0nmcp 3.2.2 → 4.5.0

package/crm/supabase-session-storage.js

@@ -0,0 +1,54 @@
+// ============================================================
+// 0nMCP — Supabase Session Storage for HighLevel SDK
+// ============================================================
+// Replaces in-memory token storage with persistent Supabase.
+// Auto-refresh handled by SDK, we just store/retrieve.
+//
+// Table: crm_oauth_sessions (on pwujhhmlrtxjmjzyttwn)
+// ============================================================
+
+const SUPABASE_URL = process.env.NEXT_PUBLIC_SUPABASE_URL || "https://pwujhhmlrtxjmjzyttwn.supabase.co";
+const SUPABASE_KEY = process.env.SUPABASE_SERVICE_ROLE_KEY || "";
+
+async function sb(path, method = "GET", body = null) {
+  const opts = {
+    method,
+    headers: {
+      apikey: SUPABASE_KEY,
+      Authorization: `Bearer ${SUPABASE_KEY}`,
+      "Content-Type": "application/json",
+      Prefer: method === "POST" ? "return=representation,resolution=merge-duplicates" : "return=representation",
+    },
+  };
+  if (body) opts.body = JSON.stringify(body);
+  const res = await fetch(`${SUPABASE_URL}/rest/v1${path}`, opts);
+  if (!res.ok) return null;
+  const data = await res.json();
+  return Array.isArray(data) ? data[0] || null : data;
+}
+
+/**
+ * Supabase session storage adapter for @gohighlevel/api-client
+ * Implements the SessionStorage interface: get, set, delete
+ */
+export class SupabaseSessionStorage {
+  async get(key) {
+    const row = await sb(`/crm_oauth_sessions?session_key=eq.${encodeURIComponent(key)}&select=*`);
+    if (!row) return null;
+    return row.session_data;
+  }
+
+  async set(key, value) {
+    await sb("/crm_oauth_sessions", "POST", {
+      session_key: key,
+      session_data: value,
+      updated_at: new Date().toISOString(),
+    });
+  }
+
+  async delete(key) {
+    await sb(`/crm_oauth_sessions?session_key=eq.${encodeURIComponent(key)}`, "DELETE");
+  }
+}
+
+export default SupabaseSessionStorage;

package/crm/surveys-forms.js

@@ -0,0 +1,96 @@
+// ============================================================
+// 0nMCP — CRM Surveys & Forms SDK Tools
+// ============================================================
+// Submission fetching, search, analytics, file upload.
+// Complements data-driven list tools in funnels.js.
+// ============================================================
+
+import getSDK from "./sdk.js";
+
+export function registerSurveyFormTools(server, z) {
+
+  server.tool(
+    "crm_sdk_survey_submissions",
+    "Get survey submissions with search, pagination, and date filtering. Returns respondent data, answers, and metadata.",
+    {
+      location_id: z.string().describe("CRM location ID"),
+      survey_id: z.string().optional().describe("Filter to specific survey ID"),
+      query: z.string().optional().describe("Search by name or email"),
+      page: z.number().optional().describe("Page number (default 1)"),
+      limit: z.number().optional().describe("Results per page (default 20)"),
+      start_at: z.string().optional().describe("Start date (ISO)"),
+      end_at: z.string().optional().describe("End date (ISO)"),
+    },
+    async ({ location_id, survey_id, query, page, limit, start_at, end_at }) => {
+      try {
+        const sdk = await getSDK();
+        const result = await sdk.surveys.getSurveysSubmissions({
+          locationId: location_id,
+          surveyId: survey_id || undefined,
+          q: query || undefined,
+          page: page || 1,
+          limit: limit || 20,
+          startAt: start_at || undefined,
+          endAt: end_at || undefined,
+        });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+      } catch (err) {
+        return { content: [{ type: "text", text: JSON.stringify({ error: err.message }) }] };
+      }
+    }
+  );
+
+  server.tool(
+    "crm_sdk_form_submissions",
+    "Get form submissions with search, pagination, and date filtering. Returns field values, contact info, and event data.",
+    {
+      location_id: z.string().describe("CRM location ID"),
+      form_id: z.string().optional().describe("Filter to specific form ID"),
+      query: z.string().optional().describe("Search query"),
+      page: z.number().optional().describe("Page number (default 1)"),
+      limit: z.number().optional().describe("Results per page (default 20)"),
+      start_at: z.string().optional().describe("Start date (ISO)"),
+      end_at: z.string().optional().describe("End date (ISO)"),
+    },
+    async ({ location_id, form_id, query, page, limit, start_at, end_at }) => {
+      try {
+        const sdk = await getSDK();
+        const result = await sdk.forms.getFormsSubmissions({
+          locationId: location_id,
+          formId: form_id || undefined,
+          q: query || undefined,
+          page: page || 1,
+          limit: limit || 20,
+          startAt: start_at || undefined,
+          endAt: end_at || undefined,
+        });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+      } catch (err) {
+        return { content: [{ type: "text", text: JSON.stringify({ error: err.message }) }] };
+      }
+    }
+  );
+
+  server.tool(
+    "crm_form_upload_file",
+    "Upload a file to a contact's custom field via the forms API.",
+    {
+      location_id: z.string().describe("CRM location ID"),
+      contact_id: z.string().describe("Contact ID"),
+      file_url: z.string().describe("URL of file to upload"),
+    },
+    async ({ location_id, contact_id, file_url }) => {
+      try {
+        const sdk = await getSDK();
+        const result = await sdk.forms.uploadToCustomFields({
+          locationId: location_id,
+          contactId: contact_id,
+          fileUrl: file_url,
+        });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+      } catch (err) {
+        return { content: [{ type: "text", text: JSON.stringify({ error: err.message }) }] };
+      }
+    }
+  );
+}

