Box new action

[GTFalcao]

Closes #17737

Note: unable to validate this due to the required scopes seemingly only being available for enterprise accounts

Not bumping other box component versions since none are being updated

Summary by CodeRabbit

• New Features
  • Introduced a new action to create signature requests in Box, allowing multiple signers, custom messages, redirect URLs, and additional options.
• Enhancements
  • Improved handling of signer and option inputs, supporting both JSON strings and objects for greater flexibility.
• Chores
  • Updated the Box integration package version to 0.5.0.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

3 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
docs-v2	⬜️ Ignored (Inspect)	Visit Preview		Aug 11, 2025 11:54am
pipedream-docs	⬜️ Ignored (Inspect)			Aug 11, 2025 11:54am
pipedream-docs-redirect-do-not-edit	⬜️ Ignored (Inspect)			Aug 11, 2025 11:54am

[coderabbitai]

Walkthrough

A new "Create Box Sign Request" action was introduced, enabling the creation of signature requests in Box via the Box API. Supporting utility functions were added for parsing JSON input, and a new API method was implemented in the Box app integration. The package version was incremented to reflect these additions.

Changes

Cohort / File(s)	Change Summary
New Action: Create Box Sign Request components/box/actions/create-sign-request/create-sign-request.mjs	Added a new action to create a Box signature request, handling input parsing, payload assembly, error handling, and response export.
Box App API Extension components/box/box.app.mjs	Introduced a new method createSignRequest to call the Box /sign_requests API endpoint.
Utility Functions components/box/common/utils.mjs	Added optionalParseAsJSON and parseObjectEntries functions to assist with flexible JSON parsing of input values and nested objects.
Package Version Update components/box/package.json	Incremented the package version from 0.4.1 to 0.5.0.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant CreateSignRequestAction
    participant Utils
    participant BoxApp
    participant BoxAPI

    User->>CreateSignRequestAction: Provide input properties
    CreateSignRequestAction->>Utils: Parse signers and additional options
    Utils-->>CreateSignRequestAction: Return parsed objects
    CreateSignRequestAction->>BoxApp: Call createSignRequest(payload)
    BoxApp->>BoxAPI: POST /sign_requests with payload
    BoxAPI-->>BoxApp: Response with sign request data
    BoxApp-->>CreateSignRequestAction: Return API response
    CreateSignRequestAction-->>User: Export summary and response

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~18 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Implement a Box action to create a document signing request via the Box API (17737)	✅
Use Box API endpoint /sign_requests for signature request creation (17737)	✅
Parse and handle input properties including signers, folder, subject, message, redirect URLs, and additional options (17737)	✅
Add supporting utility functions for flexible JSON/object input parsing (17737)	✅

Assessment against linked issues: Out-of-scope changes

No out-of-scope changes were found.

Poem

In the Box, a signature hops,
With new code, the request never stops.
JSONs parsed with gentle care,
Signers and folders everywhere!
A version bump, a rabbit’s cheer—
🐇✨ Sign away, the docs are here!

Note

🔌 MCP (Model Context Protocol) integration is now available in Early Access!

Pro users can now connect to remote MCP servers under the Integrations page to get reviews and chat conversations that understand additional development context.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 17737-box-new-action

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

components/box/actions/create-sign-request/create-sign-request.mjs (3)

12-17: Consider accepting object[] for signers to remove the need for manual JSON parsing.

If supported in your component schema, switch signers to object[] so users can input structured data directly. Keeps UX clean and avoids parsing errors.

-    signers: {
-      type: "string[]",
+    signers: {
+      type: "object[]",
       label: "Signers",
       description: "Array of signers for the signature request. Each signer should be a JSON object with at least an email property. [See the documentation](https://developer.box.com/reference/post-sign-requests/#param-signers) for more information. Example: `{\"email\": \"[email protected]\", \"role\": \"signer\"}`",
     },

---

57-62: Additional options passthrough is helpful — ensure callers don’t need to JSON-stringify nested objects.

With utils.parseObjectEntries, nested strings won’t be deeply parsed. This is fine, but document that deeply-nested structures should be provided as objects (not strings) to avoid surprises.

---

76-85: Improve parse error context for signers.

Include the index of the failing signer to speed debugging.

-    const parsedSigners = signers.map((signer) => {
-      try {
+    const parsedSigners = signers.map((signer, idx) => {
+      try {
         return typeof signer === "string"
           ? JSON.parse(signer)
           : signer;
       } catch (error) {
-        throw new ConfigurationError(`Error parsing signer as JSON: ${error}`);
+        throw new ConfigurationError(`Error parsing signer at index ${idx} as JSON: ${error}`);
       }
     });

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fa92425 and 95686b9.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (4)

• components/box/actions/create-sign-request/create-sign-request.mjs (1 hunks)
• components/box/box.app.mjs (1 hunks)
• components/box/common/utils.mjs (1 hunks)
• components/box/package.json (1 hunks)

🧰 Additional context used

🧠 Learnings (4)

📚 Learning: 2024-12-12T19:23:09.039Z

Learnt from: jcortes
PR: PipedreamHQ/pipedream#14935
File: components/sailpoint/package.json:15-18
Timestamp: 2024-12-12T19:23:09.039Z
Learning: When developing Pipedream components, do not add built-in Node.js modules like `fs` to `package.json` dependencies, as they are native modules provided by the Node.js runtime.

