fullstackgtm 0.45.0 → 0.47.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +115 -1
- package/INSTALL_FOR_AGENTS.md +13 -11
- package/README.md +27 -18
- package/dist/backfill.d.ts +86 -0
- package/dist/backfill.js +251 -0
- package/dist/bin.js +4 -1
- package/dist/cli/auth.d.ts +2 -0
- package/dist/cli/auth.js +119 -12
- package/dist/cli/backfill.d.ts +1 -0
- package/dist/cli/backfill.js +125 -0
- package/dist/cli/backfillRuns.d.ts +1 -0
- package/dist/cli/backfillRuns.js +187 -0
- package/dist/cli/call.js +23 -9
- package/dist/cli/enrich.js +28 -10
- package/dist/cli/fix.js +9 -7
- package/dist/cli/help.js +60 -23
- package/dist/cli/plans.js +13 -11
- package/dist/cli/shared.d.ts +4 -3
- package/dist/cli/shared.js +31 -20
- package/dist/cli/ui.d.ts +21 -0
- package/dist/cli/ui.js +53 -1
- package/dist/cli.js +37 -41
- package/dist/connector.d.ts +8 -0
- package/dist/connector.js +104 -21
- package/dist/connectors/hubspot.d.ts +8 -1
- package/dist/connectors/hubspot.js +406 -13
- package/dist/connectors/hubspotAuth.js +5 -1
- package/dist/connectors/linkedin.js +14 -14
- package/dist/connectors/salesforce.d.ts +8 -1
- package/dist/connectors/salesforce.js +163 -2
- package/dist/connectors/stripe.d.ts +37 -0
- package/dist/connectors/stripe.js +103 -31
- package/dist/enrich.d.ts +7 -0
- package/dist/enrich.js +7 -0
- package/dist/health.d.ts +11 -69
- package/dist/health.js +4 -134
- package/dist/healthScore.d.ts +71 -0
- package/dist/healthScore.js +143 -0
- package/dist/index.d.ts +3 -1
- package/dist/index.js +3 -1
- package/dist/llm.d.ts +29 -0
- package/dist/llm.js +206 -0
- package/dist/market.d.ts +39 -1
- package/dist/market.js +116 -44
- package/dist/marketClassify.d.ts +9 -1
- package/dist/marketClassify.js +10 -1
- package/dist/marketTaxonomy.d.ts +6 -1
- package/dist/marketTaxonomy.js +4 -2
- package/dist/mcp-bin.js +29 -0
- package/dist/mcp.js +117 -4
- package/dist/progress.d.ts +96 -0
- package/dist/progress.js +142 -0
- package/dist/runReport.d.ts +24 -0
- package/dist/runReport.js +139 -4
- package/dist/types.d.ts +33 -1
- package/docs/api.md +4 -2
- package/docs/architecture.md +2 -0
- package/docs/linkedin-connector-spec.md +1 -1
- package/llms.txt +3 -3
- package/package.json +10 -3
- package/skills/fullstackgtm/SKILL.md +1 -0
- package/src/backfill.ts +340 -0
- package/src/bin.ts +5 -1
- package/src/cli/auth.ts +135 -15
- package/src/cli/backfill.ts +156 -0
- package/src/cli/backfillRuns.ts +198 -0
- package/src/cli/call.ts +26 -10
- package/src/cli/enrich.ts +33 -10
- package/src/cli/fix.ts +11 -10
- package/src/cli/help.ts +61 -23
- package/src/cli/plans.ts +15 -14
- package/src/cli/shared.ts +44 -27
- package/src/cli/ui.ts +72 -1
- package/src/cli.ts +38 -41
- package/src/connector.ts +110 -16
- package/src/connectors/hubspot.ts +423 -14
- package/src/connectors/hubspotAuth.ts +5 -1
- package/src/connectors/linkedin.ts +14 -14
- package/src/connectors/salesforce.ts +168 -3
- package/src/connectors/stripe.ts +154 -34
- package/src/enrich.ts +13 -0
- package/src/health.ts +14 -213
- package/src/healthScore.ts +223 -0
- package/src/index.ts +28 -1
- package/src/llm.ts +239 -0
- package/src/market.ts +157 -44
- package/src/marketClassify.ts +18 -1
- package/src/marketTaxonomy.ts +10 -2
- package/src/mcp-bin.ts +32 -0
- package/src/mcp.ts +140 -6
