@app-connect/core 1.7.23 → 1.7.25

package/connector/developerPortal.js

@@ -12,21 +12,11 @@ async function getPublicConnectorList() {
     }
 }
 
-async function getPrivateConnectorList() {
-    try {
-        const response = await axios.get(`https://appconnect.labs.ringcentral.com/public-api/connectors/internal?accountId=${process.env.RC_ACCOUNT_ID}`);
-        return response.data;
-    } catch (error) {
-        logger.error('Error getting private connector list:', error);
-        return null;
-    }
-}
-
-async function getConnectorManifest({ connectorId, isPrivate = false }) {
+async function getConnectorManifest({ rcAccountId, connectorId, isPrivate = false }) {
     try {
         let response = null;
         if (isPrivate) {
-            response = await axios.get(`https://appconnect.labs.ringcentral.com/public-api/connectors/${connectorId}/manifest?access=internal&type=connector&accountId=${process.env.RC_ACCOUNT_ID}`);
+            response = await axios.get(`https://appconnect.labs.ringcentral.com/public-api/connectors/${connectorId}/manifest?access=internal&type=connector&accountId=${rcAccountId}`);
         }
         else {
             response = await axios.get(`https://appconnect.labs.ringcentral.com/public-api/connectors/${connectorId}/manifest`);
@@ -39,5 +29,4 @@ async function getConnectorManifest({ connectorId, isPrivate = false }) {
 }
 
 exports.getPublicConnectorList = getPublicConnectorList;
-exports.getPrivateConnectorList = getPrivateConnectorList;
 exports.getConnectorManifest = getConnectorManifest;

package/connector/proxy/engine.js

@@ -79,9 +79,10 @@ function buildHeaders({ config, operation, authHeader, context }) {
 async function performRequest({ config, opName, inputs, user, authHeader }) {
   const op = config.operations?.[opName];
   if (!op) return null;
+  const accessToken = user?.accessToken ?? inputs?.apiKey ?? '';
   const context = Object.assign({}, inputs, {
     user: user ? {
-      accessToken: user.accessToken,
+      accessToken,
       id: user.id?.split('-')[0],
       hostname: user.hostname,
       timezoneName: user.timezoneName,
@@ -91,10 +92,10 @@ async function performRequest({ config, opName, inputs, user, authHeader }) {
       refreshToken: user.refreshToken,
       tokenExpiry: user.tokenExpiry,
     } : {
-      accessToken: '',
+      accessToken,
     },
     authHeader,
-    apiKey: user?.accessToken,
+    apiKey: accessToken,
     secretKey: config.secretKey,
   });
   const url = joinUrl(config.requestDefaults?.baseUrl, renderTemplateString(op.url, context));

package/docs/connectors.md

@@ -61,7 +61,6 @@ The proxy connector makes integrations configurable through stored connector met
 Exports:
 
 - `getPublicConnectorList()`
-- `getPrivateConnectorList()`
 - `getConnectorManifest()`
 
 These functions are small fetch helpers and return `null` on failure after logging.

package/handlers/admin.js

@@ -6,6 +6,7 @@ const { RingCentral } = require('../lib/ringcentral');
 const { Connector } = require('../models/dynamo/connectorSchema');
 const logger = require('../lib/logger');
 const { handleDatabaseError } = require('../lib/errorHandler');
+const { getHashValue } = require('../lib/util');
 
 const CALL_AGGREGATION_GROUPS = ["Company", "CompanyNumbers", "Users", "Queues", "IVRs", "IVAs", "SharedLines", "UserGroups", "Sites", "Departments"]
 const RC_EXTENSION_ENDPOINT = 'https://platform.ringcentral.com/restapi/v1.0/account/~/extension/~';
@@ -108,7 +109,8 @@ async function getAdminReport({ rcAccountId, timezone, timeFrom, timeTo, groupBy
             clientSecret: process.env.RINGCENTRAL_CLIENT_SECRET,
             redirectUri: `${process.env.APP_SERVER}/ringcentral/oauth/callback`
         });
-        let adminConfig = await AdminConfigModel.findByPk(rcAccountId);
+        const hashedRcAccountId = getHashValue(rcAccountId, process.env.HASH_KEY);
+        let adminConfig = await AdminConfigModel.findByPk(hashedRcAccountId);
         const isTokenExpired = adminConfig.adminTokenExpiry < new Date();
         if (isTokenExpired) {
             const { access_token, refresh_token, expire_time } = await rcSDK.refreshToken({
@@ -116,7 +118,7 @@ async function getAdminReport({ rcAccountId, timezone, timeFrom, timeTo, groupBy
                 expires_in: adminConfig.adminTokenExpiry,
                 refresh_token_expires_in: adminConfig.adminTokenExpiry
             });
-            adminConfig = await AdminConfigModel.update({ adminAccessToken: access_token, adminRefreshToken: refresh_token, adminTokenExpiry: expire_time }, { where: { id: rcAccountId } });
+            adminConfig = await AdminConfigModel.update({ adminAccessToken: access_token, adminRefreshToken: refresh_token, adminTokenExpiry: expire_time }, { where: { id: hashedRcAccountId } });
         }
         const callsAggregationData = await rcSDK.getCallsAggregationData({
             token: { access_token: adminConfig.adminAccessToken, token_type: 'Bearer' },
@@ -177,7 +179,8 @@ async function getUserReport({ rcAccountId, rcExtensionId, timezone, timeFrom, t
             clientSecret: process.env.RINGCENTRAL_CLIENT_SECRET,
             redirectUri: `${process.env.APP_SERVER}/ringcentral/oauth/callback`
         });
-        let adminConfig = await AdminConfigModel.findByPk(rcAccountId);
+        const hashedRcAccountId = getHashValue(rcAccountId, process.env.HASH_KEY);
+        let adminConfig = await AdminConfigModel.findByPk(hashedRcAccountId);
         const isTokenExpired = adminConfig.adminTokenExpiry < new Date();
         if (isTokenExpired) {
             const { access_token, refresh_token, expire_time } = await rcSDK.refreshToken({
@@ -185,7 +188,7 @@ async function getUserReport({ rcAccountId, rcExtensionId, timezone, timeFrom, t
                 expires_in: adminConfig.adminTokenExpiry,
                 refresh_token_expires_in: adminConfig.adminTokenExpiry
             });
-            adminConfig = await AdminConfigModel.update({ adminAccessToken: access_token, adminRefreshToken: refresh_token, adminTokenExpiry: expire_time }, { where: { id: rcAccountId } });
+            adminConfig = await AdminConfigModel.update({ adminAccessToken: access_token, adminRefreshToken: refresh_token, adminTokenExpiry: expire_time }, { where: { id: hashedRcAccountId } });
         }
         const callLogData = await rcSDK.getCallLogData({
             extensionId: rcExtensionId,

