@app-connect/core 1.7.17 → 1.7.19

package/connector/proxy/index.js

@@ -51,7 +51,7 @@ function getBasicAuth({ apiKey }) {
   return Buffer.from(`${apiKey}:`).toString('base64');
 }
 
-async function getUserInfo({ authHeader, hostname, additionalInfo, platform, apiKey, proxyId, proxyConfig } = {}) {
+async function getUserInfo({ authHeader, hostname, additionalInfo, platform, apiKey, proxyId, proxyConfig, userEmail } = {}) {
   const cfg = proxyConfig ? proxyConfig : (await loadPlatformConfig(proxyId));
   if (!cfg || !cfg.operations?.getUserInfo) {
     // Fallback if no getUserInfo operation defined
@@ -72,6 +72,7 @@ async function getUserInfo({ authHeader, hostname, additionalInfo, platform, api
       apiKey,
       hostname,
       platform,
+      userEmail,
     },
     user: {},
     authHeader

package/handlers/log.js

@@ -2,6 +2,7 @@ const Op = require('sequelize').Op;
 const { CallLogModel } = require('../models/callLogModel');
 const { MessageLogModel } = require('../models/messageLogModel');
 const { UserModel } = require('../models/userModel');
+const { CacheModel } = require('../models/cacheModel');
 const oauth = require('../lib/oauth');
 const { composeCallLog } = require('../lib/callLogComposer');
 const { composeSharedSMSLog } = require('../lib/sharedSMSComposer');
@@ -11,11 +12,14 @@ const { NoteCache } = require('../models/dynamo/noteCacheSchema');
 const { Connector } = require('../models/dynamo/connectorSchema');
 const moment = require('moment');
 const { getMediaReaderLinkByPlatformMediaLink } = require('../lib/util');
+const axios = require('axios');
+const { getPluginsFromUserSettings } = require('../lib/util');
 const logger = require('../lib/logger');
 const { handleApiError, handleDatabaseError } = require('../lib/errorHandler');
+const { v4: uuidv4 } = require('uuid');
 const { AccountDataModel } = require('../models/accountDataModel');
 
-async function createCallLog({ platform, userId, incomingData, hashedAccountId, isFromSSCL }) {
+async function createCallLog({ jwtToken, platform, userId, incomingData, hashedAccountId, isFromSSCL }) {
     try {
         let existingCallLog = null;
         try {
@@ -55,6 +59,7 @@ async function createCallLog({ platform, userId, incomingData, hashedAccountId,
                 }
             };
         }
+
         const platformModule = connectorRegistry.getConnector(platform);
         const callLog = incomingData.logInfo;
         const additionalSubmission = incomingData.additionalSubmission;
@@ -115,6 +120,63 @@ async function createCallLog({ platform, userId, incomingData, hashedAccountId,
             name: incomingData.contactName ?? ""
         };
 
