fullstackgtm 0.11.1 → 0.13.0

package/dist/cli.js

@@ -17,6 +17,7 @@ import { createFilePlanStore } from "./planStore.js";
 import { auditReportToHtml, auditReportToMarkdown } from "./report.js";
 import { builtinAuditRules } from "./rules.js";
 import { sampleSnapshot } from "./sampleData.js";
+import { parseCall, suggestCallDeal } from "./calls.js";
 import { suggestValues } from "./suggest.js";
 function usage() {
     return `FullStackGTM — audit GTM data across providers, propose reviewable patch plans,
@@ -40,6 +41,11 @@ Usage:
   fullstackgtm report [source options] [audit options] [report options]
   fullstackgtm diff --before <a.json> --after <b.json> [--json] [--fail-on-new-findings]
   fullstackgtm merge --input <a.json> --input <b.json> [...] --out <merged.json> [--json]
+  fullstackgtm call parse --transcript <file> [--title t] [--source fathom|granola|...] [--json|--ndjson] [--out <path>]
+  fullstackgtm call link --attendees <a@x.com,...> | --domain <x.com>  [source options] [--json]
+  fullstackgtm call plan --transcript <file>|--call <parsed.json> --deal <id> [source options] [--save|--json]
+                                               calls become evidence: parse dialects (Speaker:/[Me]/Granola JSON),
+                                               link to the right deal, and propose governed next-step writes
   fullstackgtm suggest --plan-id <id> | --plan <path>  [source options] [--json] [--out <path>]
                                                derive values for requires_human_* placeholders
                                                from snapshot evidence, with confidence + reasons
@@ -403,6 +409,175 @@ function parseValueOverrides(args) {
     }
     return valueOverrides;
 }
+async function callCommand(args) {
+    const [subcommand, ...rest] = args;
+    const loadParsedCall = () => {
+        const callPath = option(rest, "--call");
+        if (callPath) {
+            return JSON.parse(readFileSync(resolve(process.cwd(), callPath), "utf8"));
+        }
+        const transcriptPath = option(rest, "--transcript");
+        if (!transcriptPath)
+            throw new Error(`call ${subcommand} requires --transcript <file> or --call <parsed.json>`);
+        const raw = readFileSync(resolve(process.cwd(), transcriptPath), "utf8");
+        const source = option(rest, "--source");
+        return parseCall(raw, {
+            title: option(rest, "--title") ?? undefined,
+            sourceSystem: source,
+            capturedAt: new Date().toISOString(),
+        });
+    };
+    if (subcommand === "parse") {
+        const parsed = loadParsedCall();
+        const outPath = option(rest, "--out");
+        if (outPath)
+            writeFileSync(resolve(process.cwd(), outPath), `${JSON.stringify(parsed, null, 2)}\n`);
+        if (rest.includes("--ndjson")) {
+            // One flat row per insight — warehouse-friendly (e.g. Snowflake COPY).
+            for (const insight of parsed.insights) {
+                console.log(JSON.stringify({
+                    call_id: parsed.id,
+                    call_title: parsed.title ?? null,
+                    source_system: parsed.sourceSystem,
+                    type: insight.type,
+                    title: insight.title,
+                    text: insight.text,
+                    evidence: insight.evidence,
+                    speaker: insight.speaker ?? null,
+                    confidence: insight.confidence,
+                    importance: insight.importance,
+                }));
+            }
+            return;
+        }
+        if (rest.includes("--json") || outPath) {
+            if (!outPath)
+                console.log(JSON.stringify(parsed, null, 2));
+            return;
+        }
+        console.log(`Call ${parsed.id}${parsed.title ? ` — ${parsed.title}` : ""} (${parsed.sourceSystem})`);
+        console.log(`${parsed.segments.length} segments · ${parsed.insights.length} insights (${parsed.summary.highImportance} high-importance)\n`);
+        for (const insight of parsed.insights) {
+            console.log(`[${insight.type}] (importance ${insight.importance}) ${insight.text}`);
+        }
+        return;
+    }
+    if (subcommand === "link") {
+        const attendees = option(rest, "--attendees");
+        const domain = option(rest, "--domain");
+        if (!attendees && !domain)
+            throw new Error("call link requires --attendees <emails,comma-separated> and/or --domain <example.com>");
+        const snapshot = await readSnapshot(rest);
+        const suggestion = suggestCallDeal(snapshot, {
+            attendeeEmails: attendees?.split(",").map((e) => e.trim()).filter(Boolean),
+            domain: domain ?? undefined,
+        });
+        if (rest.includes("--json")) {
+            console.log(JSON.stringify(suggestion, null, 2));
+        }
+        else {
+            const marker = suggestion.confidence === "high" ? "✓" : suggestion.confidence === "low" ? "~" : "✗";
+            console.log(`${marker} [${suggestion.confidence}] ${suggestion.dealId ?? "no match"}${suggestion.dealName ? ` — ${suggestion.dealName}` : ""}`);
+            console.log(`    ${suggestion.reason}`);
+        }