package/crm/user-context.js

@@ -0,0 +1,103 @@
+// ============================================================
+// 0nMCP — CRM Marketplace App User Context
+// ============================================================
+// Decrypt user session data from marketplace app embeds.
+// Uses shared secret from marketplace app settings.
+//
+// Frontend: window.exposeSessionDetails(APP_ID) → encrypted
+// Backend: decrypt with shared secret → user/location data
+// ============================================================
+
+import { createDecipheriv, createHash } from "crypto";
+
+const SHARED_SECRET = process.env.CRM_MARKETPLACE_SHARED_SECRET || "a420cba6-4e6e-47ba-80e6-75cb57ebf71a";
+
+/**
+ * Decrypt user context from marketplace app embed.
+ * CRM encrypts with AES using the shared secret.
+ *
+ * @param {string} encryptedData - Base64 encrypted payload from frontend
+ * @returns {Object} Decrypted user context
+ */
+export function decryptUserContext(encryptedData) {
+  try {
+    // CryptoJS AES decrypt compatible
+    const rawData = Buffer.from(encryptedData, "base64");
+
+    // CryptoJS format: "Salted__" + 8-byte salt + ciphertext
+    const isSalted = rawData.slice(0, 8).toString("utf8") === "Salted__";
+
+    if (isSalted) {
+      const salt = rawData.slice(8, 16);
+      const ciphertext = rawData.slice(16);
+
+      // Derive key + IV from password + salt (OpenSSL EVP_BytesToKey)
+      const keyIv = evpBytesToKey(Buffer.from(SHARED_SECRET, "utf8"), salt, 32, 16);
+      const key = keyIv.slice(0, 32);
+      const iv = keyIv.slice(32, 48);
+
+      const decipher = createDecipheriv("aes-256-cbc", key, iv);
+      let decrypted = decipher.update(ciphertext);
+      decrypted = Buffer.concat([decrypted, decipher.final()]);
+
+      return JSON.parse(decrypted.toString("utf8"));
+    }
+
+    // Fallback: try raw AES-256-CBC with key derived from secret
+    const key = createHash("sha256").update(SHARED_SECRET).digest();
+    const iv = rawData.slice(0, 16);
+    const ciphertext = rawData.slice(16);
+
+    const decipher = createDecipheriv("aes-256-cbc", key, iv);
+    let decrypted = decipher.update(ciphertext);
+    decrypted = Buffer.concat([decrypted, decipher.final()]);
+
+    return JSON.parse(decrypted.toString("utf8"));
+  } catch (err) {
+    console.error("[user-context] Decryption failed:", err.message);
+    return null;
+  }
+}
+
+/**
+ * OpenSSL EVP_BytesToKey implementation for CryptoJS compatibility.
+ */
+function evpBytesToKey(password, salt, keyLen, ivLen) {
+  const totalLen = keyLen + ivLen;
+  const result = Buffer.alloc(totalLen);
+  let prev = Buffer.alloc(0);
+  let offset = 0;
+
+  while (offset < totalLen) {
+    const hash = createHash("md5");
+    hash.update(prev);
+    hash.update(password);
+    if (salt) hash.update(salt);
+    prev = hash.digest();
+    const copyLen = Math.min(prev.length, totalLen - offset);
+    prev.copy(result, offset, 0, copyLen);
+    offset += copyLen;
+  }
+
+  return result;
+}
+
+/**
+ * Register user context MCP tool.
+ */
+export function registerUserContextTools(server, z) {
+  server.tool(
+    "crm_decrypt_user_context",
+    "Decrypt encrypted user session data from a CRM marketplace app embed. Returns userId, companyId, locationId, email, role.",
+    {
+      encrypted_data: z.string().describe("Base64 encrypted payload from window.exposeSessionDetails()"),
+    },
+    async ({ encrypted_data }) => {
+      const userData = decryptUserContext(encrypted_data);
+      if (!userData) {
+        return { content: [{ type: "text", text: JSON.stringify({ error: "Decryption failed" }) }] };
+      }
+      return { content: [{ type: "text", text: JSON.stringify(userData, null, 2) }] };
+    }
+  );
+}

package/lib/stats.json

@@ -1,5 +1,5 @@
 {
-  "generated": "2026-04-05T23:05:07.794Z",
+  "generated": "2026-04-20T15:07:46.869Z",
   "catalogVersion": "3.0.0",
   "services": 96,
   "tools": 1280,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "0nmcp",
-  "version": "3.2.2",
+  "version": "4.5.0",
   "mcpName": "io.github.0nork/0nMCP",
   "description": "Universal AI API Orchestrator — 1554 tools, 96 services, portable AI Brain bundles + machine-bound vault encryption + Application Engine. The most comprehensive MCP server available. Free and open source from 0nORK.",
   "type": "module",
@@ -151,7 +151,7 @@
     "email": "hello@0nork.com",
     "url": "https://0nork.com"
   },
-  "license": "MIT",
+  "license": "BSL-1.1",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/0nork/0nMCP.git"
@@ -164,6 +164,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
+    "@gohighlevel/api-client": "^2.2.2",
     "@modelcontextprotocol/sdk": "^1.26.0",
     "@supabase/supabase-js": "^2.99.3",
     "argon2": "^0.44.0",
@@ -219,6 +220,6 @@
     "triggers": 310,
     "totalCapabilities": 2073,
     "categories": 21,
-    "lastUpdated": "2026-04-05T23:05:07.794Z"
+    "lastUpdated": "2026-04-20T15:07:46.869Z"
   }
 }