@startanaicompany/crm 2.18.0 → 2.21.0

package/index.js

@@ -3900,7 +3900,8 @@ tagsCmd
       const res = await client.get('/tags', { params: { limit: opts.limit } });
       const tags = res.data.data || res.data || [];
       if (tags.length === 0) { console.log('No tags in use.'); return; }
-      tags.forEach(t => console.log(`${t.tag} (${t.count} lead${t.count !== 1 ? 's' : ''})`));
+      // Bug 1d18aaac: API returns lead_count not count
+      tags.forEach(t => console.log(`${t.tag} (${t.lead_count} lead${t.lead_count !== 1 ? 's' : ''})`));
     } catch (err) { handleError(err); }
   });
 
@@ -4149,6 +4150,249 @@ analyticsCmd
     } catch (err) { handleError(err); }
   });
 
+// ============================================================
+// Sprint 56 T1: leads timeline subcommand
+// ============================================================
+leadsCmd
+  .command('timeline <lead-id>')
+  .description('View reverse-chronological activity timeline for a lead (Sprint 56 T1)')
+  .option('--limit <n>', 'Max entries to return', '50')
+  .option('--type <type>', 'Filter by event type: note_added|field_changed|score_changed|relationship_added|sla_breach|note|score|merge')
+  .option('--from <date>', 'From date (YYYY-MM-DD)')
+  .option('--to <date>', 'To date (YYYY-MM-DD)')
+  .action(async (leadId, opts) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    // Map friendly type aliases to server type names
+    const typeAliases = {
+      note: 'note_added',
+      score: 'score_changed',
+      merge: 'relationship_added',
+      escalation: 'sla_breach',
+    };
+    const params = { limit: opts.limit };
+    if (opts.type) params.type_filter = typeAliases[opts.type] || opts.type;
+    if (opts.from) params.from = opts.from;
+    if (opts.to) params.to = opts.to;
+    try {
+      const res = await client.get(`/leads/${leadId}/timeline`, { params });
+      const d = res.data.data || {};
+      const entries = d.timeline || [];
+      if (entries.length === 0) { console.log('No timeline entries found.'); return; }
+      console.log(`\nTimeline for lead ${leadId} (${d.total} total, showing ${entries.length}):`);
+      entries.forEach(e => {
+        const when = new Date(e.timestamp).toLocaleString();
+        const actor = e.actor || 'system';
+        console.log(`${when} [${e.type}] ${e.summary} — ${actor}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ============================================================
+// Sprint 56 T2: email-logs + email-sync commands (admin JWT)
+// ============================================================
+const emailLogsCmd = program.command('email-logs').description('Inbound email parse logs (Sprint 56 T2) — requires admin login');
+
+emailLogsCmd
+  .command('list')
+  .description('List inbound email parse log entries')
+  .option('--from <date>', 'From date (YYYY-MM-DD)')
+  .option('--to <date>', 'To date (YYYY-MM-DD)')
+  .option('--status <status>', 'Filter: parsed | failed')
+  .option('--limit <n>', 'Max results', '50')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const params = { limit: opts.limit };
+      if (opts.from) params.from = opts.from;
+      if (opts.to) params.to = opts.to;
+      if (opts.status) params.status = opts.status;
+      const res = await axios.get(`${base}/api/v1/admin/inbound/email/log`, {
+        params, headers: { Authorization: `Bearer ${token}` }
+      });
+      const d = res.data.data || {};
+      const items = d.items || [];
+      if (items.length === 0) { console.log('No email log entries found.'); return; }
+      console.log(`Total: ${d.total || items.length}`);
+      items.forEach(e => {
+        const when = new Date(e.created_at).toLocaleString();
+        const status = e.action === 'failed' ? '❌' : '✅';
+        console.log(`[${e.id}] ${status} ${when} — from: ${e.from_raw || 'N/A'} | action: ${e.action} | lead: ${e.lead_id || 'none'}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+emailLogsCmd
+  .command('get <log-id>')
+  .description('Get full details of a single inbound email log entry')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (logId, opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/inbound/email/log/${logId}`, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+const emailSyncCmd = program.command('email-sync').description('Manage email sync accounts (Sprint 56 T2) — requires admin login');
+
+emailSyncCmd
+  .command('status')