+        if (suggestion.confidence === "none")
+            process.exitCode = 1;
+        return;
+    }
+    if (subcommand === "plan") {
+        const dealId = option(rest, "--deal");
+        if (!dealId)
+            throw new Error("call plan requires --deal <dealId> (use `call link` to find it)");
+        const parsed = loadParsedCall();
+        const snapshot = await readSnapshot(rest);
+        const deal = snapshot.deals.find((row) => row.id === dealId);
+        if (!deal)
+            throw new Error(`Deal ${dealId} is not in the snapshot — check the id or the snapshot source.`);
+        const nextSteps = parsed.insights.filter((insight) => insight.type === "next_step");
+        if (nextSteps.length === 0) {
+            console.log("No next-step insights in this call — nothing to plan. (Other insight types are evidence, not writes.)");
+            return;
+        }
+        const [top, ...others] = nextSteps;
+        const proposed = top.text.trim().slice(0, 255);
+        const current = deal.nextStep?.trim() ?? "";
+        const plan = buildCallPlan(parsed, deal, proposed, current, others.slice(0, 3));
+        if (rest.includes("--save")) {
+            await createFilePlanStore().save(plan);
+            console.log(`Saved plan ${plan.id}. Review with \`fullstackgtm plans show ${plan.id}\`, approve with \`fullstackgtm plans approve ${plan.id} --operations <ids|all>\`, then \`fullstackgtm apply --plan-id ${plan.id} --provider <name>\`.`);
+            return;
+        }
+        console.log(rest.includes("--json") ? JSON.stringify(plan, null, 2) : patchPlanToMarkdown(plan));
+        return;
+    }
+    throw new Error(`call supports: parse, link, plan (got ${subcommand ?? "nothing"})`);
+}
+function buildCallPlan(parsed, deal, proposed, current, extraNextSteps) {
+    const findings = [];
+    const operations = [];
+    const nextStepEvidence = parsed.evidence.filter((item) => item.metadata?.insightType === "next_step");
+    const evidenceIds = nextStepEvidence.map((item) => item.id);
+    if (current.toLowerCase() !== proposed.toLowerCase()) {
+        findings.push({
+            id: `finding_${parsed.id.replace(/^call_/, "")}_${deal.id}`,
+            objectType: "deal",
+            objectId: deal.id,
+            ruleId: "call-next-step-not-reflected-in-crm",
+            type: "call_next_step_not_reflected_in_crm",
+            title: "Call agreed a next step the CRM does not reflect",
+            severity: "warning",
+            summary: current
+                ? `The call produced "${proposed}" but ${deal.name}'s next step still reads "${current}".`
+                : `The call produced "${proposed}" but ${deal.name} has no next step set.`,
+            recommendation: "Review the evidence and approve the next-step update.",
+            evidenceIds,
+            currentCrmValue: current || null,
+            proposedValue: proposed,
+        });
+        operations.push({
+            id: `op_${parsed.id.replace(/^call_/, "")}_next`,
+            objectType: "deal",
+            objectId: deal.id,
+            operation: "set_field",
+            field: "nextStep",
+            beforeValue: current || null,
+            afterValue: proposed,
+            reason: `Call evidence: ${nextStepEvidence[0]?.text.slice(0, 200) ?? proposed}`,
+            sourceRuleOrPolicy: "call_intelligence.next_step",
+            riskLevel: "high",
+            approvalRequired: true,
+            rollback: "Restore the previous deal next step (the before value) if the update is wrong.",
+            evidenceIds,
+        });
+    }
+    for (const [index, extra] of extraNextSteps.entries()) {
+        operations.push({
+            id: `op_${parsed.id.replace(/^call_/, "")}_task${index}`,
+            objectType: "deal",
+            objectId: deal.id,
+            operation: "create_task",
+            field: "follow_up_task",
+            beforeValue: null,
+            afterValue: extra.text.trim().slice(0, 255),
+            reason: `Additional commitment from the call: ${extra.evidence.slice(0, 160)}`,
+            sourceRuleOrPolicy: "call_intelligence.follow_up",
+            riskLevel: "low",
+            approvalRequired: true,
+            rollback: "Close or delete the created task.",
+        });
+    }
+    return {
+        id: `patch_plan_${parsed.id.replace(/^call_/, "")}${deal.id.slice(-4)}`,
+        title: `Call evidence plan${parsed.title ? ` — ${parsed.title}` : ""} → ${deal.name}`,
+        createdAt: new Date().toISOString(),
+        status: "needs_approval",
+        dryRun: true,
+        summary: `${findings.length} finding(s) and ${operations.length} proposed operation(s) from call ${parsed.id}.`,
+        findings,
+        evidence: parsed.evidence,
+        operations,
+    };
+}
 async function suggest(args) {
     const planId = option(args, "--plan-id");
     const planPath = option(args, "--plan");
@@ -1123,6 +1298,10 @@ export async function runCli(argv) {
         await suggest(args);
         return;
     }
+    if (command === "call") {
+        await callCommand(args);
+        return;
+    }
     if (command === "profiles") {
         profilesCommand(args);
         return;

