0nmcp 3.2.1 → 4.0.0

package/crm/phone-system.js

@@ -0,0 +1,88 @@
+// ============================================================
+// 0nMCP — CRM Phone System API Tool Definitions
+// ============================================================
+// Phone number purchasing, management, and number pools.
+// Scopes: phonenumbers.read, phonenumbers.write, numberpools.read
+// ============================================================
+
+export default [
+  {
+    name: "crm_purchase_phone_number",
+    description: "Purchase a phone number for a CRM location. Specify country, capabilities (voice/sms), and optionally an area code or contains pattern.",
+    method: "POST",
+    path: "/phone-number/purchase",
+    params: {
+      locationId: { type: "string", description: "Location ID", required: true, in: "body" },
+      number: { type: "string", description: "Specific phone number to purchase (E.164 format, e.g. +14155551234)", required: false, in: "body" },
+      country: { type: "string", description: "Country code (US, CA, GB, etc.)", required: false, in: "body" },
+      areaCode: { type: "string", description: "Desired area code (e.g. 412, 724)", required: false, in: "body" },
+      contains: { type: "string", description: "Pattern the number should contain", required: false, in: "body" },
+      capabilities: { type: "array", description: "Capabilities: ['voice', 'sms', 'mms']", required: false, in: "body" },
+    },
+    body: ["locationId", "number", "country", "areaCode", "contains", "capabilities"],
+  },
+
+  {
+    name: "crm_search_phone_numbers",
+    description: "Search available phone numbers to purchase by area code, country, or pattern.",
+    method: "GET",
+    path: "/phone-number/search",
+    params: {
+      locationId: { type: "string", description: "Location ID", required: true, in: "query" },
+      country: { type: "string", description: "Country code (US, CA, GB, etc.)", required: false, in: "query" },
+      areaCode: { type: "string", description: "Area code to search (e.g. 412)", required: false, in: "query" },
+      contains: { type: "string", description: "Pattern to search for", required: false, in: "query" },
+      type: { type: "string", description: "Number type: local, tollfree, mobile", required: false, in: "query" },
+      limit: { type: "number", description: "Max results", required: false, in: "query" },
+    },
+  },
+
+  {
+    name: "crm_list_active_numbers",
+    description: "List all active phone numbers for a location with pagination.",
+    method: "GET",
+    path: "/phone-number/active",
+    params: {
+      locationId: { type: "string", description: "Location ID", required: true, in: "query" },
+      page: { type: "number", description: "Page number", required: false, in: "query" },
+      pageSize: { type: "number", description: "Results per page", required: false, in: "query" },
+      searchFilter: { type: "string", description: "Filter by number or label", required: false, in: "query" },
+    },
+  },
+
+  {
+    name: "crm_release_phone_number",
+    description: "Release (cancel) a phone number from a location.",
+    method: "DELETE",
+    path: "/phone-number/:phoneNumberId",
+    params: {
+      phoneNumberId: { type: "string", description: "Phone number ID to release", required: true, in: "path" },
+      locationId: { type: "string", description: "Location ID", required: true, in: "query" },
+    },
+  },
+
+  {
+    name: "crm_update_phone_number",
+    description: "Update phone number settings — label, forwarding, voicemail, call recording.",
+    method: "PUT",
+    path: "/phone-number/:phoneNumberId",
+    params: {
+      phoneNumberId: { type: "string", description: "Phone number ID", required: true, in: "path" },
+      locationId: { type: "string", description: "Location ID", required: true, in: "body" },
+      name: { type: "string", description: "Label/name for the number", required: false, in: "body" },
+      forwardingNumber: { type: "string", description: "Forward calls to this number", required: false, in: "body" },
+      callRecording: { type: "boolean", description: "Enable call recording", required: false, in: "body" },
+    },
+    body: ["locationId", "name", "forwardingNumber", "callRecording"],
+  },
+
+  {
+    name: "crm_list_number_pools",
+    description: "List number pools for a location (used for call tracking).",
+    method: "GET",
+    path: "/phone-number/number-pool",
+    params: {
+      locationId: { type: "string", description: "Location ID", required: true, in: "query" },
+    },
+  },
+]