- package/src/progress.ts +197 -0
- package/src/runReport.ts +159 -4
- package/src/types.ts +35 -2
- package/docs/dx-punch-list.md +0 -87
- package/docs/roadmap-to-1.0.md +0 -211
package/docs/dx-punch-list.md
DELETED
|
@@ -1,87 +0,0 @@
|
|
|
1
|
-
# DX / adoption punch list
|
|
2
|
-
|
|
3
|
-
Audit date: 2026-06-19. Method: ran the CLI as a new adopter would (bare
|
|
4
|
-
invoke → `doctor` → `audit --demo` → per-command `--help`) and measured the
|
|
5
|
-
friction, rather than reading the source. Companion to the security/strategic
|
|
6
|
-
findings that drove the 0.25.1–0.28.0 hardening releases — same format, same
|
|
7
|
-
intent: a tracked list that drives a release.
|
|
8
|
-
|
|
9
|
-
## Framing
|
|
10
|
-
|
|
11
|
-
The **agent path** (SKILL.md verb map, MCP tools, `--json` everywhere,
|
|
12
|
-
gate-shaped exit codes 0/1/2) is cohesive and adopts cleanly. The **human
|
|
13
|
-
path** is the weak side — and the human is a primary user (the consultant-CLI,
|
|
14
|
-
dogfood-on-client-work direction). Every fix below either *deepens an existing
|
|
15
|
-
verb* or *connects two existing verbs*; none adds a new top-level noun. The
|
|
16
|
-
adoption work **is** the "deeper not broader" work.
|
|
17
|
-
|
|
18
|
-
`doctor` (ends with "Next step") and `fix` (chains audit→suggest→approve→apply)
|
|
19
|
-
already do the right thing. Cohesion here = make every verb behave like
|
|
20
|
-
`doctor` and `fix` already do.
|
|
21
|
-
|
|
22
|
-
## Findings (evidence-backed)
|
|
23
|
-
|
|
24
|
-
| # | Finding | Evidence | Impact |
|
|
25
|
-
| --- | --- | --- | --- |
|
|
26
|
-
| F1 | **Front door is a firehose** | bare invoke = 194 lines; 22 verbs / 87 distinct flags; `cli.ts` is 3,615 lines | New user can't find the ~6 things they actually do |
|
|
27
|
-
| F2 | **Credential-free entry point dead-ends** | `audit --demo` (the README's "try it first") dumps **1,467 lines** to stdout and ends on a blank line — no "next step," unlike `doctor` | The single most-run first command strands you |
|
|
28
|
-
| F3 | **No per-command help** | `dedupe --help`, `audit --help` fall through to the same 194-line global wall | A stuck user gets the firehose, not the answer |
|
|
29
|
-
| F4 | **No altitude control on reads** | `audit` has only `--json` / `--out` / `--format`; no `--summary` / `--top` / `--quiet`. Human mode *is* the 1,467-line dump | Default human output is unreadable yet not machine-parseable |
|
|
30
|
-
| F5 | **Tone undercuts positioning** | `audit --demo` footer: "This prototype is dry-run only" | Reads as toy vs. the beta/production-safety-invariant framing |
|
|
31
|
-
| F6 | **No guided mode** | `readline` is used only for the login secret prompt | Every workflow is hand-assembled from flags; nothing scaffolds the loop |
|
|
32
|
-
|
|
33
|
-
## Fix sequence (highest leverage first)
|
|
34
|
-
|
|
35
|
-
### 1. Progressive-disclosure help — IN PROGRESS
|
|
36
|
-
Fixes **F1, F3**. The full `usage()` becomes the explicit full reference
|
|
37
|
-
(`fullstackgtm help --full`). Add:
|
|
38
|
-
- `shortUsage()` — a ~30-line map of the verbs grouped by lifecycle phase
|
|
39
|
-
(Setup · Detect · Prevent · Remediate · Calls · Govern · Market · Schedule),
|
|
40
|
-
one line each, ending with `<command> --help` and `help --full` pointers.
