npm - @vantageos/vantage-crm-mcp - Versions diffs - 0.1.0 - Mend

@vantageos/vantage-crm-mcp 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/README.md +260 -0
package/dist/convex/crm/_helpers.js +24 -0
package/dist/convex/crm/activities.js +220 -0
package/dist/convex/crm/briefing.js +198 -0
package/dist/convex/crm/calendarCron.js +92 -0
package/dist/convex/crm/calendarCronDispatch.js +83 -0
package/dist/convex/crm/calendarSync.js +294 -0
package/dist/convex/crm/companies.js +323 -0
package/dist/convex/crm/contacts.js +346 -0
package/dist/convex/crm/deals.js +481 -0
package/dist/convex/crm/emailActions.js +158 -0
package/dist/convex/crm/emailCron.js +210 -0
package/dist/convex/crm/emailCronDispatch.js +76 -0
package/dist/convex/crm/emailSync.js +260 -0
package/dist/convex/crm/onboarding.js +185 -0
package/dist/convex/crm/stats.js +75 -0
package/dist/convex/crm/tasks.js +109 -0
package/dist/convex/crons.js +25 -0
package/dist/convex/integrations.js +183 -0
package/dist/convex/lib/auditLog.js +109 -0
package/dist/convex/lib/auth.js +372 -0
package/dist/convex/lib/rbac.js +123 -0
package/dist/convex/lib/workspace.js +171 -0
package/dist/convex/organizations.js +192 -0
package/dist/convex/schema.js +690 -0
package/dist/convex/users.js +217 -0
package/dist/convex/workspaces.js +603 -0
package/dist/mcp-server/lib/convexClient.js +50 -0
package/dist/mcp-server/lib/scopeEnforcement.js +76 -0
package/dist/mcp-server/registry.js +116 -0
package/dist/mcp-server/server.js +97 -0
package/dist/mcp-server/tests/registry.test.js +163 -0
package/dist/mcp-server/tests/scopeEnforcement.test.js +137 -0
package/dist/mcp-server/tests/security.test.js +257 -0
package/dist/mcp-server/tests/tools.test.js +272 -0
package/dist/mcp-server/tools/activities.js +207 -0
package/dist/mcp-server/tools/admin.js +190 -0
package/dist/mcp-server/tools/companies.js +233 -0
package/dist/mcp-server/tools/contacts.js +306 -0
package/dist/mcp-server/tools/customFields.js +222 -0
package/dist/mcp-server/tools/customObjects.js +235 -0
package/dist/mcp-server/tools/deals.js +297 -0
package/dist/mcp-server/tools/rbac.js +177 -0
package/dist/mcp-server/tools/search.js +155 -0
package/dist/mcp-server/tools/workflows.js +234 -0
package/dist/mcp-server/transport/http.js +257 -0
package/dist/mcp-server/transport/stdio.js +90 -0
package/package.json +45 -0

package/dist/convex/schema.js ADDED Viewed

@@ -0,0 +1,690 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const server_1 = require("convex/server");
+const values_1 = require("convex/values");
+/**
+ * VantageCRM Convex Schema — V0.1.0
+ *
+ * Tables: 21 total
+ *   KEEP  (12): users, organizations, memberships, workspaces, workspaceMembers,
+ *               contacts, companies, deals, activities, emailSync, calendarEvents, integrations
+ *   NEW    (9): custom_field_definitions, custom_object_definitions, custom_object_records,
+ *               audit_log, workflow_definitions, workflow_executions,
+ *               subscriptions, oauth_clients, oauth_access_tokens
+ *   ARCHIVE(31): moved to convex/_archive/ — not in this schema
+ *
+ * Multi-tenant isolation: workspaceId mandatory on ALL CRM entities.
+ * RBAC: D-003 field-level (workspaceMembers.role + custom_field_definitions.visibility).
+ * Soft delete: isArchived + archivedAt on all CRM tables — hard delete admin-only after 30j.
+ *
+ * Ref: elpi-corp/analysis/vantage-crm-spec-2026-05-20.md (commit ac881d0)
+ *      elpi-corp/decisions/vantage-crm/architecture-2026-05-20.md (D-001→D-014)
+ * Introduced: V0.1.0 (Day 76, 2026-05-20)
+ */
+exports.default = (0, server_1.defineSchema)({
+    // ============================================================================
+    // KEEP — users
+    // Role V0.1.0: Mirror Clerk user data. Auth identity source-of-truth.
+    // Multi-tenant key: n/a (platform-level identity).
+    // Indexes: by_clerk_id, by_token, by_email
+    // Introduced: V0.1.0
+    // ============================================================================
+    users: (0, server_1.defineTable)({
+        clerkId: values_1.v.string(),
+        tokenIdentifier: values_1.v.string(),
+        email: values_1.v.string(),
+        emailVerified: values_1.v.optional(values_1.v.boolean()),
+        name: values_1.v.optional(values_1.v.string()),
+        firstName: values_1.v.optional(values_1.v.string()),
+        lastName: values_1.v.optional(values_1.v.string()),
+        avatarUrl: values_1.v.optional(values_1.v.string()),
+        phone: values_1.v.optional(values_1.v.string()),
+        role: values_1.v.string(),
+        activeWorkspaceId: values_1.v.optional(values_1.v.id('workspaces')),
+        settings: values_1.v.optional(values_1.v.object({
+            theme: values_1.v.optional(values_1.v.string()),
+            notifications: values_1.v.optional(values_1.v.boolean()),
+        })),
+        lastLoginAt: values_1.v.optional(values_1.v.number()),
+        createdAt: values_1.v.number(),
+        updatedAt: values_1.v.number(),
+    })
+        .index('by_clerk_id', ['clerkId'])
+        .index('by_token', ['tokenIdentifier'])
+        .index('by_email', ['email']),
+    // ============================================================================
+    // KEEP — organizations
+    // Role V0.1.0: Mirror Clerk Org. Billing subscription anchor (orgId → subscriptions).
