feat: remove Revert.dev dependency from Pipedrive integration

[anikdhabal]

What does this PR do?

Removes the dependency on Revert.dev from the Pipedrive CRM integration and implements direct OAuth2 authentication with Pipedrive's native API. The changes follow the same patterns used by other CRM integrations in the codebase (particularly HubSpot and Zoom).

• Fixes Native Pipedrive integration #16797

Summary

Key Changes:

• OAuth Flow: Replaced Revert redirect with direct Pipedrive OAuth2 authorization
• API Integration: Converted all API calls from Revert's unified format to Pipedrive's native REST API
• Token Management: Implemented proper OAuth token refresh using Cal.com's OAuthManager pattern (same as Zoom, Google Calendar, etc.)
• Environment Variables: Removed REVERT_* variables, now requires PIPEDRIVE_CLIENT_ID and PIPEDRIVE_CLIENT_SECRET
• Data Mapping: Mapped contact and activity data between Revert's unified format and Pipedrive's native structure

Breaking Change: Existing Pipedrive integrations will need to be reconfigured with new OAuth credentials.

Updates since last revision

• Refactored CrmService.ts to use Cal.com's OAuthManager for proper token management
• Added getPipedriveAppKeys helper function for client credentials extraction with Zod validation
• Implemented requestPipedrive helper method that uses OAuthManager.request() for all API calls
• Added proper token refresh callbacks (isTokenObjectUnusable, isAccessTokenUnusable) to detect Pipedrive error responses
• Added validation for token endpoint response in callback.ts - now returns proper error when OAuth code exchange fails
• Merged latest main branch to ensure compatibility

Diagram

%%{ init : { "theme" : "default" }}%%
graph TB
    subgraph "OAuth Flow"
        A["api/add.ts<br/>OAuth Authorization"]:::major-edit
        B["api/callback.ts<br/>Token Exchange"]:::major-edit
    end
    
    subgraph "CRM Integration"
        C["lib/CrmService.ts<br/>Pipedrive API Client"]:::major-edit
        D["lib/getPipedriveAppKeys.ts<br/>Credentials Helper"]:::major-edit
        E["config.json<br/>App Configuration"]:::minor-edit
    end
    
    subgraph "External APIs"
        F["Pipedrive OAuth API<br/>oauth.pipedrive.com"]:::context
        G["Pipedrive REST API<br/>api.pipedrive.com"]:::context
    end
    
    A --> B
    B --> C
    C --> G
    A --> F
    B --> F
    C --> D
    
    classDef major-edit fill:#90EE90
    classDef minor-edit fill:#ADD8E6
    classDef context fill:#FFFFFF

Loading

Mandatory Tasks (DO NOT REMOVE)

• I have self-reviewed the code (A decent size PR without self-review might be rejected).
• I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. N/A - environment variable changes are documented in .env.appStore.example
• I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

Environment Variables Required:

• PIPEDRIVE_CLIENT_ID - OAuth client ID from Pipedrive developer portal
• PIPEDRIVE_CLIENT_SECRET - OAuth client secret from Pipedrive developer portal

Test Plan:

1. Set up a Pipedrive developer account and create an OAuth app
2. Configure the environment variables above
3. Test the integration setup flow in Cal.com (OAuth authorization)
4. Create a test booking and verify it creates contacts and activities in Pipedrive
5. Test updating and canceling bookings
6. Important: Test token refresh by waiting for token expiry or manually expiring the token

Review Checklist for Human:

• Verify OAuthManager integration correctly handles token refresh
• Test isTokenObjectUnusable callback detects "invalid_grant" errors
• Test isAccessTokenUnusable callback detects 401 responses
• Verify api_domain is correctly preserved and updated in token object
• Test contact creation and search with real Pipedrive data
• Test activity/meeting CRUD operations

Notes

• OAuth Scopes: Using comprehensive scopes: deals:read,deals:write,persons:read,persons:write,activities:read,activities:write
• API Mapping: Activities are used for meetings/events instead of a separate events API, following Pipedrive's data model
• Token Storage: Uses Cal.com's standard credential storage with expiry_date in milliseconds
• No automated tests: This integration requires real Pipedrive API credentials to test properly

---

Session Info:

• Link to Devin run: https://app.devin.ai/sessions/e175c40829e243e9a355616269b10acf
• Originally requested by: [email protected] (@anikdhabal)

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR that start with 'DevinAI'.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch devin/remove-revert-pipedrive-1752520608

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

4 Skipped Deployments

Project	Deployment	Review	Updated (UTC)
api-v2	Ignored	Preview	Jan 7, 2026 5:41pm
cal	Ignored	Preview	Jan 7, 2026 5:41pm
cal-companion	Ignored	Preview	Jan 7, 2026 5:41pm
cal-eu	Ignored	Preview	Jan 7, 2026 5:41pm

[delve-auditor]

✅ No security or compliance issues detected. Reviewed everything up to 9b9d86b.