+
+        const pluginAsyncTaskIds = [];
+        // Plugins
+        const loggingPlugins = getPluginsFromUserSettings({ userSettings: user.userSettings, logType: 'call' });
+        for (const pluginSetting of loggingPlugins) {
+            const pluginId = pluginSetting.id;
+            let pluginDataResponse = null;
+            switch (pluginSetting.value.access) {
+                case 'public':
+                    pluginDataResponse = await axios.get(`${process.env.DEV_PORTAL_URL}/public-api/connectors/${pluginId}/manifest?type=plugin`);
+                    break;
+                case 'private':
+                case 'shared':
+                    pluginDataResponse = await axios.get(`${process.env.DEV_PORTAL_URL}/public-api/connectors/${pluginId}/manifest?access=internal&type=connector&accountId=${user.rcAccountId}`);
+                    break;
+                default:
+                    throw new Error('Invalid plugin access');
+            }
+            const pluginData = pluginDataResponse.data;
+            const pluginManifest = pluginData.platforms[pluginSetting.value.name];
+            let pluginEndpointUrl = pluginManifest.endpointUrl;
+            if (!pluginEndpointUrl) {
+                throw new Error('Plugin URL is not set');
+            }
+            else {
+                // check if endpoint has query params already
+                if (pluginEndpointUrl.includes('?')) {
+                    pluginEndpointUrl += `&jwtToken=${jwtToken}`;
+                }
+                else {
+                    pluginEndpointUrl += `?jwtToken=${jwtToken}`;
+                }
+            }
+            if (pluginSetting.value.isAsync) {
+                const asyncTaskId = `${userId}-${uuidv4()}`;
+                pluginAsyncTaskIds.push(asyncTaskId);
+                await CacheModel.create({
+                    id: asyncTaskId,
+                    status: 'initialized',
+                    userId,
+                    cacheKey: `pluginTask-${pluginSetting.value.name}`,
+                    expiry: moment().add(1, 'hour').toDate()
+                });
+                axios.post(pluginEndpointUrl, {
+                    data: incomingData,
+                    asyncTaskId
+                });
+            }
+            else {
+                const processedResultResponse = await axios.post(pluginEndpointUrl, {
+                    data: incomingData
+                });
+                // eslint-disable-next-line no-param-reassign
+                incomingData = processedResultResponse.data;
+            }
+        }
+
         // Compose call log details centrally
         const logFormat = platformModule.getLogFormatType ? platformModule.getLogFormatType(platform, proxyConfig) : LOG_DETAILS_FORMAT_TYPE.PLAIN_TEXT;
         let composedLogDetails = '';
@@ -179,8 +241,8 @@ async function createCallLog({ platform, userId, incomingData, hashedAccountId,
             catch (error) {
                 return handleDatabaseError(error, 'Error creating call log');
             }
+            return { successful: !!logId, logId, returnMessage, extraDataTracking, pluginAsyncTaskIds };
         }
-        return { successful: !!logId, logId, returnMessage, extraDataTracking };
     } catch (e) {
         return handleApiError(e, platform, 'createCallLog', { userId });
     }
@@ -285,7 +347,7 @@ async function getCallLog({ userId, sessionIds, platform, requireDetails }) {
     }
 }
 
-async function updateCallLog({ platform, userId, incomingData, hashedAccountId, isFromSSCL }) {
+async function updateCallLog({ jwtToken, platform, userId, incomingData, hashedAccountId, isFromSSCL }) {
     try {
         let existingCallLog = null;
         try {
@@ -299,11 +361,11 @@ async function updateCallLog({ platform, userId, incomingData, hashedAccountId,
             return handleDatabaseError(error, 'Error finding existing call log');
         }
         if (existingCallLog) {
-            const platformModule = connectorRegistry.getConnector(platform);
             let user = await UserModel.findByPk(userId);
             if (!user || !user.accessToken) {
                 return { successful: false, message: `Contact not found` };
             }
+            const platformModule = connectorRegistry.getConnector(platform);
             const proxyId = user.platformAdditionalInfo?.proxyId;
             let proxyConfig = null;
             if (proxyId) {
@@ -334,6 +396,61 @@ async function updateCallLog({ platform, userId, incomingData, hashedAccountId,
                     break;
             }
 
