@startanaicompany/crm 2.16.0 → 2.18.0

package/index.js

@@ -603,7 +603,8 @@ leadsCmd
           client.get(`/leads/${leadId}/score-history`),
         ]);
         const lead = leadRes.data.data;
-        const history = histRes.data.data || [];
+        // Bug 00d0c981: score-history returns { history: [], total: N } not a bare array
+        const history = histRes.data.data?.history || histRes.data.data || [];
         const label = lead.score >= 80 ? 'Hot' : lead.score >= 60 ? 'Qualified' : lead.score >= 40 ? 'Developing' : lead.score >= 20 ? 'Warm' : 'Cold';
         console.log(`\nLead: ${lead.name} <${lead.email}>`);
         console.log(`Current Score: ${lead.score ?? 'N/A'} (${label})`);
@@ -801,8 +802,8 @@ leadsCmd
     const client = getClient(globalOpts);
     try {
       if (opts.to) {
-        // SET mode: PATCH /leads/:id with pipeline_stage
-        const res = await client.patch(`/leads/${leadId}`, { pipeline_stage: opts.to });
+        // Bug 6d850c25: use PATCH /leads/:id/stage with { stage } not /leads/:id with { pipeline_stage }
+        const res = await client.patch(`/leads/${leadId}/stage`, { stage: opts.to });
         const d = res.data.data;
         console.log(`Stage set to: ${d.pipeline_stage}`);
         printJSON(res.data);
@@ -1211,6 +1212,121 @@ leadsCmd
     } catch (err) { handleError(err); }
   });
 
+// Sprint 54 T1: leads merge — merge secondary lead into primary
+leadsCmd
+  .command('merge <primary-id> <secondary-id>')
+  .description('Merge secondary lead into primary lead (Sprint 54 T1). Use --dry-run to preview without committing.')
+  .option('--dry-run', 'Preview what would be merged without committing changes', false)
+  .action(async (primaryId, secondaryId, opts) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      if (opts.dryRun) {
+        // Dry-run: fetch both leads and show diff without calling merge
+        const [primaryRes, secondaryRes] = await Promise.all([
+          client.get(`/leads/${primaryId}`),
+          client.get(`/leads/${secondaryId}`),
+        ]);
+        const primary = primaryRes.data.data;
+        const secondary = secondaryRes.data.data;
+        console.log('\n[DRY RUN] Merge preview:');
+        console.log(`  Primary  : [${primary.id}] ${primary.name} <${primary.email}> — ${primary.status}`);
+        console.log(`  Secondary: [${secondary.id}] ${secondary.name} <${secondary.email}> — ${secondary.status}`);
+        console.log('\n  What would happen:');
+        console.log(`  - Notes, communications, and audit history from secondary copied to primary`);
+        console.log(`  - Secondary lead soft-deleted (status → merged)`);
+        console.log(`  - Primary lead retained with merged data`);
+        if (secondary.tags && secondary.tags.length > 0) {
+          console.log(`  - Tags from secondary that will be merged: ${secondary.tags.join(', ')}`);
+        }
+        console.log('\n  Run without --dry-run to commit the merge.');
+      } else {
+        // Bug 58e6d000: server treats :id as the source (soft-deleted) and merge_into as target (kept)
+        // So we POST to /leads/:secondaryId/merge with { merge_into: primaryId }
+        const res = await client.post(`/leads/${secondaryId}/merge`, { merge_into: primaryId });
+        console.log(`Merged lead ${secondaryId} into ${primaryId}.`);
+        printJSON(res.data);
+      }
+    } catch (err) {
+      handleError(err);
+    }
+  });
+
+// Sprint 54 T1: leads bulk-update --ids — ID-based bulk status update (distinct from filter-based bulk-update)
+leadsCmd
+  .command('bulk-update-ids')
+  .description('Bulk update status for specific leads by ID list (Sprint 54 T1). Up to 100 leads per call.')