package/handlers/auth.js

@@ -7,6 +7,7 @@ const adminCore = require('./admin');
 const { Connector } = require('../models/dynamo/connectorSchema');
 const { handleDatabaseError } = require('../lib/errorHandler');
 const managedAuthCore = require('./managedAuth');
+const { getHashValue } = require('../lib/util');
 
 async function onOAuthCallback({ platform, hostname, tokenUrl, query, hashedRcExtensionId, isFromMCP = false }) {
     const callbackUri = query.callbackUri;
@@ -89,7 +90,7 @@ async function onApiKeyLogin({ platform, hostname, apiKey, proxyId, rcAccountId,
     let resolvedApiKey = apiKey;
     let managedFieldDefinitions = [];
     if (rcAccountId) {
-        managedFieldDefinitions = await managedAuthCore.getManagedFieldDefinitions({ platform, connectorId, isPrivate });
+        managedFieldDefinitions = await managedAuthCore.getManagedFieldDefinitions({ rcAccountId, platform, connectorId, isPrivate });
         const shouldFallbackToManualAuth = managedFieldDefinitions.length > 0
             && await managedAuthCore.hasManagedAuthLoginFailure({ rcAccountId, platform, rcExtensionId });
         const managedAuthResult = await managedAuthCore.resolveApiKeyLoginFields({
@@ -279,8 +280,9 @@ async function onRingcentralOAuthCallback({ code, rcAccountId }) {
         redirectUri: `${process.env.APP_SERVER}/ringcentral/oauth/callback`
     });
     const { access_token, refresh_token, expire_time } = await rcSDK.generateToken({ code });
+    const hashedRcAccountId = getHashValue(rcAccountId, process.env.HASH_KEY);
     await adminCore.updateAdminRcTokens({
-        hashedRcAccountId: rcAccountId,
+        hashedRcAccountId,
         adminAccessToken: access_token,
         adminRefreshToken: refresh_token,
         adminTokenExpiry: expire_time

package/handlers/managedAuth.js

@@ -20,12 +20,12 @@ function isFilled(value) {
     return value !== undefined && value !== null && value !== '';
 }
 
-async function getApiKeyFieldDefinitions({ platform, connectorId, isPrivate = false }) {
+async function getApiKeyFieldDefinitions({ rcAccountId, platform, connectorId, isPrivate = false }) {
     if (!platform) {
         return [];
     }
     if (connectorId) {
-        const manifest = await developerPortal.getConnectorManifest({ connectorId, isPrivate });
+        const manifest = await developerPortal.getConnectorManifest({ rcAccountId, connectorId, isPrivate });
         if (manifest?.platforms?.[platform]?.auth?.apiKey?.page?.content) {
             return manifest.platforms[platform].auth.apiKey.page.content;
         }
@@ -39,8 +39,8 @@ async function getApiKeyFieldDefinitions({ platform, connectorId, isPrivate = fa
     }
 }
 
-async function getManagedFieldDefinitions({ platform, connectorId, isPrivate = false }) {
-    const fieldDefinitions = await getApiKeyFieldDefinitions({ platform, connectorId, isPrivate });
+async function getManagedFieldDefinitions({ rcAccountId, platform, connectorId, isPrivate = false }) {
+    const fieldDefinitions = await getApiKeyFieldDefinitions({ rcAccountId, platform, connectorId, isPrivate });
     return fieldDefinitions.filter(field => field?.managed);
 }
 
@@ -247,7 +247,7 @@ function getStoredFieldValue({ value }) {
 }
 
 async function getManagedAuthAdminSettings({ platform, rcAccountId, connectorId, isPrivate = false }) {
-    const fieldDefinitions = await getManagedFieldDefinitions({ platform, connectorId, isPrivate });
+    const fieldDefinitions = await getManagedFieldDefinitions({ rcAccountId, platform, connectorId, isPrivate });
     const orgFieldDefinitions = fieldDefinitions.filter(field => field.managedScope === 'account');
     const userFieldDefinitions = fieldDefinitions.filter(field => field.managedScope === 'user');
     const orgValues = await getOrgManagedAuthValues({ rcAccountId, platform });
@@ -307,7 +307,7 @@ async function getManagedAuthAdminSettings({ platform, rcAccountId, connectorId,
 }
 
 async function getManagedAuthState({ platform, rcAccountId, rcExtensionId, connectorId, isPrivate = false }) {
-    const fieldDefinitions = await getApiKeyFieldDefinitions({ platform, connectorId, isPrivate });
+    const fieldDefinitions = await getApiKeyFieldDefinitions({ rcAccountId, platform, connectorId, isPrivate });
     const managedFieldDefinitions = fieldDefinitions.filter(field => field?.managed);
     const orgValues = await getOrgManagedAuthValues({ rcAccountId, platform });
     const userValues = await getUserManagedAuthValues({ rcAccountId, platform, rcExtensionId });
@@ -367,7 +367,7 @@ async function getManagedAuthState({ platform, rcAccountId, rcExtensionId, conne
 }
 
 async function resolveApiKeyLoginFields({ platform, rcAccountId, rcExtensionId, connectorId, isPrivate = false, apiKey, additionalInfo = {}, preferSubmittedValuesForManagedFields = false }) {
-    const fieldDefinitions = await getApiKeyFieldDefinitions({ platform, connectorId, isPrivate });
+    const fieldDefinitions = await getApiKeyFieldDefinitions({ rcAccountId, platform, connectorId, isPrivate });
     const resolvedAdditionalInfo = {
         ...(additionalInfo ?? {})
     };

package/index.js

@@ -89,6 +89,19 @@ async function initDB() {
             await UserModel.sync();
             logger.info('hashedRcExtensionId column added to users table');
         }
+
+        // if LlmSessionModel doesn't have expiry column, add it
+        const llmSessionTableName = LlmSessionModel.getTableName();
+        const llmSessionTableSchema = await queryInterface.describeTable(llmSessionTableName);
+        if (!llmSessionTableSchema.expiry) {
+            logger.info('adding expiry column to llmSessions table...');
+            await queryInterface.addColumn(llmSessionTableName, 'expiry', {
+                type: Sequelize.DATE,
+                allowNull: true,
+            });
+            await LlmSessionModel.sync();
+            logger.info('expiry column added to llmSessions table');
+        }
     }
 }
 
