update

SETUP.md

@@ -65,6 +65,8 @@
 
    For HTTPS deployments, also set `HTTPS_ONLY_COOKIES=1` and add your public origin to `CORS_ORIGINS` if the browser origin differs from the API host.
 
+   **Multi-tenant / workspaces:** After sign-in, each user gets a workspace; the first user on an empty database becomes **admin** of the default workspace. Admins can **invite** others (Google accounts only) via the header; invitees open the link, then sign in with the **same email** as invited. **Smartlead webhook URL** must include your workspace id, e.g. `https://your-host/api/webhooks/smartlead?tenant_id=1` (replace `1` with your workspace id from the header switcher).
+
 3. **Run Backend**:
    ```bash
    cd backend

backend/app/auth_routes.py

@@ -5,15 +5,28 @@ Configure GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, and either GOOGLE_REDIRECT_URI
 
 from __future__ import annotations
 
+import hashlib
 import os
 import secrets
+from datetime import datetime
 from urllib.parse import urlencode
 
 import httpx
-from fastapi import APIRouter, HTTPException, Request
+from fastapi import APIRouter, Depends, HTTPException, Request
 from fastapi.responses import RedirectResponse
 from google.auth.transport import requests as google_auth_requests
 from google.oauth2 import id_token
+from pydantic import BaseModel, Field
+from sqlalchemy.orm import Session
+
+from .database import (
+    Invitation,
+    SessionLocal,
+    Tenant,
+    TenantMembership,
+    User,
+    get_db,
+)
 
 router = APIRouter(prefix="/api/auth", tags=["auth"])
 
@@ -21,6 +34,10 @@ GOOGLE_AUTH_URI = "https://accounts.google.com/o/oauth2/v2/auth"
 GOOGLE_TOKEN_URI = "https://oauth2.googleapis.com/token"
 
 
+class SwitchTenantBody(BaseModel):
+    tenant_id: int = Field(..., ge=1)
+
+
 def _client_configured() -> bool:
     return bool(os.environ.get("GOOGLE_CLIENT_ID", "").strip() and os.environ.get("GOOGLE_CLIENT_SECRET", "").strip())
 
@@ -51,7 +68,6 @@ def _public_request_base(request: Request) -> str:
         host = request.headers.get("host") or request.url.netloc or ""
 
     if host:
-        # Use Host / X-Forwarded-Host as-is (keeps localhost:5173 for dev proxy).
         base = f"{proto}://{host}" if proto else f"https://{host}"
         base = _normalize_https_public_origin(base)
         return base.rstrip("/")
@@ -78,17 +94,159 @@ def _post_login_url(request: Request) -> str:
     return _public_request_base(request) + "/"
 
 
+def _norm_email(s: str | None) -> str:
+    return (s or "").strip().lower()
+
+
+def _invite_token_hash(raw: str) -> str:
+    return hashlib.sha256(raw.strip().encode("utf-8")).hexdigest()
+
+
+def _upsert_user(db: Session, id_info: dict) -> User:
+    sub = id_info.get("sub")
+    if not sub:
+        raise HTTPException(status_code=400, detail="Missing subject in id_token")
+    u = db.query(User).filter(User.google_sub == sub).first()
+    email = id_info.get("email") or ""
+    name = id_info.get("name")
+    picture = id_info.get("picture")
+    if u:
+        u.email = email or u.email
+        u.name = name or u.name
+        u.picture = picture or u.picture
+    else:
+        u = User(google_sub=sub, email=email, name=name, picture=picture)
+        db.add(u)
+        db.flush()
+    return u
+
+
+def _try_accept_invite(db: Session, user: User, raw_token: str | None):
+    """
+    Apply pending invitation. Returns tenant_id if membership was created or already existed via invite.
+    Raises ValueError('invite_email_mismatch') if email doesn't match.
+    Returns None if no token or invalid/expired invite (caller may bootstrap instead).
+    """
+    if not raw_token:
+        return None
+    h = _invite_token_hash(raw_token)
+    inv = db.query(Invitation).filter(Invitation.token_hash == h).first()
+    if not inv or inv.accepted_at is not None:
+        return None
+    if inv.expires_at < datetime.utcnow():
+        return None
+    if _norm_email(user.email) != _norm_email(inv.email):
+        raise ValueError("invite_email_mismatch")
+    existing = (
+        db.query(TenantMembership)
+        .filter(
+            TenantMembership.user_id == user.id,
+            TenantMembership.tenant_id == inv.tenant_id,
+        )
+        .first()
+    )
+    if not existing:
+        db.add(
+            TenantMembership(
+                user_id=user.id,
+                tenant_id=inv.tenant_id,
+                role=inv.role or "member",
+            )
+        )
+    inv.accepted_at = datetime.utcnow()
+    return inv.tenant_id
+
+
+def _bootstrap_membership_if_needed(db: Session, user: User) -> None:
+    if db.query(TenantMembership).filter(TenantMembership.user_id == user.id).count() > 0:
+        return
+    total_m = db.query(TenantMembership).count()
+    if total_m == 0:
+        t = db.query(Tenant).order_by(Tenant.id).first()
+        if not t:
+            t = Tenant(name="My workspace")
+            db.add(t)
+            db.flush()
+        db.add(TenantMembership(user_id=user.id, tenant_id=t.id, role="admin"))
+    else:
+        label = (user.email or "user").split("@")[0]
+        t = Tenant(name=f"{label}'s workspace")
+        db.add(t)
+        db.flush()
+        db.add(TenantMembership(user_id=user.id, tenant_id=t.id, role="admin"))
+
+
+def _pick_current_tenant_id(db: Session, user: User, invite_tid: int | None) -> int | None:
+    if invite_tid is not None:
+        m = (
+            db.query(TenantMembership)
+            .filter(
+                TenantMembership.user_id == user.id,
+                TenantMembership.tenant_id == invite_tid,
+            )
+            .first()
+        )
+        if m:
+            return int(invite_tid)
+    m = (
+        db.query(TenantMembership)
+        .filter(TenantMembership.user_id == user.id)
+        .order_by(TenantMembership.id)
+        .first()
+    )
+    return int(m.tenant_id) if m else None
+
+
 @router.get("/status")
 async def auth_status():
     return {"googleConfigured": _client_configured()}
 
 
 @router.get("/me")
-async def auth_me(request: Request):
-    user = request.session.get("user")
-    if not user:
+async def auth_me(request: Request, db: Session = Depends(get_db)):
+    profile = request.session.get("user")
+    uid = request.session.get("user_id")
+    if profile and uid is None and profile.get("sub"):
+        row = db.query(User).filter(User.google_sub == profile["sub"]).first()
+        if row:
+            request.session["user_id"] = row.id
+            uid = row.id
+            if not request.session.get("current_tenant_id"):
+                ms = (
+                    db.query(TenantMembership)
+                    .filter(TenantMembership.user_id == row.id)
+                    .order_by(TenantMembership.id)
+                    .first()
+                )
+                if ms:
+                    request.session["current_tenant_id"] = ms.tenant_id
+    if not profile or uid is None:
         raise HTTPException(status_code=401, detail="Not signed in")
-    return user
+
+    uid = int(uid)
+    tenants_out = []
+    memberships = (
+        db.query(TenantMembership, Tenant)
+        .join(Tenant, Tenant.id == TenantMembership.tenant_id)
+        .filter(TenantMembership.user_id == uid)
+        .order_by(Tenant.name)
+        .all()
+    )
+    cur_tid = request.session.get("current_tenant_id")
+    current_role = None
+    for m, t in memberships:
+        tid = int(t.id)
+        tenants_out.append({"id": tid, "name": t.name, "role": m.role})
+        if cur_tid is not None and int(cur_tid) == tid:
+            current_role = m.role
+
+    return {
+        **profile,
+        "user_id": uid,
+        "tenants": tenants_out,
+        "current_tenant_id": int(cur_tid) if cur_tid is not None else None,
+        "current_role": current_role,
+    }
 
 
 @router.post("/logout")
@@ -97,13 +255,38 @@ async def auth_logout(request: Request):
     return {"ok": True}
 
 
+@router.post("/switch-tenant")
+async def auth_switch_tenant(
+    body: SwitchTenantBody,
+    request: Request,
+    db: Session = Depends(get_db),
+):
+    uid = request.session.get("user_id")
+    if uid is None:
+        raise HTTPException(status_code=401, detail="Sign in required")
+    m = (
+        db.query(TenantMembership)
+        .filter(
+            TenantMembership.user_id == int(uid),
+            TenantMembership.tenant_id == body.tenant_id,
+        )
+        .first()
+    )
+    if not m:
+        raise HTTPException(status_code=403, detail="Not a member of this workspace")
+    request.session["current_tenant_id"] = body.tenant_id
+    return {"ok": True, "tenant_id": body.tenant_id, "role": m.role}
+
+
 @router.get("/google")
-async def google_login(request: Request):
+async def google_login(request: Request, invite: str | None = None):
     if not _client_configured():
         raise HTTPException(
             status_code=503,
             detail="Google sign-in is not configured (set GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET).",
         )
+    if invite:
+        request.session["pending_invite_token"] = invite.strip()
     client_id = os.environ["GOOGLE_CLIENT_ID"].strip()
     state = secrets.token_urlsafe(32)
     redirect_uri = _redirect_uri(request)
@@ -171,11 +354,39 @@ async def google_callback(
     except ValueError as e:
         raise HTTPException(status_code=400, detail=f"Invalid id token: {e}") from e
 
-    request.session["user"] = {
-        "sub": id_info.get("sub"),
-        "email": id_info.get("email"),
-        "name": id_info.get("name"),
-        "picture": id_info.get("picture"),
-        "email_verified": id_info.get("email_verified"),
-    }
+    db = SessionLocal()
+    try:
+        user = _upsert_user(db, id_info)
+        invite_token = request.session.pop("pending_invite_token", None)
+        invite_tid: int | None = None
+        try:
+            invite_tid = _try_accept_invite(db, user, invite_token)
+        except ValueError as e:
+            if str(e) == "invite_email_mismatch":
+                db.rollback()
+                return RedirectResponse(url=f"{dest}?auth_error=invite_email_mismatch")
+            raise
+        _bootstrap_membership_if_needed(db, user)
+        current_tid = _pick_current_tenant_id(db, user, invite_tid)
+        if current_tid is None:
+            db.rollback()
+            raise HTTPException(status_code=500, detail="Could not assign workspace")
+
+        request.session["user_id"] = user.id
+        request.session["current_tenant_id"] = current_tid
+        request.session["user"] = {
+            "sub": id_info.get("sub"),
+            "email": id_info.get("email"),
+            "name": id_info.get("name"),
+            "picture": id_info.get("picture"),
+            "email_verified": id_info.get("email_verified"),
+        }
+        db.commit()
+    except Exception:
+        db.rollback()
+        raise
+    finally:
+        db.close()
+
     return RedirectResponse(url=dest)
+

backend/app/database.py

@@ -1,4 +1,14 @@
-from sqlalchemy import create_engine, Column, Integer, String, Text, DateTime, JSON
+from sqlalchemy import (
+    create_engine,
+    Column,
+    Integer,
+    String,
+    Text,
+    DateTime,
+    JSON,
+    ForeignKey,
+    UniqueConstraint,
+)
 from sqlalchemy.ext.declarative import declarative_base
 from sqlalchemy.orm import sessionmaker
 from datetime import datetime
@@ -15,10 +25,55 @@ SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
 Base = declarative_base()
 
