realtimex-crm 0.9.1 → 0.9.2

package/supabase/functions/ingest-activity/index.ts

@@ -0,0 +1,261 @@
+import "jsr:@supabase/functions-js/edge-runtime.d.ts";
+import { supabaseAdmin } from "../_shared/supabaseAdmin.ts";
+import { createErrorResponse, corsHeaders } from "../_shared/utils.ts";
+import { validateIngestionRequest, validateTwilioWebhook } from "../_shared/ingestionGuard.ts";
+
+/**
+ * Sanitize filename to remove special characters that break storage paths
+ * Preserves extension and basic readability while keeping original in metadata
+ */
+function sanitizeFilename(filename: string): string {
+  // Get file extension
+  const lastDotIndex = filename.lastIndexOf('.');
+  const name = lastDotIndex > 0 ? filename.substring(0, lastDotIndex) : filename;
+  const ext = lastDotIndex > 0 ? filename.substring(lastDotIndex) : '';
+
+  // Replace special characters with underscores, keep alphanumeric and basic punctuation
+  const safeName = name
+    .replace(/[^a-zA-Z0-9._-]/g, '_')  // Replace unsafe chars with underscore
+    .replace(/_+/g, '_')                // Collapse multiple underscores
+    .replace(/^_|_$/g, '');             // Remove leading/trailing underscores
+
+  // Limit length to avoid path issues (200 chars for name + extension)
+  const maxLength = 200 - ext.length;
+  const truncatedName = safeName.length > maxLength
+    ? safeName.substring(0, maxLength)
+    : safeName;
+
+  return truncatedName + ext;
+}
+
+Deno.serve(async (req) => {
+  // Handle CORS
+  if (req.method === "OPTIONS") {
+    return new Response(null, { status: 204, headers: corsHeaders });
+  }
+
+  try {
+    // 1. Validate & Identify Provider
+    const validation = await validateIngestionRequest(req);
+    if (validation.error) return validation.error;
+
+    const { provider } = validation;
+
+    // 2. Parse Body based on Content-Type
+    const contentType = req.headers.get("content-type") || "";
+    let rawBody: any;
+    const uploadedFiles: Array<{ fieldName: string; storagePath: string; size: number; type: string }> = [];
+
+    if (contentType.includes("application/json")) {
+      rawBody = await req.json();
+    } else if (contentType.includes("application/x-www-form-urlencoded") || contentType.includes("multipart/form-data")) {
+      const formData = await req.formData();
+      rawBody = {};
+
+      // Process FormData entries (files + fields)
+      for (const [key, value] of formData.entries()) {
+        if (value instanceof File) {
+          // Handle file upload: upload to storage immediately
+          const file = value as File;
+          const timestamp = Date.now();
+
+          // Sanitize filename to remove special characters that break storage paths
+          // Keep original filename in metadata, use safe version for storage path
+          const sanitizedName = sanitizeFilename(file.name);
+          const storagePath = `incoming/${timestamp}_${sanitizedName}`;
+
+          console.log(`Uploading file: ${file.name} → ${sanitizedName} (${file.size} bytes, ${file.type})`);
+
+          const { error: uploadError } = await supabaseAdmin.storage
+            .from('activity-payloads')
+            .upload(storagePath, file, {
+              contentType: file.type || 'application/octet-stream',
+              upsert: false,
+            });
+
+          if (uploadError) {
+            console.error(`Failed to upload file ${file.name}:`, uploadError);
+            return createErrorResponse(500, `File upload failed: ${uploadError.message}`);
+          }
+
+          console.log(`File uploaded successfully: ${storagePath}`);
+
+          // Store file reference instead of file content
+          uploadedFiles.push({
+            fieldName: key,
+            storagePath,
+            size: file.size,
+            type: file.type || 'application/octet-stream',
+          });
+
+          // Add storage reference to rawBody
+          rawBody[key] = {
+            _type: 'file_ref',
+            storage_path: storagePath,
+            filename: file.name,
+            size: file.size,
+            mime_type: file.type,
+          };
+        } else {
+          // Regular form field
+          rawBody[key] = value;
+        }
+      }
+    } else {
+      rawBody = await req.text();
+    }
+
+    // 2.5. Validate Twilio Signature (after body is parsed)
+    if (provider.provider_code === "twilio" && provider.config?.auth_token) {
+      const isValid = await validateTwilioWebhook(req, provider.config.auth_token, rawBody);
+      if (!isValid) {
+        console.error("Invalid Twilio signature");
+        return createErrorResponse(401, "Invalid Twilio Signature");
+      }
