@app-connect/core 1.7.17 → 1.7.19

package/mcp/tools/doAuth.js

@@ -1,190 +1,60 @@
-const authCore = require('../../handlers/auth');
-const jwt = require('../../lib/jwt');
-const crypto = require('crypto');
 const { createAuthSession } = require('../../lib/authSession');
-const { isManifestValid } = require('../lib/validator');
+
 /**
- * MCP Tool: Do Authentication
- * 
- * This tool does the authentication.
+ * MCP Tool: Do Authentication (widget-only)
+ *
+ * Creates a server-side OAuth session for the given sessionId.
+ * The widget generates the sessionId and authUri client-side for instant display,
+ * then calls this endpoint in the background to register the session in the DB
+ * so the OAuth callback can resolve it.
  */
 
 const toolDefinition = {
     name: 'doAuth',
-    description: 'Auth flow step.4. Do the authentication. Next step is calling step.5 "checkAuthStatus" tool.',
+    description: 'Create a server-side OAuth session. Widget-only — not called by AI model.',
     inputSchema: {
         type: 'object',
         properties: {
-            connectorManifest: {
-                type: 'object',
-                description: 'connectorManifest variable from above conversation. Must be the full manifest object, not just serverUrl'
-            },
             connectorName: {
                 type: 'string',
-                description: 'connectorName variable from above conversation.'
+                description: 'Connector platform name'
             },
             hostname: {
                 type: 'string',
-                description: 'Hostname to authenticate to.'
-            },
-            apiKey: {
-                type: 'string',
-                description: 'API key to authenticate to.'
-            },
-            additionalInfo: {
-                type: 'object',
-                description: 'Additional information to authenticate to.',
-                properties: {
-                    username: {
-                        type: 'string',
-                        description: 'Username to authenticate to.'
-                    },
-                    password: {
-                        type: 'string',
-                        description: 'Password to authenticate to.'
-                    },
-                    apiUrl: {
-                        type: 'string',
-                        description: 'API URL to authenticate to.'
-                    }
-                }
-            },
-            callbackUri: {
-                type: 'string',
-                description: 'Callback URI to authenticate to.'
+                description: 'Resolved hostname for the CRM instance'
             }
         },
-        required: ['connectorManifest', 'connectorName', 'hostname']
+        required: ['connectorName']
     },
     annotations: {
         readOnlyHint: false,
-        openWorldHint: true,
-        destructiveHint: true
+        openWorldHint: false,
+        destructiveHint: false
     }
 };
 
-/**
- * Execute the doAuth tool
- * @param {Object} args - The tool arguments
- * @param {string} args.connectorManifest - Connector manifest from conversation or memory.
- * @param {string} args.connectorName - Connector name from conversation or memory.
- * @param {string} args.hostname - Hostname to authenticate to.
- * @param {string} args.apiKey - API key to authenticate to.
- * @param {Object} args.additionalInfo - Additional information to authenticate to.
- * @param {string} args.callbackUri - Callback URI to authenticate to.
- * @returns {Object} Result object with authentication information
- */
 async function execute(args) {
     try {
-        const { connectorManifest, connectorName, hostname, apiKey, additionalInfo, callbackUri } = args;
-        const { isValid, errors } = isManifestValid({ connectorManifest, connectorName });
-        if (!isValid) {
-            return {
-                success: false,
-                error: "Invalid connector manifest",
-                errorDetails: errors.join(', '),
-            }
-        }
-        const platform = connectorManifest.platforms[connectorName];
-        switch (platform.auth.type) {
-            case 'apiKey':
-                const { userInfo } = await authCore.onApiKeyLogin({ platform: platform.name, hostname, apiKey, additionalInfo });
-                if (userInfo) {
-                    const jwtToken = jwt.generateJwt({
-                        id: userInfo.id.toString(),
-                        platform: platform.name
-                    });
-                    return {
-                        success: true,
-                        data: {
-                            jwtToken,
-                            message: "IMPORTANT: Authentication successful. Keep jwtToken in memory for future use. DO NOT directly show it to user.",
-                        }
-                    }
-                }
-                else {
-                    return {
-                        success: false,
-                        error: "Authentication failed",
-                        errorDetails: "User info not found",
-                    }
-                }
-            case 'oauth':
-                const hasValidCallbackUri = callbackUri && callbackUri.includes('code=') && callbackUri.includes('state=');
-                if (hasValidCallbackUri) {
-                    const query = Object.fromEntries(new URL(callbackUri).searchParams);
-                    query.hostname = hostname;
-                    const { userInfo } = await authCore.onOAuthCallback({ platform: platform.name, hostname, callbackUri, query });
-                    if (userInfo) {
-                        const jwtToken = jwt.generateJwt({
-                            id: userInfo.id.toString(),
-                            platform: platform.name
-                        });
-                        return {
-                            success: true,
-                            data: {
-                                jwtToken,
-                                message: "IMPORTANT: Authentication successful. Keep jwtToken in memory for future use. DO NOT directly show it to user.",
-                            }
-                        }
-                    }
-                    else {
-                        return {
-                            success: false,
-                            error: "Authentication failed",
-                            errorDetails: "User info not found",
-                        }
-                    }
-                }
-                else {
-                    // Generate unique session ID
-                    const sessionId = crypto.randomUUID();
-                    
-                    // Store session
-                    await createAuthSession(sessionId, {
-                        platform: platform.name,
-                        hostname,
-                    });
-                    
-                    const authUri = composeAuthUri({ platform, sessionId, hostname });
-                    return {
-                        success: true,
-                        data: {
-                            authUri,
-                            sessionId,
-                            message: "IMPORTANT: Show this uri as a clickable link for user to authorize. After user authorizes, use checkAuthStatus tool with this sessionId to get the jwtToken.",
-                        }
-                    }
-                }
+        const { sessionId, connectorName, hostname = '' } = args;
+
+        if (!sessionId || !connectorName) {
+            return { success: false, error: 'Missing required fields: sessionId, connectorName' };
         }
-    }
-    catch (error) {
+
+        await createAuthSession(sessionId, {
+            platform: connectorName,
+            hostname,
+        });
+
+        return { success: true };
+    } catch (error) {
         return {
             success: false,
             error: error.message || 'Unknown error occurred',
-            errorDetails: error.stack
+            errorDetails: error.stack,
         };
     }
 }
 
