Package Exports

@revfleet/hscli
@revfleet/hscli/http
@revfleet/hscli/output
@revfleet/hscli/plugins

Readme

hscli

The headless HubSpot CLI + MCP server. 100% public API coverage (1,180 endpoints, 55+ command domains), enterprise safety rails, self-hosted.

Get started in 30 seconds

# 1. Install
npm install -g @revfleet/hscli

# 2. Auth with a HubSpot Private App token (create one at
#    Settings → Integrations → Private Apps → Create private app)
printf '%s' 'pat-eu1-XXXX-XXXX-XXXX' | hscli auth login --token-stdin

# 3. Read
hscli crm contacts list --limit 5

# 4. Write (dry-run by default, --force to execute)
hscli --force crm contacts create --data '{"properties":{"email":"jane@example.com"}}'

# 5. Run as an MCP server for Claude Desktop, Cursor, Claude Code
hscli mcp

That's the whole thing. For the full picture of what's available, read on.

Full coverage map (55+ domains)

hscli gives you one TypeScript binary that covers every endpoint of HubSpot's public API surface — verified against a scrape of HubSpot's own dev docs (1,178 source files, 1,180 endpoints). Whether an endpoint actually returns data on your portal depends on the HubSpot tier you're on (see docs/TIERS.md). hscli exposes them all.

Full CRM — contacts, companies, deals, tickets, leads, quotes, products, line items, orders, carts, discounts, fees, taxes, invoices, subscriptions, payments, goals, communications, users, feedback-submissions, custom objects, properties (+ legacy v1/v2), pipelines, associations v4 (+ labels CRUD + dated 2025-09), owners, imports, exports, engagements (notes/tasks/calls/meetings), sync, describe/validate, timeline, CRM Cards (UI Extensions), filter + count primitives on every object
Marketing — emails (v3 + legacy v1, per-email stats), campaigns, ads, social, SEO, landing pages, transactional, subscriptions, events (+ attendance + participations), behavioral events, forms, form integrations, legacy email events stream (per-recipient)
Sales — sequences (+ enroll/unenroll), meetings, calling, goals, scheduler (meeting links, book/reschedule/cancel), sales extensions (videoconferencing, accounting)
Service — conversations (threads, messages, inboxes, channels, channel-accounts, actors, custom-channels), feedback, chatflows, knowledge-base, ticket pipelines, visitor-identification
CMS — site pages, landing pages (+ folders), blog posts (+ authors + tags + blog-settings), HubDB (tables, rows, drafts, publishing), URL redirects, source-code, domains, SEO audit, site search, topics, audit-logs, comments, legacy content/api/v2 (Pages, Layouts, Templates, Modules, UrlMappings)
Settings — users, teams, business units, currencies, GDPR, audit-logs, communication preferences (v3 + v4 batch)
Account — info, audit-logs, private-apps, API usage
Operations — lists (+ folders + memberships), reporting, exports, workflows (v4 + legacy v2/v3), automation custom actions, webhooks (subscriptions), timeline (templates + events + integrators)
Commerce Hub — quotes, products, line-items, invoices, subscriptions, payments, orders, carts, discounts, fees, taxes, payments-subscriptions, tax rates
Developer Platform — feature flags, CRM cards, integrators timeline, media bridge (properties + schemas + settings + events), extensions (calling + videoconferencing + accounting + sales)
Legacy v1/v2 — contacts-v1, companies-v2, deals-v1, owners-v2, engagements-v1, properties-legacy, reports-v2, calling-v1, channels, broadcast, appinstalls, marketing-emails-v1
Niche — email events, email events per-recipient stream, submissions, visitor-identification, scheduler, tax, appinstalls, marketing-extras, owners-extras
Raw API command with path-scope controls + OAuth flow support
Built-in MCP server over stdio (140+ tools) for Claude Desktop, Cursor, Claude Code, any MCP client

Enterprise-grade from day one: --dry-run, --force, policy files, change tickets, capability probing, rate-limit intelligence, token redaction, path scope allowlisting, idempotency keys.

What hscli focuses on

CLI-first with MCP as a peer surface. Every MCP tool has a matching hscli command — same write gates, same redaction, same capability probing in both.
Self-hosted and token-sovereign. Your HubSpot private app token stays on your machine.
Safety gates by default. --dry-run, --force, policy files, change tickets, path scope allowlisting, idempotency keys on every write.
HubSpot-native engineering. Reads HubSpot's X-HubSpot-RateLimit-* headers, proactive throttling, capability probing by portalId + scopes, offline schema validation.

