@startanaicompany/crm 2.17.0 → 2.18.0

package/index.js

@@ -1241,7 +1241,9 @@ leadsCmd
         }
         console.log('\n  Run without --dry-run to commit the merge.');
       } else {
-        const res = await client.post(`/leads/${primaryId}/merge`, { merge_into: secondaryId });
+        // Bug 58e6d000: server treats :id as the source (soft-deleted) and merge_into as target (kept)
+        // So we POST to /leads/:secondaryId/merge with { merge_into: primaryId }
+        const res = await client.post(`/leads/${secondaryId}/merge`, { merge_into: primaryId });
         console.log(`Merged lead ${secondaryId} into ${primaryId}.`);
         printJSON(res.data);
       }
@@ -3818,6 +3820,335 @@ formsCmd
     } catch (err) { handleError(err); }
   });
 
+// ============================================================
+// AUDIT COMMANDS — Sprint 55 T1 (admin JWT via stagesAdminLogin)
+// ============================================================
+const auditCmd = program.command('audit').description('View workspace audit log (Sprint 55 T1) — requires admin login');
+
+auditCmd
+  .command('list')
+  .description('List audit log entries with optional filters')
+  .option('--lead-id <id>', 'Filter by lead ID')
+  .option('--author-type <type>', 'Filter by actor type: api_key|human-admin|system')
+  .option('--from <date>', 'From date (YYYY-MM-DD)')
+  .option('--to <date>', 'To date (YYYY-MM-DD)')
+  .option('--limit <n>', 'Max results (max 200)', '50')
+  .option('--offset <n>', 'Pagination offset', '0')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const params = { limit: opts.limit, offset: opts.offset };
+      if (opts.leadId) params.lead_id = opts.leadId;
+      if (opts.authorType) params.author_type = opts.authorType;
+      if (opts.from) params.from = opts.from;
+      if (opts.to) params.to = opts.to;
+      const res = await axios.get(`${base}/api/v1/admin/audit-log`, {
+        params, headers: { Authorization: `Bearer ${token}` }
+      });
+      const d = res.data.data || {};
+      const items = d.items || [];
+      console.log(`Total: ${d.total || items.length}`);
+      items.forEach(e => {
+        const when = new Date(e.created_at).toLocaleString();
+        console.log(`[${e.id}] ${when} | ${e.actor_type} ${e.actor_name || 'system'} | ${e.action}: ${e.old_value || '—'} → ${e.new_value || '—'} | lead: ${e.lead_name || e.lead_id || 'N/A'}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+auditCmd
+  .command('get <entry-id>')
+  .description('Get a single audit log entry by ID')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (entryId, opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/audit-log/${entryId}`, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+// ============================================================
+// TAGS COMMANDS — Sprint 55 T1 (API key auth)
+// ============================================================
+const tagsCmd = program.command('tags').description('Explore lead tags (Sprint 55 T1)');
+
+tagsCmd
+  .command('list')
+  .description('List all unique tags in use with lead counts')
+  .option('--limit <n>', 'Max tags to return', '100')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.get('/tags', { params: { limit: opts.limit } });
+      const tags = res.data.data || res.data || [];
+      if (tags.length === 0) { console.log('No tags in use.'); return; }
+      tags.forEach(t => console.log(`${t.tag} (${t.count} lead${t.count !== 1 ? 's' : ''})`));
+    } catch (err) { handleError(err); }
+  });
+
+tagsCmd
+  .command('leads <tag-name>')
+  .description('List leads with a specific tag')
+  .option('--limit <n>', 'Max results', '50')
+  .action(async (tagName, opts) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.get('/leads', { params: { tag: tagName, per_page: parseInt(opts.limit) } });
+      const leads = res.data.data || [];
+      if (leads.length === 0) { console.log(`No leads found with tag "${tagName}".`); return; }
+      console.log(`Leads tagged "${tagName}" (${leads.length}):`);
+      leads.forEach(l => console.log(`[${l.id}] ${l.name} <${l.email}> — ${l.status} (${l.assigned_to || 'unassigned'})`));
+    } catch (err) { handleError(err); }
+  });
+