@@ -1165,13 +1178,13 @@ function createCoreRouter() {
                 res.status(400).send(tracer ? tracer.wrapResponse('Missing platform name') : 'Missing platform name');
                 return;
             }
-            if (!rcAccessToken) {
-                res.status(400).send(tracer ? tracer.wrapResponse('Missing RingCentral access token') : 'Missing RingCentral access token');
-                return;
+            let rcAccountId = null;
+            let rcExtensionId = null;
+            if (rcAccessToken) {
+                const rcUserTokenResult = await adminCore.validateRcUserToken({ rcAccessToken });
+                rcAccountId = rcUserTokenResult.rcAccountId;
+                rcExtensionId = rcUserTokenResult.rcExtensionId;
             }
-            const rcUserTokenResult = await adminCore.validateRcUserToken({ rcAccessToken });
-            const rcAccountId = rcUserTokenResult.rcAccountId;
-            const rcExtensionId = rcUserTokenResult.rcExtensionId;
             const { userInfo, returnMessage } = await authCore.onApiKeyLogin({
                 platform,
                 hostname,

package/lib/authSession.js

@@ -7,7 +7,20 @@
 const { CacheModel } = require('../models/cacheModel');
 
 const AUTH_SESSION_PREFIX = 'auth-session';
-const SESSION_EXPIRY_MINUTES = 5;
+const PENDING_SESSION_EXPIRY_MINUTES = 5;
+const SETTLED_SESSION_EXPIRY_MINUTES = 15;
+
+function getSessionRecordId(sessionId) {
+    return `${AUTH_SESSION_PREFIX}-${sessionId}`;
+}
+
+function getExpiry(minutes) {
+    return new Date(Date.now() + minutes * 60 * 1000);
+}
+
+function isExpired(record) {
+    return Boolean(record?.expiry && record.expiry <= new Date());
+}
 
 /**
  * Create (or reset) an auth session.
@@ -16,9 +29,13 @@ const SESSION_EXPIRY_MINUTES = 5;
  * correctly for the new attempt.
  */
 async function createAuthSession(sessionId, data) {
-    const id = `${AUTH_SESSION_PREFIX}-${sessionId}`;
-    const expiry = new Date(Date.now() + SESSION_EXPIRY_MINUTES * 60 * 1000);
-    const sessionData = { ...data, createdAt: new Date().toISOString() };
+    const id = getSessionRecordId(sessionId);
+    const expiry = getExpiry(PENDING_SESSION_EXPIRY_MINUTES);
+    const sessionData = {
+        platform: data.platform,
+        hostname: data.hostname || '',
+        createdAt: new Date().toISOString(),
+    };
 
     const existing = await CacheModel.findByPk(id);
     if (existing) {
@@ -39,10 +56,21 @@ async function createAuthSession(sessionId, data) {
  * Get an auth session by ID
  */
 async function getAuthSession(sessionId) {
-    const record = await CacheModel.findByPk(`${AUTH_SESSION_PREFIX}-${sessionId}`);
-    
+    const record = await CacheModel.findByPk(getSessionRecordId(sessionId));
+
     if (!record) return null;
-    
+
+    if (isExpired(record)) {
+        if (record.status !== 'expired') {
+            await record.update({ status: 'expired' });
+        }
+        return {
+            sessionId: record.userId,
+            status: 'expired',
+            ...record.data
+        };
+    }
+
     return {
         sessionId: record.userId,
         status: record.status,
@@ -54,18 +82,22 @@ async function getAuthSession(sessionId) {
  * Update an auth session
  */
 async function updateAuthSession(sessionId, data) {
-    const record = await CacheModel.findByPk(`${AUTH_SESSION_PREFIX}-${sessionId}`);
-    
+    const record = await CacheModel.findByPk(getSessionRecordId(sessionId));
+
     if (!record) return;
-    
+
     const existingData = record.data || {};
+    const nextStatus = data.status || record.status;
     await record.update({
-        status: data.status || record.status,
+        status: nextStatus,
         data: {
             ...existingData,
             ...data,
             updatedAt: new Date().toISOString()
-        }
+        },
+        expiry: nextStatus === 'pending'
+            ? getExpiry(PENDING_SESSION_EXPIRY_MINUTES)
+            : getExpiry(SETTLED_SESSION_EXPIRY_MINUTES)
     });
 }
 

package/mcp/mcpHandler.js

@@ -7,6 +7,7 @@
  */
 
 const axios = require('axios');
+const { Op } = require('sequelize');
 const tools = require('./tools');
 const { LlmSessionModel } = require('../models/llmSessionModel');
 const { CacheModel } = require('../models/cacheModel');
@@ -23,6 +24,8 @@ const path = require('path');
  */
 const WIDGET_VERSION = 10;
 const WIDGET_URI = `ui://widget/ConnectorList-v${WIDGET_VERSION}.html`;
+const RC_EXTENSION_CACHE_KEY = 'rcExtensionId';
+const RC_EXTENSION_CACHE_STATUS = 'resolved';
 
 const JSON_RPC_INTERNAL_ERROR = -32603;
 const JSON_RPC_METHOD_NOT_FOUND = -32601;
@@ -104,7 +107,7 @@ async function resolveSessionContext(rcAccessToken, openaiSessionId) {
 