package/dist/connectors/hubspot.js

@@ -440,6 +440,74 @@ export function createHubspotConnector(options) {
             detail: `Archived ${objectPath}/${operation.objectId}.`,
         };
     }
+    /**
+     * Merge a duplicate group into the approved survivor via HubSpot's v3
+     * merge API (supported for contacts, companies, deals, and tickets).
+     * Merges are pairwise and IRREVERSIBLE; the survivor's values win on
+     * conflict and each loser is archived by HubSpot. A loser that is already
+     * gone (404 — e.g. a replayed plan) is treated as already merged.
+     */
+    async function mergeRecords(operation) {
+        const objectPath = OBJECT_PATHS[operation.objectType];
+        if (!objectPath || operation.objectType === "user" || operation.objectType === "activity") {
+            return {
+                operationId: operation.id,
+                status: "skipped",
+                detail: "merge_records is supported for accounts, contacts, and deals.",
+            };
+        }
+        const survivorId = String(operation.afterValue ?? "");
+        const groupIds = Array.isArray(operation.beforeValue)
+            ? operation.beforeValue.map((id) => String(id))
+            : [];
+        if (!survivorId || groupIds.length < 2) {
+            return {
+                operationId: operation.id,
+                status: "skipped",
+                detail: "merge_records needs a survivor id (afterValue) and the duplicate group ids (beforeValue).",
+            };
+        }
+        if (!groupIds.includes(survivorId)) {
+            return {
+                operationId: operation.id,
+                status: "skipped",
+                detail: `Survivor ${survivorId} is not in the duplicate group (${groupIds.join(", ")}); refusing to merge into an unrelated record.`,
+            };
+        }
+        const losers = groupIds.filter((id) => id !== survivorId);
+        const mergedIds = [];
+        const alreadyGoneIds = [];
+        for (const loser of losers) {
+            try {
+                await request(`/crm/v3/objects/${objectPath}/merge`, {
+                    method: "POST",
+                    body: JSON.stringify({ primaryObjectId: survivorId, objectIdToMerge: loser }),
+                });
+                mergedIds.push(loser);
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : String(error);
+                if (message.includes(" 404")) {
+                    alreadyGoneIds.push(loser); // replayed plan: loser already merged/archived
+                    continue;
+                }
+                return {
+                    operationId: operation.id,
+                    status: "failed",
+                    detail: `Merged ${mergedIds.length} of ${losers.length} into ${survivorId}, then failed on ${loser}: ${message}`,
+                    providerData: { survivorId, mergedIds, alreadyGoneIds },
+                };
+            }
+        }
+        return {
+            operationId: operation.id,
+            status: mergedIds.length === 0 && alreadyGoneIds.length === losers.length ? "skipped" : "applied",
+            detail: mergedIds.length === 0 && alreadyGoneIds.length === losers.length
+                ? `All ${losers.length} duplicates were already merged into ${survivorId}; nothing to do.`
+                : `Merged ${mergedIds.length} duplicate ${objectPath} into ${survivorId}${alreadyGoneIds.length ? ` (${alreadyGoneIds.length} already gone)` : ""}. Irreversible.`,
