This page is the honest, current state — updated as we go, never aspirational.
Proven in production (pre-existing Vexa): the Runtime (meeting bots are browser
workloads), transcription → transcript.v1, redis streaming.
Built & proven live — the dispatch core (M1): a unit.v1 dispatch runs in a
runtime-spawned, isolated container (the generic-agent worker), over a bind-mounted
workspace, carrying a per-dispatch signed identity
token, streaming UnitEvents on unit:<id>:out → SSE. The in-process path is retired (agents never
run in the control plane). Chat memory is durable — session + transcript are saved in the workspace,
so a fresh container resumes the conversation. Verified end-to-end on docker and through the terminal
chat. See Execution.
Designed & frozen (this site): the seven primitives, the
identity layer (kagenti-aligned), the
governance model.
Sound and kept: the terminal workbench + surfaces, the generic event ingress, the generic tool
mechanism, the redis scheduler.
Next: finish M1 — the bucket-backed (minio) workspace store + warm-reuse
(touch / idle-enforcer). Then M2 — the live meeting dispatch.
Delivery tracker
The planned features, the modules each touches, and status. The
core features are ⬜ planned; planned meetings, auto-join, and ICS calendar sync are ✅ done
(OAuth calendars are deferred). See Identity for the auth and
encryption detail.
| Feature | Status | Module(s) it touches |
|---|
Auth spine — opaque token → User → scoped access end-to-end | ⬜ planned | core/identity (admin-api), core/gateway |
Owner-check adoption — wire OwnerOnlyPolicy / can_access onto every meeting path (chat · stream · start · process) | ⬜ planned | core/agent, core/meetings, core/identity |
| Real meetings list — the live, persisted list of a user’s meetings on the surface | ⬜ planned | core/meetings (meeting-api), core/gateway, clients/terminal |
Routines: scheduled meetings — a routine.v1 / schedule.v1 job that joins on a cron | ⬜ planned | core/runtime (scheduler), core/agent, core/meetings |
| Docs ↔ meetings binding — bind a workspace doc to a meeting (capture → governed action) | ⬜ planned | core/agent (workspace.v1), core/meetings, clients/terminal |
WebSocket coverage — the /ws multiplex fanning transcripts · bot status · chat | ⬜ planned | core/gateway (ws.v1), core/meetings, clients/terminal |
| Bucket encryption — per-workspace envelope encryption; keys brokered, decrypted only in-container | ⬜ planned | core/identity, core/agent (workspace.v1), core/runtime |
| Transcript encryption — encrypt transcripts at rest in the meetings database (the SSOT); protect the redis carrier (auth/TLS/ACLs) | ⬜ planned | core/meetings, core/identity |
| User-token encryption — store API tokens hashed/encrypted at rest, not cleartext | ⬜ planned | core/identity (admin-api) |
Planned meetings + auto-join — plan ahead (POST /meetings), one record plan→transcript, the bot joins scheduled meetings at start | ✅ done | core/meetings, core/gateway, clients/terminal |
| Calendar sync — secret-ICS import → planned meetings, auto-join by default | ✅ done | core/meetings, core/identity, clients/terminal |
| Calendar (OAuth) — Google/Microsoft OAuth calendars (two-way, invite-aware) | 🟦 deferred | core/identity, core/meetings |
Capability truth table
Where each partially-landed capability actually stands, layer by layer — verified against the tree
(route tables, module code, tests), not planning docs. “Module-tested” means unit/seam tests with fake
transports pass in CI; it is not an end-to-end claim.
| Capability | Bot / module | Service API | Terminal UI | Honest note |
|---|
| Bot browser view (watch the bot’s browser live) | n/a | ❌ none | ❌ none | Not a product feature today. noVNC/x11vnc is baked into the bot image and the lite supervisor for operator debugging only (localhost-bound). |
| Voice agent — TTS speak | ✅ implemented + proven live (acts.v1 speak → TTS → virtual mic; June full-cycle matrix) | ❌ not wired — the gateway mounts POST …/speak per the sealed api.v1 but the open-core meeting-api has no route behind it → 404; nothing publishes the speak act | ❌ none | Contract-sealed and module-tested (mock-bot speak-ack gate), not user-reachable. Also flagged in the Meetings API and the changelog. |
| Recording playback | ✅ capture + chunking proven (acquire) | ✅ live + module-tested — GET /recordings, /{id}, /{id}/master, …/raw through the gateway | ❌ no player — retrieval is API/curl only (how-to) | The full live loop (in-meeting capture → object storage → playback) has not been validated end-to-end. |
| User webhooks (your URL, signed events) | — | ✅ built + module-tested — self-serve config (URL/secret/events, secret-masked) and the webhook.v1 HMAC delivery module with retry queue | ❌ no settings UI | Never fired against a real external receiver — module tests use an in-memory transport. Treat as untested until a live delivery is proven. |
| Service webhooks (in-stack lifecycle callbacks) | — | ✅ wired (/bots/internal/callback/lifecycle, /runtime/callback) + seam-tested | n/a | Internal plumbing; exercised implicitly by live bot runs, no dedicated E2E harness. |
| MCP server | — | 🟡 ported 0.10.6 meeting-control server runs as its own compose service, module-tested; not gateway-mounted (no /mcp) | n/a | Untested against a real MCP client. Direction (one MCP server fronted by the gateway) is in the changelog. |
0.10.x features not (yet) in 0.12
The wire contract is sealed hash-equal to 0.10.x’s OpenAPI 1.5.0, but a sealed endpoint is not
automatically a wired capability. What 0.10.x users had that 0.12 does not ship today — the
changelog parity section is the source of truth, with
per-row verification notes:
| 0.10.x capability | 0.12 status |
|---|
Mid-call bot config (PUT …/config) | contract-sealed, not wired — 404 |
Voice agent / TTS speak (POST …/speak) | contract-sealed, not wired — 404 |
| Interactive bots beyond speak (in-meeting chat · screen share · avatar) | contract-sealed, not mounted — planned back in 0.12.x |
| Transcript public share links | contract-sealed, not mounted (was dashboard-coupled) |
Meeting participants endpoint (GET …/participants) | post-seal — next api.v1 revision |
discord ingest platform | post-seal — next api.v1 revision |
| Zoom authorized join (OBF/ZAK tokens, native SDK) | not carried — 0.12 joins Zoom via web client only; planned in the 0.12.x Zoom track |
| Segment-latency env knobs | partial — programmatic config exists, no env wiring |
| Swagger auth-scheme fixes | not carried — cosmetic DX gap in served docs |