+    // Multi-tenant key: clerkId (org-level, anchors subscriptions).
+    // Indexes: by_clerk_id, by_slug
+    // Introduced: V0.1.0
+    // ============================================================================
+    organizations: (0, server_1.defineTable)({
+        clerkId: values_1.v.string(),
+        name: values_1.v.string(),
+        slug: values_1.v.optional(values_1.v.string()),
+        imageUrl: values_1.v.optional(values_1.v.string()),
+        plan: values_1.v.optional(values_1.v.string()),
+        settings: values_1.v.optional(values_1.v.object({
+            defaultModel: values_1.v.optional(values_1.v.string()),
+        })),
+        memberCount: values_1.v.optional(values_1.v.number()),
+        workspaceCount: values_1.v.optional(values_1.v.number()),
+        createdAt: values_1.v.number(),
+        updatedAt: values_1.v.number(),
+    })
+        .index('by_clerk_id', ['clerkId'])
+        .index('by_slug', ['slug']),
+    // ============================================================================
+    // KEEP — memberships
+    // Role V0.1.0: Clerk org membership mirror. Org-level role (org:admin / org:member).
+    // Multi-tenant key: orgId.
+    // Indexes: by_user, by_org, by_user_org
+    // Introduced: V0.1.0
+    // ============================================================================
+    memberships: (0, server_1.defineTable)({
+        userId: values_1.v.id('users'),
+        orgId: values_1.v.id('organizations'),
+        clerkUserId: values_1.v.string(),
+        clerkOrgId: values_1.v.string(),
+        role: values_1.v.string(),
+        permissions: values_1.v.optional(values_1.v.object({
+            canCreateWorkspaces: values_1.v.optional(values_1.v.boolean()),
+            canManageIntegrations: values_1.v.optional(values_1.v.boolean()),
+            canInviteMembers: values_1.v.optional(values_1.v.boolean()),
+        })),
+        joinedAt: values_1.v.number(),
+        updatedAt: values_1.v.number(),
+    })
+        .index('by_user', ['userId'])
+        .index('by_org', ['orgId'])
+        .index('by_user_org', ['userId', 'orgId']),
+    // ============================================================================
+    // KEEP — workspaces  [EXTENDED V0.1.0: pipelineStages.probability — OQ-2]
+    // Role V0.1.0: Tenant boundary effectif. Toute entité CRM porte workspaceId.
+    // OQ-2: pipelineStages.probability (0-100) for Salesforce-style auto-set deals.probability.
+    // Multi-tenant key: orgId (workspaces belong to orgs).
+    // Indexes: by_owner, by_org, by_owner_type, by_slug
+    // Introduced: V0.1.0
+    // ============================================================================
+    workspaces: (0, server_1.defineTable)({
+        name: values_1.v.string(),
+        slug: values_1.v.optional(values_1.v.string()),
+        description: values_1.v.optional(values_1.v.string()),
+        icon: values_1.v.optional(values_1.v.string()),
+        color: values_1.v.optional(values_1.v.string()),
+        ownerType: values_1.v.union(values_1.v.literal('user'), values_1.v.literal('organization')),
+        ownerId: values_1.v.id('users'),
+        orgId: values_1.v.optional(values_1.v.id('organizations')),
+        isDefault: values_1.v.optional(values_1.v.boolean()),
+        settings: values_1.v.optional(values_1.v.object({
+            calendarSyncEnabled: values_1.v.optional(values_1.v.boolean()),
+            icpTags: values_1.v.optional(values_1.v.array(values_1.v.string())),
+        })),
+        memberCount: values_1.v.optional(values_1.v.number()),
+        // OQ-2: probability field added per stage for auto-set Salesforce-style
+        pipelineStages: values_1.v.optional(values_1.v.array(values_1.v.object({
+            id: values_1.v.string(),
+            name: values_1.v.string(),
+            order: values_1.v.number(),
+            probability: values_1.v.optional(values_1.v.number()), // 0-100, auto-set at moveStage
+        }))),
+        createdAt: values_1.v.number(),
+        updatedAt: values_1.v.number(),
+        lastAccessedAt: values_1.v.optional(values_1.v.number()),
+    })
+        .index('by_owner', ['ownerId'])
+        .index('by_org', ['orgId'])
+        .index('by_owner_type', ['ownerType', 'ownerId'])
+        .index('by_slug', ['slug']),
+    // ============================================================================
+    // KEEP — workspaceMembers  [EXTENDED V0.1.0: CRM permissions (D-003 RBAC)]
+    // Role V0.1.0: RBAC workspace-level (owner/admin/editor/viewer). D-003 field-level RBAC.
+    // Multi-tenant key: workspaceId.
+    // Indexes: by_workspace, by_user, by_workspace_user
+    // Introduced: V0.1.0
+    // ============================================================================
+    workspaceMembers: (0, server_1.defineTable)({
+        workspaceId: values_1.v.id('workspaces'),
+        userId: values_1.v.id('users'),
+        role: values_1.v.union(values_1.v.literal('owner'), values_1.v.literal('admin'), values_1.v.literal('editor'), values_1.v.literal('viewer')),
+        permissions: values_1.v.optional(values_1.v.object({
+            canDeleteRecords: values_1.v.optional(values_1.v.boolean()),
+            canBulkImport: values_1.v.optional(values_1.v.boolean()),
+            canManageWorkflows: values_1.v.optional(values_1.v.boolean()),
+            canManageIntegrations: values_1.v.optional(values_1.v.boolean()),
+            canInviteMembers: values_1.v.optional(values_1.v.boolean()),
+            canViewAuditLog: values_1.v.optional(values_1.v.boolean()),
+        })),
+        addedAt: values_1.v.number(),
+        addedBy: values_1.v.optional(values_1.v.id('users')),
+    })
+        .index('by_workspace', ['workspaceId'])
+        .index('by_user', ['userId'])
+        .index('by_workspace_user', ['workspaceId', 'userId']),
+    // ============================================================================
+    // KEEP — contacts  [EXTENDED V0.1.0: customFields, vpProfileId (OQ-3), isArchived/archivedAt (OQ-4)]
+    // Role V0.1.0: CRM core entity — people you sell to and work with.
