacementRunResult, error)

ApplyPlacementRun applies selected suggestions/manual overrides to field instances.

func (AgreementService) CompletionDeliveryRecipients 

func (s AgreementService) CompletionDeliveryRecipients(ctx context.Context, scope stores.Scope, agreementID string) ([]stores.RecipientRecord, error)

CompletionDeliveryRecipients returns cc recipients eligible for final artifact delivery after completion.

func (AgreementService) CreateDraft 

func (s AgreementService) CreateDraft(ctx context.Context, scope stores.Scope, input CreateDraftInput) (stores.AgreementRecord, error)

CreateDraft creates a draft agreement scoped to tenant/org.

func (AgreementService) DeleteFieldDefinitionDraft 

func (s AgreementService) DeleteFieldDefinitionDraft(ctx context.Context, scope stores.Scope, agreementID, fieldDefinitionID string) error

DeleteFieldDefinitionDraft deletes a v2 field definition record from a draft agreement.

func (AgreementService) DeleteFieldDraft 

func (s AgreementService) DeleteFieldDraft(ctx context.Context, scope stores.Scope, agreementID, fieldID string) error

DeleteFieldDraft deletes a draft field.

func (AgreementService) DeleteFieldInstanceDraft 

func (s AgreementService) DeleteFieldInstanceDraft(ctx context.Context, scope stores.Scope, agreementID, fieldInstanceID string) error

DeleteFieldInstanceDraft deletes a v2 field placement record from a draft agreement.

func (AgreementService) DeleteParticipantDraft 

func (s AgreementService) DeleteParticipantDraft(ctx context.Context, scope stores.Scope, agreementID, participantID string) error

DeleteParticipantDraft deletes a v2 participant record from a draft agreement.

func (AgreementService) Expire 

func (s AgreementService) Expire(ctx context.Context, scope stores.Scope, agreementID string, input ExpireInput) (stores.AgreementRecord, error)

Expire transitions sent/in-progress agreements to expired and invalidates signer tokens.

func (AgreementService) GetPlacementRun 

func (s AgreementService) GetPlacementRun(ctx context.Context, scope stores.Scope, agreementID, placementRunID string) (stores.PlacementRunRecord, error)

GetPlacementRun returns one persisted placement run.

func (AgreementService) ListFieldDefinitions 

func (s AgreementService) ListFieldDefinitions(ctx context.Context, scope stores.Scope, agreementID string) ([]stores.FieldDefinitionRecord, error)

ListFieldDefinitions returns canonical v2 logical field definitions for a draft agreement.

func (AgreementService) ListFieldInstances 

func (s AgreementService) ListFieldInstances(ctx context.Context, scope stores.Scope, agreementID string) ([]stores.FieldInstanceRecord, error)

ListFieldInstances returns canonical v2 field placements for a draft agreement.

func (AgreementService) ListParticipants 

func (s AgreementService) ListParticipants(ctx context.Context, scope stores.Scope, agreementID string) ([]stores.ParticipantRecord, error)

ListParticipants returns canonical v2 participants for a draft agreement.

func (AgreementService) ListPlacementRuns 

func (s AgreementService) ListPlacementRuns(ctx context.Context, scope stores.Scope, agreementID string) ([]stores.PlacementRunRecord, error)

ListPlacementRuns lists placement runs for a draft agreement.

func (AgreementService) RemoveRecipientDraft 

func (s AgreementService) RemoveRecipientDraft(ctx context.Context, scope stores.Scope, agreementID, recipientID string) error

RemoveRecipientDraft removes a draft recipient and enforces recipient constraints.

func (AgreementService) Resend 

func (s AgreementService) Resend(ctx context.Context, scope stores.Scope, agreementID string, input ResendInput) (ResendResult, error)

Resend applies sequential-recipient guards and issues/rotates signer tokens.

func (AgreementService) ResolveFieldValueForSigner 

func (s AgreementService) ResolveFieldValueForSigner(field stores.FieldRecord, proposedValue string, signedAt time.Time) (string, error)

ResolveFieldValueForSigner enforces system-managed field semantics for signer submissions.

func (AgreementService) RunAutoPlacement 

func (s AgreementService) RunAutoPlacement(ctx context.Context, scope stores.Scope, agreementID string, input AutoPlacementRunInput) (AutoPlacementRunResult, error)

RunAutoPlacement runs resolver orchestration and persists the placement run.

func (AgreementService) Send 

func (s AgreementService) Send(ctx context.Context, scope stores.Scope, agreementID string, input SendInput) (stores.AgreementRecord, error)

Send transitions a draft agreement to sent while honoring idempotency keys.

func (AgreementService) UpdateDraft 

func (s AgreementService) UpdateDraft(ctx context.Context, scope stores.Scope, agreementID string, patch stores.AgreementDraftPatch, expectedVersion int64) (stores.AgreementRecord, error)

UpdateDraft updates mutable draft fields.

func (AgreementService) UpsertFieldDefinitionDraft 

func (s AgreementService) UpsertFieldDefinitionDraft(ctx context.Context, scope stores.Scope, agreementID string, patch stores.FieldDefinitionDraftPatch) (stores.FieldDefinitionRecord, error)

UpsertFieldDefinitionDraft creates or updates a canonical v2 field definition record.

func (AgreementService) UpsertFieldDraft 

func (s AgreementService) UpsertFieldDraft(ctx context.Context, scope stores.Scope, agreementID string, patch stores.FieldDraftPatch) (stores.FieldRecord, error)

UpsertFieldDraft creates or updates draft fields.

func (AgreementService) UpsertFieldInstanceDraft 

func (s AgreementService) UpsertFieldInstanceDraft(ctx context.Context, scope stores.Scope, agreementID string, patch stores.FieldInstanceDraftPatch) (stores.FieldInstanceRecord, error)

UpsertFieldInstanceDraft creates or updates a canonical v2 field placement record.

func (AgreementService) UpsertParticipantDraft 

func (s AgreementService) UpsertParticipantDraft(ctx context.Context, scope stores.Scope, agreementID string, patch stores.ParticipantDraftPatch, expectedVersion int64) (stores.ParticipantRecord, error)

UpsertParticipantDraft creates or updates a v2 participant record.

func (AgreementService) UpsertRecipientDraft 

func (s AgreementService) UpsertRecipientDraft(ctx context.Context, scope stores.Scope, agreementID string, patch stores.RecipientDraftPatch, expectedVersion int64) (stores.RecipientRecord, error)

UpsertRecipientDraft creates or updates a draft recipient and enforces v1 recipient constraints.

func (AgreementService) ValidateBeforeSend 

func (s AgreementService) ValidateBeforeSend(ctx context.Context, scope stores.Scope, agreementID string) (AgreementValidationResult, error)

ValidateBeforeSend runs recipient/field checks before send transitions.

func (AgreementService) Void 

func (s AgreementService) Void(ctx context.Context, scope stores.Scope, agreementID string, input VoidInput) (stores.AgreementRecord, error)

Void transitions sent/in-progress agreements to voided and revokes signer tokens when requested.

type AgreementServiceOption 

type AgreementServiceOption func(*AgreementService)

AgreementServiceOption customizes AgreementService behavior.

func WithAgreementAuditStore 

func WithAgreementAuditStore(audits stores.AuditEventStore) AgreementServiceOption

WithAgreementAuditStore configures append-only audit event persistence.

func WithAgreementClock 

func WithAgreementClock(now func() time.Time) AgreementServiceOption

WithAgreementClock sets the service clock.

func WithAgreementEmailWorkflow 

func WithAgreementEmailWorkflow(workflow AgreementEmailWorkflow) AgreementServiceOption

WithAgreementEmailWorkflow configures email dispatch for send/resend flows.

func WithAgreementPlacementObjectStore 

func WithAgreementPlacementObjectStore(objectStore PlacementDocumentObjectStore) AgreementServiceOption

WithAgreementPlacementObjectStore configures source document retrieval for placement resolvers.

func WithAgreementPlacementOrchestrator 

func WithAgreementPlacementOrchestrator(orchestrator AgreementPlacementOrchestrator) AgreementServiceOption

WithAgreementPlacementOrchestrator sets custom placement orchestration behavior.

func WithAgreementPlacementPolicyResolver 

func WithAgreementPlacementPolicyResolver(resolver AgreementPlacementPolicyResolver) AgreementServiceOption

WithAgreementPlacementPolicyResolver sets a custom policy resolver.

func WithAgreementPlacementRunStore 

func WithAgreementPlacementRunStore(store stores.PlacementRunStore) AgreementServiceOption

WithAgreementPlacementRunStore sets a custom placement run store.

func WithAgreementTokenService 

func WithAgreementTokenService(tokens AgreementTokenService) AgreementServiceOption

WithAgreementTokenService configures token lifecycle operations for send/resend/void flows.

type AgreementTokenService 

type AgreementTokenService interface {
	Issue(ctx context.Context, scope stores.Scope, agreementID, recipientID string) (stores.IssuedSigningToken, error)
	Rotate(ctx context.Context, scope stores.Scope, agreementID, recipientID string) (stores.IssuedSigningToken, error)
	Revoke(ctx context.Context, scope stores.Scope, agreementID, recipientID string) error
}

