@app-connect/core 1.7.21 → 1.7.22

package/README.md

@@ -2,6 +2,8 @@
 
 Core package for RingCentral App Connect project providing modular APIs for CRM integration, authentication, contact management, and call logging.
 
+For maintainer-facing internal docs about the package internals, see [`docs/README.md`](./docs/README.md). That docs set covers the non-MCP code under `packages/core`.
+
 ## Features
 
 - **Modular API Design**: Flexible Express app setup with customizable middleware and routes
@@ -286,6 +288,7 @@ const logHandler = require('@app-connect/core/handlers/log');
 const adminHandler = require('@app-connect/core/handlers/admin');
 const userHandler = require('@app-connect/core/handlers/user');
 const dispositionHandler = require('@app-connect/core/handlers/disposition');
+const managedAuthHandler = require('@app-connect/core/handlers/managedAuth');
 
 // Available handlers:
 // authHandler      - Authentication operations
@@ -294,6 +297,7 @@ const dispositionHandler = require('@app-connect/core/handlers/disposition');
 // adminHandler     - Admin operations
 // userHandler      - User management
 // dispositionHandler - Call disposition
+// managedAuthHandler - Shared API-key auth field operations
 ```
 
 #### Models
@@ -332,6 +336,7 @@ The core package provides the following API endpoints:
 - `GET /authValidation` - Validate user authentication
 - `GET /oauth-callback` - OAuth callback handler
 - `POST /apiKeyLogin` - API key authentication
+- `GET /apiKeyManagedAuthState` - Get managed-auth required-field readiness for API-key logins
 - `POST /unAuthorize` - Logout user
 
 ### Contact Management
@@ -356,11 +361,13 @@ The core package provides the following API endpoints:
 - `POST /admin/settings` - Update admin settings
 - `GET /admin/serverLoggingSettings` - Get server logging settings
 - `POST /admin/serverLoggingSettings` - Update server logging settings
+- `GET /admin/managedAuth` - Get managed-auth field definitions and masked stored values
+- `POST /admin/managedAuth` - Update org-level or user-level managed auth field values
 
 ### System
 - `GET /releaseNotes` - Get release notes
 - `GET /crmManifest` - Get CRM manifest
-- `GET /is-alive` - Health check
+- `GET /isAlive` - Health check
 - `GET /serverVersionInfo` - Get server version
 - `GET /hostname` - Get user hostname
 - `GET /userInfoHash` - Get hashed user info

package/connector/developerPortal.js

@@ -22,11 +22,11 @@ async function getPrivateConnectorList() {
     }
 }
 
-async function getConnectorManifest({connectorId, isPrivate = false}) {
+async function getConnectorManifest({ connectorId, isPrivate = false }) {
     try {
         let response = null;
-        if(isPrivate) {
-            response = await axios.get(`https://appconnect.labs.ringcentral.com/public-api/connectors/${connectorId}/manifest?type=internal&accountId=${process.env.RC_ACCOUNT_ID}`);
+        if (isPrivate) {
+            response = await axios.get(`https://appconnect.labs.ringcentral.com/public-api/connectors/${connectorId}/manifest?access=internal&type=connector&accountId=${process.env.RC_ACCOUNT_ID}`);
         }
         else {
             response = await axios.get(`https://appconnect.labs.ringcentral.com/public-api/connectors/${connectorId}/manifest`);
@@ -36,7 +36,7 @@ async function getConnectorManifest({connectorId, isPrivate = false}) {
         logger.error('Error getting connector manifest:', error);
         return null;
     }
-}   
+}
 
 exports.getPublicConnectorList = getPublicConnectorList;
 exports.getPrivateConnectorList = getPrivateConnectorList;

package/docs/README.md

@@ -0,0 +1,50 @@
+# App Connect Core Docs
+
+This docs set explains the maintained code under `packages/core`, excluding the `mcp/` subsystem.
+
+Use it when you need to change shared backend behavior, trace a request through the framework, or understand which module owns a feature.