Applied to files:

• components/box/package.json

📚 Learning: 2025-07-01T17:07:48.193Z

Learnt from: js07
PR: PipedreamHQ/pipedream#17375
File: components/zerobounce/actions/get-validation-results-file/get-validation-results-file.mjs:23-27
Timestamp: 2025-07-01T17:07:48.193Z
Learning: "dir" props in Pipedream components are hidden in the component form and not user-facing, so they don't require labels or descriptions for user clarity.

Applied to files:

• components/box/package.json

📚 Learning: 2025-07-01T17:07:48.193Z

Learnt from: js07
PR: PipedreamHQ/pipedream#17375
File: components/zerobounce/actions/get-validation-results-file/get-validation-results-file.mjs:23-27
Timestamp: 2025-07-01T17:07:48.193Z
Learning: For "dir" props in Pipedream components, whether to mark them as optional depends on the action's file I/O behavior - if an action always writes files as output, the "dir" prop should not be marked as optional.

Applied to files:

• components/box/common/utils.mjs

📚 Learning: 2024-10-30T15:24:39.294Z

Learnt from: jcortes
PR: PipedreamHQ/pipedream#14467
File: components/gainsight_px/actions/create-account/create-account.mjs:4-6
Timestamp: 2024-10-30T15:24:39.294Z
Learning: In `components/gainsight_px/actions/create-account/create-account.mjs`, the action name should be "Create Account" instead of "Create Memory".

Applied to files:

• components/box/actions/create-sign-request/create-sign-request.mjs

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Publish TypeScript components
• GitHub Check: Verify TypeScript components
• GitHub Check: pnpm publish
• GitHub Check: Lint Code Base

🔇 Additional comments (4)

components/box/package.json (1)

3-3: Semver bump looks appropriate for a new action.

Minor bump from 0.4.x → 0.5.0 aligns with adding new functionality.

components/box/box.app.mjs (1)

322-328: Add createSignRequest method — LGTM.

POST to /sign_requests with passthrough args matches Box API. Consistent with existing request helpers.

components/box/common/utils.mjs (1)

4-11: Lightweight JSON parsing helper — LGTM.

Simple and safe fallback behavior for non-JSON values.

components/box/actions/create-sign-request/create-sign-request.mjs (1)

105-111: Summary export and return shape — LGTM.

Clear summary with the sign request ID and returning the full response matches Pipedream conventions.

[coderabbitai]

⚠️ Potential issue

Missing required source_files — API will 400 without it.

Box’s POST /sign_requests requires source_files (or an alternative like prefill_template/draft_id). The action doesn’t expose this, relying on additionalOptions, which is easy to miss.

Add a dedicated, required prop for source files and map to the payload:

@@
   props: {
     app,
     signers: {
       type: "string[]",
       label: "Signers",
       description: "Array of signers for the signature request. Each signer should be a JSON object with at least an email property. [See the documentation](https://developer.box.com/reference/post-sign-requests/#param-signers) for more information. Example: `{\"email\": \"[email protected]\", \"role\": \"signer\"}`",
     },
+    sourceFiles: {
+      type: "string[]",
+      label: "Source Files",
+      description: "Array of Box file IDs to include in the sign request.",
+    },
@@
   async run({ $ }) {
     const {
       signers,
+      sourceFiles,
       name,
       parentFolder,
       emailSubject,
       emailMessage,
       redirectUrl,
       declinedRedirectUrl,
       additionalOptions,
     } = this;
@@
-    const data = {
+    if (!Array.isArray(sourceFiles) || sourceFiles.length === 0) {
+      throw new ConfigurationError("At least one source file is required (sourceFiles).");
+    }
+
+    const data = {
       signers: parsedSigners,
+      source_files: sourceFiles.map((id) => ({
+        id,
+        type: "file",
+      })),
       name,
       email_subject: emailSubject,
       email_message: emailMessage,
       redirect_url: redirectUrl,
       declined_redirect_url: declinedRedirectUrl,
       ...(additionalOptions
         ? utils.parseObjectEntries(additionalOptions)
         : {}),
     };

