fullstackgtm 0.49.0 → 0.50.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. package/CHANGELOG.md +53 -0
  2. package/DATA-FLOWS.md +1 -0
  3. package/README.md +41 -0
  4. package/dist/acquireCheckpoint.d.ts +33 -0
  5. package/dist/acquireCheckpoint.js +149 -0
  6. package/dist/acquireLinkedIn.d.ts +2 -0
  7. package/dist/acquireLinkedIn.js +1 -1
  8. package/dist/cli/enrich.js +283 -79
  9. package/dist/cli/help.js +13 -9
  10. package/dist/cli/plans.js +100 -6
  11. package/dist/cli/shared.d.ts +3 -1
  12. package/dist/cli/shared.js +2 -2
  13. package/dist/cli/ui.d.ts +10 -5
  14. package/dist/cli/ui.js +16 -5
  15. package/dist/connectors/linkedin.d.ts +2 -0
  16. package/dist/connectors/linkedin.js +5 -0
  17. package/dist/connectors/prospectSources.d.ts +23 -0
  18. package/dist/connectors/prospectSources.js +21 -3
  19. package/dist/enrich.d.ts +44 -1
  20. package/dist/hostedAcquireCheckpoint.d.ts +43 -0
  21. package/dist/hostedAcquireCheckpoint.js +129 -0
  22. package/dist/hostedPatchPlan.d.ts +87 -0
  23. package/dist/hostedPatchPlan.js +270 -0
  24. package/dist/icp.js +13 -2
  25. package/dist/index.d.ts +4 -1
  26. package/dist/index.js +3 -0
  27. package/dist/planStore.d.ts +14 -0
  28. package/dist/planStore.js +73 -0
  29. package/dist/progress.d.ts +2 -2
  30. package/dist/progress.js +2 -2
  31. package/docs/api.md +24 -0
  32. package/docs/architecture.md +9 -0
  33. package/package.json +1 -1
  34. package/skills/fullstackgtm/SKILL.md +1 -1
  35. package/src/acquireCheckpoint.ts +186 -0
  36. package/src/acquireLinkedIn.ts +3 -1
  37. package/src/cli/enrich.ts +322 -78
  38. package/src/cli/help.ts +14 -9
  39. package/src/cli/plans.ts +95 -6
  40. package/src/cli/shared.ts +2 -1
  41. package/src/cli/ui.ts +18 -9
  42. package/src/connectors/linkedin.ts +6 -0
  43. package/src/connectors/prospectSources.ts +46 -4
  44. package/src/enrich.ts +47 -1
  45. package/src/hostedAcquireCheckpoint.ts +156 -0
  46. package/src/hostedPatchPlan.ts +286 -0
  47. package/src/icp.ts +14 -2
  48. package/src/index.ts +20 -0
  49. package/src/planStore.ts +87 -0
  50. package/src/progress.ts +2 -2
package/CHANGELOG.md CHANGED
@@ -7,6 +7,59 @@ The path to 1.0 is planned in [docs/roadmap-to-1.0.md](https://github.com/fullst
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ## [0.50.0] — 2026-07-10
11
+
12
+ ### Added
13
+
14
+ - CLI and hosted now act as local-first replicas of one immutable patch plan.
15
+ Either surface may execute when it has a compatible CRM connection; online
16
+ execution uses a shared claim, while offline CLI work remains available and
17
+ reconciles later through stable provider idempotency and exact receipts.
18
+ - `fullstackgtm plans sync` explicitly exchanges approval revisions, terminal
19
+ state, and per-operation execution receipts. Plan list, show, and apply also
20
+ perform best-effort ambient check-ins.
21
+ - Hosted can execute fully synchronized CLI-origin plans through its connected
22
+ HubSpot or Salesforce connector. The CLI imports hosted runs without replaying
23
+ provider writes, and hosted imports exact CLI outcomes rather than inferring
24
+ success for every approved row.
25
+
26
+ ### Security
27
+
28
+ - Shared execution claims are bound to the immutable plan, exact approved
29
+ subset, replica, and paired CLI token. Approval edits freeze during apply;
30
+ stranded claims require an explicit audited recovery, and preflight release
31
+ is permitted only before provider I/O by the owning replica.
32
+ - Hosted ingestion recomputes the immutable document digest and verifies an
33
+ exact one-to-one operation set. Terminal transitions require complete,
34
+ duplicate-free receipts for the approved subset and cannot widen authority.