     if (openaiSessionId) {
         try {
-            const cached = await CacheModel.findByPk(`${openaiSessionId}-rcExtensionId`);
+            const cached = await CacheModel.findByPk(`${openaiSessionId}-${RC_EXTENSION_CACHE_KEY}`);
             if (cached?.data?.rcExtensionId && (!cached.expiry || cached.expiry > new Date())) {
                 return { rcExtensionId: cached.data.rcExtensionId };
             }
@@ -118,11 +121,11 @@ async function resolveSessionContext(rcAccessToken, openaiSessionId) {
         rcExtensionId = await resolveRcExtensionId(rcAccessToken);
         if (openaiSessionId && rcExtensionId) {
             await CacheModel.upsert({
-                id: `${openaiSessionId}-rcExtensionId`,
+                id: `${openaiSessionId}-${RC_EXTENSION_CACHE_KEY}`,
                 userId: openaiSessionId,
-                cacheKey: 'rcExtensionId',
+                cacheKey: RC_EXTENSION_CACHE_KEY,
                 data: { rcExtensionId },
-                status: 'active',
+                status: RC_EXTENSION_CACHE_STATUS,
                 expiry: new Date(Date.now() + 24 * 60 * 60 * 1000), // 24h TTL
             });
         }
@@ -203,15 +206,34 @@ async function handleMcpRequest(req, res) {
                     toolArgs.rcExtensionId = rcExtensionId;
                     if (!toolArgs.jwtToken) {
                         let llmSession = await LlmSessionModel.findByPk(rcExtensionId);
+                        if (llmSession?.expiry && llmSession.expiry < new Date()) {
+                            await LlmSessionModel.destroy({ where: { id: rcExtensionId } });
+                            llmSession = null;
+                        }
                         if (!llmSession?.jwtToken && openaiSessionId) {
                             const fallback = await LlmSessionModel.findByPk(openaiSessionId);
                             if (fallback?.jwtToken) {
-                                await LlmSessionModel.upsert({ id: rcExtensionId, jwtToken: fallback.jwtToken });
-                                llmSession = fallback;
+                                const { id: fallbackUserId } = jwt.decodeJwt(fallback.jwtToken);
+                                const fallbackUser = fallbackUserId
+                                    ? await UserModel.findByPk(fallbackUserId)
+                                    : null;
+                                if (fallbackUser?.accessToken) {
+                                    await LlmSessionModel.upsert({ id: rcExtensionId, jwtToken: fallback.jwtToken, expiry: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000) });
+                                    llmSession = fallback;
+                                }
                             }
-                            else {
+                            if (!llmSession?.jwtToken) {
                                 const hashedRcExtensionId = getHashValue(rcExtensionId, process.env.HASH_KEY);
-                                const user = await UserModel.findOne({ where: { hashedRcExtensionId } });
+                                const user = await UserModel.findOne({
+                                    where: {
+                                        hashedRcExtensionId,
+                                        [Op.and]: [
+                                            { accessToken: { [Op.not]: null } },
+                                            { accessToken: { [Op.ne]: '' } },
+                                        ],
+                                    },
+                                    order: [['updatedAt', 'DESC']],
+                                });
                                 if (user?.accessToken) {
                                     await LlmSessionModel.upsert({
                                         id: rcExtensionId,
@@ -219,6 +241,7 @@ async function handleMcpRequest(req, res) {
                                             id: user.id.toString(),
                                             platform: user.platform
                                         }),
+                                        expiry: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000)
                                     });
                                     llmSession = await LlmSessionModel.findByPk(rcExtensionId);
                                 }

package/mcp/tools/checkAuthStatus.js

@@ -3,7 +3,7 @@ const { LlmSessionModel } = require('../../models/llmSessionModel');
 
 /**
  * MCP Tool: Check Auth Status
- * 
+ *
  * Polls the status of an ongoing OAuth authentication session
  */
 
@@ -37,7 +37,7 @@ const toolDefinition = {
 async function execute(args) {
     try {
         // rcExtensionId is injected by mcpHandler after verifying the RC access
-        // token.  Using it as the DB key binds the CRM credential to a verified
+        // token. Using it as the DB key binds the CRM credential to a verified
         // RC identity.
         const { sessionId, rcExtensionId } = args;
         if (!rcExtensionId) {
@@ -53,16 +53,12 @@ async function execute(args) {
         }
 
         switch (session.status) {
-            case 'completed': {
-                // Guard against duplicate DB writes if polled concurrently
-                try {
-                    await LlmSessionModel.create({
-                        id: rcExtensionId,
-                        jwtToken: session.jwtToken
-                    });
-                } catch {
-                    // Record already exists from a prior poll — safe to ignore
-                }
+            case 'completed':
+                await LlmSessionModel.upsert({
+                    id: rcExtensionId,
+                    jwtToken: session.jwtToken,
+                    expiry: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000)
+                });
                 return {
                     data: {
                         status: 'completed',
@@ -71,7 +67,14 @@ async function execute(args) {
                         message: 'IMPORTANT: Authentication successful! Keep jwtToken in memory for future use. DO NOT directly show it to user.'
                     }
                 };
-            }
+
+            case 'expired':
+                return {
+                    data: {
+                        status: 'expired',
+                        errorMessage: 'Authentication session expired. Ask the user to start the auth flow again.'
+                    }
+                };
 
             case 'failed':
                 return {
@@ -100,4 +103,3 @@ async function execute(args) {
 
 exports.definition = toolDefinition;
 exports.execute = execute;
-

package/mcp/tools/getPublicConnectors.js

@@ -1,4 +1,5 @@
 const axios = require('axios');
+const { Op } = require('sequelize');
 const { UserModel } = require('../../models/userModel');
 const { getHashValue } = require('../../lib/util');
 
@@ -56,7 +57,16 @@ async function execute({ rcAccessToken, openaiSessionId } = {}) {
 
     // Check if user session already exists from Chrome extension
     const hashedRcExtensionId = getHashValue(rcExtensionId, process.env.HASH_KEY);
-    const user = await UserModel.findOne({ where: { hashedRcExtensionId } });
+    const user = await UserModel.findOne({
+        where: {
+            hashedRcExtensionId,
+            [Op.and]: [
+                { accessToken: { [Op.not]: null } },
+                { accessToken: { [Op.ne]: '' } },
+            ],
+        },
+        order: [['updatedAt', 'DESC']],
+    });
     // Case: user exists, return user info in plain message
     if (user?.accessToken) {
         return {