-function composeAuthUri({ platform, sessionId, hostname }) {
-    // Build base state param
-    let stateParam = sessionId ? 
-        `sessionId=${sessionId}&platform=${platform.name}&hostname=${hostname}` : 
-        `platform=${platform.name}&hostname=${hostname}`;
-    
-    // Merge customState if provided
-    if (platform.auth.oauth.customState) {
-        stateParam += `&${platform.auth.oauth.customState}`;
-    }
-    
-    return `${platform.auth.oauth.authUrl}?` +
-        `response_type=code` +
-        `&client_id=${platform.auth.oauth.clientId}` +
-        `${!!platform.auth.oauth.scope && platform.auth.oauth.scope != '' ? `&${platform.auth.oauth.scope}` : ''}` +
-        `&state=${encodeURIComponent(stateParam)}` +
-        `&redirect_uri=${process.env.APP_SERVER}/oauth-callback`;
-}
-
 exports.definition = toolDefinition;
-exports.execute = execute;
+exports.execute = execute;

package/mcp/tools/findContactByName.js

@@ -11,20 +11,16 @@ const contactCore = require('../../handlers/contact');
 
 const toolDefinition = {
     name: 'findContactByName',
-    description: '⚠️ REQUIRES AUTHENTICATION: User must first authenticate using the "auth" tool to obtain a JWT token before using this tool. | Search for a contact in the CRM platform by name. Returns contact details if found.',
+    description: '⚠️ REQUIRES CRM CONNECTION. | Search for a contact in the CRM platform by name. Returns contact details if found.',
     inputSchema: {
         type: 'object',
         properties: {
-            jwtToken: {
-                type: 'string',
-                description: 'JWT token containing userId and platform information. If user does not have this, direct them to use the "auth" tool first.'
-            },
             name: {
                 type: 'string',
                 description: 'Name to search for'
             }
         },
-        required: ['jwtToken', 'name']
+        required: ['name']
     },
     annotations: {
         readOnlyHint: true,
@@ -36,14 +32,15 @@ const toolDefinition = {
 /**
  * Execute the findContactByName tool
  * @param {Object} args - The tool arguments
- * @param {string} args.jwtToken - JWT token with user and platform info
  * @param {string} args.name - Name to search for
  * @returns {Object} Result object with contact information
  */
 async function execute(args) {
     try {
-        const { jwtToken, name } = args;
-
+        const { name, jwtToken } = args;
+        if (!jwtToken) {
+            throw new Error('Not authenticated. Please connect to your CRM first.');
+        }
         // Decode JWT to get userId and platform
         const { id: userId, platform } = jwt.decodeJwt(jwtToken);
         

