# Venture CRM Roadmap (Airtable Replacement) ## Current status - Premium Airtable-like frontend grid exists and is actively iterating. - Backend now has production-grade APIs for: - `GET /api/fundraising/state` - `PUT /api/fundraising/state` (with optimistic version check) - `GET /api/fundraising/export` - `POST /api/fundraising/backup` - `POST /api/fundraising/restore-preview` - `POST /api/fundraising/restore` - `GET /api/fundraising/backups` - `GET/PATCH /api/fundraising/backup-policy` - `GET /api/fundraising/relational-summary` - `GET /api/feature-requests` - `POST /api/feature-requests` - `PATCH /api/feature-requests/:id` - New DB tables: - `fundraising_state` - `fundraising_investors` - `fundraising_contacts` - `fundraising_funds` - `fundraising_commitments` - `fundraising_views` - `feature_requests` - `app_settings` - Grid saves/restores now sync into relational fundraising tables automatically. - Formula engine is now sandboxed (no `eval`/`new Function`) with expanded function support. - Automation engine v1 added: - Rule table + toggle API - List memberships (`main`, `follow_up`, `graveyard`, `longshot`, `all`) - Automation run log - Collaboration/reliability additions: - Unified activity feed API (`audit` + `automation` + `backup`) - Backup integrity verification API - Better version-conflict metadata (`updated_at`, `updated_by`) - Security hardening additions: - Basic IP rate limiting (login and write APIs) - Configurable CORS origin (`CRM_CORS_ORIGIN`) - Production secret enforcement (`CRM_ENV=production` requires `CRM_SECRET_KEY`) - Security status API + go-live checklist (`SECURITY.md`) ## Phase 1 (Production foundation) 1. Persist grid + views on backend - Wire frontend fundraising grid reads/writes to `/api/fundraising/state`. - Keep localStorage only as emergency fallback. - Add autosave debounce and conflict handling (`expected_version`). 2. Admin-invite auth model - Disable self-register for non-admin users. - Add admin-only invite/create-user endpoint. - Keep role model: `admin`, `member`. 3. Deployment and remote access - Add `docker-compose` for one-command launch. - Reverse proxy + TLS option (Caddy/Traefik) for non-Tailscale deployments. - Recommended for your use case: Tailscale private access to laptop host. 4. Data safety and operations - Automated nightly SQLite backups and restore test script. - Add `/api/fundraising/export` for JSON snapshot export. - Add health/readiness checks. ## Phase 2 (Airtable parity) 1. Advanced views - Multi-condition filter groups (AND/OR groups) - Multi-column sorting - Pinned/frozen columns - Personal vs shared views 2. Formula engine v2 - Add functions: `SUM`, `MIN`, `MAX`, `ROUND`, `ABS`, `CONCAT` (done) - Type-aware formulas and better errors - Dependency graph and recalculation rules 3. Activity + audit - Record-level change history in UI - Last modified by / at fields - Restore archived rows ## Phase 3 (Team workflow and automation) 1. Tasks/reminders tied to investors/contacts 2. Automation rules (graveyard/follow-up triggers) 3. Email/communication integrations (optional) 4. Granular permissions (if team grows) ## Backlog (post-Phase-1 agentic) ### Daily activity digest (email to the team) *Requested 2026-06-15. Not yet built.* Have the CRM send a **daily digest email** summarizing each registered user's activity — primarily **who emailed which investors and the substance of those emails** — to the fund principal (and eventually other admins). Scales with the synced-user count: 2 users synced today, ~5 eventually. - **Source data:** the captured email-activity already flowing through the Gmail DWD propose→approve pipeline (`backend/email_integration/`), keyed per registered user → per investor/contact. Optionally fold in other CRM activity (audit feed, automation runs, new opportunities) later. - **Send path is NEW capability.** Today nothing leaves the box — the system only *captures* Gmail and *creates drafts*. This needs outbound SMTP. Start9 exposes a system-wide SMTP config that services can consume; wire the digest sender to those credentials rather than hardcoding any account. - **Analysis runs on Spark, never Claude.** The digest is deliberately **un-anonymized** (real LP names + email substance), so any summarization/analysis must go through **Spark Control to local models** — this is the one path that intentionally bypasses the scrub→Claude→re-hydrate boundary, because keeping the substance local is the whole point. Never route digest content to Claude. - **Exempt from "agents draft, humans send."** That rule governs outward LP/prospect contact. This is an internal ops digest to the team's own inboxes — a different category — so an automated daily send here does not violate the draft-only guardrail. State this explicitly at build time. - **Scheduling:** a daily cron, naturally co-located with the existing `backend/email_integration/scheduler.py` sync cadence. - **Soft-delete:** every aggregate/read in the digest must filter `deleted_at IS NULL` (see the standing soft-delete rule). Open design questions to resolve before building: 1. Recipients — just the principal, or all admins / each user gets their own? 2. Summarization — rule-based rollup vs. Spark-LLM narrative summary of email substance? 3. Digest granularity — per-user → per-investor threads, or a fund-wide activity roll-up? 4. Cadence/controls — fixed daily time, opt-out, "nothing happened today" suppression. ## Definition of done for "Airtable substitute" v1 - Team can manage all investors in one master table - Saved views replicate current Airtable workflows - CSV import from Airtable is reliable and repeatable - Data persists safely and supports multi-user access - Auth is invite-only and backups are automated