npm - @app-connect/core - Versions diffs - 1.7.24 → 1.7.26 - Mend

@app-connect/core 1.7.24 → 1.7.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (137) hide show

package/.env.test +5 -5
package/README.md +441 -441
package/connector/developerPortal.js +31 -42
package/connector/mock.js +84 -77
package/connector/proxy/engine.js +164 -163
package/connector/proxy/index.js +500 -500
package/connector/registry.js +252 -252
package/docs/README.md +50 -50
package/docs/architecture.md +93 -93
package/docs/connectors.md +116 -117
package/docs/handlers.md +125 -125
package/docs/libraries.md +101 -101
package/docs/models.md +144 -144
package/docs/routes.md +115 -115
package/docs/tests.md +73 -73
package/handlers/admin.js +523 -523
package/handlers/appointment.js +193 -0
package/handlers/auth.js +296 -296
package/handlers/calldown.js +99 -99
package/handlers/contact.js +280 -280
package/handlers/disposition.js +82 -80
package/handlers/log.js +984 -973
package/handlers/managedAuth.js +446 -446
package/handlers/plugin.js +208 -208
package/handlers/user.js +142 -142
package/index.js +3140 -2652
package/jest.config.js +56 -56
package/lib/analytics.js +54 -54
package/lib/authSession.js +109 -109
package/lib/cacheCleanup.js +21 -0
package/lib/callLogComposer.js +898 -898
package/lib/callLogLookup.js +34 -0
package/lib/constants.js +8 -8
package/lib/debugTracer.js +177 -177
package/lib/encode.js +30 -30
package/lib/errorHandler.js +218 -206
package/lib/generalErrorMessage.js +41 -41
package/lib/jwt.js +18 -18
package/lib/logger.js +190 -190
package/lib/migrateCallLogsSchema.js +116 -0
package/lib/ringcentral.js +266 -266
package/lib/s3ErrorLogReport.js +65 -65
package/lib/sharedSMSComposer.js +471 -471
package/lib/util.js +67 -67
package/mcp/README.md +412 -395
package/mcp/lib/validator.js +91 -91
package/mcp/mcpHandler.js +425 -425
package/mcp/tools/cancelAppointment.js +101 -0
package/mcp/tools/checkAuthStatus.js +105 -105
package/mcp/tools/confirmAppointment.js +101 -0
package/mcp/tools/createAppointment.js +157 -0
package/mcp/tools/createCallLog.js +327 -316
package/mcp/tools/createContact.js +117 -117
package/mcp/tools/createMessageLog.js +287 -287
package/mcp/tools/doAuth.js +60 -60
package/mcp/tools/findContactByName.js +93 -93
package/mcp/tools/findContactByPhone.js +101 -101
package/mcp/tools/getCallLog.js +111 -102
package/mcp/tools/getGoogleFilePicker.js +99 -99
package/mcp/tools/getHelp.js +43 -43
package/mcp/tools/getPublicConnectors.js +94 -94
package/mcp/tools/getSessionInfo.js +90 -90
package/mcp/tools/index.js +51 -41
package/mcp/tools/listAppointments.js +163 -0
package/mcp/tools/logout.js +96 -96
package/mcp/tools/rcGetCallLogs.js +65 -65
package/mcp/tools/updateAppointment.js +154 -0
package/mcp/tools/updateCallLog.js +130 -126
package/mcp/ui/App/App.tsx +358 -358
package/mcp/ui/App/components/AuthInfoForm.tsx +113 -113
package/mcp/ui/App/components/AuthSuccess.tsx +22 -22
package/mcp/ui/App/components/ConnectorList.tsx +82 -82
package/mcp/ui/App/components/DebugPanel.tsx +43 -43
package/mcp/ui/App/components/OAuthConnect.tsx +270 -270
package/mcp/ui/App/lib/callTool.ts +130 -130
package/mcp/ui/App/lib/debugLog.ts +41 -41
package/mcp/ui/App/lib/developerPortal.ts +111 -111
package/mcp/ui/App/main.css +5 -5
package/mcp/ui/App/root.tsx +13 -13
package/mcp/ui/index.html +13 -13
package/mcp/ui/package-lock.json +6356 -6356
package/mcp/ui/package.json +25 -25
package/mcp/ui/tsconfig.json +26 -26
package/mcp/ui/vite.config.ts +16 -16
package/models/accountDataModel.js +33 -33
package/models/adminConfigModel.js +35 -35
package/models/cacheModel.js +30 -26
package/models/callDownListModel.js +34 -34
package/models/callLogModel.js +33 -27
package/models/dynamo/connectorSchema.js +146 -146
