Connects directly to the Little Green Light CRM API for nonprofit donor management without middleware like Zapier. Exposes tools to search constituents, record gifts with date filters, manage contact details (addresses, phones, emails), log notes and activities, and organize groups. Includes a one-shot get_donor_context tool that pulls profile, recent gifts, memberships, and notes in a single call. Supports read-only mode via environment variable to block all mutations and hide write operations from the tool list. Ships with both stdio and SSE transports, the latter useful for GitHub Copilot or containerized deployments. All mutation tools publish MCP destructive and idempotent annotations so clients can warn before changes hit your live database.
A direct, secure, and high-fidelity Model Context Protocol (MCP) Server for the Little Green Light CRM database. This server allows AI coding assistants and chat applications (like Claude Desktop, LibreChat, or Open WebUI) to securely interact with your donor database to search constituents, log gifts, categorize taxonomic groups, and generate reports locally without any third-party middleware (like Zapier).
get_donor_context returns profile + recent gifts + group memberships + recent notes in a single call (resolves by name or ID).export_constituent_profile mirrors LGL's own "Export Profile" button — full record, complete gift history, relationships, class/school affiliations, memberships, volunteer time, contact reports, appeal requests, event invitations, group memberships, and notes, fetched in parallel in one call.log_document_link records a note pointing at a file hosted elsewhere (OneDrive/SharePoint/etc.) — LGL's API has no file-upload endpoint, so this is a reference, not a real attachment. See API Gaps & Workarounds below.create_group_with_members creates a group and adds constituents to it in one call — the closest API-native substitute for LGL's UI-only dynamic Lists, which have no create/edit endpoint. See API Gaps & Workarounds below.get_constituent, get_donor_context, and export_constituent_profile automatically write an [AI Access Log] note directly to the constituent's record noting when it was viewed, in full and assisted modes. See Access Audit Logging below.submit_*_for_review tools post to LGL's own Integration Queue webhook instead of the API, so a person approves every write in LGL before it takes effect. Available in full mode and assisted mode. See Human-Reviewed Writes below.Clone this repository to your local machine, open a terminal in the folder, and run:
npm install
Copy the .env.example template to create your local .env configuration file:
cp .env.example .env
Open .env in a text editor and replace the placeholder with your actual LGL API key and configuration:
LGL_API_KEY=your_lgl_api_key_here
PORT=3000
# Optional: Secure your Streamable HTTP endpoint with Bearer Token Authentication
LGL_MCP_TOKEN=your_secure_bearer_token_here
# Optional: enables the submit_*_for_review tools — see "Human-Reviewed Writes" below
LGL_INTEGRATION_LISTENER_URL=https://your-account.littlegreenlight.com/integrations/your-integration-id/listener
Two env vars combine to give three permission levels:
| Level | LGL_READ_ONLY | LGL_ASSISTED_MODE | What's allowed |
|---|---|---|---|
| Strictly read-only | true | unset/false | Reads only. Zero writes of any kind — no direct mutations, no notes (including the automatic access-audit note), no Integration Queue submissions. |
| Assisted | true | true | Everything read-only allows, plus low-risk, easily-reviewed writes: the automatic access-audit notes, explicit create_note/update_note/log_document_link, and the submit_*_for_review Integration Queue tools. Direct mutations to constituents/gifts/groups/etc. (including create_group_with_members) stay blocked. |
| Full | unset/false | (ignored) | Unrestricted — every tool, including direct create_*/update_*/delete_* mutations. |
# Strictly read-only
LGL_READ_ONLY=true
# Assisted: read-only plus notes and human-reviewed webhook writes
LGL_READ_ONLY=true
LGL_ASSISTED_MODE=true
In both read-only and assisted mode, disallowed tools are hidden from tools/list (not just rejected on call) so the AI assistant doesn't try to use them. LGL_ASSISTED_MODE has no effect unless LGL_READ_ONLY=true is also set — in full mode everything it unlocks is already available. Recommended whenever you point the server at a live donor database: use strictly read-only for pure exploratory sessions, assisted when you also want the access-audit trail and human-reviewed writes to work.