+  .requiredOption('--ids <ids>', 'Comma-separated lead IDs to update')
+  .requiredOption('--status <status>', 'New status: new|contacted|qualified|unresponsive|converted|lost')
+  .option('--close-reason <reason>', 'Close reason (required when --status lost)')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    const ids = opts.ids.split(',').map(s => s.trim()).filter(Boolean);
+    if (ids.length === 0) { console.error('Error: --ids requires at least one ID'); process.exit(1); }
+    const updates = { status: opts.status };
+    if (opts.closeReason) updates.close_reason = opts.closeReason;
+    try {
+      const res = await client.patch('/leads/bulk', { ids, updates });
+      const d = res.data.data || {};
+      console.log(`Updated: ${d.updated !== undefined ? d.updated : ids.length} lead(s).`);
+      if (d.failed && d.failed.length > 0) {
+        console.log(`Failed IDs: ${d.failed.join(', ')}`);
+      }
+      printJSON(res.data);
+    } catch (err) {
+      handleError(err);
+    }
+  });
+
+// Sprint 54 T1: leads bulk-tag — add a tag to multiple leads by ID
+leadsCmd
+  .command('bulk-tag')
+  .description('Add a tag to multiple leads by ID list (Sprint 54 T1). Up to 100 leads per call.')
+  .requiredOption('--tag <tag>', 'Tag to add to each lead')
+  .requiredOption('--ids <ids>', 'Comma-separated lead IDs')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    const ids = opts.ids.split(',').map(s => s.trim()).filter(Boolean);
+    if (ids.length === 0) { console.error('Error: --ids requires at least one ID'); process.exit(1); }
+    try {
+      const res = await client.patch('/leads/bulk', { ids, updates: { tags: [opts.tag] } });
+      const d = res.data.data || {};
+      console.log(`Tagged ${d.updated !== undefined ? d.updated : ids.length} lead(s) with "${opts.tag}".`);
+      if (d.failed && d.failed.length > 0) {
+        console.log(`Failed IDs: ${d.failed.join(', ')}`);
+      }
+      printJSON(res.data);
+    } catch (err) {
+      handleError(err);
+    }
+  });
+
+// Sprint 54 T1: leads bulk-assign — reassign multiple leads to an agent by ID
+leadsCmd
+  .command('bulk-assign')
+  .description('Bulk reassign leads to an agent by ID list (Sprint 54 T1). Up to 100 leads per call.')
+  .requiredOption('--to <agent>', 'Agent/user to assign leads to')
+  .requiredOption('--ids <ids>', 'Comma-separated lead IDs')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    const ids = opts.ids.split(',').map(s => s.trim()).filter(Boolean);
+    if (ids.length === 0) { console.error('Error: --ids requires at least one ID'); process.exit(1); }
+    try {
+      const res = await client.patch('/leads/bulk', { ids, updates: { assigned_to: opts.to } });
+      const d = res.data.data || {};
+      console.log(`Assigned ${d.updated !== undefined ? d.updated : ids.length} lead(s) to "${opts.to}".`);
+      if (d.failed && d.failed.length > 0) {
+        console.log(`Failed IDs: ${d.failed.join(', ')}`);
+      }
+      printJSON(res.data);
+    } catch (err) {
+      handleError(err);
+    }
+  });
+
 // Sprint 52 T2: leads escalate + leads unassign
 leadsCmd
   .command('escalate <lead-id>')
@@ -3571,6 +3687,468 @@ sequencesCmd
     } catch (err) { handleError(err); }
   });
 
+// Sprint 54 T3: sequences stats <sequenceId>
+sequencesCmd
+  .command('stats <sequenceId>')
+  .description('Get enrollment stats for a sequence (Sprint 54 T3)')
+  .action(async (sequenceId) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.get(`/sequences/${sequenceId}/stats`);
+      const d = res.data.data || {};
+      console.log(`\nSequence: ${d.sequence_name} [${d.sequence_id}]`);
+      console.log(`Active: ${d.active ? 'yes' : 'no'}  Steps: ${d.step_count}`);
+      console.log(`Total enrolled: ${d.total_enrolled}`);
+      if (d.by_status) {
+        console.log(`  active:       ${d.by_status.active}`);
+        console.log(`  completed:    ${d.by_status.completed}`);
+        console.log(`  unsubscribed: ${d.by_status.unsubscribed}`);
+        console.log(`  paused:       ${d.by_status.paused}`);