package/models/dynamo/lockSchema.js +24 -24
package/models/dynamo/noteCacheSchema.js +29 -29
package/models/llmSessionModel.js +17 -17
package/models/messageLogModel.js +25 -25
package/models/sequelize.js +16 -16
package/models/userModel.js +45 -45
package/package.json +72 -72
package/releaseNotes.json +1093 -1073
package/test/connector/proxy/engine.test.js +126 -93
package/test/connector/proxy/index.test.js +279 -279
package/test/connector/proxy/sample.json +161 -161
package/test/connector/registry.test.js +415 -415
package/test/handlers/admin.test.js +616 -616
package/test/handlers/auth.test.js +1018 -1015
package/test/handlers/contact.test.js +1014 -1014
package/test/handlers/log.test.js +1298 -1160
package/test/handlers/managedAuth.test.js +458 -458
package/test/handlers/plugin.test.js +380 -380
package/test/index.test.js +105 -105
package/test/lib/cacheCleanup.test.js +42 -0
package/test/lib/callLogComposer.test.js +1231 -1231
package/test/lib/debugTracer.test.js +328 -328
package/test/lib/jwt.test.js +176 -176
package/test/lib/logger.test.js +206 -206
package/test/lib/oauth.test.js +359 -359
package/test/lib/ringcentral.test.js +467 -467
package/test/lib/sharedSMSComposer.test.js +1084 -1084
package/test/lib/util.test.js +329 -329
package/test/mcp/tools/checkAuthStatus.test.js +83 -82
package/test/mcp/tools/createCallLog.test.js +436 -436
package/test/mcp/tools/createContact.test.js +58 -58
package/test/mcp/tools/createMessageLog.test.js +595 -595
package/test/mcp/tools/doAuth.test.js +113 -113
package/test/mcp/tools/findContactByName.test.js +275 -275
package/test/mcp/tools/findContactByPhone.test.js +296 -296
package/test/mcp/tools/getCallLog.test.js +298 -298
package/test/mcp/tools/getGoogleFilePicker.test.js +281 -281
package/test/mcp/tools/getPublicConnectors.test.js +107 -107
package/test/mcp/tools/getSessionInfo.test.js +127 -127
package/test/mcp/tools/logout.test.js +233 -233
package/test/mcp/tools/rcGetCallLogs.test.js +56 -56
package/test/mcp/tools/updateCallLog.test.js +360 -360
package/test/models/accountDataModel.test.js +98 -98
package/test/models/dynamo/connectorSchema.test.js +189 -189
package/test/models/models.test.js +568 -539
package/test/routes/managedAuthRoutes.test.js +104 -129
package/test/setup.js +178 -178

package/mcp/mcpHandler.js CHANGED Viewed

@@ -1,425 +1,425 @@
-/**
- * MCP Server for RC Unified CRM Extension
- *
- * Stateless hand-rolled JSON-RPC handler — no SDK, no SSE, no sessions Map.
- * Fully compatible with stateless deployments (AWS Lambda, etc.).
- * All auth context is resolved per-request; rcExtensionId is cached in CacheModel.
- */
-const axios = require('axios');
-const { Op } = require('sequelize');
-const tools = require('./tools');
-const { LlmSessionModel } = require('../models/llmSessionModel');
-const { CacheModel } = require('../models/cacheModel');
-const { UserModel } = require('../models/userModel');
-const { getHashValue } = require('../lib/util');
-const jwt = require('../lib/jwt');
-const logger = require('../lib/logger');
-const fs = require('fs');
-const path = require('path');
-/**
- * Increment this to bust ChatGPT's widget resource cache after every UI build.
- * This is the single source of truth — injected into getPublicConnectors _meta at response time.
- */
-const WIDGET_VERSION = 10;
-const WIDGET_URI = `ui://widget/ConnectorList-v${WIDGET_VERSION}.html`;
-const RC_EXTENSION_CACHE_KEY = 'rcExtensionId';
-const RC_EXTENSION_CACHE_STATUS = 'resolved';
-const JSON_RPC_INTERNAL_ERROR = -32603;
-const JSON_RPC_METHOD_NOT_FOUND = -32601;
-const JSON_RPC_INVALID_PARAMS = -32602;
-/**
- * JSON Schema definitions for tools that accept parameters.
- * Without inputSchema, ChatGPT silently drops all arguments when calling the tool.
