@absolutejs/voice 0.0.22-beta.212 → 0.0.22-beta.213

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +121 -0
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -717,6 +717,127 @@ For customer-facing exports, use the same redaction/export primitives as support
717
717
 
718
718
  This recipe covers the hosted-platform expectations that matter for meeting recorders: browser mic capture, live transcript UI, reconnect visibility, post-call review, transcript/debug record, readiness proof, customer-owned storage, retention controls, and redacted export paths.
719
719
 
720
+ ## Use-Case Recipe: Compliance-Sensitive Calls
721
+
722
+ Use this path when the voice app handles sensitive customer support, healthcare-adjacent intake, financial workflows, internal investigations, or regulated customer data. AbsoluteJS Voice can provide self-hosted controls and evidence: customer-owned storage, provider-key ownership, redaction defaults, audit trails, guarded deletion, zero-retention policy helpers, redacted exports, and deploy gates. It does not certify the app for HIPAA, SOC 2, GDPR, or any other legal regime by itself.
723
+
724
+ The production shape is:
725
+
726
+ 1. Use customer-owned runtime storage, preferably Postgres for production records and S3/webhook delivery for exported evidence.
727
+ 2. Keep provider keys in the app owner environment, not in a hosted voice dashboard.
728
+ 3. Pass `audit` into agents/tools/squads so provider calls, tool executions, handoffs, retention runs, and operator actions are recorded.
729
+ 4. Mount data-control routes for redacted audit export, retention dry-runs, guarded deletion, zero-retention planning, and provider-key recommendations.
730
+ 5. Make audit evidence, recent retention-policy evidence, and audit/trace delivery health part of production readiness.
731
+
732
+ ```ts
733
+ import { Elysia } from 'elysia';
734
+ import {
735
+ applyVoiceDataRetentionPolicy,
736
+ buildVoiceDataRetentionPlan,
737
+ createVoiceAuditLogger,
738
+ createVoiceDataControlRoutes,
739
+ createVoiceOperationsRecordRoutes,
740
+ createVoicePostgresRuntimeStorage,
741
+ createVoiceProductionReadinessRoutes,
742
+ createVoiceZeroRetentionPolicy,
743
+ exportVoiceAuditTrail,
744
+ renderVoiceAuditMarkdown,
745
+ voiceComplianceRedactionDefaults
746
+ } from '@absolutejs/voice';
747
+
748
+ const runtime = createVoicePostgresRuntimeStorage({
749
+ connectionString: process.env.DATABASE_URL!,
750
+ schemaName: 'voice_ops',
751
+ tablePrefix: 'sensitive'
752
+ });
753
+
754
+ const audit = createVoiceAuditLogger(runtime.audit);
755
+
756
+ const app = new Elysia()
757
+ .use(
758
+ createVoiceDataControlRoutes({
759
+ ...runtime,
760
+ audit: runtime.audit,
761
+ auditDeliveries: runtime.auditDeliveries,
762
+ path: '/data-control',
763
+ redact: voiceComplianceRedactionDefaults,
764
+ title: 'Sensitive Voice Data Control',
765
+ traceDeliveries: runtime.traceDeliveries
766
+ })
767
+ )
768
+ .use(
769
+ createVoiceOperationsRecordRoutes({
770
+ audit: runtime.audit,
771
+ htmlPath: '/voice-operations/:sessionId',
772
+ integrationEvents: runtime.events,
773
+ path: '/api/voice-operations/:sessionId',
774
+ reviews: runtime.reviews,
775
+ store: runtime.traces,
776
+ tasks: runtime.tasks
777
+ })
778
+ )
779
+ .use(
780
+ createVoiceProductionReadinessRoutes({
781
+ audit: {
782
+ require: [
783
+ { type: 'provider.call' },
784
+ { type: 'operator.action' },
785
+ { type: 'retention.policy', maxAgeMs: 7 * 24 * 60 * 60 * 1000 }
786
+ ],
787
+ store: runtime.audit
788
+ },
789
+ auditDeliveries: runtime.auditDeliveries,
790
+ links: {
791
+ audit: '/audit',
792
+ auditDeliveries: '/audit/deliveries',
793
+ dataControl: '/data-control',
794
+ operationsRecords: '/voice-operations/:sessionId',
795
+ traceDeliveries: '/traces/deliveries'
796
+ },
797
+ store: runtime.traces,
798
+ traceDeliveries: runtime.traceDeliveries
799
+ })
800
+ );
801
+
802
+ await audit.operatorAction({
803
+ action: 'retention.policy.reviewed',
804
+ actor: { id: 'ops-admin', type: 'operator' },
805
+ outcome: 'ok',
806
+ resource: { id: 'zero-retention-policy', type: 'voice.retention' }
807
+ });
808
+
809
+ const zeroRetentionPolicy = createVoiceZeroRetentionPolicy({
810
+ ...runtime,
811
+ audit: runtime.audit,
812
+ auditDeliveries: runtime.auditDeliveries,
813
+ traceDeliveries: runtime.traceDeliveries
814
+ });
815
+
816
+ const retentionPlan = await buildVoiceDataRetentionPlan(zeroRetentionPolicy);
817
+
818
+ if (retentionPlan.deletedCount > 0) {
819
+ await applyVoiceDataRetentionPolicy({
820
+ ...zeroRetentionPolicy,
821
+ dryRun: false
822
+ });
823
+ }
824
+
825
+ const auditExport = await exportVoiceAuditTrail({
826
+ redact: voiceComplianceRedactionDefaults,
827
+ store: runtime.audit
828
+ });
829
+
830
+ const redactedAuditMarkdown = renderVoiceAuditMarkdown(auditExport.events, {
831
+ title: 'Sensitive Voice Audit Export'
832
+ });
833
+ ```
834
+
835
+ For the actual agent or squad, pass the same `audit` logger into `createVoiceAgent(...)`, `createVoiceAgentSquad(...)`, or `createVoiceAssistant(...)` with explicit `auditProvider` and `auditModel` labels. That makes provider usage and tool execution visible in `/data-control/audit.md`, `/audit`, readiness checks, and operations records.
836
+
837
+ The UI should expose `/data-control`, `/data-control.json`, `/data-control/audit.md`, `/data-control/retention/plan`, `/production-readiness`, and `/voice-operations/:sessionId`. Destructive retention application should remain a server-side operator action that first reviews the dry-run plan and then posts `confirm: "apply-retention-policy"`.
838
+
839
+ This recipe covers the hosted-platform expectations that matter for compliance-sensitive voice apps: customer-owned records, provider-key ownership, redacted exports, audit evidence, guarded retention, zero-retention planning, deploy gates, and a clear boundary that the package supplies controls and proof artifacts, not legal certification.
840
+
720
841
  ## How This Differs From Hosted Voice Platforms
721
842
 
722
843
  Hosted voice-agent platforms are strongest when you want a managed dashboard, phone-number provisioning, hosted orchestration, and campaign tooling out of the box.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@absolutejs/voice",
3
- "version": "0.0.22-beta.212",
3
+ "version": "0.0.22-beta.213",
4
4
  "description": "Voice primitives and Elysia plugin for AbsoluteJS",
5
5
  "repository": {
6
6
  "type": "git",