Complete Documenso integration skill pack with 24 skills covering document signing, templates, workflows, and e-signature automation. Flagship tier vendor pack.

24 Skills

MIT License

Free Pricing

Installation

Open Claude Code and run this command:

/plugin install documenso-pack@claude-code-plugins-plus

Use --global to install for all projects, or --project for current project only.

What It Does

> Claude Code skill pack for Documenso integration — open-source document signing (24 skills)

Skills (24)

documenso-ci-integration SKILL.md View full skill →

'Configure CI/CD pipelines for Documenso integrations.

ReadWriteEdit

Documenso CI Integration

Overview

Configure CI/CD pipelines for Documenso integrations with GitHub Actions. Covers unit testing with mocks, integration testing against staging, and deployment workflows with secret management.

Prerequisites

GitHub repository with Actions enabled
Documenso staging API key
Test environment configured (see documenso-local-dev-loop)

Instructions

Step 1: GitHub Actions Workflow


# .github/workflows/documenso-ci.yml
name: Documenso CI

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

env:
  NODE_ENV: test

jobs:
  unit-tests:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'
      - run: npm ci
      - run: npm test
        # Unit tests use mocks — no API key needed

  integration-tests:
    runs-on: ubuntu-latest
    if: github.event_name == 'push'  # Only on push to main/develop
    needs: unit-tests
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'
      - run: npm ci
      - run: npm run test:integration
        env:
          DOCUMENSO_API_KEY: ${{ secrets.DOCUMENSO_STAGING_API_KEY }}
      - run: npm run test:cleanup  # Remove test documents
        env:
          DOCUMENSO_API_KEY: ${{ secrets.DOCUMENSO_STAGING_API_KEY }}
        if: always()

Step 2: Unit Tests with Mocked SDK


// tests/unit/document-service.test.ts
import { describe, it, expect, vi, beforeEach } from "vitest";
import { createMockClient } from "../mocks/documenso";
import { DocumentService } from "../../src/services/document-service";

describe("DocumentService", () => {
  let service: DocumentService;
  let mockClient: ReturnType<typeof createMockClient>;

  beforeEach(() => {
    mockClient = createMockClient();
    service = new DocumentService(mockClient as any);
  });

  it("creates document with recipients and sends", async () => {
    const result = await service.createAndSend({
      title: "Test Contract",
      pdfPath: "./fixtures/test.pdf",
      signers: [{ email: "test@example.com", name: "Test User" }],
    });

    expect(mockClient.documents.createV0).toHaveBeenCalledWith({ title: "Test Contract" });
    expect(mockClient.documentsRecipients.createV0).toHaveBeenCalled();
    expect(mockClient.documents.sendV0).toHaveBeenCalled();
    expect(result.documentId).toBe(1);
  });

  it("handles API errors gracefully", async () => {
    mockClient.documents.createV0.mockRejectedValue(
      Object.assign(new Error("Unauthorized"),


                
                  
                  
                  documenso-common-errors
                  SKILL.md
                  View full skill →
                
                
                  'Diagnose and resolve common Documenso API errors and issues.
                  
                      ReadWriteEditGrep
                    
                
                
                  Documenso Common Errors
Overview
Quick-reference troubleshooting guide for Documenso API errors. Covers authentication, document lifecycle, field validation, file upload, webhook, and SDK-specific issues with concrete solutions.
Prerequisites

Working Documenso integration (see documenso-install-auth)
Access to application logs
API key available

HTTP Error Reference

Status
Error
Cause
Solution


401
Unauthorized
Invalid, expired, or missing API key
Regenerate key in dashboard; verify Authorization: Bearer  header


403
Forbidden
Personal key accessing team resources
Use a team-scoped API token


404
Not Found
Wrong document/template ID or deleted resource
Verify ID with GET /api/v1/documents


400
Bad Request
Invalid payload or missing required fields
Check request body against API spec


413
Payload Too Large
PDF exceeds upload limit
Compress PDF; cloud plan limit varies by tier


429
Too Many Requests
Rate limit exceeded
Implement backoff; see documenso-rate-limits


500/502/503
Server Error
Documenso infrastructure issue
Retry with exponential backoff; check status.documenso.com


Instructions
Scenario 1: 401 Unauthorized

// WRONG: missing or malformed header
const res = await fetch("https://app.documenso.com/api/v1/documents", {
  headers: { "Authorization": process.env.DOCUMENSO_API_KEY! }, // Missing "Bearer "
});

// CORRECT: include Bearer prefix
const res = await fetch("https://app.documenso.com/api/v1/documents", {
  headers: { "Authorization": `Bearer ${process.env.DOCUMENSO_API_KEY}` },
});

// SDK handles this automatically:
import { Documenso } from "@documenso/sdk-typescript";
const client = new Documenso({ apiKey: process.env.DOCUMENSO_API_KEY! });

Checklist:

API key starts with api_ (personal) or is team-scoped
No trailing whitespace or newline in env var
Key hasn't been revoked in dashboard

Scenario 2: 403 — Personal Key on Team Resources

// Error: "Forbidden" when accessing team documents
// Personal API keys can only access YOUR documents
// Fix: generate a team API key from Team Settings > API Tokens
const client = new Documenso({
  apiKey: process.env.DOCUMENSO_TEAM_API_KEY!, // Team-scoped key
}


                
                  
                  
                  documenso-core-workflow-a
                  SKILL.md
                  View full skill →
                
                
                  'Implement Documenso document creation and recipient management workflows.
                  
                      ReadWriteEdit
                    
                
                
                  Documenso Core Workflow A: Document Creation & Recipients
Overview
Complete workflow for creating documents, managing recipients with different roles, positioning fields, and controlling signing order. Covers both the SDK and v1 REST API for document-centric operations.
Prerequisites

Completed documenso-install-auth setup
Understanding of documenso-sdk-patterns
PDF file ready for signing

Instructions
Step 1: Create a Document with the SDK

import { Documenso } from "@documenso/sdk-typescript";
import { readFileSync } from "fs";

const client = new Documenso({ apiKey: process.env.DOCUMENSO_API_KEY! });

// Create document shell
const doc = await client.documents.createV0({
  title: "Service Agreement — Q1 2026",
});

// Upload PDF
const pdf = readFileSync("./contracts/service-agreement.pdf");
await client.documents.setFileV0(doc.documentId, {
  file: new Blob([pdf], { type: "application/pdf" }),
});

Step 2: Recipient Roles
Documenso supports these recipient roles:

Role
Behavior


SIGNER
Must complete all assigned fields to finish


VIEWER
Receives a copy but takes no action


APPROVER
Must approve before signers can proceed


CC
Receives a completed copy after all signatures



// Add multiple recipients with roles
const signer = await client.documentsRecipients.createV0(doc.documentId, {
  email: "ceo@acme.com",
  name: "Alice CEO",
  role: "SIGNER",
});

const approver = await client.documentsRecipients.createV0(doc.documentId, {
  email: "legal@acme.com",
  name: "Legal Team",
  role: "APPROVER",
});

const cc = await client.documentsRecipients.createV0(doc.documentId, {
  email: "records@acme.com",
  name: "Records",
  role: "CC",
});

Step 3: Signing Order
Control the sequence in which recipients act. Lower numbers go first.

// Sequential signing: legal approves, then CEO signs
await client.documentsRecipients.createV0(doc.documentId, {
  email: "legal@acme.com",
  name: "Legal",
  role: "APPROVER",
  signingOrder: 1, // Goes first
});

await client.documentsRecipients.createV0(doc.documentId, {
  email: "ceo@acme.com",
  name: "CEO",
  role: "SIGNER",
  signingOrder: 2, // Goes after legal approves
});

Step 4: Add Fields to Document
Field coordinates use percentage-based positioning (0-100 for both X a


                
                  
                  
                  documenso-core-workflow-b
                  SKILL.md
                  View full skill →
                
                
                  'Implement Documenso template-based workflows and direct signing links.
                  
                      ReadWriteEdit
                    
                
                
                  Documenso Core Workflow B: Templates & Direct Signing
Overview
Create reusable templates, generate documents from templates with prefilled fields, and implement direct signing links for public/anonymous signers. Templates define the PDF, fields, and recipient roles once — then stamp out documents on demand.
Prerequisites

Completed documenso-core-workflow-a
At least one PDF uploaded to Documenso as a template
Understanding of recipient roles and field types

Instructions
Step 1: Create a Template via Dashboard
Templates are created in the Documenso UI:

Navigate to Templates in the sidebar.
Click Create Template and upload a PDF.
Add placeholder recipients (e.g., "Signer 1", "Approver") — these become roles that get filled when creating documents from the template.
Place fields on the PDF and assign them to placeholder recipients.
Save the template and note the template ID from the URL.