+  .description('Show connected email sync accounts and their status')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/email-accounts`, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      const accounts = res.data.data || res.data || [];
+      if (accounts.length === 0) { console.log('No email sync accounts connected.'); return; }
+      accounts.forEach(a => {
+        const lastSync = a.last_sync_at ? new Date(a.last_sync_at).toLocaleString() : 'never';
+        const enabled = a.enabled ? '✓ enabled' : '✗ disabled';
+        console.log(`[${a.id}] ${a.user_email || a.label || 'N/A'} (${a.provider || 'gmail'}) — ${enabled} | last sync: ${lastSync}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+emailSyncCmd
+  .command('disconnect <account-id>')
+  .description('Disconnect an email sync account by ID')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (accountId, opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      await axios.delete(`${base}/api/v1/admin/email-accounts/${accountId}`, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      console.log(`Email sync account ${accountId} disconnected.`);
+    } catch (err) { handleError(err); }
+  });
+
+// ============================================================
+// Sprint 56 T3: users get + activity list commands
+// ============================================================
+
+// Sprint 56 T3: users get <id> — uses admin JWT (/admin/users/:id) to avoid requireAdminScope on API key route
+usersCmd
+  .command('get <id>')
+  .description('Get a single user by ID including assigned lead count (Sprint 56 T3)')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (userId, opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/users/${userId}`, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      const u = res.data.data || res.data;
+      console.log(`[${u.id}] ${u.name || '—'} <${u.email}> — role: ${u.role} | active: ${u.is_active} | assigned leads: ${u.assigned_lead_count ?? 'N/A'}`);
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+// users list — also add admin JWT fallback via /admin/users for workspaces without admin-scope API keys
+usersCmd
+  .command('list-admin')
+  .description('List all users via admin JWT (use when API key lacks admin scope)')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/users`, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      const users = res.data.data || res.data || [];
+      if (users.length === 0) { console.log('No users found.'); return; }
+      users.forEach(u => console.log(`[${u.id}] ${u.name || '—'} <${u.email}> — role: ${u.role} | leads: ${u.assigned_lead_count}`));
+    } catch (err) { handleError(err); }
+  });
+
+const activityCmd = program.command('activity').description('System-wide activity feed (Sprint 56 T3) — requires admin login');
+
+activityCmd
+  .command('list')
+  .description('List recent system-wide activity across all leads')
+  .option('--lead-id <id>', 'Filter to a specific lead ID')
+  .option('--author-type <type>', 'Filter by actor type: api_key|human-admin|system')
+  .option('--from <date>', 'From date (YYYY-MM-DD)')
+  .option('--limit <n>', 'Max results', '50')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = cfg.token || await stagesAdminLogin(base, cfg, opts);
+      const params = { limit: opts.limit };
+      if (opts.leadId) params.lead_id = opts.leadId;
+      if (opts.authorType) params.author_type = opts.authorType;
+      if (opts.from) params.from = opts.from;
+      const res = await axios.get(`${base}/api/v1/admin/activity`, {
+        params, headers: { Authorization: `Bearer ${token}` }
+      });
+      const d = res.data;
+      const items = d.data || [];
+      if (items.length === 0) { console.log('No activity found.'); return; }
+      const total = d.pagination?.total || items.length;
+      console.log(`Activity feed (${total} total, showing ${items.length}):`);
+      items.forEach(e => {
+        const when = new Date(e.changed_at).toLocaleString();
+        const lead = e.lead_name ? `${e.lead_name}` : (e.lead_id || 'N/A');
+        console.log(`${when} | ${e.changed_by || 'system'} | ${e.field}: ${e.old_value ?? '—'} → ${e.new_value ?? '—'} | lead: ${lead}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
 // ============================================================
 // GDPR COMMANDS — Sprint 50 T2
 // ============================================================
@@ -4287,4 +4531,405 @@ reportsCmd
     } catch (err) { handleError(err); }
   });
 
+// ============================================================
+// SCORING RULES COMMANDS (S57-T1) — admin JWT