- */
-const inputSchemas = {
-    findContactByName: {
-        type: 'object',
-        properties: {
-            name: { type: 'string', description: 'Name to search for' },
-        },
-        required: ['name'],
-    },
-    findContactByPhone: {
-        type: 'object',
-        properties: {
-            phoneNumber: { type: 'string', description: 'Phone number in E.164 format (e.g. +14155551234)' },
-            overridingFormat: { type: 'string', description: 'Overriding format to search for' },
-            isExtension: { type: 'boolean', description: 'Whether the request is from an extension' },
-        },
-        required: ['phoneNumber'],
-    },
-    createContact: {
-        type: 'object',
-        properties: {
-            phoneNumber: { type: 'string', description: 'Phone number in E.164 format (e.g. +14155551234)' },
-            newContactName: { type: 'string', description: 'Full name of the new contact' },
-        },
-        required: ['phoneNumber'],
-    },
-    createCallLog: {
-        type: 'object',
-        properties: {
-            incomingData: { description: 'Call log data to create' },
-            contactId: { type: 'string', description: 'CRM contact ID to attach the log to' },
-            contactType: { type: 'string', description: 'Type of the CRM contact' },
-            note: { type: 'string', description: 'Note to include in the call log' },
-        },
-        required: [],
-    },
-    rcGetCallLogs: {
-        type: 'object',
-        properties: {
-            timeFrom: { type: 'string', description: 'Start of time range in ISO 8601 format' },
-            timeTo: { type: 'string', description: 'End of time range in ISO 8601 format' },
-        },
-        required: ['timeFrom', 'timeTo'],
-    },
-    logout: {
-        type: 'object',
-        properties: {},
-        required: [],
-    },
-};
-/**
- * Verify an RC access token and return the caller's extension ID.
- * Throws if the token is invalid.
- */
-async function resolveRcExtensionId(rcAccessToken) {
-    const resp = await axios.get(
-        'https://platform.ringcentral.com/restapi/v1.0/account/~/extension/~',
-        { headers: { Authorization: `Bearer ${rcAccessToken}` } }
-    );
-    return resp.data?.id?.toString() ?? null;
-}
-/**
- * Resolve rcExtensionId for the current request.
- * Checks CacheModel first (avoids RC API call on Lambda cold starts),
- * falls back to a live RC API verification and persists the result.
- */
-async function resolveSessionContext(rcAccessToken, openaiSessionId) {
-    if (!rcAccessToken) return { rcExtensionId: null };
-    if (openaiSessionId) {
-        try {
-            const cached = await CacheModel.findByPk(`${openaiSessionId}-${RC_EXTENSION_CACHE_KEY}`);
-            if (cached?.data?.rcExtensionId && (!cached.expiry || cached.expiry > new Date())) {
-                return { rcExtensionId: cached.data.rcExtensionId };
-            }
-        } catch (err) {
-            logger.warn('CacheModel lookup failed:', { message: err.message });
-        }
-    }
-    let rcExtensionId = null;
-    try {
-        rcExtensionId = await resolveRcExtensionId(rcAccessToken);
-        if (openaiSessionId && rcExtensionId) {
-            await CacheModel.upsert({
-                id: `${openaiSessionId}-${RC_EXTENSION_CACHE_KEY}`,
-                userId: openaiSessionId,
-                cacheKey: RC_EXTENSION_CACHE_KEY,
-                data: { rcExtensionId },
-                status: RC_EXTENSION_CACHE_STATUS,
-                expiry: new Date(Date.now() + 24 * 60 * 60 * 1000), // 24h TTL
-            });
-        }
-    } catch (err) {
-        logger.warn('Failed to resolve RC extension ID:', { message: err.message });
-    }
-    return { rcExtensionId };
-}
-/**
- * Build the tools list to return in tools/list responses.
- * Injects inputSchema and stamps WIDGET_URI into getPublicConnectors _meta.
- */
-function getToolsList() {
-    return tools.tools.map(tool => {
-        const def = { ...tool.definition };
-        if (def.name === 'getPublicConnectors') {
-            def._meta = { ...(def._meta || {}), 'openai/outputTemplate': WIDGET_URI };
-        }
-        if (inputSchemas[def.name]) {
-            def.inputSchema = inputSchemas[def.name];
-        }
-        return def;
-    });
-}
-/**
- * Handle incoming MCP HTTP requests.
- * Stateless: each POST is handled independently with no session state between requests.