package/mcp/tools/findContactByPhone.js

@@ -11,14 +11,10 @@ const contactCore = require('../../handlers/contact');
 
 const toolDefinition = {
     name: 'findContactByPhone',
-    description: '⚠️ REQUIRES AUTHENTICATION: User must first authenticate using the "auth" tool to obtain a JWT token before using this tool. | Search for a contact in the CRM platform by phone number. Returns contact details if found.',
+    description: '⚠️ REQUIRES CRM CONNECTION. | Search for a contact in the CRM platform by phone number. Returns contact details if found.',
     inputSchema: {
         type: 'object',
         properties: {
-            jwtToken: {
-                type: 'string',
-                description: 'JWT token containing userId and platform information. If user does not have this, direct them to use the "auth" tool first.'
-            },
             phoneNumber: {
                 type: 'string',
                 description: 'Phone number to search for, if not in E.164 format, convert it to E.164 format'
@@ -32,7 +28,7 @@ const toolDefinition = {
                 description: 'Whether the request is from an extension'
             }
         },
-        required: ['jwtToken', 'phoneNumber']
+        required: ['phoneNumber']
     },
     annotations: {
         readOnlyHint: true,

package/mcp/tools/getGoogleFilePicker.js

@@ -11,20 +11,16 @@ const axios = require('axios');
 
 const toolDefinition = {
     name: 'getGoogleFilePicker',
-    description: '⚠️ REQUIRES AUTHENTICATION: User must first authenticate with googleSheets platform. | Returns a URL for the Google Sheets file picker (1st preference) OR create a new sheet with input sheet name (2nd preference). The user should open this URL in their browser to select a Google Sheet for logging.',
+    description: '⚠️ REQUIRES CRM CONNECTION. | Returns a URL for the Google Sheets file picker (1st preference) OR create a new sheet with input sheet name (2nd preference). The user should open this URL in their browser to select a Google Sheet for logging.',
     inputSchema: {
         type: 'object',
         properties: {
-            jwtToken: {
-                type: 'string',
-                description: 'JWT token obtained from authentication. If user does not have this, direct them to use the "doAuth" tool first with googleSheets platform.'
-            },
             sheetName: {
                 type: 'string',
                 description: 'OPTIONAL. Name of the new sheet to create.'
             }
         },
-        required: ['jwtToken']
+        required: []
     },
     annotations: {
         readOnlyHint: false,
@@ -47,7 +43,7 @@ async function execute(args) {
         if (!jwtToken) {
             return {
                 success: false,
-                error: 'JWT token is required. Please authenticate with googleSheets platform first using the doAuth tool.'
+                error: 'JWT token is required. Please connect to the CRM first using getPublicConnectors.'
             };
         }
 
@@ -67,7 +63,7 @@ async function execute(args) {
         if (!user) {
             return {
                 success: false,
-                error: 'User not found. Please authenticate with googleSheets platform first.'
+                error: 'User not found. Please connect to the CRM first using getPublicConnectors.'
             };
         }
 
@@ -78,7 +74,7 @@ async function execute(args) {
         }
         else {
             // Generate the file picker URL
-            const filePickerUrl = `${process.env.APP_SERVER}/googleSheets/filePicker?token=${jwtToken}}`;
+            const filePickerUrl = `${process.env.APP_SERVER}/googleSheets/filePicker?token=${jwtToken}`;
 
             return {
                 success: true,

package/mcp/tools/getHelp.js

@@ -29,12 +29,11 @@ async function execute() {
         success: true,
         data: {
             overview: "I help you connect RingCentral with your CRM to log calls.",
-            steps:[
+            steps: [
                 '1. Tell me to show all connectors and let me connect you to your CRM',
                 '2. Follow authorization flow to authorize your CRM',
                 '3. Once authorized, I can help find contacts and log your calls'
-            ],
-            supportedCRMs: ["Clio", "Google Sheets"],
+            ]
         }
     };
 }

package/mcp/tools/getPublicConnectors.js

@@ -1,14 +1,17 @@
-const developerPortal = require('../../connector/developerPortal');
+const axios = require('axios');
 