+    }
+
+    // 3. Normalize Data (The "Normalizer" Pattern)
+    const normalized = normalizeActivity(provider.provider_code, rawBody);
+
+    // 4. Add file upload metadata if files were uploaded
+    const activityMetadata = {
+      ...normalized.metadata,
+      provider_code: provider.provider_code,
+    };
+
+    if (uploadedFiles.length > 0) {
+      activityMetadata.uploaded_files = uploadedFiles;
+      activityMetadata.has_attachments = true;
+    }
+
+    // 5. Insert into 'activities' table
+    const { data, error } = await supabaseAdmin
+      .from("activities")
+      .insert({
+        type: normalized.type,
+        direction: "inbound",
+        processing_status: "raw", // Ready for Local Agent to steal
+        raw_data: normalized.raw_data,
+        metadata: activityMetadata,
+        provider_id: provider.id,
+        sales_id: provider.sales_id, // Auto-assign if provider has an owner
+        payload_storage_status: uploadedFiles.length > 0 ? 'in_storage' : undefined, // Files uploaded directly to storage
+      })
+      .select()
+      .single();
+
+    if (error) {
+      console.error("DB Insert Error:", error);
+      console.error("Error details:", JSON.stringify(error, null, 2));
+      return createErrorResponse(500, `Failed to persist activity: ${error.message || JSON.stringify(error)}`);
+    }
+
+    return new Response(JSON.stringify({ success: true, id: data.id }), {
+      status: 202, // Accepted
+      headers: { ...corsHeaders, "Content-Type": "application/json" },
+    });
+
+  } catch (err) {
+    console.error("Ingestion Error:", err);
+    return createErrorResponse(500, "Internal Server Error");
+  }
+});
+
+/**
+ * Normalizes provider-specific payloads into the standard RealTimeX schema.
+ */
+function normalizeActivity(providerCode: string, payload: any) {
+  let type = "other";
+  let raw_data = {};
+  let metadata = {};
+
+  if (providerCode === "postmark") {
+    type = "email";
+    raw_data = {
+      source_type: "text",
+      content: payload.TextBody || payload.HtmlBody || "",
+      subject: payload.Subject,
+      sender: payload.From,
+    };
+    metadata = {
+      message_id: payload.MessageID,
+      to: payload.To,
+    };
+  } else if (providerCode === "twilio") {
+    // Detect SMS vs Voice
+    if (payload.RecordingUrl) {
+      type = "call";
+      raw_data = {
+        source_type: "url",
+        content: payload.RecordingUrl, // The Local Agent will download this
+        format: "audio/wav",
+      };
+      metadata = {
+        call_sid: payload.CallSid,
+        from: payload.From,
+        duration: payload.CallDuration,
+      };
+    } else {
+      type = "sms";
+      raw_data = {
+        source_type: "text",
+        content: payload.Body,
+      };
+      metadata = {
+        message_sid: payload.MessageSid,
+        from: payload.From,
+      };
+    }
+  } else {
+    // Generic / Manual / Multipart
+    type = payload.type || "note";
+
+    // Check if payload contains file references from multipart upload
+    const fileFields = Object.entries(payload).filter(([_, value]) =>
+      typeof value === 'object' && value !== null && value._type === 'file_ref'
+    );
+
+    if (fileFields.length > 0) {
+      // Handle uploaded files
+      if (fileFields.length === 1) {
+        // Single file - store in raw_data
+        const [_fieldName, fileRef] = fileFields[0];
+        raw_data = {
+          source_type: "storage_ref",
+          storage_path: (fileRef as any).storage_path,
+          filename: (fileRef as any).filename,
+          format: (fileRef as any).mime_type,
+          size: (fileRef as any).size,
+        };
+      } else {
+        // Multiple files - store array in raw_data
+        raw_data = {
+          source_type: "storage_refs",
+          files: fileFields.map(([fieldName, fileRef]) => ({
+            storage_path: (fileRef as any).storage_path,
+            filename: (fileRef as any).filename,
+            format: (fileRef as any).mime_type,
+            size: (fileRef as any).size,
+            field_name: fieldName,
+          })),
+        };
+      }
+
+      // Include other form fields in metadata
+      metadata = {
+        ...payload.metadata,
+        form_data: Object.fromEntries(
+          Object.entries(payload).filter(([key]) =>
+            !key.startsWith('_') && typeof payload[key] !== 'object'
+          )
+        ),
+      };
+    } else {
+      // Regular JSON payload
+      raw_data = payload.raw_data || { source_type: "text", content: JSON.stringify(payload) };
+      metadata = payload.metadata || {};
+    }
+  }
+
+  return { type, raw_data, metadata };
+}