 
+class User(Base):
+    __tablename__ = "users"
+
+    id = Column(Integer, primary_key=True, index=True)
+    google_sub = Column(String, unique=True, index=True, nullable=False)
+    email = Column(String, index=True)
+    name = Column(String, nullable=True)
+    picture = Column(String, nullable=True)
+    created_at = Column(DateTime, default=datetime.utcnow)
+
+
+class Tenant(Base):
+    __tablename__ = "tenants"
+
+    id = Column(Integer, primary_key=True, index=True)
+    name = Column(String, nullable=False)
+    created_at = Column(DateTime, default=datetime.utcnow)
+
+
+class TenantMembership(Base):
+    __tablename__ = "tenant_memberships"
+
+    id = Column(Integer, primary_key=True, index=True)
+    user_id = Column(Integer, ForeignKey("users.id"), nullable=False, index=True)
+    tenant_id = Column(Integer, ForeignKey("tenants.id"), nullable=False, index=True)
+    role = Column(String, default="member", nullable=False)  # admin | member
+    created_at = Column(DateTime, default=datetime.utcnow)
+    __table_args__ = (UniqueConstraint("user_id", "tenant_id", name="uq_user_tenant"),)
+
+
+class Invitation(Base):
+    __tablename__ = "invitations"
+
+    id = Column(Integer, primary_key=True, index=True)
+    tenant_id = Column(Integer, ForeignKey("tenants.id"), nullable=False, index=True)
+    email = Column(String, nullable=False, index=True)
+    token_hash = Column(String(64), unique=True, nullable=False, index=True)
+    role = Column(String, default="member")
+    invited_by_user_id = Column(Integer, ForeignKey("users.id"), nullable=True)
+    expires_at = Column(DateTime, nullable=False)
+    created_at = Column(DateTime, default=datetime.utcnow)
+    accepted_at = Column(DateTime, nullable=True)
+
+
 class UploadedFile(Base):
     __tablename__ = "uploaded_files"
-    
+
     id = Column(Integer, primary_key=True, index=True)
+    tenant_id = Column(Integer, ForeignKey("tenants.id"), nullable=True, index=True)
     file_id = Column(String, unique=True, index=True)
     filename = Column(String)
     contact_count = Column(Integer)
@@ -28,8 +83,9 @@ class UploadedFile(Base):
 
 class Prompt(Base):
     __tablename__ = "prompts"
-    
+
     id = Column(Integer, primary_key=True, index=True)
+    tenant_id = Column(Integer, ForeignKey("tenants.id"), nullable=True, index=True)
     file_id = Column(String, index=True)
     product_name = Column(String)
     prompt_template = Column(Text)
@@ -38,8 +94,9 @@ class Prompt(Base):
 
 class GeneratedSequence(Base):
     __tablename__ = "generated_sequences"
-    
+
     id = Column(Integer, primary_key=True, index=True)
+    tenant_id = Column(Integer, ForeignKey("tenants.id"), nullable=True, index=True)
     file_id = Column(String, index=True)
     sequence_id = Column(Integer)  # Contact sequence number
     email_number = Column(Integer, default=1)  # Email number in sequence (1-10)
@@ -56,8 +113,9 @@ class GeneratedSequence(Base):
 
 class Contact(Base):
     __tablename__ = "contacts"
-    
+
     id = Column(Integer, primary_key=True, index=True)
+    tenant_id = Column(Integer, ForeignKey("tenants.id"), nullable=True, index=True)
     file_id = Column(String, index=True)
     row_index = Column(Integer)
     first_name = Column(String)
@@ -72,9 +130,11 @@ class Contact(Base):
 
 class CrmLead(Base):
     """Lead synced from Smartlead replies (webhook) — CRM pipeline status is local."""
+
     __tablename__ = "crm_leads"
 
     id = Column(Integer, primary_key=True, index=True)
+    tenant_id = Column(Integer, ForeignKey("tenants.id"), nullable=True, index=True)
     smartlead_lead_id = Column(String, index=True)
     campaign_id = Column(String, index=True)
     campaign_name = Column(String)
@@ -95,9 +155,11 @@ class CrmLead(Base):
 
 class CrmDeal(Base):
     """Pipeline deal (often converted from a lead)."""
+
     __tablename__ = "crm_deals"
 
     id = Column(Integer, primary_key=True, index=True)
+    tenant_id = Column(Integer, ForeignKey("tenants.id"), nullable=True, index=True)
     name = Column(String, index=True)
     stage = Column(String, default="new")  # new|discovery|proposal|negotiation|won|lost
     owner_initials = Column(String, default="")
@@ -117,8 +179,9 @@ class CrmDeal(Base):
 
 class SmartleadRun(Base):
     __tablename__ = "smartlead_runs"
-    
+
     id = Column(Integer, primary_key=True, index=True)
+    tenant_id = Column(Integer, ForeignKey("tenants.id"), nullable=True, index=True)
     file_id = Column(String, index=True)
     run_id = Column(String, unique=True, index=True)
     campaign_id = Column(String, index=True)
@@ -136,8 +199,56 @@ class SmartleadRun(Base):
     completed_at = Column(DateTime, nullable=True)
 
 
-# Create tables
+def run_migrations(connection_engine):
+    """Add tenant_id to legacy SQLite tables and attach rows to the default tenant."""
+    from sqlalchemy import inspect, text
+
+    insp = inspect(connection_engine)
+    tenant_tables = (
+        "uploaded_files",
+        "prompts",
+        "generated_sequences",
+        "contacts",
+        "crm_leads",
+        "crm_deals",
+        "smartlead_runs",
+    )
+
+    with connection_engine.begin() as conn:
+        if insp.has_table("tenants"):
+            n = conn.execute(text("SELECT COUNT(*) FROM tenants")).scalar()
+            if n == 0:
+                conn.execute(
+                    text(
+                        "INSERT INTO tenants (name, created_at) VALUES (:name, datetime('now'))"
+                    ),
+                    {"name": "Default workspace"},
+                )
+
+        default_tid = conn.execute(text("SELECT id FROM tenants ORDER BY id LIMIT 1")).scalar()
+        if default_tid is None:
+            default_tid = 1
+
+        insp = inspect(connection_engine)
+        for tbl in tenant_tables:
+            if not insp.has_table(tbl):
+                continue
+            cols = [c["name"] for c in insp.get_columns(tbl)]
+            if "tenant_id" not in cols:
+                conn.execute(text(f"ALTER TABLE {tbl} ADD COLUMN tenant_id INTEGER"))
+
+        for tbl in tenant_tables:
+            if not insp.has_table(tbl):
+                continue
+            conn.execute(
+                text(f"UPDATE {tbl} SET tenant_id = :tid WHERE tenant_id IS NULL"),
+                {"tid": default_tid},
+            )
+
+
+# Create tables then migrate legacy SQLite schemas
 Base.metadata.create_all(bind=engine)
+run_migrations(engine)
 
 
 def get_db():

backend/app/main.py

@@ -22,6 +22,7 @@ from datetime import datetime, timedelta
 from .database import (
     get_db,
     SessionLocal,
+    Tenant,
     UploadedFile,
     Prompt,
     GeneratedSequence,
@@ -47,6 +48,8 @@ from .models import (
 from .gpt_service import generate_email_sequence, enrich_manual_contact_profile
 from .smartlead_client import SmartleadClient
 from .auth_routes import router as auth_router
+from .tenant_deps import TenantContext, get_tenant_context
+from .tenant_routes import router as tenant_router
 
 app = FastAPI()
 
@@ -78,6 +81,7 @@ app.add_middleware(
 )
 
 app.include_router(auth_router)
+app.include_router(tenant_router)
 
 # Create uploads directory
 UPLOAD_DIR = Path("/data/uploads")
@@ -378,7 +382,10 @@ def _move_lead_to_contacts_core(db: Session, lead: CrmLead) -> dict:
         return {"ok": False, "error": "Lead has no email"}
     existing = (
         db.query(Contact)
-        .filter(func.lower(Contact.email) == email.lower())
+        .filter(
+            Contact.tenant_id == lead.tenant_id,
+            func.lower(Contact.email) == email.lower(),
+        )
         .first()
     )
     if existing:
@@ -395,6 +402,7 @@ def _move_lead_to_contacts_core(db: Session, lead: CrmLead) -> dict:
         "smartlead_webhook": lead.raw_webhook,
     }
     contact = Contact(
+        tenant_id=lead.tenant_id,
         file_id=SMARTLEAD_IMPORT_FILE_ID,
         row_index=lead.id,
         first_name=lead.first_name or "",
@@ -427,7 +435,10 @@ def _convert_contact_to_lead_core(db: Session, contact: Contact) -> dict:
         return {"ok": False, "error": "Contact has no email"}
     dup = (
         db.query(CrmLead)
-        .filter(func.lower(CrmLead.email) == email.lower())
+        .filter(
+            CrmLead.tenant_id == contact.tenant_id,
+            func.lower(CrmLead.email) == email.lower(),
+        )
         .first()
     )
     if dup:
@@ -455,6 +466,7 @@ def _convert_contact_to_lead_core(db: Session, contact: Contact) -> dict:
         "company_details": company_snapshot,
     }
     lead = CrmLead(
+        tenant_id=contact.tenant_id,
         smartlead_lead_id=f"from-contact-{contact.id}",
         campaign_id=CONTACTS_TO_LEADS_CAMPAIGN_ID,
         campaign_name=CONTACTS_TO_LEADS_CAMPAIGN_NAME,
@@ -533,8 +545,10 @@ def hello():
 
 
 @app.post("/api/upload-csv")
-async def upload_csv(file: UploadFile = File(...), db: Session = Depends(get_db)):
+async def upload_csv(file: UploadFile = File(...), t: TenantContext = Depends(get_tenant_context)):
     """Upload and parse CSV file from Apollo"""
+    db = t.db
+    tenant_id = t.tenant_id
     try:
         # Generate unique file ID
         file_id = str(uuid.uuid4())
@@ -551,6 +565,7 @@ async def upload_csv(file: UploadFile = File(...), db: Session = Depends(get_db)
         
         # Save upload metadata
         db_file = UploadedFile(
+            tenant_id=tenant_id,
             file_id=file_id,
             filename=file.filename,
             contact_count=contact_count,
@@ -563,6 +578,7 @@ async def upload_csv(file: UploadFile = File(...), db: Session = Depends(get_db)
             row_dict = row.to_dict()
             sanitized_raw_data = {str(k): _json_safe(v) for k, v in row_dict.items()}
             contact = Contact(
+                tenant_id=tenant_id,
                 file_id=file_id,
                 row_index=idx + 1,
                 first_name=_pick_field(row_dict, ["first name", "firstname", "first_name"]),
@@ -587,9 +603,10 @@ async def upload_csv(file: UploadFile = File(...), db: Session = Depends(get_db)
 
 
 @app.get("/api/contact-fields")
-async def contact_fields(db: Session = Depends(get_db)):
+async def contact_fields(t: TenantContext = Depends(get_tenant_context)):
     """Return all available contact field names from uploaded Apollo rows."""
-    contacts = db.query(Contact.raw_data).all()
+    db = t.db
+    contacts = db.query(Contact.raw_data).filter(Contact.tenant_id == t.tenant_id).all()
     fields = set(["first_name", "last_name", "email", "company", "title", "file_id", "created_at"])
     for item in contacts:
         raw = item[0] or {}
@@ -615,9 +632,10 @@ async def list_contacts(
     sort_dir: str = Query("desc", description="Sort direction: asc|desc"),
     limit: int = Query(200, ge=1, le=1000),
     offset: int = Query(0, ge=0),
-    db: Session = Depends(get_db),
+    t: TenantContext = Depends(get_tenant_context),
 ):
-    query = db.query(Contact)
+    db = t.db
+    query = db.query(Contact).filter(Contact.tenant_id == t.tenant_id)
     if search:
         pattern = f"%{search}%"
         query = query.filter(
@@ -693,12 +711,20 @@ async def list_contacts(
 
