feat: add omnichannel unified inbox for sales reps

Implements a Chatwoot-style unified inbox with real-time messaging
for sales reps to manage communications across all channels.

Features:
- Real-time messaging via Laravel Reverb WebSockets
- Sales rep filtering ("My Accounts Only") for assigned accounts
- Typing indicators showing when others are composing
- Agent status (online/away/busy) with heartbeat monitoring
- Email engagement sidebar (opens/clicks from marketing)
- Quick replies with variable substitution
- Presence awareness (who's online in team)
- Three-column layout: thread list, conversation, context sidebar

New files:
- Broadcasting events for real-time updates
- Unified inbox view with Alpine.js component
- 9 Blade partials for modular UI

Access via: Inbox → Conversations in sidebar
Route: /s/{business}/crm/inbox

.dockerignore

@@ -8,8 +8,8 @@ node_modules
 npm-debug.log
 yarn-error.log
 
-# Composer
-/vendor
+# Composer (NOT excluded - Dockerfile.fast needs pre-built vendor)
+# /vendor
 
 # Environment
 .env
@@ -58,7 +58,7 @@ docker-compose.*.yml
 # Build artifacts
 /public/hot
 /public/storage
-/public/build
+# /public/build - NOT excluded, Dockerfile.fast needs pre-built assets
 
 # Misc
 .env.backup

.env.example

@@ -24,12 +24,13 @@ LOG_STACK=single
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 
+# PostgreSQL: 10.100.6.50:5432
 DB_CONNECTION=pgsql
-DB_HOST=pgsql
+DB_HOST=10.100.6.50
 DB_PORT=5432
-DB_DATABASE=cannabrands_app
-DB_USERNAME=sail
-DB_PASSWORD=password
+DB_DATABASE=cannabrands_dev
+DB_USERNAME=cannabrands
+DB_PASSWORD=SpDyCannaBrands2024
 
 SESSION_DRIVER=redis
 SESSION_LIFETIME=120
@@ -66,9 +67,10 @@ CACHE_PREFIX=
 
 MEMCACHED_HOST=127.0.0.1
 
+# Redis: 10.100.9.50:6379
 REDIS_CLIENT=phpredis
-REDIS_HOST=redis
-REDIS_PASSWORD=null
+REDIS_HOST=10.100.9.50
+REDIS_PASSWORD=SpDyR3d1s2024!
 REDIS_PORT=6379
 
 MAIL_MAILER=smtp
@@ -88,43 +90,18 @@ MAIL_FROM_NAME="${APP_NAME}"
 # ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 
 # ┌─────────────────────────────────────────────────────────────────────┐
-# │ LOCAL DEVELOPMENT (Docker MinIO)                                    │
+# │ MinIO (S3-Compatible Storage)                                       │
 # └─────────────────────────────────────────────────────────────────────┘
-# Use local MinIO container for development (versioning enabled)
-# Access MinIO Console: http://localhost:9001 (minioadmin/minioadmin)
+# Server: 10.100.9.80:9000 | Console: 10.100.9.80:9001
 FILESYSTEM_DISK=minio
-AWS_ACCESS_KEY_ID=minioadmin
-AWS_SECRET_ACCESS_KEY=minioadmin
+AWS_ACCESS_KEY_ID=cannabrands-app
+AWS_SECRET_ACCESS_KEY=cdbdcd0c7b6f3994d4ab09f68eaff98665df234f
 AWS_DEFAULT_REGION=us-east-1
-AWS_BUCKET=media
-AWS_ENDPOINT=http://minio:9000
-AWS_URL=http://localhost:9000/media
+AWS_BUCKET=cannabrands
+AWS_ENDPOINT=http://10.100.9.80:9000
+AWS_URL=http://10.100.9.80:9000/cannabrands
 AWS_USE_PATH_STYLE_ENDPOINT=true
 
-# ┌─────────────────────────────────────────────────────────────────────┐
-# │ STAGING/DEVELOP (media-dev bucket)                                  │
-# └─────────────────────────────────────────────────────────────────────┘
-# FILESYSTEM_DISK=minio
-# AWS_ACCESS_KEY_ID=<staging-access-key>
-# AWS_SECRET_ACCESS_KEY=<staging-secret-key>
-# AWS_DEFAULT_REGION=us-east-1
-# AWS_BUCKET=media-dev
-# AWS_ENDPOINT=https://cdn.cannabrands.app
-# AWS_URL=https://cdn.cannabrands.app/media-dev
-# AWS_USE_PATH_STYLE_ENDPOINT=true
-
-# ┌─────────────────────────────────────────────────────────────────────┐
-# │ PRODUCTION (media bucket)                                           │
-# └─────────────────────────────────────────────────────────────────────┘
-# FILESYSTEM_DISK=minio
-# AWS_ACCESS_KEY_ID=TrLoFnMOVQC2CqLm9711
-# AWS_SECRET_ACCESS_KEY=4tfik06LitWz70L4VLIA45yXla4gi3zQI2IA3oSZ
-# AWS_DEFAULT_REGION=us-east-1
-# AWS_BUCKET=media
-# AWS_ENDPOINT=https://cdn.cannabrands.app
-# AWS_URL=https://cdn.cannabrands.app/media
-# AWS_USE_PATH_STYLE_ENDPOINT=true
-
 VITE_APP_NAME="${APP_NAME}"
 
 # ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

.gitignore

@@ -37,6 +37,7 @@ yarn-error.log
 *.gz
 *.sql.gz
 *.sql
+!database/dumps/*.sql
 
 # Version files (generated at build time or locally)
 version.txt
@@ -81,3 +82,4 @@ SESSION_*
 # AI workflow personal context files
 CLAUDE.local.md
 claude.*.md
+cannabrands_dev_backup.dump

.woodpecker/.ci.yml

@@ -1,371 +1,293 @@
 # Woodpecker CI/CD Pipeline for Cannabrands Hub
-# Documentation: https://woodpecker-ci.org/docs/intro
+# Optimized for fast deploys (~8-10 min)
 #
-# 3-Environment Workflow:
-#   - develop branch → dev.cannabrands.app (unstable, daily integration)
-#   - master branch  → staging.cannabrands.app (stable, pre-production)
-#   - tags (2025.X)  → cannabrands.app (production releases)
+# Optimizations:
+#   - Parallel composer + frontend builds
+#   - Split tests (unit + feature run in parallel)
+#   - Dependency caching (npm + composer)
+#   - Single-stage Dockerfile.fast
+#   - Kaniko layer caching
+#
+# External Services:
+#   - PostgreSQL: 10.100.6.50:5432 (cannabrands_dev)
+#   - Redis: 10.100.9.50:6379
+#   - MinIO: 10.100.9.80:9000
+#   - Docker Registry: git.spdy.io (for k8s pulls)
 
 when:
   - branch: [develop, master]
     event: push
   - event: [pull_request, tag]
 
-# Install dependencies first (needed for php-lint to resolve traits/classes)
-steps:
-  # Restore Composer cache
-  restore-composer-cache:
-    image: meltwater/drone-cache:dev
+clone:
+  git:
+    image: woodpeckerci/plugin-git
     settings:
-      backend: "filesystem"
-      restore: true
-      cache_key: "composer-{{ checksum \"composer.lock\" }}"
-      archive_format: "gzip"
-      mount:
-        - "vendor"
-    volumes:
-      - /tmp/woodpecker-cache:/tmp/cache
+      depth: 50
+      lfs: false
+      partial: false
+
+steps:
+  # ============================================
+  # PARALLEL: Composer + Frontend (with caching)
+  # ============================================
 
-  # Install dependencies
   composer-install:
-    image: php:8.3-cli
+    image: 10.100.9.70:5000/kirschbaumdevelopment/laravel-test-runner:8.3
     commands:
-      - echo "Installing system dependencies..."
-      - apt-get update -qq
-      - apt-get install -y -qq git zip unzip libicu-dev libzip-dev libpng-dev libjpeg-dev libfreetype6-dev libpq-dev
-      - echo "Installing PHP extensions..."
-      - docker-php-ext-configure gd --with-freetype --with-jpeg
-      - docker-php-ext-install -j$(nproc) intl pdo pdo_pgsql zip gd pcntl
-      - echo "Installing Composer..."
-      - curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer --quiet
-      - echo "Creating minimal .env for package discovery..."
       - |
         cat > .env << 'EOF'
         APP_NAME="Cannabrands Hub"
-        APP_ENV=testing
+        APP_ENV=production
         APP_KEY=base64:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-        APP_DEBUG=true
-        CACHE_STORE=array
-        SESSION_DRIVER=array
-        QUEUE_CONNECTION=sync
-        DB_CONNECTION=pgsql
-        DB_HOST=postgres
-        DB_PORT=5432
-        DB_DATABASE=testing
-        DB_USERNAME=testing
-        DB_PASSWORD=testing
         EOF
-      - echo "Checking for cached dependencies..."
-      - |
-        if [ -d "vendor" ] && [ -f "vendor/autoload.php" ]; then
-          echo "✅ Restored vendor from cache"
-          echo "Verifying cached dependencies are up to date..."
-          composer install --no-interaction --prefer-dist --optimize-autoloader --no-progress
-        else
-          echo "📦 Installing fresh dependencies (cache miss)"
-          composer install --no-interaction --prefer-dist --optimize-autoloader --no-progress
-        fi
-      - echo "Composer dependencies ready!"
+      # Restore composer cache if available
+      - mkdir -p /root/.composer/cache
+      - if [ -d .composer-cache ]; then cp -r .composer-cache/* /root/.composer/cache/ 2>/dev/null || true; fi
+      - composer install --no-dev --no-interaction --prefer-dist --optimize-autoloader --no-progress
+      # Save cache for next build
+      - mkdir -p .composer-cache && cp -r /root/.composer/cache/* .composer-cache/ 2>/dev/null || true
+      - echo "✅ Composer done"
 
-  # Rebuild Composer cache
-  rebuild-composer-cache:
-    image: meltwater/drone-cache:dev
-    settings:
-      backend: "filesystem"
-      rebuild: true
-      cache_key: "composer-{{ checksum \"composer.lock\" }}"
-      archive_format: "gzip"
-      mount:
-        - "vendor"
-    volumes:
-      - /tmp/woodpecker-cache:/tmp/cache
+  build-frontend:
+    image: 10.100.9.70:5000/library/node:22-alpine
+    environment:
+      VITE_REVERB_APP_KEY: 6VDQTxU0fknXHCgKOI906Py03abktP8GatzNw3DvJkU=
+      VITE_REVERB_HOST: dev.cannabrands.app
+      VITE_REVERB_PORT: "443"
+      VITE_REVERB_SCHEME: https
+      npm_config_cache: .npm-cache
+    commands:
+      # Use cached node_modules if available
+      - npm ci --prefer-offline
+      - npm run build
+      - echo "✅ Frontend built"
+
+  # ============================================
+  # PR CHECKS (Parallel: lint, style, tests)
+  # ============================================
 
-  # PHP Syntax Check (runs after composer install so traits/classes are available)
   php-lint:
-    image: php:8.3-cli
+    image: 10.100.9.70:5000/kirschbaumdevelopment/laravel-test-runner:8.3
+    depends_on:
+      - composer-install
     commands:
-      - echo "Checking PHP syntax..."
-      - find app -name "*.php" -exec php -l {} \;
-      - find routes -name "*.php" -exec php -l {} \;
-      - find database -name "*.php" -exec php -l {} \;
-      - echo "PHP syntax check complete!"
+      - ./vendor/bin/parallel-lint app routes database config --colors --blame
+    when:
+      event: pull_request
 
-  # Run Laravel Pint (Code Style)
   code-style:
-    image: php:8.3-cli
+    image: 10.100.9.70:5000/kirschbaumdevelopment/laravel-test-runner:8.3
+    depends_on:
+      - composer-install
     commands:
-      - echo "Checking code style with Laravel Pint..."
       - ./vendor/bin/pint --test
-      - echo "Code style check complete!"
+    when:
+      event: pull_request
 
-  # Run PHPUnit Tests
-  # Note: Uses array cache/session for speed and isolation (Laravel convention)
-  # Redis + Reverb services used for real-time broadcasting tests
-  tests:
-    image: kirschbaumdevelopment/laravel-test-runner:8.3
+  # Split tests: Unit tests (fast, no DB)
+  tests-unit:
+    image: 10.100.9.70:5000/kirschbaumdevelopment/laravel-test-runner:8.3
+    depends_on:
+      - composer-install
+    when:
+      event: pull_request
     environment:
       APP_ENV: testing
-      BROADCAST_CONNECTION: reverb
       CACHE_STORE: array
       SESSION_DRIVER: array
       QUEUE_CONNECTION: sync
-      DB_CONNECTION: pgsql
-      DB_HOST: postgres
-      DB_PORT: 5432
-      DB_DATABASE: testing
-      DB_USERNAME: testing
-      DB_PASSWORD: testing
-      REDIS_HOST: redis
-      REVERB_APP_ID: test-app-id
-      REVERB_APP_KEY: test-key
-      REVERB_APP_SECRET: test-secret
-      REVERB_HOST: localhost
-      REVERB_PORT: 8080
-      REVERB_SCHEME: http
+      DB_CONNECTION: sqlite
+      DB_DATABASE: ":memory:"
     commands:
-      - echo "Setting up Laravel environment..."
       - cp .env.example .env
       - php artisan key:generate
-      - echo "Starting Reverb server in background..."
-      - php artisan reverb:start --host=0.0.0.0 --port=8080 > /dev/null 2>&1 &
-      - sleep 2
-      - echo "Running tests..."
-      - php artisan test --parallel
-      - echo "Tests complete!"
+      - php artisan test --testsuite=Unit --parallel
+      - echo "✅ Unit tests passed"
 
-  # Validate seeders that run in dev/staging environments
-  # This prevents deployment failures caused by seeder errors (e.g., fake() crashes)
-  # Uses APP_ENV=development to match K8s init container behavior
-  validate-seeders:
-    image: kirschbaumdevelopment/laravel-test-runner:8.3
+  # Split tests: Feature tests (with DB)
+  tests-feature:
+    image: 10.100.9.70:5000/kirschbaumdevelopment/laravel-test-runner:8.3
+    depends_on:
+      - composer-install
+    when:
+      event: pull_request
     environment:
-      APP_ENV: development
-      DB_CONNECTION: pgsql
-      DB_HOST: postgres
-      DB_PORT: 5432
-      DB_DATABASE: testing
-      DB_USERNAME: testing
-      DB_PASSWORD: testing
+      APP_ENV: testing
       CACHE_STORE: array
       SESSION_DRIVER: array
       QUEUE_CONNECTION: sync
+      DB_CONNECTION: pgsql
+      DB_HOST: 10.100.6.50
+      DB_PORT: 5432
+      DB_DATABASE: cannabrands_test
+      DB_USERNAME: cannabrands
+      DB_PASSWORD: SpDyCannaBrands2024
+      REDIS_HOST: 10.100.9.50
+      REDIS_PORT: 6379
+      REDIS_PASSWORD: SpDyR3d1s2024!
     commands:
-      - echo "Validating seeders (matches K8s init container)..."
       - cp .env.example .env
       - php artisan key:generate
-      - echo "Running migrate:fresh --seed with APP_ENV=development..."
-      - php artisan migrate:fresh --seed --force
-      - echo "✅ Seeder validation complete!"
+      - php artisan test --testsuite=Feature --parallel
+      - echo "✅ Feature tests passed"
+
+  # ============================================
+  # BUILD & DEPLOY
+  # ============================================
+
+  # Create Docker config for registry auth (runs before Kaniko)
+  setup-registry-auth:
+    image: alpine
+    depends_on:
+      - composer-install
+      - build-frontend
+    environment:
+      REGISTRY_USER:
+        from_secret: registry_user
+      REGISTRY_PASSWORD:
+        from_secret: registry_password
+    commands:
+      - mkdir -p /woodpecker/src/git.spdy.io/Cannabrands/hub/.docker
+      - |
+        cat > /woodpecker/src/git.spdy.io/Cannabrands/hub/.docker/config.json << EOF
+        {"auths":{"registry.spdy.io":{"username":"$REGISTRY_USER","password":"$REGISTRY_PASSWORD"}}}
+        EOF
+      - echo "Auth config created"
     when:
       branch: [develop, master]
       event: push
-      status: success
 
-  # Build and push Docker image for DEV environment (develop branch)
   build-image-dev:
-    image: woodpeckerci/plugin-docker-buildx
-    settings:
-      registry: code.cannabrands.app
-      repo: code.cannabrands.app/cannabrands/hub
-      username:
-        from_secret: gitea_username
-      password:
-        from_secret: gitea_token
-      tags:
-        - dev                           # Latest dev build → dev.cannabrands.app
-        - dev-${CI_COMMIT_SHA:0:7}      # Unique dev tag with SHA
-        - sha-${CI_COMMIT_SHA:0:7}      # Commit SHA (industry standard)
-        - ${CI_COMMIT_BRANCH}           # Branch name (develop)
-      build_args:
-        GIT_COMMIT_SHA: "${CI_COMMIT_SHA:0:7}"
-        APP_VERSION: "dev"
-        VITE_REVERB_APP_KEY: "6VDQTxU0fknXHCgKOI906Py03abktP8GatzNw3DvJkU="
-        VITE_REVERB_HOST: "dev.cannabrands.app"
-        VITE_REVERB_PORT: "443"
-        VITE_REVERB_SCHEME: "https"
-      cache_images:
-        - code.cannabrands.app/cannabrands/hub:buildcache-dev
-      platforms: linux/amd64
+    image: 10.100.9.70:5000/kaniko-project/executor:debug
+    depends_on:
+      - setup-registry-auth
+    commands:
+      - cp -r /woodpecker/src/git.spdy.io/Cannabrands/hub/.docker /kaniko/.docker
+      - |
+        /kaniko/executor \
+          --context=/woodpecker/src/git.spdy.io/Cannabrands/hub \
+          --dockerfile=/woodpecker/src/git.spdy.io/Cannabrands/hub/Dockerfile.fast \
+          --destination=registry.spdy.io/cannabrands/hub:dev \
+          --destination=registry.spdy.io/cannabrands/hub:dev-${CI_COMMIT_SHA:0:7} \
+          --build-arg=GIT_COMMIT_SHA=${CI_COMMIT_SHA:0:7} \
+          --build-arg=APP_VERSION=dev \
+          --registry-mirror=10.100.9.70:5000 \
+          --insecure-registry=10.100.9.70:5000 \
+          --cache=true \
+          --cache-ttl=168h \
+          --cache-repo=10.100.9.70:5000/cannabrands/hub-cache
     when:
       branch: develop
       event: push
-      status: success
 
-  # Auto-deploy to dev.cannabrands.app (develop branch only)
   deploy-dev:
-    image: bitnami/kubectl:latest
+    image: 10.100.9.70:5000/bitnami/kubectl:latest
+    depends_on:
+      - build-image-dev
     environment:
       KUBECONFIG_CONTENT:
         from_secret: kubeconfig_dev
     commands:
-      - echo "🚀 Auto-deploying to dev.cannabrands.app..."
-      - echo "Commit SHA${CI_COMMIT_SHA:0:7}"
-      - echo ""
-      # Setup kubeconfig
       - mkdir -p ~/.kube
       - echo "$KUBECONFIG_CONTENT" | tr -d '[:space:]' | base64 -d > ~/.kube/config
       - chmod 600 ~/.kube/config
-      # Update deployment to use new SHA-tagged image (both app and init containers)
       - |
         kubectl set image deployment/cannabrands-hub \
-          app=code.cannabrands.app/cannabrands/hub:dev-${CI_COMMIT_SHA:0:7} \
-          migrate=code.cannabrands.app/cannabrands/hub:dev-${CI_COMMIT_SHA:0:7} \
+          app=registry.spdy.io/cannabrands/hub:dev-${CI_COMMIT_SHA:0:7} \
+          migrate=registry.spdy.io/cannabrands/hub:dev-${CI_COMMIT_SHA:0:7} \
           -n cannabrands-dev
-      # Wait for rollout to complete (timeout 5 minutes)
       - kubectl rollout status deployment/cannabrands-hub -n cannabrands-dev --timeout=300s
-      # Verify deployment health
-      - |
-        echo ""
-        echo "✅ Deployment successful!"
-        echo "Pod status:"
-        kubectl get pods -n cannabrands-dev -l app=cannabrands-hub
-        echo ""
-        echo "Image deployed:"
-        kubectl get deployment cannabrands-hub -n cannabrands-dev -o jsonpath='{.spec.template.spec.containers[0].image}'
-        echo ""
+      - echo "✅ Deployed to dev.cannabrands.app"
     when:
       branch: develop
       event: push
-      status: success
 
-  # Build and push Docker image for STAGING environment (master branch)
-  build-image-staging:
-    image: woodpeckerci/plugin-docker-buildx
-    settings:
-      registry: code.cannabrands.app
-      repo: code.cannabrands.app/cannabrands/hub
-      username:
-        from_secret: gitea_username
-      password:
-        from_secret: gitea_token
-      tags:
-        - staging                       # Latest staging build → staging.cannabrands.app
-        - sha-${CI_COMMIT_SHA:0:7}      # Commit SHA (industry standard)
-        - ${CI_COMMIT_BRANCH}           # Branch name (master)
-      build_args:
-        GIT_COMMIT_SHA: "${CI_COMMIT_SHA:0:7}"
-        APP_VERSION: "staging"
-      cache_images:
-        - code.cannabrands.app/cannabrands/hub:buildcache-staging
-      platforms: linux/amd64
+  build-image-production:
+    image: 10.100.9.70:5000/kaniko-project/executor:debug
+    depends_on:
+      - setup-registry-auth
+    commands:
+      - cp -r /woodpecker/src/git.spdy.io/Cannabrands/hub/.docker /kaniko/.docker
+      - |
+        /kaniko/executor \
+          --context=/woodpecker/src/git.spdy.io/Cannabrands/hub \
+          --dockerfile=/woodpecker/src/git.spdy.io/Cannabrands/hub/Dockerfile.fast \
+          --destination=git.spdy.io/cannabrands/hub:latest \
+          --destination=git.spdy.io/cannabrands/hub:prod-${CI_COMMIT_SHA:0:7} \
+          --build-arg=GIT_COMMIT_SHA=${CI_COMMIT_SHA:0:7} \
+          --build-arg=APP_VERSION=production \
+          --cache=true \
+          --cache-ttl=168h \
+          --cache-repo=10.100.9.70:5000/cannabrands/hub-cache \
+          --insecure \
+          --insecure-pull \
+          --skip-tls-verify
     when:
       branch: master
       event: push
-      status: success
 
-  # Build and push Docker image for PRODUCTION (tagged releases)
-  build-image-release:
-    image: woodpeckerci/plugin-docker-buildx
-    settings:
-      registry: code.cannabrands.app
-      repo: code.cannabrands.app/cannabrands/hub
-      username:
-        from_secret: gitea_username
-      password:
-        from_secret: gitea_token
-      tags:
-        - ${CI_COMMIT_TAG}              # CalVer tag (e.g., 2025.10.1)
-        - latest                         # Latest stable release
-      build_args:
-        GIT_COMMIT_SHA: "${CI_COMMIT_SHA:0:7}"
-        APP_VERSION: "${CI_COMMIT_TAG}"
-      cache_images:
-        - code.cannabrands.app/cannabrands/hub:buildcache-prod
-      platforms: linux/amd64
+  deploy-production:
+    image: 10.100.9.70:5000/bitnami/kubectl:latest
+    depends_on:
+      - build-image-production
+    environment:
+      KUBECONFIG_CONTENT:
+        from_secret: kubeconfig_prod
+    commands:
+      - mkdir -p ~/.kube
+      - echo "$KUBECONFIG_CONTENT" | tr -d '[:space:]' | base64 -d > ~/.kube/config
+      - chmod 600 ~/.kube/config
+      - |
+        kubectl set image deployment/cannabrands-hub \
+          app=git.spdy.io/cannabrands/hub:prod-${CI_COMMIT_SHA:0:7} \
+          migrate=git.spdy.io/cannabrands/hub:prod-${CI_COMMIT_SHA:0:7} \
+          -n cannabrands-prod
+      - kubectl rollout status deployment/cannabrands-hub -n cannabrands-prod --timeout=300s
+      - echo "✅ Deployed to cannabrands.app"
+    when:
+      branch: master
+      event: push
+
+  # For tags, setup auth first
+  setup-registry-auth-release:
+    image: alpine
+    depends_on:
+      - composer-install
+      - build-frontend
+    environment:
+      REGISTRY_USER:
+        from_secret: registry_user
+      REGISTRY_PASSWORD:
+        from_secret: registry_password
+    commands:
+      - mkdir -p /woodpecker/src/git.spdy.io/Cannabrands/hub/.docker
+      - |
+        cat > /woodpecker/src/git.spdy.io/Cannabrands/hub/.docker/config.json << EOF
+        {"auths":{"git.spdy.io":{"username":"$REGISTRY_USER","password":"$REGISTRY_PASSWORD"}}}
+        EOF
     when:
       event: tag
-      status: success
 
-  # Success notification
-  success:
-    image: alpine:latest
-    when:
-      - evaluate: 'CI_PIPELINE_STATUS == "success"'
+  build-image-release:
+    image: 10.100.9.70:5000/kaniko-project/executor:debug
+    depends_on:
+      - setup-registry-auth-release
     commands:
-      - echo "✅ Pipeline completed successfully!"
-      - echo "All checks passed for commit ${CI_COMMIT_SHA:0:7}"
+      - cp -r /woodpecker/src/git.spdy.io/Cannabrands/hub/.docker /kaniko/.docker
       - |
-        if [ "${CI_PIPELINE_EVENT}" = "tag" ]; then
-          echo ""
-          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-          echo "🎉 PRODUCTION RELEASE BUILD COMPLETE"
-          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-          echo "Version: ${CI_COMMIT_TAG}"
-          echo "Registry: code.cannabrands.app/cannabrands/hub"
-          echo ""
-          echo "Available as:"
-          echo "  - code.cannabrands.app/cannabrands/hub:${CI_COMMIT_TAG}"
-          echo "  - code.cannabrands.app/cannabrands/hub:latest"
-          echo ""
-          echo "🚀 Deploy to PRODUCTION (cannabrands.app):"
-          echo "  docker pull code.cannabrands.app/cannabrands/hub:${CI_COMMIT_TAG}"
-          echo "  docker-compose -f docker-compose.production.yml up -d"
-          echo ""
-          echo "⚠️  This is a CUSTOMER-FACING release!"
-          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-        elif [ "${CI_PIPELINE_EVENT}" = "push" ] && [ "${CI_COMMIT_BRANCH}" = "master" ]; then
-          echo ""
-          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-          echo "🧪 STAGING BUILD COMPLETE"
-          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-          echo "Branch: master"
-          echo "Registry: code.cannabrands.app/cannabrands/hub"
-          echo "Tags:"
-          echo "  - staging"
-          echo "  - sha-${CI_COMMIT_SHA:0:7}"
-          echo "  - ${CI_COMMIT_BRANCH}"
-          echo ""
-          echo "📦 Deploy to STAGING (staging.cannabrands.app):"
-          echo "  docker pull code.cannabrands.app/cannabrands/hub:staging"
-          echo "  docker-compose -f docker-compose.staging.yml up -d"
-          echo ""
-          echo "👥 Next steps:"
-          echo "  1. Super-admin tests on staging.cannabrands.app"
-          echo "  2. Validate all features work"
-          echo "  3. When ready, create production tag:"
-          echo "     git tag -a 2025.10.1 -m 'Release 2025.10.1'"
-          echo "     git push origin 2025.10.1"
-          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-        elif [ "${CI_PIPELINE_EVENT}" = "push" ] && [ "${CI_COMMIT_BRANCH}" = "develop" ]; then
-          echo ""
-          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-          echo "🚀 DEV BUILD + AUTO-DEPLOY COMPLETE"
-          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-          echo "Branch: develop"
-          echo "Commit: ${CI_COMMIT_SHA:0:7}"
-          echo ""
-          echo "✅ Built & Tagged:"
-          echo "  - code.cannabrands.app/cannabrands/hub:dev"
-          echo "  - code.cannabrands.app/cannabrands/hub:dev-${CI_COMMIT_SHA:0:7}"
-          echo "  - code.cannabrands.app/cannabrands/hub:sha-${CI_COMMIT_SHA:0:7}"
-          echo ""
-          echo "✅ Auto-Deployed to Kubernetes:"
-          echo "  - Environment: dev.cannabrands.app"
-          echo "  - Namespace: cannabrands-dev"
-          echo "  - Image: dev-${CI_COMMIT_SHA:0:7}"
-          echo ""
-          echo "🧪 Test your changes:"
-          echo "  - Visit: https://dev.cannabrands.app"
-          echo "  - Login: admin@example.com / password"
-          echo "  - Check: https://dev.cannabrands.app/telescope"
-          echo ""
-          echo "👥 Next steps:"
-          echo "  1. Verify feature works on dev.cannabrands.app"
-          echo "  2. When stable, merge to master for staging:"
-          echo "     git checkout master && git merge develop && git push"
-          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-        fi
-
-# Services for tests
-services:
-  postgres:
-    image: postgres:15
-    environment:
-      POSTGRES_USER: testing
-      POSTGRES_PASSWORD: testing
-      POSTGRES_DB: testing
-
-  redis:
-    image: redis:7-alpine
-    commands:
-      - redis-server --bind 0.0.0.0
+        /kaniko/executor \
+          --context=/woodpecker/src/git.spdy.io/Cannabrands/hub \
+          --dockerfile=/woodpecker/src/git.spdy.io/Cannabrands/hub/Dockerfile.fast \
+          --destination=git.spdy.io/cannabrands/hub:${CI_COMMIT_TAG} \
+          --destination=git.spdy.io/cannabrands/hub:latest \
+          --build-arg=GIT_COMMIT_SHA=${CI_COMMIT_SHA:0:7} \
+          --build-arg=APP_VERSION=${CI_COMMIT_TAG} \
+          --cache=true \
+          --cache-ttl=168h \
+          --cache-repo=10.100.9.70:5000/cannabrands/hub-cache \
+          --insecure \
+          --insecure-pull \
+          --skip-tls-verify
+    when:
+      event: tag

CLAUDE.md

@@ -54,7 +54,93 @@ ALL routes need auth + user type middleware except public pages
 ❌ No IF/ELSE logic in migrations (not supported)
 ✅ Use Laravel Schema builder or conditional PHP code
 
-### 7. Styling - DaisyUI/Tailwind Only
+### 7. Git Workflow - ALWAYS Use PRs
+❌ **NEVER** push directly to `develop` or `master`
+❌ **NEVER** bypass pull requests
+❌ **NEVER** use GitHub CLI (`gh`) - we use Gitea
+✅ **ALWAYS** create a feature branch and PR for review
+✅ **ALWAYS** use Gitea API for PR creation (see below)
+**Why:** PRs are required for code review, CI checks, and audit trail
+
+**Creating PRs via Gitea API:**
+```bash
+# Requires GITEA_TOKEN environment variable
+curl -X POST "https://git.spdy.io/api/v1/repos/Cannabrands/hub/pulls" \
+  -H "Authorization: token $GITEA_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"title": "PR title", "body": "Description", "head": "feature-branch", "base": "develop"}'
+```
+
+**Infrastructure Services:**
+
+| Service | Host | Notes |
+|---------|------|-------|
+| **Gitea** | `https://git.spdy.io` | Git repository |
+| **Woodpecker CI** | `https://ci.spdy.io` | CI/CD pipelines |
+| **Docker Registry** | `10.100.9.70:5000` | Local registry (insecure) |
+
+**PostgreSQL (Dev)**
+```
+Host:     10.100.6.50
+Port:     5432
+Database: cannabrands_dev
+Username: cannabrands
+Password: SpDyCannaBrands2024
+URL:      postgresql://cannabrands:SpDyCannaBrands2024@10.100.6.50:5432/cannabrands_dev
+```
+
+**PostgreSQL (CI)** - Ephemeral container for isolated tests
+```
+Host:     postgres (service name)
+Port:     5432
+Database: testing
+Username: testing
+Password: testing
+```
+
+**Redis**
+```
+Host:     10.100.9.50
+Port:     6379
+Password: SpDyR3d1s2024!
+URL:      redis://:SpDyR3d1s2024!@10.100.9.50:6379
+```
+
+**MinIO (S3-Compatible Storage)**
+```
+Endpoint:   10.100.9.80:9000
+Console:    10.100.9.80:9001
+Region:     us-east-1
+Path Style: true
+Bucket:     cannabrands
+Access Key: cannabrands-app
+Secret Key: cdbdcd0c7b6f3994d4ab09f68eaff98665df234f
+```
+
+**Gitea Container Registry** (for CI image pushes)
+```
+Registry:   git.spdy.io
+User:       kelly@spdy.io
+Token:      c89fa0eeb417343b171f11de6b8e4292b2f50e2b
+Scope:      write:package
+```
+Woodpecker secrets: `registry_user`, `registry_password`
+
+**CI/CD Notes:**
+- Uses **Kaniko** for Docker builds (no Docker daemon, avoids DNS issues)
+- Images pushed to `git.spdy.io/cannabrands/hub` (k8s can pull without insecure config)
+- Base images pulled from local registry `10.100.9.70:5000` (Kaniko handles insecure)
+- Deploy: `develop` → dev.cannabrands.app, `master` → cannabrands.app
+
+### 8. User-Business Relationship (Pivot Table)
+Users connect to businesses via `business_user` pivot table (many-to-many).
+❌ **Wrong:** `User::where('business_id', $id)` — users table has NO business_id column
+✅ **Right:** `User::whereHas('businesses', fn($q) => $q->where('businesses.id', $id))`
+
+**Pivot table columns:** `business_id`, `user_id`, `role`, `role_template`, `is_primary`, `permissions`
+**Why:** Allows users to belong to multiple businesses with different roles per business
+
+### 9. Styling - DaisyUI/Tailwind Only
 ❌ **NEVER use inline `style=""` attributes** in Blade templates
 ✅ **ALWAYS use DaisyUI/Tailwind utility classes**
 **Why:** Consistency, maintainability, theme switching, and better performance
@@ -67,7 +153,29 @@ ALL routes need auth + user type middleware except public pages
 
 **Exception:** Only use inline styles for truly dynamic values from database (e.g., user-uploaded brand colors)
 
-### 8. Media Storage - MinIO Architecture (CRITICAL!)
+### 10. Suites Architecture - NOT Modules (CRITICAL!)
+❌ **NEVER use** `has_crm`, `has_marketing`, or other legacy module flags
+❌ **NEVER create** routes like `seller.crm.*` (without `.business.`)
+❌ **NEVER extend** `seller.crm.layouts.crm` layout (outdated CRM module layout)
+✅ **ALWAYS use** Suites system (Sales Suite, Processing Suite, etc.)
+✅ **ALWAYS use** route pattern `seller.business.crm.*` (includes `{business}` segment)
+✅ **ALWAYS extend** `layouts.seller` for seller views
+**Why:** We migrated from individual modules to a Suites architecture. CRM features are now part of the **Sales Suite**.
+
+**See:** `docs/SUITES_AND_PRICING_MODEL.md` for full architecture
+
+**The 7 Suites:**
+1. **Sales Suite** - Products, Orders, Buyers, CRM, Marketing, Analytics, Orchestrator
+2. **Processing Suite** - Extraction, Wash Reports, Yields (internal)
+3. **Manufacturing Suite** - Work Orders, BOM, Packaging (internal)
+4. **Delivery Suite** - Pick/Pack, Drivers, Manifests (internal)
+5. **Management Suite** - Finance, AP/AR, Budgets (Canopy only)
+6. **Brand Manager Suite** - Read-only brand portal (external partners)
+7. **Dispensary Suite** - Buyer marketplace (dispensaries)
+
+**Legacy module flags still exist** in database but are deprecated. Suite permissions control access now.
+
+### 11. Media Storage - MinIO Architecture (CRITICAL!)
 ❌ **NEVER use** `Storage::disk('public')` for brand/product media
 ✅ **ALWAYS use** `Storage` (respects .env FILESYSTEM_DISK=minio)
 **Why:** All media lives on MinIO (S3-compatible storage), not local disk. Using wrong disk breaks production images.
@@ -140,6 +248,101 @@ if ($product->image_path) {
 
 **This has caused multiple production outages - review docs before ANY storage changes!**
 
+### 12. Dashboard & Metrics Performance (CRITICAL!)
+
+**Production outages have occurred from violating these rules.**
+
+#### The Golden Rule
+**NEVER compute aggregations in HTTP controllers. Dashboard data comes from Redis, period.**
+
+#### What Goes Where
+
+| Location | Allowed | Not Allowed |
+|----------|---------|-------------|
+| Controller | `Redis::get()`, simple lookups by ID | `->sum()`, `->count()`, `->avg()`, loops with queries |
+| Background Job | All aggregations, joins, complex queries | N/A |
+
+#### ❌ BANNED Patterns in Controllers:
+
+```php
+// BANNED: Aggregation in controller
+$revenue = Order::sum('total');
+
+// BANNED: N+1 in loop
+$items->map(fn($i) => Order::where('product_id', $i->id)->sum('qty'));
+
+// BANNED: Query per day/iteration
+for ($i = 0; $i < 30; $i++) {
+    $data[] = Order::whereDate('created_at', $date)->sum('total');
+}
+
+// BANNED: Selecting columns that don't exist
+->select('id', 'stage_1_metadata')  // Column doesn't exist!
+```
+
+#### ✅ REQUIRED Pattern:
+
+```php
+// Controller: Just read Redis
+public function analytics(Business $business)
+{
+    $data = Redis::get("dashboard:{$business->id}:analytics");
+
+    if (!$data) {
+        CalculateDashboardMetrics::dispatch($business->id);
+        return view('dashboard.analytics', ['data' => $this->emptyState()]);
+    }
+
+    return view('dashboard.analytics', ['data' => json_decode($data, true)]);
+}
+
+// Background Job: Do all the heavy lifting
+public function handle()
+{
+    // Batch query - ONE query for all products
+    $salesByProduct = OrderItem::whereIn('product_id', $productIds)
+        ->groupBy('product_id')
+        ->selectRaw('product_id, SUM(quantity) as total')
+        ->pluck('total', 'product_id');
+
+    Redis::setex("dashboard:{$businessId}:analytics", 900, json_encode($data));
+}
+```
+
+#### Before Merging Dashboard PRs:
+
+1. Search for `->sum(`, `->count(`, `->avg(` in the controller
+2. Search for `->map(function` with queries inside
+3. If found → Move to background job
+4. Query count must be < 20 for any dashboard page
+
+#### The Architecture
+
+```
+BACKGROUND (every 10 min)              HTTP REQUEST
+========================              =============
+
+┌─────────────────────┐              ┌─────────────────────┐
+│ CalculateMetricsJob │              │ DashboardController │
+│                     │              │                     │
+│ - Heavy queries     │              │ - Redis::get() only │
+│ - Joins             │──► Redis ──►│ - No aggregations   │
+│ - Aggregations      │              │ - No loops+queries  │
+│ - Loops are OK here │              │                     │
+└─────────────────────┘              └─────────────────────┘
+     Takes 5-30 sec                      Takes 10ms
+     Runs in background                  User waits for this
+```
+
+#### Prevention Checklist for Future Dashboard Work
+
+- [ ] All `->sum()`, `->count()`, `->avg()` are in background jobs, not controllers
+- [ ] No `->map(function` with queries inside in controllers
+- [ ] Redis keys exist after job runs (`redis-cli KEYS "dashboard:*"`)
+- [ ] Job completes without errors (check `storage/logs/worker.log`)
+- [ ] Controller only does `Redis::get()` for metrics
+- [ ] Column names in `->select()` match actual database schema
+
 ---
 
 ## Tech Stack by Area
@@ -256,6 +459,48 @@ Product::where('is_active', true)->get(); // No business_id filter!
 
 ---
 
+## Performance Requirements
+
+**Database Queries:**
+- NEVER write N+1 queries - always use eager loading (`with()`) for relationships
+- NEVER run queries inside loops - batch them before the loop
+- Avoid multiple queries when one JOIN or subquery works
+- Dashboard/index pages should use MAX 5-10 queries total, not 50+
+- Use `DB::enableQueryLog()` mentally - if a page would log 20+ queries, refactor
+- Cache expensive aggregations (Redis, 5-min TTL) instead of recalculating every request
+- Test with `DB::listen()` or Laravel Debugbar before committing controller code
+
+**Before submitting controller code, verify:**
+1. No queries inside foreach/map loops
+2. All relationships eager loaded
+3. Aggregations done in SQL, not PHP collections
+4. Would this cause a 503 under load? If unsure, simplify.
+
+**Examples:**
+```php
+// ❌ N+1 query - DON'T DO THIS
+$orders = Order::all();
+foreach ($orders as $order) {
+    echo $order->customer->name; // Query per iteration!
+}
+
+// ✅ Eager loaded - DO THIS
+$orders = Order::with('customer')->get();
+
+// ❌ Query in loop - DON'T DO THIS
+foreach ($products as $product) {
+    $stock = Inventory::where('product_id', $product->id)->sum('quantity');
+}
+
+// ✅ Batch query - DO THIS
+$stocks = Inventory::whereIn('product_id', $products->pluck('id'))
+    ->groupBy('product_id')
+    ->selectRaw('product_id, SUM(quantity) as total')
+    ->pluck('total', 'product_id');
+```
+
+---
+
 ## What You Often Forget
 
 ✅ Scope by business_id BEFORE finding by ID
@@ -264,3 +509,5 @@ Product::where('is_active', true)->get(); // No business_id filter!
 ✅ DaisyUI for buyer/seller, Filament only for admin
 ✅ NO inline styles - use Tailwind/DaisyUI classes only
 ✅ Run tests before committing
+✅ Eager load relationships to prevent N+1 queries
+✅ No queries inside loops - batch before the loop

Dockerfile

@@ -3,7 +3,7 @@
 # ============================================
 
 # ==================== Stage 1: Node Builder ====================
-FROM node:22-alpine AS node-builder
+FROM 10.100.9.70:5000/library/node:22-alpine AS node-builder
 
 WORKDIR /app
 
@@ -35,10 +35,10 @@ RUN npm run build
 
 # ==================== Stage 2: Composer Builder ====================
 # Pin to PHP 8.4 - composer:2 uses latest PHP which may not be supported by dependencies yet
-FROM php:8.4-cli-alpine AS composer-builder
+FROM 10.100.9.70:5000/library/php:8.4-cli-alpine AS composer-builder
 
 # Install Composer
-COPY --from=composer:2.8 /usr/bin/composer /usr/bin/composer
+COPY --from=10.100.9.70:5000/library/composer:2.8 /usr/bin/composer /usr/bin/composer
 
 WORKDIR /app
 
@@ -60,7 +60,7 @@ RUN composer install \
     --optimize-autoloader
 
 # ==================== Stage 3: Production Runtime ====================
-FROM php:8.3-fpm-alpine
+FROM 10.100.9.70:5000/library/php:8.3-fpm-alpine
 
 LABEL maintainer="CannaBrands Team"
 

Dockerfile.fast

@@ -0,0 +1,93 @@
+# ============================================
+# Fast Production Dockerfile
+# Single-stage build using CI pre-built assets
+# Saves time by skipping multi-stage node/composer builders
+# ============================================
+#
+# This Dockerfile expects:
+#   - vendor/ already populated (from CI composer-install step)
+#   - public/build/ already populated (from CI build-frontend step)
+#
+# Build time: ~5-7 min (vs 15-20 min with multi-stage Dockerfile)
+# ============================================
+
+FROM 10.100.9.70:5000/library/php:8.3-fpm-alpine
+
+LABEL maintainer="CannaBrands Team"
+
+# Install system dependencies
+RUN apk add --no-cache \
+    nginx \
+    supervisor \
+    postgresql-dev \
+    libpng-dev \
+    libjpeg-turbo-dev \
+    freetype-dev \
+    libzip-dev \
+    icu-dev \
+    icu-data-full \
+    zip \
+    unzip \
+    git \
+    curl \
+    bash
+
+# Install build dependencies for PHP extensions
+RUN apk add --no-cache --virtual .build-deps \
+    autoconf \
+    g++ \
+    make
+
+# Install PHP extensions
+RUN docker-php-ext-configure gd --with-freetype --with-jpeg \
+    && docker-php-ext-install -j$(nproc) \
+        pdo_pgsql \
+        pgsql \
+        gd \
+        zip \
+        intl \
+        pcntl \
+        bcmath \
+        opcache
+
+# Install Redis extension
+RUN pecl install redis \
+    && docker-php-ext-enable redis \
+    && apk del .build-deps
+
+WORKDIR /var/www/html
+
+ARG GIT_COMMIT_SHA=unknown
+ARG APP_VERSION=dev
+
+# Copy application code
+COPY --chown=www-data:www-data . .
+
+# Copy pre-built frontend assets (built in CI step)
+# These are already in public/build from the build-frontend step
+
+# Copy pre-installed vendor (from CI composer-install step)
+# Already included in COPY . .
+
+# Create version metadata file
+RUN echo "VERSION=${APP_VERSION}" > /var/www/html/version.env && \
+    echo "COMMIT=${GIT_COMMIT_SHA}" >> /var/www/html/version.env && \
+    chown www-data:www-data /var/www/html/version.env
+
+# Copy production configurations
+COPY docker/production/nginx/default.conf /etc/nginx/http.d/default.conf
+COPY docker/production/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
+COPY docker/production/php/php.ini /usr/local/etc/php/conf.d/99-custom.ini
+
+# Remove default PHP-FPM pool config and use our custom one
+RUN rm -f /usr/local/etc/php-fpm.d/www.conf /usr/local/etc/php-fpm.d/www.conf.default
+COPY docker/production/php/php-fpm.conf /usr/local/etc/php-fpm.d/www.conf
+
+# Create supervisor log directory and fix permissions
+RUN mkdir -p /var/log/supervisor \
+    && chown -R www-data:www-data /var/www/html/storage /var/www/html/bootstrap/cache \
+    && chmod -R 775 /var/www/html/storage /var/www/html/bootstrap/cache
+
+EXPOSE 80
+
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]

app/Console/Commands/Ai/GenerateBriefingsCommand.php

@@ -102,7 +102,7 @@ class GenerateBriefingsCommand extends Command
         }
 
         // Get users who should receive briefings (sellers/admins)
-        $users = User::where('business_id', $businessId)
+        $users = User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $businessId))
             ->whereIn('user_type', ['seller', 'both'])
             ->where('is_active', true)
             ->get();
@@ -150,7 +150,7 @@ class GenerateBriefingsCommand extends Command
         $totalUsers = 0;
 
         foreach ($businesses as $business) {
-            $userCount = User::where('business_id', $business->id)
+            $userCount = User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))
                 ->whereIn('user_type', ['seller', 'both'])
                 ->where('is_active', true)
                 ->count();
@@ -164,7 +164,7 @@ class GenerateBriefingsCommand extends Command
         $bar->start();
 
         foreach ($businesses as $business) {
-            $users = User::where('business_id', $business->id)
+            $users = User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))
                 ->whereIn('user_type', ['seller', 'both'])
                 ->where('is_active', true)
                 ->get();

app/Console/Commands/CalculateDashboardMetricsCommand.php

@@ -0,0 +1,61 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Jobs\CalculateDashboardMetrics;
+use App\Models\Business;
+use Illuminate\Console\Command;
+
+class CalculateDashboardMetricsCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'dashboard:calculate-metrics
+                            {--business= : Specific business ID to calculate (optional)}
+                            {--sync : Run synchronously instead of queuing}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Pre-calculate dashboard metrics and store in Redis';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $businessId = $this->option('business');
+        $sync = $this->option('sync');
+
+        if ($businessId) {
+            $business = Business::find($businessId);
+            if (! $business) {
+                $this->error("Business {$businessId} not found");
+
+                return 1;
+            }
+            $this->info("Calculating metrics for business: {$business->name}");
+        } else {
+            $count = Business::where('type', 'seller')->where('status', 'approved')->count();
+            $this->info("Calculating metrics for {$count} businesses");
+        }
+
+        $job = new CalculateDashboardMetrics($businessId ? (int) $businessId : null);
+
+        if ($sync) {
+            $this->info('Running synchronously...');
+            $job->handle();
+            $this->info('Done!');
+        } else {
+            CalculateDashboardMetrics::dispatch($businessId ? (int) $businessId : null);
+            $this->info('Job dispatched to queue');
+        }
+
+        return 0;
+    }
+}

app/Console/Commands/DevSetup.php

@@ -7,7 +7,7 @@ use Illuminate\Console\Command;
 class DevSetup extends Command
 {
     protected $signature = 'dev:setup
-                            {--fresh : Drop all tables and re-run migrations}
+                            {--fresh : Drop all tables and re-run migrations (DESTRUCTIVE - requires confirmation)}
                             {--skip-seed : Skip seeding dev fixtures}';
 
     protected $description = 'Set up local development environment with migrations and dev fixtures';
@@ -25,8 +25,18 @@ class DevSetup extends Command
 
         // Run migrations
         if ($this->option('fresh')) {
-            $this->warn('Dropping all tables and re-running migrations...');
-            $this->call('migrate:fresh');
+            $this->newLine();
+            $this->error('WARNING: --fresh will DELETE ALL DATA in the database!');
+            $this->warn('This includes development data being preserved for production release.');
+            $this->newLine();
+
+            if (! $this->confirm('Are you SURE you want to drop all tables and lose all data?', false)) {
+                $this->info('Aborted. Running normal migrations instead...');
+                $this->call('migrate');
+            } else {
+                $this->warn('Dropping all tables and re-running migrations...');
+                $this->call('migrate:fresh');
+            }
         } else {
             $this->info('Running migrations...');
             $this->call('migrate');

app/Console/Commands/DispatchScheduledCampaigns.php

@@ -0,0 +1,42 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Jobs\SendMarketingCampaignJob;
+use App\Models\Marketing\MarketingCampaign;
+use Illuminate\Console\Command;
+
+/**
+ * DispatchScheduledCampaigns - Dispatch scheduled marketing campaigns.
+ *
+ * Run via scheduler: Schedule::command('marketing:dispatch-scheduled-campaigns')->everyMinute();
+ */
+class DispatchScheduledCampaigns extends Command
+{
+    protected $signature = 'marketing:dispatch-scheduled-campaigns';
+
+    protected $description = 'Dispatch scheduled marketing campaigns that are ready to send';
+
+    public function handle(): int
+    {
+        $campaigns = MarketingCampaign::readyToSend()->get();
+
+        if ($campaigns->isEmpty()) {
+            $this->info('No scheduled campaigns ready to send.');
+
+            return self::SUCCESS;
+        }
+
+        $this->info("Found {$campaigns->count()} campaign(s) ready to send.");
+
+        foreach ($campaigns as $campaign) {
+            $this->info("Dispatching campaign: {$campaign->name} (ID: {$campaign->id})");
+
+            SendMarketingCampaignJob::dispatch($campaign->id);
+        }
+
+        $this->info('Done.');
+
+        return self::SUCCESS;
+    }
+}

app/Console/Commands/ExportCannabrandsData.php

@@ -0,0 +1,176 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Process;
+
+/**
+ * Export Cannabrands data to PostgreSQL SQL dumps.
+ *
+ * This command exports current database data to SQL files in database/dumps/
+ * for later restoration without requiring a MySQL connection.
+ *
+ * Usage:
+ * - Configure your local database with the desired settings
+ * - Run: php artisan db:export-cannabrands
+ * - Commit the updated dump files (if they should be in git)
+ */
+class ExportCannabrandsData extends Command
+{
+    protected $signature = 'db:export-cannabrands
+                            {--tables= : Comma-separated list of specific tables to export}';
+
+    protected $description = 'Export Cannabrands data to PostgreSQL SQL dumps';
+
+    // Tables to export (same as restore command)
+    protected array $tables = [
+        'strains',
+        'product_categories',
+        'businesses',
+        'users',
+        'brands',
+        'locations',
+        'contacts',
+        'products',
+        'orders',
+        'order_items',
+        'invoices',
+        'business_user',
+        'brand_user',
+        'model_has_roles',
+        'ai_settings',
+        'orchestrator_sales_configs',
+        'orchestrator_marketing_configs',
+    ];
+
+    protected string $dumpsPath;
+
+    public function __construct()
+    {
+        parent::__construct();
+        $this->dumpsPath = database_path('dumps');
+    }
+
+    public function handle(): int
+    {
+        $this->info('Exporting Cannabrands data to SQL dumps...');
+
+        // Create dumps directory if it doesn't exist
+        if (! is_dir($this->dumpsPath)) {
+            mkdir($this->dumpsPath, 0755, true);
+            $this->info("Created dumps directory: {$this->dumpsPath}");
+        }
+
+        // Determine which tables to export
+        $tablesToExport = $this->tables;
+        if ($this->option('tables')) {
+            $requestedTables = array_map('trim', explode(',', $this->option('tables')));
+            $tablesToExport = array_intersect($this->tables, $requestedTables);
+
+            if (empty($tablesToExport)) {
+                $this->error('No valid tables specified. Available tables: '.implode(', ', $this->tables));
+
+                return Command::FAILURE;
+            }
+        }
+
+        // Get database connection info
+        $database = config('database.connections.pgsql.database');
+        $username = config('database.connections.pgsql.username');
+        $host = config('database.connections.pgsql.host');
+        $port = config('database.connections.pgsql.port');
+
+        $exported = 0;
+        $errors = 0;
+
+        foreach ($tablesToExport as $table) {
+            $dumpFile = "{$this->dumpsPath}/{$table}.sql";
+            $this->line("Exporting {$table}...");
+
+            // Build pg_dump command
+            // Using --column-inserts for portable SQL
+            // Using --on-conflict-do-nothing for idempotent inserts
+            $pgDumpArgs = sprintf(
+                '--data-only --column-inserts --on-conflict-do-nothing --table=%s %s',
+                escapeshellarg($table),
+                escapeshellarg($database)
+            );
+
+            // pg_dump with connection info
+            // Works both inside Sail container (pgsql hostname) and natively
+            $command = sprintf(
+                'PGPASSWORD=%s pg_dump -h %s -p %s -U %s %s',
+                escapeshellarg(config('database.connections.pgsql.password')),
+                escapeshellarg($host),
+                escapeshellarg($port),
+                escapeshellarg($username),
+                $pgDumpArgs
+            );
+
+            $result = Process::run($command);
+
+            if ($result->successful()) {
+                // Extract only INSERT statements (remove pg_dump headers and SET commands)
+                // Handle multi-line INSERTs by looking for the ending pattern
+                $output = $result->output();
+                $lines = explode("\n", $output);
+                $inserts = [];
+                $currentInsert = '';
+                $inInsert = false;
+
+                foreach ($lines as $line) {
+                    if (str_starts_with(trim($line), 'INSERT INTO')) {
+                        // Start of new INSERT
+                        $inInsert = true;
+                        $currentInsert = $line;
+
+                        // Check if this INSERT ends on same line
+                        if (str_ends_with(trim($line), 'ON CONFLICT DO NOTHING;')) {
+                            $inserts[] = $currentInsert;
+                            $currentInsert = '';
+                            $inInsert = false;
+                        }
+                    } elseif ($inInsert) {
+                        // Continuation of current INSERT (multi-line due to embedded newlines in data)
+                        // We need to escape the actual newline in the SQL string value
+                        // Since we're inside a string value, replace with \n escape sequence
+                        $currentInsert .= "\n".$line;
+
+                        // Check if this line ends the INSERT
+                        if (str_ends_with(trim($line), 'ON CONFLICT DO NOTHING;')) {
+                            $inserts[] = $currentInsert;
+                            $currentInsert = '';
+                            $inInsert = false;
+                        }
+                    }
+                }
+
+                // Don't forget the last one if it didn't end properly
+                if (! empty($currentInsert)) {
+                    $inserts[] = $currentInsert;
+                }
+
+                $cleanOutput = implode("\n", $inserts);
+                file_put_contents($dumpFile, $cleanOutput);
+
+                $this->info('  -> Exported '.count($inserts)." rows to {$table}.sql");
+                $exported++;
+            } else {
+                $this->error("Failed to export {$table}: ".$result->errorOutput());
+                $errors++;
+            }
+        }
+
+        $this->newLine();
+        $this->info("Exported {$exported} tables. Errors: {$errors}");
+
+        if ($exported > 0) {
+            $this->newLine();
+            $this->info('To restore this data on another machine:');
+            $this->line('  php artisan db:restore-cannabrands');
+        }
+
+        return $errors > 0 ? Command::FAILURE : Command::SUCCESS;
+    }
+}

app/Console/Commands/RestoreCannabrandsData.php

@@ -0,0 +1,186 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\DB;
+
+/**
+ * Restore Cannabrands data from PostgreSQL SQL dumps.
+ *
+ * This command loads data from pre-exported SQL files in database/dumps/
+ * without requiring a MySQL connection. Data was originally imported from
+ * the MySQL hub_cannabrands database.
+ *
+ * Order of restoration matters due to foreign key constraints:
+ * 1. strains (no dependencies)
+ * 2. product_categories (self-referential via parent_id)
+ * 3. businesses (no dependencies)
+ * 4. users (no dependencies)
+ * 5. brands (depends on businesses)
+ * 6. locations (depends on businesses)
+ * 7. contacts (depends on businesses, locations)
+ * 8. products (depends on brands, strains, product_categories)
+ * 9. orders (depends on businesses)
+ * 10. order_items (depends on orders, products)
+ * 11. invoices (depends on orders, businesses)
+ * 12. business_user (depends on businesses, users)
+ * 13. brand_user (depends on brands, users)
+ * 14. model_has_roles (depends on users, roles)
+ * 15. ai_settings (depends on businesses)
+ * 16. orchestrator_sales_configs (depends on businesses)
+ * 17. orchestrator_marketing_configs (depends on businesses)
+ */
+class RestoreCannabrandsData extends Command
+{
+    protected $signature = 'db:restore-cannabrands
+                            {--fresh : Truncate tables before restoring}
+                            {--tables= : Comma-separated list of specific tables to restore}';
+
+    protected $description = 'Restore Cannabrands data from PostgreSQL SQL dumps';
+
+    // Tables in dependency order
+    protected array $tables = [
+        'strains',
+        'product_categories',
+        'businesses',
+        'users',
+        'brands',
+        'locations',
+        'contacts',
+        'products',
+        'orders',
+        'order_items',
+        'invoices',
+        'business_user',
+        'brand_user',
+        'model_has_roles',
+        'ai_settings',
+        'orchestrator_sales_configs',
+        'orchestrator_marketing_configs',
+    ];
+
+    protected string $dumpsPath;
+
+    public function __construct()
+    {
+        parent::__construct();
+        $this->dumpsPath = database_path('dumps');
+    }
+
+    public function handle(): int
+    {
+        $this->info('Restoring Cannabrands data from SQL dumps...');
+
+        // Check if dumps directory exists
+        if (! is_dir($this->dumpsPath)) {
+            $this->error("Dumps directory not found: {$this->dumpsPath}");
+            $this->error('Run the MySQL import seeders first to create the dumps.');
+
+            return Command::FAILURE;
+        }
+
+        // Determine which tables to restore
+        $tablesToRestore = $this->tables;
+        if ($this->option('tables')) {
+            $requestedTables = array_map('trim', explode(',', $this->option('tables')));
+            $tablesToRestore = array_intersect($this->tables, $requestedTables);
+
+            if (empty($tablesToRestore)) {
+                $this->error('No valid tables specified. Available tables: '.implode(', ', $this->tables));
+
+                return Command::FAILURE;
+            }
+        }
+
+        // Fresh option - truncate tables in reverse order
+        if ($this->option('fresh')) {
+            $this->warn('Truncating tables before restore...');
+            DB::statement('SET session_replication_role = replica;'); // Disable FK checks
+
+            foreach (array_reverse($tablesToRestore) as $table) {
+                $this->line("Truncating {$table}...");
+                DB::table($table)->truncate();
+            }
+
+            DB::statement('SET session_replication_role = DEFAULT;'); // Re-enable FK checks
+        }
+
+        // Restore each table
+        $restored = 0;
+        $errors = 0;
+
+        foreach ($tablesToRestore as $table) {
+            $dumpFile = "{$this->dumpsPath}/{$table}.sql";
+
+            if (! file_exists($dumpFile)) {
+                $this->warn("Dump file not found for {$table}: {$dumpFile}");
+
+                continue;
+            }
+
+            $this->line("Restoring {$table}...");
+
+            try {
+                $sql = file_get_contents($dumpFile);
+
+                if (empty(trim($sql))) {
+                    $this->info('  -> 0 rows (empty file)');
+                    $restored++;
+
+                    continue;
+                }
+
+                // Disable FK checks for this session to allow loading in any order
+                DB::statement('SET session_replication_role = replica;');
+
+                // Execute all statements at once
+                DB::unprepared($sql);
+
+                // Re-enable FK checks
+                DB::statement('SET session_replication_role = DEFAULT;');
+
+                // Count rows
+                $count = DB::table($table)->count();
+                $this->info("  -> {$count} rows in {$table}");
+                $restored++;
+            } catch (\Exception $e) {
+                // Re-enable FK checks even on error
+                try {
+                    DB::statement('SET session_replication_role = DEFAULT;');
+                } catch (\Exception $ignored) {
+                }
+
+                $this->error("Failed to restore {$table}: ".$e->getMessage());
+                $errors++;
+            }
+        }
+
+        // Reset sequences to max ID + 1 for each table
+        $this->info('Resetting sequence counters...');
+        foreach ($tablesToRestore as $table) {
+            $this->resetSequence($table);
+        }
+
+        $this->newLine();
+        $this->info("Restored {$restored} tables. Errors: {$errors}");
+
+        return $errors > 0 ? Command::FAILURE : Command::SUCCESS;
+    }
+
+    /**
+     * Reset the sequence for a table to max ID + 1.
+     */
+    protected function resetSequence(string $table): void
+    {
+        try {
+            $maxId = DB::table($table)->max('id');
+            if ($maxId) {
+                $sequence = "{$table}_id_seq";
+                DB::statement("SELECT setval('{$sequence}', ?)", [$maxId]);
+            }
+        } catch (\Exception $e) {
+            // Sequence might not exist for this table
+        }
+    }
+}

app/Console/Commands/RunDueMarketingAutomations.php

@@ -0,0 +1,108 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Jobs\RunMarketingAutomationJob;
+use App\Models\Marketing\MarketingAutomation;
+use Illuminate\Console\Command;
+
+class RunDueMarketingAutomations extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'marketing:run-due-automations
+                            {--business= : Only process automations for a specific business ID}
+                            {--dry-run : Show which automations would run without executing them}
+                            {--sync : Run synchronously instead of dispatching to queue}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Check and run all due marketing automations';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $businessId = $this->option('business');
+        $dryRun = $this->option('dry-run');
+        $sync = $this->option('sync');
+
+        $this->info('Checking for due marketing automations...');
+
+        // Query active automations
+        $query = MarketingAutomation::where('is_active', true)
+            ->whereIn('trigger_type', [
+                MarketingAutomation::TRIGGER_SCHEDULED_CANNAIQ_CHECK,
+                MarketingAutomation::TRIGGER_SCHEDULED_STORE_CHECK,
+            ]);
+
+        if ($businessId) {
+            $query->where('business_id', $businessId);
+        }
+
+        $automations = $query->get();
+
+        if ($automations->isEmpty()) {
+            $this->info('No active automations found.');
+
+            return Command::SUCCESS;
+        }
+
+        $this->info("Found {$automations->count()} active automation(s).");
+
+        $dueCount = 0;
+
+        foreach ($automations as $automation) {
+            if (! $automation->isDue()) {
+                $this->line("  - <comment>{$automation->name}</comment>: Not due yet");
+
+                continue;
+            }
+
+            $dueCount++;
+
+            if ($dryRun) {
+                $this->line("  - <info>{$automation->name}</info>: Would run (dry-run mode)");
+                $this->line("    Trigger: {$automation->trigger_type_label}");
+                $this->line("    Frequency: {$automation->frequency_label}");
+                $this->line('    Last run: '.($automation->last_run_at?->diffForHumans() ?? 'Never'));
+
+                continue;
+            }
+
+            $this->line("  - <info>{$automation->name}</info>: Dispatching...");
+
+            if ($sync) {
+                // Run synchronously
+                try {
+                    $job = new RunMarketingAutomationJob($automation->id);
+                    $job->handle(app(\App\Services\Marketing\AutomationRunner::class));
+                    $this->line('    <info>Completed</info>');
+                } catch (\Exception $e) {
+                    $this->error("    Failed: {$e->getMessage()}");
+                }
+            } else {
+                // Dispatch to queue
+                RunMarketingAutomationJob::dispatch($automation->id);
+                $this->line('    <info>Dispatched to queue</info>');
+            }
+        }
+
+        if ($dryRun) {
+            $this->newLine();
+            $this->info("Dry run complete. {$dueCount} automation(s) would have been executed.");
+        } else {
+            $this->newLine();
+            $this->info("Done. {$dueCount} automation(s) ".($sync ? 'executed' : 'dispatched').'.');
+        }
+
+        return Command::SUCCESS;
+    }
+}

app/Console/Commands/RunFixedAssetDepreciation.php

@@ -0,0 +1,175 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Console\Commands;
+
+use App\Models\Business;
+use App\Services\Accounting\FixedAssetService;
+use Carbon\Carbon;
+use Illuminate\Console\Command;
+
+/**
+ * Run monthly depreciation for fixed assets.
+ *
+ * This command calculates and posts depreciation entries for all
+ * eligible fixed assets. Can be run for a specific business or all
+ * businesses with Management Suite enabled.
+ *
+ * Safe to run multiple times in the same month - assets that have
+ * already been depreciated for the period will be skipped.
+ */
+class RunFixedAssetDepreciation extends Command
+{
+    protected $signature = 'fixed-assets:run-depreciation
+                            {business_id? : Specific business ID to run for}
+                            {--period= : Period date (Y-m-d format, defaults to end of current month)}
+                            {--dry-run : Show what would be depreciated without making changes}';
+
+    protected $description = 'Run monthly depreciation for fixed assets';
+
+    public function __construct(
+        protected FixedAssetService $assetService
+    ) {
+        parent::__construct();
+    }
+
+    public function handle(): int
+    {
+        $businessId = $this->argument('business_id');
+        $periodOption = $this->option('period');
+        $dryRun = $this->option('dry-run');
+
+        // Parse period date
+        $periodDate = $periodOption
+            ? Carbon::parse($periodOption)->endOfMonth()
+            : Carbon::now()->endOfMonth();
+
+        $this->info("Running depreciation for period: {$periodDate->format('Y-m')}");
+
+        if ($dryRun) {
+            $this->warn('DRY RUN MODE - No changes will be made');
+        }
+
+        // Get businesses to process
+        $businesses = $this->getBusinesses($businessId);
+
+        if ($businesses->isEmpty()) {
+            $this->warn('No businesses found to process.');
+
+            return Command::SUCCESS;
+        }
+
+        $totalRuns = 0;
+        $totalAmount = 0;
+
+        foreach ($businesses as $business) {
+            $this->line('');
+            $this->info("Processing: {$business->name}");
+
+            if ($dryRun) {
+                $results = $this->previewDepreciation($business, $periodDate);
+            } else {
+                $results = $this->assetService->runBatchDepreciation($business, $periodDate);
+            }
+
+            $count = $results->count();
+            $amount = $results->sum('depreciation_amount');
+
+            if ($count > 0) {
+                $this->line("  - Depreciated {$count} assets");
+                $this->line("  - Total amount: \${$amount}");
+                $totalRuns += $count;
+                $totalAmount += $amount;
+            } else {
+                $this->line('  - No assets to depreciate');
+            }
+        }
+
+        $this->line('');
+        $this->info('=== Summary ===');
+        $this->info("Total assets depreciated: {$totalRuns}");
+        $this->info("Total depreciation amount: \${$totalAmount}");
+
+        if ($dryRun) {
+            $this->warn('This was a dry run. Run without --dry-run to apply changes.');
+        }
+
+        return Command::SUCCESS;
+    }
+
+    /**
+     * Get businesses to process.
+     */
+    protected function getBusinesses(?string $businessId): \Illuminate\Support\Collection
+    {
+        if ($businessId) {
+            $business = Business::find($businessId);
+
+            if (! $business) {
+                $this->error("Business with ID {$businessId} not found.");
+
+                return collect();
+            }
+
+            if (! $business->hasManagementSuite()) {
+                $this->warn("Business {$business->name} does not have Management Suite enabled.");
+            }
+
+            return collect([$business]);
+        }
+
+        // Get all businesses with Management Suite
+        return Business::whereHas('suites', function ($query) {
+            $query->where('key', 'management');
+        })->get();
+    }
+
+    /**
+     * Preview depreciation without making changes.
+     */
+    protected function previewDepreciation(Business $business, Carbon $periodDate): \Illuminate\Support\Collection
+    {
+        $period = $periodDate->format('Y-m');
+
+        $assets = \App\Models\Accounting\FixedAsset::where('business_id', $business->id)
+            ->where('status', \App\Models\Accounting\FixedAsset::STATUS_ACTIVE)
+            ->where('category', '!=', \App\Models\Accounting\FixedAsset::CATEGORY_LAND)
+            ->get();
+
+        $results = collect();
+
+        foreach ($assets as $asset) {
+            // Skip if already depreciated for this period
+            $existing = \App\Models\Accounting\FixedAssetDepreciationRun::where('fixed_asset_id', $asset->id)
+                ->where('period', $period)
+                ->where('is_reversed', false)
+                ->exists();
+
+            if ($existing) {
+                continue;
+            }
+
+            // Skip if fully depreciated
+            if ($asset->book_value <= $asset->salvage_value) {
+                continue;
+            }
+
+            $depreciationAmount = $asset->monthly_depreciation;
+            $maxDepreciation = $asset->book_value - $asset->salvage_value;
+            $depreciationAmount = min($depreciationAmount, $maxDepreciation);
+
+            if ($depreciationAmount > 0) {
+                $results->push((object) [
+                    'fixed_asset_id' => $asset->id,
+                    'asset_name' => $asset->name,
+                    'depreciation_amount' => $depreciationAmount,
+                ]);
+
+                $this->line("  - {$asset->name}: \${$depreciationAmount}");
+            }
+        }
+
+        return $results;
+    }
+}

app/Console/Commands/RunRecurringSchedules.php

@@ -0,0 +1,103 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Console\Commands;
+
+use App\Services\Accounting\RecurringSchedulerService;
+use Carbon\Carbon;
+use Illuminate\Console\Command;
+
+class RunRecurringSchedules extends Command
+{
+    protected $signature = 'recurring:run
+                            {--date= : The date to run schedules for (YYYY-MM-DD, default: today)}
+                            {--business= : Specific business ID to run schedules for}
+                            {--dry-run : Preview what would be generated without actually creating transactions}';
+
+    protected $description = 'Run due recurring schedules to generate AR invoices, AP bills, and journal entries';
+
+    public function __construct(
+        protected RecurringSchedulerService $schedulerService
+    ) {
+        parent::__construct();
+    }
+
+    public function handle(): int
+    {
+        $dateString = $this->option('date');
+        $businessId = $this->option('business') ? (int) $this->option('business') : null;
+        $dryRun = $this->option('dry-run');
+
+        $date = $dateString ? Carbon::parse($dateString) : now();
+
+        $this->info("Running recurring schedules for {$date->toDateString()}...");
+
+        if ($businessId) {
+            $this->info("Filtering to business ID: {$businessId}");
+        }
+
+        // Get due schedules
+        $dueSchedules = $this->schedulerService->getDueSchedules($date, $businessId);
+
+        if ($dueSchedules->isEmpty()) {
+            $this->info('No schedules are due for execution.');
+
+            return self::SUCCESS;
+        }
+
+        $this->info("Found {$dueSchedules->count()} schedule(s) due for execution.");
+
+        if ($dryRun) {
+            $this->warn('DRY RUN MODE - No transactions will be created.');
+            $this->table(
+                ['ID', 'Name', 'Type', 'Business', 'Next Run Date', 'Auto Post'],
+                $dueSchedules->map(fn ($s) => [
+                    $s->id,
+                    $s->name,
+                    $s->type_label,
+                    $s->business->name ?? 'N/A',
+                    $s->next_run_date->toDateString(),
+                    $s->auto_post ? 'Yes' : 'No',
+                ])
+            );
+
+            return self::SUCCESS;
+        }
+
+        // Run all due schedules
+        $results = $this->schedulerService->runAllDue($date, $businessId);
+
+        // Output results
+        $this->newLine();
+        $this->info('Execution Summary:');
+        $this->line("  Processed: {$results['processed']}");
+        $this->line("  Successful: {$results['success']}");
+        $this->line("  Failed: {$results['failed']}");
+
+        if (! empty($results['generated'])) {
+            $this->newLine();
+            $this->info('Generated Transactions:');
+            $this->table(
+                ['Schedule', 'Type', 'Result ID'],
+                collect($results['generated'])->map(fn ($g) => [
+                    $g['schedule_name'],
+                    $g['type'],
+                    $g['result_id'],
+                ])
+            );
+        }
+
+        if (! empty($results['errors'])) {
+            $this->newLine();
+            $this->error('Errors:');
+            foreach ($results['errors'] as $error) {
+                $this->line("  [{$error['schedule_id']}] {$error['schedule_name']}: {$error['error']}");
+            }
+
+            return self::FAILURE;
+        }
+
+        return self::SUCCESS;
+    }
+}

app/Console/Commands/SafeFreshCommand.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Database\Console\Migrations\FreshCommand;
+
+/**
+ * Override migrate:fresh to prevent accidental data loss.
+ *
+ * This command blocks migrate:fresh in all environments except when
+ * explicitly targeting a test database (DB_DATABASE=testing or *_test_*).
+ */
+class SafeFreshCommand extends FreshCommand
+{
+    public function handle()
+    {
+        // Check both config and direct env (env var may not be in config yet)
+        $database = env('DB_DATABASE', config('database.connections.pgsql.database'));
+
+        // Allow migrate:fresh ONLY for test databases
+        $isTestDatabase = $database === 'testing'
+            || str_contains($database, '_test_')
+            || str_contains($database, 'testing_');
+
+        if (! $isTestDatabase) {
+            $this->components->error('migrate:fresh is BLOCKED to prevent data loss!');
+            $this->components->warn("Database: {$database}");
+            $this->newLine();
+            $this->components->bulletList([
+                'This command drops ALL tables and destroys ALL data.',
+                'It is blocked in local, dev, staging, and production.',
+                'For testing: DB_DATABASE=testing ./vendor/bin/sail artisan migrate:fresh',
+                'To seed existing data: php artisan db:seed --class=ProductionSyncSeeder',
+            ]);
+
+            return 1;
+        }
+
+        $this->components->info("Running migrate:fresh on TEST database: {$database}");
+
+        return parent::handle();
+    }
+}

app/Console/Commands/SendCrmDailyDigest.php

@@ -229,13 +229,13 @@ class SendCrmDailyDigest extends Command
         if ($business->crm_notification_emails) {
             $emails = array_map('trim', explode(',', $business->crm_notification_emails));
 