35
+
36
+ ### Fixed
37
+
38
+ - Paired CLIs now mirror saved plans into the hosted Patch Plans queue and
39
+ print an exact review deep-link. Mirrors are org-scoped, immutable and
40
+ idempotent; hosted approvals are hash/operation-verified and locally
41
+ HMAC-signed before CLI execution. Security state and evidence/findings stay
42
+ local, while bounded provider receipts replicate between capable executors.
43
+ - `enrich acquire` now reports discovery, resolution, and plan-building progress
44
+ across the previously silent provider/dedupe middle. Paired hosted runs render
45
+ the same live stage, counters, and generic progress notes on their detail page.
46
+ - Interactive acquisition runs retain both the CRM snapshot and acquisition
47
+ checklists in terminal history, then print a compact plan summary, copyable
48
+ review/approve/apply commands, and the paired hosted Runs deep-link.
49
+ - Persistent progress completion freezes the already-painted final frame rather
50
+ than repainting it, preventing duplicate live/final checklists in scrollback.
51
+ - Acquisition now persists query-bound Pipe0 cursors and HeyReach/Explorium
52
+ offsets so scheduled runs traverse the full audience instead of repeatedly
53
+ exhausting the first 25 results. `--max` controls desired new leads and the
54
+ new `--scan-limit` bounds raw duplicate-heavy scanning. Run history records
55
+ the complete discovery funnel and provider-confirmed exhaustion state.
56
+ - Checkpoints now live in a dedicated profile-scoped store keyed independently
57
+ by provider/source/list/query. Paired CLIs synchronize opaque continuation to
58
+ an organization-scoped hosted record using broker authentication and
59
+ compare-and-swap revisions; conflicts retain the newer hosted checkpoint.
60
+ - The documented LinkedIn `--list <id>` flag is accepted by strict CLI parsing,
61
+ and NAICS-only software ICPs retain their industry constraint on Pipe0.
62
+
10
63
  ## [0.49.0] — 2026-07-10
11
64
 
12
65
  ### Security
package/DATA-FLOWS.md CHANGED
@@ -26,6 +26,7 @@ is no fullstackgtm-operated server in the data path for the open package.**
26
26
  | `enrich append --source apollo`, `enrich refresh` | **Apollo** (api.apollo.io) | The company domain / contact email being enriched | Your `APOLLO_API_KEY` (BYO) |
27
27
  | `market capture`, `market refresh` | **Public vendor websites** you list in `market.config.json` | A bounded HTTP GET; DNS answers are validated and pinned, mixed/private/reserved answers are refused, and every redirect is revalidated | none |
28
28
  | `login --via <url>` (optional) | **Your hosted deployment's broker** | A pairing handshake; the broker mints short-lived CRM tokens | broker pairing token |
29
+ | paired `enrich acquire` checkpoint sync (optional) | **Your hosted deployment** | Opaque query fingerprint plus provider cursor/list offset, exhaustion flag, and CAS revision. No prospect records, emails, names, or provider credentials. Scoped to the broker token's organization. | broker pairing token |
29
30
 
30
31
  Commands not listed (`plans`, `rules`, `doctor`, `schedule`, `audit-log`,
31
32
  `diff`, `merge`, report rendering) make **no network calls**.
package/README.md CHANGED
@@ -192,6 +192,7 @@ echo "$PIPE0_API_KEY" | fullstackgtm login pipe0 # discovery + work-e
192
192
 
193
193
  fullstackgtm enrich acquire --provider hubspot # zero-config: ICP → discover → score → dedup → dry-run diff
194
194
  fullstackgtm enrich acquire --provider hubspot --max 25 --save # cap the batch, persist the needs_approval plan
195
+ fullstackgtm enrich acquire --provider hubspot --max 25 --scan-limit 500 --save # scan through duplicate-heavy pages for 25 fresh leads
195
196
  fullstackgtm plans approve <id> --operations all
196
197
  fullstackgtm apply --plan-id <id> --provider hubspot # the only step that creates contacts
197
198
  ```
@@ -206,6 +207,46 @@ The **ICP** (`icp.json`) is the single targeting artifact: it generates each pro
206
207
 
207
208
  Every run is **metered**: a per-profile budget caps both record count and provider spend (per-day + per-month, whichever binds first), charged only for creates that actually land. `enrich acquire` runs with just an `icp.json` and a `login` — sensible defaults for budget, provider, and create-mapping ship in the box.