 
 @app.post("/api/contacts")
-async def create_contact(body: ContactCreateRequest, db: Session = Depends(get_db)):
+async def create_contact(body: ContactCreateRequest, t: TenantContext = Depends(get_tenant_context)):
     """Create a contact manually (inline table add). Email must be unique."""
+    db = t.db
     email = _safe_str(body.email).lower()
     if not email:
         raise HTTPException(status_code=400, detail="Email is required")
-    exists = db.query(Contact).filter(func.lower(Contact.email) == email).first()
+    exists = (
+        db.query(Contact)
+        .filter(
+            Contact.tenant_id == t.tenant_id,
+            func.lower(Contact.email) == email,
+        )
+        .first()
+    )
     if exists:
         raise HTTPException(status_code=409, detail="A contact with this email already exists")
     fn = _safe_str(body.first_name)
@@ -713,6 +739,7 @@ async def create_contact(body: ContactCreateRequest, db: Session = Depends(get_d
         "Title": ti,
     }
     contact = Contact(
+        tenant_id=t.tenant_id,
         file_id=MANUAL_CONTACT_FILE_ID,
         row_index=0,
         first_name=fn,
@@ -741,13 +768,14 @@ async def create_contact(body: ContactCreateRequest, db: Session = Depends(get_d
 
 
 @app.post("/api/contacts/bulk-delete")
-async def bulk_delete_contacts(body: BulkContactIdsRequest, db: Session = Depends(get_db)):
+async def bulk_delete_contacts(body: BulkContactIdsRequest, t: TenantContext = Depends(get_tenant_context)):
+    db = t.db
     if not body.contact_ids:
         raise HTTPException(status_code=400, detail="contact_ids required")
     ids = list({int(x) for x in body.contact_ids})
     deleted = (
         db.query(Contact)
-        .filter(Contact.id.in_(ids))
+        .filter(Contact.tenant_id == t.tenant_id, Contact.id.in_(ids))
         .delete(synchronize_session=False)
     )
     db.commit()
@@ -755,14 +783,19 @@ async def bulk_delete_contacts(body: BulkContactIdsRequest, db: Session = Depend
 
 
 @app.post("/api/contacts/seed-demo")
-async def seed_demo_contacts(db: Session = Depends(get_db)):
+async def seed_demo_contacts(t: TenantContext = Depends(get_tenant_context)):
     """
     Replace previous demo-seeded contacts and insert a variety of sample rows
     (rich Apollo-style raw_data) for testing filters and UI.
     """
+    db = t.db
+    tenant_id = t.tenant_id
     removed = (
         db.query(Contact)
-        .filter(Contact.file_id == DEMO_CONTACTS_FILE_ID)
+        .filter(
+            Contact.tenant_id == tenant_id,
+            Contact.file_id == DEMO_CONTACTS_FILE_ID,
+        )
         .delete(synchronize_session=False)
     )
     specs = [
@@ -946,6 +979,7 @@ async def seed_demo_contacts(db: Session = Depends(get_db)):
         rd["First Name"] = s["fn"]
         rd["Last Name"] = s["ln"]
         row = Contact(
+            tenant_id=tenant_id,
             file_id=DEMO_CONTACTS_FILE_ID,
             row_index=i,
             first_name=s["fn"],
@@ -966,18 +1000,23 @@ async def seed_demo_contacts(db: Session = Depends(get_db)):
 
 
 @app.post("/api/contacts/bulk-convert-to-leads")
-async def bulk_convert_contacts_to_leads(body: BulkContactIdsRequest, db: Session = Depends(get_db)):
+async def bulk_convert_contacts_to_leads(body: BulkContactIdsRequest, t: TenantContext = Depends(get_tenant_context)):
     """
     For each contact: create a CrmLead (campaign «Contacts») copied from the contact.
     Contacts are not removed; they remain until explicitly deleted. Fails per-row if the
     contact has no email or a lead with the same email already exists.
     """
+    db = t.db
     if not body.contact_ids:
         raise HTTPException(status_code=400, detail="contact_ids required")
     converted = 0
     errors: List[dict] = []
     for cid in body.contact_ids:
-        contact = db.query(Contact).filter(Contact.id == int(cid)).first()
+        contact = (
+            db.query(Contact)
+            .filter(Contact.tenant_id == t.tenant_id, Contact.id == int(cid))
+            .first()
+        )
         if not contact:
             errors.append({"contact_id": cid, "error": "not found"})
             continue
@@ -994,14 +1033,16 @@ async def bulk_convert_contacts_to_leads(body: BulkContactIdsRequest, db: Sessio
 async def search_company_names(
     q: str = Query("", description="Substring match on Contact.company"),
     limit: int = Query(25, ge=1, le=100),
-    db: Session = Depends(get_db),
+    t: TenantContext = Depends(get_tenant_context),
 ):
     """Distinct company strings from contacts for deal/account linking."""
+    db = t.db
     raw_q = _safe_str(q)
     pattern = f"%{raw_q}%" if raw_q else "%"
     rows = (
         db.query(Contact.company)
         .filter(
+            Contact.tenant_id == t.tenant_id,
             Contact.company.isnot(None),
             Contact.company != "",
             Contact.company.ilike(pattern),
@@ -1028,8 +1069,13 @@ async def search_company_names(
 
 
 @app.get("/api/contacts/{contact_id}")
-async def get_contact(contact_id: int, db: Session = Depends(get_db)):
-    contact = db.query(Contact).filter(Contact.id == contact_id).first()
+async def get_contact(contact_id: int, t: TenantContext = Depends(get_tenant_context)):
+    db = t.db
+    contact = (
+        db.query(Contact)
+        .filter(Contact.tenant_id == t.tenant_id, Contact.id == contact_id)
+        .first()
+    )
     if not contact:
         raise HTTPException(status_code=404, detail="Contact not found")
     return {
@@ -1128,7 +1174,14 @@ def _enrich_deal_response(db: Session, row: CrmDeal) -> dict:
     out = _deal_to_dict(row)
     out["linked_contact"] = None
     if row.contact_id:
-        c = db.query(Contact).filter(Contact.id == row.contact_id).first()
+        c = (
+            db.query(Contact)
+            .filter(
+                Contact.tenant_id == row.tenant_id,
+                Contact.id == row.contact_id,
+            )
+            .first()
+        )
         if c:
             out["company_details"] = _contact_company_details_dict(c)
             out["company_details_contact_id"] = c.id
@@ -1157,8 +1210,13 @@ def _sync_contact_raw_from_columns(contact: Contact) -> None:
 
 
 @app.patch("/api/contacts/{contact_id}")
-async def patch_contact(contact_id: int, body: ContactPatchRequest, db: Session = Depends(get_db)):
-    contact = db.query(Contact).filter(Contact.id == contact_id).first()
+async def patch_contact(contact_id: int, body: ContactPatchRequest, t: TenantContext = Depends(get_tenant_context)):
+    db = t.db
+    contact = (
+        db.query(Contact)
+        .filter(Contact.tenant_id == t.tenant_id, Contact.id == contact_id)
+        .first()
+    )
     if not contact:
         raise HTTPException(status_code=404, detail="Contact not found")
     data = body.model_dump(exclude_unset=True)
@@ -1170,7 +1228,11 @@ async def patch_contact(contact_id: int, body: ContactPatchRequest, db: Session
             raise HTTPException(status_code=400, detail="Email cannot be empty")
         taken = (
             db.query(Contact)
-            .filter(Contact.id != contact_id, func.lower(Contact.email) == email)
+            .filter(
+                Contact.tenant_id == t.tenant_id,
+                Contact.id != contact_id,
+                func.lower(Contact.email) == email,
+            )
             .first()
         )
         if taken:
@@ -1204,7 +1266,7 @@ async def patch_contact(contact_id: int, body: ContactPatchRequest, db: Session
 
 
 @app.post("/api/contacts/{contact_id}/enrich")
-async def enrich_contact(contact_id: int, db: Session = Depends(get_db)):
+async def enrich_contact(contact_id: int, t: TenantContext = Depends(get_tenant_context)):
     """
     GPT-enrich company/contact fields for manually added contacts only.
 
@@ -1213,9 +1275,14 @@ async def enrich_contact(contact_id: int, db: Session = Depends(get_db)):
     Google Search grounding (GEMINI_API_KEY); DuckDuckGo fallback;
     ENRICHMENT_CONTACT_EMAIL helps Wikipedia.
     """
+    db = t.db
     if not os.getenv("OPENAI_API_KEY"):
         raise HTTPException(status_code=503, detail="OpenAI API key is not configured")
-    contact = db.query(Contact).filter(Contact.id == contact_id).first()
+    contact = (
+        db.query(Contact)
+        .filter(Contact.tenant_id == t.tenant_id, Contact.id == contact_id)
+        .first()
+    )
     if not contact:
         raise HTTPException(status_code=404, detail="Contact not found")
     src = (contact.source or "").strip().lower()
@@ -1314,8 +1381,13 @@ async def enrich_contact(contact_id: int, db: Session = Depends(get_db)):
 
 
 @app.get("/api/contacts/{contact_id}/sequences")
-async def get_contact_sequences(contact_id: int, db: Session = Depends(get_db)):
-    contact = db.query(Contact).filter(Contact.id == contact_id).first()
+async def get_contact_sequences(contact_id: int, t: TenantContext = Depends(get_tenant_context)):
+    db = t.db
+    contact = (
+        db.query(Contact)
+        .filter(Contact.tenant_id == t.tenant_id, Contact.id == contact_id)
+        .first()
+    )
     if not contact:
         raise HTTPException(status_code=404, detail="Contact not found")
 
@@ -1325,8 +1397,9 @@ async def get_contact_sequences(contact_id: int, db: Session = Depends(get_db)):
     sequences = (
         db.query(GeneratedSequence)
         .filter(
+            GeneratedSequence.tenant_id == t.tenant_id,
             GeneratedSequence.file_id == contact.file_id,
-            GeneratedSequence.email == contact.email
+            GeneratedSequence.email == contact.email,
         )
         .order_by(GeneratedSequence.sequence_id, GeneratedSequence.email_number)
         .all()
@@ -1351,18 +1424,23 @@ async def get_contact_sequences(contact_id: int, db: Session = Depends(get_db)):
 
 
 @app.post("/api/save-prompts")
-async def save_prompts(request: PromptSaveRequest, db: Session = Depends(get_db)):
+async def save_prompts(request: PromptSaveRequest, t: TenantContext = Depends(get_tenant_context)):
     """Save prompt templates for products"""
+    db = t.db
     try:
         # Delete existing prompts for this file
-        db.query(Prompt).filter(Prompt.file_id == request.file_id).delete()
-        
+        db.query(Prompt).filter(
+            Prompt.tenant_id == t.tenant_id,
+            Prompt.file_id == request.file_id,
+        ).delete()
+
         # Save new prompts
         for product_name, prompt_template in request.prompts.items():
             prompt = Prompt(
+                tenant_id=t.tenant_id,
                 file_id=request.file_id,
                 product_name=product_name,
-                prompt_template=prompt_template
+                prompt_template=prompt_template,
             )
             db.add(prompt)
         
@@ -1373,15 +1451,26 @@ async def save_prompts(request: PromptSaveRequest, db: Session = Depends(get_db)
 