|
|
41
|
-
Becomes the default for bare invoke and `--help`.
|
|
42
|
-
- `commandHelp(command)` — focused per-verb help (summary, synopsis, where it
|
|
43
|
-
sits in the loop, key options, see-also). `<verb> --help` zooms in instead
|
|
44
|
-
of dumping the surface. `call`/`market`/`enrich`/`bulk-update`/`schedule`
|
|
45
|
-
keep their existing bespoke help.
|
|
46
|
-
- `help [command] [--full]` command.
|
|
47
|
-
|
|
48
|
-
### 2. Every verb hands you the next step — DONE (audit keystone)
|
|
49
|
-
Fixes **F2**. `auditNextStep()` gives `audit` context-aware forward guidance on
|
|
50
|
-
stderr (stdout stays clean for pipes/`--out`; suppressed under `--json`):
|
|
51
|
-
- **demo/sample** → "Client-ready writeup: `report --demo`" + "Run on your CRM:
|
|
52
|
-
`login hubspot` → `audit --provider hubspot --save`"
|
|
53
|
-
- **live + `--save`** → the governed spine: `suggest` → `plans approve
|
|
54
|
-
--values-from` → `apply`, with the real plan id
|
|
55
|
-
- **0 findings** → "clean — gate new records with `resolve`, schedule a check"
|
|
56
|
-
|
|
57
|
-
The lifecycle spine made *experiential* — each command knows its phase and
|
|
58
|
-
points forward (`doctor`/`fix` were the templates). `audit` is the keystone
|
|
59
|
-
(the documented dead-end); the helper pattern now generalizes to the other read
|
|
60
|
-
verbs (`report`, `resolve`, `dedupe` previews) in a follow-up.
|
|
61
|
-
|
|
62
|
-
### 3. Altitude control on the firehose — DONE
|
|
63
|
-
Fixes **F4**. `patchPlanToMarkdown(plan, { summary })` gains a summary view
|
|
64
|
-
(header + Findings-by-Rule table + operation count + pointers to `--full` and
|
|
65
|
-
`report`). `audit` defaults to it — **1,467 → 24 lines** on the demo — with
|
|
66
|
-
`--full` to opt back into the per-operation dump. The default stays *full* for
|
|
67
|
-
every other caller (bulk-update, fix, dedupe, plans show, MCP): write-preview
|
|
68
|
-
verbs keep full operation detail because you approve specific ops there. The
|
|
69
|
-
principled split — audit = "what's wrong" (summary → `report`); write verbs =
|
|
70
|
-
"exactly what I'll change" (full) — is the real win.
|
|
71
|
-
|
|
72
|
-
### 4. Tone pass — DONE
|
|
73
|
-
Fixes **F5**. The "This prototype is dry-run only" footer is replaced
|
|
74
|
-
everywhere with safety-invariant framing matching README/SKILL: "Dry-run plan —
|
|
75
|
-
read-only. No provider write happens until you approve specific operations and
|
|
76
|
-
run `apply`; placeholder values are refused without an explicit override. These
|
|
77
|
-
safety invariants are not beta." No "prototype" string remains in user output.
|
|
78
|
-
|
|
79
|
-
## Deferred (bigger bets, gated on 1–4 landing)
|
|
80
|
-
- **Engagement workspace**: per-client `.fullstackgtm/` state that accumulates
|
|
81
|
-
snapshots, plans, evidence, and a health-over-time score — turns episodic
|
|
82
|
-
audits into a continuously-operated system.
|
|
83
|
-
- **Journey commands**: 2–3 opinionated composites (onboard-a-client,
|
|
84
|
-
health-rollup) sequencing existing verbs into revops jobs.
