@elitedcs/ghl-mcp 3.13.1 → 3.15.0

package/dist/index.js

@@ -31,8 +31,8 @@ var require_package = __commonJS({
   "package.json"(exports2, module2) {
     module2.exports = {
       name: "@elitedcs/ghl-mcp",
-      version: "3.13.1",
-      description: "GoHighLevel MCP Server for Claude. 201 tools \u2014 full CRM, automation, marketing control, and the only programmatic GHL workflow builder.",
+      version: "3.15.0",
+      description: "GoHighLevel MCP Server for Claude. 206 tools \u2014 full CRM, automation, marketing control, and the only programmatic GHL workflow builder, now multi-tenant across client accounts.",
       main: "dist/index.js",
       bin: {
         "ghl-mcp": "dist/index.js"
@@ -337,15 +337,30 @@ function writeCredentials(creds) {
 }
 
 // src/token-registry.ts
-var LocationTokenSchema = import_zod2.z.object({ name: import_zod2.z.string(), apiKey: import_zod2.z.string() });
+var LocationTokenSchema = import_zod2.z.object({
+  name: import_zod2.z.string(),
+  apiKey: import_zod2.z.string(),
+  // The GHL company/agency that owns this location. Routes Firebase auth:
+  // refresh tokens are company-scoped, so working in a client's sub-accounts
+  // (under a different company) requires that company's own Firebase token.
+  companyId: import_zod2.z.string().optional()
+});
+var FirebaseConfigSchema = import_zod2.z.object({
+  apiKey: import_zod2.z.string(),
+  refreshToken: import_zod2.z.string(),
+  userId: import_zod2.z.string()
+});
+var CompanyFirebaseSchema = FirebaseConfigSchema.extend({
+  name: import_zod2.z.string().optional()
+});
 var TokenRegistryDataSchema = import_zod2.z.object({
   tokens: import_zod2.z.record(LocationTokenSchema),
   agencyKey: import_zod2.z.string().optional(),
-  firebase: import_zod2.z.object({
-    apiKey: import_zod2.z.string(),
-    refreshToken: import_zod2.z.string(),
-    userId: import_zod2.z.string()
-  }).optional()
+  // "Home" Firebase — the company the install was set up for (credentials.json).
+  firebase: FirebaseConfigSchema.optional(),
+  // Additional companies' Firebase auth, keyed by GHL companyId. Lets ONE
+  // process operate the workflow builder across multiple clients' GHL accounts.
+  firebaseByCompany: import_zod2.z.record(CompanyFirebaseSchema).optional()
 });
 var TokenRegistry = class {
   data;
@@ -453,11 +468,31 @@ var TokenRegistry = class {
     return this.data.firebase;
   }
   /**
-   * Register a new location with its API key
+   * Register a new location with its API key. Optionally records the owning
+   * companyId (used to route Firebase auth). Re-registering preserves a
+   * previously stored companyId when a new one isn't supplied.
+   */
+  registerLocation(locationId2, name, apiKey2, companyId) {
+    const existing = this.data.tokens[locationId2];
+    const resolvedCompanyId = companyId ?? existing?.companyId;
+    this.data.tokens[locationId2] = {
+      name,
+      apiKey: apiKey2,
+      ...resolvedCompanyId ? { companyId: resolvedCompanyId } : {}
+    };
+    this.save();
+  }
+  /**
+   * Backfill/update the companyId on an already-registered location.
+   * Returns true if a token existed and was updated.
    */
-  registerLocation(locationId2, name, apiKey2) {
-    this.data.tokens[locationId2] = { name, apiKey: apiKey2 };
+  setLocationCompanyId(locationId2, companyId) {
+    const token = this.data.tokens[locationId2];
+    if (!token) return false;
+    if (token.companyId === companyId) return true;
+    token.companyId = companyId;
     this.save();
+    return true;
   }
   /**
    * Remove a location from the registry
@@ -480,7 +515,7 @@ var TokenRegistry = class {
     }));
   }
   /**
-   * Update the Firebase refresh token (called on rotation)
+   * Update the home Firebase refresh token (called on rotation)
    */
   updateFirebaseRefreshToken(newToken) {
     if (this.data.firebase) {
@@ -488,6 +523,53 @@ var TokenRegistry = class {
       this.save();
     }
   }
+  /**
+   * Get a specific company's Firebase config (multi-tenant routing).
+   */
+  getCompanyFirebase(companyId) {
+    return this.data.firebaseByCompany?.[companyId];
+  }
+  /**
+   * Store (or replace) a company's Firebase config.
+   */
+  setCompanyFirebase(companyId, config3) {
+    if (!this.data.firebaseByCompany) this.data.firebaseByCompany = {};
+    this.data.firebaseByCompany[companyId] = config3;
+    this.save();
+  }
+  /**
+   * Remove a company's Firebase config. Returns true if one existed.
+   */
+  removeCompanyFirebase(companyId) {
+    if (this.data.firebaseByCompany?.[companyId]) {
+      delete this.data.firebaseByCompany[companyId];
+      this.save();
+      return true;
+    }
+    return false;
+  }
+  /**
+   * List registered company Firebases WITHOUT secrets — name + userId only,
+   * safe for display in tool output.
+   */
+  listCompanyFirebases() {
+    return Object.entries(this.data.firebaseByCompany ?? {}).map(([companyId, cfg]) => ({
+      companyId,
+      name: cfg.name,
+      userId: cfg.userId
+    }));
+  }
+  /**
+   * Update a company's Firebase refresh token (called on rotation while that
+   * company is the active one). No-op if the company isn't registered.
+   */
+  updateCompanyFirebaseRefreshToken(companyId, newToken) {
+    const cfg = this.data.firebaseByCompany?.[companyId];
+    if (cfg) {
+      cfg.refreshToken = newToken;
+      this.save();
+    }
+  }
   /**
    * Check if the registry has any tokens
    */
@@ -1018,11 +1100,20 @@ function validateActionChain(actions) {
   }
 }
 var WorkflowBuilderClient = class _WorkflowBuilderClient {
+  // Active Firebase auth — swapped when operating in another company's GHL.
   firebaseApiKey;
   refreshToken;
+  userId;
+  currentCompanyId;
+  // "Home" Firebase auth — the company the install was set up for. Kept so we
+  // can restore it when switching back from a client's company.
+  homeFirebaseApiKey;
+  homeRefreshToken;
+  // mutable: kept in sync when the home token rotates
+  homeUserId;
+  homeCompanyId;
   apiKey;
   locationId;
-  userId;
   registry;
   cachedIdToken = null;
   tokenExpiry = 0;
@@ -1030,9 +1121,14 @@ var WorkflowBuilderClient = class _WorkflowBuilderClient {
   constructor(config3) {
     this.firebaseApiKey = config3.firebaseApiKey;
     this.refreshToken = config3.refreshToken;
+    this.userId = config3.userId;
+    this.currentCompanyId = config3.companyId;
+    this.homeFirebaseApiKey = config3.firebaseApiKey;
+    this.homeRefreshToken = config3.refreshToken;
+    this.homeUserId = config3.userId;
+    this.homeCompanyId = config3.companyId;
     this.apiKey = config3.apiKey;
     this.locationId = config3.locationId;
-    this.userId = config3.userId;
     this.registry = config3.registry || null;
   }
   /**
@@ -1056,6 +1152,42 @@ var WorkflowBuilderClient = class _WorkflowBuilderClient {
   getUserId() {
     return this.userId;
   }
+  /**
+   * The company whose Firebase auth is currently active. undefined when the
+   * home company id was never configured (GHL_COMPANY_ID / credentials).
+   */
+  getCurrentCompanyId() {
+    return this.currentCompanyId;
+  }
+  /**
+   * Swap in a specific company's Firebase auth (multi-tenant). Used by
+   * switch_location so the workflow builder authenticates against the company
+   * that owns the target sub-account. Resets the cached ID token so the next
+   * call mints a fresh one from the new refresh token.
+   */
+  applyCompanyFirebase(config3) {
+    this.firebaseApiKey = config3.apiKey;
+    this.refreshToken = config3.refreshToken;
+    this.userId = config3.userId;
+    this.currentCompanyId = config3.companyId;
+    this.resetTokenCache();
+  }
+  /**
+   * Restore the home company's Firebase auth (the install's own credentials).
+   * Called when switching back to a home-company location.
+   */
+  resetToHomeFirebase() {
+    this.firebaseApiKey = this.homeFirebaseApiKey;
+    this.refreshToken = this.homeRefreshToken;
+    this.userId = this.homeUserId;
+    this.currentCompanyId = this.homeCompanyId;
+    this.resetTokenCache();
+  }
+  resetTokenCache() {
+    this.cachedIdToken = null;
+    this.tokenExpiry = 0;
+    this.tokenRefreshPromise = null;
+  }
   /**
    * Probe Firebase auth by refreshing the ID token. Used by the health_check
    * diagnostic tool. Does not touch GHL backend — just exchanges the refresh
@@ -1080,6 +1212,7 @@ var WorkflowBuilderClient = class _WorkflowBuilderClient {
     const userId = process.env.GHL_USER_ID || firebase?.userId;
     const apiKey2 = process.env.GHL_API_KEY;
     const locationId2 = process.env.GHL_LOCATION_ID;
+    const companyId = process.env.GHL_COMPANY_ID || void 0;
     if (!firebaseApiKey || !refreshToken || !apiKey2 || !locationId2 || !userId) {
       return null;
     }
@@ -1089,6 +1222,7 @@ var WorkflowBuilderClient = class _WorkflowBuilderClient {
       apiKey: apiKey2,
       locationId: locationId2,
       userId,
+      companyId,
       registry: registry2
     });
   }
@@ -1129,13 +1263,32 @@ var WorkflowBuilderClient = class _WorkflowBuilderClient {
     this.tokenExpiry = Date.now() + 55 * 60 * 1e3;
     if (data.refresh_token && data.refresh_token !== this.refreshToken) {
       this.refreshToken = data.refresh_token;
-      this.persistRefreshToken(data.refresh_token);
-      if (this.registry) {
-        this.registry.updateFirebaseRefreshToken(data.refresh_token);
-      }
+      this.persistRotatedToken(data.refresh_token);
     }
     return data.id_token;
   }
+  /**
+   * Persist a rotated refresh token to the slot that owns the ACTIVE company.
+   *
+   * - A registered client company → its registry slot only (its token lives
+   *   in firebaseByCompany, not credentials.json).
+   * - The home company → credentials.json/.env + the home registry slot, and
+   *   keep the in-memory home token in sync so resetToHomeFirebase() restores
+   *   the fresh value rather than a stale one.
+   */
+  persistRotatedToken(newToken) {
+    const company = this.currentCompanyId;
+    const isClientCompany = company !== void 0 && company !== this.homeCompanyId && this.registry?.getCompanyFirebase(company) !== void 0;
+    if (isClientCompany) {
+      this.registry?.updateCompanyFirebaseRefreshToken(company, newToken);
+      return;
+    }
+    if (company === void 0 || company === this.homeCompanyId) {
+      this.homeRefreshToken = newToken;
+    }
+    this.persistRefreshToken(newToken);
+    this.registry?.updateFirebaseRefreshToken(newToken);
+  }
   /**
    * Persist a rotated refresh token to every store that backs it.
    *
@@ -3707,6 +3860,7 @@ function registerBlogTools(server2, client) {
 