 
 @app.get("/api/generation-status")
-async def generation_status(file_id: str = Query(...), db: Session = Depends(get_db)):
+async def generation_status(file_id: str = Query(...), t: TenantContext = Depends(get_tenant_context)):
     """Return progress for sequence generation (so frontend can resume after sleep/reconnect)."""
-    db_file = db.query(UploadedFile).filter(UploadedFile.file_id == file_id).first()
+    db = t.db
+    db_file = (
+        db.query(UploadedFile)
+        .filter(
+            UploadedFile.tenant_id == t.tenant_id,
+            UploadedFile.file_id == file_id,
+        )
+        .first()
+    )
     if not db_file:
         raise HTTPException(status_code=404, detail="File not found")
     total_contacts = db_file.contact_count or 0
     completed = (
         db.query(GeneratedSequence.sequence_id)
-        .filter(GeneratedSequence.file_id == file_id)
+        .filter(
+            GeneratedSequence.tenant_id == t.tenant_id,
+            GeneratedSequence.file_id == file_id,
+        )
         .distinct()
         .count()
     )
@@ -1394,11 +1483,15 @@ async def generation_status(file_id: str = Query(...), db: Session = Depends(get
 
 
 @app.get("/api/sequences")
-async def get_sequences(file_id: str = Query(...), db: Session = Depends(get_db)):
+async def get_sequences(file_id: str = Query(...), t: TenantContext = Depends(get_tenant_context)):
     """Return all generated sequences for a file (for catch-up after reconnect)."""
+    db = t.db
     sequences = (
         db.query(GeneratedSequence)
-        .filter(GeneratedSequence.file_id == file_id)
+        .filter(
+            GeneratedSequence.tenant_id == t.tenant_id,
+            GeneratedSequence.file_id == file_id,
+        )
         .order_by(GeneratedSequence.sequence_id, GeneratedSequence.email_number)
         .all()
     )
@@ -1423,20 +1516,33 @@ async def get_sequences(file_id: str = Query(...), db: Session = Depends(get_db)
 async def generate_sequences(
     file_id: str = Query(...),
     reset: bool = Query(True),
-    db: Session = Depends(get_db),
+    t: TenantContext = Depends(get_tenant_context),
 ):
     """Generate email sequences using GPT with Server-Sent Events streaming.
     Use reset=1 for a fresh run (clears existing). Use reset=0 to resume after disconnect/sleep."""
-    
+    db = t.db
+    tenant_id = t.tenant_id
+
     async def event_generator():
         try:
-            db_file = db.query(UploadedFile).filter(UploadedFile.file_id == file_id).first()
+            db_file = (
+                db.query(UploadedFile)
+                .filter(
+                    UploadedFile.tenant_id == tenant_id,
+                    UploadedFile.file_id == file_id,
+                )
+                .first()
+            )
             if not db_file:
                 yield f"data: {json.dumps({'type': 'error', 'error': 'File not found'})}\n\n"
                 return
             
             df = pd.read_csv(db_file.file_path)
-            prompts = db.query(Prompt).filter(Prompt.file_id == file_id).all()
+            prompts = (
+                db.query(Prompt)
+                .filter(Prompt.tenant_id == tenant_id, Prompt.file_id == file_id)
+                .all()
+            )
             prompt_dict = {p.product_name: p.prompt_template for p in prompts}
             
             if not prompt_dict:
@@ -1445,7 +1551,10 @@ async def generate_sequences(
             
             products = list(prompt_dict.keys())
             if reset:
-                db.query(GeneratedSequence).filter(GeneratedSequence.file_id == file_id).delete()
+                db.query(GeneratedSequence).filter(
+                    GeneratedSequence.tenant_id == tenant_id,
+                    GeneratedSequence.file_id == file_id,
+                ).delete()
                 db.commit()
             
             total_contacts = len(df)
@@ -1455,6 +1564,7 @@ async def generate_sequences(
                 existing = (
                     db.query(GeneratedSequence)
                     .filter(
+                        GeneratedSequence.tenant_id == tenant_id,
                         GeneratedSequence.file_id == file_id,
                         GeneratedSequence.sequence_id == sequence_id,
                     )
@@ -1498,6 +1608,7 @@ async def generate_sequences(
                 
                 for seq_data in sequence_data_list:
                     db_sequence = GeneratedSequence(
+                        tenant_id=tenant_id,
                         file_id=file_id,
                         sequence_id=sequence_id,
                         email_number=seq_data["email_number"],
@@ -1543,13 +1654,20 @@ async def generate_sequences(
 
 
 @app.get("/api/download-sequences")
-async def download_sequences(file_id: str = Query(...), db: Session = Depends(get_db)):
+async def download_sequences(file_id: str = Query(...), t: TenantContext = Depends(get_tenant_context)):
     """Download generated sequences as CSV with all subject/body fields"""
+    db = t.db
     try:
         # Get all sequences for this file, grouped by contact
-        sequences = db.query(GeneratedSequence).filter(
-            GeneratedSequence.file_id == file_id
-        ).order_by(GeneratedSequence.sequence_id, GeneratedSequence.email_number).all()
+        sequences = (
+            db.query(GeneratedSequence)
+            .filter(
+                GeneratedSequence.tenant_id == t.tenant_id,
+                GeneratedSequence.file_id == file_id,
+            )
+            .order_by(GeneratedSequence.sequence_id, GeneratedSequence.email_number)
+            .all()
+        )
         
         if not sequences:
             raise HTTPException(status_code=404, detail="No sequences found")
@@ -1654,15 +1772,22 @@ async def get_smartlead_campaigns():
 
 
 @app.post("/api/push-to-smartlead")
-async def push_to_smartlead(request: SmartleadPushRequest, db: Session = Depends(get_db)):
+async def push_to_smartlead(request: SmartleadPushRequest, t: TenantContext = Depends(get_tenant_context)):
     """Push generated sequences to Smartlead campaign (add leads to existing campaign)"""
     import uuid
     
+    db = t.db
     try:
         # Get all sequences for this file
-        sequences = db.query(GeneratedSequence).filter(
-            GeneratedSequence.file_id == request.file_id
-        ).order_by(GeneratedSequence.sequence_id, GeneratedSequence.email_number).all()
+        sequences = (
+            db.query(GeneratedSequence)
+            .filter(
+                GeneratedSequence.tenant_id == t.tenant_id,
+                GeneratedSequence.file_id == request.file_id,
+            )
+            .order_by(GeneratedSequence.sequence_id, GeneratedSequence.email_number)
+            .all()
+        )
         
         if not sequences:
             raise HTTPException(status_code=404, detail="No sequences found")
@@ -1702,6 +1827,7 @@ async def push_to_smartlead(request: SmartleadPushRequest, db: Session = Depends
         # Create run record
         run_id = str(uuid.uuid4())
         run = SmartleadRun(
+            tenant_id=t.tenant_id,
             run_id=run_id,
             file_id=request.file_id,
             mode='existing',  # Always 'existing' now
@@ -1843,10 +1969,11 @@ async def push_to_smartlead(request: SmartleadPushRequest, db: Session = Depends
 
 
 @app.get("/api/smartlead-runs")
-async def get_smartlead_runs(file_id: str = Query(None), db: Session = Depends(get_db)):
+async def get_smartlead_runs(file_id: str = Query(None), t: TenantContext = Depends(get_tenant_context)):
     """Get Smartlead run history"""
+    db = t.db
     try:
-        query = db.query(SmartleadRun)
+        query = db.query(SmartleadRun).filter(SmartleadRun.tenant_id == t.tenant_id)
         if file_id:
             query = query.filter(SmartleadRun.file_id == file_id)
         
@@ -1876,11 +2003,19 @@ async def get_smartlead_runs(file_id: str = Query(None), db: Session = Depends(g
 
 
 @app.post("/api/webhooks/smartlead")
-async def smartlead_webhook(request: Request, db: Session = Depends(get_db)):
+async def smartlead_webhook(
+    request: Request,
+    tenant_id: int = Query(..., description="Workspace ID — add ?tenant_id=<id> to the webhook URL in Smartlead"),
+    db: Session = Depends(get_db),
+):
     """
     Smartlead webhook — configure in Smartlead to POST reply events to this URL when a lead replies.
+    Append **?tenant_id=&lt;your workspace id&gt;** to the webhook URL (same id as in the app URL bar after signing in).
     Optional: set SMARTLEAD_WEBHOOK_SECRET and send the same value in header X-Webhook-Token (or Bearer).
     """
+    if not db.query(Tenant).filter(Tenant.id == tenant_id).first():
+        raise HTTPException(status_code=404, detail="Unknown workspace")
+
     secret = os.getenv("SMARTLEAD_WEBHOOK_SECRET")
     if secret:
         token = request.headers.get("X-Webhook-Token") or ""
@@ -1900,7 +2035,7 @@ async def smartlead_webhook(request: Request, db: Session = Depends(get_db)):
     if not parsed:
         return {"ok": True, "ignored": True, "reason": "not_a_reply_or_missing_fields"}
 
-    q = db.query(CrmLead)
+    q = db.query(CrmLead).filter(CrmLead.tenant_id == tenant_id)
     row = None
     if parsed["smartlead_lead_id"] and parsed["campaign_id"]:
         row = q.filter(
@@ -1916,7 +2051,10 @@ async def smartlead_webhook(request: Request, db: Session = Depends(get_db)):
     if parsed["email"]:
         apollo = (
             db.query(Contact)
-            .filter(func.lower(Contact.email) == parsed["email"].lower())
+            .filter(
+                Contact.tenant_id == tenant_id,
+                func.lower(Contact.email) == parsed["email"].lower(),
+            )
             .first()
         )
         if apollo:
@@ -1947,6 +2085,7 @@ async def smartlead_webhook(request: Request, db: Session = Depends(get_db)):
                 row.smartlead_lead_id = parsed["smartlead_lead_id"]
     else:
         row = CrmLead(
+            tenant_id=tenant_id,
             smartlead_lead_id=parsed["smartlead_lead_id"] or "",
             campaign_id=parsed["campaign_id"] or "",
             campaign_name=parsed["campaign_name"] or "",
@@ -1969,13 +2108,19 @@ async def smartlead_webhook(request: Request, db: Session = Depends(get_db)):
 
 
 @app.post("/api/leads/seed-demo")
-async def seed_demo_leads(db: Session = Depends(get_db)):
+async def seed_demo_leads(t: TenantContext = Depends(get_tenant_context)):
     """
     Insert sample leads so the Leads UI can be previewed without a real Smartlead webhook.
     Deletes any previous demo rows (emails like demo.lead.*@emailout.local) then inserts fresh ones.
     """
+    db = t.db
+    tid = t.tenant_id
     demo_email_filter = CrmLead.email.like("demo.lead.%@emailout.local")
-    removed = db.query(CrmLead).filter(demo_email_filter).delete(synchronize_session=False)
+    removed = (
+        db.query(CrmLead)
+        .filter(CrmLead.tenant_id == tid, demo_email_filter)
+        .delete(synchronize_session=False)
+    )
 
     campaign_id = "88001"
     campaign_name = "Logistics & Supply Chain Outreach"
@@ -2092,6 +2237,7 @@ async def seed_demo_leads(db: Session = Depends(get_db)):
         }
         db.add(
             CrmLead(
+                tenant_id=tid,
                 smartlead_lead_id=s["sl_id"],
                 campaign_id=campaign_id,
                 campaign_name=campaign_name,
@@ -2125,9 +2271,10 @@ async def list_leads(
     sort_dir: str = Query("desc"),
     limit: int = Query(50, ge=1, le=200),
     offset: int = Query(0, ge=0),
-    db: Session = Depends(get_db),
+    t: TenantContext = Depends(get_tenant_context),
 ):
-    q = db.query(CrmLead)
+    db = t.db
+    q = db.query(CrmLead).filter(CrmLead.tenant_id == t.tenant_id)
     if search.strip():
         term = f"%{search.strip().lower()}%"
         q = q.filter(
@@ -2163,13 +2310,25 @@ async def list_leads(
 
