Agentic CRM

Sales and account teams drown in manual CRM upkeep. Emails arrive, context scatters across threads, and follow-ups slip through the cracks. The CRM — the supposed source of truth — becomes a chore that people update late, partially, or not at all.

I lived this from the business side for years. The tooling never matched how the work actually happened. I wanted a CRM that does the upkeep for you by reading the inbox and proposing the next move — without ever silently acting on your behalf.

Agentic CRM is my attempt to build the kind of business software I wish existed when I was working with clients: intelligent enough to reduce manual work, but safe enough to keep humans in control.

It's also a deliberate engineering exercise. I wanted to prove I could design and ship a real SaaS system — multi-tenancy, auth, billing, background processing, and AI in the loop — not a demo. The constraints are what make it interesting.

The inbox becomes the input. AI reads incoming email, understands intent, and drafts SuggestedActions — create this company, add this contact, open this deal, schedule this task. The user reviews a clear approval surface and decides. Approved actions execute as linked CRM records in the correct dependency order.

The result: the CRM stays current because keeping it current is now one click of review, not an afternoon of data entry. The whole flow — from inbox to executed records — is gated by an explicit human approval boundary:

A React + TypeScript frontend talks to a FastAPI backend over a typed REST API. PostgreSQL is the system of record; Redis backs caching and the job queue; background workers handle inbox sync and AI analysis off the request path. Everything is containerized for Docker and orchestrated with Kubernetes.

React, TypeScript, Vite, and Tailwind. The frontend is organized around CRM entities and the approval workflow: a focused review surface for SuggestedActions, entity views for companies, contacts, deals, and tasks, and clear state for what AI proposed versus what a human approved.

Type safety runs end to end — API contracts are typed so the UI and backend stay in agreement, which matters when the data model spans linked entities and tenant boundaries.

FastAPI and Python with SQLAlchemy as the ORM and Alembic for migrations. The API spans 120+ routes organized by domain — auth, workspaces, CRM entities, email, AI actions, billing — with clear boundaries between request handling, business logic, and persistence.

Long-running and untrusted work (inbox sync, AI analysis) is pushed to background workers via a Redis-backed job queue, so the API stays responsive and failures are isolated and retryable.

app/
├── auth/        JWT · sessions · CSRF
├── workspaces/  tenancy · RBAC · members
├── crm/         company · contact · deal · task
├── email/       Gmail OAuth · sync · import
├── ai/          analysis · SuggestedActions
├── billing/     Stripe · plans · webhooks
└── workers/     queue consumers · schedulers

The data model is multi-tenant by design. Every tenant-owned row is scoped to a workspace, and every query is constrained by that scope — no record crosses a tenant boundary. RBAC governs what members can do within a workspace.

This is the part you never want to get wrong. Tenant isolation is treated as an invariant enforced at the data-access layer, not a convention left to individual queries.

Users connect Gmail via OAuth. The backend manages the token lifecycle — authorization, refresh, and scoped access — and a background worker syncs email, normalizes it, and stages it for analysis. Sync runs off the request path so the UI never blocks on the inbox. From there, synced email feeds the AI approval pipeline shown above.

Imported email is analyzed to extract intent and the CRM operations it implies. The AI doesn't mutate anything — it produces SuggestedActions: structured, reviewable proposals like “create company Acme”, “add contact Jane”, “open deal”, “schedule follow-up”.

Each proposal carries enough context for a human to judge it quickly. The model's job is to draft the work; the human's job is to approve it.

Nothing the AI proposes touches the CRM until a person approves it. The approval surface presents proposed actions as a package, the user accepts or rejects, and only then does execution begin. This boundary is the core safety property of the product.

It's a deliberate design choice: autonomy is seductive and usually wrong for business workflows. Keeping a human in the loop is what makes AI trustworthy enough to actually use on real customer data.

Approved actions rarely stand alone, and the CRM isn't a fixed hierarchy — it's a graph. A contact can exist on its own or belong to a company; a deal can link contacts, companies, or both; a task can link any combination of entities; and interactions can reference anything. Tasks have child tasks, and deals relate to other deals — renewals, expansions, and follow-on opportunities.

So execution isn't a fixed order — it's dependency resolution. The Execution Engine works out what each approved action requires, creates or links entities in the right order, and writes a consistent linked graph so every reference resolves.

Authentication uses JWT and server-side sessions, with CSRF protection on state-changing requests. Authorization is enforced through RBAC scoped to each workspace. Gmail access is limited to the scopes the product needs, and tokens are handled as sensitive credentials.

The whole system is designed with security and deployment in mind from the start — tenant isolation, least-privilege access, and a clear boundary between what AI proposes and what actually executes.

Today every service runs in Docker, orchestrated with Docker Compose for local development: web, API, worker, PostgreSQL, and Redis. The target production architecture is a bare-metal host running a k3s Kubernetes cluster behind Cloudflare — traffic enters through an ingress and fans out to horizontally scalable frontend, API, and worker pods, with Redis and PostgreSQL as managed dependencies. Kubernetes is the planned production topology, not yet deployed.

$ docker compose up
✓ db       postgres        healthy
✓ cache    redis           healthy
✓ api      fastapi :8000   ready
✓ worker   queue consumer  ready
✓ web      vite :5173      ready

The interesting parts of Agentic CRM aren't the features — they're the constraints. These are the problems that took the most design thought, why each one is hard, and the decision I made.

Validation focuses on the parts most likely to break trust: tenant isolation, the auth and CSRF paths, the OAuth token lifecycle, and the approval boundary that guarantees AI never executes without sign-off. Migrations are exercised so the schema can move forward safely.

With core functionality operational, current work is squarely on shipping: deployment, observability, production hardening, and end-to-end testing ahead of the beta. The goal isn't a coverage number — it's confidence that the invariants that make the product safe actually hold.

Most of “production” is the unglamorous work: migrations, auth edge cases, token refresh, and deployment. The AI is the easy, exciting part; the system around it is what makes it usable.

An explicit approval boundary turned out to be a feature, not a limitation. Constraining the AI made the whole product more trustworthy — and easier to reason about as an engineer.

• It's in final validation ahead of a small public beta — not yet operating at production scale, and I don't claim users or revenue.
• AI quality depends on email content; ambiguous threads produce weaker SuggestedActions that lean harder on human review.
• Gmail is the first inbox integration; Microsoft Outlook is in progress and planned before beta.
• Some operational concerns (full observability, multi-region, advanced rate limiting) are designed for but still being built out.

• Complete Microsoft Outlook integration alongside Gmail.
• Production deployment on Kubernetes (k3s) infrastructure.
• Public beta rollout.
• Observability and audit tooling for real deployments.
• Expanded AI workflow capabilities.
• Advanced CRM analytics.