 // src/tools/emails.ts
 var import_zod25 = require("zod");
+var EMAIL_BUILDER_BASE = "https://backend.leadconnectorhq.com/emails/builder";
 var TEMPLATE_TYPES = ["html", "folder", "import", "builder", "blank", "ai_template", "vibe-editor"];
 var EDITOR_TYPES = ["html", "builder"];
 function registerEmailTools(server2, client) {
@@ -3777,7 +3931,7 @@ function registerEmailTools(server2, client) {
   safeTool(
     server2,
     "update_email_template",
-    "Save HTML content into an existing email template. Use this to update the body of a template after `create_email_template`. The `updatedBy` field is required by GHL; defaults to 'mcp' if not provided. Note: this updates CONTENT only. Renaming the title or deleting the template is not yet possible through the public API \u2014 do those in the GHL UI for now.",
+    "Save HTML content into an existing email template. Use this to update the body of a template after `create_email_template`. The `updatedBy` field is required by GHL; defaults to 'mcp' if not provided. Note: this updates CONTENT only. To rename a template use `rename_email_template`; to delete it use `delete_email_template` (both Firebase-gated).",
     {
       templateId: import_zod25.z.string().describe("The template ID to update (from create_email_template or list_email_templates)."),
       html: import_zod25.z.string().describe("The full HTML body of the email. Can include merge fields like {{contact.first_name}}."),
@@ -3799,6 +3953,78 @@ function registerEmailTools(server2, client) {
     }
   );
 }
+function registerEmailBuilderInternalTools(server2, builderClient) {
+  const client = builderClient;
+  if (!client) return;
+  async function builderRequest(method, path6, body) {
+    const headers = await client.buildHeaders();
+    const response = await fetch(`${EMAIL_BUILDER_BASE}${path6}`, {
+      method,
+      headers,
+      body: body ? JSON.stringify(body) : void 0
+    });
+    if (!response.ok) {
+      const text2 = await response.text();
+      throw new Error(`Email Builder API Error ${response.status}: ${method} /emails/builder${path6}
+${text2}`);
+    }
+    const text = await response.text();
+    return text ? JSON.parse(text) : { ok: true };
+  }
+  server2.tool(
+    "delete_email_template",
+    "Permanently delete an email template ('builder') by id. This is a HARD delete \u2014 the template is removed, not archived (use archive_email_template if you want a reversible remove). Requires Firebase auth; the public bearer API can't do this. Get the templateId from list_email_templates. WARNING: irreversible. If the template is referenced by a workflow email action or a draft campaign, deleting it will break that reference.",
+    {
+      templateId: import_zod25.z.string().describe("The template id to delete (from list_email_templates, the `id` field)."),
+      locationId: import_zod25.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
+    },
+    async ({ templateId, locationId: locationId2 }) => {
+      try {
+        const loc = locationId2 ?? client.locationId;
+        const result = await builderRequest("DELETE", `/data/${templateId}?locationId=${loc}`);
+        return jsonResponse(result);
+      } catch (error) {
+        return errorResponse(error);
+      }
+    }
+  );
+  server2.tool(
+    "rename_email_template",
+    "Rename an existing email template ('builder'). Updates the display title only; the HTML content and sender settings are left untouched. Requires Firebase auth; the public bearer API can't do this. Get the templateId from list_email_templates.",
+    {
+      templateId: import_zod25.z.string().describe("The template id to rename (from list_email_templates, the `id` field)."),
+      name: import_zod25.z.string().describe("The new display name for the template (e.g., 'May Newsletter \u2014 Final')."),
+      locationId: import_zod25.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
+    },
+    async ({ templateId, name, locationId: locationId2 }) => {
+      try {
+        const loc = locationId2 ?? client.locationId;
+        const result = await builderRequest("PATCH", `/${templateId}`, { locationId: loc, name });
+        return jsonResponse(result);
+      } catch (error) {
+        return errorResponse(error);
+      }
+    }
+  );
+  server2.tool(
+    "archive_email_template",
+    "Archive (or unarchive) an email template ('builder'). Archiving removes it from the active templates list without deleting it \u2014 a reversible alternative to delete_email_template. Requires Firebase auth. Get the templateId from list_email_templates.",
+    {
+      templateId: import_zod25.z.string().describe("The template id to archive/unarchive (from list_email_templates, the `id` field)."),
+      archived: import_zod25.z.boolean().optional().describe("true to archive (default), false to restore from archive."),
+      locationId: import_zod25.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
+    },
+    async ({ templateId, archived, locationId: locationId2 }) => {
+      try {
+        const loc = locationId2 ?? client.locationId;
+        const result = await builderRequest("PATCH", `/${templateId}`, { locationId: loc, archived: archived ?? true });
+        return jsonResponse(result);
+      } catch (error) {
+        return errorResponse(error);
+      }
+    }
+  );
+}
 
 // src/tools/trigger-links.ts
 var import_zod26 = require("zod");
@@ -5431,99 +5657,347 @@ ${text2}`);
 }
 
 // src/tools/location-switcher.ts
+var import_zod38 = require("zod");
+
+// src/setup-tool.ts
+var os2 = __toESM(require("os"));
+var crypto2 = __toESM(require("crypto"));
 var import_zod37 = require("zod");
-var switchChain = Promise.resolve();
-function withSwitchLock(fn) {
-  const next = switchChain.then(fn, fn);
-  switchChain = next.catch(() => void 0);
-  return next;
+var LICENSE_API = "https://elitedcs.com/api/validate-license";
+var GHL_API = "https://services.leadconnectorhq.com";
+var FIREBASE_TOKEN_API = "https://securetoken.googleapis.com/v1/token";
+function deviceFingerprint() {
+  const raw = `${os2.hostname()}:${os2.userInfo().username}:${os2.platform()}:${os2.arch()}`;
+  return crypto2.createHash("sha256").update(raw).digest("hex").slice(0, 16);
 }
-function registerLocationSwitcherTools(server2, client, builderClient, registry2, mcpVersion) {
-  const versionLine = mcpVersion ? `
-MCP version: v${mcpVersion}` : "";
-  server2.tool(
-    "get_current_location",
-    "Show which GHL sub-account (location) is currently active, including API key status and installed MCP version. All tools use this location by default unless you specify a different one.",
-    {},
-    async () => {
-      const locId = client.defaultLocationId || "NOT SET";
-      try {
-        if (client.defaultLocationId) {
-          const result = await client.get(`/locations/${client.defaultLocationId}`);
-          const loc = result.location ?? result;
-          const registeredCount = registry2 ? registry2.listLocations().length : 0;
-          return {
-            content: [
-              {
-                type: "text",
-                text: `Current location: ${loc?.name || "Unknown"}
-ID: ${client.defaultLocationId}
-API Key: ${client.getApiKeyPrefix()}
-Address: ${loc?.address || "N/A"}
-Email: ${loc?.email || "N/A"}
-Token registry: ${registeredCount} location(s) registered${versionLine}`
-              }
-            ]
-          };
-        }
-        return {
-          content: [{ type: "text", text: `No default location set. Pass locationId to tools or use switch_location.${versionLine}` }]
-        };
-      } catch (error) {
-        return {
-          content: [{ type: "text", text: `Current location ID: ${locId} (could not fetch details \u2014 API key may not have access)${versionLine}` }]
-        };
-      }
+async function validateLicense(email, licenseKey) {
+  try {
+    const res = await fetch(LICENSE_API, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        email: email.trim(),
+        license_key: licenseKey.trim(),
+        device_fingerprint: deviceFingerprint()
+      }),
+      signal: AbortSignal.timeout(1e4)
+    });
+    const data = await res.json().catch(() => ({}));
+    if (res.ok && data.valid) {
+      return { ok: true, installs: `${data.installs_used}/${data.installs_max}` };
     }
-  );
+    return { ok: false, error: data.error || data.message || `License validation failed (HTTP ${res.status})` };
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return { ok: false, error: `Could not reach license server: ${msg}` };
+  }
+}
+async function validateGhl(apiKey2, locationId2) {
+  try {
+    const res = await fetch(`${GHL_API}/locations/${locationId2}`, {
+      headers: {
+        Authorization: `Bearer ${apiKey2}`,
+        Version: "2021-07-28",
+        Accept: "application/json"
+      },
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (res.status === 401) return { ok: false, error: "GHL API key is invalid (401)." };
+    if (res.status === 403) return { ok: false, error: "GHL API key doesn't have access to this Location ID. The key must be created INSIDE this sub-account." };
+    if (!res.ok) return { ok: false, error: `GHL returned HTTP ${res.status}.` };
+    const data = await res.json().catch(() => ({}));
+    const name = data?.location?.name || data?.name || "Unknown";
+    return { ok: true, locationName: name };
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return { ok: false, error: `Could not reach GHL: ${msg}` };
+  }
+}
+async function validateFirebase(firebaseKey, refreshToken) {
+  try {
+    const res = await fetch(`${FIREBASE_TOKEN_API}?key=${encodeURIComponent(firebaseKey)}`, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: `grant_type=refresh_token&refresh_token=${encodeURIComponent(refreshToken)}`,
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!res.ok) return { ok: false, error: "Firebase credentials rejected. Re-extract them from your GHL browser tab." };
+    return { ok: true };
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return { ok: false, error: `Could not reach Firebase: ${msg}` };
+  }
+}
+function registerSetupTool(server2) {
   server2.tool(
-    "switch_location",
-    "Switch the active GHL sub-account. Automatically swaps the API key from the token registry if available. After switching, all tools default to the new location.",
+    "setup_ghl_mcp",
+    "First-run setup for GHL Command MCP. Validates your license and GHL credentials, then writes them to a per-user credentials file. Restart Claude after this completes to load all 206 tools (163 if you skip the optional Firebase fields; add Firebase later with enable_workflow_builder).",
     {
-      locationId: import_zod37.z.string().describe("The Location ID to switch to.")
+      email: import_zod37.z.string().email().describe("Email used at purchase."),
+      license_key: import_zod37.z.string().min(20).describe("License key from your purchase email."),
+      ghl_api_key: import_zod37.z.string().min(10).describe("GHL Private Integration key (starts with 'pit-'). Created INSIDE the sub-account at Settings > Integrations > Private Integrations."),
+      ghl_location_id: import_zod37.z.string().min(10).describe("GHL Location ID (sub-account ID). Found in your GHL URL: /location/THIS_PART/dashboard."),
+      ghl_company_id: import_zod37.z.string().optional().describe("(Agency only) Company ID for multi-location access."),
+      ghl_user_id: import_zod37.z.string().optional().describe("(Workflow Builder, optional) Firebase User ID. See README for browser capture instructions."),
+      ghl_firebase_api_key: import_zod37.z.string().optional().describe("(Workflow Builder, optional) Firebase API Key starting with 'AIza'."),
+      ghl_firebase_refresh_token: import_zod37.z.string().optional().describe("(Workflow Builder, optional) Firebase refresh token starting with 'AMf-'.")
     },
-    async ({ locationId: locationId2 }) => withSwitchLock(async () => {
-      const previousId = client.defaultLocationId;
-      const previousKeyPrefix = client.getApiKeyPrefix();
-      const previousApiKey = client.getApiKey();
-      const previousBuilderApiKey = builderClient?.getApiKey();
-      try {
-        let keySwapped = false;
-        if (registry2) {
-          const token = registry2.getToken(locationId2);
-          if (token) {
-            client.setApiKey(token.apiKey);
-            if (builderClient) {
-              builderClient.setApiKey(token.apiKey);
-            }
-            keySwapped = true;
-          }
-        }
-        const result = await client.get(`/locations/${locationId2}`);
-        const loc = result.location ?? result;
-        const name = loc?.name || "Unknown";
-        client.defaultLocationId = locationId2;
-        if (builderClient) {
-          builderClient.locationId = locationId2;
-        }
-        const keyStatus = keySwapped ? `API key swapped: ${previousKeyPrefix} \u2192 ${client.getApiKeyPrefix()}` : `API key unchanged (${client.getApiKeyPrefix()})${!registry2?.getToken(locationId2) ? " \u2014 consider using register_location to add this location's key" : ""}`;
-        return {
-          content: [
-            {
-              type: "text",
-              text: `Switched to: ${name} (${locationId2})
-Previous: ${previousId || "none"}
-${keyStatus}
+    async (args) => {
+      const lic = await validateLicense(args.email, args.license_key);
+      if (!lic.ok) {
+        return { content: [{ type: "text", text: `License check failed: ${lic.error}
 