Step 2: Create Document from Template (v1 REST API)

// The v1 API has a dedicated template endpoint
const templateId = 42; // From the dashboard URL

const res = await fetch(
  `https://app.documenso.com/api/v1/templates/${templateId}/create-document`,
  {
    method: "POST",
    headers: {
      Authorization: `Bearer ${process.env.DOCUMENSO_API_KEY}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      title: "Service Agreement — Acme Corp",
      recipients: [
        {
          email: "ceo@acme.com",
          name: "Alice CEO",
          role: "SIGNER",
        },
      ],
      // Optionally prefill fields by their IDs
      prefillFields: [
        { id: "field_abc123", value: "2026-03-22" },
        { id: "field_def456", value: "Acme Corporation" },
      ],
    }),
  }
);

const document = await res.json();
console.log(`Created document ${document.documentId} from template ${templateId}`);

Step 3: Template Workflow Patterns

// Pattern: Batch document generation from template
async function generateContracts(
  templateId: number,
  clients: Array<{ email: string; name: string; company: string }>
) {
  const results = [];

  for (const client of clients) {
    const res = await fetch(
      `https://app.documenso.com/api/v1/templates/${templateId}/create-document`,
      {
        method: "POST",
        headers: {
          Authorization: `Bearer ${process.env.DOCUMENSO_API_KEY}`,
          "Content-Type": "application/json",
        },
        body: JSON.stringify({
          title: `Service Agreement — ${client.company}`,
          recipients: [


                
                  
                  
                  documenso-cost-tuning
                  SKILL.md
                  View full skill →
                
                
                  'Optimize Documenso usage costs and manage subscription efficiency.
                  
                      ReadWriteEdit
                    
                
                
                  Documenso Cost Tuning
Overview
Optimize Documenso costs through plan selection, template reuse, self-hosting, and usage monitoring. Documenso's pricing is uniquely developer-friendly: paid plans include unlimited API usage and signing volume.
Prerequisites

Documenso account with billing access
Understanding of your document volume patterns

Documenso Pricing Model

Plan
Price
Documents
API / Signing
Teams
Key Feature


Free
$0/mo
Limited
Fair use
No
Personal use


Individual
$30/mo (early adopter)
Unlimited
Unlimited
No
Full API access


Team
$30/mo+
Unlimited
Unlimited
Yes, unlimited
Team management, webhooks


Enterprise
Custom ($30K+/yr self-hosted)
Unlimited
Unlimited
Yes
SSO, audit logs, compliance


Self-Hosted (AGPL)
Free
Unlimited
No limits
Community
Full control, no SLA


Key insight: Documenso does not charge per API call or per document on paid plans. Cost optimization is about choosing the right plan tier, not reducing API usage.
Instructions
Step 1: Right-Size Your Plan

Decision tree:
1. Personal use, < 5 docs/month? → Free tier
2. Individual developer, unlimited docs? → Individual ($30/mo)
3. Multiple team members collaborating? → Team plan
4. Need SSO, audit logs, or compliance? → Enterprise
5. Want full control, have DevOps capacity? → Self-host (AGPL, free)

Step 2: Template Reuse to Save Time (Not Money)
Templates don't save money (paid plans are unlimited), but they save developer time and reduce errors:

// WITHOUT templates: rebuild every time (slow, error-prone)
async function createContractManual(client: Documenso, signer: Signer) {
  const doc = await client.documents.createV0({ title: `Contract — ${signer.name}` });
  // Upload PDF, add recipient, add 6 fields... every time
  // 7+ API calls per document
}

// WITH templates: one API call + send
async function createContractFromTemplate(templateId: number, signer: Signer) {
  const res = await fetch(
    `https://app.documenso.com/api/v1/templates/${templateId}/create-document`,
    {
      method: "POST",
      headers: {
        Authorization: `Bearer ${process.env.DOCUMENSO_API_KEY}`,
        "Content-Type": "application/json",
      },
      body: JSON.stringify({
        title: `Contract — ${signer.name}`,
        recipients: [{ email: signer.email, name: signer.name, role: "SIGNER" }],
      }),
    }
  );


                
                  
                  
                  documenso-data-handling
                  SKILL.md
                  View full skill →
                
                
                  'Handle document data, signatures, and PII in Documenso integrations.
                  
                      ReadWriteEdit
                    
                
                
                  Documenso Data Handling
Overview
Best practices for handling documents, signatures, and PII in Documenso integrations. Covers downloading signed PDFs, data retention, GDPR compliance, and secure storage. Note: Documenso cloud stores documents in PostgreSQL by default; self-hosted gives you full control.
Prerequisites

Understanding of data protection regulations (GDPR, CCPA)
Secure storage infrastructure (S3, GCS, or local encrypted storage)
Completed documenso-install-auth setup

Document Lifecycle

DRAFT ──send()──→ PENDING ──all sign──→ COMPLETED
                      │
                      ├──reject()──→ REJECTED
                      └──cancel()──→ CANCELLED

Data handling implications:
- DRAFT: mutable, can delete freely
- PENDING: immutable document, but status changes
- COMPLETED: signed PDF available for download, archive
- REJECTED/CANCELLED: cleanup candidate

Instructions
Step 1: Download Signed Documents

import { Documenso } from "@documenso/sdk-typescript";
import { writeFile } from "node:fs/promises";

const client = new Documenso({ apiKey: process.env.DOCUMENSO_API_KEY! });

async function downloadSignedPdf(documentId: number, outputPath: string) {
  // Verify document is completed
  const doc = await client.documents.getV0(documentId);
  if (doc.status !== "COMPLETED") {
    throw new Error(`Document ${documentId} is ${doc.status}, not COMPLETED`);
  }

  // Download via v1 REST API (SDK may not expose download directly)
  const res = await fetch(
    `https://app.documenso.com/api/v1/documents/${documentId}/download`,
    { headers: { Authorization: `Bearer ${process.env.DOCUMENSO_API_KEY}` } }
  );
  if (!res.ok) throw new Error(`Download failed: ${res.status}`);

  const buffer = Buffer.from(await res.arrayBuffer());
  await writeFile(outputPath, buffer);
  console.log(`Saved signed PDF: ${outputPath} (${buffer.length} bytes)`);
}

Step 2: PII Handling

// Identify PII in Documenso data
interface RecipientPII {
  email: string;    // PII — must be protected
  name: string;     // PII — must be protected
  role: string;     // Not PII
  signingStatus: string; // Not PII
}

// Sanitize before logging
function sanitizeForLogging(payload: any): any {
  const sanitized = { ...payload };
  if (sanitized.recipients) {
    sanitized.recipients = sanitized.recipients.map((r: any) => ({
      ...r,
      email: r.email.replace(/^(.{2}).*(@.*)$/, "$1***$2"),
      name: "[REDACTED]",
    }));
  }
  return sanitized;
}

// Usage: safe to log
console.log("Webhook received:", JSON.stringify(sanitizeForLogging(payload)));
// Output: { email: "ja***@example.com", name: "[REDACTED]" }

Step 3: Data Retention Policy

                
              

                
                  
                  
                  documenso-debug-bundle
                  SKILL.md
                  View full skill →
                
                
                  'Comprehensive debugging toolkit for Documenso integrations.
                  
                      ReadWriteEditBash(curl:*)Bash(node:*)Grep
                    
                
                
                  Documenso Debug Bundle
Current State
!node --version 2>/dev/null || echo 'N/A'
!python3 --version 2>/dev/null || echo 'N/A'
!uname -a
Overview
Comprehensive debugging tools for Documenso integration issues. Includes diagnostic scripts, curl debug commands, environment verification, and support ticket templates.
Prerequisites

Documenso SDK installed
Access to logs and configuration
curl and jq available

Instructions
Step 1: Quick Connectivity Test

#!/bin/bash
set -euo pipefail

echo "=== Documenso Connectivity Test ==="

# 1. Check API key is set
if [ -z "${DOCUMENSO_API_KEY:-}" ]; then
  echo "FAIL: DOCUMENSO_API_KEY not set"
  exit 1
fi
echo "OK: API key set (${#DOCUMENSO_API_KEY} chars)"

# 2. Test authentication
BASE="${DOCUMENSO_BASE_URL:-https://app.documenso.com/api/v1}"
STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
  -H "Authorization: Bearer $DOCUMENSO_API_KEY" \
  "$BASE/documents?page=1&perPage=1")

if [ "$STATUS" = "200" ]; then
  echo "OK: API authentication successful"
elif [ "$STATUS" = "401" ]; then
  echo "FAIL: Invalid API key (401)"
  exit 1
elif [ "$STATUS" = "403" ]; then
  echo "FAIL: Insufficient permissions (403) — try a team API key"
  exit 1
else
  echo "WARN: Unexpected status $STATUS"
fi

# 3. Check latency
LATENCY=$(curl -s -o /dev/null -w "%{time_total}" \
  -H "Authorization: Bearer $DOCUMENSO_API_KEY" \
  "$BASE/documents?page=1&perPage=1")
echo "Latency: ${LATENCY}s"

# 4. List recent documents
echo "=== Recent Documents ==="
curl -s -H "Authorization: Bearer $DOCUMENSO_API_KEY" \
  "$BASE/documents?page=1&perPage=5" | jq '.documents[] | {id, title, status, createdAt}'

Step 2: TypeScript Diagnostic Script

// scripts/documenso-diagnose.ts
import { Documenso } from "@documenso/sdk-typescript";

async function diagnose() {
  const results: Array<{ test: string; status: "PASS" | "FAIL"; detail: string }> = [];

  // Test 1: API key
  const apiKey = process.env.DOCUMENSO_API_KEY;
  if (!apiKey) {
    results.push({ test: "API Key", status: "FAIL", detail: "DOCUMENSO_API_KEY not set" });
    return results;
  }
  results.push({ test: "API Key", status: "PASS", detail: `Set (${apiKey.length} chars)` });

  // Test 2: Connection
  const client = new Documenso({
    apiKey,
    ...(process.env.DOCUMENSO_BASE_URL && { serverURL: process.env.DOCUMENSO_BASE_URL }),
  });

  try {
    const start = D

                

              

                
                  
                  
                  documenso-deploy-integration
                  SKILL.md
                  View full skill →
                
                
                  'Deploy Documenso integrations across different platforms and environments.
                  
