@elitedcs/ghl-mcp 3.23.0 → 3.24.0

package/CHANGELOG.md

@@ -1,5 +1,29 @@
 # Changelog
 
+## 3.24.0 — Signed-attestation gate closes the credentials.json bypass
+
+**Security fix. Tool count unchanged (212 across 43 modules).**
+
+Through v3.23.0 the license gate trusted any `credentials.json` whose `verified_at` and `license_key` fields were non-empty strings. A technical user could hand-write the file with their own GHL API key and load all 163 core tools without paying. v3.24.0 replaces that trust with an Ed25519-signed attestation issued by `elitedcs.com/api/validate-license`. The MCP bundles only the public key, so it can verify but can't forge — hand-crafted credentials now fail on the next startup and the MCP falls into bootstrap mode.
+
+**How it works.** Every successful online license validation now returns a `signed_attestation` token binding `{email, license_key, device_fingerprint, installs_max, expires_at}` together. The MCP stores this in `credentials.json` and verifies it on startup:
+
+- **Valid + fresh** → boot normally.
+- **Valid + nearing expiry (<7d)** → boot normally, refresh in the background.
+- **Expired but within 14-day grace window** → boot normally for this session, attempt re-renew (covers transient license-server outages).
+- **Past grace OR bad signature OR wrong device OR wrong email/license** → force online re-validate. If the server confirms the buyer, mint a new attestation. If not, drop into bootstrap mode and require `setup_ghl_mcp`.
+
+**Migration is automatic.** Existing v3.20.0–v3.23.0 buyers have a `credentials.json` without `signed_attestation`. On first startup under v3.24.0 the MCP detects the missing field, calls `validate-license`, and writes the new signed token. Buyers see a one-time `[ghl-mcp] License gate: renewed-from-legacy` log line and nothing else changes. The transitional path also tolerates a license server that hasn't been upgraded yet — `setup_ghl_mcp` still works against an older server, the attestation just gets backfilled on the next restart after the server deploys.
+
+**Funnel telemetry shipped on the server side (no MCP impact).** `validate-license`, `capture-lead`, and `stripe-webhook` now emit `[telemetry] {event, success, reason, email_hash, ...}` log lines that Cloudflare captures. Lets us measure the npm-install → setup → purchase funnel without storing PII.
+
+**Pipeline automation shipped on the server side (no MCP impact).** A successful `validate-license` call now advances the buyer's GHL Command opportunity:
+
+- Purchased → Onboarding on first install (installs_used 0 → 1).
+- Onboarding → Active on second+ install or any reinstall.
+
+Existing buyers backfilled manually based on their current `installs_used` count.
+
 ## 3.23.0 — `update_calendar` can assign team members again (Henry fix, part 2)
 
 **Critical fix. Tool count unchanged (212 across 43 modules). The `teamMembers` parameter is back on `update_calendar` — and actually persists this time — with a typed schema that surfaces GHL's strict validation up front.**