AgreementTokenService captures signing-token lifecycle operations used by agreement flows.

type AgreementValidationResult 

type AgreementValidationResult struct {
	Valid          bool
	RecipientCount int
	FieldCount     int
	Issues         []ValidationIssue
}

AgreementValidationResult captures pre-send validation output.

type ApplyPlacementRunInput 

type ApplyPlacementRunInput struct {
	UserID          string                `json:"user_id"`
	SuggestionIDs   []string              `json:"suggestion_ids"`
	ManualOverrides []ManuallyPlacedField `json:"manual_overrides"`
}

ApplyPlacementRunInput captures suggestion selection and manual override intent.

type ApplyPlacementRunResult 

type ApplyPlacementRunResult struct {
	Run              stores.PlacementRunRecord    `json:"run"`
	AppliedInstances []stores.FieldInstanceRecord `json:"applied_instances"`
}

ApplyPlacementRunResult captures resulting applied field instances and run metadata.

type ArtifactPipelineOption 

type ArtifactPipelineOption func(*ArtifactPipelineService)

ArtifactPipelineOption customizes artifact pipeline dependencies.

func WithArtifactObjectStore 

func WithArtifactObjectStore(store artifactObjectStore) ArtifactPipelineOption

WithArtifactObjectStore configures immutable artifact blob persistence.

type ArtifactPipelineService 

type ArtifactPipelineService struct {
	// contains filtered or unexported fields
}

ArtifactPipelineService orchestrates render/persist behavior for executed and certificate artifacts.

func NewArtifactPipelineService 

func NewArtifactPipelineService(
	store stores.Store,
	renderer ArtifactRenderer,
	opts ...ArtifactPipelineOption,
) ArtifactPipelineService

func (ArtifactPipelineService) AgreementDeliveryDetail 

func (s ArtifactPipelineService) AgreementDeliveryDetail(ctx context.Context, scope stores.Scope, agreementID string) (AgreementDeliveryDetail, error)

func (ArtifactPipelineService) GenerateCertificateArtifact 

func (s ArtifactPipelineService) GenerateCertificateArtifact(ctx context.Context, scope stores.Scope, agreementID, correlationID string) (stores.AgreementArtifactRecord, error)

func (ArtifactPipelineService) GenerateExecutedArtifact 

func (s ArtifactPipelineService) GenerateExecutedArtifact(ctx context.Context, scope stores.Scope, agreementID, correlationID string) (stores.AgreementArtifactRecord, error)

func (ArtifactPipelineService) RenderPages 

func (s ArtifactPipelineService) RenderPages(ctx context.Context, scope stores.Scope, agreementID, correlationID string) error

RenderPages validates agreement scope and acts as a stable render-pages integration seam.

type ArtifactRenderer 

type ArtifactRenderer interface {
	RenderExecuted(ctx context.Context, input ExecutedRenderInput) (RenderedArtifact, error)
	RenderCertificate(ctx context.Context, input CertificateRenderInput) (RenderedArtifact, error)
}

ArtifactRenderer integrates executed/certificate rendering behind a stable interface.

type AutoPlacementRunInput 

type AutoPlacementRunInput struct {
	UserID         string                   `json:"user_id"`
	PolicyOverride *PlacementPolicyOverride `json:"policy_override"`
	NativeFields   []NativePlacementField   `json:"native_form_fields"`
}

AutoPlacementRunInput captures an auto-placement execution request.

type AutoPlacementRunResult 

type AutoPlacementRunResult struct {
	Run stores.PlacementRunRecord `json:"run"`
}

AutoPlacementRunResult contains persisted run metadata for an auto-placement execution.

type CertificateRenderInput 

type CertificateRenderInput struct {
	Scope          stores.Scope
	Agreement      stores.AgreementRecord
	Recipients     []stores.RecipientRecord
	Events         []stores.AuditEventRecord
	ExecutedSHA256 string
	CorrelationID  string
}

CertificateRenderInput provides source data required to render a certificate artifact.

type CreateDraftInput 

type CreateDraftInput struct {
	DocumentID             string
	Title                  string
	Message                string
	CreatedByUserID        string
	SourceType             string
	SourceGoogleFileID     string
	SourceGoogleDocURL     string
	SourceModifiedTime     *time.Time
	SourceExportedAt       *time.Time
	SourceExportedByUserID string
	SourceMimeType         string
	SourceIngestionMode    string
}

CreateDraftInput captures required agreement draft creation fields.

type CredentialCipher 

type CredentialCipher interface {
	Encrypt(ctx context.Context, plaintext string) (string, error)
	Decrypt(ctx context.Context, ciphertext string) (string, error)
}

CredentialCipher encrypts and decrypts provider credential payloads before storage.

type CredentialKeyVersioner 

type CredentialKeyVersioner interface {
	PrimaryKeyID() string
	CiphertextKeyID(ciphertext string) string
}

CredentialKeyVersioner exposes key-id metadata used for key-rotation decisions.

type DetectConflictInput 

type DetectConflictInput struct {
	RunID          string
	BindingID      string
	Provider       string
	EntityKind     string
	ExternalID     string
	InternalID     string
	Reason         string
	Payload        map[string]any
	IdempotencyKey string
}

DetectConflictInput captures conflict creation payload.

type DeterministicArtifactRenderer 

type DeterministicArtifactRenderer struct{}

DeterministicArtifactRenderer is a stable renderer used for v1 testable behavior.

func NewDeterministicArtifactRenderer 

func NewDeterministicArtifactRenderer() DeterministicArtifactRenderer

func (DeterministicArtifactRenderer) RenderCertificate 

func (r DeterministicArtifactRenderer) RenderCertificate(_ context.Context, input CertificateRenderInput) (RenderedArtifact, error)

func (DeterministicArtifactRenderer) RenderExecuted 

func (r DeterministicArtifactRenderer) RenderExecuted(_ context.Context, input ExecutedRenderInput) (RenderedArtifact, error)

type DeterministicGoogleProvider 

type DeterministicGoogleProvider struct {
	// contains filtered or unexported fields
}

DeterministicGoogleProvider is a no-network test/local provider implementation.

func NewDeterministicGoogleProvider 

func NewDeterministicGoogleProvider() *DeterministicGoogleProvider

NewDeterministicGoogleProvider creates a deterministic provider with optional fixture data.

func (*DeterministicGoogleProvider) BrowseFiles 

func (p *DeterministicGoogleProvider) BrowseFiles(_ context.Context, accessToken, folderID, _ string, pageSize int) (GoogleDriveListResult, error)

func (*DeterministicGoogleProvider) DownloadFilePDF 

func (p *DeterministicGoogleProvider) DownloadFilePDF(_ context.Context, accessToken, fileID string) (GoogleExportSnapshot, error)

func (*DeterministicGoogleProvider) ExchangeCode 

func (p *DeterministicGoogleProvider) ExchangeCode(_ context.Context, authCode, _ string, requestedScopes []string) (GoogleOAuthToken, error)

func (*DeterministicGoogleProvider) ExportFilePDF 

func (p *DeterministicGoogleProvider) ExportFilePDF(_ context.Context, accessToken, fileID string) (GoogleExportSnapshot, error)

func (*DeterministicGoogleProvider) GetFile 

func (p *DeterministicGoogleProvider) GetFile(_ context.Context, accessToken, fileID string) (GoogleDriveFile, error)

func (*DeterministicGoogleProvider) RevokeToken 

func (p *DeterministicGoogleProvider) RevokeToken(_ context.Context, accessToken string) error

func (*DeterministicGoogleProvider) SearchFiles 

func (p *DeterministicGoogleProvider) SearchFiles(_ context.Context, accessToken, query, _ string, pageSize int) (GoogleDriveListResult, error)

type DocumentMetadata 

type DocumentMetadata struct {
	SHA256    string
	SizeBytes int64
	PageCount int
}

DocumentMetadata captures extracted immutable source PDF metadata.

func ExtractPDFMetadata 

func ExtractPDFMetadata(raw []byte) (DocumentMetadata, error)

ExtractPDFMetadata validates bytes as PDF and extracts deterministic metadata.

type DocumentService 

type DocumentService struct {
	// contains filtered or unexported fields
}

DocumentService validates uploaded PDFs, extracts metadata, and persists document records.

func NewDocumentService 

func NewDocumentService(store stores.Store, opts ...DocumentServiceOption) DocumentService

func (DocumentService) Upload 

func (s DocumentService) Upload(ctx context.Context, scope stores.Scope, input DocumentUploadInput) (stores.DocumentRecord, error)

Upload validates source PDF bytes and persists immutable metadata.

type DocumentServiceOption 

type DocumentServiceOption func(*DocumentService)

DocumentServiceOption customizes document service behavior.

func WithDocumentClock 

func WithDocumentClock(now func() time.Time) DocumentServiceOption

WithDocumentClock sets the service clock.

func WithDocumentObjectStore 

func WithDocumentObjectStore(store documentObjectStore) DocumentServiceOption

WithDocumentObjectStore configures immutable PDF blob persistence for document uploads/imports.