|
|
85
|
-
|
|
86
|
-
There is no point building the engagement workspace while the front door dumps
|
|
87
|
-
1,467 lines. Land the DX fixes first.
|
package/docs/roadmap-to-1.0.md
DELETED
|
@@ -1,211 +0,0 @@
|
|
|
1
|
-
# fullstackgtm: 0.1 → 1.0
|
|
2
|
-
|
|
3
|
-
The planned, versioned path from first publish to a stable 1.0. Each milestone
|
|
4
|
-
is shippable on its own, ordered so that every step consolidates the
|
|
5
|
-
architecture before the next step expands it. The invariants that hold at
|
|
6
|
-
every version:
|
|
7
|
-
|
|
8
|
-
1. **The package is the product; the app is an adapter.** Anything the app
|
|
9
|
-
needs from a provider goes through the package connector. New capability
|
|
10
|
-
lands in the package first.
|
|
11
|
-
2. **Reads are free, writes are patch plans.** No code path may mutate a
|
|
12
|
-
provider except `applyPatchPlan` / `applyOperation` with explicit approval.
|
|
13
|
-
3. **Deterministic and diffable.** Same inputs produce the same findings with
|
|
14
|
-
the same ids. Golden tests over the demo dataset enforce this.
|
|
15
|
-
4. **Zero-dependency core.** Connectors use `fetch`; optional integrations
|
|
16
|
-
(MCP) stay optional peers.
|
|
17
|
-
|
|
18
|
-
## 0.1.0 — The loop exists (done)
|
|
19
|
-
|
|
20
|
-
Canonical model, pluggable rule engine, patch plans, safe apply, HubSpot
|
|
21
|
-
connector, CLI/MCP, demo dataset, CLI auth (private app token, loopback
|
|
22
|
-
OAuth), broker pairing against a hosted deployment, CI + tag-publish
|
|
23
|
-
automation.
|
|
24
|
-
|
|
25
|
-
## 0.2.0 — Provider parity and operational trust (done)
|
|
26
|
-
|
|
27
|
-
- **Salesforce connector** behind the same `GtmConnector` contract: SOQL with
|
|
28
|
-
cursor pagination, PATCH write-back, probabilities normalized to canonical
|
|
29
|
-
0..1, never drops unresolvable records.
|
|
30
|
-
- **Salesforce CLI auth**: native device flow (code on any device, no client
|
|
31
|
-
secret, silent refresh) plus manual token + instance URL.
|
|
32
|
-
- **Broker mint for Salesforce**: paired CLIs receive `accessToken +
|
|
33
|
-
instanceUrl + fieldMappings` from the org's stored credentials.
|
|
34
|
-
- **CLI token observability**: paired-CLI list with last-used timestamps and
|
|
35
|
-
one-click revoke in the dashboard.
|
|
36
|
-
- App consolidation: `convex/salesforceActions.ts` collapses onto the package
|
|
37
|
-
connector like the HubSpot path did.
|
|
38
|
-
|
|
39
|
-
## 0.3.0 — One patch-plan vocabulary (done)
|
|
40
|
-
|
|
41
|
-
The last internal duplication: the app's durable `patchPlans` tables speak
|
|
42
|
-
`verb`/`operation` strings while the package speaks typed `PatchOperation`s.
|
|
43
|
-
|
|
44
|
-
- Package: add a `PlanStore` interface (persist plan → approve operations →
|
|
45
|
-
record runs) so durable workflows are a first-class framework concern, not
|
|
46
|
-
an app concern.
|
|
47
|
-
- App: migrate `patchPlans`/`patchOperations` rows to the package types
|
|
48
|
-
(schema migration with a compatibility window), route
|
|
49
|
-
`patchPlanActions.apply` through `applyPatchPlan`.
|
|
50
|
-
- Exit criterion: the dashboard review queue and `fullstackgtm apply` operate
|
|
51
|
-
on byte-identical plan documents.