+        console.log(`  failed:       ${d.by_status.failed}`);
+      }
+      if (d.first_enrollment) console.log(`First enrollment: ${new Date(d.first_enrollment).toLocaleString()}`);
+      if (d.last_enrollment) console.log(`Last enrollment:  ${new Date(d.last_enrollment).toLocaleString()}`);
+    } catch (err) { handleError(err); }
+  });
+
+// Sprint 54 T3: leads sequences <lead-id>
+leadsCmd
+  .command('sequences <lead-id>')
+  .description('List sequences a lead is enrolled in (Sprint 54 T3)')
+  .action(async (leadId) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.get(`/leads/${leadId}/sequences`);
+      const enrollments = res.data.data || res.data || [];
+      if (enrollments.length === 0) { console.log('Lead is not enrolled in any sequences.'); return; }
+      enrollments.forEach(e => {
+        const step = e.current_step || 'N/A';
+        const next = e.next_send_at ? new Date(e.next_send_at).toLocaleString() : 'N/A';
+        console.log(`[${e.sequence_id}] ${e.sequence_name} — status: ${e.status}, step: ${step}, next: ${next}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ============================================================
+// FORMS COMMANDS — Sprint 54 T2
+// ============================================================
+const formsCmd = program.command('forms').description('Manage lead capture forms (Sprint 54 T2)');
+
+formsCmd
+  .command('list')
+  .description('List all forms in the workspace')
+  .action(async () => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.get('/apikey/forms');
+      const forms = res.data.data || res.data || [];
+      if (forms.length === 0) { console.log('No forms found.'); return; }
+      forms.forEach(f => {
+        console.log(`[${f.id}] ${f.name} — submissions: ${f.submission_count || 0} — created: ${new Date(f.created_at).toLocaleDateString()}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+formsCmd
+  .command('get <form-id>')
+  .description('Get form details by ID')
+  .action(async (formId) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.get(`/apikey/forms/${formId}`);
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+formsCmd
+  .command('create')
+  .description('Create a new lead capture form')
+  .requiredOption('--name <name>', 'Form name')
+  .option('--success-message <msg>', 'Message shown after submission', 'Thank you! We will be in touch.')
+  .option('--redirect-url <url>', 'Redirect URL after submission')
+  .option('--fields <json>', 'JSON array of field definitions (e.g. \'[{"key":"email","label":"Email","type":"email","required":true}]\')')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    let fields = [];
+    if (opts.fields) {
+      try { fields = JSON.parse(opts.fields); } catch (e) { console.error('Error: --fields must be valid JSON array'); process.exit(1); }
+    }
+    try {
+      const body = { name: opts.name, fields, success_message: opts.successMessage };
+      if (opts.redirectUrl) body.redirect_url = opts.redirectUrl;
+      const res = await client.post('/apikey/forms', body);
+      console.log(`Form created: ${res.data.data?.id || res.data?.id}`);
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+formsCmd
+  .command('submissions <form-id>')
+  .description('List submissions for a form')
+  .option('--limit <n>', 'Max results', '50')
+  .option('--offset <n>', 'Pagination offset', '0')
+  .action(async (formId, opts) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.get(`/apikey/forms/${formId}/submissions`, { params: { limit: opts.limit, offset: opts.offset } });
+      const d = res.data.data || {};
+      const subs = d.data || [];
+      if (subs.length === 0) { console.log('No submissions found.'); return; }
+      console.log(`Total: ${d.total || subs.length}`);
+      subs.forEach(s => {
+        const when = s.submitted_at ? new Date(s.submitted_at).toLocaleString() : 'N/A';
+        console.log(`[${s.id}] ${s.lead_name || 'Unknown'} <${s.lead_email || ''}> — ${when}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+formsCmd
+  .command('delete <form-id>')
