wats.sh
Project

Roadmap

What WATS plans to ship next, and what is explicitly out of scope for now.

active · applies to post-foundations roadmap · reviewed 2026-05-01

What is planned, what is shipped, and what is explicitly out of scope. Issue-level tracking lives in the project tracker.

Shipped

The 0.3.x-alpha-tooling line ships the substrate:

  • Graph client, transport seam, endpoint registry, pagination, scoped clients
  • Graph error registry seeded with the known Meta error codes
  • webhook challenge/signature verification, runtime-neutral WebhookAdapter, Bun/Node/Fetch wrappers
  • typed webhook normalizer, typed filters, router, listeners, WhatsApp facade
  • media runtime: upload, metadata resolution, binary download, delete, encrypted decrypt, resumable upload sessions
  • outbound composers: media, location, contacts, reaction, interactive variants, template send, mark-as-read, typing indicators
  • template management: list/create/get/update/delete, component builders, parameter validation, template webhook filters
  • Flows: metadata/JSON CRUD, publish/deprecate, buildFlowJson / validateFlowJson, data-exchange response builders, encrypted request decrypt / response encrypt, metrics, migration, and Flow media decrypt helpers
  • calling: initiate/pre-accept/accept/reject/terminate, call permissions, calling settings/SIP request shapes, BSUID recipients, call-button/deep-link helpers, calling webhook variants, typed call filters, and operator codec/signaling docs
  • business/admin: read-only WABA and phone-number inventory, profile/commerce reads and updates, Block API, OBA status, display-name review, phone registration lifecycle, QR CRUD, public-key helpers, token exchange, and WABA callback override
  • template helpers: list/create/get/update/delete, compare, unpause, migrate, archive/unarchive, authentication-template upsert, library-template create fields, component builders, parameter validation, template webhook filters
  • @wats/config, @wats/cli (init, setup, onboarding, config validate, doctor, serve, openapi, upgrade, messages list/show), @wats/service with OpenAPI 3.1
  • SQLite persistence: migrations, idempotency records, outbox APIs
  • Postgres persistence adapter at @wats/persistence/postgres (shape-only, mock-client tested; no default CI live Postgres)
  • local message projection (wats_messages / wats_message_status_events) and read-only wats messages list/show CLI inspection
  • pywa migration guide and per-endpoint status page

Everything above is credential-free and MockTransport-validated unless endpoint status marks it live-validated. The Postgres adapter is mock-client tested; it is not live-validated against a running Postgres service.

Planned

  • Live credentialed validation of media, message, template, Flow, and calling paths: read-only discovery first, side-effecting tests second, destructive cleanup last. Halted until credentials and explicit operator authorization exist.
  • Mutating admin endpoints still remaining: WABA CRUD, catalog/product inventory CRUD, and subscribeApp; shipped request-shape helpers remain shape-only until live validation.
  • Live Postgres validation and service send enqueueing.
  • Production deployment hardening: Compose, container image publication, registry workflow, and a production hosting contract. The repo ships a Railway-targeted Dockerfile.
  • Analytics/quality/rate-limit surfaces beyond the current typed alert payloads.

Out of scope for now

  • Automatic user-block decisions and policy/appeal automation.
  • WebRTC/media session orchestration beyond calling request shapes.
  • Catalog/product inventory CRUD beyond read-only commerce settings.
  • Full Meta Graph API OpenAPI generation.

Credential rule

Any step that hits live Meta endpoints, sends messages, mutates WABA assets, or verifies live webhook secrets requires explicit operator authorization and a documented secrets plan first. No exceptions.

On this page