package/mcp/tools/getSessionInfo.js

@@ -0,0 +1,90 @@
+const jwt = require('../../lib/jwt');
+const { UserModel } = require('../../models/userModel');
+const { RingCentral } = require('../../lib/ringcentral');
+
+/**
+ * MCP Tool: Get Session Info
+ *
+ * Returns non-sensitive information about the current MCP/CRM session.
+ */
+
+const toolDefinition = {
+    name: 'getSessionInfo',
+    description: 'Get the current user session info, including RingCentral identity and CRM connection status.',
+    inputSchema: {
+        type: 'object',
+        properties: {},
+        required: []
+    },
+    annotations: {
+        readOnlyHint: true,
+        openWorldHint: false,
+        destructiveHint: false
+    }
+};
+
+/**
+ * Execute the getSessionInfo tool
+ * @param {Object} args - Tool arguments injected by mcpHandler
+ * @param {string} [args.openaiSessionId] - OpenAI session identifier
+ * @param {string} [args.rcExtensionId] - Verified RingCentral extension identifier
+ * @param {string} [args.jwtToken] - CRM JWT token
+ * @param {string} [args.rcAccessToken] - RingCentral access token
+ * @returns {Object} Result object with session information
+ */
+async function execute(args = {}) {
+    try {
+        const {
+            openaiSessionId = null,
+            rcExtensionId = null,
+            jwtToken,
+            rcAccessToken,
+        } = args;
+
+        const decodedToken = jwtToken ? jwt.decodeJwt(jwtToken) : null;
+        const userId = decodedToken?.id ?? null;
+        const user = userId ? await UserModel.findByPk(userId) : null;
+
+        let rcExtensionInfo = null;
+        if (rcExtensionId && rcAccessToken) {
+            const rcSDK = new RingCentral({
+                server: process.env.RINGCENTRAL_SERVER,
+                clientId: process.env.RINGCENTRAL_CLIENT_ID,
+                clientSecret: process.env.RINGCENTRAL_CLIENT_SECRET,
+                redirectUri: `${process.env.APP_SERVER}/ringcentral/oauth/callback`
+            });
+            rcExtensionInfo = await rcSDK.getExtensionInfo(rcExtensionId, {
+                access_token: rcAccessToken,
+                token_type: 'Bearer'
+            });
+        }
+        return {
+            success: true,
+            data: {
+                openaiSessionId,
+                dataToShow: {
+                    isCrmAuthenticated: Boolean(decodedToken && user?.accessToken),
+                    ringcentral: {
+                        extensionId: rcExtensionId ?? null,
+                        name: rcExtensionInfo?.name ?? null,
+                    },
+                    crm: {
+                        userId,
+                        platform: decodedToken?.platform ?? user?.platform ?? null,
+                        hostname: user?.hostname ?? null
+                    }
+                }
+            }
+        };
+    }
+    catch (error) {
+        return {
+            success: false,
+            error: error.message || 'Unknown error occurred',
+            errorDetails: error.stack
+        };
+    }
+}
+
+exports.definition = toolDefinition;
+exports.execute = execute;

package/mcp/tools/index.js

@@ -8,6 +8,7 @@
 
 const getHelp = require('./getHelp');
 const getPublicConnectors = require('./getPublicConnectors');
+const getSessionInfo = require('./getSessionInfo');
 const doAuth = require('./doAuth');
 const checkAuthStatus = require('./checkAuthStatus');
 const logout = require('./logout');
@@ -15,13 +16,14 @@ const findContact = require('./findContactByPhone');
 const findContactWithName = require('./findContactByName');
 const createCallLog = require('./createCallLog');
 const rcGetCallLogs = require('./rcGetCallLogs');
-const getGoogleFilePicker = require('./getGoogleFilePicker');
+// const getGoogleFilePicker = require('./getGoogleFilePicker');
 const createContact = require('./createContact');
 
 // AI-visible MCP tools — registered in the MCP server
 module.exports.tools = [
     getHelp,
     getPublicConnectors,
+    getSessionInfo,
     logout,
     findContact,
     findContactWithName,

package/mcp/tools/logout.js

@@ -1,8 +1,11 @@
 const jwt = require('../../lib/jwt');
 const { UserModel } = require('../../models/userModel');
 const { LlmSessionModel } = require('../../models/llmSessionModel');
+const { CacheModel } = require('../../models/cacheModel');
 const connectorRegistry = require('../../connector/registry');
 
+const RC_EXTENSION_CACHE_KEY = 'rcExtensionId';
+
 /**
  * MCP Tool: Logout
  * 
@@ -38,7 +41,7 @@ function isMissingSessionTableError(error) {
  */
 async function execute(args) {
     try {
-        const { jwtToken } = args;
+        const { jwtToken, rcExtensionId, openaiSessionId } = args;
         const session = jwt.decodeJwt(jwtToken);
         if (!session?.platform || !session?.id) {
             throw new Error('Invalid JWT token');
@@ -46,6 +49,12 @@ async function execute(args) {
         const { platform, id } = session;
         try {
             await LlmSessionModel.destroy({ where: { id } });
+            if (rcExtensionId && rcExtensionId !== id) {
+                await LlmSessionModel.destroy({ where: { id: rcExtensionId } });
+            }
+            if (openaiSessionId) {
+                await CacheModel.destroy({ where: { id: `${openaiSessionId}-${RC_EXTENSION_CACHE_KEY}` } });
+            }
         }
         catch (error) {
             if (!isMissingSessionTableError(error)) {

package/models/llmSessionModel.js

@@ -10,5 +10,8 @@ exports.LlmSessionModel = sequelize.define('llmSessions', {
     },
     jwtToken: {
         type: Sequelize.STRING,
+    },
+    expiry: {
+        type: Sequelize.DATE
     }
 });