+    // OQ-3: vpProfileId future-proofs VantagePeers cross-link for V0.2.
+    // OQ-4: soft delete via isArchived/archivedAt — hard delete admin-only after 30j grace.
+    // Multi-tenant key: workspaceId (mandatory).
+    // Indexes: by_workspace, by_workspace_created, by_workspace_type, by_owner,
+    //          by_company, by_workspace_archived + search_contacts
+    // Introduced: V0.1.0
+    // ============================================================================
+    contacts: (0, server_1.defineTable)({
+        workspaceId: values_1.v.id('workspaces'),
+        firstName: values_1.v.string(),
+        lastName: values_1.v.string(),
+        email: values_1.v.optional(values_1.v.string()),
+        phone: values_1.v.optional(values_1.v.string()),
+        companyId: values_1.v.optional(values_1.v.id('companies')),
+        type: values_1.v.union(values_1.v.literal('lead'), values_1.v.literal('prospect'), values_1.v.literal('client'), values_1.v.literal('partner'), values_1.v.literal('other')),
+        source: values_1.v.optional(values_1.v.string()),
+        tags: values_1.v.optional(values_1.v.array(values_1.v.string())),
+        notes: values_1.v.optional(values_1.v.string()),
+        jobTitle: values_1.v.optional(values_1.v.string()),
+        linkedinUrl: values_1.v.optional(values_1.v.string()),
+        address: values_1.v.optional(values_1.v.string()),
+        leadScore: values_1.v.optional(values_1.v.number()),
+        lastScoredAt: values_1.v.optional(values_1.v.number()),
+        ownerId: values_1.v.string(),
+        lastContactedAt: values_1.v.optional(values_1.v.number()),
+        searchableText: values_1.v.string(),
+        // Extensions V0.1.0
+        customFields: values_1.v.optional(values_1.v.record(values_1.v.string(), values_1.v.any())), // D-004 JSON column
+        vpProfileId: values_1.v.optional(values_1.v.string()), // OQ-3: VantagePeers cross-link V0.2
+        isArchived: values_1.v.optional(values_1.v.boolean()), // OQ-4: soft delete
+        archivedAt: values_1.v.optional(values_1.v.number()), // OQ-4: 30j grace period start
+        createdAt: values_1.v.number(),
+        updatedAt: values_1.v.number(),
+    })
+        .index('by_workspace', ['workspaceId'])
+        .index('by_workspace_created', ['workspaceId', 'createdAt'])
+        .index('by_workspace_type', ['workspaceId', 'type'])
+        .index('by_owner', ['ownerId'])
+        .index('by_company', ['companyId'])
+        .index('by_workspace_archived', ['workspaceId', 'isArchived'])
+        .searchIndex('search_contacts', {
+        searchField: 'searchableText',
+        filterFields: ['workspaceId', 'isArchived'],
+    }),
+    // ============================================================================
+    // KEEP — companies  [EXTENDED V0.1.0: customFields, isArchived/archivedAt (OQ-4)]
+    // Role V0.1.0: CRM accounts/companies — pivot between contacts and deals.
+    // OQ-4: soft delete via isArchived/archivedAt — hard delete admin-only after 30j grace.
+    // Multi-tenant key: workspaceId (mandatory).
+    // Indexes: by_workspace, by_workspace_created, by_owner, by_domain,
+    //          by_workspace_archived + search_companies
+    // Introduced: V0.1.0
+    // ============================================================================
+    companies: (0, server_1.defineTable)({
+        workspaceId: values_1.v.id('workspaces'),
+        name: values_1.v.string(),
+        domain: values_1.v.optional(values_1.v.string()),
+        industry: values_1.v.optional(values_1.v.string()),
+        size: values_1.v.optional(values_1.v.union(values_1.v.literal('1-10'), values_1.v.literal('11-50'), values_1.v.literal('51-200'), values_1.v.literal('201-1000'), values_1.v.literal('1000+'))),
+        website: values_1.v.optional(values_1.v.string()),
+        phone: values_1.v.optional(values_1.v.string()),
+        address: values_1.v.optional(values_1.v.string()),
+        description: values_1.v.optional(values_1.v.string()),
+        tags: values_1.v.optional(values_1.v.array(values_1.v.string())),
+        notes: values_1.v.optional(values_1.v.string()),
+        ownerId: values_1.v.string(),
+        contactCount: values_1.v.optional(values_1.v.number()),
+        dealCount: values_1.v.optional(values_1.v.number()),
+        totalDealValue: values_1.v.optional(values_1.v.number()),
+        searchableText: values_1.v.string(),
+        // Extensions V0.1.0
+        customFields: values_1.v.optional(values_1.v.record(values_1.v.string(), values_1.v.any())), // D-004 JSON column
+        isArchived: values_1.v.optional(values_1.v.boolean()), // OQ-4: soft delete
+        archivedAt: values_1.v.optional(values_1.v.number()), // OQ-4: 30j grace period start
+        createdAt: values_1.v.number(),
+        updatedAt: values_1.v.number(),
+    })
+        .index('by_workspace', ['workspaceId'])
+        .index('by_workspace_created', ['workspaceId', 'createdAt'])
+        .index('by_owner', ['ownerId'])
+        .index('by_domain', ['domain'])
+        .index('by_workspace_archived', ['workspaceId', 'isArchived'])
+        .searchIndex('search_companies', {
+        searchField: 'searchableText',
+        filterFields: ['workspaceId', 'isArchived'],
+    }),
+    // ============================================================================
+    // KEEP — deals  [EXTENDED V0.1.0: customFields, probability (OQ-2), isArchived/archivedAt (OQ-4)]
+    // Role V0.1.0: Pipeline opportunities with configurable stages + probability.