type DocumentUploadInput 

type DocumentUploadInput struct {
	ID                     string
	Title                  string
	ObjectKey              string
	PDF                    []byte
	CreatedBy              string
	UploadedAt             time.Time
	SourceType             string
	SourceGoogleFileID     string
	SourceGoogleDocURL     string
	SourceModifiedTime     *time.Time
	SourceExportedAt       *time.Time
	SourceExportedByUserID string
	SourceMimeType         string
	SourceIngestionMode    string
}

DocumentUploadInput contains the minimum source data required to persist a document.

type DraftCreateInput 

type DraftCreateInput struct {
	WizardID        string
	WizardState     map[string]any
	Title           string
	CurrentStep     int
	DocumentID      string
	CreatedByUserID string
}

DraftCreateInput captures draft creation payload.

type DraftListInput 

type DraftListInput struct {
	CreatedByUserID string
	Limit           int
	Cursor          string
}

DraftListInput captures paginated draft list query.

type DraftSendInput 

type DraftSendInput struct {
	ExpectedRevision int64
	CreatedByUserID  string
}

DraftSendInput captures draft-to-agreement send preconditions.

type DraftSendResult 

type DraftSendResult struct {
	AgreementID  string
	Status       string
	DraftID      string
	DraftDeleted bool
}

DraftSendResult captures send conversion output contract.

type DraftService 

type DraftService struct {
	// contains filtered or unexported fields
}

DraftService coordinates six-step wizard draft persistence and send conversion.

func NewDraftService 

func NewDraftService(store stores.Store, opts ...DraftServiceOption) DraftService

NewDraftService builds a draft lifecycle service over the shared e-sign store.

func (DraftService) CleanupExpiredDrafts 

func (s DraftService) CleanupExpiredDrafts(ctx context.Context, before time.Time) (int, error)

CleanupExpiredDrafts removes drafts whose expires_at is before `before`.

func (DraftService) Create 

func (s DraftService) Create(ctx context.Context, scope stores.Scope, input DraftCreateInput) (stores.DraftRecord, bool, error)

Create persists a durable wizard draft with idempotent replay by wizard_id.

func (DraftService) Delete 

func (s DraftService) Delete(ctx context.Context, scope stores.Scope, id, createdByUserID string) error

Delete removes a scoped draft record.

func (DraftService) Get 

func (s DraftService) Get(ctx context.Context, scope stores.Scope, id, createdByUserID string) (stores.DraftRecord, error)

Get resolves a scoped draft detail by id.

func (DraftService) List 

func (s DraftService) List(ctx context.Context, scope stores.Scope, input DraftListInput) ([]stores.DraftRecord, string, int, error)

List returns paginated draft summaries for the requesting actor scope.

func (DraftService) Send 

func (s DraftService) Send(ctx context.Context, scope stores.Scope, id string, input DraftSendInput) (DraftSendResult, error)

Send converts a draft to a sent agreement in a single transaction and deletes the draft on success.

func (DraftService) Update 

func (s DraftService) Update(ctx context.Context, scope stores.Scope, id string, input DraftUpdateInput) (stores.DraftRecord, error)

Update applies revision-aware mutations and refreshes draft TTL.

type DraftServiceOption 

type DraftServiceOption func(*DraftService)

DraftServiceOption customizes draft service behavior.

func WithDraftAgreementService 

func WithDraftAgreementService(agreements AgreementService) DraftServiceOption

WithDraftAgreementService injects agreement lifecycle service used for draft send conversion.

func WithDraftAuditStore 

func WithDraftAuditStore(audits stores.AuditEventStore) DraftServiceOption

WithDraftAuditStore overrides append-only audit sink for draft lifecycle events.

func WithDraftClock 

func WithDraftClock(now func() time.Time) DraftServiceOption

WithDraftClock sets draft service clock.

func WithDraftTTL 

func WithDraftTTL(ttl time.Duration) DraftServiceOption

WithDraftTTL sets draft TTL policy applied on create/update.

type DraftUpdateInput 

type DraftUpdateInput struct {
	ExpectedRevision int64
	WizardState      map[string]any
	Title            string
	CurrentStep      int
	DocumentID       *string
	UpdatedByUserID  string
}

DraftUpdateInput captures revision-aware draft update payload.

type EnvGoogleCredentialKeyProvider 

type EnvGoogleCredentialKeyProvider struct {
	ActiveKeyIDEnv string
	ActiveKeyEnv   string
	KeysJSONEnv    string
}

EnvGoogleCredentialKeyProvider loads key material from environment variables.

func NewEnvGoogleCredentialKeyProvider 

func NewEnvGoogleCredentialKeyProvider() EnvGoogleCredentialKeyProvider

NewEnvGoogleCredentialKeyProvider returns the default env-backed key provider.

func (EnvGoogleCredentialKeyProvider) Resolve 

func (p EnvGoogleCredentialKeyProvider) Resolve(_ context.Context) (GoogleCredentialKeyring, error)

Resolve loads keyring material from env. Required: - ESIGN_GOOGLE_CREDENTIAL_ACTIVE_KEY Optional: - ESIGN_GOOGLE_CREDENTIAL_ACTIVE_KEY_ID (default "v1") - ESIGN_GOOGLE_CREDENTIAL_KEYS_JSON (JSON object: {"v0":"old-key","v-1":"older-key"})

type ErrorCode 

type ErrorCode string

ErrorCode defines typed, API-safe text codes for e-sign domain errors. 

const (
	ErrorCodeTokenExpired           ErrorCode = "TOKEN_EXPIRED"
	ErrorCodeTokenRevoked           ErrorCode = "TOKEN_REVOKED"
	ErrorCodeTokenInvalid           ErrorCode = "TOKEN_INVALID"
	ErrorCodeAssetUnavailable       ErrorCode = "ASSET_UNAVAILABLE"
	ErrorCodeAgreementImmutable     ErrorCode = "AGREEMENT_IMMUTABLE"
	ErrorCodeMissingRequiredFields  ErrorCode = "MISSING_REQUIRED_FIELDS"
	ErrorCodeInvalidSignerState     ErrorCode = "INVALID_SIGNER_STATE"
	ErrorCodeScopeDenied            ErrorCode = "SCOPE_DENIED"
	ErrorCodeRateLimited            ErrorCode = "RATE_LIMITED"
	ErrorCodeTransportSecurity      ErrorCode = "TRANSPORT_SECURITY_REQUIRED"
	ErrorCodeStorageEncryption      ErrorCode = "STORAGE_ENCRYPTION_REQUIRED"
	ErrorCodeGooglePermissionDenied ErrorCode = "GOOGLE_PERMISSION_DENIED"
	ErrorCodeGoogleRateLimited      ErrorCode = "GOOGLE_RATE_LIMITED"
	ErrorCodeGoogleAccessRevoked    ErrorCode = "GOOGLE_ACCESS_REVOKED"
	ErrorCodeGoogleScopeViolation   ErrorCode = "GOOGLE_SCOPE_VIOLATION"
	ErrorCodeGoogleUnsupportedType  ErrorCode = "GOOGLE_UNSUPPORTED_FILE_TYPE"
	ErrorCodeGoogleIntegrationOff   ErrorCode = "GOOGLE_INTEGRATION_DISABLED"
	ErrorCodeGoogleProviderDegraded ErrorCode = "GOOGLE_PROVIDER_DEGRADED"
	ErrorCodeIntegrationMapping     ErrorCode = "INTEGRATION_MAPPING_INVALID"
	ErrorCodeIntegrationConflict    ErrorCode = "INTEGRATION_CONFLICT"
	ErrorCodeIntegrationReplay      ErrorCode = "INTEGRATION_REPLAY"
)

type ExecutedRenderInput 

type ExecutedRenderInput struct {
	Scope         stores.Scope
	Agreement     stores.AgreementRecord
	Recipients    []stores.RecipientRecord
	Fields        []stores.FieldRecord
	FieldValues   []stores.FieldValueRecord
	CorrelationID string
}

ExecutedRenderInput provides source data required to render an executed artifact.

type ExpireInput 

type ExpireInput struct {
	Reason string
}

ExpireInput controls expiry transition metadata.

type GoogleAccountInfo 

type GoogleAccountInfo struct {
	AccountID  string     `json:"account_id"`
	Email      string     `json:"email"`
	Status     string     `json:"status"` // connected, expired, needs_reauth, degraded
	Scopes     []string   `json:"scopes"`
	ExpiresAt  *time.Time `json:"expires_at,omitempty"`
	CreatedAt  time.Time  `json:"created_at"`
	LastUsedAt *time.Time `json:"last_used_at,omitempty"`
	IsDefault  bool       `json:"is_default"`
}

GoogleAccountInfo represents account metadata returned by the list accounts endpoint.

type GoogleAgreementCreator 

type GoogleAgreementCreator interface {
	CreateDraft(ctx context.Context, scope stores.Scope, input CreateDraftInput) (stores.AgreementRecord, error)
}

GoogleAgreementCreator captures draft creation behavior used by Google imports.

type GoogleConnectInput 

type GoogleConnectInput struct {
	UserID      string
	AccountID   string
	AuthCode    string
	RedirectURI string
}