+// ============================================================
+
+const scoringRulesCmd = program.command('scoring-rules').description('Manage auto lead scoring rules (admin)');
+
+scoringRulesCmd
+  .command('list')
+  .description('List all auto scoring rules')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/score-rules/auto`, {
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' }
+      });
+      const rules = res.data.data || res.data;
+      if (Array.isArray(rules) && rules.length === 0) { console.log('No scoring rules found.'); return; }
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+scoringRulesCmd
+  .command('get <rule-id>')
+  .description('Get a single auto scoring rule by ID')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (ruleId, opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/score-rules/auto/${ruleId}`, {
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' }
+      });
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+scoringRulesCmd
+  .command('create')
+  .description('Create a new auto scoring rule')
+  .requiredOption('--name <name>', 'Rule name')
+  .requiredOption('--score <delta>', 'Score delta (-100 to 100, non-zero integer)')
+  .option('--trigger <event>', 'Trigger event (default: lead.status_changed)', 'lead.status_changed')
+  .option('--condition <expr>', 'Condition: "<field> <op> <value>" (repeatable). e.g. --condition "deal_value gte 10000" --condition "status eq qualified"', (val, acc) => { acc.push(val); return acc; }, [])
+  .option('--match <mode>', 'Condition logic: all (AND) or any (OR) (default: all)', 'all')
+  .option('--field <field>', 'Lead field (single-condition shorthand, used if no --condition flags)')
+  .option('--operator <op>', 'Operator shorthand: eq, neq, gt, lt, gte, lte, contains')
+  .option('--value <val>', 'Value shorthand')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    const delta = parseInt(opts.score, 10);
+    if (isNaN(delta)) { console.error('Error: --score must be a non-zero integer'); process.exit(1); }
+    // Build conditions: repeatable --condition "field op value" takes precedence over --field/--operator/--value
+    const conditions = [];
+    if (opts.condition && opts.condition.length > 0) {
+      for (const expr of opts.condition) {
+        const parts = expr.trim().split(/\s+/);
+        if (parts.length < 3) { console.error(`Invalid --condition "${expr}". Format: "<field> <operator> <value>"`); process.exit(1); }
+        const [field, operator, ...rest] = parts;
+        conditions.push({ field, operator, value: rest.join(' ') });
+      }
+    } else if (opts.field && opts.operator && opts.value !== undefined) {
+      conditions.push({ field: opts.field, operator: opts.operator, value: opts.value });
+    }
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = await stagesAdminLogin(base, cfg, opts);
+      const body = { name: opts.name, trigger_event: opts.trigger, score_delta: delta, conditions, match: opts.match };
+      const res = await axios.post(`${base}/api/v1/admin/score-rules/auto`, body, {
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' }
+      });
+      const r = res.data.data || res.data;
+      console.log(`Rule created: [${r.id}] ${r.name} (delta: ${r.score_delta}, conditions: ${conditions.length})`);
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+scoringRulesCmd
+  .command('update <rule-id>')
+  .description('Update an auto scoring rule')
+  .option('--name <name>', 'New rule name')
+  .option('--score <delta>', 'New score delta (-100 to 100)')
+  .option('--trigger <event>', 'New trigger event')
+  .option('--active <bool>', 'Enable/disable rule (true|false)')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (ruleId, opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    const body = {};
+    if (opts.name) body.name = opts.name;
+    if (opts.score !== undefined) body.score_delta = parseInt(opts.score, 10);
+    if (opts.trigger) body.trigger_event = opts.trigger;
+    if (opts.active !== undefined) body.is_active = opts.active === 'true';
+    if (Object.keys(body).length === 0) { console.error('Provide at least one of: --name, --score, --trigger, --active'); process.exit(1); }
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.patch(`${base}/api/v1/admin/score-rules/auto/${ruleId}`, body, {
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' }
+      });
+      console.log(`Rule updated.`);
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+scoringRulesCmd
+  .command('delete <rule-id>')