package/package.json

@@ -1,72 +1,72 @@
-{
-  "name": "@app-connect/core",
-  "version": "1.7.23",
-  "description": "RingCentral App Connect Core",
-  "main": "index.js",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/ringcentral/rc-unified-crm-extension.git"
-  },
-  "keywords": [
-    "RingCentral",
-    "App Connect"
-  ],
-  "author": "RingCentral Labs",
-  "license": "MIT",
-  "peerDependencies": {
-    "axios": "^1.12.2",
-    "express": "^4.22.1",
-    "moment": "^2.29.4",
-    "moment-timezone": "^0.5.39",
-    "pg": "^8.8.0",
-    "sequelize": "^6.29.0"
-  },
-  "dependencies": {
-    "@aws-sdk/client-dynamodb": "^3.751.0",
-    "@aws-sdk/client-s3": "^3.947.0",
-    "@aws-sdk/s3-request-presigner": "^3.947.0",
-    "@modelcontextprotocol/sdk": "^1.26.0",
-    "awesome-phonenumber": "^5.6.0",
-    "body-parser": "^1.20.4",
-    "body-parser-xml": "^2.0.5",
-    "client-oauth2": "^4.3.3",
-    "cors": "^2.8.5",
-    "country-state-city": "^3.2.1",
-    "dotenv": "^16.0.3",
-    "dynamoose": "^4.0.3",
-    "jsonwebtoken": "^9.0.0",
-    "mixpanel": "^0.18.0",
-    "shortid": "^2.2.17",
-    "tz-lookup": "^6.1.25",
-    "ua-parser-js": "^1.0.38"
-  },
-  "scripts": {
-    "test": "jest",
-    "test:watch": "jest --watch",
-    "test:coverage": "jest --coverage",
-    "test:ci": "jest --ci --coverage --watchAll=false"
-  },
-  "devDependencies": {
-    "@eslint/js": "^9.22.0",
-    "@octokit/rest": "^19.0.5",
-    "axios": "^1.12.2",
-    "eslint": "^9.22.0",
-    "express": "^4.22.1",
-    "globals": "^16.0.0",
-    "jest": "^29.3.1",
-    "moment": "^2.29.4",
-    "moment-timezone": "^0.5.39",
-    "nock": "^13.2.9",
-    "pg": "^8.8.0",
-    "sequelize": "^6.29.0",
-    "sqlite3": "^5.1.2",
-    "supertest": "^6.3.1"
-  },
-  "overrides": {
-    "js-object-utilities": "2.2.1"
-  },
-  "bugs": {
-    "url": "https://github.com/ringcentral/rc-unified-crm-extension/issues"
-  },
-  "homepage": "https://github.com/ringcentral/rc-unified-crm-extension#readme"
-}
+{
+  "name": "@app-connect/core",
+  "version": "1.7.25",
+  "description": "RingCentral App Connect Core",
+  "main": "index.js",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ringcentral/rc-unified-crm-extension.git"
+  },
+  "keywords": [
+    "RingCentral",
+    "App Connect"
+  ],
+  "author": "RingCentral Labs",
+  "license": "MIT",
+  "peerDependencies": {
+    "axios": "^1.12.2",
+    "express": "^4.22.1",
+    "moment": "^2.29.4",
+    "moment-timezone": "^0.5.39",
+    "pg": "^8.8.0",
+    "sequelize": "^6.29.0"
+  },
+  "dependencies": {
+    "@aws-sdk/client-dynamodb": "^3.751.0",
+    "@aws-sdk/client-s3": "^3.947.0",
+    "@aws-sdk/s3-request-presigner": "^3.947.0",
+    "@modelcontextprotocol/sdk": "^1.26.0",
+    "awesome-phonenumber": "^5.6.0",
+    "body-parser": "^1.20.4",
+    "body-parser-xml": "^2.0.5",
+    "client-oauth2": "^4.3.3",
+    "cors": "^2.8.5",
+    "country-state-city": "^3.2.1",
+    "dotenv": "^16.0.3",
+    "dynamoose": "^4.0.3",
+    "jsonwebtoken": "^9.0.0",
+    "mixpanel": "^0.18.0",
+    "shortid": "^2.2.17",
+    "tz-lookup": "^6.1.25",
+    "ua-parser-js": "^1.0.38"
+  },
+  "scripts": {
+    "test": "jest",
+    "test:watch": "jest --watch",
+    "test:coverage": "jest --coverage",
+    "test:ci": "jest --ci --coverage --watchAll=false"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.22.0",
+    "@octokit/rest": "^19.0.5",
+    "axios": "^1.12.2",
+    "eslint": "^9.22.0",
+    "express": "^4.22.1",
+    "globals": "^16.0.0",
+    "jest": "^29.3.1",
+    "moment": "^2.29.4",
+    "moment-timezone": "^0.5.39",
+    "nock": "^13.2.9",
+    "pg": "^8.8.0",
+    "sequelize": "^6.29.0",
+    "sqlite3": "^5.1.2",
+    "supertest": "^6.3.1"
+  },
+  "overrides": {
+    "js-object-utilities": "2.2.1"
+  },
+  "bugs": {
+    "url": "https://github.com/ringcentral/rc-unified-crm-extension/issues"
+  },
+  "homepage": "https://github.com/ringcentral/rc-unified-crm-extension#readme"
+}

package/releaseNotes.json

@@ -1,4 +1,24 @@
 {
+    "1.7.25": {
+        "global": [
+            {
+                "type": "Fix",
+                "description": "Click-to-dial render issue"
+            }
+        ]
+    },
+    "1.7.24": {
+        "global": [
+            {
+                "type": "New",
+                "description": "Click-to-dial number matcher selection in User Setting -> General"
+            },
+            {
+                "type": "Fix",
+                "description": "Error report upload"
+            }
+        ]
+    },
     "1.7.23": {
         "global": [
             {

package/test/connector/proxy/engine.test.js

@@ -88,6 +88,39 @@ describe('proxy engine utilities', () => {
     // Basic base64('token-123')
     expect(args.headers.Authorization).toMatch(/^Basic /);
   });
+
+  test('performRequest uses submitted apiKey during first login before user is saved', async () => {
+    axios.mockResolvedValue({ data: { ok: true } });
+    const config = {
+      auth: {
+        type: 'apiKey',
+        scheme: 'Basic',
+        credentialTemplate: '{{apiKey}}',
+        encode: 'base64',
+        headerName: 'Authorization'
+      },
+      requestDefaults: {
+        baseUrl: 'https://api.example.com'
+      },
+      operations: {
+        getUserInfo: {
+          method: 'GET',
+          url: '/authentication'
+        }
+      }
+    };
+
+    await performRequest({
+      config,
+      opName: 'getUserInfo',
+      inputs: { apiKey: 'login-key' },
+      user: {},
+      authHeader: undefined
+    });
+
+    const args = axios.mock.calls[0][0];
+    expect(args.headers.Authorization).toBe(`Basic ${Buffer.from('login-key').toString('base64')}`);
+  });
 });
 
 

package/test/handlers/auth.test.js

@@ -24,6 +24,7 @@ const { RingCentral } = require('../../lib/ringcentral');
 const adminCore = require('../../handlers/admin');
 const { AccountDataModel } = require('../../models/accountDataModel');
 const { encode } = require('../../lib/encode');
+const { getHashValue } = require('../../lib/util');
 
 describe('Auth Handler', () => {
   const originalEnv = process.env;
@@ -964,6 +965,8 @@ describe('Auth Handler', () => {
 
     test('should handle successful RingCentral OAuth callback', async () => {
       // Arrange
+      process.env.HASH_KEY = 'test-hash-key';
+      const rcAccountId = 'rc-account-id';
       const mockGenerateToken = jest.fn().mockResolvedValue({
         access_token: 'rc-access-token',
         refresh_token: 'rc-refresh-token',
@@ -977,7 +980,7 @@ describe('Auth Handler', () => {
       // Act
       await authHandler.onRingcentralOAuthCallback({
         code: 'rc-auth-code',
-        rcAccountId: 'hashed-rc-account-id'
+        rcAccountId
       });
 