-            return User::where('business_id', $business->id)
+            return User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))
                 ->whereIn('email', $emails)
                 ->get();
         }
 
         // Otherwise, send to the business owner or first admin
-        return User::where('business_id', $business->id)
+        return User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))
             ->where(function ($q) {
                 $q->where('is_business_owner', true)
                     ->orWhere('user_type', 'admin');

app/Console/Commands/SyncBrandMediaPaths.php

@@ -0,0 +1,113 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\Brand;
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Storage;
+
+class SyncBrandMediaPaths extends Command
+{
+    protected $signature = 'brands:sync-media-paths
+                            {--dry-run : Preview changes without applying}
+                            {--business= : Limit to specific business slug}';
+
+    protected $description = 'Sync brand logo_path and banner_path from MinIO storage';
+
+    public function handle(): int
+    {
+        $dryRun = $this->option('dry-run');
+        $businessFilter = $this->option('business');
+
+        if ($dryRun) {
+            $this->warn('DRY RUN - No changes will be made');
+        }
+
+        $this->info('Scanning MinIO for brand media...');
+
+        $businessDirs = Storage::directories('businesses');
+        $updated = 0;
+        $skipped = 0;
+
+        foreach ($businessDirs as $businessDir) {
+            $businessSlug = basename($businessDir);
+
+            if ($businessFilter && $businessSlug !== $businessFilter) {
+                continue;
+            }
+
+            $brandsDir = $businessDir.'/brands';
+            if (! Storage::exists($brandsDir)) {
+                continue;
+            }
+
+            $brandDirs = Storage::directories($brandsDir);
+
+            foreach ($brandDirs as $brandDir) {
+                $brandSlug = basename($brandDir);
+                $brandingDir = $brandDir.'/branding';
+
+                if (! Storage::exists($brandingDir)) {
+                    continue;
+                }
+
+                $brand = Brand::where('slug', $brandSlug)->first();
+                if (! $brand) {
+                    $this->line("  <fg=yellow>?</> {$brandSlug} - not found in database");
+                    $skipped++;
+
+                    continue;
+                }
+
+                $files = Storage::files($brandingDir);
+                $logoPath = null;
+                $bannerPath = null;
+
+                foreach ($files as $file) {
+                    $filename = strtolower(basename($file));
+                    if (str_starts_with($filename, 'logo.')) {
+                        $logoPath = $file;
+                    } elseif (str_starts_with($filename, 'banner.')) {
+                        $bannerPath = $file;
+                    }
+                }
+
+                $changes = [];
+                if ($logoPath && $brand->logo_path !== $logoPath) {
+                    $changes[] = "logo: {$logoPath}";
+                }
+                if ($bannerPath && $brand->banner_path !== $bannerPath) {
+                    $changes[] = "banner: {$bannerPath}";
+                }
+
+                if (empty($changes)) {
+                    $this->line("  <fg=green>✓</> {$brandSlug} - already synced");
+
+                    continue;
+                }
+
+                if (! $dryRun) {
+                    if ($logoPath) {
+                        $brand->logo_path = $logoPath;
+                    }
+                    if ($bannerPath) {
+                        $brand->banner_path = $bannerPath;
+                    }
+                    $brand->save();
+                }
+
+                $this->line("  <fg=blue>↻</> {$brandSlug} - ".implode(', ', $changes));
+                $updated++;
+            }
+        }
+
+        $this->newLine();
+        $this->info("Updated: {$updated} | Skipped: {$skipped}");
+
+        if ($dryRun && $updated > 0) {
+            $this->warn('Run without --dry-run to apply changes');
+        }
+
+        return Command::SUCCESS;
+    }
+}

app/Console/Kernel.php

@@ -120,6 +120,17 @@ class Kernel extends ConsoleKernel
             ->withoutOverlapping()
             ->runInBackground();
 
+        // ─────────────────────────────────────────────────────────────────────
+        // DASHBOARD METRICS PRE-CALCULATION
+        // ─────────────────────────────────────────────────────────────────────
+
+        // Pre-calculate dashboard metrics every 10 minutes
+        // Stores aggregations in Redis for instant page loads
+        $schedule->job(new \App\Jobs\CalculateDashboardMetrics)
+            ->everyTenMinutes()
+            ->withoutOverlapping()
+            ->runInBackground();
+
         // ─────────────────────────────────────────────────────────────────────
         // HOUSEKEEPING & MAINTENANCE
         // ─────────────────────────────────────────────────────────────────────

app/Events/CrmAgentStatusChanged.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace App\Events;
+
+use App\Models\AgentStatus;
+use Illuminate\Broadcasting\InteractsWithSockets;
+use Illuminate\Broadcasting\PrivateChannel;
+use Illuminate\Contracts\Broadcasting\ShouldBroadcast;
+use Illuminate\Foundation\Events\Dispatchable;
+use Illuminate\Queue\SerializesModels;
+
+class CrmAgentStatusChanged implements ShouldBroadcast
+{
+    use Dispatchable, InteractsWithSockets, SerializesModels;
+
+    public function __construct(
+        public AgentStatus $agentStatus
+    ) {}
+
+    public function broadcastOn(): array
+    {
+        return [new PrivateChannel("crm-inbox.{$this->agentStatus->business_id}")];
+    }
+
+    public function broadcastAs(): string
+    {
+        return 'agent.status';
+    }
+
+    public function broadcastWith(): array
+    {
+        return [
+            'user_id' => $this->agentStatus->user_id,
+            'user_name' => $this->agentStatus->user?->name,
+            'status' => $this->agentStatus->status,
+            'status_label' => AgentStatus::statuses()[$this->agentStatus->status] ?? $this->agentStatus->status,
+            'status_message' => $this->agentStatus->status_message,
+            'last_seen_at' => $this->agentStatus->last_seen_at?->toIso8601String(),
+        ];
+    }
+}

app/Events/CrmThreadMessageSent.php

@@ -0,0 +1,80 @@
+<?php
+
+namespace App\Events;
+
+use App\Models\Crm\CrmChannelMessage;
+use App\Models\Crm\CrmThread;
+use Illuminate\Broadcasting\InteractsWithSockets;
+use Illuminate\Broadcasting\PrivateChannel;
+use Illuminate\Contracts\Broadcasting\ShouldBroadcast;
+use Illuminate\Foundation\Events\Dispatchable;
+use Illuminate\Queue\SerializesModels;
+use Illuminate\Support\Facades\Storage;
+
+class CrmThreadMessageSent implements ShouldBroadcast
+{
+    use Dispatchable, InteractsWithSockets, SerializesModels;
+
+    public function __construct(
+        public CrmChannelMessage $message,
+        public CrmThread $thread
+    ) {}
+
+    public function broadcastOn(): array
+    {
+        $channels = [
+            new PrivateChannel("crm-inbox.{$this->thread->business_id}"),
+            new PrivateChannel("crm-thread.{$this->thread->id}"),
+        ];
+
+        // For marketplace B2B threads, also broadcast to buyer/seller businesses
+        if ($this->thread->buyer_business_id) {
+            $channels[] = new PrivateChannel("crm-inbox.{$this->thread->buyer_business_id}");
+        }
+        if ($this->thread->seller_business_id) {
+            $channels[] = new PrivateChannel("crm-inbox.{$this->thread->seller_business_id}");
+        }
+
+        return $channels;
+    }
+
+    public function broadcastAs(): string
+    {
+        return 'message.new';
+    }
+
+    public function broadcastWith(): array
+    {
+        return [
+            'message' => [
+                'id' => $this->message->id,
+                'thread_id' => $this->message->thread_id,
+                'body' => $this->message->body,
+                'body_html' => $this->message->body_html,
+                'direction' => $this->message->direction,
+                'channel_type' => $this->message->channel_type,
+                'sender_id' => $this->message->user_id,
+                'sender_name' => $this->message->user?->name ?? ($this->message->direction === 'inbound' ? $this->thread->contact?->getFullName() : 'System'),
+                'status' => $this->message->status,
+                'created_at' => $this->message->created_at->toIso8601String(),
+                'attachments' => $this->message->attachments->map(fn ($a) => [
+                    'id' => $a->id,
+                    'filename' => $a->original_filename ?? $a->filename,
+                    'mime_type' => $a->mime_type,
+                    'size' => $a->size,
+                    'url' => Storage::disk($a->disk ?? 'minio')->url($a->path),
+                ])->toArray(),
+            ],
+            'thread' => [
+                'id' => $this->thread->id,
+                'subject' => $this->thread->subject,
+                'status' => $this->thread->status,
+                'priority' => $this->thread->priority,
+                'last_message_at' => $this->thread->last_message_at?->toIso8601String(),
+                'last_message_preview' => $this->message->body ? \Str::limit(strip_tags($this->message->body), 100) : null,
+                'last_message_direction' => $this->message->direction,
+                'last_channel_type' => $this->message->channel_type,
+            ],
+        ];
+    }
+}

app/Events/CrmThreadUpdated.php

@@ -0,0 +1,73 @@
+<?php
+
+namespace App\Events;
+
+use App\Models\Crm\CrmThread;
+use Illuminate\Broadcasting\InteractsWithSockets;
+use Illuminate\Broadcasting\PrivateChannel;
+use Illuminate\Contracts\Broadcasting\ShouldBroadcast;
+use Illuminate\Foundation\Events\Dispatchable;
+use Illuminate\Queue\SerializesModels;
+
+class CrmThreadUpdated implements ShouldBroadcast
+{
+    use Dispatchable, InteractsWithSockets, SerializesModels;
+
+    public const UPDATE_ASSIGNED = 'assigned';
+
+    public const UPDATE_CLOSED = 'closed';
+
+    public const UPDATE_REOPENED = 'reopened';
+
+    public const UPDATE_SNOOZED = 'snoozed';
+
+    public const UPDATE_PRIORITY = 'priority';
+
+    public const UPDATE_STATUS = 'status';
+
+    public function __construct(
+        public CrmThread $thread,
+        public string $updateType
+    ) {}
+
+    public function broadcastOn(): array
+    {
+        $channels = [
+            new PrivateChannel("crm-inbox.{$this->thread->business_id}"),
+            new PrivateChannel("crm-thread.{$this->thread->id}"),
+        ];
+
+        // For marketplace B2B threads, also broadcast to buyer/seller businesses
+        if ($this->thread->buyer_business_id) {
+            $channels[] = new PrivateChannel("crm-inbox.{$this->thread->buyer_business_id}");
+        }
+        if ($this->thread->seller_business_id) {
+            $channels[] = new PrivateChannel("crm-inbox.{$this->thread->seller_business_id}");
+        }
+
+        return $channels;
+    }
+
+    public function broadcastAs(): string
+    {
+        return 'thread.updated';
+    }
+
+    public function broadcastWith(): array
+    {
+        return [
+            'thread' => [
+                'id' => $this->thread->id,
+                'subject' => $this->thread->subject,
+                'status' => $this->thread->status,
+                'priority' => $this->thread->priority,
+                'assigned_to' => $this->thread->assigned_to,
+                'assignee_name' => $this->thread->assignee?->name,
+                'snoozed_until' => $this->thread->snoozed_until?->toIso8601String(),
+                'last_message_at' => $this->thread->last_message_at?->toIso8601String(),
+            ],
+            'update_type' => $this->updateType,
+            'updated_at' => now()->toIso8601String(),
+        ];
+    }
+}

app/Events/CrmTypingIndicator.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace App\Events;
+
+use Illuminate\Broadcasting\InteractsWithSockets;
+use Illuminate\Broadcasting\PrivateChannel;
+use Illuminate\Contracts\Broadcasting\ShouldBroadcast;
+use Illuminate\Foundation\Events\Dispatchable;
+use Illuminate\Queue\SerializesModels;
+
+class CrmTypingIndicator implements ShouldBroadcast
+{
+    use Dispatchable, InteractsWithSockets, SerializesModels;
+
+    public function __construct(
+        public int $threadId,
+        public int $userId,
+        public string $userName,
+        public bool $isTyping
+    ) {}
+
+    public function broadcastOn(): array
+    {
+        return [new PrivateChannel("crm-thread.{$this->threadId}")];
+    }
+
+    public function broadcastAs(): string
+    {
+        return 'typing';
+    }
+
+    public function broadcastWith(): array
+    {
+        return [
+            'user_id' => $this->userId,
+            'user_name' => $this->userName,
+            'is_typing' => $this->isTyping,
+            'timestamp' => now()->toIso8601String(),
+        ];
+    }
+}

app/Events/NewMarketplaceMessage.php

@@ -0,0 +1,79 @@
+<?php
+
+namespace App\Events;
+
+use App\Models\Crm\CrmChannelMessage;
+use App\Models\Crm\CrmThread;
+use Illuminate\Broadcasting\InteractsWithSockets;
+use Illuminate\Broadcasting\PrivateChannel;
+use Illuminate\Contracts\Broadcasting\ShouldBroadcast;
+use Illuminate\Foundation\Events\Dispatchable;
+use Illuminate\Queue\SerializesModels;
+
+class NewMarketplaceMessage implements ShouldBroadcast
+{
+    use Dispatchable, InteractsWithSockets, SerializesModels;
+
+    public function __construct(
+        public CrmChannelMessage $message,
+        public CrmThread $thread
+    ) {}
+
+    /**
+     * Get the channels the event should broadcast on.
+     *
+     * @return array<int, \Illuminate\Broadcasting\Channel>
+     */
+    public function broadcastOn(): array
+    {
+        $channels = [];
+
+        if ($this->thread->buyer_business_id) {
+            $channels[] = new PrivateChannel("marketplace-chat.{$this->thread->buyer_business_id}");
+        }
+
+        if ($this->thread->seller_business_id) {
+            $channels[] = new PrivateChannel("marketplace-chat.{$this->thread->seller_business_id}");
+        }
+
+        return $channels;
+    }
+
+    /**
+     * Get the data to broadcast.
+     *
+     * @return array<string, mixed>
+     */
+    public function broadcastWith(): array
+    {
+        return [
+            'message' => [
+                'id' => $this->message->id,
+                'thread_id' => $this->message->thread_id,
+                'body' => $this->message->body,
+                'sender_id' => $this->message->sender_id,
+                'sender_name' => $this->message->sender
+                    ? trim($this->message->sender->first_name.' '.$this->message->sender->last_name)
+                    : 'Unknown',
+                'direction' => $this->message->direction,
+                'created_at' => $this->message->created_at->toIso8601String(),
+                'attachments' => $this->message->attachments,
+            ],
+            'thread' => [
+                'id' => $this->thread->id,
+                'subject' => $this->thread->subject,
+                'buyer_business_id' => $this->thread->buyer_business_id,
+                'seller_business_id' => $this->thread->seller_business_id,
+                'order_id' => $this->thread->order_id,
+            ],
+        ];
+    }
+
+    /**
+     * The event's broadcast name.
+     */
+    public function broadcastAs(): string
+    {
+        return 'message.new';
+    }
+}

app/Exceptions/PeriodLockedException.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions;
+
+use App\Models\Accounting\AccountingPeriod;
+
+class PeriodLockedException extends \Exception
+{
+    public function __construct(
+        string $message,
+        public readonly ?AccountingPeriod $period = null,
+        int $code = 0,
+        ?\Throwable $previous = null
+    ) {
+        parent::__construct($message, $code, $previous);
+    }
+
+    public function getPeriod(): ?AccountingPeriod
+    {
+        return $this->period;
+    }
+}

app/Filament/Pages/CannaiqSettings.php

@@ -0,0 +1,203 @@
+<?php
+
+namespace App\Filament\Pages;
+
+use App\Services\Cannaiq\CannaiqClient;
+use Filament\Forms\Components\Placeholder;
+use Filament\Forms\Components\TextInput;
+use Filament\Forms\Concerns\InteractsWithForms;
+use Filament\Forms\Contracts\HasForms;
+use Filament\Notifications\Notification;
+use Filament\Pages\Page;
+use Filament\Schemas\Components\Section;
+use Filament\Schemas\Schema;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\HtmlString;
+
+class CannaiqSettings extends Page implements HasForms
+{
+    use InteractsWithForms;
+
+    protected static \BackedEnum|string|null $navigationIcon = 'heroicon-o-chart-bar-square';
+
+    protected string $view = 'filament.pages.cannaiq-settings';
+
+    protected static \UnitEnum|string|null $navigationGroup = 'Integrations';
+
+    protected static ?string $navigationLabel = 'CannaiQ';
+
+    protected static ?int $navigationSort = 1;
+
+    protected static ?string $title = 'CannaiQ Settings';
+
+    protected static ?string $slug = 'cannaiq-settings';
+
+    public ?array $data = [];
+
+    public static function canAccess(): bool
+    {
+        return auth('admin')->check();
+    }
+
+    public function mount(): void
+    {
+        $this->form->fill([
+            'base_url' => config('services.cannaiq.base_url'),
+            'api_key' => '', // Never show the actual key
+            'cache_ttl' => config('services.cannaiq.cache_ttl', 7200),
+        ]);
+    }
+
+    public function form(Schema $schema): Schema
+    {
+        $apiKeyConfigured = ! empty(config('services.cannaiq.api_key'));
+        $baseUrl = config('services.cannaiq.base_url');
+
+        return $schema
+            ->schema([
+                Section::make('CannaiQ Integration')
+                    ->description('CannaiQ is the Marketing Intelligence Engine that powers competitive analysis, pricing intelligence, and promotional recommendations.')
+                    ->schema([
+                        Placeholder::make('status')
+                            ->label('Connection Status')
+                            ->content(function () use ($apiKeyConfigured, $baseUrl) {
+                                $statusHtml = '<div class="space-y-2">';
+
+                                // API Key status
+                                if ($apiKeyConfigured) {
+                                    $statusHtml .= '<div class="flex items-center gap-2 text-success-600 dark:text-success-400">'.
+                                        '<span class="text-lg">&#10003;</span>'.
+                                        '<span>API Key configured</span>'.
+                                        '</div>';
+                                } else {
+                                    $statusHtml .= '<div class="flex items-center gap-2 text-warning-600 dark:text-warning-400">'.
+                                        '<span class="text-lg">&#9888;</span>'.
+                                        '<span>API Key not configured (using trusted origin auth)</span>'.
+                                        '</div>';
+                                }
+
+                                // Base URL
+                                $statusHtml .= '<div class="text-sm text-gray-500 dark:text-gray-400">'.
+                                    'Base URL: <code class="bg-gray-100 dark:bg-gray-800 px-1 rounded">'.$baseUrl.'</code>'.
+                                    '</div>';
+
+                                $statusHtml .= '</div>';
+
+                                return new HtmlString($statusHtml);
+                            }),
+
+                        Placeholder::make('features')
+                            ->label('Features Enabled')
+                            ->content(new HtmlString(
+                                '<div class="rounded-lg border border-gray-200 bg-gray-50 dark:border-gray-700 dark:bg-gray-900 p-4">'.
+                                '<ul class="list-disc list-inside text-sm text-gray-600 dark:text-gray-400 space-y-1">'.
+                                '<li><strong>Brand Analysis</strong> - Market positioning, SKU velocity, shelf opportunities</li>'.
+                                '<li><strong>Marketing Intelligence</strong> - Competitive insights and recommendations</li>'.
+                                '<li><strong>Promo Recommendations</strong> - AI-powered promotional strategies</li>'.
+                                '<li><strong>Store Playbook</strong> - Actionable insights for retail partners</li>'.
+                                '</ul>'.
+                                '</div>'
+                            )),
+                    ]),
+
+                Section::make('Configuration')
+                    ->description('CannaiQ is configured via environment variables. Update your .env file to change these settings.')
+                    ->schema([
+                        TextInput::make('base_url')
+                            ->label('Base URL')
+                            ->disabled()
+                            ->helperText('Set via CANNAIQ_BASE_URL environment variable'),
+
+                        TextInput::make('cache_ttl')
+                            ->label('Cache TTL (seconds)')
+                            ->disabled()
+                            ->helperText('Set via CANNAIQ_CACHE_TTL environment variable. Default: 7200 (2 hours)'),
+
+                        Placeholder::make('env_example')
+                            ->label('Environment Variables')
+                            ->content(new HtmlString(
+                                '<div class="rounded-lg bg-gray-900 text-gray-100 p-4 font-mono text-sm overflow-x-auto">'.
+                                '<div class="text-gray-400"># CannaiQ Configuration</div>'.
+                                '<div>CANNAIQ_BASE_URL=https://cannaiq.co/api/v1</div>'.
+                                '<div>CANNAIQ_API_KEY=your-api-key-here</div>'.
+                                '<div>CANNAIQ_CACHE_TTL=7200</div>'.
+                                '</div>'
+                            )),
+                    ])
+                    ->collapsed(),
+
+                Section::make('Business Access')
+                    ->description('CannaiQ features must be enabled per-business in the Business settings.')
+                    ->schema([
+                        Placeholder::make('business_info')
+                            ->label('')
+                            ->content(new HtmlString(
+                                '<div class="rounded-lg border border-info-200 bg-info-50 dark:border-info-800 dark:bg-info-950 p-4">'.
+                                '<div class="flex items-start gap-3">'.
+                                '<span class="text-info-600 dark:text-info-400 text-lg">&#9432;</span>'.
+                                '<div class="text-sm">'.
+                                '<p class="font-medium text-info-800 dark:text-info-200">How to enable CannaiQ for a business:</p>'.
+                                '<ol class="list-decimal list-inside mt-2 text-info-700 dark:text-info-300 space-y-1">'.
+                                '<li>Go to <strong>Users &rarr; Businesses</strong></li>'.
+                                '<li>Edit the business</li>'.
+                                '<li>Go to the <strong>Integrations</strong> tab</li>'.
+                                '<li>Toggle <strong>Enable CannaiQ</strong></li>'.
+                                '</ol>'.
+                                '</div>'.
+                                '</div>'.
+                                '</div>'
+                            )),
+                    ]),
+            ])
+            ->statePath('data');
+    }
+
+    public function testConnection(): void
+    {
+        try {
+            $client = app(CannaiqClient::class);
+
+            // Try to fetch something from the API to verify connection
+            // We'll use a simple health check or fetch minimal data
+            $response = $client->getBrandAnalysis('test-brand', 'test-business');
+
+            // If we get here without exception, connection works
+            // (even if the response is empty/error from CannaiQ side)
+            Notification::make()
+                ->title('Connection Test')
+                ->body('Successfully connected to CannaiQ API')
+                ->success()
+                ->send();
+
+        } catch (\Exception $e) {
+            Notification::make()
+                ->title('Connection Failed')
+                ->body($e->getMessage())
+                ->danger()
+                ->send();
+        }
+    }
+
+    public function clearCache(): void
+    {
+        // Clear all CannaiQ-related cache keys
+        $patterns = [
+            'cannaiq:*',
+            'brand_analysis:*',
+        ];
+
+        $cleared = 0;
+        foreach ($patterns as $pattern) {
+            // Note: This is a simplified clear - in production you might want
+            // to use Redis SCAN for pattern matching
+            Cache::forget($pattern);
+            $cleared++;
+        }
+
+        Notification::make()
+            ->title('Cache Cleared')
+            ->body('CannaiQ cache has been cleared')
+            ->success()
+            ->send();
+    }
+}

app/Filament/Pages/SiteBranding.php

@@ -0,0 +1,208 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Pages;
+
+use App\Models\SiteSetting;
+use Filament\Forms\Components\FileUpload;
+use Filament\Forms\Components\Placeholder;
+use Filament\Forms\Components\TextInput;
+use Filament\Forms\Concerns\InteractsWithForms;
+use Filament\Forms\Contracts\HasForms;
+use Filament\Notifications\Notification;
+use Filament\Pages\Page;
+use Filament\Schemas\Components\Section;
+use Filament\Schemas\Schema;
+use Illuminate\Support\HtmlString;
+use Livewire\Features\SupportFileUploads\TemporaryUploadedFile;
+
+class SiteBranding extends Page implements HasForms
+{
+    use InteractsWithForms;
+
+    protected static string|\BackedEnum|null $navigationIcon = 'heroicon-o-paint-brush';
+
+    protected static ?string $navigationLabel = 'Site Branding';
+
+    protected static ?string $title = 'Site Branding';
+
+    protected static string|\UnitEnum|null $navigationGroup = 'Platform Settings';
+
+    protected static ?int $navigationSort = 1;
+
+    protected string $view = 'filament.pages.site-branding';
+
+    public ?array $data = [];
+
+    public function mount(): void
+    {
+        $this->form->fill([
+            'site_name' => SiteSetting::get('site_name', 'Cannabrands Hub'),
+            'favicon' => SiteSetting::get('favicon_path') ? [SiteSetting::get('favicon_path')] : [],
+            'logo_light' => SiteSetting::get('logo_light_path') ? [SiteSetting::get('logo_light_path')] : [],
+            'logo_dark' => SiteSetting::get('logo_dark_path') ? [SiteSetting::get('logo_dark_path')] : [],
+        ]);
+    }
+
+    public function form(Schema $schema): Schema
+    {
+        return $schema
+            ->schema([
+                Section::make('Site Identity')
+                    ->description('Configure the site name and branding assets.')
+                    ->schema([
+                        TextInput::make('site_name')
+                            ->label('Site Name')
+                            ->required()
+                            ->maxLength(255)
+                            ->helperText('Displayed in browser tabs and emails.'),
+                    ]),
+
+                Section::make('Favicon')
+                    ->description('The small icon displayed in browser tabs. Recommended: 32x32 or 64x64 PNG/ICO.')
+                    ->columns(2)
+                    ->schema([
+                        Placeholder::make('current_favicon')
+                            ->label('Current')
+                            ->content(function () {
+                                $path = SiteSetting::get('favicon_path');
+                                if (! $path) {
+                                    return new HtmlString(
+                                        '<div class="flex items-center justify-center w-16 h-16 bg-gray-100 dark:bg-gray-800 rounded-lg border-2 border-dashed border-gray-300 dark:border-gray-600">'.
+                                        '<span class="text-gray-400 text-xs">Not set</span>'.
+                                        '</div>'
+                                    );
+                                }
+
+                                return new HtmlString(
+                                    '<div class="inline-flex items-center justify-center w-16 h-16 bg-gray-100 dark:bg-gray-800 rounded-lg">'.
+                                    '<img src="'.SiteSetting::getFaviconUrl().'" alt="Favicon" class="w-8 h-8">'.
+                                    '</div>'
+                                );
+                            }),
+                        FileUpload::make('favicon')
+                            ->label('Upload New')
+                            ->image()
+                            ->disk('public')
+                            ->directory('branding')
+                            ->visibility('public')
+                            ->acceptedFileTypes(['image/png', 'image/x-icon', 'image/ico', 'image/vnd.microsoft.icon'])
+                            ->maxSize(512)
+                            ->imagePreviewHeight('64')
+                            ->helperText('Upload a PNG or ICO file (max 512KB).'),
+                    ]),
+
+                Section::make('Logos')
+                    ->description('Upload logo variants for different backgrounds.')
+                    ->schema([
+                        Section::make('Logo (Light/White)')
+                            ->description('For dark backgrounds (sidebar, etc.)')
+                            ->columns(2)
+                            ->schema([
+                                Placeholder::make('current_logo_light')
+                                    ->label('Current')
+                                    ->content(function () {
+                                        $path = SiteSetting::get('logo_light_path');
+                                        if (! $path) {
+                                            return new HtmlString(
+                                                '<div class="flex items-center justify-center h-16 w-40 bg-gray-800 rounded-lg border-2 border-dashed border-gray-600">'.
+                                                '<span class="text-gray-400 text-xs">Not set</span>'.
+                                                '</div>'
+                                            );
+                                        }
+
+                                        return new HtmlString(
+                                            '<div class="inline-flex items-center justify-center h-16 px-4 bg-gray-800 rounded-lg">'.
+                                            '<img src="'.SiteSetting::getLogoLightUrl().'" alt="Logo Light" class="h-8 max-w-[150px] object-contain">'.
+                                            '</div>'
+                                        );
+                                    }),
+                                FileUpload::make('logo_light')
+                                    ->label('Upload New')
+                                    ->image()
+                                    ->disk('public')
+                                    ->directory('branding')
+                                    ->visibility('public')
+                                    ->maxSize(2048)
+                                    ->imagePreviewHeight('100'),
+                            ]),
+
+                        Section::make('Logo (Dark)')
+                            ->description('For light backgrounds.')
+                            ->columns(2)
+                            ->schema([
+                                Placeholder::make('current_logo_dark')
+                                    ->label('Current')
+                                    ->content(function () {
+                                        $path = SiteSetting::get('logo_dark_path');
+                                        if (! $path) {
+                                            return new HtmlString(
+                                                '<div class="flex items-center justify-center h-16 w-40 bg-gray-100 rounded-lg border-2 border-dashed border-gray-300">'.
+                                                '<span class="text-gray-400 text-xs">Not set</span>'.
+                                                '</div>'
+                                            );
+                                        }
+
+                                        return new HtmlString(
+                                            '<div class="inline-flex items-center justify-center h-16 px-4 bg-gray-100 rounded-lg">'.
+                                            '<img src="'.SiteSetting::getLogoDarkUrl().'" alt="Logo Dark" class="h-8 max-w-[150px] object-contain">'.
+                                            '</div>'
+                                        );
+                                    }),
+                                FileUpload::make('logo_dark')
+                                    ->label('Upload New')
+                                    ->image()
+                                    ->disk('public')
+                                    ->directory('branding')
+                                    ->visibility('public')
+                                    ->maxSize(2048)
+                                    ->imagePreviewHeight('100'),
+                            ]),
+                    ]),
+            ])
+            ->statePath('data');
+    }
+
+    public function save(): void
+    {
+        $data = $this->form->getState();
+
+        // Save site name
+        SiteSetting::set('site_name', $data['site_name']);
+
+        // Save file paths
+        $this->saveFileSetting('favicon_path', $data['favicon'] ?? []);
+        $this->saveFileSetting('logo_light_path', $data['logo_light'] ?? []);
+        $this->saveFileSetting('logo_dark_path', $data['logo_dark'] ?? []);
+
+        // Clear cache
+        SiteSetting::clearCache();
+
+        Notification::make()
+            ->title('Branding settings saved')
+            ->success()
+            ->send();
+    }
+
+    protected function saveFileSetting(string $key, array $files): void
+    {
+        $path = ! empty($files) ? $files[0] : null;
+
+        // Handle TemporaryUploadedFile objects
+        if ($path instanceof TemporaryUploadedFile) {
+            $path = $path->store('branding', 'public');
+        }
+
+        SiteSetting::set($key, $path);
+    }
+
+    protected function getFormActions(): array
+    {
+        return [
+            Forms\Components\Actions\Action::make('save')
+                ->label('Save Changes')
+                ->submit('save'),
+        ];
+    }
+}

app/Filament/Resources/AiContentRuleResource.php

@@ -210,7 +210,7 @@ class AiContentRuleResource extends Resource
                     ])
                     ->query(function ($query, array $data) {
                         if (! empty($data['value'])) {
-                            $query->where('content_type_key', 'like', $data['value'].'.%');
+                            $query->where('content_type_key', 'ilike', $data['value'].'.%');
                         }
                     }),
             ])

app/Filament/Resources/BatchResource/Pages/CreateBatch.php

@@ -11,7 +11,7 @@ class CreateBatch extends CreateRecord
 
     protected function mutateFormDataBeforeCreate(array $data): array
     {
-        $data['business_id'] = auth()->user()->business_id;
+        $data['business_id'] = auth()->user()->primaryBusiness()?->id;
 
         return $data;
     }

app/Filament/Resources/BusinessResource.php

@@ -13,6 +13,7 @@ use Filament\Forms;
 use Filament\Forms\Components\CheckboxList;
 use Filament\Forms\Components\DatePicker;
 use Filament\Forms\Components\DateTimePicker;
+use Filament\Forms\Components\Hidden;
 use Filament\Forms\Components\Repeater;
 use Filament\Forms\Components\Select;
 use Filament\Forms\Components\Textarea;
@@ -45,6 +46,13 @@ class BusinessResource extends Resource
 {
     protected static ?string $model = Business::class;
 
+    /**
+     * Force Filament to use 'id' for record route binding in admin panel.
+     * This is necessary because Business model uses 'slug' as getRouteKeyName()
+     * for public routes, but admin panel needs 'id' for reliable record binding.
+     */
+    protected static ?string $recordRouteKeyName = 'id';
+
     protected static string|\BackedEnum|null $navigationIcon = 'heroicon-o-building-office-2';
 
     protected static \UnitEnum|string|null $navigationGroup = 'Accounts';
@@ -147,80 +155,191 @@ class BusinessResource extends Resource
                                     ]),
                             ]),
 
-                        Tab::make('Addresses')
+                        Tab::make('Locations')
+                            ->label(fn ($livewire) => self::isDispensaryBusiness($livewire->getRecord()) ? 'Locations' : 'Address')
                             ->schema([
-                                Section::make('Physical Address')
+                                Repeater::make('locations')
+                                    ->relationship('locations')
+                                    ->mutateRelationshipDataBeforeCreateUsing(function (array $data): array {
+                                        $data['slug'] = $data['slug'] ?? \Illuminate\Support\Str::slug($data['name'] ?? 'location');
+
+                                        return $data;
+                                    })
                                     ->schema([
-                                        Grid::make(2)
+                                        Grid::make(3)
                                             ->schema([
-                                                TextInput::make('physical_address')
+                                                TextInput::make('name')
+                                                    ->label(fn ($livewire) => self::isDispensaryBusiness($livewire->getRecord()) ? 'Location Name' : 'Address Name')
+                                                    ->maxLength(255),
+                                                Select::make('location_type')
+                                                    ->label('Type')
+                                                    ->options([
+                                                        'physical' => 'Physical',
+                                                        'billing' => 'Billing',
+                                                        'delivery' => 'Delivery',
+                                                    ])
+                                                    ->default('physical'),
+                                                TextInput::make('license_number')
+                                                    ->label('License #')
+                                                    ->maxLength(255),
+                                            ]),
+                                        Grid::make(4)
+                                            ->schema([
+                                                TextInput::make('address')
                                                     ->label('Street Address')
                                                     ->maxLength(255)
                                                     ->columnSpan(2),
-                                                TextInput::make('physical_city')
+                                                TextInput::make('unit')
+                                                    ->label('Unit/Suite')
+                                                    ->maxLength(255),
+                                                TextInput::make('city')
                                                     ->label('City')
                                                     ->maxLength(255),
-                                                TextInput::make('physical_state')
+                                            ]),
+                                        Grid::make(4)
+                                            ->schema([
+                                                TextInput::make('state')
                                                     ->label('State')
-                                                    ->maxLength(255),
-                                                TextInput::make('physical_zipcode')
-                                                    ->label('ZIP Code')
+                                                    ->maxLength(2),
+                                                TextInput::make('zipcode')
+                                                    ->label('ZIP')
+                                                    ->maxLength(10),
+                                                TextInput::make('phone')
+                                                    ->label('Phone')
+                                                    ->tel()
+                                                    ->maxLength(20),
+                                                TextInput::make('email')
+                                                    ->label('Email')
+                                                    ->email()
                                                     ->maxLength(255),
                                             ]),
-                                    ]),
-
-                                Section::make('Billing Address')
-                                    ->schema([
                                         Grid::make(2)
                                             ->schema([
-                                                TextInput::make('billing_address')
-                                                    ->label('Billing Street Address')
-                                                    ->maxLength(255)
-                                                    ->columnSpan(2),
-                                                TextInput::make('billing_city')
-                                                    ->label('Billing City')
-                                                    ->maxLength(255),
-                                                TextInput::make('billing_state')
-                                                    ->label('Billing State')
-                                                    ->maxLength(255),
-                                                TextInput::make('billing_zipcode')
-                                                    ->label('Billing ZIP Code')
-                                                    ->maxLength(255),
+                                                Toggle::make('is_primary')
+                                                    ->label(fn ($livewire) => self::isDispensaryBusiness($livewire->getRecord()) ? 'Primary Location' : 'Primary Address'),
+                                                Toggle::make('is_billing')
+                                                    ->label('Billing Address'),
                                             ]),
-                                    ]),
+                                    ])
+                                    ->itemLabel(fn (array $state, $livewire): ?string => $state['name'] ?? (self::isDispensaryBusiness($livewire->getRecord()) ? 'New Location' : 'New Address'))
+                                    ->collapsible()
+                                    ->collapsed()
+                                    ->addActionLabel(fn ($livewire) => self::isDispensaryBusiness($livewire->getRecord()) ? 'Add Location' : 'Add Address')
+                                    ->defaultItems(0),
                             ]),
 
                         Tab::make('Users & Access')
                             ->schema([
+                                // Quick add from business contacts section
+                                Forms\Components\Placeholder::make('contacts_without_users')
+                                    ->label('Contacts Without Platform Access')
+                                    ->content(function ($livewire) {
+                                        $business = $livewire->getRecord();
+                                        if (! $business) {
+                                            return '';
+                                        }
+
+                                        $existingUserEmails = \App\Models\User::pluck('email')->map(fn ($e) => strtolower($e))->toArray();
+
+                                        $contacts = $business->contacts()
+                                            ->whereNotNull('email')
+                                            ->where('email', '!=', '')
+                                            ->get()
+                                            ->filter(fn ($c) => ! in_array(strtolower($c->email), $existingUserEmails));
+
+                                        if ($contacts->isEmpty()) {
+                                            return new \Illuminate\Support\HtmlString(
+                                                '<span class="text-gray-500 text-sm">All business contacts with emails already have platform access.</span>'
+                                            );
+                                        }
+
+                                        $html = '<div class="text-sm text-gray-600 mb-2">These business contacts have emails but no platform login. Click "Add Platform User" below and use "Link Existing User" or manually add them:</div>';
+                                        $html .= '<div class="flex flex-wrap gap-2">';
+                                        foreach ($contacts as $contact) {
+                                            $name = trim($contact->first_name.' '.$contact->last_name) ?: 'Unknown';
+                                            $type = $contact->contact_type ? ucfirst($contact->contact_type) : '';
+                                            $html .= '<span class="inline-flex items-center gap-1 px-2 py-1 rounded-md bg-amber-50 text-amber-800 border border-amber-200 text-xs">';
+                                            $html .= '<strong>'.e($name).'</strong>';
+                                            if ($type) {
+                                                $html .= ' <span class="text-amber-600">('.$type.')</span>';
+                                            }
+                                            $html .= ' - '.e($contact->email);
+                                            $html .= '</span>';
+                                        }
+                                        $html .= '</div>';
+
+                                        return new \Illuminate\Support\HtmlString($html);
+                                    })
+                                    ->visible(function ($livewire) {
+                                        $business = $livewire->getRecord();
+                                        if (! $business) {
+                                            return false;
+                                        }
+
+                                        $existingUserEmails = \App\Models\User::pluck('email')->map(fn ($e) => strtolower($e))->toArray();
+
+                                        return $business->contacts()
+                                            ->whereNotNull('email')
+                                            ->where('email', '!=', '')
+                                            ->get()
+                                            ->filter(fn ($c) => ! in_array(strtolower($c->email), $existingUserEmails))
+                                            ->isNotEmpty();
+                                    })
+                                    ->columnSpanFull(),
+
                                 Repeater::make('users')
                                     ->relationship('users')
                                     ->helperText('Users with login credentials and access to manage this business')
                                     ->schema([
                                         Grid::make(3)
                                             ->schema([
-                                                TextInput::make('first_name')
-                                                    ->label('First Name')
-                                                    ->required()
-                                                    ->maxLength(255),
-                                                TextInput::make('last_name')
-                                                    ->label('Last Name')
-                                                    ->required()
-                                                    ->maxLength(255),
-                                                TextInput::make('email')
-                                                    ->label('Email')
-                                                    ->email()
-                                                    ->required()
-                                                    ->maxLength(255),
-                                                TextInput::make('phone')
-                                                    ->label('Phone')
-                                                    ->tel()
-                                                    ->maxLength(255),
-                                                Select::make('contact_type')
-                                                    ->label('Role/Type')
-                                                    ->required()
-                                                    ->options(Contact::CONTACT_TYPES)
-                                                    ->default('staff')
-                                                    ->searchable(),
+                                                Hidden::make('id'),
+                                                Select::make('user_id')
+                                                    ->label('Link Existing User')
+                                                    ->options(function ($get, $livewire) {
+                                                        $business = $livewire->getRecord();
+                                                        $currentUserIds = $business ? $business->users()->pluck('users.id')->toArray() : [];
+                                                        $currentId = $get('id');
+
+                                                        return \App\Models\User::query()
+                                                            ->with('businesses')
+                                                            ->where(function ($query) use ($currentUserIds, $currentId) {
+                                                                $query->whereNotIn('id', $currentUserIds);
+                                                                if ($currentId) {
+                                                                    $query->orWhere('id', $currentId);
+                                                                }
+                                                            })
+                                                            ->where('user_type', '!=', 'admin')
+                                                            ->orderBy('first_name')
+                                                            ->get()
+                                                            ->mapWithKeys(function ($user) {
+                                                                $businesses = $user->businesses->pluck('name')->join(', ');
+                                                                $label = $user->full_name.' ('.$user->email.')';
+                                                                if ($businesses) {
+                                                                    $label .= ' - '.$businesses;
+                                                                }
+
+                                                                return [$user->id => $label];
+                                                            });
+                                                    })
+                                                    ->searchable()
+                                                    ->preload()
+                                                    ->live()
+                                                    ->dehydrated(false)
+                                                    ->afterStateUpdated(function ($state, callable $set) {
+                                                        if ($state) {
+                                                            $user = \App\Models\User::find($state);
+                                                            if ($user) {
+                                                                $set('id', $user->id);
+                                                                $set('first_name', $user->first_name);
+                                                                $set('last_name', $user->last_name);
+                                                                $set('email', $user->email);
+                                                                $set('phone', $user->phone);
+                                                            }
+                                                        }
+                                                    })
+                                                    ->helperText('Search and select an existing user, or leave empty to create new')
+                                                    ->columnSpan(2),
                                                 Toggle::make('is_primary')
                                                     ->label(new \Illuminate\Support\HtmlString(
                                                         '<span style="text-decoration: underline dotted; cursor: help;" title="Only one primary user allowed - clicking will immediately switch the primary user">Primary</span>'
@@ -259,6 +378,31 @@ class BusinessResource extends Resource
                                                         return false;
                                                     })
                                                     ->inline(false),
+                                                TextInput::make('first_name')
+                                                    ->label('First Name')
+                                                    ->required()
+                                                    ->maxLength(255),
+                                                TextInput::make('last_name')
+                                                    ->label('Last Name')
+                                                    ->required()
+                                                    ->maxLength(255),
+                                                TextInput::make('email')
+                                                    ->label('Email')
+                                                    ->email()
+                                                    ->required()
+                                                    ->maxLength(255)
+                                                    ->disabled(fn ($get) => ! empty($get('id')))
+                                                    ->helperText(fn ($get) => ! empty($get('id')) ? 'Email cannot be changed for existing users' : 'New user will be created with this email'),
+                                                TextInput::make('phone')
+                                                    ->label('Phone')
+                                                    ->tel()
+                                                    ->maxLength(255),
+                                                Select::make('contact_type')
+                                                    ->label('Role/Type')
+                                                    ->required()
+                                                    ->options(Contact::CONTACT_TYPES)
+                                                    ->default('staff')
+                                                    ->searchable(),
                                             ]),
                                     ])
                                     ->saveRelationshipsUsing(function ($component, $state, $record) {
@@ -267,22 +411,54 @@ class BusinessResource extends Resource
                                         }
                                         $syncData = [];
                                         foreach ($state as $item) {
+                                            $email = $item['email'] ?? null;
+                                            if (! $email) {
+                                                continue;
+                                            }
+
+                                            // Check if user exists by ID or email
+                                            $user = null;
                                             if (isset($item['id'])) {
                                                 $user = \App\Models\User::find($item['id']);
-                                                if ($user) {
-                                                    $user->update([
-                                                        'first_name' => $item['first_name'] ?? null,
-                                                        'last_name' => $item['last_name'] ?? null,
-                                                        'email' => $item['email'] ?? null,
-                                                        'phone' => $item['phone'] ?? null,
-                                                    ]);
-                                                }
-                                                $syncData[$item['id']] = [
-                                                    'contact_type' => $item['contact_type'] ?? 'staff',
-                                                    'is_primary' => $item['is_primary'] ?? false,
-                                                ];
                                             }
+
+                                            // If no user found by ID, try to find by email
+                                            if (! $user) {
+                                                $user = \App\Models\User::where('email', $email)->first();
+                                            }
+
+                                            if ($user) {
+                                                // Update existing user
+                                                $user->update([
+                                                    'first_name' => $item['first_name'] ?? $user->first_name,
+                                                    'last_name' => $item['last_name'] ?? $user->last_name,
+                                                    'phone' => $item['phone'] ?? $user->phone,
+                                                ]);
+                                            } else {
+                                                // Create new user
+                                                $user = \App\Models\User::create([
+                                                    'first_name' => $item['first_name'] ?? '',
+                                                    'last_name' => $item['last_name'] ?? '',
+                                                    'email' => $email,
+                                                    'phone' => $item['phone'] ?? null,
+                                                    'password' => bcrypt(\Illuminate\Support\Str::random(16)),
+                                                    'user_type' => $record->business_type === 'retailer' ? 'buyer' : 'seller',
+                                                ]);
+                                            }
+
+                                            $syncData[$user->id] = [
+                                                'contact_type' => $item['contact_type'] ?? 'staff',
+                                                'is_primary' => $item['is_primary'] ?? false,
+                                            ];
                                         }
+
+                                        // Auto-set first user as primary if no primary is set
+                                        $hasPrimary = collect($syncData)->contains(fn ($data) => $data['is_primary']);
+                                        if (! $hasPrimary && ! empty($syncData)) {
+                                            $firstUserId = array_key_first($syncData);
+                                            $syncData[$firstUserId]['is_primary'] = true;
+                                        }
+
                                         $record->users()->sync($syncData);
                                     })
                                     ->itemLabel(fn (array $state): ?string => trim(($state['first_name'] ?? '').' '.($state['last_name'] ?? '')) ?:
@@ -546,53 +722,83 @@ class BusinessResource extends Resource
                                             ->bulkToggleable()
                                             ->helperText('Select the suites this business should have access to. Each suite enables specific features and menu items.'),
 
-                                        Forms\Components\Placeholder::make('suite_info')
-                                            ->label('')
-                                            ->content(function () {
-                                                // Show available suites (excluding deprecated and internal)
-                                                $suites = \App\Models\Suite::available()->orderBy('sort_order')->get();
-                                                $html = '<div class="grid grid-cols-2 gap-4 text-sm mt-4">';
-                                                foreach ($suites as $suite) {
-                                                    $colorClass = match ($suite->color) {
-                                                        'emerald' => 'border-emerald-300 bg-emerald-50 dark:border-emerald-700 dark:bg-emerald-950',  // Sales
-                                                        'pink' => 'border-pink-300 bg-pink-50 dark:border-pink-700 dark:bg-pink-950',                  // Marketing
-                                                        'cyan' => 'border-cyan-300 bg-cyan-50 dark:border-cyan-700 dark:bg-cyan-950',                  // Inventory
-                                                        'blue' => 'border-blue-300 bg-blue-50 dark:border-blue-700 dark:bg-blue-950',                  // Processing
-                                                        'orange' => 'border-orange-300 bg-orange-50 dark:border-orange-700 dark:bg-orange-950',        // Manufacturing
-                                                        'indigo' => 'border-indigo-300 bg-indigo-50 dark:border-indigo-700 dark:bg-indigo-950',        // Procurement
-                                                        'violet' => 'border-violet-300 bg-violet-50 dark:border-violet-700 dark:bg-violet-950',        // Distribution
-                                                        'green' => 'border-green-300 bg-green-50 dark:border-green-700 dark:bg-green-950',             // Finance
-                                                        'amber' => 'border-amber-300 bg-amber-50 dark:border-amber-700 dark:bg-amber-950',             // Compliance
-                                                        'sky' => 'border-sky-300 bg-sky-50 dark:border-sky-700 dark:bg-sky-950',                       // Inbox
-                                                        'slate' => 'border-slate-300 bg-slate-50 dark:border-slate-700 dark:bg-slate-950',             // Tools
-                                                        'gray' => 'border-gray-300 bg-gray-50 dark:border-gray-700 dark:bg-gray-950',                  // Management
-                                                        'lime' => 'border-lime-300 bg-lime-50 dark:border-lime-700 dark:bg-lime-950',                  // Dispensary
-                                                        'gold' => 'border-yellow-300 bg-yellow-50 dark:border-yellow-700 dark:bg-yellow-950',          // Enterprise
-                                                        'teal' => 'border-teal-300 bg-teal-50 dark:border-teal-700 dark:bg-teal-950',                  // Brand Manager
-                                                        'red' => 'border-red-300 bg-red-50 dark:border-red-700 dark:bg-red-950',
-                                                        'rose' => 'border-rose-300 bg-rose-50 dark:border-rose-700 dark:bg-rose-950',
-                                                        'fuchsia' => 'border-fuchsia-300 bg-fuchsia-50 dark:border-fuchsia-700 dark:bg-fuchsia-950',
-                                                        default => 'border-gray-300 bg-gray-50 dark:border-gray-700 dark:bg-gray-950',
-                                                    };
-                                                    $features = is_array($suite->included_features) ? implode(', ', $suite->included_features) : '';
-                                                    $html .= '<div class="border rounded-lg p-3 '.$colorClass.'">';
-                                                    $html .= '<div class="font-medium">'.e($suite->name).'</div>';
-                                                    $html .= '<div class="text-xs text-gray-600 dark:text-gray-400 mt-1">'.e($features).'</div>';
-                                                    $html .= '</div>';
-                                                }
-                                                $html .= '</div>';
-
-                                                return new \Illuminate\Support\HtmlString($html);
-                                            }),
                                     ]),
 
-                                Section::make('Navigation Settings')
-                                    ->description('Control how this business experiences the seller sidebar navigation.')
+                                // ===== SUITE SHARES SECTION =====
+                                // Allows this business to share parts of their suite TO other businesses
+                                Section::make('Suite Shares')
+                                    ->description('Share parts of THIS business\'s suite with other businesses. The recipient will see these menu items with a "Shared" badge.')
+                                    ->collapsed()
                                     ->schema([
-                                        Toggle::make('use_suite_navigation')
-                                            ->label('Use Suite Navigation (beta)')
-                                            ->helperText('When enabled, this business uses the new suite-based sidebar instead of the legacy menu.')
-                                            ->default(false),
+                                        Forms\Components\Repeater::make('suiteShares')
+                                            ->relationship('suiteShares')
+                                            ->label('')
+                                            ->schema([
+                                                Select::make('target_business_id')
+                                                    ->label('Share TO Business')
+                                                    ->options(function (callable $get) {
+                                                        $currentBusinessId = $get('../../id');
+
+                                                        return \App\Models\Business::query()
+                                                            ->when($currentBusinessId, fn ($q) => $q->where('id', '!=', $currentBusinessId))
+                                                            ->orderBy('name')
+                                                            ->pluck('name', 'id');
+                                                    })
+                                                    ->searchable()
+                                                    ->required()
+                                                    ->helperText('Select the business that will RECEIVE these shared menu items'),
+                                                Select::make('shared_suite_key')
+                                                    ->label('Suite to Share From')
+                                                    ->options(function ($livewire) {
+                                                        // Get suites assigned to THIS business (source)
+                                                        $business = $livewire->record;
+                                                        if (! $business) {
+                                                            return [];
+                                                        }
+
+                                                        return $business->suites()
+                                                            ->orderBy('sort_order')
+                                                            ->pluck('name', 'key')
+                                                            ->toArray();
+                                                    })
+                                                    ->required()
+                                                    ->reactive()
+                                                    ->helperText('Select which of THIS business\'s suites to share items from'),
+                                                CheckboxList::make('shared_menu_keys')
+                                                    ->label('Menu Items to Share')
+                                                    ->options(function (callable $get) {
+                                                        $suiteKey = $get('shared_suite_key');
+                                                        if (! $suiteKey) {
+                                                            return [];
+                                                        }
+
+                                                        // Get menu keys for this suite from config
+                                                        $menuKeys = config("suites.menus.{$suiteKey}", []);
+                                                        $resolver = app(\App\Services\SuiteMenuResolver::class);
+
+                                                        $options = [];
+                                                        foreach ($menuKeys as $key) {
+                                                            $def = $resolver->getMenuDefinition($key);
+                                                            if ($def) {
+                                                                $options[$key] = $def['label'].' ('.$def['section'].')';
+                                                            }
+                                                        }
+
+                                                        return $options;
+                                                    })
+                                                    ->columns(2)
+                                                    ->required()
+                                                    ->visible(fn (callable $get) => ! empty($get('shared_suite_key'))),
+                                            ])
+                                            ->columns(1)
+                                            ->defaultItems(0)
+                                            ->addActionLabel('Add Suite Share')
+                                            ->reorderable(false)
+                                            ->collapsible()
+                                            ->itemLabel(fn (array $state): ?string => isset($state['target_business_id'])
+                                                ? 'Share to: '.(\App\Models\Business::find($state['target_business_id'])?->name ?? 'New Share')
+                                                : 'New Share'
+                                            ),
                                     ]),
 
                                 Section::make('Sales Suite Usage Limits')
@@ -646,6 +852,40 @@ class BusinessResource extends Resource
                                     ]),
                             ]),
 
+                        // ===== INTEGRATIONS TAB =====
+                        // Third-party service integrations
+                        Tab::make('Integrations')
+                            ->icon('heroicon-o-link')
+                            ->schema([
+                                // ===== CANNAIQ SECTION =====
+                                Section::make('CannaiQ')
+                                    ->description('CannaiQ is the Marketing Intelligence Engine that powers competitive analysis, pricing intelligence, and promotional recommendations.')
+                                    ->schema([
+                                        Toggle::make('cannaiq_enabled')
+                                            ->label('Enable CannaiQ')
+                                            ->helperText('When enabled, this business gets access to Brand Analysis, Intelligence, and Promos features.')
+                                            ->default(false),
+
+                                        Forms\Components\Placeholder::make('cannaiq_info')
+                                            ->label('')
+                                            ->content(new \Illuminate\Support\HtmlString(
+                                                '<div class="rounded-lg border border-gray-200 bg-gray-50 dark:border-gray-700 dark:bg-gray-900 p-4 text-sm">'.
+                                                '<div class="font-medium text-gray-700 dark:text-gray-300 mb-2">CannaiQ Features</div>'.
+                                                '<ul class="list-disc list-inside text-gray-600 dark:text-gray-400 space-y-1">'.
+                                                '<li>Brand Analysis - Market positioning, SKU velocity, shelf opportunities</li>'.
+                                                '<li>Marketing Intelligence - Competitive insights and recommendations</li>'.
+                                                '<li>Promo Recommendations - AI-powered promotional strategies</li>'.
+                                                '</ul>'.
+                                                '<div class="mt-3 pt-3 border-t border-gray-200 dark:border-gray-700">'.
+                                                '<a href="https://cannaiq.co" target="_blank" class="text-primary-600 hover:text-primary-500 dark:text-primary-400 font-medium inline-flex items-center gap-1">'.
+                                                'Visit CannaiQ <svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10 6H6a2 2 0 00-2 2v10a2 2 0 002 2h10a2 2 0 002-2v-4M14 4h6m0 0v6m0-6L10 14"></path></svg>'.
+                                                '</a>'.
+                                                '</div>'.
+                                                '</div>'
+                                            )),
+                                    ]),
+                            ]),
+
                         // ===== LEGACY MODULES TAB =====
                         // These flags are kept for backward compatibility.
                         // The recommended way to configure access is via Suites above.
@@ -1549,8 +1789,8 @@ class BusinessResource extends Resource
                     })
                     ->description(fn ($record) => $record->parent ? 'Managed by '.$record->parent->name : null)
                     ->searchable(query: function ($query, $search) {
-                        return $query->where('name', 'like', "%{$search}%")
-                            ->orWhere('dba_name', 'like', "%{$search}%");
+                        return $query->where('name', 'ilike', "%{$search}%")
+                            ->orWhere('dba_name', 'ilike', "%{$search}%");
                     })
                     ->sortable(query: fn ($query, $direction) => $query->orderBy('parent_id')->orderBy('name', $direction)),
                 TextColumn::make('types.label')
@@ -1653,23 +1893,27 @@ class BusinessResource extends Resource
                         default => 'gray',
                     })
                     ->sortable(),
-                TextColumn::make('owner.full_name')
+                TextColumn::make('primary_user')
                     ->label('Account Owner')
                     ->getStateUsing(function (Business $record): ?string {
-                        $owner = $record->owner;
-                        if ($owner) {
-                            $name = trim($owner->first_name.' '.$owner->last_name);
+                        // Use the primary user from the pivot table
+                        $primaryUser = $record->users->first();
+                        if ($primaryUser) {
+                            $name = trim($primaryUser->first_name.' '.$primaryUser->last_name);
 
-                            return $name.' ('.$owner->email.')';
+                            return $name.' ('.$primaryUser->email.')';
                         }
 
                         return 'N/A';
                     })
                     ->searchable(query: function ($query, $search) {
-                        return $query->whereHas('owner', function ($q) use ($search) {
-                            $q->where('first_name', 'like', "%{$search}%")
-                                ->orWhere('last_name', 'like', "%{$search}%")
-                                ->orWhere('email', 'like', "%{$search}%");
+                        return $query->whereHas('users', function ($q) use ($search) {
+                            $q->wherePivot('is_primary', true)
+                                ->where(function ($q2) use ($search) {
+                                    $q2->where('first_name', 'ilike', "%{$search}%")
+                                        ->orWhere('last_name', 'ilike', "%{$search}%")
+                                        ->orWhere('email', 'ilike', "%{$search}%");
+                                });
                         });
                     })
                     ->sortable(),
@@ -1699,9 +1943,9 @@ class BusinessResource extends Resource
                     })
                     ->searchable(query: function ($query, $search) {
                         return $query->whereHas('users', function ($q) use ($search) {
-                            $q->where('first_name', 'like', "%{$search}%")
-                                ->orWhere('last_name', 'like', "%{$search}%")
-                                ->orWhere('email', 'like', "%{$search}%");
+                            $q->where('first_name', 'ilike', "%{$search}%")
+                                ->orWhere('last_name', 'ilike', "%{$search}%")
+                                ->orWhere('email', 'ilike', "%{$search}%");
                         });
                     }),
                 TextColumn::make('users_count')
@@ -1850,4 +2094,19 @@ class BusinessResource extends Resource
             'edit' => EditBusiness::route('/{record}/edit'),
         ];
     }
+
+    /**
+     * Check if business is a dispensary/retailer type.
+     * Used to determine whether to show "Locations" (multi-location dispensaries)
+     * or "Address" (single address for sellers/manufacturers).
+     */
+    protected static function isDispensaryBusiness(?\App\Models\Business $business): bool
+    {
+        if (! $business) {
+            return false;
+        }
+
+        // Check if business has the "dispensary" type key assigned
+        return $business->types()->where('business_types.key', 'dispensary')->exists();
+    }
 }

app/Filament/Resources/BusinessResource/Pages/CreateBusiness.php

@@ -8,4 +8,15 @@ use Filament\Resources\Pages\CreateRecord;
 class CreateBusiness extends CreateRecord
 {
     protected static string $resource = BusinessResource::class;
+
+    /**
+     * Override redirect URL to use record ID instead of slug.
+     *
+     * This ensures proper routing after business creation since
+     * Business model uses 'slug' as getRouteKeyName() but admin uses 'id'.
+     */
+    protected function getRedirectUrl(): string
+    {
+        return static::getResource()::getUrl('edit', ['record' => $this->record->getKey()]);
+    }
 }

app/Filament/Resources/BusinessResource/Pages/EditBusiness.php

@@ -13,6 +13,11 @@ class EditBusiness extends EditRecord
 {
     protected static string $resource = BusinessResource::class;
 
+    public function getTitle(): string
+    {
+        return 'Edit '.$this->record->name;
+    }
+
     /**
      * Livewire listeners for audit trail integration.
      */
@@ -23,6 +28,14 @@ class EditBusiness extends EditRecord
     protected function getHeaderActions(): array
     {
         return [
+            Actions\Action::make('view_marketing_portal')
+                ->label('Marketing Portal')
+                ->icon('heroicon-o-megaphone')
+                ->color('info')
+                ->url(fn () => route('portal.dashboard', $this->record->slug))
+                ->openUrlInNewTab()
+                ->visible(fn () => $this->record->status === 'approved' && $this->record->business_type === 'buyer'),
+
             Actions\Action::make('approve_application')
                 ->label('Approve Application')
                 ->icon('heroicon-o-check-circle')

app/Filament/Resources/BusinessResource/Pages/ListBusinesses.php

@@ -5,6 +5,7 @@ namespace App\Filament\Resources\BusinessResource\Pages;
 use App\Filament\Resources\BusinessResource;
 use Filament\Actions\CreateAction;
 use Filament\Resources\Pages\ListRecords;
+use Illuminate\Database\Eloquent\Model;
 
 class ListBusinesses extends ListRecords
 {
@@ -24,4 +25,22 @@ class ListBusinesses extends ListRecords
             CreateAction::make(),
         ];
     }
+
+    /**
+     * Override URL generation to use business ID instead of slug.
+     *
+     * The Business model uses 'slug' as route key for public routes,
+     * but admin panel needs the primary key for reliable routing.
+     *
+     * @param  array<string, mixed>  $parameters
+     */
+    public function getResourceUrl(?string $name = null, array $parameters = [], bool $isAbsolute = true, ?string $panel = null, ?Model $tenant = null, bool $shouldGuessMissingParameters = true): string
+    {
+        // Convert Model to ID for the 'record' parameter
+        if (isset($parameters['record']) && $parameters['record'] instanceof Model) {
+            $parameters['record'] = $parameters['record']->getKey();
+        }
+
+        return parent::getResourceUrl($name, $parameters, $isAbsolute, $panel, $tenant, $shouldGuessMissingParameters);
+    }
 }

app/Filament/Resources/DatabaseBackupResource.php

@@ -116,8 +116,8 @@ class DatabaseBackupResource extends Resource
                     })
                     ->searchable(query: function ($query, $search) {
                         return $query->whereHas('creator', function ($q) use ($search) {
-                            $q->where('name', 'like', "%{$search}%")
-                                ->orWhere('email', 'like', "%{$search}%");
+                            $q->where('name', 'ilike', "%{$search}%")
+                                ->orWhere('email', 'ilike', "%{$search}%");
                         });
                     }),
 

app/Filament/Resources/LabResource.php

@@ -43,20 +43,25 @@ class LabResource extends Resource
 
         // Scope to user's business products and batches unless they're a super admin
         if (auth()->check() && ! auth()->user()->hasRole('Super Admin')) {
-            $businessId = auth()->user()->business_id;
+            $businessId = auth()->user()->primaryBusiness()?->id;
 