 
 @app.get("/api/leads/{lead_id}")
-async def get_lead(lead_id: int, db: Session = Depends(get_db)):
-    row = db.query(CrmLead).filter(CrmLead.id == lead_id).first()
+async def get_lead(lead_id: int, t: TenantContext = Depends(get_tenant_context)):
+    db = t.db
+    row = (
+        db.query(CrmLead)
+        .filter(CrmLead.tenant_id == t.tenant_id, CrmLead.id == lead_id)
+        .first()
+    )
     if not row:
         raise HTTPException(status_code=404, detail="Lead not found")
     d = _crm_lead_to_dict(row)
     if row.contact_id:
-        c = db.query(Contact).filter(Contact.id == row.contact_id).first()
+        c = (
+            db.query(Contact)
+            .filter(
+                Contact.tenant_id == t.tenant_id,
+                Contact.id == row.contact_id,
+            )
+            .first()
+        )
         if c:
             d["contact"] = {
                 "id": c.id,
@@ -2182,8 +2341,13 @@ async def get_lead(lead_id: int, db: Session = Depends(get_db)):
 
 
 @app.patch("/api/leads/{lead_id}")
-async def patch_lead(lead_id: int, body: CrmLeadPatchRequest, db: Session = Depends(get_db)):
-    row = db.query(CrmLead).filter(CrmLead.id == lead_id).first()
+async def patch_lead(lead_id: int, body: CrmLeadPatchRequest, t: TenantContext = Depends(get_tenant_context)):
+    db = t.db
+    row = (
+        db.query(CrmLead)
+        .filter(CrmLead.tenant_id == t.tenant_id, CrmLead.id == lead_id)
+        .first()
+    )
     if not row:
         raise HTTPException(status_code=404, detail="Lead not found")
     data = body.model_dump(exclude_unset=True)
@@ -2214,6 +2378,7 @@ async def patch_lead(lead_id: int, body: CrmLeadPatchRequest, db: Session = Depe
             taken = (
                 db.query(CrmLead)
                 .filter(
+                    CrmLead.tenant_id == row.tenant_id,
                     CrmLead.id != lead_id,
                     func.lower(CrmLead.email) == email,
                 )
@@ -2240,8 +2405,13 @@ async def patch_lead(lead_id: int, body: CrmLeadPatchRequest, db: Session = Depe
 
 
 @app.post("/api/leads/{lead_id}/move-to-contacts")
-async def move_lead_to_contacts(lead_id: int, db: Session = Depends(get_db)):
-    lead = db.query(CrmLead).filter(CrmLead.id == lead_id).first()
+async def move_lead_to_contacts(lead_id: int, t: TenantContext = Depends(get_tenant_context)):
+    db = t.db
+    lead = (
+        db.query(CrmLead)
+        .filter(CrmLead.tenant_id == t.tenant_id, CrmLead.id == lead_id)
+        .first()
+    )
     if not lead:
         raise HTTPException(status_code=404, detail="Lead not found")
     r = _move_lead_to_contacts_core(db, lead)
@@ -2252,13 +2422,18 @@ async def move_lead_to_contacts(lead_id: int, db: Session = Depends(get_db)):
 
 
 @app.post("/api/leads/bulk-move-to-contacts")
-async def bulk_move_leads_to_contacts(body: BulkLeadIdsRequest, db: Session = Depends(get_db)):
+async def bulk_move_leads_to_contacts(body: BulkLeadIdsRequest, t: TenantContext = Depends(get_tenant_context)):
+    db = t.db
     if not body.lead_ids:
         raise HTTPException(status_code=400, detail="lead_ids required")
     moved = 0
     errors: List[dict] = []
     for lid in body.lead_ids:
-        lead = db.query(CrmLead).filter(CrmLead.id == lid).first()
+        lead = (
+            db.query(CrmLead)
+            .filter(CrmLead.tenant_id == t.tenant_id, CrmLead.id == lid)
+            .first()
+        )
         if not lead:
             errors.append({"lead_id": lid, "error": "not found"})
             continue
@@ -2272,12 +2447,13 @@ async def bulk_move_leads_to_contacts(body: BulkLeadIdsRequest, db: Session = De
 
 
 @app.post("/api/leads/bulk-delete")
-async def bulk_delete_leads(body: BulkLeadIdsRequest, db: Session = Depends(get_db)):
+async def bulk_delete_leads(body: BulkLeadIdsRequest, t: TenantContext = Depends(get_tenant_context)):
+    db = t.db
     if not body.lead_ids:
         raise HTTPException(status_code=400, detail="lead_ids required")
     deleted = (
         db.query(CrmLead)
-        .filter(CrmLead.id.in_(body.lead_ids))
+        .filter(CrmLead.tenant_id == t.tenant_id, CrmLead.id.in_(body.lead_ids))
         .delete(synchronize_session=False)
     )
     db.commit()
@@ -2285,19 +2461,25 @@ async def bulk_delete_leads(body: BulkLeadIdsRequest, db: Session = Depends(get_
 
 
 @app.post("/api/deals/from-leads")
-async def deals_from_leads(body: BulkLeadIdsRequest, db: Session = Depends(get_db)):
+async def deals_from_leads(body: BulkLeadIdsRequest, t: TenantContext = Depends(get_tenant_context)):
     """Create one deal per selected lead and remove those leads from the Leads table."""
+    db = t.db
     if not body.lead_ids:
         raise HTTPException(status_code=400, detail="lead_ids required")
     created: List[dict] = []
     errors: List[dict] = []
     for lid in body.lead_ids:
-        lead = db.query(CrmLead).filter(CrmLead.id == lid).first()
+        lead = (
+            db.query(CrmLead)
+            .filter(CrmLead.tenant_id == t.tenant_id, CrmLead.id == lid)
+            .first()
+        )
         if not lead:
             errors.append({"lead_id": lid, "error": "not found"})
             continue
         person = " ".join(filter(None, [lead.first_name or "", lead.last_name or ""])).strip()
         deal = CrmDeal(
+            tenant_id=lead.tenant_id,
             name=_deal_name_from_lead(lead),
             stage="new",
             owner_initials=_owner_initials_from_lead(lead),
@@ -2327,9 +2509,10 @@ async def list_deals(
     sort_dir: str = Query("desc"),
     limit: int = Query(100, ge=1, le=500),
     offset: int = Query(0, ge=0),
-    db: Session = Depends(get_db),
+    t: TenantContext = Depends(get_tenant_context),
 ):
-    q = db.query(CrmDeal)
+    db = t.db
+    q = db.query(CrmDeal).filter(CrmDeal.tenant_id == t.tenant_id)
     if search.strip():
         term = f"%{search.strip().lower()}%"
         q = q.filter(
@@ -2357,16 +2540,18 @@ async def list_deals(
 
 
 @app.post("/api/deals")
-async def create_deal(body: CrmDealCreateRequest, db: Session = Depends(get_db)):
+async def create_deal(body: CrmDealCreateRequest, t: TenantContext = Depends(get_tenant_context)):
     stage = (body.stage or "new").strip().lower() or "new"
     if stage not in DEAL_STAGE_ALLOWED:
         raise HTTPException(
             status_code=400,
             detail=f"stage must be one of: {sorted(DEAL_STAGE_ALLOWED)}",
         )
+    db = t.db
     raw_name = _safe_str(body.name) if body.name is not None else ""
     name = raw_name or "Untitled deal"
     row = CrmDeal(
+        tenant_id=t.tenant_id,
         name=name,
         stage=stage,
         owner_initials="",
@@ -2388,16 +2573,26 @@ async def create_deal(body: CrmDealCreateRequest, db: Session = Depends(get_db))
 
 
 @app.get("/api/deals/{deal_id}")
-async def get_deal(deal_id: int, db: Session = Depends(get_db)):
-    row = db.query(CrmDeal).filter(CrmDeal.id == deal_id).first()
+async def get_deal(deal_id: int, t: TenantContext = Depends(get_tenant_context)):
+    db = t.db
+    row = (
+        db.query(CrmDeal)
+        .filter(CrmDeal.tenant_id == t.tenant_id, CrmDeal.id == deal_id)
+        .first()
+    )
     if not row:
         raise HTTPException(status_code=404, detail="Deal not found")
     return _enrich_deal_response(db, row)
 
 
 @app.patch("/api/deals/{deal_id}")
-async def patch_deal(deal_id: int, body: CrmDealPatchRequest, db: Session = Depends(get_db)):
-    row = db.query(CrmDeal).filter(CrmDeal.id == deal_id).first()
+async def patch_deal(deal_id: int, body: CrmDealPatchRequest, t: TenantContext = Depends(get_tenant_context)):
+    db = t.db
+    row = (
+        db.query(CrmDeal)
+        .filter(CrmDeal.tenant_id == t.tenant_id, CrmDeal.id == deal_id)
+        .first()
+    )
     if not row:
         raise HTTPException(status_code=404, detail="Deal not found")
     data = body.model_dump(exclude_unset=True)
@@ -2408,7 +2603,14 @@ async def patch_deal(deal_id: int, body: CrmDealPatchRequest, db: Session = Depe
         if cid is None:
             row.contact_id = None
         else:
-            contact = db.query(Contact).filter(Contact.id == int(cid)).first()
+            contact = (
+                db.query(Contact)
+                .filter(
+                    Contact.tenant_id == t.tenant_id,
+                    Contact.id == int(cid),
+                )
+                .first()
+            )
             if not contact:
                 raise HTTPException(status_code=404, detail="Contact not found")
             row.contact_id = contact.id
@@ -2445,7 +2647,14 @@ async def patch_deal(deal_id: int, body: CrmDealPatchRequest, db: Session = Depe
 
     c = None
     if row.contact_id:
-        c = db.query(Contact).filter(Contact.id == row.contact_id).first()
+        c = (
+            db.query(Contact)
+            .filter(
+                Contact.tenant_id == t.tenant_id,
+                Contact.id == row.contact_id,
+            )
+            .first()
+        )
     if "account_name" in data and c:
         c.company = row.account_name
     if c:
@@ -2466,8 +2675,14 @@ async def patch_deal(deal_id: int, body: CrmDealPatchRequest, db: Session = Depe
 
 
 @app.post("/api/deals/seed-demo")
-async def seed_demo_deals(db: Session = Depends(get_db)):
-    removed = db.query(CrmDeal).filter(CrmDeal.name.like("DEMO: %")).delete(synchronize_session=False)
+async def seed_demo_deals(t: TenantContext = Depends(get_tenant_context)):
+    db = t.db
+    tid = t.tenant_id
+    removed = (
+        db.query(CrmDeal)
+        .filter(CrmDeal.tenant_id == tid, CrmDeal.name.like("DEMO: %"))
+        .delete(synchronize_session=False)
+    )
     now = datetime.utcnow()
     samples = [
         {
@@ -2518,6 +2733,7 @@ async def seed_demo_deals(db: Session = Depends(get_db)):
     for s in samples:
         db.add(
             CrmDeal(
+                tenant_id=tid,
                 name=s["name"],
                 stage=s["stage"],
                 owner_initials=s["owner_initials"],
@@ -2537,9 +2753,14 @@ async def seed_demo_deals(db: Session = Depends(get_db)):
 