+    // OQ-2: probability (0-100) auto-set from pipelineStages.probability at moveStage or manual.
+    // OQ-4: soft delete via isArchived/archivedAt — hard delete admin-only after 30j grace.
+    // Multi-tenant key: workspaceId (mandatory).
+    // Indexes: by_workspace, by_workspace_stage, by_workspace_created, by_contact,
+    //          by_company, by_owner, by_workspace_archived + search_deals
+    // Introduced: V0.1.0
+    // ============================================================================
+    deals: (0, server_1.defineTable)({
+        workspaceId: values_1.v.id('workspaces'),
+        title: values_1.v.string(),
+        stage: values_1.v.string(), // Configurable per workspace via pipelineStages
+        contactId: values_1.v.optional(values_1.v.id('contacts')),
+        companyId: values_1.v.optional(values_1.v.id('companies')),
+        value: values_1.v.optional(values_1.v.number()),
+        probability: values_1.v.optional(values_1.v.number()), // 0-100, OQ-2 auto-set or manual
+        currency: values_1.v.optional(values_1.v.string()),
+        expectedCloseDate: values_1.v.optional(values_1.v.number()),
+        actualCloseDate: values_1.v.optional(values_1.v.number()),
+        description: values_1.v.optional(values_1.v.string()),
+        tags: values_1.v.optional(values_1.v.array(values_1.v.string())),
+        notes: values_1.v.optional(values_1.v.string()),
+        source: values_1.v.optional(values_1.v.string()),
+        lostReason: values_1.v.optional(values_1.v.string()),
+        ownerId: values_1.v.string(),
+        stageChangedAt: values_1.v.optional(values_1.v.number()),
+        lastActivityAt: values_1.v.optional(values_1.v.number()),
+        searchableText: values_1.v.string(),
+        // Extensions V0.1.0
+        customFields: values_1.v.optional(values_1.v.record(values_1.v.string(), values_1.v.any())), // D-004 JSON column
+        isArchived: values_1.v.optional(values_1.v.boolean()), // OQ-4: soft delete
+        archivedAt: values_1.v.optional(values_1.v.number()), // OQ-4: 30j grace period start
+        createdAt: values_1.v.number(),
+        updatedAt: values_1.v.number(),
+    })
+        .index('by_workspace', ['workspaceId'])
+        .index('by_workspace_stage', ['workspaceId', 'stage'])
+        .index('by_workspace_created', ['workspaceId', 'createdAt'])
+        .index('by_contact', ['contactId'])
+        .index('by_company', ['companyId'])
+        .index('by_owner', ['ownerId'])
+        .index('by_workspace_archived', ['workspaceId', 'isArchived'])
+        .searchIndex('search_deals', {
+        searchField: 'searchableText',
+        filterFields: ['workspaceId', 'stage', 'isArchived'],
+    }),
+    // ============================================================================
+    // KEEP — activities  [EXTENDED V0.1.0: customFields, actorType/actorId (OQ-1). NO remove mutation — OQ-4]
+    // Role V0.1.0: Immutable CRM audit trail — calls, emails, meetings, notes, tasks.
+    // OQ-1: actorType/actorId tracks Composio agent actions (actorId='agent:composio').
+    // OQ-4: activities are NEVER deleted — they ARE the audit trail. No isArchived by design.
+    // Note: No remove mutation exists or will be added. Salesforce doctrine.
+    // Multi-tenant key: workspaceId (mandatory).
+    // Indexes: by_workspace, by_workspace_type, by_workspace_created, by_contact,
+    //          by_deal, by_company, by_owner
+    // Introduced: V0.1.0
+    // ============================================================================
+    activities: (0, server_1.defineTable)({
+        workspaceId: values_1.v.id('workspaces'),
+        type: values_1.v.union(values_1.v.literal('call'), values_1.v.literal('email'), values_1.v.literal('meeting'), values_1.v.literal('note'), values_1.v.literal('task'), values_1.v.literal('stage-change'), values_1.v.literal('email-received'), values_1.v.literal('email-sent'), values_1.v.literal('calendar-event'), values_1.v.literal('workflow-action')),
+        subject: values_1.v.string(),
+        description: values_1.v.optional(values_1.v.string()),
+        contactId: values_1.v.optional(values_1.v.id('contacts')),
+        companyId: values_1.v.optional(values_1.v.id('companies')),
+        dealId: values_1.v.optional(values_1.v.id('deals')),
+        ownerId: values_1.v.string(),
+        occurredAt: values_1.v.number(),
+        dueAt: values_1.v.optional(values_1.v.number()),
+        completedAt: values_1.v.optional(values_1.v.number()),
+        // OQ-1: Composio actor tracking
+        actorType: values_1.v.optional(values_1.v.union(values_1.v.literal('user'), values_1.v.literal('agent'), values_1.v.literal('system'))),
+        actorId: values_1.v.optional(values_1.v.string()), // clerkId | 'agent:composio' | 'system'
+        // Extension V0.1.0
+        customFields: values_1.v.optional(values_1.v.record(values_1.v.string(), values_1.v.any())), // D-004 JSON column
+        createdAt: values_1.v.number(),
+        updatedAt: values_1.v.number(),
+    })
+        .index('by_workspace', ['workspaceId'])
+        .index('by_workspace_type', ['workspaceId', 'type'])
+        .index('by_workspace_created', ['workspaceId', 'createdAt'])
+        .index('by_contact', ['contactId'])
+        .index('by_deal', ['dealId'])
+        .index('by_company', ['companyId'])
+        .index('by_owner', ['ownerId']),
+    // ============================================================================
+    // KEEP — emailSync  (keep as-is per OQ-1)
+    // Role V0.1.0: Composio Gmail sync. upsertFromSync wraps withAuditLog actorId='agent:composio'.