+            const pluginAsyncTaskIds = [];
+            // Plugins
+            const plugins = getPluginsFromUserSettings({ userSettings: user.userSettings, logType: 'call' });
+            for (const pluginSetting of plugins) {
+                const pluginId = pluginSetting.id;
+                let pluginDataResponse = null;
+                switch (pluginSetting.value.access) {
+                    case 'public':
+                        pluginDataResponse = await axios.get(`${process.env.DEV_PORTAL_URL}/public-api/connectors/${pluginId}/manifest?type=plugin`);
+                        break;
+                    case 'private':
+                    case 'shared':
+                        pluginDataResponse = await axios.get(`${process.env.DEV_PORTAL_URL}/public-api/connectors/${pluginId}/manifest?access=internal&type=connector&accountId=${user.rcAccountId}`);
+                        break;
+                    default:
+                        throw new Error('Invalid plugin access');
+                }
+                const pluginData = pluginDataResponse.data;
+                const pluginManifest = pluginData.platforms[pluginSetting.value.name];
+                let pluginEndpointUrl = pluginManifest.endpointUrl;
+                if (!pluginEndpointUrl) {
+                    throw new Error('Plugin URL is not set');
+                }
+                else {
+                    if (pluginEndpointUrl.includes('?')) {
+                        pluginEndpointUrl += `&jwtToken=${jwtToken}`;
+                    }
+                    else {
+                        pluginEndpointUrl += `?jwtToken=${jwtToken}`;
+                    }
+                }
+                if (pluginSetting.value.isAsync) {
+                    const asyncTaskId = `${userId}-${uuidv4()}`;
+                    pluginAsyncTaskIds.push(asyncTaskId);
+                    await CacheModel.create({
+                        id: asyncTaskId,
+                        status: 'initialized',
+                        userId,
+                        cacheKey: `pluginTask-${pluginSetting.value.name}`,
+                        expiry: moment().add(1, 'hour').toDate()
+                    });
+                    axios.post(pluginEndpointUrl, {
+                        data: { logInfo: incomingData },
+                        asyncTaskId
+                    });
+                }
+                else {
+                    const processedResultResponse = await axios.post(pluginEndpointUrl, {
+                        data: incomingData
+                    });
+                    // eslint-disable-next-line no-param-reassign
+                    incomingData = processedResultResponse.data;
+                }
+            }
+
             // Fetch existing call log details once to avoid duplicate API calls
             let existingCallLogDetails = null;    // Compose updated call log details centrally
             const logFormat = platformModule.getLogFormatType ? platformModule.getLogFormatType(platform, proxyConfig) : LOG_DETAILS_FORMAT_TYPE.PLAIN_TEXT;
@@ -416,12 +533,7 @@ async function updateCallLog({ platform, userId, incomingData, hashedAccountId,
                 isFromSSCL,
                 proxyConfig,
             });
-            if (!extraDataTracking) {
-                extraDataTracking = {};
-            }
-            extraDataTracking.withSmartNoteLog = !!incomingData.aiNote;
-            extraDataTracking.withTranscript = !!incomingData.transcript;
-            return { successful: true, logId: existingCallLog.thirdPartyLogId, updatedNote, returnMessage, extraDataTracking };
+            return { successful: true, logId: existingCallLog.thirdPartyLogId, updatedNote, returnMessage, extraDataTracking, pluginAsyncTaskIds };
         }
         return { successful: false };
     } catch (e) {
@@ -518,6 +630,65 @@ async function createMessageLog({ platform, userId, incomingData }) {
         const ownerName = incomingData.logInfo.owner?.name;
         const isSharedSMS = !!ownerName;
 