                      ReadWriteEditBash(docker:*)Bash(kubectl:*)
                    
                
                
                  Documenso Deploy Integration
Overview
Deploy Documenso-integrated applications and self-hosted Documenso instances to Docker, Kubernetes, serverless, and cloud platforms. Covers both app deployment (your code that uses the Documenso API) and self-hosted Documenso deployment.
Prerequisites

Application ready for deployment
Cloud platform account (AWS, GCP, Azure)
Docker installed locally
Completed documenso-multi-env-setup

Instructions
Step 1: Dockerize Your Documenso Integration

# Dockerfile
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

FROM node:20-alpine AS runtime
WORKDIR /app
RUN addgroup -S app && adduser -S app -G app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json .
USER app
EXPOSE 3000
CMD ["node", "dist/server.js"]
# Note: DOCUMENSO_API_KEY injected at runtime, never baked into image

Step 2: Self-Hosted Documenso (Docker Compose)

# docker-compose.prod.yml
services:
  documenso:
    image: documenso/documenso:latest
    ports:
      - "3000:3000"
    environment:
      - NEXTAUTH_URL=https://sign.yourcompany.com
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}   # openssl rand -hex 32
      - NEXT_PRIVATE_ENCRYPTION_KEY=${ENCRYPTION_KEY}
      - NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=${ENCRYPTION_SECONDARY_KEY}
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.yourcompany.com
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso:${DB_PASS}@db:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso:${DB_PASS}@db:5432/documenso
      # SMTP
      - NEXT_PRIVATE_SMTP_TRANSPORT=smtp-auth
      - NEXT_PRIVATE_SMTP_HOST=${SMTP_HOST}
      - NEXT_PRIVATE_SMTP_PORT=587
      - NEXT_PRIVATE_SMTP_USERNAME=${SMTP_USER}
      - NEXT_PRIVATE_SMTP_PASSWORD=${SMTP_PASS}
      - NEXT_PRIVATE_SMTP_FROM_ADDRESS=signing@yourcompany.com
      - NEXT_PRIVATE_SMTP_FROM_NAME=YourCompany Signing
      # Signing certificate
      - NEXT_PRIVATE_SIGNING_PASSPHRASE=${CERT_PASSPHRASE}
    volumes:
      - ./certs/signing-cert.p12:/opt/documenso/cert.p12:ro
    depends_on:
      db:
        condition: service_healthy
    restart: unless-stopped

  db:
    image: postgres:16-alpine
    environment:
      POSTGRES_USER: documenso
      POSTGRES_PASSWORD: ${DB_PASS}
      POSTGRES_DB: documenso
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U documenso"]
      interval: 5s
      retries: 5

volumes:
  pgdata:

Important notes:

Documenso container runs as non-root (UID 1001) -- ensure mounted files are readable
Prisma migrations run automatically on contai
                
              

                
                  
                  
                  documenso-enterprise-rbac
                  SKILL.md
                  View full skill →
                
                
                  'Configure Documenso enterprise role-based access control and team management.
                  
                      ReadWriteEdit
                    
                
                
                  Documenso Enterprise RBAC
Overview
Configure team-based access control and enterprise features in Documenso. The Team plan enables multi-user collaboration with shared documents. Enterprise adds SSO (OIDC), audit logging, and organization-level management.
Prerequisites

Documenso Team or Enterprise plan
Understanding of RBAC concepts
For SSO: OIDC-compatible identity provider (Okta, Azure AD, Google Workspace, Auth0)

Documenso Team Model

Organization
├── Team A
│   ├── Owner (full control)
│   ├── Admin (manage members, settings)
│   └── Member (create, view, sign team documents)
├── Team B
│   └── ...
└── Personal Accounts (separate from teams)

Key concepts:

Teams are separate from personal accounts -- team documents are owned by the team
Team API keys access all team documents; personal keys only access personal documents
Each team member can have Owner, Admin, or Member role
Unlimited teams and users on Team/Enterprise plans (early adopter pricing)

Instructions
Step 1: Team API Key Scoping

import { Documenso } from "@documenso/sdk-typescript";

// Personal key: only YOUR documents
const personalClient = new Documenso({
  apiKey: process.env.DOCUMENSO_PERSONAL_KEY!,
});

// Team key: all documents in the team
const teamClient = new Documenso({
  apiKey: process.env.DOCUMENSO_TEAM_KEY!,
});

// Common mistake: using personal key for team operations
// Results in 403 Forbidden on team resources

Step 2: Application-Level RBAC
Documenso handles team membership internally. For finer-grained control in your app, implement an authorization layer:

// src/auth/documenso-rbac.ts
type Role = "viewer" | "editor" | "admin" | "owner";

interface TeamMember {
  userId: string;
  teamId: string;
  role: Role;
}

const PERMISSIONS: Record<Role, string[]> = {
  viewer: ["documents:read"],
  editor: ["documents:read", "documents:create", "documents:send"],
  admin: ["documents:read", "documents:create", "documents:send", "documents:delete", "members:manage"],
  owner: ["documents:read", "documents:create", "documents:send", "documents:delete", "members:manage", "team:settings", "team:billing"],
};

function hasPermission(member: TeamMember, permission: string): boolean {
  return PERMISSIONS[member.role]?.includes(permission) ?? false;
}

// Middleware
function requirePermission(permission: string) {
  return (req: Request, res: Response, next: NextFunction) => {
    const member = req.teamMember; // Set by auth middleware
    if (!hasPermission(member, perm

                

              

                
                  
                  
                  documenso-hello-world
                  SKILL.md
                  View full skill →
                
                
                  'Create a minimal working Documenso example.
                  
                      ReadWriteEdit
                    
                
                
                  Documenso Hello World
Overview
Minimal working example that creates a document, adds a recipient with a signature field, and sends it for signing — all in one script. Uses the Documenso TypeScript SDK (v2 API) with a Python equivalent.
Prerequisites

Completed documenso-install-auth setup
Valid API key in DOCUMENSOAPIKEY environment variable
A PDF file to upload (or generate a test one below)

Instructions
Step 1: Generate a Test PDF (Optional)
If you don't have a PDF handy:

npm install pdf-lib


// generate-test-pdf.ts
import { PDFDocument, StandardFonts } from "pdf-lib";
import { writeFileSync } from "fs";

async function createTestPdf() {
  const pdf = PDFDocument.create();
  const page = (await pdf).addPage([612, 792]); // US Letter
  const font = await (await pdf).embedFont(StandardFonts.Helvetica);
  page.drawText("Please sign below:", { x: 50, y: 700, size: 16, font });
  const bytes = await (await pdf).save();
  writeFileSync("test-contract.pdf", bytes);
  console.log("Created test-contract.pdf");
}
createTestPdf();

Step 2: Complete Signing Workflow (TypeScript)

// documenso-hello.ts
import { Documenso } from "@documenso/sdk-typescript";
import { readFileSync } from "fs";

async function main() {
  const client = new Documenso({
    apiKey: process.env.DOCUMENSO_API_KEY!,
  });

  // 1. Create a document
  const doc = await client.documents.createV0({
    title: "Hello World Contract",
  });
  console.log(`Document created: ID ${doc.documentId}`);

  // 2. Upload the PDF
  const pdfBuffer = readFileSync("test-contract.pdf");
  await client.documents.setFileV0(doc.documentId, {
    file: new Blob([pdfBuffer], { type: "application/pdf" }),
  });

  // 3. Add a recipient (signer)
  const recipient = await client.documentsRecipients.createV0(doc.documentId, {
    email: "signer@example.com",
    name: "Jane Doe",
    role: "SIGNER",
  });
  console.log(`Recipient added: ${recipient.recipientId}`);

  // 4. Add a signature field at specific coordinates
  await client.documentsFields.createV0(doc.documentId, {
    recipientId: recipient.recipientId,
    type: "SIGNATURE",
    pageNumber: 1,
    pageX: 50,    // X position (left offset, percentage-based 0-100)
    pageY: 80,    // Y position (top offset, percentage-based 0-100)
    pageWidth: 30, // Width as percentage of page
    pageHeight: 5, // Height as percentage of page
  });

  // 5. Send for signing
  await client.documents.sendV0(doc.documentId);
  console.log("Document sent for signing!");
}

main().catch(console.error);

Run: npx tsx documenso-hello.ts
                

              

                
                  
                  
                  documenso-incident-runbook
                  SKILL.md
                  View full skill →
                
                
                  'Manage incident response for Documenso integration issues.
                  
