{"id":44608458,"url":"https://github.com/lobotomoe/revenant","last_synced_at":"2026-03-06T06:17:39.461Z","repository":{"id":339803291,"uuid":"1158110957","full_name":"lobotomoe/revenant","owner":"lobotomoe","description":"Cross-platform Python client for ARX CoSign electronic signatures via SOAP API","archived":false,"fork":false,"pushed_at":"2026-02-25T22:42:37.000Z","size":5037,"stargazers_count":21,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-25T22:48:30.064Z","etag":null,"topics":["armenia","cli","cosign","cross-platform","digital-signatures","dsa","ekeng","electronic-signature","gui","pdf-signing","python","soap"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lobotomoe.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-14T20:16:33.000Z","updated_at":"2026-02-25T22:33:51.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/lobotomoe/revenant","commit_stats":null,"previous_names":["lobotomoe/revenant"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/lobotomoe/revenant","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lobotomoe%2Frevenant","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lobotomoe%2Frevenant/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lobotomoe%2Frevenant/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lobotomoe%2Frevenant/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lobotomoe","download_url":"https://codeload.github.com/lobotomoe/revenant/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lobotomoe%2Frevenant/sbom","scorecard":{"id":1243779,"data":{"date":"2026-02-21T16:13:46Z","repo":{"name":"github.com/lobotomoe/revenant","commit":"ea21a4834c64e689f16438fa0394a64dd9b827f0"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":6.9,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/20 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"project was created within the last 90 days. Please review its contents carefully","details":["Warn: Repository was created within the last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:114","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:23","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:641","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:27","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:373","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:490","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:549","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:597","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:17","Info: found token with 'none' permissions: .github/workflows/codeql.yml:1","Info: topLevel permissions set to 'read-all': .github/workflows/release.yml:8","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:10"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info:  38 out of  38 GitHub-owned GitHubAction dependencies pinned","Info:  26 out of  26 third-party GitHubAction dependencies pinned","Info:  21 out of  21 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.2.4 not signed: https://api.github.com/repos/lobotomoe/revenant/releases/288927711","Warn: release artifact v0.2.3 not signed: https://api.github.com/repos/lobotomoe/revenant/releases/288924714","Warn: release artifact v0.2.2 not signed: https://api.github.com/repos/lobotomoe/revenant/releases/288911673","Warn: release artifact v0.2.1 not signed: https://api.github.com/repos/lobotomoe/revenant/releases/288800736","Warn: release artifact v0.2.0 not signed: https://api.github.com/repos/lobotomoe/revenant/releases/286754290","Warn: release artifact v0.2.4 does not have provenance: https://api.github.com/repos/lobotomoe/revenant/releases/288927711","Warn: release artifact v0.2.3 does not have provenance: https://api.github.com/repos/lobotomoe/revenant/releases/288924714","Warn: release artifact v0.2.2 does not have provenance: https://api.github.com/repos/lobotomoe/revenant/releases/288911673","Warn: release artifact v0.2.1 does not have provenance: https://api.github.com/repos/lobotomoe/revenant/releases/288800736","Warn: release artifact v0.2.0 does not have provenance: https://api.github.com/repos/lobotomoe/revenant/releases/286754290"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (6) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:541"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"Contributors","score":6,"reason":"project has 2 contributing companies or organizations -- score normalized to 6","details":["Info: found contributions from: FoilHats, foilhats"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"2 out of 2 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}}]},"last_synced_at":"2026-02-22T01:31:41.524Z","repository_id":339803291,"created_at":"2026-02-22T01:31:41.525Z","updated_at":"2026-02-22T01:31:41.525Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30043819,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-03T10:53:31.691Z","status":"ssl_error","status_checked_at":"2026-03-03T10:53:22.041Z","response_time":61,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["armenia","cli","cosign","cross-platform","digital-signatures","dsa","ekeng","electronic-signature","gui","pdf-signing","python","soap"],"created_at":"2026-02-14T11:26:49.692Z","updated_at":"2026-03-03T12:04:27.978Z","avatar_url":"https://github.com/lobotomoe.