|
|
52
|
-
|
|
53
|
-
## 0.4.0 — Policy as config, rules as packages (done)
|
|
54
|
-
|
|
55
|
-
Make the rule engine the community surface.
|
|
56
|
-
|
|
57
|
-
- `fullstackgtm.config.json` (or `.ts`): policy thresholds, enabled rules,
|
|
58
|
-
per-rule severity overrides, custom rule module paths.
|
|
59
|
-
- Rule metadata: category, default severity, docs URL; `fullstackgtm rules`
|
|
60
|
-
becomes generated documentation.
|
|
61
|
-
- 10–15 additional built-in rules drawn from real RevOps pain: duplicate
|
|
62
|
-
accounts by domain, contacts without owners, deals closing this quarter
|
|
63
|
-
with no activity in 14 days, stage/probability drift, currency mismatches.
|
|
64
|
-
- Exit criterion: a third party can publish an npm package of rules and a
|
|
65
|
-
user can enable it from config without forking.
|
|
66
|
-
|
|
67
|
-
## 0.5.0 — Time: snapshot history and drift (done)
|
|
68
|
-
|
|
69
|
-
- Snapshot archive conventions (local directory or any mounted/S3-backed
|
|
70
|
-
path) with `fullstackgtm snapshot --archive`.
|
|
71
|
-
- `fullstackgtm diff <a> <b>`: what changed between snapshots — records,
|
|
72
|
-
fields, and *findings* (hygiene drift), built on the stable-id property.
|
|
73
|
-
- Audit trends in the hosted app (the observability layer earns its keep).
|
|
74
|
-
- Exit criterion: a nightly CI job can fail on hygiene regression, not just
|
|
75
|
-
hygiene presence.
|
|
76
|
-
|
|
77
|
-
## 0.6.0 — Many systems, one entity (done — Stripe is the first non-CRM connector)
|
|
78
|
-
|
|
79
|
-
The original thesis: GTM data disagrees across systems.
|
|
80
|
-
|
|
81
|
-
- Entity resolution over `identities` claims: merge canonical records from
|
|
82
|
-
multiple snapshots (CRM + marketing + billing) by domain/email/external-id
|
|
83
|
-
heuristics, with explicit confidence and human-reviewable merge plans (the
|
|
84
|
-
patch-plan safety model applied to identity).
|
|
85
|
-
- Cross-system audit rules: "account exists in billing but not CRM",
|
|
86
|
-
"marketing-qualified contact has no CRM owner".
|
|
87
|
-
- First non-CRM connector (likely billing — Stripe — or marketing) to prove
|
|
88
|
-
the contract generalizes.
|
|
89
|
-
- Exit criterion: one audit over a merged snapshot from two live systems.
|
|
90
|
-
|
|
91
|
-
## 0.7.0 — Sync maturity (done)
|
|
92
|
-
|
|
93
|
-
- Incremental fetch: provider cursors (HubSpot `updatedAfter` search,
|
|
94
|
-
Salesforce `SystemModstamp` filters) behind an optional
|
|
95
|
-
`fetchChanges(since)` connector capability.
|
|
96
|
-
- Conflict surfacing: when a provider value changed under an unapplied patch
|
|
97
|
-
operation, the plan flags it instead of writing blind (compare-and-set).
|
|
98
|
-
- Exit criterion: hourly sync of a 100k-record org without full re-pulls.
|
|
99
|
-
|
|
100
|
-
## 0.8–0.9 — Hardening and freeze (done)
|
|
101
|
-
|
|
102
|
-
- API review and freeze of `types.ts`, connector contract, CLI flags, MCP
|
|
103
|
-
schemas; deprecations resolved.
|
|
104
|
-
- Security review of the auth surfaces (credential store, broker endpoints,
|
|
105
|
-
token lifecycle); rate limiting on the device-flow endpoints.
|
|
106
|
-
- Docs site with the operating-model registry as browsable reference.
|
|
107
|
-
- Performance pass: streaming snapshots for very large orgs.