package/supabase/migrations/20251219120100_webhook_triggers.sql

@@ -5,7 +5,7 @@ create or replace function enqueue_webhook_event(
 ) returns void
 language plpgsql
 security definer
-set search_path = ''
+set search_path = public
 as $$
 begin
     -- Find all active webhooks that listen to this event
@@ -26,7 +26,7 @@ create or replace function trigger_contact_webhooks()
 returns trigger
 language plpgsql
 security definer
-set search_path = ''
+set search_path = public
 as $$
 declare
     event_type text;
@@ -58,7 +58,7 @@ create or replace function trigger_company_webhooks()
 returns trigger
 language plpgsql
 security definer
-set search_path = ''
+set search_path = public
 as $$
 declare
     event_type text;
@@ -90,7 +90,7 @@ create or replace function trigger_deal_webhooks()
 returns trigger
 language plpgsql
 security definer
-set search_path = ''
+set search_path = public
 as $$
 declare
     event_type text;
@@ -142,7 +142,7 @@ create or replace function trigger_task_webhooks()
 returns trigger
 language plpgsql
 security definer
-set search_path = ''
+set search_path = public
 as $$
 begin
     if (TG_OP = 'UPDATE' and OLD.done_date is null and NEW.done_date is not null) then
@@ -169,3 +169,8 @@ create trigger deal_webhook_trigger
 create trigger task_webhook_trigger
     after update on public.tasks
     for each row execute function trigger_task_webhooks();
+
+-- Grant execute permissions on webhook functions
+grant execute on function enqueue_webhook_event(text, jsonb) to authenticated;
+grant execute on function enqueue_webhook_event(text, jsonb) to service_role;
+grant execute on function enqueue_webhook_event(text, jsonb) to anon;