"100% coverage" — what that means

hscli's coverage claim is precise: every one of HubSpot's 1,180 documented public API endpoints has a corresponding CLI subcommand. This is verified against an automated scrape of HubSpot's developer documentation (committed at docs/TESTING/PORTAL-147975758-COVERAGE.md and PORTAL-147975758-WRITES.md).

It does not mean every endpoint returns 2xx on your portal — HubSpot tier-locks hundreds of endpoints behind paid plans:

Portal profile	Reachable endpoints (read + write)
Free account	~550 / 1180 (46.6%)
Starter hubs	~640 / 1180 (54.2%)
Professional hubs	~890 / 1180 (75.4%)
Enterprise hubs (all) + Commerce + Ops	~1140 / 1180 (96.6%)
Developer App OAuth install	adds ~30 app-dev endpoints
Legacy hapikey (pre-June-2023 accounts)	adds ~40 zombie endpoints

See docs/TIERS.md for the exact endpoint → tier mapping.

If an endpoint your portal should access doesn't work, open an endpoint issue — we triage these fast.

Install

From npm (once published):

npm install -g @revfleet/hscli

From source:

git clone https://github.com/revfleet/hscli.git
cd hscli
npm install
npm run build

Quickstart

Save a token (recommended — avoids shell history):

printf '%s' '<HUBSPOT_PRIVATE_APP_TOKEN>' | hscli auth login --token-stdin

Inline token (also supported):

hscli auth login --token <HUBSPOT_PRIVATE_APP_TOKEN>

Read:

hscli crm contacts list --limit 5
hscli marketing emails stats 123456
hscli sales sequences list
hscli reporting dashboards list
hscli settings teams list

Dry-run write:

hscli --dry-run crm contacts create --data '{"properties":{"email":"test@example.com"}}'

Live write (explicit):

hscli --force crm contacts create --data '{"properties":{"email":"test@example.com"}}'

Policy-guarded delete with change ticket:

hscli --force --policy-file docs/POLICY_EXAMPLE.json --change-ticket CHG-123 \
  crm contacts delete 123

Policy-as-code (v0.7) — glob matching, time windows, approval gates, built-in templates

Policy files let ops define what an agent is allowed to do — not just whether it can write. Rule matching is first-match-wins: method + path glob (* within a segment, ** across segments), optional time window (window.hours, window.days, window.tz), optional change-ticket requirement, optional approval gate.

# List built-in templates (read-only, no-deletes, business-hours, compliance-strict, change-ticket-required)
hscli policy templates list

# Copy a template to edit locally
hscli policy templates extract no-deletes --to ./policy.json

# Validate before shipping
hscli policy validate ./policy.json

# Dry-run which rule would fire for a hypothetical request
hscli --policy-file ./policy.json \
  policy show-matching DELETE /crm/v3/objects/contacts/123

Enforcement is automatic once --policy-file is set (or HSCLI_POLICY_FILE env var). Error codes (POLICY_RULE_DENY, POLICY_DEFAULT_DENY, POLICY_CHANGE_TICKET_REQUIRED, POLICY_APPROVAL_REQUIRED, POLICY_OUT_OF_WINDOW) are machine-readable.

Tutorial: docs/TUTORIALS/secure-agent-writes.md.

Trace + replay (v0.6+) — observability of every request, human + MCP

hscli trace records every request to a JSONL file — method, path, status, latency, profile, toolName (when invoked from an MCP tool), optional request/response bodies. Useful for reproducibility, regression detection between portals, debugging agent behavior.

# Start recording to ~/.revfleet/trace-<ts>.jsonl (or pass --out)
hscli trace start --include-bodies --scope all

# Run anything. Every request appends.
hscli crm contacts list
hscli mcp   # MCP requests tagged with toolName

# Stop; the file stays, session state clears.
hscli trace stop

# Inspect
hscli trace show ./trace-<ts>.jsonl --filter status=>=400
hscli trace stats ./trace-<ts>.jsonl          # p50/p95/p99 latency, method breakdown
hscli trace errors ./trace-<ts>.jsonl         # only errors
hscli trace diff  ./run-a.jsonl ./run-b.jsonl # detect reproducibility divergence

# Replay GETs (safe-by-default: dry-run unless --force)
hscli trace replay ./trace-<ts>.jsonl

Writes (POST/PUT/PATCH/DELETE) are intentionally not replayable to prevent accidental re-mutation.