|
|
108
|
-
|
|
109
|
-
## 0.10 → 0.28 — the layers, as shipped
|
|
110
|
-
|
|
111
|
-
The plan above ended at the freeze; what shipped next grew the surface
|
|
112
|
-
outward, one layer per release, each consolidating before the next expanded:
|
|
113
|
-
|
|
114
|
-
- **0.11** — the suggest chain: deterministic placeholder values with
|
|
115
|
-
confidence + reasons, `plans approve --values-from`.
|
|
116
|
-
- **0.12** — governed merge: `merge_records` (HubSpot contacts / companies /
|
|
117
|
-
deals), survivor suggestions capped at low confidence.
|
|
118
|
-
- **0.13–0.14** — call intelligence: `call parse|score|link|plan`, LLM
|
|
119
|
-
extraction behind the bring-your-own-key seam, deterministic baseline,
|
|
120
|
-
provenance-marked insights.
|
|
121
|
-
- **0.15** — the Prevent layer: the `resolve` create gate plus record-source
|
|
122
|
-
provenance and attribution.
|
|
123
|
-
- **0.16–0.22** — the market map: content-addressed captures, classification
|
|
124
|
-
with mechanical span verification, front states and drift, axis discovery,
|
|
125
|
-
overlay directives, scale estimation, the field report.
|
|
126
|
-
- **0.19 / 0.23** — governed write verbs (`bulk-update`, then `dedupe`,
|
|
127
|
-
`reassign`, `fix`) and the enrich layer (Apollo / Clay, fill-blanks-only
|
|
128
|
-
plans).
|
|
129
|
-
- **0.24** — the schedule layer: horizontal cron, read/plan-side allowlist,
|
|
130
|
-
scheduling never auto-approves.
|
|
131
|
-
- **0.25** — agent skill distribution (`npx skills add fullstackgtm/core`).
|
|
132
|
-
- **0.25.2–0.26** — the security-hardening train: write-path integrity
|
|
133
|
-
(HMAC-signed approvals re-verified at apply; archive-of-duplicate and
|
|
134
|
-
irreversible-op drift guards; recovery snapshots) plus crontab/SSRF/XSS/
|
|
135
|
-
error-body/CSV/credential-mode fixes, each verified by adversarial re-attack.
|
|
136
|
-
- **0.27** — trust & transparency: `audit-log export|verify` (hash-chained,
|
|
137
|
-
signed apply-run record), SECURITY.md + DATA-FLOWS.md + company-of-record,
|
|
138
|
-
call-transcript insight grounding.
|
|
139
|
-
- **0.28** — connectors, credentials & supply chain: opt-in OS keychain,
|
|
140
|
-
broker-https enforcement, the build/CI dist-integrity gate (published dist is
|
|
141
|
-
provably from source), Salesforce-merge capability matrix.
|
|
142
|
-
|
|
143
|
-
## 0.29 → 0.43 — from hygiene to the full outbound loop, as shipped
|
|
144
|
-
|
|
145
|
-
The next train extended the governed spine from *fixing the CRM* to *filling
|
|
146
|
-
it and acting on it*, without ever loosening the write gate:
|
|
147
|
-
|
|
148
|
-
- **0.29–0.34** — market-map maturation (config suggestion + taxonomy types,
|
|
149
|
-
sourcing helpers, competitor discovery, vendor logos/scale in the report)
|
|
150
|
-
plus call-type classification with type-specific coaching rubrics (0.32);
|
|
151
|
-
Salesforce `dedupe`/`merge_records` via SOAP and pipeline-aware closed/won
|
|
152
|
-
detection (0.30).
|
|
153
|
-
- **0.35–0.36** — DX cohesion: progressive-disclosure help, summary-first
|
|
154
|
-
`audit` with next-step guidance; the engagement workspace — a deterministic
|
|
155
|
-
`health` verb over a per-profile timeline.