                      ReadBash(curl:*)Bash(kubectl:*)Grep
                    
                
                
                  Documenso Incident Runbook
Overview
Step-by-step procedures for responding to Documenso integration incidents. Covers cloud outages, self-hosted issues, and integration failures.
Prerequisites

Access to monitoring dashboards
Documenso dashboard access
Application log access
On-call escalation contacts defined

Severity Levels

Level
Description
Examples
Response Time


P1
Complete signing outage
All API calls failing, no documents can be sent
< 15 min


P2
Degraded functionality
Slow responses, intermittent errors, webhooks delayed
< 1 hour


P3
Minor issue, workaround available
Single document stuck, UI glitch
< 4 hours


P4
Non-urgent
Feature request, documentation gap
Next business day


Quick Diagnostic Commands

#!/bin/bash
set -euo pipefail
echo "=== Documenso Incident Diagnostic ==="

# 1. Check Documenso cloud status
echo "--- Cloud Status ---"
curl -s https://status.documenso.com/api/v2/status.json 2>/dev/null | jq '.status' || echo "Status page unreachable"

# 2. Check our API connectivity
echo "--- API Connectivity ---"
BASE="${DOCUMENSO_BASE_URL:-https://app.documenso.com/api/v1}"
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
  -H "Authorization: Bearer $DOCUMENSO_API_KEY" \
  "$BASE/documents?page=1&perPage=1" 2>/dev/null || echo "000")
echo "API Status: $HTTP_CODE"

# 3. Check latency (5 samples)
echo "--- Latency Check ---"
for i in $(seq 1 5); do
  LATENCY=$(curl -s -o /dev/null -w "%{time_total}" \
    -H "Authorization: Bearer $DOCUMENSO_API_KEY" \
    "$BASE/documents?page=1&perPage=1" 2>/dev/null || echo "timeout")
  echo "  Request $i: ${LATENCY}s"
done

# 4. Self-hosted: check container status
echo "--- Self-Hosted Container (if applicable) ---"
docker ps --filter "name=documenso" --format "{{.Names}}: {{.Status}}" 2>/dev/null || echo "Docker not available or Documenso not self-hosted"

Incident Response Procedures
Scenario 1: Documenso Cloud Outage (5xx Errors)
Symptoms: High error rate, 500/502/503 from Documenso API.
Actions:

Check status page: https://status.documenso.com
If Documenso confirms outage:


Enable degraded mode in your app
Queue signing requests for later
Show user-facing message: "Document signing temporarily unavailable"
Monitor status page for res
                
              

                
                  
                  
                  documenso-install-auth
                  SKILL.md
                  View full skill →
                
                
                  'Install and configure Documenso SDK/API authentication.
                  
                      ReadWriteEditBash(npm:*)Bash(pip:*)Bash(pnpm:*)Grep
                    
                
                
                  Documenso Install & Auth
Overview
Set up the Documenso SDK and configure API authentication for document signing. Covers the TypeScript SDK (@documenso/sdk-typescript), the Python SDK (documenso-sdk-python), and raw REST API usage. Documenso exposes two API versions: v1 (legacy, documents only) and v2 (envelopes, multi-document, recommended for new work).
Prerequisites

Node.js 18+ or Python 3.10+
Package manager (npm, pnpm, yarn, pip, or uv)
Documenso account — cloud at app.documenso.com or self-hosted instance
API key generated from the Documenso dashboard

Instructions
Step 1: Install the SDK
TypeScript / Node.js:

npm install @documenso/sdk-typescript
# or
pnpm add @documenso/sdk-typescript

Python:

pip install documenso-sdk-python
# or
uv pip install documenso-sdk-python

Step 2: Generate an API Key

Log in to your Documenso dashboard (https://app.documenso.com or your self-hosted URL).
Click your avatar (top-right) and select User settings (or Team settings for team-scoped keys).
Navigate to the API tokens tab.
Click Create API Key, give it a descriptive name (e.g. ci-pipeline-prod).
Copy the key immediately — it is shown only once.

Team API keys inherit the team's document and template access. Personal keys only access your own documents.
Step 3: Store the Key Securely

# .env (never commit this file)
DOCUMENSO_API_KEY=api_xxxxxxxxxxxxxxxxxxxxxxxxxx

Add .env to .gitignore:

echo ".env" >> .gitignore

Step 4: Initialize the Client
TypeScript — v2 API (recommended):

import { Documenso } from "@documenso/sdk-typescript";

const documenso = new Documenso({
  apiKey: process.env.DOCUMENSO_API_KEY!,
  // For self-hosted, override the server URL:
  // serverURL: "https://sign.yourcompany.com/api/v2",
});

TypeScript — v1 REST (legacy):

const BASE = process.env.DOCUMENSO_BASE_URL ?? "https://app.documenso.com/api/v1";
const headers = { Authorization: `Bearer ${process.env.DOCUMENSO_API_KEY}` };

const res = await fetch(`${BASE}/documents`, { headers });
const docs = await res.json();

Python:

from documenso_sdk_python import Documenso
import os

client = Documenso(api_key=os.environ["DOCUMENSO_API_KEY"])

                

              

                
                  
                  
                  documenso-local-dev-loop
                  SKILL.md
                  View full skill →
                
                
                  'Set up local development environment and testing workflow for Documenso.
                  
                      ReadWriteEditBash(npm:*)Bash(docker:*)Bash(node:*)
                    
                
                
                  Documenso Local Dev Loop
Overview
Configure a fast local development environment for Documenso integrations. Covers project structure, environment configs, self-hosted Documenso via Docker, test utilities, and cleanup scripts.
Prerequisites

Completed documenso-install-auth setup
Node.js 18+ with TypeScript
Docker (for self-hosted local Documenso)

Instructions
Step 1: Project Structure

my-signing-app/
├── src/
│   └── documenso/
│       ├── client.ts          # Configured SDK client
│       ├── documents.ts       # Document operations
│       ├── recipients.ts      # Recipient management
│       └── webhooks.ts        # Webhook handlers
├── scripts/
│   ├── verify-connection.ts   # Quick health check
│   ├── create-test-doc.ts     # Generate test documents
│   └── cleanup-test-docs.ts   # Remove test data
├── tests/
│   └── integration/
│       ├── document.test.ts
│       └── template.test.ts
├── .env.development
├── .env.test
└── .env.production

Step 2: Environment Configuration
.env.development:

DOCUMENSO_API_KEY=api_dev_xxxxxxxxxxxx
DOCUMENSO_BASE_URL=https://stg-app.documenso.com/api/v2
DOCUMENSO_WEBHOOK_SECRET=whsec_dev_xxxxxxxxxxxx
LOG_LEVEL=debug

.env.test:

DOCUMENSO_API_KEY=api_test_xxxxxxxxxxxx
DOCUMENSO_BASE_URL=https://stg-app.documenso.com/api/v2
DOCUMENSO_WEBHOOK_SECRET=whsec_test_xxxxxxxxxxxx
LOG_LEVEL=warn

Step 3: Client Wrapper with Dev Helpers

// src/documenso/client.ts
import { Documenso } from "@documenso/sdk-typescript";

let _client: Documenso | null = null;

export function getClient(): Documenso {
  if (!_client) {
    _client = new Documenso({
      apiKey: process.env.DOCUMENSO_API_KEY!,
      ...(process.env.DOCUMENSO_BASE_URL && {
        serverURL: process.env.DOCUMENSO_BASE_URL,
      }),
    });
  }
  return _client;
}

// Dev helper: list recent documents for debugging
export async function listRecentDocs(limit = 5) {
  const client = getClient();
  const { documents } = await client.documents.findV0({
    page: 1,
    perPage: limit,
    orderByColumn: "createdAt",
    orderByDirection: "desc",
  });
  return documents;
}

Step 4: Self-Hosted Local Documenso (Docker)

# Pull the official Documenso Docker image
docker pull documenso/documenso:latest

# Create docker-compose.local.yml


# docker-compose.local.yml
services:
  documenso:
    image: documenso/documenso:latest
    ports:
      - "3000:3000"
    environment:
      - NEXTAUTH_URL=http://localhost:3000
      - NEXTAUTH_SECRET=local-dev-secret-change-me
      - NEXT_PRIVATE_ENCRYPTION_KEY=local-encryption-key
  

                

              

                
                  
                  
                  documenso-migration-deep-dive
                  SKILL.md
                  View full skill →
                
                
                  'Execute comprehensive Documenso migration strategies for platform switches.
                  