-All tools now default to this location.`
-            }
-          ]
-        };
-      } catch (error) {
-        const message = error instanceof Error ? error.message : String(error);
-        client.defaultLocationId = previousId;
-        client.setApiKey(previousApiKey);
-        if (builderClient && previousBuilderApiKey !== void 0) {
+Purchase a license at https://elitedcs.com/ghl-mcp-server or contact support.` }], isError: true };
+      }
+      const ghl = await validateGhl(args.ghl_api_key, args.ghl_location_id);
+      if (!ghl.ok) {
+        return { content: [{ type: "text", text: `GHL credential check failed: ${ghl.error}` }], isError: true };
+      }
+      const wantsWorkflowBuilder = args.ghl_user_id || args.ghl_firebase_api_key || args.ghl_firebase_refresh_token;
+      let workflowBuilderEnabled = false;
+      let workflowBuilderNote = "";
+      if (wantsWorkflowBuilder) {
+        if (!args.ghl_user_id || !args.ghl_firebase_api_key || !args.ghl_firebase_refresh_token) {
+          return {
+            content: [{
+              type: "text",
+              text: "Workflow Builder requires ALL THREE Firebase fields: ghl_user_id, ghl_firebase_api_key, ghl_firebase_refresh_token. Either provide all three or omit all three. See https://elitedcs.com/ghl-mcp-server/firebase for one-click capture."
+            }],
+            isError: true
+          };
+        }
+        const fb = await validateFirebase(args.ghl_firebase_api_key, args.ghl_firebase_refresh_token);
+        if (!fb.ok) {
+          workflowBuilderNote = `
+
+Note: Firebase credentials rejected (${fb.error}). Saved without Workflow Builder. Re-run setup_ghl_mcp later with fresh Firebase fields to enable it.`;
+        } else {
+          workflowBuilderEnabled = true;
+        }
+      }
+      writeCredentials({
+        license_key: args.license_key.trim(),
+        email: args.email.trim(),
+        verified_at: (/* @__PURE__ */ new Date()).toISOString(),
+        ghl_api_key: args.ghl_api_key.trim(),
+        ghl_location_id: args.ghl_location_id.trim(),
+        ghl_company_id: args.ghl_company_id?.trim() || void 0,
+        ghl_user_id: workflowBuilderEnabled ? args.ghl_user_id?.trim() : void 0,
+        ghl_firebase_api_key: workflowBuilderEnabled ? args.ghl_firebase_api_key?.trim() : void 0,
+        ghl_firebase_refresh_token: workflowBuilderEnabled ? args.ghl_firebase_refresh_token?.trim() : void 0
+      });
+      const toolCount = workflowBuilderEnabled ? "206" : "163";
+      const wfLine = workflowBuilderEnabled ? "Workflow Builder: enabled." : "Workflow Builder: not configured (optional).";
+      const wfTip = workflowBuilderEnabled ? "" : "\nTo enable Workflow Builder later (8 extra tools): run enable_workflow_builder with your three Firebase values. No need to re-enter license/API key/location ID.";
+      return {
+        content: [{
+          type: "text",
+          text: [
+            `Setup complete!`,
+            ``,
+            `License: verified (installs ${lic.installs}).`,
+            `GHL: connected to "${ghl.locationName}".`,
+            wfLine,
+            ``,
+            `Credentials saved to: ${credentialsPath()}`,
+            ``,
+            `**Restart Claude (quit fully and reopen) to load all ${toolCount} tools.**`,
+            ``,
+            `After restart, try: "List my GHL contacts" or "Show my pipelines".${wfTip}`,
+            workflowBuilderNote
+          ].join("\n")
+        }]
+      };
+    }
+  );
+}
+function registerEnableWorkflowBuilderTool(server2) {
+  server2.tool(
+    "enable_workflow_builder",
+    "Add Firebase credentials to an existing GHL Command install to unlock 30 additional tools across 6 modules: workflow builder (create/edit/clone/delete/publish/validate workflows, build_if_else_branch, build_goal_event, get_trigger_registry), funnel + page builder (10 tools), form builder (5 tools), pipeline builder (5 tools), and workflow cloning. Requires you've already run setup_ghl_mcp. Capture the three Firebase values from your GHL browser session \u2014 see elitedcs.com/ghl-mcp-firebase for step-by-step DevTools instructions. Tool count goes from 163 to 203 after the next Claude restart.",
+    {
+      ghl_user_id: import_zod37.z.string().min(10).describe("Firebase User ID (uid). DevTools \u2192 Application \u2192 IndexedDB \u2192 firebaseLocalStorageDb \u2192 firebaseLocalStorage \u2192 the value.uid field of the firebase:authUser row."),
+      ghl_firebase_api_key: import_zod37.z.string().min(10).describe("Firebase API Key starting with 'AIza'. The string between 'firebase:authUser:' and ':[DEFAULT]' in the row's Key column."),
+      ghl_firebase_refresh_token: import_zod37.z.string().min(10).describe("Firebase refresh token. value.stsTokenManager.refreshToken in the firebase:authUser row.")
+    },
+    async (args) => {
+      const existing = readCredentials();
+      if (!existing) {
+        return {
+          content: [{
+            type: "text",
+            text: "No existing credentials found at " + credentialsPath() + ".\n\nRun setup_ghl_mcp first to register your license and basic GHL credentials, then come back to this tool to add Workflow Builder."
+          }],
+          isError: true
+        };
+      }
+      const fb = await validateFirebase(args.ghl_firebase_api_key.trim(), args.ghl_firebase_refresh_token.trim());
+      if (!fb.ok) {
+        return {
+          content: [{
+            type: "text",
+            text: `Firebase credentials rejected: ${fb.error}
+
+Common causes:
+  - The refresh token has rotated (they rotate every few weeks). Re-extract from your GHL browser tab.
+  - The Firebase API Key doesn't match the refresh token's project. Both must come from the SAME firebase:authUser row.
+
+DevTools steps: https://elitedcs.com/ghl-mcp-firebase`
+          }],
+          isError: true
+        };
+      }
+      writeCredentials({
+        ...existing,
+        ghl_user_id: args.ghl_user_id.trim(),
+        ghl_firebase_api_key: args.ghl_firebase_api_key.trim(),
+        ghl_firebase_refresh_token: args.ghl_firebase_refresh_token.trim()
+      });
+      return {
+        content: [{
+          type: "text",
+          text: [
+            "Workflow Builder enabled!",
+            "",
+            "Firebase credentials verified and saved.",
+            "",
+            "**Restart Claude (quit fully and reopen) to load the workflow builder + funnel builder + pipeline builder + form builder + workflow cloner tools (203 total).**",
+            "",
+            'After restart, try: "List my workflows in full detail" or "Validate workflow <id>".',
+            "",
+            "Note: Firebase refresh tokens rotate every few weeks. If workflow tools stop working, re-run enable_workflow_builder with fresh values from a current GHL browser session."
+          ].join("\n")
+        }]
+      };
+    }
+  );
+}
+
+// src/tools/location-switcher.ts
+function routeFirebaseForCompany(builderClient, registry2, companyId) {
+  if (!builderClient) return "";
+  if (!companyId) {
+    return "\nFirebase: could not determine this location's company \u2014 workflow-builder auth left unchanged.";
+  }
+  const cfg = registry2?.getCompanyFirebase(companyId);
+  if (cfg) {
+    builderClient.applyCompanyFirebase({
+      apiKey: cfg.apiKey,
+      refreshToken: cfg.refreshToken,
+      userId: cfg.userId,
+      companyId
+    });
+    return `
+Firebase: using ${cfg.name || `company ${companyId}`} credentials \u2014 workflow builder enabled here.`;
+  }
+  builderClient.resetToHomeFirebase();
+  const homeCompanyId = builderClient.getCurrentCompanyId();
+  if (homeCompanyId === void 0) {
+    return "\nFirebase: using home credentials. Home company id isn't configured (set GHL_COMPANY_ID), so if this is a client account its workflow-builder tools will 401 until you run register_company_firebase.";
+  }
+  if (homeCompanyId === companyId) {
+    return "\nFirebase: home company \u2014 workflow builder enabled.";
+  }
+  return `
+Firebase: NOT configured for company ${companyId}. Workflow builder, funnels, forms, pipelines, smart lists, reputation, email campaigns and memberships will fail here (401) until you run register_company_firebase for this company. Public-API tools (contacts, opportunities, calendars, etc.) still work.`;
+}
+var switchChain = Promise.resolve();
+function withSwitchLock(fn) {
+  const next = switchChain.then(fn, fn);
+  switchChain = next.catch(() => void 0);
+  return next;
+}
+function registerLocationSwitcherTools(server2, client, builderClient, registry2, mcpVersion) {
+  const versionLine = mcpVersion ? `
+MCP version: v${mcpVersion}` : "";
+  server2.tool(
+    "get_current_location",
+    "Show which GHL sub-account (location) is currently active, including API key status and installed MCP version. All tools use this location by default unless you specify a different one.",
+    {},
+    async () => {
+      const locId = client.defaultLocationId || "NOT SET";
+      try {
+        if (client.defaultLocationId) {
+          const result = await client.get(`/locations/${client.defaultLocationId}`);
+          const loc = result.location ?? result;
+          const registeredCount = registry2 ? registry2.listLocations().length : 0;
+          return {
+            content: [
+              {
+                type: "text",
+                text: `Current location: ${loc?.name || "Unknown"}
+ID: ${client.defaultLocationId}
+API Key: ${client.getApiKeyPrefix()}
+Address: ${loc?.address || "N/A"}
+Email: ${loc?.email || "N/A"}
+Token registry: ${registeredCount} location(s) registered${versionLine}`
+              }
+            ]
+          };
+        }
+        return {
+          content: [{ type: "text", text: `No default location set. Pass locationId to tools or use switch_location.${versionLine}` }]
+        };
+      } catch (error) {
+        return {
+          content: [{ type: "text", text: `Current location ID: ${locId} (could not fetch details \u2014 API key may not have access)${versionLine}` }]
+        };
+      }
+    }
+  );
+  server2.tool(
+    "switch_location",
+    "Switch the active GHL sub-account. Automatically swaps the API key from the token registry if available. After switching, all tools default to the new location.",
+    {
+      locationId: import_zod38.z.string().describe("The Location ID to switch to.")
+    },
+    async ({ locationId: locationId2 }) => withSwitchLock(async () => {
+      const previousId = client.defaultLocationId;
+      const previousKeyPrefix = client.getApiKeyPrefix();
+      const previousApiKey = client.getApiKey();
+      const previousBuilderApiKey = builderClient?.getApiKey();
+      try {
+        let keySwapped = false;
+        if (registry2) {
+          const token = registry2.getToken(locationId2);
+          if (token) {
+            client.setApiKey(token.apiKey);
+            if (builderClient) {
+              builderClient.setApiKey(token.apiKey);
+            }
+            keySwapped = true;
+          }
+        }
+        const result = await client.get(`/locations/${locationId2}`);
+        const loc = result.location ?? result;
+        const name = loc?.name || "Unknown";
+        client.defaultLocationId = locationId2;
+        if (builderClient) {
+          builderClient.locationId = locationId2;
+        }
+        const targetCompanyId = loc?.companyId || registry2?.getToken(locationId2)?.companyId;
+        if (targetCompanyId && registry2?.getToken(locationId2)) {
+          registry2.setLocationCompanyId(locationId2, targetCompanyId);
+        }
+        const firebaseStatus = routeFirebaseForCompany(builderClient, registry2, targetCompanyId);
+        const keyStatus = keySwapped ? `API key swapped: ${previousKeyPrefix} \u2192 ${client.getApiKeyPrefix()}` : `API key unchanged (${client.getApiKeyPrefix()})${!registry2?.getToken(locationId2) ? " \u2014 consider using register_location to add this location's key" : ""}`;
+        return {
+          content: [
+            {
+              type: "text",
+              text: `Switched to: ${name} (${locationId2})
+Previous: ${previousId || "none"}
+${keyStatus}${firebaseStatus}
+
+All tools now default to this location.`
+            }
+          ]
+        };
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        client.defaultLocationId = previousId;
+        client.setApiKey(previousApiKey);
+        if (builderClient && previousBuilderApiKey !== void 0) {
           builderClient.setApiKey(previousBuilderApiKey);
         }
         if (builderClient && previousId !== void 0) {
@@ -5545,9 +6019,9 @@ Still on: ${previousId || "none"}${hint}` }],
     "register_location",
     "Add a GHL sub-account to the token registry so switch_location can automatically use its API key. Each sub-account needs its own Private Integration key created in GHL Settings > Integrations.",
     {
-      locationId: import_zod37.z.string().describe("The GHL Location ID (from Settings > Business Profile)."),
-      name: import_zod37.z.string().describe("A friendly name for this sub-account (e.g. 'PNTracker', 'Med Spa Template')."),
-      apiKey: import_zod37.z.string().describe("The Private Integration API key for this sub-account (starts with 'pit-').")
+      locationId: import_zod38.z.string().describe("The GHL Location ID (from Settings > Business Profile)."),
+      name: import_zod38.z.string().describe("A friendly name for this sub-account (e.g. 'PNTracker', 'Med Spa Template')."),
+      apiKey: import_zod38.z.string().describe("The Private Integration API key for this sub-account (starts with 'pit-').")
     },
     async ({ locationId: locationId2, name, apiKey: apiKey2 }) => {
       if (!registry2) {
@@ -5561,14 +6035,21 @@ Still on: ${previousId || "none"}${hint}` }],
         const result = await testClient.get(`/locations/${locationId2}`);
         const loc = result.location ?? result;
         const confirmedName = loc?.name || name;
-        registry2.registerLocation(locationId2, confirmedName, apiKey2);
+        const companyId = loc?.companyId;
+        registry2.registerLocation(locationId2, confirmedName, apiKey2, companyId);
+        let fbLine = "";
+        if (companyId) {
+          fbLine = registry2.getCompanyFirebase(companyId) ? `
+Company: ${companyId} (Firebase already registered \u2014 workflow builder will work here).` : `
+Company: ${companyId}. To use the workflow builder in this account, run register_company_firebase for this company (Firebase is company-scoped).`;
+        }
         return {
           content: [
             {
               type: "text",
               text: `Registered: ${confirmedName} (${locationId2})
 API Key: ${apiKey2.substring(0, 12)}...
-Saved to .ghl-tokens.json
+Saved to the token registry.${fbLine}
 