+    // Multi-tenant key: workspaceId (mandatory).
+    // Indexes: by_workspace, by_gmail_id, by_contact, by_workspace_sent
+    // Introduced: V0.1.0
+    // ============================================================================
+    emailSync: (0, server_1.defineTable)({
+        workspaceId: values_1.v.id('workspaces'),
+        gmailId: values_1.v.string(),
+        threadId: values_1.v.optional(values_1.v.string()),
+        subject: values_1.v.string(),
+        from: values_1.v.string(),
+        to: values_1.v.optional(values_1.v.array(values_1.v.string())),
+        snippet: values_1.v.optional(values_1.v.string()),
+        bodyPlain: values_1.v.optional(values_1.v.string()), // truncated 10KB
+        contactId: values_1.v.optional(values_1.v.id('contacts')),
+        companyId: values_1.v.optional(values_1.v.id('companies')),
+        sentAt: values_1.v.number(),
+        syncedAt: values_1.v.number(),
+    })
+        .index('by_workspace', ['workspaceId'])
+        .index('by_gmail_id', ['gmailId'])
+        .index('by_contact', ['contactId'])
+        .index('by_workspace_sent', ['workspaceId', 'sentAt']),
+    // ============================================================================
+    // KEEP — calendarEvents  (keep as-is per OQ-1)
+    // Role V0.1.0: Composio Google Calendar sync. Keep as-is per OQ-1.
+    // Multi-tenant key: workspaceId (mandatory).
+    // Indexes: by_workspace, by_google_event, by_contact, by_workspace_start
+    // Introduced: V0.1.0
+    // ============================================================================
+    calendarEvents: (0, server_1.defineTable)({
+        workspaceId: values_1.v.id('workspaces'),
+        googleEventId: values_1.v.string(),
+        title: values_1.v.string(),
+        description: values_1.v.optional(values_1.v.string()),
+        startTime: values_1.v.number(),
+        endTime: values_1.v.number(),
+        attendees: values_1.v.optional(values_1.v.array(values_1.v.object({
+            email: values_1.v.string(),
+            displayName: values_1.v.optional(values_1.v.string()),
+        }))),
+        contactId: values_1.v.optional(values_1.v.id('contacts')),
+        companyId: values_1.v.optional(values_1.v.id('companies')),
+        dealId: values_1.v.optional(values_1.v.id('deals')),
+        syncedAt: values_1.v.number(),
+    })
+        .index('by_workspace', ['workspaceId'])
+        .index('by_google_event', ['googleEventId'])
+        .index('by_contact', ['contactId'])
+        .index('by_workspace_start', ['workspaceId', 'startTime']),
+    // ============================================================================
+    // KEEP — integrations  (keep as-is per OQ-1)
+    // Role V0.1.0: Composio connection tracking per workspace.
+    // Multi-tenant key: workspaceId (mandatory).
+    // Indexes: by_workspace, by_workspace_toolkit, by_workspace_status
+    // Introduced: V0.1.0
+    // ============================================================================
+    integrations: (0, server_1.defineTable)({
+        workspaceId: values_1.v.id('workspaces'),
+        toolkitSlug: values_1.v.string(),
+        connectionId: values_1.v.string(),
+        status: values_1.v.union(values_1.v.literal('active'), values_1.v.literal('disconnected')),
+        connectedAt: values_1.v.number(),
+        connectedBy: values_1.v.id('users'),
+    })
+        .index('by_workspace', ['workspaceId'])
+        .index('by_workspace_toolkit', ['workspaceId', 'toolkitSlug'])
+        .index('by_workspace_status', ['workspaceId', 'status']),
+    // ============================================================================
+    // NEW — custom_field_definitions  (D-004)
+    // Role V0.1.0: Runtime field definitions per workspace per entityType.
+    // Values stored in customFields JSON column on each CRM record (not a side-table).
+    // 10 field types: string/number/boolean/date/select/multi-select/url/email/phone/json.
+    // D-003 field-level RBAC: visibility controls per-field access by workspace role.
+    // Multi-tenant key: workspaceId (mandatory).