+// ============================================================
+// SLA COMMANDS — Sprint 55 T2 (admin JWT via stagesAdminLogin)
+// ============================================================
+const slaCmd = program.command('sla').description('Manage SLA escalation rules and view breaches (Sprint 55 T2)');
+
+slaCmd
+  .command('list')
+  .description('List all SLA escalation rules')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/sla-escalation-rules`, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      const rules = res.data.data || res.data || [];
+      if (rules.length === 0) { console.log('No SLA rules configured.'); return; }
+      rules.forEach(r => {
+        const hours = (r.escalate_after_breach_minutes / 60).toFixed(1);
+        const stage = r.stage_name_label ? `stage: ${r.stage_name_label}` : 'all stages';
+        const active = r.is_active ? '✓' : '✗';
+        console.log(`[${r.id}] ${active} "${r.name}" — ${hours}h breach → escalate to ${r.escalate_to} (${stage})`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+slaCmd
+  .command('create')
+  .description('Create a new SLA escalation rule')
+  .requiredOption('--name <name>', 'Rule name')
+  .requiredOption('--hours <n>', 'Hours after breach before escalating')
+  .requiredOption('--escalate-to <agent>', 'Agent/email to escalate to')
+  .option('--stage-id <id>', 'Pipeline stage UUID to scope this rule (omit for all stages)')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    const minutes = Math.round(parseFloat(opts.hours) * 60);
+    if (isNaN(minutes) || minutes < 1) { console.error('Error: --hours must be a positive number'); process.exit(1); }
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const body = { name: opts.name, escalate_after_breach_minutes: minutes, escalate_to: opts.escalateTo };
+      if (opts.stageId) body.stage_id = opts.stageId;
+      const res = await axios.post(`${base}/api/v1/admin/sla-escalation-rules`, body, {
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' }
+      });
+      console.log(`SLA rule created: ${res.data.data?.id || res.data?.id}`);
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+slaCmd
+  .command('update <id>')
+  .description('Update an SLA escalation rule')
+  .option('--name <name>', 'New rule name')
+  .option('--hours <n>', 'New escalation threshold in hours')
+  .option('--escalate-to <agent>', 'New escalation target')
+  .option('--active <bool>', 'Enable/disable rule (true|false)')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (id, opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    const body = {};
+    if (opts.name) body.name = opts.name;
+    if (opts.hours !== undefined) {
+      const minutes = Math.round(parseFloat(opts.hours) * 60);
+      if (isNaN(minutes) || minutes < 1) { console.error('Error: --hours must be a positive number'); process.exit(1); }
+      body.escalate_after_breach_minutes = minutes;
+    }
+    if (opts.escalateTo) body.escalate_to = opts.escalateTo;
+    if (opts.active !== undefined) body.is_active = opts.active === 'true';
+    if (Object.keys(body).length === 0) { console.error('Error: provide at least one field to update'); process.exit(1); }
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.patch(`${base}/api/v1/admin/sla-escalation-rules/${id}`, body, {
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' }
+      });
+      console.log(`SLA rule ${id} updated.`);
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+slaCmd
+  .command('delete <id>')
+  .description('Delete an SLA escalation rule')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (id, opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      await axios.delete(`${base}/api/v1/admin/sla-escalation-rules/${id}`, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      console.log(`SLA rule ${id} deleted.`);
+    } catch (err) { handleError(err); }
+  });
+
+slaCmd
+  .command('breaches')
+  .description('List leads with active SLA breaches')
+  .option('--status <status>', 'open (default) or resolved', 'open')
+  .option('--limit <n>', 'Max results', '50')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/sla-breaches`, {
+        params: { status: opts.status, limit: opts.limit },