- */
-async function handleMcpRequest(req, res) {
-    try {
-        const { method, params, id } = req.body;
-        logger.info('Received MCP request:', { method });
-        const rcAccessToken = req.headers['authorization']?.split('Bearer ')?.[1];
-        const openaiSessionId = params?._meta?.['openai/session'] ?? null;
-        let response;
-        switch (method) {
-            case 'initialize':
-                response = {
-                    jsonrpc: '2.0',
-                    id,
-                    result: {
-                        protocolVersion: '2024-11-05',
-                        capabilities: {
-                            tools: {},
-                            resources: {},
-                        },
-                        serverInfo: {
-                            name: 'rc-unified-crm-extension',
-                            version: '1.0.0',
-                        },
-                    },
-                };
-                break;
-            case 'tools/list':
-                response = {
-                    jsonrpc: '2.0',
-                    id,
-                    result: { tools: getToolsList() },
-                };
-                break;
-            case 'tools/call': {
-                const { name: toolName, arguments: args } = params;
-                const toolArgs = { ...(args || {}) };
-                if (rcAccessToken) toolArgs.rcAccessToken = rcAccessToken;
-                if (openaiSessionId) toolArgs.openaiSessionId = openaiSessionId;
-                const { rcExtensionId } = await resolveSessionContext(rcAccessToken, openaiSessionId);
-                if (rcExtensionId) {
-                    toolArgs.rcExtensionId = rcExtensionId;
-                    if (!toolArgs.jwtToken) {
-                        let llmSession = await LlmSessionModel.findByPk(rcExtensionId);
-                        if (llmSession?.expiry && llmSession.expiry < new Date()) {
-                            await LlmSessionModel.destroy({ where: { id: rcExtensionId } });
-                            llmSession = null;
-                        }
-                        if (!llmSession?.jwtToken && openaiSessionId) {
-                            const fallback = await LlmSessionModel.findByPk(openaiSessionId);
-                            if (fallback?.jwtToken) {
-                                const { id: fallbackUserId } = jwt.decodeJwt(fallback.jwtToken);
-                                const fallbackUser = fallbackUserId
-                                    ? await UserModel.findByPk(fallbackUserId)
-                                    : null;
-                                if (fallbackUser?.accessToken) {
-                                    await LlmSessionModel.upsert({ id: rcExtensionId, jwtToken: fallback.jwtToken, expiry: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000) });
-                                    llmSession = fallback;
-                                }
-                            }
-                            if (!llmSession?.jwtToken) {
-                                const hashedRcExtensionId = getHashValue(rcExtensionId, process.env.HASH_KEY);
-                                const user = await UserModel.findOne({
-                                    where: {
-                                        hashedRcExtensionId,
-                                        [Op.and]: [
-                                            { accessToken: { [Op.not]: null } },
-                                            { accessToken: { [Op.ne]: '' } },
-                                        ],
-                                    },
-                                    order: [['updatedAt', 'DESC']],
-                                });
-                                if (user?.accessToken) {
-                                    await LlmSessionModel.upsert({
-                                        id: rcExtensionId,
-                                        jwtToken: jwt.generateJwt({
-                                            id: user.id.toString(),
-                                            platform: user.platform
-                                        }),
-                                        expiry: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000)
-                                    });
-                                    llmSession = await LlmSessionModel.findByPk(rcExtensionId);
-                                }
-                            }
-                        }
-                        if (llmSession?.jwtToken) {
-                            const { id: userId } = jwt.decodeJwt(llmSession.jwtToken);
-                            if (userId) {
-                                const user = await UserModel.findByPk(userId);
-                                if (user?.accessToken) {
-                                    toolArgs.jwtToken = llmSession.jwtToken;
-                                }
-                            }
-                        }
-                    }
-                }
-                try {
-                    const tool = tools.tools.find(t => t.definition.name === toolName);
-                    if (!tool) throw new Error(`Tool not found: ${toolName}`);
-                    const result = await tool.execute(toolArgs);
-                    if (result?.structuredContent) {
-                        response = {
-                            jsonrpc: '2.0',
-                            id,
-                            result: {
-                                structuredContent: result.structuredContent,
-                                content: Array.isArray(result.content)
-                                    ? result.content
-                                    : [{ type: 'text', text: '[Interactive widget displayed above - no additional response needed]' }],
-                            },
-                        };
-                    } else {
-                        response = {
-                            jsonrpc: '2.0',
-                            id,
-                            result: {
-                                content: [{ type: 'text', text: JSON.stringify(result, null, 2) }],