Tutorial: docs/TUTORIALS/trace-replay-repro.md.

Audit (v0.7) — “who did what when” across every recorded session

hscli audit reads trace JSONL files (single file or an entire directory of trace-*.jsonl) and answers operational audit questions. Pairs with trace for full provenance.

hscli audit timeline --since 24h                     # chronological event list, last 24h
hscli audit who alice --since 7d                     # what has profile 'alice' done?
hscli audit what /crm/v3/objects/contacts --since 7d # who touched this path?
hscli audit writes --since 24h                       # all writes in the last 24h (+ failures)
hscli audit by-tool                                  # per-MCP-tool call count, error rate, avg latency

Tutorial: docs/TUTORIALS/audit-portal-writes.md.

Output modes

hscli --json crm companies list --limit 3           # JSON envelope
hscli --format csv crm contacts list --limit 5      # CSV
hscli --format yaml crm deals get 123               # YAML

MCP: AI agents as first-class consumers

hscli ships a built-in MCP server over stdio with ~125 tools exposing the full surface:

hscli mcp

For Claude Desktop, add to claude_desktop_config.json:

{
  "mcpServers": {
    "hscli": {
      "command": "hscli",
      "args": ["mcp"],
      "env": {
        "HSCLI_MCP_PROFILE": "default"
      }
    }
  }
}

Restart Claude. Now Claude can list contacts, search deals, inspect workflows, and — with --force passed at tool-call time — perform safe writes. All CLI safety rails apply to MCP calls. Secrets are redacted from every tool response. HSCLI_MCP_PROFILE locks the stdio server to one auth profile to prevent cross-tenant access.

See docs/MCP.md for the full tool catalog.

Capability / tier awareness

Probe portal capabilities and cache them by portalId + scopes:

hscli doctor capabilities --refresh

Fail fast when a command hits an unsupported endpoint:

hscli --strict-capabilities marketing emails list

Schema introspection + offline validation

hscli crm describe contacts --refresh-cache
hscli crm validate contacts --offline --data '{"properties":{"email":"x@example.com"}}'

Local schema cache means you can validate payloads without hitting HubSpot.

Runtime safety model

Mutations are blocked unless --force is passed (or intercepted by --dry-run)
Write/delete can be constrained by policy (--policy-file) and change-ticket enforcement
Requests are origin-locked to https://api.hubapi.com and restricted to approved API path roots
Path segments are hardened against traversal / control characters
Output and error payloads are redacted for secrets and token-like strings
Transport retries transient failures with exponential backoff
Rate-limit controller reads X-HubSpot-RateLimit-* headers and throttles proactively
All write / batch methods include Idempotency-Key for replay-safe retries

Full threat model: SECURITY.md.

Caches

Under HSCLI_HOME (default: ~/.revfleet; legacy ~/.hubcli is still honored for existing installs):

auth.json — profile tokens (0600 permissions, 0700 directory)
capabilities.json — portal/tier capability cache
schema-cache.json — CRM schema cache for describe/validate
auth.enc — optional encrypted vault (when passphrase is set)
trace-session.json — active trace session state (v0.6+)
trace-*.jsonl — recorded request traces (v0.6+)

Documentation

docs/COMMAND_TREE.md — full command surface
docs/WHY_HOW_WHAT.md — design philosophy
docs/ARCHITECTURE.md
docs/SAFETY_MODEL.md
docs/MCP.md — MCP server tool catalog
docs/TESTING_PLAN.md
docs/RELEASE_GOVERNANCE.md
docs/PLUGIN_GUIDE.md — writing plugins
docs/OPERATIONAL_PLAYBOOKS.md
docs/COOKBOOK.md — common recipes
CONTRIBUTING.md
SECURITY.md
CHANGELOG.md

Domain setup guides

Verification

Full release check:

npm run release:verify

Runs typecheck + lint + tests + audit + build + SHA256 checksum verification.

Contributing

Issues and PRs welcome. See CONTRIBUTING.md for the workflow, coding standards, and how to run contract tests against a sandbox portal.

License

MIT — see LICENSE.