+            providerData: { survivorId, mergedIds, alreadyGoneIds },
+        };
+    }
     async function applyOperation(operation) {
         try {
             switch (operation.operation) {
@@ -450,6 +518,8 @@ export function createHubspotConnector(options) {
                     return await linkRecord(operation);
                 case "create_task":
                     return await createTask(operation);
+                case "merge_records":
+                    return await mergeRecords(operation);
                 case "archive_record":
                     return await archiveRecord(operation);
                 default:

package/dist/connectors/salesforce.js

@@ -338,6 +338,15 @@ export function createSalesforceConnector(options) {
                 }
                 case "create_task":
                     return await createTask(operation);
+                case "merge_records":
+                    // Salesforce merge exists only in the SOAP API and Apex (Lead,
+                    // Contact, Account, Case; max 3 records) — there is no REST merge
+                    // resource. Surface that honestly instead of half-merging.
+                    return {
+                        operationId: operation.id,
+                        status: "skipped",
+                        detail: "Salesforce merge requires the SOAP API or Apex (Lead/Contact/Account/Case only) — this REST connector cannot merge. Merge in the Salesforce UI, or archive the duplicates explicitly.",
+                    };
                 case "archive_record":
                     return await archiveRecord(operation);
                 default:

package/dist/index.d.ts

@@ -15,6 +15,7 @@ export { formatPatchPlanRun, patchPlanToMarkdown } from "./format.ts";
 export { auditReportToHtml, auditReportToMarkdown, type ReportOptions } from "./report.ts";
 export { HUBSPOT_DEFAULT_FIELD_MAPPINGS, SALESFORCE_DEFAULT_FIELD_MAPPINGS, mappedField, mappedFields, normalizeFieldMappings, readMappedValue, type CrmObjectType, type FieldMappings, } from "./mappings.ts";
 export { accountSingleSourceRule, activeDealAccountWithoutContactsRule, auditFindingId, buildSnapshotIndex, builtinAuditRules, closingSoonInactiveRule, duplicateAccountDomainRule, duplicateContactEmailRule, duplicateOpenDealRule, missingDealAccountRule, missingDealAmountRule, missingDealOwnerRule, orphanAccountRule, pastCloseDateRule, patchOperationId, requiresHumanInput, staleDealRule, } from "./rules.ts";
+export { extractCallInsights, normalizeTranscript, parseCall, parseTranscript, suggestCallDeal, summarizeInsights, type CallDealSuggestion, type CallInsightType, type ExtractedCallInsight, type ParsedCall, type ParsedTranscriptSegment, } from "./calls.ts";
 export { sampleSnapshot } from "./sampleData.ts";
 export { suggestValues, type SuggestionConfidence, type ValueSuggestion } from "./suggest.ts";
 export type { ApprovalStatus, AuditFinding, AuditFindingSeverity, CanonicalAccount, CanonicalActivity, CanonicalContact, CanonicalDeal, CanonicalGtmSnapshot, CanonicalUser, CrmProvider, GtmAuditRule, GtmConnector, GtmEvidence, GtmEvidenceSourceSystem, GtmObjectType, GtmPolicy, GtmRuleContext, GtmRuleResult, GtmSnapshotIndex, PatchOperation, PatchOperationResult, PatchOperationType, PatchPlan, PatchPlanRun, PatchPlanRunStatus, PatchVerification, PipelineFinding, PipelineFindingStatus, PipelineFindingType, ProviderIdentity, RiskLevel, SourceFreshness, } from "./types.ts";