+
+## Scope
+
+Included:
+
+- root package entrypoints and route assembly
+- connector infrastructure
+- handlers
+- models, including DynamoDB-backed schemas used outside MCP
+- shared libraries
+- tests that cover the non-MCP package surface
+
+Excluded:
+
+- `mcp/`
+- generated output such as `coverage/`
+- vendored dependencies such as `node_modules/`
+
+## Reading Order
+
+1. [Architecture](architecture.md) for the runtime shape and request flow
+2. [Routes](routes.md) for the HTTP surface in `index.js`
+3. [Handlers](handlers.md) for shared business logic
+4. [Connectors](connectors.md) for registration, proxy behavior, and developer-portal helpers
+5. [Models](models.md) for persistence
+6. [Libraries](libraries.md) for shared helpers and infrastructure code
+7. [Tests](tests.md) for current automated coverage
+
+## File Map
+
+| Area | Files |
+| --- | --- |
+| Package root | `index.js`, `package.json`, `README.md`, `releaseNotes.json`, `jest.config.js` |
+| Connectors | `connector/registry.js`, `connector/developerPortal.js`, `connector/mock.js`, `connector/proxy/index.js`, `connector/proxy/engine.js` |
+| Handlers | `handlers/admin.js`, `handlers/auth.js`, `handlers/calldown.js`, `handlers/contact.js`, `handlers/disposition.js`, `handlers/log.js`, `handlers/plugin.js`, `handlers/managedAuth.js`, `handlers/user.js` |
+| Sequelize models | `models/accountDataModel.js`, `models/adminConfigModel.js`, `models/cacheModel.js`, `models/callDownListModel.js`, `models/callLogModel.js`, `models/llmSessionModel.js`, `models/messageLogModel.js`, `models/sequelize.js`, `models/userModel.js` |
+| DynamoDB models | `models/dynamo/connectorSchema.js`, `models/dynamo/lockSchema.js`, `models/dynamo/noteCacheSchema.js` |
+| Libraries | `lib/analytics.js`, `lib/authSession.js`, `lib/callLogComposer.js`, `lib/constants.js`, `lib/debugTracer.js`, `lib/encode.js`, `lib/errorHandler.js`, `lib/generalErrorMessage.js`, `lib/jwt.js`, `lib/logger.js`, `lib/oauth.js`, `lib/ringcentral.js`, `lib/s3ErrorLogReport.js`, `lib/sharedSMSComposer.js`, `lib/util.js` |
+| Tests | `test/setup.js`, `test/connector/**`, `test/handlers/**`, `test/lib/**`, `test/models/**`, `test/routes/**` excluding `test/mcp/**` |
+
+## Relationship To The Package README
+
+The package [README.md](../README.md) is still the best public-facing quick start.
+
+This docs set is the maintainer-oriented reference for the internals behind that API surface.

package/docs/architecture.md

@@ -0,0 +1,93 @@
+# Core Architecture
+
+This package is the reusable backend framework behind App Connect server deployments.
+
+Its job is to expose a stable HTTP surface, persist shared state, and delegate CRM-specific work to registered connectors.
+
+## Main Entry Points
+
+`index.js` exports the package assembly surface:
+
+| Export | Purpose |
+| --- | --- |
+| `createCoreApp(options)` | Builds an Express app, installs middleware, and mounts the shared router |
+| `createCoreMiddleware()` | Returns the common JSON, XML, and CORS middleware stack |
+| `createCoreRouter()` | Creates the shared route layer without creating a full app |
+| `initializeCore(options)` | Initializes analytics and database synchronization |
+| `connectorRegistry` | Global registry for manifests, release notes, connectors, and interface composition |
+| `proxyConnector` | Proxy-driven connector implementation used for config-based integrations |
+| `DebugTracer` | Request-level debug tracing helper |
+
+## Runtime Responsibilities
+
+`index.js` owns the framework assembly:
+
+- configures local DynamoDB support when `DYNAMODB_LOCALHOST` is set
+- installs an axios interceptor in local-style environments
+- syncs Sequelize models on startup unless `DISABLE_SYNC_DB_TABLE` or `skipDatabaseInit` disables it
+- adds the `hashedRcExtensionId` column to `users` if an older schema is missing it
+- mounts all shared HTTP routes
+- exposes dev-only mock routes when `IS_PROD === 'false'`
+
+## Request Flow
+
+The non-MCP request path is:
+
+1. Express receives a request through `createCoreApp()` or `createCoreRouter()`.
+2. Core middleware parses JSON or XML and applies CORS defaults.
+3. Route handlers in `index.js` decode JWTs, gather analytics metadata, and call a shared handler.
+4. Handlers load the current user and connector, refresh auth if needed, and call the connector operation.
+5. Models persist linkage data such as user sessions, call log ids, cached account data, and plugin task state.
+6. Libraries compose payloads, normalize errors, emit analytics, and handle logging.