+    // Indexes: by_workspace, by_workspace_entity, by_workspace_entity_name
+    // Introduced: V0.1.0
+    // ============================================================================
+    custom_field_definitions: (0, server_1.defineTable)({
+        workspaceId: values_1.v.id('workspaces'),
+        entityType: values_1.v.string(), // 'contact'|'deal'|'company'|'activity'|<custom_object_name>
+        name: values_1.v.string(), // slug e.g. 'industry_tier', 'churn_risk'
+        label: values_1.v.string(), // display e.g. 'Industry Tier', 'Churn Risk'
+        fieldType: values_1.v.union(values_1.v.literal('string'), values_1.v.literal('number'), values_1.v.literal('boolean'), values_1.v.literal('date'), values_1.v.literal('select'), values_1.v.literal('multi-select'), values_1.v.literal('url'), values_1.v.literal('email'), values_1.v.literal('phone'), values_1.v.literal('json')),
+        options: values_1.v.optional(values_1.v.array(values_1.v.object({
+            value: values_1.v.string(),
+            label: values_1.v.string(),
+        }))), // For select/multi-select
+        required: values_1.v.boolean(),
+        defaultValue: values_1.v.optional(values_1.v.union(values_1.v.string(), values_1.v.number(), values_1.v.boolean(), values_1.v.null())),
+        validation: values_1.v.optional(values_1.v.object({
+            pattern: values_1.v.optional(values_1.v.string()), // regex
+            min: values_1.v.optional(values_1.v.number()),
+            max: values_1.v.optional(values_1.v.number()),
+        })),
+        // D-003 field-level RBAC
+        visibility: values_1.v.union(values_1.v.literal('all'), values_1.v.literal('admin-only'), values_1.v.literal('role-restricted')),
+        visibleToRoles: values_1.v.optional(values_1.v.array(values_1.v.string())), // ['owner', 'admin', 'editor']
+        orderPosition: values_1.v.optional(values_1.v.number()),
+        createdBy: values_1.v.string(), // clerkId
+        createdAt: values_1.v.number(),
+        updatedAt: values_1.v.number(),
+    })
+        .index('by_workspace', ['workspaceId'])
+        .index('by_workspace_entity', ['workspaceId', 'entityType'])
+        .index('by_workspace_entity_name', ['workspaceId', 'entityType', 'name']),
+    // ============================================================================
+    // NEW — custom_object_definitions  (D-005)
+    // Role V0.1.0: DDL runtime for custom objects — does not mutate Convex schema.
+    // Pattern: Salesforce/Airtable polymorphic — definitions metadata + single records table.
+    // Relationships field defines FK pointers in custom_object_records.data JSON.
+    // Multi-tenant key: workspaceId (mandatory).
+    // Indexes: by_workspace, by_workspace_name, by_workspace_archived
+    // Introduced: V0.1.0
+    // ============================================================================
+    custom_object_definitions: (0, server_1.defineTable)({
+        workspaceId: values_1.v.id('workspaces'),
+        name: values_1.v.string(), // slug e.g. 'property', 'vehicle', 'ticket'
+        label: values_1.v.string(), // 'Property'
+        pluralLabel: values_1.v.string(), // 'Properties'
+        icon: values_1.v.optional(values_1.v.string()),
+        description: values_1.v.optional(values_1.v.string()),
+        primaryFieldName: values_1.v.string(), // e.g. 'address' — shown as record title
+        searchableFields: values_1.v.array(values_1.v.string()), // fields included in searchableText rebuild
+        relationships: values_1.v.optional(values_1.v.array(values_1.v.object({
+            targetEntity: values_1.v.string(), // 'contact'|'deal'|'company'|<custom_object_name>
+            cardinality: values_1.v.union(values_1.v.literal('1-1'), values_1.v.literal('1-N'), values_1.v.literal('N-N')),
+            label: values_1.v.string(),
+            fieldName: values_1.v.string(), // e.g. 'contactId' — FK key in data JSON
+        }))),
+        createdBy: values_1.v.string(),
+        isArchived: values_1.v.optional(values_1.v.boolean()),
+        createdAt: values_1.v.number(),
+        updatedAt: values_1.v.number(),
+    })
+        .index('by_workspace', ['workspaceId'])
+        .index('by_workspace_name', ['workspaceId', 'name'])
+        .index('by_workspace_archived', ['workspaceId', 'isArchived']),
+    // ============================================================================
+    // NEW — custom_object_records  (D-005)
+    // Role V0.1.0: Polymorphic single table for all custom objects.
+    // objectType discriminator + data JSON keyed by field names from definition.
+    // searchableText denormalized for full-text search across any custom object type.
+    // OQ-4: isArchived/archivedAt soft delete — NO hard delete without admin scope.
+    // Multi-tenant key: workspaceId (mandatory).
+    // Indexes: by_workspace_object, by_workspace_object_created, by_owner,
+    //          by_workspace_archived + search_records
+    // Introduced: V0.1.0
+    // ============================================================================
+    custom_object_records: (0, server_1.defineTable)({
+        workspaceId: values_1.v.id('workspaces'),
+        objectType: values_1.v.string(), // matches custom_object_definitions.name
+        data: values_1.v.record(values_1.v.string(), values_1.v.any()), // JSON keyed by field name
+        ownerId: values_1.v.string(),
+        searchableText: values_1.v.string(), // rebuilt on each create/update
+        isArchived: values_1.v.optional(values_1.v.boolean()), // OQ-4: soft delete
+        archivedAt: values_1.v.optional(values_1.v.number()), // OQ-4: 30j grace period start
+        createdAt: values_1.v.number(),
+        updatedAt: values_1.v.number(),
+    })
+        .index('by_workspace_object', ['workspaceId', 'objectType'])
+        .index('by_workspace_object_created', ['workspaceId', 'objectType', 'createdAt'])
+        .index('by_owner', ['ownerId'])
+        .index('by_workspace_archived', ['workspaceId', 'isArchived'])
+        .searchIndex('search_records', {
+        searchField: 'searchableText',
+        filterFields: ['workspaceId', 'objectType', 'isArchived'],
+    }),
+    // ============================================================================
+    // NEW — audit_log  (D-006)
+    // Role V0.1.0: Compliance trace of every CRM mutation. 7-year retention.
+    // withAuditLog() wrapper called on 100% of CRM mutations.
+    // OQ-1: actorType='agent' tracks Composio actions (actorId='agent:composio').
+    // OQ-4: soft delete → action='archive'; hard delete admin → action='delete'.
+    // fieldChanges captures before/after for diff views (GDPR right-to-erasure support).
+    // Multi-tenant key: workspaceId (mandatory).
