Product Roadmap

VitaraVox Release Plan: v0.5 → v4.0.0

Last Updated: February 15, 2026

---

Version Overview

Version	Codename	Focus	Target
v0.5	Foundation	Core booking for single clinic	✅ Complete
v1.0	Production	Multi-clinic, registration, waitlist	✅ Complete
v1.1	Refinement	BC Health compliance, bug fixes	✅ Complete
v1.2	Hardening	Input validation, logging, circuit breaker	✅ Complete
v1.3	Integration	Vapi production, phone search, OSCAR Bridge	✅ Complete
v1.4	Abstraction	EMR adapter pattern, feature flags	✅ Complete
v1.5	Admin	Admin dashboard, per-clinic EMR control	✅ Complete
v2.0	Squad	6-agent squad architecture	✅ Complete
v2.1	Integration	Admin Vapi management, call log saving	✅ Complete
v2.2	Polish	Caller phone auto-detect, booking-first flow	✅ Complete
v2.3	Production	AssemblyAI STT, silent transfers, inline confirmation	✅ Complete
v3.0	Dual-Track	9-agent EN/ZH dual-track with Vapi GitOps	✅ Deployed
v3.1	Compliance	AES-256-GCM encryption, audit logging, data retention	✅ Complete
v3.2	Hardening	HMAC auth enforcement, PHI redaction, graceful shutdown	✅ Complete
v4.0	Onboarding	4-step onboarding redesign, admin provisioning, 10-point validation	✅ Complete

---

v0.5 — Foundation ✅

Goal: Prove the voice-to-EMR pipeline works end-to-end.

Functional Scope

Feature	Status
Single Vapi assistant configuration	✅
Patient lookup by phone (caller ID)	✅
Patient lookup by name + DOB	✅
Find earliest appointment (any provider)	✅
Book appointment	✅
Reschedule appointment	✅
Cancel appointment	✅
Transfer to clinic staff	✅
English language support	✅

Technical Scope

Component	Status
Express.js webhook server	✅
OSCAR OAuth 1.0a integration	✅
Docker containerization	✅
NGINX reverse proxy	✅
SSL/TLS (Let's Encrypt)	✅
Basic rate limiting	✅
Health check endpoint	✅

Data Flow

Patient → Telnyx → Vapi → Vitara → OSCAR
                          (single clinic)

---

v1.0 — Production ✅

Goal: Production-ready multi-clinic platform with new patient support.

Functional Scope

Feature	Status
Multi-clinic support	✅
Phone number → Clinic routing	✅
Per-clinic configuration	✅
New patient registration	✅
Waitlist when registration closed	✅
Mandarin Chinese support	✅
Clinic hours display	✅
Provider selection	✅

Technical Scope

Component	Status
PostgreSQL database	✅
Multi-tenant schema	✅
Clinic configuration tables	✅
Waitlist management	✅
Call logging (analytics)	✅
Per-endpoint rate limiting	✅
Admin dashboard (basic)	✅
Terraform (AWS dev OSCAR)	✅

Database Schema

clinics           -- Clinic profiles
clinic_config     -- Settings, OSCAR credentials
clinic_hours      -- Working hours
clinic_holidays   -- Closures
clinic_providers  -- Display names
waitlist          -- Patient queue
call_logs         -- Analytics
users             -- Admin access
audit_logs        -- Admin actions

Data Flow

Patient → Telnyx → Vapi → Vitara → Clinic A OSCAR
                   │               Clinic B OSCAR
                   │               Clinic C OSCAR
                   ▼
              Vitara DB
              (config + logs)

---

v1.1 — Refinement ✅

Goal: BC Health compliance and production hardening.

Functional Scope

Feature	Status
BC Personal Health Number (PHN) collection	✅
BC Services Card validation	✅
Out-of-province coverage handling	✅
Private pay option	✅
Registration status check (pre-registration)	✅
Improved error handling	✅
3-second delay messaging	✅

Technical Scope

Component	Status
get_clinic_info endpoint	✅
accepting_new_patients flag	✅
add_to_waitlist endpoint	✅
Enhanced logging	✅
API documentation	✅

Conversation Guardrails

Scenario	Handling
Patient not found	Offer registration or transfer
Registration closed	Offer waitlist
Tool delay > 3s	"Just one moment please..."
Medical question	Transfer to staff
Emergency	"Please hang up and call 911"
Frustrated caller	Transfer after 2 attempts

---

v1.2 — Hardening ✅

Goal: Production-grade reliability and security.

Technical Scope

Component	Status
Input Validation (Joi)	✅
Structured Logging (Pino)	✅
Circuit Breaker (Opossum)	✅
Health Checks (K8s-ready)	✅
Error Standardization	✅
Configuration Management	✅

---

v1.3 — Integration ✅

Goal: Production-ready Vapi integration and OSCAR improvements.