All tools also publish MCP annotations (readOnlyHint, destructiveHint, idempotentHint) so clients can warn before destructive calls without depending on the server-side guard.
Whenever get_constituent, get_donor_context, or export_constituent_profile is called in full or assisted mode, the server writes a note directly to that constituent's record in LGL — e.g. [AI Access Log] Record accessed via LGL MCP Server (get_constituent) on 2026-07-13 17:24 UTC. It's not a config option of its own — it rides along with whichever permission level is active, and is silently skipped under strictly read-only, where the whole point is to leave zero footprint.
A few things worth knowing:
list_*/search_* calls do not log — noting every row of a 50-record list would flood constituents' note history with little audit value. Only tools that open one specific donor's file do.note_type_id (a number), not a type name — passing a name is silently ignored by LGL rather than applied. The server resolves this at runtime (preferring a type literally named "General", falling back to whatever type exists first) rather than hardcoding an ID, since type IDs are account-specific. This same fix applies to create_note/update_note, which previously accepted a note_type string that never actually applied — invalid type names now raise a clear error instead of silently creating an untyped note.Separate from the direct LGL API, LGL also has a custom integration webhook feature (LGL Settings → Integrations → Custom Integrations) that accepts flat key/value submissions and drops them into an Integration Queue for a human to approve before anything is actually written to a constituent's record. This server exposes that path as five tools, distinct from the create_*/update_* API tools:
| Tool | Covers |
|---|---|
submit_constituent_for_review | Identity/name fields, up to 3 phone numbers, up to 3 emails, up to 2 mailing addresses, a website, constituent category fields, and a relationship |
submit_gift_for_review | Gift, pledge, and goal fields, plus tribute (honor/memorial) details |
submit_note_for_review | Notes |
submit_event_registration_for_review | Event registrations/invitations |
submit_appeal_request_for_review | Appeal requests |
None of these five write to LGL directly — every submission lands in Settings → Integration Queue → Unsaved in LGL, where someone reviews and either saves or rejects it. Because of that, they only need assisted mode rather than full write access: LGL_READ_ONLY=true with LGL_ASSISTED_MODE=true is enough to use them, since they can't change data without a human clicking Save in LGL first. Strictly read-only mode (no LGL_ASSISTED_MODE) still blocks them, since they are real writes to a shared queue.
Setup:
LGL_INTEGRATION_LISTENER_URL to that URL in your environment.first_name, phone, email_2, gift_amount, note_text) to the corresponding LGL fields. The mapping lives entirely in LGL's UI, not in this server — a field that isn't mapped is silently ignored by LGL rather than causing an error, so an unmapped submission may look successful (HTTP 200) while carrying no usable data. Repeating fields (phone/email/address) use LGL's "Record Type / #" grouping: slot 1 is the bare field name (phone, email), slots 2–3 use a numeric suffix (phone_2, email_3).Known limitation: mapping a field to "LGL constituent ID" to match/update an existing constituent by ID does not currently persist, at least when the integration's record-matching preference is set to email/name-based matching rather than ID-based. Matching therefore relies on first_name + last_name + email instead — omit any ID field from your mapping.