package/dist/index.js

@@ -15,5 +15,6 @@ export { formatPatchPlanRun, patchPlanToMarkdown } from "./format.js";
 export { auditReportToHtml, auditReportToMarkdown } from "./report.js";
 export { HUBSPOT_DEFAULT_FIELD_MAPPINGS, SALESFORCE_DEFAULT_FIELD_MAPPINGS, mappedField, mappedFields, normalizeFieldMappings, readMappedValue, } from "./mappings.js";
 export { accountSingleSourceRule, activeDealAccountWithoutContactsRule, auditFindingId, buildSnapshotIndex, builtinAuditRules, closingSoonInactiveRule, duplicateAccountDomainRule, duplicateContactEmailRule, duplicateOpenDealRule, missingDealAccountRule, missingDealAmountRule, missingDealOwnerRule, orphanAccountRule, pastCloseDateRule, patchOperationId, requiresHumanInput, staleDealRule, } from "./rules.js";
+export { extractCallInsights, normalizeTranscript, parseCall, parseTranscript, suggestCallDeal, summarizeInsights, } from "./calls.js";
 export { sampleSnapshot } from "./sampleData.js";
 export { suggestValues } from "./suggest.js";

package/dist/mcp.js

@@ -45,6 +45,7 @@ import { generateDemoSnapshot } from "./demo.js";
 import { formatPatchPlanRun, patchPlanToMarkdown } from "./format.js";
 import { builtinAuditRules } from "./rules.js";
 import { sampleSnapshot } from "./sampleData.js";
+import { parseCall } from "./calls.js";
 import { suggestValues } from "./suggest.js";
 function content(value) {
     return {
@@ -156,6 +157,25 @@ export async function startMcpServer() {
         const snapshot = await readSnapshot(provider, inputPath);
         return content({ suggestions: suggestValues(plan, snapshot) });
     });
+    server.registerTool("fullstackgtm_call_parse", {
+        title: "Parse Call Transcript",
+        description: "Deterministically parse a call transcript (Speaker:/[Speaker]: lines or Granola " +
+            "utterance JSON) into canonical segments, keyword-derived insights (next steps, " +
+            "objections, pricing, risks, competitor mentions...), and GtmEvidence records. " +
+            "Read-only and LLM-free; pair with fullstackgtm_audit/apply for governed writes.",
+        inputSchema: {
+            transcript: z.string().optional(),
+            transcriptPath: z.string().optional(),
+            title: z.string().optional(),
+            source: z.enum(["gong", "chorus", "fathom", "manual", "csv", "unknown"]).optional(),
+        },
+    }, async ({ transcript, transcriptPath, title, source }) => {
+        const raw = transcript ??
+            (transcriptPath ? readFileSync(resolve(process.cwd(), transcriptPath), "utf8") : null);
+        if (!raw)
+            throw new Error("Provide transcript (text) or transcriptPath (file).");
+        return content(parseCall(raw, { title, sourceSystem: source }));
+    });
     server.registerTool("fullstackgtm_rules", {
         title: "List Audit Rules",
         description: "List the built-in deterministic audit rules with ids and descriptions.",