+        const pluginAsyncTaskIds = [];
+        // Plugins
+        const isSMS = incomingData.logInfo.messages.some(m => m.type === 'SMS');
+        const isFax = incomingData.logInfo.messages.some(m => m.type === 'Fax');
+        const smsPlugins = isSMS ? getPluginsFromUserSettings({ userSettings: user.userSettings, logType: 'sms' }) : [];
+        const faxPlugins = isFax ? getPluginsFromUserSettings({ userSettings: user.userSettings, logType: 'fax' }) : [];
+        const plugins = [...smsPlugins, ...faxPlugins];
+        for (const pluginSetting of plugins) {
+            const pluginId = pluginSetting.id;
+            let pluginDataResponse = null;
+            switch (pluginSetting.value.access) {
+                case 'public':
+                    pluginDataResponse = await axios.get(`${process.env.DEV_PORTAL_URL}/public-api/connectors/${pluginId}/manifest?type=plugin`);
+                    break;
+                case 'private':
+                case 'shared':
+                    pluginDataResponse = await axios.get(`${process.env.DEV_PORTAL_URL}/public-api/connectors/${pluginId}/manifest?access=internal&type=connector&accountId=${user.rcAccountId}`);
+                    break;
+                default:
+                    throw new Error('Invalid plugin access');
+            }
+            const pluginData = pluginDataResponse.data;
+            const pluginManifest = pluginData.platforms[pluginSetting.value.name];
+            let pluginEndpointUrl = pluginManifest.endpointUrl;
+            if (!pluginEndpointUrl) {
+                throw new Error('Plugin URL is not set');
+            }
+            else {
+                if (pluginEndpointUrl.includes('?')) {
+                    pluginEndpointUrl += `&jwtToken=${jwtToken}`;
+                }
+                else {
+                    pluginEndpointUrl += `?jwtToken=${jwtToken}`;
+                }
+            }
+            if (pluginSetting.value.isAsync) {
+                const asyncTaskId = `${userId}-${uuidv4()}`;
+                pluginAsyncTaskIds.push(asyncTaskId);
+                await CacheModel.create({
+                    id: asyncTaskId,
+                    status: 'initialized',
+                    userId,
+                    cacheKey: `pluginTask-${pluginSetting.value.name}`,
+                    expiry: moment().add(1, 'hour').toDate()
+                });
+                axios.post(pluginEndpointUrl, {
+                    data: { logInfo: incomingData },
+                    asyncTaskId
+                });
+            }
+            else {
+                const processedResultResponse = await axios.post(pluginEndpointUrl, {
+                    data: incomingData
+                });
+                // eslint-disable-next-line no-param-reassign
+                incomingData = processedResultResponse.data;
+            }
+        }
+
         let messageIds = [];
         const correspondents = [];
         if (isGroupSMS) {

package/handlers/plugin.js

@@ -0,0 +1,27 @@
+const { CacheModel } = require('../models/cacheModel');
+const { Op } = require('sequelize');
+
+async function getPluginAsyncTasks({ asyncTaskIds }) {
+    const caches = await CacheModel.findAll({
+        where: {
+            id: {
+                [Op.in]: asyncTaskIds
+            }
+        }
+    });
+    const result = caches.map(cache => ({
+        cacheKey: cache.cacheKey,
+        status: cache.status
+    }));
+    const toRemoveCaches = caches.filter(cache => cache.status === 'completed' || cache.status === 'failed');
+    await CacheModel.destroy({
+        where: {
+            id: {
+                [Op.in]: toRemoveCaches.map(cache => cache.id)
+            }
+        }
+    });
+    return result;
+}
+
+exports.getPluginAsyncTasks = getPluginAsyncTasks;

package/handlers/user.js

@@ -49,7 +49,10 @@ async function getUserSettings({ user, rcAccessToken, rcAccountId }) {
             const keys = Object.keys(userSettingsByAdmin.userSettings).concat(Object.keys(userSettings));
             // distinct keys
             for (const key of new Set(keys)) {
-                // from user's own settings
+                // marked as removed
+                if (userSettingsByAdmin.userSettings[key]?.isRemoved) {
+                    continue;
+                }
                 if ((userSettingsByAdmin.userSettings[key] === undefined || userSettingsByAdmin.userSettings[key].customizable) && userSettings[key] !== undefined) {
                     result[key] = {
                         customizable: true,
@@ -57,6 +60,27 @@ async function getUserSettings({ user, rcAccessToken, rcAccountId }) {
                         defaultValue: userSettings[key].defaultValue,
                         options: userSettings[key].options
                     };
+                    // Special case: plugins
+                    if (key.startsWith('plugin_')) {
+                        const config = Object.keys(result[key].value.config)?.length === 0 ? null : result[key].value.config;
+                        if (config) {
+                            const configFromadminSettings = userSettingsByAdmin.userSettings[key].value.config ?? {};
+                            for (const k in config) {
+                                // use admin setting to replace, if not customizable
+                                if (configFromadminSettings[k] && !configFromadminSettings[k].customizable || !config[k].value && configFromadminSettings[k].value) {
+                                    config[k] = configFromadminSettings[k];
+                                }
+                                else {
+                                    config[k].customizable = configFromadminSettings[k].customizable;
+                                }
+                            }
+                            result[key].value.config = config;
+                        }
+                        //Case: no config at all, use admin setting directly
+                        else {
+                            result[key].value.config = userSettingsByAdmin.userSettings[key].value.config;
+                        }
+                    }
                 }
                 // from admin settings
                 else {
@@ -68,7 +92,7 @@ async function getUserSettings({ user, rcAccessToken, rcAccountId }) {
     return result;
 }
 
