Roadmap¶
Shipped¶
- 0.1.0 — foundation: core, exceptions (+i18n), schemas, pagination,
settings,
BaseModel, repository/service/controller,createApp+ Swagger/Redoc, health, CLI (new), bilingual docs. - 0.2.0 — cache, sessions, SSE, WebSockets, queue (RabbitMQ), background tasks, feature flags, object storage.
- 0.3.0 — client-IP resolution, TOTP (MFA), resilient HTTP client (retry + circuit breaker), system metrics (+ Prometheus), Web Push, email.
- 0.4.0 —
integrations/:MessagingProvidercontract +WhatsAppProvider(typedzap-apiclient, REST +/ws) +makeWhatsAppWebhookRouter. See the Integrations: WhatsApp recipe. - 0.5.0 —
admin/: JSON admin (AdminSite+makeAdminRouter) with auto-derived CRUD,_metaintrospection, Zod validation and a pluggable guard. See the Admin (JSON API) recipe. - 0.6.0 —
integrations/:TelegramProvider(Bot API, send + polling) andTwilioSmsProvider(SMS) +makeTwilioWebhookRouter(signature-validated). See the SMS and Telegram recipe. - 0.7.0 — auth flows:
MfaService(TOTP),ActivationService(email) andPasswordResetService, wired intomakeAuthRouter. See Authentication (JWT). - 0.8.0 — Redis stores:
RedisSessionStoreandRedisSSEBroker(pub/sub) for multi-replica deployments. See Real-time. - 0.9.0 — metrics: optional GPU metrics (
nvidia-smi) +makeMetricsRouter(/metricsPrometheus endpoint). See MFA, HTTP client…. - 0.10.0 —
EmailProvider(email as aMessagingProvider) and MFA at login (challenge flow inUserAuthService+POST /auth/mfa/challenge). - 0.11.0 — broadcast helpers:
broadcastText(bounded-concurrency fan-out) andMessagingHub(named channels withsend/broadcast).
Goal: full parity with tempest-fastapi-sdk¶
The target is feature parity with tempest-fastapi-sdk, keeping the
integrations/ module (WhatsApp/Telegram/SMS/Email + MessagingHub/broadcast)
as the Node-only differential — a first-class messaging layer the Python SDK
does not have. Core, data, auth, real-time, cache/queue/tasks, flags, metrics and
CLI are already at parity or close; the items below close the remaining gaps.
HTTP hardening middlewares¶
- CSRF, rate limiting (memory + Redis), idempotency keys, body-size limit, graceful shutdown, standalone request-id middleware, request tracing.
PrometheusMiddleware(per-request histogram) complementing the existing system/metricsrouter.
OAuth, webhooks & meta routers¶
- OAuth clients (Google, GitHub) +
OIDCProvider. - Webhook signature verifier (HMAC/RSA),
tool-specrouter, logs router. - Auth locale negotiation + optional HTML page renderer.
Advanced DB¶
- Transactional outbox (
OutboxRelay), audit log model +AuditMixin,SoftDeleteMixin/MFAMixin, tenant-scoped repository, slow-query logger, database backup,BaseUserModel+ token models, snapshot/diff.
Typed settings¶
- Domain settings fragments/classes:
AuthSettings,JWTSettings,EmailSettings,RedisSettings,RabbitMQSettings,SessionSettings,UploadSettings, etc. (composed ontobaseAppSettingsShape).
Schemas, storage, utils, CLI¶
- Delta-sync pagination (
SyncFilterSchema/SyncPaginationSchema), pagination link headers,LogEntrySchema. - MinIO/S3
UploadStoragebackend (alongsideLocalUploadStorage). - Field types (
CentsField/PriceField/HexColorField/… as Zod), fullDownloadUtils,LogUtilswith500.logrouting. - CLI:
user,lint,config, and real DB-migration wiring overtempest-db-js.
Testing helpers¶
- In-memory DB/test fixtures (mirrors the Python
testingmodule).
Out of scope¶
vision(ort-vision) — belongs toort-vision-sdk, not this SDK.- The server-rendered (jinja) HTML admin — superseded by the JSON
adminAPI + a decoupled frontend.
1.0.0 is cut once these close and the API settles in real use.