GoogleConnectInput captures OAuth connect inputs.

type GoogleCredentialKeyProvider 

type GoogleCredentialKeyProvider interface {
	Resolve(ctx context.Context) (GoogleCredentialKeyring, error)
}

GoogleCredentialKeyProvider resolves encryption key material for Google credential storage.

type GoogleCredentialKeyring 

type GoogleCredentialKeyring struct {
	ActiveKeyID string
	Keys        map[string][]byte
}

GoogleCredentialKeyring represents a provider-supplied active key and keyring material.

type GoogleDocumentUploader 

type GoogleDocumentUploader interface {
	Upload(ctx context.Context, scope stores.Scope, input DocumentUploadInput) (stores.DocumentRecord, error)
}

GoogleDocumentUploader captures document upload behavior used by Google imports.

type GoogleDriveFile 

type GoogleDriveFile struct {
	ID           string    `json:"id"`
	Name         string    `json:"name"`
	MimeType     string    `json:"mimeType"`
	WebViewURL   string    `json:"webViewLink,omitempty"`
	OwnerEmail   string    `json:"ownerEmail,omitempty"`
	ParentID     string    `json:"parentId,omitempty"`
	ModifiedTime time.Time `json:"modifiedTime"`
}

GoogleDriveFile captures the subset of Drive metadata needed by backend APIs.

type GoogleDriveListResult 

type GoogleDriveListResult struct {
	Files         []GoogleDriveFile
	NextPageToken string
}

GoogleDriveListResult captures search/browse pagination results.

type GoogleDriveQueryInput 

type GoogleDriveQueryInput struct {
	UserID    string
	AccountID string
	Query     string
	FolderID  string
	PageToken string
	PageSize  int
}

GoogleDriveQueryInput captures search/browse query input.

type GoogleExportSnapshot 

type GoogleExportSnapshot struct {
	File GoogleDriveFile
	PDF  []byte
}

GoogleExportSnapshot captures exported PDF bytes plus source metadata.

type GoogleHTTPProvider 

type GoogleHTTPProvider struct {
	// contains filtered or unexported fields
}

func NewGoogleHTTPProvider 

func NewGoogleHTTPProvider(cfg GoogleHTTPProviderConfig) (*GoogleHTTPProvider, error)

func NewGoogleHTTPProviderFromEnv 

func NewGoogleHTTPProviderFromEnv() (*GoogleHTTPProvider, error)

NewGoogleHTTPProviderFromEnv builds the real HTTP-backed provider from env configuration.

func (*GoogleHTTPProvider) BrowseFiles 

func (p *GoogleHTTPProvider) BrowseFiles(ctx context.Context, accessToken, folderID, pageToken string, pageSize int) (GoogleDriveListResult, error)

func (*GoogleHTTPProvider) DownloadFilePDF 

func (p *GoogleHTTPProvider) DownloadFilePDF(ctx context.Context, accessToken, fileID string) (GoogleExportSnapshot, error)

func (*GoogleHTTPProvider) ExchangeCode 

func (p *GoogleHTTPProvider) ExchangeCode(ctx context.Context, authCode, redirectURI string, requestedScopes []string) (GoogleOAuthToken, error)

func (*GoogleHTTPProvider) ExportFilePDF 

func (p *GoogleHTTPProvider) ExportFilePDF(ctx context.Context, accessToken, fileID string) (GoogleExportSnapshot, error)

func (*GoogleHTTPProvider) GetFile 

func (p *GoogleHTTPProvider) GetFile(ctx context.Context, accessToken, fileID string) (GoogleDriveFile, error)

func (*GoogleHTTPProvider) HealthCheck 

func (p *GoogleHTTPProvider) HealthCheck(ctx context.Context) error

func (*GoogleHTTPProvider) ResolveAccountEmail 

func (p *GoogleHTTPProvider) ResolveAccountEmail(ctx context.Context, accessToken string) (string, error)

func (*GoogleHTTPProvider) RevokeToken 

func (p *GoogleHTTPProvider) RevokeToken(ctx context.Context, accessToken string) error

func (*GoogleHTTPProvider) SearchFiles 

func (p *GoogleHTTPProvider) SearchFiles(ctx context.Context, accessToken, query, pageToken string, pageSize int) (GoogleDriveListResult, error)

type GoogleHTTPProviderConfig 

type GoogleHTTPProviderConfig struct {
	ClientID         string
	ClientSecret     string
	TokenEndpoint    string
	RevokeEndpoint   string
	DriveBaseURL     string
	UserInfoEndpoint string
	HealthEndpoint   string
	HTTPClient       *http.Client
}

type GoogleImportInput 

type GoogleImportInput struct {
	UserID          string
	AccountID       string
	GoogleFileID    string
	DocumentTitle   string
	AgreementTitle  string
	CreatedByUserID string
}

GoogleImportInput captures import request inputs.

type GoogleImportResult 

type GoogleImportResult struct {
	Document       stores.DocumentRecord
	Agreement      stores.AgreementRecord
	SourceMimeType string
	IngestionMode  string
}

GoogleImportResult captures imported document/agreement output.

type GoogleIntegrationOption 

type GoogleIntegrationOption func(*GoogleIntegrationService)

GoogleIntegrationOption customizes Google integration service behavior.

func WithGoogleAllowedScopes 

func WithGoogleAllowedScopes(scopes []string) GoogleIntegrationOption

WithGoogleAllowedScopes overrides least-privilege OAuth scopes.

func WithGoogleCipher 

func WithGoogleCipher(cipher CredentialCipher) GoogleIntegrationOption

WithGoogleCipher overrides the credential cipher used for persisted tokens.

func WithGoogleClock 

func WithGoogleClock(now func() time.Time) GoogleIntegrationOption

WithGoogleClock overrides the service clock.

func WithGoogleProviderMode 

func WithGoogleProviderMode(mode string) GoogleIntegrationOption

WithGoogleProviderMode captures the runtime provider mode (real or deterministic) for status diagnostics.

type GoogleIntegrationService 

type GoogleIntegrationService struct {
	// contains filtered or unexported fields
}

GoogleIntegrationService handles OAuth credential lifecycle, Drive search/browse, and import flows.

func NewGoogleIntegrationService 

func NewGoogleIntegrationService(
	credentials stores.IntegrationCredentialStore,
	provider GoogleProvider,
	documents GoogleDocumentUploader,
	agreements GoogleAgreementCreator,
	opts ...GoogleIntegrationOption,
) GoogleIntegrationService

NewGoogleIntegrationService creates a Google integration service with deterministic defaults.

func (GoogleIntegrationService) BrowseFiles 

func (s GoogleIntegrationService) BrowseFiles(ctx context.Context, scope stores.Scope, input GoogleDriveQueryInput) (GoogleDriveListResult, error)

BrowseFiles lists files under a Drive folder via provider using decrypted scoped credentials.

func (GoogleIntegrationService) Connect 

func (s GoogleIntegrationService) Connect(ctx context.Context, scope stores.Scope, input GoogleConnectInput) (GoogleOAuthStatus, error)

Connect exchanges auth code, enforces scope policy, encrypts tokens, and persists credentials.

func (GoogleIntegrationService) Disconnect 

func (s GoogleIntegrationService) Disconnect(ctx context.Context, scope stores.Scope, userID string) error

Disconnect revokes provider access token and removes persisted encrypted credentials.

func (GoogleIntegrationService) ImportDocument 

func (s GoogleIntegrationService) ImportDocument(ctx context.Context, scope stores.Scope, input GoogleImportInput) (result GoogleImportResult, err error)

ImportDocument imports a supported Google source (Docs export snapshot or Drive PDF direct download) and persists source metadata on document/agreement.

func (GoogleIntegrationService) ListAccounts 

func (s GoogleIntegrationService) ListAccounts(ctx context.Context, scope stores.Scope, baseUserID string) ([]GoogleAccountInfo, error)

ListAccounts returns all connected Google accounts for a base user ID.

func (GoogleIntegrationService) ProviderHealth 

func (s GoogleIntegrationService) ProviderHealth(ctx context.Context) GoogleProviderHealthStatus

ProviderHealth reports provider mode and health/degraded state.

func (GoogleIntegrationService) RotateCredentialEncryption 

func (s GoogleIntegrationService) RotateCredentialEncryption(ctx context.Context, scope stores.Scope, userID string) (GoogleOAuthStatus, error)

RotateCredentialEncryption re-encrypts persisted tokens with the currently configured active key.

func (GoogleIntegrationService) SearchFiles 

func (s GoogleIntegrationService) SearchFiles(ctx context.Context, scope stores.Scope, input GoogleDriveQueryInput) (GoogleDriveListResult, error)

SearchFiles searches files via provider using decrypted scoped credentials.

func (GoogleIntegrationService) Status 

func (s GoogleIntegrationService) Status(ctx context.Context, scope stores.Scope, userID string) (GoogleOAuthStatus, error)

Status returns OAuth connection status with scopes/expiry details.