package/supabase/migrations/20251220120000_realtime_ingestion.sql

@@ -0,0 +1,154 @@
+-- Migration: Create Activities Table and Ingestion Logic
+
+-- 1. Create the 'activities' table (The Unified Event Store)
+create table "public"."activities" (
+    "id" uuid not null default gen_random_uuid(),
+    "created_at" timestamp with time zone not null default now(),
+    "type" text not null check (type in ('email', 'call', 'sms', 'meeting', 'note', 'task', 'whatsapp', 'other')),
+    "direction" text not null check (direction in ('inbound', 'outbound')),
+    "sales_id" bigint, -- References sales(id). If NULL, it is Global/Unassigned.
+    "contact_id" bigint, -- References contacts(id).
+
+    -- Processing State Machine
+    "processing_status" text not null default 'raw' check (processing_status in ('raw', 'processing', 'completed', 'failed')),
+    "locked_by" uuid, -- The ID of the generic user (auth.users) or specific agent (sales.id) processing it.
+    "locked_at" timestamp with time zone,
+
+    -- Data Payloads
+    "raw_data" jsonb, -- Stores URL or Text content. { "source_type": "url"|"text", "content": "..." }
+    "processed_data" jsonb, -- Stores AI results. { "transcript": "...", "summary": "..." }
+    "metadata" jsonb, -- Provider info. { "twilio_sid": "...", "from": "..." }
+    "provider_id" uuid, -- Link to ingestion_providers(id) for future flexibility
+
+    constraint "activities_pkey" primary key ("id")
+);
+
+-- Enable RLS
+alter table "public"."activities" enable row level security;
+
+-- 2. Create the 'ingestion_providers' table (Configuration Registry)
+create table "public"."ingestion_providers" (
+    "id" uuid not null default gen_random_uuid(),
+    "created_at" timestamp with time zone not null default now(),
+    "provider_code" text not null check (provider_code in ('twilio', 'postmark', 'gmail', 'generic')),
+    "name" text not null, -- Friendly name e.g. "US Support Line"
+    "is_active" boolean not null default true,
+    "config" jsonb not null default '{}'::jsonb, -- Encrypted secrets go here
+    "sales_id" bigint, -- Default Owner. If NULL, leads are Unassigned.
+    "ingestion_key" text unique, -- Public identifier used in Webhook URLs e.g. /ingest?key=xyz
+
+    constraint "ingestion_providers_pkey" primary key ("id")
+);
+
+alter table "public"."ingestion_providers" enable row level security;
+
+-- 3. Update 'sales' table with Processing Rules
+alter table "public"."sales" 
+    add column "stale_threshold_minutes" integer default 15,
+    add column "allow_remote_processing" boolean default true;
+
+-- 4. Foreign Keys
+alter table "public"."activities" 
+    add constraint "activities_sales_id_fkey" foreign key ("sales_id") references "public"."sales"("id") on delete set null,
+    add constraint "activities_contact_id_fkey" foreign key ("contact_id") references "public"."contacts"("id") on delete cascade,
+    add constraint "activities_provider_id_fkey" foreign key ("provider_id") references "public"."ingestion_providers"("id") on delete set null;
+
+alter table "public"."ingestion_providers"
+    add constraint "ingestion_providers_sales_id_fkey" foreign key ("sales_id") references "public"."sales"("id") on delete set null;
+
+-- 5. Indexes for Performance (Crucial for Work Stealing)
+create index "activities_processing_queue_idx" on "public"."activities" ("processing_status", "created_at") where processing_status = 'raw';
+create index "activities_sales_id_idx" on "public"."activities" ("sales_id");
+
+-- 6. RPC: The "Work Stealing" Function
+-- Note: p_agent_sales_id must be the BIGINT id from the 'sales' table, not auth.uid()
+create or replace function claim_next_pending_activity(
+  p_agent_sales_id bigint
+)
+returns table (
+  id uuid,
+  raw_data jsonb,
+  type text,
+  is_global boolean
+) 
+language plpgsql
+security definer -- Runs with elevated privileges to update the row
+as $$
+begin
+  return query
+  update "public"."activities" a
+  set 
+    processing_status = 'processing',
+    locked_by = (select user_id from sales where id = p_agent_sales_id), -- Store the Auth UUID for auditing
+    locked_at = now()
+  from "public"."sales" s_owner
+  where a.id = (
+    select act.id
+    from "public"."activities" act
+    left join "public"."sales" owner on act.sales_id = owner.id
+    where 
+      act.processing_status = 'raw'
+      and (
+        -- CRITERIA 1: IT IS MINE
+        act.sales_id = p_agent_sales_id
+        
+        -- CRITERIA 2: IT IS GLOBAL
+        or act.sales_id is null
+        
+        -- CRITERIA 3: IT IS STALE AND STEALABLE
+        or (
+          act.sales_id != p_agent_sales_id         -- Not mine
+          and (owner.allow_remote_processing is true or owner.allow_remote_processing is null) -- Owner allows stealing (default true)
+          and act.created_at < now() - ((coalesce(owner.stale_threshold_minutes, 15) || ' minutes')::interval)
+        )
+      )
+    order by 
+      (act.sales_id = p_agent_sales_id) desc, -- My tasks first
+      (act.sales_id is null) desc,            -- Global tasks second
+      act.created_at asc                      -- Oldest stale tasks last
+    limit 1
+    for update skip locked
+  )
+  and (a.sales_id = s_owner.id or a.sales_id is null) -- Join condition
+  returning a.id, a.raw_data, a.type, (a.sales_id is null) as is_global;
+end;
+$$;
+
+-- 7. Trigger: Link Ingestion Providers -> Sales ID on Insert
+-- If we insert an activity with a provider_id but no sales_id, try to auto-assign it based on the provider config.
+create or replace function auto_assign_activity_owner()
+returns trigger
+language plpgsql
+as $$
+begin
+    if new.sales_id is null and new.provider_id is not null then
+        select sales_id into new.sales_id
+        from ingestion_providers
+        where id = new.provider_id;
+    end if;
+    return new;
+end;
+$$;
+
+create trigger "before_insert_activity_assign_owner"
+before insert on "public"."activities"
+for each row execute function auto_assign_activity_owner();
+
+-- 8. Enable pg_cron (if available, this might fail on some Supabase tiers so we wrap it)
+do $$
+begin
+    create extension if not exists pg_cron;
+exception when others then
+    raise notice 'pg_cron extension could not be enabled - skipping cron setup';
+end
+$$;
+
+-- 9. RLS Policies
+-- Activities: Authenticated users can read all (for Team view). Only Owner or Global can be updated (unless claiming).
+create policy "Enable read access for authenticated users" on "public"."activities" for select to authenticated using (true);
+create policy "Enable insert for authenticated users" on "public"."activities" for insert to authenticated with check (true);
+create policy "Enable update for authenticated users" on "public"."activities" for update to authenticated using (true);
+
+-- Ingestion Providers: Admins only? For now, authenticated read.
+create policy "Enable read access for authenticated users" on "public"."ingestion_providers" for select to authenticated using (true);
+