+
+## Connector-Centered Design
+
+The package keeps route shapes and handler logic shared across platforms by pushing CRM-specific behavior behind the connector interface.
+
+Important consequences:
+
+- handlers decide when to load a connector and how to authenticate against it
+- connectors decide how to talk to a CRM
+- proxy connectors make many integrations data-driven instead of code-driven
+- registry-level interface composition lets a platform add methods without mutating the original connector object
+
+## Persistence Layers
+
+There are two storage styles in this package:
+
+- Sequelize models for relational/shared application state
+- Dynamoose models for selected operational state such as proxy connector definitions, distributed locks, and note cache entries
+
+`AccountDataModel` also stores encrypted shared API-key auth values. Shared auth intentionally stays separate from `AdminConfigModel.userMappings`:
+
+- `managed-auth-org` stores account-scoped encrypted auth field values
+- `managed-auth-user` stores per-extension encrypted auth field values
+- server-side logging user mapping continues to live in admin config and is not reused for managed auth
+
+## Cross-Cutting Concerns
+
+Several concerns are applied in multiple modules:
+
+- OAuth refresh via `lib/oauth.js`
+- RingCentral admin and reporting helpers via `lib/ringcentral.js`
+- response-safe error shaping via `lib/errorHandler.js`
+- analytics events via `lib/analytics.js`
+- opt-in debug traces via `lib/debugTracer.js`
+- structured server logging via `lib/logger.js`
+
+## Important Environment Variables
+
+| Variable | Why it matters |
+| --- | --- |
+| `DATABASE_URL` | Sequelize connection string |
+| `DISABLE_SYNC_DB_TABLE` | Skips model sync in `initDB()` |
+| `MIXPANEL_TOKEN` | Enables analytics tracking |
+| `APP_SERVER_SECRET_KEY` | Signs and verifies JWTs and encrypts stored managed auth values |
+| `HASH_KEY` | Hashes RingCentral account and extension identifiers |
+| `DYNAMODB_LOCALHOST` | Points Dynamoose to a local endpoint |
+| `IS_PROD` | Enables local-only logging and mock routes when set to `'false'` |
+| `OVERRIDE_APP_SERVER` | Overrides manifest server URL in `GET /crmManifest` |
+| `OVERRIDE_SERVER_SIDE_LOGGING_SERVER` | Overrides manifest server-side logging URL in `GET /crmManifest` |
+| `RINGCENTRAL_SERVER` | Used by RingCentral OAuth and reporting helpers |
+| `RINGCENTRAL_CLIENT_ID` | Used by RingCentral OAuth and reporting helpers |
+| `RINGCENTRAL_CLIENT_SECRET` | Used by RingCentral OAuth and reporting helpers |

package/docs/connectors.md

@@ -0,0 +1,117 @@
+# Connectors
+
+Connectors are the extension seam that lets the shared framework support multiple CRMs.
+
+## Registry
+
+`connector/registry.js` exports a singleton `ConnectorRegistry`.
+
+### Responsibilities
+
+- register connector implementations by platform name
+- store manifests by platform
+- store release notes
+- register extra interface methods per platform
+- compose registered interfaces onto a connector at read time
+- fall back to the `proxy` connector when a platform-specific connector is missing
+
+### Important behavior
+
+| Method | Notes |
+| --- | --- |
+| `registerConnector()` | Validates that the connector implements `createCallLog` and `updateCallLog` |
+| `getConnector()` | Returns the original connector, an interface-only connector, a composed connector, or the proxy connector fallback |
+| `registerConnectorInterface()` | Adds methods without mutating the original connector object |
+| `getManifest(platform, fallbackToDefault)` | Throws if no manifest exists |
+| `getConnectorCapabilities()` | Summarizes original methods, composed methods, registered interfaces, and auth type |
+
+## Proxy Connector
+
+The proxy connector makes integrations configurable through stored connector metadata instead of custom connector code.
