Skip to main content
This page is the honest, current state — updated as we go, never aspirational.
Proven in production (pre-existing Vexa): the Runtime (meeting bots are browser workloads), transcription → transcript.v1, redis streaming. Built & proven live — the dispatch core (M1): a unit.v1 dispatch runs in a runtime-spawned, isolated container (the generic-agent worker), over a bind-mounted workspace, carrying a per-dispatch signed identity token, streaming UnitEvents on unit:<id>:out → SSE. The in-process path is retired (agents never run in the control plane). Chat memory is durable — session + transcript are saved in the workspace, so a fresh container resumes the conversation. Verified end-to-end on docker and through the terminal chat. See Execution. Designed & frozen (this site): the seven primitives, the identity layer (kagenti-aligned), the governance model. Sound and kept: the terminal workbench + surfaces, the generic event ingress, the generic tool mechanism, the redis scheduler. Next: finish M1 — the bucket-backed (minio) workspace store + warm-reuse (touch / idle-enforcer). Then M2 — the live meeting dispatch.

Delivery tracker

The planned features, the modules each touches, and status. The core features are ⬜ planned; planned meetings, auto-join, and ICS calendar sync are ✅ done (OAuth calendars are deferred). See Identity for the auth and encryption detail.
FeatureStatusModule(s) it touches
Auth spine — opaque token → User → scoped access end-to-end⬜ plannedcore/identity (admin-api), core/gateway
Owner-check adoption — wire OwnerOnlyPolicy / can_access onto every meeting path (chat · stream · start · process)⬜ plannedcore/agent, core/meetings, core/identity
Real meetings list — the live, persisted list of a user’s meetings on the surface⬜ plannedcore/meetings (meeting-api), core/gateway, clients/terminal
Routines: scheduled meetings — a routine.v1 / schedule.v1 job that joins on a cron⬜ plannedcore/runtime (scheduler), core/agent, core/meetings
Docs ↔ meetings binding — bind a workspace doc to a meeting (capture → governed action)⬜ plannedcore/agent (workspace.v1), core/meetings, clients/terminal
WebSocket coverage — the /ws multiplex fanning transcripts · bot status · chat⬜ plannedcore/gateway (ws.v1), core/meetings, clients/terminal
Bucket encryption — per-workspace envelope encryption; keys brokered, decrypted only in-container⬜ plannedcore/identity, core/agent (workspace.v1), core/runtime
Transcript encryption — encrypt transcripts at rest in the meetings database (the SSOT); protect the redis carrier (auth/TLS/ACLs)⬜ plannedcore/meetings, core/identity
User-token encryption — store API tokens hashed/encrypted at rest, not cleartext⬜ plannedcore/identity (admin-api)
Planned meetings + auto-join — plan ahead (POST /meetings), one record plan→transcript, the bot joins scheduled meetings at start✅ donecore/meetings, core/gateway, clients/terminal
Calendar sync — secret-ICS import → planned meetings, auto-join by default✅ donecore/meetings, core/identity, clients/terminal
Calendar (OAuth) — Google/Microsoft OAuth calendars (two-way, invite-aware)🟦 deferredcore/identity, core/meetings

Capability truth table

Where each partially-landed capability actually stands, layer by layer — verified against the tree (route tables, module code, tests), not planning docs. “Module-tested” means unit/seam tests with fake transports pass in CI; it is not an end-to-end claim.
CapabilityBot / moduleService APITerminal UIHonest note
Bot browser view (watch the bot’s browser live)n/a❌ none❌ noneNot a product feature today. noVNC/x11vnc is baked into the bot image and the lite supervisor for operator debugging only (localhost-bound).
Voice agent — TTS speak✅ implemented + proven live (acts.v1 speak → TTS → virtual mic; June full-cycle matrix)❌ not wired — the gateway mounts POST …/speak per the sealed api.v1 but the open-core meeting-api has no route behind it → 404; nothing publishes the speak act❌ noneContract-sealed and module-tested (mock-bot speak-ack gate), not user-reachable. Also flagged in the Meetings API and the changelog.
Recording playback✅ capture + chunking proven (acquire)✅ live + module-tested — GET /recordings, /{id}, /{id}/master, …/raw through the gateway❌ no player — retrieval is API/curl only (how-to)The full live loop (in-meeting capture → object storage → playback) has not been validated end-to-end.
User webhooks (your URL, signed events)✅ built + module-tested — self-serve config (URL/secret/events, secret-masked) and the webhook.v1 HMAC delivery module with retry queue❌ no settings UINever fired against a real external receiver — module tests use an in-memory transport. Treat as untested until a live delivery is proven.
Service webhooks (in-stack lifecycle callbacks)✅ wired (/bots/internal/callback/lifecycle, /runtime/callback) + seam-testedn/aInternal plumbing; exercised implicitly by live bot runs, no dedicated E2E harness.
MCP server🟡 ported 0.10.6 meeting-control server runs as its own compose service, module-tested; not gateway-mounted (no /mcp)n/aUntested against a real MCP client. Direction (one MCP server fronted by the gateway) is in the changelog.

0.10.x features not (yet) in 0.12

The wire contract is sealed hash-equal to 0.10.x’s OpenAPI 1.5.0, but a sealed endpoint is not automatically a wired capability. What 0.10.x users had that 0.12 does not ship today — the changelog parity section is the source of truth, with per-row verification notes:
0.10.x capability0.12 status
Mid-call bot config (PUT …/config)contract-sealed, not wired — 404
Voice agent / TTS speak (POST …/speak)contract-sealed, not wired — 404
Interactive bots beyond speak (in-meeting chat · screen share · avatar)contract-sealed, not mounted — planned back in 0.12.x
Transcript public share linkscontract-sealed, not mounted (was dashboard-coupled)
Meeting participants endpoint (GET …/participants)post-seal — next api.v1 revision
discord ingest platformpost-seal — next api.v1 revision
Zoom authorized join (OBF/ZAK tokens, native SDK)not carried — 0.12 joins Zoom via web client only; planned in the 0.12.x Zoom track
Segment-latency env knobspartial — programmatic config exists, no env wiring
Swagger auth-scheme fixesnot carried — cosmetic DX gap in served docs