package/supabase/migrations/20251221000000_contact_matching.sql

@@ -0,0 +1,94 @@
+-- Migration: Add Contact Matching for Activities
+-- Automatically links activities to contacts based on email or phone number
+
+-- Function: Normalize phone number to E.164 format for matching
+-- Strips formatting and ensures consistent format
+CREATE OR REPLACE FUNCTION normalize_phone(phone_input text)
+RETURNS text
+LANGUAGE plpgsql
+IMMUTABLE
+AS $$
+BEGIN
+  -- Remove all non-digit characters except leading +
+  RETURN regexp_replace(phone_input, '[^+0-9]', '', 'g');
+END;
+$$;
+
+-- Function: Auto-link activity to contact based on email or phone
+-- Priority: Email match > Phone match (E.164) > Fuzzy phone match (last 10 digits)
+CREATE OR REPLACE FUNCTION auto_link_contact()
+RETURNS TRIGGER
+LANGUAGE plpgsql
+AS $$
+DECLARE
+  matched_contact_id bigint;
+BEGIN
+  -- Only attempt matching if contact_id is not already set
+  IF NEW.contact_id IS NOT NULL THEN
+    RETURN NEW;
+  END IF;
+
+  -- Strategy 1: Try exact email match
+  -- Note: email is stored as email_jsonb (array of email objects)
+  IF NEW.metadata ? 'from' AND NEW.metadata->>'from' LIKE '%@%' THEN
+    SELECT id INTO matched_contact_id
+    FROM contacts
+    WHERE email_jsonb @> jsonb_build_array(jsonb_build_object('email', NEW.metadata->>'from'))
+    LIMIT 1;
+
+    IF matched_contact_id IS NOT NULL THEN
+      NEW.contact_id := matched_contact_id;
+      RETURN NEW;
+    END IF;
+  END IF;
+
+  -- Strategy 2: Try exact phone match (E.164 normalized)
+  -- Note: phones are stored as phone_jsonb (array of phone objects)
+  IF NEW.metadata ? 'from' AND NEW.metadata->>'from' LIKE '+%' THEN
+    SELECT id INTO matched_contact_id
+    FROM contacts
+    WHERE EXISTS (
+      SELECT 1 FROM jsonb_array_elements(phone_jsonb) AS phone
+      WHERE normalize_phone(phone->>'number') = normalize_phone(NEW.metadata->>'from')
+    )
+    LIMIT 1;
+
+    IF matched_contact_id IS NOT NULL THEN
+      NEW.contact_id := matched_contact_id;
+      RETURN NEW;
+    END IF;
+  END IF;
+
+  -- Strategy 3: Try fuzzy phone match (last 10 digits for US numbers)
+  IF NEW.metadata ? 'from' AND length(regexp_replace(NEW.metadata->>'from', '[^0-9]', '', 'g')) >= 10 THEN
+    SELECT id INTO matched_contact_id
+    FROM contacts
+    WHERE EXISTS (
+      SELECT 1 FROM jsonb_array_elements(phone_jsonb) AS phone
+      WHERE right(regexp_replace(phone->>'number', '[^0-9]', '', 'g'), 10) =
+            right(regexp_replace(NEW.metadata->>'from', '[^0-9]', '', 'g'), 10)
+    )
+    LIMIT 1;
+
+    IF matched_contact_id IS NOT NULL THEN
+      NEW.contact_id := matched_contact_id;
+      RETURN NEW;
+    END IF;
+  END IF;
+
+  -- No match found - activity will be created as "orphan" with contact_id = NULL
+  RETURN NEW;
+END;
+$$;
+
+-- Trigger: Auto-link contacts before inserting activities
+CREATE TRIGGER before_insert_activity_link_contact
+BEFORE INSERT ON "public"."activities"
+FOR EACH ROW
+EXECUTE FUNCTION auto_link_contact();
+
+-- Comment for documentation
+COMMENT ON FUNCTION auto_link_contact() IS
+'Automatically links activities to contacts based on email or phone number in metadata.from field.
+Priority: Email match > Phone E.164 match > Fuzzy phone match (last 10 digits).
+Activities without matches become orphans (contact_id = NULL).';