-            $query->where(function ($q) use ($businessId) {
-                // Include labs for products owned by this business
-                $q->whereHas('product', function ($productQuery) use ($businessId) {
-                    $productQuery->whereHas('brand', function ($brandQuery) use ($businessId) {
-                        $brandQuery->where('business_id', $businessId);
-                    });
-                })
-                // OR labs for batches owned by this business
-                    ->orWhereHas('batch', function ($batchQuery) use ($businessId) {
-                        $batchQuery->where('business_id', $businessId);
-                    });
-            });
+            if ($businessId) {
+                $query->where(function ($q) use ($businessId) {
+                    // Include labs for products owned by this business
+                    $q->whereHas('product', function ($productQuery) use ($businessId) {
+                        $productQuery->whereHas('brand', function ($brandQuery) use ($businessId) {
+                            $brandQuery->where('business_id', $businessId);
+                        });
+                    })
+                    // OR labs for batches owned by this business
+                        ->orWhereHas('batch', function ($batchQuery) use ($businessId) {
+                            $batchQuery->where('business_id', $businessId);
+                        });
+                });
+            } else {
+                // No business association - show nothing
+                $query->whereRaw('1 = 0');
+            }
         }
 
         return $query;

app/Filament/Resources/ProductResource/Tables/ProductsTable.php

@@ -25,7 +25,7 @@ class ProductsTable
                 ImageColumn::make('image_path')
                     ->label('Image')
                     ->circular()
-                    ->defaultImageUrl(url('/images/placeholder-product.png'))
+                    ->defaultImageUrl(\Storage::disk('minio')->url('defaults/placeholder-product.svg'))
                     ->toggleable(),
 
                 TextColumn::make('name')

app/Filament/Resources/UserResource.php

@@ -215,7 +215,7 @@ class UserResource extends Resource
                     })
                     ->searchable(query: function ($query, $search) {
                         return $query->whereHas('businesses', function ($q) use ($search) {
-                            $q->where('name', 'like', "%{$search}%");
+                            $q->where('name', 'ilike', "%{$search}%");
                         });
                     }),
                 TextColumn::make('status')

app/Filament/Widgets/OrchestratorOutcomesChart.php

@@ -55,6 +55,22 @@ class OrchestratorOutcomesChart extends ChartWidget
             ->pending()
             ->count();
 
+        // If all values are zero, show a placeholder to prevent empty doughnut rendering
+        $total = $completed + $dismissed + $snoozed + $pending;
+        if ($total === 0) {
+            return [
+                'datasets' => [
+                    [
+                        'label' => 'No Data',
+                        'data' => [1],
+                        'backgroundColor' => ['rgba(209, 213, 219, 0.5)'], // gray placeholder
+                        'borderWidth' => 0,
+                    ],
+                ],
+                'labels' => ['No tasks yet'],
+            ];
+        }
+
         return [
             'datasets' => [
                 [

app/Http/Controllers/Api/Accounting/ApVendorController.php

@@ -0,0 +1,207 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api\Accounting;
+
+use App\Http\Controllers\Controller;
+use App\Models\Accounting\ApVendor;
+use App\Models\Business;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Log;
+
+class ApVendorController extends Controller
+{
+    /**
+     * List vendors for a business.
+     *
+     * GET /api/{business}/ap/vendors
+     */
+    public function index(Request $request, Business $business): JsonResponse
+    {
+        $query = ApVendor::where('business_id', $business->id);
+
+        // Search
+        if ($request->filled('search')) {
+            $search = $request->search;
+            $query->where(function ($q) use ($search) {
+                $q->where('name', 'ilike', "%{$search}%")
+                    ->orWhere('code', 'ilike', "%{$search}%");
+            });
+        }
+
+        // Active filter
+        if ($request->has('active')) {
+            $query->where('is_active', $request->boolean('active'));
+        }
+
+        $vendors = $query->orderBy('name')->paginate($request->get('per_page', 50));
+
+        return response()->json([
+            'success' => true,
+            'data' => $vendors->items(),
+            'meta' => [
+                'current_page' => $vendors->currentPage(),
+                'last_page' => $vendors->lastPage(),
+                'per_page' => $vendors->perPage(),
+                'total' => $vendors->total(),
+            ],
+        ]);
+    }
+
+    /**
+     * Get a single vendor.
+     *
+     * GET /api/{business}/ap/vendors/{vendor}
+     */
+    public function show(Business $business, ApVendor $vendor): JsonResponse
+    {
+        if ($vendor->business_id !== $business->id) {
+            return response()->json([
+                'success' => false,
+                'message' => 'Vendor does not belong to this business.',
+            ], 403);
+        }
+
+        return response()->json([
+            'success' => true,
+            'data' => $vendor,
+        ]);
+    }
+
+    /**
+     * Create a new vendor.
+     *
+     * POST /api/{business}/ap/vendors
+     */
+    public function store(Request $request, Business $business): JsonResponse
+    {
+        try {
+            $validated = $request->validate([
+                'code' => 'nullable|string|max:50',
+                'name' => 'required|string|max:255',
+                'legal_name' => 'nullable|string|max:255',
+                'tax_id' => 'nullable|string|max:50',
+                'default_payment_terms' => 'nullable|integer|min:0',
+                'default_gl_account_id' => 'nullable|integer|exists:gl_accounts,id',
+                'contact_name' => 'nullable|string|max:255',
+                'contact_email' => 'nullable|email|max:255',
+                'contact_phone' => 'nullable|string|max:50',
+                'address_line1' => 'nullable|string|max:255',
+                'address_line2' => 'nullable|string|max:255',
+                'city' => 'nullable|string|max:100',
+                'state' => 'nullable|string|max:100',
+                'postal_code' => 'nullable|string|max:20',
+                'country' => 'nullable|string|max:100',
+                'is_1099' => 'boolean',
+                'notes' => 'nullable|string|max:1000',
+            ]);
+
+            // Generate code if not provided
+            if (empty($validated['code'])) {
+                $validated['code'] = $this->generateVendorCode($business->id, $validated['name']);
+            }
+
+            $vendor = ApVendor::create([
+                'business_id' => $business->id,
+                ...$validated,
+                'is_active' => true,
+            ]);
+
+            return response()->json([
+                'success' => true,
+                'message' => "Vendor {$vendor->name} created.",
+                'data' => $vendor,
+            ], 201);
+        } catch (\Exception $e) {
+            Log::error('Vendor creation failed', [
+                'business_id' => $business->id,
+                'error' => $e->getMessage(),
+            ]);
+
+            return response()->json([
+                'success' => false,
+                'message' => 'Failed to create vendor: '.$e->getMessage(),
+            ], 500);
+        }
+    }
+
+    /**
+     * Update a vendor.
+     *
+     * PUT /api/{business}/ap/vendors/{vendor}
+     */
+    public function update(Request $request, Business $business, ApVendor $vendor): JsonResponse
+    {
+        if ($vendor->business_id !== $business->id) {
+            return response()->json([
+                'success' => false,
+                'message' => 'Vendor does not belong to this business.',
+            ], 403);
+        }
+
+        try {
+            $validated = $request->validate([
+                'code' => 'nullable|string|max:50',
+                'name' => 'required|string|max:255',
+                'legal_name' => 'nullable|string|max:255',
+                'tax_id' => 'nullable|string|max:50',
+                'default_payment_terms' => 'nullable|integer|min:0',
+                'default_gl_account_id' => 'nullable|integer|exists:gl_accounts,id',
+                'contact_name' => 'nullable|string|max:255',
+                'contact_email' => 'nullable|email|max:255',
+                'contact_phone' => 'nullable|string|max:50',
+                'address_line1' => 'nullable|string|max:255',
+                'address_line2' => 'nullable|string|max:255',
+                'city' => 'nullable|string|max:100',
+                'state' => 'nullable|string|max:100',
+                'postal_code' => 'nullable|string|max:20',
+                'country' => 'nullable|string|max:100',
+                'is_1099' => 'boolean',
+                'is_active' => 'boolean',
+                'notes' => 'nullable|string|max:1000',
+            ]);
+
+            $vendor->update($validated);
+
+            return response()->json([
+                'success' => true,
+                'message' => "Vendor {$vendor->name} updated.",
+                'data' => $vendor->fresh(),
+            ]);
+        } catch (\Exception $e) {
+            Log::error('Vendor update failed', [
+                'vendor_id' => $vendor->id,
+                'error' => $e->getMessage(),
+            ]);
+
+            return response()->json([
+                'success' => false,
+                'message' => 'Failed to update vendor: '.$e->getMessage(),
+            ], 500);
+        }
+    }
+
+    /**
+     * Generate vendor code from name.
+     */
+    protected function generateVendorCode(int $businessId, string $name): string
+    {
+        $words = preg_split('/\s+/', strtoupper($name));
+        $prefix = '';
+        foreach ($words as $word) {
+            $prefix .= substr(preg_replace('/[^A-Z0-9]/', '', $word), 0, 3);
+            if (strlen($prefix) >= 6) {
+                break;
+            }
+        }
+        $prefix = substr($prefix, 0, 6);
+
+        $count = ApVendor::where('business_id', $businessId)
+            ->where('code', 'ilike', "{$prefix}%")
+            ->count();
+
+        return $count > 0 ? "{$prefix}-{$count}" : $prefix;
+    }
+}

app/Http/Controllers/Api/AgentStatusController.php

@@ -0,0 +1,103 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Events\CrmAgentStatusChanged;
+use App\Http\Controllers\Controller;
+use App\Models\AgentStatus;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Illuminate\Validation\Rule;
+
+class AgentStatusController extends Controller
+{
+    public function update(Request $request): JsonResponse
+    {
+        $validated = $request->validate([
+            'business_id' => 'required|integer|exists:businesses,id',
+            'status' => ['required', Rule::in(array_keys(AgentStatus::statuses()))],
+            'status_message' => 'nullable|string|max:100',
+        ]);
+
+        $user = $request->user();
+
+        // Verify user belongs to the business
+        if (! $user->businesses()->where('businesses.id', $validated['business_id'])->exists()) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        $agentStatus = AgentStatus::getOrCreate($user->id, $validated['business_id']);
+        $oldStatus = $agentStatus->status;
+        $agentStatus->setStatus($validated['status'], $validated['status_message'] ?? null);
+
+        // Broadcast status change if it changed
+        if ($oldStatus !== $validated['status']) {
+            broadcast(new CrmAgentStatusChanged($agentStatus->fresh()))->toOthers();
+        }
+
+        return response()->json([
+            'success' => true,
+            'status' => $agentStatus->status,
+            'status_label' => AgentStatus::statuses()[$agentStatus->status],
+        ]);
+    }
+
+    /**
+     * Heartbeat to maintain online status
+     */
+    public function heartbeat(Request $request): JsonResponse
+    {
+        $validated = $request->validate([
+            'business_id' => 'required|integer|exists:businesses,id',
+        ]);
+
+        $user = $request->user();
+
+        // Verify user belongs to the business
+        if (! $user->businesses()->where('businesses.id', $validated['business_id'])->exists()) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        $agentStatus = AgentStatus::where('user_id', $user->id)
+            ->where('business_id', $validated['business_id'])
+            ->first();
+
+        if ($agentStatus) {
+            $agentStatus->updateLastSeen();
+        }
+
+        return response()->json(['success' => true]);
+    }
+
+    /**
+     * Get team members' statuses for a business
+     */
+    public function team(Request $request): JsonResponse
+    {
+        $validated = $request->validate([
+            'business_id' => 'required|integer|exists:businesses,id',
+        ]);
+
+        $user = $request->user();
+
+        // Verify user belongs to the business
+        if (! $user->businesses()->where('businesses.id', $validated['business_id'])->exists()) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        $statuses = AgentStatus::where('business_id', $validated['business_id'])
+            ->where('status', '!=', AgentStatus::STATUS_OFFLINE)
+            ->where('last_seen_at', '>=', now()->subMinutes(5))
+            ->with('user:id,name')
+            ->get()
+            ->map(fn ($s) => [
+                'user_id' => $s->user_id,
+                'user_name' => $s->user?->name,
+                'status' => $s->status,
+                'status_message' => $s->status_message,
+                'last_seen_at' => $s->last_seen_at?->toIso8601String(),
+            ]);
+
+        return response()->json(['team' => $statuses]);
+    }
+}

app/Http/Controllers/Api/MarketplaceChatController.php

@@ -0,0 +1,247 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Http\Controllers\Controller;
+use App\Models\Business;
+use App\Models\Crm\CrmThread;
+use App\Services\MarketplaceChatService;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+
+class MarketplaceChatController extends Controller
+{
+    public function __construct(
+        protected MarketplaceChatService $chatService
+    ) {}
+
+    /**
+     * List threads for the current business
+     */
+    public function index(Request $request): JsonResponse
+    {
+        $user = $request->user();
+        $businessId = $request->input('business_id');
+
+        if (! $businessId) {
+            return response()->json(['error' => 'business_id is required'], 400);
+        }
+
+        $business = Business::find($businessId);
+
+        if (! $business || ! $user->businesses->contains('id', $businessId)) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        $threads = $this->chatService->getThreadsForUser($user, $business);
+
+        return response()->json([
+            'threads' => $threads->map(fn ($thread) => $this->formatThread($thread, $business)),
+        ]);
+    }
+
+    /**
+     * Get a single thread with messages
+     */
+    public function show(Request $request, CrmThread $thread): JsonResponse
+    {
+        $user = $request->user();
+
+        if (! $this->chatService->canAccessThread($thread, $user)) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        $beforeId = $request->input('before_id');
+        $limit = min($request->input('limit', 50), 100);
+
+        $messages = $this->chatService->getMessages($thread, $limit, $beforeId);
+
+        // Mark as read
+        $this->chatService->markAsRead($thread, $user);
+
+        $business = $user->primaryBusiness();
+
+        return response()->json([
+            'thread' => $this->formatThread($thread, $business),
+            'messages' => $messages->map(fn ($msg) => $this->formatMessage($msg)),
+            'has_more' => $messages->count() === $limit,
+        ]);
+    }
+
+    /**
+     * Create a new thread or get existing one
+     */
+    public function store(Request $request): JsonResponse
+    {
+        $validated = $request->validate([
+            'buyer_business_id' => 'required|integer|exists:businesses,id',
+            'seller_business_id' => 'required|integer|exists:businesses,id',
+            'order_id' => 'nullable|integer|exists:orders,id',
+            'initial_message' => 'nullable|string|max:5000',
+        ]);
+
+        $user = $request->user();
+        $userBusinessIds = $user->businesses->pluck('id')->toArray();
+
+        // Verify user belongs to one of the businesses
+        if (! in_array($validated['buyer_business_id'], $userBusinessIds)
+            && ! in_array($validated['seller_business_id'], $userBusinessIds)) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        $buyerBusiness = Business::findOrFail($validated['buyer_business_id']);
+        $sellerBusiness = Business::findOrFail($validated['seller_business_id']);
+        $order = isset($validated['order_id'])
+            ? \App\Models\Order::find($validated['order_id'])
+            : null;
+
+        $thread = $this->chatService->getOrCreateThread($buyerBusiness, $sellerBusiness, $order);
+
+        // Send initial message if provided
+        if (! empty($validated['initial_message'])) {
+            $this->chatService->sendMessage($thread, $user, $validated['initial_message']);
+        }
+
+        $business = $user->primaryBusiness();
+
+        return response()->json([
+            'thread' => $this->formatThread($thread->fresh(), $business),
+        ], 201);
+    }
+
+    /**
+     * Send a message in a thread
+     */
+    public function sendMessage(Request $request, CrmThread $thread): JsonResponse
+    {
+        $user = $request->user();
+
+        if (! $this->chatService->canAccessThread($thread, $user)) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        $validated = $request->validate([
+            'body' => 'required|string|max:5000',
+            'attachments' => 'nullable|array',
+            'attachments.*.url' => 'required_with:attachments|string',
+            'attachments.*.name' => 'required_with:attachments|string',
+            'attachments.*.type' => 'nullable|string',
+            'attachments.*.size' => 'nullable|integer',
+        ]);
+
+        $message = $this->chatService->sendMessage(
+            $thread,
+            $user,
+            $validated['body'],
+            $validated['attachments'] ?? []
+        );
+
+        return response()->json([
+            'message' => $this->formatMessage($message),
+        ], 201);
+    }
+
+    /**
+     * Mark thread as read
+     */
+    public function markAsRead(Request $request, CrmThread $thread): JsonResponse
+    {
+        $user = $request->user();
+
+        if (! $this->chatService->canAccessThread($thread, $user)) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        $this->chatService->markAsRead($thread, $user);
+
+        return response()->json(['success' => true]);
+    }
+
+    /**
+     * Get unread count for user
+     */
+    public function unreadCount(Request $request): JsonResponse
+    {
+        $user = $request->user();
+        $businessId = $request->input('business_id');
+
+        if (! $businessId) {
+            return response()->json(['error' => 'business_id is required'], 400);
+        }
+
+        $business = Business::find($businessId);
+
+        if (! $business || ! $user->businesses->contains('id', $businessId)) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        $count = $this->chatService->getUnreadCount($user, $business);
+
+        return response()->json(['unread_count' => $count]);
+    }
+
+    /**
+     * Format thread for JSON response
+     */
+    protected function formatThread(CrmThread $thread, ?Business $currentBusiness): array
+    {
+        $otherBusiness = $currentBusiness
+            ? $this->chatService->getOtherBusiness($thread, $currentBusiness)
+            : null;
+
+        $lastMessage = $thread->messages->first();
+
+        return [
+            'id' => $thread->id,
+            'subject' => $thread->subject,
+            'status' => $thread->status,
+            'buyer_business' => $thread->buyerBusiness ? [
+                'id' => $thread->buyerBusiness->id,
+                'name' => $thread->buyerBusiness->name,
+                'slug' => $thread->buyerBusiness->slug,
+            ] : null,
+            'seller_business' => $thread->sellerBusiness ? [
+                'id' => $thread->sellerBusiness->id,
+                'name' => $thread->sellerBusiness->name,
+                'slug' => $thread->sellerBusiness->slug,
+            ] : null,
+            'other_business' => $otherBusiness ? [
+                'id' => $otherBusiness->id,
+                'name' => $otherBusiness->name,
+                'slug' => $otherBusiness->slug,
+            ] : null,
+            'order' => $thread->order ? [
+                'id' => $thread->order->id,
+                'order_number' => $thread->order->order_number,
+            ] : null,
+            'last_message' => $lastMessage ? [
+                'body' => \Str::limit($lastMessage->body, 100),
+                'sender_name' => $lastMessage->sender
+                    ? trim($lastMessage->sender->first_name.' '.$lastMessage->sender->last_name)
+                    : 'Unknown',
+                'created_at' => $lastMessage->created_at->toIso8601String(),
+            ] : null,
+            'last_message_at' => $thread->last_message_at?->toIso8601String(),
+            'created_at' => $thread->created_at->toIso8601String(),
+        ];
+    }
+
+    /**
+     * Format message for JSON response
+     */
+    protected function formatMessage(mixed $message): array
+    {
+        return [
+            'id' => $message->id,
+            'thread_id' => $message->thread_id,
+            'body' => $message->body,
+            'sender_id' => $message->sender_id,
+            'sender_name' => $message->sender
+                ? trim($message->sender->first_name.' '.$message->sender->last_name)
+                : 'Unknown',
+            'direction' => $message->direction,
+            'attachments' => $message->attachments,
+            'created_at' => $message->created_at->toIso8601String(),
+        ];
+    }
+}

app/Http/Controllers/Api/PushSubscriptionController.php

@@ -0,0 +1,58 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+use NotificationChannels\WebPush\PushSubscription;
+
+class PushSubscriptionController extends Controller
+{
+    /**
+     * Store a new push subscription
+     */
+    public function store(Request $request)
+    {
+        $validated = $request->validate([
+            'endpoint' => 'required|url',
+            'keys.p256dh' => 'required|string',
+            'keys.auth' => 'required|string',
+        ]);
+
+        $user = $request->user();
+
+        // Delete existing subscription for this endpoint
+        PushSubscription::where('endpoint', $validated['endpoint'])->delete();
+
+        // Create new subscription
+        $subscription = $user->updatePushSubscription(
+            $validated['endpoint'],
+            $validated['keys']['p256dh'],
+            $validated['keys']['auth']
+        );
+
+        return response()->json([
+            'success' => true,
+            'message' => 'Push subscription saved',
+        ]);
+    }
+
+    /**
+     * Delete a push subscription
+     */
+    public function destroy(Request $request)
+    {
+        $validated = $request->validate([
+            'endpoint' => 'required|url',
+        ]);
+
+        PushSubscription::where('endpoint', $validated['endpoint'])
+            ->where('subscribable_id', $request->user()->id)
+            ->delete();
+
+        return response()->json([
+            'success' => true,
+            'message' => 'Push subscription removed',
+        ]);
+    }
+}

app/Http/Controllers/Buyer/Crm/BrandHubController.php

@@ -6,10 +6,10 @@ use App\Http\Controllers\Controller;
 use App\Models\Brand;
 use App\Models\Buyer\BuyerBrandFollow;
 use App\Models\Buyer\BuyerProductBookmark;
+use App\Models\Crm\CrmThread;
 use App\Models\Seller\BrandAnnouncement;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
-use Modules\Crm\Entities\CrmThread;
 
 class BrandHubController extends Controller
 {

app/Http/Controllers/Buyer/Crm/DashboardController.php

@@ -7,12 +7,12 @@ use App\Models\Buyer\BuyerAnalyticsCache;
 use App\Models\Buyer\BuyerBrandFollow;
 use App\Models\Buyer\BuyerQuoteApproval;
 use App\Models\Buyer\BuyerTask;
+use App\Models\Crm\CrmInvoice;
+use App\Models\Crm\CrmQuote;
+use App\Models\Crm\CrmThread;
 use App\Models\Order;
 use App\Models\Seller\BrandAnnouncement;
 use Illuminate\Support\Facades\Auth;
-use Modules\Crm\Entities\CrmInvoice;
-use Modules\Crm\Entities\CrmQuote;
-use Modules\Crm\Entities\CrmThread;
 
 class DashboardController extends Controller
 {

app/Http/Controllers/Buyer/Crm/InboxController.php

@@ -4,9 +4,9 @@ namespace App\Http\Controllers\Buyer\Crm;
 
 use App\Http\Controllers\Controller;
 use App\Models\Buyer\BuyerMessageSettings;
+use App\Models\Crm\CrmThread;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
-use Modules\Crm\Entities\CrmThread;
 
 class InboxController extends Controller
 {

app/Http/Controllers/Buyer/Crm/InvoiceController.php

@@ -5,9 +5,10 @@ namespace App\Http\Controllers\Buyer\Crm;
 use App\Http\Controllers\Controller;
 use App\Models\Buyer\BuyerInvoiceRecord;
 use App\Models\Buyer\BuyerSavedFilter;
+use App\Models\Crm\CrmInvoice;
+use App\Models\Crm\CrmThread;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
-use Modules\Crm\Entities\CrmInvoice;
 
 class InvoiceController extends Controller
 {
@@ -115,7 +116,7 @@ class InvoiceController extends Controller
         }
 
         // Get related thread if exists
-        $thread = \Modules\Crm\Entities\CrmThread::where('buyer_business_id', $business->id)
+        $thread = CrmThread::where('buyer_business_id', $business->id)
             ->where(function ($q) use ($invoice) {
                 $q->where('order_id', $invoice->order_id)
                     ->orWhere('subject', 'ilike', "%{$invoice->invoice_number}%");

app/Http/Controllers/Buyer/Crm/MessageController.php

@@ -3,10 +3,10 @@
 namespace App\Http\Controllers\Buyer\Crm;
 
 use App\Http\Controllers\Controller;
+use App\Models\Crm\CrmChannelMessage;
+use App\Models\Crm\CrmThread;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
-use Modules\Crm\Entities\CrmMessage;
-use Modules\Crm\Entities\CrmThread;
 
 class MessageController extends Controller
 {
@@ -64,7 +64,7 @@ class MessageController extends Controller
         return back()->with('success', 'Message sent.');
     }
 
-    public function destroy(CrmThread $thread, CrmMessage $message)
+    public function destroy(CrmThread $thread, CrmChannelMessage $message)
     {
         $business = Auth::user()->business;
         $user = Auth::user();
@@ -88,7 +88,7 @@ class MessageController extends Controller
         return back()->with('success', 'Message deleted.');
     }
 
-    public function react(Request $request, CrmThread $thread, CrmMessage $message)
+    public function react(Request $request, CrmThread $thread, CrmChannelMessage $message)
     {
         $business = Auth::user()->business;
         $user = Auth::user();

app/Http/Controllers/Buyer/Crm/OrderController.php

@@ -108,7 +108,7 @@ class OrderController extends Controller
         $deliveryEvents = BuyerDeliveryEvent::getTimelineForOrder($order->id);
 
         // Get related thread if exists
-        $thread = \Modules\Crm\Entities\CrmThread::where('order_id', $order->id)
+        $thread = \App\Models\Crm\CrmThread::where('order_id', $order->id)
             ->where('buyer_business_id', $business->id)
             ->first();
 

app/Http/Controllers/Buyer/Crm/QuoteController.php

@@ -6,9 +6,9 @@ use App\Http\Controllers\Controller;
 use App\Models\Buyer\BuyerQuoteApproval;
 use App\Models\Buyer\BuyerSavedFilter;
 use App\Models\Buyer\BuyerTeamMember;
+use App\Models\Crm\CrmQuote;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
-use Modules\Crm\Entities\CrmQuote;
 
 class QuoteController extends Controller
 {

app/Http/Controllers/CustomerController.php

@@ -9,12 +9,13 @@ class CustomerController extends Controller
     /**
      * Customers entry point - smart gateway to CRM Accounts.
      *
-     * If CRM is enabled: redirect to /s/{business}/crm/accounts
+     * If CRM is enabled (via Sales Suite or CRM feature): redirect to /s/{business}/crm/accounts
      * If CRM is disabled: show feature-disabled view
      */
     public function index(Business $business)
     {
-        if ($business->has_crm) {
+        // CRM is included in Sales Suite or can be enabled as standalone feature
+        if ($business->hasCrmAccess()) {
             return redirect()->route('seller.business.crm.accounts.index', $business);
         }
 
@@ -34,12 +35,13 @@ class CustomerController extends Controller
     /**
      * Individual customer view - redirect to CRM Account detail.
      *
-     * If CRM is enabled: redirect to the account detail page
+     * If CRM is enabled (via Sales Suite or CRM feature): redirect to the account detail page
      * If CRM is disabled: show feature-disabled view
      */
     public function show(Business $business, $customer)
     {
-        if ($business->has_crm) {
+        // CRM is included in Sales Suite or can be enabled as standalone feature
+        if ($business->hasCrmAccess()) {
             // Redirect to CRM Account detail - $customer is the account ID
             return redirect()->route('seller.business.crm.accounts.show', [$business, $customer]);
         }

app/Http/Controllers/MarketplaceController.php

@@ -22,9 +22,9 @@ class MarketplaceController extends Controller
         // Search filter (name, SKU, description)
         if ($search = $request->input('search')) {
             $query->where(function ($q) use ($search) {
-                $q->where('name', 'like', "%{$search}%")
-                    ->orWhere('sku', 'like', "%{$search}%")
-                    ->orWhere('description', 'like', "%{$search}%");
+                $q->where('name', 'ilike', "%{$search}%")
+                    ->orWhere('sku', 'ilike', "%{$search}%")
+                    ->orWhere('description', 'ilike', "%{$search}%");
             });
         }
 

app/Http/Controllers/OrderController.php

@@ -73,15 +73,27 @@ class OrderController extends Controller
         if ($request->filled('search')) {
             $search = $request->search;
             $query->where(function ($q) use ($search) {
-                $q->where('order_number', 'like', "%{$search}%")
+                $q->where('order_number', 'ILIKE', "%{$search}%")
                     ->orWhereHas('business', function ($q) use ($search) {
-                        $q->where('name', 'like', "%{$search}%");
+                        $q->where('name', 'ILIKE', "%{$search}%");
                     });
             });
         }
 
         $orders = $query->paginate(20)->withQueryString();
 
+        // Return JSON for AJAX/API requests (live search)
+        if ($request->wantsJson()) {
+            return response()->json([
+                'data' => $orders->map(fn ($o) => [
+                    'order_number' => $o->order_number,
+                    'name' => $o->order_number.' - '.$o->business->name,
+                    'customer' => $o->business->name,
+                    'status' => $o->status,
+                ])->values()->toArray(),
+            ]);
+        }
+
         return view('seller.orders.index', compact('orders', 'business'));
     }
 

app/Http/Controllers/Portal/CampaignController.php

@@ -0,0 +1,249 @@
+<?php
+
+namespace App\Http\Controllers\Portal;
+
+use App\Http\Controllers\Controller;
+use App\Jobs\SendMarketingCampaignJob;
+use App\Models\Branding\BusinessBrandingSetting;
+use App\Models\Business;
+use App\Models\Marketing\MarketingCampaign;
+use App\Models\Marketing\MarketingList;
+use App\Models\Marketing\MarketingPromo;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+
+class CampaignController extends Controller
+{
+    public function index(Request $request, Business $business)
+    {
+        $branding = BusinessBrandingSetting::forBusiness($business);
+
+        $campaigns = MarketingCampaign::where('business_id', $business->id)
+            ->with('list')
+            ->when($request->status, fn ($q, $status) => $q->where('status', $status))
+            ->when($request->channel, fn ($q, $channel) => $q->where('channel', $channel))
+            ->latest()
+            ->paginate(15);
+
+        $statuses = [
+            'draft' => 'Draft',
+            'scheduled' => 'Scheduled',
+            'sending' => 'Sending',
+            'sent' => 'Sent',
+            'completed' => 'Completed',
+            'cancelled' => 'Cancelled',
+            'failed' => 'Failed',
+        ];
+
+        $channels = MarketingCampaign::CHANNELS;
+
+        return view('portal.campaigns.index', compact(
+            'business',
+            'branding',
+            'campaigns',
+            'statuses',
+            'channels'
+        ));
+    }
+
+    public function create(Request $request, Business $business)
+    {
+        $branding = BusinessBrandingSetting::forBusiness($business);
+
+        // Get lists for this business
+        $lists = MarketingList::where('business_id', $business->id)
+            ->withCount('contacts')
+            ->orderBy('name')
+            ->get();
+
+        // Pre-populate from promo if provided
+        $promo = null;
+        if ($request->query('promo_id')) {
+            $promo = MarketingPromo::where('business_id', $business->id)
+                ->find($request->query('promo_id'));
+        }
+
+        // Pre-select channel if provided
+        $preselectedChannel = $request->query('channel', 'email');
+
+        $channels = MarketingCampaign::CHANNELS;
+
+        return view('portal.campaigns.create', compact(
+            'business',
+            'branding',
+            'lists',
+            'promo',
+            'preselectedChannel',
+            'channels'
+        ));
+    }
+
+    public function store(Request $request, Business $business)
+    {
+        $branding = BusinessBrandingSetting::forBusiness($business);
+
+        $validated = $request->validate([
+            'name' => 'required|string|max:255',
+            'channel' => 'required|in:email,sms',
+            'list_id' => 'required|exists:marketing_lists,id',
+            'subject' => 'required_if:channel,email|nullable|string|max:255',
+            'body' => 'required|string',
+            'send_at' => 'nullable|date|after:now',
+            'promo_id' => 'nullable|exists:marketing_promos,id',
+        ]);
+
+        // Verify list belongs to this business
+        $list = MarketingList::where('business_id', $business->id)
+            ->findOrFail($validated['list_id']);
+
+        // Build campaign data
+        $campaignData = [
+            'business_id' => $business->id,
+            'name' => $validated['name'],
+            'channel' => $validated['channel'],
+            'list_id' => $list->id,
+            'subject' => $validated['subject'] ?? null,
+            'body' => $validated['body'],
+            'status' => 'draft',
+            'created_by' => Auth::id(),
+            // Use branding defaults for from fields
+            'from_name' => $branding->effective_from_name,
+            'from_email' => $branding->effective_from_email,
+        ];
+
+        // Link to promo if provided
+        if (! empty($validated['promo_id'])) {
+            $promo = MarketingPromo::where('business_id', $business->id)
+                ->find($validated['promo_id']);
+
+            if ($promo) {
+                $campaignData['source_type'] = 'promo';
+                $campaignData['source_id'] = $promo->id;
+            }
+        }
+
+        // Set schedule if provided
+        if (! empty($validated['send_at'])) {
+            $campaignData['send_at'] = $validated['send_at'];
+            $campaignData['status'] = 'scheduled';
+        }
+
+        $campaign = MarketingCampaign::create($campaignData);
+
+        if ($campaign->status === 'scheduled') {
+            return redirect()
+                ->route('portal.campaigns.show', [$business->slug, $campaign])
+                ->with('success', 'Campaign scheduled successfully.');
+        }
+
+        return redirect()
+            ->route('portal.campaigns.show', [$business->slug, $campaign])
+            ->with('success', 'Campaign created as draft. Review and send when ready.');
+    }
+
+    public function show(Request $request, Business $business, MarketingCampaign $campaign)
+    {
+        // Ensure campaign belongs to this business
+        if ($campaign->business_id !== $business->id) {
+            abort(404);
+        }
+
+        $branding = BusinessBrandingSetting::forBusiness($business);
+        $campaign->load(['list', 'logs']);
+
+        // Get stats
+        $stats = [
+            'total_recipients' => $campaign->total_recipients,
+            'sent' => $campaign->total_sent,
+            'delivered' => $campaign->total_delivered,
+            'opened' => $campaign->total_opened,
+            'clicked' => $campaign->total_clicked,
+            'failed' => $campaign->total_failed,
+        ];
+
+        return view('portal.campaigns.show', compact(
+            'business',
+            'branding',
+            'campaign',
+            'stats'
+        ));
+    }
+
+    public function sendNow(Request $request, Business $business, MarketingCampaign $campaign)
+    {
+        // Ensure campaign belongs to this business
+        if ($campaign->business_id !== $business->id) {
+            abort(404);
+        }
+
+        if (! in_array($campaign->status, ['draft', 'scheduled'])) {
+            return back()->with('error', 'This campaign cannot be sent.');
+        }
+
+        // Count recipients
+        $recipientCount = $campaign->list?->contacts()->count() ?? 0;
+
+        if ($recipientCount === 0) {
+            return back()->with('error', 'No recipients in the selected list.');
+        }
+
+        // Update campaign
+        $campaign->update([
+            'status' => 'sending',
+            'total_recipients' => $recipientCount,
+            'sent_at' => now(),
+        ]);
+
+        // Dispatch job
+        SendMarketingCampaignJob::dispatch($campaign);
+
+        return redirect()
+            ->route('portal.campaigns.show', [$business->slug, $campaign])
+            ->with('success', "Campaign is now sending to {$recipientCount} recipients.");
+    }
+
+    public function schedule(Request $request, Business $business, MarketingCampaign $campaign)
+    {
+        // Ensure campaign belongs to this business
+        if ($campaign->business_id !== $business->id) {
+            abort(404);
+        }
+
+        if ($campaign->status !== 'draft') {
+            return back()->with('error', 'Only draft campaigns can be scheduled.');
+        }
+
+        $validated = $request->validate([
+            'send_at' => 'required|date|after:now',
+        ]);
+
+        $campaign->update([
+            'status' => 'scheduled',
+            'send_at' => $validated['send_at'],
+        ]);
+
+        return redirect()
+            ->route('portal.campaigns.show', [$business->slug, $campaign])
+            ->with('success', 'Campaign scheduled for '.$campaign->send_at->format('M j, Y g:i A'));
+    }
+
+    public function cancel(Request $request, Business $business, MarketingCampaign $campaign)
+    {
+        // Ensure campaign belongs to this business
+        if ($campaign->business_id !== $business->id) {
+            abort(404);
+        }
+
+        if (! in_array($campaign->status, ['draft', 'scheduled'])) {
+            return back()->with('error', 'This campaign cannot be cancelled.');
+        }
+
+        $campaign->update([
+            'status' => 'cancelled',
+        ]);
+
+        return redirect()
+            ->route('portal.campaigns.index', $business->slug)
+            ->with('success', 'Campaign cancelled.');
+    }
+}

app/Http/Controllers/Portal/DashboardController.php

@@ -0,0 +1,80 @@
+<?php
+
+namespace App\Http\Controllers\Portal;
+
+use App\Http\Controllers\Controller;
+use App\Models\Branding\BusinessBrandingSetting;
+use App\Models\Business;
+use App\Models\Marketing\MarketingCampaign;
+use App\Models\Marketing\MarketingPromo;
+use App\Services\Marketing\PromoRecommendationService;
+use Illuminate\Http\Request;
+
+class DashboardController extends Controller
+{
+    public function __construct(
+        protected PromoRecommendationService $promoService
+    ) {}
+
+    public function index(Request $request, Business $business)
+    {
+        $branding = BusinessBrandingSetting::forBusiness($business);
+
+        // Get recommended promos for this business
+        $recommendedPromos = collect();
+        try {
+            // Get store external IDs for this business if available
+            $storeExternalIds = $business->cannaiqStores()
+                ->pluck('external_id')
+                ->toArray();
+
+            if (! empty($storeExternalIds)) {
+                $recommendations = $this->promoService->getRecommendations(
+                    $business,
+                    $storeExternalIds[0] ?? null,
+                    limit: 5
+                );
+                $recommendedPromos = collect($recommendations['recommendations'] ?? []);
+            }
+        } catch (\Exception $e) {
+            // CannaiQ not configured or error - that's fine, show empty
+        }
+
+        // Get recent campaigns for this business
+        $recentCampaigns = MarketingCampaign::where('business_id', $business->id)
+            ->with('list')
+            ->latest()
+            ->limit(5)
+            ->get();
+
+        // Get active promos
+        $activePromos = MarketingPromo::forBusiness($business->id)
+            ->currentlyActive()
+            ->with('brand')
+            ->limit(5)
+            ->get();
+
+        // Get campaign stats
+        $campaignStats = [
+            'total' => MarketingCampaign::where('business_id', $business->id)->count(),
+            'sent' => MarketingCampaign::where('business_id', $business->id)
+                ->whereIn('status', ['sent', 'completed'])
+                ->count(),
+            'draft' => MarketingCampaign::where('business_id', $business->id)
+                ->where('status', 'draft')
+                ->count(),
+            'scheduled' => MarketingCampaign::where('business_id', $business->id)
+                ->where('status', 'scheduled')
+                ->count(),
+        ];
+
+        return view('portal.dashboard', compact(
+            'business',
+            'branding',
+            'recommendedPromos',
+            'recentCampaigns',
+            'activePromos',
+            'campaignStats'
+        ));
+    }
+}

app/Http/Controllers/Portal/ListController.php

@@ -0,0 +1,83 @@
+<?php
+
+namespace App\Http\Controllers\Portal;
+
+use App\Http\Controllers\Controller;
+use App\Models\Branding\BusinessBrandingSetting;
+use App\Models\Business;
+use App\Models\Marketing\MarketingList;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+
+class ListController extends Controller
+{
+    public function index(Request $request, Business $business)
+    {
+        $branding = BusinessBrandingSetting::forBusiness($business);
+
+        $lists = MarketingList::where('business_id', $business->id)
+            ->withCount('contacts')
+            ->orderBy('name')
+            ->paginate(15);
+
+        return view('portal.lists.index', compact(
+            'business',
+            'branding',
+            'lists'
+        ));
+    }
+
+    public function create(Request $request, Business $business)
+    {
+        $branding = BusinessBrandingSetting::forBusiness($business);
+        $types = MarketingList::getTypes();
+
+        return view('portal.lists.create', compact(
+            'business',
+            'branding',
+            'types'
+        ));
+    }
+
+    public function store(Request $request, Business $business)
+    {
+        $validated = $request->validate([
+            'name' => 'required|string|max:255',
+            'description' => 'nullable|string',
+            'type' => 'required|in:static,smart',
+        ]);
+
+        $list = MarketingList::create([
+            'business_id' => $business->id,
+            'name' => $validated['name'],
+            'description' => $validated['description'],
+            'type' => $validated['type'],
+            'created_by' => Auth::id(),
+        ]);
+
+        return redirect()
+            ->route('portal.lists.show', [$business->slug, $list])
+            ->with('success', 'List created successfully.');
+    }
+
+    public function show(Request $request, Business $business, MarketingList $list)
+    {
+        // Ensure list belongs to this business
+        if ($list->business_id !== $business->id) {
+            abort(404);
+        }
+
+        $branding = BusinessBrandingSetting::forBusiness($business);
+
+        $contacts = $list->contacts()
+            ->orderBy('created_at', 'desc')
+            ->paginate(25);
+
+        return view('portal.lists.show', compact(
+            'business',
+            'branding',
+            'list',
+            'contacts'
+        ));
+    }
+}

app/Http/Controllers/Portal/PromoController.php

@@ -0,0 +1,75 @@
+<?php
+
+namespace App\Http\Controllers\Portal;
+
+use App\Http\Controllers\Controller;
+use App\Models\Branding\BusinessBrandingSetting;
+use App\Models\Business;
+use App\Models\Marketing\MarketingPromo;
+use App\Services\Marketing\PromoRecommendationService;
+use Illuminate\Http\Request;
+
+class PromoController extends Controller
+{
+    public function __construct(
+        protected PromoRecommendationService $promoService
+    ) {}
+
+    public function index(Request $request, Business $business)
+    {
+        $branding = BusinessBrandingSetting::forBusiness($business);
+
+        // Get recommended promos from CannaiQ
+        $recommendedPromos = collect();
+        try {
+            $storeExternalIds = $business->cannaiqStores()
+                ->pluck('external_id')
+                ->toArray();
+
+            if (! empty($storeExternalIds)) {
+                $recommendations = $this->promoService->getRecommendations(
+                    $business,
+                    $storeExternalIds[0] ?? null,
+                    limit: 20
+                );
+                $recommendedPromos = collect($recommendations['recommendations'] ?? []);
+            }
+        } catch (\Exception $e) {
+            // CannaiQ not available
+        }
+
+        // Get existing promos for this business
+        $existingPromos = MarketingPromo::forBusiness($business->id)
+            ->with('brand')
+            ->when($request->status, fn ($q, $status) => $q->where('status', $status))
+            ->latest()
+            ->paginate(12);
+
+        $statuses = MarketingPromo::getStatuses();
+
+        return view('portal.promos.index', compact(
+            'business',
+            'branding',
+            'recommendedPromos',
+            'existingPromos',
+            'statuses'
+        ));
+    }
+
+    public function show(Request $request, Business $business, MarketingPromo $promo)
+    {
+        // Ensure promo belongs to this business
+        if ($promo->business_id !== $business->id) {
+            abort(404);
+        }
+
+        $branding = BusinessBrandingSetting::forBusiness($business);
+        $promo->load('brand');
+
+        return view('portal.promos.show', compact(
+            'business',
+            'branding',
+            'promo'
+        ));
+    }
+}

app/Http/Controllers/Seller/Accounting/DivisionAccountingController.php

@@ -0,0 +1,157 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Accounting;
+
+use App\Http\Controllers\Controller;
+use App\Models\Accounting\ApBill;
+use App\Models\Accounting\ApVendor;
+use App\Models\Accounting\ArInvoice;
+use App\Models\Business;
+use Illuminate\Http\Request;
+use Illuminate\View\View;
+
+/**
+ * Read-only accounting alias controllers for child businesses (divisions).
+ *
+ * Child businesses can view limited accounting data from their parent company.
+ * This provides visibility without granting write access to financial systems.
+ *
+ * Requirements:
+ * - Business must have parent_id (be a division)
+ * - User must have appropriate viewing permissions
+ */
+class DivisionAccountingController extends Controller
+{
+    /**
+     * Display vendor list (read-only from parent company).
+     *
+     * GET /s/{business}/accounting/vendors
+     */
+    public function vendorsIndex(Request $request, Business $business): View
+    {
+        $this->authorizeChildBusiness($business);
+
+        // Get parent's vendors
+        $parentId = $business->parent_id;
+
+        $query = ApVendor::where('business_id', $parentId)
+            ->where('is_active', true);
+
+        // Search filter
+        if ($search = $request->get('search')) {
+            $query->where(function ($q) use ($search) {
+                $q->where('name', 'ilike', "%{$search}%")
+                    ->orWhere('code', 'ilike', "%{$search}%")
+                    ->orWhere('email', 'ilike', "%{$search}%");
+            });
+        }
+
+        $vendors = $query->orderBy('name')->paginate(30)->withQueryString();
+
+        return view('seller.accounting.vendors.index', [
+            'business' => $business,
+            'vendors' => $vendors,
+            'filters' => $request->only(['search']),
+        ]);
+    }
+
+    /**
+     * Display AR snapshot (read-only summary for division).
+     *
+     * GET /s/{business}/accounting/ar-snapshot
+     */
+    public function arSnapshot(Request $request, Business $business): View
+    {
+        $this->authorizeChildBusiness($business);
+
+        $parentId = $business->parent_id;
+
+        // Get AR summary stats (scoped to this division's invoices if possible,
+        // otherwise show high-level parent metrics)
+        $stats = [
+            'total_outstanding' => ArInvoice::where('business_id', $business->id)
+                ->where('status', '!=', 'paid')
+                ->sum('balance_due'),
+            'overdue_count' => ArInvoice::where('business_id', $business->id)
+                ->where('status', '!=', 'paid')
+                ->where('due_date', '<', now())
+                ->count(),
+            'overdue_amount' => ArInvoice::where('business_id', $business->id)
+                ->where('status', '!=', 'paid')
+                ->where('due_date', '<', now())
+                ->sum('balance_due'),
+            'current_month_billed' => ArInvoice::where('business_id', $business->id)
+                ->whereMonth('invoice_date', now()->month)
+                ->whereYear('invoice_date', now()->year)
+                ->sum('total_amount'),
+        ];
+
+        // Recent invoices for this division
+        $recentInvoices = ArInvoice::where('business_id', $business->id)
+            ->with('customer')
+            ->orderByDesc('invoice_date')
+            ->limit(10)
+            ->get();
+
+        return view('seller.accounting.ar-snapshot', [
+            'business' => $business,
+            'stats' => $stats,
+            'recentInvoices' => $recentInvoices,
+        ]);
+    }
+
+    /**
+     * Display AP snapshot (read-only summary for division).
+     *
+     * GET /s/{business}/accounting/ap-snapshot
+     */
+    public function apSnapshot(Request $request, Business $business): View
+    {
+        $this->authorizeChildBusiness($business);
+
+        $parentId = $business->parent_id;
+
+        // Get AP summary stats scoped to this division's bills
+        $stats = [
+            'total_outstanding' => ApBill::where('business_id', $business->id)
+                ->whereIn('status', ['approved', 'partial'])
+                ->sum('balance_due'),
+            'overdue_count' => ApBill::where('business_id', $business->id)
+                ->whereIn('status', ['approved', 'partial'])
+                ->where('due_date', '<', now())
+                ->count(),
+            'overdue_amount' => ApBill::where('business_id', $business->id)
+                ->whereIn('status', ['approved', 'partial'])
+                ->where('due_date', '<', now())
+                ->sum('balance_due'),
+            'pending_approval' => ApBill::where('business_id', $business->id)
+                ->whereIn('status', ['draft', 'pending'])
+                ->count(),
+        ];
+
+        // Recent bills for this division
+        $recentBills = ApBill::where('business_id', $business->id)
+            ->with('vendor')
+            ->orderByDesc('bill_date')
+            ->limit(10)
+            ->get();
+
+        return view('seller.accounting.ap-snapshot', [
+            'business' => $business,
+            'stats' => $stats,
+            'recentBills' => $recentBills,
+        ]);
+    }
+
+    /**
+     * Ensure this is a child business with parent_id.
+     */
+    protected function authorizeChildBusiness(Business $business): void
+    {
+        if ($business->parent_id === null) {
+            abort(404, 'This feature is only available for division businesses.');
+        }
+    }
+}

app/Http/Controllers/Seller/BatchController.php

@@ -80,7 +80,7 @@ class BatchController extends Controller
             ->where('quantity_available', '>', 0)
             ->where('is_active', true)
             ->where('is_quarantined', false)
-            ->with('component')
+            ->with('product')
             ->orderBy('batch_number')
             ->get()
             ->map(function ($batch) {
@@ -102,17 +102,28 @@ class BatchController extends Controller
         $maxValue = ($request->cannabinoid_unit ?? '%') === '%' ? 100 : 1000;
 
         $validated = $request->validate([
-            'product_id' => 'required|exists:products,id',
+            // Accept either product_id or component_id (form sends component_id)
+            'product_id' => 'required_without:component_id|exists:products,id',
+            'component_id' => 'required_without:product_id|exists:products,id',
+            'batch_type' => 'nullable|string|in:component,homogenized',
             'cannabinoid_unit' => 'nullable|string|in:%,MG/ML,MG/G,MG/UNIT',
-            'batch_number' => 'nullable|string|max:100|unique:batches,batch_number',
-            'quantity_produced' => 'nullable|integer|min:0',
+            'batch_number' => 'required|string|max:100|unique:batches,batch_number',
+            'internal_code' => 'nullable|string|max:100',
+            // Accept either quantity_produced or quantity_total (form sends quantity_total)
+            'quantity_produced' => 'nullable|numeric|min:0',
+            'quantity_total' => 'nullable|numeric|min:0',
+            'quantity_remaining' => 'nullable|numeric|min:0',
+            'quantity_unit' => 'nullable|string|max:50',
             'quantity_allocated' => 'nullable|integer|min:0',
             'expiration_date' => 'nullable|date',
-            'is_active' => 'nullable|boolean',
+            'is_active' => 'nullable',
             'production_date' => 'nullable|date',
+            'harvest_date' => 'nullable|date',
+            'package_date' => 'nullable|date',
             'test_date' => 'nullable|date',
             'test_id' => 'nullable|string|max:100',
             'lot_number' => 'nullable|string|max:100',
+            'license_number' => 'nullable|string|max:255',
             'lab_name' => 'nullable|string|max:255',
             'thc_percentage' => "nullable|numeric|min:0|max:{$maxValue}",
             'thca_percentage' => "nullable|numeric|min:0|max:{$maxValue}",
@@ -126,10 +137,18 @@ class BatchController extends Controller
             'coa_files.*' => 'nullable|file|mimes:pdf,jpg,jpeg,png|max:10240', // 10MB max per file
         ]);
 
+        // Map component_id to product_id if provided
+        $productId = $validated['product_id'] ?? $validated['component_id'];
+
         // Verify product belongs to this business
         $product = Product::whereHas('brand', function ($query) use ($business) {
             $query->where('business_id', $business->id);
-        })->findOrFail($validated['product_id']);
+        })->findOrFail($productId);
+
+        // Map form fields to model fields
+        $validated['product_id'] = $productId;
+        $validated['quantity_produced'] = $validated['quantity_total'] ?? $validated['quantity_produced'] ?? 0;
+        $validated['quantity_available'] = $validated['quantity_remaining'] ?? $validated['quantity_produced'];
 
         // Set business_id and defaults
         $validated['business_id'] = $business->id;

app/Http/Controllers/Seller/BrandManagerSettingsController.php

@@ -29,9 +29,9 @@ class BrandManagerSettingsController extends Controller
         if ($request->filled('search')) {
             $search = $request->search;
             $query->where(function ($q) use ($search) {
-                $q->where('first_name', 'like', "%{$search}%")
-                    ->orWhere('last_name', 'like', "%{$search}%")
-                    ->orWhere('email', 'like', "%{$search}%");
+                $q->where('first_name', 'ilike', "%{$search}%")
+                    ->orWhere('last_name', 'ilike', "%{$search}%")
+                    ->orWhere('email', 'ilike', "%{$search}%");
             });
         }
 

app/Http/Controllers/Seller/BrandPortalController.php

@@ -14,8 +14,12 @@ use Illuminate\Support\Facades\Auth;
 /**
  * Brand Portal Controller
  *
- * Handles all Brand Portal functionality for external brand partners.
- * Brand Portal users have read-only access to data scoped to their linked brands.
+ * Handles all Brand Portal functionality for external brand partners and brand managers.
+ * Both user types have read-only access to data scoped to their linked brands.
+ *
+ * Supported access modes:
+ * - Brand Portal users (in "Brand Partner" department with linked brands)
+ * - Brand Manager users (contact_type = 'brand_manager' with linked brands)
  *
  * Key constraints:
  * - All data is scoped to the user's linked brands (via brand_user pivot)
@@ -25,6 +29,26 @@ use Illuminate\Support\Facades\Auth;
  */
 class BrandPortalController extends Controller
 {
+    /**
+     * Check if user has brand access (Portal or Manager) and get their brand IDs.
+     */
+    protected function validateAccessAndGetBrandIds(Business $business): array
+    {
+        $user = Auth::user();
+
+        // Check for Brand Portal access
+        if ($user->isBrandPortalUser($business)) {
+            return $user->getBrandIdsForPortal($business);
+        }
+
+        // Check for Brand Manager access
+        if ($user->isBrandManagerUser($business)) {
+            return $user->getBrandIdsForManager($business);
+        }
+
+        abort(403, 'Access denied. Brand Portal or Brand Manager access required.');
+    }
+
     /**
      * Brand Portal Dashboard - Brand Overview.
      *
@@ -36,14 +60,7 @@ class BrandPortalController extends Controller
      */
     public function dashboard(Business $business)
     {
-        $user = Auth::user();
-
-        // Ensure user is in Brand Portal mode
-        if (! $user->isBrandPortalUser($business)) {
-            abort(403, 'Access denied. Brand Portal access required.');
-        }
-
-        $brandIds = $user->getBrandIdsForPortal($business);
+        $brandIds = $this->validateAccessAndGetBrandIds($business);
         $brands = Brand::whereIn('id', $brandIds)->get();
 
         // Summary stats
@@ -90,13 +107,7 @@ class BrandPortalController extends Controller
      */
     public function orders(Request $request, Business $business)
     {
-        $user = Auth::user();
-
-        if (! $user->isBrandPortalUser($business)) {
-            abort(403, 'Access denied. Brand Portal access required.');
-        }
-
-        $brandIds = $user->getBrandIdsForPortal($business);
+        $brandIds = $this->validateAccessAndGetBrandIds($business);
         $brands = Brand::whereIn('id', $brandIds)->get();
 
         // Filter by brand if specified
@@ -135,13 +146,7 @@ class BrandPortalController extends Controller
      */
     public function accounts(Request $request, Business $business)
     {
-        $user = Auth::user();
-
-        if (! $user->isBrandPortalUser($business)) {
-            abort(403, 'Access denied. Brand Portal access required.');
-        }
-
-        $brandIds = $user->getBrandIdsForPortal($business);
+        $brandIds = $this->validateAccessAndGetBrandIds($business);
         $brands = Brand::whereIn('id', $brandIds)->get();
 
         // Get businesses that have ordered products from linked brands
@@ -177,13 +182,7 @@ class BrandPortalController extends Controller
      */
     public function inventory(Request $request, Business $business)
     {
-        $user = Auth::user();
-
-        if (! $user->isBrandPortalUser($business)) {
-            abort(403, 'Access denied. Brand Portal access required.');
-        }
-
-        $brandIds = $user->getBrandIdsForPortal($business);
+        $brandIds = $this->validateAccessAndGetBrandIds($business);
         $brands = Brand::whereIn('id', $brandIds)->get();
 
         // Filter by brand if specified
@@ -233,13 +232,7 @@ class BrandPortalController extends Controller
      */
     public function promotions(Request $request, Business $business)
     {
-        $user = Auth::user();
-
-        if (! $user->isBrandPortalUser($business)) {
-            abort(403, 'Access denied. Brand Portal access required.');
-        }
-
-        $brandIds = $user->getBrandIdsForPortal($business);
+        $brandIds = $this->validateAccessAndGetBrandIds($business);
         $brands = Brand::whereIn('id', $brandIds)->get();
 
         // Filter by brand if specified
@@ -280,13 +273,7 @@ class BrandPortalController extends Controller
      */
     public function inbox(Request $request, Business $business)
     {
-        $user = Auth::user();
-
-        if (! $user->isBrandPortalUser($business)) {
-            abort(403, 'Access denied. Brand Portal access required.');
-        }
-
-        $brandIds = $user->getBrandIdsForPortal($business);
+        $brandIds = $this->validateAccessAndGetBrandIds($business);
         $brands = Brand::whereIn('id', $brandIds)->get();
 
         // For inbox, we show conversations but in a limited Brand Portal context
@@ -305,13 +292,7 @@ class BrandPortalController extends Controller
      */
     public function contacts(Request $request, Business $business)
     {
-        $user = Auth::user();
-
-        if (! $user->isBrandPortalUser($business)) {
-            abort(403, 'Access denied. Brand Portal access required.');
-        }
-
-        $brandIds = $user->getBrandIdsForPortal($business);
+        $brandIds = $this->validateAccessAndGetBrandIds($business);
         $brands = Brand::whereIn('id', $brandIds)->get();
 
         // For contacts, show in Brand Portal context
@@ -326,13 +307,7 @@ class BrandPortalController extends Controller
      */
     public function showOrder(Business $business, Order $order)
     {
-        $user = Auth::user();
-
-        if (! $user->isBrandPortalUser($business)) {
-            abort(403, 'Access denied. Brand Portal access required.');
-        }
-
-        $brandIds = $user->getBrandIdsForPortal($business);
+        $brandIds = $this->validateAccessAndGetBrandIds($business);
 
         // Verify order contains products from user's linked brands
         $hasLinkedBrandProducts = $order->items()
@@ -364,13 +339,7 @@ class BrandPortalController extends Controller
      */
     public function showProduct(Business $business, Product $product)
     {
-        $user = Auth::user();
-
-        if (! $user->isBrandPortalUser($business)) {
-            abort(403, 'Access denied. Brand Portal access required.');
-        }
-
-        $brandIds = $user->getBrandIdsForPortal($business);
+        $brandIds = $this->validateAccessAndGetBrandIds($business);
 
         // Verify product belongs to user's linked brands
         if (! in_array($product->brand_id, $brandIds)) {

app/Http/Controllers/Seller/BrandStoresController.php

@@ -0,0 +1,556 @@
+<?php
+
+namespace App\Http\Controllers\Seller;
+
+use App\Http\Controllers\Controller;
+use App\Models\Brand;
+use App\Models\Business;
+use App\Models\Order;
+use App\Models\OrderItem;
+use App\Services\Cannaiq\CannaiqClient;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Log;
+
+class BrandStoresController extends Controller
+{
+    protected CannaiqClient $cannaiq;
+
+    public function __construct(CannaiqClient $cannaiq)
+    {
+        $this->cannaiq = $cannaiq;
+    }
+
+    /**
+     * Page 1: Stores Dashboard - List of stores (buyer businesses) for a brand
+     */
+    public function index(Request $request, Business $business, Brand $brand)
+    {
+        $this->authorize('view', [$brand, $business]);
+
+        // Cache dashboard data for 15 minutes
+        $cacheKey = "brand:{$brand->id}:stores:dashboard";
+        $dashboardData = Cache::remember($cacheKey, 900, fn () => $this->calculateStoresDashboardData($brand, $business));
+
+        // Fetch and merge CannaiQ data (cached separately for 10 minutes)
+        $cannaiqCacheKey = "brand:{$brand->id}:cannaiq:stores";
+        $cannaiqData = Cache::remember($cannaiqCacheKey, 600, fn () => $this->fetchCannaiqStoreMetrics($brand));
+
+        // Merge CannaiQ data into store rows
+        $stores = $this->mergeCannaiqData($dashboardData['stores'], $cannaiqData);
+
+        return view('seller.brands.stores.index', [
+            'business' => $business,
+            'brand' => $brand,
+            'stores' => $stores,
+            'kpis' => $dashboardData['kpis'],
+        ]);
+    }
+
+    /**
+     * Page 2: Order Management - SKU-level view for one store
+     */
+    public function show(Request $request, Business $business, Brand $brand, Business $retailStore)
+    {
+        $this->authorize('view', [$brand, $business]);
+
+        // Get all stores for the dropdown switcher
+        $dashboardCacheKey = "brand:{$brand->id}:stores:dashboard";
+        $dashboardData = Cache::remember($dashboardCacheKey, 900, fn () => $this->calculateStoresDashboardData($brand, $business));
+
+        // Cache store detail data for 10 minutes
+        $cacheKey = "brand:{$brand->id}:store:{$retailStore->id}:detail";
+        $storeData = Cache::remember($cacheKey, 600, fn () => $this->calculateStoreDetailData($brand, $business, $retailStore));
+
+        return view('seller.brands.stores.show', [
+            'business' => $business,
+            'brand' => $brand,
+            'store' => $retailStore,
+            'stores' => $dashboardData['stores'],
+            'products' => $storeData['products'],
+            'kpis' => $storeData['kpis'],
+        ]);
+    }
+
+    /**
+     * Page 3: Order Management - Store-level summary with enhanced columns
+     * Shows all stores for a brand with CannaiQ metrics when available
+     */
+    public function orders(Request $request, Business $business, Brand $brand)
+    {
+        $this->authorize('view', [$brand, $business]);
+
+        // Cache dashboard data for 15 minutes
+        $cacheKey = "brand:{$brand->id}:orders:dashboard";
+        $dashboardData = Cache::remember($cacheKey, 900, fn () => $this->calculateOrdersDashboardData($brand, $business));
+
+        // Fetch and merge CannaiQ data (cached separately for 10 minutes)
+        $cannaiqCacheKey = "brand:{$brand->id}:cannaiq:stores";
+        $cannaiqData = Cache::remember($cannaiqCacheKey, 600, fn () => $this->fetchCannaiqStoreMetrics($brand));
+
+        // Merge CannaiQ data into store rows
+        $stores = $this->mergeCannaiqData($dashboardData['stores'], $cannaiqData);
+
+        // Get all brands for the brand switcher dropdown
+        $brands = Brand::where(function ($query) use ($business) {
+            $query->where('business_id', $business->id);
+            if ($business->parent_id) {
+                $query->orWhere('business_id', $business->parent_id);
+            }
+        })
+            ->where('is_active', true)
+            ->orderBy('name')
+            ->get()
+            ->map(fn ($b) => [
+                'hashid' => $b->hashid,
+                'name' => $b->name,
+                'orders_url' => route('seller.business.brands.orders', [$business->slug, $b->hashid]),
+            ]);
+
+        return view('seller.brands.stores.orders', [
+            'business' => $business,
+            'brand' => $brand,
+            'brands' => $brands,
+            'stores' => $stores,
+            'kpis' => $dashboardData['kpis'],
+        ]);
+    }
+
+    /**
+     * Calculate order management dashboard data (store-level with enhanced metrics)
+     */
+    private function calculateOrdersDashboardData(Brand $brand, Business $business): array
+    {
+        $fourWeeksAgo = now()->subWeeks(4);
+
+        // Get all product IDs for this brand
+        $brandProductIds = $brand->products()->pluck('id');
+
+        if ($brandProductIds->isEmpty()) {
+            return [
+                'stores' => collect(),
+                'kpis' => [
+                    'total_sales_4wk' => 0,
+                    'total_oos' => 0,
+                    'potential_sales' => 0,
+                    'store_count' => 0,
+                ],
+            ];
+        }
+
+        // Single aggregation query for store-level sales (4 weeks)
+        $storesSales = OrderItem::whereIn('product_id', $brandProductIds)
+            ->join('orders', 'order_items.order_id', '=', 'orders.id')
+            ->where('orders.created_at', '>=', $fourWeeksAgo)
+            ->whereNotIn('orders.status', ['cancelled', 'rejected'])
+            ->select([
+                'orders.business_id as store_id',
+                DB::raw('SUM(order_items.line_total) as total_sales'),
+                DB::raw('SUM(order_items.quantity) as total_units'),
+                DB::raw('COUNT(DISTINCT orders.id) as order_count'),
+                DB::raw('COUNT(DISTINCT order_items.product_id) as active_skus'),
+            ])
+            ->groupBy('orders.business_id')
+            ->get()
+            ->keyBy('store_id');
+
+        if ($storesSales->isEmpty()) {
+            return [
+                'stores' => collect(),
+                'kpis' => [
+                    'total_sales_4wk' => 0,
+                    'total_oos' => 0,
+                    'potential_sales' => 0,
+                    'store_count' => 0,
+                ],
+            ];
+        }
+
+        // Load store businesses
+        $storeIds = $storesSales->keys();
+        $stores = Business::whereIn('id', $storeIds)
+            ->get()
+            ->keyBy('id');
+
+        // Calculate metrics
+        $daysPeriod = 28; // 4 weeks
+        $totalSkusAvailable = $brand->products()->where('is_active', true)->count();
+        $avgPrice = $brand->products()->avg('wholesale_price') ?? 0; // Calculate once outside loop
+
+        // Build store rows with enhanced columns
+        $storeRows = $storesSales->map(function ($sales, $storeId) use ($stores, $daysPeriod, $totalSkusAvailable, $avgPrice) {
+            $store = $stores->get($storeId);
+            if (! $store) {
+                return null;
+            }
+
+            $activeSkus = $sales->active_skus;
+            $oosSkus = max(0, $totalSkusAvailable - $activeSkus);
+            $oosPercent = $totalSkusAvailable > 0 ? round(($oosSkus / $totalSkusAvailable) * 100, 0) : 0;
+            $avgDailyUnits = $daysPeriod > 0 ? round($sales->total_units / $daysPeriod, 1) : 0;
+
+            // Calculate lost opportunity (simplified)
+            $lostOpportunity = $oosSkus * $avgPrice * 7;
+
+            return [
+                'id' => $store->id,
+                'slug' => $store->slug,
+                'name' => $store->name,
+                'address' => $this->formatStoreAddress($store),
+                'business_type' => $store->business_type,
+                'tags' => [], // CannaiQ: will provide "must_win" etc.
+                'active_skus' => $activeSkus,
+                'oos_skus' => $oosSkus,
+                'oos_percent' => $oosPercent,
+                'avg_daily_units' => $avgDailyUnits,
+                'avg_days_on_hand' => null, // CannaiQ
+                'total_sales' => round($sales->total_sales, 2),
+                'avg_margin_3mo' => null, // CannaiQ
+                'lost_opportunity' => round($lostOpportunity, 2),
+                'categories' => null, // CannaiQ: category breakdown for mini charts
+                'order_count' => $sales->order_count,
+            ];
+        })->filter()->sortByDesc('total_sales')->values();
+
+        // Calculate summary KPIs
+        $kpis = [
+            'total_sales_4wk' => $storeRows->sum('total_sales'),
+            'total_oos' => $storeRows->sum('oos_skus'),
+            'potential_sales' => $storeRows->sum('lost_opportunity'),
+            'store_count' => $storeRows->count(),
+        ];
+
+        return [
+            'stores' => $storeRows,
+            'kpis' => $kpis,
+        ];
+    }
+
+    /**
+     * Calculate aggregated stores dashboard data
+     */
+    private function calculateStoresDashboardData(Brand $brand, Business $business): array
+    {
+        $fourWeeksAgo = now()->subWeeks(4);
+
+        // Get all product IDs for this brand
+        $brandProductIds = $brand->products()->pluck('id');
+
+        if ($brandProductIds->isEmpty()) {
+            return [
+                'stores' => collect(),
+                'kpis' => [
+                    'total_sales_4wk' => 0,
+                    'total_oos' => 0,
+                    'potential_sales' => 0,
+                    'store_count' => 0,
+                ],
+            ];
+        }
+
+        // Single aggregation query for store-level sales (4 weeks)
+        $storesSales = OrderItem::whereIn('product_id', $brandProductIds)
+            ->join('orders', 'order_items.order_id', '=', 'orders.id')
+            ->where('orders.created_at', '>=', $fourWeeksAgo)
+            ->whereNotIn('orders.status', ['cancelled', 'rejected'])
+            ->select([
+                'orders.business_id as store_id',
+                DB::raw('SUM(order_items.line_total) as total_sales'),
+                DB::raw('SUM(order_items.quantity) as total_units'),
+                DB::raw('COUNT(DISTINCT orders.id) as order_count'),
+                DB::raw('COUNT(DISTINCT order_items.product_id) as active_skus'),
+            ])
+            ->groupBy('orders.business_id')
+            ->get()
+            ->keyBy('store_id');
+
+        if ($storesSales->isEmpty()) {
+            return [
+                'stores' => collect(),
+                'kpis' => [
+                    'total_sales_4wk' => 0,
+                    'total_oos' => 0,
+                    'potential_sales' => 0,
+                    'store_count' => 0,
+                ],
+            ];
+        }
+
+        // Load store businesses
+        $storeIds = $storesSales->keys();
+        $stores = Business::whereIn('id', $storeIds)
+            ->get()
+            ->keyBy('id');
+
+        // Calculate metrics
+        $daysPeriod = 28; // 4 weeks
+        $totalSkusAvailable = $brand->products()->where('is_active', true)->count();
+        $avgPrice = $brand->products()->avg('wholesale_price') ?? 0; // Calculate once outside loop
+
+        // Build store rows
+        $storeRows = $storesSales->map(function ($sales, $storeId) use ($stores, $daysPeriod, $totalSkusAvailable, $avgPrice) {
+            $store = $stores->get($storeId);
+            if (! $store) {
+                return null;
+            }
+
+            $activeSkus = $sales->active_skus;
+            $oosSkus = max(0, $totalSkusAvailable - $activeSkus); // Products not ordered = potentially OOS
+            $oosPercent = $totalSkusAvailable > 0 ? round(($oosSkus / $totalSkusAvailable) * 100, 1) : 0;
+            $avgDailyUnits = $daysPeriod > 0 ? round($sales->total_units / $daysPeriod, 1) : 0;
+
+            // Calculate lost opportunity (simplified: OOS SKUs * avg price * estimated days)
+            $lostOpportunity = $oosSkus * $avgPrice * 7; // 7 days estimated
+
+            return [
+                'id' => $store->id,
+                'slug' => $store->slug,
+                'name' => $store->name,
+                'address' => $this->formatStoreAddress($store),
+                'business_type' => $store->business_type,
+                'active_skus' => $activeSkus,
+                'oos_skus' => $oosSkus,
+                'oos_percent' => $oosPercent,
+                'avg_daily_units' => $avgDailyUnits,
+                'avg_days_on_hand' => null, // Requires CannaiQ data
+                'total_sales' => round($sales->total_sales, 2),
+                'avg_margin' => null, // Requires CannaiQ data
+                'lost_opportunity' => round($lostOpportunity, 2),
+                'order_count' => $sales->order_count,
+            ];
+        })->filter()->sortByDesc('total_sales')->values();
+
+        // Calculate summary KPIs
+        $kpis = [
+            'total_sales_4wk' => $storeRows->sum('total_sales'),
+            'total_oos' => $storeRows->sum('oos_skus'),
+            'potential_sales' => $storeRows->sum('lost_opportunity'),
+            'store_count' => $storeRows->count(),
+        ];
+
+        return [
+            'stores' => $storeRows,
+            'kpis' => $kpis,
+        ];
+    }
+
+    /**
+     * Calculate store detail data (SKU-level)
+     */
+    private function calculateStoreDetailData(Brand $brand, Business $business, Business $store): array
+    {
+        $fourWeeksAgo = now()->subWeeks(4);
+
+        // Get all active products for this brand
+        $brandProducts = $brand->products()
+            ->where('is_active', true)
+            ->get();
+
+        if ($brandProducts->isEmpty()) {
+            return [
+                'products' => collect(),
+                'kpis' => [
+                    'total_sales' => 0,
+                    'total_units' => 0,
+                    'oos_count' => 0,
+                    'low_stock_count' => 0,
+                    'total_lost_opportunity' => 0,
+                ],
+            ];
+        }
+
+        // Get sales per product for this store
+        $productSales = OrderItem::whereIn('product_id', $brandProducts->pluck('id'))
+            ->join('orders', 'order_items.order_id', '=', 'orders.id')
+            ->where('orders.business_id', $store->id)
+            ->where('orders.created_at', '>=', $fourWeeksAgo)
+            ->whereNotIn('orders.status', ['cancelled', 'rejected'])
+            ->select([
+                'order_items.product_id',
+                DB::raw('SUM(order_items.line_total) as total_sales'),
+                DB::raw('SUM(order_items.quantity) as total_units'),
+            ])
+            ->groupBy('order_items.product_id')
+            ->get()
+            ->keyBy('product_id');
+
+        $daysPeriod = 28;
+
+        // Build product rows
+        $productRows = $brandProducts->map(function ($product) use ($productSales, $daysPeriod, $store, $brand) {
+            $sales = $productSales->get($product->id);
+
+            $totalUnits = $sales->total_units ?? 0;
+            $totalSales = $sales->total_sales ?? 0;
+            $avgDailyUnits = $daysPeriod > 0 ? round($totalUnits / $daysPeriod, 2) : 0;
+
+            // Determine stock status based on recent orders
+            // No orders in 4 weeks = likely OOS
+            $stockStatus = 'in_stock';
+            $daysSinceOos = null;
+
+            if (! $sales || $totalUnits === 0) {
+                $stockStatus = 'oos';
+                $daysSinceOos = 28; // Assume OOS for full period if no orders
+            }
+
+            // Calculate lost opportunity
+            $lostOpportunity = 0;
+            if ($stockStatus === 'oos' && $avgDailyUnits > 0) {
+                $unitPrice = $product->wholesale_price ?? 0;
+                $lostOpportunity = $avgDailyUnits * ($daysSinceOos ?? 7) * $unitPrice;
+            }
+
+            // Calculate units to order (target 14 days of stock)
+            $unitsToOrder = null;
+            if ($avgDailyUnits > 0) {
+                $unitsToOrder = (int) ceil($avgDailyUnits * 14);
+            }
+
+            return [
+                'id' => $product->id,
+                'hashid' => $product->hashid,
+                'name' => $product->name,
+                'sku' => $product->sku,
+                'brand_name' => $brand->name,
+                'dispensary_name' => $store->name,
+                'vendor' => $brand->business?->name ?? '-',
+                'total_sales' => round($totalSales, 2),
+                'total_units' => $totalUnits,
+                'avg_daily_units' => $avgDailyUnits,
+                'margin_dollars' => null, // Requires CannaiQ data
+                'margin_percent' => null, // Requires CannaiQ data
+                'stock_level' => null, // Requires CannaiQ data
+                'days_of_stock' => null, // Requires CannaiQ data
+                'days_since_oos' => $daysSinceOos,
+                'lost_opportunity' => round($lostOpportunity, 2),
+                'units_to_order' => $unitsToOrder,
+                'price' => $product->wholesale_price,
+                'discount' => null, // Requires CannaiQ data
+                'measure' => $product->weight_display ?? $product->weight_unit ?? 'unit',
+                'stock_status' => $stockStatus,
+                'image_url' => $product->getImageUrl('thumb'),
+            ];
+        })->sortByDesc('total_sales')->values();
+
+        // Calculate KPIs
+        $kpis = [
+            'total_sales' => $productRows->sum('total_sales'),
+            'total_units' => $productRows->sum('total_units'),
+            'oos_count' => $productRows->where('stock_status', 'oos')->count(),
+            'low_stock_count' => $productRows->where('stock_status', 'low')->count(),
+            'total_lost_opportunity' => $productRows->sum('lost_opportunity'),
+        ];
+
+        return [
+            'products' => $productRows,
+            'kpis' => $kpis,
+        ];
+    }
+
+    /**
+     * Format store address for display
+     */
+    private function formatStoreAddress(Business $store): string
+    {
+        $parts = array_filter([
+            $store->address,
+            $store->city,
+            $store->state,
+        ]);
+
+        return implode(', ', $parts) ?: 'No address';
+    }
+
+    /**
+     * Fetch CannaiQ store metrics for a brand
+     */
+    private function fetchCannaiqStoreMetrics(Brand $brand): array
+    {
+        try {
+            // Use brand slug or name for CannaiQ lookup
+            $brandSlug = $brand->slug ?? $brand->name;
+
+            // Fetch aggregated store metrics from CannaiQ
+            $response = $this->cannaiq->getBrandStoreMetrics($brandSlug);
+
+            if (isset($response['error'])) {
+                Log::warning('CannaiQ: Failed to fetch store metrics for brand', [
+                    'brand' => $brandSlug,
+                    'error' => $response['message'] ?? 'Unknown error',
+                ]);
+
+                return [];
+            }
+
+            return $response['stores'] ?? [];
+        } catch (\Exception $e) {
+            Log::error('CannaiQ: Exception fetching store metrics', [
+                'brand' => $brand->slug,
+                'error' => $e->getMessage(),
+            ]);
+
+            return [];
+        }
+    }
+
+    /**
+     * Merge CannaiQ data into internal store rows
+     * Matches stores by name (fuzzy) or cannaiq_store_id if available
+     */
+    private function mergeCannaiqData($stores, array $cannaiqData): \Illuminate\Support\Collection
+    {
+        if (empty($cannaiqData)) {
+            return $stores;
+        }
+
+        // Index CannaiQ data by normalized store name for fuzzy matching
+        $cannaiqByName = [];
+        foreach ($cannaiqData as $storeId => $data) {
+            $normalizedName = $this->normalizeStoreName($data['name'] ?? '');
+            if ($normalizedName) {
+                $cannaiqByName[$normalizedName] = $data;
+            }
+        }
+
+        return $stores->map(function ($store) use ($cannaiqByName) {
+            // Try to match by normalized name
+            $normalizedName = $this->normalizeStoreName($store['name']);
+            $cannaiq = $cannaiqByName[$normalizedName] ?? null;
+
+            if ($cannaiq) {
+                // Merge CannaiQ data into store row
+                $store['tags'] = $cannaiq['tags'] ?? $store['tags'];
+                $store['avg_days_on_hand'] = $cannaiq['avg_days_on_hand'] ?? $store['avg_days_on_hand'];
+                $store['avg_margin_3mo'] = $cannaiq['avg_margin_3mo'] ?? $store['avg_margin_3mo'];
+                $store['categories'] = $cannaiq['categories'] ?? $store['categories'];
+
+                // Override OOS if CannaiQ has more accurate data
+                if (isset($cannaiq['oos_skus'])) {
+                    $store['oos_skus'] = $cannaiq['oos_skus'];
+                }
+
+                // Override lost opportunity if CannaiQ has it
+                if (isset($cannaiq['lost_opportunity'])) {
+                    $store['lost_opportunity'] = $cannaiq['lost_opportunity'];
+                }
+            }
+
+            return $store;
+        });
+    }
+
+    /**
+     * Normalize store name for fuzzy matching
+     */
+    private function normalizeStoreName(string $name): string
+    {
+        // Lowercase, remove common suffixes, trim whitespace
+        $name = strtolower(trim($name));
+        $name = preg_replace('/\s+(inc|llc|dispensary|cannabis|co|company)\.?$/i', '', $name);
+        $name = preg_replace('/[^a-z0-9]/', '', $name);
+
+        return $name;
+    }
+}

app/Http/Controllers/Seller/BrandSwitcherController.php

@@ -18,12 +18,22 @@ class BrandSwitcherController extends Controller
     {
         $brandId = $request->input('brand_id');
         $brandHashid = $request->input('brand_hashid');
+        $redirectTo = $request->input('redirect_to');
 