type GoogleOAuthStatus 

type GoogleOAuthStatus struct {
	Provider             string     `json:"provider"`
	ProviderMode         string     `json:"provider_mode"`
	UserID               string     `json:"user_id"`
	AccountID            string     `json:"account_id,omitempty"`
	Connected            bool       `json:"connected"`
	AccountEmail         string     `json:"account_email,omitempty"`
	Scopes               []string   `json:"scopes"`
	ExpiresAt            *time.Time `json:"expires_at,omitempty"`
	IsExpired            bool       `json:"is_expired"`
	IsExpiringSoon       bool       `json:"is_expiring_soon"`
	CanAutoRefresh       bool       `json:"can_auto_refresh"`
	NeedsReauthorization bool       `json:"needs_reauthorization"`
	LeastPrivilege       bool       `json:"least_privilege"`
	Healthy              bool       `json:"healthy"`
	Degraded             bool       `json:"degraded"`
	DegradedReason       string     `json:"degraded_reason,omitempty"`
	HealthCheckedAt      *time.Time `json:"health_checked_at,omitempty"`
}

GoogleOAuthStatus captures connection status details returned by status endpoints.

type GoogleOAuthToken 

type GoogleOAuthToken struct {
	AccessToken  string
	RefreshToken string
	Scopes       []string
	ExpiresAt    time.Time
	AccountEmail string
}

GoogleOAuthToken captures provider OAuth token exchange output.

type GoogleProvider 

type GoogleProvider interface {
	ExchangeCode(ctx context.Context, authCode, redirectURI string, requestedScopes []string) (GoogleOAuthToken, error)
	RevokeToken(ctx context.Context, accessToken string) error
	SearchFiles(ctx context.Context, accessToken, query, pageToken string, pageSize int) (GoogleDriveListResult, error)
	BrowseFiles(ctx context.Context, accessToken, folderID, pageToken string, pageSize int) (GoogleDriveListResult, error)
	GetFile(ctx context.Context, accessToken, fileID string) (GoogleDriveFile, error)
	ExportFilePDF(ctx context.Context, accessToken, fileID string) (GoogleExportSnapshot, error)
	DownloadFilePDF(ctx context.Context, accessToken, fileID string) (GoogleExportSnapshot, error)
}

GoogleProvider captures provider operations used by backend OAuth/search/import flows.

func NewGoogleProviderFromEnv 

func NewGoogleProviderFromEnv() (GoogleProvider, string, error)

NewGoogleProviderFromEnv resolves runtime provider wiring from environment.

type GoogleProviderError 

type GoogleProviderError struct {
	Code     GoogleProviderErrorCode
	Message  string
	Metadata map[string]any
}

GoogleProviderError captures typed provider failures that must map to API-safe error codes.

func (*GoogleProviderError) Error 

func (e *GoogleProviderError) Error() string

type GoogleProviderErrorCode 

type GoogleProviderErrorCode string

GoogleProviderErrorCode captures provider-specific failure classification. 

const (
	GoogleProviderErrorPermissionDenied GoogleProviderErrorCode = "permission_denied"
	GoogleProviderErrorRateLimited      GoogleProviderErrorCode = "rate_limited"
	GoogleProviderErrorAccessRevoked    GoogleProviderErrorCode = "access_revoked"
	GoogleProviderErrorUnavailable      GoogleProviderErrorCode = "provider_unavailable"
)

type GoogleProviderHealthStatus 

type GoogleProviderHealthStatus struct {
	Mode      string
	Healthy   bool
	Reason    string
	CheckedAt *time.Time
}

GoogleProviderHealthStatus captures runtime provider health used for degraded-mode signaling.

type GoogleServicesIntegrationService 

type GoogleServicesIntegrationService struct {
	// contains filtered or unexported fields
}

GoogleServicesIntegrationService bridges the legacy e-sign Google endpoints to the go-admin/services module runtime.

func NewGoogleServicesIntegrationService 

func NewGoogleServicesIntegrationService(
	module *servicesmodule.Module,
	provider GoogleProvider,
	providerMode string,
	documents GoogleDocumentUploader,
	agreements GoogleAgreementCreator,
) GoogleServicesIntegrationService

NewGoogleServicesIntegrationService creates a Google integration facade backed by go-services.

func (GoogleServicesIntegrationService) BrowseFiles 

func (s GoogleServicesIntegrationService) BrowseFiles(ctx context.Context, scope stores.Scope, input GoogleDriveQueryInput) (GoogleDriveListResult, error)

BrowseFiles lists Drive folder files using go-services-backed credentials.

func (GoogleServicesIntegrationService) Connect 

func (s GoogleServicesIntegrationService) Connect(ctx context.Context, scope stores.Scope, input GoogleConnectInput) (GoogleOAuthStatus, error)

Connect exchanges the auth code through the services runtime and stores credentials in go-services tables.

func (GoogleServicesIntegrationService) Disconnect 

func (s GoogleServicesIntegrationService) Disconnect(ctx context.Context, scope stores.Scope, userID string) error

Disconnect revokes Google access (best effort) and marks the services connection as disconnected.

func (GoogleServicesIntegrationService) ImportDocument 

func (s GoogleServicesIntegrationService) ImportDocument(ctx context.Context, scope stores.Scope, input GoogleImportInput) (result GoogleImportResult, err error)

ImportDocument imports a supported Google source (Docs export snapshot or Drive PDF direct download) and persists the imported e-sign entities.

func (GoogleServicesIntegrationService) ListAccounts 

func (s GoogleServicesIntegrationService) ListAccounts(ctx context.Context, scope stores.Scope, baseUserID string) ([]GoogleAccountInfo, error)

func (GoogleServicesIntegrationService) ProviderHealth 

func (s GoogleServicesIntegrationService) ProviderHealth(ctx context.Context) GoogleProviderHealthStatus

ProviderHealth reports provider/runtime health used for degraded-mode signaling.

func (GoogleServicesIntegrationService) RotateCredentialEncryption 

func (s GoogleServicesIntegrationService) RotateCredentialEncryption(ctx context.Context, scope stores.Scope, userID string) (GoogleOAuthStatus, error)

RotateCredentialEncryption is a compatibility no-op under go-services-backed storage.

func (GoogleServicesIntegrationService) SearchFiles 

func (s GoogleServicesIntegrationService) SearchFiles(ctx context.Context, scope stores.Scope, input GoogleDriveQueryInput) (GoogleDriveListResult, error)

SearchFiles searches Drive files using the access token resolved from go-services credentials.

func (GoogleServicesIntegrationService) Status 

func (s GoogleServicesIntegrationService) Status(ctx context.Context, scope stores.Scope, userID string) (GoogleOAuthStatus, error)

Status returns OAuth connection status based on go-services connection and credential rows.

type InboundApplyInput 

type InboundApplyInput struct {
	Provider         string
	EntityKind       string
	ExternalID       string
	AgreementID      string
	MetadataTitle    string
	MetadataMessage  string
	Participants     []InboundParticipantInput
	FieldDefinitions []InboundFieldDefinitionInput
	IdempotencyKey   string
}

InboundApplyInput captures idempotent inbound sync payload.

type InboundApplyResult 

type InboundApplyResult struct {
	AgreementID          string
	ParticipantCount     int
	FieldDefinitionCount int
	Replay               bool
}

InboundApplyResult captures inbound apply summary.

type InboundFieldDefinitionInput 

type InboundFieldDefinitionInput struct {
	FieldDefinitionID     string
	ParticipantID         string
	ParticipantExternalID string
	Type                  string
	Required              bool
	ValidationJSON        string
	PageNumber            int
	X                     float64
	Y                     float64
	Width                 float64
	Height                float64
	TabIndex              int
	Label                 string
	AppearanceJSON        string
}

InboundFieldDefinitionInput captures optional field bootstrap data.

type InboundParticipantInput 

type InboundParticipantInput struct {
	ExternalID   string
	Email        string
	Name         string
	Role         string
	SigningStage int
}

InboundParticipantInput captures provider participant data for apply operations.

type IntegrationFoundationOption 

type IntegrationFoundationOption func(*IntegrationFoundationService)

IntegrationFoundationOption customizes integration foundation service behavior.

func WithIntegrationAuditStore 

func WithIntegrationAuditStore(audits stores.AuditEventStore) IntegrationFoundationOption

WithIntegrationAuditStore sets append-only audit event sink used for integration actions.

func WithIntegrationClock 

func WithIntegrationClock(now func() time.Time) IntegrationFoundationOption

WithIntegrationClock sets custom integration service clock.

type IntegrationFoundationService 

type IntegrationFoundationService struct {
	// contains filtered or unexported fields
}

IntegrationFoundationService orchestrates provider-agnostic integration mapping/sync/conflict flows.

func NewIntegrationFoundationService 

func NewIntegrationFoundationService(store stores.Store, opts ...IntegrationFoundationOption) IntegrationFoundationService

NewIntegrationFoundationService creates a provider-agnostic integration foundation service.

func (IntegrationFoundationService) ApplyInbound 

func (s IntegrationFoundationService) ApplyInbound(ctx context.Context, scope stores.Scope, input InboundApplyInput) (InboundApplyResult, error)

