@absolutejs/voice 0.0.22-beta.212 → 0.0.22-beta.214
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +148 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -55,6 +55,33 @@ These are the primitive-first paths a Vapi-style buyer usually needs. Each path
|
|
|
55
55
|
| Evals and simulation | fixtures, eval routes, simulation suite, workflow/tool/outcome contracts, baselines | Prove flows before live traffic | Opaque hosted test runner |
|
|
56
56
|
| Data and compliance controls | file/SQLite/Postgres/S3 storage paths, redaction, retention, audit exports, guarded deletion | Show customer-owned storage and export proof | Legal certification or compliance attestation |
|
|
57
57
|
|
|
58
|
+
## Proof Pack
|
|
59
|
+
|
|
60
|
+
Use this checklist when a buyer asks, "How do I know this replaces a hosted voice dashboard?" Each artifact is a route, report, contract, or export the app owns. The point is not screenshots; the point is reproducible proof that can live in CI, an internal admin page, or a customer-facing demo.
|
|
61
|
+
|
|
62
|
+
| Buyer question | Proof artifact | What it proves |
|
|
63
|
+
| --- | --- | --- |
|
|
64
|
+
| Can I launch a browser voice agent quickly? | `/voice`, framework mic/transcript UI, `/traces`, `/production-readiness` | Browser voice route, live transcript, trace persistence, readiness gate |
|
|
65
|
+
| Can I run phone agents without hosted orchestration? | `/voice/phone/setup`, `/voice/phone/smoke-contract`, carrier matrix JSON | Carrier setup instructions, webhook/stream URLs, smoke proof, lifecycle traces |
|
|
66
|
+
| Can I debug a bad call like a hosted call log? | `/voice-operations/:sessionId`, `/voice-operations/:sessionId/incident.md` | Transcript, trace timeline, provider decisions, tools, handoffs, reviews, tasks, audit, deliveries |
|
|
67
|
+
| Can I test before production traffic? | `/voice/simulations`, tool contracts, outcome contracts, workflow contracts | Scenario/eval proof, tool idempotency/retry proof, business outcome proof |
|
|
68
|
+
| Can I prove provider fallback and latency? | provider contract matrix, provider status UI, `/turn-latency`, `/live-latency` | Provider choice, fallback behavior, server turn timing, browser p50/p95 timing |
|
|
69
|
+
| Can operators intervene safely? | live-ops routes, action center, ops action audit routes, operations record | Pause/resume/takeover, injected instructions, operator action audit trail |
|
|
70
|
+
| Can I run outbound campaigns? | `/voice/campaigns`, `/voice/campaigns/observability`, `/api/voice/campaigns/readiness-proof` | Recipient import evidence, consent/dedupe checks, scheduling policy, worker-safe attempts |
|
|
71
|
+
| Can I handle post-call workflow? | reviews, tasks, integration events, outcome contracts, operations record | Summary/review artifacts, task creation, webhook/sink delivery, matched session proof |
|
|
72
|
+
| Can I keep data in my infrastructure? | `/data-control`, `/data-control/audit.md`, retention dry-run/apply routes | Customer-owned storage, redaction, audit export, guarded deletion, zero-retention planning |
|
|
73
|
+
| Can I prove release readiness? | `/production-readiness`, `/ops-recovery`, delivery runtime, readiness profiles | Deploy gates for session health, audits, delivery queues, provider/campaign/phone proof |
|
|
74
|
+
|
|
75
|
+
For a demo, the fastest convincing path is:
|
|
76
|
+
|
|
77
|
+
1. Start a browser or phone session.
|
|
78
|
+
2. Open `/voice-operations/:sessionId` for the session.
|
|
79
|
+
3. Open `/production-readiness` and follow any linked proof surface.
|
|
80
|
+
4. Open `/voice/simulations` or the relevant tool/outcome contract route.
|
|
81
|
+
5. Open `/data-control` to show where retention, redaction, and audit export live.
|
|
82
|
+
|
|
83
|
+
If those five surfaces are green and linked, the buyer can see the core difference from Vapi-style hosted orchestration: the operational proof lives inside the app, not in a vendor dashboard.
|
|
84
|
+
|
|
58
85
|
## Use-Case Recipe: Support Triage
|
|
59
86
|
|
|
60
87
|
Use this path when you want a Vapi-style support assistant that can answer web or phone calls, look up customer context, route billing issues to a specialist, create follow-up work, and leave one debuggable call record. It is a recipe over primitives, not a support app kit.