         // If both are empty, clear the session (show all brands)
         if (empty($brandId) && empty($brandHashid)) {
+            // Clear cache for current user before removing session
+            $user = auth()->user();
+            $business = $user?->primaryBusiness();
+            $oldBrandId = session('selected_brand_id');
+
+            if ($user && $business && $oldBrandId) {
+                \Illuminate\Support\Facades\Cache::forget("selected_brand:{$user->id}:{$business->id}:{$oldBrandId}");
+            }
+
             session()->forget('selected_brand_id');
 
-            return back();
+            return $redirectTo ? redirect($redirectTo) : back();
         }
 
         // Verify the brand exists and belongs to user's business
@@ -56,6 +66,7 @@ class BrandSwitcherController extends Controller
 
     /**
      * Get the currently selected brand (helper method).
+     * Cached for 5 minutes to avoid repeated queries on every page load.
      */
     public static function getSelectedBrand(): ?Brand
     {
@@ -72,9 +83,14 @@ class BrandSwitcherController extends Controller
             return null;
         }
 
-        return Brand::forBusiness($business)
-            ->where('id', $brandId)
-            ->first();
+        // Cache by user + business + brand to avoid repeated queries
+        $cacheKey = "selected_brand:{$user->id}:{$business->id}:{$brandId}";
+
+        return \Illuminate\Support\Facades\Cache::remember($cacheKey, 300, function () use ($business, $brandId) {
+            return Brand::forBusiness($business)
+                ->where('id', $brandId)
+                ->first();
+        });
     }
 
     /**

app/Http/Controllers/Seller/CategoryController.php

@@ -37,8 +37,28 @@ class CategoryController extends Controller
 
     public function index(Business $business)
     {
-        // Product categories table is not properly set up - skipping for now
-        $productCategories = collect();
+        // Load product categories with nesting and counts (include parent if division)
+        // Use recursive eager loading for nested children
+        $productCategories = ProductCategory::where(function ($query) use ($business) {
+            $query->where('business_id', $business->id);
+            if ($business->parent_id) {
+                $query->orWhere('business_id', $business->parent_id);
+            }
+        })
+            ->whereNull('parent_id')
+            ->with(['children' => function ($query) {
+                $query->orderBy('sort_order')->orderBy('name')
+                    ->with(['children' => function ($q) {
+                        $q->orderBy('sort_order')->orderBy('name')
+                            ->with(['children' => function ($q2) {
+                                $q2->orderBy('sort_order')->orderBy('name');
+                            }]);
+                    }]);
+            }])
+            ->withCount('products')
+            ->orderBy('sort_order')
+            ->orderBy('name')
+            ->get();
 
         // Load component categories with nesting and counts (include parent if division)
         $componentCategories = ComponentCategory::where(function ($query) use ($business) {

app/Http/Controllers/Seller/ChatController.php

@@ -0,0 +1,415 @@
+<?php
+
+namespace App\Http\Controllers\Seller;
+
+use App\Http\Controllers\Controller;
+use App\Models\Business;
+use App\Models\Crm\CrmActiveView;
+use App\Models\Crm\CrmChannel;
+use App\Models\Crm\CrmInternalNote;
+use App\Models\Crm\CrmThread;
+use App\Models\User;
+use App\Services\Crm\CrmAiService;
+use App\Services\Crm\CrmChannelService;
+use App\Services\Crm\CrmSlaService;
+use Illuminate\Http\Request;
+
+class ChatController extends Controller
+{
+    public function __construct(
+        protected CrmChannelService $channelService,
+        protected CrmSlaService $slaService,
+        protected CrmAiService $aiService
+    ) {}
+
+    /**
+     * Unified chat inbox view (Chatwoot-style)
+     */
+    public function index(Request $request, Business $business)
+    {
+        $query = CrmThread::forBusiness($business->id)
+            ->with(['contact', 'assignee', 'brand', 'channel', 'messages' => fn ($q) => $q->latest()->limit(1)])
+            ->withCount('messages');
+
+        // Filters
+        if ($request->filled('status')) {
+            $query->where('status', $request->status);
+        }
+
+        if ($request->filled('assigned_to')) {
+            if ($request->assigned_to === 'unassigned') {
+                $query->unassigned();
+            } else {
+                $query->assignedTo($request->assigned_to);
+            }
+        }
+
+        if ($request->filled('department')) {
+            $query->forDepartment($request->department);
+        }
+
+        if ($request->filled('brand_id')) {
+            $query->forBrand($request->brand_id);
+        }
+
+        if ($request->filled('search')) {
+            $query->where(function ($q) use ($request) {
+                $q->where('subject', 'ilike', "%{$request->search}%")
+                    ->orWhere('last_message_preview', 'ilike', "%{$request->search}%")
+                    ->orWhereHas('contact', fn ($c) => $c->where('name', 'ilike', "%{$request->search}%"));
+            });
+        }
+
+        $threads = $query->orderByDesc('last_message_at')->paginate(50);
+
+        // Get team members for assignment dropdown
+        $teamMembers = User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))->get();
+
+        // Get available channels
+        $channels = $this->channelService->getAvailableChannels($business->id);
+
+        // Get brands for filter dropdown
+        $brands = \App\Models\Brand::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->orderBy('name')
+            ->get();
+
+        // Get departments for filter dropdown
+        $departments = CrmChannel::DEPARTMENTS;
+
+        // Get contacts for new conversation modal
+        // Include: 1) Customer contacts (from businesses that ordered), 2) Own business contacts (coworkers)
+        $customerBusinessIds = \App\Models\Order::whereHas('items.product.brand', fn ($q) => $q->where('business_id', $business->id))
+            ->pluck('business_id')
+            ->unique();
+
+        // Add the seller's own business ID to include coworkers
+        $allBusinessIds = $customerBusinessIds->push($business->id)->unique();
+
+        $contacts = \App\Models\Contact::whereIn('business_id', $allBusinessIds)
+            ->with('business:id,name')
+            ->orderBy('first_name')
+            ->limit(200)
+            ->get();
+
+        return view('seller.chat.index', compact(
+            'business',
+            'threads',
+            'teamMembers',
+            'channels',
+            'brands',
+            'departments',
+            'contacts'
+        ));
+    }
+
+    /**
+     * API: Get thread data for inline loading
+     */
+    public function getThread(Request $request, Business $business, CrmThread $thread)
+    {
+        if ($thread->business_id !== $business->id) {
+            return response()->json(['error' => 'Not found'], 404);
+        }
+
+        $thread->load([
+            'contact',
+            'account',
+            'assignee',
+            'brand',
+            'channel',
+            'messages.attachments',
+            'messages.user',
+            'deals',
+            'internalNotes.user',
+            'tags.tag',
+        ]);
+
+        // Mark as read
+        $thread->markAsRead($request->user());
+
+        // Start viewing (collision detection)
+        CrmActiveView::startViewing($thread, $request->user());
+
+        // Get other viewers
+        $otherViewers = CrmActiveView::getActiveViewers($thread, $request->user()->id);
+
+        // Get SLA status
+        $slaStatus = $this->slaService->getThreadSlaStatus($thread);
+
+        // Get AI suggestions
+        $suggestions = $thread->aiSuggestions()->pending()->notExpired()->get();
+
+        // Get available channels for reply
+        $channels = $this->channelService->getAvailableChannels($business->id);
+
+        // Get team members for assignment dropdown
+        $teamMembers = User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))->get();
+
+        return response()->json([
+            'thread' => $thread,
+            'otherViewers' => $otherViewers->map(fn ($v) => [
+                'id' => $v->user->id,
+                'name' => $v->user->name,
+                'type' => $v->view_type,
+            ]),
+            'slaStatus' => $slaStatus,
+            'suggestions' => $suggestions,
+            'channels' => $channels,
+            'teamMembers' => $teamMembers,
+        ]);
+    }
+
+    /**
+     * API: Send reply in thread
+     */
+    public function reply(Request $request, Business $business, CrmThread $thread)
+    {
+        if ($thread->business_id !== $business->id) {
+            return response()->json(['error' => 'Not found'], 404);
+        }
+
+        $validated = $request->validate([
+            'body' => 'required|string|max:10000',
+            'channel_type' => 'required|string|in:sms,email,whatsapp,instagram,in_app',
+        ]);
+
+        $contact = $thread->contact;
+        $to = $validated['channel_type'] === CrmChannel::TYPE_EMAIL
+            ? $contact->email
+            : $contact->phone;
+
+        if (! $to) {
+            return response()->json(['error' => 'Contact does not have required contact info for this channel.'], 422);
+        }
+
+        $success = $this->channelService->sendMessage(
+            businessId: $business->id,
+            channelType: $validated['channel_type'],
+            to: $to,
+            body: $validated['body'],
+            subject: null,
+            threadId: $thread->id,
+            contactId: $contact->id,
+            userId: $request->user()->id,
+            attachments: []
+        );
+
+        if (! $success) {
+            return response()->json(['error' => 'Failed to send message.'], 500);
+        }
+
+        // Auto-assign thread to sender if unassigned
+        if ($thread->assigned_to === null) {
+            $thread->assigned_to = $request->user()->id;
+            $thread->save();
+        }
+
+        // Handle SLA
+        $this->slaService->handleOutboundMessage($thread);
+
+        // Reload messages
+        $thread->load(['messages.attachments', 'messages.user']);
+
+        return response()->json([
+            'success' => true,
+            'messages' => $thread->messages,
+        ]);
+    }
+
+    /**
+     * API: Create new thread
+     */
+    public function store(Request $request, Business $business)
+    {
+        $validated = $request->validate([
+            'contact_id' => 'required|exists:contacts,id',
+            'channel_type' => 'required|string|in:sms,email,whatsapp,instagram,in_app',
+            'body' => 'required|string|max:10000',
+        ]);
+
+        // Get allowed business IDs (customers + own business for coworkers)
+        $customerBusinessIds = \App\Models\Order::whereHas('items.product.brand', fn ($q) => $q->where('business_id', $business->id))
+            ->pluck('business_id')
+            ->unique();
+        $allBusinessIds = $customerBusinessIds->push($business->id)->unique();
+
+        // SECURITY: Verify contact belongs to a customer business or own business (coworker)
+        $contact = \App\Models\Contact::whereIn('business_id', $allBusinessIds)
+            ->findOrFail($validated['contact_id']);
+
+        $to = $validated['channel_type'] === CrmChannel::TYPE_EMAIL
+            ? $contact->email
+            : $contact->phone;
+
+        if (! $to) {
+            return response()->json(['error' => 'Contact does not have the required contact info for this channel.'], 422);
+        }
+
+        // Create thread
+        $thread = CrmThread::create([
+            'business_id' => $business->id,
+            'contact_id' => $contact->id,
+            'account_id' => $contact->account_id,
+            'status' => 'open',
+            'priority' => 'normal',
+            'last_channel_type' => $validated['channel_type'],
+            'assigned_to' => $request->user()->id,
+        ]);
+
+        // Send the message
+        $success = $this->channelService->sendMessage(
+            businessId: $business->id,
+            channelType: $validated['channel_type'],
+            to: $to,
+            body: $validated['body'],
+            subject: null,
+            threadId: $thread->id,
+            contactId: $contact->id,
+            userId: $request->user()->id,
+            attachments: []
+        );
+
+        if (! $success) {
+            $thread->delete();
+
+            return response()->json(['error' => 'Failed to send message.'], 500);
+        }
+
+        $thread->load(['contact', 'messages']);
+
+        return response()->json([
+            'success' => true,
+            'thread' => $thread,
+        ]);
+    }
+
+    /**
+     * API: Assign thread
+     */
+    public function assign(Request $request, Business $business, CrmThread $thread)
+    {
+        if ($thread->business_id !== $business->id) {
+            return response()->json(['error' => 'Not found'], 404);
+        }
+
+        $validated = $request->validate([
+            'assigned_to' => 'nullable|exists:users,id',
+        ]);
+
+        if ($validated['assigned_to']) {
+            $assignee = User::where('id', $validated['assigned_to'])
+                ->whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))
+                ->first();
+
+            if (! $assignee) {
+                return response()->json(['error' => 'Invalid user.'], 422);
+            }
+
+            $thread->assignTo($assignee, $request->user());
+        } else {
+            $thread->assigned_to = null;
+            $thread->save();
+        }
+
+        return response()->json(['success' => true]);
+    }
+
+    /**
+     * API: Close thread
+     */
+    public function close(Request $request, Business $business, CrmThread $thread)
+    {
+        if ($thread->business_id !== $business->id) {
+            return response()->json(['error' => 'Not found'], 404);
+        }
+
+        $thread->close($request->user());
+
+        return response()->json(['success' => true, 'status' => 'closed']);
+    }
+
+    /**
+     * API: Reopen thread
+     */
+    public function reopen(Request $request, Business $business, CrmThread $thread)
+    {
+        if ($thread->business_id !== $business->id) {
+            return response()->json(['error' => 'Not found'], 404);
+        }
+
+        $thread->reopen($request->user());
+        $this->slaService->resumeTimers($thread);
+
+        return response()->json(['success' => true, 'status' => 'open']);
+    }
+
+    /**
+     * API: Add internal note
+     */
+    public function addNote(Request $request, Business $business, CrmThread $thread)
+    {
+        if ($thread->business_id !== $business->id) {
+            return response()->json(['error' => 'Not found'], 404);
+        }
+
+        $validated = $request->validate([
+            'content' => 'required|string|max:5000',
+        ]);
+
+        $note = CrmInternalNote::create([
+            'business_id' => $business->id,
+            'user_id' => $request->user()->id,
+            'notable_type' => CrmThread::class,
+            'notable_id' => $thread->id,
+            'content' => $validated['content'],
+        ]);
+
+        $note->load('user');
+
+        return response()->json(['success' => true, 'note' => $note]);
+    }
+
+    /**
+     * API: Generate AI reply
+     */
+    public function generateAiReply(Request $request, Business $business, CrmThread $thread)
+    {
+        if ($thread->business_id !== $business->id) {
+            return response()->json(['error' => 'Not found'], 404);
+        }
+
+        $suggestion = $this->aiService->generateReplyDraft($thread, $request->input('tone', 'professional'));
+
+        if (! $suggestion) {
+            return response()->json(['error' => 'Failed to generate reply.'], 500);
+        }
+
+        return response()->json([
+            'content' => $suggestion->content,
+            'suggestion_id' => $suggestion->id,
+        ]);
+    }
+
+    /**
+     * API: Heartbeat for active viewing
+     */
+    public function heartbeat(Request $request, Business $business, CrmThread $thread)
+    {
+        if ($thread->business_id !== $business->id) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        CrmActiveView::startViewing($thread, $request->user(), $request->input('view_type', 'viewing'));
+
+        $otherViewers = CrmActiveView::getActiveViewers($thread, $request->user()->id);
+
+        return response()->json([
+            'other_viewers' => $otherViewers->map(fn ($v) => [
+                'id' => $v->user->id,
+                'name' => $v->user->name,
+                'type' => $v->view_type,
+            ]),
+        ]);
+    }
+}

app/Http/Controllers/Seller/ContactController.php

@@ -14,12 +14,17 @@ class ContactController extends Controller
 {
     /**
      * Display a listing of contacts (CRM Core)
-     * Shows all contacts who have interacted with this seller business
+     * Shows all contacts from buyer businesses (accounts)
      */
     public function index(Request $request, Business $business)
     {
-        // Get all contact IDs that have interacted with this business
-        // through orders, conversations, or messages
+        // Get all contacts from buyer businesses (accounts)
+        // This gives a complete view of all contacts in the CRM
+        $query = Contact::whereHas('business', function ($q) {
+            $q->where('type', 'buyer');
+        })->with(['business', 'user']);
+
+        // Also track which contacts have engaged for stats
         $orderContactIds = Order::whereHas('items.product.brand', function ($q) use ($business) {
             $q->where('business_id', $business->id);
         })->whereNotNull('contact_id')->pluck('contact_id');
@@ -28,11 +33,7 @@ class ContactController extends Controller
             ->whereNotNull('primary_contact_id')
             ->pluck('primary_contact_id');
 
-        $contactIds = $orderContactIds->merge($conversationContactIds)->unique();
-
-        // Build query
-        $query = Contact::whereIn('id', $contactIds)
-            ->with(['business', 'user']);
+        $engagedContactIds = $orderContactIds->merge($conversationContactIds)->unique();
 
         // Search filter
         if ($request->filled('search')) {
@@ -60,6 +61,8 @@ class ContactController extends Controller
                 $query->whereIn('id', $orderContactIds);
             } elseif ($request->activity === 'has_conversations') {
                 $query->whereIn('id', $conversationContactIds);
+            } elseif ($request->activity === 'engaged') {
+                $query->whereIn('id', $engagedContactIds);
             }
         }
 
@@ -75,12 +78,14 @@ class ContactController extends Controller
 
         $contacts = $query->paginate(20)->withQueryString();
 
-        // Get stats
+        // Get stats - count all buyer contacts and engaged contacts
+        $allBuyerContactsQuery = Contact::whereHas('business', fn ($q) => $q->where('type', 'buyer'));
         $stats = [
-            'total' => Contact::whereIn('id', $contactIds)->count(),
-            'active' => Contact::whereIn('id', $contactIds)->where('is_active', true)->count(),
-            'with_orders' => Contact::whereIn('id', $orderContactIds)->count(),
-            'with_conversations' => Contact::whereIn('id', $conversationContactIds)->count(),
+            'total' => (clone $allBuyerContactsQuery)->count(),
+            'active' => (clone $allBuyerContactsQuery)->where('is_active', true)->count(),
+            'with_orders' => $orderContactIds->count(),
+            'with_conversations' => $conversationContactIds->count(),
+            'engaged' => $engagedContactIds->count(),
         ];
 
         return view('seller.contacts.index', compact('business', 'contacts', 'stats'));
@@ -107,41 +112,45 @@ class ContactController extends Controller
         // Load contact relationships
         $contact->load(['business', 'user']);
 
-        // Get conversations
+        // Get conversations (limit for profile view)
         $conversations = Conversation::where('business_id', $business->id)
             ->where('primary_contact_id', $contact->id)
             ->with('latestMessage')
             ->orderBy('last_message_at', 'desc')
+            ->limit(20)
             ->get();
 
-        // Get orders
+        // Get orders (limit for profile view, select only needed columns)
         $orders = Order::whereHas('items.product.brand', function ($q) use ($business) {
             $q->where('business_id', $business->id);
         })
             ->where('contact_id', $contact->id)
-            ->with(['business', 'items.product'])
+            ->with(['business:id,name', 'items:id,order_id,product_id,quantity,unit_price', 'items.product:id,name,sku'])
             ->latest()
+            ->limit(20)
             ->get();
 
-        // Get invoices
+        // Get invoices (limit for profile view)
         $invoices = Invoice::whereHas('order', function ($q) use ($contact) {
             $q->where('contact_id', $contact->id);
         })
             ->whereHas('order.items.product.brand', function ($q) use ($business) {
                 $q->where('business_id', $business->id);
             })
-            ->with('order')
+            ->with('order:id,order_number')
             ->latest()
+            ->limit(20)
             ->get();
 
-        // Get backorders (orders with status 'backorder')
+        // Get backorders (limit for profile view)
         $backorders = Order::whereHas('items.product.brand', function ($q) use ($business) {
             $q->where('business_id', $business->id);
         })
             ->where('contact_id', $contact->id)
             ->where('status', 'backorder')
-            ->with(['business', 'items.product'])
+            ->with(['business:id,name', 'items:id,order_id,product_id,quantity', 'items.product:id,name,sku'])
             ->latest()
+            ->limit(10)
             ->get();
 
         // Premium features (gated by has_marketing)
@@ -172,14 +181,18 @@ class ContactController extends Controller
 
     /**
      * Build unified activity timeline (Premium feature)
+     * Limited to most recent 30 items for performance
      */
     private function buildTimeline(Contact $contact, Business $business): array
     {
         $timeline = [];
 
-        // Get all related activities
+        // Get recent conversations (limit for performance)
         $conversations = Conversation::where('business_id', $business->id)
             ->where('primary_contact_id', $contact->id)
+            ->select('id', 'subject', 'created_at')
+            ->latest()
+            ->limit(10)
             ->get();
 
         foreach ($conversations as $conversation) {
@@ -193,10 +206,14 @@ class ContactController extends Controller
             ];
         }
 
+        // Get recent orders (limit for performance)
         $orders = Order::whereHas('items.product.brand', function ($q) use ($business) {
             $q->where('business_id', $business->id);
         })
             ->where('contact_id', $contact->id)
+            ->select('id', 'order_number', 'total', 'created_at')
+            ->latest()
+            ->limit(10)
             ->get();
 
         foreach ($orders as $order) {
@@ -210,12 +227,16 @@ class ContactController extends Controller
             ];
         }
 
+        // Get recent invoices (limit for performance)
         $invoices = Invoice::whereHas('order', function ($q) use ($contact) {
             $q->where('contact_id', $contact->id);
         })
             ->whereHas('order.items.product.brand', function ($q) use ($business) {
                 $q->where('business_id', $business->id);
             })
+            ->select('id', 'invoice_number', 'payment_status', 'created_at')
+            ->latest()
+            ->limit(10)
             ->get();
 
         foreach ($invoices as $invoice) {
@@ -229,11 +250,11 @@ class ContactController extends Controller
             ];
         }
 
-        // Sort by date descending
+        // Sort by date descending and limit total items
         usort($timeline, function ($a, $b) {
             return $b['date'] <=> $a['date'];
         });
 
-        return $timeline;
+        return array_slice($timeline, 0, 30);
     }
 }

app/Http/Controllers/Seller/ConversationController.php

@@ -25,12 +25,12 @@ class ConversationController extends Controller
         if ($search) {
             $query->where(function ($q) use ($search) {
                 $q->whereHas('contact', function ($c) use ($search) {
-                    $c->where('name', 'like', "%{$search}%")
-                        ->orWhere('email', 'like', "%{$search}%")
-                        ->orWhere('phone', 'like', "%{$search}%");
+                    $c->where('name', 'ilike', "%{$search}%")
+                        ->orWhere('email', 'ilike', "%{$search}%")
+                        ->orWhere('phone', 'ilike', "%{$search}%");
                 })
                     ->orWhereHas('messages', function ($m) use ($search) {
-                        $m->where('message_body', 'like', "%{$search}%");
+                        $m->where('message_body', 'ilike', "%{$search}%");
                     });
             });
         }

app/Http/Controllers/Seller/Crm/AccountController.php

@@ -3,37 +3,410 @@
 namespace App\Http\Controllers\Seller\Crm;
 
 use App\Http\Controllers\Controller;
+use App\Models\Activity;
 use App\Models\Business;
+use App\Models\Contact;
+use App\Models\Crm\CrmEvent;
+use App\Models\Crm\CrmQuote;
+use App\Models\Crm\CrmTask;
+use App\Models\Invoice;
+use App\Models\Location;
+use App\Models\SalesOpportunity;
+use App\Models\SendMenuLog;
+use App\Services\Cannaiq\CannaiqClient;
 use Illuminate\Http\Request;
 
 class AccountController extends Controller
 {
     /**
-     * Display accounts listing
+     * Display accounts listing - only buyers who have ordered from this seller
      */
     public function index(Request $request, Business $business)
     {
-        $accounts = Business::where('type', 'buyer')
-            ->where('status', 'approved')
-            ->with(['contacts'])
-            ->orderBy('name')
-            ->paginate(25);
+        $query = Business::where('type', 'buyer')
+            ->whereHas('orders', function ($q) use ($business) {
+                $q->whereHas('items.product.brand', fn ($b) => $b->where('business_id', $business->id));
+            })
+            ->with(['contacts']);
+
+        // Search filter
+        if ($request->filled('q')) {
+            $search = $request->q;
+            $query->where(function ($q) use ($search) {
+                $q->where('name', 'ILIKE', "%{$search}%")
+                    ->orWhere('dba_name', 'ILIKE', "%{$search}%")
+                    ->orWhere('business_email', 'ILIKE', "%{$search}%");
+            });
+        }
+
+        // Status filter - default to approved, but allow viewing all
+        if ($request->filled('status') && $request->status !== 'all') {
+            $query->where('status', $request->status);
+        } else {
+            $query->where('status', 'approved');
+        }
+
+        $accounts = $query->orderBy('name')->paginate(25);
+
+        // Return JSON for AJAX/API requests (live search)
+        if ($request->wantsJson()) {
+            return response()->json([
+                'data' => $accounts->map(fn ($a) => [
+                    'slug' => $a->slug,
+                    'name' => $a->name,
+                    'email' => $a->business_email,
+                    'status' => $a->status,
+                ])->values()->toArray(),
+            ]);
+        }
 
         return view('seller.crm.accounts.index', compact('business', 'accounts'));
     }
 
+    /**
+     * Show create customer form
+     */
+    public function create(Request $request, Business $business)
+    {
+        return view('seller.crm.accounts.create', compact('business'));
+    }
+
+    /**
+     * Store a new customer (buyer business)
+     */
+    public function store(Request $request, Business $business)
+    {
+        $validated = $request->validate([
+            'name' => 'required|string|max:255',
+            'dba_name' => 'nullable|string|max:255',
+            'license_number' => 'nullable|string|max:100',
+            'business_email' => 'nullable|email|max:255',
+            'business_phone' => 'nullable|string|max:50',
+            'physical_address' => 'nullable|string|max:255',
+            'physical_city' => 'nullable|string|max:100',
+            'physical_state' => 'nullable|string|max:50',
+            'physical_zipcode' => 'nullable|string|max:20',
+            'contact_name' => 'nullable|string|max:255',
+            'contact_email' => 'nullable|email|max:255',
+            'contact_phone' => 'nullable|string|max:50',
+            'contact_title' => 'nullable|string|max:100',
+        ]);
+
+        // Create the buyer business
+        $account = Business::create([
+            'name' => $validated['name'],
+            'dba_name' => $validated['dba_name'] ?? null,
+            'license_number' => $validated['license_number'] ?? null,
+            'business_email' => $validated['business_email'] ?? null,
+            'business_phone' => $validated['business_phone'] ?? null,
+            'physical_address' => $validated['physical_address'] ?? null,
+            'physical_city' => $validated['physical_city'] ?? null,
+            'physical_state' => $validated['physical_state'] ?? null,
+            'physical_zipcode' => $validated['physical_zipcode'] ?? null,
+            'type' => 'buyer',
+            'status' => 'approved', // Auto-approve customers created by sellers
+        ]);
+
+        // Create contact if provided
+        if (! empty($validated['contact_name'])) {
+            $account->contacts()->create([
+                'first_name' => explode(' ', $validated['contact_name'])[0],
+                'last_name' => implode(' ', array_slice(explode(' ', $validated['contact_name']), 1)) ?: null,
+                'email' => $validated['contact_email'] ?? null,
+                'phone' => $validated['contact_phone'] ?? null,
+                'title' => $validated['contact_title'] ?? null,
+            ]);
+        }
+
+        // Log the creation event
+        CrmEvent::log(
+            sellerBusinessId: $business->id,
+            eventType: 'account_created',
+            summary: "Customer {$account->name} created",
+            buyerBusinessId: $account->id,
+            userId: auth()->id(),
+            channel: 'system'
+        );
+
+        // Return JSON for AJAX requests
+        if ($request->expectsJson()) {
+            return response()->json([
+                'id' => $account->id,
+                'name' => $account->name,
+                'slug' => $account->slug,
+            ]);
+        }
+
+        return redirect()
+            ->route('seller.business.crm.accounts.show', [$business->slug, $account->slug])
+            ->with('success', 'Customer created successfully.');
+    }
+
+    /**
+     * Show edit customer form
+     */
+    public function edit(Request $request, Business $business, Business $account)
+    {
+        return view('seller.crm.accounts.edit', compact('business', 'account'));
+    }
+
+    /**
+     * Update a customer (buyer business)
+     */
+    public function update(Request $request, Business $business, Business $account)
+    {
+        $validated = $request->validate([
+            'name' => 'required|string|max:255',
+            'dba_name' => 'nullable|string|max:255',
+            'license_number' => 'nullable|string|max:100',
+            'business_email' => 'nullable|email|max:255',
+            'business_phone' => 'nullable|string|max:50',
+            'physical_address' => 'nullable|string|max:255',
+            'physical_city' => 'nullable|string|max:100',
+            'physical_state' => 'nullable|string|max:50',
+            'physical_zipcode' => 'nullable|string|max:20',
+        ]);
+
+        $account->update($validated);
+
+        return redirect()
+            ->route('seller.business.crm.accounts.show', [$business->slug, $account->slug])
+            ->with('success', 'Customer updated successfully.');
+    }
+
     /**
      * Show account details
      */
     public function show(Request $request, Business $business, Business $account)
     {
-        $account->load(['contacts', 'orders' => function ($q) use ($business) {
-            $q->whereHas('items.product.brand', function ($q2) use ($business) {
-                $q2->where('business_id', $business->id);
-            })->latest()->limit(10);
-        }]);
+        $account->load(['contacts']);
 
-        return view('seller.crm.accounts.show', compact('business', 'account'));
+        // Location filtering
+        $locationId = $request->query('location');
+        $selectedLocation = $locationId ? $account->locations()->find($locationId) : null;
+
+        // Load all locations for this account with contacts pivot
+        $locations = $account->locations()
+            ->with(['contacts' => function ($q) {
+                $q->wherePivot('role', 'buyer');
+            }])
+            ->orderBy('name')
+            ->get();
+
+        // Base order query for this seller
+        $baseOrderQuery = fn () => $account->orders()
+            ->whereHas('items.product.brand', function ($q) use ($business) {
+                $q->where('business_id', $business->id);
+            });
+
+        // Get orders (filtered by location if selected)
+        $ordersQuery = $baseOrderQuery();
+        if ($selectedLocation) {
+            $ordersQuery->where('location_id', $selectedLocation->id);
+        }
+        $orders = $ordersQuery->with(['invoice', 'location'])->latest()->limit(10)->get();
+
+        // Get quotes for this account (filtered by location if selected)
+        $quotesQuery = CrmQuote::where('business_id', $business->id)
+            ->where('account_id', $account->id);
+        if ($selectedLocation) {
+            $quotesQuery->where('location_id', $selectedLocation->id);
+        }
+        $quotes = $quotesQuery->with(['contact', 'items'])->latest()->limit(10)->get();
+
+        // Base invoice query
+        $baseInvoiceQuery = fn () => Invoice::whereHas('order', function ($q) use ($business, $account) {
+            $q->where('business_id', $account->id)
+                ->whereHas('items.product.brand', function ($q2) use ($business) {
+                    $q2->where('business_id', $business->id);
+                });
+        });
+
+        // Get invoices (filtered by location if selected)
+        $invoicesQuery = $baseInvoiceQuery();
+        if ($selectedLocation) {
+            $invoicesQuery->whereHas('order', function ($q) use ($selectedLocation) {
+                $q->where('location_id', $selectedLocation->id);
+            });
+        }
+        $invoices = $invoicesQuery->with(['order', 'payments'])->latest()->limit(10)->get();
+
+        // Get opportunities for this account from this seller
+        $opportunities = SalesOpportunity::where('seller_business_id', $business->id)
+            ->where('business_id', $account->id)
+            ->with(['stage', 'brand'])
+            ->latest()
+            ->get();
+
+        // Get tasks related to this account
+        $tasks = CrmTask::where('seller_business_id', $business->id)
+            ->where('business_id', $account->id)
+            ->whereNull('completed_at')
+            ->with('assignee')
+            ->orderBy('due_at')
+            ->limit(5)
+            ->get();
+
+        // Get conversation events for this account
+        $conversationEvents = CrmEvent::where('seller_business_id', $business->id)
+            ->where('buyer_business_id', $account->id)
+            ->latest('occurred_at')
+            ->limit(20)
+            ->get();
+
+        // Get menu send history for this account
+        $sendHistory = SendMenuLog::where('business_id', $business->id)
+            ->where('customer_id', $account->id)
+            ->with(['menu', 'brand'])
+            ->latest('sent_at')
+            ->limit(10)
+            ->get();
+
+        // Get activity log for this account
+        $activities = Activity::where('seller_business_id', $business->id)
+            ->where('business_id', $account->id)
+            ->with(['causer'])
+            ->latest()
+            ->limit(20)
+            ->get();
+
+        // Compute stats - if location selected, show location-specific stats
+        if ($selectedLocation) {
+            $orderStats = $baseOrderQuery()
+                ->where('location_id', $selectedLocation->id)
+                ->selectRaw('COUNT(*) as total_orders, COALESCE(SUM(total), 0) as total_revenue')
+                ->first();
+        } else {
+            $orderStats = $baseOrderQuery()
+                ->selectRaw('COUNT(*) as total_orders, COALESCE(SUM(total), 0) as total_revenue')
+                ->first();
+        }
+
+        $opportunityStats = SalesOpportunity::where('seller_business_id', $business->id)
+            ->where('business_id', $account->id)
+            ->where('status', 'open')
+            ->selectRaw('COUNT(*) as open_count, COALESCE(SUM(value), 0) as pipeline_value')
+            ->first();
+
+        // Financial stats from invoices (location-filtered if applicable)
+        $financialStatsQuery = $baseInvoiceQuery();
+        if ($selectedLocation) {
+            $financialStatsQuery->whereHas('order', function ($q) use ($selectedLocation) {
+                $q->where('location_id', $selectedLocation->id);
+            });
+        }
+        $financialStats = $financialStatsQuery->selectRaw('
+                COALESCE(SUM(amount_due), 0) as outstanding_balance,
+                COALESCE(SUM(CASE WHEN due_date < CURRENT_DATE AND amount_due > 0 THEN amount_due ELSE 0 END), 0) as past_due_amount,
+                COUNT(CASE WHEN amount_due > 0 THEN 1 END) as open_invoice_count,
+                MIN(CASE WHEN due_date < CURRENT_DATE AND amount_due > 0 THEN due_date END) as oldest_past_due_date
+            ')
+            ->first();
+
+        // Get last payment info
+        $lastPayment = \App\Models\InvoicePayment::whereHas('invoice.order', function ($q) use ($business, $account) {
+            $q->where('business_id', $account->id)
+                ->whereHas('items.product.brand', function ($q2) use ($business) {
+                    $q2->where('business_id', $business->id);
+                });
+        })
+            ->latest('payment_date')
+            ->first();
+
+        $stats = [
+            'total_orders' => $orderStats->total_orders ?? 0,
+            'total_revenue' => $orderStats->total_revenue ?? 0,
+            'open_opportunities' => $opportunityStats->open_count ?? 0,
+            'pipeline_value' => $opportunityStats->pipeline_value ?? 0,
+        ];
+
+        $financials = [
+            'outstanding_balance' => $financialStats->outstanding_balance ?? 0,
+            'past_due_amount' => $financialStats->past_due_amount ?? 0,
+            'open_invoice_count' => $financialStats->open_invoice_count ?? 0,
+            'oldest_past_due_days' => $financialStats->oldest_past_due_date
+                ? (int) ceil(abs(now()->diffInDays($financialStats->oldest_past_due_date)))
+                : null,
+            'last_payment_amount' => $lastPayment->amount ?? null,
+            'last_payment_date' => $lastPayment->payment_date ?? null,
+        ];
+
+        // Calculate unattributed orders/invoices (those without location_id)
+        $unattributedOrdersCount = $baseOrderQuery()->whereNull('location_id')->count();
+        $unattributedInvoicesCount = $baseInvoiceQuery()
+            ->whereHas('order', function ($q) {
+                $q->whereNull('location_id');
+            })
+            ->count();
+
+        // Calculate per-location stats for location tiles
+        $locationStats = [];
+        if ($locations->count() > 0) {
+            $locationIds = $locations->pluck('id')->toArray();
+
+            // Order stats by location
+            $ordersByLocation = $baseOrderQuery()
+                ->whereIn('location_id', $locationIds)
+                ->selectRaw('location_id, COUNT(*) as orders_count, COALESCE(SUM(total), 0) as revenue')
+                ->groupBy('location_id')
+                ->get()
+                ->keyBy('location_id');
+
+            // Invoice stats by location
+            $invoicesByLocation = Invoice::whereHas('order', function ($q) use ($business, $account, $locationIds) {
+                $q->where('business_id', $account->id)
+                    ->whereIn('location_id', $locationIds)
+                    ->whereHas('items.product.brand', function ($q2) use ($business) {
+                        $q2->where('business_id', $business->id);
+                    });
+            })
+                ->selectRaw('
+                    (SELECT location_id FROM orders WHERE orders.id = invoices.order_id) as location_id,
+                    COALESCE(SUM(amount_due), 0) as outstanding,
+                    COALESCE(SUM(CASE WHEN due_date < CURRENT_DATE AND amount_due > 0 THEN amount_due ELSE 0 END), 0) as past_due,
+                    COUNT(CASE WHEN amount_due > 0 THEN 1 END) as open_invoices
+                ')
+                ->groupByRaw('(SELECT location_id FROM orders WHERE orders.id = invoices.order_id)')
+                ->get()
+                ->keyBy('location_id');
+
+            foreach ($locations as $location) {
+                $orderData = $ordersByLocation->get($location->id);
+                $invoiceData = $invoicesByLocation->get($location->id);
+
+                $ordersCount = $orderData->orders_count ?? 0;
+                $openInvoices = $invoiceData->open_invoices ?? 0;
+
+                $locationStats[$location->id] = [
+                    'orders' => $ordersCount,
+                    'revenue' => $orderData->revenue ?? 0,
+                    'outstanding' => $invoiceData->outstanding ?? 0,
+                    'past_due' => $invoiceData->past_due ?? 0,
+                    'open_invoices' => $openInvoices,
+                    'has_attributed_data' => ($ordersCount + $openInvoices) > 0,
+                ];
+            }
+        }
+
+        return view('seller.crm.accounts.show', compact(
+            'business',
+            'account',
+            'stats',
+            'financials',
+            'orders',
+            'quotes',
+            'invoices',
+            'opportunities',
+            'tasks',
+            'conversationEvents',
+            'sendHistory',
+            'activities',
+            'locations',
+            'selectedLocation',
+            'locationStats',
+            'unattributedOrdersCount',
+            'unattributedInvoicesCount'
+        ));
     }
 
     /**
@@ -41,9 +414,26 @@ class AccountController extends Controller
      */
     public function contacts(Request $request, Business $business, Business $account)
     {
-        $contacts = $account->contacts()->paginate(25);
+        // Location filtering
+        $locationId = $request->query('location');
+        $selectedLocation = $locationId ? $account->locations()->find($locationId) : null;
 
-        return view('seller.crm.accounts.contacts', compact('business', 'account', 'contacts'));
+        // Base query for contacts
+        $contactsQuery = $account->contacts();
+
+        // If location selected, filter to contacts assigned to that location
+        if ($selectedLocation) {
+            $contactsQuery->whereHas('locations', function ($q) use ($selectedLocation) {
+                $q->where('locations.id', $selectedLocation->id);
+            });
+        }
+
+        $contacts = $contactsQuery->paginate(25);
+
+        // Load locations for the scope bar
+        $locations = $account->locations()->orderBy('name')->get();
+
+        return view('seller.crm.accounts.contacts', compact('business', 'account', 'contacts', 'locations', 'selectedLocation'));
     }
 
     /**
@@ -51,7 +441,21 @@ class AccountController extends Controller
      */
     public function opportunities(Request $request, Business $business, Business $account)
     {
-        return view('seller.crm.accounts.opportunities', compact('business', 'account'));
+        // Location filtering (note: opportunities don't have location_id yet, so we just pass the context)
+        $locationId = $request->query('location');
+        $selectedLocation = $locationId ? $account->locations()->find($locationId) : null;
+
+        // Load opportunities for this account
+        $opportunities = SalesOpportunity::where('seller_business_id', $business->id)
+            ->where('business_id', $account->id)
+            ->with(['stage', 'brand', 'owner'])
+            ->latest()
+            ->paginate(25);
+
+        // Load locations for the scope bar
+        $locations = $account->locations()->orderBy('name')->get();
+
+        return view('seller.crm.accounts.opportunities', compact('business', 'account', 'opportunities', 'locations', 'selectedLocation'));
     }
 
     /**
@@ -59,7 +463,28 @@ class AccountController extends Controller
      */
     public function orders(Request $request, Business $business, Business $account)
     {
-        return view('seller.crm.accounts.orders', compact('business', 'account'));
+        // Location filtering
+        $locationId = $request->query('location');
+        $selectedLocation = $locationId ? $account->locations()->find($locationId) : null;
+
+        $ordersQuery = $account->orders()
+            ->whereHas('items.product.brand', function ($q) use ($business) {
+                $q->where('business_id', $business->id);
+            });
+
+        // Filter by location if selected
+        if ($selectedLocation) {
+            $ordersQuery->where('location_id', $selectedLocation->id);
+        }
+
+        $orders = $ordersQuery->with(['items.product.brand', 'location'])
+            ->latest()
+            ->paginate(25);
+
+        // Load locations for the scope bar
+        $locations = $account->locations()->orderBy('name')->get();
+
+        return view('seller.crm.accounts.orders', compact('business', 'account', 'orders', 'locations', 'selectedLocation'));
     }
 
     /**
@@ -67,7 +492,20 @@ class AccountController extends Controller
      */
     public function activity(Request $request, Business $business, Business $account)
     {
-        return view('seller.crm.accounts.activity', compact('business', 'account'));
+        // Location filtering (note: activities don't have location_id yet, so we just pass the context)
+        $locationId = $request->query('location');
+        $selectedLocation = $locationId ? $account->locations()->find($locationId) : null;
+
+        $activities = Activity::where('seller_business_id', $business->id)
+            ->where('business_id', $account->id)
+            ->with(['causer'])
+            ->latest()
+            ->paginate(50);
+
+        // Load locations for the scope bar
+        $locations = $account->locations()->orderBy('name')->get();
+
+        return view('seller.crm.accounts.activity', compact('business', 'account', 'activities', 'locations', 'selectedLocation'));
     }
 
     /**
@@ -75,6 +513,298 @@ class AccountController extends Controller
      */
     public function tasks(Request $request, Business $business, Business $account)
     {
-        return view('seller.crm.accounts.tasks', compact('business', 'account'));
+        // Location filtering (note: tasks don't have location_id yet, so we just pass the context)
+        $locationId = $request->query('location');
+        $selectedLocation = $locationId ? $account->locations()->find($locationId) : null;
+
+        // Load tasks for this account
+        $tasks = CrmTask::where('seller_business_id', $business->id)
+            ->where('business_id', $account->id)
+            ->with(['assignee', 'opportunity'])
+            ->orderByRaw('completed_at IS NOT NULL')
+            ->orderBy('due_at')
+            ->paginate(25);
+
+        // Load locations for the scope bar
+        $locations = $account->locations()->orderBy('name')->get();
+
+        return view('seller.crm.accounts.tasks', compact('business', 'account', 'tasks', 'locations', 'selectedLocation'));
+    }
+
+    /**
+     * Store a note for an account
+     */
+    public function storeNote(Request $request, Business $business, Business $account)
+    {
+        $request->validate([
+            'note' => 'required|string|max:5000',
+        ]);
+
+        CrmEvent::log(
+            sellerBusinessId: $business->id,
+            eventType: 'note_added',
+            summary: $request->input('note'),
+            buyerBusinessId: $account->id,
+            userId: auth()->id(),
+            channel: 'system'
+        );
+
+        return redirect()
+            ->route('seller.business.crm.accounts.show', [$business->slug, $account->slug])
+            ->with('success', 'Note added successfully.');
+    }
+
+    /**
+     * Store a new contact for an account
+     */
+    public function storeContact(Request $request, Business $business, Business $account)
+    {
+        $validated = $request->validate([
+            'first_name' => 'required|string|max:100',
+            'last_name' => 'nullable|string|max:100',
+            'email' => 'nullable|email|max:255',
+            'phone' => 'nullable|string|max:50',
+            'title' => 'nullable|string|max:100',
+        ]);
+
+        $contact = $account->contacts()->create($validated);
+
+        // Return JSON for AJAX requests
+        if ($request->expectsJson()) {
+            return response()->json([
+                'id' => $contact->id,
+                'first_name' => $contact->first_name,
+                'last_name' => $contact->last_name,
+                'email' => $contact->email,
+                'phone' => $contact->phone,
+                'title' => $contact->title,
+            ]);
+        }
+
+        return redirect()
+            ->route('seller.business.crm.accounts.contacts', [$business->slug, $account->slug])
+            ->with('success', 'Contact added successfully.');
+    }
+
+    /**
+     * Show edit contact form
+     */
+    public function editContact(Request $request, Business $business, Business $account, Contact $contact)
+    {
+        // Verify contact belongs to this account
+        if ($contact->business_id !== $account->id) {
+            abort(404);
+        }
+
+        return view('seller.crm.accounts.contacts-edit', compact('business', 'account', 'contact'));
+    }
+
+    /**
+     * Update a contact
+     */
+    public function updateContact(Request $request, Business $business, Business $account, Contact $contact)
+    {
+        // Verify contact belongs to this account
+        if ($contact->business_id !== $account->id) {
+            abort(404);
+        }
+
+        $validated = $request->validate([
+            'first_name' => 'required|string|max:100',
+            'last_name' => 'nullable|string|max:100',
+            'email' => 'nullable|email|max:255',
+            'phone' => 'nullable|string|max:50',
+            'title' => 'nullable|string|max:100',
+            'is_active' => 'boolean',
+        ]);
+
+        // Handle checkbox - if not sent, default to false
+        $validated['is_active'] = $request->boolean('is_active');
+
+        $contact->update($validated);
+
+        return redirect()
+            ->route('seller.business.crm.accounts.contacts', [$business->slug, $account->slug])
+            ->with('success', 'Contact updated successfully.');
+    }
+
+    /**
+     * Delete a contact
+     */
+    public function destroyContact(Request $request, Business $business, Business $account, Contact $contact)
+    {
+        // Verify contact belongs to this account
+        if ($contact->business_id !== $account->id) {
+            abort(404);
+        }
+
+        $contact->delete();
+
+        return redirect()
+            ->route('seller.business.crm.accounts.contacts', [$business->slug, $account->slug])
+            ->with('success', 'Contact deleted successfully.');
+    }
+
+    /**
+     * Show location edit form
+     */
+    public function editLocation(Request $request, Business $business, Business $account, Location $location)
+    {
+        // Verify location belongs to this account
+        if ($location->business_id !== $account->id) {
+            abort(404);
+        }
+
+        // Load contacts that can be assigned to this location
+        $contacts = $account->contacts()->orderBy('first_name')->get();
+
+        // Load currently assigned contacts with their roles
+        $locationContacts = $location->contacts()->get();
+
+        // Available roles for location contacts
+        $contactRoles = [
+            'buyer' => 'Buyer',
+            'ap' => 'Accounts Payable',
+            'marketing' => 'Marketing',
+            'gm' => 'General Manager',
+            'inventory' => 'Inventory Manager',
+            'other' => 'Other',
+        ];
+
+        // CannaiQ platforms
+        $cannaiqPlatforms = [
+            'dutchie' => 'Dutchie',
+            'jane' => 'Jane',
+            'weedmaps' => 'Weedmaps',
+            'leafly' => 'Leafly',
+            'iheartjane' => 'iHeartJane',
+            'other' => 'Other',
+        ];
+
+        return view('seller.crm.accounts.locations-edit', compact(
+            'business',
+            'account',
+            'location',
+            'contacts',
+            'locationContacts',
+            'contactRoles',
+            'cannaiqPlatforms'
+        ));
+    }
+
+    /**
+     * Update location
+     */
+    public function updateLocation(Request $request, Business $business, Business $account, Location $location)
+    {
+        // Verify location belongs to this account
+        if ($location->business_id !== $account->id) {
+            abort(404);
+        }
+
+        $validated = $request->validate([
+            'name' => 'required|string|max:255',
+            'address' => 'nullable|string|max:255',
+            'city' => 'nullable|string|max:100',
+            'state' => 'nullable|string|max:50',
+            'zipcode' => 'nullable|string|max:20',
+            'phone' => 'nullable|string|max:50',
+            'email' => 'nullable|email|max:255',
+            'is_active' => 'boolean',
+            'cannaiq_platform' => 'nullable|string|max:50',
+            'cannaiq_store_slug' => 'nullable|string|max:255',
+            'cannaiq_store_id' => 'nullable|string|max:100',
+            'cannaiq_store_name' => 'nullable|string|max:255',
+            'contact_roles' => 'nullable|array',
+            'contact_roles.*.contact_id' => 'required|exists:contacts,id',
+            'contact_roles.*.role' => 'required|string|max:50',
+            'contact_roles.*.is_primary' => 'boolean',
+        ]);
+
+        // Handle checkbox
+        $validated['is_active'] = $request->boolean('is_active');
+
+        // Clear CannaiQ fields if platform is cleared
+        if (empty($validated['cannaiq_platform'])) {
+            $validated['cannaiq_store_slug'] = null;
+            $validated['cannaiq_store_id'] = null;
+            $validated['cannaiq_store_name'] = null;
+        }
+
+        // Update location
+        $location->update([
+            'name' => $validated['name'],
+            'address' => $validated['address'] ?? null,
+            'city' => $validated['city'] ?? null,
+            'state' => $validated['state'] ?? null,
+            'zipcode' => $validated['zipcode'] ?? null,
+            'phone' => $validated['phone'] ?? null,
+            'email' => $validated['email'] ?? null,
+            'is_active' => $validated['is_active'],
+            'cannaiq_platform' => $validated['cannaiq_platform'] ?? null,
+            'cannaiq_store_slug' => $validated['cannaiq_store_slug'] ?? null,
+            'cannaiq_store_id' => $validated['cannaiq_store_id'] ?? null,
+            'cannaiq_store_name' => $validated['cannaiq_store_name'] ?? null,
+        ]);
+
+        // Sync location contacts
+        if (isset($validated['contact_roles'])) {
+            $syncData = [];
+            foreach ($validated['contact_roles'] as $contactRole) {
+                // Verify contact belongs to this account
+                $contact = Contact::where('business_id', $account->id)
+                    ->where('id', $contactRole['contact_id'])
+                    ->first();
+
+                if ($contact) {
+                    $syncData[$contact->id] = [
+                        'role' => $contactRole['role'],
+                        'is_primary' => $contactRole['is_primary'] ?? false,
+                    ];
+                }
+            }
+            $location->contacts()->sync($syncData);
+        } else {
+            $location->contacts()->detach();
+        }
+
+        return redirect()
+            ->route('seller.business.crm.accounts.show', [$business->slug, $account->slug])
+            ->with('success', 'Location updated successfully.');
+    }
+
+    /**
+     * Search CannaiQ stores for linking
+     */
+    public function searchCannaiqStores(Request $request, Business $business, Business $account, Location $location)
+    {
+        // Verify location belongs to this account
+        if ($location->business_id !== $account->id) {
+            abort(404);
+        }
+
+        $request->validate([
+            'platform' => 'required|string|max:50',
+            'query' => 'required|string|min:2|max:100',
+        ]);
+
+        try {
+            $client = app(CannaiqClient::class);
+            $results = $client->searchStores(
+                platform: $request->input('platform'),
+                query: $request->input('query')
+            );
+
+            return response()->json([
+                'success' => true,
+                'stores' => $results,
+            ]);
+        } catch (\Exception $e) {
+            return response()->json([
+                'success' => false,
+                'message' => 'Failed to search stores: '.$e->getMessage(),
+                'stores' => [],
+            ], 500);
+        }
     }
 }

app/Http/Controllers/Seller/Crm/AutomationController.php

@@ -3,6 +3,7 @@
 namespace App\Http\Controllers\Seller\Crm;
 
 use App\Http\Controllers\Controller;
+use App\Models\Business;
 use App\Models\Crm\CrmAutomation;
 use App\Models\Crm\CrmAutomationAction;
 use App\Models\Crm\CrmAutomationCondition;
@@ -13,38 +14,34 @@ class AutomationController extends Controller
     /**
      * List automations
      */
-    public function index(Request $request)
+    public function index(Request $request, Business $business)
     {
-        $business = $request->user()->business;
-
         $automations = CrmAutomation::forBusiness($business->id)
             ->with('creator')
             ->withCount(['logs as successful_runs' => fn ($q) => $q->completed()])
             ->orderByDesc('created_at')
             ->paginate(25);
 
-        return view('seller.crm.automations.index', compact('automations'));
+        return view('seller.crm.automations.index', compact('automations', 'business'));
     }
 
     /**
      * Show automation builder
      */
-    public function create(Request $request)
+    public function create(Request $request, Business $business)
     {
         $triggers = CrmAutomation::TRIGGERS;
         $operators = CrmAutomationCondition::OPERATORS;
         $actionTypes = CrmAutomationAction::TYPES;
 
-        return view('seller.crm.automations.create', compact('triggers', 'operators', 'actionTypes'));
+        return view('seller.crm.automations.create', compact('triggers', 'operators', 'actionTypes', 'business'));
     }
 
     /**
      * Store automation
      */
-    public function store(Request $request)
+    public function store(Request $request, Business $business)
     {
-        $business = $request->user()->business;
-
         $validated = $request->validate([
             'name' => 'required|string|max:255',
             'description' => 'nullable|string|max:1000',
@@ -100,33 +97,29 @@ class AutomationController extends Controller
             ]);
         }
 
-        return redirect()->route('seller.crm.automations.show', $automation)
+        return redirect()->route('seller.business.crm.automations.show', [$business, $automation])
             ->with('success', 'Automation created successfully.');
     }
 
     /**
      * Show automation details
      */
-    public function show(Request $request, CrmAutomation $automation)
+    public function show(Request $request, Business $business, CrmAutomation $automation)
     {
-        $business = $request->user()->business;
-
         if ($automation->business_id !== $business->id) {
             abort(404);
         }
 
         $automation->load(['conditions', 'actions', 'logs' => fn ($q) => $q->latest()->limit(50)]);
 
-        return view('seller.crm.automations.show', compact('automation'));
+        return view('seller.crm.automations.show', compact('automation', 'business'));
     }
 
     /**
      * Edit automation
      */
-    public function edit(Request $request, CrmAutomation $automation)
+    public function edit(Request $request, Business $business, CrmAutomation $automation)
     {
-        $business = $request->user()->business;
-
         if ($automation->business_id !== $business->id) {
             abort(404);
         }
@@ -137,16 +130,14 @@ class AutomationController extends Controller
         $operators = CrmAutomationCondition::OPERATORS;
         $actionTypes = CrmAutomationAction::TYPES;
 
-        return view('seller.crm.automations.edit', compact('automation', 'triggers', 'operators', 'actionTypes'));
+        return view('seller.crm.automations.edit', compact('automation', 'triggers', 'operators', 'actionTypes', 'business'));
     }
 
     /**
      * Update automation
      */
-    public function update(Request $request, CrmAutomation $automation)
+    public function update(Request $request, Business $business, CrmAutomation $automation)
     {
-        $business = $request->user()->business;
-
         if ($automation->business_id !== $business->id) {
             abort(404);
         }
@@ -211,17 +202,15 @@ class AutomationController extends Controller
             ]);
         }
 
-        return redirect()->route('seller.crm.automations.show', $automation)
+        return redirect()->route('seller.business.crm.automations.show', [$business, $automation])
             ->with('success', 'Automation updated successfully.');
     }
 
     /**
      * Toggle automation active status
      */
-    public function toggle(Request $request, CrmAutomation $automation)
+    public function toggle(Request $request, Business $business, CrmAutomation $automation)
     {
-        $business = $request->user()->business;
-
         if ($automation->business_id !== $business->id) {
             abort(404);
         }
@@ -238,34 +227,30 @@ class AutomationController extends Controller
     /**
      * Duplicate automation
      */
-    public function duplicate(Request $request, CrmAutomation $automation)
+    public function duplicate(Request $request, Business $business, CrmAutomation $automation)
     {
-        $business = $request->user()->business;
-
         if ($automation->business_id !== $business->id) {
             abort(404);
         }
 
         $copy = $automation->duplicate();
 
-        return redirect()->route('seller.crm.automations.edit', $copy)
+        return redirect()->route('seller.business.crm.automations.edit', [$business, $copy])
             ->with('success', 'Automation duplicated. Make your changes and activate when ready.');
     }
 
     /**
      * Delete automation
      */
-    public function destroy(Request $request, CrmAutomation $automation)
+    public function destroy(Request $request, Business $business, CrmAutomation $automation)
     {
-        $business = $request->user()->business;
-
         if ($automation->business_id !== $business->id) {
             abort(404);
         }
 
         $automation->delete();
 