-async function updateUserSettings({ user, userSettings, platformName }) {
+async function updateUserSettings({ user, userSettings, settingKeysToRemove, platformName }) {
     const keys = Object.keys(userSettings || {});
     let updatedSettings = {
         ...(user.userSettings || {})
@@ -76,6 +100,11 @@ async function updateUserSettings({ user, userSettings, platformName }) {
     for (const k of keys) {
         updatedSettings[k] = userSettings[k];
     }
+    for (const k of settingKeysToRemove) {
+        if (updatedSettings[k]) {
+            delete updatedSettings[k];
+        }
+    }
     const platformModule = connectorRegistry.getConnector(platformName);
     if (platformModule.onUpdateUserSettings) {
         const { successful, returnMessage } = await platformModule.onUpdateUserSettings({ user, userSettings, updatedSettings });

package/index.js

@@ -3,8 +3,10 @@ const cors = require('cors')
 const bodyParser = require('body-parser');
 require('body-parser-xml')(bodyParser);
 const dynamoose = require('dynamoose');
+const { DynamoDB } = require('@aws-sdk/client-dynamodb');
 const axios = require('axios');
 const { UserModel } = require('./models/userModel');
+const { LlmSessionModel } = require('./models/llmSessionModel');
 const { CallDownListModel } = require('./models/callDownListModel');
 const { CallLogModel } = require('./models/callLogModel');
 const { MessageLogModel } = require('./models/messageLogModel');
@@ -29,6 +31,7 @@ const mcpHandler = require('./mcp/mcpHandler');
 const logger = require('./lib/logger');
 const { DebugTracer } = require('./lib/debugTracer');
 const s3ErrorLogReport = require('./lib/s3ErrorLogReport');
+const pluginCore = require('./handlers/plugin');
 const { handleDatabaseError } = require('./lib/errorHandler');
 const { updateAuthSession } = require('./lib/authSession');
 
@@ -37,13 +40,18 @@ try {
     packageJson = require('./package.json');
 }
 catch (e) {
-    logger.error('Error loading package.json', { stack: e.stack });
+    logger.error('Error loading package.json', { stack: e.stack }); 
     packageJson = require('../package.json');
 }
 