package/crm/saas-management.js

@@ -0,0 +1,72 @@
+// ============================================================
+// 0nMCP — CRM SaaS Management Tools (SDK-powered)
+// ============================================================
+// SDK-only tools that complement the data-driven saas.js module.
+// These use the SDK directly for methods not in the REST catalog.
+// ============================================================
+
+import getSDK from "./sdk.js";
+
+export function registerSaasManagementTools(server, z) {
+
+  server.tool(
+    "crm_saas_generate_payment_link",
+    "Generate a payment link for a sub-account to pay for their SaaS subscription.",
+    {
+      company_id: z.string().describe("Agency company ID"),
+      location_id: z.string().describe("Location ID"),
+    },
+    async ({ company_id, location_id }) => {
+      try {
+        const sdk = await getSDK();
+        const result = await sdk.saasApi.generatePaymentLink({
+          companyId: company_id,
+          locationId: location_id,
+        });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+      } catch (err) {
+        return { content: [{ type: "text", text: JSON.stringify({ error: err.message }) }] };
+      }
+    }
+  );
+
+  server.tool(
+    "crm_saas_get_company_info",
+    "Get agency company details — name, settings, billing configuration.",
+    {
+      company_id: z.string().describe("Agency company ID"),
+    },
+    async ({ company_id }) => {
+      try {
+        const sdk = await getSDK();
+        const result = await sdk.companies.getCompany({ companyId: company_id });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+      } catch (err) {
+        return { content: [{ type: "text", text: JSON.stringify({ error: err.message }) }] };
+      }
+    }
+  );
+
+  server.tool(
+    "crm_saas_update_location_rebilling",
+    "Update rebilling/pricing configuration for a specific sub-account location via SDK.",
+    {
+      company_id: z.string().describe("Agency company ID"),
+      location_id: z.string().describe("Location ID"),
+      config: z.record(z.any()).describe("Rebilling configuration object"),
+    },
+    async ({ company_id, location_id, config }) => {
+      try {
+        const sdk = await getSDK();
+        const result = await sdk.saasApi.updateRebilling({
+          companyId: company_id,
+          locationId: location_id,
+          ...config,
+        });
+        return { content: [{ type: "text", text: JSON.stringify({ updated: true, data: result }, null, 2) }] };
+      } catch (err) {
+        return { content: [{ type: "text", text: JSON.stringify({ error: err.message }) }] };
+      }
+    }
+  );
+}

package/crm/sdk.js

@@ -0,0 +1,60 @@
+// ============================================================
+// 0nMCP — HighLevel SDK Singleton
+// ============================================================
+// Initialized once with 0nCORE marketplace app credentials.
+// Supabase-backed session storage for persistent OAuth tokens.
+// Every module available: courses, voiceAi, marketplace, etc.
+// ============================================================
+
+import { SupabaseSessionStorage } from "./supabase-session-storage.js";
+
+let _sdk = null;
+let _initPromise = null;
+
+const CLIENT_ID = process.env.CRM_MARKETPLACE_CLIENT_ID || "69c762225a31e1cd2f28dd4c-mnu5pazi";
+const CLIENT_SECRET = process.env.CRM_MARKETPLACE_CLIENT_SECRET || "92cb8fc3-2b23-40bf-adce-6b6afe9b8445";
+
+/**
+ * Get the HighLevel SDK singleton.
+ * Lazy-loads and initializes with Supabase session storage.
+ */
+export async function getSDK() {
+  if (_sdk) return _sdk;
+  if (_initPromise) return _initPromise;
+
+  _initPromise = (async () => {
+    const { HighLevel } = await import("@gohighlevel/api-client");
+
+    _sdk = new HighLevel({
+      clientId: CLIENT_ID,
+      clientSecret: CLIENT_SECRET,
+      sessionStorage: new SupabaseSessionStorage(),
+    });
+
+    console.error("[0nMCP] HighLevel SDK initialized with Supabase session storage");
+    return _sdk;
+  })();
+
+  return _initPromise;
+}
+
+/**
+ * Store an OAuth token in the SDK's session storage.
+ * Call this after OAuth callback to persist tokens.
+ */
+export async function storeOAuthToken(locationId, tokenData) {
+  const sdk = await getSDK();
+  const key = `location:${locationId}`;
+  await sdk.config.sessionStorage.set(key, {
+    access_token: tokenData.access_token,
+    refresh_token: tokenData.refresh_token,
+    expires_at: Date.now() + (tokenData.expires_in || 86400) * 1000,
+    location_id: locationId,
+    company_id: tokenData.companyId || null,
+    token_type: tokenData.token_type || "Bearer",
+    scope: tokenData.scope || "",
+  });
+  console.error(`[0nMCP] OAuth token stored for location ${locationId}`);
+}
+
+export default getSDK;