-        return redirect()->route('seller.crm.automations.index')
+        return redirect()->route('seller.business.crm.automations.index', $business)
             ->with('success', 'Automation deleted.');
     }
 }

app/Http/Controllers/Seller/Crm/ChannelController.php

@@ -0,0 +1,196 @@
+<?php
+
+namespace App\Http\Controllers\Seller\Crm;
+
+use App\Http\Controllers\Controller;
+use App\Models\Business;
+use App\Models\BusinessEmailIdentity;
+use App\Models\Crm\CrmChannel;
+use Illuminate\Http\Request;
+use Illuminate\Validation\Rule;
+
+class ChannelController extends Controller
+{
+    /**
+     * List all CRM channels for a business.
+     */
+    public function index(Business $business)
+    {
+        $channels = CrmChannel::forBusiness($business->id)
+            ->orderBy('type')
+            ->orderBy('name')
+            ->get();
+
+        return view('seller.crm.channels.index', compact('business', 'channels'));
+    }
+
+    /**
+     * Show the create channel form.
+     */
+    public function create(Business $business)
+    {
+        // Get available email identities
+        $emailIdentities = BusinessEmailIdentity::forBusiness($business->id)
+            ->active()
+            ->with('mailSettings')
+            ->get();
+
+        return view('seller.crm.channels.create', [
+            'business' => $business,
+            'channel' => null,
+            'emailIdentities' => $emailIdentities,
+            'types' => [
+                CrmChannel::TYPE_EMAIL => 'Email',
+                CrmChannel::TYPE_SMS => 'SMS',
+            ],
+            'departments' => CrmChannel::DEPARTMENTS,
+        ]);
+    }
+
+    /**
+     * Store a new channel.
+     */
+    public function store(Request $request, Business $business)
+    {
+        $validated = $request->validate([
+            'name' => ['required', 'string', 'max:100'],
+            'type' => ['required', 'string', Rule::in([CrmChannel::TYPE_EMAIL, CrmChannel::TYPE_SMS])],
+            'department' => ['required', 'string', Rule::in(array_keys(CrmChannel::DEPARTMENTS))],
+            'is_active' => ['boolean'],
+            // Email-specific
+            'identity_id' => ['nullable', 'required_if:type,email', 'exists:business_email_identities,id'],
+            // SMS-specific
+            'phone_number' => ['nullable', 'required_if:type,sms', 'string', 'max:20'],
+        ]);
+
+        // Build config based on type
+        $config = ['department' => $validated['department']];
+        $identifier = null;
+
+        if ($validated['type'] === CrmChannel::TYPE_EMAIL && ! empty($validated['identity_id'])) {
+            $identity = BusinessEmailIdentity::where('business_id', $business->id)
+                ->findOrFail($validated['identity_id']);
+
+            $config['identity_id'] = $identity->id;
+            $config['mail_settings_id'] = $identity->mail_settings_id;
+            $identifier = $identity->email;
+        }
+
+        if ($validated['type'] === CrmChannel::TYPE_SMS && ! empty($validated['phone_number'])) {
+            $config['phone_number'] = $validated['phone_number'];
+            $identifier = $validated['phone_number'];
+        }
+
+        $channel = CrmChannel::create([
+            'business_id' => $business->id,
+            'type' => $validated['type'],
+            'name' => $validated['name'],
+            'department' => $validated['department'],
+            'identifier' => $identifier,
+            'config' => $config,
+            'is_active' => $request->boolean('is_active', true),
+            'can_send' => true,
+            'can_receive' => true,
+        ]);
+
+        // Link the email identity to this channel
+        if ($validated['type'] === CrmChannel::TYPE_EMAIL && ! empty($validated['identity_id'])) {
+            BusinessEmailIdentity::where('id', $validated['identity_id'])
+                ->update(['crm_channel_id' => $channel->id]);
+        }
+
+        return redirect()
+            ->route('seller.business.crm.channels.index', $business)
+            ->with('success', 'Channel created successfully.');
+    }
+
+    /**
+     * Show the edit channel form.
+     */
+    public function edit(Business $business, CrmChannel $channel)
+    {
+        // Security: ensure channel belongs to business
+        if ($channel->business_id !== $business->id) {
+            abort(404);
+        }
+
+        // Get available email identities
+        $emailIdentities = BusinessEmailIdentity::forBusiness($business->id)
+            ->active()
+            ->with('mailSettings')
+            ->get();
+
+        return view('seller.crm.channels.edit', [
+            'business' => $business,
+            'channel' => $channel,
+            'emailIdentities' => $emailIdentities,
+            'types' => [
+                CrmChannel::TYPE_EMAIL => 'Email',
+                CrmChannel::TYPE_SMS => 'SMS',
+            ],
+            'departments' => CrmChannel::DEPARTMENTS,
+        ]);
+    }
+
+    /**
+     * Update an existing channel.
+     */
+    public function update(Request $request, Business $business, CrmChannel $channel)
+    {
+        // Security: ensure channel belongs to business
+        if ($channel->business_id !== $business->id) {
+            abort(404);
+        }
+
+        $validated = $request->validate([
+            'name' => ['required', 'string', 'max:100'],
+            'department' => ['required', 'string', Rule::in(array_keys(CrmChannel::DEPARTMENTS))],
+            'is_active' => ['boolean'],
+            // Email-specific
+            'identity_id' => ['nullable', 'exists:business_email_identities,id'],
+            // SMS-specific
+            'phone_number' => ['nullable', 'string', 'max:20'],
+        ]);
+
+        // Build config based on type
+        $config = $channel->config ?? [];
+        $config['department'] = $validated['department'];
+        $identifier = $channel->identifier;
+
+        if ($channel->type === CrmChannel::TYPE_EMAIL && ! empty($validated['identity_id'])) {
+            $identity = BusinessEmailIdentity::where('business_id', $business->id)
+                ->findOrFail($validated['identity_id']);
+
+            // Unlink old identity if different
+            $oldIdentityId = $config['identity_id'] ?? null;
+            if ($oldIdentityId && $oldIdentityId != $identity->id) {
+                BusinessEmailIdentity::where('id', $oldIdentityId)
+                    ->update(['crm_channel_id' => null]);
+            }
+
+            $config['identity_id'] = $identity->id;
+            $config['mail_settings_id'] = $identity->mail_settings_id;
+            $identifier = $identity->email;
+
+            // Link new identity
+            $identity->update(['crm_channel_id' => $channel->id]);
+        }
+
+        if ($channel->type === CrmChannel::TYPE_SMS && ! empty($validated['phone_number'])) {
+            $config['phone_number'] = $validated['phone_number'];
+            $identifier = $validated['phone_number'];
+        }
+
+        $channel->update([
+            'name' => $validated['name'],
+            'department' => $validated['department'],
+            'identifier' => $identifier,
+            'config' => $config,
+            'is_active' => $request->boolean('is_active', true),
+        ]);
+
+        return redirect()
+            ->route('seller.business.crm.channels.index', $business)
+            ->with('success', 'Channel updated successfully.');
+    }
+}

app/Http/Controllers/Seller/Crm/ContactController.php

@@ -0,0 +1,252 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Crm;
+
+use App\Http\Controllers\Controller;
+use App\Models\Business;
+use App\Models\Contact;
+use Illuminate\Http\Request;
+
+class ContactController extends Controller
+{
+    /**
+     * Display all CRM contacts (contacts from buyer businesses).
+     */
+    public function index(Request $request, Business $business)
+    {
+        $query = Contact::query()
+            ->whereHas('business', function ($q) {
+                $q->where('type', 'buyer');
+            })
+            ->with(['business', 'location']);
+
+        // Search filter
+        if ($request->filled('q')) {
+            $search = $request->q;
+            $query->where(function ($q) use ($search) {
+                $q->where('first_name', 'ILIKE', "%{$search}%")
+                    ->orWhere('last_name', 'ILIKE', "%{$search}%")
+                    ->orWhere('email', 'ILIKE', "%{$search}%")
+                    ->orWhere('phone', 'ILIKE', "%{$search}%")
+                    ->orWhere('position', 'ILIKE', "%{$search}%")
+                    ->orWhereHas('business', function ($q) use ($search) {
+                        $q->where('name', 'ILIKE', "%{$search}%")
+                            ->orWhere('dba_name', 'ILIKE', "%{$search}%");
+                    });
+            });
+        }
+
+        // Account filter
+        if ($request->filled('account')) {
+            $query->where('business_id', $request->account);
+        }
+
+        // Contact type filter
+        if ($request->filled('type')) {
+            $query->where('contact_type', $request->type);
+        }
+
+        // Active filter - default to active
+        if ($request->filled('status')) {
+            if ($request->status === 'inactive') {
+                $query->where('is_active', false);
+            } elseif ($request->status === 'all') {
+                // Show all
+            } else {
+                $query->where('is_active', true);
+            }
+        } else {
+            $query->where('is_active', true);
+        }
+
+        $contacts = $query
+            ->orderBy('last_name')
+            ->orderBy('first_name')
+            ->paginate(25)
+            ->withQueryString();
+
+        // Return JSON for AJAX/API requests (live search)
+        if ($request->wantsJson()) {
+            return response()->json([
+                'data' => $contacts->map(fn ($c) => [
+                    'hashid' => $c->hashid,
+                    'name' => $c->getFullName(),
+                    'email' => $c->email,
+                    'account' => $c->business?->name,
+                ])->values()->toArray(),
+            ]);
+        }
+
+        // Get accounts for filter dropdown
+        $accounts = Business::where('type', 'buyer')
+            ->where('status', 'approved')
+            ->orderBy('name')
+            ->get(['id', 'name', 'dba_name']);
+
+        return view('seller.crm.contacts.index', compact('business', 'contacts', 'accounts'));
+    }
+
+    /**
+     * Show the form for creating a new contact.
+     */
+    public function create(Request $request, Business $business)
+    {
+        $accounts = Business::where('type', 'buyer')
+            ->where('status', 'approved')
+            ->orderBy('name')
+            ->get(['id', 'name', 'dba_name']);
+
+        $selectedAccount = $request->filled('account')
+            ? Business::find($request->account)
+            : null;
+
+        return view('seller.crm.contacts.create', compact('business', 'accounts', 'selectedAccount'));
+    }
+
+    /**
+     * Store a newly created contact.
+     */
+    public function store(Request $request, Business $business)
+    {
+        $validated = $request->validate([
+            'business_id' => 'required|exists:businesses,id',
+            'first_name' => 'required|string|max:255',
+            'last_name' => 'required|string|max:255',
+            'email' => 'required|email|max:255',
+            'phone' => 'nullable|string|max:50',
+            'mobile' => 'nullable|string|max:50',
+            'position' => 'nullable|string|max:255',
+            'contact_type' => 'nullable|string|in:'.implode(',', array_keys(Contact::CONTACT_TYPES)),
+            'preferred_contact_method' => 'nullable|string|in:'.implode(',', array_keys(Contact::COMMUNICATION_METHODS)),
+            'is_primary' => 'nullable|boolean',
+            'notes' => 'nullable|string|max:1000',
+        ]);
+
+        // Verify the target business is a buyer
+        $targetBusiness = Business::findOrFail($validated['business_id']);
+        if ($targetBusiness->type !== 'buyer') {
+            return redirect()->back()->with('error', 'Contacts can only be added to customer accounts.');
+        }
+
+        // If setting as primary, remove primary from other contacts
+        if ($request->boolean('is_primary')) {
+            Contact::where('business_id', $validated['business_id'])->update(['is_primary' => false]);
+        }
+
+        $contact = Contact::create([
+            'business_id' => $validated['business_id'],
+            'first_name' => $validated['first_name'],
+            'last_name' => $validated['last_name'],
+            'email' => $validated['email'],
+            'phone' => $validated['phone'] ?? null,
+            'mobile' => $validated['mobile'] ?? null,
+            'position' => $validated['position'] ?? null,
+            'contact_type' => $validated['contact_type'] ?? 'general',
+            'preferred_contact_method' => $validated['preferred_contact_method'] ?? 'email',
+            'is_primary' => $request->boolean('is_primary', false),
+            'is_active' => true,
+            'notes' => $validated['notes'] ?? null,
+            'created_by' => auth()->id(),
+        ]);
+
+        return redirect()
+            ->route('seller.business.crm.contacts.index', $business)
+            ->with('success', "Contact '{$contact->getFullName()}' created successfully.");
+    }
+
+    /**
+     * Show the form for editing a contact.
+     */
+    public function edit(Business $business, Contact $contact)
+    {
+        // Verify contact belongs to a buyer business
+        if ($contact->business->type !== 'buyer') {
+            abort(404);
+        }
+
+        $accounts = Business::where('type', 'buyer')
+            ->where('status', 'approved')
+            ->orderBy('name')
+            ->get(['id', 'name', 'dba_name']);
+
+        return view('seller.crm.contacts.edit', compact('business', 'contact', 'accounts'));
+    }
+
+    /**
+     * Update a contact.
+     */
+    public function update(Request $request, Business $business, Contact $contact)
+    {
+        // Verify contact belongs to a buyer business
+        if ($contact->business->type !== 'buyer') {
+            abort(404);
+        }
+
+        $validated = $request->validate([
+            'business_id' => 'required|exists:businesses,id',
+            'first_name' => 'required|string|max:255',
+            'last_name' => 'required|string|max:255',
+            'email' => 'required|email|max:255',
+            'phone' => 'nullable|string|max:50',
+            'mobile' => 'nullable|string|max:50',
+            'position' => 'nullable|string|max:255',
+            'contact_type' => 'nullable|string|in:'.implode(',', array_keys(Contact::CONTACT_TYPES)),
+            'preferred_contact_method' => 'nullable|string|in:'.implode(',', array_keys(Contact::COMMUNICATION_METHODS)),
+            'is_primary' => 'nullable|boolean',
+            'notes' => 'nullable|string|max:1000',
+        ]);
+
+        // Verify the target business is a buyer
+        $targetBusiness = Business::findOrFail($validated['business_id']);
+        if ($targetBusiness->type !== 'buyer') {
+            return redirect()->back()->with('error', 'Contacts can only belong to customer accounts.');
+        }
+
+        // If setting as primary, remove primary from other contacts
+        if ($request->boolean('is_primary') && ! $contact->is_primary) {
+            Contact::where('business_id', $validated['business_id'])
+                ->where('id', '!=', $contact->id)
+                ->update(['is_primary' => false]);
+        }
+
+        $contact->update([
+            'business_id' => $validated['business_id'],
+            'first_name' => $validated['first_name'],
+            'last_name' => $validated['last_name'],
+            'email' => $validated['email'],
+            'phone' => $validated['phone'] ?? null,
+            'mobile' => $validated['mobile'] ?? null,
+            'position' => $validated['position'] ?? null,
+            'contact_type' => $validated['contact_type'] ?? 'general',
+            'preferred_contact_method' => $validated['preferred_contact_method'] ?? 'email',
+            'is_primary' => $request->boolean('is_primary', false),
+            'notes' => $validated['notes'] ?? null,
+            'updated_by' => auth()->id(),
+        ]);
+
+        return redirect()
+            ->route('seller.business.crm.contacts.index', $business)
+            ->with('success', "Contact '{$contact->getFullName()}' updated successfully.");
+    }
+
+    /**
+     * Archive/delete a contact.
+     */
+    public function destroy(Business $business, Contact $contact)
+    {
+        // Verify contact belongs to a buyer business
+        if ($contact->business->type !== 'buyer') {
+            abort(404);
+        }
+
+        $name = $contact->getFullName();
+
+        $contact->archive('Deleted via CRM', auth()->user());
+
+        return redirect()
+            ->route('seller.business.crm.contacts.index', $business)
+            ->with('success', "Contact '{$name}' has been archived.");
+    }
+}

app/Http/Controllers/Seller/Crm/CrmCalendarController.php

@@ -4,8 +4,14 @@ namespace App\Http\Controllers\Seller\Crm;
 
 use App\Http\Controllers\Controller;
 use App\Jobs\Crm\SyncCalendarJob;
+use App\Models\Business;
+use App\Models\CalendarEvent;
+use App\Models\Contact;
 use App\Models\Crm\CrmCalendarConnection;
+use App\Models\Crm\CrmMeetingBooking;
 use App\Models\Crm\CrmSyncedEvent;
+use App\Models\Crm\CrmTask;
+use App\Models\User;
 use App\Services\Crm\CrmCalendarService;
 use Illuminate\Http\Request;
 
@@ -16,11 +22,10 @@ class CrmCalendarController extends Controller
     ) {}
 
     /**
-     * Calendar view
+     * Calendar view - unified activity calendar
      */
-    public function index(Request $request)
+    public function index(Request $request, Business $business)
     {
-        $business = $request->user()->business;
         $user = $request->user();
 
         // Get calendar connections
@@ -28,82 +33,434 @@ class CrmCalendarController extends Controller
             ->where('user_id', $user->id)
             ->get();
 
-        // Get events for calendar view
-        $startDate = $request->input('start', now()->startOfMonth());
-        $endDate = $request->input('end', now()->endOfMonth());
+        // Get team members for assignment dropdown
+        $teamMembers = User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))
+            ->select('id', 'first_name', 'last_name', 'email')
+            ->get();
 
-        $events = CrmSyncedEvent::whereIn('connection_id', $connections->pluck('id'))
-            ->whereBetween('start_time', [$startDate, $endDate])
+        // Get contacts for event creation
+        $customerBusinessIds = \App\Models\Order::whereHas('items.product.brand', fn ($q) => $q->where('business_id', $business->id))
+            ->pluck('business_id')
+            ->unique();
+
+        $contacts = Contact::whereIn('business_id', $customerBusinessIds)
+            ->with('business:id,name')
+            ->orderBy('first_name')
+            ->limit(200)
+            ->get();
+
+        // Get event types and colors for legend/forms
+        $eventTypes = CalendarEvent::TYPES;
+        $eventColors = CalendarEvent::TYPE_COLORS;
+
+        // Pass $business to view for route generation (Premium CRM uses seller.business.crm.* routes)
+        return view('seller.crm.calendar.index', compact(
+            'business',
+            'connections',
+            'teamMembers',
+            'contacts',
+            'eventTypes',
+            'eventColors'
+        ));
+    }
+
+    /**
+     * API: Get all events for date range (unified: internal + synced + bookings + tasks)
+     */
+    public function events(Request $request, Business $business)
+    {
+        $user = $request->user();
+
+        $validated = $request->validate([
+            'start' => 'required|date',
+            'end' => 'required|date|after:start',
+        ]);
+
+        $startDate = $validated['start'];
+        $endDate = $validated['end'];
+        $allEvents = collect();
+
+        // 1. Internal CalendarEvents
+        $internalEvents = CalendarEvent::forSellerBusiness($business->id)
+            ->inDateRange($startDate, $endDate)
+            ->with(['contact:id,first_name,last_name', 'assignee:id,first_name,last_name'])
             ->get()
             ->map(fn ($e) => [
-                'id' => $e->id,
+                'id' => 'event_'.$e->id,
                 'title' => $e->title,
-                'start' => $e->start_time->toIso8601String(),
-                'end' => $e->end_time->toIso8601String(),
-                'allDay' => $e->is_all_day,
-                'color' => $e->connection->provider === 'google' ? '#4285f4' : '#0078d4',
+                'start' => $e->start_at->toIso8601String(),
+                'end' => $e->end_at?->toIso8601String(),
+                'allDay' => $e->all_day,
+                'color' => $e->getColor(),
+                'classNames' => ['calendar-event-internal', 'event-type-'.$e->type],
                 'extendedProps' => [
+                    'source' => 'internal',
+                    'event_id' => $e->id,
+                    'type' => $e->type,
+                    'type_label' => $e->getTypeLabel(),
+                    'status' => $e->status,
                     'location' => $e->location,
                     'description' => $e->description,
-                    'attendees' => $e->attendees,
+                    'contact_id' => $e->contact_id,
+                    'contact_name' => $e->contact ? $e->contact->first_name.' '.$e->contact->last_name : null,
+                    'assigned_to' => $e->assigned_to,
+                    'assignee_name' => $e->assignee ? $e->assignee->first_name.' '.$e->assignee->last_name : null,
+                    'editable' => true,
                 ],
             ]);
+        $allEvents = $allEvents->merge($internalEvents);
 
-        // Get meeting bookings
-        $bookings = \Modules\Crm\Entities\CrmMeetingBooking::whereHas('meetingLink', function ($q) use ($business, $user) {
+        // 2. Synced external events (Google/Outlook)
+        $connections = CrmCalendarConnection::where('business_id', $business->id)
+            ->where('user_id', $user->id)
+            ->where('sync_enabled', true)
+            ->pluck('id');
+
+        if ($connections->isNotEmpty()) {
+            $syncedEvents = CrmSyncedEvent::whereIn('calendar_connection_id', $connections)
+                ->whereBetween('start_at', [$startDate, $endDate])
+                ->with('connection:id,provider')
+                ->get()
+                ->map(fn ($e) => [
+                    'id' => 'synced_'.$e->id,
+                    'title' => $e->title,
+                    'start' => $e->start_at->toIso8601String(),
+                    'end' => $e->end_at?->toIso8601String(),
+                    'allDay' => $e->all_day,
+                    'color' => $e->connection->provider === 'google' ? '#4285f4' : '#0078d4',
+                    'classNames' => ['calendar-event-synced', 'provider-'.$e->connection->provider],
+                    'extendedProps' => [
+                        'source' => 'synced',
+                        'provider' => $e->connection->provider,
+                        'location' => $e->location,
+                        'description' => $e->description,
+                        'attendees' => $e->attendees,
+                        'external_link' => $e->external_link,
+                        'editable' => false,
+                    ],
+                ]);
+            $allEvents = $allEvents->merge($syncedEvents);
+        }
+
+        // 3. Meeting bookings
+        $bookings = CrmMeetingBooking::whereHas('meetingLink', function ($q) use ($business, $user) {
             $q->where('business_id', $business->id)
                 ->where('user_id', $user->id);
         })
-            ->whereBetween('start_time', [$startDate, $endDate])
-            ->with(['meetingLink', 'contact'])
+            ->whereBetween('start_at', [$startDate, $endDate])
+            ->where('status', '!=', 'cancelled')
+            ->with(['meetingLink:id,name', 'contact:id,first_name,last_name'])
             ->get()
             ->map(fn ($b) => [
                 'id' => 'booking_'.$b->id,
-                'title' => $b->meetingLink->name.' - '.$b->guest_name,
-                'start' => $b->start_time->toIso8601String(),
-                'end' => $b->end_time->toIso8601String(),
+                'title' => ($b->meetingLink->name ?? 'Meeting').' - '.$b->booker_name,
+                'start' => $b->start_at->toIso8601String(),
+                'end' => $b->end_at->toIso8601String(),
                 'color' => '#10b981',
+                'classNames' => ['calendar-event-booking'],
                 'extendedProps' => [
-                    'type' => 'booking',
+                    'source' => 'booking',
+                    'booking_id' => $b->id,
+                    'status' => $b->status,
+                    'booker_name' => $b->booker_name,
+                    'booker_email' => $b->booker_email,
                     'contact_id' => $b->contact_id,
-                    'guest_email' => $b->guest_email,
+                    'contact_name' => $b->contact ? $b->contact->first_name.' '.$b->contact->last_name : null,
+                    'location' => $b->location,
+                    'editable' => false,
                 ],
             ]);
+        $allEvents = $allEvents->merge($bookings);
 
-        $allEvents = $events->merge($bookings);
+        // 4. CRM Tasks with due dates (shown as all-day markers) - only show user's assigned tasks
+        $tasks = CrmTask::forSellerBusiness($business->id)
+            ->where('assigned_to', $user->id)
+            ->incomplete()
+            ->whereNotNull('due_at')
+            ->whereBetween('due_at', [$startDate, $endDate])
+            ->with(['contact:id,first_name,last_name', 'assignee:id,first_name,last_name'])
+            ->get()
+            ->map(fn ($t) => [
+                'id' => 'task_'.$t->id,
+                'title' => '📋 '.$t->title,
+                'start' => $t->due_at->toDateString(),
+                'allDay' => true,
+                'color' => $t->isOverdue() ? '#EF4444' : '#F59E0B',
+                'classNames' => ['calendar-event-task', $t->isOverdue() ? 'task-overdue' : ''],
+                'extendedProps' => [
+                    'source' => 'task',
+                    'task_id' => $t->id,
+                    'type' => $t->type,
+                    'priority' => $t->priority,
+                    'contact_id' => $t->contact_id,
+                    'contact_name' => $t->contact ? $t->contact->first_name.' '.$t->contact->last_name : null,
+                    'assigned_to' => $t->assigned_to,
+                    'assignee_name' => $t->assignee ? $t->assignee->first_name.' '.$t->assignee->last_name : null,
+                    'is_overdue' => $t->isOverdue(),
+                    'editable' => false,
+                ],
+            ]);
+        $allEvents = $allEvents->merge($tasks);
 
-        return view('seller.crm.calendar.index', compact('connections', 'allEvents'));
+        return response()->json($allEvents->values());
+    }
+
+    /**
+     * Store a new calendar event
+     */
+    public function store(Request $request, Business $business)
+    {
+        $validated = $request->validate([
+            'title' => 'required|string|max:255',
+            'description' => 'nullable|string|max:5000',
+            'location' => 'nullable|string|max:255',
+            'start_at' => 'required|date',
+            'end_at' => 'nullable|date|after:start_at',
+            'all_day' => 'boolean',
+            'type' => 'required|string|in:'.implode(',', array_keys(CalendarEvent::TYPES)),
+            'contact_id' => 'nullable|exists:contacts,id',
+            'assigned_to' => 'nullable|exists:users,id',
+            'reminder_minutes' => 'nullable|integer|min:0',
+        ]);
+
+        // Security: verify contact belongs to a customer business
+        if (! empty($validated['contact_id'])) {
+            $customerBusinessIds = \App\Models\Order::whereHas('items.product.brand', fn ($q) => $q->where('business_id', $business->id))
+                ->pluck('business_id')
+                ->unique();
+
+            Contact::whereIn('business_id', $customerBusinessIds)
+                ->findOrFail($validated['contact_id']);
+        }
+
+        // Security: verify assignee belongs to business
+        if (! empty($validated['assigned_to'])) {
+            User::where('id', $validated['assigned_to'])
+                ->whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))
+                ->firstOrFail();
+        }
+
+        $event = CalendarEvent::create([
+            'seller_business_id' => $business->id,
+            'created_by' => $request->user()->id,
+            'assigned_to' => $validated['assigned_to'] ?? $request->user()->id,
+            'title' => $validated['title'],
+            'description' => $validated['description'] ?? null,
+            'location' => $validated['location'] ?? null,
+            'start_at' => $validated['start_at'],
+            'end_at' => $validated['end_at'] ?? null,
+            'all_day' => $validated['all_day'] ?? false,
+            'type' => $validated['type'],
+            'status' => 'scheduled',
+            'contact_id' => $validated['contact_id'] ?? null,
+            'reminder_at' => isset($validated['reminder_minutes']) && $validated['reminder_minutes'] > 0
+                ? now()->parse($validated['start_at'])->subMinutes($validated['reminder_minutes'])
+                : null,
+        ]);
+
+        if ($request->wantsJson()) {
+            return response()->json([
+                'success' => true,
+                'event' => $event->load(['contact:id,first_name,last_name', 'assignee:id,first_name,last_name']),
+            ]);
+        }
+
+        return back()->with('success', 'Event created successfully.');
+    }
+
+    /**
+     * Update a calendar event
+     */
+    public function update(Request $request, Business $business, CalendarEvent $event)
+    {
+        if ($event->seller_business_id !== $business->id) {
+            abort(404);
+        }
+
+        $validated = $request->validate([
+            'title' => 'sometimes|required|string|max:255',
+            'description' => 'nullable|string|max:5000',
+            'location' => 'nullable|string|max:255',
+            'start_at' => 'sometimes|required|date',
+            'end_at' => 'nullable|date|after:start_at',
+            'all_day' => 'boolean',
+            'type' => 'sometimes|required|string|in:'.implode(',', array_keys(CalendarEvent::TYPES)),
+            'status' => 'sometimes|required|string|in:scheduled,completed,cancelled',
+            'contact_id' => 'nullable|exists:contacts,id',
+            'assigned_to' => 'nullable|exists:users,id',
+            'reminder_minutes' => 'nullable|integer|min:0',
+        ]);
+
+        // Security checks for contact and assignee
+        if (isset($validated['contact_id']) && $validated['contact_id']) {
+            $customerBusinessIds = \App\Models\Order::whereHas('items.product.brand', fn ($q) => $q->where('business_id', $business->id))
+                ->pluck('business_id')
+                ->unique();
+
+            Contact::whereIn('business_id', $customerBusinessIds)
+                ->findOrFail($validated['contact_id']);
+        }
+
+        if (isset($validated['assigned_to']) && $validated['assigned_to']) {
+            User::where('id', $validated['assigned_to'])
+                ->whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))
+                ->firstOrFail();
+        }
+
+        // Handle reminder
+        if (isset($validated['reminder_minutes'])) {
+            $validated['reminder_at'] = $validated['reminder_minutes'] > 0
+                ? now()->parse($validated['start_at'] ?? $event->start_at)->subMinutes($validated['reminder_minutes'])
+                : null;
+            $validated['reminder_sent'] = false;
+            unset($validated['reminder_minutes']);
+        }
+
+        $event->update($validated);
+
+        if ($request->wantsJson()) {
+            return response()->json([
+                'success' => true,
+                'event' => $event->fresh()->load(['contact:id,first_name,last_name', 'assignee:id,first_name,last_name']),
+            ]);
+        }
+
+        return back()->with('success', 'Event updated successfully.');
+    }
+
+    /**
+     * Quick reschedule via drag-and-drop
+     */
+    public function reschedule(Request $request, Business $business, CalendarEvent $event)
+    {
+        if ($event->seller_business_id !== $business->id) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        $validated = $request->validate([
+            'start_at' => 'required|date',
+            'end_at' => 'nullable|date|after:start_at',
+            'all_day' => 'boolean',
+        ]);
+
+        $event->reschedule(
+            $validated['start_at'],
+            $validated['end_at'] ?? null,
+            $request->user()
+        );
+
+        if (isset($validated['all_day'])) {
+            $event->update(['all_day' => $validated['all_day']]);
+        }
+
+        return response()->json([
+            'success' => true,
+            'event' => $event->fresh(),
+        ]);
+    }
+
+    /**
+     * Mark event as complete
+     */
+    public function complete(Request $request, Business $business, CalendarEvent $event)
+    {
+        if ($event->seller_business_id !== $business->id) {
+            abort(404);
+        }
+
+        $event->markComplete($request->user());
+
+        if ($request->wantsJson()) {
+            return response()->json(['success' => true, 'event' => $event->fresh()]);
+        }
+
+        return back()->with('success', 'Event marked as complete.');
+    }
+
+    /**
+     * Cancel an event
+     */
+    public function cancel(Request $request, Business $business, CalendarEvent $event)
+    {
+        if ($event->seller_business_id !== $business->id) {
+            abort(404);
+        }
+
+        $event->cancel($request->user());
+
+        if ($request->wantsJson()) {
+            return response()->json(['success' => true, 'event' => $event->fresh()]);
+        }
+
+        return back()->with('success', 'Event cancelled.');
+    }
+
+    /**
+     * Delete an event
+     */
+    public function destroy(Request $request, Business $business, CalendarEvent $event)
+    {
+        if ($event->seller_business_id !== $business->id) {
+            abort(404);
+        }
+
+        $event->delete();
+
+        if ($request->wantsJson()) {
+            return response()->json(['success' => true]);
+        }
+
+        return back()->with('success', 'Event deleted.');
+    }
+
+    /**
+     * Get single event details (for modal)
+     */
+    public function show(Request $request, Business $business, CalendarEvent $event)
+    {
+        if ($event->seller_business_id !== $business->id) {
+            abort(404);
+        }
+
+        $event->load([
+            'contact:id,first_name,last_name,email,phone',
+            'business:id,name',
+            'assignee:id,first_name,last_name,email',
+            'creator:id,first_name,last_name',
+        ]);
+
+        return response()->json($event);
     }
 
     /**
      * Calendar connections settings
      */
-    public function connections(Request $request)
+    public function connections(Request $request, Business $business)
     {
-        $business = $request->user()->business;
         $user = $request->user();
 
         $connections = CrmCalendarConnection::where('business_id', $business->id)
             ->where('user_id', $user->id)
             ->get();
 
-        return view('seller.crm.calendar.connections', compact('connections'));
+        // Pass $business to view for route generation (Premium CRM uses seller.business.crm.* routes)
+        return view('seller.crm.calendar.connections', compact('business', 'connections'));
     }
 
     /**
      * Start OAuth flow for Google Calendar
      */
-    public function connectGoogle(Request $request)
+    public function connectGoogle(Request $request, Business $business)
     {
         $state = encrypt([
             'user_id' => $request->user()->id,
-            'business_id' => $request->user()->business_id,
+            'business_id' => $business->id,
             'provider' => 'google',
         ]);
 
         $params = http_build_query([
             'client_id' => config('services.google.client_id'),
-            'redirect_uri' => route('seller.crm.calendar.callback'),
+            'redirect_uri' => route('seller.business.crm.calendar.callback', $business),
             'response_type' => 'code',
             'scope' => 'https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/calendar.events',
             'access_type' => 'offline',
@@ -117,17 +474,17 @@ class CrmCalendarController extends Controller
     /**
      * Start OAuth flow for Outlook Calendar
      */
-    public function connectOutlook(Request $request)
+    public function connectOutlook(Request $request, Business $business)
     {
         $state = encrypt([
             'user_id' => $request->user()->id,
-            'business_id' => $request->user()->business_id,
+            'business_id' => $business->id,
             'provider' => 'outlook',
         ]);
 
         $params = http_build_query([
             'client_id' => config('services.microsoft.client_id'),
-            'redirect_uri' => route('seller.crm.calendar.callback'),
+            'redirect_uri' => route('seller.business.crm.calendar.callback', $business),
             'response_type' => 'code',
             'scope' => 'offline_access Calendars.ReadWrite',
             'state' => $state,
@@ -139,17 +496,17 @@ class CrmCalendarController extends Controller
     /**
      * OAuth callback
      */
-    public function callback(Request $request)
+    public function callback(Request $request, Business $business)
     {
         if ($request->has('error')) {
-            return redirect()->route('seller.crm.calendar.connections')
+            return redirect()->route('seller.business.crm.calendar.connections', $business)
                 ->withErrors(['error' => 'Authorization failed: '.$request->input('error_description')]);
         }
 
         try {
             $state = decrypt($request->input('state'));
         } catch (\Exception $e) {
-            return redirect()->route('seller.crm.calendar.connections')
+            return redirect()->route('seller.business.crm.calendar.connections', $business)
                 ->withErrors(['error' => 'Invalid state parameter.']);
         }
 
@@ -160,7 +517,7 @@ class CrmCalendarController extends Controller
         $tokens = $this->calendarService->exchangeCodeForTokens($provider, $code);
 
         if (! $tokens) {
-            return redirect()->route('seller.crm.calendar.connections')
+            return redirect()->route('seller.business.crm.calendar.connections', $business)
                 ->withErrors(['error' => 'Failed to obtain access token.']);
         }
 
@@ -188,17 +545,15 @@ class CrmCalendarController extends Controller
         // Queue initial sync
         SyncCalendarJob::dispatch($state['user_id'], $provider);
 
-        return redirect()->route('seller.crm.calendar.connections')
+        return redirect()->route('seller.business.crm.calendar.connections', $business)
             ->with('success', ucfirst($provider).' Calendar connected successfully.');
     }
 
     /**
      * Disconnect a calendar
      */
-    public function disconnect(Request $request, CrmCalendarConnection $connection)
+    public function disconnect(Request $request, Business $business, CrmCalendarConnection $connection)
     {
-        $business = $request->user()->business;
-
         if ($connection->business_id !== $business->id) {
             abort(404);
         }
@@ -215,10 +570,8 @@ class CrmCalendarController extends Controller
     /**
      * Toggle sync for a connection
      */
-    public function toggleSync(Request $request, CrmCalendarConnection $connection)
+    public function toggleSync(Request $request, Business $business, CrmCalendarConnection $connection)
     {
-        $business = $request->user()->business;
-
         if ($connection->business_id !== $business->id) {
             abort(404);
         }
@@ -231,10 +584,8 @@ class CrmCalendarController extends Controller
     /**
      * Force sync a calendar
      */
-    public function sync(Request $request, CrmCalendarConnection $connection)
+    public function sync(Request $request, Business $business, CrmCalendarConnection $connection)
     {
-        $business = $request->user()->business;
-
         if ($connection->business_id !== $business->id) {
             abort(404);
         }
@@ -243,35 +594,4 @@ class CrmCalendarController extends Controller
 
         return back()->with('success', 'Calendar sync started. Events will appear shortly.');
     }
-
-    /**
-     * API: Get events for date range (for calendar JS)
-     */
-    public function events(Request $request)
-    {
-        $business = $request->user()->business;
-        $user = $request->user();
-
-        $validated = $request->validate([
-            'start' => 'required|date',
-            'end' => 'required|date|after:start',
-        ]);
-
-        $connections = CrmCalendarConnection::where('business_id', $business->id)
-            ->where('user_id', $user->id)
-            ->pluck('id');
-
-        $events = CrmSyncedEvent::whereIn('connection_id', $connections)
-            ->whereBetween('start_time', [$validated['start'], $validated['end']])
-            ->get()
-            ->map(fn ($e) => [
-                'id' => $e->id,
-                'title' => $e->title,
-                'start' => $e->start_time->toIso8601String(),
-                'end' => $e->end_time->toIso8601String(),
-                'allDay' => $e->is_all_day,
-            ]);
-
-        return response()->json($events);
-    }
 }

app/Http/Controllers/Seller/Crm/CrmDashboardController.php

@@ -3,7 +3,9 @@
 namespace App\Http\Controllers\Seller\Crm;
 
 use App\Http\Controllers\Controller;
+use App\Models\Business;
 use App\Models\Crm\CrmDeal;
+use App\Models\Crm\CrmPipeline;
 use App\Models\Crm\CrmRepMetric;
 use App\Models\Crm\CrmSlaTimer;
 use App\Models\Crm\CrmThread;
@@ -20,9 +22,8 @@ class CrmDashboardController extends Controller
     /**
      * Main CRM dashboard
      */
-    public function index(Request $request)
+    public function index(Request $request, Business $business)
     {
-        $business = $request->user()->business;
         $user = $request->user();
 
         // Cache dashboard data for 1 minute
@@ -32,22 +33,37 @@ class CrmDashboardController extends Controller
             return $this->getDashboardData($business, $user);
         });
 
+        // Ensure $business is always passed to view (not cached)
+        $data['business'] = $business;
+
         return view('seller.crm.dashboard.index', $data);
     }
 
     /**
      * Sales performance dashboard
      */
-    public function sales(Request $request)
+    public function sales(Request $request, Business $business)
     {
-        $business = $request->user()->business;
+        // Get the default pipeline for stage name mapping
+        $defaultPipeline = CrmPipeline::where('business_id', $business->id)
+            ->where('is_default', true)
+            ->first();
 
-        // Pipeline summary
+        $stageMap = collect($defaultPipeline?->stages ?? [])->mapWithKeys(function ($stage, $index) {
+            return [$index => $stage['name'] ?? "Stage {$index}"];
+        })->all();
+
+        // Pipeline summary - group by stage_id (index into pipeline stages JSON array)
         $pipelineSummary = CrmDeal::forBusiness($business->id)
             ->open()
-            ->selectRaw('stage, count(*) as count, sum(value) as total_value, sum(weighted_value) as weighted_value')
-            ->groupBy('stage')
-            ->get();
+            ->selectRaw('stage_id, count(*) as count, sum(value) as total_value, sum(weighted_value) as weighted_value')
+            ->groupBy('stage_id')
+            ->get()
+            ->map(function ($item) use ($stageMap) {
+                $item->stage_name = $stageMap[$item->stage_id] ?? "Stage {$item->stage_id}";
+
+                return $item;
+            });
 
         // Won/Lost this month
         $monthlyStats = [
@@ -84,16 +100,16 @@ class CrmDashboardController extends Controller
             'monthlyStats',
             'closingThisMonth',
             'atRiskDeals',
-            'leaderboard'
+            'leaderboard',
+            'business'
         ));
     }
 
     /**
      * Team performance dashboard
      */
-    public function team(Request $request)
+    public function team(Request $request, Business $business)
     {
-        $business = $request->user()->business;
 
         // SLA metrics
         $slaMetrics = $this->slaService->getMetrics($business->id, 30);
@@ -125,7 +141,8 @@ class CrmDashboardController extends Controller
             'slaMetrics',
             'repMetrics',
             'threadDistribution',
-            'dealDistribution'
+            'dealDistribution',
+            'business'
         ));
     }
 
@@ -165,19 +182,33 @@ class CrmDashboardController extends Controller
             ->with('thread.contact')
             ->get();
 
-        // Quick stats
+        // Quick stats - consolidated into efficient queries
+        $threadStats = CrmThread::forBusiness($business->id)
+            ->selectRaw("
+                SUM(CASE WHEN status = 'open' THEN 1 ELSE 0 END) as open_threads,
+                SUM(CASE WHEN is_read = false AND status = 'open' THEN 1 ELSE 0 END) as unread_threads
+            ")
+            ->first();
+
+        $dealStats = CrmDeal::forBusiness($business->id)
+            ->selectRaw("
+                SUM(CASE WHEN status = 'open' THEN 1 ELSE 0 END) as open_deals,
+                SUM(CASE WHEN status = 'open' AND owner_id = ? THEN 1 ELSE 0 END) as my_deals,
+                SUM(CASE WHEN status = 'open' THEN value ELSE 0 END) as pipeline_value,
+                SUM(CASE WHEN status = 'open' THEN weighted_value ELSE 0 END) as weighted_pipeline,
+                SUM(CASE WHEN status = 'won' AND EXTRACT(MONTH FROM actual_close_date) = ? AND EXTRACT(YEAR FROM actual_close_date) = ? THEN value ELSE 0 END) as won_this_month
+            ", [$user->id, now()->month, now()->year])
+            ->first();
+
         $stats = [
-            'open_threads' => CrmThread::forBusiness($business->id)->open()->count(),
+            'open_threads' => $threadStats->open_threads ?? 0,
             'my_threads' => $myThreads->count(),
-            'unread_threads' => CrmThread::forBusiness($business->id)->unread()->count(),
-            'open_deals' => CrmDeal::forBusiness($business->id)->open()->count(),
-            'my_deals' => CrmDeal::forBusiness($business->id)->ownedBy($user->id)->open()->count(),
-            'pipeline_value' => CrmDeal::forBusiness($business->id)->open()->sum('value'),
-            'weighted_pipeline' => CrmDeal::forBusiness($business->id)->open()->sum('weighted_value'),
-            'won_this_month' => CrmDeal::forBusiness($business->id)
-                ->won()
-                ->whereMonth('actual_close_date', now()->month)
-                ->sum('value'),
+            'unread_threads' => $threadStats->unread_threads ?? 0,
+            'open_deals' => $dealStats->open_deals ?? 0,
+            'my_deals' => $dealStats->my_deals ?? 0,
+            'pipeline_value' => $dealStats->pipeline_value ?? 0,
+            'weighted_pipeline' => $dealStats->weighted_pipeline ?? 0,
+            'won_this_month' => $dealStats->won_this_month ?? 0,
             'sla_compliance' => $this->slaService->getMetrics($business->id, 30)['compliance_rate'] ?? 100,
         ];
 

app/Http/Controllers/Seller/Crm/CrmSettingsController.php

@@ -3,6 +3,8 @@
 namespace App\Http\Controllers\Seller\Crm;
 
 use App\Http\Controllers\Controller;
+use App\Models\Business;
+use App\Models\ChatQuickReply;
 use App\Models\Crm\CrmChannel;
 use App\Models\Crm\CrmMessageTemplate;
 use App\Models\Crm\CrmPipeline;
@@ -16,9 +18,8 @@ class CrmSettingsController extends Controller
     /**
      * Settings overview
      */
-    public function index(Request $request)
+    public function index(Request $request, Business $business)
     {
-        $business = $request->user()->business;
 
         $stats = [
             'channels' => CrmChannel::where('business_id', $business->id)->count(),
@@ -28,7 +29,7 @@ class CrmSettingsController extends Controller
             'tags' => CrmTag::where('business_id', $business->id)->count(),
         ];
 
-        return view('seller.crm.settings.index', compact('stats'));
+        return view('seller.crm.settings.index', compact('stats', 'business'));
     }
 
     // ================== CHANNELS ==================
@@ -36,34 +37,32 @@ class CrmSettingsController extends Controller
     /**
      * List channels
      */
-    public function channels(Request $request)
+    public function channels(Request $request, Business $business)
     {
-        $business = $request->user()->business;
 
         $channels = CrmChannel::where('business_id', $business->id)
             ->orderBy('type')
             ->get()
             ->groupBy('type');
 
-        return view('seller.crm.settings.channels.index', compact('channels'));
+        return view('seller.crm.settings.channels.index', compact('channels', 'business'));
     }
 
     /**
      * Create channel form
      */
-    public function createChannel(Request $request)
+    public function createChannel(Request $request, Business $business)
     {
         $types = CrmChannel::TYPES;
 
-        return view('seller.crm.settings.channels.create', compact('types'));
+        return view('seller.crm.settings.channels.create', compact('types', 'business'));
     }
 
     /**
      * Store channel
      */
-    public function storeChannel(Request $request)
+    public function storeChannel(Request $request, Business $business)
     {
-        $business = $request->user()->business;
 
         $validated = $request->validate([
             'name' => 'required|string|max:255',
@@ -88,16 +87,15 @@ class CrmSettingsController extends Controller
             'is_default' => $validated['is_default'] ?? false,
         ]);
 
-        return redirect()->route('seller.crm.settings.channels')
+        return redirect()->route('seller.business.crm.settings.channels', $business)
             ->with('success', 'Channel created successfully.');
     }
 
     /**
      * Edit channel
      */
-    public function editChannel(Request $request, CrmChannel $channel)
+    public function editChannel(Request $request, Business $business, CrmChannel $channel)
     {
-        $business = $request->user()->business;
 
         if ($channel->business_id !== $business->id) {
             abort(404);
@@ -105,15 +103,14 @@ class CrmSettingsController extends Controller
 
         $types = CrmChannel::TYPES;
 
-        return view('seller.crm.settings.channels.edit', compact('channel', 'types'));
+        return view('seller.crm.settings.channels.edit', compact('channel', 'types', 'business'));
     }
 
     /**
      * Update channel
      */
-    public function updateChannel(Request $request, CrmChannel $channel)
+    public function updateChannel(Request $request, Business $business, CrmChannel $channel)
     {
-        $business = $request->user()->business;
 
         if ($channel->business_id !== $business->id) {
             abort(404);
@@ -136,16 +133,15 @@ class CrmSettingsController extends Controller
 
         $channel->update($validated);
 
-        return redirect()->route('seller.crm.settings.channels')
+        return redirect()->route('seller.business.crm.settings.channels', $business)
             ->with('success', 'Channel updated.');
     }
 
     /**
      * Delete channel
      */
-    public function destroyChannel(Request $request, CrmChannel $channel)
+    public function destroyChannel(Request $request, Business $business, CrmChannel $channel)
     {
-        $business = $request->user()->business;
 
         if ($channel->business_id !== $business->id) {
             abort(404);
@@ -161,32 +157,30 @@ class CrmSettingsController extends Controller
     /**
      * List pipelines
      */
-    public function pipelines(Request $request)
+    public function pipelines(Request $request, Business $business)
     {
-        $business = $request->user()->business;
 
         $pipelines = CrmPipeline::where('business_id', $business->id)
             ->withCount('deals')
             ->orderBy('name')
             ->get();
 
-        return view('seller.crm.settings.pipelines.index', compact('pipelines'));
+        return view('seller.crm.settings.pipelines.index', compact('pipelines', 'business'));
     }
 
     /**
      * Create pipeline form
      */
-    public function createPipeline()
+    public function createPipeline(Request $request, Business $business)
     {
-        return view('seller.crm.settings.pipelines.create');
+        return view('seller.crm.settings.pipelines.create', compact('business'));
     }
 
     /**
      * Store pipeline
      */
-    public function storePipeline(Request $request)
+    public function storePipeline(Request $request, Business $business)
     {
-        $business = $request->user()->business;
 
         $validated = $request->validate([
             'name' => 'required|string|max:255',
@@ -213,30 +207,28 @@ class CrmSettingsController extends Controller
             'is_default' => $validated['is_default'] ?? false,
         ]);
 
-        return redirect()->route('seller.crm.settings.pipelines')
+        return redirect()->route('seller.business.crm.settings.pipelines', $business)
             ->with('success', 'Pipeline created.');
     }
 
     /**
      * Edit pipeline
      */
-    public function editPipeline(Request $request, CrmPipeline $pipeline)
+    public function editPipeline(Request $request, Business $business, CrmPipeline $pipeline)
     {
-        $business = $request->user()->business;
 
         if ($pipeline->business_id !== $business->id) {
             abort(404);
         }
 
-        return view('seller.crm.settings.pipelines.edit', compact('pipeline'));
+        return view('seller.crm.settings.pipelines.edit', compact('pipeline', 'business'));
     }
 
     /**
      * Update pipeline
      */
-    public function updatePipeline(Request $request, CrmPipeline $pipeline)
+    public function updatePipeline(Request $request, Business $business, CrmPipeline $pipeline)
     {
-        $business = $request->user()->business;
 
         if ($pipeline->business_id !== $business->id) {
             abort(404);
@@ -262,16 +254,15 @@ class CrmSettingsController extends Controller
 
         $pipeline->update($validated);
 
-        return redirect()->route('seller.crm.settings.pipelines')
+        return redirect()->route('seller.business.crm.settings.pipelines', $business)
             ->with('success', 'Pipeline updated.');
     }
 
     /**
      * Delete pipeline
      */
-    public function destroyPipeline(Request $request, CrmPipeline $pipeline)
+    public function destroyPipeline(Request $request, Business $business, CrmPipeline $pipeline)
     {
-        $business = $request->user()->business;
 
         if ($pipeline->business_id !== $business->id) {
             abort(404);
@@ -291,31 +282,29 @@ class CrmSettingsController extends Controller
     /**
      * List SLA policies
      */
-    public function slaPolicies(Request $request)
+    public function slaPolicies(Request $request, Business $business)
     {
-        $business = $request->user()->business;
 
         $policies = CrmSlaPolicy::where('business_id', $business->id)
             ->orderBy('priority')
             ->get();
 
-        return view('seller.crm.settings.sla.index', compact('policies'));
+        return view('seller.crm.settings.sla.index', compact('policies', 'business'));
     }
 
     /**
      * Create SLA policy form
      */
-    public function createSlaPolicy()
+    public function createSlaPolicy(Request $request, Business $business)
     {
-        return view('seller.crm.settings.sla.create');
+        return view('seller.crm.settings.sla.create', compact('business'));
     }
 
     /**
      * Store SLA policy
      */
-    public function storeSlaPolicy(Request $request)
+    public function storeSlaPolicy(Request $request, Business $business)
     {
-        $business = $request->user()->business;
 
         $validated = $request->validate([
             'name' => 'required|string|max:255',
@@ -342,30 +331,28 @@ class CrmSettingsController extends Controller
             'is_active' => $validated['is_active'] ?? true,
         ]);
 
-        return redirect()->route('seller.crm.settings.sla')
+        return redirect()->route('seller.business.crm.settings.sla', $business)
             ->with('success', 'SLA policy created.');
     }
 
     /**
      * Edit SLA policy
      */
-    public function editSlaPolicy(Request $request, CrmSlaPolicy $policy)
+    public function editSlaPolicy(Request $request, Business $business, CrmSlaPolicy $policy)
     {
-        $business = $request->user()->business;
 
         if ($policy->business_id !== $business->id) {
             abort(404);
         }
 
-        return view('seller.crm.settings.sla.edit', compact('policy'));
+        return view('seller.crm.settings.sla.edit', compact('policy', 'business'));
     }
 
     /**
      * Update SLA policy
      */
-    public function updateSlaPolicy(Request $request, CrmSlaPolicy $policy)
+    public function updateSlaPolicy(Request $request, Business $business, CrmSlaPolicy $policy)
     {
-        $business = $request->user()->business;
 
         if ($policy->business_id !== $business->id) {
             abort(404);
@@ -385,16 +372,15 @@ class CrmSettingsController extends Controller
 
         $policy->update($validated);
 
-        return redirect()->route('seller.crm.settings.sla')
+        return redirect()->route('seller.business.crm.settings.sla', $business)
             ->with('success', 'SLA policy updated.');
     }
 
     /**
      * Delete SLA policy
      */
-    public function destroySlaPolicy(Request $request, CrmSlaPolicy $policy)
+    public function destroySlaPolicy(Request $request, Business $business, CrmSlaPolicy $policy)
     {
-        $business = $request->user()->business;
 
         if ($policy->business_id !== $business->id) {
             abort(404);
@@ -410,24 +396,22 @@ class CrmSettingsController extends Controller
     /**
      * List tags
      */
-    public function tags(Request $request)
+    public function tags(Request $request, Business $business)
     {
-        $business = $request->user()->business;
 
         $tags = CrmTag::where('business_id', $business->id)
             ->withCount('taggables')
             ->orderBy('name')
             ->get();
 
-        return view('seller.crm.settings.tags.index', compact('tags'));
+        return view('seller.crm.settings.tags.index', compact('tags', 'business'));
     }
 
     /**
      * Store tag
      */
-    public function storeTag(Request $request)
+    public function storeTag(Request $request, Business $business)
     {
-        $business = $request->user()->business;
 
         $validated = $request->validate([
             'name' => 'required|string|max:50',
@@ -448,9 +432,8 @@ class CrmSettingsController extends Controller
     /**
      * Update tag
      */
-    public function updateTag(Request $request, CrmTag $tag)
+    public function updateTag(Request $request, Business $business, CrmTag $tag)
     {
-        $business = $request->user()->business;
 
         if ($tag->business_id !== $business->id) {
             abort(404);
@@ -470,9 +453,8 @@ class CrmSettingsController extends Controller
     /**
      * Delete tag
      */
-    public function destroyTag(Request $request, CrmTag $tag)
+    public function destroyTag(Request $request, Business $business, CrmTag $tag)
     {
-        $business = $request->user()->business;
 
         if ($tag->business_id !== $business->id) {
             abort(404);
@@ -488,9 +470,8 @@ class CrmSettingsController extends Controller
     /**
      * List templates
      */
-    public function templates(Request $request)
+    public function templates(Request $request, Business $business)
     {
-        $business = $request->user()->business;
 
         $templates = CrmMessageTemplate::where('business_id', $business->id)
             ->orderBy('category')
@@ -498,7 +479,7 @@ class CrmSettingsController extends Controller
             ->get()
             ->groupBy('category');
 
-        return view('seller.crm.settings.templates.index', compact('templates'));
+        return view('seller.crm.settings.templates.index', compact('templates', 'business'));
     }
 
     /**
@@ -509,15 +490,14 @@ class CrmSettingsController extends Controller
         $categories = CrmMessageTemplate::CATEGORIES;
         $channels = CrmChannel::TYPES;
 
-        return view('seller.crm.settings.templates.create', compact('categories', 'channels'));
+        return view('seller.crm.settings.templates.create', compact('categories', 'channels', 'business'));
     }
 
     /**
      * Store template
      */
-    public function storeTemplate(Request $request)
+    public function storeTemplate(Request $request, Business $business)
     {
-        $business = $request->user()->business;
 
         $validated = $request->validate([
             'name' => 'required|string|max:255',
@@ -540,16 +520,15 @@ class CrmSettingsController extends Controller
             'is_active' => true,
         ]);
 
-        return redirect()->route('seller.crm.settings.templates')
+        return redirect()->route('seller.business.crm.settings.templates', $business)
             ->with('success', 'Template created.');
     }
 
     /**
      * Edit template
      */
-    public function editTemplate(Request $request, CrmMessageTemplate $template)
+    public function editTemplate(Request $request, Business $business, CrmMessageTemplate $template)
     {
-        $business = $request->user()->business;
 
         if ($template->business_id !== $business->id) {
             abort(404);
@@ -558,15 +537,14 @@ class CrmSettingsController extends Controller
         $categories = CrmMessageTemplate::CATEGORIES;
         $channels = CrmChannel::TYPES;
 
-        return view('seller.crm.settings.templates.edit', compact('template', 'categories', 'channels'));
+        return view('seller.crm.settings.templates.edit', compact('template', 'categories', 'channels', 'business'));
     }
 
     /**
      * Update template
      */
-    public function updateTemplate(Request $request, CrmMessageTemplate $template)
+    public function updateTemplate(Request $request, Business $business, CrmMessageTemplate $template)
     {
-        $business = $request->user()->business;
 
         if ($template->business_id !== $business->id) {
             abort(404);
@@ -583,16 +561,15 @@ class CrmSettingsController extends Controller
 
         $template->update($validated);
 
-        return redirect()->route('seller.crm.settings.templates')
+        return redirect()->route('seller.business.crm.settings.templates', $business)
             ->with('success', 'Template updated.');
     }
 
     /**
      * Delete template
      */
-    public function destroyTemplate(Request $request, CrmMessageTemplate $template)
+    public function destroyTemplate(Request $request, Business $business, CrmMessageTemplate $template)
     {
-        $business = $request->user()->business;
 
         if ($template->business_id !== $business->id) {
             abort(404);
@@ -608,24 +585,22 @@ class CrmSettingsController extends Controller
     /**
      * List team roles
      */
-    public function teamRoles(Request $request)
+    public function teamRoles(Request $request, Business $business)
     {
-        $business = $request->user()->business;
 
         $roles = CrmTeamRole::where('business_id', $business->id)
             ->withCount('users')
             ->orderBy('name')
             ->get();
 
-        return view('seller.crm.settings.roles.index', compact('roles'));
+        return view('seller.crm.settings.roles.index', compact('roles', 'business'));
     }
 
     /**
      * Store team role
      */
-    public function storeTeamRole(Request $request)
+    public function storeTeamRole(Request $request, Business $business)
     {
-        $business = $request->user()->business;
 
         $validated = $request->validate([
             'name' => 'required|string|max:100',
@@ -644,9 +619,8 @@ class CrmSettingsController extends Controller
     /**
      * Update team role
      */
-    public function updateTeamRole(Request $request, CrmTeamRole $role)
+    public function updateTeamRole(Request $request, Business $business, CrmTeamRole $role)
     {
-        $business = $request->user()->business;
 
         if ($role->business_id !== $business->id) {
             abort(404);
@@ -665,9 +639,8 @@ class CrmSettingsController extends Controller
     /**
      * Delete team role
      */
-    public function destroyTeamRole(Request $request, CrmTeamRole $role)
+    public function destroyTeamRole(Request $request, Business $business, CrmTeamRole $role)
     {
-        $business = $request->user()->business;
 
         if ($role->business_id !== $business->id) {
             abort(404);
@@ -677,4 +650,81 @@ class CrmSettingsController extends Controller
 
         return back()->with('success', 'Role deleted.');
     }
+
+    /**
+     * Quick replies list
+     */
+    public function quickReplies(Request $request, Business $business)
+    {
+        $quickReplies = ChatQuickReply::where('business_id', $business->id)
+            ->orderBy('sort_order')
+            ->orderBy('label')
+            ->get();
+
+        $categories = $quickReplies->pluck('category')->filter()->unique()->values();
+
+        return view('seller.crm.settings.quick-replies.index', [
+            'business' => $business,
+            'quickReplies' => $quickReplies,
+            'categories' => $categories,
+        ]);
+    }
+
+    /**
+     * Store new quick reply
+     */
+    public function storeQuickReply(Request $request, Business $business)
+    {
+        $validated = $request->validate([
+            'label' => 'required|string|max:100',
+            'message' => 'required|string|max:2000',
+            'category' => 'nullable|string|max:50',
+            'is_active' => 'boolean',
+        ]);
+
+        $validated['business_id'] = $business->id;
+        $validated['is_active'] = $request->boolean('is_active', true);
+        $validated['sort_order'] = ChatQuickReply::where('business_id', $business->id)->max('sort_order') + 1;
+
+        ChatQuickReply::create($validated);
+
+        return back()->with('success', 'Quick reply created.');
+    }
+
+    /**
+     * Update quick reply
+     */
+    public function updateQuickReply(Request $request, Business $business, ChatQuickReply $quickReply)
+    {
+        if ($quickReply->business_id !== $business->id) {
+            abort(404);
+        }
+
+        $validated = $request->validate([
+            'label' => 'required|string|max:100',
+            'message' => 'required|string|max:2000',
+            'category' => 'nullable|string|max:50',
+            'is_active' => 'boolean',
+        ]);
+
+        $validated['is_active'] = $request->boolean('is_active', true);
+
+        $quickReply->update($validated);
+
+        return back()->with('success', 'Quick reply updated.');
+    }
+
+    /**
+     * Delete quick reply
+     */
+    public function destroyQuickReply(Request $request, Business $business, ChatQuickReply $quickReply)
+    {
+        if ($quickReply->business_id !== $business->id) {
+            abort(404);
+        }
+
+        $quickReply->delete();
+
+        return back()->with('success', 'Quick reply deleted.');
+    }
 }

app/Http/Controllers/Seller/Crm/DealController.php

@@ -22,10 +22,8 @@ class DealController extends Controller
     /**
      * Display pipeline board view
      */
-    public function index(Request $request)
+    public function index(Request $request, Business $business)
     {
-        $business = $request->user()->business;
-
         // Get active pipeline
         $pipeline = CrmPipeline::forBusiness($business->id)
             ->where('id', $request->input('pipeline_id'))
@@ -33,10 +31,10 @@ class DealController extends Controller
             ?? CrmPipeline::forBusiness($business->id)->default()->first()
             ?? CrmPipeline::createDefault($business->id);
 
-        // Get deals grouped by stage
+        // Build base query for deals
         $dealsQuery = CrmDeal::forBusiness($business->id)
             ->where('pipeline_id', $pipeline->id)
-            ->with(['contact', 'account', 'owner']);
+            ->with(['contact:id,first_name,last_name,email', 'account:id,name', 'owner:id,first_name,last_name,email']);
 
         // Filters
         if ($request->filled('owner_id')) {
@@ -54,53 +52,95 @@ class DealController extends Controller
             $dealsQuery->open();
         }
 
-        $deals = $dealsQuery->get()->groupBy('stage');
+        // Get deals grouped by stage using database grouping for efficiency
+        // Limit to reasonable number per stage for board view
+        $stages = $pipeline->stages ?? [];
+        $deals = collect();
+        foreach ($stages as $stage) {
+            $stageDeals = (clone $dealsQuery)
+                ->where('stage', $stage['name'] ?? $stage)
+                ->orderByDesc('value')
+                ->limit(50)
+                ->get();
+            $deals[$stage['name'] ?? $stage] = $stageDeals;
+        }
 
-        // Get pipelines for selector
-        $pipelines = CrmPipeline::forBusiness($business->id)->active()->get();
+        // Get pipelines for selector (limited fields)
+        $pipelines = CrmPipeline::forBusiness($business->id)
+            ->active()
+            ->select('id', 'name', 'stages', 'is_default')
+            ->get();
 
-        // Get team members
-        $teamMembers = User::where('business_id', $business->id)->get();
+        // Get team members (limited fields)
+        $teamMembers = User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))
+            ->select('id', 'first_name', 'last_name', 'email')
+            ->get();
+
+        // Calculate stats with single efficient query using selectRaw
+        $statsResult = CrmDeal::forBusiness($business->id)
+            ->open()
+            ->selectRaw('SUM(value) as total_value, SUM(weighted_value) as weighted_value, COUNT(*) as deals_count')
+            ->first();
+
+        $wonThisMonth = CrmDeal::forBusiness($business->id)
+            ->won()
+            ->whereMonth('actual_close_date', now()->month)
+            ->whereYear('actual_close_date', now()->year)
+            ->sum('value');
 
-        // Calculate stats
         $stats = [
-            'total_value' => CrmDeal::forBusiness($business->id)->open()->sum('value'),
-            'weighted_value' => CrmDeal::forBusiness($business->id)->open()->sum('weighted_value'),
-            'deals_count' => CrmDeal::forBusiness($business->id)->open()->count(),
-            'won_this_month' => CrmDeal::forBusiness($business->id)
-                ->won()
-                ->whereMonth('actual_close_date', now()->month)
-                ->sum('value'),
+            'total_value' => $statsResult->total_value ?? 0,
+            'weighted_value' => $statsResult->weighted_value ?? 0,
+            'deals_count' => $statsResult->deals_count ?? 0,
+            'won_this_month' => $wonThisMonth,
         ];
 
-        return view('seller.crm.deals.index', compact('pipeline', 'deals', 'pipelines', 'teamMembers', 'stats'));
+        return view('seller.crm.deals.index', compact('business', 'pipeline', 'deals', 'pipelines', 'teamMembers', 'stats'));
     }
 
     /**
      * Show create deal form
      */
-    public function create(Request $request)
+    public function create(Request $request, Business $business)
     {
-        $business = $request->user()->business;
+        $pipelines = CrmPipeline::forBusiness($business->id)
+            ->active()
+            ->select('id', 'name', 'stages', 'is_default')
+            ->get();
 
-        $pipelines = CrmPipeline::forBusiness($business->id)->active()->get();
-        $contacts = Contact::where('business_id', $business->id)->get();
-        $accounts = Business::whereHas('ordersAsCustomer', function ($q) use ($business) {
+        // Limit contacts for dropdown - most recent 100
+        $contacts = Contact::where('business_id', $business->id)
+            ->select('id', 'first_name', 'last_name', 'email')
+            ->orderByDesc('updated_at')
+            ->limit(100)
+            ->get();
+
+        // Limit accounts for dropdown - most recent 100
+        // Get businesses that have placed orders containing this seller's products
+        $accounts = Business::whereHas('orders', function ($q) use ($business) {
             $q->whereHas('items.product.brand', fn ($b) => $b->where('business_id', $business->id));
-        })->get();
-        $teamMembers = User::where('business_id', $business->id)->get();
-        $brands = Brand::where('business_id', $business->id)->get();
+        })
+            ->select('id', 'name')
+            ->orderByDesc('updated_at')
+            ->limit(100)
+            ->get();
 
-        return view('seller.crm.deals.create', compact('pipelines', 'contacts', 'accounts', 'teamMembers', 'brands'));
+        $teamMembers = User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))
+            ->select('id', 'first_name', 'last_name', 'email')
+            ->get();
+
+        $brands = Brand::where('business_id', $business->id)
+            ->select('id', 'name')
+            ->get();
+
+        return view('seller.crm.deals.create', compact('pipelines', 'contacts', 'accounts', 'teamMembers', 'brands', 'business'));
     }
 
     /**
      * Store new deal
      */
-    public function store(Request $request)
+    public function store(Request $request, Business $business)
     {
-        $business = $request->user()->business;
-
         $validated = $request->validate([
             'name' => 'required|string|max:255',
             'pipeline_id' => 'required|exists:crm_pipelines,id',
@@ -132,7 +172,7 @@ class DealController extends Controller
         // SECURITY: Verify owner belongs to business
         if (! empty($validated['owner_id'])) {
             User::where('id', $validated['owner_id'])
-                ->where('business_id', $business->id)
+                ->whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))
                 ->firstOrFail();
         }
 
@@ -161,17 +201,15 @@ class DealController extends Controller
             'status' => CrmDeal::STATUS_OPEN,
         ]);
 
-        return redirect()->route('seller.crm.deals.show', $deal)
+        return redirect()->route('seller.business.crm.deals.show', [$business, $deal])
             ->with('success', 'Deal created successfully.');
     }
 
     /**
      * Show deal details
      */
-    public function show(Request $request, CrmDeal $deal)
+    public function show(Request $request, Business $business, CrmDeal $deal)
     {
-        $business = $request->user()->business;
-
         if ($deal->business_id !== $business->id) {
             abort(404);
         }
@@ -199,16 +237,14 @@ class DealController extends Controller
             $deal->refresh();
         }
 
-        return view('seller.crm.deals.show', compact('deal', 'suggestions'));
+        return view('seller.crm.deals.show', compact('deal', 'suggestions', 'business'));
     }
 
     /**
      * Update deal stage (drag & drop)
      */
-    public function updateStage(Request $request, CrmDeal $deal)
+    public function updateStage(Request $request, Business $business, CrmDeal $deal)
     {
-        $business = $request->user()->business;
-
         if ($deal->business_id !== $business->id) {
             return response()->json(['error' => 'Unauthorized'], 403);
         }
@@ -232,10 +268,8 @@ class DealController extends Controller
     /**
      * Mark deal as won
      */
-    public function markWon(Request $request, CrmDeal $deal)
+    public function markWon(Request $request, Business $business, CrmDeal $deal)
     {
-        $business = $request->user()->business;
-
         if ($deal->business_id !== $business->id) {
             abort(404);
         }
@@ -253,10 +287,8 @@ class DealController extends Controller
     /**
      * Mark deal as lost
      */
-    public function markLost(Request $request, CrmDeal $deal)
+    public function markLost(Request $request, Business $business, CrmDeal $deal)
     {
-        $business = $request->user()->business;
-
         if ($deal->business_id !== $business->id) {
             abort(404);
         }
@@ -280,10 +312,8 @@ class DealController extends Controller
     /**
      * Reopen a closed deal
      */
-    public function reopen(Request $request, CrmDeal $deal)
+    public function reopen(Request $request, Business $business, CrmDeal $deal)
     {
-        $business = $request->user()->business;
-
         if ($deal->business_id !== $business->id) {
             abort(404);
         }
@@ -296,10 +326,8 @@ class DealController extends Controller
     /**
      * Update deal details
      */
-    public function update(Request $request, CrmDeal $deal)
+    public function update(Request $request, Business $business, CrmDeal $deal)
     {
-        $business = $request->user()->business;
-
         if ($deal->business_id !== $business->id) {
             abort(404);
         }
@@ -326,7 +354,7 @@ class DealController extends Controller
 
         if (! empty($validated['owner_id'])) {
             User::where('id', $validated['owner_id'])
-                ->where('business_id', $business->id)
+                ->whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))
                 ->firstOrFail();
         }
 
@@ -338,17 +366,15 @@ class DealController extends Controller
     /**
      * Delete deal
      */
-    public function destroy(Request $request, CrmDeal $deal)
+    public function destroy(Request $request, Business $business, CrmDeal $deal)
     {
-        $business = $request->user()->business;
-
         if ($deal->business_id !== $business->id) {
             abort(404);
         }
 
         $deal->delete();
 
-        return redirect()->route('seller.crm.deals.index')
+        return redirect()->route('seller.business.crm.deals.index', $business)
             ->with('success', 'Deal deleted.');
     }
 }

app/Http/Controllers/Seller/Crm/InvoiceController.php

@@ -3,21 +3,24 @@
 namespace App\Http\Controllers\Seller\Crm;
 
 use App\Http\Controllers\Controller;
+use App\Mail\InvoiceMail;
+use App\Models\Business;
+use App\Models\Crm\CrmDeal;
 use App\Models\Crm\CrmInvoice;
 use App\Models\Crm\CrmInvoiceItem;
 use App\Models\Crm\CrmInvoicePayment;
 use App\Models\Crm\CrmQuote;
+use Barryvdh\DomPDF\Facade\Pdf;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Mail;
 
 class InvoiceController extends Controller
 {
     /**
      * List invoices
      */
-    public function index(Request $request)
+    public function index(Request $request, Business $business)
     {
-        $business = $request->user()->business;
-
         $query = CrmInvoice::forBusiness($business->id)
             ->with(['contact', 'account', 'creator'])
             ->withCount('items');
@@ -33,84 +36,157 @@ class InvoiceController extends Controller
 
         if ($request->filled('search')) {
             $query->where(function ($q) use ($request) {
-                $q->where('invoice_number', 'like', "%{$request->search}%")
-                    ->orWhere('title', 'like', "%{$request->search}%");
+                $q->where('invoice_number', 'ILIKE', "%{$request->search}%")
+                    ->orWhere('title', 'ILIKE', "%{$request->search}%");
             });
         }
 
         $invoices = $query->orderByDesc('created_at')->paginate(25);
 