Functional Scope

Feature	Status
Bearer Token Authentication	✅
Phone Number Normalization	✅
Name Spelling Confirmation	✅
OSCAR Phone Search	✅
DB-Based Availability Endpoint	✅
Schedule Pattern Parsing	✅

---

v1.4 — Abstraction ✅

Goal: EMR-agnostic architecture for multi-EMR support.

Technical Scope

Component	Status
IEmrAdapter Interface	✅
BaseEmrAdapter Base Class	✅
OscarUniversalAdapter	✅
EmrAdapterFactory	✅
Data Transformers (Patient, Provider, Appointment)	✅
EmrService Integration Layer	✅
Feature Flags System	✅
224 Unit Tests	✅

---

v1.5 — Admin ✅

Goal: Multi-tenant admin dashboard with per-clinic EMR control.

Functional Scope

Feature	Status
React Admin UI	✅
Two User Roles (Vitara Admin, Clinic Manager)	✅
Clinic Management	✅
User Management	✅
Audit Logging	✅
Go-Live Workflow	✅
Demo Mode (emr_live = false)	✅

Technical Scope

Component	Status
PassportJS + JWT Authentication	✅
bcrypt Password Hashing	✅
Account Lockout	✅
RBAC Middleware	✅
admin_users Table	✅
audit_log Table	✅
Enhanced clinic_config	✅
125 New Unit Tests	✅

---

v2.0 — Squad Architecture ✅

Goal: Specialized multi-agent squad for cleaner call flows.

Functional Scope

Feature	Status
5-Agent Squad (Router, Booking, Reschedule, Cancel, Registration)	✅
6 new tool handlers	✅
English/Mandarin support	✅
Phonetic confirmation	✅
Emergency/frustration detection	✅

---

v2.1 — Admin Vapi Management ✅

Goal: Connect admin dashboard to Vapi squads and call log saving.

Functional Scope

Feature	Status
Vapi-Clinic database mapping (vapi_squad_id, vapi_assistant_id)	✅
Webhook clinic resolution (call → clinic lookup)	✅
Call log saving with end-of-call-report	✅
OSCAR providerId mapping fix	✅
EMR TEST/SYNC admin buttons	✅
37 integration tests passing	✅

---

v2.2 — Polish ✅

Goal: Improve booking flow and caller identification.

Functional Scope

Feature	Status
Caller phone auto-detection (server extracts real phone from call.customer.number)	✅
Booking-first flow (find slot immediately, refine on request)	✅
Past-date clamping (server-side)	✅
Provider name fuzzy matching	✅
Appointment type mapping (voice → type code)	✅

---

v2.3 — Production Hardening ✅

Goal: Production-grade voice quality and silent transfers.

Functional Scope

Feature	Status
6-agent squad (Router + Booking + Reschedule + Cancel + Registration + Confirmation)	✅
AssemblyAI Universal transcriber (all agents)	✅
ElevenLabs eleven_multilingual_v2 TTS (all agents)	✅
Silent transfers (patient doesn't hear handoff)	✅
Inline confirmation (no separate Confirmation agent needed)	✅
Slot collision checking before booking	✅
Non-numeric providerId handling ("any" / "任何")	✅

---

v3.0 — Dual-Track Bilingual ✅

Goal: Per-language STT/TTS with explicit language gate.

Functional Scope

Feature	Status
9-agent dual-track (Router + 4 roles x 2 langs)	✅
Explicit Router language gate (EN/ZH from first utterance)	✅
EN STT: Deepgram nova-2 en	✅
ZH STT: Deepgram nova-2 zh	✅
EN TTS: ElevenLabs multilingual_v2	✅
ZH TTS: Azure zh-CN-XiaoxiaoNeural	✅
ZH endpointing tuning (longer pauses for Mandarin)	✅
Reschedule + Cancel consolidated into Modification agent	✅
Confirmation agent eliminated (log_call_metadata absorbed)	✅
Vapi GitOps (config-as-code)	✅
callMetadataCache (in-memory bridge for end-of-call-report)	✅
v3 parameter support (demographicId, startTime ISO 8601)	✅
Appointment type validation (B/2/3/P, default B)	✅
Dual squad resolution (vapi_squad_id_v3 column)	✅
20 handoff routes across squad	✅

Technical Scope

Component	Status
Vapi GitOps directory (vapi-gitops/)	✅
9 assistant markdown prompts	✅
14 tool YAML definitions	✅
Squad YAML with handoff routing	✅
GitOps push script (npm run push:dev)	✅

---

v3.1 — Compliance ✅

Goal: Healthcare compliance controls — encryption, audit logging, data retention.