-                            },
-                        };
-                    }
-                } catch (toolError) {
-                    response = {
-                        jsonrpc: '2.0',
-                        id,
-                        error: {
-                            code: JSON_RPC_INTERNAL_ERROR,
-                            message: `Tool execution failed: ${toolError.message}`,
-                        },
-                    };
-                }
-                break;
-            }
-            case 'resources/list':
-                response = {
-                    jsonrpc: '2.0',
-                    id,
-                    result: {
-                        resources: [{
-                            uri: WIDGET_URI,
-                            name: 'connector-list-widget',
-                            title: 'ConnectorList',
-                            description: 'ChatGPT widget for connector selection',
-                            mimeType: 'text/html+skybridge',
-                        }],
-                    },
-                };
-                break;
-            case 'resources/read': {
-                const uri = params?.uri;
-                if (!uri?.startsWith('ui://widget/')) {
-                    response = {
-                        jsonrpc: '2.0',
-                        id,
-                        error: { code: JSON_RPC_INVALID_PARAMS, message: `Unknown resource: ${uri}` },
-                    };
-                    break;
-                }
-                const appUrl = process.env.APP_SERVER || 'http://localhost:6066';
-                const distPath = path.join(__dirname, 'ui', 'dist', 'index.html');
-                const devPath = path.join(__dirname, 'ui', 'index.html');
-                let htmlContent;
-                try { htmlContent = fs.readFileSync(distPath, 'utf8'); }
-                catch { htmlContent = fs.readFileSync(devPath, 'utf8'); }
-                response = {
-                    jsonrpc: '2.0',
-                    id,
-                    result: {
-                        contents: [{
-                            uri: WIDGET_URI,
-                            mimeType: 'text/html+skybridge',
-                            text: htmlContent,
-                            _meta: {
-                                'openai/widgetPrefersBorder': true,
-                                'openai/widgetDomain': appUrl,
-                                'openai/widgetCSP': {
-                                    connect_domains: [appUrl, 'https://appconnect.labs.ringcentral.com'],
-                                    resource_domains: [appUrl],
-                                },
-                            },
-                        }],
-                    },
-                };
-                break;
-            }
-            case 'ping':
-                response = { jsonrpc: '2.0', id, result: {} };
-                break;
-            case 'notifications/initialized':
-            case 'notifications/cancelled':
-                // JSON-RPC notifications — no id, no response expected
-                return res.status(200).end();
-            default:
-                response = {
-                    jsonrpc: '2.0',
-                    id,
-                    error: { code: JSON_RPC_METHOD_NOT_FOUND, message: `Method not found: ${method}` },
-                };
-        }
-        res.status(200).json(response);
-    } catch (error) {
-        logger.error('Error handling MCP request:', { stack: error.stack });
-        res.status(200).json({
-            jsonrpc: '2.0',
-            id: req.body?.id || null,
-            error: {
-                code: JSON_RPC_INTERNAL_ERROR,
-                message: 'Internal server error',
-                data: { error: error.message },
-            },
-        });
-    }
-}
-/**
- * Handle widget tool calls via direct HTTP (bypasses MCP protocol).
- * The ChatGPT postMessage bridge does not forward tool arguments,
- * so the widget uses fetch() to this endpoint instead.
- */
-async function handleWidgetToolCall(req, res) {
-    try {
-        logger.info('Widget tool call received. body:', JSON.stringify(req.body));
-        const { tool: toolName, toolArgs: args } = req.body || {};
-        logger.info('Widget tool call parsed:', { toolName, args: JSON.stringify(args) });
-        if (!toolName) {
-            return res.status(400).json({ success: false, error: 'Missing tool name' });
-        }
-        const allWidgetCallable = [...tools.tools, ...tools.widgetTools];
-        const tool = allWidgetCallable.find(t => t.definition.name === toolName);
-        if (!tool) {
-            return res.status(404).json({ success: false, error: `Unknown tool: ${toolName}` });
-        }
-        const result = await tool.execute(args || {});
-        logger.info('Widget tool call result:', { toolName, success: result?.success });
-        res.json(result);
-    } catch (error) {
-        logger.error('Widget tool call error:', { stack: error.stack });
-        res.status(500).json({
-            success: false,
-            error: error.message || 'Internal server error',
-        });
-    }
-}
-exports.handleMcpRequest = handleMcpRequest;
-exports.handleWidgetToolCall = handleWidgetToolCall;
+/**
+ * MCP Server for RC Unified CRM Extension
+ *
+ * Stateless hand-rolled JSON-RPC handler — no SDK, no SSE, no sessions Map.
+ * Fully compatible with stateless deployments (AWS Lambda, etc.).
+ * All auth context is resolved per-request; rcExtensionId is cached in CacheModel.
+ */
+const axios = require('axios');
+const { Op } = require('sequelize');
+const tools = require('./tools');
+const { LlmSessionModel } = require('../models/llmSessionModel');
+const { CacheModel } = require('../models/cacheModel');
+const { UserModel } = require('../models/userModel');
+const { getHashValue } = require('../lib/util');
+const jwt = require('../lib/jwt');
+const logger = require('../lib/logger');
+const fs = require('fs');
+const path = require('path');
+/**
+ * Increment this to bust ChatGPT's widget resource cache after every UI build.
+ * This is the single source of truth — injected into getPublicConnectors _meta at response time.