+
+### Files
+
+| File | Role |
+| --- | --- |
+| `connector/proxy/index.js` | User-facing connector implementation for auth, contacts, call logs, message logs, dispositions, and logout |
+| `connector/proxy/engine.js` | Low-level request templating, auth header creation, and response mapping |
+
+### What `proxy/index.js` does
+
+- loads proxy config from `models/dynamo/connectorSchema.js`
+- resolves auth type from config, defaulting to `apiKey`
+- builds `getOauthInfo()` for OAuth-style proxy integrations
+- performs `getUserInfo()`, `findContact()`, `createContact()`, `findContactWithName()`, `createCallLog()`, `getCallLog()`, `updateCallLog()`, `createMessageLog()`, `updateMessageLog()`, `upsertCallDisposition()`, and `getUserList()`
+- clears stored tokens in `unAuthorize()`
+- exposes connector-specific log format through `meta.logFormat`
+
+### What `proxy/engine.js` does
+
+- resolves dot-path expressions with `getByPath()`
+- renders template strings like `{{ user.accessToken }}`
+- recursively renders query params, headers, and bodies
+- composes auth headers from operation-specific or global auth config
+- performs axios requests from the rendered config
+- maps contact and call-log responses into App Connect's shared shape
+
+## Developer Portal Helpers
+
+`connector/developerPortal.js` wraps public API calls to the App Connect Developer Portal.
+
+Exports:
+
+- `getPublicConnectorList()`
+- `getPrivateConnectorList()`
+- `getConnectorManifest()`
+
+These functions are small fetch helpers and return `null` on failure after logging.
+
+## Mock Connector Helpers
+
+`connector/mock.js` is not a full connector implementation. It is a development helper used by the dev-only mock routes.
+
+Exports:
+
+- `createUser()`
+- `deleteUser()`
+- `getCallLog()`
+- `createCallLog()`
+- `cleanUpMockLogs()`
+
+## Connector Contract In Practice
+
+The shared framework expects these methods most often:
+
+- `getAuthType()`
+- `getOauthInfo()` or `getBasicAuth()`
+- `getUserInfo()`
+- `authValidation()`
+- `createCallLog()`
+- `updateCallLog()`
+- `getCallLog()`
+- `createMessageLog()`
+- `updateMessageLog()`
+- `findContact()`
+- `createContact()`
+- `findContactWithName()`
+- `unAuthorize()`
+- optional methods such as `getUserList()`, `getLicenseStatus()`, `upsertCallDisposition()`, `getServerLoggingSettings()`, `updateServerLoggingSettings()`, and `onUpdateUserSettings()`
+
+## API-Key Managed Auth Fields
+
+`apiKey` connector manifests can now annotate auth fields in `platform.auth.apiKey.page.content[]` with:
+
+- `managed?: boolean`
+- `managedScope?: 'account' | 'user'`
+- `hidden?: boolean`
+
+Behavior:
+
+- `managed: true` marks a field as eligible for admin-managed storage and server-side auto-fill
+- `managedScope: 'account'` stores one encrypted value per RingCentral account
+- `managedScope: 'user'` stores encrypted values per RingCentral extension inside that account
+- `hidden: true` hides input field from users
+- stored managed auth values are encrypted at rest by default
+
+This does not change the connector runtime contract. `handlers/auth.onApiKeyLogin()` still resolves the manifest-driven auth payload and passes the final field map through `additionalInfo` into connector `getUserInfo()`. Existing connectors like Redtail that already read extra API-key fields from `additionalInfo` remain compatible.
+

package/docs/handlers.md

@@ -0,0 +1,125 @@
+# Handlers
+
+Handlers contain the shared business workflows behind the route layer.
+
+## Handler Overview
+
+| File | Responsibility | Main exports |
+| --- | --- | --- |
+| `handlers/auth.js` | Connector login, OAuth callback handling, user persistence, and auth validation | `onOAuthCallback`, `onApiKeyLogin`, `authValidation`, `getLicenseStatus`, `onRingcentralOAuthCallback` |
+| `handlers/contact.js` | Contact search, creation, and account-data caching | `findContact`, `createContact`, `findContactWithName` |
+| `handlers/log.js` | Call logging, message logging, plugin execution, call-log lookup, and note cache writes | `createCallLog`, `updateCallLog`, `createMessageLog`, `getCallLog`, `saveNoteCache` |
+| `handlers/admin.js` | Admin settings, RingCentral reporting, server logging settings, and user mapping | `validateAdminRole`, `upsertAdminSettings`, `getAdminSettings`, `updateAdminRcTokens`, `getServerLoggingSettings`, `updateServerLoggingSettings`, `getAdminReport`, `getUserReport`, `getUserMapping`, `reinitializeUserMapping` |
+| `handlers/user.js` | User setting reads, admin/user setting merge, and updates | `getUserSettingsByAdmin`, `getUserSettings`, `updateUserSettings` |
+| `handlers/disposition.js` | Call-disposition writes against an existing log | `upsertCallDisposition` |
+| `handlers/calldown.js` | User-owned call-down scheduling | `schedule`, `list`, `remove`, `markCalled`, `update` |
+| `handlers/plugin.js` | Async plugin task polling and cleanup | `getPluginAsyncTasks` |
+| `handlers/managedAuth.js` | Shared API-key auth field discovery, secure storage, and login-time field resolution | `getManagedAuthAdminSettings`, `getManagedAuthState`, `resolveApiKeyLoginFields`, `upsertOrgManagedAuthValues`, `upsertUserManagedAuthValues` |
+
+## Common Execution Pattern
+
+Most connector-backed handlers follow the same sequence:
+
+1. Load the current `UserModel` row.