+  .description('Delete a form by ID')
+  .action(async (formId) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      await client.delete(`/apikey/forms/${formId}`);
+      console.log(`Form ${formId} deleted.`);
+    } catch (err) { handleError(err); }
+  });
+
+// ============================================================
+// AUDIT COMMANDS — Sprint 55 T1 (admin JWT via stagesAdminLogin)
+// ============================================================
+const auditCmd = program.command('audit').description('View workspace audit log (Sprint 55 T1) — requires admin login');
+
+auditCmd
+  .command('list')
+  .description('List audit log entries with optional filters')
+  .option('--lead-id <id>', 'Filter by lead ID')
+  .option('--author-type <type>', 'Filter by actor type: api_key|human-admin|system')
+  .option('--from <date>', 'From date (YYYY-MM-DD)')
+  .option('--to <date>', 'To date (YYYY-MM-DD)')
+  .option('--limit <n>', 'Max results (max 200)', '50')
+  .option('--offset <n>', 'Pagination offset', '0')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const params = { limit: opts.limit, offset: opts.offset };
+      if (opts.leadId) params.lead_id = opts.leadId;
+      if (opts.authorType) params.author_type = opts.authorType;
+      if (opts.from) params.from = opts.from;
+      if (opts.to) params.to = opts.to;
+      const res = await axios.get(`${base}/api/v1/admin/audit-log`, {
+        params, headers: { Authorization: `Bearer ${token}` }
+      });
+      const d = res.data.data || {};
+      const items = d.items || [];
+      console.log(`Total: ${d.total || items.length}`);
+      items.forEach(e => {
+        const when = new Date(e.created_at).toLocaleString();
+        console.log(`[${e.id}] ${when} | ${e.actor_type} ${e.actor_name || 'system'} | ${e.action}: ${e.old_value || '—'} → ${e.new_value || '—'} | lead: ${e.lead_name || e.lead_id || 'N/A'}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+auditCmd
+  .command('get <entry-id>')
+  .description('Get a single audit log entry by ID')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (entryId, opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/audit-log/${entryId}`, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+// ============================================================
+// TAGS COMMANDS — Sprint 55 T1 (API key auth)
+// ============================================================
+const tagsCmd = program.command('tags').description('Explore lead tags (Sprint 55 T1)');
+
+tagsCmd
+  .command('list')
+  .description('List all unique tags in use with lead counts')
+  .option('--limit <n>', 'Max tags to return', '100')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.get('/tags', { params: { limit: opts.limit } });
+      const tags = res.data.data || res.data || [];
+      if (tags.length === 0) { console.log('No tags in use.'); return; }
+      tags.forEach(t => console.log(`${t.tag} (${t.count} lead${t.count !== 1 ? 's' : ''})`));
+    } catch (err) { handleError(err); }
+  });
+
+tagsCmd
+  .command('leads <tag-name>')
+  .description('List leads with a specific tag')
+  .option('--limit <n>', 'Max results', '50')
+  .action(async (tagName, opts) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.get('/leads', { params: { tag: tagName, per_page: parseInt(opts.limit) } });
+      const leads = res.data.data || [];
+      if (leads.length === 0) { console.log(`No leads found with tag "${tagName}".`); return; }
+      console.log(`Leads tagged "${tagName}" (${leads.length}):`);
+      leads.forEach(l => console.log(`[${l.id}] ${l.name} <${l.email}> — ${l.status} (${l.assigned_to || 'unassigned'})`));
+    } catch (err) { handleError(err); }
+  });
+
+// ============================================================
+// SLA COMMANDS — Sprint 55 T2 (admin JWT via stagesAdminLogin)
+// ============================================================
+const slaCmd = program.command('sla').description('Manage SLA escalation rules and view breaches (Sprint 55 T2)');
+
+slaCmd
+  .command('list')