|
|
156
|
-
- **0.37–0.39** — acquire: `enrich acquire` (net-new, ICP-targeted,
|
|
157
|
-
resolve-first deduped, metered lead creation), lead assignment policies so
|
|
158
|
-
leads are never born ownerless, the LinkedIn (HeyReach) discovery source
|
|
159
|
-
with email resolution, and run observability for broker-paired CLIs.
|
|
160
|
-
- **0.40** — Salesforce reaches full write parity with HubSpot
|
|
161
|
-
(`create_record`); HubSpot date-field writes no longer false-conflict.
|
|
162
|
-
- **0.41** — signal-based outbound: `signals fetch/list/outcome/weights`,
|
|
163
|
-
`icp judge`/`icp eval` (timing × fit × memory, golden-set calibration
|
|
164
|
-
gate), `draft` (trigger-grounded openers as governed plans), and the LLM
|
|
165
|
-
base-URL override.
|
|
166
|
-
- **0.42** — bulk apply for lead creation (HubSpot batch + Salesforce
|
|
167
|
-
composite).
|
|
168
|
-
- **0.43** — the on-ramp and the seams: `init` workspace scaffolding,
|
|
169
|
-
`docs/recipes.md` (five composable plays), and the contact/account seam
|
|
170
|
-
campaign — contact-granular outbound end to end, account-level acquire for
|
|
171
|
-
ABM, `health` by object type.
|
|
172
|
-
|
|
173
|
-
The known-gaps list below predates these layers and has been re-verified
|
|
174
|
-
against the 0.43 surface (2026-07): still accurate, still open.
|
|
175
|
-
|
|
176
|
-
## Known real-portal gaps to close before 1.0
|
|
177
|
-
|
|
178
|
-
Found by exercising the published package as a fresh RevOps user with a real
|
|
179
|
-
CRM (2026-06):
|
|
180
|
-
|
|
181
|
-
- **Rate-limit resilience.** No 429/retry/backoff handling anywhere; a
|
|
182
|
-
mid-size portal snapshot is ~1,000+ sequential page requests and one
|
|
183
|
-
transient failure aborts the run. Fix: honor `Retry-After`, retry
|
|
184
|
-
idempotent reads with backoff.
|
|
185
|
-
- **`fetchChanges` 10k truncation.** The HubSpot search API caps at 10,000
|
|
186
|
-
results; the connector stops silently at MAX_PAGES. Fix: detect the cap
|
|
187
|
-
and fall back to (or instruct) a full snapshot, loudly.
|
|
188
|
-
- **MCP plan hand-off.** `fullstackgtm_audit` can only return the full plan
|
|
189
|
-
inline (200KB+ on real data) while `fullstackgtm_apply` requires a file
|
|
190
|
-
path. Fix: an `outPath` option on the audit tool plus a summary-only
|
|
191
|
-
output mode.
|
|
192
|
-
- **Scope-complete login validation.** `login hubspot` validates against the
|
|
193
|
-
owners endpoint only, so an under-scoped token passes login and fails
|
|
194
|
-
mid-audit. Fix: probe each required object endpoint at login and report
|
|
195
|
-
missing scopes up front.
|
|
196
|
-
|
|
197
|
-
## 1.0.0 — The contract (not yet declared)
|
|
198
|
-
|
|
199
|
-
Semver stability commitment on the canonical model, rule interface, connector
|
|
200
|
-
contract, plan format, CLI, and MCP tools. Declared only after the API
|
|
201
|
-
surface has survived external usage and the real-portal gaps above are
|
|
202
|
-
closed. From there, new providers and new rules are minor releases; the
|
|
203
|
-
model only breaks at 2.0.
|
|
204
|
-
|
|
205
|
-
## Deliberately out of scope until after 1.0
|
|
206
|
-
|
|
207
|
-
- Hosted multi-org analytics across customers
|
|
208
|
-
- Non-deterministic (LLM-scored) rules — they can *propose*, but the
|
|
209
|
-
deterministic engine stays the system of record for findings
|
|
210
|
-
- Workflow orchestration (sequences, cadences) — adjacent product, not
|
|
211
|
-
framework
|