 
 @app.get("/api/leads/{lead_id}/smartlead-thread")
-async def lead_smartlead_thread(lead_id: int, db: Session = Depends(get_db)):
+async def lead_smartlead_thread(lead_id: int, t: TenantContext = Depends(get_tenant_context)):
     """Fetch full thread from Smartlead API (Admin API key required)."""
-    row = db.query(CrmLead).filter(CrmLead.id == lead_id).first()
+    db = t.db
+    row = (
+        db.query(CrmLead)
+        .filter(CrmLead.tenant_id == t.tenant_id, CrmLead.id == lead_id)
+        .first()
+    )
     if not row:
         raise HTTPException(status_code=404, detail="Lead not found")
     if not row.smartlead_lead_id or not row.campaign_id:

backend/app/tenant_deps.py

@@ -0,0 +1,44 @@
+"""Require signed-in user + active workspace membership for tenant-scoped APIs."""
+
+from __future__ import annotations
+
+from dataclasses import dataclass
+
+from fastapi import Depends, HTTPException, Request
+from sqlalchemy.orm import Session
+
+from .database import TenantMembership, get_db
+
+
+@dataclass
+class TenantContext:
+    tenant_id: int
+    user_id: int
+    role: str
+    db: Session
+
+
+async def get_tenant_context(request: Request, db: Session = Depends(get_db)) -> TenantContext:
+    uid = request.session.get("user_id")
+    if uid is None:
+        raise HTTPException(status_code=401, detail="Sign in required")
+    tid = request.session.get("current_tenant_id")
+    if tid is None:
+        raise HTTPException(status_code=400, detail="No workspace selected")
+    m = (
+        db.query(TenantMembership)
+        .filter(
+            TenantMembership.user_id == int(uid),
+            TenantMembership.tenant_id == int(tid),
+        )
+        .first()
+    )
+    if not m:
+        raise HTTPException(status_code=403, detail="You are not a member of this workspace")
+    return TenantContext(tenant_id=int(tid), user_id=int(uid), role=m.role, db=db)
+
+
+async def require_tenant_admin(tc: TenantContext = Depends(get_tenant_context)) -> TenantContext:
+    if tc.role != "admin":
+        raise HTTPException(status_code=403, detail="Admin role required")
+    return tc

backend/app/tenant_routes.py

@@ -0,0 +1,106 @@
+"""Workspace list, switch active workspace, admin invitations."""
+
+from __future__ import annotations
+
+import hashlib
+import os
+import secrets
+from datetime import datetime, timedelta
+
+from fastapi import APIRouter, Depends, HTTPException, Request
+from pydantic import BaseModel, Field
+from sqlalchemy.orm import Session
+
+from sqlalchemy import func
+
+from .database import Invitation, Tenant, TenantMembership, User, get_db
+from .tenant_deps import TenantContext, require_tenant_admin
+
+
+router = APIRouter(prefix="/api/tenants", tags=["tenants"])
+
+
+class InviteBody(BaseModel):
+    email: str = Field(..., min_length=3, max_length=320)
+    role: str = Field(default="member", pattern="^(admin|member)$")
+
+
+def _frontend_origin() -> str:
+    fe = os.environ.get("FRONTEND_ORIGIN", "").strip()
+    if fe:
+        return fe.rstrip("/")
+    return ""
+
+
+def _invite_link(raw_token: str) -> str:
+    base = _frontend_origin()
+    if base:
+        return f"{base}/?invite={raw_token}"
+    return f"/?invite={raw_token}"
+
+
+@router.get("")
+def list_my_workspaces(request: Request, db: Session = Depends(get_db)):
+    uid = request.session.get("user_id")
+    if uid is None:
+        raise HTTPException(status_code=401, detail="Sign in required")
+    rows = (
+        db.query(TenantMembership, Tenant)
+        .join(Tenant, Tenant.id == TenantMembership.tenant_id)
+        .filter(TenantMembership.user_id == int(uid))
+        .order_by(Tenant.name)
+        .all()
+    )
+    current = request.session.get("current_tenant_id")
+    out = []
+    for m, t in rows:
+        out.append(
+            {
+                "id": t.id,
+                "name": t.name,
+                "role": m.role,
+                "current": int(current) == int(t.id) if current is not None else False,
+            }
+        )
+    return {"tenants": out, "current_tenant_id": current}
+
+
+@router.post("/invite")
+def create_invitation(body: InviteBody, tc: TenantContext = Depends(require_tenant_admin)):
+    db = tc.db
+    email_n = body.email.strip().lower()
+    if not email_n or "@" not in email_n:
+        raise HTTPException(status_code=400, detail="Invalid email")
+
+    existing_user = db.query(User).filter(func.lower(User.email) == email_n).first()
+    if existing_user:
+        already = (
+            db.query(TenantMembership)
+            .filter(
+                TenantMembership.user_id == existing_user.id,
+                TenantMembership.tenant_id == tc.tenant_id,
+            )
+            .first()
+        )
+        if already:
+            raise HTTPException(status_code=400, detail="User is already in this workspace")
+
+    raw = secrets.token_urlsafe(32)
+    th = hashlib.sha256(raw.encode("utf-8")).hexdigest()
+    exp = datetime.utcnow() + timedelta(days=7)
+    inv = Invitation(
+        tenant_id=tc.tenant_id,
+        email=email_n,
+        token_hash=th,
+        role=body.role if body.role in ("admin", "member") else "member",
+        invited_by_user_id=tc.user_id,
+        expires_at=exp,
+    )
+    db.add(inv)
+    db.commit()
+    return {
+        "ok": True,
+        "invite_url": _invite_link(raw),
+        "expires_at": exp.isoformat() + "Z",
+        "email": email_n,
+    }

frontend/src/components/layout/AppShell.jsx

@@ -82,7 +82,7 @@ export default function AppShell({ title, subtitle, rightContent, children }) {
                             <h2 className="text-xl font-bold text-slate-800">{title}</h2>
                             {subtitle && <p className="text-sm text-slate-500">{subtitle}</p>}
                         </div>
-                        <div className="flex shrink-0 items-center gap-2">
+                        <div className="relative flex shrink-0 items-center gap-2">
                             <GoogleAuthBar />
                             {rightContent}
                         </div>

frontend/src/components/layout/GoogleAuthBar.jsx

@@ -1,25 +1,36 @@
 import React, { useCallback, useEffect, useState } from 'react';
 import { useSearchParams } from 'react-router-dom';
-import { LogOut } from 'lucide-react';
+import { LogOut, Building2, UserPlus } from 'lucide-react';
 import { Button } from '@/components/ui/button';
+import {
+    Select,
+    SelectContent,
+    SelectItem,
+    SelectTrigger,
+    SelectValue,
+} from '@/components/ui/select';
+import { Input } from '@/components/ui/input';
 import { cn } from '@/lib/utils';
+import { apiFetch } from '@/lib/api';
 
 /**
- * Header sign-in: session cookie set by GET /api/auth/google → Google → /api/auth/google/callback.
+ * Sign-in (Google), workspace switcher, admin invitations; session cookie from OAuth callback.
  */
 export default function GoogleAuthBar() {
     const [searchParams, setSearchParams] = useSearchParams();
-    const [phase, setPhase] = useState('loading'); // loading | ready | error
+    const [phase, setPhase] = useState('loading');
     const [googleOn, setGoogleOn] = useState(false);
     const [user, setUser] = useState(null);
+    const [inviteOpen, setInviteOpen] = useState(false);
+    const [inviteEmail, setInviteEmail] = useState('');
+    const [inviteBusy, setInviteBusy] = useState(false);
+    const [inviteResult, setInviteResult] = useState(null);
 
     const refresh = useCallback(async () => {
         try {
             const [st, me] = await Promise.all([
-                fetch('/api/auth/status').then((r) => r.json()),
-                fetch('/api/auth/me', { credentials: 'include' }).then((r) =>
-                    r.ok ? r.json() : null
-                ),
+                apiFetch('/api/auth/status').then((r) => r.json()),
+                apiFetch('/api/auth/me').then((r) => (r.ok ? r.json() : null)),
             ]);
             setGoogleOn(!!st.googleConfigured);
             setUser(me);
@@ -38,6 +49,10 @@ export default function GoogleAuthBar() {
         if (!err) return;
         if (err === 'access_denied') {
             console.info('Google sign-in was cancelled.');
+        } else if (err === 'invite_email_mismatch') {
+            console.warn(
+                'Invitation email does not match your Google account. Sign in with the invited address.'
+            );
         } else {
             console.warn('Google sign-in error:', err);
         }
@@ -48,13 +63,61 @@ export default function GoogleAuthBar() {
 
     const logout = async () => {
         try {
-            await fetch('/api/auth/logout', { method: 'POST', credentials: 'include' });
+            await apiFetch('/api/auth/logout', { method: 'POST' });
             setUser(null);
         } catch (e) {
             console.error(e);
         }
     };
 
+    const switchTenant = async (tid) => {
+        const id = parseInt(tid, 10);
+        if (!id || id === user?.current_tenant_id) return;
+        try {
+            const res = await apiFetch('/api/auth/switch-tenant', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ tenant_id: id }),
+            });
+            if (!res.ok) return;
+            window.location.reload();
+        } catch (e) {
+            console.error(e);
+        }
+    };
+
+    const sendInvite = async () => {
+        const email = inviteEmail.trim().toLowerCase();
+        if (!email || !email.includes('@')) return;
+        setInviteBusy(true);
+        setInviteResult(null);
+        try {
+            const res = await apiFetch('/api/tenants/invite', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ email, role: 'member' }),
+            });
+            const data = await res.json().catch(() => ({}));
+            if (!res.ok) {
+                setInviteResult({
+                    error: typeof data.detail === 'string' ? data.detail : 'Invite failed',
+                });
+                return;
+            }
+            setInviteResult({ url: data.invite_url });
+            setInviteEmail('');
+        } catch (e) {
+            setInviteResult({ error: String(e) });
+        } finally {
+            setInviteBusy(false);
+        }
+    };
+
+    const inviteParam = searchParams.get('invite');
+    const googleHref = inviteParam
+        ? `/api/auth/google?invite=${encodeURIComponent(inviteParam)}`
+        : '/api/auth/google';
+
     if (phase === 'loading' || (phase === 'ready' && !googleOn)) {
         if (phase === 'loading') {
             return (
@@ -72,8 +135,84 @@ export default function GoogleAuthBar() {
     }
 