-        // Stats
+        // Stats - single efficient query with conditional aggregation
+        $invoiceStats = CrmInvoice::forBusiness($business->id)
+            ->selectRaw("
+                SUM(CASE WHEN status IN ('sent', 'viewed', 'partial') THEN balance_due ELSE 0 END) as outstanding,
+                SUM(CASE WHEN status IN ('sent', 'viewed', 'partial') AND due_date < CURRENT_DATE THEN balance_due ELSE 0 END) as overdue
+            ")
+            ->first();
+
+        $paidThisMonth = CrmInvoicePayment::whereHas('invoice', fn ($q) => $q->where('business_id', $business->id))
+            ->whereMonth('payment_date', now()->month)
+            ->whereYear('payment_date', now()->year)
+            ->sum('amount');
+
         $stats = [
-            'outstanding' => CrmInvoice::forBusiness($business->id)->outstanding()->sum('amount_due'),
-            'overdue' => CrmInvoice::forBusiness($business->id)->overdue()->sum('amount_due'),
-            'paid_this_month' => CrmInvoicePayment::whereHas('invoice', fn ($q) => $q->where('business_id', $business->id))
-                ->whereMonth('payment_date', now()->month)
-                ->whereYear('payment_date', now()->year)
-                ->sum('amount'),
+            'outstanding' => $invoiceStats->outstanding ?? 0,
+            'overdue' => $invoiceStats->overdue ?? 0,
+            'paid_this_month' => $paidThisMonth,
         ];
 
-        return view('seller.crm.invoices.index', compact('invoices', 'stats'));
+        return view('seller.crm.invoices.index', compact('invoices', 'stats', 'business'));
     }
 
     /**
      * Show invoice details
      */
-    public function show(Request $request, CrmInvoice $invoice)
+    public function show(Request $request, Business $business, CrmInvoice $invoice)
     {
-        $business = $request->user()->business;
-
         if ($invoice->business_id !== $business->id) {
             abort(404);
         }
 
-        $invoice->load(['contact', 'account', 'quote', 'creator', 'items.product', 'payments']);
+        $invoice->load(['contact', 'account', 'quote', 'creator', 'items.product', 'payments.recordedBy']);
 
-        return view('seller.crm.invoices.show', compact('invoice'));
+        return view('seller.crm.invoices.show', compact('invoice', 'business'));
     }
 
     /**
      * Create invoice form
      */
-    public function create(Request $request)
+    public function create(Request $request, Business $business)
     {
-        $business = $request->user()->business;
+        // Get all approved buyer businesses as potential customers (matching quotes)
+        $accounts = Business::where('type', 'buyer')
+            ->where('status', 'approved')
+            ->with('locations:id,business_id,name,is_primary')
+            ->orderBy('name')
+            ->select(['id', 'name', 'slug'])
+            ->get();
 
-        $contacts = \App\Models\Contact::where('business_id', $business->id)->get();
+        // Get open deals for linking
+        $deals = CrmDeal::forBusiness($business->id)->open()->get();
+
+        // Limit quotes to accepted without invoices
         $quotes = CrmQuote::forBusiness($business->id)
             ->where('status', CrmQuote::STATUS_ACCEPTED)
             ->whereDoesntHave('invoice')
+            ->select('id', 'quote_number', 'title', 'total', 'contact_id', 'account_id', 'location_id')
+            ->with(['contact:id,first_name,last_name', 'items.product'])
+            ->limit(50)
             ->get();
 
-        return view('seller.crm.invoices.create', compact('contacts', 'quotes'));
+        // Transform quotes for Alpine.js (avoid complex closures in Blade @json)
+        $quotesForJs = $quotes->map(fn ($q) => [
+            'id' => $q->id,
+            'account_id' => $q->account_id,
+            'contact_id' => $q->contact_id,
+            'location_id' => $q->location_id,
+            'items' => $q->items->map(fn ($i) => [
+                'product_id' => $i->product_id,
+                'description' => $i->description,
+                'quantity' => $i->quantity,
+                'unit_price' => $i->unit_price,
+                'discount_percent' => $i->discount_percent ?? 0,
+            ])->values(),
+        ])->values();
+
+        // Pre-fill from URL parameters
+        $selectedAccount = null;
+        $selectedLocation = null;
+        $selectedContact = null;
+        $locationContacts = collect();
+
+        if ($request->filled('account_id')) {
+            $selectedAccount = $accounts->firstWhere('id', $request->account_id);
+        }
+
+        if ($request->filled('location_id') && $selectedAccount) {
+            $selectedLocation = $selectedAccount->locations->firstWhere('id', $request->location_id);
+        }
+
+        // Pre-fill from quote if provided
+        $quote = null;
+        if ($request->filled('quote_id')) {
+            $quote = $quotes->firstWhere('id', $request->quote_id);
+            if ($quote) {
+                $selectedAccount = $accounts->firstWhere('id', $quote->account_id);
+            }
+        }
+
+        return view('seller.crm.invoices.create', compact(
+            'accounts',
+            'deals',
+            'quotes',
+            'quotesForJs',
+            'business',
+            'selectedAccount',
+            'selectedLocation',
+            'selectedContact',
+            'locationContacts',
+            'quote'
+        ));
     }
 
     /**
      * Store new invoice
      */
-    public function store(Request $request)
+    public function store(Request $request, Business $business)
     {
-        $business = $request->user()->business;
-
         $validated = $request->validate([
             'title' => 'required|string|max:255',
             'contact_id' => 'required|exists:contacts,id',
             'account_id' => 'nullable|exists:businesses,id',
+            'location_id' => 'nullable|exists:business_locations,id',
             'quote_id' => 'nullable|exists:crm_quotes,id',
+            'deal_id' => 'nullable|exists:crm_deals,id',
             'due_date' => 'required|date|after_or_equal:today',
             'tax_rate' => 'nullable|numeric|min:0|max:100',
+            'discount_type' => 'nullable|in:fixed,percentage',
+            'discount_value' => 'nullable|numeric|min:0',
             'notes' => 'nullable|string|max:2000',
             'payment_terms' => 'nullable|string|max:1000',
             'items' => 'required|array|min:1',
+            'items.*.product_id' => 'nullable|exists:products,id',
             'items.*.description' => 'required|string|max:500',
             'items.*.quantity' => 'required|numeric|min:0.01',
             'items.*.unit_price' => 'required|numeric|min:0',
+            'items.*.discount_percent' => 'nullable|numeric|min:0|max:100',
         ]);
 
-        // SECURITY: Verify contact belongs to business
-        \App\Models\Contact::where('id', $validated['contact_id'])
-            ->where('business_id', $business->id)
-            ->firstOrFail();
+        // SECURITY: Verify contact belongs to the account if account is provided
+        $contact = \App\Models\Contact::findOrFail($validated['contact_id']);
+        if (! empty($validated['account_id']) && $contact->business_id !== (int) $validated['account_id']) {
+            return back()->withErrors(['contact_id' => 'Contact must belong to the selected account.']);
+        }
 
         // SECURITY: Verify quote belongs to business if provided
         if (! empty($validated['quote_id'])) {
@@ -119,22 +195,33 @@ class InvoiceController extends Controller
                 ->firstOrFail();
         }
 
+        // SECURITY: Verify deal belongs to business if provided
+        if (! empty($validated['deal_id'])) {
+            CrmDeal::where('id', $validated['deal_id'])
+                ->where('business_id', $business->id)
+                ->firstOrFail();
+        }
+
         $invoiceNumber = CrmInvoice::generateInvoiceNumber($business->id);
 
         $invoice = CrmInvoice::create([
             'business_id' => $business->id,
             'contact_id' => $validated['contact_id'],
             'account_id' => $validated['account_id'],
-            'quote_id' => $validated['quote_id'],
+            'location_id' => $validated['location_id'] ?? null,
+            'quote_id' => $validated['quote_id'] ?? null,
+            'deal_id' => $validated['deal_id'] ?? null,
             'created_by' => $request->user()->id,
             'invoice_number' => $invoiceNumber,
             'title' => $validated['title'],
             'status' => CrmInvoice::STATUS_DRAFT,
-            'issue_date' => now(),
+            'invoice_date' => now(),
             'due_date' => $validated['due_date'],
             'tax_rate' => $validated['tax_rate'] ?? 0,
+            'discount_type' => $validated['discount_type'],
+            'discount_value' => $validated['discount_value'] ?? 0,
             'notes' => $validated['notes'],
-            'payment_terms' => $validated['payment_terms'],
+            'terms' => $validated['payment_terms'],
             'currency' => 'USD',
         ]);
 
@@ -142,26 +229,155 @@ class InvoiceController extends Controller
         foreach ($validated['items'] as $index => $item) {
             CrmInvoiceItem::create([
                 'invoice_id' => $invoice->id,
+                'product_id' => $item['product_id'] ?? null,
                 'description' => $item['description'],
                 'quantity' => $item['quantity'],
                 'unit_price' => $item['unit_price'],
-                'sort_order' => $index,
+                'discount_percent' => $item['discount_percent'] ?? 0,
+                'position' => $index,
             ]);
         }
 
         $invoice->calculateTotals();
 
-        return redirect()->route('seller.crm.invoices.show', $invoice)
+        return redirect()->route('seller.business.crm.invoices.show', [$business, $invoice])
             ->with('success', 'Invoice created successfully.');
     }
 
+    /**
+     * Edit invoice form
+     */
+    public function edit(Request $request, Business $business, CrmInvoice $invoice)
+    {
+        if ($invoice->business_id !== $business->id) {
+            abort(404);
+        }
+
+        if (! $invoice->canBeEdited()) {
+            return redirect()->route('seller.business.crm.invoices.show', [$business, $invoice])
+                ->withErrors(['error' => 'This invoice cannot be edited.']);
+        }
+
+        $invoice->load(['contact', 'account', 'items.product']);
+
+        // Get all approved buyer businesses
+        $accounts = Business::where('type', 'buyer')
+            ->where('status', 'approved')
+            ->with('locations:id,business_id,name,is_primary')
+            ->orderBy('name')
+            ->select(['id', 'name', 'slug'])
+            ->get();
+
+        // Get open deals for linking
+        $deals = CrmDeal::forBusiness($business->id)->open()->get();
+
+        // No quotes dropdown in edit - already linked
+        $quotes = collect();
+
+        $selectedAccount = $invoice->account;
+        $selectedLocation = $invoice->location ?? null;
+        $selectedContact = $invoice->contact;
+        $locationContacts = collect();
+
+        return view('seller.crm.invoices.edit', compact(
+            'invoice',
+            'accounts',
+            'deals',
+            'quotes',
+            'business',
+            'selectedAccount',
+            'selectedLocation',
+            'selectedContact',
+            'locationContacts'
+        ));
+    }
+
+    /**
+     * Update invoice
+     */
+    public function update(Request $request, Business $business, CrmInvoice $invoice)
+    {
+        if ($invoice->business_id !== $business->id) {
+            abort(404);
+        }
+
+        if (! $invoice->canBeEdited()) {
+            return back()->withErrors(['error' => 'This invoice cannot be edited.']);
+        }
+
+        $validated = $request->validate([
+            'title' => 'required|string|max:255',
+            'contact_id' => 'required|exists:contacts,id',
+            'account_id' => 'nullable|exists:businesses,id',
+            'location_id' => 'nullable|exists:business_locations,id',
+            'deal_id' => 'nullable|exists:crm_deals,id',
+            'due_date' => 'required|date',
+            'tax_rate' => 'nullable|numeric|min:0|max:100',
+            'discount_type' => 'nullable|in:fixed,percentage',
+            'discount_value' => 'nullable|numeric|min:0',
+            'notes' => 'nullable|string|max:2000',
+            'payment_terms' => 'nullable|string|max:1000',
+            'items' => 'required|array|min:1',
+            'items.*.product_id' => 'nullable|exists:products,id',
+            'items.*.description' => 'required|string|max:500',
+            'items.*.quantity' => 'required|numeric|min:0.01',
+            'items.*.unit_price' => 'required|numeric|min:0',
+            'items.*.discount_percent' => 'nullable|numeric|min:0|max:100',
+        ]);
+
+        // SECURITY: Verify contact belongs to the account if account is provided
+        $contact = \App\Models\Contact::findOrFail($validated['contact_id']);
+        if (! empty($validated['account_id']) && $contact->business_id !== (int) $validated['account_id']) {
+            return back()->withErrors(['contact_id' => 'Contact must belong to the selected account.']);
+        }
+
+        // SECURITY: Verify deal belongs to business if provided
+        if (! empty($validated['deal_id'])) {
+            CrmDeal::where('id', $validated['deal_id'])
+                ->where('business_id', $business->id)
+                ->firstOrFail();
+        }
+
+        $invoice->update([
+            'contact_id' => $validated['contact_id'],
+            'account_id' => $validated['account_id'],
+            'location_id' => $validated['location_id'] ?? null,
+            'deal_id' => $validated['deal_id'] ?? null,
+            'title' => $validated['title'],
+            'due_date' => $validated['due_date'],
+            'tax_rate' => $validated['tax_rate'] ?? 0,
+            'discount_type' => $validated['discount_type'],
+            'discount_value' => $validated['discount_value'] ?? 0,
+            'notes' => $validated['notes'],
+            'terms' => $validated['payment_terms'],
+        ]);
+
+        // Delete existing items and recreate
+        $invoice->items()->delete();
+
+        foreach ($validated['items'] as $index => $item) {
+            CrmInvoiceItem::create([
+                'invoice_id' => $invoice->id,
+                'product_id' => $item['product_id'] ?? null,
+                'description' => $item['description'],
+                'quantity' => $item['quantity'],
+                'unit_price' => $item['unit_price'],
+                'discount_percent' => $item['discount_percent'] ?? 0,
+                'position' => $index,
+            ]);
+        }
+
+        $invoice->calculateTotals();
+
+        return redirect()->route('seller.business.crm.invoices.show', [$business, $invoice])
+            ->with('success', 'Invoice updated successfully.');
+    }
+
     /**
      * Send invoice to contact
      */
-    public function send(Request $request, CrmInvoice $invoice)
+    public function send(Request $request, Business $business, CrmInvoice $invoice)
     {
-        $business = $request->user()->business;
-
         if ($invoice->business_id !== $business->id) {
             abort(404);
         }
@@ -170,9 +386,31 @@ class InvoiceController extends Controller
             return back()->withErrors(['error' => 'This invoice cannot be sent.']);
         }
 
-        $invoice->send($request->user());
+        $validated = $request->validate([
+            'to' => 'required|email',
+            'cc' => 'nullable|string',
+            'message' => 'nullable|string|max:2000',
+        ]);
 
-        // TODO: Send email notification to contact
+        // Generate PDF
+        $invoice->load(['contact', 'account', 'location', 'deal', 'quote', 'order', 'items.product.brand', 'creator']);
+        $pdf = Pdf::loadView('pdfs.crm-invoice', [
+            'invoice' => $invoice,
+            'business' => $business,
+        ]);
+
+        // Send email
+        $ccEmails = [];
+        if (! empty($validated['cc'])) {
+            $ccEmails = array_filter(array_map('trim', explode(',', $validated['cc'])));
+        }
+
+        Mail::to($validated['to'])
+            ->cc($ccEmails)
+            ->send(new InvoiceMail($invoice, $business, $validated['message'] ?? null, $pdf->output()));
+
+        // Update status
+        $invoice->send($request->user());
 
         return back()->with('success', 'Invoice sent successfully.');
     }
@@ -180,10 +418,8 @@ class InvoiceController extends Controller
     /**
      * Record a payment
      */
-    public function recordPayment(Request $request, CrmInvoice $invoice)
+    public function recordPayment(Request $request, Business $business, CrmInvoice $invoice)
     {
-        $business = $request->user()->business;
-
         if ($invoice->business_id !== $business->id) {
             abort(404);
         }
@@ -223,10 +459,8 @@ class InvoiceController extends Controller
     /**
      * Mark invoice as void
      */
-    public function void(Request $request, CrmInvoice $invoice)
+    public function void(Request $request, Business $business, CrmInvoice $invoice)
     {
-        $business = $request->user()->business;
-
         if ($invoice->business_id !== $business->id) {
             abort(404);
         }
@@ -247,25 +481,46 @@ class InvoiceController extends Controller
     /**
      * Download invoice PDF
      */
-    public function download(Request $request, CrmInvoice $invoice)
+    public function download(Request $request, Business $business, CrmInvoice $invoice)
     {
-        $business = $request->user()->business;
-
         if ($invoice->business_id !== $business->id) {
             abort(404);
         }
 
-        // TODO: Generate PDF
-        return back()->with('info', 'PDF generation coming soon.');
+        $invoice->load(['contact', 'account', 'location', 'deal', 'quote', 'order', 'items.product.brand', 'creator']);
+
+        $pdf = Pdf::loadView('pdfs.crm-invoice', [
+            'invoice' => $invoice,
+            'business' => $business,
+        ]);
+
+        return $pdf->download($invoice->invoice_number.'.pdf');
+    }
+
+    /**
+     * View invoice PDF inline
+     */
+    public function pdf(Request $request, Business $business, CrmInvoice $invoice)
+    {
+        if ($invoice->business_id !== $business->id) {
+            abort(404);
+        }
+
+        $invoice->load(['contact', 'account', 'location', 'deal', 'quote', 'order', 'items.product.brand', 'creator']);
+
+        $pdf = Pdf::loadView('pdfs.crm-invoice', [
+            'invoice' => $invoice,
+            'business' => $business,
+        ]);
+
+        return $pdf->stream($invoice->invoice_number.'.pdf');
     }
 
     /**
      * Delete invoice
      */
-    public function destroy(Request $request, CrmInvoice $invoice)
+    public function destroy(Request $request, Business $business, CrmInvoice $invoice)
     {
-        $business = $request->user()->business;
-
         if ($invoice->business_id !== $business->id) {
             abort(404);
         }
@@ -276,7 +531,7 @@ class InvoiceController extends Controller
 
         $invoice->delete();
 
-        return redirect()->route('seller.crm.invoices.index')
+        return redirect()->route('seller.business.crm.invoices.index', $business)
             ->with('success', 'Invoice deleted.');
     }
 }

app/Http/Controllers/Seller/Crm/LeadController.php

@@ -0,0 +1,171 @@
+<?php
+
+namespace App\Http\Controllers\Seller\Crm;
+
+use App\Http\Controllers\Controller;
+use App\Models\Business;
+use App\Models\Crm\CrmLead;
+use Illuminate\Http\Request;
+
+class LeadController extends Controller
+{
+    /**
+     * Display leads listing
+     */
+    public function index(Request $request, Business $business)
+    {
+        $query = CrmLead::forSeller($business)
+            ->with('assignee')
+            ->notConverted();
+
+        // Search filter
+        if ($request->filled('q')) {
+            $search = $request->q;
+            $query->where(function ($q) use ($search) {
+                $q->where('company_name', 'ILIKE', "%{$search}%")
+                    ->orWhere('contact_name', 'ILIKE', "%{$search}%")
+                    ->orWhere('contact_email', 'ILIKE', "%{$search}%");
+            });
+        }
+
+        // Status filter
+        if ($request->filled('status') && $request->status !== 'all') {
+            $query->where('status', $request->status);
+        }
+
+        $leads = $query->latest()->paginate(25);
+
+        // Return JSON for AJAX/API requests (live search)
+        if ($request->wantsJson()) {
+            return response()->json([
+                'data' => $leads->map(fn ($l) => [
+                    'hashid' => $l->hashid,
+                    'name' => $l->company_name,
+                    'contact' => $l->contact_name,
+                    'email' => $l->contact_email,
+                    'status' => $l->status,
+                ])->values()->toArray(),
+            ]);
+        }
+
+        return view('seller.crm.leads.index', compact('business', 'leads'));
+    }
+
+    /**
+     * Show create lead form
+     */
+    public function create(Request $request, Business $business)
+    {
+        return view('seller.crm.leads.create', compact('business'));
+    }
+
+    /**
+     * Store a new lead
+     */
+    public function store(Request $request, Business $business)
+    {
+        $validated = $request->validate([
+            'company_name' => 'required|string|max:255',
+            'dba_name' => 'nullable|string|max:255',
+            'license_number' => 'nullable|string|max:100',
+            'contact_name' => 'required|string|max:255',
+            'contact_email' => 'nullable|email|max:255',
+            'contact_phone' => 'nullable|string|max:50',
+            'contact_title' => 'nullable|string|max:100',
+            'city' => 'nullable|string|max:100',
+            'state' => 'nullable|string|max:50',
+            'address' => 'nullable|string|max:255',
+            'zip_code' => 'nullable|string|max:20',
+            'source' => 'nullable|string|in:'.implode(',', array_keys(CrmLead::SOURCES)),
+            'notes' => 'nullable|string|max:5000',
+        ]);
+
+        $validated['seller_business_id'] = $business->id;
+        $validated['status'] = 'new';
+
+        $lead = CrmLead::create($validated);
+
+        return redirect()
+            ->route('seller.business.crm.leads.show', [$business->slug, $lead->hashid])
+            ->with('success', 'Lead created successfully.');
+    }
+
+    /**
+     * Show lead details
+     */
+    public function show(Request $request, Business $business, CrmLead $lead)
+    {
+        // Ensure lead belongs to this seller
+        if ($lead->seller_business_id !== $business->id) {
+            abort(404);
+        }
+
+        $lead->load('assignee');
+
+        return view('seller.crm.leads.show', compact('business', 'lead'));
+    }
+
+    /**
+     * Show edit lead form
+     */
+    public function edit(Request $request, Business $business, CrmLead $lead)
+    {
+        // Ensure lead belongs to this seller
+        if ($lead->seller_business_id !== $business->id) {
+            abort(404);
+        }
+
+        return view('seller.crm.leads.edit', compact('business', 'lead'));
+    }
+
+    /**
+     * Update a lead
+     */
+    public function update(Request $request, Business $business, CrmLead $lead)
+    {
+        // Ensure lead belongs to this seller
+        if ($lead->seller_business_id !== $business->id) {
+            abort(404);
+        }
+
+        $validated = $request->validate([
+            'company_name' => 'required|string|max:255',
+            'dba_name' => 'nullable|string|max:255',
+            'license_number' => 'nullable|string|max:100',
+            'contact_name' => 'required|string|max:255',
+            'contact_email' => 'nullable|email|max:255',
+            'contact_phone' => 'nullable|string|max:50',
+            'contact_title' => 'nullable|string|max:100',
+            'city' => 'nullable|string|max:100',
+            'state' => 'nullable|string|max:50',
+            'address' => 'nullable|string|max:255',
+            'zip_code' => 'nullable|string|max:20',
+            'source' => 'nullable|string|in:'.implode(',', array_keys(CrmLead::SOURCES)),
+            'status' => 'nullable|string|in:'.implode(',', array_keys(CrmLead::STATUSES)),
+            'notes' => 'nullable|string|max:5000',
+        ]);
+
+        $lead->update($validated);
+
+        return redirect()
+            ->route('seller.business.crm.leads.show', [$business->slug, $lead->hashid])
+            ->with('success', 'Lead updated successfully.');
+    }
+
+    /**
+     * Delete a lead
+     */
+    public function destroy(Request $request, Business $business, CrmLead $lead)
+    {
+        // Ensure lead belongs to this seller
+        if ($lead->seller_business_id !== $business->id) {
+            abort(404);
+        }
+
+        $lead->delete();
+
+        return redirect()
+            ->route('seller.business.crm.leads.index', $business->slug)
+            ->with('success', 'Lead deleted.');
+    }
+}

app/Http/Controllers/Seller/Crm/MeetingLinkController.php

@@ -3,6 +3,7 @@
 namespace App\Http\Controllers\Seller\Crm;
 
 use App\Http\Controllers\Controller;
+use App\Models\Business;
 use App\Models\Crm\CrmMeetingBooking;
 use App\Models\Crm\CrmMeetingLink;
 use App\Services\Crm\CrmCalendarService;
@@ -17,9 +18,8 @@ class MeetingLinkController extends Controller
     /**
      * List meeting links
      */
-    public function index(Request $request)
+    public function index(Request $request, Business $business)
     {
-        $business = $request->user()->business;
         $user = $request->user();
 
         $meetingLinks = CrmMeetingLink::where('business_id', $business->id)
@@ -28,23 +28,22 @@ class MeetingLinkController extends Controller
             ->orderByDesc('created_at')
             ->get();
 
-        return view('seller.crm.meetings.links.index', compact('meetingLinks'));
+        return view('seller.crm.meetings.links.index', compact('meetingLinks', 'business'));
     }
 
     /**
      * Create meeting link form
      */
-    public function create()
+    public function create(Request $request, Business $business)
     {
-        return view('seller.crm.meetings.links.create');
+        return view('seller.crm.meetings.links.create', compact('business'));
     }
 
     /**
      * Store new meeting link
      */
-    public function store(Request $request)
+    public function store(Request $request, Business $business)
     {
-        $business = $request->user()->business;
         $user = $request->user();
 
         $validated = $request->validate([
@@ -82,47 +81,41 @@ class MeetingLinkController extends Controller
             'is_active' => $validated['is_active'] ?? true,
         ]);
 
-        return redirect()->route('seller.crm.meetings.links.show', $meetingLink)
+        return redirect()->route('seller.business.crm.meetings.links.show', [$business, $meetingLink])
             ->with('success', 'Meeting link created. Share the booking URL with contacts.');
     }
 
     /**
      * Show meeting link details
      */
-    public function show(Request $request, CrmMeetingLink $meetingLink)
+    public function show(Request $request, Business $business, CrmMeetingLink $meetingLink)
     {
-        $business = $request->user()->business;
-
         if ($meetingLink->business_id !== $business->id) {
             abort(404);
         }
 
         $meetingLink->load(['bookings' => fn ($q) => $q->upcoming()->with('contact')]);
 
-        return view('seller.crm.meetings.links.show', compact('meetingLink'));
+        return view('seller.crm.meetings.links.show', compact('meetingLink', 'business'));
     }
 
     /**
      * Edit meeting link
      */
-    public function edit(Request $request, CrmMeetingLink $meetingLink)
+    public function edit(Request $request, Business $business, CrmMeetingLink $meetingLink)
     {
-        $business = $request->user()->business;
-
         if ($meetingLink->business_id !== $business->id) {
             abort(404);
         }
 
-        return view('seller.crm.meetings.links.edit', compact('meetingLink'));
+        return view('seller.crm.meetings.links.edit', compact('meetingLink', 'business'));
     }
 
     /**
      * Update meeting link
      */
-    public function update(Request $request, CrmMeetingLink $meetingLink)
+    public function update(Request $request, Business $business, CrmMeetingLink $meetingLink)
     {
-        $business = $request->user()->business;
-
         if ($meetingLink->business_id !== $business->id) {
             abort(404);
         }
@@ -143,17 +136,15 @@ class MeetingLinkController extends Controller
 
         $meetingLink->update($validated);
 
-        return redirect()->route('seller.crm.meetings.links.show', $meetingLink)
+        return redirect()->route('seller.business.crm.meetings.links.show', [$business, $meetingLink])
             ->with('success', 'Meeting link updated.');
     }
 
     /**
      * Toggle active status
      */
-    public function toggle(Request $request, CrmMeetingLink $meetingLink)
+    public function toggle(Request $request, Business $business, CrmMeetingLink $meetingLink)
     {
-        $business = $request->user()->business;
-
         if ($meetingLink->business_id !== $business->id) {
             abort(404);
         }
@@ -166,17 +157,15 @@ class MeetingLinkController extends Controller
     /**
      * Delete meeting link
      */
-    public function destroy(Request $request, CrmMeetingLink $meetingLink)
+    public function destroy(Request $request, Business $business, CrmMeetingLink $meetingLink)
     {
-        $business = $request->user()->business;
-
         if ($meetingLink->business_id !== $business->id) {
             abort(404);
         }
 
         $meetingLink->delete();
 
-        return redirect()->route('seller.crm.meetings.links.index')
+        return redirect()->route('seller.business.crm.meetings.links.index', $business)
             ->with('success', 'Meeting link deleted.');
     }
 
@@ -250,9 +239,8 @@ class MeetingLinkController extends Controller
     /**
      * List upcoming bookings
      */
-    public function bookings(Request $request)
+    public function bookings(Request $request, Business $business)
     {
-        $business = $request->user()->business;
         $user = $request->user();
 
         $bookings = CrmMeetingBooking::whereHas('meetingLink', function ($q) use ($business, $user) {
@@ -264,16 +252,14 @@ class MeetingLinkController extends Controller
             ->orderBy('start_time')
             ->paginate(25);
 
-        return view('seller.crm.meetings.bookings.index', compact('bookings'));
+        return view('seller.crm.meetings.bookings.index', compact('bookings', 'business'));
     }
 
     /**
      * Cancel a booking
      */
-    public function cancelBooking(Request $request, CrmMeetingBooking $booking)
+    public function cancelBooking(Request $request, Business $business, CrmMeetingBooking $booking)
     {
-        $business = $request->user()->business;
-
         if ($booking->meetingLink->business_id !== $business->id) {
             abort(404);
         }

app/Http/Controllers/Seller/Crm/QuoteController.php

@@ -3,23 +3,29 @@
 namespace App\Http\Controllers\Seller\Crm;
 
 use App\Http\Controllers\Controller;
+use App\Mail\QuoteMail;
+use App\Models\Activity;
 use App\Models\Business;
 use App\Models\Contact;
 use App\Models\Crm\CrmDeal;
 use App\Models\Crm\CrmQuote;
 use App\Models\Crm\CrmQuoteItem;
-use App\Models\Product;
+use App\Models\Location;
+use App\Models\Order;
+use App\Models\OrderItem;
+use App\Services\Accounting\ArService;
+use Barryvdh\DomPDF\Facade\Pdf;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Mail;
+use Illuminate\Support\Facades\Storage;
 
 class QuoteController extends Controller
 {
     /**
      * List quotes
      */
-    public function index(Request $request)
+    public function index(Request $request, Business $business)
     {
-        $business = $request->user()->business;
-
         $query = CrmQuote::forBusiness($business->id)
             ->with(['contact', 'account', 'deal', 'creator'])
             ->withCount('items');
@@ -31,47 +37,131 @@ class QuoteController extends Controller
 
         if ($request->filled('search')) {
             $query->where(function ($q) use ($request) {
-                $q->where('quote_number', 'like', "%{$request->search}%")
-                    ->orWhere('title', 'like', "%{$request->search}%");
+                $q->where('quote_number', 'ilike', "%{$request->search}%")
+                    ->orWhere('title', 'ilike', "%{$request->search}%");
             });
         }
 
         $quotes = $query->orderByDesc('created_at')->paginate(25);
 
-        return view('seller.crm.quotes.index', compact('quotes'));
+        // Return JSON for AJAX/API requests (live search)
+        if ($request->wantsJson()) {
+            return response()->json([
+                'data' => $quotes->map(fn ($q) => [
+                    'id' => $q->id,
+                    'name' => $q->quote_number.' - '.($q->title ?? 'Untitled'),
+                    'contact' => $q->contact?->name ?? '-',
+                    'status' => $q->status,
+                    'total' => '$'.number_format($q->total, 2),
+                ])->values()->toArray(),
+            ]);
+        }
+
+        return view('seller.crm.quotes.index', compact('quotes', 'business'));
     }
 
     /**
      * Show create quote form
      */
-    public function create(Request $request)
+    public function create(Request $request, Business $business)
     {
-        $business = $request->user()->business;
-
-        $contacts = Contact::where('business_id', $business->id)->get();
-        $accounts = Business::whereHas('ordersAsCustomer', function ($q) use ($business) {
-            $q->whereHas('items.product.brand', fn ($b) => $b->where('business_id', $business->id));
-        })->get();
-        $deals = CrmDeal::forBusiness($business->id)->open()->get();
-        $products = Product::whereHas('brand', fn ($q) => $q->where('business_id', $business->id))
-            ->where('is_active', true)
+        // Get all approved buyer businesses as potential customers
+        // Contacts are loaded dynamically via /search/contacts?customer_id={account_id}
+        // Include locations for delivery address selection
+        // Note: We don't filter by whereHas('contacts') because newly created customers
+        // may not have contacts yet - contacts can be added after selecting the account
+        $accounts = Business::where('type', 'buyer')
+            ->where('status', 'approved')
+            ->with('locations:id,business_id,name,is_primary')
+            ->orderBy('name')
+            ->select(['id', 'name', 'slug'])
             ->get();
+        $deals = CrmDeal::forBusiness($business->id)->open()->get();
+        // Products are loaded via AJAX search (/search/products) for better performance
 
         // Pre-fill from deal if provided
         $deal = $request->filled('deal_id')
             ? CrmDeal::forBusiness($business->id)->find($request->deal_id)
             : null;
 
-        return view('seller.crm.quotes.create', compact('contacts', 'accounts', 'deals', 'products', 'deal'));
+        // Pre-fill from URL parameters (coming from customer dashboard)
+        $selectedAccount = null;
+        $selectedLocation = null;
+        $selectedContact = null;
+        $locationContacts = collect();
+
+        // Handle clear actions
+        if ($request->has('clearAccount')) {
+            // Redirect without any prefills
+            return redirect()->route('seller.business.crm.quotes.create', $business);
+        }
+        if ($request->has('clearLocation')) {
+            // Keep account but clear location
+            return redirect()->route('seller.business.crm.quotes.create', [$business, 'account_id' => $request->account_id]);
+        }
+        if ($request->has('clearContact')) {
+            // Keep account and location but clear contact
+            $params = ['account_id' => $request->account_id];
+            if ($request->location_id) {
+                $params['location_id'] = $request->location_id;
+            }
+
+            return redirect()->route('seller.business.crm.quotes.create', array_merge([$business], $params));
+        }
+
+        // Pre-fill account
+        if ($request->filled('account_id')) {
+            $selectedAccount = $accounts->firstWhere('id', $request->account_id);
+        }
+
+        // Pre-fill location (must belong to selected account)
+        if ($selectedAccount && $request->filled('location_id')) {
+            $selectedLocation = $selectedAccount->locations->firstWhere('id', $request->location_id);
+        }
+
+        // If location selected, get contacts assigned to that location
+        if ($selectedLocation) {
+            $locationContacts = $selectedLocation->contacts()
+                ->with('pivot')
+                ->get()
+                ->map(fn ($c) => [
+                    'value' => $c->id,
+                    'label' => $c->getFullName().($c->email ? " ({$c->email})" : ''),
+                    'is_primary' => $c->pivot->is_primary ?? false,
+                    'role' => $c->pivot->role ?? 'buyer',
+                ]);
+
+            // Try to find primary buyer for this location
+            $primaryBuyer = $locationContacts->firstWhere('is_primary', true)
+                ?? $locationContacts->firstWhere('role', 'buyer');
+
+            if ($primaryBuyer && ! $request->filled('contact_id')) {
+                $selectedContact = Contact::find($primaryBuyer['value']);
+            }
+        }
+
+        // Pre-fill contact if explicitly provided
+        if ($request->filled('contact_id')) {
+            $selectedContact = Contact::find($request->contact_id);
+        }
+
+        return view('seller.crm.quotes.create', compact(
+            'accounts',
+            'deals',
+            'deal',
+            'business',
+            'selectedAccount',
+            'selectedLocation',
+            'selectedContact',
+            'locationContacts'
+        ));
     }
 
     /**
      * Store new quote
      */
-    public function store(Request $request)
+    public function store(Request $request, Business $business)
     {
-        $business = $request->user()->business;
-
         $validated = $request->validate([
             'title' => 'required|string|max:255',
             'contact_id' => 'required|exists:contacts,id',
@@ -83,7 +173,6 @@ class QuoteController extends Controller
             'tax_rate' => 'nullable|numeric|min:0|max:100',
             'terms' => 'nullable|string|max:5000',
             'notes' => 'nullable|string|max:2000',
-            'signature_requested' => 'boolean',
             'items' => 'required|array|min:1',
             'items.*.product_id' => 'nullable|exists:products,id',
             'items.*.description' => 'required|string|max:500',
@@ -92,10 +181,13 @@ class QuoteController extends Controller
             'items.*.discount_percent' => 'nullable|numeric|min:0|max:100',
         ]);
 
-        // SECURITY: Verify contact belongs to business
-        Contact::where('id', $validated['contact_id'])
-            ->where('business_id', $business->id)
-            ->firstOrFail();
+        // SECURITY: Verify contact belongs to the selected account (customer business)
+        // Contacts are associated with buyer businesses, not the seller
+        if (! empty($validated['account_id'])) {
+            Contact::where('id', $validated['contact_id'])
+                ->where('business_id', $validated['account_id'])
+                ->firstOrFail();
+        }
 
         // SECURITY: Verify deal belongs to business if provided
         if (! empty($validated['deal_id'])) {
@@ -116,13 +208,13 @@ class QuoteController extends Controller
             'quote_number' => $quoteNumber,
             'title' => $validated['title'],
             'status' => CrmQuote::STATUS_DRAFT,
+            'quote_date' => now(),
             'valid_until' => $validated['valid_until'] ?? now()->addDays($business->crm_quote_validity_days ?? 30),
             'discount_type' => $validated['discount_type'],
             'discount_value' => $validated['discount_value'],
             'tax_rate' => $validated['tax_rate'] ?? 0,
             'terms' => $validated['terms'] ?? $business->crm_default_terms,
             'notes' => $validated['notes'],
-            'signature_requested' => $validated['signature_requested'] ?? false,
             'currency' => 'USD',
         ]);
 
@@ -141,33 +233,29 @@ class QuoteController extends Controller
 
         $quote->calculateTotals();
 
-        return redirect()->route('seller.crm.quotes.show', $quote)
+        return redirect()->route('seller.business.crm.quotes.show', [$business, $quote])
             ->with('success', 'Quote created successfully.');
     }
 
     /**
      * Show quote details
      */
-    public function show(Request $request, CrmQuote $quote)
+    public function show(Request $request, Business $business, CrmQuote $quote)
     {
-        $business = $request->user()->business;
-
         if ($quote->business_id !== $business->id) {
             abort(404);
         }
 
         $quote->load(['contact', 'account', 'deal', 'creator', 'items.product', 'invoice', 'files']);
 
-        return view('seller.crm.quotes.show', compact('quote'));
+        return view('seller.crm.quotes.show', compact('quote', 'business'));
     }
 
     /**
      * Edit quote
      */
-    public function edit(Request $request, CrmQuote $quote)
+    public function edit(Request $request, Business $business, CrmQuote $quote)
     {
-        $business = $request->user()->business;
-
         if ($quote->business_id !== $business->id) {
             abort(404);
         }
@@ -176,25 +264,16 @@ class QuoteController extends Controller
             return back()->withErrors(['error' => 'This quote cannot be edited.']);
         }
 
-        $quote->load('items');
+        $quote->load(['items.product', 'contact', 'account', 'deal']);
 
-        $contacts = Contact::where('business_id', $business->id)->get();
-        $accounts = Business::whereHas('ordersAsCustomer')->get();
-        $deals = CrmDeal::forBusiness($business->id)->open()->get();
-        $products = Product::whereHas('brand', fn ($q) => $q->where('business_id', $business->id))
-            ->where('is_active', true)
-            ->get();
-
-        return view('seller.crm.quotes.edit', compact('quote', 'contacts', 'accounts', 'deals', 'products'));
+        return view('seller.crm.quotes.edit', compact('quote', 'business'));
     }
 
     /**
      * Update quote
      */
-    public function update(Request $request, CrmQuote $quote)
+    public function update(Request $request, Business $business, CrmQuote $quote)
     {
-        $business = $request->user()->business;
-
         if ($quote->business_id !== $business->id) {
             abort(404);
         }
@@ -246,39 +325,270 @@ class QuoteController extends Controller
 
         $quote->calculateTotals();
 
-        return redirect()->route('seller.crm.quotes.show', $quote)
+        return redirect()->route('seller.business.crm.quotes.show', [$business, $quote])
             ->with('success', 'Quote updated successfully.');
     }
 
     /**
-     * Send quote to contact
+     * Send quote via email
      */
-    public function send(Request $request, CrmQuote $quote)
+    public function send(Request $request, Business $business, CrmQuote $quote)
     {
-        $business = $request->user()->business;
-
         if ($quote->business_id !== $business->id) {
             abort(404);
         }
 
-        if (! $quote->canBeSent()) {
-            return back()->withErrors(['error' => 'This quote cannot be sent.']);
+        $validated = $request->validate([
+            'to' => 'required|email',
+            'cc' => 'nullable|string',
+            'message' => 'nullable|string|max:2000',
+            'attach_pdf' => 'boolean',
+        ]);
+
+        // Generate PDF if needed
+        $pdfPath = null;
+        if ($validated['attach_pdf'] ?? true) {
+            $pdfPath = $this->generateQuotePdf($quote, $business);
         }
 
-        $quote->send($request->user());
+        // Send email
+        $ccEmails = [];
+        if (! empty($validated['cc'])) {
+            $ccEmails = array_map('trim', explode(',', $validated['cc']));
+        }
 
-        // TODO: Send email notification to contact
+        Mail::to($validated['to'])
+            ->cc($ccEmails)
+            ->send(new QuoteMail($quote, $business, $validated['message'] ?? null, $pdfPath));
+
+        // Update quote status if draft
+        if ($quote->status === CrmQuote::STATUS_DRAFT) {
+            $quote->send($request->user());
+        }
+
+        // Log activity
+        Activity::log(
+            sellerBusinessId: $business->id,
+            subject: $quote,
+            type: 'quote.emailed',
+            description: "Quote {$quote->quote_number} emailed to {$validated['to']}",
+            causer: $request->user(),
+            contactId: $quote->contact_id,
+        );
 
         return back()->with('success', 'Quote sent successfully.');
     }
 
+    /**
+     * Update quote status (accept/decline/expire)
+     */
+    public function updateStatus(Request $request, Business $business, CrmQuote $quote)
+    {
+        if ($quote->business_id !== $business->id) {
+            abort(404);
+        }
+
+        $validated = $request->validate([
+            'status' => 'required|in:accepted,rejected,expired',
+            'note' => 'nullable|string|max:1000',
+        ]);
+
+        $oldStatus = $quote->status;
+
+        if ($validated['status'] === 'accepted') {
+            $quote->accept();
+        } elseif ($validated['status'] === 'rejected') {
+            $quote->reject($validated['note'] ?? 'Declined by seller');
+        } else {
+            $quote->update([
+                'status' => CrmQuote::STATUS_EXPIRED,
+            ]);
+        }
+
+        Activity::log(
+            sellerBusinessId: $business->id,
+            subject: $quote,
+            type: 'quote.status_changed',
+            description: "Quote {$quote->quote_number} status changed from {$oldStatus} to {$validated['status']}",
+            causer: $request->user(),
+            contactId: $quote->contact_id,
+        );
+
+        return back()->with('success', 'Quote status updated.');
+    }
+
+    /**
+     * Convert quote to order
+     */
+    public function convertToOrder(Request $request, Business $business, CrmQuote $quote)
+    {
+        if ($quote->business_id !== $business->id) {
+            abort(404);
+        }
+
+        if ($quote->order_id) {
+            return back()->withErrors(['error' => 'This quote already has an order.']);
+        }
+
+        $validated = $request->validate([
+            'also_create_invoice' => 'boolean',
+        ]);
+
+        // Create order from quote
+        $orderNumber = 'ORD-'.strtoupper(uniqid());
+
+        $order = Order::create([
+            'order_number' => $orderNumber,
+            'business_id' => $quote->account_id, // Buyer business
+            'seller_business_id' => $business->id,
+            'contact_id' => $quote->contact_id,
+            'user_id' => $request->user()->id,
+            'subtotal' => $quote->subtotal,
+            'surcharge' => 0,
+            'tax' => $quote->tax_amount,
+            'total' => $quote->total,
+            'status' => 'new',
+            'created_by' => 'seller',
+            'payment_terms' => 'net_30',
+            'notes' => $quote->notes,
+        ]);
+
+        // Copy line items
+        foreach ($quote->items as $item) {
+            OrderItem::create([
+                'order_id' => $order->id,
+                'product_id' => $item->product_id,
+                'quantity' => $item->quantity,
+                'unit_price' => $item->unit_price,
+                'line_total' => $item->line_total,
+                'product_name' => $item->product?->name ?? $item->description,
+                'product_sku' => $item->product?->sku ?? '',
+                'brand_name' => $item->product?->brand?->name ?? '',
+            ]);
+        }
+
+        // Link quote to order and update status
+        $quote->update([
+            'order_id' => $order->id,
+            'status' => CrmQuote::STATUS_ACCEPTED,
+            'accepted_at' => now(),
+        ]);
+
+        // Log activity
+        Activity::log(
+            sellerBusinessId: $business->id,
+            subject: $quote,
+            type: 'quote.converted_to_order',
+            description: "Quote {$quote->quote_number} converted to Order {$orderNumber}",
+            causer: $request->user(),
+            contactId: $quote->contact_id,
+        );
+
+        // Optionally create invoice
+        if ($validated['also_create_invoice'] ?? false) {
+            $invoice = $quote->convertToInvoice();
+
+            return redirect()->route('seller.business.crm.invoices.show', [$business, $invoice])
+                ->with('success', 'Order and invoice created from quote.');
+        }
+
+        return redirect()->route('seller.business.orders.show', [$business, $order])
+            ->with('success', 'Order created from quote.');
+    }
+
+    /**
+     * Generate invoice from quote (or its order)
+     */
+    public function generateInvoice(Request $request, Business $business, CrmQuote $quote, ArService $arService)
+    {
+        if ($quote->business_id !== $business->id) {
+            abort(404);
+        }
+
+        if ($quote->invoice) {
+            return back()->withErrors(['error' => 'This quote already has an invoice.']);
+        }
+
+        // Credit check if there's a buyer account
+        if ($quote->account_id) {
+            $buyerBusiness = Business::find($quote->account_id);
+
+            if ($buyerBusiness) {
+                $creditCheck = $arService->checkCreditForAccount(
+                    $business,
+                    $buyerBusiness,
+                    (float) $quote->total
+                );
+
+                if (! $creditCheck['can_extend']) {
+                    return back()->withErrors([
+                        'error' => 'Cannot create invoice: '.$creditCheck['reason'],
+                    ]);
+                }
+            }
+        }
+
+        $invoice = $quote->convertToInvoice();
+
+        Activity::log(
+            sellerBusinessId: $business->id,
+            subject: $quote,
+            type: 'quote.invoice_generated',
+            description: "Invoice {$invoice->invoice_number} generated from Quote {$quote->quote_number}",
+            causer: $request->user(),
+            contactId: $quote->contact_id,
+        );
+
+        return redirect()->route('seller.business.crm.invoices.show', [$business, $invoice])
+            ->with('success', 'Invoice created from quote.');
+    }
+
+    /**
+     * Generate and store quote PDF
+     */
+    protected function generateQuotePdf(CrmQuote $quote, Business $business): ?string
+    {
+        $quote->load(['contact', 'account', 'items.product.brand', 'business']);
+
+        $pdf = Pdf::loadView('pdfs.crm-quote', [
+            'quote' => $quote,
+            'business' => $business,
+            'sellerBusiness' => $business,
+        ]);
+
+        $filename = "quotes/{$quote->quote_number}.pdf";
+        Storage::put($filename, $pdf->output());
+
+        $quote->update(['pdf_path' => $filename]);
+
+        return $filename;
+    }
+
+    /**
+     * View quote PDF
+     */
+    public function pdf(Request $request, Business $business, CrmQuote $quote)
+    {
+        if ($quote->business_id !== $business->id) {
+            abort(404);
+        }
+
+        $quote->load(['contact', 'account', 'items.product.brand', 'business']);
+
+        $pdf = Pdf::loadView('pdfs.crm-quote', [
+            'quote' => $quote,
+            'business' => $business,
+            'sellerBusiness' => $business,
+        ]);
+
+        return $pdf->inline("{$quote->quote_number}.pdf");
+    }
+
     /**
      * Convert quote to invoice
      */
-    public function convertToInvoice(Request $request, CrmQuote $quote)
+    public function convertToInvoice(Request $request, Business $business, CrmQuote $quote, ArService $arService)
     {
-        $business = $request->user()->business;
-
         if ($quote->business_id !== $business->id) {
             abort(404);
         }
@@ -291,19 +601,41 @@ class QuoteController extends Controller
             return back()->withErrors(['error' => 'This quote already has an invoice.']);
         }
 
+        // Credit check enforcement - only if there's an account (buyer business)
+        if ($quote->account_id) {
+            $buyerBusiness = Business::find($quote->account_id);
+
+            if ($buyerBusiness) {
+                $creditCheck = $arService->checkCreditForAccount(
+                    $business,
+                    $buyerBusiness,
+                    (float) $quote->total
+                );
+
+                if (! $creditCheck['can_extend']) {
+                    return back()->withErrors([
+                        'error' => 'Cannot create invoice: '.$creditCheck['reason'],
+                    ]);
+                }
+
+                // Store warning in session if present
+                if (! empty($creditCheck['details']['warning'])) {
+                    session()->flash('warning', $creditCheck['details']['warning']);
+                }
+            }
+        }
+
         $invoice = $quote->convertToInvoice();
 
-        return redirect()->route('seller.crm.invoices.show', $invoice)
+        return redirect()->route('seller.business.crm.invoices.show', [$business, $invoice])
             ->with('success', 'Invoice created from quote.');
     }
 
     /**
      * Download quote PDF
      */
-    public function download(Request $request, CrmQuote $quote)
+    public function download(Request $request, Business $business, CrmQuote $quote)
     {
-        $business = $request->user()->business;
-
         if ($quote->business_id !== $business->id) {
             abort(404);
         }
@@ -315,17 +647,15 @@ class QuoteController extends Controller
     /**
      * Delete quote
      */
-    public function destroy(Request $request, CrmQuote $quote)
+    public function destroy(Request $request, Business $business, CrmQuote $quote)
     {
-        $business = $request->user()->business;
-
         if ($quote->business_id !== $business->id) {
             abort(404);
         }
 
         $quote->delete();
 
-        return redirect()->route('seller.crm.quotes.index')
+        return redirect()->route('seller.business.crm.quotes.index', $business)
             ->with('success', 'Quote deleted.');
     }
 }

app/Http/Controllers/Seller/Crm/TaskController.php

@@ -5,6 +5,7 @@ namespace App\Http\Controllers\Seller\Crm;
 use App\Http\Controllers\Controller;
 use App\Models\Business;
 use App\Models\Crm\CrmTask;
+use App\Models\User;
 use Illuminate\Http\Request;
 
 class TaskController extends Controller
@@ -16,13 +17,17 @@ class TaskController extends Controller
     {
         $user = $request->user();
 
-        $tasksQuery = CrmTask::where('business_id', $business->id)
-            ->with(['assignee', 'creator', 'related'])
-            ->orderBy('due_date');
+        $tasksQuery = CrmTask::where('seller_business_id', $business->id)
+            ->with(['assignee', 'creator', 'contact', 'business'])
+            ->orderBy('due_at');
 
-        // Filter by status
+        // Filter by status (completed vs incomplete)
         if ($request->filled('status')) {
-            $tasksQuery->where('status', $request->status);
+            if ($request->status === 'completed') {
+                $tasksQuery->whereNotNull('completed_at');
+            } elseif ($request->status === 'pending') {
+                $tasksQuery->whereNull('completed_at');
+            }
         }
 
         // Filter by assignee
@@ -35,25 +40,56 @@ class TaskController extends Controller
             $tasksQuery->where('type', $request->type);
         }
 
+        // Search filter
+        if ($request->filled('q')) {
+            $search = $request->q;
+            $tasksQuery->where(function ($q) use ($search) {
+                $q->where('title', 'ILIKE', "%{$search}%")
+                    ->orWhere('details', 'ILIKE', "%{$search}%");
+            });
+        }
+
         $tasks = $tasksQuery->paginate(25);
 
-        // Get stats
+        // Return JSON for AJAX/API requests (live search)
+        if ($request->wantsJson()) {
+            return response()->json([
+                'data' => $tasks->map(fn ($t) => [
+                    'id' => $t->id,
+                    'name' => $t->title,
+                    'type' => $t->type,
+                    'assignee' => $t->assignee?->name ?? 'Unassigned',
+                    'due_at' => $t->due_at?->format('M j, Y'),
+                ])->values()->toArray(),
+            ]);
+        }
+
+        // Get stats with single efficient query
+        $statsQuery = CrmTask::where('seller_business_id', $business->id)
+            ->selectRaw('
+                SUM(CASE WHEN assigned_to = ? AND completed_at IS NULL THEN 1 ELSE 0 END) as my_tasks,
+                SUM(CASE WHEN completed_at IS NULL AND due_at < NOW() THEN 1 ELSE 0 END) as overdue,
+                SUM(CASE WHEN completed_at IS NULL AND DATE(due_at) = CURRENT_DATE THEN 1 ELSE 0 END) as due_today
+            ', [$user->id])
+            ->first();
+
         $stats = [
-            'my_tasks' => CrmTask::where('business_id', $business->id)
-                ->where('assigned_to', $user->id)
-                ->where('status', '!=', 'completed')
-                ->count(),
-            'overdue' => CrmTask::where('business_id', $business->id)
-                ->where('status', '!=', 'completed')
-                ->where('due_date', '<', now())
-                ->count(),
-            'due_today' => CrmTask::where('business_id', $business->id)
-                ->where('status', '!=', 'completed')
-                ->whereDate('due_date', today())
-                ->count(),
+            'my_tasks' => $statsQuery->my_tasks ?? 0,
+            'overdue' => $statsQuery->overdue ?? 0,
+            'due_today' => $statsQuery->due_today ?? 0,
         ];
 
-        return view('seller.crm.tasks.index', compact('business', 'tasks', 'stats'));
+        $counts = $stats; // View expects $counts
+
+        // Get team members for assignment filter
+        $teamMembers = User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))->get();
+
+        // Get buyer businesses (accounts) for filtering
+        $buyerBusinesses = Business::where('type', 'buyer')
+            ->orderBy('name')
+            ->get(['id', 'name']);
+
+        return view('seller.crm.tasks.index', compact('business', 'tasks', 'counts', 'teamMembers', 'buyerBusinesses'));
     }
 
     /**
@@ -61,7 +97,19 @@ class TaskController extends Controller
      */
     public function create(Request $request, Business $business)
     {
-        return view('seller.crm.tasks.create', compact('business'));
+        $teamMembers = User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))->get();
+
+        // Prefill from query params (when creating task from contact/account/etc)
+        $prefill = [
+            'title' => $request->get('title'),
+            'business_id' => $request->get('business_id'),
+            'contact_id' => $request->get('contact_id'),
+            'opportunity_id' => $request->get('opportunity_id'),
+            'conversation_id' => $request->get('conversation_id'),
+            'order_id' => $request->get('order_id'),
+        ];
+
+        return view('seller.crm.tasks.create', compact('business', 'teamMembers', 'prefill'));
     }
 
     /**
@@ -71,19 +119,26 @@ class TaskController extends Controller
     {
         $validated = $request->validate([
             'title' => 'required|string|max:255',
-            'description' => 'nullable|string',
-            'type' => 'required|in:call,email,meeting,task,follow_up',
-            'priority' => 'required|in:low,medium,high,urgent',
-            'due_date' => 'required|date',
+            'details' => 'nullable|string',
+            'type' => 'required|in:call,email,meeting,follow_up,demo,other',
+            'priority' => 'required|in:low,normal,high,urgent',
+            'due_at' => 'required|date',
             'assigned_to' => 'nullable|exists:users,id',
+            'contact_id' => 'nullable|exists:contacts,id',
+            'business_id' => 'nullable|exists:businesses,id',
         ]);
 
         $task = CrmTask::create([
-            ...$validated,
-            'business_id' => $business->id,
+            'title' => $validated['title'],
+            'details' => $validated['details'] ?? null,
+            'type' => $validated['type'],
+            'priority' => $validated['priority'],
+            'due_at' => $validated['due_at'],
+            'contact_id' => $validated['contact_id'] ?? null,
+            'business_id' => $validated['business_id'] ?? null,
+            'seller_business_id' => $business->id,
             'created_by' => $request->user()->id,
             'assigned_to' => $validated['assigned_to'] ?? $request->user()->id,
-            'status' => 'pending',
         ]);
 
         return redirect()
@@ -96,7 +151,7 @@ class TaskController extends Controller
      */
     public function show(Request $request, Business $business, CrmTask $task)
     {
-        $task->load(['assignee', 'creator', 'related']);
+        $task->load(['assignee', 'creator', 'contact', 'business', 'opportunity', 'order']);
 
         return view('seller.crm.tasks.show', compact('business', 'task'));
     }
@@ -108,11 +163,10 @@ class TaskController extends Controller
     {
         $validated = $request->validate([
             'title' => 'sometimes|string|max:255',
-            'description' => 'nullable|string',
-            'type' => 'sometimes|in:call,email,meeting,task,follow_up',
-            'priority' => 'sometimes|in:low,medium,high,urgent',
-            'status' => 'sometimes|in:pending,in_progress,completed,cancelled',
-            'due_date' => 'sometimes|date',
+            'details' => 'nullable|string',
+            'type' => 'sometimes|in:call,email,meeting,follow_up,demo,other',
+            'priority' => 'sometimes|in:low,normal,high,urgent',
+            'due_at' => 'sometimes|date',
             'assigned_to' => 'nullable|exists:users,id',
         ]);
 
@@ -140,10 +194,7 @@ class TaskController extends Controller
      */
     public function complete(Request $request, Business $business, CrmTask $task)
     {
-        $task->update([
-            'status' => 'completed',
-            'completed_at' => now(),
-        ]);
+        $task->markComplete($request->user());
 
         return redirect()
             ->back()

app/Http/Controllers/Seller/Crm/ThreadController.php

@@ -2,16 +2,24 @@
 
 namespace App\Http\Controllers\Seller\Crm;
 
+use App\Events\CrmTypingIndicator;
 use App\Http\Controllers\Controller;
+use App\Models\AgentStatus;
+use App\Models\Business;
+use App\Models\ChatQuickReply;
+use App\Models\Contact;
 use App\Models\Crm\CrmActiveView;
 use App\Models\Crm\CrmChannel;
 use App\Models\Crm\CrmInternalNote;
 use App\Models\Crm\CrmThread;
+use App\Models\SalesRepAssignment;
 use App\Models\User;
 use App\Services\Crm\CrmAiService;
 use App\Services\Crm\CrmChannelService;
 use App\Services\Crm\CrmSlaService;
+use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Storage;
 
 class ThreadController extends Controller
 {
@@ -21,15 +29,113 @@ class ThreadController extends Controller
         protected CrmAiService $aiService
     ) {}
 
+    /**
+     * Show compose form for new thread
+     */
+    public function create(Request $request, Business $business)
+    {
+        // Get customer business IDs (businesses that have ordered from this seller)
+        $customerBusinessIds = \App\Models\Order::whereHas('items.product.brand', fn ($q) => $q->where('business_id', $business->id))
+            ->pluck('business_id')
+            ->unique();
+
+        // Get contacts from customer businesses (accounts)
+        $contacts = \App\Models\Contact::whereIn('business_id', $customerBusinessIds)
+            ->with('business:id,name')
+            ->orderBy('first_name')
+            ->limit(200)
+            ->get();
+
+        // Get available channels
+        $channels = $this->channelService->getAvailableChannels($business->id);
+
+        // Pre-select contact if provided
+        $selectedContact = null;
+        if ($request->filled('contact_id')) {
+            $selectedContact = \App\Models\Contact::whereIn('business_id', $customerBusinessIds)
+                ->find($request->contact_id);
+        }
+
+        return view('seller.crm.threads.create', compact('business', 'contacts', 'channels', 'selectedContact'));
+    }
+
+    /**
+     * Store a new thread and send initial message
+     */
+    public function store(Request $request, Business $business)
+    {
+        $validated = $request->validate([
+            'contact_id' => 'required|exists:contacts,id',
+            'channel_type' => 'required|string|in:sms,email,whatsapp,instagram,in_app',
+            'subject' => 'nullable|string|max:255',
+            'body' => 'required|string|max:10000',
+            'attachments.*' => 'nullable|file|max:10240',
+        ]);
+
+        // Get customer business IDs (businesses that have ordered from this seller)
+        $customerBusinessIds = \App\Models\Order::whereHas('items.product.brand', fn ($q) => $q->where('business_id', $business->id))
+            ->pluck('business_id')
+            ->unique();
+
+        // SECURITY: Verify contact belongs to a customer business
+        $contact = \App\Models\Contact::whereIn('business_id', $customerBusinessIds)
+            ->findOrFail($validated['contact_id']);
+
+        // Determine recipient address
+        $to = $validated['channel_type'] === CrmChannel::TYPE_EMAIL
+            ? $contact->email
+            : $contact->phone;
+
+        if (! $to) {
+            return back()->withInput()->withErrors([
+                'channel_type' => 'Contact does not have the required contact info for this channel.',
+            ]);
+        }
+
+        // Create thread first
+        $thread = CrmThread::create([
+            'business_id' => $business->id,
+            'contact_id' => $contact->id,
+            'account_id' => $contact->account_id,
+            'subject' => $validated['subject'],
+            'status' => 'open',
+            'priority' => 'normal',
+            'last_channel_type' => $validated['channel_type'],
+            'assigned_to' => $request->user()->id,
+        ]);
+
+        // Send the message
+        $success = $this->channelService->sendMessage(
+            businessId: $business->id,
+            channelType: $validated['channel_type'],
+            to: $to,
+            body: $validated['body'],
+            subject: $validated['subject'] ?? null,
+            threadId: $thread->id,
+            contactId: $contact->id,
+            userId: $request->user()->id,
+            attachments: $request->file('attachments', [])
+        );
+
+        if (! $success) {
+            // Delete the thread if message failed
+            $thread->delete();
+
+            return back()->withInput()->withErrors(['body' => 'Failed to send message.']);
+        }
+
+        return redirect()
+            ->route('seller.business.crm.threads.show', [$business, $thread])
+            ->with('success', 'Conversation started successfully.');
+    }
+
     /**
      * Display unified inbox
      */
-    public function index(Request $request)
+    public function index(Request $request, Business $business)
     {
-        $business = $request->user()->business;
-
         $query = CrmThread::forBusiness($business->id)
-            ->with(['contact', 'assignee', 'messages' => fn ($q) => $q->latest()->limit(1)])
+            ->with(['contact', 'assignee', 'brand', 'channel', 'messages' => fn ($q) => $q->latest()->limit(1)])
             ->withCount('messages');
 
         // Filters
@@ -53,11 +159,21 @@ class ThreadController extends Controller
             $query->withPriority($request->priority);
         }
 
+        // Department filter
+        if ($request->filled('department')) {
+            $query->forDepartment($request->department);
+        }
+
+        // Brand filter
+        if ($request->filled('brand_id')) {
+            $query->forBrand($request->brand_id);
+        }
+
         if ($request->filled('search')) {
             $query->where(function ($q) use ($request) {
-                $q->where('subject', 'like', "%{$request->search}%")
-                    ->orWhere('last_message_preview', 'like', "%{$request->search}%")
-                    ->orWhereHas('contact', fn ($c) => $c->where('name', 'like', "%{$request->search}%"));
+                $q->where('subject', 'ilike', "%{$request->search}%")
+                    ->orWhere('last_message_preview', 'ilike', "%{$request->search}%")
+                    ->orWhereHas('contact', fn ($c) => $c->where('name', 'ilike', "%{$request->search}%"));
             });
         }
 
@@ -66,21 +182,28 @@ class ThreadController extends Controller
             ->paginate(25);
 
         // Get team members for assignment dropdown
-        $teamMembers = User::where('business_id', $business->id)->get();
+        $teamMembers = User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))->get();
 
         // Get available channels
         $channels = $this->channelService->getAvailableChannels($business->id);
 
-        return view('seller.crm.threads.index', compact('threads', 'teamMembers', 'channels'));
+        // Get brands for filter dropdown
+        $brands = \App\Models\Brand::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->orderBy('name')
+            ->get();
+
+        // Get departments for filter dropdown
+        $departments = CrmChannel::DEPARTMENTS;
+
+        return view('seller.crm.threads.index', compact('business', 'threads', 'teamMembers', 'channels', 'brands', 'departments'));
     }
 
     /**
      * Show a single thread
      */
-    public function show(Request $request, CrmThread $thread)
+    public function show(Request $request, Business $business, CrmThread $thread)
     {
-        $business = $request->user()->business;
-
         // SECURITY: Verify business ownership
         if ($thread->business_id !== $business->id) {
             abort(404);
@@ -91,6 +214,8 @@ class ThreadController extends Controller
             'contact',
             'account',
             'assignee',
+            'brand',
+            'channel',
             'messages.attachments',
             'messages.user',
             'deals',
@@ -116,22 +241,25 @@ class ThreadController extends Controller
         // Get available channels for reply
         $channels = $this->channelService->getAvailableChannels($business->id);
 
+        // Get team members for assignment dropdown
+        $teamMembers = User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))->get();
+
         return view('seller.crm.threads.show', compact(
+            'business',
             'thread',
             'otherViewers',
             'slaStatus',
             'suggestions',
-            'channels'
+            'channels',
+            'teamMembers'
         ));
     }
 
     /**
      * Send a reply in thread
      */
-    public function reply(Request $request, CrmThread $thread)
+    public function reply(Request $request, Business $business, CrmThread $thread)
     {
-        $business = $request->user()->business;
-
         if ($thread->business_id !== $business->id) {
             abort(404);
         }
@@ -168,6 +296,12 @@ class ThreadController extends Controller
             return back()->withErrors(['body' => 'Failed to send message.']);
         }
 
+        // Auto-assign thread to sender if unassigned
+        if ($thread->assigned_to === null) {
+            $thread->assigned_to = $request->user()->id;
+            $thread->save();
+        }
+
         // Handle SLA
         $this->slaService->handleOutboundMessage($thread);
 
@@ -177,10 +311,8 @@ class ThreadController extends Controller
     /**
      * Assign thread to user
      */
-    public function assign(Request $request, CrmThread $thread)
+    public function assign(Request $request, Business $business, CrmThread $thread)
     {
-        $business = $request->user()->business;
-
         if ($thread->business_id !== $business->id) {
             abort(404);
         }
@@ -191,7 +323,7 @@ class ThreadController extends Controller
 