+    // Indexes: by_workspace, by_workspace_timestamp, by_workspace_entity,
+    //          by_workspace_actor, by_workspace_action
+    // Introduced: V0.1.0
+    // ============================================================================
+    audit_log: (0, server_1.defineTable)({
+        workspaceId: values_1.v.id('workspaces'),
+        actorId: values_1.v.string(), // clerkId | 'agent:composio' | 'system'
+        actorType: values_1.v.union(values_1.v.literal('user'), values_1.v.literal('agent'), values_1.v.literal('system')),
+        entityType: values_1.v.string(), // 'contact'|'deal'|'company'|'activity'|etc.
+        entityId: values_1.v.string(), // Convex Id as string
+        action: values_1.v.union(values_1.v.literal('create'), values_1.v.literal('update'), values_1.v.literal('delete'), values_1.v.literal('archive'), values_1.v.literal('restore'), values_1.v.literal('stage-change'), values_1.v.literal('owner-change'), values_1.v.literal('bulk-import'), values_1.v.literal('bulk-export'), values_1.v.literal('permission-change'), values_1.v.literal('workflow-triggered'), values_1.v.literal('workflow-action-executed')),
+        fieldChanges: values_1.v.optional(values_1.v.array(values_1.v.object({
+            fieldName: values_1.v.string(),
+            oldValue: values_1.v.union(values_1.v.string(), values_1.v.number(), values_1.v.boolean(), values_1.v.null()),
+            newValue: values_1.v.union(values_1.v.string(), values_1.v.number(), values_1.v.boolean(), values_1.v.null()),
+        }))),
+        metadata: values_1.v.optional(values_1.v.record(values_1.v.string(), values_1.v.any())),
+        ip: values_1.v.optional(values_1.v.string()),
+        userAgent: values_1.v.optional(values_1.v.string()),
+        timestamp: values_1.v.number(),
+    })
+        .index('by_workspace', ['workspaceId'])
+        .index('by_workspace_timestamp', ['workspaceId', 'timestamp'])
+        .index('by_workspace_entity', ['workspaceId', 'entityType', 'entityId'])
+        .index('by_workspace_actor', ['workspaceId', 'actorId'])
+        .index('by_workspace_action', ['workspaceId', 'action']),
+    // ============================================================================
+    // NEW — workflow_definitions  (D-007)
+    // Role V0.1.0: Trigger-based workflow definitions. 5 trigger types × 5 action types.
+    // Engine: Convex mutation hooks + cron (time-based trigger type).
+    // Conditions evaluated at runtime. idempotency enforced in workflow_executions.
+    // Multi-tenant key: workspaceId (mandatory).
+    // Indexes: by_workspace, by_workspace_active, by_workspace_trigger
+    // Introduced: V0.1.0
+    // ============================================================================
+    workflow_definitions: (0, server_1.defineTable)({
+        workspaceId: values_1.v.id('workspaces'),
+        name: values_1.v.string(),
+        description: values_1.v.optional(values_1.v.string()),
+        isActive: values_1.v.boolean(),
+        trigger: values_1.v.object({
+            type: values_1.v.union(values_1.v.literal('record-created'), values_1.v.literal('record-updated'), values_1.v.literal('field-changed'), values_1.v.literal('stage-changed'), values_1.v.literal('time-based')),
+            entityType: values_1.v.optional(values_1.v.string()), // 'contact'|'deal'|'company'|'activity'
+            fieldName: values_1.v.optional(values_1.v.string()), // for field-changed
+            cron: values_1.v.optional(values_1.v.string()), // cron expr for time-based
+            conditions: values_1.v.optional(values_1.v.array(values_1.v.object({
+                field: values_1.v.string(),
+                operator: values_1.v.union(values_1.v.literal('eq'), values_1.v.literal('neq'), values_1.v.literal('gt'), values_1.v.literal('lt'), values_1.v.literal('in'), values_1.v.literal('contains')),
+                value: values_1.v.union(values_1.v.string(), values_1.v.number(), values_1.v.boolean(), values_1.v.array(values_1.v.string())),
+            }))),
+        }),
+        actions: values_1.v.array(values_1.v.object({
+            id: values_1.v.string(),
+            type: values_1.v.union(values_1.v.literal('update-record'), values_1.v.literal('create-record'), values_1.v.literal('send-email'), values_1.v.literal('send-message'), values_1.v.literal('log-activity')),
+            params: values_1.v.record(values_1.v.string(), values_1.v.any()),
+            onError: values_1.v.optional(values_1.v.union(values_1.v.literal('continue'), values_1.v.literal('halt'))),
+        })),
+        createdBy: values_1.v.string(),
+        createdAt: values_1.v.number(),
+        updatedAt: values_1.v.number(),
+    })
+        .index('by_workspace', ['workspaceId'])
+        .index('by_workspace_active', ['workspaceId', 'isActive'])
+        .index('by_workspace_trigger', ['workspaceId', 'trigger.type']),
+    // ============================================================================
+    // NEW — workflow_executions  (D-007)
+    // Role V0.1.0: Execution trace per workflow run. idempotencyKey prevents double-run
+    // within the same minute. Replay possible via MCP tool replay_execution.
+    // onError='halt' → status='halted', alert workspace owner via send_message action.
+    // Multi-tenant key: workspaceId (mandatory).
