Connecting E-Signatures

When a contract is signed via DocuSign, Vrge notices. The observer proposes a bundle that marks the project active, creates the client record if they're new, and drafts the first invoice for the contract amount — all from a single event. This is the cleanest signalin Vrge: the provider API is ground truth, so there's no LLM guessing and no hallucination risk. A signed envelope means the deal is real.

DocuSign is live today. Support for Dropbox Sign and PandaDoc is deferred — both providers currently require a confidential OAuth client secret that can't safely ship in a desktop app, and Vrge won't stand up a token- exchange relay just for them. We'll revisit once those providers ship PKCE support. Everything below is DocuSign-specific.

What gets proposed

The e-signature source emits different proposals depending on the envelope event. Only the events below produce inbox entries — everything else is ignored on purpose.

• Signed envelope→ a bundle containing up to four proposals: optionally a new_clientif the signer isn't already in your CRM, a new_project matching the envelope title, the contract_signed event itself (which activates the project and writes a note on the client with the deal value plus a link to the signed document), and a draft first invoice pre-filled with the contract amount (only when the signer is an existing client).
• Declined envelope → a polite follow-up email draft with check-in copy you can edit and send.
• Expired envelopewith a known client → a client_at_risk alert flagging the unsigned contract so you can nudge them before the deal goes cold.
• Sent, delivered, or voided → ignored. Too noisy, or not actionable.

Connecting DocuSign

1. 1.In Vrge, open Settings → Sources and click Connect DocuSign.
2. 2.Your default browser opens to DocuSign's consent screen. Sign in with your DocuSign account and approve read-only envelope access.
3. 3.The browser redirects back into Vrge. Envelope metadata starts flowing in — you'll see the first proposals within a minute.

Vrge uses DocuSign's Authorization Code Grant with PKCE — the security standard for public (desktop) clients. There's no cloud relay, no token proxy, no Vrge server in the middle of your DocuSign traffic. Your desktop app exchanges the OAuth code directly with account.docusign.com using a cryptographic proof instead of a shared secret. It's the same pattern Vrge uses for Google Calendar.

What about Dropbox Sign and PandaDoc?

Neither provider supports PKCE today. Both still require a confidential client secret that can't safely ship inside a desktop binary — and Vrge won't stand up a token-exchange relay just to work around that. If either provider adds PKCE support, or if enough customers ask for a self-hostable relay option, we'll revisit. In the meantime, signing via DocuSign covers roughly four out of five small-agency customers we've talked to.

Historical sync scope

By default, Vrge only processes envelopes from the last 180 days when you first connect. This prevents a newly-connected integration from flooding your inbox with five years of old contracts and dead deals. If you actually want the full history, bump the window in Settings → Sources → E-Signature.

Test envelopes filtered automatically

Each provider has a sandbox or test mode. Vrge detects test envelopes — signer domains like example.com, test_modeflags on the envelope — and drops them silently. Your real CRM data is never polluted by noise from your dev accounts or the provider's demo flows.

Privacy

• Document bodies are never pulled. Vrge only reads envelope metadata — title, signers, status, amount. The PDF contents stay on the provider. This is a default, not a toggle: Vrge doesn't offer a full-content mode for signed contracts at all.
• Read-only scopes. Vrge never signs, resends, or voids on your behalf. Every provider token is scoped read-only.
• Every run is logged. Each observer run records which envelope triggered which proposal, visible in Settings → AI Activity Log.
• Disconnect any time. Disconnecting revokes the token at the provider immediately. Historical proposals already in your inbox stay there — you may still want to approve or reject them even after disconnecting.

Production approval (what's pending on our side)

DocuSign requires every third-party integration to clear a Go-Live reviewbefore it can talk to production DocuSign accounts. That review runs after we exercise the integration against DocuSign's sandbox with a handful of real envelope flows. Until Go-Live clears, Vrge's DocuSign source connects to the DocuSign developer sandbox (account-d.docusign.com) rather than the production account system. Once approval lands, a single Vrge update flips the flag and the same integration points at the real DocuSign account system instead — you don't re-connect, nothing on your side changes.

If you need to test the DocuSign proposal flow before production clears, the mock E-Signature source runs the whole pipeline end-to-end with built-in fixtures, no real DocuSign account required. Email hello@getvrge.com if you have production DocuSign envelopes you'd like to use us as reference customers for — that speeds up the Go-Live review.