package/dist/rules.js

@@ -333,13 +333,14 @@ export const duplicateAccountDomainRule = {
                 id: patchOperationId("duplicate-account-domain", anchor.id),
                 objectType: "account",
                 objectId: anchor.id,
-                operation: "create_task",
-                field: "merge_review_task",
-                beforeValue: null,
-                afterValue: `Review ${accounts.length} accounts sharing ${domain} and merge duplicates`,
-                reason: "Duplicate accounts split pipeline, attribution, and ownership.",
-                riskLevel: "medium",
+                operation: "merge_records",
+                field: "merge",
+                beforeValue: accounts.map((account) => account.id),
+                afterValue: "requires_human_survivor_selection",
+                reason: `Duplicate accounts split pipeline, attribution, and ownership. Merge the ${accounts.length} accounts sharing ${domain} into one survivor.`,
+                riskLevel: "high",
                 approvalRequired: true,
+                rollback: "IRREVERSIBLE: provider merges cannot be unmerged. The pre-apply snapshot retains every record's field values; recreate a record manually from it if a merge was wrong.",
             });
         }
         return { findings, operations };
@@ -369,13 +370,14 @@ export const duplicateContactEmailRule = {
                 id: patchOperationId("duplicate-contact-email", anchor.id),
                 objectType: "contact",
                 objectId: anchor.id,
-                operation: "create_task",
-                field: "merge_review_task",
-                beforeValue: null,
-                afterValue: `Review ${contacts.length} contacts sharing ${email} and merge duplicates`,
-                reason: "Duplicate contacts fragment engagement history and double-route outreach.",
-                riskLevel: "low",
+                operation: "merge_records",
+                field: "merge",
+                beforeValue: contacts.map((contact) => contact.id),
+                afterValue: "requires_human_survivor_selection",
+                reason: `Duplicate contacts fragment engagement history and double-route outreach. Merge the ${contacts.length} contacts sharing ${email} into one survivor.`,
+                riskLevel: "high",
                 approvalRequired: true,
+                rollback: "IRREVERSIBLE: provider merges cannot be unmerged. The pre-apply snapshot retains every record's field values; recreate a record manually from it if a merge was wrong.",
             });
         }
         return { findings, operations };
@@ -415,13 +417,14 @@ export const duplicateOpenDealRule = {
                 id: patchOperationId("duplicate-open-deal", anchor.id),
                 objectType: "deal",
                 objectId: anchor.id,
-                operation: "create_task",
-                field: "merge_review_task",
-                beforeValue: null,
-                afterValue: `Review ${deals.length} duplicate open deals named "${anchor.name}" — keep one, archive ${deals.length - 1}`,
-                reason: "Duplicate open deals inflate pipeline and forecast the same revenue more than once.",
-                riskLevel: "medium",
+                operation: "merge_records",
+                field: "merge",
+                beforeValue: deals.map((deal) => deal.id),
+                afterValue: "requires_human_survivor_selection",
+                reason: `Duplicate open deals inflate pipeline and forecast the same revenue more than once. Merge the ${deals.length} deals named "${anchor.name}" into one survivor.`,
+                riskLevel: "high",
                 approvalRequired: true,
+                rollback: "IRREVERSIBLE: provider merges cannot be unmerged. The pre-apply snapshot retains every record's field values; recreate a record manually from it if a merge was wrong.",
             });
         }
         return { findings, operations };