+ */
+const WIDGET_VERSION = 10;
+const WIDGET_URI = `ui://widget/ConnectorList-v${WIDGET_VERSION}.html`;
+const RC_EXTENSION_CACHE_KEY = 'rcExtensionId';
+const RC_EXTENSION_CACHE_STATUS = 'resolved';
+const JSON_RPC_INTERNAL_ERROR = -32603;
+const JSON_RPC_METHOD_NOT_FOUND = -32601;
+const JSON_RPC_INVALID_PARAMS = -32602;
+/**
+ * JSON Schema definitions for tools that accept parameters.
+ * Without inputSchema, ChatGPT silently drops all arguments when calling the tool.
+ */
+const inputSchemas = {
+    findContactByName: {
+        type: 'object',
+        properties: {
+            name: { type: 'string', description: 'Name to search for' },
+        },
+        required: ['name'],
+    },
+    findContactByPhone: {
+        type: 'object',
+        properties: {
+            phoneNumber: { type: 'string', description: 'Phone number in E.164 format (e.g. +14155551234)' },
+            overridingFormat: { type: 'string', description: 'Overriding format to search for' },
+            isExtension: { type: 'boolean', description: 'Whether the request is from an extension' },
+        },
+        required: ['phoneNumber'],
+    },
+    createContact: {
+        type: 'object',
+        properties: {
+            phoneNumber: { type: 'string', description: 'Phone number in E.164 format (e.g. +14155551234)' },
+            newContactName: { type: 'string', description: 'Full name of the new contact' },
+        },
+        required: ['phoneNumber'],
+    },
+    createCallLog: {
+        type: 'object',
+        properties: {
+            incomingData: { description: 'Call log data to create' },
+            contactId: { type: 'string', description: 'CRM contact ID to attach the log to' },
+            contactType: { type: 'string', description: 'Type of the CRM contact' },
+            note: { type: 'string', description: 'Note to include in the call log' },
+        },
+        required: [],
+    },
+    rcGetCallLogs: {
+        type: 'object',
+        properties: {
+            timeFrom: { type: 'string', description: 'Start of time range in ISO 8601 format' },
+            timeTo: { type: 'string', description: 'End of time range in ISO 8601 format' },
+        },
+        required: ['timeFrom', 'timeTo'],
+    },
+    logout: {
+        type: 'object',
+        properties: {},
+        required: [],
+    },
+};
+/**
+ * Verify an RC access token and return the caller's extension ID.
+ * Throws if the token is invalid.
+ */
+async function resolveRcExtensionId(rcAccessToken) {
+    const resp = await axios.get(
+        'https://platform.ringcentral.com/restapi/v1.0/account/~/extension/~',
+        { headers: { Authorization: `Bearer ${rcAccessToken}` } }
+    );
+    return resp.data?.id?.toString() ?? null;
+}
+/**
+ * Resolve rcExtensionId for the current request.
+ * Checks CacheModel first (avoids RC API call on Lambda cold starts),
+ * falls back to a live RC API verification and persists the result.
+ */
+async function resolveSessionContext(rcAccessToken, openaiSessionId) {
+    if (!rcAccessToken) return { rcExtensionId: null };
+    if (openaiSessionId) {
+        try {
+            const cached = await CacheModel.findByPk(`${openaiSessionId}-${RC_EXTENSION_CACHE_KEY}`);
+            if (cached?.data?.rcExtensionId && (!cached.expiry || cached.expiry > new Date())) {
+                return { rcExtensionId: cached.data.rcExtensionId };
+            }
+        } catch (err) {
+            logger.warn('CacheModel lookup failed:', { message: err.message });
+        }
+    }
+    let rcExtensionId = null;
+    try {
+        rcExtensionId = await resolveRcExtensionId(rcAccessToken);
+        if (openaiSessionId && rcExtensionId) {
+            await CacheModel.upsert({
+                id: `${openaiSessionId}-${RC_EXTENSION_CACHE_KEY}`,
+                userId: openaiSessionId,
+                cacheKey: RC_EXTENSION_CACHE_KEY,
+                data: { rcExtensionId },
+                status: RC_EXTENSION_CACHE_STATUS,
+                expiry: new Date(Date.now() + 24 * 60 * 60 * 1000), // 24h TTL
+            });
+        }
+    } catch (err) {
+        logger.warn('Failed to resolve RC extension ID:', { message: err.message });
+    }
+    return { rcExtensionId };
+}
+/**
+ * Build the tools list to return in tools/list responses.
+ * Injects inputSchema and stamps WIDGET_URI into getPublicConnectors _meta.