ApplyInbound ingests provider-agnostic normalized payload and applies idempotent domain updates.

func (IntegrationFoundationService) CompleteSyncRun 

func (s IntegrationFoundationService) CompleteSyncRun(ctx context.Context, scope stores.Scope, runID, idempotencyKey string) (stores.IntegrationSyncRunRecord, bool, error)

CompleteSyncRun marks run as completed with idempotent replay behavior.

func (IntegrationFoundationService) DetectConflict 

func (s IntegrationFoundationService) DetectConflict(ctx context.Context, scope stores.Scope, input DetectConflictInput) (stores.IntegrationConflictRecord, bool, error)

DetectConflict creates a pending conflict with idempotent replay semantics.

func (IntegrationFoundationService) EmitOutboundChange 

func (s IntegrationFoundationService) EmitOutboundChange(ctx context.Context, scope stores.Scope, input OutboundChangeInput) (stores.IntegrationChangeEventRecord, bool, error)

EmitOutboundChange emits normalized provider-agnostic change events.

func (IntegrationFoundationService) FailSyncRun 

func (s IntegrationFoundationService) FailSyncRun(ctx context.Context, scope stores.Scope, runID, lastError, idempotencyKey string) (stores.IntegrationSyncRunRecord, bool, error)

FailSyncRun marks run as failed with idempotent replay behavior.

func (IntegrationFoundationService) GetConflict 

func (s IntegrationFoundationService) GetConflict(ctx context.Context, scope stores.Scope, conflictID string) (stores.IntegrationConflictRecord, error)

GetConflict returns conflict detail.

func (IntegrationFoundationService) GetMappingSpec 

func (s IntegrationFoundationService) GetMappingSpec(ctx context.Context, scope stores.Scope, id string) (stores.MappingSpecRecord, error)

GetMappingSpec returns a single mapping spec.

func (IntegrationFoundationService) GetSyncRun 

func (s IntegrationFoundationService) GetSyncRun(ctx context.Context, scope stores.Scope, runID string) (stores.IntegrationSyncRunRecord, error)

GetSyncRun returns a specific sync run.

func (IntegrationFoundationService) ListConflicts 

func (s IntegrationFoundationService) ListConflicts(ctx context.Context, scope stores.Scope, runID, status string) ([]stores.IntegrationConflictRecord, error)

ListConflicts lists integration conflicts by run/status filters.

func (IntegrationFoundationService) ListMappingSpecs 

func (s IntegrationFoundationService) ListMappingSpecs(ctx context.Context, scope stores.Scope, provider string) ([]stores.MappingSpecRecord, error)

ListMappingSpecs returns provider-scoped mapping specs.

func (IntegrationFoundationService) ListSyncRuns 

func (s IntegrationFoundationService) ListSyncRuns(ctx context.Context, scope stores.Scope, provider string) ([]stores.IntegrationSyncRunRecord, error)

ListSyncRuns returns sync run history.

func (IntegrationFoundationService) PublishMappingSpec 

func (s IntegrationFoundationService) PublishMappingSpec(ctx context.Context, scope stores.Scope, id string, expectedVersion int64) (stores.MappingSpecRecord, error)

PublishMappingSpec marks a mapping spec as published.

func (IntegrationFoundationService) ResolveConflict 

func (s IntegrationFoundationService) ResolveConflict(ctx context.Context, scope stores.Scope, input ResolveConflictInput) (stores.IntegrationConflictRecord, bool, error)

ResolveConflict resolves or ignores an integration conflict with idempotent behavior.

func (IntegrationFoundationService) ResumeSyncRun 

func (s IntegrationFoundationService) ResumeSyncRun(ctx context.Context, scope stores.Scope, runID, idempotencyKey string) (stores.IntegrationSyncRunRecord, bool, error)

ResumeSyncRun restarts a failed run in a retry-safe way.

func (IntegrationFoundationService) SaveCheckpoint 

func (s IntegrationFoundationService) SaveCheckpoint(ctx context.Context, scope stores.Scope, input SaveCheckpointInput) (stores.IntegrationCheckpointRecord, error)

SaveCheckpoint upserts a run checkpoint and advances run cursor.

func (IntegrationFoundationService) StartSyncRun 

func (s IntegrationFoundationService) StartSyncRun(ctx context.Context, scope stores.Scope, input StartSyncRunInput) (stores.IntegrationSyncRunRecord, bool, error)

StartSyncRun starts a sync run with deterministic idempotency semantics.

func (IntegrationFoundationService) SyncRunDiagnostics 

func (s IntegrationFoundationService) SyncRunDiagnostics(ctx context.Context, scope stores.Scope, runID string) (SyncRunDiagnostics, error)

SyncRunDiagnostics returns run + checkpoints + conflict diagnostics.

func (IntegrationFoundationService) ValidateAndCompileMapping 

func (s IntegrationFoundationService) ValidateAndCompileMapping(ctx context.Context, scope stores.Scope, input MappingCompileInput) (MappingCompileResult, error)

ValidateAndCompileMapping validates and persists a canonical compiled mapping spec.

type KeyringCredentialCipher 

type KeyringCredentialCipher struct {
	// contains filtered or unexported fields
}

KeyringCredentialCipher encrypts credential material with a key id prefix and supports decrypt fallback.

func NewGoogleCredentialCipher 

func NewGoogleCredentialCipher(ctx context.Context, provider GoogleCredentialKeyProvider) (KeyringCredentialCipher, error)

NewGoogleCredentialCipher resolves key material from provider and constructs a keyring cipher.

func NewKeyringCredentialCipher 

func NewKeyringCredentialCipher(primaryKeyID string, keyMaterialByID map[string][]byte) KeyringCredentialCipher

NewKeyringCredentialCipher creates a keyring cipher with an active key id and id->key material map.

func (KeyringCredentialCipher) CiphertextKeyID 

func (c KeyringCredentialCipher) CiphertextKeyID(ciphertext string) string

CiphertextKeyID returns the key id prefix when ciphertext is versioned.

func (KeyringCredentialCipher) Decrypt 

func (c KeyringCredentialCipher) Decrypt(ctx context.Context, ciphertext string) (string, error)

func (KeyringCredentialCipher) Encrypt 

func (c KeyringCredentialCipher) Encrypt(ctx context.Context, plaintext string) (string, error)

func (KeyringCredentialCipher) PrimaryKeyID 

func (c KeyringCredentialCipher) PrimaryKeyID() string

PrimaryKeyID returns the active key id used for encrypt operations.

type ManuallyPlacedField 

type ManuallyPlacedField struct {
	FieldInstanceID   string  `json:"field_instance_id"`
	FieldDefinitionID string  `json:"field_definition_id"`
	PageNumber        int     `json:"page_number"`
	X                 float64 `json:"x"`
	Y                 float64 `json:"y"`
	Width             float64 `json:"width"`
	Height            float64 `json:"height"`
	TabIndex          *int    `json:"tab_index"`
	Label             string  `json:"label"`
}

ManuallyPlacedField captures operator overrides applied to placement results.

type MappingCompileInput 

type MappingCompileInput struct {
	ID              string
	Provider        string
	Name            string
	Version         int64
	Status          string
	CreatedByUserID string
	UpdatedByUserID string
	ExternalSchema  stores.ExternalSchema
	Rules           []stores.MappingRule
}

MappingCompileInput captures a mapping spec validation/compile request payload.

type MappingCompileResult 

type MappingCompileResult struct {
	Spec          stores.MappingSpecRecord
	CanonicalJSON string
	Hash          string
	Warnings      []string
}

MappingCompileResult returns persisted mapping contract + canonical compile output.

type NativePlacementField 

type NativePlacementField struct {
	Name          string  `json:"name"`
	FieldTypeHint string  `json:"field_type_hint"`
	PageNumber    int     `json:"page_number"`
	X             float64 `json:"x"`
	Y             float64 `json:"y"`
	Width         float64 `json:"width"`
	Height        float64 `json:"height"`
}

NativePlacementField captures optional pre-extracted native form field metadata.

type OutboundChangeInput 

type OutboundChangeInput struct {
	Provider       string
	AgreementID    string
	EventType      string
	SourceEventID  string
	Payload        map[string]any
	IdempotencyKey string
}

OutboundChangeInput captures a normalized outbound change event payload.

type PlacementDocumentObjectStore 

type PlacementDocumentObjectStore interface {
	GetFile(ctx context.Context, path string) ([]byte, error)
}

PlacementDocumentObjectStore reads source document bytes by object key.

type PlacementPolicyOverride 

type PlacementPolicyOverride struct {
	EnabledResolvers []string `json:"enabled_resolvers"`
	HardOrder        []string `json:"hard_order"`
	Weights          struct {
		Accuracy float64 `json:"accuracy"`
		Cost     float64 `json:"cost"`
		Latency  float64 `json:"latency"`
	} `json:"weights"`
	MaxBudget float64 `json:"max_budget"`
	MaxTimeMS int64   `json:"max_time_ms"`
}

PlacementPolicyOverride captures per-run policy overrides.

type ReadableArtifactRenderer 

type ReadableArtifactRenderer struct {
	// contains filtered or unexported fields
}