package/dist/index.js

@@ -31,7 +31,7 @@ var require_package = __commonJS({
   "package.json"(exports2, module2) {
     module2.exports = {
       name: "@elitedcs/ghl-mcp",
-      version: "3.23.0",
+      version: "3.24.0",
       mcpName: "io.github.drjerryrelth/ghl-command",
       description: "GoHighLevel MCP Server for Claude. 212 tools \u2014 full CRM, automation, marketing control, and the only programmatic GHL workflow builder, now multi-tenant across client accounts.",
       main: "dist/index.js",
@@ -290,7 +290,14 @@ var CredentialsSchema = import_zod.z.object({
   ghl_company_id: import_zod.z.string().optional(),
   ghl_user_id: import_zod.z.string().optional(),
   ghl_firebase_api_key: import_zod.z.string().optional(),
-  ghl_firebase_refresh_token: import_zod.z.string().optional()
+  ghl_firebase_refresh_token: import_zod.z.string().optional(),
+  // Ed25519-signed attestation from elitedcs.com/api/validate-license.
+  // v3.24.0+ writes this on every successful online validation; index.ts
+  // verifies on startup and refuses to load tools without it (closing the
+  // hand-crafted-credentials.json bypass that existed through v3.23.0).
+  // Optional in the schema only so files written by earlier versions still
+  // parse — index.ts's gate forces a re-validate when the field is missing.
+  signed_attestation: import_zod.z.string().optional()
 });
 function appDataDir() {
   const home = os.homedir();
@@ -5843,7 +5850,11 @@ async function validateLicense(email, licenseKey) {
     });
     const data = await res.json().catch(() => ({}));
     if (res.ok && data.valid) {
-      return { ok: true, installs: `${data.installs_used}/${data.installs_max}` };
+      return {
+        ok: true,
+        installs: `${data.installs_used}/${data.installs_max}`,
+        signedAttestation: typeof data.signed_attestation === "string" ? data.signed_attestation : void 0
+      };
     }
     return { ok: false, error: data.error || data.message || `License validation failed (HTTP ${res.status})` };
   } catch (err) {
@@ -5943,7 +5954,10 @@ Note: Firebase credentials rejected (${fb.error}). Saved without Workflow Builde
         ghl_company_id: args.ghl_company_id?.trim() || void 0,
         ghl_user_id: workflowBuilderEnabled ? args.ghl_user_id?.trim() : void 0,
         ghl_firebase_api_key: workflowBuilderEnabled ? args.ghl_firebase_api_key?.trim() : void 0,
-        ghl_firebase_refresh_token: workflowBuilderEnabled ? args.ghl_firebase_refresh_token?.trim() : void 0
+        ghl_firebase_refresh_token: workflowBuilderEnabled ? args.ghl_firebase_refresh_token?.trim() : void 0,
+        // v3.24.0+ attestation. Tied to email + license + device fingerprint;
+        // verified on every MCP startup. Closes the hand-crafted creds bypass.
+        signed_attestation: lic.signedAttestation
       });
       const toolCount = workflowBuilderEnabled ? "212" : "163";
       const wfLine = workflowBuilderEnabled ? "Workflow Builder: enabled." : "Workflow Builder: not configured (optional).";
@@ -8282,6 +8296,92 @@ function registerAllTools(server2, client, registry2, mcpVersion) {
   registerLocationSwitcherTools(server2, client, builderClient, registry2, mcpVersion);
 }
 