Security Overview

• 🔎 Scanned files: 6 changed file(s)

Detected Code Changes

Change Type	Relevant files
Configuration changes	► .env.appStore.example     Remove REVERT-related environment variables ► turbo.json     Remove REVERT environment variables
Enhancement	► add.ts     Implement direct Pipedrive OAuth flow ► callback.ts     Add Pipedrive token exchange handling ► config.json     Update app configuration for direct Pipedrive integration ► CrmService.ts     Replace Revert API with direct Pipedrive API implementation

Reply to this PR with @delve-auditor followed by a description of what change you want and we'll auto-submit a change to this PR to implement it.

[github-actions]

This PR is being marked as stale due to inactivity.

[hariombalhara]

@anikdhabal We have OAuthManager that we use for Google Calendar and Microsoft Office. I believe zoom too.
Can you check if we can use that here.

The benefit with OAuthManager approach is that it automatically handles invalidation of credential , plus supports credential sync feature out of the box.

[devin-ai-integration]

❌ Cannot revive Devin session - the session is too old. Please start a new session instead.

[github-actions]

Devin AI is completing this stale PR

This PR by @anikdhabal has been marked as stale. A Devin session has been created to complete the remaining work.

View Devin Session

---

Devin will review the PR, address any feedback, and push updates to complete this PR.

[devin-ai-integration]

Summary of Completed Work

I've reviewed and completed this PR to remove the Revert.dev dependency from the Pipedrive CRM integration. Here's what was done:

Review Feedback Addressed

1. OAuthManager Integration (requested by @hariombalhara): The PR now uses Cal.com's OAuthManager pattern for token management, which provides automatic credential invalidation and credential sync support out of the box. This follows the same pattern used by Google Calendar, Microsoft Office, and Zoom integrations.

2. Client Credentials Abstraction (requested by @hariombalhara): A getPipedriveAppKeys() helper function was created in lib/getPipedriveAppKeys.ts that abstracts the client_id/client_secret extraction with proper Zod validation. This function is reused in both callback.ts and CrmService.ts.

3. Refresh Token Update (noted by @cubic-dev-ai): The OAuthManager pattern handles token refresh properly, including updating the api_domain in the instance when it changes.

Key Changes

• OAuth Flow: Direct Pipedrive OAuth2 authorization (removed Revert redirect)
• API Integration: Native Pipedrive REST API calls (removed Revert's unified format)
• Token Management: Uses OAuthManager with proper callbacks for token refresh, invalidation, and expiration
• Environment Variables: Removed REVERT_* variables, now requires PIPEDRIVE_CLIENT_ID and PIPEDRIVE_CLIENT_SECRET

Verification

• Merged latest main branch
• Type checks pass for the pipedrive-crm package
• Unit tests pass (500 test files, 4965 tests)

The PR is ready for review.

[cubic-dev-ai]

3 issues found across 7 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="packages/app-store/pipedrive-crm/api/callback.ts">

<violation number="1" location="packages/app-store/pipedrive-crm/api/callback.ts:48">
P2: Return a 400 error when the OAuth provider does not supply a `code` instead of sending an empty string to the token endpoint.</violation>

<violation number="2" location="packages/app-store/pipedrive-crm/api/callback.ts:53">
P1: Validate the token endpoint response before storing it—surface non-200 errors instead of treating them as valid Pipedrive tokens.</violation>
</file>

<file name="packages/app-store/pipedrive-crm/api/add.ts">

<violation number="1" location="packages/app-store/pipedrive-crm/api/add.ts:36">
P1: The new OAuth redirect no longer includes a populated state payload (encodeOAuthState(req) yields undefined for fresh GETs), so the callback loses tenant context. Build and encode a state object (tenant/user identifiers) before redirecting.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[github-actions]

Devin AI is addressing Cubic AI's review feedback

New feedback has been sent to the existing Devin session.

View Devin Session

[hariombalhara]

Code LGTM now !!