package/crm/supabase-session-storage.js

@@ -0,0 +1,54 @@
+// ============================================================
+// 0nMCP — Supabase Session Storage for HighLevel SDK
+// ============================================================
+// Replaces in-memory token storage with persistent Supabase.
+// Auto-refresh handled by SDK, we just store/retrieve.
+//
+// Table: crm_oauth_sessions (on pwujhhmlrtxjmjzyttwn)
+// ============================================================
+
+const SUPABASE_URL = process.env.NEXT_PUBLIC_SUPABASE_URL || "https://pwujhhmlrtxjmjzyttwn.supabase.co";
+const SUPABASE_KEY = process.env.SUPABASE_SERVICE_ROLE_KEY || "";
+
+async function sb(path, method = "GET", body = null) {
+  const opts = {
+    method,
+    headers: {
+      apikey: SUPABASE_KEY,
+      Authorization: `Bearer ${SUPABASE_KEY}`,
+      "Content-Type": "application/json",
+      Prefer: method === "POST" ? "return=representation,resolution=merge-duplicates" : "return=representation",
+    },
+  };
+  if (body) opts.body = JSON.stringify(body);
+  const res = await fetch(`${SUPABASE_URL}/rest/v1${path}`, opts);
+  if (!res.ok) return null;
+  const data = await res.json();
+  return Array.isArray(data) ? data[0] || null : data;
+}
+
+/**
+ * Supabase session storage adapter for @gohighlevel/api-client
+ * Implements the SessionStorage interface: get, set, delete
+ */
+export class SupabaseSessionStorage {
+  async get(key) {
+    const row = await sb(`/crm_oauth_sessions?session_key=eq.${encodeURIComponent(key)}&select=*`);
+    if (!row) return null;
+    return row.session_data;
+  }
+
+  async set(key, value) {
+    await sb("/crm_oauth_sessions", "POST", {
+      session_key: key,
+      session_data: value,
+      updated_at: new Date().toISOString(),
+    });
+  }
+
+  async delete(key) {
+    await sb(`/crm_oauth_sessions?session_key=eq.${encodeURIComponent(key)}`, "DELETE");
+  }
+}
+
+export default SupabaseSessionStorage;