+  .description('Delete an auto scoring rule')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (ruleId, opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.delete(`${base}/api/v1/admin/score-rules/auto/${ruleId}`, {
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' }
+      });
+      console.log(`Rule ${ruleId} deleted.`);
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+scoringRulesCmd
+  .command('evaluate <lead-id>')
+  .description('Re-evaluate all active scoring rules against a lead and apply matching score deltas')
+  .action(async (leadId) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.post(`/leads/${leadId}/score/evaluate`);
+      const r = res.data.data || res.data;
+      console.log(`Score evaluated: final_score=${r.final_score}, rules_applied=${r.rules_applied}`);
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+// ============================================================
+// NOTIFICATIONS COMMANDS (S57-T2) — API key auth
+// ============================================================
+
+const notificationsCmd = program.command('notifications').description('Manage agent notifications');
+
+notificationsCmd
+  .command('list')
+  .description('List notifications for current API key')
+  .option('--unread', 'Show only unread notifications')
+  .option('--limit <n>', 'Max notifications to return', '50')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const params = { limit: opts.limit };
+      if (opts.unread) params.unread = 'true';
+      const res = await client.get('/notifications', { params });
+      const notifications = res.data.data || res.data;
+      if (Array.isArray(notifications) && notifications.length === 0) { console.log('No notifications.'); return; }
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+notificationsCmd
+  .command('read <notification-id>')
+  .description('Mark a notification as read')
+  .action(async (notificationId) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.patch(`/notifications/${notificationId}/read`);
+      console.log('Notification marked as read.');
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+notificationsCmd
+  .command('read-all')
+  .description('Mark all notifications as read for current API key')
+  .action(async () => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.post('/notifications/read-all');
+      const r = res.data.data || res.data;
+      console.log(`Marked ${r.marked_read} notification(s) as read.`);
+    } catch (err) { handleError(err); }
+  });
+
+notificationsCmd
+  .command('delete <notification-id>')
+  .description('Delete a notification')
+  .action(async (notificationId) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      await client.delete(`/notifications/${notificationId}`);
+      console.log(`Notification ${notificationId} deleted.`);
+    } catch (err) { handleError(err); }
+  });
+
+// ============================================================
+// KEYS USAGE SUBCOMMAND (S57-T3) — admin JWT
+// ============================================================
+
+keysCmd
+  .command('usage [key-id]')
+  .description('Show API key usage stats. Omit key-id to show all-keys summary.')
+  .option('--all', 'Show summary across all keys')
+  .option('--from <date>', 'From date (YYYY-MM-DD)')
+  .option('--to <date>', 'To date (YYYY-MM-DD)')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (keyId, opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = await stagesAdminLogin(base, cfg, opts);
+      const headers = { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' };
+      if (!keyId || opts.all) {
+        const res = await axios.get(`${base}/api/v1/admin/api-keys/usage/summary`, { headers });
+        printJSON(res.data);
+      } else {
+        const params = {};
+        if (opts.from) params.from = opts.from;
+        if (opts.to) params.to = opts.to;
+        const res = await axios.get(`${base}/api/v1/admin/api-keys/${keyId}/usage`, { headers, params });
+        printJSON(res.data);
+      }
+    } catch (err) { handleError(err); }
+  });
+
+// ============================================================
+// INTEGRATIONS COMMANDS (S57-T3) — admin JWT
+// ============================================================
+
+const integrationsCmd = program.command('integrations').description('View integration status (email sync, webhooks)');
+
+integrationsCmd
+  .command('list')
+  .description('List all integrations for workspace')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/integrations`, {
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' }
