@absolutejs/voice 0.0.22-beta.206 → 0.0.22-beta.207
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +85 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1744,6 +1744,91 @@ Mounted routes:
|
|
|
1744
1744
|
|
|
1745
1745
|
`createVoiceZeroRetentionPolicy(...)` intentionally defaults to `dryRun: true`; callers must explicitly apply the generated policy after reviewing the deletion proof. This gives compliance-sensitive deployments a concrete zero-retention recipe without making accidental deletion easy.
|
|
1746
1746
|
|
|
1747
|
+
### Compliance Recipes
|
|
1748
|
+
|
|
1749
|
+
These are recipes, not compliance certifications. AbsoluteJS Voice gives you the self-hosted controls and proof surfaces; your legal/security team still owns the actual HIPAA, SOC 2, GDPR, or customer-contract process.
|
|
1750
|
+
|
|
1751
|
+
Zero-retention sensitive call:
|
|
1752
|
+
|
|
1753
|
+
```ts
|
|
1754
|
+
const policy = createVoiceZeroRetentionPolicy({
|
|
1755
|
+
...runtimeStorage,
|
|
1756
|
+
audit: runtimeStorage.audit,
|
|
1757
|
+
auditDeliveries: runtimeStorage.auditDeliveries,
|
|
1758
|
+
traceDeliveries: runtimeStorage.traceDeliveries
|
|
1759
|
+
});
|
|
1760
|
+
|
|
1761
|
+
const dryRun = await buildVoiceDataRetentionPlan(policy);
|
|
1762
|
+
if (dryRun.deletedCount > 0) {
|
|
1763
|
+
await applyVoiceDataRetentionPolicy({
|
|
1764
|
+
...policy,
|
|
1765
|
+
dryRun: false
|
|
1766
|
+
});
|
|
1767
|
+
}
|
|
1768
|
+
```
|
|
1769
|
+
|
|
1770
|
+
This removes sessions, traces, reviews, tasks, integration events, campaigns, incident bundles, and delivery queues that match the policy selectors. The generated policy starts as a dry run so a zero-retention mode cannot accidentally wipe data without explicit application.
|
|
1771
|
+
|
|
1772
|
+
Redacted support export:
|
|
1773
|
+
|
|
1774
|
+
```ts
|
|
1775
|
+
const auditExport = await exportVoiceAuditTrail({
|
|
1776
|
+
redact: voiceComplianceRedactionDefaults,
|
|
1777
|
+
store: runtimeStorage.audit
|
|
1778
|
+
});
|
|
1779
|
+
const auditMarkdown = renderVoiceAuditMarkdown(auditExport.events);
|
|
1780
|
+
|
|
1781
|
+
const traceMarkdown = renderVoiceTraceMarkdown(events, {
|
|
1782
|
+
redact: voiceComplianceRedactionDefaults
|
|
1783
|
+
});
|
|
1784
|
+
```
|
|
1785
|
+
|
|
1786
|
+
Use this for support tickets, customer escalations, incident reviews, or vendor handoffs where transcripts, tool payloads, provider metadata, or audit events may contain personal data.
|
|
1787
|
+
|
|
1788
|
+
Customer-owned storage:
|
|
1789
|
+
|
|
1790
|
+
```ts
|
|
1791
|
+
const runtimeStorage = createVoicePostgresRuntimeStorage({
|
|
1792
|
+
connectionString: process.env.DATABASE_URL!,
|
|
1793
|
+
schemaName: 'voice_ops',
|
|
1794
|
+
tablePrefix: 'support'
|
|
1795
|
+
});
|
|
1796
|
+
|
|
1797
|
+
app.use(
|
|
1798
|
+
createVoiceDataControlRoutes({
|
|
1799
|
+
...runtimeStorage,
|
|
1800
|
+
audit: runtimeStorage.audit,
|
|
1801
|
+
auditDeliveries: runtimeStorage.auditDeliveries,
|
|
1802
|
+
redact: voiceComplianceRedactionDefaults,
|
|
1803
|
+
traceDeliveries: runtimeStorage.traceDeliveries
|
|
1804
|
+
})
|
|
1805
|
+
);
|
|
1806
|
+
```
|
|
1807
|
+
|
|
1808
|
+
Use file storage for local demos, SQLite for small self-hosted installs, Postgres for production app-owned records, and S3 delivery for exported audit/trace evidence. The important point is that sessions, traces, reviews, tasks, campaigns, audit, and delivery queues remain in infrastructure the app owner controls.
|
|
1809
|
+
|
|
1810
|
+
Deploy gate for compliance evidence:
|
|
1811
|
+
|
|
1812
|
+
```ts
|
|
1813
|
+
app.use(
|
|
1814
|
+
createVoiceProductionReadinessRoutes({
|
|
1815
|
+
audit: {
|
|
1816
|
+
require: [
|
|
1817
|
+
{ type: 'provider.call' },
|
|
1818
|
+
{ type: 'operator.action' },
|
|
1819
|
+
{ type: 'retention.policy', maxAgeMs: 7 * 24 * 60 * 60 * 1000 }
|
|
1820
|
+
],
|
|
1821
|
+
store: runtimeStorage.audit
|
|
1822
|
+
},
|
|
1823
|
+
auditDeliveries: runtimeStorage.auditDeliveries,
|
|
1824
|
+
traceDeliveries: runtimeStorage.traceDeliveries,
|
|
1825
|
+
store: runtimeStorage.traces
|
|
1826
|
+
})
|
|
1827
|
+
);
|
|
1828
|
+
```
|
|
1829
|
+
|
|
1830
|
+
This makes provider-call audit evidence, operator interventions, recent retention-policy proof, and export-queue health part of release readiness instead of a manual dashboard check.
|
|
1831
|
+
|
|
1747
1832
|
Use `createVoiceAuditLogger(...)` when you need append-only compliance evidence outside call traces. The logger records provider calls, tool calls, handoffs, retention runs, and operator actions into `runtimeStorage.audit`, so self-hosted teams can prove who changed what, which provider ran, which tool fired, and what data-control policy deleted.
|
|
1748
1833
|
|
|
1749
1834
|
Pass `audit` directly to `createVoiceAgent(...)` to record model calls as provider-call audit events and tool executions as tool-call audit events. Pass it to `createVoiceAgentSquad(...)` to record squad handoffs automatically. Use `auditProvider` and `auditModel` on agents when you want readiness and compliance reports to show the actual model provider instead of the agent id.
|