                      ReadWriteEditBash(npm:*)Bash(node:*)
                    
                
                
                  Documenso Migration Deep Dive
Current State
!npm list 2>/dev/null | head -10
Overview
Comprehensive guide for migrating to Documenso from other e-signature platforms (DocuSign, HelloSign, PandaDoc, Adobe Sign). Uses the Strangler Fig pattern for zero-downtime migration with feature flags and rollback support.
Prerequisites

Current signing platform documented (APIs, templates, webhooks)
Documenso account configured (see documenso-install-auth)
Feature flag infrastructure (LaunchDarkly, environment variables, etc.)
Parallel run capability (both platforms active during migration)

Migration Strategy: Strangler Fig Pattern

Phase 1: Parallel Systems (Week 1-2)
┌──────────┐     ┌─────────────┐
│ Your App │────▶│ Old Platform │  (100% traffic)
│          │     └─────────────┘
│          │────▶│  Documenso   │  (shadow: log only, don't send)
└──────────┘     └─────────────┘

Phase 2: Gradual Cutover (Week 3-4)
┌──────────┐     ┌─────────────┐
│ Your App │────▶│ Old Platform │  (50% traffic via feature flag)
│          │     └─────────────┘
│          │────▶│  Documenso   │  (50% traffic)
└──────────┘     └─────────────┘

Phase 3: Full Migration (Week 5+)
┌──────────┐     ┌─────────────┐
│ Your App │────▶│  Documenso   │  (100% traffic)
└──────────┘     └─────────────┘
                 Old platform decommissioned

Instructions
Step 1: Pre-Migration Assessment

// scripts/assess-current-system.ts
// Inventory your current signing platform usage

interface MigrationAssessment {
  platform: string;
  activeTemplates: number;
  documentsPerMonth: number;
  webhookEndpoints: string[];
  recipientRoles: string[];
  fieldTypes: string[];
  integrations: string[];  // CRM, database, etc.
}

async function assessCurrentSystem(): Promise<MigrationAssessment> {
  // Example for DocuSign
  return {
    platform: "DocuSign",
    activeTemplates: 15,
    documentsPerMonth: 200,
    webhookEndpoints: [
      "https://api.yourapp.com/webhooks/docusign",
    ],
    recipientRoles: ["Signer", "CC", "In Person Signer"],
    fieldTypes: ["Signature", "Date", "Text", "Checkbox", "Initial"],
    integrations: ["Salesforce", "PostgreSQL"],
  };
}

Step 2: Feature Mapping

                
              
                
                  
                  
                  documenso-multi-env-setup
                  SKILL.md
                  View full skill →
                
                
                  'Configure Documenso across multiple environments (dev, staging, production).
                  
                      ReadWriteEdit
                    
                
                
                  Documenso Multi-Environment Setup
Overview
Configure Documenso across development, staging, and production with environment isolation, secret management, and promotion workflows. Documenso cloud offers a staging environment at stg-app.documenso.com; self-hosted users run separate instances.
Prerequisites

Documenso accounts or instances for each environment
Secret management solution (Vault, AWS Secrets Manager, or .env files)
Completed documenso-install-auth setup

Environment Architecture

┌─────────────────────────────────────────────────────────────┐
│  Development                                                 │
│  API: stg-app.documenso.com (or localhost:3000 self-hosted) │
│  Key: DOCUMENSO_API_KEY=api_dev_xxx                         │
│  Webhooks: ngrok tunnel                                      │
├─────────────────────────────────────────────────────────────┤
│  Staging                                                     │
│  API: stg-app.documenso.com                                 │
│  Key: DOCUMENSO_API_KEY=api_stg_xxx                         │
│  Webhooks: staging.yourapp.com/webhooks/documenso           │
├─────────────────────────────────────────────────────────────┤
│  Production                                                  │
│  API: app.documenso.com (or sign.yourcompany.com)           │
│  Key: DOCUMENSO_API_KEY=api_prod_xxx                        │
│  Webhooks: api.yourapp.com/webhooks/documenso               │
└─────────────────────────────────────────────────────────────┘

Instructions
Step 1: Environment Configuration Files

# .env.development
DOCUMENSO_API_KEY=api_dev_xxxxxxxxxxxx
DOCUMENSO_BASE_URL=https://stg-app.documenso.com/api/v2
DOCUMENSO_WEBHOOK_SECRET=whsec_dev_xxxxxxxxxxxx
LOG_LEVEL=debug
NODE_ENV=development

# .env.staging
DOCUMENSO_API_KEY=api_stg_xxxxxxxxxxxx
DOCUMENSO_BASE_URL=https://stg-app.documenso.com/api/v2
DOCUMENSO_WEBHOOK_SECRET=whsec_stg_xxxxxxxxxxxx
LOG_LEVEL=info
NODE_ENV=staging

# .env.production
DOCUMENSO_API_KEY=api_prod_xxxxxxxxxxxx
DOCUMENSO_BASE_URL=https://app.documenso.com/api/v2
DOCUMENSO_WEBHOOK_SECRET=whsec_prod_xxxxxxxxxxxx
LOG_LEVEL=warn
NODE_ENV=production

Step 2: Environment-Aware Client Factory

// src/documenso/factory.ts
import { Documenso } from "@documenso/sdk-typescript";

interface EnvConfig {
  apiKey: string;
  baseUrl: string;
  webhookSecret: string;
}

function getConfig(): EnvConfig {
  const apiKey = process.env.DOCUMENSO_API_KEY;
  if (!apiKey) throw new Error("DOCUMENSO_API_KEY required");

  return {
    apiKey,
    baseUrl: process.env.DOCUMENSO_BASE_URL ?? "https://app.documenso.com/api/v2",
    webhookSecret: process.env.DOCUMENSO_WEBHOOK_SECRET ?? "",
  };
}

let client: Doc

                

              

                
                  
                  
                  documenso-observability
                  SKILL.md
                  View full skill →
                
                
                  'Implement monitoring, logging, and tracing for Documenso integrations.
                  
                      ReadWriteEdit
                    
                
                
                  Documenso Observability
Overview
Implement monitoring, structured logging, and health checks for Documenso integrations. Since Documenso does not expose rate limit headers or usage metrics via API, observability is built around your API call patterns, latency, error rates, and webhook delivery.
Prerequisites

Working Documenso integration
Monitoring stack (Prometheus/Grafana, Datadog, or CloudWatch)
Logging infrastructure

Instructions
Step 1: Instrumented Client Wrapper

// src/observability/documenso-metrics.ts
import { Documenso } from "@documenso/sdk-typescript";

interface Metrics {
  requestCount: number;
  errorCount: number;
  totalLatencyMs: number;
  errorsByStatus: Record<number, number>;
}

const metrics: Metrics = {
  requestCount: 0,
  errorCount: 0,
  totalLatencyMs: 0,
  errorsByStatus: {},
};

export function createInstrumentedClient(): Documenso {
  const client = new Documenso({ apiKey: process.env.DOCUMENSO_API_KEY! });

  return new Proxy(client, {
    get(target, prop) {
      const value = (target as any)[prop];
      if (typeof value === "object" && value !== null) {
        return new Proxy(value, {
          get(innerTarget, method) {
            const fn = (innerTarget as any)[method];
            if (typeof fn !== "function") return fn;

            return async (...args: any[]) => {
              const start = Date.now();
              metrics.requestCount++;

              try {
                const result = await fn.apply(innerTarget, args);
                metrics.totalLatencyMs += Date.now() - start;
                return result;
              } catch (err: any) {
                metrics.errorCount++;
                const status = err.statusCode ?? 0;
                metrics.errorsByStatus[status] = (metrics.errorsByStatus[status] || 0) + 1;
                metrics.totalLatencyMs += Date.now() - start;
                throw err;
              }
            };
          },
        });
      }
      return value;
    },
  });
}

// Expose metrics for Prometheus scraping
export function getMetrics() {
  return {
    ...metrics,
    avgLatencyMs: metrics.requestCount > 0
      ? Math.round(metrics.totalLatencyMs / metrics.requestCount)
      : 0,
    errorRate: metrics.requestCount > 0
      ? (metrics.errorCount / metrics.requestCount * 100).toFixed(2) + "%"
      : "0%",
  };
}

Step 2: Structured Logging

// src/observability/logger.ts
import { createLogger, format, transports } from "winston";

const logger = createLogger({
  level: process.env.LOG_LEVEL ?? "info",
  format: format.combine(
    format.timestamp(),
    format.json()
  ),
  defaultMeta: { service: "documenso-integration" },
  transports: [
    new transports.Console(),
 

                

              

                
                  
                  
                  documenso-performance-tuning
                  SKILL.md
                  View full skill →
                
                
                  'Optimize Documenso integration performance with caching, batching, and.
                  