+// src/attestation.ts
+var import_node_crypto = require("node:crypto");
+var ATTESTATION_PUBLIC_KEY_B64 = "8KJo8V3Z7ngeToIQfOXpKdlr/EA34hXJVEIpW0A7wqs=";
+var ATTESTATION_VERSION = 1;
+var ATTESTATION_GRACE_DAYS = 14;
+function deviceFingerprint2() {
+  const os3 = require("node:os");
+  const crypto4 = require("node:crypto");
+  const raw = `${os3.hostname()}:${os3.userInfo().username}:${os3.platform()}:${os3.arch()}`;
+  return crypto4.createHash("sha256").update(raw).digest("hex").slice(0, 16);
+}
+function base64urlDecode(s) {
+  const b64 = s.replace(/-/g, "+").replace(/_/g, "/");
+  const padded = b64 + "=".repeat((4 - b64.length % 4) % 4);
+  return new Uint8Array(Buffer.from(padded, "base64"));
+}
+var cachedPublicKey = null;
+async function getPublicKey() {
+  if (cachedPublicKey) return cachedPublicKey;
+  const raw = Buffer.from(ATTESTATION_PUBLIC_KEY_B64, "base64");
+  cachedPublicKey = await import_node_crypto.webcrypto.subtle.importKey(
+    "raw",
+    raw,
+    { name: "Ed25519" },
+    false,
+    ["verify"]
+  );
+  return cachedPublicKey;
+}
+async function verifyAttestation(token, bindings, now = /* @__PURE__ */ new Date()) {
+  if (typeof token !== "string" || !token) return { ok: false, reason: "malformed" };
+  const dot = token.indexOf(".");
+  if (dot <= 0 || dot === token.length - 1) return { ok: false, reason: "malformed" };
+  let payloadBytes;
+  let signatureBytes;
+  try {
+    payloadBytes = base64urlDecode(token.slice(0, dot));
+    signatureBytes = base64urlDecode(token.slice(dot + 1));
+  } catch {
+    return { ok: false, reason: "malformed" };
+  }
+  let payload;
+  try {
+    const parsed = JSON.parse(new TextDecoder().decode(payloadBytes));
+    if (typeof parsed.v !== "number") return { ok: false, reason: "malformed" };
+    if (parsed.v !== ATTESTATION_VERSION) return { ok: false, reason: "unsupported-version" };
+    payload = parsed;
+  } catch {
+    return { ok: false, reason: "malformed" };
+  }
+  let signatureValid;
+  try {
+    const key = await getPublicKey();
+    signatureValid = await import_node_crypto.webcrypto.subtle.verify({ name: "Ed25519" }, key, signatureBytes, payloadBytes);
+  } catch {
+    return { ok: false, reason: "bad-signature" };
+  }
+  if (!signatureValid) return { ok: false, reason: "bad-signature" };
+  if (payload.email.toLowerCase() !== bindings.email.toLowerCase()) {
+    return { ok: false, reason: "wrong-email" };
+  }
+  if (payload.license_key !== bindings.license_key) {
+    return { ok: false, reason: "wrong-license" };
+  }
+  const fingerprint = bindings.expectedFingerprint ?? deviceFingerprint2();
+  if (payload.device_fingerprint !== fingerprint) {
+    return { ok: false, reason: "wrong-device" };
+  }
+  const expiry = Date.parse(payload.expires_at);
+  if (!Number.isFinite(expiry)) return { ok: false, reason: "malformed" };
+  const graceDeadline = expiry + ATTESTATION_GRACE_DAYS * 24 * 60 * 60 * 1e3;
+  if (now.getTime() <= expiry) {
+    return { ok: true, payload, reason: "valid" };
+  }
+  if (now.getTime() <= graceDeadline) {
+    return { ok: true, payload, reason: "in-grace" };
+  }
+  return { ok: false, reason: "expired" };
+}
+function shouldRenew(payload, now = /* @__PURE__ */ new Date()) {
+  const expiry = Date.parse(payload.expires_at);
+  if (!Number.isFinite(expiry)) return true;
+  const remainingMs = expiry - now.getTime();
+  return remainingMs < 7 * 24 * 60 * 60 * 1e3;
+}
+
 // src/tools/meta.ts
 function registerMetaTools(server2, installedVersion) {
   server2.tool(
@@ -8364,8 +8464,70 @@ var server = new import_mcp.McpServer({
 });
 registerMetaTools(server, pkg.version);
 var inBootstrapMode = true;
+async function renewAttestation(creds) {
+  if (!creds.email || !creds.license_key) return false;
+  try {
+    const lic = await validateLicense(creds.email, creds.license_key);
+    if (!lic.ok) {
+      process.stderr.write(`[ghl-mcp] Re-validate failed: ${lic.error}
+`);
+      return false;
+    }
+    try {
+      writeCredentials({
+        ...creds,
+        verified_at: (/* @__PURE__ */ new Date()).toISOString(),
