Add status cycling and lead attribution tracking

[saifsoub]

Summary

This PR introduces clickable status cycling for all entities (leads, opportunities, offers, assets) and adds content attribution tracking to leads. Users can now advance entity statuses by clicking a button, and leads capture which content item referred them.

Key Changes

• New StatusCycleButton component: A reusable client component that cycles through entity statuses with visual feedback. Includes:

  • Status-specific color coding for leads, opportunities, offers, and assets
  • Loading state with spinner during API calls
  • Automatic router refresh after status update
  • Hover and active state animations

• API endpoints for status updates: Added PATCH routes for:

  • /api/leads/[id]
  • /api/opportunities/[id]
  • /api/offers/[id]
  • /api/assets/[id]

• Lead attribution tracking:

  • Added refContentId field to leads to track which content item referred them
  • Updated LeadForm to capture and pass refContentId from URL search params
  • Leads page now displays content attribution with a link icon
  • Content lookup map built from db.contentItems for display

• Offer enhancements:

  • Added optional calUrl field for Cal.com booking integration
  • Offer landing page now conditionally renders Cal.com iframe or lead form based on calUrl presence
  • When Cal.com is available, shows both booking widget and optional message form
  • Supports ref query parameter for content attribution

• UI improvements:

  • Replaced SectionCard components with custom card layouts in assets and offers pages
  • Added external link indicators and status badges to asset/offer cards
  • Leads table now includes "Via" column showing content attribution
  • Opportunities table uses new StatusCycleButton instead of static badge
  • Better visual hierarchy with improved spacing and typography

• Store updates:

  • Added updateLead, updateOffer, updateOpportunity, updateAsset functions
  • Extended type definitions to include new fields (calUrl, refContentId)
  • Updated validators for new optional fields

Implementation Details

• Status cycling uses modulo arithmetic to loop through predefined status arrays per entity type
• Color scheme is consistent across all entity types with semantic meaning (e.g., green for completed states)
• Lead form now passes refContentId to API, enabling attribution analytics
• Cal.com integration is optional and gracefully falls back to lead form

https://claude.ai/code/session_01J9wgN7CnCeMnJkAhTyNFMb

[netlify]

✅ Deploy Preview for personalcommandcenter ready!

Name	Link
🔨 Latest commit	471f260
🔍 Latest deploy log	https://app.netlify.com/projects/personalcommandcenter/deploys/69cf6b144088650008c069a3
😎 Deploy Preview	https://deploy-preview-6--personalcommandcenter.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agent-empire	Error		Apr 3, 2026 7:24am

[gemini-code-assist]

Code Review

This pull request introduces PATCH endpoints for assets, leads, offers, and opportunities, alongside a new StatusCycleButton component for interactive status management. It also implements referral tracking via refContentId and adds support for calUrl in offers. The review feedback highlights critical security and reliability concerns: the new API endpoints are vulnerable to mass assignment due to unvalidated request bodies and have improper error serialization. Additionally, the StatusCycleButton lacks a check for successful network responses, which could lead to the UI becoming out of sync with the server state.

[gemini-code-assist]

This endpoint is vulnerable to mass assignment and has an issue with error serialization.

1. Mass Assignment: The patch object is passed directly from req.json() to the store update function without validation. This allows a client to potentially overwrite internal fields like id or createdAt if they are included in the request body.
2. Error Serialization: In JavaScript, JSON.stringify(new Error()) typically returns {}. Returning the raw error object in the response will likely result in an empty object being sent to the client. It is better to return the error message.

    const body = await req.json();
    const { status, buyUrl, price } = body;
    const updated = await updateAsset(id, { status, buyUrl, price });
    if (!updated) return NextResponse.json({ error: "Not found" }, { status: 404 });
    return NextResponse.json(updated);
  } catch (error) {
    return NextResponse.json(
      { error: error instanceof Error ? error.message : "Unknown error" },
      { status: 400 }
    );

[gemini-code-assist]

This endpoint is vulnerable to mass assignment and has an issue with error serialization.

1. Mass Assignment: The patch object is passed directly from req.json() to the store update function without validation. This allows a client to potentially overwrite internal fields like id or createdAt if they are included in the request body.
2. Error Serialization: In JavaScript, JSON.stringify(new Error()) typically returns {}. Returning the raw error object in the response will likely result in an empty object being sent to the client. It is better to return the error message.

    const body = await req.json();
    const { status, refContentId } = body;
    const updated = await updateLead(id, { status, refContentId });
    if (!updated) return NextResponse.json({ error: "Not found" }, { status: 404 });
    return NextResponse.json(updated);
  } catch (error) {
    return NextResponse.json(
      { error: error instanceof Error ? error.message : "Unknown error" },
      { status: 400 }
    );

[gemini-code-assist]

This endpoint is vulnerable to mass assignment and has an issue with error serialization.

1. Mass Assignment: The patch object is passed directly from req.json() to the store update function without validation. This allows a client to potentially overwrite internal fields like id or createdAt if they are included in the request body.
2. Error Serialization: In JavaScript, JSON.stringify(new Error()) typically returns {}. Returning the raw error object in the response will likely result in an empty object being sent to the client. It is better to return the error message.

    const body = await req.json();
    const { status, ctaUrl, calUrl } = body;
    const updated = await updateOffer(id, { status, ctaUrl, calUrl });
    if (!updated) return NextResponse.json({ error: "Not found" }, { status: 404 });
    return NextResponse.json(updated);
  } catch (error) {
    return NextResponse.json(
      { error: error instanceof Error ? error.message : "Unknown error" },
      { status: 400 }
    );

[gemini-code-assist]

This endpoint is vulnerable to mass assignment and has an issue with error serialization.

1. Mass Assignment: The patch object is passed directly from req.json() to the store update function without validation. This allows a client to potentially overwrite internal fields like id or createdAt if they are included in the request body.
2. Error Serialization: In JavaScript, JSON.stringify(new Error()) typically returns {}. Returning the raw error object in the response will likely result in an empty object being sent to the client. It is better to return the error message.

    const body = await req.json();
    const { status, nextAction, expectedRevenue } = body;
    const updated = await updateOpportunity(id, { status, nextAction, expectedRevenue });
    if (!updated) return NextResponse.json({ error: "Not found" }, { status: 404 });
    return NextResponse.json(updated);
  } catch (error) {
    return NextResponse.json(
      { error: error instanceof Error ? error.message : "Unknown error" },
      { status: 400 }
    );

[gemini-code-assist]

The fetch call does not check if the response was successful (res.ok). If the API request fails (e.g., due to a 404 or 500 error), the component will still update its local state to the "next" status and trigger a router refresh, leading to a UI that is out of sync with the server data.

      const res = await fetch(endpointMap[entityType], {
        method: "PATCH",
        headers: { "Content-Type": "application/json" },
        body: JSON.stringify({ status: next }),
      });
      if (!res.ok) throw new Error("Failed to update status");
      setStatus(next);
      router.refresh();