         // SECURITY: Verify user belongs to business
         $assignee = User::where('id', $validated['assigned_to'])
-            ->where('business_id', $business->id)
+            ->whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))
             ->first();
 
         if (! $assignee) {
@@ -206,10 +338,8 @@ class ThreadController extends Controller
     /**
      * Close thread
      */
-    public function close(Request $request, CrmThread $thread)
+    public function close(Request $request, Business $business, CrmThread $thread)
     {
-        $business = $request->user()->business;
-
         if ($thread->business_id !== $business->id) {
             abort(404);
         }
@@ -222,10 +352,8 @@ class ThreadController extends Controller
     /**
      * Reopen thread
      */
-    public function reopen(Request $request, CrmThread $thread)
+    public function reopen(Request $request, Business $business, CrmThread $thread)
     {
-        $business = $request->user()->business;
-
         if ($thread->business_id !== $business->id) {
             abort(404);
         }
@@ -241,10 +369,8 @@ class ThreadController extends Controller
     /**
      * Snooze thread
      */
-    public function snooze(Request $request, CrmThread $thread)
+    public function snooze(Request $request, Business $business, CrmThread $thread)
     {
-        $business = $request->user()->business;
-
         if ($thread->business_id !== $business->id) {
             abort(404);
         }
@@ -264,10 +390,8 @@ class ThreadController extends Controller
     /**
      * Add internal note
      */
-    public function addNote(Request $request, CrmThread $thread)
+    public function addNote(Request $request, Business $business, CrmThread $thread)
     {
-        $business = $request->user()->business;
-
         if ($thread->business_id !== $business->id) {
             abort(404);
         }
@@ -290,10 +414,8 @@ class ThreadController extends Controller
     /**
      * Generate AI reply draft
      */
-    public function generateAiReply(Request $request, CrmThread $thread)
+    public function generateAiReply(Request $request, Business $business, CrmThread $thread)
     {
-        $business = $request->user()->business;
-
         if ($thread->business_id !== $business->id) {
             abort(404);
         }
@@ -313,10 +435,8 @@ class ThreadController extends Controller
     /**
      * Heartbeat for active viewing
      */
-    public function heartbeat(Request $request, CrmThread $thread)
+    public function heartbeat(Request $request, Business $business, CrmThread $thread)
     {
-        $business = $request->user()->business;
-
         if ($thread->business_id !== $business->id) {
             return response()->json(['error' => 'Unauthorized'], 403);
         }
@@ -333,4 +453,354 @@ class ThreadController extends Controller
             ]),
         ]);
     }
+
+    // ========================================
+    // API Endpoints for Real-Time Inbox
+    // ========================================
+
+    /**
+     * API: Get threads list for real-time updates
+     */
+    public function apiIndex(Request $request, Business $business): JsonResponse
+    {
+        $user = $request->user();
+
+        $query = CrmThread::forBusiness($business->id)
+            ->with(['contact:id,first_name,last_name,email,phone', 'assignee:id,name', 'channel:id,type,name', 'account:id,name'])
+            ->withCount('messages');
+
+        // Apply "my accounts" filter for sales reps
+        if ($request->boolean('my_accounts')) {
+            $query->forSalesRep($business->id, $user->id);
+        }
+
+        // Status filter
+        if ($request->filled('status') && $request->status !== 'all') {
+            $query->where('status', $request->status);
+        }
+
+        // Channel filter
+        if ($request->filled('channel') && $request->channel !== 'all') {
+            $query->where('last_channel_type', $request->channel);
+        }
+
+        // Assigned filter
+        if ($request->filled('assigned')) {
+            if ($request->assigned === 'me') {
+                $query->where('assigned_to', $user->id);
+            } elseif ($request->assigned === 'unassigned') {
+                $query->whereNull('assigned_to');
+            } elseif (is_numeric($request->assigned)) {
+                $query->where('assigned_to', $request->assigned);
+            }
+        }
+
+        // Search
+        if ($request->filled('search')) {
+            $search = $request->search;
+            $query->where(function ($q) use ($search) {
+                $q->where('subject', 'ilike', "%{$search}%")
+                    ->orWhere('last_message_preview', 'ilike', "%{$search}%")
+                    ->orWhereHas('contact', fn ($c) => $c->whereRaw("CONCAT(first_name, ' ', last_name) ILIKE ?", ["%{$search}%"]))
+                    ->orWhereHas('account', fn ($a) => $a->where('name', 'ilike', "%{$search}%"));
+            });
+        }
+
+        $threads = $query->orderByDesc('last_message_at')
+            ->limit($request->input('limit', 50))
+            ->get();
+
+        return response()->json([
+            'threads' => $threads->map(fn ($t) => [
+                'id' => $t->id,
+                'subject' => $t->subject,
+                'status' => $t->status,
+                'priority' => $t->priority,
+                'is_read' => $t->is_read,
+                'last_message_at' => $t->last_message_at?->toIso8601String(),
+                'last_message_preview' => $t->last_message_preview,
+                'last_message_direction' => $t->last_message_direction,
+                'last_channel_type' => $t->last_channel_type,
+                'contact' => $t->contact ? [
+                    'id' => $t->contact->id,
+                    'name' => $t->contact->getFullName(),
+                    'email' => $t->contact->email,
+                    'phone' => $t->contact->phone,
+                ] : null,
+                'account' => $t->account ? [
+                    'id' => $t->account->id,
+                    'name' => $t->account->name,
+                ] : null,
+                'assignee' => $t->assignee ? [
+                    'id' => $t->assignee->id,
+                    'name' => $t->assignee->name,
+                ] : null,
+                'messages_count' => $t->messages_count,
+            ]),
+        ]);
+    }
+
+    /**
+     * API: Get messages for a thread
+     */
+    public function apiMessages(Request $request, Business $business, CrmThread $thread): JsonResponse
+    {
+        if ($thread->business_id !== $business->id) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        $query = $thread->messages()
+            ->with(['user:id,name', 'attachments'])
+            ->orderBy('created_at', 'asc');
+
+        // Pagination for infinite scroll
+        if ($request->filled('before_id')) {
+            $query->where('id', '<', $request->before_id);
+        }
+
+        $messages = $query->limit($request->input('limit', 50))->get();
+
+        // Mark thread as read
+        if ($messages->isNotEmpty()) {
+            $thread->markAsRead($request->user());
+        }
+
+        return response()->json([
+            'messages' => $messages->map(fn ($m) => [
+                'id' => $m->id,
+                'body' => $m->body,
+                'body_html' => $m->body_html,
+                'direction' => $m->direction,
+                'channel_type' => $m->channel_type,
+                'sender_id' => $m->user_id,
+                'sender_name' => $m->user?->name ?? ($m->direction === 'inbound' ? $thread->contact?->getFullName() : 'System'),
+                'status' => $m->status,
+                'created_at' => $m->created_at->toIso8601String(),
+                'attachments' => $m->attachments->map(fn ($a) => [
+                    'id' => $a->id,
+                    'filename' => $a->original_filename ?? $a->filename,
+                    'mime_type' => $a->mime_type,
+                    'size' => $a->size,
+                    'url' => Storage::disk($a->disk ?? 'minio')->url($a->path),
+                ]),
+            ]),
+            'has_more' => $messages->count() === $request->input('limit', 50),
+            'thread' => [
+                'id' => $thread->id,
+                'subject' => $thread->subject,
+                'status' => $thread->status,
+                'contact' => $thread->contact ? [
+                    'id' => $thread->contact->id,
+                    'name' => $thread->contact->getFullName(),
+                    'email' => $thread->contact->email,
+                    'phone' => $thread->contact->phone,
+                ] : null,
+            ],
+        ]);
+    }
+
+    /**
+     * API: Send typing indicator
+     */
+    public function typing(Request $request, Business $business, CrmThread $thread): JsonResponse
+    {
+        if ($thread->business_id !== $business->id) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        $validated = $request->validate([
+            'is_typing' => 'required|boolean',
+        ]);
+
+        broadcast(new CrmTypingIndicator(
+            threadId: $thread->id,
+            userId: $request->user()->id,
+            userName: $request->user()->name,
+            isTyping: $validated['is_typing']
+        ))->toOthers();
+
+        // Update active view type
+        CrmActiveView::startViewing(
+            $thread,
+            $request->user(),
+            $validated['is_typing'] ? CrmActiveView::VIEW_TYPE_TYPING : CrmActiveView::VIEW_TYPE_VIEWING
+        );
+
+        return response()->json(['success' => true]);
+    }
+
+    /**
+     * API: Get quick replies
+     */
+    public function quickReplies(Request $request, Business $business): JsonResponse
+    {
+        $quickReplies = ChatQuickReply::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->orderByDesc('usage_count')
+            ->orderBy('sort_order')
+            ->get()
+            ->groupBy('category');
+
+        return response()->json([
+            'quick_replies' => $quickReplies,
+        ]);
+    }
+
+    /**
+     * API: Use a quick reply (increment usage count)
+     */
+    public function useQuickReply(Request $request, Business $business, ChatQuickReply $quickReply): JsonResponse
+    {
+        if ($quickReply->business_id !== $business->id) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        // Increment usage count
+        $quickReply->increment('usage_count');
+
+        // Process template variables
+        $message = $quickReply->message;
+
+        if ($request->filled('contact_id')) {
+            $contact = Contact::find($request->contact_id);
+            if ($contact) {
+                $message = str_replace(
+                    ['{{name}}', '{{first_name}}', '{{last_name}}', '{{company}}'],
+                    [$contact->getFullName(), $contact->first_name, $contact->last_name, $contact->business?->name ?? ''],
+                    $message
+                );
+            }
+        }
+
+        return response()->json([
+            'message' => $message,
+            'label' => $quickReply->label,
+        ]);
+    }
+
+    /**
+     * API: Get contact details with email engagement
+     */
+    public function apiContact(Request $request, Business $business, CrmThread $thread): JsonResponse
+    {
+        if ($thread->business_id !== $business->id) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        $contact = $thread->contact;
+        if (! $contact) {
+            return response()->json(['contact' => null]);
+        }
+
+        // Get recent email engagement
+        $emailEngagement = [];
+        if (class_exists(\App\Models\Analytics\EmailInteraction::class)) {
+            $emailEngagement = \App\Models\Analytics\EmailInteraction::where(function ($q) use ($contact) {
+                $q->where('recipient_email', $contact->email);
+                if ($contact->user_id) {
+                    $q->orWhere('recipient_user_id', $contact->user_id);
+                }
+            })
+                ->whereNotNull('first_opened_at')
+                ->with('emailCampaign:id,subject')
+                ->orderByDesc('first_opened_at')
+                ->limit(10)
+                ->get()
+                ->map(fn ($i) => [
+                    'id' => $i->id,
+                    'campaign_subject' => $i->emailCampaign?->subject ?? 'Unknown Campaign',
+                    'opened_at' => $i->first_opened_at?->toIso8601String(),
+                    'open_count' => $i->open_count,
+                    'clicked_at' => $i->first_clicked_at?->toIso8601String(),
+                    'click_count' => $i->click_count,
+                ]);
+        }
+
+        // Get recent orders from this contact's account
+        $recentOrders = [];
+        if ($thread->account_id) {
+            $recentOrders = \App\Models\Order::where('business_id', $thread->account_id)
+                ->whereHas('items.product.brand', fn ($q) => $q->where('business_id', $business->id))
+                ->orderByDesc('created_at')
+                ->limit(5)
+                ->get()
+                ->map(fn ($o) => [
+                    'id' => $o->id,
+                    'hashid' => $o->hashid,
+                    'total' => $o->total,
+                    'status' => $o->status,
+                    'created_at' => $o->created_at->toIso8601String(),
+                ]);
+        }
+
+        return response()->json([
+            'contact' => [
+                'id' => $contact->id,
+                'name' => $contact->getFullName(),
+                'email' => $contact->email,
+                'phone' => $contact->phone,
+                'title' => $contact->title,
+                'contact_type' => $contact->contact_type,
+            ],
+            'account' => $thread->account ? [
+                'id' => $thread->account->id,
+                'name' => $thread->account->name,
+                'address' => $thread->account->full_address ?? null,
+            ] : null,
+            'email_engagement' => $emailEngagement,
+            'recent_orders' => $recentOrders,
+        ]);
+    }
+
+    /**
+     * Unified inbox view (Chatwoot-style)
+     */
+    public function unified(Request $request, Business $business)
+    {
+        $user = $request->user();
+
+        // Get initial threads
+        $query = CrmThread::forBusiness($business->id)
+            ->with(['contact:id,first_name,last_name,email,phone', 'assignee:id,name', 'account:id,name'])
+            ->withCount('messages')
+            ->orderByDesc('last_message_at')
+            ->limit(50);
+
+        $threads = $query->get();
+
+        // Get team members
+        $teamMembers = User::whereHas('businesses', fn ($q) => $q->where('businesses.id', $business->id))
+            ->select('id', 'name')
+            ->get();
+
+        // Get agent status
+        $agentStatus = AgentStatus::where('business_id', $business->id)
+            ->where('user_id', $user->id)
+            ->first();
+
+        // Get quick replies
+        $quickReplies = ChatQuickReply::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->orderByDesc('usage_count')
+            ->get()
+            ->groupBy('category');
+
+        // Get channels
+        $channels = $this->channelService->getAvailableChannels($business->id);
+
+        // Check if user has sales rep assignments (for "My Accounts" filter)
+        $hasSalesRepAssignments = SalesRepAssignment::where('business_id', $business->id)
+            ->where('user_id', $user->id)
+            ->exists();
+
+        return view('seller.crm.inbox.unified', compact(
+            'business',
+            'threads',
+            'teamMembers',
+            'agentStatus',
+            'quickReplies',
+            'channels',
+            'hasSalesRepAssignments'
+        ));
+    }
 }

app/Http/Controllers/Seller/EmailSettingsController.php

@@ -22,6 +22,7 @@ class EmailSettingsController extends Controller
             'business' => $business,
             'settings' => $settings,
             'drivers' => BusinessMailSettings::DRIVERS,
+            'providers' => BusinessMailSettings::PROVIDERS,
             'encryptions' => BusinessMailSettings::ENCRYPTIONS,
             'commonPorts' => BusinessMailSettings::COMMON_PORTS,
         ]);
@@ -34,6 +35,7 @@ class EmailSettingsController extends Controller
     {
         $validated = $request->validate([
             'driver' => ['required', 'string', Rule::in(array_keys(BusinessMailSettings::DRIVERS))],
+            'provider' => ['required', 'string', Rule::in(array_keys(BusinessMailSettings::PROVIDERS))],
             'host' => ['nullable', 'string', 'max:255'],
             'port' => ['nullable', 'integer', 'min:1', 'max:65535'],
             'encryption' => ['nullable', 'string', Rule::in(['tls', 'ssl', ''])],
@@ -43,6 +45,9 @@ class EmailSettingsController extends Controller
             'from_email' => ['nullable', 'email', 'max:255'],
             'reply_to_email' => ['nullable', 'email', 'max:255'],
             'is_active' => ['boolean'],
+            // Postal-specific config fields
+            'postal_server_url' => ['nullable', 'url', 'max:255'],
+            'postal_webhook_secret' => ['nullable', 'string', 'max:255'],
         ]);
 
         // Handle empty encryption value
@@ -55,6 +60,21 @@ class EmailSettingsController extends Controller
             unset($validated['password']);
         }
 
+        // Build provider_config from provider-specific fields
+        $providerConfig = [];
+        if ($validated['provider'] === BusinessMailSettings::PROVIDER_POSTAL) {
+            if (! empty($validated['postal_server_url'])) {
+                $providerConfig['server_url'] = $validated['postal_server_url'];
+            }
+            if (! empty($validated['postal_webhook_secret'])) {
+                $providerConfig['webhook_secret'] = $validated['postal_webhook_secret'];
+            }
+        }
+        $validated['provider_config'] = ! empty($providerConfig) ? $providerConfig : null;
+
+        // Remove provider-specific fields from main validated array
+        unset($validated['postal_server_url'], $validated['postal_webhook_secret']);
+
         $settings = BusinessMailSettings::getOrCreate($business);
         $settings->update($validated);
 

app/Http/Controllers/Seller/ExpensesController.php

@@ -0,0 +1,335 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller;
+
+use App\Http\Controllers\Controller;
+use App\Models\Accounting\Expense;
+use App\Models\Accounting\GlAccount;
+use App\Models\Business;
+use App\Models\Department;
+use App\Services\Accounting\ExpenseService;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\View\View;
+
+/**
+ * Staff/Child Business Expense Controller.
+ *
+ * Handles expense creation and submission by employees.
+ * Approval and payment are handled by Management controller.
+ */
+class ExpensesController extends Controller
+{
+    public function __construct(
+        protected ExpenseService $expenseService
+    ) {}
+
+    /**
+     * List expenses for the current business.
+     *
+     * GET /s/{business}/expenses
+     */
+    public function index(Request $request, Business $business): View
+    {
+        $user = auth()->user();
+
+        $query = Expense::where('business_id', $business->id)
+            ->with(['department', 'createdBy', 'items']);
+
+        // Non-admins only see their own expenses
+        if (! $this->canViewAllExpenses($user, $business)) {
+            $query->where('created_by_user_id', $user->id);
+        }
+
+        // Status filter
+        if ($request->filled('status')) {
+            $query->where('status', $request->status);
+        }
+
+        // Department filter
+        if ($request->filled('department_id')) {
+            $query->where('department_id', $request->department_id);
+        }
+
+        $expenses = $query->orderByDesc('expense_date')->paginate(20)->withQueryString();
+
+        // Get departments for filter
+        $departments = Department::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->orderBy('name')
+            ->get();
+
+        // Stats for current user
+        $myStats = [
+            'draft' => Expense::where('business_id', $business->id)
+                ->where('created_by_user_id', $user->id)
+                ->status(Expense::STATUS_DRAFT)
+                ->count(),
+            'submitted' => Expense::where('business_id', $business->id)
+                ->where('created_by_user_id', $user->id)
+                ->status(Expense::STATUS_SUBMITTED)
+                ->count(),
+            'approved' => Expense::where('business_id', $business->id)
+                ->where('created_by_user_id', $user->id)
+                ->status(Expense::STATUS_APPROVED)
+                ->count(),
+            'total_pending' => Expense::where('business_id', $business->id)
+                ->where('created_by_user_id', $user->id)
+                ->whereIn('status', [Expense::STATUS_SUBMITTED, Expense::STATUS_APPROVED])
+                ->sum('total_amount'),
+        ];
+
+        return view('seller.expenses.index', compact(
+            'business',
+            'expenses',
+            'departments',
+            'myStats'
+        ));
+    }
+
+    /**
+     * Show create expense form.
+     *
+     * GET /s/{business}/expenses/create
+     */
+    public function create(Request $request, Business $business): View
+    {
+        $departments = Department::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->orderBy('name')
+            ->get();
+
+        $glAccounts = GlAccount::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->where('is_header', false)
+            ->where('account_type', 'expense')
+            ->orderBy('account_number')
+            ->get();
+
+        $paymentMethods = Expense::getPaymentMethods();
+
+        return view('seller.expenses.create', compact(
+            'business',
+            'departments',
+            'glAccounts',
+            'paymentMethods'
+        ));
+    }
+
+    /**
+     * Store a new expense.
+     *
+     * POST /s/{business}/expenses
+     */
+    public function store(Request $request, Business $business): RedirectResponse
+    {
+        $validated = $request->validate([
+            'expense_date' => 'required|date',
+            'department_id' => 'nullable|integer|exists:departments,id',
+            'payment_method' => 'required|string|in:'.implode(',', array_keys(Expense::getPaymentMethods())),
+            'reference' => 'nullable|string|max:255',
+            'notes' => 'nullable|string|max:1000',
+            'items' => 'required|array|min:1',
+            'items.*.description' => 'required|string|max:255',
+            'items.*.amount' => 'required|numeric|min:0.01',
+            'items.*.gl_expense_account_id' => 'required|integer|exists:gl_accounts,id',
+            'items.*.department_id' => 'nullable|integer|exists:departments,id',
+            'items.*.tax_amount' => 'nullable|numeric|min:0',
+            'submit' => 'nullable|boolean',
+        ]);
+
+        $user = auth()->user();
+        $items = $validated['items'];
+        unset($validated['items'], $validated['submit']);
+
+        // Set default status
+        $validated['status'] = $request->boolean('submit')
+            ? Expense::STATUS_SUBMITTED
+            : Expense::STATUS_DRAFT;
+
+        $expense = $this->expenseService->createExpense($business, $user, $validated, $items);
+
+        $message = $expense->isSubmitted()
+            ? "Expense {$expense->expense_number} submitted for approval."
+            : "Expense {$expense->expense_number} saved as draft.";
+
+        return redirect()
+            ->route('seller.business.expenses.show', [$business, $expense])
+            ->with('success', $message);
+    }
+
+    /**
+     * Show expense details.
+     *
+     * GET /s/{business}/expenses/{expense}
+     */
+    public function show(Request $request, Business $business, Expense $expense): View
+    {
+        $this->authorizeExpenseAccess($expense, $business);
+
+        $expense->load(['items.glAccount', 'items.department', 'department', 'createdBy', 'approvedBy', 'paidBy']);
+
+        return view('seller.expenses.show', compact('business', 'expense'));
+    }
+
+    /**
+     * Show edit expense form (draft only).
+     *
+     * GET /s/{business}/expenses/{expense}/edit
+     */
+    public function edit(Request $request, Business $business, Expense $expense): View
+    {
+        $this->authorizeExpenseAccess($expense, $business);
+
+        if (! $expense->canEdit()) {
+            abort(403, 'Only draft expenses can be edited.');
+        }
+
+        $expense->load(['items']);
+
+        $departments = Department::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->orderBy('name')
+            ->get();
+
+        $glAccounts = GlAccount::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->where('is_header', false)
+            ->where('account_type', 'expense')
+            ->orderBy('account_number')
+            ->get();
+
+        $paymentMethods = Expense::getPaymentMethods();
+
+        return view('seller.expenses.edit', compact(
+            'business',
+            'expense',
+            'departments',
+            'glAccounts',
+            'paymentMethods'
+        ));
+    }
+
+    /**
+     * Update an expense (draft only).
+     *
+     * PUT /s/{business}/expenses/{expense}
+     */
+    public function update(Request $request, Business $business, Expense $expense): RedirectResponse
+    {
+        $this->authorizeExpenseAccess($expense, $business);
+
+        if (! $expense->canEdit()) {
+            return back()->with('error', 'Only draft expenses can be edited.');
+        }
+
+        $validated = $request->validate([
+            'expense_date' => 'required|date',
+            'department_id' => 'nullable|integer|exists:departments,id',
+            'payment_method' => 'required|string|in:'.implode(',', array_keys(Expense::getPaymentMethods())),
+            'reference' => 'nullable|string|max:255',
+            'notes' => 'nullable|string|max:1000',
+            'items' => 'required|array|min:1',
+            'items.*.description' => 'required|string|max:255',
+            'items.*.amount' => 'required|numeric|min:0.01',
+            'items.*.gl_expense_account_id' => 'required|integer|exists:gl_accounts,id',
+            'items.*.department_id' => 'nullable|integer|exists:departments,id',
+            'items.*.tax_amount' => 'nullable|numeric|min:0',
+            'submit' => 'nullable|boolean',
+        ]);
+
+        $items = $validated['items'];
+        unset($validated['items'], $validated['submit']);
+
+        // Update status if submitting
+        if ($request->boolean('submit')) {
+            $validated['status'] = Expense::STATUS_SUBMITTED;
+        }
+
+        $expense = $this->expenseService->updateExpense($expense, $validated, $items);
+
+        $message = $expense->isSubmitted()
+            ? "Expense {$expense->expense_number} submitted for approval."
+            : "Expense {$expense->expense_number} updated.";
+
+        return redirect()
+            ->route('seller.business.expenses.show', [$business, $expense])
+            ->with('success', $message);
+    }
+
+    /**
+     * Submit an expense for approval.
+     *
+     * POST /s/{business}/expenses/{expense}/submit
+     */
+    public function submit(Request $request, Business $business, Expense $expense): RedirectResponse
+    {
+        $this->authorizeExpenseAccess($expense, $business);
+
+        try {
+            $this->expenseService->submitExpense($expense, auth()->user());
+
+            return back()->with('success', "Expense {$expense->expense_number} submitted for approval.");
+        } catch (\InvalidArgumentException $e) {
+            return back()->with('error', $e->getMessage());
+        }
+    }
+
+    /**
+     * Delete a draft expense.
+     *
+     * DELETE /s/{business}/expenses/{expense}
+     */
+    public function destroy(Request $request, Business $business, Expense $expense): RedirectResponse
+    {
+        $this->authorizeExpenseAccess($expense, $business);
+
+        try {
+            $this->expenseService->deleteExpense($expense);
+
+            return redirect()
+                ->route('seller.business.expenses.index', $business)
+                ->with('success', 'Expense deleted.');
+        } catch (\InvalidArgumentException $e) {
+            return back()->with('error', $e->getMessage());
+        }
+    }
+
+    /**
+     * Check if user can view all expenses (not just their own).
+     */
+    protected function canViewAllExpenses($user, Business $business): bool
+    {
+        // Business owners and admins can view all
+        $pivot = $user->businesses()
+            ->where('businesses.id', $business->id)
+            ->first()
+            ?->pivot;
+
+        if ($pivot && in_array($pivot->role ?? $pivot->contact_type ?? '', ['owner', 'primary', 'admin'])) {
+            return true;
+        }
+
+        return $user->user_type === 'admin';
+    }
+
+    /**
+     * Authorize access to a specific expense.
+     */
+    protected function authorizeExpenseAccess(Expense $expense, Business $business): void
+    {
+        // Must belong to this business
+        if ($expense->business_id !== $business->id) {
+            abort(403, 'Access denied.');
+        }
+
+        $user = auth()->user();
+
+        // Must be creator or have view-all permission
+        if ($expense->created_by_user_id !== $user->id && ! $this->canViewAllExpenses($user, $business)) {
+            abort(403, 'Access denied.');
+        }
+    }
+}

app/Http/Controllers/Seller/InvoiceController.php

@@ -3,10 +3,13 @@
 namespace App\Http\Controllers\Seller;
 
 use App\Http\Controllers\Controller;
+use App\Mail\Invoices\InvoiceSentMail;
 use App\Models\Business;
 use App\Models\Invoice;
+use App\Models\InvoicePayment;
 use App\Services\InvoiceService;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Mail;
 use Illuminate\Support\Facades\Storage;
 use Symfony\Component\HttpFoundation\Response;
 
@@ -25,64 +28,7 @@ class InvoiceController extends Controller
             ->orderBy('name')
             ->get();
 
-        // Get all products from brands owned by this business with images, stock levels, and batches
-        $products = \App\Models\Product::forBusiness($business)
-            ->where('is_active', true)
-            ->with(['brand', 'images', 'availableBatches.labs'])
-            ->select('id', 'brand_id', 'name', 'sku', 'description', 'wholesale_price', 'msrp_price',
-                'quantity_on_hand', 'quantity_allocated', 'type', 'image_path')
-            ->orderBy('name')
-            ->get()
-            ->map(function ($product) {
-                // Map batches with their COA data
-                $batches = $product->availableBatches->map(function ($batch) {
-                    $latestLab = $batch->getLatestLab();
-
-                    return [
-                        'id' => $batch->id,
-                        'batch_number' => $batch->batch_number,
-                        'quantity_available' => $batch->quantity_available,
-                        'production_date' => $batch->production_date?->format('M j, Y'),
-                        'expiration_date' => $batch->expiration_date?->format('M j, Y'),
-                        'is_expiring_soon' => $batch->isExpiringSoon(),
-                        'lab' => $latestLab ? [
-                            'total_thc' => $latestLab->total_thc,
-                            'total_cbd' => $latestLab->total_cbd,
-                            'test_date' => $latestLab->test_date->format('M j, Y'),
-                            'lab_name' => $latestLab->lab_name,
-                            'compliance_pass' => $latestLab->compliance_pass,
-                            'terpene_profile' => $latestLab->terpene_profile,
-                        ] : null,
-                    ];
-                });
-
-                // Calculate inventory from InventoryItem model
-                $totalOnHand = $product->inventoryItems()
-                    ->where('business_id', $business->id)
-                    ->sum('quantity_on_hand');
-                $totalAllocated = $product->inventoryItems()
-                    ->where('business_id', $business->id)
-                    ->sum('quantity_allocated');
-
-                return [
-                    'id' => $product->id,
-                    'name' => $product->name,
-                    'sku' => $product->sku,
-                    'description' => $product->description,
-                    'brand_name' => $product->brand?->name,
-                    'wholesale_price' => $product->wholesale_price,
-                    'msrp_price' => $product->msrp_price,
-                    'quantity_on_hand' => $totalOnHand,
-                    'quantity_allocated' => $totalAllocated,
-                    'quantity_available' => max(0, $totalOnHand - $totalAllocated),
-                    'type' => $product->type,
-                    'image_url' => $product->images->first()?->path
-                        ? \Storage::url($product->images->first()->path)
-                        : ($product->image_path ? \Storage::url($product->image_path) : null),
-                    'batches' => $batches,
-                    'has_batches' => $batches->count() > 0,
-                ];
-            });
+        // Products are loaded via API search (/search/invoice-products) for better performance
 
         // Get recently invoiced products (last 30 days, top 10 most common)
         $recentProducts = \App\Models\Product::forBusiness($business)
@@ -118,7 +64,7 @@ class InvoiceController extends Controller
                 ];
             });
 
-        return view('seller.invoices.create', compact('business', 'buyers', 'products', 'recentProducts'));
+        return view('seller.invoices.create', compact('business', 'buyers', 'recentProducts'));
     }
 
     /**
@@ -172,24 +118,68 @@ class InvoiceController extends Controller
     /**
      * Display a listing of invoices for the business.
      */
-    public function index(Business $business)
+    public function index(Business $business, Request $request)
     {
-        // Get invoices where orders contain items from brands under this business
-        $invoices = Invoice::with(['order.items.product.brand', 'order.contact', 'order.user', 'business'])
-            ->whereHas('order.items.product', function ($query) use ($business) {
-                $query->forBusiness($business);
-            })
-            ->latest()
-            ->get();
+        // Get brand IDs for this business (single query, reused for filtering)
+        $brandIds = $business->brands()->pluck('id');
 
+        // Base query: invoices where orders contain items from this business's brands
+        $baseQuery = Invoice::whereHas('order.items.product', function ($query) use ($brandIds) {
+            $query->whereIn('brand_id', $brandIds);
+        });
+
+        // Calculate stats with efficient database aggregates (not in-memory iteration)
         $stats = [
-            'total' => $invoices->count(),
-            'unpaid' => $invoices->where('payment_status', 'unpaid')->count(),
-            'partially_paid' => $invoices->where('payment_status', 'partially_paid')->count(),
-            'paid' => $invoices->where('payment_status', 'paid')->count(),
-            'overdue' => $invoices->filter(fn ($inv) => $inv->isOverdue())->count(),
+            'total' => (clone $baseQuery)->count(),
+            'unpaid' => (clone $baseQuery)->where('payment_status', 'unpaid')->count(),
+            'partially_paid' => (clone $baseQuery)->where('payment_status', 'partially_paid')->count(),
+            'paid' => (clone $baseQuery)->where('payment_status', 'paid')->count(),
+            'overdue' => (clone $baseQuery)->where('payment_status', '!=', 'paid')
+                ->where('due_date', '<', now())->count(),
         ];
 
+        // Apply search filter - search by customer business name or invoice number
+        $search = $request->input('search');
+        if ($search) {
+            $baseQuery->where(function ($query) use ($search) {
+                $query->where('invoice_number', 'ilike', "%{$search}%")
+                    ->orWhereHas('business', function ($q) use ($search) {
+                        $q->where('name', 'ilike', "%{$search}%");
+                    });
+            });
+        }
+
+        // Apply status filter
+        $status = $request->input('status');
+        if ($status === 'unpaid') {
+            $baseQuery->where('payment_status', 'unpaid');
+        } elseif ($status === 'paid') {
+            $baseQuery->where('payment_status', 'paid');
+        } elseif ($status === 'overdue') {
+            $baseQuery->where('payment_status', '!=', 'paid')
+                ->where('due_date', '<', now());
+        }
+
+        // Paginate with only the relations needed for display
+        $invoices = (clone $baseQuery)
+            ->with(['business:id,name,primary_contact_email,business_email', 'order:id,contact_id,user_id', 'order.contact:id,first_name,last_name,email', 'order.user:id,email'])
+            ->latest()
+            ->paginate(25)
+            ->withQueryString();
+
+        // Return JSON for AJAX/API requests (live search)
+        if ($request->wantsJson()) {
+            return response()->json([
+                'data' => $invoices->map(fn ($i) => [
+                    'hashid' => $i->hashid,
+                    'name' => $i->invoice_number.' - '.$i->business->name,
+                    'invoice_number' => $i->invoice_number,
+                    'customer' => $i->business->name,
+                    'status' => $i->payment_status,
+                ])->values()->toArray(),
+            ]);
+        }
+
         return view('seller.invoices.index', compact('business', 'invoices', 'stats'));
     }
 
@@ -199,7 +189,13 @@ class InvoiceController extends Controller
     public function show(Business $business, Invoice $invoice)
     {
         // Verify invoice belongs to this business through order items
-        $invoice->load(['order.items.product.brand', 'business']);
+        $invoice->load([
+            'order.items.product.brand',
+            'order.contact',
+            'order.user',
+            'business',
+            'payments.recordedByUser',
+        ]);
 
         // Check if any of the order's items belong to brands owned by this business
         $belongsToBusiness = $invoice->order->items->some(function ($item) use ($business) {
@@ -289,4 +285,102 @@ class InvoiceController extends Controller
             'contacts' => $contacts,
         ]);
     }
+
+    /**
+     * Send invoice by email.
+     */
+    public function send(Business $business, Invoice $invoice, Request $request, InvoiceService $invoiceService): Response
+    {
+        // Verify invoice belongs to this business through order items
+        $invoice->load('order.items.product.brand');
+
+        $belongsToBusiness = $invoice->order->items->some(function ($item) use ($business) {
+            return $item->product && $item->product->belongsToBusiness($business);
+        });
+
+        if (! $belongsToBusiness) {
+            abort(403, 'This invoice does not belong to your business');
+        }
+
+        $validated = $request->validate([
+            'to' => ['required', 'email'],
+            'cc' => ['nullable', 'email'],
+            'message' => ['nullable', 'string', 'max:2000'],
+            'attach_pdf' => ['sometimes', 'boolean'],
+        ]);
+
+        // Generate PDF if requested
+        $pdfContent = null;
+        if ($validated['attach_pdf'] ?? false) {
+            // Regenerate PDF if it doesn't exist
+            if (! $invoice->pdf_path || ! Storage::disk('local')->exists($invoice->pdf_path)) {
+                $invoiceService->regeneratePdf($invoice);
+                $invoice->refresh();
+            }
+
+            if ($invoice->pdf_path && Storage::disk('local')->exists($invoice->pdf_path)) {
+                $pdfContent = Storage::disk('local')->get($invoice->pdf_path);
+            }
+        }
+
+        // Send email
+        $mail = Mail::to($validated['to']);
+
+        if (! empty($validated['cc'])) {
+            $mail->cc($validated['cc']);
+        }
+
+        $mail->send(new InvoiceSentMail(
+            $invoice,
+            $validated['message'] ?? null,
+            $pdfContent
+        ));
+
+        return back()->with('success', 'Invoice sent successfully to '.$validated['to']);
+    }
+
+    /**
+     * Record a payment for an invoice.
+     */
+    public function recordPayment(Business $business, Invoice $invoice, Request $request): Response
+    {
+        // Verify invoice belongs to this business through order items
+        $invoice->load('order.items.product.brand');
+
+        $belongsToBusiness = $invoice->order->items->some(function ($item) use ($business) {
+            return $item->product && $item->product->belongsToBusiness($business);
+        });
+
+        if (! $belongsToBusiness) {
+            abort(403, 'This invoice does not belong to your business');
+        }
+
+        if ($invoice->payment_status === 'paid') {
+            return back()->withErrors(['error' => 'This invoice is already fully paid.']);
+        }
+
+        $validated = $request->validate([
+            'amount' => ['required', 'numeric', 'min:0.01', 'max:'.$invoice->amount_due],
+            'payment_date' => ['required', 'date'],
+            'payment_method' => ['required', 'string', 'in:cash,check,wire,ach,credit_card,bank_transfer,other'],
+            'reference' => ['nullable', 'string', 'max:255'],
+            'notes' => ['nullable', 'string', 'max:500'],
+        ]);
+
+        InvoicePayment::create([
+            'invoice_id' => $invoice->id,
+            'amount' => $validated['amount'],
+            'payment_date' => $validated['payment_date'],
+            'payment_method' => $validated['payment_method'],
+            'reference' => $validated['reference'],
+            'notes' => $validated['notes'],
+            'recorded_by' => $request->user()->id,
+        ]);
+
+        $statusMessage = $invoice->fresh()->payment_status === 'paid'
+            ? 'Payment recorded. Invoice is now fully paid.'
+            : 'Payment recorded successfully.';
+
+        return back()->with('success', $statusMessage);
+    }
 }

app/Http/Controllers/Seller/Management/AccountingController.php

@@ -0,0 +1,171 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Management;
+
+use App\Http\Controllers\Controller;
+use App\Models\Business;
+use App\Services\Accounting\AccountingReportingService;
+use App\Services\Accounting\ReportExportService;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\StreamedResponse;
+
+class AccountingController extends Controller
+{
+    public function __construct(
+        protected AccountingReportingService $reportingService,
+        protected ReportExportService $exportService
+    ) {}
+
+    /**
+     * General Ledger Account Detail.
+     *
+     * GET /s/{business}/management/accounting/gl
+     */
+    public function gl(Request $request, Business $business)
+    {
+        $fromDate = $request->get('from_date', now()->startOfMonth()->format('Y-m-d'));
+        $toDate = $request->get('to_date', now()->format('Y-m-d'));
+        $accountId = $request->get('account_id');
+
+        $accounts = $this->reportingService->getAccountsForSelect($business);
+        $isParent = $this->reportingService->isParentCompany($business);
+
+        $ledgerData = null;
+        if ($accountId) {
+            $ledgerData = $this->reportingService->getGeneralLedger(
+                $business,
+                (int) $accountId,
+                $fromDate,
+                $toDate
+            );
+        }
+
+        return view('seller.management.accounting.gl', compact(
+            'business',
+            'accounts',
+            'ledgerData',
+            'fromDate',
+            'toDate',
+            'accountId',
+            'isParent'
+        ));
+    }
+
+    /**
+     * Journal Entry Browser.
+     *
+     * GET /s/{business}/management/accounting/journals
+     */
+    public function journals(Request $request, Business $business)
+    {
+        $filters = [
+            'from_date' => $request->get('from_date', now()->startOfMonth()->format('Y-m-d')),
+            'to_date' => $request->get('to_date', now()->format('Y-m-d')),
+            'source_type' => $request->get('source_type'),
+            'status' => $request->get('status'),
+            'division_id' => $request->get('division_id'),
+            'include_children' => true,
+        ];
+
+        $entries = $this->reportingService->getJournalEntries($business, $filters);
+        $isParent = $this->reportingService->isParentCompany($business);
+        $divisions = $isParent ? $this->reportingService->getDivisions($business) : collect();
+
+        $sourceTypes = [
+            'manual' => 'Manual Entry',
+            'ap_bill' => 'AP Bill',
+            'ap_payment' => 'AP Payment',
+            'inter_company' => 'Inter-Company',
+        ];
+
+        $statuses = [
+            'draft' => 'Draft',
+            'posted' => 'Posted',
+            'reversed' => 'Reversed',
+        ];
+
+        return view('seller.management.accounting.journals', compact(
+            'business',
+            'entries',
+            'filters',
+            'isParent',
+            'divisions',
+            'sourceTypes',
+            'statuses'
+        ));
+    }
+
+    /**
+     * Trial Balance Report.
+     *
+     * GET /s/{business}/management/accounting/trial-balance
+     */
+    public function trialBalance(Request $request, Business $business)
+    {
+        $fromDate = $request->get('from_date', now()->startOfYear()->format('Y-m-d'));
+        $toDate = $request->get('to_date', now()->format('Y-m-d'));
+        $includeChildren = $request->boolean('include_children', true);
+
+        $isParent = $this->reportingService->isParentCompany($business);
+
+        $filters = [
+            'include_children' => $isParent && $includeChildren,
+        ];
+
+        $trialBalance = $this->reportingService->getTrialBalance(
+            $business,
+            $fromDate,
+            $toDate,
+            $filters
+        );
+
+        // Calculate totals
+        $totals = [
+            'debits' => $trialBalance->sum('debits'),
+            'credits' => $trialBalance->sum('credits'),
+            'net_debit' => $trialBalance->where('closing_balance', '>', 0)->sum('closing_balance'),
+            'net_credit' => abs($trialBalance->where('closing_balance', '<', 0)->sum('closing_balance')),
+        ];
+
+        return view('seller.management.accounting.trial-balance', compact(
+            'business',
+            'trialBalance',
+            'totals',
+            'fromDate',
+            'toDate',
+            'includeChildren',
+            'isParent'
+        ));
+    }
+
+    /**
+     * Export Trial Balance as CSV.
+     *
+     * GET /s/{business}/management/accounting/trial-balance/export
+     */
+    public function exportTrialBalance(Request $request, Business $business): StreamedResponse
+    {
+        $fromDate = $request->get('from_date', now()->startOfYear()->format('Y-m-d'));
+        $toDate = $request->get('to_date', now()->format('Y-m-d'));
+        $includeChildren = $request->boolean('include_children', true);
+
+        $isParent = $this->reportingService->isParentCompany($business);
+
+        $filters = [
+            'include_children' => $isParent && $includeChildren,
+        ];
+
+        $trialBalance = $this->reportingService->getTrialBalance(
+            $business,
+            $fromDate,
+            $toDate,
+            $filters
+        );
+
+        $filename = 'trial_balance_'.$business->slug.'_'.now()->format('Y-m-d').'.csv';
+
+        return $this->exportService->exportTrialBalance($trialBalance, $filename);
+    }
+}

app/Http/Controllers/Seller/Management/AccountingPeriodsController.php

@@ -0,0 +1,163 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Management;
+
+use App\Http\Controllers\Controller;
+use App\Models\Accounting\AccountingPeriod;
+use App\Models\Business;
+use App\Services\Accounting\PeriodLockService;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\View\View;
+
+class AccountingPeriodsController extends Controller
+{
+    public function __construct(
+        protected PeriodLockService $periodLockService
+    ) {}
+
+    /**
+     * Display accounting periods.
+     */
+    public function index(Request $request, Business $business): View
+    {
+        $this->requireManagementSuite($business);
+
+        $year = $request->input('year', now()->year);
+        $periods = $this->periodLockService->getPeriodsForBusiness($business, (int) $year);
+
+        // Get available years
+        $yearsWithPeriods = AccountingPeriod::forBusiness($business->id)
+            ->selectRaw('EXTRACT(YEAR FROM period_start) as year')
+            ->distinct()
+            ->pluck('year')
+            ->map(fn ($y) => (int) $y)
+            ->sort()
+            ->values();
+
+        // Always include current and next year
+        $availableYears = $yearsWithPeriods
+            ->push(now()->year)
+            ->push(now()->year + 1)
+            ->unique()
+            ->sort()
+            ->values();
+
+        $canClosePeriods = $this->periodLockService->userHasPermission($business, $request->user(), 'can_close_periods');
+        $canReopenPeriods = $this->periodLockService->userHasPermission($business, $request->user(), 'can_reopen_periods');
+
+        return view('seller.management.accounting.periods.index', [
+            'business' => $business,
+            'periods' => $periods,
+            'year' => (int) $year,
+            'availableYears' => $availableYears,
+            'canClosePeriods' => $canClosePeriods,
+            'canReopenPeriods' => $canReopenPeriods,
+        ]);
+    }
+
+    /**
+     * Generate periods for a year.
+     */
+    public function generate(Request $request, Business $business): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->requirePermission($business, $request->user(), 'can_close_periods');
+
+        $validated = $request->validate([
+            'year' => 'required|integer|min:2000|max:2100',
+        ]);
+
+        $periods = $this->periodLockService->ensurePeriodsExist($business, (int) $validated['year']);
+
+        return back()->with('success', 'Generated '.count($periods).' periods for '.$validated['year'].'.');
+    }
+
+    /**
+     * Close a period.
+     */
+    public function close(Request $request, Business $business, AccountingPeriod $period): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->requirePermission($business, $request->user(), 'can_close_periods');
+
+        // Ensure period belongs to this business
+        if ($period->business_id !== $business->id) {
+            abort(404);
+        }
+
+        $validated = $request->validate([
+            'status' => 'required|in:soft_closed,hard_closed',
+            'notes' => 'nullable|string|max:1000',
+        ]);
+
+        $this->periodLockService->closePeriod(
+            $period,
+            $validated['status'],
+            $request->user(),
+            $validated['notes'] ?? null
+        );
+
+        $statusLabel = $validated['status'] === 'soft_closed' ? 'soft closed' : 'hard closed';
+
+        return back()->with('success', "Period {$period->period_label} has been {$statusLabel}.");
+    }
+
+    /**
+     * Reopen a period.
+     */
+    public function reopen(Request $request, Business $business, AccountingPeriod $period): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->requirePermission($business, $request->user(), 'can_reopen_periods');
+
+        // Ensure period belongs to this business
+        if ($period->business_id !== $business->id) {
+            abort(404);
+        }
+
+        $validated = $request->validate([
+            'notes' => 'nullable|string|max:1000',
+        ]);
+
+        $this->periodLockService->reopenPeriod(
+            $period,
+            $request->user(),
+            $validated['notes'] ?? null
+        );
+
+        return back()->with('success', "Period {$period->period_label} has been reopened.");
+    }
+
+    /**
+     * Require Management Suite access.
+     */
+    private function requireManagementSuite(Business $business): void
+    {
+        if (! $business->hasManagementSuite()) {
+            abort(403, 'Management Suite access required.');
+        }
+    }
+
+    /**
+     * Require a specific finance permission.
+     */
+    private function requirePermission(Business $business, $user, string $permission): void
+    {
+        // Business owners always have access
+        if ($business->owner_user_id === $user->id) {
+            return;
+        }
+
+        // Check bypass mode
+        if (config('finance_roles.bypass_permissions', false)) {
+            return;
+        }
+
+        if (! $this->periodLockService->userHasPermission($business, $user, $permission)) {
+            abort(403, 'You do not have permission for this action.');
+        }
+    }
+}

app/Http/Controllers/Seller/Management/ActionCenterController.php

@@ -0,0 +1,238 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Management;
+
+use App\Http\Controllers\Controller;
+use App\Models\Accounting\ApBill;
+use App\Models\Accounting\ArInvoice;
+use App\Models\Accounting\Expense;
+use App\Models\Accounting\RecurringTransaction;
+use App\Models\Business;
+use App\Services\Accounting\BillService;
+use App\Services\Accounting\ExpenseService;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\View\View;
+
+/**
+ * Action Center - Centralized hub for pending approvals and exceptions.
+ *
+ * Management Suite only - provides quick access to items needing attention:
+ * - Bills pending approval
+ * - Expenses pending approval
+ * - Recurring drafts needing review
+ * - AR exceptions (credit limits, holds, past due)
+ * - Budget exceptions
+ */
+class ActionCenterController extends Controller
+{
+    public function __construct(
+        protected BillService $billService,
+        protected ExpenseService $expenseService
+    ) {}
+
+    /**
+     * Display the Action Center dashboard.
+     */
+    public function index(Request $request, Business $business): View
+    {
+        $parentBusiness = $business->parent ?? $business;
+        $divisionIds = Business::where('parent_id', $parentBusiness->id)->pluck('id')->toArray();
+        $allBusinessIds = array_merge([$parentBusiness->id], $divisionIds);
+
+        // 1. Bills Pending Approval
+        $pendingBills = ApBill::whereIn('business_id', $allBusinessIds)
+            ->where('status', ApBill::STATUS_PENDING)
+            ->with(['vendor', 'business'])
+            ->orderBy('due_date')
+            ->limit(20)
+            ->get();
+
+        $pendingBillsCount = ApBill::whereIn('business_id', $allBusinessIds)
+            ->where('status', ApBill::STATUS_PENDING)
+            ->count();
+
+        // 2. Expenses Pending Approval
+        $pendingExpenses = Expense::whereIn('business_id', $allBusinessIds)
+            ->where('status', Expense::STATUS_SUBMITTED)
+            ->with(['user', 'business', 'glAccount'])
+            ->orderBy('expense_date')
+            ->limit(20)
+            ->get();
+
+        $pendingExpensesCount = Expense::whereIn('business_id', $allBusinessIds)
+            ->where('status', Expense::STATUS_SUBMITTED)
+            ->count();
+
+        // 3. Recurring Drafts Needing Review
+        $recurringDrafts = collect();
+        $recurringDraftsCount = 0;
+        if (class_exists(RecurringTransaction::class)) {
+            $recurringDrafts = RecurringTransaction::whereIn('business_id', $allBusinessIds)
+                ->where('status', 'draft')
+                ->with('business')
+                ->limit(20)
+                ->get();
+            $recurringDraftsCount = RecurringTransaction::whereIn('business_id', $allBusinessIds)
+                ->where('status', 'draft')
+                ->count();
+        }
+
+        // 4. AR Exceptions
+        $arExceptions = $this->getArExceptions($allBusinessIds);
+
+        // 5. Budget Exceptions (placeholder - will expand when budget variance tracking exists)
+        $budgetExceptions = $this->getBudgetExceptions($parentBusiness);
+
+        // Summary counts
+        $totalActionItems = $pendingBillsCount + $pendingExpensesCount + $recurringDraftsCount
+            + $arExceptions['count'] + $budgetExceptions['count'];
+
+        return view('seller.management.action-center.index', compact(
+            'business',
+            'parentBusiness',
+            'pendingBills',
+            'pendingBillsCount',
+            'pendingExpenses',
+            'pendingExpensesCount',
+            'recurringDrafts',
+            'recurringDraftsCount',
+            'arExceptions',
+            'budgetExceptions',
+            'totalActionItems'
+        ));
+    }
+
+    /**
+     * Bulk approve pending bills.
+     */
+    public function bulkApproveBills(Request $request, Business $business): RedirectResponse
+    {
+        $validated = $request->validate([
+            'bill_ids' => 'required|array',
+            'bill_ids.*' => 'exists:ap_bills,id',
+        ]);
+
+        $approved = 0;
+        $errors = [];
+
+        foreach ($validated['bill_ids'] as $billId) {
+            try {
+                $bill = ApBill::findOrFail($billId);
+                $this->billService->approveBill($bill, auth()->id());
+                $approved++;
+            } catch (\Exception $e) {
+                $errors[] = "Bill #{$billId}: {$e->getMessage()}";
+            }
+        }
+
+        $message = "{$approved} bill(s) approved successfully.";
+        if (! empty($errors)) {
+            $message .= ' Errors: '.implode(', ', $errors);
+        }
+
+        return back()->with($errors ? 'warning' : 'success', $message);
+    }
+
+    /**
+     * Bulk approve pending expenses.
+     */
+    public function bulkApproveExpenses(Request $request, Business $business): RedirectResponse
+    {
+        $validated = $request->validate([
+            'expense_ids' => 'required|array',
+            'expense_ids.*' => 'exists:expenses,id',
+        ]);
+
+        $approved = 0;
+        $errors = [];
+
+        foreach ($validated['expense_ids'] as $expenseId) {
+            try {
+                $expense = Expense::findOrFail($expenseId);
+                $this->expenseService->approve($expense, auth()->id());
+                $approved++;
+            } catch (\Exception $e) {
+                $errors[] = "Expense #{$expenseId}: {$e->getMessage()}";
+            }
+        }
+
+        $message = "{$approved} expense(s) approved successfully.";
+        if (! empty($errors)) {
+            $message .= ' Errors: '.implode(', ', $errors);
+        }
+
+        return back()->with($errors ? 'warning' : 'success', $message);
+    }
+
+    /**
+     * Bulk reject pending expenses.
+     */
+    public function bulkRejectExpenses(Request $request, Business $business): RedirectResponse
+    {
+        $validated = $request->validate([
+            'expense_ids' => 'required|array',
+            'expense_ids.*' => 'exists:expenses,id',
+            'rejection_reason' => 'required|string|max:500',
+        ]);
+
+        $rejected = 0;
+
+        foreach ($validated['expense_ids'] as $expenseId) {
+            $expense = Expense::findOrFail($expenseId);
+            $this->expenseService->reject($expense, auth()->id(), $validated['rejection_reason']);
+            $rejected++;
+        }
+
+        return back()->with('success', "{$rejected} expense(s) rejected.");
+    }
+
+    /**
+     * Get AR exceptions (credit limits, holds, past due).
+     */
+    protected function getArExceptions(array $businessIds): array
+    {
+        $exceptions = [
+            'over_credit_limit' => collect(),
+            'credit_hold' => collect(),
+            'past_due_60' => collect(),
+            'past_due_90' => collect(),
+            'count' => 0,
+        ];
+
+        // Past due > 60 days
+        $pastDue60 = ArInvoice::whereIn('business_id', $businessIds)
+            ->where('status', ArInvoice::STATUS_OVERDUE)
+            ->where('due_date', '<', now()->subDays(60))
+            ->where('balance_due', '>', 0)
+            ->with(['customer', 'business'])
+            ->get();
+        $exceptions['past_due_60'] = $pastDue60->filter(fn ($inv) => $inv->due_date >= now()->subDays(90));
+
+        // Past due > 90 days
+        $exceptions['past_due_90'] = ArInvoice::whereIn('business_id', $businessIds)
+            ->where('status', ArInvoice::STATUS_OVERDUE)
+            ->where('due_date', '<', now()->subDays(90))
+            ->where('balance_due', '>', 0)
+            ->with(['customer', 'business'])
+            ->get();
+
+        $exceptions['count'] = $exceptions['past_due_60']->count() + $exceptions['past_due_90']->count();
+
+        return $exceptions;
+    }
+
+    /**
+     * Get budget exceptions (over budget items).
+     */
+    protected function getBudgetExceptions(Business $business): array
+    {
+        // Placeholder - will expand when budget variance tracking is implemented
+        return [
+            'items' => collect(),
+            'count' => 0,
+        ];
+    }
+}

app/Http/Controllers/Seller/Management/AdvancedAnalyticsController.php

@@ -0,0 +1,508 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Management;
+
+use App\Http\Controllers\Controller;
+use App\Models\Accounting\ApBill;
+use App\Models\Accounting\ApPayment;
+use App\Models\Accounting\ArInvoice;
+use App\Models\Accounting\Expense;
+use App\Models\Accounting\JournalEntry;
+use App\Models\Accounting\JournalEntryLine;
+use App\Models\Business;
+use Carbon\Carbon;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+use Illuminate\View\View;
+
+/**
+ * Advanced Analytics - Deep dive dashboards for financial analysis.
+ *
+ * Provides:
+ * - AR Analytics (aging, DSO, collection rate)
+ * - AP Analytics (payment timing, vendor analysis)
+ * - Cash Analytics (position, forecast, runway)
+ * - Expense Analytics (category breakdown, trends)
+ */
+class AdvancedAnalyticsController extends Controller
+{
+    /**
+     * AR Analytics Dashboard.
+     */
+    public function arAnalytics(Request $request, Business $business): View
+    {
+        $parentBusiness = $business->parent ?? $business;
+        $divisionIds = Business::where('parent_id', $parentBusiness->id)->pluck('id')->toArray();
+        $allBusinessIds = array_merge([$parentBusiness->id], $divisionIds);
+
+        $endDate = Carbon::parse($request->get('end_date', now()));
+        $startDate = Carbon::parse($request->get('start_date', now()->subMonths(12)));
+
+        // Aging buckets
+        $aging = $this->calculateArAging($allBusinessIds);
+
+        // DSO (Days Sales Outstanding)
+        $dso = $this->calculateDSO($allBusinessIds, $startDate, $endDate);
+
+        // Collection rate (last 12 months)
+        $collectionRate = $this->calculateCollectionRate($allBusinessIds, $startDate, $endDate);
+
+        // Monthly AR trend
+        $monthlyTrend = $this->getArMonthlyTrend($allBusinessIds, 12);
+
+        // Top customers by AR balance
+        $topCustomers = ArInvoice::whereIn('business_id', $allBusinessIds)
+            ->where('balance_due', '>', 0)
+            ->selectRaw('customer_id, SUM(balance_due) as total_balance')
+            ->groupBy('customer_id')
+            ->with('customer')
+            ->orderByDesc('total_balance')
+            ->limit(10)
+            ->get();
+
+        return view('seller.management.analytics.ar', compact(
+            'business',
+            'parentBusiness',
+            'aging',
+            'dso',
+            'collectionRate',
+            'monthlyTrend',
+            'topCustomers',
+            'startDate',
+            'endDate'
+        ));
+    }
+
+    /**
+     * AP Analytics Dashboard.
+     */
+    public function apAnalytics(Request $request, Business $business): View
+    {
+        $parentBusiness = $business->parent ?? $business;
+        $divisionIds = Business::where('parent_id', $parentBusiness->id)->pluck('id')->toArray();
+        $allBusinessIds = array_merge([$parentBusiness->id], $divisionIds);
+
+        $endDate = Carbon::parse($request->get('end_date', now()));
+        $startDate = Carbon::parse($request->get('start_date', now()->subMonths(12)));
+
+        // Aging buckets
+        $aging = $this->calculateApAging($allBusinessIds);
+
+        // DPO (Days Payable Outstanding)
+        $dpo = $this->calculateDPO($allBusinessIds, $startDate, $endDate);
+
+        // Payment timing analysis
+        $paymentTiming = $this->analyzePaymentTiming($allBusinessIds, $startDate, $endDate);
+
+        // Top vendors by AP balance
+        $topVendors = ApBill::whereIn('business_id', $allBusinessIds)
+            ->whereIn('status', [ApBill::STATUS_PENDING, ApBill::STATUS_APPROVED])
+            ->selectRaw('vendor_id, SUM(total - paid_amount) as total_balance')
+            ->groupBy('vendor_id')
+            ->with('vendor')
+            ->orderByDesc('total_balance')
+            ->limit(10)
+            ->get();
+
+        // Monthly AP trend
+        $monthlyTrend = $this->getApMonthlyTrend($allBusinessIds, 12);
+
+        return view('seller.management.analytics.ap', compact(
+            'business',
+            'parentBusiness',
+            'aging',
+            'dpo',
+            'paymentTiming',
+            'topVendors',
+            'monthlyTrend',
+            'startDate',
+            'endDate'
+        ));
+    }
+
+    /**
+     * Cash Analytics Dashboard.
+     */
+    public function cashAnalytics(Request $request, Business $business): View
+    {
+        $parentBusiness = $business->parent ?? $business;
+        $divisionIds = Business::where('parent_id', $parentBusiness->id)->pluck('id')->toArray();
+        $allBusinessIds = array_merge([$parentBusiness->id], $divisionIds);
+
+        // Current cash position from GL
+        $cashPosition = $this->calculateCashPosition($parentBusiness);
+
+        // Cash flow by month (last 12 months)
+        $monthlyCashFlow = $this->getMonthlyCashFlow($parentBusiness, 12);
+
+        // Expected collections (upcoming AR)
+        $expectedCollections = ArInvoice::whereIn('business_id', $allBusinessIds)
+            ->where('balance_due', '>', 0)
+            ->where('due_date', '>=', now())
+            ->where('due_date', '<=', now()->addDays(90))
+            ->selectRaw("
+                CASE
+                    WHEN due_date <= NOW() + INTERVAL '30 days' THEN '0-30 days'
+                    WHEN due_date <= NOW() + INTERVAL '60 days' THEN '31-60 days'
+                    ELSE '61-90 days'
+                END as period,
+                SUM(balance_due) as total
+            ")
+            ->groupBy(DB::raw("
+                CASE
+                    WHEN due_date <= NOW() + INTERVAL '30 days' THEN '0-30 days'
+                    WHEN due_date <= NOW() + INTERVAL '60 days' THEN '31-60 days'
+                    ELSE '61-90 days'
+                END
+            "))
+            ->get()
+            ->pluck('total', 'period');
+
+        // Expected payments (upcoming AP)
+        $expectedPayments = ApBill::whereIn('business_id', $allBusinessIds)
+            ->whereIn('status', [ApBill::STATUS_PENDING, ApBill::STATUS_APPROVED])
+            ->where('due_date', '>=', now())
+            ->where('due_date', '<=', now()->addDays(90))
+            ->selectRaw("
+                CASE
+                    WHEN due_date <= NOW() + INTERVAL '30 days' THEN '0-30 days'
+                    WHEN due_date <= NOW() + INTERVAL '60 days' THEN '31-60 days'
+                    ELSE '61-90 days'
+                END as period,
+                SUM(total - paid_amount) as total
+            ")
+            ->groupBy(DB::raw("
+                CASE
+                    WHEN due_date <= NOW() + INTERVAL '30 days' THEN '0-30 days'
+                    WHEN due_date <= NOW() + INTERVAL '60 days' THEN '31-60 days'
+                    ELSE '61-90 days'
+                END
+            "))
+            ->get()
+            ->pluck('total', 'period');
+
+        // Cash runway (months of runway based on avg monthly expenses)
+        $avgMonthlyExpenses = $this->getAverageMonthlyExpenses($allBusinessIds, 6);
+        $cashRunway = $avgMonthlyExpenses > 0 ? round($cashPosition / $avgMonthlyExpenses, 1) : null;
+
+        return view('seller.management.analytics.cash', compact(
+            'business',
+            'parentBusiness',
+            'cashPosition',
+            'monthlyCashFlow',
+            'expectedCollections',
+            'expectedPayments',
+            'avgMonthlyExpenses',
+            'cashRunway'
+        ));
+    }
+
+    /**
+     * Expense Analytics Dashboard.
+     */
+    public function expenseAnalytics(Request $request, Business $business): View
+    {
+        $parentBusiness = $business->parent ?? $business;
+        $divisionIds = Business::where('parent_id', $parentBusiness->id)->pluck('id')->toArray();
+        $allBusinessIds = array_merge([$parentBusiness->id], $divisionIds);
+
+        $endDate = Carbon::parse($request->get('end_date', now()));
+        $startDate = Carbon::parse($request->get('start_date', now()->subMonths(12)));
+
+        // Expenses by category
+        $byCategory = Expense::whereIn('business_id', $allBusinessIds)
+            ->whereBetween('expense_date', [$startDate, $endDate])
+            ->where('status', Expense::STATUS_APPROVED)
+            ->selectRaw('gl_account_id, SUM(amount) as total')
+            ->groupBy('gl_account_id')
+            ->with('glAccount')
+            ->orderByDesc('total')
+            ->get();
+
+        // Expenses by division
+        $byDivision = Expense::whereIn('business_id', $allBusinessIds)
+            ->whereBetween('expense_date', [$startDate, $endDate])
+            ->where('status', Expense::STATUS_APPROVED)
+            ->selectRaw('business_id, SUM(amount) as total')
+            ->groupBy('business_id')
+            ->with('business')
+            ->orderByDesc('total')
+            ->get();
+
+        // Monthly expense trend
+        $monthlyTrend = Expense::whereIn('business_id', $allBusinessIds)
+            ->where('status', Expense::STATUS_APPROVED)
+            ->where('expense_date', '>=', now()->subMonths(12))
+            ->selectRaw("DATE_TRUNC('month', expense_date) as month, SUM(amount) as total")
+            ->groupBy(DB::raw("DATE_TRUNC('month', expense_date)"))
+            ->orderBy('month')
+            ->get();
+
+        // Top expense categories (from GL)
+        $topCategories = JournalEntryLine::whereHas('journalEntry', function ($q) use ($parentBusiness, $startDate, $endDate) {
+            $q->where('business_id', $parentBusiness->id)
+                ->where('status', JournalEntry::STATUS_POSTED)
+                ->whereBetween('entry_date', [$startDate, $endDate]);
+        })
+            ->whereHas('glAccount', function ($q) {
+                $q->where('account_type', 'expense');
+            })
+            ->selectRaw('gl_account_id, SUM(debit_amount) as total_debit')
+            ->groupBy('gl_account_id')
+            ->with('glAccount')
+            ->orderByDesc('total_debit')
+            ->limit(15)
+            ->get();
+
+        return view('seller.management.analytics.expense', compact(
+            'business',
+            'parentBusiness',
+            'byCategory',
+            'byDivision',
+            'monthlyTrend',
+            'topCategories',
+            'startDate',
+            'endDate'
+        ));
+    }
+
+    // =========================================================================
+    // HELPER METHODS
+    // =========================================================================
+
+    protected function calculateArAging(array $businessIds): array
+    {
+        $buckets = [
+            'current' => 0,
+            '1_30' => 0,
+            '31_60' => 0,
+            '61_90' => 0,
+            'over_90' => 0,
+        ];
+
+        $invoices = ArInvoice::whereIn('business_id', $businessIds)
+            ->where('balance_due', '>', 0)
+            ->get();
+
+        foreach ($invoices as $invoice) {
+            $daysOverdue = $invoice->due_date ? now()->diffInDays($invoice->due_date, false) : 0;
+
+            if ($daysOverdue <= 0) {
+                $buckets['current'] += $invoice->balance_due;
+            } elseif ($daysOverdue <= 30) {
+                $buckets['1_30'] += $invoice->balance_due;
+            } elseif ($daysOverdue <= 60) {
+                $buckets['31_60'] += $invoice->balance_due;
+            } elseif ($daysOverdue <= 90) {
+                $buckets['61_90'] += $invoice->balance_due;
+            } else {
+                $buckets['over_90'] += $invoice->balance_due;
+            }
+        }
+
+        $buckets['total'] = array_sum($buckets);
+
+        return $buckets;
+    }
+
+    protected function calculateApAging(array $businessIds): array
+    {
+        $buckets = [
+            'current' => 0,
+            '1_30' => 0,
+            '31_60' => 0,
+            '61_90' => 0,
+            'over_90' => 0,
+        ];
+
+        $bills = ApBill::whereIn('business_id', $businessIds)
+            ->whereIn('status', [ApBill::STATUS_PENDING, ApBill::STATUS_APPROVED])
+            ->get();
+
+        foreach ($bills as $bill) {
+            $balance = $bill->total - $bill->paid_amount;
+            $daysOverdue = $bill->due_date ? now()->diffInDays($bill->due_date, false) : 0;
+
+            if ($daysOverdue <= 0) {
+                $buckets['current'] += $balance;
+            } elseif ($daysOverdue <= 30) {
+                $buckets['1_30'] += $balance;
+            } elseif ($daysOverdue <= 60) {
+                $buckets['31_60'] += $balance;
+            } elseif ($daysOverdue <= 90) {
+                $buckets['61_90'] += $balance;
+            } else {
+                $buckets['over_90'] += $balance;
+            }
+        }
+
+        $buckets['total'] = array_sum($buckets);
+
+        return $buckets;
+    }
+
+    protected function calculateDSO(array $businessIds, Carbon $startDate, Carbon $endDate): float
+    {
+        $totalAR = ArInvoice::whereIn('business_id', $businessIds)
+            ->where('balance_due', '>', 0)
+            ->sum('balance_due');
+
+        $totalRevenue = ArInvoice::whereIn('business_id', $businessIds)
+            ->whereBetween('invoice_date', [$startDate, $endDate])
+            ->sum('total');
+
+        $days = $startDate->diffInDays($endDate);
+
+        if ($totalRevenue > 0 && $days > 0) {
+            $avgDailyRevenue = $totalRevenue / $days;
+
+            return round($totalAR / $avgDailyRevenue, 1);
+        }
+
+        return 0;
+    }
+
+    protected function calculateDPO(array $businessIds, Carbon $startDate, Carbon $endDate): float
+    {
+        $totalAP = ApBill::whereIn('business_id', $businessIds)
+            ->whereIn('status', [ApBill::STATUS_PENDING, ApBill::STATUS_APPROVED])
+            ->selectRaw('SUM(total - paid_amount) as balance')
+            ->value('balance') ?? 0;
+
+        $totalPurchases = ApBill::whereIn('business_id', $businessIds)
+            ->whereBetween('bill_date', [$startDate, $endDate])
+            ->sum('total');
+
+        $days = $startDate->diffInDays($endDate);
+
+        if ($totalPurchases > 0 && $days > 0) {
+            $avgDailyPurchases = $totalPurchases / $days;
+
+            return round($totalAP / $avgDailyPurchases, 1);
+        }
+
+        return 0;
+    }
+
+    protected function calculateCollectionRate(array $businessIds, Carbon $startDate, Carbon $endDate): float
+    {
+        $totalInvoiced = ArInvoice::whereIn('business_id', $businessIds)
+            ->whereBetween('invoice_date', [$startDate, $endDate])
+            ->sum('total');
+
+        $totalCollected = ArInvoice::whereIn('business_id', $businessIds)
+            ->whereBetween('invoice_date', [$startDate, $endDate])
+            ->selectRaw('SUM(total - balance_due) as collected')
+            ->value('collected') ?? 0;
+
+        if ($totalInvoiced > 0) {
+            return round(($totalCollected / $totalInvoiced) * 100, 1);
+        }
+
+        return 0;
+    }
+
+    protected function analyzePaymentTiming(array $businessIds, Carbon $startDate, Carbon $endDate): array
+    {
+        $payments = ApPayment::whereIn('business_id', $businessIds)
+            ->whereBetween('payment_date', [$startDate, $endDate])
+            ->with('bill')
+            ->get();
+
+        $early = 0;
+        $onTime = 0;
+        $late = 0;
+
+        foreach ($payments as $payment) {
+            if (! $payment->bill?->due_date) {
+                continue;
+            }
+
+            $daysDiff = $payment->payment_date->diffInDays($payment->bill->due_date, false);
+
+            if ($daysDiff > 5) {
+                $early++;
+            } elseif ($daysDiff >= -5) {
+                $onTime++;
+            } else {
+                $late++;
+            }
+        }
+
+        $total = $early + $onTime + $late;
+
+        return [
+            'early' => $early,
+            'on_time' => $onTime,
+            'late' => $late,
+            'early_pct' => $total > 0 ? round(($early / $total) * 100, 1) : 0,
+            'on_time_pct' => $total > 0 ? round(($onTime / $total) * 100, 1) : 0,
+            'late_pct' => $total > 0 ? round(($late / $total) * 100, 1) : 0,
+        ];
+    }
+
+    protected function getArMonthlyTrend(array $businessIds, int $months): \Illuminate\Support\Collection
+    {
+        return ArInvoice::whereIn('business_id', $businessIds)
+            ->where('invoice_date', '>=', now()->subMonths($months))
+            ->selectRaw("DATE_TRUNC('month', invoice_date) as month, SUM(total) as invoiced, SUM(total - balance_due) as collected")
+            ->groupBy(DB::raw("DATE_TRUNC('month', invoice_date)"))
+            ->orderBy('month')
+            ->get();
+    }
+
+    protected function getApMonthlyTrend(array $businessIds, int $months): \Illuminate\Support\Collection
+    {
+        return ApBill::whereIn('business_id', $businessIds)
+            ->where('bill_date', '>=', now()->subMonths($months))
+            ->selectRaw("DATE_TRUNC('month', bill_date) as month, SUM(total) as billed, SUM(paid_amount) as paid")
+            ->groupBy(DB::raw("DATE_TRUNC('month', bill_date)"))
+            ->orderBy('month')
+            ->get();
+    }
+
+    protected function calculateCashPosition(Business $parentBusiness): float
+    {
+        // Sum of all cash accounts (1000-1099 range)
+        return JournalEntryLine::whereHas('journalEntry', function ($q) use ($parentBusiness) {
+            $q->where('business_id', $parentBusiness->id)
+                ->where('status', JournalEntry::STATUS_POSTED);
+        })
+            ->whereHas('glAccount', function ($q) {
+                $q->where('account_number', '>=', '1000')
+                    ->where('account_number', '<', '1100');
+            })
+            ->selectRaw('SUM(debit_amount - credit_amount) as balance')
+            ->value('balance') ?? 0;
+    }
+
+    protected function getMonthlyCashFlow(Business $parentBusiness, int $months): \Illuminate\Support\Collection
+    {
+        return JournalEntryLine::whereHas('journalEntry', function ($q) use ($parentBusiness) {
+            $q->where('business_id', $parentBusiness->id)
+                ->where('status', JournalEntry::STATUS_POSTED)
+                ->where('entry_date', '>=', now()->subMonths($months));
+        })
+            ->whereHas('glAccount', function ($q) {
+                $q->where('account_number', '>=', '1000')
+                    ->where('account_number', '<', '1100');
+            })
+            ->join('journal_entries', 'journal_entry_lines.journal_entry_id', '=', 'journal_entries.id')
+            ->selectRaw("DATE_TRUNC('month', journal_entries.entry_date) as month, SUM(debit_amount) as inflows, SUM(credit_amount) as outflows")
+            ->groupBy(DB::raw("DATE_TRUNC('month', journal_entries.entry_date)"))
+            ->orderBy('month')
+            ->get();
+    }
+
+    protected function getAverageMonthlyExpenses(array $businessIds, int $months): float
+    {
+        $total = Expense::whereIn('business_id', $businessIds)
+            ->where('status', Expense::STATUS_APPROVED)
+            ->where('expense_date', '>=', now()->subMonths($months))
+            ->sum('amount');
+
+        return $total / max($months, 1);
+    }
+}