     if (user) {
+        const isAdmin = user.current_role === 'admin';
+        const tenants = user.tenants || [];
+
         return (
-            <div className="flex max-w-[min(100vw-8rem,20rem)] items-center gap-2">
+            <div className="flex max-w-[min(100vw-6rem,28rem)] flex-wrap items-center justify-end gap-2">
+                {tenants.length > 0 ? (
+                    <div className="flex items-center gap-1.5 min-w-0">
+                        <Building2 className="h-4 w-4 shrink-0 text-slate-400 hidden sm:block" />
+                        <Select
+                            value={String(user.current_tenant_id ?? '')}
+                            onValueChange={switchTenant}
+                        >
+                            <SelectTrigger className="h-9 max-w-[11rem] sm:max-w-[14rem] border-slate-200 text-xs sm:text-sm">
+                                <SelectValue placeholder="Workspace" />
+                            </SelectTrigger>
+                            <SelectContent>
+                                {tenants.map((tn) => (
+                                    <SelectItem key={tn.id} value={String(tn.id)}>
+                                        {tn.name}
+                                        {tn.role === 'admin' ? ' · admin' : ''}
+                                    </SelectItem>
+                                ))}
+                            </SelectContent>
+                        </Select>
+                    </div>
+                ) : null}
+                {isAdmin ? (
+                    <>
+                        <Button
+                            type="button"
+                            variant="outline"
+                            size="sm"
+                            className="h-9 gap-1 shrink-0"
+                            onClick={() => {
+                                setInviteOpen((o) => !o);
+                                setInviteResult(null);
+                            }}
+                        >
+                            <UserPlus className="h-3.5 w-3.5" />
+                            <span className="hidden sm:inline">Invite</span>
+                        </Button>
+                        {inviteOpen ? (
+                            <div className="absolute right-4 top-full z-50 mt-1 w-[min(100vw-2rem,22rem)] rounded-lg border border-slate-200 bg-white p-3 shadow-lg">
+                                <p className="text-xs text-slate-600 mb-2">
+                                    Invite a Google user by email. They must sign in with that Google
+                                    account.
+                                </p>
+                                <div className="flex gap-2">
+                                    <Input
+                                        type="email"
+                                        placeholder="colleague@company.com"
+                                        value={inviteEmail}
+                                        onChange={(e) => setInviteEmail(e.target.value)}
+                                        className="h-9 text-sm"
+                                    />
+                                    <Button
+                                        type="button"
+                                        size="sm"
+                                        className="shrink-0"
+                                        disabled={inviteBusy}
+                                        onClick={sendInvite}
+                                    >
+                                        {inviteBusy ? '…' : 'Send'}
+                                    </Button>
+                                </div>
+                                {inviteResult?.error ? (
+                                    <p className="text-xs text-red-600 mt-2">{inviteResult.error}</p>
+                                ) : null}
+                                {inviteResult?.url ? (
+                                    <div className="mt-2 space-y-1">
+                                        <p className="text-xs text-slate-600">Invite link (7 days):</p>
+                                        <Input readOnly value={inviteResult.url} className="text-xs h-8" />
+                                    </div>
+                                ) : null}
+                            </div>
+                        ) : null}
+                    </>
+                ) : null}
                 {user.picture ? (
                     <img
                         src={user.picture}
@@ -82,7 +221,7 @@ export default function GoogleAuthBar() {
                         referrerPolicy="no-referrer"
                     />
                 ) : null}
-                <span className="hidden min-w-0 truncate text-sm text-slate-600 sm:inline">
+                <span className="hidden min-w-0 truncate text-sm text-slate-600 lg:inline">
                     {user.name || user.email || 'Signed in'}
                 </span>
                 <Button
@@ -110,7 +249,7 @@ export default function GoogleAuthBar() {
                 'hover:bg-slate-50'
             )}
         >
-            <a href="/api/auth/google" className="inline-flex items-center gap-2">
+            <a href={googleHref} className="inline-flex items-center gap-2">
                 <GoogleMark className="h-4 w-4 shrink-0" />
                 <span className="whitespace-nowrap">Sign in with Google</span>
             </a>

frontend/src/components/sequences/SequenceViewer.jsx

@@ -6,6 +6,7 @@ import { Progress } from "@/components/ui/progress";
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "@/components/ui/select";
 import { motion, AnimatePresence } from 'framer-motion';
 import SequenceCard from './SequenceCard';
+import { apiFetch } from '@/lib/api';
 
 function applySequenceToContacts(prev, sequence, contactCount, setProgress) {
     const existingContact = prev.find(c =>
@@ -69,7 +70,7 @@ export default function SequenceViewer({ isGenerating, generationRunId, contactC
 
         const reset = isNewRun ? 1 : 0;
         const url = `/api/generate-sequences?file_id=${encodeURIComponent(uploadedFile.fileId)}&reset=${reset}`;
-        const eventSource = new EventSource(url, { withCredentials: false });
+        const eventSource = new EventSource(url);
 
         eventSource.onmessage = (event) => {
             try {
@@ -115,8 +116,8 @@ export default function SequenceViewer({ isGenerating, generationRunId, contactC
         (async () => {
             try {
                 const [statusRes, seqRes] = await Promise.all([
-                    fetch(`/api/generation-status?file_id=${encodeURIComponent(uploadedFile.fileId)}`),
-                    fetch(`/api/sequences?file_id=${encodeURIComponent(uploadedFile.fileId)}`)
+                    apiFetch(`/api/generation-status?file_id=${encodeURIComponent(uploadedFile.fileId)}`),
+                    apiFetch(`/api/sequences?file_id=${encodeURIComponent(uploadedFile.fileId)}`)
                 ]);
                 if (cancelled) return;
                 if (statusRes.ok && seqRes.ok) {
@@ -174,7 +175,7 @@ export default function SequenceViewer({ isGenerating, generationRunId, contactC
 
     const handleDownload = async () => {
         try {
-            const response = await fetch(`/api/download-sequences?file_id=${uploadedFile.fileId}`);
+            const response = await apiFetch(`/api/download-sequences?file_id=${uploadedFile.fileId}`);
             if (response.ok) {
                 const blob = await response.blob();
                 const url = URL.createObjectURL(blob);

frontend/src/components/smartlead/SmartleadPanel.jsx

@@ -3,6 +3,7 @@ import { Send, Download, Loader2, CheckCircle2, AlertCircle, Settings, RefreshCw
 import { Button } from "@/components/ui/button";
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "@/components/ui/select";
 import { motion } from 'framer-motion';
+import { apiFetch } from '@/lib/api';
 
 export default function SmartleadPanel({ uploadedFile, sequencesCount, onPushComplete }) {
     const [selectedCampaignId, setSelectedCampaignId] = useState('');
@@ -22,7 +23,7 @@ export default function SmartleadPanel({ uploadedFile, sequencesCount, onPushCom
         setIsLoadingCampaigns(true);
         setError(null);
         try {
-            const response = await fetch('/api/smartlead-campaigns');
+            const response = await apiFetch('/api/smartlead-campaigns');
             const data = await response.json();
             if (response.ok) {
                 setCampaigns(data.campaigns || []);
@@ -52,7 +53,7 @@ export default function SmartleadPanel({ uploadedFile, sequencesCount, onPushCom
         setPushResult(null);
 
         try {
-            const response = await fetch('/api/push-to-smartlead', {
+            const response = await apiFetch('/api/push-to-smartlead', {
                 method: 'POST',
                 headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify({
@@ -79,7 +80,7 @@ export default function SmartleadPanel({ uploadedFile, sequencesCount, onPushCom
 
     const handleDownloadCSV = async () => {
         try {
-            const response = await fetch(`/api/download-sequences?file_id=${uploadedFile.fileId}`);
+            const response = await apiFetch(`/api/download-sequences?file_id=${uploadedFile.fileId}`);
             if (response.ok) {
                 const blob = await response.blob();
                 const url = URL.createObjectURL(blob);

frontend/src/components/upload/UploadStep.jsx

@@ -1,6 +1,7 @@
 import React, { useState, useRef } from 'react';
 import { Upload, FileSpreadsheet, CheckCircle2, X, Users } from 'lucide-react';
 import { Button } from "@/components/ui/button";
+import { apiFetch } from '@/lib/api';
 import { motion, AnimatePresence } from 'framer-motion';
 
 export default function UploadStep({ onFileUploaded, uploadedFile, onRemoveFile }) {
@@ -38,7 +39,7 @@ export default function UploadStep({ onFileUploaded, uploadedFile, onRemoveFile
         formData.append('file', file);
 
         try {
-            const response = await fetch('/api/upload-csv', {
+            const response = await apiFetch('/api/upload-csv', {
                 method: 'POST',
                 body: formData,
             });

frontend/src/components/workspace/DealLinkSearch.jsx

@@ -3,6 +3,7 @@ import { Loader2, Search, UserPlus, Building2 } from 'lucide-react';
 import { Button } from '@/components/ui/button';
 import { Input } from '@/components/ui/input';
 import { cn } from '@/lib/utils';
+import { apiFetch } from '@/lib/api';
 
 /** Search CRM contacts and link one to the deal (`PATCH contact_id`). */
 export function DealContactSearch({ linkedContactId, onPatchDeal, className }) {
@@ -19,7 +20,7 @@ export function DealContactSearch({ linkedContactId, onPatchDeal, className }) {
         const t = setTimeout(async () => {
             setLoading(true);
             try {
-                const res = await fetch(
+                const res = await apiFetch(
                     `/api/contacts?search=${encodeURIComponent(q.trim())}&limit=12&sort_by=created_at&sort_dir=desc`
                 );
                 const data = await res.json().catch(() => ({}));
@@ -118,7 +119,7 @@ export function DealCompanySearch({ onPatchDeal, className }) {
         const t = setTimeout(async () => {
             setLoading(true);
             try {
-                const res = await fetch(`/api/company-names?q=${encodeURIComponent(q.trim())}&limit=20`);
+                const res = await apiFetch(`/api/company-names?q=${encodeURIComponent(q.trim())}&limit=20`);
                 const data = await res.json().catch(() => ({}));
                 setResults(res.ok ? data.names || [] : []);
             } catch {

frontend/src/lib/api.js

@@ -0,0 +1,4 @@
+/** Browser cookie session + tenant APIs require credentials on same-origin / proxied /api calls. */
+export function apiFetch(input, init = {}) {
+    return fetch(input, { credentials: 'include', ...init });
+}

frontend/src/pages/Contacts.jsx

@@ -20,6 +20,7 @@ import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '@
 import { Button } from '@/components/ui/button';
 import AppShell from '@/components/layout/AppShell';
 import MainTableWorkspace from '@/components/workspace/MainTableWorkspace';
+import { apiFetch } from '@/lib/api';
 import SlideOverPanel from '@/components/workspace/SlideOverPanel';
 import CompanyDetailsEditor from '@/components/workspace/CompanyDetailsEditor';
 import ContactIdentityEditor from '@/components/workspace/ContactIdentityEditor';
@@ -153,7 +154,7 @@ export default function Contacts() {
 
     const fetchFields = async () => {
         try {
-            const res = await fetch('/api/contact-fields');
+            const res = await apiFetch('/api/contact-fields');
             if (res.ok) {
                 const data = await res.json();
                 setFields(data.fields || []);
@@ -165,7 +166,7 @@ export default function Contacts() {
 
