@absolutejs/voice 0.0.22-beta.206 → 0.0.22-beta.207

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +85 -0
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -1744,6 +1744,91 @@ Mounted routes:
1744
1744
 
1745
1745
  `createVoiceZeroRetentionPolicy(...)` intentionally defaults to `dryRun: true`; callers must explicitly apply the generated policy after reviewing the deletion proof. This gives compliance-sensitive deployments a concrete zero-retention recipe without making accidental deletion easy.
1746
1746
 
1747
+ ### Compliance Recipes
1748
+
1749
+ These are recipes, not compliance certifications. AbsoluteJS Voice gives you the self-hosted controls and proof surfaces; your legal/security team still owns the actual HIPAA, SOC 2, GDPR, or customer-contract process.
1750
+
1751
+ Zero-retention sensitive call:
1752
+
1753
+ ```ts
1754
+ const policy = createVoiceZeroRetentionPolicy({
1755
+ ...runtimeStorage,
1756
+ audit: runtimeStorage.audit,
1757
+ auditDeliveries: runtimeStorage.auditDeliveries,
1758
+ traceDeliveries: runtimeStorage.traceDeliveries
1759
+ });
1760
+
1761
+ const dryRun = await buildVoiceDataRetentionPlan(policy);
1762
+ if (dryRun.deletedCount > 0) {
1763
+ await applyVoiceDataRetentionPolicy({
1764
+ ...policy,
1765
+ dryRun: false
1766
+ });
1767
+ }
1768
+ ```
1769
+
1770
+ This removes sessions, traces, reviews, tasks, integration events, campaigns, incident bundles, and delivery queues that match the policy selectors. The generated policy starts as a dry run so a zero-retention mode cannot accidentally wipe data without explicit application.
1771
+
1772
+ Redacted support export:
1773
+
1774
+ ```ts
1775
+ const auditExport = await exportVoiceAuditTrail({
1776
+ redact: voiceComplianceRedactionDefaults,
1777
+ store: runtimeStorage.audit
1778
+ });
1779
+ const auditMarkdown = renderVoiceAuditMarkdown(auditExport.events);
1780
+
1781
+ const traceMarkdown = renderVoiceTraceMarkdown(events, {
1782
+ redact: voiceComplianceRedactionDefaults
1783
+ });
1784
+ ```
1785
+
1786
+ Use this for support tickets, customer escalations, incident reviews, or vendor handoffs where transcripts, tool payloads, provider metadata, or audit events may contain personal data.
1787
+
1788
+ Customer-owned storage:
1789
+
1790
+ ```ts
1791
+ const runtimeStorage = createVoicePostgresRuntimeStorage({
1792
+ connectionString: process.env.DATABASE_URL!,
1793
+ schemaName: 'voice_ops',
1794
+ tablePrefix: 'support'
1795
+ });
1796
+
1797
+ app.use(
1798
+ createVoiceDataControlRoutes({
1799
+ ...runtimeStorage,
1800
+ audit: runtimeStorage.audit,
1801
+ auditDeliveries: runtimeStorage.auditDeliveries,
1802
+ redact: voiceComplianceRedactionDefaults,
1803
+ traceDeliveries: runtimeStorage.traceDeliveries
1804
+ })
1805
+ );
1806
+ ```
1807
+
1808
+ Use file storage for local demos, SQLite for small self-hosted installs, Postgres for production app-owned records, and S3 delivery for exported audit/trace evidence. The important point is that sessions, traces, reviews, tasks, campaigns, audit, and delivery queues remain in infrastructure the app owner controls.
1809
+
1810
+ Deploy gate for compliance evidence:
1811
+
1812
+ ```ts
1813
+ app.use(
1814
+ createVoiceProductionReadinessRoutes({
1815
+ audit: {
1816
+ require: [
1817
+ { type: 'provider.call' },
1818
+ { type: 'operator.action' },
1819
+ { type: 'retention.policy', maxAgeMs: 7 * 24 * 60 * 60 * 1000 }
1820
+ ],
1821
+ store: runtimeStorage.audit
1822
+ },
1823
+ auditDeliveries: runtimeStorage.auditDeliveries,
1824
+ traceDeliveries: runtimeStorage.traceDeliveries,
1825
+ store: runtimeStorage.traces
1826
+ })
1827
+ );
1828
+ ```
1829
+
1830
+ This makes provider-call audit evidence, operator interventions, recent retention-policy proof, and export-queue health part of release readiness instead of a manual dashboard check.
1831
+
1747
1832
  Use `createVoiceAuditLogger(...)` when you need append-only compliance evidence outside call traces. The logger records provider calls, tool calls, handoffs, retention runs, and operator actions into `runtimeStorage.audit`, so self-hosted teams can prove who changed what, which provider ran, which tool fired, and what data-control policy deleted.
1748
1833
 
1749
1834
  Pass `audit` directly to `createVoiceAgent(...)` to record model calls as provider-call audit events and tool executions as tool-call audit events. Pass it to `createVoiceAgentSquad(...)` to record squad handoffs automatically. Use `auditProvider` and `auditModel` on agents when you want readiness and compliance reports to show the actual model provider instead of the agent id.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@absolutejs/voice",
3
- "version": "0.0.22-beta.206",
3
+ "version": "0.0.22-beta.207",
4
4
  "description": "Voice primitives and Elysia plugin for AbsoluteJS",
5
5
  "repository": {
6
6
  "type": "git",