                      ReadWriteEdit
                    
                
                
                  Documenso Performance Tuning
Overview
Optimize Documenso integrations for speed and efficiency. Key strategies: reduce API round-trips with templates, cache document metadata, batch operations with concurrency control, and use async processing for bulk signing workflows.
Prerequisites

Working Documenso integration
Redis or in-memory cache (recommended)
Completed documenso-sdk-patterns setup

Instructions
Step 1: Reduce API Calls with Templates
The biggest performance win: templates reduce a multi-step document creation (create + upload + add recipients + add fields + send = 5+ calls) to just 2 calls (create from template + send).

// WITHOUT templates: 5+ API calls per document
async function createDocumentManual(signer: { email: string; name: string }) {
  const doc = await client.documents.createV0({ title: "Contract" });              // 1
  await client.documents.setFileV0(doc.documentId, { file: pdfBlob });             // 2
  const recip = await client.documentsRecipients.createV0(doc.documentId, {        // 3
    email: signer.email, name: signer.name, role: "SIGNER",
  });
  await client.documentsFields.createV0(doc.documentId, {                          // 4
    recipientId: recip.recipientId, type: "SIGNATURE",
    pageNumber: 1, pageX: 10, pageY: 80, pageWidth: 30, pageHeight: 5,
  });
  await client.documents.sendV0(doc.documentId);                                   // 5
}

// WITH templates: 2 API calls per document
async function createDocumentFromTemplate(templateId: number, signer: { email: string; name: string }) {
  const res = await fetch(                                                          // 1
    `${BASE}/templates/${templateId}/create-document`,
    {
      method: "POST",
      headers: { Authorization: `Bearer ${API_KEY}`, "Content-Type": "application/json" },
      body: JSON.stringify({
        title: `Contract — ${signer.name}`,
        recipients: [{ email: signer.email, name: signer.name, role: "SIGNER" }],
      }),
    }
  );
  const doc = await res.json();
  await fetch(`${BASE}/documents/${doc.documentId}/send`, {                         // 2
    method: "POST",
    headers: { Authorization: `Bearer ${API_KEY}` },
  });
}

Step 2: Cache Document Metadata

// src/cache/documenso-cache.ts
import NodeCache from "node-cache";

const cache = new NodeCache({ stdTTL: 300, checkperiod: 60 }); // 5 min TTL

export async function getCachedDocument(client: Documenso, documentId: number) {
  const key = `doc:${documentId}`;
  const cached = cache.get(key);
  if (cached) return cached;

  const doc = await client.documents.getV0(documentId);
  // Only cache completed documents (immutable)
  if (doc.status === "COMPLETED") {
    c

                

              

                
                  
                  
                  documenso-prod-checklist
                  SKILL.md
                  View full skill →
                
                
                  'Execute Documenso production deployment checklist and rollback procedures.
                  
                      ReadBash(kubectl:*)Bash(curl:*)Grep
                    
                
                
                  Documenso Production Checklist
Overview
Complete checklist for deploying Documenso integrations to production, covering security, reliability, monitoring, and compliance readiness.
Prerequisites

Staging environment tested and verified
Production API keys available
Deployment pipeline configured (see documenso-ci-integration)
Monitoring ready (see documenso-observability)

Production Checklist
1. Authentication & Secrets

[ ] Production API key generated (not staging key)
[ ] API key stored in secret manager (Vault, AWS Secrets Manager, not .env)
[ ] Webhook secret configured and verified
[ ] Key rotation procedure documented
[ ] Old/unused keys revoked
[ ] Self-hosted: secrets generated with openssl rand -hex 32
[ ] Self-hosted: signing certificate from trusted CA mounted

2. Error Handling

[ ] All API calls wrapped in try/catch with typed errors
[ ] Exponential backoff for 429/5xx responses
[ ] Circuit breaker for Documenso outages
[ ] User-friendly error messages (no raw API errors exposed)
[ ] Error tracking integration (Sentry, Datadog, etc.)

3. Performance

[ ] Singleton client pattern (not creating new client per request)
[ ] Templates used for repetitive document creation
[ ] Bulk operations use concurrency control (p-queue)
[ ] Background processing for non-critical operations (Bull/BullMQ)
[ ] Document metadata cached (completed documents immutable)

4. Monitoring & Alerting

[ ] Health check endpoint: GET /health/documenso
[ ] API error rate alerting (> 5% for 5 minutes)
[ ] Latency monitoring (p95 > 5s)
[ ] Webhook delivery success rate tracking
[ ] Structured logging with sanitized PII

5. Webhooks

[ ] HTTPS endpoint configured (HTTP rejected by Documenso)
[ ] Webhook secret verification using constant-time comparison
[ ] Idempotent event processing (handle duplicates)
[ ] Async processing (respond 200 immediately, process in background)
[ ] Dead letter queue for failed webhook processing

6. Data & Compliance

[ ] PII sanitized in all logs (emails, names)
[ ] Data retention policy implemented
[ ] GDPR access/erasure request process documented
[ ] Signed PDFs archived to durable storage
[ ] Self-hosted: document storage strategy defined

7. Self-Hosted Production (if applicable)

[ ] PostgreSQL with automated backups
[ ] HTTPS via reverse proxy (nginx, Caddy, Traefik)
[ ] Signing certificate from trusted CA (not self-signed)
[ ] SMTP configured and 
                
              

                
                  
                  
                  documenso-rate-limits
                  SKILL.md
                  View full skill →
                
                
                  'Implement Documenso rate limiting, backoff, and request throttling patterns.
                  
                      ReadWriteEdit
                    
                
                
                  Documenso Rate Limits
Overview
Documenso uses a fair-use rate limiting model. There are no published per-minute request quotas -- instead, limits are based on your plan's document allowance and general API fair use. The paid plans (Individual and Team) include unlimited signing and API volume. The free plan has a document limit. If you hit a 429, implement exponential backoff and request queuing.
Prerequisites

Documenso SDK installed
Understanding of async/await patterns
Completed documenso-install-auth setup

Documenso Fair Use Model

DocuSign
HelloSign
Documenso
Notes


Envelope
Signature Request
Document
Documenso v2 also has Envelopes


Template
Template
Template
Create via UI, use via API


Signer
Signer
SIGNER role
Same concept


CC
CC
CC role

Plan
Documents
API Volume
Signing Volume


Free
Limited (per plan)
Fair use
Fair use


Individual ($30/mo)
Unlimited
Unlimited
Unlimited


Team
Unlimited
Unlimited
Unlimited


Enterprise
Unlimited
Unlimited
Unlimited


Self-Hosted
Unlimited
No limits
No limits


Documenso explicitly does not price API usage -- they want developers to build on the platform without API cost concerns. The practical limit is abusive traffic patterns (thousands of requests per second).
Instructions
Step 1: Exponential Backoff with Jitter

// src/documenso/retry.ts
interface RetryConfig {
  maxRetries: number;
  baseDelayMs: number;
  maxDelayMs: number;
}

const DEFAULTS: RetryConfig = { maxRetries: 5, baseDelayMs: 1000, maxDelayMs: 60000 };

export async function withRetry<T>(
  fn: () => Promise<T>,
  config: Partial<RetryConfig> = {}
): Promise<T> {
  const { maxRetries, baseDelayMs, maxDelayMs } = { ...DEFAULTS, ...config };
  let lastError: Error | undefined;

  for (let attempt = 0; attempt <= maxRetries; attempt++) {
    try {
      return await fn();
    } catch (err: any) {
      lastError = err;
      const status = err.statusCode ?? err.status;

      // Don't retry client errors (except 429)
      if (status && status >= 400 && status < 500 && status !== 429) {
        throw err;
      }

      if (attempt === maxRetries) break;

      // Exponential backoff with jitter
      const delay = Math.min(baseDelayMs * 2 ** attempt, maxDelayMs);
      const jitter = delay * (0.5 + Math.random() * 0.5);
      console.warn(`Retry ${attempt + 1}/${maxRetries} in ${Math.round(jitter)}ms (status: ${status})`);
      await new Promise((r) => setTimeout(r, jitter));
    }
  }
  throw lastError!;
}

Step 2: Request Queue for Bulk Operations

// src/documenso/queue.ts
import PQueue from "p-queue";

// Limit concurrency to avoid overwhelming the API
con

                

              

                
                  
                  
                  documenso-reference-architecture
                  SKILL.md
                  View full skill →
                
                
                  'Implement Documenso reference architecture with best-practice project.
                  