package/dist/suggest.js

@@ -22,6 +22,10 @@ export function suggestValues(plan, snapshot) {
             suggestions.push(suggestDealAccount(operation, dealsById, accountsByNorm, accountsById, contactsByName));
             continue;
         }
+        if (placeholder === "requires_human_survivor_selection") {
+            suggestions.push(suggestSurvivor(operation, snapshot, dealsById));
+            continue;
+        }
         if (placeholder === "requires_human_owner_selection" && activeUsers.length === 1) {
             suggestions.push({
                 operationId: operation.id,
@@ -140,6 +144,79 @@ function suggestDealAccount(operation, dealsById, accountsByNorm, accountsById,
             : `Deal name "${deal.name}" has no "Contact - Company" pattern to derive a company from. Supply --value ${operation.id}=<accountId> or create:<Company Name>.`,
     };
 }
+/**
+ * Survivor selection for merge_records. Ranking is deterministic and
+ * evidence-based: most complete record first (count of populated canonical
+ * fields), most recent activity as the tiebreaker, group order last.
+ * Confidence is capped at "low" by design: merges are irreversible, so a
+ * survivor suggestion must never clear the default bulk-approval bar —
+ * accepting one requires --min-confidence low or an explicit --value.
+ */
+function suggestSurvivor(operation, snapshot, dealsById) {
+    const base = {
+        operationId: operation.id,
+        objectType: operation.objectType,
+        objectId: operation.objectId,
+        objectName: dealsById.get(operation.objectId)?.name,
+        placeholder: "requires_human_survivor_selection",
+    };
+    const groupIds = Array.isArray(operation.beforeValue)
+        ? operation.beforeValue.map((id) => String(id))
+        : [];
+    if (groupIds.length < 2) {
+        return {
+            ...base,
+            suggestedValue: null,
+            confidence: "none",
+            reason: "Operation does not carry a duplicate group (expected ids in beforeValue).",
+        };
+    }
+    const collection = operation.objectType === "account"
+        ? snapshot.accounts
+        : operation.objectType === "contact"
+            ? snapshot.contacts
+            : operation.objectType === "deal"
+                ? snapshot.deals
+                : [];
+    const records = groupIds
+        .map((id) => collection.find((row) => row.id === id))
+        .filter((row) => row !== undefined);
+    if (records.length !== groupIds.length) {
+        return {
+            ...base,
+            suggestedValue: null,
+            confidence: "none",
+            reason: "Not every group member is present in the snapshot; re-run the audit before merging.",
+        };
+    }
+    const ranked = [...records].sort((a, b) => {
+        const completeness = populatedFields(b) - populatedFields(a);
+        if (completeness !== 0)
+            return completeness;
+        return activityMs(b) - activityMs(a);
+    });
+    const winner = ranked[0];
+    const runnerUp = ranked[1];
+    const name = "name" in winner && typeof winner.name === "string" ? winner.name : winner.id;
+    return {
+        ...base,
+        suggestedValue: winner.id,
+        confidence: "low",
+        reason: `"${name}" (${winner.id}) is the most complete record in the group ` +
+            `(${populatedFields(winner)} populated fields vs ${populatedFields(runnerUp)}` +
+            `${activityMs(winner) > activityMs(runnerUp) ? ", and more recent activity" : ""}). ` +
+            `Merging is IRREVERSIBLE — survivor suggestions never exceed low confidence; ` +
+            `approve with --min-confidence low or an explicit --value after review.`,
+    };
+}
+function populatedFields(record) {
+    return Object.values(record).filter((value) => value !== undefined && value !== null && value !== "").length;
+}
+function activityMs(record) {
+    const value = record.lastActivityAt;
+    const parsed = value ? Date.parse(value) : NaN;
+    return Number.isFinite(parsed) ? parsed : 0;
+}
 function normalize(value) {
     return value
         .toLowerCase()