       // Assert
@@ -989,7 +992,7 @@ describe('Auth Handler', () => {
       });
       expect(mockGenerateToken).toHaveBeenCalledWith({ code: 'rc-auth-code' });
       expect(adminCore.updateAdminRcTokens).toHaveBeenCalledWith({
-        hashedRcAccountId: 'hashed-rc-account-id',
+        hashedRcAccountId: getHashValue(rcAccountId, 'test-hash-key'),
         adminAccessToken: 'rc-access-token',
         adminRefreshToken: 'rc-refresh-token',
         adminTokenExpiry: expect.any(Number)

package/test/handlers/managedAuth.test.js

@@ -180,7 +180,7 @@ describe('Managed Auth Handler', () => {
       rcAccountId: 'acc-3'
     });
 
-    expect(developerPortal.getConnectorManifest).toHaveBeenCalledWith({ connectorId: 'connector-123', isPrivate: false });
+    expect(developerPortal.getConnectorManifest).toHaveBeenCalledWith({ rcAccountId: 'acc-3', connectorId: 'connector-123', isPrivate: false });
     expect(state.hasManagedAuth).toBe(true);
     expect(state.allRequiredFieldsSatisfied).toBe(true);
     expect(state.visibleFieldConsts).toEqual([]);

package/test/mcp/tools/checkAuthStatus.test.js

@@ -0,0 +1,83 @@
+const checkAuthStatus = require('../../../mcp/tools/checkAuthStatus');
+const { getAuthSession } = require('../../../lib/authSession');
+const { LlmSessionModel } = require('../../../models/llmSessionModel');
+
+jest.mock('../../../lib/authSession');
+jest.mock('../../../models/llmSessionModel');
+
+describe('MCP Tool: checkAuthStatus', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    LlmSessionModel.upsert.mockResolvedValue([{}, true]);
+  });
+
+  test('should return pending when auth session is still waiting', async () => {
+    getAuthSession.mockResolvedValue({ status: 'pending' });
+
+    const result = await checkAuthStatus.execute({
+      sessionId: 'session-1',
+      rcExtensionId: 'rc-ext-1'
+    });
+
+    expect(result).toEqual({
+      data: {
+        status: 'pending'
+      }
+    });
+    expect(LlmSessionModel.upsert).not.toHaveBeenCalled();
+  });
+
+  test('should persist completed auth against rcExtensionId', async () => {
+    getAuthSession.mockResolvedValue({
+      status: 'completed',
+      jwtToken: 'jwt-token',
+      userInfo: { id: 'user-1', name: 'Casey' }
+    });
+
+    const result = await checkAuthStatus.execute({
+      sessionId: 'session-1',
+      rcExtensionId: 'rc-ext-1'
+    });
+
+    expect(LlmSessionModel.upsert).toHaveBeenCalledWith({
+      id: 'rc-ext-1',
+      jwtToken: 'jwt-token',
+      expiry: expect.any(Date)
+    });
+    expect(result).toEqual({
+      data: {
+        status: 'completed',
+        jwtToken: 'jwt-token',
+        userInfo: { id: 'user-1', name: 'Casey' },
+        message: expect.stringContaining('IMPORTANT')
+      }
+    });
+  });
+
+  test('should return expired when the auth session TTL has elapsed', async () => {
+    getAuthSession.mockResolvedValue({ status: 'expired' });
+
+    const result = await checkAuthStatus.execute({
+      sessionId: 'session-1',
+      rcExtensionId: 'rc-ext-1'
+    });
+
+    expect(result).toEqual({
+      data: {
+        status: 'expired',
+        errorMessage: 'Authentication session expired. Ask the user to start the auth flow again.'
+      }
+    });
+  });
+
+  test('should return an error when rcExtensionId is missing', async () => {
+    const result = await checkAuthStatus.execute({
+      sessionId: 'session-1'
+    });
+
+    expect(result).toEqual({
+      success: false,
+      error: 'CRM auth status check error: rcExtensionId is required'
+    });
+  });
+});

package/test/mcp/tools/getSessionInfo.test.js

@@ -0,0 +1,127 @@
+const getSessionInfo = require('../../../mcp/tools/getSessionInfo');
+const jwt = require('../../../lib/jwt');
+const { UserModel } = require('../../../models/userModel');
+const { RingCentral } = require('../../../lib/ringcentral');
+
+jest.mock('../../../lib/jwt');
+jest.mock('../../../models/userModel');
+jest.mock('../../../lib/ringcentral');
+
+describe('MCP Tool: getSessionInfo', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    RingCentral.mockImplementation(() => ({
+      getExtensionInfo: jest.fn().mockResolvedValue({ name: 'Demo Extension' })
+    }));
+  });
+
+  describe('tool definition', () => {
+    test('should have correct tool definition', () => {
+      expect(getSessionInfo.definition).toBeDefined();
+      expect(getSessionInfo.definition.name).toBe('getSessionInfo');
+      expect(getSessionInfo.definition.description).toContain('session info');
+      expect(getSessionInfo.definition.inputSchema).toBeDefined();
+      expect(getSessionInfo.definition.inputSchema.properties).toEqual({});
+    });
+  });
+
+  describe('execute', () => {
+    test('should return unauthenticated session info when no CRM jwtToken exists', async () => {
+      const result = await getSessionInfo.execute({
+        openaiSessionId: 'session-123',
+        rcExtensionId: 'ext-456',
+        rcAccessToken: 'rc-token'
+      });
+
+      expect(result).toEqual({
+        success: true,
+        data: {
+          openaiSessionId: 'session-123',
+          dataToShow: {
+            isCrmAuthenticated: false,
+            ringcentral: {
+              extensionId: 'ext-456',
+              name: 'Demo Extension',
+            },
+            crm: {
+              userId: null,
+              platform: null,
+              hostname: null
+            }
+          }
+        }
+      });
+      expect(jwt.decodeJwt).not.toHaveBeenCalled();
+      expect(UserModel.findByPk).not.toHaveBeenCalled();
+    });
+
+    test('should return connected CRM session info when jwtToken resolves to a saved user', async () => {
+      jwt.decodeJwt.mockReturnValue({
+        id: 'crm-user-1',
+        platform: 'clio'
+      });
+      UserModel.findByPk.mockResolvedValue({
+        id: 'crm-user-1',
+        platform: 'clio',
+        hostname: 'app.clio.com',
+        accessToken: 'crm-access-token',
+      });
+
+      const result = await getSessionInfo.execute({
+        openaiSessionId: 'session-123',
+        rcExtensionId: 'ext-456',
+        rcAccessToken: 'rc-token',
+        jwtToken: 'jwt-token'
+      });
+
+      expect(jwt.decodeJwt).toHaveBeenCalledWith('jwt-token');
+      expect(UserModel.findByPk).toHaveBeenCalledWith('crm-user-1');
+      expect(result).toEqual({
+        success: true,
+        data: {
+          openaiSessionId: 'session-123',
+          dataToShow: {
+            isCrmAuthenticated: true,
+            ringcentral: {
+              extensionId: 'ext-456',
+              name: 'Demo Extension',
+            },
+            crm: {
+              userId: 'crm-user-1',
+              platform: 'clio',
+              hostname: 'app.clio.com'
+            }
+          }
+        }
+      });
+    });
+
+    test('should report not authenticated when jwtToken is invalid', async () => {
+      jwt.decodeJwt.mockReturnValue(null);
+
+      const result = await getSessionInfo.execute({
+        jwtToken: 'bad-token'
+      });
+
+      expect(result).toEqual({
+        success: true,
+        data: {
+          openaiSessionId: null,
+          dataToShow: {
+            isCrmAuthenticated: false,
+            ringcentral: {
+              extensionId: null,
+              name: null,
+            },
+            crm: {
+              userId: null,
+              platform: null,
+              hostname: null
+            }
+          }
+        }
+      });
+      expect(UserModel.findByPk).not.toHaveBeenCalled();
+    });
+  });
+});