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      const d = res.data.data || {};
+      const items = d.items || [];
+      if (items.length === 0) { console.log(`No ${opts.status} SLA breaches.`); return; }
+      console.log(`${opts.status.toUpperCase()} SLA breaches (${d.total || items.length}):`);
+      items.forEach(l => {
+        const breached = l.breached_at ? new Date(l.breached_at).toLocaleString() : 'N/A';
+        console.log(`[${l.id}] ${l.name} <${l.email}> — ${l.status} | stage: ${l.pipeline_stage || 'N/A'} | breached: ${breached} | assigned: ${l.assigned_to || 'none'}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ============================================================
+// ANALYTICS COMMANDS — Sprint 55 T3 (admin JWT via stagesAdminLogin)
+// (analyticsCmd already declared above — appending pipeline + funnel subcommands)
+// ============================================================
+
+analyticsCmd
+  .command('pipeline')
+  .description('Stage-by-stage pipeline breakdown: lead count, avg deal value, avg time-in-stage, conversion rate')
+  .option('--stage <name>', 'Filter output to a single stage name')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/analytics/funnel`, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      let stages = (res.data.data?.stages || []);
+      if (opts.stage) {
+        stages = stages.filter(s => s.stage_name.toLowerCase() === opts.stage.toLowerCase());
+        if (stages.length === 0) { console.log(`Stage "${opts.stage}" not found.`); return; }
+      }
+      console.log('\nPipeline Breakdown:');
+      console.log('─'.repeat(90));
+      stages.forEach(s => {
+        const deal = s.avg_deal_value != null ? `$${s.avg_deal_value}` : 'N/A';
+        const time = s.avg_time_in_stage_hours != null ? `${s.avg_time_in_stage_hours}h` : 'N/A';
+        const conv = s.conversion_rate_to_next_stage != null ? `${s.conversion_rate_to_next_stage}%` : 'N/A';
+        console.log(`${String(s.stage_name).padEnd(20)} leads: ${String(s.lead_count).padStart(4)} | avg deal: ${String(deal).padStart(10)} | avg time: ${String(time).padStart(8)} | conv: ${conv}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+analyticsCmd
+  .command('funnel')
+  .description('Full top-to-bottom conversion funnel with drop-off rates')
+  .option('--from <date>', 'From date (YYYY-MM-DD, default: 30 days ago)')
+  .option('--to <date>', 'To date (YYYY-MM-DD, default: today)')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const params = {};
+      if (opts.from) params.from = opts.from;
+      if (opts.to) params.to = opts.to;
+      const res = await axios.get(`${base}/api/v1/admin/analytics/funnel`, {
+        params, headers: { Authorization: `Bearer ${token}` }
+      });
+      const d = res.data.data || {};
+      const stages = d.stages || [];
+      const from = d.from ? new Date(d.from).toLocaleDateString() : '30d ago';
+      const to = d.to ? new Date(d.to).toLocaleDateString() : 'today';
+      console.log(`\nConversion Funnel (${from} → ${to}):`);
+      console.log('─'.repeat(85));
+      stages.forEach((s, i) => {
+        const entered = s.leads_entered_window || 0;
+        const exited = s.leads_exited_window || 0;
+        const dropOff = s.drop_off_rate != null ? `${s.drop_off_rate}% drop-off` : 'N/A';
+        const conv = s.conversion_rate_to_next_stage != null ? `${s.conversion_rate_to_next_stage}%` : 'N/A';
+        const bar = '█'.repeat(Math.min(Math.round((entered / Math.max(...stages.map(x => x.leads_entered_window || 0), 1)) * 20), 20));
+        console.log(`${String(s.stage_name).padEnd(20)} ${bar.padEnd(20)} entered: ${String(entered).padStart(4)} | exited: ${String(exited).padStart(4)} | conv: ${String(conv).padStart(5)} | ${dropOff}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
 // ============================================================
 // GDPR COMMANDS — Sprint 50 T2
 // ============================================================

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@startanaicompany/crm",
-  "version": "2.17.0",
+  "version": "2.18.0",
   "description": "AI-first CRM CLI — manage leads and API keys from the terminal",
   "main": "index.js",
   "bin": {