ReadableArtifactRenderer renders user-facing executed/certificate PDFs from agreement data. It preserves source pages for executed output and overlays completed field values/signatures.

func NewReadableArtifactRenderer 

func NewReadableArtifactRenderer(
	documents stores.DocumentStore,
	signatures stores.SignatureArtifactStore,
	objects artifactObjectStore,
	opts ...ReadableArtifactRendererOption,
) ReadableArtifactRenderer

NewReadableArtifactRenderer builds the runtime renderer used for signer-visible artifacts.

func (ReadableArtifactRenderer) RenderCertificate 

func (r ReadableArtifactRenderer) RenderCertificate(_ context.Context, input CertificateRenderInput) (RenderedArtifact, error)

func (ReadableArtifactRenderer) RenderExecuted 

func (r ReadableArtifactRenderer) RenderExecuted(ctx context.Context, input ExecutedRenderInput) (RenderedArtifact, error)

type ReadableArtifactRendererOption 

type ReadableArtifactRendererOption func(*ReadableArtifactRenderer)

ReadableArtifactRendererOption customizes renderer behavior.

func WithReadableArtifactRendererClock 

func WithReadableArtifactRendererClock(now func() time.Time) ReadableArtifactRendererOption

WithReadableArtifactRendererClock overrides renderer clock (primarily for tests).

type RenderedArtifact 

type RenderedArtifact struct {
	ObjectKey string
	SHA256    string
	Payload   []byte
}

RenderedArtifact captures deterministic rendered artifact metadata.

type ResendInput 

type ResendInput struct {
	RecipientID           string
	RotateToken           bool
	InvalidateExisting    bool
	AllowOutOfOrderResend bool
	IdempotencyKey        string
}

ResendInput controls resend behavior and token lifecycle options.

type ResendResult 

type ResendResult struct {
	Agreement       stores.AgreementRecord
	Recipient       stores.RecipientRecord
	ActiveRecipient stores.RecipientRecord
	Token           stores.IssuedSigningToken
}

ResendResult returns resend decision context and newly issued token.

type ResolveConflictInput 

type ResolveConflictInput struct {
	ConflictID       string
	Status           string
	Resolution       map[string]any
	ResolvedByUserID string
	IdempotencyKey   string
}

ResolveConflictInput captures conflict resolution payload.

type SaveCheckpointInput 

type SaveCheckpointInput struct {
	RunID         string
	CheckpointKey string
	Cursor        string
	Payload       map[string]any
}

SaveCheckpointInput captures checkpoint persistence payload.

type SendInput 

type SendInput struct {
	IdempotencyKey string
}

SendInput controls send transition behavior.

type SignerAssetContract 

type SignerAssetContract struct {
	AgreementID               string `json:"agreement_id"`
	AgreementStatus           string `json:"agreement_status"`
	RecipientID               string `json:"recipient_id"`
	RecipientRole             string `json:"recipient_role"`
	SourceDocumentAvailable   bool   `json:"source_document_available"`
	ExecutedArtifactAvailable bool   `json:"executed_artifact_available"`
	CertificateAvailable      bool   `json:"certificate_available"`
	SourceObjectKey           string `json:"-"`
	ExecutedObjectKey         string `json:"-"`
	CertificateObjectKey      string `json:"-"`
}

SignerAssetContract summarizes token-scoped document/artifact availability without exposing storage keys.

type SignerAssetContractOption 

type SignerAssetContractOption func(*SignerAssetContractService)

SignerAssetContractOption customizes signer asset contract resolution.

func WithSignerAssetObjectStore 

func WithSignerAssetObjectStore(store signerAssetObjectStore) SignerAssetContractOption

WithSignerAssetObjectStore enables availability checks against persisted object storage.

type SignerAssetContractService 

type SignerAssetContractService struct {
	// contains filtered or unexported fields
}

SignerAssetContractService resolves token-scoped signer/completion asset contract metadata.

func NewSignerAssetContractService 

func NewSignerAssetContractService(store stores.Store, opts ...SignerAssetContractOption) SignerAssetContractService

func (SignerAssetContractService) Resolve 

func (s SignerAssetContractService) Resolve(ctx context.Context, scope stores.Scope, token stores.SigningTokenRecord) (SignerAssetContract, error)

type SignerConsentInput 

type SignerConsentInput struct {
	Accepted  bool   `json:"accepted"`
	IPAddress string `json:"-"`
	UserAgent string `json:"-"`
}

SignerConsentInput captures signer consent payload.

type SignerConsentResult 

type SignerConsentResult struct {
	AcceptedAt time.Time `json:"accepted_at"`
}

SignerConsentResult returns consent capture details.

type SignerDeclineInput 

type SignerDeclineInput struct {
	Reason    string `json:"reason"`
	IPAddress string `json:"-"`
	UserAgent string `json:"-"`
}

SignerDeclineInput captures decline request metadata.

type SignerDeclineResult 

type SignerDeclineResult struct {
	Agreement stores.AgreementRecord `json:"agreement"`
	Recipient stores.RecipientRecord `json:"recipient"`
}

SignerDeclineResult captures decline transition results.

type SignerFieldValueInput 

type SignerFieldValueInput struct {
	FieldID           string `json:"field_id,omitempty"`
	FieldInstanceID   string `json:"field_instance_id,omitempty"`
	FieldDefinitionID string `json:"field_definition_id,omitempty"`
	ValueText         string `json:"value_text,omitempty"`
	ValueBool         *bool  `json:"value_bool,omitempty"`
	ExpectedVersion   int64  `json:"expected_version,omitempty"`
	IPAddress         string `json:"-"`
	UserAgent         string `json:"-"`
}

SignerFieldValueInput captures signer field value upserts.

type SignerSessionContext 

type SignerSessionContext struct {
	AgreementID            string                     `json:"agreement_id"`
	AgreementStatus        string                     `json:"agreement_status"`
	DocumentName           string                     `json:"document_name"`
	PageCount              int                        `json:"page_count"`
	Viewer                 SignerSessionViewerContext `json:"viewer"`
	RecipientID            string                     `json:"recipient_id"`
	RecipientRole          string                     `json:"recipient_role"`
	RecipientEmail         string                     `json:"recipient_email"`
	RecipientName          string                     `json:"recipient_name"`
	RecipientOrder         int                        `json:"recipient_order"`
	RecipientStage         int                        `json:"recipient_stage,omitempty"`
	ActiveStage            int                        `json:"active_stage,omitempty"`
	State                  string                     `json:"state"`
	ActiveRecipientID      string                     `json:"active_recipient_id,omitempty"`
	ActiveRecipientIDs     []string                   `json:"active_recipient_ids,omitempty"`
	WaitingForRecipient    string                     `json:"waiting_for_recipient_id,omitempty"`
	WaitingForRecipientIDs []string                   `json:"waiting_for_recipient_ids,omitempty"`
	Fields                 []SignerSessionField       `json:"fields"`
}

SignerSessionContext returns agreement and signer-scoped context for the signer API.

type SignerSessionField 

type SignerSessionField struct {
	ID                string  `json:"id"`
	FieldInstanceID   string  `json:"field_instance_id"`
	FieldDefinitionID string  `json:"field_definition_id"`
	RecipientID       string  `json:"recipient_id"`
	Type              string  `json:"type"`
	Page              int     `json:"page"`
	PosX              float64 `json:"pos_x"`
	PosY              float64 `json:"pos_y"`
	Width             float64 `json:"width"`
	Height            float64 `json:"height"`
	PageWidth         float64 `json:"page_width,omitempty"`
	PageHeight        float64 `json:"page_height,omitempty"`
	PageRotation      int     `json:"page_rotation"`
	Required          bool    `json:"required"`
	Label             string  `json:"label,omitempty"`
	TabIndex          int     `json:"tab_index,omitempty"`
	ValueText         string  `json:"value_text,omitempty"`
	ValueBool         *bool   `json:"value_bool,omitempty"`
}

SignerSessionField captures signer-visible field context and current value snapshot.

type SignerSessionViewerContext 

type SignerSessionViewerContext struct {
	CoordinateSpace string                    `json:"coordinate_space"`
	ContractVersion string                    `json:"contract_version,omitempty"`
	Unit            string                    `json:"unit,omitempty"`
	Origin          string                    `json:"origin,omitempty"`
	YAxisDirection  string                    `json:"y_axis_direction,omitempty"`
	Pages           []SignerSessionViewerPage `json:"pages,omitempty"`
}

SignerSessionViewerContext carries viewer bootstrap metadata used by unified signer UI.

type SignerSessionViewerPage 

type SignerSessionViewerPage struct {
	Page     int     `json:"page"`
	Width    float64 `json:"width"`
	Height   float64 `json:"height"`
	Rotation int     `json:"rotation"`
}

SignerSessionViewerPage describes canonical page-space metadata for overlay normalization.