208
209
 
210
+ Discovery continuation is profile-scoped and independently keyed by the exact
211
+ provider, source, list, and ICP query. Scheduled runs resume the saved Pipe0
212
+ cursor or HeyReach offset instead of rereading page one, even when several
213
+ lists alternate. When the CLI is paired, this non-PII checkpoint is mirrored
214
+ to the hosted organization with compare-and-swap so another authenticated
215
+ worker can resume without moving a newer cursor backwards. `--max` is the desired net-new plan size;
216
+ `--scan-limit` independently bounds raw candidates scanned after ICP filtering
217
+ and dedupe. `enrich status --runs` exposes the full funnel and whether the
218
+ audience is continuing or provider-confirmed exhausted.
219
+
220
+ When paired, every saved plan is also mirrored into the hosted Patch Plans
221
+ review queue and the CLI prints its exact deep-link. The mirror is immutable
222
+ and organization-scoped: replaying the same plan is idempotent, while the same
223
+ id with different content is rejected. Hosted reviewers can approve or reject;
224
+ the plan is executable from any synchronized surface with a compatible CRM
225
+ connection. A CLI-created plan can be applied in hosted, and a hosted approval
226
+ can be applied from the CLI—the plan's origin does not permanently own it.
227
+
228
+ This is local-first replication, not remote control. The local plan store works
229
+ offline, and plan commands perform a best-effort hosted check-in. Run
230
+ `fullstackgtm plans sync` to explicitly exchange every plan's latest approval,
231
+ execution claim, status, and receipts. If hosted applies while the CLI is
232
+ offline, the next check-in imports the exact per-operation results and marks
233
+ the local plan applied. If the CLI applies while hosted is unavailable, it
234
+ keeps the result locally and uploads the receipt on a later check-in.
235
+
236
+ Before either surface writes, it verifies the immutable plan hash, selected
237
+ operation ids, current approval revision, connector capability, and provider
238
+ state. Online replicas use a short-lived execution claim to coordinate; stable
239
+ operation ids, resolve-before-create, compare-and-set guards, and provider
240
+ readback protect offline retries. Receipts record each operation as `applied`,
241
+ `skipped`, or `failed`, plus provider record ids when available, so another
242
+ replica learns what happened rather than inferring it from plan status. A
243
+ conflicting plan body or approval revision is surfaced for review and is never
244
+ merged by expanding authority.
245
+
246
+ Local signing keys and HMAC digests never upload. Operation before/after values
247
+ do upload to the paired organization because they are required for informed
248
+ review and hosted execution.
249
+
209
250
  **Discovery sources** are zero-config presets behind `--source`: `explorium` and `pipe0` run ICP-driven people search, while `linkedin` (Phase 1 — discovery + dry-run) reads a pre-built **HeyReach** lead list:
210
251
 
211
252
  ```bash
@@ -0,0 +1,33 @@
1
+ /** The complete identity of one independently traversable provider audience. */
2
+ export type AcquireCheckpointKey = {
3
+ provider: string;
4
+ source: string;
5
+ listId: string | null;
6
+ queryFingerprint: string;
7
+ };
8
+ export type AcquireContinuation = {
9
+ cursor?: string | null;
10
+ offset?: number | null;
11
+ exhausted: boolean;
12
+ };
13
+ /** Versioned wire format shared by local persistence and hosted sync. */
14
+ export type AcquireCheckpoint = {
15
+ version: 1;
16
+ id: string;
17
+ key: AcquireCheckpointKey;
18
+ continuation: AcquireContinuation;
19
+ updatedAt: string;
20
+ };
21
+ export declare function validateAcquireCheckpointKey(value: unknown): AcquireCheckpointKey;
22