app/Http/Controllers/Seller/Management/AnalyticsController.php

@@ -0,0 +1,102 @@
+<?php
+
+namespace App\Http\Controllers\Seller\Management;
+
+use App\Http\Controllers\Controller;
+use App\Models\Business;
+use App\Support\ManagementDivisionFilter;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+
+class AnalyticsController extends Controller
+{
+    use ManagementDivisionFilter;
+
+    public function index(Request $request, Business $business)
+    {
+        $this->requireManagementSuite($business);
+
+        $filterData = $this->getDivisionFilterData($business, $request);
+        $businessIds = $filterData['business_ids'];
+
+        // Collect analytics data across all businesses
+        $analytics = $this->collectAnalytics($businessIds);
+
+        return view('seller.management.analytics.index', $this->withDivisionFilter([
+            'business' => $business,
+            'analytics' => $analytics,
+        ], $filterData));
+    }
+
+    /**
+     * Require Management Suite access.
+     */
+    private function requireManagementSuite(Business $business): void
+    {
+        if (! $business->hasManagementSuite()) {
+            abort(403, 'Management Suite access required.');
+        }
+    }
+
+    protected function collectAnalytics(array $businessIds): array
+    {
+        // Revenue by division
+        $revenueByDivision = DB::table('orders')
+            ->join('businesses', 'orders.business_id', '=', 'businesses.id')
+            ->whereIn('orders.business_id', $businessIds)
+            ->where('orders.status', 'completed')
+            ->select(
+                'businesses.name as division_name',
+                DB::raw('SUM(orders.total) as total_revenue'),
+                DB::raw('COUNT(orders.id) as order_count')
+            )
+            ->groupBy('businesses.id', 'businesses.name')
+            ->orderByDesc('total_revenue')
+            ->get();
+
+        // Expenses by division
+        $expensesByDivision = DB::table('ap_bills')
+            ->join('businesses', 'ap_bills.business_id', '=', 'businesses.id')
+            ->whereIn('ap_bills.business_id', $businessIds)
+            ->whereIn('ap_bills.status', ['approved', 'paid'])
+            ->select(
+                'businesses.name as division_name',
+                DB::raw('SUM(ap_bills.total) as total_expenses'),
+                DB::raw('COUNT(ap_bills.id) as bill_count')
+            )
+            ->groupBy('businesses.id', 'businesses.name')
+            ->orderByDesc('total_expenses')
+            ->get();
+
+        // AR totals by division
+        $arByDivision = DB::table('invoices')
+            ->join('businesses', 'invoices.business_id', '=', 'businesses.id')
+            ->whereIn('invoices.business_id', $businessIds)
+            ->whereIn('invoices.payment_status', ['sent', 'partial', 'overdue'])
+            ->select(
+                'businesses.name as division_name',
+                DB::raw('SUM(invoices.total) as total_ar'),
+                DB::raw('SUM(invoices.amount_due) as outstanding_ar')
+            )
+            ->groupBy('businesses.id', 'businesses.name')
+            ->orderByDesc('outstanding_ar')
+            ->get();
+
+        // Calculate totals
+        $totalRevenue = $revenueByDivision->sum('total_revenue');
+        $totalExpenses = $expensesByDivision->sum('total_expenses');
+        $totalAr = $arByDivision->sum('outstanding_ar');
+
+        return [
+            'revenue_by_division' => $revenueByDivision,
+            'expenses_by_division' => $expensesByDivision,
+            'ar_by_division' => $arByDivision,
+            'totals' => [
+                'revenue' => $totalRevenue,
+                'expenses' => $totalExpenses,
+                'net_income' => $totalRevenue - $totalExpenses,
+                'outstanding_ar' => $totalAr,
+            ],
+        ];
+    }
+}

app/Http/Controllers/Seller/Management/ApBillsController.php

@@ -0,0 +1,340 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Management;
+
+use App\Http\Controllers\Controller;
+use App\Models\Accounting\ApBill;
+use App\Models\Accounting\ApVendor;
+use App\Models\Accounting\GlAccount;
+use App\Models\Business;
+use App\Models\Department;
+use App\Models\PurchaseOrder;
+use App\Services\Accounting\BillService;
+use App\Services\Accounting\PaymentService;
+use App\Support\ManagementDivisionFilter;
+use Illuminate\Http\Request;
+use Illuminate\Validation\Rule;
+
+class ApBillsController extends Controller
+{
+    use ManagementDivisionFilter;
+
+    public function __construct(
+        protected BillService $billService,
+        protected PaymentService $paymentService
+    ) {}
+
+    /**
+     * Bills list page.
+     *
+     * GET /s/{business}/management/ap/bills
+     */
+    public function index(Request $request, Business $business)
+    {
+        $filterData = $this->getDivisionFilterData($business, $request);
+
+        // Get bills with filters - use division filter
+        $query = ApBill::forBusinesses($filterData['business_ids'])
+            ->with(['vendor', 'purchaseOrder', 'business']);
+
+        // Status filter
+        if ($request->filled('status')) {
+            $query->status($request->status);
+        }
+
+        // Vendor filter
+        if ($request->filled('vendor_id')) {
+            $query->where('vendor_id', $request->vendor_id);
+        }
+
+        // Date range filter
+        if ($request->filled('from_date')) {
+            $query->whereDate('bill_date', '>=', $request->from_date);
+        }
+        if ($request->filled('to_date')) {
+            $query->whereDate('bill_date', '<=', $request->to_date);
+        }
+
+        // Unpaid filter
+        if ($request->boolean('unpaid')) {
+            $query->unpaid();
+        }
+
+        // Overdue filter
+        if ($request->boolean('overdue')) {
+            $query->overdue();
+        }
+
+        // Sort
+        $sortField = $request->get('sort', 'due_date');
+        $sortDir = $request->get('dir', 'asc');
+        $query->orderBy($sortField, $sortDir);
+
+        $bills = $query->paginate(20)->withQueryString();
+
+        // Get vendors for filter dropdown (from all filtered businesses)
+        $vendors = ApVendor::whereIn('business_id', $filterData['business_ids'])
+            ->where('is_active', true)
+            ->orderBy('name')
+            ->get();
+
+        // Stats (scoped to filtered businesses)
+        $stats = [
+            'total_outstanding' => ApBill::forBusinesses($filterData['business_ids'])->unpaid()->sum('balance_due'),
+            'overdue_count' => ApBill::forBusinesses($filterData['business_ids'])->overdue()->count(),
+            'overdue_amount' => ApBill::forBusinesses($filterData['business_ids'])->overdue()->sum('balance_due'),
+            'pending_approval' => ApBill::forBusinesses($filterData['business_ids'])->whereIn('status', ['draft', 'pending'])->count(),
+        ];
+
+        // Check if user can pay (parent company only)
+        $canPay = $business->parent_id === null;
+
+        return view('seller.management.ap.bills.index', $this->withDivisionFilter([
+            'business' => $business,
+            'bills' => $bills,
+            'vendors' => $vendors,
+            'stats' => $stats,
+            'canPay' => $canPay,
+        ], $filterData));
+    }
+
+    /**
+     * Bill detail page.
+     *
+     * GET /s/{business}/management/ap/bills/{bill}
+     */
+    public function show(Request $request, Business $business, ApBill $bill)
+    {
+        // Verify bill belongs to this business or its divisions
+        $allowedBusinessIds = $this->getAllowedBusinessIds($business);
+        if (! in_array($bill->business_id, $allowedBusinessIds)) {
+            abort(403, 'Access denied.');
+        }
+
+        $bill->load([
+            'vendor',
+            'items.glAccount',
+            'items.department',
+            'purchaseOrder.items',
+            'paymentApplications.payment',
+            'approvedBy',
+            'createdBy',
+        ]);
+
+        // Check if user can pay (parent company only)
+        $canPay = $business->parent_id === null;
+
+        // Check if user can approve
+        $canApprove = in_array($bill->status, [ApBill::STATUS_DRAFT, ApBill::STATUS_PENDING]);
+
+        return view('seller.management.ap.bills.show', compact(
+            'business',
+            'bill',
+            'canPay',
+            'canApprove'
+        ));
+    }
+
+    /**
+     * Create bill page (manual entry).
+     *
+     * GET /s/{business}/management/ap/bills/create
+     */
+    public function create(Request $request, Business $business)
+    {
+        // Get vendors
+        $vendors = ApVendor::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->orderBy('name')
+            ->get();
+
+        // Get GL accounts for line items
+        $glAccounts = GlAccount::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->where('is_header', false)
+            ->orderBy('account_number')
+            ->get();
+
+        // Get departments
+        $departments = Department::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->orderBy('name')
+            ->get();
+
+        // If creating from PO, get the PO
+        $purchaseOrder = null;
+        if ($request->filled('po_id')) {
+            $purchaseOrder = PurchaseOrder::where('business_id', $business->id)
+                ->with('items')
+                ->findOrFail($request->po_id);
+        }
+
+        return view('seller.management.ap.bills.create', compact(
+            'business',
+            'vendors',
+            'glAccounts',
+            'departments',
+            'purchaseOrder'
+        ));
+    }
+
+    /**
+     * Store a new bill (web form submission).
+     *
+     * POST /s/{business}/management/ap/bills
+     */
+    public function store(Request $request, Business $business)
+    {
+        $validated = $request->validate([
+            'vendor_id' => ['required', 'integer', Rule::exists('ap_vendors', 'id')->where('business_id', $business->id)],
+            'vendor_invoice_number' => 'required|string|max:100',
+            'bill_date' => 'required|date',
+            'due_date' => 'required|date|after_or_equal:bill_date',
+            'payment_terms' => 'nullable|integer|min:0',
+            'department_id' => ['nullable', 'integer', Rule::exists('departments', 'id')->where('business_id', $business->id)],
+            'tax_amount' => 'nullable|numeric|min:0',
+            'notes' => 'nullable|string|max:1000',
+            'items' => 'required|array|min:1',
+            'items.*.description' => 'required|string|max:255',
+            'items.*.quantity' => 'required|numeric|min:0.01',
+            'items.*.unit_price' => 'required|numeric|min:0',
+            'items.*.gl_account_id' => ['required', 'integer', Rule::exists('gl_accounts', 'id')->where('business_id', $business->id)],
+            'items.*.department_id' => ['nullable', 'integer', Rule::exists('departments', 'id')->where('business_id', $business->id)],
+            'purchase_order_id' => ['nullable', 'integer', Rule::exists('purchase_orders', 'id')->where('business_id', $business->id)],
+        ]);
+
+        try {
+            // Check if creating from PO
+            if (! empty($validated['purchase_order_id'])) {
+                $po = PurchaseOrder::where('business_id', $business->id)
+                    ->findOrFail($validated['purchase_order_id']);
+
+                $bill = $this->billService->createFromPurchaseOrder(
+                    $po,
+                    $validated['vendor_invoice_number'],
+                    $validated
+                );
+            } else {
+                $bill = $this->billService->createManualBill(
+                    $business->id,
+                    $validated['vendor_id'],
+                    $validated['vendor_invoice_number'],
+                    $validated['items'],
+                    $validated
+                );
+            }
+
+            return redirect()
+                ->route('seller.business.management.ap.bills.show', [$business, $bill])
+                ->with('success', "Bill {$bill->bill_number} created successfully.");
+        } catch (\InvalidArgumentException $e) {
+            return back()->withInput()->with('error', $e->getMessage());
+        }
+    }
+
+    /**
+     * Approve a bill.
+     *
+     * POST /s/{business}/management/ap/bills/{bill}/approve
+     */
+    public function approve(Business $business, ApBill $bill)
+    {
+        if ($bill->business_id !== $business->id) {
+            abort(403);
+        }
+
+        try {
+            $this->billService->approveBill($bill, auth()->id());
+
+            return back()->with('success', "Bill {$bill->bill_number} approved.");
+        } catch (\InvalidArgumentException $e) {
+            return back()->with('error', $e->getMessage());
+        }
+    }
+
+    /**
+     * Pay a bill (parent company only).
+     *
+     * POST /s/{business}/management/ap/bills/{bill}/pay
+     */
+    public function pay(Request $request, Business $business, ApBill $bill)
+    {
+        // Only parent company can pay
+        if ($business->parent_id !== null) {
+            abort(403, 'Only parent company can make payments.');
+        }
+
+        // Bill must be from this business or a child
+        $canPay = $bill->business_id === $business->id
+            || $bill->business->parent_id === $business->id;
+
+        if (! $canPay) {
+            abort(403, 'Cannot pay this bill.');
+        }
+
+        $validated = $request->validate([
+            'payment_method' => 'required|in:check,ach,wire,card,cash',
+            'amount' => 'nullable|numeric|min:0.01',
+            'discount' => 'nullable|numeric|min:0',
+            'reference_number' => 'nullable|string|max:100',
+            'memo' => 'nullable|string|max:500',
+        ]);
+
+        try {
+            $discount = $validated['discount'] ?? 0;
+            $amount = $validated['amount'] ?? bcsub((string) $bill->balance_due, (string) $discount, 2);
+
+            $payment = $this->paymentService->createPayment(
+                $business,
+                $bill->vendor_id,
+                (float) $amount,
+                $validated['payment_method'],
+                [
+                    [
+                        'bill_id' => $bill->id,
+                        'amount' => $amount,
+                        'discount' => $discount,
+                    ],
+                ],
+                [
+                    'reference_number' => $validated['reference_number'] ?? null,
+                    'memo' => $validated['memo'] ?? null,
+                ]
+            );
+
+            $this->paymentService->completePayment($payment);
+
+            return back()->with('success', "Payment {$payment->payment_number} applied to bill {$bill->bill_number}.");
+        } catch (\InvalidArgumentException $e) {
+            return back()->with('error', $e->getMessage());
+        }
+    }
+
+    /**
+     * Void a bill.
+     *
+     * POST /s/{business}/management/ap/bills/{bill}/void
+     */
+    public function void(Request $request, Business $business, ApBill $bill)
+    {
+        if ($bill->business_id !== $business->id) {
+            abort(403);
+        }
+
+        $validated = $request->validate([
+            'reason' => 'nullable|string|max:500',
+        ]);
+
+        try {
+            $this->billService->voidBill($bill, $validated['reason'] ?? null);
+
+            return redirect()
+                ->route('seller.business.management.ap.bills.index', $business)
+                ->with('success', "Bill {$bill->bill_number} voided.");
+        } catch (\InvalidArgumentException $e) {
+            return back()->with('error', $e->getMessage());
+        }
+    }
+}

app/Http/Controllers/Seller/Management/ApVendorsController.php

@@ -0,0 +1,328 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Management;
+
+use App\Http\Controllers\Controller;
+use App\Models\Accounting\ApVendor;
+use App\Models\Accounting\GlAccount;
+use App\Models\Business;
+use App\Support\ManagementDivisionFilter;
+use Illuminate\Http\Request;
+use Illuminate\Validation\Rule;
+
+class ApVendorsController extends Controller
+{
+    use ManagementDivisionFilter;
+
+    /**
+     * Vendors list page.
+     *
+     * GET /s/{business}/management/ap/vendors
+     */
+    public function index(Request $request, Business $business)
+    {
+        $filterData = $this->getDivisionFilterData($business, $request);
+        $isParent = $business->parent_id === null && Business::where('parent_id', $business->id)->exists();
+
+        $query = ApVendor::whereIn('business_id', $filterData['business_ids'])
+            ->with('business')
+            ->withCount('bills');
+
+        // Search filter
+        if ($request->filled('search')) {
+            $search = $request->search;
+            $query->where(function ($q) use ($search) {
+                $q->where('name', 'ilike', "%{$search}%")
+                    ->orWhere('code', 'ilike', "%{$search}%")
+                    ->orWhere('contact_email', 'ilike', "%{$search}%");
+            });
+        }
+
+        // Active filter
+        if ($request->has('active')) {
+            $query->where('is_active', $request->boolean('active'));
+        }
+
+        $vendors = $query->orderBy('name')->paginate(20)->withQueryString();
+
+        // For parent business, compute which child divisions use each vendor
+        if ($isParent) {
+            $childBusinessIds = Business::where('parent_id', $business->id)->pluck('id')->toArray();
+            $childBusinesses = Business::whereIn('id', $childBusinessIds)->get()->keyBy('id');
+
+            $vendors->getCollection()->transform(function ($vendor) use ($childBusinessIds, $childBusinesses) {
+                // Get divisions that have bills or POs with this vendor
+                $divisionsUsingVendor = collect();
+
+                // Check if vendor belongs to a child directly
+                if (in_array($vendor->business_id, $childBusinessIds)) {
+                    $divisionsUsingVendor->push($childBusinesses[$vendor->business_id] ?? null);
+                }
+
+                // Check for bills from other children using this vendor
+                $billBusinessIds = $vendor->bills()
+                    ->whereIn('business_id', $childBusinessIds)
+                    ->distinct()
+                    ->pluck('business_id')
+                    ->toArray();
+
+                foreach ($billBusinessIds as $bizId) {
+                    if (! $divisionsUsingVendor->contains('id', $bizId) && isset($childBusinesses[$bizId])) {
+                        $divisionsUsingVendor->push($childBusinesses[$bizId]);
+                    }
+                }
+
+                $vendor->divisions_using = $divisionsUsingVendor->filter()->unique('id')->values();
+
+                return $vendor;
+            });
+        }
+
+        // Get GL accounts for default expense account dropdown
+        $glAccounts = GlAccount::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->where('is_header', false)
+            ->whereIn('account_type', ['expense', 'asset'])
+            ->orderBy('account_number')
+            ->get();
+
+        return view('seller.management.ap.vendors.index', $this->withDivisionFilter([
+            'business' => $business,
+            'vendors' => $vendors,
+            'glAccounts' => $glAccounts,
+            'isParent' => $isParent,
+        ], $filterData));
+    }
+
+    /**
+     * Store a new vendor.
+     *
+     * POST /s/{business}/management/ap/vendors
+     */
+    public function store(Request $request, Business $business)
+    {
+        $validated = $request->validate([
+            'code' => 'nullable|string|max:50',
+            'name' => 'required|string|max:255',
+            'legal_name' => 'nullable|string|max:255',
+            'tax_id' => 'nullable|string|max:50',
+            'default_payment_terms' => 'nullable|integer|min:0',
+            'default_gl_account_id' => ['nullable', 'integer', Rule::exists('gl_accounts', 'id')->where('business_id', $business->id)],
+            'contact_name' => 'nullable|string|max:255',
+            'contact_email' => 'nullable|email|max:255',
+            'contact_phone' => 'nullable|string|max:50',
+            'address_line1' => 'nullable|string|max:255',
+            'address_line2' => 'nullable|string|max:255',
+            'city' => 'nullable|string|max:100',
+            'state' => 'nullable|string|max:100',
+            'postal_code' => 'nullable|string|max:20',
+            'country' => 'nullable|string|max:100',
+            'is_1099' => 'boolean',
+            'notes' => 'nullable|string|max:1000',
+        ]);
+
+        // Generate code if not provided
+        if (empty($validated['code'])) {
+            $validated['code'] = $this->generateVendorCode($business->id, $validated['name']);
+        }
+
+        $vendor = ApVendor::create([
+            'business_id' => $business->id,
+            ...$validated,
+            'is_active' => true,
+        ]);
+
+        if ($request->wantsJson()) {
+            return response()->json([
+                'success' => true,
+                'vendor' => $vendor,
+            ]);
+        }
+
+        return back()->with('success', "Vendor {$vendor->name} created successfully.");
+    }
+
+    /**
+     * Show create vendor form.
+     *
+     * GET /s/{business}/management/ap/vendors/create
+     */
+    public function create(Request $request, Business $business)
+    {
+        $glAccounts = GlAccount::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->where('is_header', false)
+            ->whereIn('account_type', ['expense', 'asset'])
+            ->orderBy('account_number')
+            ->get();
+
+        return view('seller.management.ap.vendors.create', compact(
+            'business',
+            'glAccounts'
+        ));
+    }
+
+    /**
+     * Show vendor details.
+     *
+     * GET /s/{business}/management/ap/vendors/{vendor}
+     */
+    public function show(Request $request, Business $business, ApVendor $vendor)
+    {
+        $allowedBusinessIds = $this->getAllowedBusinessIds($business);
+        if (! in_array($vendor->business_id, $allowedBusinessIds)) {
+            abort(403, 'Access denied.');
+        }
+
+        $vendor->load(['defaultGlAccount']);
+
+        // Get recent bills
+        $recentBills = $vendor->bills()
+            ->with(['glAccount'])
+            ->orderByDesc('bill_date')
+            ->limit(10)
+            ->get();
+
+        // Get recent payments
+        $recentPayments = $vendor->payments()
+            ->with(['bills'])
+            ->orderByDesc('payment_date')
+            ->limit(10)
+            ->get();
+
+        // Calculate metrics
+        $metrics = [
+            'total_bills' => $vendor->bills()->count(),
+            'unpaid_balance' => $vendor->bills()->unpaid()->sum('balance_due'),
+            'overdue_balance' => $vendor->bills()->overdue()->sum('balance_due'),
+            'ytd_payments' => $vendor->payments()
+                ->whereYear('payment_date', now()->year)
+                ->completed()
+                ->sum('amount'),
+        ];
+
+        return view('seller.management.ap.vendors.show', compact(
+            'business',
+            'vendor',
+            'recentBills',
+            'recentPayments',
+            'metrics'
+        ));
+    }
+
+    /**
+     * Show edit vendor form.
+     *
+     * GET /s/{business}/management/ap/vendors/{vendor}/edit
+     */
+    public function edit(Request $request, Business $business, ApVendor $vendor)
+    {
+        $allowedBusinessIds = $this->getAllowedBusinessIds($business);
+        if (! in_array($vendor->business_id, $allowedBusinessIds)) {
+            abort(403, 'Access denied.');
+        }
+
+        $glAccounts = GlAccount::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->where('is_header', false)
+            ->whereIn('account_type', ['expense', 'asset'])
+            ->orderBy('account_number')
+            ->get();
+
+        return view('seller.management.ap.vendors.edit', compact(
+            'business',
+            'vendor',
+            'glAccounts'
+        ));
+    }
+
+    /**
+     * Update a vendor.
+     *
+     * PUT /s/{business}/management/ap/vendors/{vendor}
+     */
+    public function update(Request $request, Business $business, ApVendor $vendor)
+    {
+        $allowedBusinessIds = $this->getAllowedBusinessIds($business);
+        if (! in_array($vendor->business_id, $allowedBusinessIds)) {
+            abort(403, 'Access denied.');
+        }
+
+        $validated = $request->validate([
+            'code' => 'nullable|string|max:50',
+            'name' => 'required|string|max:255',
+            'legal_name' => 'nullable|string|max:255',
+            'tax_id' => 'nullable|string|max:50',
+            'default_payment_terms' => 'nullable|integer|min:0',
+            'default_gl_account_id' => ['nullable', 'integer', Rule::exists('gl_accounts', 'id')->where('business_id', $business->id)],
+            'contact_name' => 'nullable|string|max:255',
+            'contact_email' => 'nullable|email|max:255',
+            'contact_phone' => 'nullable|string|max:50',
+            'address_line1' => 'nullable|string|max:255',
+            'address_line2' => 'nullable|string|max:255',
+            'city' => 'nullable|string|max:100',
+            'state' => 'nullable|string|max:100',
+            'postal_code' => 'nullable|string|max:20',
+            'country' => 'nullable|string|max:100',
+            'is_1099' => 'boolean',
+            'is_active' => 'boolean',
+            'notes' => 'nullable|string|max:1000',
+        ]);
+
+        $vendor->update($validated);
+
+        if ($request->wantsJson()) {
+            return response()->json([
+                'success' => true,
+                'vendor' => $vendor->fresh(),
+            ]);
+        }
+
+        return back()->with('success', "Vendor {$vendor->name} updated successfully.");
+    }
+
+    /**
+     * Toggle vendor active status.
+     *
+     * POST /s/{business}/management/ap/vendors/{vendor}/toggle-active
+     */
+    public function toggleActive(Business $business, ApVendor $vendor)
+    {
+        $allowedBusinessIds = $this->getAllowedBusinessIds($business);
+        if (! in_array($vendor->business_id, $allowedBusinessIds)) {
+            abort(403, 'Access denied.');
+        }
+
+        $vendor->update(['is_active' => ! $vendor->is_active]);
+
+        $status = $vendor->is_active ? 'activated' : 'deactivated';
+
+        return back()->with('success', "Vendor {$vendor->name} {$status}.");
+    }
+
+    /**
+     * Generate vendor code from name.
+     */
+    protected function generateVendorCode(int $businessId, string $name): string
+    {
+        // Take first 3 chars of each word, uppercase
+        $words = preg_split('/\s+/', strtoupper($name));
+        $prefix = '';
+        foreach ($words as $word) {
+            $prefix .= substr(preg_replace('/[^A-Z0-9]/', '', $word), 0, 3);
+            if (strlen($prefix) >= 6) {
+                break;
+            }
+        }
+        $prefix = substr($prefix, 0, 6);
+
+        // Check for uniqueness
+        $count = ApVendor::where('business_id', $businessId)
+            ->where('code', 'ilike', "{$prefix}%")
+            ->count();
+
+        return $count > 0 ? "{$prefix}-{$count}" : $prefix;
+    }
+}

app/Http/Controllers/Seller/Management/ArController.php

@@ -0,0 +1,207 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Management;
+
+use App\Http\Controllers\Controller;
+use App\Models\Accounting\ArCustomer;
+use App\Models\Business;
+use App\Services\Accounting\ArAnalyticsService;
+use App\Services\Accounting\ArService;
+use App\Services\Accounting\CustomerFinancialService;
+use App\Services\Accounting\ReportExportService;
+use App\Support\ManagementDivisionFilter;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\StreamedResponse;
+
+class ArController extends Controller
+{
+    use ManagementDivisionFilter;
+
+    public function __construct(
+        protected ArAnalyticsService $analyticsService,
+        protected ArService $arService,
+        protected CustomerFinancialService $customerService,
+        protected ReportExportService $exportService
+    ) {}
+
+    /**
+     * AR Overview dashboard.
+     */
+    public function index(Request $request, Business $business)
+    {
+        $filterData = $this->getDivisionFilterData($business, $request);
+
+        $metrics = $this->analyticsService->getARMetrics($business, $filterData['business_ids']);
+        $aging = $this->analyticsService->getARAging($business, $filterData['business_ids']);
+        $topCustomers = $this->analyticsService->getARBreakdownByCustomer($business, $filterData['business_ids'], 5);
+
+        return view('seller.management.ar.index', $this->withDivisionFilter([
+            'business' => $business,
+            'metrics' => $metrics,
+            'aging' => $aging,
+            'topCustomers' => $topCustomers,
+        ], $filterData));
+    }
+
+    /**
+     * AR Aging detail page.
+     */
+    public function aging(Request $request, Business $business)
+    {
+        $filterData = $this->getDivisionFilterData($business, $request);
+
+        $aging = $this->analyticsService->getARAging($business, $filterData['business_ids']);
+        $byDivision = $this->analyticsService->getARBreakdownByDivision($business, $filterData['business_ids']);
+        $byCustomer = $this->analyticsService->getARBreakdownByCustomer($business, $filterData['business_ids'], 10);
+
+        // Check for bucket filter from drill-down
+        $bucket = $request->get('bucket');
+
+        return view('seller.management.ar.aging', $this->withDivisionFilter([
+            'business' => $business,
+            'aging' => $aging,
+            'byDivision' => $byDivision,
+            'byCustomer' => $byCustomer,
+            'activeBucket' => $bucket,
+        ], $filterData));
+    }
+
+    /**
+     * AR Accounts list page.
+     */
+    public function accounts(Request $request, Business $business)
+    {
+        $filterData = $this->getDivisionFilterData($business, $request);
+
+        $filters = [
+            'on_hold' => $request->boolean('on_hold'),
+            'at_risk' => $request->boolean('at_risk'),
+            'search' => $request->get('search'),
+        ];
+
+        $accounts = $this->arService->getAccountsWithBalances(
+            $business,
+            $filterData['business_ids'],
+            $filters
+        );
+
+        $metrics = $this->analyticsService->getARMetrics($business, $filterData['business_ids']);
+
+        return view('seller.management.ar.accounts', $this->withDivisionFilter([
+            'business' => $business,
+            'accounts' => $accounts,
+            'metrics' => $metrics,
+            'filters' => $filters,
+        ], $filterData));
+    }
+
+    /**
+     * Single account detail page.
+     */
+    public function showAccount(Request $request, Business $business, ArCustomer $customer)
+    {
+        // Verify customer belongs to this business or a child
+        $isParent = $this->arService->isParentCompany($business);
+        $allowedBusinessIds = $isParent
+            ? $this->arService->getBusinessIdsWithChildren($business)
+            : [$business->id];
+
+        if (! in_array($customer->business_id, $allowedBusinessIds)) {
+            abort(404);
+        }
+
+        $summary = $this->customerService->getFinancialSummary($customer, $business, $isParent);
+        $invoices = $this->customerService->getInvoices($customer, $business, $isParent);
+        $payments = $this->customerService->getPayments($customer, $business, $isParent);
+        $activities = $this->customerService->getRecentActivity($customer, $business);
+
+        return view('seller.management.ar.account-detail', [
+            'business' => $business,
+            'customer' => $customer,
+            'summary' => $summary,
+            'invoices' => $invoices,
+            'payments' => $payments,
+            'activities' => $activities,
+            'isParent' => $isParent,
+        ]);
+    }
+
+    /**
+     * Update credit limit (Management only).
+     */
+    public function updateCreditLimit(Request $request, Business $business, ArCustomer $customer)
+    {
+        $request->validate([
+            'credit_limit' => 'required|numeric|min:0',
+        ]);
+
+        $this->arService->updateCreditLimit(
+            $customer,
+            (float) $request->input('credit_limit'),
+            auth()->id()
+        );
+
+        return back()->with('success', 'Credit limit updated successfully.');
+    }
+
+    /**
+     * Update payment terms (Management only).
+     */
+    public function updateTerms(Request $request, Business $business, ArCustomer $customer)
+    {
+        $request->validate([
+            'payment_terms' => 'required|string',
+        ]);
+
+        $this->arService->updatePaymentTerms(
+            $customer,
+            $request->input('payment_terms'),
+            auth()->id()
+        );
+
+        return back()->with('success', 'Payment terms updated successfully.');
+    }
+
+    /**
+     * Place credit hold (Management only).
+     */
+    public function placeHold(Request $request, Business $business, ArCustomer $customer)
+    {
+        $request->validate([
+            'reason' => 'required|string|max:500',
+        ]);
+
+        $this->arService->placeCreditHold(
+            $customer,
+            $request->input('reason'),
+            auth()->id()
+        );
+
+        return back()->with('success', 'Credit hold placed successfully.');
+    }
+
+    /**
+     * Remove credit hold (Management only).
+     */
+    public function removeHold(Request $request, Business $business, ArCustomer $customer)
+    {
+        $this->arService->removeCreditHold($customer, auth()->id());
+
+        return back()->with('success', 'Credit hold removed successfully.');
+    }
+
+    /**
+     * Export AR Aging report as CSV.
+     */
+    public function exportAging(Request $request, Business $business): StreamedResponse
+    {
+        $filterData = $this->getDivisionFilterData($business, $request);
+        $byCustomer = $this->analyticsService->getARBreakdownByCustomer($business, $filterData['business_ids'], 1000);
+
+        $filename = 'ar_aging_'.$business->slug.'_'.now()->format('Y-m-d').'.csv';
+
+        return $this->exportService->exportArAging($byCustomer, $filename);
+    }
+}

app/Http/Controllers/Seller/Management/BankAccountsController.php

@@ -0,0 +1,207 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Management;
+
+use App\Http\Controllers\Controller;
+use App\Models\Accounting\BankAccount;
+use App\Models\Accounting\GlAccount;
+use App\Models\Business;
+use App\Services\Accounting\BankAccountService;
+use App\Support\ManagementDivisionFilter;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\View\View;
+
+class BankAccountsController extends Controller
+{
+    use ManagementDivisionFilter;
+
+    public function __construct(
+        protected BankAccountService $bankAccountService
+    ) {}
+
+    private function requireManagementSuite(Business $business): void
+    {
+        if (! $business->hasManagementSuite()) {
+            abort(403, 'Management Suite access required.');
+        }
+    }
+
+    /**
+     * Display the list of bank accounts.
+     */
+    public function index(Request $request, Business $business): View
+    {
+        $this->requireManagementSuite($business);
+
+        $filterData = $this->getDivisionFilterData($business, $request);
+
+        // Determine which business to show accounts for
+        $targetBusiness = $filterData['selected_division'] ?? $business;
+        $includeChildren = $filterData['selected_division'] === null && $business->hasChildBusinesses();
+
+        $accounts = $this->bankAccountService->getAccountsForBusiness($targetBusiness, $includeChildren);
+        $totalBalance = $this->bankAccountService->getTotalCashBalance($targetBusiness, $includeChildren);
+
+        return view('seller.management.bank-accounts.index', $this->withDivisionFilter([
+            'business' => $business,
+            'accounts' => $accounts,
+            'totalBalance' => $totalBalance,
+        ], $filterData));
+    }
+
+    /**
+     * Show the form for creating a new bank account.
+     */
+    public function create(Request $request, Business $business): View
+    {
+        $this->requireManagementSuite($business);
+
+        $glAccounts = GlAccount::where('business_id', $business->id)
+            ->where('account_type', 'asset')
+            ->orderBy('account_number')
+            ->get();
+
+        return view('seller.management.bank-accounts.create', [
+            'business' => $business,
+            'glAccounts' => $glAccounts,
+            'accountTypes' => [
+                BankAccount::TYPE_CHECKING => 'Checking',
+                BankAccount::TYPE_SAVINGS => 'Savings',
+                BankAccount::TYPE_MONEY_MARKET => 'Money Market',
+            ],
+        ]);
+    }
+
+    /**
+     * Store a newly created bank account.
+     */
+    public function store(Request $request, Business $business): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+
+        $validated = $request->validate([
+            'name' => 'required|string|max:255',
+            'account_type' => 'required|string|in:checking,savings,money_market',
+            'bank_name' => 'nullable|string|max:255',
+            'account_number_last4' => 'nullable|string|max:4',
+            'routing_number' => 'nullable|string|max:9',
+            'current_balance' => 'nullable|numeric|min:0',
+            'gl_account_id' => 'nullable|exists:gl_accounts,id',
+            'is_primary' => 'boolean',
+            'is_active' => 'boolean',
+            'notes' => 'nullable|string',
+        ]);
+
+        $this->bankAccountService->createAccount($business, $validated, auth()->user());
+
+        return redirect()
+            ->route('seller.business.management.bank-accounts.index', $business)
+            ->with('success', 'Bank account created successfully.');
+    }
+
+    /**
+     * Display the specified bank account.
+     */
+    public function show(Request $request, Business $business, BankAccount $bankAccount): View
+    {
+        $this->requireManagementSuite($business);
+
+        if ($bankAccount->business_id !== $business->id) {
+            abort(403, 'Access denied.');
+        }
+
+        $recentTransfers = $bankAccount->outgoingTransfers()
+            ->orWhere('to_bank_account_id', $bankAccount->id)
+            ->with(['fromAccount', 'toAccount'])
+            ->orderBy('transfer_date', 'desc')
+            ->limit(10)
+            ->get();
+
+        return view('seller.management.bank-accounts.show', [
+            'business' => $business,
+            'account' => $bankAccount,
+            'recentTransfers' => $recentTransfers,
+        ]);
+    }
+
+    /**
+     * Show the form for editing the bank account.
+     */
+    public function edit(Request $request, Business $business, BankAccount $bankAccount): View
+    {
+        $this->requireManagementSuite($business);
+
+        if ($bankAccount->business_id !== $business->id) {
+            abort(403, 'Access denied.');
+        }
+
+        $glAccounts = GlAccount::where('business_id', $business->id)
+            ->where('account_type', 'asset')
+            ->orderBy('account_number')
+            ->get();
+
+        return view('seller.management.bank-accounts.edit', [
+            'business' => $business,
+            'account' => $bankAccount,
+            'glAccounts' => $glAccounts,
+            'accountTypes' => [
+                BankAccount::TYPE_CHECKING => 'Checking',
+                BankAccount::TYPE_SAVINGS => 'Savings',
+                BankAccount::TYPE_MONEY_MARKET => 'Money Market',
+            ],
+        ]);
+    }
+
+    /**
+     * Update the specified bank account.
+     */
+    public function update(Request $request, Business $business, BankAccount $bankAccount): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+
+        if ($bankAccount->business_id !== $business->id) {
+            abort(403, 'Access denied.');
+        }
+
+        $validated = $request->validate([
+            'name' => 'required|string|max:255',
+            'account_type' => 'required|string|in:checking,savings,money_market',
+            'bank_name' => 'nullable|string|max:255',
+            'account_number_last4' => 'nullable|string|max:4',
+            'routing_number' => 'nullable|string|max:9',
+            'gl_account_id' => 'nullable|exists:gl_accounts,id',
+            'is_primary' => 'boolean',
+            'is_active' => 'boolean',
+            'notes' => 'nullable|string',
+        ]);
+
+        $this->bankAccountService->updateAccount($bankAccount, $validated);
+
+        return redirect()
+            ->route('seller.business.management.bank-accounts.index', $business)
+            ->with('success', 'Bank account updated successfully.');
+    }
+
+    /**
+     * Toggle the active status of a bank account.
+     */
+    public function toggleActive(Request $request, Business $business, BankAccount $bankAccount): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+
+        if ($bankAccount->business_id !== $business->id) {
+            abort(403, 'Access denied.');
+        }
+
+        $bankAccount->update(['is_active' => ! $bankAccount->is_active]);
+
+        $status = $bankAccount->is_active ? 'activated' : 'deactivated';
+
+        return redirect()
+            ->back()
+            ->with('success', "Bank account {$status} successfully.");
+    }
+}

app/Http/Controllers/Seller/Management/BankReconciliationController.php

@@ -0,0 +1,310 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Management;
+
+use App\Http\Controllers\Controller;
+use App\Models\Accounting\ApPayment;
+use App\Models\Accounting\BankAccount;
+use App\Models\Accounting\BankMatchRule;
+use App\Models\Accounting\JournalEntry;
+use App\Models\Accounting\PlaidAccount;
+use App\Models\Accounting\PlaidTransaction;
+use App\Models\Business;
+use App\Services\Accounting\BankReconciliationService;
+use App\Services\Accounting\PlaidIntegrationService;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\View\View;
+
+class BankReconciliationController extends Controller
+{
+    public function __construct(
+        protected BankReconciliationService $reconciliationService,
+        protected PlaidIntegrationService $plaidService
+    ) {}
+
+    private function requireManagementSuite(Business $business): void
+    {
+        if (! $business->hasManagementSuite()) {
+            abort(403, 'Management Suite access required.');
+        }
+    }
+
+    /**
+     * Display the reconciliation dashboard for a bank account.
+     */
+    public function show(Request $request, Business $business, BankAccount $bankAccount): View
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeAccountAccess($business, $bankAccount);
+
+        $summary = $this->reconciliationService->getReconciliationSummary($bankAccount);
+        $unmatchedTransactions = $this->reconciliationService->getUnmatchedTransactions($bankAccount);
+        $proposedMatches = $this->reconciliationService->getProposedAutoMatches($bankAccount);
+
+        return view('seller.management.bank-accounts.reconciliation', [
+            'business' => $business,
+            'account' => $bankAccount,
+            'summary' => $summary,
+            'unmatchedTransactions' => $unmatchedTransactions,
+            'proposedMatches' => $proposedMatches,
+        ]);
+    }
+
+    /**
+     * Sync transactions from Plaid.
+     */
+    public function syncTransactions(Request $request, Business $business, BankAccount $bankAccount): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeAccountAccess($business, $bankAccount);
+
+        $sinceDate = $request->input('since_date')
+            ? new \DateTime($request->input('since_date'))
+            : now()->subDays(30);
+
+        $synced = $this->plaidService->syncTransactions($business, $sinceDate);
+
+        // Run auto-matching
+        $matched = $this->reconciliationService->runAutoMatching($bankAccount);
+
+        return redirect()
+            ->back()
+            ->with('success', "Synced {$synced} transactions. {$matched} proposed auto-matches found.");
+    }
+
+    /**
+     * Find potential matches for a transaction (AJAX).
+     */
+    public function findMatches(Request $request, Business $business, BankAccount $bankAccount, PlaidTransaction $transaction): JsonResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeAccountAccess($business, $bankAccount);
+
+        $matches = $this->reconciliationService->findPotentialMatches($transaction, $business);
+
+        return response()->json([
+            'ap_payments' => $matches['ap_payments']->map(fn ($p) => [
+                'id' => $p->id,
+                'type' => 'ap_payment',
+                'label' => "AP Payment #{$p->id} - ".($p->bill?->vendor?->name ?? 'Unknown'),
+                'amount' => $p->amount,
+                'date' => $p->payment_date->format('Y-m-d'),
+            ]),
+            'journal_entries' => $matches['journal_entries']->map(fn ($je) => [
+                'id' => $je->id,
+                'type' => 'journal_entry',
+                'label' => "JE #{$je->entry_number} - {$je->memo}",
+                'date' => $je->entry_date->format('Y-m-d'),
+            ]),
+        ]);
+    }
+
+    /**
+     * Match a transaction to an AP payment.
+     */
+    public function matchToApPayment(
+        Request $request,
+        Business $business,
+        BankAccount $bankAccount,
+        PlaidTransaction $transaction
+    ): RedirectResponse {
+        $this->requireManagementSuite($business);
+        $this->authorizeAccountAccess($business, $bankAccount);
+
+        $validated = $request->validate([
+            'ap_payment_id' => 'required|exists:ap_payments,id',
+        ]);
+
+        $payment = ApPayment::findOrFail($validated['ap_payment_id']);
+        $this->reconciliationService->matchToApPayment($transaction, $payment, auth()->user());
+
+        return redirect()
+            ->back()
+            ->with('success', 'Transaction matched to AP payment successfully.');
+    }
+
+    /**
+     * Match a transaction to a journal entry.
+     */
+    public function matchToJournalEntry(
+        Request $request,
+        Business $business,
+        BankAccount $bankAccount,
+        PlaidTransaction $transaction
+    ): RedirectResponse {
+        $this->requireManagementSuite($business);
+        $this->authorizeAccountAccess($business, $bankAccount);
+
+        $validated = $request->validate([
+            'journal_entry_id' => 'required|exists:journal_entries,id',
+        ]);
+
+        $entry = JournalEntry::findOrFail($validated['journal_entry_id']);
+        $this->reconciliationService->matchToJournalEntry($transaction, $entry, auth()->user());
+
+        return redirect()
+            ->back()
+            ->with('success', 'Transaction matched to journal entry successfully.');
+    }
+
+    /**
+     * Confirm selected auto-matches.
+     */
+    public function confirmAutoMatches(Request $request, Business $business, BankAccount $bankAccount): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeAccountAccess($business, $bankAccount);
+
+        $validated = $request->validate([
+            'transaction_ids' => 'required|array',
+            'transaction_ids.*' => 'exists:plaid_transactions,id',
+        ]);
+
+        $confirmed = $this->reconciliationService->confirmAutoMatches(
+            $validated['transaction_ids'],
+            auth()->user()
+        );
+
+        return redirect()
+            ->back()
+            ->with('success', "Confirmed {$confirmed} auto-matched transactions.");
+    }
+
+    /**
+     * Reject selected auto-matches.
+     */
+    public function rejectAutoMatches(Request $request, Business $business, BankAccount $bankAccount): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeAccountAccess($business, $bankAccount);
+
+        $validated = $request->validate([
+            'transaction_ids' => 'required|array',
+            'transaction_ids.*' => 'exists:plaid_transactions,id',
+        ]);
+
+        $rejected = $this->reconciliationService->rejectAutoMatches(
+            $validated['transaction_ids'],
+            auth()->user()
+        );
+
+        return redirect()
+            ->back()
+            ->with('success', "Rejected {$rejected} auto-matched transactions.");
+    }
+
+    /**
+     * Ignore selected transactions.
+     */
+    public function ignoreTransactions(Request $request, Business $business, BankAccount $bankAccount): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeAccountAccess($business, $bankAccount);
+
+        $validated = $request->validate([
+            'transaction_ids' => 'required|array',
+            'transaction_ids.*' => 'exists:plaid_transactions,id',
+        ]);
+
+        $ignored = $this->reconciliationService->ignoreTransactions($validated['transaction_ids']);
+
+        return redirect()
+            ->back()
+            ->with('success', "Ignored {$ignored} transactions.");
+    }
+
+    /**
+     * Display match rules for a bank account.
+     */
+    public function matchRules(Request $request, Business $business, BankAccount $bankAccount): View
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeAccountAccess($business, $bankAccount);
+
+        $rules = $this->reconciliationService->getMatchRules($bankAccount);
+        $eligibleRules = $this->reconciliationService->getEligibleRules($bankAccount);
+
+        return view('seller.management.bank-accounts.match-rules', [
+            'business' => $business,
+            'account' => $bankAccount,
+            'rules' => $rules,
+            'eligibleRules' => $eligibleRules,
+        ]);
+    }
+
+    /**
+     * Toggle auto-enable for a match rule.
+     */
+    public function toggleRuleAutoEnable(
+        Request $request,
+        Business $business,
+        BankAccount $bankAccount,
+        BankMatchRule $rule
+    ): RedirectResponse {
+        $this->requireManagementSuite($business);
+        $this->authorizeAccountAccess($business, $bankAccount);
+
+        if ($rule->bank_account_id !== $bankAccount->id) {
+            abort(403, 'Access denied.');
+        }
+
+        $enabled = $request->boolean('enabled');
+
+        try {
+            $this->reconciliationService->toggleRuleAutoEnable($rule, $enabled);
+            $status = $enabled ? 'enabled' : 'disabled';
+
+            return redirect()
+                ->back()
+                ->with('success', "Auto-matching {$status} for rule: {$rule->pattern_name}");
+        } catch (\Exception $e) {
+            return redirect()
+                ->back()
+                ->with('error', $e->getMessage());
+        }
+    }
+
+    /**
+     * Link a Plaid account to a bank account.
+     */
+    public function linkPlaidAccount(Request $request, Business $business, BankAccount $bankAccount): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeAccountAccess($business, $bankAccount);
+
+        $validated = $request->validate([
+            'plaid_account_id' => 'required|exists:plaid_accounts,id',
+        ]);
+
+        $plaidAccount = PlaidAccount::findOrFail($validated['plaid_account_id']);
+        $this->plaidService->linkPlaidAccountToBankAccount($plaidAccount, $bankAccount);
+
+        return redirect()
+            ->back()
+            ->with('success', 'Plaid account linked successfully.');
+    }
+
+    /**
+     * Authorize access to a bank account.
+     */
+    private function authorizeAccountAccess(Business $business, BankAccount $bankAccount): void
+    {
+        // Allow access if account belongs to this business or a child business
+        if ($bankAccount->business_id === $business->id) {
+            return;
+        }
+
+        if ($business->isParentCompany()) {
+            $childIds = $business->divisions()->pluck('id')->toArray();
+            if (in_array($bankAccount->business_id, $childIds)) {
+                return;
+            }
+        }
+
+        abort(403, 'Access denied.');
+    }
+}

app/Http/Controllers/Seller/Management/BankTransfersController.php

@@ -0,0 +1,185 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Management;
+
+use App\Http\Controllers\Controller;
+use App\Models\Accounting\BankAccount;
+use App\Models\Accounting\BankTransfer;
+use App\Models\Business;
+use App\Services\Accounting\BankAccountService;
+use App\Support\ManagementDivisionFilter;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\View\View;
+
+class BankTransfersController extends Controller
+{
+    use ManagementDivisionFilter;
+
+    public function __construct(
+        protected BankAccountService $bankAccountService
+    ) {}
+
+    private function requireManagementSuite(Business $business): void
+    {
+        if (! $business->hasManagementSuite()) {
+            abort(403, 'Management Suite access required.');
+        }
+    }
+
+    /**
+     * Display the list of bank transfers.
+     */
+    public function index(Request $request, Business $business): View
+    {
+        $this->requireManagementSuite($business);
+
+        $filterData = $this->getDivisionFilterData($business, $request);
+
+        $filters = [
+            'status' => $request->get('status'),
+            'from_date' => $request->get('from_date'),
+            'to_date' => $request->get('to_date'),
+        ];
+
+        $targetBusiness = $filterData['selected_division'] ?? $business;
+        $transfers = $this->bankAccountService->getTransfersForBusiness($targetBusiness, $filters);
+
+        return view('seller.management.bank-transfers.index', $this->withDivisionFilter([
+            'business' => $business,
+            'transfers' => $transfers,
+            'filters' => $filters,
+        ], $filterData));
+    }
+
+    /**
+     * Show the form for creating a new bank transfer.
+     */
+    public function create(Request $request, Business $business): View
+    {
+        $this->requireManagementSuite($business);
+
+        $accounts = BankAccount::where('business_id', $business->id)
+            ->where('is_active', true)
+            ->orderBy('name')
+            ->get();
+
+        return view('seller.management.bank-transfers.create', [
+            'business' => $business,
+            'accounts' => $accounts,
+        ]);
+    }
+
+    /**
+     * Store a newly created bank transfer.
+     */
+    public function store(Request $request, Business $business): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+
+        $validated = $request->validate([
+            'from_bank_account_id' => 'required|exists:bank_accounts,id',
+            'to_bank_account_id' => 'required|exists:bank_accounts,id|different:from_bank_account_id',
+            'amount' => 'required|numeric|min:0.01',
+            'transfer_date' => 'required|date',
+            'reference' => 'nullable|string|max:255',
+            'memo' => 'nullable|string',
+        ]);
+
+        // Verify accounts belong to this business
+        $fromAccount = BankAccount::where('id', $validated['from_bank_account_id'])
+            ->where('business_id', $business->id)
+            ->firstOrFail();
+
+        $toAccount = BankAccount::where('id', $validated['to_bank_account_id'])
+            ->where('business_id', $business->id)
+            ->firstOrFail();
+
+        $transfer = $this->bankAccountService->createTransfer($business, $validated, auth()->user());
+
+        return redirect()
+            ->route('seller.business.management.bank-transfers.show', [$business, $transfer])
+            ->with('success', 'Bank transfer created successfully.');
+    }
+
+    /**
+     * Display the specified bank transfer.
+     */
+    public function show(Request $request, Business $business, BankTransfer $bankTransfer): View
+    {
+        $this->requireManagementSuite($business);
+
+        if ($bankTransfer->business_id !== $business->id) {
+            abort(403, 'Access denied.');
+        }
+
+        $bankTransfer->load(['fromAccount', 'toAccount', 'createdBy', 'approvedBy', 'journalEntry']);
+
+        return view('seller.management.bank-transfers.show', [
+            'business' => $business,
+            'transfer' => $bankTransfer,
+        ]);
+    }
+
+    /**
+     * Complete/approve a pending bank transfer.
+     */
+    public function complete(Request $request, Business $business, BankTransfer $bankTransfer): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+
+        if ($bankTransfer->business_id !== $business->id) {
+            abort(403, 'Access denied.');
+        }
+
+        if (! $bankTransfer->isPending()) {
+            return redirect()
+                ->back()
+                ->with('error', 'Only pending transfers can be completed.');
+        }
+
+        try {
+            $this->bankAccountService->completeTransfer($bankTransfer, auth()->user());
+
+            return redirect()
+                ->route('seller.business.management.bank-transfers.show', [$business, $bankTransfer])
+                ->with('success', 'Bank transfer completed successfully.');
+        } catch (\Exception $e) {
+            return redirect()
+                ->back()
+                ->with('error', 'Failed to complete transfer: '.$e->getMessage());
+        }
+    }
+
+    /**
+     * Cancel a pending bank transfer.
+     */
+    public function cancel(Request $request, Business $business, BankTransfer $bankTransfer): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+
+        if ($bankTransfer->business_id !== $business->id) {
+            abort(403, 'Access denied.');
+        }
+
+        if (! $bankTransfer->isPending()) {
+            return redirect()
+                ->back()
+                ->with('error', 'Only pending transfers can be cancelled.');
+        }
+
+        try {
+            $this->bankAccountService->cancelTransfer($bankTransfer);
+
+            return redirect()
+                ->route('seller.business.management.bank-transfers.index', $business)
+                ->with('success', 'Bank transfer cancelled.');
+        } catch (\Exception $e) {
+            return redirect()
+                ->back()
+                ->with('error', 'Failed to cancel transfer: '.$e->getMessage());
+        }
+    }
+}

app/Http/Controllers/Seller/Management/BudgetReportingController.php

@@ -0,0 +1,145 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Management;
+
+use App\Http\Controllers\Controller;
+use App\Models\Accounting\Budget;
+use App\Models\Business;
+use App\Services\Accounting\BudgetService;
+use App\Services\Accounting\ReportExportService;
+use App\Support\ManagementDivisionFilter;
+use Illuminate\Http\Request;
+use Illuminate\View\View;
+use Symfony\Component\HttpFoundation\StreamedResponse;
+
+class BudgetReportingController extends Controller
+{
+    use ManagementDivisionFilter;
+
+    public function __construct(
+        protected BudgetService $budgetService,
+        protected ReportExportService $exportService
+    ) {}
+
+    private function requireManagementSuite(Business $business): void
+    {
+        if (! $business->hasManagementSuite()) {
+            abort(403, 'Management Suite access required.');
+        }
+    }
+
+    /**
+     * List budgets with variance summary for reporting.
+     */
+    public function index(Request $request, Business $business): View
+    {
+        $this->requireManagementSuite($business);
+
+        $filterData = $this->getDivisionFilterData($business, $request);
+
+        // Get all budgets with quick variance summary
+        $budgets = Budget::whereIn('business_id', $filterData['business_ids'])
+            ->active()
+            ->with(['business'])
+            ->withCount('lines')
+            ->orderByDesc('fiscal_year')
+            ->orderByDesc('created_at')
+            ->get()
+            ->map(function ($budget) {
+                $summary = $this->budgetService->getBudgetSummary($budget);
+
+                return [
+                    'budget' => $budget,
+                    'total_budget' => $summary['total_budget'],
+                    'total_actual' => $summary['total_actual'],
+                    'variance_amount' => $summary['variance_amount'],
+                    'variance_percent' => $summary['variance_percent'],
+                ];
+            });
+
+        return view('seller.management.financials.budget-vs-actual.index', $this->withDivisionFilter([
+            'business' => $business,
+            'budgets' => $budgets,
+        ], $filterData));
+    }
+
+    /**
+     * Show detailed Budget vs Actual report for a specific budget.
+     */
+    public function show(Request $request, Business $business, Budget $budget): View
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeForBusiness($business, $budget);
+
+        $filterData = $this->getDivisionFilterData($business, $request);
+
+        // Get grouping preference
+        $groupBy = $request->get('group_by', 'department');
+
+        // Build filters for the report - use snake_case keys from getDivisionFilterData()
+        $filters = [
+            'include_children' => ($filterData['selected_division'] === null && $business->hasChildBusinesses()),
+        ];
+
+        if ($filterData['selected_division']) {
+            $filters['division_id'] = $filterData['selected_division']->id;
+        }
+
+        $report = $this->budgetService->getBudgetVsActual($budget, $groupBy, $filters);
+
+        // Get all budgets for the selector
+        $allBudgets = Budget::whereIn('business_id', $filterData['business_ids'])
+            ->active()
+            ->orderByDesc('fiscal_year')
+            ->get();
+
+        return view('seller.management.financials.budget-vs-actual.show', $this->withDivisionFilter([
+            'business' => $business,
+            'budget' => $budget,
+            'report' => $report,
+            'groupBy' => $groupBy,
+            'allBudgets' => $allBudgets,
+        ], $filterData));
+    }
+
+    /**
+     * Validate budget belongs to allowed business.
+     */
+    private function authorizeForBusiness(Business $business, Budget $budget): void
+    {
+        $allowedIds = $this->getAllowedBusinessIds($business);
+
+        if (! in_array($budget->business_id, $allowedIds)) {
+            abort(404);
+        }
+    }
+
+    /**
+     * Export Budget vs Actual report as CSV.
+     */
+    public function export(Request $request, Business $business, Budget $budget): StreamedResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeForBusiness($business, $budget);
+
+        $filterData = $this->getDivisionFilterData($business, $request);
+        $groupBy = $request->get('group_by', 'department');
+
+        $filters = [
+            'include_children' => ($filterData['selected_division'] === null && $business->hasChildBusinesses()),
+        ];
+
+        if ($filterData['selected_division']) {
+            $filters['division_id'] = $filterData['selected_division']->id;
+        }
+
+        $report = $this->budgetService->getBudgetVsActual($budget, $groupBy, $filters);
+
+        $filename = 'budget_vs_actual_'.$budget->name.'_'.$business->slug.'_'.now()->format('Y-m-d').'.csv';
+        $filename = preg_replace('/[^a-zA-Z0-9_.-]/', '_', $filename);
+
+        return $this->exportService->exportBudgetVsActual($report, $filename);
+    }
+}

app/Http/Controllers/Seller/Management/BudgetsController.php

@@ -0,0 +1,330 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Management;
+
+use App\Http\Controllers\Controller;
+use App\Models\Accounting\Budget;
+use App\Models\Accounting\BudgetLine;
+use App\Models\Business;
+use App\Services\Accounting\BudgetService;
+use App\Support\ManagementDivisionFilter;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\View\View;
+
+class BudgetsController extends Controller
+{
+    use ManagementDivisionFilter;
+
+    public function __construct(
+        protected BudgetService $budgetService
+    ) {}
+
+    private function requireManagementSuite(Business $business): void
+    {
+        if (! $business->hasManagementSuite()) {
+            abort(403, 'Management Suite access required.');
+        }
+    }
+
+    /**
+     * List budgets for the business.
+     */
+    public function index(Request $request, Business $business): View
+    {
+        $this->requireManagementSuite($business);
+
+        $filterData = $this->getDivisionFilterData($business, $request);
+
+        $budgets = Budget::whereIn('business_id', $filterData['business_ids'])
+            ->with(['business', 'createdBy', 'approvedBy'])
+            ->withCount('lines')
+            ->orderByDesc('fiscal_year')
+            ->orderByDesc('created_at')
+            ->paginate(20);
+
+        return view('seller.management.budgets.index', $this->withDivisionFilter([
+            'business' => $business,
+            'budgets' => $budgets,
+        ], $filterData));
+    }
+
+    /**
+     * Show budget creation form.
+     */
+    public function create(Request $request, Business $business): View
+    {
+        $this->requireManagementSuite($business);
+
+        $currentYear = now()->year;
+        $years = range($currentYear - 1, $currentYear + 2);
+
+        return view('seller.management.budgets.create', [
+            'business' => $business,
+            'years' => $years,
+            'periodTypes' => Budget::getPeriodTypes(),
+        ]);
+    }
+
+    /**
+     * Store a new budget.
+     */
+    public function store(Request $request, Business $business): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+
+        $validated = $request->validate([
+            'name' => 'required|string|max:255',
+            'fiscal_year' => 'nullable|integer|min:2020|max:2100',
+            'currency' => 'nullable|string|size:3',
+            'notes' => 'nullable|string|max:1000',
+        ]);
+
+        $budget = Budget::create([
+            'business_id' => $business->id,
+            'name' => $validated['name'],
+            'fiscal_year' => $validated['fiscal_year'] ?? now()->year,
+            'currency' => $validated['currency'] ?? 'USD',
+            'is_active' => true,
+            'created_by_user_id' => auth()->id(),
+            'notes' => $validated['notes'],
+        ]);
+
+        return redirect()
+            ->route('seller.business.management.budgets.edit', [$business, $budget])
+            ->with('success', 'Budget created. Now add budget lines.');
+    }
+
+    /**
+     * Show budget details.
+     */
+    public function show(Request $request, Business $business, Budget $budget): View
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeForBusiness($business, $budget);
+
+        $summary = $this->budgetService->getBudgetSummary($budget);
+
+        return view('seller.management.budgets.show', [
+            'business' => $business,
+            'budget' => $budget->load(['createdBy', 'approvedBy', 'lines.department', 'lines.glAccount']),
+            'summary' => $summary,
+        ]);
+    }
+
+    /**
+     * Edit budget (metadata and lines).
+     */
+    public function edit(Request $request, Business $business, Budget $budget): View
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeForBusiness($business, $budget);
+
+        $expenseAccounts = $this->budgetService->getExpenseAccounts($business);
+        $departments = $this->budgetService->getDepartments($business);
+
+        // Group lines by department for the grid view
+        $lines = $budget->lines()
+            ->with(['department', 'glAccount'])
+            ->orderBy('department_id')
+            ->orderBy('gl_account_id')
+            ->orderBy('period_start')
+            ->get();
+
+        return view('seller.management.budgets.edit', [
+            'business' => $business,
+            'budget' => $budget,
+            'lines' => $lines,
+            'expenseAccounts' => $expenseAccounts,
+            'departments' => $departments,
+            'periodTypes' => Budget::getPeriodTypes(),
+        ]);
+    }
+
+    /**
+     * Update budget metadata.
+     */
+    public function update(Request $request, Business $business, Budget $budget): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeForBusiness($business, $budget);
+
+        $validated = $request->validate([
+            'name' => 'required|string|max:255',
+            'fiscal_year' => 'nullable|integer|min:2020|max:2100',
+            'notes' => 'nullable|string|max:1000',
+            'is_active' => 'boolean',
+        ]);
+
+        $budget->update([
+            'name' => $validated['name'],
+            'fiscal_year' => $validated['fiscal_year'],
+            'notes' => $validated['notes'],
+            'is_active' => $validated['is_active'] ?? $budget->is_active,
+        ]);
+
+        return back()->with('success', 'Budget updated.');
+    }
+
+    /**
+     * Add a budget line.
+     */
+    public function addLine(Request $request, Business $business, Budget $budget): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeForBusiness($business, $budget);
+
+        $validated = $request->validate([
+            'gl_account_id' => 'required|exists:gl_accounts,id',
+            'department_id' => 'nullable|exists:departments,id',
+            'period_type' => 'required|in:monthly,quarterly,yearly',
+            'amount' => 'required|numeric|min:0',
+            'year' => 'required|integer|min:2020|max:2100',
+        ]);
+
+        $year = (int) $validated['year'];
+        $amount = (float) $validated['amount'];
+
+        // Generate lines based on period type
+        match ($validated['period_type']) {
+            'monthly' => $this->budgetService->generateMonthlyLines(
+                $budget,
+                (int) $validated['gl_account_id'],
+                $validated['department_id'] ? (int) $validated['department_id'] : null,
+                $amount,
+                $year
+            ),
+            'quarterly' => $this->budgetService->generateQuarterlyLines(
+                $budget,
+                (int) $validated['gl_account_id'],
+                $validated['department_id'] ? (int) $validated['department_id'] : null,
+                $amount,
+                $year
+            ),
+            'yearly' => BudgetLine::create([
+                'budget_id' => $budget->id,
+                'gl_account_id' => (int) $validated['gl_account_id'],
+                'department_id' => $validated['department_id'] ? (int) $validated['department_id'] : null,
+                'period_type' => Budget::PERIOD_YEARLY,
+                'period_start' => "{$year}-01-01",
+                'period_end' => "{$year}-12-31",
+                'amount' => $amount,
+            ]),
+        };
+
+        return back()->with('success', 'Budget line(s) added.');
+    }
+
+    /**
+     * Update budget line amounts.
+     */
+    public function updateLines(Request $request, Business $business, Budget $budget): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeForBusiness($business, $budget);
+
+        $validated = $request->validate([
+            'lines' => 'required|array',
+            'lines.*' => 'required|numeric|min:0',
+        ]);
+
+        $this->budgetService->updateBudgetLines($budget, $validated['lines']);
+
+        return back()->with('success', 'Budget amounts updated.');
+    }
+
+    /**
+     * Delete a budget line.
+     */
+    public function deleteLine(Request $request, Business $business, Budget $budget, BudgetLine $line): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeForBusiness($business, $budget);
+
+        if ($line->budget_id !== $budget->id) {
+            abort(404);
+        }
+
+        $line->delete();
+
+        return back()->with('success', 'Budget line deleted.');
+    }
+
+    /**
+     * Approve a budget.
+     */
+    public function approve(Request $request, Business $business, Budget $budget): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeForBusiness($business, $budget);
+
+        $budget->approve(auth()->id());
+
+        return back()->with('success', 'Budget approved.');
+    }
+
+    /**
+     * Unapprove a budget.
+     */
+    public function unapprove(Request $request, Business $business, Budget $budget): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeForBusiness($business, $budget);
+
+        $budget->unapprove();
+
+        return back()->with('success', 'Budget approval removed.');
+    }
+
+    /**
+     * Copy budget to new fiscal year.
+     */
+    public function copy(Request $request, Business $business, Budget $budget): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeForBusiness($business, $budget);
+
+        $validated = $request->validate([
+            'target_year' => 'required|integer|min:2020|max:2100',
+        ]);
+
+        $newBudget = $this->budgetService->copyBudget(
+            $budget,
+            (int) $validated['target_year'],
+            auth()->id()
+        );
+
+        return redirect()
+            ->route('seller.business.management.budgets.edit', [$business, $newBudget])
+            ->with('success', 'Budget copied to '.$validated['target_year'].'.');
+    }
+
+    /**
+     * Delete a budget.
+     */
+    public function destroy(Request $request, Business $business, Budget $budget): RedirectResponse
+    {
+        $this->requireManagementSuite($business);
+        $this->authorizeForBusiness($business, $budget);
+
+        $budget->delete();
+
+        return redirect()
+            ->route('seller.business.management.budgets.index', $business)
+            ->with('success', 'Budget deleted.');
+    }
+
+    /**
+     * Validate budget belongs to allowed business.
+     */
+    private function authorizeForBusiness(Business $business, Budget $budget): void
+    {
+        $allowedIds = $this->getAllowedBusinessIds($business);
+
+        if (! in_array($budget->business_id, $allowedIds)) {
+            abort(404);
+        }
+    }
+}

app/Http/Controllers/Seller/Management/CashFlowForecastController.php

@@ -0,0 +1,70 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Seller\Management;
+
+use App\Http\Controllers\Controller;
+use App\Models\Business;
+use App\Services\Accounting\CashFlowForecastService;
+use App\Support\ManagementDivisionFilter;
+use Illuminate\Http\Request;
+use Illuminate\View\View;
+
+class CashFlowForecastController extends Controller
+{
+    use ManagementDivisionFilter;
+
+    public function __construct(
+        protected CashFlowForecastService $forecastService
+    ) {}
+
+    private function requireManagementSuite(Business $business): void
+    {
+        if (! $business->hasManagementSuite()) {
+            abort(403, 'Management Suite access required.');
+        }
+    }
+
+    /**
+     * Display the cash flow forecast.
+     */
+    public function index(Request $request, Business $business): View
+    {
+        $this->requireManagementSuite($business);
+
+        $filterData = $this->getDivisionFilterData($business, $request);
+
+        // Get forecast options from request
+        $horizonDays = (int) $request->get('horizon', 60);
+        $horizonDays = in_array($horizonDays, [30, 60, 90]) ? $horizonDays : 60;
+
+        $granularity = $request->get('granularity', 'weekly');
+        $granularity = in_array($granularity, ['daily', 'weekly']) ? $granularity : 'weekly';
+
+        $includeBudgets = $request->boolean('include_budgets', true);
+        $includeRecurring = $request->boolean('include_recurring', true);
+
+        // Determine which business to forecast
+        $forecastBusiness = $filterData['selected_division'] ?? $business;
+        $includeChildren = $filterData['selected_division'] === null && $business->hasChildBusinesses();
+
+        // Generate forecast
+        $forecast = $this->forecastService->getForecastTimeline($forecastBusiness, [
+            'horizon_days' => $horizonDays,
+            'granularity' => $granularity,
+            'include_children' => $includeChildren,
+            'include_budgets' => $includeBudgets,
+            'include_recurring' => $includeRecurring,
+        ]);
+
+        return view('seller.management.financials.cash-flow-forecast', $this->withDivisionFilter([
+            'business' => $business,
+            'forecast' => $forecast,
+            'horizonDays' => $horizonDays,
+            'granularity' => $granularity,
+            'includeBudgets' => $includeBudgets,
+            'includeRecurring' => $includeRecurring,
+        ], $filterData));
+    }
+}