|
|
@@ -717,6 +744,127 @@ For customer-facing exports, use the same redaction/export primitives as support
|
|
|
717
744
|
|
|
718
745
|
This recipe covers the hosted-platform expectations that matter for meeting recorders: browser mic capture, live transcript UI, reconnect visibility, post-call review, transcript/debug record, readiness proof, customer-owned storage, retention controls, and redacted export paths.
|
|
719
746
|
|
|
747
|
+
## Use-Case Recipe: Compliance-Sensitive Calls
|
|
748
|
+
|
|
749
|
+
Use this path when the voice app handles sensitive customer support, healthcare-adjacent intake, financial workflows, internal investigations, or regulated customer data. AbsoluteJS Voice can provide self-hosted controls and evidence: customer-owned storage, provider-key ownership, redaction defaults, audit trails, guarded deletion, zero-retention policy helpers, redacted exports, and deploy gates. It does not certify the app for HIPAA, SOC 2, GDPR, or any other legal regime by itself.
|
|
750
|
+
|
|
751
|
+
The production shape is:
|
|
752
|
+
|
|
753
|
+
1. Use customer-owned runtime storage, preferably Postgres for production records and S3/webhook delivery for exported evidence.
|
|
754
|
+
2. Keep provider keys in the app owner environment, not in a hosted voice dashboard.
|
|
755
|
+
3. Pass `audit` into agents/tools/squads so provider calls, tool executions, handoffs, retention runs, and operator actions are recorded.
|
|
756
|
+
4. Mount data-control routes for redacted audit export, retention dry-runs, guarded deletion, zero-retention planning, and provider-key recommendations.
|
|
757
|
+
5. Make audit evidence, recent retention-policy evidence, and audit/trace delivery health part of production readiness.
|
|
758
|
+
|
|
759
|
+
```ts
|
|
760
|
+
import { Elysia } from 'elysia';
|
|
761
|
+
import {
|
|
762
|
+
applyVoiceDataRetentionPolicy,
|
|
763
|
+
buildVoiceDataRetentionPlan,
|
|
764
|
+
createVoiceAuditLogger,
|
|
765
|
+
createVoiceDataControlRoutes,
|
|
766
|
+
createVoiceOperationsRecordRoutes,
|
|
767
|
+
createVoicePostgresRuntimeStorage,
|
|
768
|
+
createVoiceProductionReadinessRoutes,
|
|
769
|
+
createVoiceZeroRetentionPolicy,
|
|
770
|
+
exportVoiceAuditTrail,
|
|
771
|
+
renderVoiceAuditMarkdown,
|
|
772
|
+
voiceComplianceRedactionDefaults
|
|
773
|
+
} from '@absolutejs/voice';
|
|
774
|
+
|
|
775
|
+
const runtime = createVoicePostgresRuntimeStorage({
|
|
776
|
+
connectionString: process.env.DATABASE_URL!,
|
|
777
|
+
schemaName: 'voice_ops',
|
|
778
|
+
tablePrefix: 'sensitive'
|
|
779
|
+
});
|
|
780
|
+
|
|
781
|
+
const audit = createVoiceAuditLogger(runtime.audit);
|
|
782
|
+
|
|
783
|
+
const app = new Elysia()
|
|
784
|
+
.use(
|
|
785
|
+
createVoiceDataControlRoutes({
|
|
786
|
+
...runtime,
|
|
787
|
+
audit: runtime.audit,
|
|
788
|
+
auditDeliveries: runtime.auditDeliveries,
|
|
789
|
+
path: '/data-control',
|
|
790
|
+
redact: voiceComplianceRedactionDefaults,
|
|
791
|
+
title: 'Sensitive Voice Data Control',
|
|
792
|
+
traceDeliveries: runtime.traceDeliveries
|
|
793
|
+
})
|
|
794
|
+
)
|
|
795
|
+
.use(
|
|
796
|
+
createVoiceOperationsRecordRoutes({
|
|
797
|
+
audit: runtime.audit,
|
|
798
|
+
htmlPath: '/voice-operations/:sessionId',
|
|
799
|
+
integrationEvents: runtime.events,
|
|
800
|
+
path: '/api/voice-operations/:sessionId',
|
|
801
|
+
reviews: runtime.reviews,
|
|
802
|
+
store: runtime.traces,