+  .description('List all SLA escalation rules')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/sla-escalation-rules`, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      const rules = res.data.data || res.data || [];
+      if (rules.length === 0) { console.log('No SLA rules configured.'); return; }
+      rules.forEach(r => {
+        const hours = (r.escalate_after_breach_minutes / 60).toFixed(1);
+        const stage = r.stage_name_label ? `stage: ${r.stage_name_label}` : 'all stages';
+        const active = r.is_active ? '✓' : '✗';
+        console.log(`[${r.id}] ${active} "${r.name}" — ${hours}h breach → escalate to ${r.escalate_to} (${stage})`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+slaCmd
+  .command('create')
+  .description('Create a new SLA escalation rule')
+  .requiredOption('--name <name>', 'Rule name')
+  .requiredOption('--hours <n>', 'Hours after breach before escalating')
+  .requiredOption('--escalate-to <agent>', 'Agent/email to escalate to')
+  .option('--stage-id <id>', 'Pipeline stage UUID to scope this rule (omit for all stages)')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    const minutes = Math.round(parseFloat(opts.hours) * 60);
+    if (isNaN(minutes) || minutes < 1) { console.error('Error: --hours must be a positive number'); process.exit(1); }
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const body = { name: opts.name, escalate_after_breach_minutes: minutes, escalate_to: opts.escalateTo };
+      if (opts.stageId) body.stage_id = opts.stageId;
+      const res = await axios.post(`${base}/api/v1/admin/sla-escalation-rules`, body, {
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' }
+      });
+      console.log(`SLA rule created: ${res.data.data?.id || res.data?.id}`);
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+slaCmd
+  .command('update <id>')
+  .description('Update an SLA escalation rule')
+  .option('--name <name>', 'New rule name')
+  .option('--hours <n>', 'New escalation threshold in hours')
+  .option('--escalate-to <agent>', 'New escalation target')
+  .option('--active <bool>', 'Enable/disable rule (true|false)')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (id, opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    const body = {};
+    if (opts.name) body.name = opts.name;
+    if (opts.hours !== undefined) {
+      const minutes = Math.round(parseFloat(opts.hours) * 60);
+      if (isNaN(minutes) || minutes < 1) { console.error('Error: --hours must be a positive number'); process.exit(1); }
+      body.escalate_after_breach_minutes = minutes;
+    }
+    if (opts.escalateTo) body.escalate_to = opts.escalateTo;
+    if (opts.active !== undefined) body.is_active = opts.active === 'true';
+    if (Object.keys(body).length === 0) { console.error('Error: provide at least one field to update'); process.exit(1); }
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.patch(`${base}/api/v1/admin/sla-escalation-rules/${id}`, body, {
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' }
+      });
+      console.log(`SLA rule ${id} updated.`);
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+slaCmd
+  .command('delete <id>')
+  .description('Delete an SLA escalation rule')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (id, opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      await axios.delete(`${base}/api/v1/admin/sla-escalation-rules/${id}`, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      console.log(`SLA rule ${id} deleted.`);
+    } catch (err) { handleError(err); }
+  });
+
+slaCmd
+  .command('breaches')
+  .description('List leads with active SLA breaches')
+  .option('--status <status>', 'open (default) or resolved', 'open')
+  .option('--limit <n>', 'Max results', '50')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/sla-breaches`, {
+        params: { status: opts.status, limit: opts.limit },
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      const d = res.data.data || {};
+      const items = d.items || [];