 You can now use switch_location to switch to this sub-account.`
             }
@@ -5597,7 +6078,7 @@ The API key could not access location ${locationId2}. Make sure:
     "unregister_location",
     "Remove a GHL sub-account from the token registry.",
     {
-      locationId: import_zod37.z.string().describe("The Location ID to remove.")
+      locationId: import_zod38.z.string().describe("The Location ID to remove.")
     },
     async ({ locationId: locationId2 }) => {
       if (!registry2) {
@@ -5619,34 +6100,146 @@ The API key could not access location ${locationId2}. Make sure:
       };
     }
   );
+  server2.tool(
+    "register_company_firebase",
+    "Register a GHL company's Firebase credentials so the workflow builder and all Firebase-gated tools work when you switch into THAT company's sub-accounts. Firebase refresh tokens are company-scoped, so managing a client's GHL (e.g. an account where you're an admin user) requires that company's own token. Capture the values from a browser session logged into the client's account and register them keyed by the client's companyId. After this, switch_location to any of that company's locations authenticates the workflow builder correctly. DevTools capture steps: elitedcs.com/ghl-mcp-firebase.",
+    {
+      companyId: import_zod38.z.string().describe("The GHL company/agency ID that owns the client's sub-accounts. Surfaced in switch_location and register_location output, or the GHL URL when viewing the agency."),
+      name: import_zod38.z.string().describe("Friendly name for this client/company (e.g. 'Nathan \u2014 Acme Health')."),
+      ghl_firebase_refresh_token: import_zod38.z.string().min(10).describe("Firebase refresh token captured from a browser session logged into THIS company's GHL. value.stsTokenManager.refreshToken in the firebase:authUser IndexedDB row."),
+      ghl_user_id: import_zod38.z.string().min(5).describe("Firebase User ID (uid) from the same session. value.uid in the firebase:authUser row."),
+      ghl_firebase_api_key: import_zod38.z.string().optional().describe("Firebase API key (starts with 'AIza'). Optional \u2014 defaults to your home Firebase API key, which is identical across GHL accounts."),
+      test_location_id: import_zod38.z.string().optional().describe("Optional but recommended: a registered location ID belonging to this company. The tool then makes a real workflow-builder call to confirm these credentials actually work for this company before you rely on them.")
+    },
+    async (args) => {
+      if (!registry2) {
+        return {
+          content: [{ type: "text", text: "Token registry not available." }],
+          isError: true
+        };
+      }
+      const apiKey2 = args.ghl_firebase_api_key?.trim() || process.env.GHL_FIREBASE_API_KEY;
+      if (!apiKey2) {
+        return {
+          content: [{ type: "text", text: "No Firebase API key available. Pass ghl_firebase_api_key, or configure your home Firebase first via setup_ghl_mcp / enable_workflow_builder (the key is the same across GHL accounts)." }],
+          isError: true
+        };
+      }
+      const refreshToken = args.ghl_firebase_refresh_token.trim();
+      const userId = args.ghl_user_id.trim();
+      const fb = await validateFirebase(apiKey2, refreshToken);
+      if (!fb.ok) {
+        return {
+          content: [{ type: "text", text: `Firebase credentials rejected: ${fb.error}
+
+Capture fresh values from a browser session logged into THIS company's GHL. Steps: https://elitedcs.com/ghl-mcp-firebase` }],
+          isError: true
+        };
+      }
+      registry2.setCompanyFirebase(args.companyId, { apiKey: apiKey2, refreshToken, userId, name: args.name });
+      let testLine = "";
+      if (args.test_location_id) {
+        const token = registry2.getToken(args.test_location_id);
+        if (!token) {
+          testLine = `
+
+Skipped end-to-end test: location ${args.test_location_id} isn't registered. Run register_location for it, then switch_location to confirm.`;
+        } else {
+          const probe = new WorkflowBuilderClient({
+            firebaseApiKey: apiKey2,
+            refreshToken,
+            apiKey: token.apiKey,
+            locationId: args.test_location_id,
+            userId,
+            companyId: args.companyId,
+            registry: null
+          });
+          try {
+            await probe.listWorkflows(1, 0);
+            testLine = `
+
+Verified: the workflow-builder API responded for "${token.name}" (${args.test_location_id}). These credentials work for this company.`;
+          } catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            testLine = `
+
+WARNING: saved, but the end-to-end test FAILED for ${args.test_location_id}:
+${message}
+
+Likely causes: the refresh token was captured from a DIFFERENT company's session, or that location's PIT key lacks access. Re-capture from a session inside THIS company's GHL.`;
+          }
+        }
+      }
+      return {
+        content: [{ type: "text", text: `Registered Firebase for ${args.name} (company ${args.companyId}).${testLine}
+
+Now run switch_location to any of this company's sub-accounts \u2014 the workflow builder will authenticate against it automatically.` }]
+      };
+    }
+  );
+  server2.tool(
+    "unregister_company_firebase",
+    "Remove a company's Firebase credentials from the registry. Workflow-builder tools will stop working for that company's sub-accounts until re-registered.",
+    {
+      companyId: import_zod38.z.string().describe("The company ID to remove Firebase credentials for.")
+    },
+    async ({ companyId }) => {
+      if (!registry2) {
+        return {
+          content: [{ type: "text", text: "Token registry not available." }],
+          isError: true
+        };
+      }
+      const removed = registry2.removeCompanyFirebase(companyId);
+      return {
+        content: [{ type: "text", text: removed ? `Removed Firebase credentials for company ${companyId}.` : `No Firebase credentials were registered for company ${companyId}.` }],
+        isError: !removed
+      };
+    }
+  );
   server2.tool(
     "list_registered_locations",
-    "List all GHL sub-accounts in the token registry with their names and IDs. These are locations that switch_location can automatically authenticate to.",
+    "List all GHL sub-accounts in the token registry (names, IDs, owning company) plus any companies with registered Firebase credentials for multi-tenant workflow-builder access. These are locations switch_location can automatically authenticate to.",
     {},
     async () => {
+      const companies = registry2?.listCompanyFirebases() ?? [];
+      const companiesWithFirebase = new Set(companies.map((c) => c.companyId));
       if (!registry2 || !registry2.hasTokens()) {
+        const fbSection2 = companies.length ? `
+
+Company Firebase credentials (${companies.length}):
+${companies.map((c) => `  ${c.name || c.companyId} (${c.companyId})`).join("\n")}` : "";
         return {
           content: [
             {
               type: "text",
-              text: "No locations registered. Use register_location to add sub-accounts."
+              text: `No locations registered. Use register_location to add sub-accounts.${fbSection2}`
             }
           ]
         };
       }
-      const locations = registry2.listLocations();
+      const tokens = registry2.listLocations().map((loc) => ({
+        ...loc,
+        companyId: registry2.getToken(loc.locationId)?.companyId
+      }));
       const currentId = client.defaultLocationId;
-      const lines = locations.map(
-        (loc) => `${loc.locationId === currentId ? "\u2192 " : "  "}${loc.name} (${loc.locationId})`
-      );
+      const lines = tokens.map((loc) => {
+        const marker = loc.locationId === currentId ? "\u2192 " : "  ";
+        const company = loc.companyId ? ` [company ${loc.companyId}${companiesWithFirebase.has(loc.companyId) ? ", Firebase \u2713" : ", no Firebase"}]` : "";
+        return `${marker}${loc.name} (${loc.locationId})${company}`;
+      });
+      const fbSection = companies.length ? `
+
+Company Firebase credentials (${companies.length}) \u2014 workflow builder works in these companies' sub-accounts:
+${companies.map((c) => `  ${c.name || c.companyId} (${c.companyId})`).join("\n")}` : "\n\nNo company Firebase credentials registered. To use the workflow builder in a client's GHL, run register_company_firebase.";
       return {
         content: [
           {
             type: "text",
-            text: `Token Registry (${locations.length} locations):
+            text: `Token Registry (${tokens.length} locations):
 ${lines.join("\n")}
 