+ /** Stable, non-secret filename/key suitable for both filesystem and hosted records. */
23
+ export declare function acquireCheckpointId(key: AcquireCheckpointKey): string;
24
+ export declare function validateAcquireCheckpoint(value: unknown): AcquireCheckpoint;
25
+ export declare function acquireCheckpointsDir(baseDir?: string): string;
26
+ export interface AcquireCheckpointStore {
27
+ get(key: AcquireCheckpointKey): Promise<AcquireCheckpoint | null>;
28
+ put(key: AcquireCheckpointKey, continuation: AcquireContinuation, updatedAt?: Date): Promise<AcquireCheckpoint>;
29
+ /** Import a validated local/hosted record without changing its timestamp. */
30
+ putRecord(record: AcquireCheckpoint): Promise<AcquireCheckpoint>;
31
+ list(): Promise<AcquireCheckpoint[]>;
32
+ }
33
+ export declare function createFileAcquireCheckpointStore(baseDir?: string): AcquireCheckpointStore;
@@ -0,0 +1,149 @@
1
+ import { createHash } from "node:crypto";
2
+ import { chmodSync, mkdirSync, readdirSync } from "node:fs";
3
+ import { join } from "node:path";
4
+ import { credentialsDir, ensureSecureHomeDir } from "./credentials.js";
5
+ import { assertNoSymlinkComponents, readSecureRegularFile, writeSecureFileAtomic, } from "./secureFile.js";
6
+ const COMPONENT_MAX = 512;
7
+ function requireComponent(value, name) {
8
+ if (typeof value !== "string" || value.length === 0 || value.length > COMPONENT_MAX || /[\u0000-\u001f]/.test(value)) {
9
+ throw new Error(`Invalid acquisition checkpoint ${name}`);
10
+ }
11
+ return value;
12
+ }
13
+ export function validateAcquireCheckpointKey(value) {
14
+ if (!value || typeof value !== "object" || Array.isArray(value)) {
15
+ throw new Error("Invalid acquisition checkpoint key");
16
+ }
17
+ const candidate = value;
18
+ const listId = candidate.listId;
19
+ if (listId !== null && listId !== undefined)
20
+ requireComponent(listId, "listId");
21
+ return {
22
+ provider: requireComponent(candidate.provider, "provider"),
23
+ source: requireComponent(candidate.source, "source"),
24
+ listId: listId ?? null,
25
+ queryFingerprint: requireComponent(candidate.queryFingerprint, "queryFingerprint"),
26
+ };
27
+ }
28
+ /** Stable, non-secret filename/key suitable for both filesystem and hosted records. */
29
+ export function acquireCheckpointId(key) {
30
+ const valid = validateAcquireCheckpointKey(key);
31
+ const canonical = JSON.stringify([valid.provider, valid.source, valid.listId, valid.queryFingerprint]);
32
+ return `acqcp_${createHash("sha256").update(canonical).digest("hex")}`;
33
+ }
34
+ function validateContinuation(value) {
35
+ if (!value || typeof value !== "object" || Array.isArray(value)) {
36
+ throw new Error("Invalid acquisition checkpoint continuation");
37
+ }
38
+ const candidate = value;
39
+ if (typeof candidate.exhausted !== "boolean")
40
+ throw new Error("Invalid acquisition checkpoint exhausted flag");
41
+ if (candidate.cursor !== undefined && candidate.cursor !== null)
42
+ requireComponent(candidate.cursor, "cursor");
43
+ if (candidate.offset !== undefined && candidate.offset !== null &&
44
+ (!Number.isSafeInteger(candidate.offset) || candidate.offset < 0)) {
45
+ throw new Error("Invalid acquisition checkpoint offset");
46
+ }
47
+ return {
48
+ ...(candidate.cursor !== undefined ? { cursor: candidate.cursor } : {}),
49
+ ...(candidate.offset !== undefined ? { offset: candidate.offset } : {}),
50
+ exhausted: candidate.exhausted,
51
+ };
52
+ }
53
+ export function validateAcquireCheckpoint(value) {
54
+ if (!value || typeof value !== "object" || Array.isArray(value)) {
55
+ throw new Error("Invalid acquisition checkpoint");
56
+ }
57
+ const candidate = value;
58
+ if (candidate.version !== 1)
59
+ throw new Error(`Unsupported acquisition checkpoint version: ${String(candidate.version)}`);
60
+ const key = validateAcquireCheckpointKey(candidate.key);