+      if (items.length === 0) { console.log(`No ${opts.status} SLA breaches.`); return; }
+      console.log(`${opts.status.toUpperCase()} SLA breaches (${d.total || items.length}):`);
+      items.forEach(l => {
+        const breached = l.breached_at ? new Date(l.breached_at).toLocaleString() : 'N/A';
+        console.log(`[${l.id}] ${l.name} <${l.email}> — ${l.status} | stage: ${l.pipeline_stage || 'N/A'} | breached: ${breached} | assigned: ${l.assigned_to || 'none'}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ============================================================
+// ANALYTICS COMMANDS — Sprint 55 T3 (admin JWT via stagesAdminLogin)
+// (analyticsCmd already declared above — appending pipeline + funnel subcommands)
+// ============================================================
+
+analyticsCmd
+  .command('pipeline')
+  .description('Stage-by-stage pipeline breakdown: lead count, avg deal value, avg time-in-stage, conversion rate')
+  .option('--stage <name>', 'Filter output to a single stage name')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/analytics/funnel`, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      let stages = (res.data.data?.stages || []);
+      if (opts.stage) {
+        stages = stages.filter(s => s.stage_name.toLowerCase() === opts.stage.toLowerCase());
+        if (stages.length === 0) { console.log(`Stage "${opts.stage}" not found.`); return; }
+      }
+      console.log('\nPipeline Breakdown:');
+      console.log('─'.repeat(90));
+      stages.forEach(s => {
+        const deal = s.avg_deal_value != null ? `$${s.avg_deal_value}` : 'N/A';
+        const time = s.avg_time_in_stage_hours != null ? `${s.avg_time_in_stage_hours}h` : 'N/A';
+        const conv = s.conversion_rate_to_next_stage != null ? `${s.conversion_rate_to_next_stage}%` : 'N/A';
+        console.log(`${String(s.stage_name).padEnd(20)} leads: ${String(s.lead_count).padStart(4)} | avg deal: ${String(deal).padStart(10)} | avg time: ${String(time).padStart(8)} | conv: ${conv}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+analyticsCmd
+  .command('funnel')
+  .description('Full top-to-bottom conversion funnel with drop-off rates')
+  .option('--from <date>', 'From date (YYYY-MM-DD, default: 30 days ago)')
+  .option('--to <date>', 'To date (YYYY-MM-DD, default: today)')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const params = {};
+      if (opts.from) params.from = opts.from;
+      if (opts.to) params.to = opts.to;
+      const res = await axios.get(`${base}/api/v1/admin/analytics/funnel`, {
+        params, headers: { Authorization: `Bearer ${token}` }
+      });
+      const d = res.data.data || {};
+      const stages = d.stages || [];
+      const from = d.from ? new Date(d.from).toLocaleDateString() : '30d ago';
+      const to = d.to ? new Date(d.to).toLocaleDateString() : 'today';
+      console.log(`\nConversion Funnel (${from} → ${to}):`);
+      console.log('─'.repeat(85));
+      stages.forEach((s, i) => {
+        const entered = s.leads_entered_window || 0;
+        const exited = s.leads_exited_window || 0;
+        const dropOff = s.drop_off_rate != null ? `${s.drop_off_rate}% drop-off` : 'N/A';
+        const conv = s.conversion_rate_to_next_stage != null ? `${s.conversion_rate_to_next_stage}%` : 'N/A';
+        const bar = '█'.repeat(Math.min(Math.round((entered / Math.max(...stages.map(x => x.leads_entered_window || 0), 1)) * 20), 20));
+        console.log(`${String(s.stage_name).padEnd(20)} ${bar.padEnd(20)} entered: ${String(entered).padStart(4)} | exited: ${String(exited).padStart(4)} | conv: ${String(conv).padStart(5)} | ${dropOff}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
 // ============================================================
 // GDPR COMMANDS — Sprint 50 T2
 // ============================================================

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@startanaicompany/crm",
-  "version": "2.16.0",
+  "version": "2.18.0",
   "description": "AI-first CRM CLI — manage leads and API keys from the terminal",
   "main": "index.js",
   "bin": {