Some things LGL's own web UI supports have no equivalent anywhere in LGL's API — not the REST API, and not the Integration Queue webhook (which only accepts constituent/gift/note/event-registration/appeal-request fields). Confirmed absent as of this writing:
| UI Feature | API endpoint? | Webhook field mapping? | This server's approach |
|---|---|---|---|
| Tasks / to-dos / reminders assigned to team members | No | No | None. There's no way to reach LGL's Tasks feature (including its reminder emails) programmatically — an actual feature request to LGL Support is the only path forward. |
| File/document attachments on a constituent record | No | No | log_document_link logs a note containing a link to a file hosted elsewhere (OneDrive, SharePoint, Google Drive, etc.) plus a description. This is a reference, not a real attachment — LGL cannot accept an uploaded file via API at all; even its own web forms only accept a hosted URL, never raw file bytes. |
| Saved Lists (dynamic, re-runnable queries) | No (read-only at best) | No | create_group_with_members creates an LGL group (a static set of constituents) and adds members to it in one call. Groups are fully API-writable and serve a similar purpose — "a set of people to come back to" — but are static membership, not a live query. Add/remove members afterward with add_constituent_to_group / remove_constituent_from_group. |
This server supports two communication transport standards:
To launch the server in Streamable HTTP mode, use the --http (or --sse) flag:
node index.js --http --port 3000
--port <number> or the PORT environment variable (defaults to 3000).LGL_MCP_TOKEN in your .env file, Bearer Token Authentication is strictly enforced. All client requests must include the header Authorization: Bearer <your_token>, or they will be rejected with 401 Unauthorized.This server can be integrated into any AI client, editor, or chat interface that supports the Model Context Protocol (MCP).
To utilize this server in the official Claude Desktop application, add the configuration to your claude_desktop_config.json file.
File Location:
%APPDATA%\Claude\claude_desktop_config.json~/Library/Application Support/Claude/claude_desktop_config.jsonConfiguration:
{
"mcpServers": {
"lgl-crm": {
"command": "node",
"args": ["C:\\path\\to\\your\\workspace\\folder\\index.js"],
"env": {
"LGL_API_KEY": "your_lgl_api_key_here"
}
}
}
}
Cursor supports custom MCP servers directly in its graphical user interface. You can connect using either Stdio (command) or Streamable HTTP (SSE):
Option A: Local Stdio (Command)
lgl-crmcommandnode C:\path\to\your\workspace\folder\index.jsLGL_API_KEY is set in your operating system environment variables or shell configuration so Cursor can inherit it.Option B: Streamable HTTP (SSE Mode)
node index.js --http --port 3000lgl-crm-ssessehttp://localhost:3000/mcpLGL_MCP_TOKEN is enabled, ensure your editor includes the Bearer authorization header or connection config.Windsurf supports native MCP configurations via its global config file.
File Location:
%USERPROFILE%\.codeium\windsurf\mcp_config.json~/.codeium/windsurf/mcp_config.jsonConfiguration:
{
"mcpServers": {
"lgl-crm": {
"command": "node",
"args": ["C:\\path\\to\\your\\workspace\\folder\\index.js"],
"env": {
"LGL_API_KEY": "your_lgl_api_key_here"
}
}
}
}
LibreChat allows you to integrate MCP servers directly through its centralized config file librechat.yaml.
Configuration in librechat.yaml:
mcpServers:
lgl-crm:
type: "stdio"
command: "node"
args: ["C:\\path\\to\\your\\workspace\\folder\\index.js"]
env:
LGL_API_KEY: "your_lgl_api_key_here"
To add this to Open WebUI (commonly used with local Ollama instances):
lgl-crm.node C:\path\to\your\workspace\folder\index.jsLGL_API_KEY is loaded on your host machine or docker run statement running the Open WebUI instance).Unlike other MCP integrations that route sensitive donor information through third-party services (like Zapier or Make), this server operates on a direct local pipeline:
index.js file before deployment.This project is open-source and free to adapt for non-profit organizations under the MIT License.
LGL_API_KEY*secretYour Little Green Light API key (Settings → Integration → API Keys)
explorium-ai/vibeprospecting-mcp
io.github.compuute/lead-enrichment
dev.workers.selbyventurecap.cf-worker/apollo-salesforce-mapper
io.github.br0ski777/company-enrichment
com.mcparmory/apollo
mambalabsdev/mcp-gtm-tech-stack-signal-scraper