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"python/icons/revenant-readme.png\" width=\"128\" alt=\"Revenant\"\u003e\n\u003c/p\u003e\n\n# Revenant\n\n[![CI](https://github.com/lobotomoe/revenant/actions/workflows/ci.yml/badge.svg)](https://github.com/lobotomoe/revenant/actions/workflows/ci.yml)\n[![PyPI](https://img.shields.io/pypi/v/revenant.svg)](https://pypi.org/project/revenant/)\n[![npm](https://img.shields.io/npm/v/revenant-sign.svg)](https://www.npmjs.com/package/revenant-sign)\n[![Snap Store](https://snapcraft.io/revenant/badge.svg)](https://snapcraft.io/revenant)\n[![Python 3.10+](https://img.shields.io/badge/python-3.10%2B-blue.svg)](https://www.python.org/downloads/)\n[![Node.js 18+](https://img.shields.io/badge/node-18%2B-green.svg)](https://nodejs.org/)\n[![TypeScript: strict](https://img.shields.io/badge/TypeScript-strict-blue)](https://www.typescriptlang.org/)\n[![License: Apache 2.0](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)\n[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/lobotomoe/revenant/badge)](https://scorecard.dev/viewer/?uri=github.com/lobotomoe/revenant)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/12008/badge)](https://www.bestpractices.dev/projects/12008)\n\nCross-platform clients for [DocuSign Signature Appliance (DSA)](https://www.docusign.com/products/hybrid-cloud-appliances) (formerly ARX CoSign) electronic signatures via the SOAP API (OASIS DSS standard).\n\nOriginally built for the Armenian Government's EKENG CoSign appliance, but works with any CoSign / DSA server that exposes the DSS SOAP endpoint.\n\n```\n+-------------------+\n|  Python client    |----+\n+-------------------+    |    SOAP/TLS         +-------------------+\n                         +-------------------\u003e  |  CoSign appliance |\n+-------------------+    |                      |  (any server)     |\n|  TypeScript client|----+  \u003c-----------------  +-------------------+\n+-------------------+         Signed PDF\n```\n\n## Wait, isn't this thing dead?\n\nYes. DocuSign [officially retired](https://www.docusign.com/blog/developers/docusign-signature-appliance-to-be-retired-july-2023) the Signature Appliance product line on July 31, 2023. And yes, I built a cross-platform client for it in 2026. The appliance is discontinued, the docs are archived, the cipher suites are from a bygone era, and the server still happily runs on `TLSv1.0 / RC4-MD5` like it's 2011. What are you going to do about it?\n\nThe Armenian Government's EKENG CoSign appliance doesn't care about DocuSign's product roadmap -- it's on-prem, it works, and thousands of documents get signed through it every day. Somebody had to write a proper cross-platform client for it. Might as well be me.\n\n## Install\n\n### Desktop app\n\n**macOS**\n```bash\nbrew install lobotomoe/revenant/revenant\n```\n\n**Linux**\n```bash\nsnap install revenant\n```\n\n[![Get it from the Snap Store](https://snapcraft.io/en/dark/install.svg)](https://snapcraft.io/revenant)\n\n**Windows**\n```powershell\nwinget install --source msstore 9NVH62M20DS3    # WinGet\nscoop bucket add revenant https://github.com/lobotomoe/scoop-revenant\nscoop install revenant                           # Scoop\n```\n\n\u003ca href=\"https://apps.microsoft.com/detail/9NVH62M20DS3?referrer=appbadge\u0026mode=full\" target=\"_blank\" rel=\"noopener noreferrer\"\u003e\n  \u003cimg src=\"https://get.microsoft.com/images/en-us%20dark.svg\" width=\"200\" alt=\"Get it from Microsoft Store\"/\u003e\n\u003c/a\u003e\n\nOr download binaries from [GitHub Releases](https://github.com/lobotomoe/revenant/releases).\n\n### Libraries\n\n**Python** ([docs](python/README.md))\n```bash\npipx install revenant    # recommended\npip install revenant     # or inside a venv\n```\n\n**TypeScript / Node.js** ([docs](typescript/README.md))\n```bash\nnpm install revenant-sign\n```\n\n## Compatibility\n\nSigned PDFs verified against third-party services that accept EKENG digital signatures:\n\n- [x] [ekeng.am/sign_check](https://www.ekeng.am/en/sec_sub/sign_check) — EKENG signature validator\n- [x] [e-request.am](https://e-request.am/) — e-request.am document upload\n- [ ] [self-portal.taxservice.am](https://self-portal.taxservice.am) — Tax Service self-portal\n- [ ] [file-online.taxservice.am](https://file-online.taxservice.am) — Tax Service online filing\n\n## Documentation\n\nProtocol, API, and server-specific docs live in [`docs/`](docs/README.md) and are shared between clients.\n\n## References\n\n- [DocuSign Signature Appliance API Guide v8.0 (PDF)](https://www.docusign.com/sites/default/files/Signature_Appliance_API_Guide_8.0.pdf)\n- [DocuSign Signature Appliance Admin Guide v8.0 (PDF)](https://www.docusign.com/sites/default/files/Signature_Appliance_Admin_Guide_8.0.pdf)\n- [OASIS DSS Standard](https://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.pdf)\n- [EKENG CoSign page](https://www.ekeng.am/en/third_sub/cosign)\n\n## Disclaimer\n\nThis is an **unofficial**, independently developed client. It is not affiliated with, endorsed by, or supported by EKENG, ARX, or DocuSign.\n\n- This software is provided \"as is\" without warranty of any kind\n- Electronic signatures carry legal significance — verify that your use case complies with applicable laws and your organization's policies\n- You are responsible for safeguarding your CoSign credentials and for all signatures made using this tool\n- This tool communicates with CoSign servers using the documented [OASIS DSS](https://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.pdf) SOAP protocol — the same public API described in the [official API Guide](https://www.docusign.com/sites/default/files/Signature_Appliance_API_Guide_8.0.pdf). No proprietary software is reverse-engineered or redistributed\n\n## Privacy\n\nThis program does not collect, transmit, or share any data with the developer or third parties. It communicates only with the CoSign server you configure. See [Privacy Policy](docs/privacy-policy.md).\n\n## License\n\nApache 2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flobotomoe%2Frevenant","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flobotomoe%2Frevenant","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flobotomoe%2Frevenant/lists"}