Summary of work done

• Treated RingCentral demo banner and dedicated Embeddable OAuth app as the active top priority.
• Rechecked prior handoff context and live evidence: LITIFY_ORG is connected, the active page is Collapsible_Matter_Page, and the active LWC is litifyRingCentralPanelV2.
• Confirmed the current V2 iframe intentionally omits clientId, which keeps staff sign-in from hitting the old OAuth error but leaves the RingCentral default/demo app identity banner.
• Confirmed the stored RingCentral client ID is still unsafe for this panel because the RingCentral authorize endpoint returns OAU-113 and invalid_client for the required Embeddable redirect URI.
• Preserved live-before metadata under the RingCentral priority repair folder and added rollback instructions.
• Added a validator script that future agents can run against a new RingCentral client ID before any Salesforce deploy.
• Added a QA mirror at /Users/samaguiar/Documents/Codex/_qa-queue/2026-05-23-ringcentral-demo-banner-oauth-priority.md.

What shipped

• No live Salesforce metadata was changed, because deploying the old client ID would likely recreate the staff sign-in failure.
• Local repair packet created at /Users/samaguiar/Documents/Projects/Repos/sail-litify/Litify_AI_Integration_Project/salesforce-metadata/tmp/ringcentral-oauth-priority-2026-05-23/.
• Repair packet includes ROLLBACK.md, STATUS.md, and validate-embeddable-client-id.mjs.

Current blocker

• A dedicated production RingCentral Embeddable OAuth app client ID is still needed.
• The known-good deploy gate is: validate the new client ID against https://apps.ringcentral.com/integration/ringcentral-embeddable/latest/redirect.html; only then update Salesforce.
• Prior and current browser attempts are still outside a usable RingCentral Developer Console app creation screen. If MFA or account selection appears, that is the practical handoff point.

Suggested next steps

• Continue from the RingCentral Developer Console, create or repair the app named SAIL Litify RingCentral Embeddable, and use the required Embeddable redirect URI.
• Validate the resulting client ID with the local validator script.
• Then update the V2 panel configuration, run check-only deploy, deploy live, and browser-QA a live Matter tab.