package/test/mcp/tools/logout.test.js

@@ -1,16 +1,22 @@
 const logout = require('../../../mcp/tools/logout');
 const jwt = require('../../../lib/jwt');
 const { UserModel } = require('../../../models/userModel');
+const { LlmSessionModel } = require('../../../models/llmSessionModel');
+const { CacheModel } = require('../../../models/cacheModel');
 const connectorRegistry = require('../../../connector/registry');
 
 // Mock dependencies
 jest.mock('../../../lib/jwt');
 jest.mock('../../../models/userModel');
+jest.mock('../../../models/llmSessionModel');
+jest.mock('../../../models/cacheModel');
 jest.mock('../../../connector/registry');
 
 describe('MCP Tool: logout', () => {
   beforeEach(() => {
     jest.clearAllMocks();
+    LlmSessionModel.destroy.mockResolvedValue(1);
+    CacheModel.destroy.mockResolvedValue(1);
   });
 
   describe('tool definition', () => {
@@ -65,6 +71,7 @@ describe('MCP Tool: logout', () => {
         }
       });
       expect(jwt.decodeJwt).toHaveBeenCalledWith('mock-jwt-token');
+      expect(LlmSessionModel.destroy).toHaveBeenCalledWith({ where: { id: 'test-user-id' } });
       expect(UserModel.findByPk).toHaveBeenCalledWith('test-user-id');
       expect(connectorRegistry.getConnector).toHaveBeenCalledWith('testCRM');
       expect(mockConnector.unAuthorize).toHaveBeenCalledWith({
@@ -170,6 +177,57 @@ describe('MCP Tool: logout', () => {
       expect(consoleSpy).toHaveBeenCalled();
       consoleSpy.mockRestore();
     });
+
+    test('should clear both CRM user and RC extension session rows when rcExtensionId is provided', async () => {
+      const mockUser = {
+        id: 'test-user-id',
+        platform: 'testCRM'
+      };
+
+      jwt.decodeJwt.mockReturnValue({
+        id: 'test-user-id',
+        platform: 'testCRM'
+      });
+      UserModel.findByPk.mockResolvedValue(mockUser);
+      connectorRegistry.getConnector.mockReturnValue({
+        unAuthorize: jest.fn().mockResolvedValue({})
+      });
+
+      const result = await logout.execute({
+        jwtToken: 'mock-jwt-token',
+        rcExtensionId: 'rc-ext-123'
+      });
+
+      expect(result.success).toBe(true);
+      expect(LlmSessionModel.destroy).toHaveBeenNthCalledWith(1, { where: { id: 'test-user-id' } });
+      expect(LlmSessionModel.destroy).toHaveBeenNthCalledWith(2, { where: { id: 'rc-ext-123' } });
+    });
+
+    test('should clear the resolved rcExtension cache for the current OpenAI session on logout', async () => {
+      const mockUser = {
+        id: 'test-user-id',
+        platform: 'testCRM'
+      };
+
+      jwt.decodeJwt.mockReturnValue({
+        id: 'test-user-id',
+        platform: 'testCRM'
+      });
+      UserModel.findByPk.mockResolvedValue(mockUser);
+      connectorRegistry.getConnector.mockReturnValue({
+        unAuthorize: jest.fn().mockResolvedValue({})
+      });
+
+      const result = await logout.execute({
+        jwtToken: 'mock-jwt-token',
+        openaiSessionId: 'oa-session-123'
+      });
+
+      expect(result.success).toBe(true);
+      expect(CacheModel.destroy).toHaveBeenCalledWith({
+        where: { id: 'oa-session-123-rcExtensionId' }
+      });
+    });
   });
 });
 

package/test/routes/managedAuthRoutes.test.js

@@ -32,17 +32,6 @@ describe('Managed Auth Routes', () => {
   });
 
   describe('GET /apiKeyManagedAuthState', () => {
-    test('should require rcAccessToken', async () => {
-      const response = await request(app)
-        .get('/apiKeyManagedAuthState')
-        .query({ platform: 'testCRM' });
-
-      expect(response.status).toBe(400);
-      expect(response.text).toContain('Missing RingCentral access token');
-      expect(adminCore.validateRcUserToken).not.toHaveBeenCalled();
-      expect(managedAuthCore.getManagedAuthState).not.toHaveBeenCalled();
-    });
-
     test('should validate rcAccessToken and use validated identity', async () => {
       adminCore.validateRcUserToken.mockResolvedValue({
         rcAccountId: 'validated-account-id',
@@ -75,20 +64,6 @@ describe('Managed Auth Routes', () => {
   });
 
   describe('POST /apiKeyLogin', () => {
-    test('should require rcAccessToken', async () => {
-      const response = await request(app)
-        .post('/apiKeyLogin')
-        .send({
-          platform: 'testCRM',
-          apiKey: 'api-key',
-          hostname: 'test.example.com',
-        });
-
-      expect(response.status).toBe(400);
-      expect(response.text).toContain('Missing RingCentral access token');
-      expect(adminCore.validateRcUserToken).not.toHaveBeenCalled();
-      expect(authCore.onApiKeyLogin).not.toHaveBeenCalled();
-    });
 
     test('should validate rcAccessToken and ignore spoofed rc ids in body', async () => {
       adminCore.validateRcUserToken.mockResolvedValue({