                      ReadGrep
                    
                
                
                  Documenso Reference Architecture
Overview
Production-ready architecture for Documenso document signing integrations. Covers project layout, layered service architecture, webhook processing, and data flow.
Prerequisites

Understanding of layered architecture principles
Documenso SDK knowledge (see documenso-sdk-patterns)
TypeScript project with Node.js 18+

Recommended Project Structure

my-signing-app/
├── src/
│   ├── documenso/
│   │   ├── client.ts              # Singleton SDK client
│   │   ├── errors.ts              # Custom error classes
│   │   ├── retry.ts               # Retry/backoff logic
│   │   └── types.ts               # Shared types
│   ├── services/
│   │   ├── document-service.ts    # Document CRUD operations
│   │   ├── template-service.ts    # Template-based workflows
│   │   └── signing-service.ts     # Orchestrates signing flows
│   ├── webhooks/
│   │   ├── handler.ts             # Express webhook router
│   │   ├── verify.ts              # Secret verification
│   │   └── processors/
│   │       ├── document-completed.ts
│   │       ├── document-signed.ts
│   │       └── document-rejected.ts
│   ├── api/
│   │   ├── health.ts              # Health check endpoint
│   │   └── routes.ts              # API routes
│   └── config/
│       └── index.ts               # Environment configuration
├── scripts/
│   ├── verify-connection.ts       # Quick health check
│   ├── create-test-doc.ts         # Test document generator
│   └── cleanup-test-docs.ts       # Test data cleanup
├── tests/
│   ├── unit/
│   │   └── document-service.test.ts
│   ├── integration/
│   │   └── document-lifecycle.test.ts
│   └── mocks/
│       └── documenso.ts           # Mock client factory
├── .env.development
├── .env.production
├── docker-compose.yml             # Self-hosted Documenso (dev)
└── package.json

Layer Architecture

┌─────────────────────────────────────────────────────────┐
│  API / Controllers                                       │
│  Routes, request validation, response formatting         │
├─────────────────────────────────────────────────────────┤
│  Service Layer                                           │
│  Business logic, orchestration, authorization            │
│  (document-service, template-service, signing-service)   │
├─────────────────────────────────────────────────────────┤
│  Documenso Client Layer                                  │
│  SDK wrapper, retry, error handling, caching             │
│  (client.ts, retry.ts, errors.ts)                       │
├─────────────────────────────────────────────────────────┤
│  External Services                                       │
│  Documenso API, S3/GCS storage, email, database         │
└─────────────────────────────────────────────────────────┘

Rules:

Controllers never call Documenso directly -- alw
                
              

                
                  
                  
                  documenso-sdk-patterns
                  SKILL.md
                  View full skill →
                
                
                  'Apply production-ready Documenso SDK patterns for TypeScript and Python.
                  
                      ReadWriteEdit
                    
                
                
                  Documenso SDK Patterns
Overview
Production-ready patterns for the Documenso TypeScript SDK (@documenso/sdk-typescript) and Python SDK. Covers singleton clients, typed wrappers, error handling, retry logic, and testing patterns.
Prerequisites

Completed documenso-install-auth setup
Familiarity with async/await and TypeScript generics
Understanding of error handling best practices

Instructions
Pattern 1: Singleton Client with Configuration

// src/documenso/client.ts
import { Documenso } from "@documenso/sdk-typescript";

interface DocumensoConfig {
  apiKey: string;
  baseUrl?: string;
  timeout?: number;
}

let instance: Documenso | null = null;

export function getDocumensoClient(config?: DocumensoConfig): Documenso {
  if (!instance) {
    const apiKey = config?.apiKey ?? process.env.DOCUMENSO_API_KEY;
    if (!apiKey) throw new Error("DOCUMENSO_API_KEY is required");

    instance = new Documenso({
      apiKey,
      ...(config?.baseUrl && { serverURL: config.baseUrl }),
    });
  }
  return instance;
}

// Reset for testing
export function resetClient(): void {
  instance = null;
}

Pattern 2: Typed Document Service

// src/documenso/documents.ts
import { getDocumensoClient } from "./client";

export interface CreateDocumentInput {
  title: string;
  pdfPath: string;
  signers: Array<{
    email: string;
    name: string;
    fields: Array<{
      type: "SIGNATURE" | "INITIALS" | "NAME" | "EMAIL" | "DATE" | "TEXT";
      pageNumber: number;
      pageX: number;
      pageY: number;
      pageWidth?: number;
      pageHeight?: number;
    }>;
  }>;
}

export interface DocumentResult {
  documentId: number;
  recipientIds: number[];
  status: "DRAFT" | "PENDING" | "COMPLETED";
}

export async function createAndSendDocument(
  input: CreateDocumentInput
): Promise<DocumentResult> {
  const client = getDocumensoClient();
  const { readFileSync } = await import("fs");

  // Create document
  const doc = await client.documents.createV0({ title: input.title });

  // Upload PDF
  const pdfBuffer = readFileSync(input.pdfPath);
  await client.documents.setFileV0(doc.documentId, {
    file: new Blob([pdfBuffer], { type: "application/pdf" }),
  });

  // Add recipients and fields
  const recipientIds: number[] = [];
  for (const signer of input.signers) {
    const recipient = await client.documentsRecipients.createV0(doc.documentId, {
      email: signer.email,
      name: signer.name,
      role: "SIGNER",
    });
    recipientIds.push(recipient.recipientId);

    for (const field of signer.fields) {
      await client.documentsFields.createV0(doc.documentId, {
        recipie

                

              

                
                  
                  
                  documenso-security-basics
                  SKILL.md
                  View full skill →
                
                
                  'Implement security best practices for Documenso document signing integrations.
                  
                      ReadWriteEdit
                    
                
                
                  Documenso Security Basics
Overview
Essential security practices for Documenso integrations: API key management, webhook verification, document access control, and self-hosted signing certificate configuration.
Prerequisites

Documenso account with API access
Understanding of environment variables and secret management
Completed documenso-install-auth setup

Instructions
Step 1: API Key Security

// NEVER hardcode keys
const BAD = new Documenso({ apiKey: "api_abc123..." }); // Exposed in source

// ALWAYS use environment variables
const GOOD = new Documenso({ apiKey: process.env.DOCUMENSO_API_KEY! });

Key management rules:

Store in .env (never committed) or a secrets manager (Vault, AWS Secrets Manager)
Use team-scoped keys for team resources, personal keys for personal documents
Rotate keys on employee offboarding -- revoke in dashboard immediately
CI/CD: use masked/encrypted secrets (GitHub Secrets, GitLab CI variables)


# .gitignore — always include
.env
.env.*
!.env.example

Step 2: Key Rotation with Zero Downtime

// Support dual keys during rotation
function getApiKey(): string {
  // Try primary first, fall back to secondary during rotation
  return process.env.DOCUMENSO_API_KEY_PRIMARY
    ?? process.env.DOCUMENSO_API_KEY_SECONDARY
    ?? (() => { throw new Error("No Documenso API key configured"); })();
}

// Rotation procedure:
// 1. Generate new key in Documenso dashboard
// 2. Set as DOCUMENSO_API_KEY_SECONDARY, deploy
// 3. Verify secondary key works
// 4. Move secondary to PRIMARY, deploy
// 5. Revoke old key in dashboard

Step 3: Webhook Secret Verification

import { timingSafeEqual } from "crypto";

function verifyWebhookSecret(req: Request): boolean {
  const received = req.headers["x-documenso-secret"] as string;
  const expected = process.env.DOCUMENSO_WEBHOOK_SECRET!;

  if (!received || !expected) return false;

  // Use constant-time comparison to prevent timing attacks
  return timingSafeEqual(
    Buffer.from(received, "utf8"),
    Buffer.from(expected, "utf8")
  );
}


# Python equivalent
import hmac, os
from flask import request

def verify_webhook(req):
    received = req.headers.get("X-Documenso-Secret", "")
    expected = os.environ["DOCUMENSO_WEBHOOK_SECRET"]
    return hmac.compare_digest(received, expected)

Step 4: Document Access Control

// Principle of least privilege with API keys
// Personal keys: only YOUR documents
// Team keys: all documents in the team

                

              

                
                  
                  
                  documenso-upgrade-migration
                  SKILL.md
                  View full skill →
                
                
                  'Manage Documenso API version upgrades and SDK migrations.
                  