-\u2192 = currently active`
+\u2192 = currently active${fbSection}`
           }
         ]
       };
@@ -5656,8 +6249,8 @@ ${lines.join("\n")}
     "list_available_locations",
     "List all GHL sub-accounts (locations) accessible with the current or agency API key. Shows locations that exist in the GHL account \u2014 use register_location to add their tokens. Offset-based pagination via skip/limit.",
     {
-      limit: import_zod37.z.number().optional().describe("Max locations to return. Defaults to 20."),
-      skip: import_zod37.z.number().optional().describe("Number to skip for pagination.")
+      limit: import_zod38.z.number().optional().describe("Max locations to return. Defaults to 20."),
+      skip: import_zod38.z.number().optional().describe("Number to skip for pagination.")
     },
     async ({ limit, skip }) => {
       try {
@@ -5700,7 +6293,7 @@ ${lines.join("\n")}
 }
 
 // src/tools/bulk-operations.ts
-var import_zod38 = require("zod");
+var import_zod39 = require("zod");
 function delay(ms) {
   return new Promise((resolve5) => setTimeout(resolve5, ms));
 }
@@ -5712,8 +6305,8 @@ function registerBulkOperationTools(server2, client) {
     "bulk_add_tags",
     "Add tags to multiple contacts at once. Rate-limited to avoid API throttling. Returns a summary of successes and failures.",
     {
-      contactIds: import_zod38.z.array(import_zod38.z.string()).min(1, "At least one contact ID required.").describe("Array of contact IDs to tag."),
-      tags: import_zod38.z.array(import_zod38.z.string()).min(1, "At least one tag required.").describe("Tags to add to each contact.")
+      contactIds: import_zod39.z.array(import_zod39.z.string()).min(1, "At least one contact ID required.").describe("Array of contact IDs to tag."),
+      tags: import_zod39.z.array(import_zod39.z.string()).min(1, "At least one tag required.").describe("Tags to add to each contact.")
     },
     async ({ contactIds, tags }) => {
       const results = { success: 0, failed: 0, errors: [] };
@@ -5735,8 +6328,8 @@ function registerBulkOperationTools(server2, client) {
     "bulk_remove_tags",
     "Remove tags from multiple contacts at once. Rate-limited.",
     {
-      contactIds: import_zod38.z.array(import_zod38.z.string()).min(1, "At least one contact ID required.").describe("Array of contact IDs."),
-      tags: import_zod38.z.array(import_zod38.z.string()).min(1, "At least one tag required.").describe("Tags to remove from each contact.")
+      contactIds: import_zod39.z.array(import_zod39.z.string()).min(1, "At least one contact ID required.").describe("Array of contact IDs."),
+      tags: import_zod39.z.array(import_zod39.z.string()).min(1, "At least one tag required.").describe("Tags to remove from each contact.")
     },
     async ({ contactIds, tags }) => {
       const results = { success: 0, failed: 0, errors: [] };
@@ -5757,8 +6350,8 @@ function registerBulkOperationTools(server2, client) {
     "bulk_update_contacts",
     "Update the same field(s) on multiple contacts at once. Rate-limited. Example: set a custom field value, change source, update address for a batch of contacts.",
     {
-      contactIds: import_zod38.z.array(import_zod38.z.string()).min(1, "At least one contact ID required.").describe("Array of contact IDs to update."),
-      fields: import_zod38.z.record(import_zod38.z.unknown()).describe("Fields to set on each contact (e.g. {customField: {id: 'xxx', value: 'yyy'}}, {source: 'Import'}).")
+      contactIds: import_zod39.z.array(import_zod39.z.string()).min(1, "At least one contact ID required.").describe("Array of contact IDs to update."),
+      fields: import_zod39.z.record(import_zod39.z.unknown()).describe("Fields to set on each contact (e.g. {customField: {id: 'xxx', value: 'yyy'}}, {source: 'Import'}).")
     },
     async ({ contactIds, fields }) => {
       const results = { success: 0, failed: 0, errors: [] };
@@ -5779,8 +6372,8 @@ function registerBulkOperationTools(server2, client) {
     "bulk_add_to_workflow",
     "Enroll multiple contacts into a workflow at once. Rate-limited.",
     {
-      contactIds: import_zod38.z.array(import_zod38.z.string()).min(1, "At least one contact ID required.").describe("Array of contact IDs to enroll."),
-      workflowId: import_zod38.z.string().describe("The workflow ID to enroll contacts into.")
+      contactIds: import_zod39.z.array(import_zod39.z.string()).min(1, "At least one contact ID required.").describe("Array of contact IDs to enroll."),
+      workflowId: import_zod39.z.string().describe("The workflow ID to enroll contacts into.")
     },
     async ({ contactIds, workflowId }) => {
       const results = { success: 0, failed: 0, errors: [] };
@@ -5801,8 +6394,8 @@ function registerBulkOperationTools(server2, client) {
     "bulk_delete_contacts",
     "Delete multiple contacts at once. IRREVERSIBLE. Rate-limited. Use with extreme caution.",
     {
-      contactIds: import_zod38.z.array(import_zod38.z.string()).min(1, "At least one contact ID required.").describe("Array of contact IDs to permanently delete."),
-      confirm: import_zod38.z.literal("DELETE").describe("Must pass the string 'DELETE' to confirm. This is a safety check.")
+      contactIds: import_zod39.z.array(import_zod39.z.string()).min(1, "At least one contact ID required.").describe("Array of contact IDs to permanently delete."),
+      confirm: import_zod39.z.literal("DELETE").describe("Must pass the string 'DELETE' to confirm. This is a safety check.")
     },
     async ({ contactIds, confirm }) => {
       if (confirm !== "DELETE") {
@@ -5825,7 +6418,7 @@ function registerBulkOperationTools(server2, client) {
 }
 
 // src/tools/account-export.ts
-var import_zod39 = require("zod");
+var import_zod40 = require("zod");
 function delay2(ms) {
   return new Promise((resolve5) => setTimeout(resolve5, ms));
 }
@@ -5835,8 +6428,8 @@ function registerAccountExportTools(server2, client) {
     "export_account",
     "Export a complete inventory of the GHL sub-account: location info, contacts (count + sample), pipelines with stages, workflows (with full actions if builder auth is configured), funnels with pages, forms, custom fields, custom values, tags, calendars, and users. Returns a comprehensive JSON report for auditing or backup.",
     {
-      locationId: import_zod39.z.string().optional().describe("Location ID to export. Uses default if not specified."),
-      includeContacts: import_zod39.z.boolean().optional().describe("Include contact list (first 100). Defaults to false for speed.")
+      locationId: import_zod40.z.string().optional().describe("Location ID to export. Uses default if not specified."),
+      includeContacts: import_zod40.z.boolean().optional().describe("Include contact list (first 100). Defaults to false for speed.")
     },
     async ({ locationId: locationId2, includeContacts }) => {
       try {
@@ -5964,8 +6557,8 @@ function registerAccountExportTools(server2, client) {
     "compare_locations",
     "Compare two GHL sub-accounts side by side \u2014 shows differences in pipelines, workflows, custom fields, tags, forms, and funnels. Useful for ensuring consistency across locations or auditing before/after changes.",
     {
-      locationA: import_zod39.z.string().describe("First Location ID."),
-      locationB: import_zod39.z.string().describe("Second Location ID.")
+      locationA: import_zod40.z.string().describe("First Location ID."),
+      locationB: import_zod40.z.string().describe("Second Location ID.")
     },
     async ({ locationA, locationB }) => {
       try {
@@ -6043,8 +6636,8 @@ function registerAccountExportTools(server2, client) {
 }
 
 // src/tools/workflow-cloner.ts
-var import_zod40 = require("zod");
-var crypto2 = __toESM(require("crypto"));
+var import_zod41 = require("zod");
+var crypto3 = __toESM(require("crypto"));
 function registerWorkflowClonerTools(server2, builderClient) {
   const client = builderClient;
   if (!client) return;
@@ -6052,8 +6645,8 @@ function registerWorkflowClonerTools(server2, builderClient) {
     "clone_workflow",
     "Deep clone a workflow \u2014 creates an exact copy with new IDs for all actions, triggers, and references. The clone starts as a draft. Useful for creating templates or duplicating workflows across projects.",
     {
-      sourceWorkflowId: import_zod40.z.string().describe("The workflow ID to clone."),
-      newName: import_zod40.z.string().describe("Name for the cloned workflow.")
+      sourceWorkflowId: import_zod41.z.string().describe("The workflow ID to clone."),
+      newName: import_zod41.z.string().describe("Name for the cloned workflow.")
     },
     async ({ sourceWorkflowId, newName }) => {
       try {
@@ -6063,12 +6656,12 @@ function registerWorkflowClonerTools(server2, builderClient) {
         const triggers = source.triggers || [];
         for (const action of actions) {
           if (action.id) {
-            idMap.set(action.id, crypto2.randomUUID());
+            idMap.set(action.id, crypto3.randomUUID());
           }
         }
         for (const trigger of triggers) {
           if (trigger.id) {
-            idMap.set(trigger.id, crypto2.randomUUID());
+            idMap.set(trigger.id, crypto3.randomUUID());
           }
         }
         const remap = (id) => {
@@ -6142,7 +6735,7 @@ function registerWorkflowClonerTools(server2, builderClient) {
 }
 