 // For using dynamodb in local env
+// AWS SDK v3 requires a region even for local; ddb.local() omits it, so set manually.
 if (process.env.DYNAMODB_LOCALHOST) {
-    dynamoose.aws.ddb.local(process.env.DYNAMODB_LOCALHOST);
+    dynamoose.aws.ddb.set(new DynamoDB({
+        endpoint: process.env.DYNAMODB_LOCALHOST,
+        region: 'local',
+        credentials: { accessKeyId: 'local', secretAccessKey: 'local' },
+    }));
 }
 // log axios requests
 if (process.env.IS_PROD === 'false') {
@@ -58,6 +66,7 @@ async function initDB() {
     if (!process.env.DISABLE_SYNC_DB_TABLE) {
         logger.info('creating db tables if not exist...');
         await UserModel.sync();
+        await LlmSessionModel.sync();
         await CallLogModel.sync();
         await MessageLogModel.sync();
         await AdminConfigModel.sync();
@@ -756,7 +765,7 @@ function createCoreRouter() {
                     res.status(400).send(tracer ? tracer.wrapResponse('User not found') : 'User not found');
                     return;
                 }
-                const { userSettings } = await userCore.updateUserSettings({ user, userSettings: req.body.userSettings, platformName });
+                const { userSettings } = await userCore.updateUserSettings({ user, userSettings: req.body.userSettings, settingKeysToRemove: req.body.settingKeysToRemove || [], platformName });
                 res.status(200).send(tracer ? tracer.wrapResponse({ userSettings }) : { userSettings });
                 success = true;
             }
@@ -1323,7 +1332,7 @@ function createCoreRouter() {
                 }
                 const { id: userId, platform } = decodedToken;
                 platformName = platform;
-                const { successful, logId, returnMessage, extraDataTracking, isRevokeUserSession } = await logCore.createCallLog({ platform, userId, incomingData: req.body, hashedAccountId: hashedAccountId ?? util.getHashValue(req.body.logInfo?.accountId, process.env.HASH_KEY), isFromSSCL: userAgent === 'SSCL' });
+                const { successful, logId, returnMessage, extraDataTracking, pluginAsyncTaskIds, isRevokeUserSession } = await logCore.createCallLog({ jwtToken, platform, userId, incomingData: req.body, hashedAccountId: hashedAccountId ?? util.getHashValue(req.body.logInfo?.accountId, process.env.HASH_KEY), isFromSSCL: userAgent === 'SSCL' });
                 if (isRevokeUserSession) {
                     res.status(401).send(tracer ? tracer.wrapResponse({ successful, returnMessage }) : { successful, returnMessage });
                     success = false;
@@ -1332,7 +1341,7 @@ function createCoreRouter() {
                     if (extraDataTracking) {
                         extraData = extraDataTracking;
                     }
-                    res.status(200).send(tracer ? tracer.wrapResponse({ successful, logId, returnMessage }) : { successful, logId, returnMessage });
+                res.status(200).send(tracer ? tracer.wrapResponse({ successful, logId, returnMessage, pluginAsyncTaskIds }) : { successful, logId, returnMessage, pluginAsyncTaskIds });
                     success = true;
                 }
             }
@@ -1386,11 +1395,11 @@ function createCoreRouter() {
                 }
                 const { id: userId, platform } = decodedToken;
                 platformName = platform;
-                const { successful, logId, updatedNote, returnMessage, extraDataTracking } = await logCore.updateCallLog({ platform, userId, incomingData: req.body, hashedAccountId: hashedAccountId ?? util.getHashValue(req.body.accountId, process.env.HASH_KEY), isFromSSCL: userAgent === 'SSCL' });
+                const { successful, logId, updatedNote, returnMessage, extraDataTracking, pluginAsyncTaskIds } = await logCore.updateCallLog({ jwtToken, platform, userId, incomingData: req.body, hashedAccountId: hashedAccountId ?? util.getHashValue(req.body.accountId, process.env.HASH_KEY), isFromSSCL: userAgent === 'SSCL' });
                 if (extraDataTracking) {
                     extraData = extraDataTracking;
                 }
-                res.status(200).send(tracer ? tracer.wrapResponse({ successful, logId, updatedNote, returnMessage }) : { successful, logId, updatedNote, returnMessage });
+                res.status(200).send(tracer ? tracer.wrapResponse({ successful, logId, updatedNote, returnMessage, pluginAsyncTaskIds }) : { successful, logId, updatedNote, returnMessage, pluginAsyncTaskIds });
                 success = true;
             }
             else {
@@ -1941,6 +1950,55 @@ function createCoreRouter() {
         });
     });
 
