npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@goxtechnologies/connectwise-home-mcp

v0.3.0

Published

26 MCP tools for ConnectWise Home (home.connectwise.com). Session management + Playwright exploration, 39 named operations across partners/users/roles/apps/products/issues, OIDC-bearer API calls, Salesforce support-case integration with multi-page scrapin

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jencryzthersjencryzthers

Keywords

mcpmodel-context-protocolconnectwiseconnectwise-homeplaywrightsalesforcepsa-bridgemspclaudeexperimental

Readme

@goxtechnologies/connectwise-home-mcp

Experimental MCP server for ConnectWise Home — the partner identity portal where MSPs manage ConnectWise subscriptions, users, product access, and vendor support cases.

Unlike the PSA / RMM / CPQ MCPs (which target documented APIs), ConnectWise Home has no public API. This package combines a Playwright-driven browser for discovery and authentication with an OIDC-bearer API client that reuses the portal's own access token, plus a Salesforce Experience Cloud scraper for the support-case workflow that lives on connectwise20.my.site.com.

Independent community project. Not affiliated with, endorsed by, or supported by ConnectWise LLC. Use at your own risk — browser automation against third-party portals may violate Terms of Service; review before use.

Tool surface (26 tools, 39 named operations)

Session (3)

| Tool | Purpose | |------|---------| | cw_home_login | Authenticate against home.connectwise.com via the OIDC flow (email → password → MFA → device trust). Persists cookies + storageState to disk. | | cw_home_logout | Clear persisted browser session. | | cw_home_session_status | Cookie count, earliest expiry, current URL. |

Browser / discovery primitives (12)

| Tool | Purpose | |------|---------| | cw_home_navigate | Navigate to an allow-listed URL (origin guard). | | cw_home_snapshot | Page accessibility tree. | | cw_home_screenshot | PNG (base64). | | cw_home_click / cw_home_fill / cw_home_select / cw_home_press_key | Interaction primitives. | | cw_home_eval | Read-only JS in the page context. | | cw_home_capture_xhr | Observe XHR/fetch traffic during an action. Redacts Authorization, Cookie, Set-Cookie, X-*-Token/Auth. | | cw_home_save_discovery / cw_home_list_discovered / cw_home_delete_discovery | SQLite endpoint catalogue. |

Execution (2)

| Tool | Purpose | |------|---------| | cw_home_api_call | Direct fetch() with browser session cookies. For anonymous / cookie-authenticated endpoints. | | cw_home_authed_api_call | Run fetch() inside the authenticated page with Authorization: Bearer <access_token> (token read from sessionStorage["oidc.user:<authority>:<client_id>"]). The token never leaves the browser process. |

Operations registry (2 tools, 39 named ops)

| Tool | Purpose | |------|---------| | cw_home_operation | Run a named op — routed to either cookie-fetch or bearer-fetch via authType. | | cw_home_list_operations | Browse / search by category / keyword. |

Operation categories: me (6), partners (9), users (10 — list, list_imported, create, delete, invite, resend_invite, enable/disable, edit, get_app_roles), roles (3 — list_application_roles, list_identity_roles_with_apps, is_support_enabled), apps (4), products (3), billing (1), issues (1), bootstrap (2).

For the full live-verified vs. untested vs. known-broken status of every endpoint (including 11 endpoints we probed and deliberately did NOT register — most 401/404/405), see the endpoint status matrix in CLAUDE.md.

Fast memory (4)

cw_home_save_query / cw_home_list_queries / cw_home_delete_query / cw_home_clear_queries — pinned queries, SQLite-backed.