+    // Indexes: by_workspace, by_workflow, by_workspace_status, by_idempotency
+    // Introduced: V0.1.0
+    // ============================================================================
+    workflow_executions: (0, server_1.defineTable)({
+        workspaceId: values_1.v.id('workspaces'),
+        workflowId: values_1.v.id('workflow_definitions'),
+        triggerEntityType: values_1.v.string(),
+        triggerEntityId: values_1.v.string(),
+        triggerType: values_1.v.string(),
+        idempotencyKey: values_1.v.string(), // hash(workflowId + entityId + floor(timestamp/60000))
+        status: values_1.v.union(values_1.v.literal('running'), values_1.v.literal('completed'), values_1.v.literal('failed'), values_1.v.literal('halted')),
+        actionLog: values_1.v.array(values_1.v.object({
+            actionId: values_1.v.string(),
+            status: values_1.v.union(values_1.v.literal('pending'), values_1.v.literal('completed'), values_1.v.literal('failed'), values_1.v.literal('skipped')),
+            result: values_1.v.optional(values_1.v.record(values_1.v.string(), values_1.v.any())),
+            error: values_1.v.optional(values_1.v.string()),
+            timestamp: values_1.v.number(),
+        })),
+        startedAt: values_1.v.number(),
+        completedAt: values_1.v.optional(values_1.v.number()),
+    })
+        .index('by_workspace', ['workspaceId'])
+        .index('by_workflow', ['workflowId'])
+        .index('by_workspace_status', ['workspaceId', 'status'])
+        .index('by_idempotency', ['idempotencyKey']),
+    // ============================================================================
+    // NEW — subscriptions  (D-010)
+    // Role V0.1.0: Billing state per organization. Polar Cloud + Gumroad Pro Support.
+    // Webhook flow: Polar/Gumroad → convex/http → processBillingEvent → upsert here.
+    // Limits object enforced at query/mutation layer (record count checks, scope checks).
+    // Multi-tenant key: orgId (org-level billing, not workspace-level).
+    // Indexes: by_org, by_external_id, by_status, by_provider
+    // Introduced: V0.1.0
+    // ============================================================================
+    subscriptions: (0, server_1.defineTable)({
+        orgId: values_1.v.id('organizations'),
+        provider: values_1.v.union(values_1.v.literal('polar'), values_1.v.literal('gumroad')),
+        externalSubscriptionId: values_1.v.string(),
+        tier: values_1.v.union(values_1.v.literal('free'), values_1.v.literal('pro-support'), values_1.v.literal('cloud-starter'), values_1.v.literal('cloud-pro'), values_1.v.literal('cloud-enterprise')),
+        status: values_1.v.union(values_1.v.literal('trial'), values_1.v.literal('active'), values_1.v.literal('past-due'), values_1.v.literal('canceled'), values_1.v.literal('expired')),
+        scopes: values_1.v.array(values_1.v.string()), // ['vantage-crm:read', 'vantage-crm:write', ...]
+        limits: values_1.v.object({
+            maxWorkspaces: values_1.v.number(),
+            maxUsers: values_1.v.number(),
+            maxRecords: values_1.v.number(),
+            workflowsEnabled: values_1.v.boolean(),
+        }),
+        trialEndsAt: values_1.v.optional(values_1.v.number()),
+        startDate: values_1.v.number(),
+        renewalDate: values_1.v.optional(values_1.v.number()),
+        canceledAt: values_1.v.optional(values_1.v.number()),
+        metadata: values_1.v.optional(values_1.v.record(values_1.v.string(), values_1.v.any())),
+        createdAt: values_1.v.number(),
+        updatedAt: values_1.v.number(),
+    })
+        .index('by_org', ['orgId'])
+        .index('by_external_id', ['externalSubscriptionId'])
+        .index('by_status', ['status'])
+        .index('by_provider', ['provider']),
+    // ============================================================================
+    // NEW — oauth_clients  (D-009)
+    // Role V0.1.0: OAuth2 clients for HTTP MCP mode (cloud customers).
+    // Auto-provisioned at Polar/Gumroad subscription. clientSecretHash = bcrypt.
+    // 4-tier scopes: vantage-crm:read / write / admin / workflow-trigger.
+    // Multi-tenant key: orgId (org-level OAuth clients).
+    // Indexes: by_org, by_client_id, by_subscription
+    // Introduced: V0.1.0
+    // ============================================================================
+    oauth_clients: (0, server_1.defineTable)({
+        orgId: values_1.v.id('organizations'),
+        subscriptionId: values_1.v.id('subscriptions'),
+        clientId: values_1.v.string(), // UUID generated at provision
+        clientSecretHash: values_1.v.string(), // bcrypt hash — never store raw secret
+        scopes: values_1.v.array(values_1.v.string()), // scopes granted per subscription tier
+        isActive: values_1.v.boolean(),
+        lastUsedAt: values_1.v.optional(values_1.v.number()),
+        revokedAt: values_1.v.optional(values_1.v.number()),
+        createdAt: values_1.v.number(),
+    })
+        .index('by_org', ['orgId'])
+        .index('by_client_id', ['clientId'])
+        .index('by_subscription', ['subscriptionId']),
+    // ============================================================================
+    // NEW — oauth_access_tokens  (D-009)
+    // Role V0.1.0: Short-lived access tokens (1h TTL) issued by oauth_clients.
+    // tokenHash = sha256(rawToken) — NEVER store raw token in DB.
+    // revokedAt enables explicit revocation before expiry.
+    // Multi-tenant key: clientId (indirectly via oauth_clients → orgId).
+    // Indexes: by_token_hash, by_client, by_expires
+    // Introduced: V0.1.0
+    // ============================================================================
+    oauth_access_tokens: (0, server_1.defineTable)({
+        clientId: values_1.v.string(),
+        tokenHash: values_1.v.string(), // sha256(rawToken)
+        scopes: values_1.v.array(values_1.v.string()),
+        expiresAt: values_1.v.number(),
+        revokedAt: values_1.v.optional(values_1.v.number()),
+        createdAt: values_1.v.number(),
+    })
+        .index('by_token_hash', ['tokenHash'])
+        .index('by_client', ['clientId'])
+        .index('by_expires', ['expiresAt']),
+});