                      ReadWriteEditBash(npm:*)
                    
                
                
                  Documenso Upgrade & Migration
Current State
!npm list @documenso/sdk-typescript 2>/dev/null || echo 'SDK not installed'
!npm list documenso-sdk-python 2>/dev/null || pip show documenso-sdk-python 2>/dev/null | head -3 || echo 'Python SDK not installed'
Overview
Guide for upgrading between Documenso API versions and SDK updates. Documenso has two API versions: v1 (legacy, document-centric) and v2 (recommended, envelope-based with multi-document support). The TypeScript and Python SDKs use the v2 API by default.
Prerequisites

Current Documenso integration working
Test environment available
Feature flag system (recommended for gradual rollout)

API Version Comparison

Feature
v1 (legacy)
v2 (recommended)


Base path
/api/v1/
/api/v2/


Document model
Documents
Envelopes (can contain multiple documents)


SDK support
REST only
TypeScript + Python SDK


Template API
/templates/{id}/create-document
Via envelope create


Authentication
Authorization: Bearer
Authorization: Bearer (same)


Status
Maintained, not deprecated
Actively developed


Instructions
Step 1: Upgrade SDK to Latest

# Check current version
npm list @documenso/sdk-typescript

# Upgrade
npm install @documenso/sdk-typescript@latest

# Check for breaking changes
npm info @documenso/sdk-typescript changelog

# Python
pip install --upgrade documenso-sdk-python

Step 2: v1 REST to v2 SDK Migration

// BEFORE: v1 REST API
const BASE = "https://app.documenso.com/api/v1";
const headers = { Authorization: `Bearer ${process.env.DOCUMENSO_API_KEY}` };

// Create document
const res = await fetch(`${BASE}/documents`, {
  method: "POST",
  headers: { ...headers, "Content-Type": "application/json" },
  body: JSON.stringify({ title: "Contract" }),
});
const doc = await res.json();

// List documents
const listRes = await fetch(`${BASE}/documents?page=1&perPage=20`, { headers });
const { documents } = await listRes.json();

// AFTER: v2 SDK
import { Documenso } from "@documenso/sdk-typescript";
const client = new Documenso({ apiKey: process.env.DOCUMENSO_API_KEY! });

// Create document
const doc = await client.documents.createV0({ title: "Contract" });

// List documents
const { documents } = await client.documents.findV0({ page: 1, perPage: 20 });

Step 3: Gradual Migration with Feature Flags
                
              

                
                  
                  
                  documenso-webhooks-events
                  SKILL.md
                  View full skill →
                
                
                  'Implement Documenso webhook configuration and event handling.
                  
                      ReadWriteEditBash(curl:*)Bash(ngrok:*)
                    
                
                
                  Documenso Webhooks & Events
Overview
Configure and handle Documenso webhooks for real-time document lifecycle notifications. Webhooks require a Teams plan or higher. The webhook secret is sent via the X-Documenso-Secret header (not HMAC-signed -- it is a shared secret comparison).
Prerequisites

Documenso team account (webhooks require teams)
HTTPS endpoint for webhook reception
Completed documenso-install-auth setup

Supported Events

Event
Trigger
Use Case


document.created
New document created
Audit logging


document.sent
Document sent for signing
Start SLA timers


document.opened
Recipient opens the document
Track engagement


document.signed
One recipient completes signing
Progress tracking


document.completed
All recipients have signed
Trigger downstream workflows


document.rejected
Recipient rejects
Alert sender, escalate


document.cancelled
Sender cancels document
Cleanup, notify recipients


Instructions
Step 1: Create Webhook via Dashboard

Log into Documenso, navigate to Team Settings > Webhooks.
Click Create Webhook.
Enter your HTTPS endpoint URL.
Select the events you want to receive.
(Optional) Enter a webhook secret -- this value will be sent as-is in the X-Documenso-Secret header on every request.
Save.

Step 2: Webhook Handler (Express)

// src/webhooks/documenso.ts
import express from "express";

const router = express.Router();
const WEBHOOK_SECRET = process.env.DOCUMENSO_WEBHOOK_SECRET!;

// Middleware: verify the shared secret
function verifySecret(req: express.Request, res: express.Response, next: express.NextFunction) {
  const secret = req.headers["x-documenso-secret"];
  if (!secret || secret !== WEBHOOK_SECRET) {
    console.warn("Webhook rejected: invalid secret");
    return res.status(401).json({ error: "Invalid webhook secret" });
  }
  next();
}

router.post("/webhooks/documenso", express.json(), verifySecret, async (req, res) => {
  const { event, payload } = req.body;
  console.log(`Received ${event} for document ${payload.id}`);

  // Acknowledge immediately -- process async
  res.status(200).json({ received: true });

  // Route to handler
  try {
    await handleEvent(event, payload);
  } catch (err) {
    console.error(`Failed to pr

                

              

          

        


      
      
          How It Works
          Skills trigger automatically when you discuss Documenso topics:

"Help me set up Documenso" triggers documenso-install-auth
"Debug this Documenso error" triggers documenso-common-errors
"Configure Documenso webhooks" triggers documenso-webhooks-events
"Deploy my Documenso integration" triggers documenso-deploy-integration
"Migrate from DocuSign" triggers documenso-migration-deep-dive

        

      
      

      
      

      
      
  Ready to use documenso-pack?
  
    
    
  




      
      
          Related Plugins
          
            
  supabase-pack
  Complete Supabase integration skill pack with 30 skills covering authentication, database, storage, realtime, edge functions, and production operations. Flagship+ tier vendor pack.
  /plugin install supabase-pack@claude-code-plugins-plus
  

  vercel-pack
  Complete Vercel integration skill pack with 30 skills covering deployments, edge functions, preview environments, performance optimization, and production operations. Flagship+ tier vendor pack.
  /plugin install vercel-pack@claude-code-plugins-plus
  

  clay-pack
  Complete Clay integration skill pack with 30 skills covering data enrichment, waterfall workflows, AI agents, and GTM automation. Flagship+ tier vendor pack.
  /plugin install clay-pack@claude-code-plugins-plus
  

  cursor-pack
  Complete Cursor integration skill pack with 30 skills covering AI code editing, composer workflows, codebase indexing, and productivity features. Flagship+ tier vendor pack.
  /plugin install cursor-pack@claude-code-plugins-plus
  

  exa-pack
  Complete Exa integration skill pack with 30 skills covering neural search, semantic retrieval, web search API, and AI-powered discovery. Flagship+ tier vendor pack.
  /plugin install exa-pack@claude-code-plugins-plus
  

  firecrawl-pack
  Complete Firecrawl integration skill pack with 30 skills covering web scraping, crawling, markdown conversion, and LLM-ready data extraction. Flagship+ tier vendor pack.
  /plugin install firecrawl-pack@claude-code-plugins-plus
  

          
        

      
      
          Tags
          
            documensodocument-signinge-signaturetemplatesworkflowscontractsopen-source

Status	Error	Cause	Solution
401	Unauthorized	Invalid, expired, or missing API key	Regenerate key in dashboard; verify `Authorization: Bearer` header
403	Forbidden	Personal key accessing team resources	Use a team-scoped API token
404	Not Found	Wrong document/template ID or deleted resource	Verify ID with `GET /api/v1/documents`
400	Bad Request	Invalid payload or missing required fields	Check request body against API spec
413	Payload Too Large	PDF exceeds upload limit	Compress PDF; cloud plan limit varies by tier
429	Too Many Requests	Rate limit exceeded	Implement backoff; see `documenso-rate-limits`
500/502/503	Server Error	Documenso infrastructure issue	Retry with exponential backoff; check status.documenso.com

Role	Behavior
`SIGNER`	Must complete all assigned fields to finish
`VIEWER`	Receives a copy but takes no action
`APPROVER`	Must approve before signers can proceed
`CC`	Receives a completed copy after all signatures

Plan	Price	Documents	API / Signing	Teams	Key Feature
Free	$0/mo	Limited	Fair use	No	Personal use
Individual	$30/mo (early adopter)	Unlimited	Unlimited	No	Full API access
Team	$30/mo+	Unlimited	Unlimited	Yes, unlimited	Team management, webhooks
Enterprise	Custom ($30K+/yr self-hosted)	Unlimited	Unlimited	Yes	SSO, audit logs, compliance
Self-Hosted (AGPL)	Free	Unlimited	No limits	Community	Full control, no SLA

Level	Description	Examples	Response Time
P1	Complete signing outage	All API calls failing, no documents can be sent	< 15 min
P2	Degraded functionality	Slow responses, intermittent errors, webhooks delayed	< 1 hour
P3	Minor issue, workaround available	Single document stuck, UI glitch	< 4 hours
P4	Non-urgent	Feature request, documentation gap	Next business day

DocuSign	HelloSign	Documenso	Notes
Envelope	Signature Request	Document	Documenso v2 also has Envelopes
Template	Template	Template	Create via UI, use via API
Signer	Signer	SIGNER role	Same concept
CC	CC	CC role

Plan	Documents	API Volume	Signing Volume
Free	Limited (per plan)	Fair use	Fair use
Individual ($30/mo)	Unlimited	Unlimited	Unlimited
Team	Unlimited	Unlimited	Unlimited
Enterprise	Unlimited	Unlimited	Unlimited
Self-Hosted	Unlimited	No limits	No limits

Feature	v1 (legacy)	v2 (recommended)
Base path	`/api/v1/`	`/api/v2/`
Document model	Documents	Envelopes (can contain multiple documents)
SDK support	REST only	TypeScript + Python SDK
Template API	`/templates/{id}/create-document`	Via envelope create
Authentication	`Authorization: Bearer`	`Authorization: Bearer` (same)
Status	Maintained, not deprecated	Actively developed

Event	Trigger	Use Case
`document.created`	New document created	Audit logging
`document.sent`	Document sent for signing	Start SLA timers
`document.opened`	Recipient opens the document	Track engagement
`document.signed`	One recipient completes signing	Progress tracking
`document.completed`	All recipients have signed	Trigger downstream workflows
`document.rejected`	Recipient rejects	Alert sender, escalate
`document.cancelled`	Sender cancels document	Cleanup, notify recipients