+2. Derive `proxyId` and optional proxy configuration from `platformAdditionalInfo`.
+3. Resolve the connector from `connectorRegistry`.
+4. Ask the connector for its auth type.
+5. Refresh OAuth tokens through `lib/oauth.js` or build API-key auth.
+6. Call the connector method with normalized inputs.
+7. Return a shared `successful` plus `returnMessage` shape.
+
+## `auth.js`
+
+Key behavior:
+
+- `onOAuthCallback()` completes the external OAuth code exchange, calls `getUserInfo()`, and persists the user through `saveUserInfo()`.
+- `onApiKeyLogin()` uses connector-provided basic-auth construction and the same user persistence path.
+- `onApiKeyLogin()` resolves shared API-key fields from `handlers/managedAuth.js`, ignores end-user overrides for shared fields, and returns `missingRequiredFieldConsts` when required fields are missing.
+- `saveUserInfo()` updates or creates `UserModel`, preserving existing `platformAdditionalInfo` keys and adding `proxyId`.
+- `authValidation()` refreshes OAuth tokens when needed, then delegates session validation to the connector.
+- `getLicenseStatus()` is connector-defined and only wrapped here.
+- `onRingcentralOAuthCallback()` stores admin RingCentral tokens in `AdminConfigModel`.
+
+## `contact.js`
+
+Key behavior:
+
+- `findContact()` checks `AccountDataModel` cache first using `contact-${phoneNumber}` as the data key.
+- Found contacts are cached per `rcAccountId` and `platformName`.
+- Cache refresh can be forced with `isForceRefreshAccountData`.
+- Missing or expired users return warning-style response objects rather than throwing.
+- `findContactWithName()` mirrors the phone lookup path without the account-data cache.
+
+Known caveat called out in code:
+
+- account-data contact caching assumes one RingCentral account does not need separate caches for multiple CRM platforms at the same time
+
+## `log.js`
+
+This is the heaviest handler in the package.
+
+Key responsibilities:
+
+- prevents duplicate call-log creation by checking `CallLogModel` on `sessionId`
+- loads note cache from DynamoDB when `USE_CACHE` and server-side call logging are enabled
+- runs configured plugins before creating or updating logs
+- composes log body content with `composeCallLog()` or `composeSharedSMSLog()`
+- stores local mappings between telephony ids and CRM log ids
+- handles normal SMS, fax, group SMS, and shared SMS cases
+- enriches tracking metadata for analytics callers
+
+Important persistence behavior:
+
+- `CallLogModel` stores the App Connect to CRM mapping for call logs
+- `MessageLogModel` stores the App Connect to CRM mapping for message logs
+- `CacheModel` stores async plugin task state
+- `NoteCache` stores temporary notes keyed by session id
+
+## `admin.js`
+
+Key responsibilities:
+
+- validates RingCentral admin role from the current extension token
+- validates arbitrary RingCentral user tokens with `validateRcUserToken()`
+- stores and reads account-level admin configuration
+- stores admin OAuth tokens used for RingCentral reporting
+- fetches call aggregation and user activity metrics from RingCentral
+- delegates server-side logging settings to connector-specific methods when available
+- builds CRM user to RingCentral extension mappings through `getUserList()`
+
+## `user.js`
+
+This module is mainly about merging account-level policy with per-user preferences.