If you prefer to keep additionalOptions as the only path, at minimum validate that additionalOptions.source_files exists and is non-empty, and throw a clear ConfigurationError otherwise.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const data = {
	signers: parsedSigners,
	name,
	email_subject: emailSubject,
	email_message: emailMessage,
	redirect_url: redirectUrl,
	declined_redirect_url: declinedRedirectUrl,
	...(additionalOptions
	? utils.parseObjectEntries(additionalOptions)
	: {}),
	};
	// In the action definition:
	props: {
	app,
	signers: {
	type: "string[]",
	label: "Signers",
	description: "Array of signers for the signature request. Each signer should be a JSON object with at least an email property. [See the documentation](https://developer.box.com/reference/post-sign-requests/#param-signers) for more information. Example: `{\"email\": \"[email protected]\", \"role\": \"signer\"}`",
	},
	sourceFiles: {
	type: "string[]",
	label: "Source Files",
	description: "Array of Box file IDs to include in the sign request.",
	},
	parentFolder: {
	type: "string",
	// ...other existing props...
	},
	emailSubject: {
	type: "string",
	// ...
	},
	emailMessage: {
	type: "string",
	// ...
	},
	redirectUrl: {
	type: "string",
	// ...
	},
	declinedRedirectUrl: {
	type: "string",
	// ...
	},
	additionalOptions: {
	type: "object",
	// ...
	},
	},
	async run({ $ }) {
	const {
	signers,
	sourceFiles,
	name,
	parentFolder,
	emailSubject,
	emailMessage,
	redirectUrl,
	declinedRedirectUrl,
	additionalOptions,
	} = this;
	// Validate required sourceFiles
	if (!Array.isArray(sourceFiles) || sourceFiles.length === 0) {
	throw new ConfigurationError(
	"At least one source file is required (sourceFiles)."
	);
	}
	const data = {
	signers: parsedSigners,
	source_files: sourceFiles.map((id) => ({
	id,
	type: "file",
	})),
	name,
	email_subject: emailSubject,
	email_message: emailMessage,
	redirect_url: redirectUrl,
	declined_redirect_url: declinedRedirectUrl,
	...(additionalOptions
	? utils.parseObjectEntries(additionalOptions)
	: {}),
	};
	// ...rest of the implementation...
	}

🤖 Prompt for AI Agents

In components/box/actions/create-sign-request/create-sign-request.mjs around
lines 86 to 96, the payload for the Box API call is missing the required
source_files property, causing a 400 error. Add a dedicated required parameter
for source_files to the function and include it explicitly in the data object
sent to the API. Alternatively, if you want to keep using additionalOptions, add
validation to check that additionalOptions.source_files exists and is not empty,
and throw a ConfigurationError with a clear message if this validation fails.

[coderabbitai]

🛠️ Refactor suggestion

Guard against invalid top-level JSON in parseObjectEntries.

If value is a string and not valid JSON, JSON.parse will throw and crash the action. Wrap parsing in try/catch and surface a clear configuration error.

-import constants from "./constants.mjs";
-import { getFileStreamAndMetadata } from "@pipedream/platform";
+import constants from "./constants.mjs";
+import { getFileStreamAndMetadata, ConfigurationError } from "@pipedream/platform";
@@
 export default {
-  parseObjectEntries(value = {}) {
-    const obj = typeof value === "string"
-      ? JSON.parse(value)
-      : value;
+  parseObjectEntries(value = {}) {
+    let obj = value;
+    if (typeof value === "string") {
+      try {
+        obj = JSON.parse(value);
+      } catch (e) {
+        throw new ConfigurationError("Invalid JSON for Additional Options. Provide a valid JSON object.");
+      }
+    }
     return Object.fromEntries(
       Object.entries(obj).map(([
         key,
         value,
       ]) => [
         key,
         optionalParseAsJSON(value),
       ]),
     );
   },

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	parseObjectEntries(value = {}) {
	const obj = typeof value === "string"
	? JSON.parse(value)
	: value;
	return Object.fromEntries(
	Object.entries(obj).map(([
	key,
	value,
	]) => [
	key,
	optionalParseAsJSON(value),
	]),
	);
	},
	import constants from "./constants.mjs";
	import { getFileStreamAndMetadata, ConfigurationError } from "@pipedream/platform";
	export default {
	parseObjectEntries(value = {}) {
	let obj = value;
	if (typeof value === "string") {
	try {
	obj = JSON.parse(value);
	} catch (e) {
	throw new ConfigurationError(
	"Invalid JSON for Additional Options. Provide a valid JSON object."
	);
	}
	}
	return Object.fromEntries(
	Object.entries(obj).map(([key, value]) => [
	key,
	optionalParseAsJSON(value),
	]),
	);
	},
	// …other methods
	};

🤖 Prompt for AI Agents

In components/box/common/utils.mjs around lines 13 to 26, the parseObjectEntries
function directly calls JSON.parse on a string input, which can throw an error
if the string is not valid JSON. To fix this, wrap the JSON.parse call in a
try/catch block, and if parsing fails, throw a clear and descriptive
configuration error to prevent the action from crashing unexpectedly.