package/supabase/migrations/20251221000001_fix_ingestion_providers_rls.sql

@@ -0,0 +1,23 @@
+-- Migration: Fix RLS policies for ingestion_providers table
+-- Add missing INSERT, UPDATE, DELETE policies for authenticated users
+
+-- Allow authenticated users to create ingestion channels
+create policy "Enable insert for authenticated users"
+on "public"."ingestion_providers"
+for insert
+to authenticated
+with check (true);
+
+-- Allow authenticated users to update their ingestion channels
+create policy "Enable update for authenticated users"
+on "public"."ingestion_providers"
+for update
+to authenticated
+using (true);
+
+-- Allow authenticated users to delete their ingestion channels
+create policy "Enable delete for authenticated users"
+on "public"."ingestion_providers"
+for delete
+to authenticated
+using (true);

package/supabase/migrations/20251221000002_fix_contact_matching_jsonb.sql

@@ -0,0 +1,67 @@
+-- Migration: Fix contact matching to work with email_jsonb and phone_jsonb schema
+
+-- Drop and recreate the auto_link_contact function with correct JSONB queries
+CREATE OR REPLACE FUNCTION auto_link_contact()
+RETURNS TRIGGER
+LANGUAGE plpgsql
+AS $$
+DECLARE
+  matched_contact_id bigint;
+BEGIN
+  -- Only attempt matching if contact_id is not already set
+  IF NEW.contact_id IS NOT NULL THEN
+    RETURN NEW;
+  END IF;
+
+  -- Strategy 1: Try exact email match
+  -- Note: email is stored as email_jsonb (array of email objects)
+  IF NEW.metadata ? 'from' AND NEW.metadata->>'from' LIKE '%@%' THEN
+    SELECT id INTO matched_contact_id
+    FROM contacts
+    WHERE email_jsonb @> jsonb_build_array(jsonb_build_object('email', NEW.metadata->>'from'))
+    LIMIT 1;
+
+    IF matched_contact_id IS NOT NULL THEN
+      NEW.contact_id := matched_contact_id;
+      RETURN NEW;
+    END IF;
+  END IF;
+
+  -- Strategy 2: Try exact phone match (E.164 normalized)
+  -- Note: phones are stored as phone_jsonb (array of phone objects)
+  IF NEW.metadata ? 'from' AND NEW.metadata->>'from' LIKE '+%' THEN
+    SELECT id INTO matched_contact_id
+    FROM contacts
+    WHERE EXISTS (
+      SELECT 1 FROM jsonb_array_elements(phone_jsonb) AS phone
+      WHERE normalize_phone(phone->>'number') = normalize_phone(NEW.metadata->>'from')
+    )
+    LIMIT 1;
+
+    IF matched_contact_id IS NOT NULL THEN
+      NEW.contact_id := matched_contact_id;
+      RETURN NEW;
+    END IF;
+  END IF;
+
+  -- Strategy 3: Try fuzzy phone match (last 10 digits for US numbers)
+  IF NEW.metadata ? 'from' AND length(regexp_replace(NEW.metadata->>'from', '[^0-9]', '', 'g')) >= 10 THEN
+    SELECT id INTO matched_contact_id
+    FROM contacts
+    WHERE EXISTS (
+      SELECT 1 FROM jsonb_array_elements(phone_jsonb) AS phone
+      WHERE right(regexp_replace(phone->>'number', '[^0-9]', '', 'g'), 10) =
+            right(regexp_replace(NEW.metadata->>'from', '[^0-9]', '', 'g'), 10)
+    )
+    LIMIT 1;
+
+    IF matched_contact_id IS NOT NULL THEN
+      NEW.contact_id := matched_contact_id;
+      RETURN NEW;
+    END IF;
+  END IF;
+
+  -- No match found - activity will be created as "orphan" with contact_id = NULL
+  RETURN NEW;
+END;
+$$;