     const patchContact = async (contactId, patch) => {
         try {
-            const res = await fetch(`/api/contacts/${contactId}`, {
+            const res = await apiFetch(`/api/contacts/${contactId}`, {
                 method: 'PATCH',
                 headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify(patch),
@@ -207,7 +208,7 @@ export default function Contacts() {
             if (activeFilters.length > 0) {
                 params.set('filters', JSON.stringify(activeFilters));
             }
-            const res = await fetch(`/api/contacts?${params.toString()}`);
+            const res = await apiFetch(`/api/contacts?${params.toString()}`);
             if (res.ok) {
                 const data = await res.json();
                 setContacts(data.contacts || []);
@@ -223,7 +224,7 @@ export default function Contacts() {
     const seedDemoContacts = async () => {
         setSeedBusy(true);
         try {
-            const res = await fetch('/api/contacts/seed-demo', { method: 'POST' });
+            const res = await apiFetch('/api/contacts/seed-demo', { method: 'POST' });
             const data = await res.json().catch(() => ({}));
             if (!res.ok) {
                 throw new Error(typeof data.detail === 'string' ? data.detail : 'Could not load demo data');
@@ -246,8 +247,8 @@ export default function Contacts() {
         setSeqLoading(true);
         try {
             const [detailRes, seqRes] = await Promise.all([
-                fetch(`/api/contacts/${contact.id}`),
-                fetch(`/api/contacts/${contact.id}/sequences`),
+                apiFetch(`/api/contacts/${contact.id}`),
+                apiFetch(`/api/contacts/${contact.id}/sequences`),
             ]);
             if (detailRes.ok) {
                 const detailData = await detailRes.json();
@@ -310,7 +311,7 @@ export default function Contacts() {
                 ) {
                     return;
                 }
-                const res = await fetch('/api/contacts/bulk-delete', {
+                const res = await apiFetch('/api/contacts/bulk-delete', {
                     method: 'POST',
                     headers: { 'Content-Type': 'application/json' },
                     body: JSON.stringify({ contact_ids: selectedIds }),
@@ -322,7 +323,7 @@ export default function Contacts() {
                     );
                 }
             } else if (action === 'leads') {
-                const res = await fetch('/api/contacts/bulk-convert-to-leads', {
+                const res = await apiFetch('/api/contacts/bulk-convert-to-leads', {
                     method: 'POST',
                     headers: { 'Content-Type': 'application/json' },
                     body: JSON.stringify({ contact_ids: selectedIds }),
@@ -411,7 +412,7 @@ export default function Contacts() {
         setEnrichLoading(true);
         setEnrichError('');
         try {
-            const res = await fetch(`/api/contacts/${selectedContact.id}/enrich`, {
+            const res = await apiFetch(`/api/contacts/${selectedContact.id}/enrich`, {
                 method: 'POST',
             });
             const data = await res.json().catch(() => ({}));
@@ -475,7 +476,7 @@ export default function Contacts() {
         setInlineSaving(true);
         setInlineError('');
         try {
-            const res = await fetch('/api/contacts', {
+            const res = await apiFetch('/api/contacts', {
                 method: 'POST',
                 headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify({

frontend/src/pages/Deals.jsx

@@ -5,6 +5,7 @@ import { Button } from '@/components/ui/button';
 import { Input } from '@/components/ui/input';
 import { Select, SelectTrigger, SelectContent, SelectItem } from '@/components/ui/select';
 import AppShell from '@/components/layout/AppShell';
+import { apiFetch } from '@/lib/api';
 import MainTableWorkspace from '@/components/workspace/MainTableWorkspace';
 import SlideOverPanel from '@/components/workspace/SlideOverPanel';
 import CompanyDetailsEditor from '@/components/workspace/CompanyDetailsEditor';
@@ -611,7 +612,7 @@ export default function Deals() {
             params.set('sort_by', 'created_at');
             params.set('sort_dir', 'desc');
             if (search.trim()) params.set('search', search.trim());
-            const res = await fetch(`/api/deals?${params.toString()}`);
+            const res = await apiFetch(`/api/deals?${params.toString()}`);
             if (res.ok) {
                 const data = await res.json();
                 setDeals(data.deals || []);
@@ -698,7 +699,7 @@ export default function Deals() {
     const seedDemo = async () => {
         setSeedBusy(true);
         try {
-            const res = await fetch('/api/deals/seed-demo', { method: 'POST' });
+            const res = await apiFetch('/api/deals/seed-demo', { method: 'POST' });
             if (!res.ok) throw new Error('Seed failed');
             await fetchDeals();
         } catch (e) {
@@ -714,7 +715,7 @@ export default function Deals() {
         const st = STAGES.some((s) => s.value === stage) ? stage : 'new';
         setCreateBusy(true);
         try {
-            const res = await fetch('/api/deals', {
+            const res = await apiFetch('/api/deals', {
                 method: 'POST',
                 headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify({ name: 'Untitled deal', stage: st }),
@@ -749,7 +750,7 @@ export default function Deals() {
 
     const patchDeal = async (dealId, patch) => {
         try {
-            const res = await fetch(`/api/deals/${dealId}`, {
+            const res = await apiFetch(`/api/deals/${dealId}`, {
                 method: 'PATCH',
                 headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify(patch),
@@ -769,7 +770,7 @@ export default function Deals() {
 
     const refreshDealDetail = async (dealId) => {
         try {
-            const res = await fetch(`/api/deals/${dealId}`);
+            const res = await apiFetch(`/api/deals/${dealId}`);
             if (res.ok) {
                 const d = await res.json();
                 setDealDetail(d);
@@ -781,7 +782,7 @@ export default function Deals() {
 
     const patchLinkedContact = async (contactId, patch) => {
         try {
-            const res = await fetch(`/api/contacts/${contactId}`, {
+            const res = await apiFetch(`/api/contacts/${contactId}`, {
                 method: 'PATCH',
                 headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify(patch),
@@ -802,7 +803,7 @@ export default function Deals() {
         setCompanyFetchLoading(true);
         setCompanyFetchError('');
         try {
-            const res = await fetch(`/api/contacts/${dealDetail.contact_id}/enrich`, { method: 'POST' });
+            const res = await apiFetch(`/api/contacts/${dealDetail.contact_id}/enrich`, { method: 'POST' });
             const data = await res.json().catch(() => ({}));
             if (!res.ok) {
                 setCompanyFetchError(typeof data.detail === 'string' ? data.detail : 'Could not fetch enrichment');
@@ -824,7 +825,7 @@ export default function Deals() {
         setDealDetail(deal);
         setDealPanelForm(null);
         try {
-            const res = await fetch(`/api/deals/${deal.id}`);
+            const res = await apiFetch(`/api/deals/${deal.id}`);
             if (res.ok) {
                 const d = await res.json();
                 setDealDetail(d);

frontend/src/pages/EmailSequenceGenerator.jsx

@@ -8,6 +8,7 @@ import ProductSelector from '@/components/products/ProductSelector';
 import PromptEditor from '@/components/prompts/PromptEditor';
 import SequenceViewer from '@/components/sequences/SequenceViewer';
 import AppShell from '@/components/layout/AppShell';
+import { apiFetch } from '@/lib/api';
 
 export default function EmailSequenceGenerator() {
     const [step, setStep] = useState(1);
@@ -39,7 +40,7 @@ export default function EmailSequenceGenerator() {
 
         // Save prompts to backend first, then start generation (avoids "No prompts found" race)
         try {
-            const res = await fetch('/api/save-prompts', {
+            const res = await apiFetch('/api/save-prompts', {
                 method: 'POST',
                 headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify({

frontend/src/pages/Leads.jsx

@@ -21,6 +21,7 @@ import CompanyDetailsEditor from '@/components/workspace/CompanyDetailsEditor';
 import ContactIdentityEditor from '@/components/workspace/ContactIdentityEditor';
 import { EditableCell } from '@/components/workspace/EditableCell';
 import { cn } from '@/lib/utils';
+import { apiFetch } from '@/lib/api';
 
 const CRM_STATUSES = [
     { value: 'none', label: '—', className: 'bg-slate-300 text-slate-800' },
@@ -94,7 +95,7 @@ export default function Leads() {
             params.set('sort_dir', 'desc');
             if (search.trim()) params.set('search', search.trim());
             if (statusFilter && statusFilter !== 'all') params.set('status', statusFilter);
-            const res = await fetch(`/api/leads?${params.toString()}`);
+            const res = await apiFetch(`/api/leads?${params.toString()}`);
             if (res.ok) {
                 const data = await res.json();
                 setLeads(data.leads || []);
@@ -110,7 +111,7 @@ export default function Leads() {
     const seedDemoLeads = async () => {
         setSeedBusy(true);
         try {
-            const res = await fetch('/api/leads/seed-demo', { method: 'POST' });
+            const res = await apiFetch('/api/leads/seed-demo', { method: 'POST' });
             const data = await res.json().catch(() => ({}));
             if (!res.ok) {
                 throw new Error(
@@ -133,7 +134,7 @@ export default function Leads() {
 
     const patchLead = async (leadId, patch) => {
         try {
-            const res = await fetch(`/api/leads/${leadId}`, {
+            const res = await apiFetch(`/api/leads/${leadId}`, {
                 method: 'PATCH',
                 headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify(patch),
@@ -156,13 +157,13 @@ export default function Leads() {
         setCompanyFetchLoading(true);
         setCompanyFetchError('');
         try {
-            const res = await fetch(`/api/contacts/${selected.contact_id}/enrich`, { method: 'POST' });
+            const res = await apiFetch(`/api/contacts/${selected.contact_id}/enrich`, { method: 'POST' });
             const data = await res.json().catch(() => ({}));
             if (!res.ok) {
                 setCompanyFetchError(typeof data.detail === 'string' ? data.detail : 'Could not fetch enrichment');
                 return;
             }
-            const res2 = await fetch(`/api/leads/${selected.id}`);
+            const res2 = await apiFetch(`/api/leads/${selected.id}`);
             if (res2.ok) {
                 setSelected(await res2.json());
             }
@@ -179,7 +180,7 @@ export default function Leads() {
         setThreadLoading(true);
         setThreadData(null);
         try {
-            const res = await fetch(`/api/leads/${leadId}/smartlead-thread`);
+            const res = await apiFetch(`/api/leads/${leadId}/smartlead-thread`);
             const data = await res.json();
             if (!res.ok) throw new Error(data.detail || 'Failed to load thread');
             setThreadData(data.history);
@@ -196,7 +197,7 @@ export default function Leads() {
         setSelected(lead);
         setThreadData(null);
         try {
-            const res = await fetch(`/api/leads/${lead.id}`);
+            const res = await apiFetch(`/api/leads/${lead.id}`);
             if (res.ok) {
                 const d = await res.json();
                 setSelected(d);
@@ -241,7 +242,7 @@ export default function Leads() {
         setBulkBusy(action);
         try {
             if (action === 'move') {
-                const res = await fetch('/api/leads/bulk-move-to-contacts', {
+                const res = await apiFetch('/api/leads/bulk-move-to-contacts', {
                     method: 'POST',
                     headers: { 'Content-Type': 'application/json' },
                     body: JSON.stringify({ lead_ids: selectedIds }),
@@ -258,7 +259,7 @@ export default function Leads() {
                 if (!window.confirm(`Delete ${selectedIds.length} lead(s)? This cannot be undone.`)) {
                     return;
                 }
-                const res = await fetch('/api/leads/bulk-delete', {
+                const res = await apiFetch('/api/leads/bulk-delete', {
                     method: 'POST',
                     headers: { 'Content-Type': 'application/json' },
                     body: JSON.stringify({ lead_ids: selectedIds }),
@@ -268,7 +269,7 @@ export default function Leads() {
                     throw new Error(typeof data.detail === 'string' ? data.detail : 'Delete failed');
                 }
             } else if (action === 'deals') {
-                const res = await fetch('/api/deals/from-leads', {
+                const res = await apiFetch('/api/deals/from-leads', {
                     method: 'POST',
                     headers: { 'Content-Type': 'application/json' },
                     body: JSON.stringify({ lead_ids: selectedIds }),

frontend/src/pages/RunHistory.jsx

@@ -6,6 +6,7 @@ import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "@
 import { Badge } from "@/components/ui/badge";
 import { motion } from 'framer-motion';
 import AppShell from '@/components/layout/AppShell';
+import { apiFetch } from '@/lib/api';
 
 export default function RunHistory() {
     const [runs, setRuns] = useState([]);
@@ -20,7 +21,7 @@ export default function RunHistory() {
     const fetchRuns = async () => {
         try {
             setLoading(true);
-            const response = await fetch('/api/smartlead-runs');
+            const response = await apiFetch('/api/smartlead-runs');
             if (response.ok) {
                 const data = await response.json();
                 setRuns(data);