 // src/tools/smart-lists.ts
-var import_zod41 = require("zod");
+var import_zod42 = require("zod");
 var SMARTLIST_BASE = "https://backend.leadconnectorhq.com/lists/dynamic";
 var OBJECT_KEYS = ["contacts", "opportunity"];
 function registerSmartListTools(server2, builderClient) {
@@ -6169,11 +6762,11 @@ ${text2}`);
     "list_smart_lists",
     "List smart lists (dynamic / saved-filter lists) in a location. Smart Lists are saved searches over contacts or opportunities \u2014 agencies use them to segment by complex criteria. Filters and columns aren't returned in the list view; use get_smart_list for the full filter spec.",
     {
-      objectKey: import_zod41.z.enum(OBJECT_KEYS).describe("The object type the lists segment over. 'contacts' for contact-segments, 'opportunity' for opportunity-segments. Required \u2014 GHL rejects requests without it."),
-      query: import_zod41.z.string().optional().describe("Free-text search across smart list names."),
-      limit: import_zod41.z.number().optional().describe("Max smart lists per page. Defaults to 20 on GHL's side."),
-      startAfter: import_zod41.z.string().optional().describe("Cursor for pagination \u2014 pass the last list's id from the previous page."),
-      locationId: import_zod41.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
+      objectKey: import_zod42.z.enum(OBJECT_KEYS).describe("The object type the lists segment over. 'contacts' for contact-segments, 'opportunity' for opportunity-segments. Required \u2014 GHL rejects requests without it."),
+      query: import_zod42.z.string().optional().describe("Free-text search across smart list names."),
+      limit: import_zod42.z.number().optional().describe("Max smart lists per page. Defaults to 20 on GHL's side."),
+      startAfter: import_zod42.z.string().optional().describe("Cursor for pagination \u2014 pass the last list's id from the previous page."),
+      locationId: import_zod42.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
     },
     async ({ objectKey, query, limit, startAfter, locationId: locationId2 }) => {
       try {
@@ -6193,8 +6786,8 @@ ${text2}`);
     "get_smart_list",
     "Get a single smart list by ID with its full configuration: filters, columns, permissions, and metadata. The filters array is what defines who/what is in the list.",
     {
-      listId: import_zod41.z.string().describe("The smart list ID (from list_smart_lists or a previous create_smart_list response)."),
-      locationId: import_zod41.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
+      listId: import_zod42.z.string().describe("The smart list ID (from list_smart_lists or a previous create_smart_list response)."),
+      locationId: import_zod42.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
     },
     async ({ listId, locationId: locationId2 }) => {
       try {
@@ -6210,13 +6803,13 @@ ${text2}`);
     "create_smart_list",
     "Create a new smart list (dynamic filter list). Required: name + objectKey. Filters define the saved-search criteria \u2014 pass an empty array to create an empty list and add filters later via update_smart_list. The shape of filters/columns is opaque here; query an existing smart list with get_smart_list to see the format GHL expects.",
     {
-      name: import_zod41.z.string().describe("Display name for the smart list."),
-      objectKey: import_zod41.z.enum(OBJECT_KEYS).describe("Object type the list segments over. 'contacts' or 'opportunity'."),
-      filters: import_zod41.z.array(import_zod41.z.record(import_zod41.z.unknown())).optional().describe("Array of filter objects. Each object has fields like {field, operator, value} \u2014 exact shape varies by filter type. See get_smart_list on an existing list to learn the format."),
-      columns: import_zod41.z.array(import_zod41.z.record(import_zod41.z.unknown())).optional().describe("Array of column definitions for the smart list view in GHL UI. Each defines which contact/opportunity field shows as a column. Defaults to GHL's standard columns if omitted."),
-      pipelineIds: import_zod41.z.array(import_zod41.z.string()).optional().describe("(opportunity objectKey only) Pipeline IDs to restrict this smart list to. Empty array = all pipelines."),
-      defaultInPipelines: import_zod41.z.array(import_zod41.z.string()).optional().describe("(opportunity objectKey only) Pipeline IDs where this list is the default view."),
-      locationId: import_zod41.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
+      name: import_zod42.z.string().describe("Display name for the smart list."),
+      objectKey: import_zod42.z.enum(OBJECT_KEYS).describe("Object type the list segments over. 'contacts' or 'opportunity'."),
+      filters: import_zod42.z.array(import_zod42.z.record(import_zod42.z.unknown())).optional().describe("Array of filter objects. Each object has fields like {field, operator, value} \u2014 exact shape varies by filter type. See get_smart_list on an existing list to learn the format."),
+      columns: import_zod42.z.array(import_zod42.z.record(import_zod42.z.unknown())).optional().describe("Array of column definitions for the smart list view in GHL UI. Each defines which contact/opportunity field shows as a column. Defaults to GHL's standard columns if omitted."),
+      pipelineIds: import_zod42.z.array(import_zod42.z.string()).optional().describe("(opportunity objectKey only) Pipeline IDs to restrict this smart list to. Empty array = all pipelines."),
+      defaultInPipelines: import_zod42.z.array(import_zod42.z.string()).optional().describe("(opportunity objectKey only) Pipeline IDs where this list is the default view."),
+      locationId: import_zod42.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
     },
     async ({ name, objectKey, filters, columns, pipelineIds, defaultInPipelines, locationId: locationId2 }) => {
       try {
@@ -6237,13 +6830,13 @@ ${text2}`);
     "update_smart_list",
     "Update an existing smart list's name, filters, or columns. The objectKey CANNOT be changed after creation (GHL rejects with 422 if you try). Use get_smart_list first to inspect the current filters; partial updates work \u2014 pass only the fields you want to change.",
     {
-      listId: import_zod41.z.string().describe("The smart list ID to update."),
-      name: import_zod41.z.string().optional().describe("New display name."),
-      filters: import_zod41.z.array(import_zod41.z.record(import_zod41.z.unknown())).optional().describe("Replace the filter array entirely. To add a filter, fetch the current list, append, and pass the new array."),
-      columns: import_zod41.z.array(import_zod41.z.record(import_zod41.z.unknown())).optional().describe("Replace the column array entirely."),
-      pipelineIds: import_zod41.z.array(import_zod41.z.string()).optional().describe("(opportunity only) Update the pipeline scope."),
-      defaultInPipelines: import_zod41.z.array(import_zod41.z.string()).optional().describe("(opportunity only) Update the default-in-pipelines list."),
-      locationId: import_zod41.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
+      listId: import_zod42.z.string().describe("The smart list ID to update."),
+      name: import_zod42.z.string().optional().describe("New display name."),
+      filters: import_zod42.z.array(import_zod42.z.record(import_zod42.z.unknown())).optional().describe("Replace the filter array entirely. To add a filter, fetch the current list, append, and pass the new array."),
+      columns: import_zod42.z.array(import_zod42.z.record(import_zod42.z.unknown())).optional().describe("Replace the column array entirely."),
+      pipelineIds: import_zod42.z.array(import_zod42.z.string()).optional().describe("(opportunity only) Update the pipeline scope."),
+      defaultInPipelines: import_zod42.z.array(import_zod42.z.string()).optional().describe("(opportunity only) Update the default-in-pipelines list."),
+      locationId: import_zod42.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
     },
     async ({ listId, name, filters, columns, pipelineIds, defaultInPipelines, locationId: locationId2 }) => {
       try {
@@ -6268,9 +6861,9 @@ ${text2}`);
     "delete_smart_list",
     "Permanently delete a smart list. IRREVERSIBLE. The list configuration is removed but the contacts/opportunities themselves are NOT touched \u2014 smart lists are just saved filters. Any workflow trigger / dashboard / report that referenced this list by ID will stop working.",
     {
-      listId: import_zod41.z.string().describe("The smart list ID to delete."),
-      confirm: import_zod41.z.literal("DELETE").describe("Must pass 'DELETE' to confirm this destructive action."),
-      locationId: import_zod41.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
+      listId: import_zod42.z.string().describe("The smart list ID to delete."),
+      confirm: import_zod42.z.literal("DELETE").describe("Must pass 'DELETE' to confirm this destructive action."),
+      locationId: import_zod42.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
     },
     async ({ listId, locationId: locationId2 }) => {
       try {
@@ -6285,7 +6878,7 @@ ${text2}`);
 }
 
 // src/tools/reputation.ts
-var import_zod42 = require("zod");
+var import_zod43 = require("zod");
 var REPUTATION_BASE = "https://backend.leadconnectorhq.com/reputation";
 function registerReputationTools(server2, builderClient) {
   const client = builderClient;
@@ -6306,7 +6899,7 @@ ${text2}`);
     "get_review_link_list",
     "List the review-link destinations configured for a location \u2014 the platforms (Google, Facebook, etc.) where review requests send contacts. Each entry has a label and the public review URL. Useful for: building review-request workflows (the workflow goal condition `review_request_clicked` references these review-link ids), and auditing which review platforms a sub-account has connected. NOTE: listing the actual reviews that come BACK (and responding to them) is not yet available \u2014 that endpoint needs a DevTools capture against a live account with connected review platforms.",
     {
-      locationId: import_zod42.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
+      locationId: import_zod43.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
     },
     async ({ locationId: locationId2 }) => {
       try {
@@ -6321,7 +6914,7 @@ ${text2}`);
 }
 
 // src/tools/email-campaigns.ts
-var import_zod43 = require("zod");
+var import_zod44 = require("zod");
 var SVC_BASE = "https://services.leadconnectorhq.com";
 function registerEmailCampaignTools(server2, builderClient) {
   const client = builderClient;
@@ -6330,15 +6923,15 @@ function registerEmailCampaignTools(server2, builderClient) {
     "create_email_campaign",
     "Create an email campaign / broadcast DRAFT from an existing email template. Requires a templateId (create one first with create_email_template). The campaign is created as a draft \u2014 to actually SEND or schedule it, finish in the GHL UI: the send/schedule endpoint isn't available through the API yet. There's also no API delete for campaigns, so drafts created here are removed via the GHL UI. Despite those limits, this gets the campaign 90% built \u2014 template, subject, sender, name all set programmatically.",
     {
-      templateId: import_zod43.z.string().describe("ID of an email template (from create_email_template or list_email_templates) to use as the campaign body."),
-      name: import_zod43.z.string().optional().describe("Internal campaign name (shown in the campaigns list, not to recipients). Defaults to a GHL-generated name."),
-      subject: import_zod43.z.string().optional().describe("Email subject line recipients see."),
-      fromName: import_zod43.z.string().optional().describe("Sender display name."),
-      fromEmail: import_zod43.z.string().optional().describe("Sender email address. Must be a verified sending address in the location."),
-      isPlainText: import_zod43.z.boolean().optional().describe("Send as plain text instead of HTML. Defaults to false."),
-      enableResendToUnopened: import_zod43.z.boolean().optional().describe("Auto-resend to contacts who didn't open. Defaults to false."),
-      hasUtmTracking: import_zod43.z.boolean().optional().describe("Append UTM tracking params to links. Defaults to false."),
-      locationId: import_zod43.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
+      templateId: import_zod44.z.string().describe("ID of an email template (from create_email_template or list_email_templates) to use as the campaign body."),
+      name: import_zod44.z.string().optional().describe("Internal campaign name (shown in the campaigns list, not to recipients). Defaults to a GHL-generated name."),
+      subject: import_zod44.z.string().optional().describe("Email subject line recipients see."),
+      fromName: import_zod44.z.string().optional().describe("Sender display name."),
+      fromEmail: import_zod44.z.string().optional().describe("Sender email address. Must be a verified sending address in the location."),
+      isPlainText: import_zod44.z.boolean().optional().describe("Send as plain text instead of HTML. Defaults to false."),
+      enableResendToUnopened: import_zod44.z.boolean().optional().describe("Auto-resend to contacts who didn't open. Defaults to false."),
+      hasUtmTracking: import_zod44.z.boolean().optional().describe("Append UTM tracking params to links. Defaults to false."),
+      locationId: import_zod44.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
     },
     async ({ templateId, name, subject, fromName, fromEmail, isPlainText, enableResendToUnopened, hasUtmTracking, locationId: locationId2 }) => {
       try {
@@ -6376,7 +6969,7 @@ ${text2}`);
 }
 