 /**
  * MCP Tool: Get Public Connectors
- * 
- * This tool retrieves a list of public connectors from the developer portal.
+ *
+ * Triggers the connector selection widget. The widget fetches the connector
+ * list and manifests directly from the developer portal on the client side.
+ * This tool only needs to resolve the RC account ID (for private connector
+ * support) and return the server URL for widget-to-server tool calls.
  */
 
 const toolDefinition = {
     name: 'getPublicConnectors',
-    description: 'Auth flow step.1. Get a list of all available connectors from the developer portal. Returns a list of connector names for users to choose. Next step is calling step.2 "setConnector" tool.',
+    description: 'Get available connectors. Returns an interactive widget - do NOT summarize or list the results in text, just show the widget.',
     inputSchema: {
         type: 'object',
         properties: {},
@@ -16,38 +19,48 @@ const toolDefinition = {
     },
     annotations: {
         readOnlyHint: true,
-        openWorldHint: false,
+        openWorldHint: true,
         destructiveHint: false
+    },
+    _meta: {
+        // openai/outputTemplate is injected at registration time by mcpHandler.js
+        // using the module-level WIDGET_URI — do not hardcode a version here.
+        "openai/toolBehavior": 'interactive',
+        "openai/widgetAccessible": true
     }
 };
 
-const supportedPlatforms = ['googleSheets','clio'];
-
 /**
- * Execute the getPublicConnectors tool
- * @returns {Object} Result object with connector names
+ * Execute the getPublicConnectors tool.
+ * Uses the RC access token (injected by mcpHandler) to resolve the account ID,
+ * which the widget needs to fetch private connectors directly from the developer portal.
  */
-async function execute() {
-    try {
-        const { connectors: publicConnectorList } = await developerPortal.getPublicConnectorList();
-        const connectorList = publicConnectorList;
-        if(process.env.RC_ACCOUNT_ID) {
-            const { privateConnectors } = await developerPortal.getPrivateConnectorList();
-            connectorList.push(...privateConnectors);
+async function execute({ rcAccessToken, openaiSessionId } = {}) {
+    let rcExtensionId = null;
+    let rcAccountId = null;
+
+    if (rcAccessToken) {
+        try {
+            const resp = await axios.get(
+                'https://platform.ringcentral.com/restapi/v1.0/account/~/extension/~',
+                { headers: { Authorization: `Bearer ${rcAccessToken}` } }
+            );
+            rcExtensionId = resp.data?.id ?? null;
+            rcAccountId = resp.data?.account?.id ?? null;
+        } catch {
+            // Non-fatal: widget will only show public connectors
         }
-        return {
-            success: true,
-            data: connectorList.filter(c => supportedPlatforms.includes(c.name)).map(c => c.displayName)
-        };
-    }
-    catch (error) {
-        return {
-            success: false,
-            error: error.message || 'Unknown error occurred',
-            errorDetails: error.stack
-        };
     }
+
+    return {
+        structuredContent: {
+            serverUrl: process.env.APP_SERVER || 'https://localhost:6066',
+            rcExtensionId,
+            rcAccountId,
+            openaiSessionId: openaiSessionId ?? null,
+        }
+    };
 }
 
 exports.definition = toolDefinition;
-exports.execute = execute;
+exports.execute = execute;

package/mcp/tools/index.js

@@ -1,64 +1,39 @@
 /**
  * MCP Tools Index
- * 
- * This file exports all available MCP tools for the RC Unified CRM Extension.
+ *
+ * Two separate registries:
+ *  - tools:       Registered in the MCP server — visible to and callable by the AI model
+ *  - widgetTools: Only accessible via POST /mcp/widget-tool-call — hidden from the AI model
  */
 
-// const auth = require('./auth');
 const getHelp = require('./getHelp');
 const getPublicConnectors = require('./getPublicConnectors');
-const setConnector = require('./setConnector');
-const collectAuthInfo = require('./collectAuthInfo');
 const doAuth = require('./doAuth');
 const checkAuthStatus = require('./checkAuthStatus');
 const logout = require('./logout');
 const findContact = require('./findContactByPhone');
 const findContactWithName = require('./findContactByName');
-const getCallLog = require('./getCallLog');
 const createCallLog = require('./createCallLog');
-const updateCallLog = require('./updateCallLog');
-const createMessageLog = require('./createMessageLog');
 const rcGetCallLogs = require('./rcGetCallLogs');
 const getGoogleFilePicker = require('./getGoogleFilePicker');
 const createContact = require('./createContact');
 