+ */
+function getToolsList() {
+    return tools.tools.map(tool => {
+        const def = { ...tool.definition };
+        if (def.name === 'getPublicConnectors') {
+            def._meta = { ...(def._meta || {}), 'openai/outputTemplate': WIDGET_URI };
+        }
+        if (inputSchemas[def.name]) {
+            def.inputSchema = inputSchemas[def.name];
+        }
+        return def;
+    });
+}
+/**
+ * Handle incoming MCP HTTP requests.
+ * Stateless: each POST is handled independently with no session state between requests.
+ */
+async function handleMcpRequest(req, res) {
+    try {
+        const { method, params, id } = req.body;
+        logger.info('Received MCP request:', { method });
+        const rcAccessToken = req.headers['authorization']?.split('Bearer ')?.[1];
+        const openaiSessionId = params?._meta?.['openai/session'] ?? null;
+        let response;
+        switch (method) {
+            case 'initialize':
+                response = {
+                    jsonrpc: '2.0',
+                    id,
+                    result: {
+                        protocolVersion: '2024-11-05',
+                        capabilities: {
+                            tools: {},
+                            resources: {},
+                        },
+                        serverInfo: {
+                            name: 'rc-unified-crm-extension',
+                            version: '1.0.0',
+                        },
+                    },
+                };
+                break;
+            case 'tools/list':
+                response = {
+                    jsonrpc: '2.0',
+                    id,
+                    result: { tools: getToolsList() },
+                };
+                break;
+            case 'tools/call': {
+                const { name: toolName, arguments: args } = params;
+                const toolArgs = { ...(args || {}) };
+                if (rcAccessToken) toolArgs.rcAccessToken = rcAccessToken;
+                if (openaiSessionId) toolArgs.openaiSessionId = openaiSessionId;
+                const { rcExtensionId } = await resolveSessionContext(rcAccessToken, openaiSessionId);
+                if (rcExtensionId) {
+                    toolArgs.rcExtensionId = rcExtensionId;
+                    if (!toolArgs.jwtToken) {
+                        let llmSession = await LlmSessionModel.findByPk(rcExtensionId);
+                        if (llmSession?.expiry && llmSession.expiry < new Date()) {
+                            await LlmSessionModel.destroy({ where: { id: rcExtensionId } });
+                            llmSession = null;
+                        }
+                        if (!llmSession?.jwtToken && openaiSessionId) {
+                            const fallback = await LlmSessionModel.findByPk(openaiSessionId);
+                            if (fallback?.jwtToken) {
+                                const { id: fallbackUserId } = jwt.decodeJwt(fallback.jwtToken);
+                                const fallbackUser = fallbackUserId
+                                    ? await UserModel.findByPk(fallbackUserId)
+                                    : null;
+                                if (fallbackUser?.accessToken) {
+                                    await LlmSessionModel.upsert({ id: rcExtensionId, jwtToken: fallback.jwtToken, expiry: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000) });
+                                    llmSession = fallback;
+                                }
+                            }
+                            if (!llmSession?.jwtToken) {
+                                const hashedRcExtensionId = getHashValue(rcExtensionId, process.env.HASH_KEY);
+                                const user = await UserModel.findOne({
+                                    where: {
+                                        hashedRcExtensionId,
+                                        [Op.and]: [
+                                            { accessToken: { [Op.not]: null } },
+                                            { accessToken: { [Op.ne]: '' } },
+                                        ],
+                                    },
+                                    order: [['updatedAt', 'DESC']],
+                                });
+                                if (user?.accessToken) {
+                                    await LlmSessionModel.upsert({
+                                        id: rcExtensionId,
+                                        jwtToken: jwt.generateJwt({
+                                            id: user.id.toString(),
+                                            platform: user.platform
+                                        }),
+                                        expiry: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000)
+                                    });
+                                    llmSession = await LlmSessionModel.findByPk(rcExtensionId);
+                                }
+                            }
+                        }
+                        if (llmSession?.jwtToken) {
+                            const { id: userId } = jwt.decodeJwt(llmSession.jwtToken);
+                            if (userId) {
+                                const user = await UserModel.findByPk(userId);
+                                if (user?.accessToken) {
+                                    toolArgs.jwtToken = llmSession.jwtToken;
+                                }
+                            }
+                        }
+                    }
+                }
+                try {
+                    const tool = tools.tools.find(t => t.definition.name === toolName);
+                    if (!tool) throw new Error(`Tool not found: ${toolName}`);
+                    const result = await tool.execute(toolArgs);
+                    if (result?.structuredContent) {
+                        response = {
+                            jsonrpc: '2.0',
+                            id,