+    router.post('/pluginAsyncTask', async function (req, res) {
+        const requestStartTime = new Date().getTime();
+        const tracer = req.headers['is-debug'] === 'true' ? DebugTracer.fromRequest(req) : null;
+        tracer?.trace('pluginAsyncTask:start', { query: req.query });
+        let platformName = null;
+        let success = false;
+        const { hashedExtensionId, hashedAccountId, userAgent, ip, author, eventAddedVia } = getAnalyticsVariablesInReqHeaders({ headers: req.headers })
+        const { jwtToken } = req.query;
+        try {
+            if (!jwtToken) {
+                tracer?.trace('pluginAsyncTask:noToken', {});
+                res.status(400).send(tracer ? tracer.wrapResponse('Please go to Settings and authorize CRM platform') : 'Please go to Settings and authorize CRM platform');
+                return;
+            }
+            const unAuthData = jwt.decodeJwt(jwtToken);
+            const user = await UserModel.findByPk(unAuthData?.id);
+            if (!user) {
+                tracer?.trace('pluginAsyncTask:userNotFound', {});
+                res.status(400).send(tracer ? tracer.wrapResponse('User not found') : 'User not found');
+                return;
+            }
+            const { asyncTaskIds } = req.body;
+            const filteredTasksIds = asyncTaskIds.filter(taskId => taskId.startsWith(user.id));
+            const tasks = await pluginCore.getPluginAsyncTasks({ asyncTaskIds: filteredTasksIds });
+            res.status(200).send(tracer ? tracer.wrapResponse({ tasks }) : { tasks });
+            success = true;
+        }
+        catch (e) {
+            console.log(`platform: ${platformName} \n${e.stack}`);
+            res.status(400).send(tracer ? tracer.wrapResponse({ error: e.message || e }) : { error: e.message || e });
+            tracer?.traceError('pluginAsyncTask:error', e, { platform: platformName });
+            success = false;
+        }
+        const requestEndTime = new Date().getTime();
+        analytics.track({
+            eventName: 'Plugin Async Task',
+            interfaceName: 'pluginAsyncTask',
+            connectorName: platformName,
+            accountId: hashedAccountId,
+            extensionId: hashedExtensionId,
+            success,
+            requestDuration: (requestEndTime - requestStartTime) / 1000,
+            userAgent,
+            ip,
+            author,
+            eventAddedVia
+        });
+    });
+
     if (process.env.IS_PROD === 'false') {
         router.post('/registerMockUser', async function (req, res) {
             const secretKey = req.query.secretKey;
@@ -2057,24 +2115,32 @@ function createCoreRouter() {
         });
     });
 
-    router.use('/mcp', (req, res, next) => {// LOG EVERYTHING
-        console.log(`[${req.method}] /mcp`);
-        console.log("Headers:", JSON.stringify(req.headers['authorization'] ? "Auth Token Present" : "No Auth"));
-        console.log("Body:", JSON.stringify(req.body));
-        // return next();
-        // Capture the response finish to see the status code
-        res.on('finish', () => {
-            console.log(`[Response] Status: ${res.statusCode}`);
-            console.log(`[Response] data: ${JSON.stringify(res.data)}`);
-        });
+    router.use('/mcp', (req, res, next) => {
+        // Widget tool calls are unauthenticated — they come from the iframe
+        // which has no access to the RC bearer token.
+        if (req.path === '/widget-tool-call') {
+            return next();
+        }
 