-// Export all tools
-module.exports = {
+// AI-visible MCP tools — registered in the MCP server
+module.exports.tools = [
     getHelp,
     getPublicConnectors,
-    setConnector,
-    collectAuthInfo,
-    doAuth,
-    checkAuthStatus,
     logout,
     findContact,
     findContactWithName,
-    //getCallLog,
     createCallLog,
-    //updateCallLog,
-    //createMessageLog,
     rcGetCallLogs,
-    getGoogleFilePicker,
-    createContact
-};
+    // getGoogleFilePicker,
+    createContact,
+];
 
-// Export tools as an array for easy iteration
-module.exports.tools = [
-    getHelp,
-    getPublicConnectors,
-    setConnector,
-    collectAuthInfo,
+// Widget-only tools — callable via /mcp/widget-tool-call, NOT registered as MCP tools
+module.exports.widgetTools = [
     doAuth,
     checkAuthStatus,
-    logout,
-    findContact,
-    findContactWithName,
-    //getCallLog,
-    createCallLog,
-    //updateCallLog,
-    //createMessageLog,
-    rcGetCallLogs,
-    getGoogleFilePicker,
-    createContact
 ];
 

package/mcp/tools/logout.js

@@ -13,16 +13,11 @@ const toolDefinition = {
     description: 'Logout the user from the CRM platform.',
     inputSchema: {
         type: 'object',
-        properties: {
-            jwtToken: {
-                type: 'string',
-                description: 'JWT token containing userId and platform information. If user does not have this, direct them to use the "auth" tool first.'
-            }
-        }
+        properties: {}
     },
     annotations: {
         readOnlyHint: false,
-        openWorldHint: false,
+        openWorldHint: true,
         destructiveHint: true
     }
 };
@@ -30,16 +25,16 @@ const toolDefinition = {
 /**
  * Execute the logout tool
  * @param {Object} args - The tool arguments
- * @param {string} args.jwtToken - JWT token containing userId and platform information. If user does not have this, direct them to use the "auth" tool first.
+ * @param {string} args.jwtToken - JWT token containing userId and platform information. Injected automatically by the server after CRM connection.
  * @returns {Object} Result object with logout information
  */
 async function execute(args) {
     try {
         const { jwtToken } = args;
         const { platform, id } = jwt.decodeJwt(jwtToken);
-        
+
         const userToLogout = await UserModel.findByPk(id);
-            if (!userToLogout) {
+        if (!userToLogout) {
             return {
                 success: false,
                 error: "User not found",

package/mcp/tools/rcGetCallLogs.js

@@ -4,14 +4,10 @@ const { CallLogModel } = require('../../models/callLogModel');
 
 const toolDefinition = {
     name: 'rcGetCallLogs',
-    description: '⚠️ REQUIRES AUTHENTICATION: User must first authenticate using the "auth" tool to obtain a JWT token before using this tool. | Get call logs from RingCentral',
+    description: '⚠️ REQUIRES CRM CONNECTION. | Get call logs from RingCentral. Returns a `records[]` array. Each item in `records` is a complete RingCentral call log object that can be passed DIRECTLY as `incomingData.logInfo` to the `createCallLog` tool — no field renaming or restructuring needed.',
     inputSchema: {
         type: 'object',
         properties: {
-            jwtToken: {
-                type: 'string',
-                description: 'JWT token containing userId and platform information. If user does not have this, direct them to use the "auth" tool first.'
-            },
             timeFrom: {
                 type: 'string',
                 description: 'MUST be ISO string. Default is 24 hours ago.'
@@ -21,11 +17,11 @@ const toolDefinition = {
                 description: 'MUST be ISO string. Default is now.'
             }
         },
-        required: ['jwtToken', 'timeFrom', 'timeTo']
+        required: []
     },
     annotations: {
         readOnlyHint: true,
-        openWorldHint: false,
+        openWorldHint: true,
         destructiveHint: false
     }
 }
@@ -51,19 +47,6 @@ async function execute(args) {
             timeFrom: timeFrom ?? new Date(Date.now() - 24 * 60 * 60 * 1000).toISOString(),
             timeTo: timeTo ?? new Date().toISOString(),
         });
-        // hack: remove already logged calls
-        const existingCalls = [];
-        for (const call of callLogData.records) {
-            const existingCallLog = await CallLogModel.findOne({
-                where: {
-                    sessionId: call.sessionId
-                }
-            });
-            if (existingCallLog) {
-                existingCalls.push(existingCallLog.sessionId);
-            }
-        }
-        callLogData.records = callLogData.records.filter(call => !existingCalls.includes(call.sessionId));
         return callLogData;
     }
     catch (e) {