 // src/tools/memberships.ts
-var import_zod44 = require("zod");
+var import_zod45 = require("zod");
 var MEMBERSHIP_BASE = "https://backend.leadconnectorhq.com/membership";
 function registerMembershipTools(server2, builderClient) {
   const client = builderClient;
@@ -6397,7 +6990,7 @@ ${text2}`);
     "list_membership_offers",
     "List a location's membership offers and products in one call. Returns { products: [...], offers: [...] }. Products are courses/communities; offers are the access grants (what a contact gets enrolled in). Use the returned ids with membership trigger conditions like offer_access_granted / product_completed. READ-ONLY \u2014 creating offers/products happens in the GHL Memberships UI.",
     {
-      locationId: import_zod44.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
+      locationId: import_zod45.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
     },
     async ({ locationId: locationId2 }) => {
       try {
@@ -6413,8 +7006,8 @@ ${text2}`);
     "list_membership_categories",
     "List all membership/course categories in a location. Categories group lessons inside a course/product. Use the returned ids with the category_completed / category_started trigger conditions. READ-ONLY.",
     {
-      limit: import_zod44.z.number().optional().describe("Max categories to return. Defaults to a large value (effectively all)."),
-      locationId: import_zod44.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
+      limit: import_zod45.z.number().optional().describe("Max categories to return. Defaults to a large value (effectively all)."),
+      locationId: import_zod45.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
     },
     async ({ limit, locationId: locationId2 }) => {
       try {
@@ -6430,8 +7023,8 @@ ${text2}`);
     "list_membership_lessons",
     "List all membership/course lessons in a location. Use the returned ids with the lesson_completed / lesson_started trigger conditions. READ-ONLY.",
     {
-      limit: import_zod44.z.number().optional().describe("Max lessons to return. Defaults to a large value (effectively all)."),
-      locationId: import_zod44.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
+      limit: import_zod45.z.number().optional().describe("Max lessons to return. Defaults to a large value (effectively all)."),
+      locationId: import_zod45.z.string().optional().describe("Location ID. Falls back to the active builder client's location.")
     },
     async ({ limit, locationId: locationId2 }) => {
       try {
@@ -6446,41 +7039,41 @@ ${text2}`);
 }
 
 // src/tools/template-deployer.ts
-var import_zod45 = require("zod");
+var import_zod46 = require("zod");
 var fs4 = __toESM(require("fs"));
 var path4 = __toESM(require("path"));
 function delay3(ms) {
   return new Promise((resolve5) => setTimeout(resolve5, ms));
 }
-var TemplateSchema = import_zod45.z.object({
-  templateName: import_zod45.z.string(),
-  templateVersion: import_zod45.z.string().optional(),
-  description: import_zod45.z.string().optional().default(""),
-  questionnaire: import_zod45.z.array(import_zod45.z.object({
-    id: import_zod45.z.string(),
-    question: import_zod45.z.string(),
-    type: import_zod45.z.string(),
-    required: import_zod45.z.boolean().optional(),
-    placeholder: import_zod45.z.string().optional()
+var TemplateSchema = import_zod46.z.object({
+  templateName: import_zod46.z.string(),
+  templateVersion: import_zod46.z.string().optional(),
+  description: import_zod46.z.string().optional().default(""),
+  questionnaire: import_zod46.z.array(import_zod46.z.object({
+    id: import_zod46.z.string(),
+    question: import_zod46.z.string(),
+    type: import_zod46.z.string(),
+    required: import_zod46.z.boolean().optional(),
+    placeholder: import_zod46.z.string().optional()
   })).optional().default([]),
-  location: import_zod45.z.record(import_zod45.z.unknown()).optional(),
-  tags: import_zod45.z.array(import_zod45.z.string()).optional(),
-  customFields: import_zod45.z.array(import_zod45.z.object({
-    name: import_zod45.z.string(),
-    dataType: import_zod45.z.string()
+  location: import_zod46.z.record(import_zod46.z.unknown()).optional(),
+  tags: import_zod46.z.array(import_zod46.z.string()).optional(),
+  customFields: import_zod46.z.array(import_zod46.z.object({
+    name: import_zod46.z.string(),
+    dataType: import_zod46.z.string()
   })).optional(),
-  pipelines: import_zod45.z.array(import_zod45.z.object({
-    name: import_zod45.z.string(),
-    stages: import_zod45.z.array(import_zod45.z.object({ position: import_zod45.z.number(), name: import_zod45.z.string() }))
+  pipelines: import_zod46.z.array(import_zod46.z.object({
+    name: import_zod46.z.string(),
+    stages: import_zod46.z.array(import_zod46.z.object({ position: import_zod46.z.number(), name: import_zod46.z.string() }))
   })).optional(),
-  workflows: import_zod45.z.array(import_zod45.z.object({
-    name: import_zod45.z.string(),
-    condition: import_zod45.z.string().optional(),
-    actions: import_zod45.z.array(import_zod45.z.record(import_zod45.z.unknown())).optional().default([])
+  workflows: import_zod46.z.array(import_zod46.z.object({
+    name: import_zod46.z.string(),
+    condition: import_zod46.z.string().optional(),
+    actions: import_zod46.z.array(import_zod46.z.record(import_zod46.z.unknown())).optional().default([])
   })).optional(),
-  calendars: import_zod45.z.array(import_zod45.z.object({
-    name: import_zod45.z.string(),
-    description: import_zod45.z.string().optional()
+  calendars: import_zod46.z.array(import_zod46.z.object({
+    name: import_zod46.z.string(),
+    description: import_zod46.z.string().optional()
   })).optional()
 });
 function registerTemplateDeployerTools(server2, client) {
@@ -6551,7 +7144,7 @@ function registerTemplateDeployerTools(server2, client) {
     "get_template_questionnaire",
     "Get the questionnaire for a specific template. Returns all the questions that need to be answered before deploying. Present these to the user one at a time in a conversational style.",
     {
-      templateFile: import_zod45.z.string().describe("Path to the template JSON file (from list_templates).")
+      templateFile: import_zod46.z.string().describe("Path to the template JSON file (from list_templates).")
     },
     async ({ templateFile }) => {
       try {
@@ -6584,10 +7177,10 @@ function registerTemplateDeployerTools(server2, client) {
     "deploy_template",
     "Deploy a template to set up a GHL sub-account. Creates tags, custom fields, pipelines with stages, calendars, workflows, and forms based on the template and the user's questionnaire answers. This is the main setup automation tool.",
     {
-      templateFile: import_zod45.z.string().describe("Path to the template JSON file."),
-      answers: import_zod45.z.record(import_zod45.z.unknown()).describe("Questionnaire answers keyed by question ID (e.g. {business_name: 'My Clinic', business_phone: '+15551234567', ...})."),
-      locationId: import_zod45.z.string().optional().describe("Location ID to deploy to. Uses default if not specified."),
-      dryRun: import_zod45.z.boolean().optional().describe("If true, shows what would be created without actually creating anything. Defaults to false.")
+      templateFile: import_zod46.z.string().describe("Path to the template JSON file."),
+      answers: import_zod46.z.record(import_zod46.z.unknown()).describe("Questionnaire answers keyed by question ID (e.g. {business_name: 'My Clinic', business_phone: '+15551234567', ...})."),
+      locationId: import_zod46.z.string().optional().describe("Location ID to deploy to. Uses default if not specified."),
+      dryRun: import_zod46.z.boolean().optional().describe("If true, shows what would be created without actually creating anything. Defaults to false.")
     },
     async ({ templateFile, answers, locationId: locationId2, dryRun }) => {
       try {
@@ -6833,7 +7426,7 @@ ${errors.join("\n")}` : "\nNo errors!",
 }
 
 // src/tools/validators.ts
-var import_zod46 = require("zod");
+var import_zod47 = require("zod");
 function extractFromTrigger(trigger, refs) {
   const triggerName = String(trigger.name ?? trigger.type ?? "unnamed trigger");
   const where = `trigger "${triggerName}"`;
@@ -6968,7 +7561,7 @@ function registerValidatorTools(server2, client, builderClient) {
     "validate_workflow",
     "Pre-flight ID validation for a deployed GHL workflow. Scans every trigger and action for references to pipelines, pipeline stages, custom fields, users, workflows, forms, calendars, and surveys; verifies each ID exists in the current location. Use this BEFORE publish_workflow when a workflow has been edited, or whenever a published workflow stops behaving as expected. Catches the silent-failure bug where invalid IDs make GHL skip all subsequent actions without warning. Returns a structured report of valid + missing references.",
     {
-      workflowId: import_zod46.z.string().describe("The workflow ID to validate.")
+      workflowId: import_zod47.z.string().describe("The workflow ID to validate.")
     },
     async ({ workflowId }) => {
       try {
@@ -7239,20 +7832,24 @@ function registerDiagnosticTools(server2, installedVersion, client, builderClien
           return { name: "Firebase auth (workflow builder)", status: "skip", detail: "Not configured. The 8 workflow builder tools need Firebase credentials. The other 168 tools work fine without. To add it: run enable_workflow_builder with the three Firebase values from your GHL browser session (see elitedcs.com/ghl-mcp-firebase for DevTools steps)." };
         }
         const result = await builderClient.checkAuth();
+        const activeCompany = builderClient.getCurrentCompanyId();
+        const companyNote = activeCompany ? ` Active company: ${activeCompany}.` : "";
         if (result.ok) {
-          return { name: "Firebase auth (workflow builder)", status: "pass", detail: "ID token refresh succeeded. Workflow builder tools are usable." };
+          return { name: "Firebase auth (workflow builder)", status: "pass", detail: `ID token refresh succeeded. Workflow builder tools are usable.${companyNote}` };
         }
-        return { name: "Firebase auth (workflow builder)", status: "fail", detail: `Token refresh failed: ${result.error}. Re-capture Firebase values from GHL DevTools and re-run setup_ghl_mcp.` };
+        return { name: "Firebase auth (workflow builder)", status: "fail", detail: `Token refresh failed: ${result.error}.${companyNote} If you're in a client's account, register its Firebase with register_company_firebase. Otherwise re-capture your Firebase values from GHL DevTools and re-run enable_workflow_builder.` };
       })();
       const registryCheck = (() => {
         if (!registry2) {
           return { name: "Token registry", status: "skip", detail: "Not initialized \u2014 using env-var credentials only. switch_location won't auto-swap keys between sub-accounts." };
         }
         const locs = registry2.listLocations();
+        const companies = registry2.listCompanyFirebases();
+        const companyNote = companies.length ? ` ${companies.length} company Firebase credential(s) registered for multi-tenant workflow-builder access.` : "";
         if (locs.length === 0) {
-          return { name: "Token registry", status: "warn", detail: "Initialized but empty \u2014 register sub-accounts via register_location for cross-account switching." };
+          return { name: "Token registry", status: "warn", detail: `Initialized but empty \u2014 register sub-accounts via register_location for cross-account switching.${companyNote}` };
         }
-        return { name: "Token registry", status: "pass", detail: `${locs.length} sub-account(s) registered.` };
+        return { name: "Token registry", status: "pass", detail: `${locs.length} sub-account(s) registered.${companyNote}` };
       })();
       const [versionStatus, apiKeyCheck, locationCheck, firebaseCheck] = await Promise.all([
         versionPromise,
@@ -7339,226 +7936,13 @@ function registerAllTools(server2, client, registry2, mcpVersion) {
   registerSmartListTools(server2, builderClient);
   registerReputationTools(server2, builderClient);
   registerEmailCampaignTools(server2, builderClient);
+  registerEmailBuilderInternalTools(server2, builderClient);
   registerMembershipTools(server2, builderClient);
   registerValidatorTools(server2, client, builderClient);
   registerDiagnosticTools(server2, mcpVersion ?? "unknown", client, builderClient, registry2 ?? null);
   registerLocationSwitcherTools(server2, client, builderClient, registry2, mcpVersion);
 }
 
