# Venture CRM Roadmap (Airtable Replacement) ## Current status - Premium Airtable-like frontend grid exists and is actively iterating. - Backend now has production-grade APIs for: - `GET /api/fundraising/state` - `PUT /api/fundraising/state` (with optimistic version check) - `GET /api/fundraising/export` - `POST /api/fundraising/backup` - `POST /api/fundraising/restore-preview` - `POST /api/fundraising/restore` - `GET /api/fundraising/backups` - `GET/PATCH /api/fundraising/backup-policy` - `GET /api/fundraising/relational-summary` - `GET /api/feature-requests` - `POST /api/feature-requests` - `PATCH /api/feature-requests/:id` - New DB tables: - `fundraising_state` - `fundraising_investors` - `fundraising_contacts` - `fundraising_funds` - `fundraising_commitments` - `fundraising_views` - `feature_requests` - `app_settings` - Grid saves/restores now sync into relational fundraising tables automatically. - Formula engine is now sandboxed (no `eval`/`new Function`) with expanded function support. - Automation engine v1 added: - Rule table + toggle API - List memberships (`main`, `follow_up`, `graveyard`, `longshot`, `all`) - Automation run log - Collaboration/reliability additions: - Unified activity feed API (`audit` + `automation` + `backup`) - Backup integrity verification API - Better version-conflict metadata (`updated_at`, `updated_by`) - Security hardening additions: - Basic IP rate limiting (login and write APIs) - Configurable CORS origin (`CRM_CORS_ORIGIN`) - Production secret enforcement (`CRM_ENV=production` requires `CRM_SECRET_KEY`) - Security status API + go-live checklist (`SECURITY.md`) ## Phase 1 (Production foundation) 1. Persist grid + views on backend - Wire frontend fundraising grid reads/writes to `/api/fundraising/state`. - Keep localStorage only as emergency fallback. - Add autosave debounce and conflict handling (`expected_version`). 2. Admin-invite auth model - Disable self-register for non-admin users. - Add admin-only invite/create-user endpoint. - Keep role model: `admin`, `member`. 3. Deployment and remote access - Add `docker-compose` for one-command launch. - Reverse proxy + TLS option (Caddy/Traefik) for non-Tailscale deployments. - Recommended for your use case: Tailscale private access to laptop host. 4. Data safety and operations - Automated nightly SQLite backups and restore test script. - Add `/api/fundraising/export` for JSON snapshot export. - Add health/readiness checks. ## Phase 2 (Airtable parity) 1. Advanced views - Multi-condition filter groups (AND/OR groups) - Multi-column sorting - Pinned/frozen columns - Personal vs shared views 2. Formula engine v2 - Add functions: `SUM`, `MIN`, `MAX`, `ROUND`, `ABS`, `CONCAT` (done) - Type-aware formulas and better errors - Dependency graph and recalculation rules 3. Activity + audit - Record-level change history in UI - Last modified by / at fields - Restore archived rows ## Phase 3 (Team workflow and automation) 1. Tasks/reminders tied to investors/contacts 2. Automation rules (graveyard/follow-up triggers) 3. Email/communication integrations (optional) 4. Granular permissions (if team grows) ## Definition of done for "Airtable substitute" v1 - Team can manage all investors in one master table - Saved views replicate current Airtable workflows - CSV import from Airtable is reliable and repeatable - Data persists safely and supports multi-user access - Auth is invite-only and backups are automated