package/crm/surveys-forms.js

@@ -0,0 +1,96 @@
+// ============================================================
+// 0nMCP — CRM Surveys & Forms SDK Tools
+// ============================================================
+// Submission fetching, search, analytics, file upload.
+// Complements data-driven list tools in funnels.js.
+// ============================================================
+
+import getSDK from "./sdk.js";
+
+export function registerSurveyFormTools(server, z) {
+
+  server.tool(
+    "crm_sdk_survey_submissions",
+    "Get survey submissions with search, pagination, and date filtering. Returns respondent data, answers, and metadata.",
+    {
+      location_id: z.string().describe("CRM location ID"),
+      survey_id: z.string().optional().describe("Filter to specific survey ID"),
+      query: z.string().optional().describe("Search by name or email"),
+      page: z.number().optional().describe("Page number (default 1)"),
+      limit: z.number().optional().describe("Results per page (default 20)"),
+      start_at: z.string().optional().describe("Start date (ISO)"),
+      end_at: z.string().optional().describe("End date (ISO)"),
+    },
+    async ({ location_id, survey_id, query, page, limit, start_at, end_at }) => {
+      try {
+        const sdk = await getSDK();
+        const result = await sdk.surveys.getSurveysSubmissions({
+          locationId: location_id,
+          surveyId: survey_id || undefined,
+          q: query || undefined,
+          page: page || 1,
+          limit: limit || 20,
+          startAt: start_at || undefined,
+          endAt: end_at || undefined,
+        });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+      } catch (err) {
+        return { content: [{ type: "text", text: JSON.stringify({ error: err.message }) }] };
+      }
+    }
+  );
+
+  server.tool(
+    "crm_sdk_form_submissions",
+    "Get form submissions with search, pagination, and date filtering. Returns field values, contact info, and event data.",
+    {
+      location_id: z.string().describe("CRM location ID"),
+      form_id: z.string().optional().describe("Filter to specific form ID"),
+      query: z.string().optional().describe("Search query"),
+      page: z.number().optional().describe("Page number (default 1)"),
+      limit: z.number().optional().describe("Results per page (default 20)"),
+      start_at: z.string().optional().describe("Start date (ISO)"),
+      end_at: z.string().optional().describe("End date (ISO)"),
+    },
+    async ({ location_id, form_id, query, page, limit, start_at, end_at }) => {
+      try {
+        const sdk = await getSDK();
+        const result = await sdk.forms.getFormsSubmissions({
+          locationId: location_id,
+          formId: form_id || undefined,
+          q: query || undefined,
+          page: page || 1,
+          limit: limit || 20,
+          startAt: start_at || undefined,
+          endAt: end_at || undefined,
+        });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+      } catch (err) {
+        return { content: [{ type: "text", text: JSON.stringify({ error: err.message }) }] };
+      }
+    }
+  );
+
+  server.tool(
+    "crm_form_upload_file",
+    "Upload a file to a contact's custom field via the forms API.",
+    {
+      location_id: z.string().describe("CRM location ID"),
+      contact_id: z.string().describe("Contact ID"),
+      file_url: z.string().describe("URL of file to upload"),
+    },
+    async ({ location_id, contact_id, file_url }) => {
+      try {
+        const sdk = await getSDK();
+        const result = await sdk.forms.uploadToCustomFields({
+          locationId: location_id,
+          contactId: contact_id,
+          fileUrl: file_url,
+        });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+      } catch (err) {
+        return { content: [{ type: "text", text: JSON.stringify({ error: err.message }) }] };
+      }
+    }
+  );
+}