-// src/setup-tool.ts
-var os2 = __toESM(require("os"));
-var crypto3 = __toESM(require("crypto"));
-var import_zod47 = require("zod");
-var LICENSE_API = "https://elitedcs.com/api/validate-license";
-var GHL_API = "https://services.leadconnectorhq.com";
-var FIREBASE_TOKEN_API = "https://securetoken.googleapis.com/v1/token";
-function deviceFingerprint() {
-  const raw = `${os2.hostname()}:${os2.userInfo().username}:${os2.platform()}:${os2.arch()}`;
-  return crypto3.createHash("sha256").update(raw).digest("hex").slice(0, 16);
-}
-async function validateLicense(email, licenseKey) {
-  try {
-    const res = await fetch(LICENSE_API, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        email: email.trim(),
-        license_key: licenseKey.trim(),
-        device_fingerprint: deviceFingerprint()
-      }),
-      signal: AbortSignal.timeout(1e4)
-    });
-    const data = await res.json().catch(() => ({}));
-    if (res.ok && data.valid) {
-      return { ok: true, installs: `${data.installs_used}/${data.installs_max}` };
-    }
-    return { ok: false, error: data.error || data.message || `License validation failed (HTTP ${res.status})` };
-  } catch (err) {
-    const msg = err instanceof Error ? err.message : String(err);
-    return { ok: false, error: `Could not reach license server: ${msg}` };
-  }
-}
-async function validateGhl(apiKey2, locationId2) {
-  try {
-    const res = await fetch(`${GHL_API}/locations/${locationId2}`, {
-      headers: {
-        Authorization: `Bearer ${apiKey2}`,
-        Version: "2021-07-28",
-        Accept: "application/json"
-      },
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (res.status === 401) return { ok: false, error: "GHL API key is invalid (401)." };
-    if (res.status === 403) return { ok: false, error: "GHL API key doesn't have access to this Location ID. The key must be created INSIDE this sub-account." };
-    if (!res.ok) return { ok: false, error: `GHL returned HTTP ${res.status}.` };
-    const data = await res.json().catch(() => ({}));
-    const name = data?.location?.name || data?.name || "Unknown";
-    return { ok: true, locationName: name };
-  } catch (err) {
-    const msg = err instanceof Error ? err.message : String(err);
-    return { ok: false, error: `Could not reach GHL: ${msg}` };
-  }
-}
-async function validateFirebase(firebaseKey, refreshToken) {
-  try {
-    const res = await fetch(`${FIREBASE_TOKEN_API}?key=${encodeURIComponent(firebaseKey)}`, {
-      method: "POST",
-      headers: { "Content-Type": "application/x-www-form-urlencoded" },
-      body: `grant_type=refresh_token&refresh_token=${encodeURIComponent(refreshToken)}`,
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (!res.ok) return { ok: false, error: "Firebase credentials rejected. Re-extract them from your GHL browser tab." };
-    return { ok: true };
-  } catch (err) {
-    const msg = err instanceof Error ? err.message : String(err);
-    return { ok: false, error: `Could not reach Firebase: ${msg}` };
-  }
-}
-function registerSetupTool(server2) {
-  server2.tool(
-    "setup_ghl_mcp",
-    "First-run setup for GHL Command MCP. Validates your license and GHL credentials, then writes them to a per-user credentials file. Restart Claude after this completes to load all 201 tools (161 if you skip the optional Firebase fields; add Firebase later with enable_workflow_builder).",
-    {
-      email: import_zod47.z.string().email().describe("Email used at purchase."),
-      license_key: import_zod47.z.string().min(20).describe("License key from your purchase email."),
-      ghl_api_key: import_zod47.z.string().min(10).describe("GHL Private Integration key (starts with 'pit-'). Created INSIDE the sub-account at Settings > Integrations > Private Integrations."),
-      ghl_location_id: import_zod47.z.string().min(10).describe("GHL Location ID (sub-account ID). Found in your GHL URL: /location/THIS_PART/dashboard."),
-      ghl_company_id: import_zod47.z.string().optional().describe("(Agency only) Company ID for multi-location access."),
-      ghl_user_id: import_zod47.z.string().optional().describe("(Workflow Builder, optional) Firebase User ID. See README for browser capture instructions."),
-      ghl_firebase_api_key: import_zod47.z.string().optional().describe("(Workflow Builder, optional) Firebase API Key starting with 'AIza'."),
-      ghl_firebase_refresh_token: import_zod47.z.string().optional().describe("(Workflow Builder, optional) Firebase refresh token starting with 'AMf-'.")
-    },
-    async (args) => {
-      const lic = await validateLicense(args.email, args.license_key);
-      if (!lic.ok) {
-        return { content: [{ type: "text", text: `License check failed: ${lic.error}
-
-Purchase a license at https://elitedcs.com/ghl-mcp-server or contact support.` }], isError: true };
-      }
-      const ghl = await validateGhl(args.ghl_api_key, args.ghl_location_id);
-      if (!ghl.ok) {
-        return { content: [{ type: "text", text: `GHL credential check failed: ${ghl.error}` }], isError: true };
-      }
-      const wantsWorkflowBuilder = args.ghl_user_id || args.ghl_firebase_api_key || args.ghl_firebase_refresh_token;
-      let workflowBuilderEnabled = false;
-      let workflowBuilderNote = "";
-      if (wantsWorkflowBuilder) {
-        if (!args.ghl_user_id || !args.ghl_firebase_api_key || !args.ghl_firebase_refresh_token) {
-          return {
-            content: [{
-              type: "text",
-              text: "Workflow Builder requires ALL THREE Firebase fields: ghl_user_id, ghl_firebase_api_key, ghl_firebase_refresh_token. Either provide all three or omit all three. See https://elitedcs.com/ghl-mcp-server/firebase for one-click capture."
-            }],
-            isError: true
-          };
-        }
-        const fb = await validateFirebase(args.ghl_firebase_api_key, args.ghl_firebase_refresh_token);
-        if (!fb.ok) {
-          workflowBuilderNote = `
-
-Note: Firebase credentials rejected (${fb.error}). Saved without Workflow Builder. Re-run setup_ghl_mcp later with fresh Firebase fields to enable it.`;
-        } else {
-          workflowBuilderEnabled = true;
-        }
-      }
-      writeCredentials({
-        license_key: args.license_key.trim(),
-        email: args.email.trim(),
-        verified_at: (/* @__PURE__ */ new Date()).toISOString(),
-        ghl_api_key: args.ghl_api_key.trim(),
-        ghl_location_id: args.ghl_location_id.trim(),
-        ghl_company_id: args.ghl_company_id?.trim() || void 0,
-        ghl_user_id: workflowBuilderEnabled ? args.ghl_user_id?.trim() : void 0,
-        ghl_firebase_api_key: workflowBuilderEnabled ? args.ghl_firebase_api_key?.trim() : void 0,
-        ghl_firebase_refresh_token: workflowBuilderEnabled ? args.ghl_firebase_refresh_token?.trim() : void 0
-      });
-      const toolCount = workflowBuilderEnabled ? "201" : "161";
-      const wfLine = workflowBuilderEnabled ? "Workflow Builder: enabled." : "Workflow Builder: not configured (optional).";
-      const wfTip = workflowBuilderEnabled ? "" : "\nTo enable Workflow Builder later (8 extra tools): run enable_workflow_builder with your three Firebase values. No need to re-enter license/API key/location ID.";
-      return {
-        content: [{
-          type: "text",
-          text: [
-            `Setup complete!`,
-            ``,
-            `License: verified (installs ${lic.installs}).`,
-            `GHL: connected to "${ghl.locationName}".`,
-            wfLine,
-            ``,
-            `Credentials saved to: ${credentialsPath()}`,
-            ``,
-            `**Restart Claude (quit fully and reopen) to load all ${toolCount} tools.**`,
-            ``,
-            `After restart, try: "List my GHL contacts" or "Show my pipelines".${wfTip}`,
-            workflowBuilderNote
-          ].join("\n")
-        }]
-      };
-    }
-  );
-}
-function registerEnableWorkflowBuilderTool(server2) {
-  server2.tool(
-    "enable_workflow_builder",
-    "Add Firebase credentials to an existing GHL Command install to unlock 30 additional tools across 6 modules: workflow builder (create/edit/clone/delete/publish/validate workflows, build_if_else_branch, build_goal_event, get_trigger_registry), funnel + page builder (10 tools), form builder (5 tools), pipeline builder (5 tools), and workflow cloning. Requires you've already run setup_ghl_mcp. Capture the three Firebase values from your GHL browser session \u2014 see elitedcs.com/ghl-mcp-firebase for step-by-step DevTools instructions. Tool count goes from 161 to 201 after the next Claude restart.",
-    {
-      ghl_user_id: import_zod47.z.string().min(10).describe("Firebase User ID (uid). DevTools \u2192 Application \u2192 IndexedDB \u2192 firebaseLocalStorageDb \u2192 firebaseLocalStorage \u2192 the value.uid field of the firebase:authUser row."),
-      ghl_firebase_api_key: import_zod47.z.string().min(10).describe("Firebase API Key starting with 'AIza'. The string between 'firebase:authUser:' and ':[DEFAULT]' in the row's Key column."),
-      ghl_firebase_refresh_token: import_zod47.z.string().min(10).describe("Firebase refresh token. value.stsTokenManager.refreshToken in the firebase:authUser row.")
-    },
-    async (args) => {
-      const existing = readCredentials();
-      if (!existing) {
-        return {
-          content: [{
-            type: "text",
-            text: "No existing credentials found at " + credentialsPath() + ".\n\nRun setup_ghl_mcp first to register your license and basic GHL credentials, then come back to this tool to add Workflow Builder."
-          }],
-          isError: true
-        };
-      }
-      const fb = await validateFirebase(args.ghl_firebase_api_key.trim(), args.ghl_firebase_refresh_token.trim());
-      if (!fb.ok) {
-        return {
-          content: [{
-            type: "text",
-            text: `Firebase credentials rejected: ${fb.error}
-
-Common causes:
-  - The refresh token has rotated (they rotate every few weeks). Re-extract from your GHL browser tab.
-  - The Firebase API Key doesn't match the refresh token's project. Both must come from the SAME firebase:authUser row.
-
-DevTools steps: https://elitedcs.com/ghl-mcp-firebase`
-          }],
-          isError: true
-        };
-      }
-      writeCredentials({
-        ...existing,
-        ghl_user_id: args.ghl_user_id.trim(),
-        ghl_firebase_api_key: args.ghl_firebase_api_key.trim(),
-        ghl_firebase_refresh_token: args.ghl_firebase_refresh_token.trim()
-      });
-      return {
-        content: [{
-          type: "text",
-          text: [
-            "Workflow Builder enabled!",
-            "",
-            "Firebase credentials verified and saved.",
-            "",
-            "**Restart Claude (quit fully and reopen) to load the workflow builder + funnel builder + pipeline builder + form builder + workflow cloner tools (201 total).**",
-            "",
-            'After restart, try: "List my workflows in full detail" or "Validate workflow <id>".',
-            "",
-            "Note: Firebase refresh tokens rotate every few weeks. If workflow tools stop working, re-run enable_workflow_builder with fresh values from a current GHL browser session."
-          ].join("\n")
-        }]
-      };
-    }
-  );
-}
-
 // src/tools/meta.ts
 function registerMetaTools(server2, installedVersion) {
   server2.tool(