         const authHeader = req.headers.authorization;
         const token = authHeader?.split(' ')[1]; // Remove "Bearer "
-        // Allow the initial connection (GET) and CORS checks (OPTIONS) to pass freely.
-        // We only want to block the actual commands (POST).
+        // Allow GET and OPTIONS (CORS preflight) to pass freely.
         if (req.method === 'GET' || req.method === 'OPTIONS') {
             return next();
         }
+        // Allow MCP discovery/handshake methods — these carry no user data and must be
+        // reachable without auth so the ChatGPT developer portal can scan tools.
+        const mcpMethod = req.body?.method;
+        const UNAUTHENTICATED_MCP_METHODS = new Set([
+            'initialize',
+            'tools/list',
+            'ping',
+            'notifications/initialized',
+            'notifications/cancelled',
+        ]);
+        if (mcpMethod && UNAUTHENTICATED_MCP_METHODS.has(mcpMethod)) {
+            return next();
+        }
         // SCENARIO 1: No Token provided. Kick off the OAuth flow.
         if (!token) {
             res.setHeader('WWW-Authenticate', `Bearer realm="mcp", resource_metadata="${process.env.APP_SERVER}/.well-known/oauth-protected-resource"`);
@@ -2084,9 +2150,7 @@ function createCoreRouter() {
         // SCENARIO 2: Token provided. Verify it.
         try {
             next();
-        } catch (error) {
-            console.error("Token validation failed:", error.message);
-            // Token is invalid or expired
+        } catch {
             res.setHeader('WWW-Authenticate', `Bearer realm="mcp", resource_metadata="${process.env.APP_SERVER}/.well-known/oauth-protected-resource"`);
             return res.status(401).send();
         }
@@ -2109,6 +2173,19 @@ function createCoreRouter() {
         await mcpHandler.handleMcpRequest(req, res);
     });
 
+    // Lightweight endpoint for widget tool calls (bypasses MCP protocol)
+    router.options('/mcp/widget-tool-call', (req, res) => {
+        res.setHeader('Access-Control-Allow-Origin', '*');
+        res.setHeader('Access-Control-Allow-Methods', 'POST, OPTIONS');
+        res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+        res.status(200).end();
+    });
+    router.post('/mcp/widget-tool-call', async (req, res) => {
+        res.setHeader('Access-Control-Allow-Origin', '*');
+        res.setHeader('Content-Type', 'application/json');
+        await mcpHandler.handleWidgetToolCall(req, res);
+    });
+
     return router;
 }
 

package/lib/authSession.js

@@ -10,20 +10,29 @@ const AUTH_SESSION_PREFIX = 'auth-session';
 const SESSION_EXPIRY_MINUTES = 5;
 
 /**
- * Create a new auth session
+ * Create (or reset) an auth session.
+ * If a record already exists for the sessionId (e.g., user retries auth within
+ * the same ChatGPT conversation), it is reset to 'pending' so polling works
+ * correctly for the new attempt.
  */
 async function createAuthSession(sessionId, data) {
-    await CacheModel.create({
-        id: `${AUTH_SESSION_PREFIX}-${sessionId}`,
-        cacheKey: AUTH_SESSION_PREFIX,
-        userId: sessionId,
-        status: 'pending',
-        data: {
-            ...data,
-            createdAt: new Date().toISOString()
-        },
-        expiry: new Date(Date.now() + SESSION_EXPIRY_MINUTES * 60 * 1000)
-    });
+    const id = `${AUTH_SESSION_PREFIX}-${sessionId}`;
+    const expiry = new Date(Date.now() + SESSION_EXPIRY_MINUTES * 60 * 1000);
+    const sessionData = { ...data, createdAt: new Date().toISOString() };
+
+    const existing = await CacheModel.findByPk(id);
+    if (existing) {
+        await existing.update({ status: 'pending', data: sessionData, expiry });
+    } else {
+        await CacheModel.create({
+            id,
+            cacheKey: AUTH_SESSION_PREFIX,
+            userId: sessionId,
+            status: 'pending',
+            data: sessionData,
+            expiry,
+        });
+    }
 }
 
 /**

package/lib/callLogComposer.js

@@ -115,7 +115,7 @@ function composeCallLog(params) {
         body = upsertCallRecording({ body, recordingLink, logFormat });
     }
 
-    if (aiNote && (userSettings?.addCallLogAINote?.value ?? true)) {
+    if (aiNote && (userSettings?.addCallLogAiNote?.value ?? true)) {
         body = upsertAiNote({ body, aiNote, logFormat });
     }