package/crm/user-context.js

@@ -0,0 +1,103 @@
+// ============================================================
+// 0nMCP — CRM Marketplace App User Context
+// ============================================================
+// Decrypt user session data from marketplace app embeds.
+// Uses shared secret from marketplace app settings.
+//
+// Frontend: window.exposeSessionDetails(APP_ID) → encrypted
+// Backend: decrypt with shared secret → user/location data
+// ============================================================
+
+import { createDecipheriv, createHash } from "crypto";
+
+const SHARED_SECRET = process.env.CRM_MARKETPLACE_SHARED_SECRET || "a420cba6-4e6e-47ba-80e6-75cb57ebf71a";
+
+/**
+ * Decrypt user context from marketplace app embed.
+ * CRM encrypts with AES using the shared secret.
+ *
+ * @param {string} encryptedData - Base64 encrypted payload from frontend
+ * @returns {Object} Decrypted user context
+ */
+export function decryptUserContext(encryptedData) {
+  try {
+    // CryptoJS AES decrypt compatible
+    const rawData = Buffer.from(encryptedData, "base64");
+
+    // CryptoJS format: "Salted__" + 8-byte salt + ciphertext
+    const isSalted = rawData.slice(0, 8).toString("utf8") === "Salted__";
+
+    if (isSalted) {
+      const salt = rawData.slice(8, 16);
+      const ciphertext = rawData.slice(16);
+
+      // Derive key + IV from password + salt (OpenSSL EVP_BytesToKey)
+      const keyIv = evpBytesToKey(Buffer.from(SHARED_SECRET, "utf8"), salt, 32, 16);
+      const key = keyIv.slice(0, 32);
+      const iv = keyIv.slice(32, 48);
+
+      const decipher = createDecipheriv("aes-256-cbc", key, iv);
+      let decrypted = decipher.update(ciphertext);
+      decrypted = Buffer.concat([decrypted, decipher.final()]);
+
+      return JSON.parse(decrypted.toString("utf8"));
+    }
+
+    // Fallback: try raw AES-256-CBC with key derived from secret
+    const key = createHash("sha256").update(SHARED_SECRET).digest();
+    const iv = rawData.slice(0, 16);
+    const ciphertext = rawData.slice(16);
+
+    const decipher = createDecipheriv("aes-256-cbc", key, iv);
+    let decrypted = decipher.update(ciphertext);
+    decrypted = Buffer.concat([decrypted, decipher.final()]);
+
+    return JSON.parse(decrypted.toString("utf8"));
+  } catch (err) {
+    console.error("[user-context] Decryption failed:", err.message);
+    return null;
+  }
+}
+
+/**
+ * OpenSSL EVP_BytesToKey implementation for CryptoJS compatibility.
+ */
+function evpBytesToKey(password, salt, keyLen, ivLen) {
+  const totalLen = keyLen + ivLen;
+  const result = Buffer.alloc(totalLen);
+  let prev = Buffer.alloc(0);
+  let offset = 0;
+
+  while (offset < totalLen) {
+    const hash = createHash("md5");
+    hash.update(prev);
+    hash.update(password);
+    if (salt) hash.update(salt);
+    prev = hash.digest();
+    const copyLen = Math.min(prev.length, totalLen - offset);
+    prev.copy(result, offset, 0, copyLen);
+    offset += copyLen;
+  }
+
+  return result;
+}
+
+/**
+ * Register user context MCP tool.
+ */
+export function registerUserContextTools(server, z) {
+  server.tool(
+    "crm_decrypt_user_context",
+    "Decrypt encrypted user session data from a CRM marketplace app embed. Returns userId, companyId, locationId, email, role.",
+    {
+      encrypted_data: z.string().describe("Base64 encrypted payload from window.exposeSessionDetails()"),
+    },
+    async ({ encrypted_data }) => {
+      const userData = decryptUserContext(encrypted_data);
+      if (!userData) {
+        return { content: [{ type: "text", text: JSON.stringify({ error: "Decryption failed" }) }] };
+      }
+      return { content: [{ type: "text", text: JSON.stringify(userData, null, 2) }] };
+    }
+  );
+}

package/lib/stats.json

@@ -1,5 +1,5 @@
 {
-  "generated": "2026-04-05T22:06:13.010Z",
+  "generated": "2026-04-20T04:31:57.943Z",
   "catalogVersion": "3.0.0",
   "services": 96,
   "tools": 1280,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "0nmcp",
-  "version": "3.2.1",
+  "version": "4.0.0",
   "mcpName": "io.github.0nork/0nMCP",
   "description": "Universal AI API Orchestrator — 1554 tools, 96 services, portable AI Brain bundles + machine-bound vault encryption + Application Engine. The most comprehensive MCP server available. Free and open source from 0nORK.",
   "type": "module",
@@ -164,6 +164,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
+    "@gohighlevel/api-client": "^2.2.2",
     "@modelcontextprotocol/sdk": "^1.26.0",
     "@supabase/supabase-js": "^2.99.3",
     "argon2": "^0.44.0",
@@ -219,6 +220,6 @@
     "triggers": 310,
     "totalCapabilities": 2073,
     "categories": 21,
-    "lastUpdated": "2026-04-05T22:06:13.010Z"
+    "lastUpdated": "2026-04-20T04:31:57.943Z"
   }
 }