+      });
+      const list = res.data.data || res.data;
+      if (Array.isArray(list) && list.length === 0) { console.log('No integrations configured.'); return; }
+      if (Array.isArray(list)) {
+        list.forEach(i => {
+          const status = i.status || (i.enabled ? 'active' : 'disabled');
+          console.log(`[${i.id}] ${i.type.padEnd(12)} ${(i.name || '').substring(0, 50).padEnd(52)} status: ${status}`);
+        });
+      } else {
+        printJSON(res.data);
+      }
+    } catch (err) { handleError(err); }
+  });
+
+integrationsCmd
+  .command('status <integration-id>')
+  .description('Show detailed status for a specific integration')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (integrationId, opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = await stagesAdminLogin(base, cfg, opts);
+      const res = await axios.get(`${base}/api/v1/admin/integrations/${integrationId}`, {
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' }
+      });
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+// ============================================================
+// LEAD ARCHIVAL COMMANDS (S58-T3) — archive, restore, list archived, purge
+// ============================================================
+
+leadsCmd
+  .command('archive <lead-id>')
+  .description('Archive a lead (removes from active pipeline)')
+  .action(async (leadId) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.post(`/leads/${leadId}/archive`);
+      console.log(`Lead ${leadId} archived.`);
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+leadsCmd
+  .command('restore <lead-id>')
+  .description('Restore an archived lead back to the active pipeline')
+  .action(async (leadId) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.post(`/leads/${leadId}/restore`);
+      console.log(`Lead ${leadId} restored.`);
+      printJSON(res.data);
+    } catch (err) { handleError(err); }
+  });
+
+leadsCmd
+  .command('archived')
+  .description('List archived leads')
+  .option('--limit <n>', 'Max leads to return', '50')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const client = getClient(globalOpts);
+    try {
+      const res = await client.get('/leads', { params: { archived_only: 'true', limit: opts.limit } });
+      const leads = res.data.data || res.data;
+      if (Array.isArray(leads) && leads.length === 0) { console.log('No archived leads.'); return; }
+      if (Array.isArray(leads)) {
+        leads.forEach(l => {
+          const archivedAt = l.archived_at ? new Date(l.archived_at).toISOString().split('T')[0] : 'unknown';
+          console.log(`[${l.id}] ${(l.name || l.email || 'unnamed').padEnd(35)} archived: ${archivedAt}`);
+        });
+      } else {
+        printJSON(res.data);
+      }
+    } catch (err) { handleError(err); }
+  });
+
+leadsCmd
+  .command('purge-archived')
+  .description('Permanently delete archived leads older than a given date (admin only)')
+  .requiredOption('--before <date>', 'Cutoff date (YYYY-MM-DD) — delete leads archived before this date')
+  .option('--dry-run', 'Show count of leads that would be deleted without actually deleting')
+  .option('--workspace <slug>', 'Workspace slug')
+  .option('--email <email>', 'Admin email')
+  .option('--password <password>', 'Admin password')
+  .action(async (opts) => {
+    const globalOpts = program.opts();
+    const apiUrl = resolveApiUrl(globalOpts.url);
+    if (!apiUrl) { console.error('Error: API URL not configured.'); process.exit(1); }
+    const cfg = loadConfig();
+    try {
+      const base = apiUrl.replace(/\/$/, '');
+      const token = await stagesAdminLogin(base, cfg, opts);
+      const params = { before: opts.before };
+      if (opts.dryRun) params.dry_run = 'true';
+      const res = await axios.delete(`${base}/api/v1/admin/leads/purge-archived`, {
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
+        params
+      });
+      const r = res.data.data || res.data;
+      if (r.dry_run) {
+        console.log(`Dry run: ${r.would_delete} lead(s) would be permanently deleted (archived before ${opts.before}).`);
+      } else {
+        console.log(`Purged: ${r.deleted} archived lead(s) permanently deleted (before ${opts.before}).`);
+      }
+    } catch (err) { handleError(err); }
+  });
+
 program.parse(process.argv);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@startanaicompany/crm",
-  "version": "2.18.0",
+  "version": "2.21.0",
   "description": "AI-first CRM CLI — manage leads and API keys from the terminal",
   "main": "index.js",
   "bin": {