package/dist/types.d.ts

@@ -10,7 +10,7 @@ export type RiskLevel = "low" | "medium" | "high";
 export type ApprovalStatus = "draft" | "needs_approval" | "approved" | "rejected" | "applied";
 export type GtmObjectType = "account" | "contact" | "deal" | "user" | "activity";
 export type GtmEvidenceSourceSystem = "salesforce" | "hubspot" | "gong" | "chorus" | "fathom" | "manual" | "csv" | "mock" | "unknown";
-export type PatchOperationType = "set_field" | "clear_field" | "link_record" | "archive_record" | "create_task";
+export type PatchOperationType = "set_field" | "clear_field" | "link_record" | "archive_record" | "create_task" | "merge_records";
 export type AuditFindingSeverity = "info" | "warning" | "critical";
 /**
  * One claim that a canonical record exists in an external system. A record

package/docs/api.md

@@ -40,7 +40,7 @@ release.
 - `GtmConnector` — `{ provider, fetchSnapshot(), applyOperation?, readField?, fetchChanges? }`.
   - Connectors never silently drop unresolvable records; audits surface them.
   - `fetchChanges(sinceIso)` returns a partial snapshot; change feeds may omit associations.
-- `createHubspotConnector(options)` — read/write/readField/fetchChanges. `applyOperation` implements every `PatchOperationType`: `set_field`, `clear_field`, `link_record`, `create_task`, `archive_record`.
+- `createHubspotConnector(options)` — read/write/readField/fetchChanges. `applyOperation` implements every `PatchOperationType`: `set_field`, `clear_field`, `link_record`, `create_task`, `archive_record`, `merge_records` (HubSpot v3 merge — pairwise, irreversible; survivor must belong to the duplicate group). The Salesforce connector skips `merge_records` honestly (SOAP/Apex-only on that platform).
 - `createSalesforceConnector(options)` — read/write/readField/fetchChanges; probabilities normalized to 0..1; `applyOperation` implements every operation type.
 - `createStripeConnector(options)` — read-only billing by design (`applyOperation` returns `skipped`); email domains are the cross-system merge keys. Implements `fetchChanges` (incremental via `created[gte]`).
 

package/docs/crm-health-lifecycle.md

@@ -130,6 +130,6 @@ Lessons from auditing our own apply path:
 | Release | Scope |
 | --- | --- |
 | 0.11.1 | Fix our own faucet: resolve-first `create:` + plan-scoped dedup, HubSpot association-aware CAS for `link_record`, domain normalization in `duplicate-account-domain`, `create_task` idempotency token |
-| 0.12 | `merge_records` (HubSpot contacts/companies/deals) + survivor suggestions; rules emit governed merges for dupe groups |
+| 0.12 (shipped) | `merge_records` (HubSpot contacts/companies/deals) + survivor suggestions capped at low confidence; the three duplicate rules emit governed merges instead of review tasks |
 | 0.13 | `resolve` gate (CLI/lib/MCP), provenance capture + attribution in findings, prevention-posture checks |
 | docs | The nightly watch recipe (existing flags, documented as CRM CI) |

package/llms.txt

@@ -18,6 +18,13 @@ at/above `--fail-on`.
 - [CRM-health lifecycle](https://github.com/fullstackgtm/core/blob/main/docs/crm-health-lifecycle.md): the Prevent → Detect → Remediate → Verify/Attribute model; no-new-dupes design
 - [CHANGELOG](https://github.com/fullstackgtm/core/blob/main/CHANGELOG.md): release history
 
+## Key invariants (calls)
+
+`fullstackgtm call parse` (and MCP fullstackgtm_call_parse) is deterministic
+and LLM-free; `call link` suggests the deal with confidence + reason;
+`call plan` proposes governed next-step writes through the standard
+approve/apply lifecycle.
+
 ## Key invariants
 
 - Reads are safe by default; nothing is written without explicit `--approve`

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fullstackgtm",
-  "version": "0.11.1",
+  "version": "0.13.0",
   "description": "Open-source agentic GTM ops framework: canonical GTM data model, pluggable deterministic audits, reviewable dry-run patch plans, approval-gated write-back with conflict detection, and cross-system entity resolution. HubSpot, Salesforce, and Stripe connectors included.",
   "license": "Apache-2.0",
   "author": "Full Stack GTM",