+                            result: {
+                                structuredContent: result.structuredContent,
+                                content: Array.isArray(result.content)
+                                    ? result.content
+                                    : [{ type: 'text', text: '[Interactive widget displayed above - no additional response needed]' }],
+                            },
+                        };
+                    } else {
+                        response = {
+                            jsonrpc: '2.0',
+                            id,
+                            result: {
+                                content: [{ type: 'text', text: JSON.stringify(result, null, 2) }],
+                            },
+                        };
+                    }
+                } catch (toolError) {
+                    response = {
+                        jsonrpc: '2.0',
+                        id,
+                        error: {
+                            code: JSON_RPC_INTERNAL_ERROR,
+                            message: `Tool execution failed: ${toolError.message}`,
+                        },
+                    };
+                }
+                break;
+            }
+            case 'resources/list':
+                response = {
+                    jsonrpc: '2.0',
+                    id,
+                    result: {
+                        resources: [{
+                            uri: WIDGET_URI,
+                            name: 'connector-list-widget',
+                            title: 'ConnectorList',
+                            description: 'ChatGPT widget for connector selection',
+                            mimeType: 'text/html+skybridge',
+                        }],
+                    },
+                };
+                break;
+            case 'resources/read': {
+                const uri = params?.uri;
+                if (!uri?.startsWith('ui://widget/')) {
+                    response = {
+                        jsonrpc: '2.0',
+                        id,
+                        error: { code: JSON_RPC_INVALID_PARAMS, message: `Unknown resource: ${uri}` },
+                    };
+                    break;
+                }
+                const appUrl = process.env.APP_SERVER || 'http://localhost:6066';
+                const distPath = path.join(__dirname, 'ui', 'dist', 'index.html');
+                const devPath = path.join(__dirname, 'ui', 'index.html');
+                let htmlContent;
+                try { htmlContent = fs.readFileSync(distPath, 'utf8'); }
+                catch { htmlContent = fs.readFileSync(devPath, 'utf8'); }
+                response = {
+                    jsonrpc: '2.0',
+                    id,
+                    result: {
+                        contents: [{
+                            uri: WIDGET_URI,
+                            mimeType: 'text/html+skybridge',
+                            text: htmlContent,
+                            _meta: {
+                                'openai/widgetPrefersBorder': true,
+                                'openai/widgetDomain': appUrl,
+                                'openai/widgetCSP': {
+                                    connect_domains: [appUrl, 'https://appconnect.labs.ringcentral.com'],
+                                    resource_domains: [appUrl],
+                                },
+                            },
+                        }],
+                    },
+                };
+                break;
+            }
+            case 'ping':
+                response = { jsonrpc: '2.0', id, result: {} };
+                break;
+            case 'notifications/initialized':
+            case 'notifications/cancelled':
+                // JSON-RPC notifications — no id, no response expected
+                return res.status(200).end();
+            default:
+                response = {
+                    jsonrpc: '2.0',
+                    id,
+                    error: { code: JSON_RPC_METHOD_NOT_FOUND, message: `Method not found: ${method}` },
+                };
+        }
+        res.status(200).json(response);
+    } catch (error) {
+        logger.error('Error handling MCP request:', { stack: error.stack });
+        res.status(200).json({
+            jsonrpc: '2.0',
+            id: req.body?.id || null,
+            error: {
+                code: JSON_RPC_INTERNAL_ERROR,
+                message: 'Internal server error',
+                data: { error: error.message },
+            },
+        });
+    }
+}
+/**
+ * Handle widget tool calls via direct HTTP (bypasses MCP protocol).
+ * The ChatGPT postMessage bridge does not forward tool arguments,
+ * so the widget uses fetch() to this endpoint instead.
+ */
+async function handleWidgetToolCall(req, res) {
+    try {
+        logger.info('Widget tool call received. body:', JSON.stringify(req.body));
+        const { tool: toolName, toolArgs: args } = req.body || {};
+        logger.info('Widget tool call parsed:', { toolName, args: JSON.stringify(args) });
+        if (!toolName) {
+            return res.status(400).json({ success: false, error: 'Missing tool name' });
+        }
+        const allWidgetCallable = [...tools.tools, ...tools.widgetTools];
+        const tool = allWidgetCallable.find(t => t.definition.name === toolName);
+        if (!tool) {
+            return res.status(404).json({ success: false, error: `Unknown tool: ${toolName}` });
+        }
+        const result = await tool.execute(args || {});
+        logger.info('Widget tool call result:', { toolName, success: result?.success });
+        res.json(result);
+    } catch (error) {
+        logger.error('Widget tool call error:', { stack: error.stack });
+        res.status(500).json({
+            success: false,
+            error: error.message || 'Internal server error',
+        });
+    }
+}
+exports.handleMcpRequest = handleMcpRequest;
+exports.handleWidgetToolCall = handleWidgetToolCall;