Webchat Progress Status

Summary

• Completed: Phases 0 to 7 implemented across schema, public API, embed SDK, conversation engine, security hardening, dashboard UX, and test suite.
• Partially completed: Phase 8 rollout foundation with rollout modes, route enforcement, admin rollout controls, and SLA monitoring.

Phase Status Matrix

Phase 0: Stabilize schema and channel typing

Status: Implemented

• Channel creation paths normalize to lowercase web.
• Non-web channels require channelId, while web channels allow null channelId.
• Prisma enum is implemented for channel type with web, facebook, telegram, whatsapp.

Phase 1: Web chat domain model

Status: Implemented

• WebChatSite, WebChatSession, and WebChatEvent models added.
• Relations wired to Tenant, Bot, and CRM conversation.
• Init/message runtime helpers use site and session rows.

Phase 2: Public webchat API layer

Status: Implemented

• POST init, POST message, GET config, POST events implemented.
• OPTIONS handlers implemented for preflight across routes.
• Config-issued init challenge is signed, replay-resistant, and consumed by init.

Phase 3: Widget and embed SDK

Status: Implemented

• Launcher, panel, messaging UI, local session persistence.
• Position, title, color, and welcome-message support.
• Shadow DOM isolation, unread badge, and mobile fullscreen.
• Cookie-consent gating and telemetry toggles are available.

Phase 4: Conversation engine integration

Status: Implemented

• Flow-first routing before AI fallback in message handling.
• Conversation continuity through conversationId and externalSessionId.
• Structured source metadata persisted for url, referrer, locale, utm, and origin.
• Safe fallback copy returned when AI engine fails.

Phase 5: Security and abuse protection

Status: Implemented

• Signed short-lived session tokens.
• Strict origin/referer validation and production wildcard guard.
• Rate limiting on init, message, and events.
• Bot mitigation checks and configurable PII retention.

Phase 6: Dashboard UX for webchat management

Status: Implemented (MVP) and partially complete

• Integrations page at /integrations/webchat.
• Key management, allowed domains, diagnostics, and snippet copy.
• Internal test-widget harness and live preview support.

Phase 7: Observability and QA

Status: Implemented

• Vitest config and webchat-focused test coverage in place.
• Structured metrics via webchat-metrics with session, message, events, rate limit, and CORS denied events.
• Current baseline documented with strong API/security coverage and 7 passing widget E2E scenarios.

Phase 8: Rollout strategy

Status: Partially Implemented

• Rollout policy helper supports off, pilot, tiered, and ga modes.
• Runtime enforcement is applied on config, init, message, and events.
• Admin rollout controls implemented at /admin/webchat-rollout.
• SLA monitoring dashboard implemented at /admin/webchat-monitoring.
• Remaining gap: live pilot promotion and staged enablement still require operator action in deployed environment.