|
|
803
|
+
tasks: runtime.tasks
|
|
804
|
+
})
|
|
805
|
+
)
|
|
806
|
+
.use(
|
|
807
|
+
createVoiceProductionReadinessRoutes({
|
|
808
|
+
audit: {
|
|
809
|
+
require: [
|
|
810
|
+
{ type: 'provider.call' },
|
|
811
|
+
{ type: 'operator.action' },
|
|
812
|
+
{ type: 'retention.policy', maxAgeMs: 7 * 24 * 60 * 60 * 1000 }
|
|
813
|
+
],
|
|
814
|
+
store: runtime.audit
|
|
815
|
+
},
|
|
816
|
+
auditDeliveries: runtime.auditDeliveries,
|
|
817
|
+
links: {
|
|
818
|
+
audit: '/audit',
|
|
819
|
+
auditDeliveries: '/audit/deliveries',
|
|
820
|
+
dataControl: '/data-control',
|
|
821
|
+
operationsRecords: '/voice-operations/:sessionId',
|
|
822
|
+
traceDeliveries: '/traces/deliveries'
|
|
823
|
+
},
|
|
824
|
+
store: runtime.traces,
|
|
825
|
+
traceDeliveries: runtime.traceDeliveries
|
|
826
|
+
})
|
|
827
|
+
);
|
|
828
|
+
|
|
829
|
+
await audit.operatorAction({
|
|
830
|
+
action: 'retention.policy.reviewed',
|
|
831
|
+
actor: { id: 'ops-admin', type: 'operator' },
|
|
832
|
+
outcome: 'ok',
|
|
833
|
+
resource: { id: 'zero-retention-policy', type: 'voice.retention' }
|
|
834
|
+
});
|
|
835
|
+
|
|
836
|
+
const zeroRetentionPolicy = createVoiceZeroRetentionPolicy({
|
|
837
|
+
...runtime,
|
|
838
|
+
audit: runtime.audit,
|
|
839
|
+
auditDeliveries: runtime.auditDeliveries,
|
|
840
|
+
traceDeliveries: runtime.traceDeliveries
|
|
841
|
+
});
|
|
842
|
+
|
|
843
|
+
const retentionPlan = await buildVoiceDataRetentionPlan(zeroRetentionPolicy);
|
|
844
|
+
|
|
845
|
+
if (retentionPlan.deletedCount > 0) {
|
|
846
|
+
await applyVoiceDataRetentionPolicy({
|
|
847
|
+
...zeroRetentionPolicy,
|
|
848
|
+
dryRun: false
|
|
849
|
+
});
|
|
850
|
+
}
|
|
851
|
+
|
|
852
|
+
const auditExport = await exportVoiceAuditTrail({
|
|
853
|
+
redact: voiceComplianceRedactionDefaults,
|
|
854
|
+
store: runtime.audit
|
|
855
|
+
});
|
|
856
|
+
|
|
857
|
+
const redactedAuditMarkdown = renderVoiceAuditMarkdown(auditExport.events, {
|
|
858
|
+
title: 'Sensitive Voice Audit Export'
|
|
859
|
+
});
|
|
860
|
+
```
|
|
861
|
+
|
|
862
|
+
For the actual agent or squad, pass the same `audit` logger into `createVoiceAgent(...)`, `createVoiceAgentSquad(...)`, or `createVoiceAssistant(...)` with explicit `auditProvider` and `auditModel` labels. That makes provider usage and tool execution visible in `/data-control/audit.md`, `/audit`, readiness checks, and operations records.
|
|
863
|
+
|
|
864
|
+
The UI should expose `/data-control`, `/data-control.json`, `/data-control/audit.md`, `/data-control/retention/plan`, `/production-readiness`, and `/voice-operations/:sessionId`. Destructive retention application should remain a server-side operator action that first reviews the dry-run plan and then posts `confirm: "apply-retention-policy"`.
|
|
865
|
+
|
|
866
|
+
This recipe covers the hosted-platform expectations that matter for compliance-sensitive voice apps: customer-owned records, provider-key ownership, redacted exports, audit evidence, guarded retention, zero-retention planning, deploy gates, and a clear boundary that the package supplies controls and proof artifacts, not legal certification.
|
|
867
|
+
|
|
720
868
|
## How This Differs From Hosted Voice Platforms
|
|
721
869
|
|
|
722
870
|
Hosted voice-agent platforms are strongest when you want a managed dashboard, phone-number provisioning, hosted orchestration, and campaign tooling out of the box.
|