+        ...lic.signedAttestation ? { signed_attestation: lic.signedAttestation } : {}
+      });
+    } catch {
+    }
+    if (!lic.signedAttestation) {
+      process.stderr.write("[ghl-mcp] License re-validated, but the license server did not return a signed attestation. Falling back to legacy trust for this session.\n");
+    }
+    return true;
+  } catch {
+    return false;
+  }
+}
+function renewAttestationInBackground(creds) {
+  return renewAttestation(creds).then(() => void 0, () => void 0);
+}
 async function resolveAccessAndRegister() {
-  let licenseVerified = Boolean(fileCreds?.verified_at && fileCreds?.license_key);
+  let licenseVerified = false;
+  let attestationStatus = "no-creds";
+  if (fileCreds?.email && fileCreds?.license_key && fileCreds.signed_attestation) {
+    const verify = await verifyAttestation(fileCreds.signed_attestation, {
+      email: fileCreds.email,
+      license_key: fileCreds.license_key
+    });
+    if (verify.ok) {
+      licenseVerified = true;
+      attestationStatus = verify.reason;
+      if (verify.reason === "in-grace" || shouldRenew(verify.payload)) {
+        void renewAttestationInBackground(fileCreds);
+      }
+    } else {
+      process.stderr.write(`[ghl-mcp] Stored attestation rejected: ${verify.reason}. Re-validating online.
+`);
+      const renewed = await renewAttestation(fileCreds);
+      if (renewed) {
+        licenseVerified = true;
+        attestationStatus = "renewed-after-tamper";
+      } else {
+        attestationStatus = "needs-reset";
+      }
+    }
+  } else if (fileCreds?.email && fileCreds?.license_key) {
+    process.stderr.write("[ghl-mcp] Upgrading legacy credentials.json to signed attestation.\n");
+    const renewed = await renewAttestation(fileCreds);
+    if (renewed) {
+      licenseVerified = true;
+      attestationStatus = "renewed-from-legacy";
+    } else {
+      attestationStatus = "needs-reset";
+      process.stderr.write("[ghl-mcp] Could not re-validate. Run setup_ghl_mcp again.\n");
+    }
+  }
   if (!licenseVerified && apiKey && locationId) {
     const licEmail = (process.env.GHL_LICENSE_EMAIL || fileCreds?.email)?.trim();
     const licKey = (process.env.GHL_LICENSE_KEY || fileCreds?.license_key)?.trim();
@@ -8373,6 +8535,7 @@ async function resolveAccessAndRegister() {
       const lic = await validateLicense(licEmail, licKey);
       if (lic.ok) {
         licenseVerified = true;
+        attestationStatus = "renewed";
         try {
           writeCredentials({
             license_key: licKey,
@@ -8383,7 +8546,8 @@ async function resolveAccessAndRegister() {
             ...process.env.GHL_COMPANY_ID ? { ghl_company_id: process.env.GHL_COMPANY_ID } : {},
             ...process.env.GHL_USER_ID ? { ghl_user_id: process.env.GHL_USER_ID } : {},
             ...process.env.GHL_FIREBASE_API_KEY ? { ghl_firebase_api_key: process.env.GHL_FIREBASE_API_KEY } : {},
-            ...process.env.GHL_FIREBASE_REFRESH_TOKEN ? { ghl_firebase_refresh_token: process.env.GHL_FIREBASE_REFRESH_TOKEN } : {}
+            ...process.env.GHL_FIREBASE_REFRESH_TOKEN ? { ghl_firebase_refresh_token: process.env.GHL_FIREBASE_REFRESH_TOKEN } : {},
+            ...lic.signedAttestation ? { signed_attestation: lic.signedAttestation } : {}
           });
           process.stderr.write("[ghl-mcp] License validated and cached.\n");
         } catch {
@@ -8398,6 +8562,10 @@ async function resolveAccessAndRegister() {
       );
     }
   }
+  if (licenseVerified) {
+    process.stderr.write(`[ghl-mcp] License gate: ${attestationStatus}.
+`);
+  }
   inBootstrapMode = !apiKey || !locationId || !licenseVerified;
   if (inBootstrapMode) {
     process.stderr.write(

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@elitedcs/ghl-mcp",
-  "version": "3.23.0",
+  "version": "3.24.0",
   "mcpName": "io.github.drjerryrelth/ghl-command",
   "description": "GoHighLevel MCP Server for Claude. 212 tools — full CRM, automation, marketing control, and the only programmatic GHL workflow builder, now multi-tenant across client accounts.",
   "main": "dist/index.js",