61
+ const id = acquireCheckpointId(key);
62
+ if (candidate.id !== id)
63
+ throw new Error("Acquisition checkpoint id does not match its key");
64
+ if (typeof candidate.updatedAt !== "string" || !Number.isFinite(Date.parse(candidate.updatedAt))) {
65
+ throw new Error("Invalid acquisition checkpoint updatedAt");
66
+ }
67
+ return {
68
+ version: 1,
69
+ id,
70
+ key,
71
+ continuation: validateContinuation(candidate.continuation),
72
+ updatedAt: candidate.updatedAt,
73
+ };
74
+ }
75
+ export function acquireCheckpointsDir(baseDir) {
76
+ return join(baseDir ?? credentialsDir(), "acquire", "checkpoints");
77
+ }
78
+ export function createFileAcquireCheckpointStore(baseDir) {
79
+ const directory = acquireCheckpointsDir(baseDir);
80
+ function fileForId(id) {
81
+ return join(directory, `${id}.json`);
82
+ }
83
+ function readId(id) {
84
+ try {
85
+ return validateAcquireCheckpoint(JSON.parse(readSecureRegularFile(fileForId(id), { tightenMode: 0o600 })));
86
+ }
87
+ catch (error) {
88
+ if (error.code === "ENOENT")
89
+ return null;
90
+ throw error;
91
+ }
92
+ }
93
+ function ensureDirectory() {
94
+ if (baseDir === undefined)
95
+ ensureSecureHomeDir();
96
+ // Tighten both managed levels. mkdir's mode does not affect a directory
97
+ // restored or pre-created with broader permissions.
98
+ const levels = [join(baseDir ?? credentialsDir(), "acquire"), directory];
99
+ for (const level of levels) {
100
+ assertNoSymlinkComponents(level);
101
+ mkdirSync(level, { recursive: true, mode: 0o700 });
102
+ assertNoSymlinkComponents(level);
103
+ try {
104
+ chmodSync(level, 0o700);
105
+ }
106
+ catch { /* chmod is unavailable on some filesystems. */ }
107
+ }
108
+ }
109
+ function writeRecord(value) {
110
+ const record = validateAcquireCheckpoint(value);
111
+ ensureDirectory();
112
+ writeSecureFileAtomic(fileForId(record.id), `${JSON.stringify(record, null, 2)}\n`);
113
+ return record;
114
+ }
115
+ return {
116
+ async get(key) {
117
+ return readId(acquireCheckpointId(key));
118
+ },
119
+ async put(key, continuation, updatedAt = new Date()) {
120
+ const validKey = validateAcquireCheckpointKey(key);
121
+ return writeRecord({
122
+ version: 1,
123
+ id: acquireCheckpointId(validKey),
124
+ key: validKey,
125
+ continuation: validateContinuation(continuation),
126
+ updatedAt: updatedAt.toISOString(),
127
+ });
128
+ },
129
+ async putRecord(record) {
130
+ return writeRecord(record);
131
+ },
132
+ async list() {
133
+ let names;
134
+ try {
135
+ assertNoSymlinkComponents(directory);
136
+ names = readdirSync(directory).filter((name) => /^acqcp_[a-f0-9]{64}\.json$/.test(name));
137
+ }
138
+ catch (error) {
139
+ if (error.code === "ENOENT")
140
+ return [];
141
+ throw error;
142
+ }
143
+ return names
144
+ .map((name) => readId(name.slice(0, -5)))
145
+ .filter((record) => record !== null)
146
+ .sort((a, b) => a.updatedAt.localeCompare(b.updatedAt));
147
+ },
148
+ };
149
+ }
@@ -25,6 +25,8 @@ export type DiscoverLinkedInOptions = {
25
25
  sourceId?: string;
26
26
  /** Hard cap on prospects pulled. */
27
27
  max?: number;
28
+ /** Opaque provider continuation cursor. */
29
+ cursor?: string;
28
30
  };
29
31
  /**
30
32
  * Discovery branch for `acquireFromApi`: read prospects from a LinkedIn source
@@ -41,7 +41,7 @@ export function linkedInProspectToProspect(lp) {
41
41
  * provider is injected so this is fully testable against the fake (no key).
42
42
  */
43
43
  export async function discoverLinkedInProspects(provider, options = {}) {
44
- const raw = await provider.fetchProspects({ sourceId: options.sourceId, max: options.max });
44
+ const raw = await provider.fetchProspects({ sourceId: options.sourceId, max: options.max, cursor: options.cursor });
45
45
  return raw.map(linkedInProspectToProspect);
46
46
  }
47
47
  /**