+
+Rules implemented here:
+
+- if no admin settings exist, return user settings directly
+- admin settings can override or hide user settings
+- plugin settings merge at both the plugin level and nested config-field level
+- connectors can intercept setting updates with `onUpdateUserSettings()`
+
+## Smaller Handler Modules
+
+`disposition.js`:
+
+- requires an existing local call-log mapping before writing disposition data
+
+`calldown.js`:
+
+- decodes the JWT directly
+- keeps operations scoped to the authenticated user
+- supports schedule, list, remove, mark-as-called, and partial update flows
+
+`plugin.js`:
+
+- returns cached async task status
+- deletes terminal task cache records after the client reads them
+
+`managedAuth.js`:
+
+- reads API-key field definitions from either the developer portal manifest or the connector registry manifest
+- isolates managed field definitions with `managed: true` and `managedScope` (`account` or `user`)
+- encrypts managed auth values before writing to `AccountDataModel`
+- provides admin views with stored values using `{ hasValue, value }` while keeping database values encrypted at rest
+- resolves login fields by merging stored managed values and non-managed end-user inputs
+

package/docs/libraries.md

@@ -0,0 +1,101 @@
+# Libraries
+
+The `lib/` directory contains cross-cutting helpers used by routes, handlers, and connectors.
+
+## Infrastructure And Security
+
+| File | Responsibility |
+| --- | --- |
+| `lib/jwt.js` | Signs and verifies long-lived JWTs with `APP_SERVER_SECRET_KEY` |
+| `lib/oauth.js` | Builds OAuth clients and refreshes access tokens with lock protection |
+| `lib/authSession.js` | Stores and updates auth-session records used by auth flows |
+| `lib/encode.js` | Small encoding and decoding helpers for encrypted values |
+| `lib/errorHandler.js` | Normalizes API and database errors and exports Express error middleware |
+| `lib/logger.js` | Structured logger plus exported `Logger` class and log-level constants |
+| `lib/debugTracer.js` | Request-scoped trace collector used when debug mode is enabled |
+| `lib/s3ErrorLogReport.js` | S3 bucket setup and presigned upload URL generation for debug reports |
+
+## RingCentral And Analytics Helpers
+
+| File | Responsibility |
+| --- | --- |
+| `lib/ringcentral.js` | RingCentral API wrapper plus token-validity helpers |
+| `lib/analytics.js` | Mixpanel initialization and event tracking |
+| `lib/generalErrorMessage.js` | Shared user-facing warning messages for auth and rate-limit cases |
+
+## Formatting And Utility Helpers
+
+| File | Responsibility |
+| --- | --- |
+| `lib/callLogComposer.js` | Builds plain text, HTML, or Markdown call-log bodies |
+| `lib/sharedSMSComposer.js` | Builds shared-SMS conversation log content |
+| `lib/constants.js` | Defines `LOG_DETAILS_FORMAT_TYPE` values |
+| `lib/util.js` | Hashing, timezone lookup, media-reader links, plugin setting extraction, and date helpers |
+
+## Notes By File
+
+### `lib/analytics.js`
+
+- no-op unless `MIXPANEL_TOKEN` is present
+- attaches package version, app name, connector name, browser, OS, device, and caller metadata to events
+- requires `extensionId` to emit an event
+
+### `lib/jwt.js`
+
+- `generateJwt()` signs with a very long expiration window
+- `decodeJwt()` logs and returns `null` on verification failure instead of throwing
+
+### `lib/errorHandler.js`
+
+Exports:
+
+- `handleApiError()`
+- `handleDatabaseError()`
+- `asyncHandler()`
+- `errorMiddleware()`
+- `getOperationErrorMessage()`
+
+Notable behavior:
+
+- HTTP 429 becomes a rate-limit warning
+- HTTP 4xx up to 409 becomes an authorization-style warning
+- everything else becomes an operation-specific warning response
+
+### `lib/callLogComposer.js`
+
+This module centralizes log-body generation for call logs.
+
+It supports:
+
+- plain text
+- HTML
+- Markdown
+- note insertion
+- session id, subject, duration, result, recording, and timestamp formatting
+- transcript and AI note insertion
+- leg journey formatting
+- RingSense transcript, summary, score, bullet summary, and deep link sections
+
+### `lib/sharedSMSComposer.js`
+
+This module formats shared SMS conversations for CRM logging.
+
+It handles:
+
+- message, note, and assignment entities
+- owner and assignee metadata
+- per-format output generation
+- summary counts and formatted timeline entries
+
+### `lib/util.js`
+
+Exports:
+
+- `getTimeZone()`
+- `getHashValue()`
+- `secondsToHoursMinutesSeconds()`
+- `getMostRecentDate()`
+- `getMediaReaderLinkByPlatformMediaLink()`
+- `getPluginsFromUserSettings()`
+
+`getPluginsFromUserSettings()` is especially important because logging handlers use it to discover which plugins should run for call, SMS, or fax workflows.