type SignerSignatureInput 

type SignerSignatureInput struct {
	FieldID           string `json:"field_id,omitempty"`
	FieldInstanceID   string `json:"field_instance_id,omitempty"`
	FieldDefinitionID string `json:"field_definition_id,omitempty"`
	Type              string `json:"type"`
	ObjectKey         string `json:"object_key"`
	SHA256            string `json:"sha256"`
	UploadToken       string `json:"upload_token,omitempty"`
	ValueText         string `json:"value_text,omitempty"`
	ExpectedVersion   int64  `json:"expected_version,omitempty"`
	IPAddress         string `json:"-"`
	UserAgent         string `json:"-"`
}

SignerSignatureInput captures create+attach signature artifact payload.

type SignerSignatureResult 

type SignerSignatureResult struct {
	Artifact   stores.SignatureArtifactRecord `json:"artifact"`
	FieldValue stores.FieldValueRecord        `json:"field_value"`
}

SignerSignatureResult returns created artifact and attached field-value record.

type SignerSignatureUploadCommitInput 

type SignerSignatureUploadCommitInput struct {
	UploadToken string `json:"upload_token"`
	ObjectKey   string `json:"object_key"`
	SHA256      string `json:"sha256"`
	ContentType string `json:"content_type"`
	SizeBytes   int64  `json:"size_bytes"`
	Payload     []byte `json:"-"`
	IPAddress   string `json:"-"`
	UserAgent   string `json:"-"`
}

SignerSignatureUploadCommitInput captures upload confirmation metadata for drawn signatures.

type SignerSignatureUploadCommitResult 

type SignerSignatureUploadCommitResult struct {
	ObjectKey   string    `json:"object_key"`
	SHA256      string    `json:"sha256"`
	ContentType string    `json:"content_type"`
	SizeBytes   int64     `json:"size_bytes"`
	CommittedAt time.Time `json:"committed_at"`
}

SignerSignatureUploadCommitResult returns persisted upload receipt metadata used by attach verification.

type SignerSignatureUploadContract 

type SignerSignatureUploadContract struct {
	UploadToken string         `json:"upload_token"`
	UploadURL   string         `json:"upload_url"`
	Method      string         `json:"method"`
	Headers     map[string]any `json:"headers,omitempty"`
	ObjectKey   string         `json:"object_key"`
	SHA256      string         `json:"sha256"`
	ContentType string         `json:"content_type"`
	SizeBytes   int64          `json:"size_bytes,omitempty"`
	ExpiresAt   time.Time      `json:"expires_at"`
}

SignerSignatureUploadContract returns signer-scoped temporary upload contract metadata.

type SignerSignatureUploadInput 

type SignerSignatureUploadInput struct {
	FieldID           string `json:"field_id,omitempty"`
	FieldInstanceID   string `json:"field_instance_id,omitempty"`
	FieldDefinitionID string `json:"field_definition_id,omitempty"`
	SHA256            string `json:"sha256"`
	ContentType       string `json:"content_type,omitempty"`
	SizeBytes         int64  `json:"size_bytes,omitempty"`
	IPAddress         string `json:"-"`
	UserAgent         string `json:"-"`
}

SignerSignatureUploadInput captures signed upload bootstrap request payload.

type SignerSubmitInput 

type SignerSubmitInput struct {
	IdempotencyKey string `json:"idempotency_key"`
	IPAddress      string `json:"-"`
	UserAgent      string `json:"-"`
}

SignerSubmitInput captures submit/finalize request metadata.

type SignerSubmitResult 

type SignerSubmitResult struct {
	Agreement        stores.AgreementRecord `json:"agreement"`
	Recipient        stores.RecipientRecord `json:"recipient"`
	NextRecipientID  string                 `json:"next_recipient_id,omitempty"`
	NextRecipientIDs []string               `json:"next_recipient_ids,omitempty"`
	NextStage        int                    `json:"next_stage,omitempty"`
	Completed        bool                   `json:"completed"`
	Replay           bool                   `json:"replay,omitempty"`
}

SignerSubmitResult captures submit transition result data.

type SigningCompletionWorkflow 

type SigningCompletionWorkflow interface {
	RunCompletionWorkflow(ctx context.Context, scope stores.Scope, agreementID, correlationID string) error
}

SigningCompletionWorkflow handles post-submit completion workflows (artifacts/certificate/distribution).

type SigningService 

type SigningService struct {
	// contains filtered or unexported fields
}

SigningService exposes signer-session and signing flow behavior.

func NewSigningService 

func NewSigningService(store stores.Store, opts ...SigningServiceOption) SigningService

func (SigningService) AttachSignatureArtifact 

func (s SigningService) AttachSignatureArtifact(ctx context.Context, scope stores.Scope, token stores.SigningTokenRecord, input SignerSignatureInput) (SignerSignatureResult, error)

AttachSignatureArtifact creates a typed/drawn signature artifact and attaches it to a signature field value.

func (SigningService) CaptureConsent 

func (s SigningService) CaptureConsent(ctx context.Context, scope stores.Scope, token stores.SigningTokenRecord, input SignerConsentInput) (SignerConsentResult, error)

CaptureConsent stores consent acceptance for the active signer in a sequential flow.

func (SigningService) ConfirmSignatureUpload 

func (s SigningService) ConfirmSignatureUpload(ctx context.Context, scope stores.Scope, input SignerSignatureUploadCommitInput) (SignerSignatureUploadCommitResult, error)

ConfirmSignatureUpload records upload receipt metadata and enforces grant-bound digest/object constraints.

func (SigningService) Decline 

func (s SigningService) Decline(ctx context.Context, scope stores.Scope, token stores.SigningTokenRecord, input SignerDeclineInput) (SignerDeclineResult, error)

Decline records signer decline reason and transitions agreement to terminal declined state.

func (SigningService) GetSession 

func (s SigningService) GetSession(ctx context.Context, scope stores.Scope, token stores.SigningTokenRecord) (SignerSessionContext, error)

GetSession returns signer-scoped agreement/field context with sequential waiting-state semantics.

func (SigningService) IssueSignatureUpload 

func (s SigningService) IssueSignatureUpload(ctx context.Context, scope stores.Scope, token stores.SigningTokenRecord, input SignerSignatureUploadInput) (SignerSignatureUploadContract, error)

IssueSignatureUpload creates a short-lived signer-scoped upload contract for drawn signatures.

func (SigningService) Submit 

func (s SigningService) Submit(ctx context.Context, scope stores.Scope, token stores.SigningTokenRecord, input SignerSubmitInput) (SignerSubmitResult, error)

Submit finalizes signer participation with idempotency and CAS-protected transitions.

func (SigningService) UpsertFieldValue 

func (s SigningService) UpsertFieldValue(ctx context.Context, scope stores.Scope, token stores.SigningTokenRecord, input SignerFieldValueInput) (stores.FieldValueRecord, error)

UpsertFieldValue validates signer ownership and required-field semantics for field value writes.

type SigningServiceOption 

type SigningServiceOption func(*SigningService)

SigningServiceOption customizes SigningService.

func WithSignatureArtifactStore 

func WithSignatureArtifactStore(store stores.SignatureArtifactStore) SigningServiceOption

WithSignatureArtifactStore overrides signature artifact persistence behavior.

func WithSignatureUploadConfig 

func WithSignatureUploadConfig(ttl time.Duration, secret string) SigningServiceOption

WithSignatureUploadConfig overrides signature upload bootstrap signing policy.

func WithSignatureUploadURL 

func WithSignatureUploadURL(urlPath string) SigningServiceOption

WithSignatureUploadURL configures the upload endpoint returned by bootstrap contracts.

func WithSigningAuditStore 

func WithSigningAuditStore(store stores.AuditEventStore) SigningServiceOption

WithSigningAuditStore configures signer audit event persistence.

func WithSigningClock 

func WithSigningClock(now func() time.Time) SigningServiceOption

WithSigningClock overrides the service clock.

func WithSigningCompletionWorkflow 

func WithSigningCompletionWorkflow(workflow SigningCompletionWorkflow) SigningServiceOption

WithSigningCompletionWorkflow configures post-completion artifact/distribution workflow execution.

func WithSigningDocumentStore 

func WithSigningDocumentStore(store stores.DocumentStore) SigningServiceOption

WithSigningDocumentStore configures document metadata lookups for signer bootstrap payloads.

func WithSigningObjectStore 

func WithSigningObjectStore(store signingObjectStore) SigningServiceOption

WithSigningObjectStore configures object storage persistence for signer uploads/assets.

type StartSyncRunInput 

type StartSyncRunInput struct {
	Provider        string
	Direction       string
	MappingSpecID   string
	Cursor          string
	CreatedByUserID string
	IdempotencyKey  string
}

StartSyncRunInput captures a sync run initialization request.

type SyncRunDiagnostics 

type SyncRunDiagnostics struct {
	Run         stores.IntegrationSyncRunRecord
	Checkpoints []stores.IntegrationCheckpointRecord
	Conflicts   []stores.IntegrationConflictRecord
}

SyncRunDiagnostics returns run/checkpoint/conflict diagnostics payload.

type ValidationIssue 

type ValidationIssue struct {
	Code    string
	Field   string
	Message string
}

ValidationIssue represents a pre-send validation failure.

type VoidInput 

type VoidInput struct {
	Reason       string
	RevokeTokens bool
}

VoidInput controls void transition behavior.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.