Salesforce support cases (3)

| Tool | Purpose | |------|---------| | cw_home_sf_list_cases | Scrape My Cases / My Historical Cases via home.connectwise.com/partnersupport (redirects through SSO to Salesforce Experience Cloud). | | cw_home_sf_get_case | Navigate to a case (click from the list — direct /s/case/{num} URLs don't resolve) and scrape metadata + Chatter feed chronologically. | | cw_home_export_case_to_psa | Emit a JSON payload shaped for the PSA MCP's cw_operation('create_ticket', ...). Includes a full chronological conversation summary when include_feed: true (default). |

Install

npm install -g @goxtechnologies/connectwise-home-mcp
npm install -g playwright && npx playwright install chromium

Or on-demand via npx:

npx @goxtechnologies/connectwise-home-mcp

Configure

Create ~/.config/connectwise-home/.env (must be chmod 600 — the loader refuses group/world-readable files):

[email protected]
CW_HOME_PASSWORD=your-password
CW_HOME_TOTP_SECRET=BASE32 TOTP SECRET   # whitespace & hyphens are stripped

# Optional
CW_HOME_HEADLESS=true
CW_HOME_MAX_PAGES=1
CW_HOME_TIMEZONE=America/Toronto
CW_HOME_ALLOW_OFFORIGIN=false
CW_HOME_EXTRA_ORIGINS=                    # comma-separated extra allow-listed origins
CW_HOME_IDLE_SHUTDOWN_MS=600000           # close browser after N ms idle (0 = disable)

Use in Claude Code / Claude Desktop

Add to .mcp.json:

{
  "mcpServers": {
    "connectwise-home": {
      "command": "npx",
      "args": ["-y", "@goxtechnologies/connectwise-home-mcp"]
    }
  }
}

The companion plugin connectwise-home-plugin wires 6 slash commands (/cwhome, /cwhome-users, /cwhome-invite, /cwhome-cases, /cwhome-export-case, /cwhome-known-issues) and a home-navigator agent on top.

Typical workflows

List your 40 partner users

cw_home_login
cw_home_operation  operation=list_users  params={page:1, pageSize:50, originAccount:false}

Sync open CW vendor support cases into the PSA

  1. cw_home_sf_list_cases — get open cases
  2. For each, cw_home_export_case_to_psa case_number=<num> psa_company_id=<id> psa_board_id=<id> — returns a PSA-ready payload
  3. Hand off the payload to the PSA MCP: cw_operation operation=create_ticket params={confirm:true, body:<payload>}

Cross-MCP orchestration happens at the command / agent layer — MCPs don't call each other directly.

Discover a new endpoint

cw_home_navigate    url=https://home.connectwise.com/some-new-page
cw_home_capture_xhr action=navigate action_url=... url_filter=/api/
cw_home_save_discovery name=... method=GET url_pattern=... notes=...
cw_home_authed_api_call url=<discovered endpoint>   # replay directly

Once an endpoint stabilizes, promote it into src/operations/registry.ts so it becomes a first-class cw_home_operation.

Security

  • Origin allow-list: navigation + direct API calls are restricted to home.connectwise.com and auth.connectwise.com by default (the OIDC SSO host). Add more via CW_HOME_EXTRA_ORIGINS=..., or bypass entirely with CW_HOME_ALLOW_OFFORIGIN=true (debug only).
  • Bearer token isolation: cw_home_authed_api_call and cw_home_operation (bearer mode) run the fetch() inside page.evaluate() so the OIDC access token is pulled from sessionStorage in-browser and attached to the request. The LLM/agent only ever sees the response body (also redacted before return).
  • Response redaction: every captured XHR and every API response runs through redact.ts. Headers matching Authorization | Cookie | Set-Cookie | Proxy-Authorization | X-*-Token | X-*-Auth | X-API-Key | X-CSRF-Token | X-XSRF-Token are replaced with [REDACTED]. JSON bodies have values for keys matching password | secret | *_token | token$ | api_key | private_key | mfa_secret | otp_code | authorization replaced. URL query params with secret-looking keys are sanitized.
  • File permissions: .env must be chmod 600; browser-state.json is written 0o600.
  • Idle shutdown: the Playwright browser closes after CW_HOME_IDLE_SHUTDOWN_MS of inactivity (default 10 min) to free memory. The MCP process keeps running; the next tool call relaunches Chromium and restores storageState.
  • Circuit breaker: 3 consecutive login failures stop further attempts until the process restarts.

License

MIT. See LICENSE.