Technical Scope

Component	Status
AES-256-GCM credential encryption (lib/crypto.ts)	✅
Audit logging middleware (all POST/PUT/DELETE)	✅
Append-only audit log (no DELETE endpoint)	✅
Data retention scheduler (jobs/data-retention.ts, 3 AM daily)	✅
Configurable retention: transcripts 90d, call logs 365d	✅
Privacy officer fields in clinic config	✅
BAA tracking fields (baaVapiSigned, baaHostingSigned)	✅
ENCRYPTION_KEY required in production via Zod	✅

---

v3.2 — Security Hardening ✅

Goal: Production-grade security hardening for pilot/demo deployment.

v3.2.0 (February 11, 2026)

Component	Status
Multi-auth webhook: HMAC-SHA256 + API key + Bearer	✅
18 Zod validation schemas with .strict()	✅
Pino structured logging (replace all console.log)	✅
Helmet.js security headers	✅
Standardized error handler	✅
TypeScript rewrite (vapi-webhook.ts)	✅
Prisma ORM (13 models, single connection pool)	✅
Dead code removal (3 vapiEndpoints variants → 1)	✅

v3.2.1 (February 12, 2026) — Security Hardening Sprint

Component	Status
NODE_ENV=production enforced	✅
HMAC-SHA256 mandatory in production (fail-closed)	✅
addToWaitlist connected to database (was stub)	✅
PHI redacted from webhook logs (redactPhi())	✅
Auth middleware on all /api/oscar/* routes	✅
Graceful shutdown handler (SIGTERM/SIGINT, 10s drain)	✅

---

v4.0 — Onboarding Redesign ✅

Goal: Streamlined clinic onboarding with comprehensive validation and admin provisioning workflow.

Functional Scope

Feature	Status
Onboarding Flow Redesign
4-step flow: Clinic Details → EMR Connection → Business Hours → Validation	✅
EMR type selector (OSCAR, TELUS PS Suite, Accuro, Other)	✅
Non-OSCAR types saved with "coming soon" status	✅
Auto-pull OSCAR config after successful EMR test	✅
StepValidation (6 parallel checks)
EMR Connection check	✅
Provider Roster check	✅
Schedule Codes check	✅
Appointment Types check	✅
Sample Availability (live slot retrieval)	✅
Sample Patient Search (live search)	✅
Admin Provisioning
Pending Activation card on admin dashboard	✅
ClinicDetail provisioning checklist	✅
Clinic activation endpoint	✅
Pre-Launch Validation
10-point checks (7 blocking + 3 informational)	✅
OSCAR config sync freshness check	✅
Schedule data flow adapter validation	✅

Technical Scope

Component	Status
StepValidation.tsx (Promise.allSettled parallel checks)	✅
ClinicDetail.tsx (admin provisioning checklist)	✅
OscarConfig settings page	✅
onboarding.service.ts (10-point validation, completeOnboarding)	✅
8 new API endpoints (test-slots, test-patient-search, complete, activate, etc.)	✅
OscarBridgeAdapter rename (was OscarUniversalAdapter)	✅
New shared types (ValidationCheckResult, SlotTestResult, PatientSearchResult)	✅

---

Future Backlog (v4.1+)

High Priority (Pre-GA)

Feature	Description
Webhook integration tests	Zero test coverage on most critical code path
Monitoring + alerting	Prometheus/Grafana for production health visibility
Multi-tenant OSCAR wiring	Full OAuth creds per clinic in adapter (needed before 2nd clinic)
Appointment booking idempotency	Atomic check-and-create to prevent race conditions

Medium Priority

Feature	Description
ZH LLM Bake-off	Test alternatives to GPT-4o for Chinese track
JWT token revocation	Server-side blacklist (1h window acceptable for demo)
Redis-backed rate limiting	In-memory fine for single instance; needed for HA
Clinic timezone support	Hardcoded America/Vancouver; needed before non-BC clinic

Future Features

Feature	Description
French Canadian Track	FR track (4 new agents)
Cantonese Track	YUE track (4 new agents)
Multi-EMR Support	Telus Health, Accuro, MOIS adapters
Outbound Campaigns	Appointment reminders, recalls
SMS Confirmation	Text confirmation after booking
Analytics Dashboard	Call volume, success rates, language split
AI Summarization	Call summary sent to EMR notes

---

Release Notes

v4.0.0 (February 15, 2026)

• 4-step onboarding redesign (Clinic Details → EMR Connection → Business Hours → Validation)
• EMR type selector (OSCAR/TELUS PS Suite/Accuro/Other) with "coming soon" badges
• StepValidation with 6 parallel integration checks (EMR, providers, codes, types, slots, patient search)
• Admin provisioning workflow (pending activation card, provisioning checklist, activation endpoint)
• 10-point pre-launch validation (7 blocking + 3 informational)
• OSCAR config management (schedule codes, appointment types, config pull + sync tracking)
• OscarBridgeAdapter rename (was OscarUniversalAdapter)
• 8 new API endpoints, 48 files changed (+5239/-1005 lines)

v3.2.1 (February 12, 2026)

• NODE_ENV=production enforced (activates HMAC auth, encryption, Zod validation)
• addToWaitlist connected to database (was returning success without persisting)
• PHI redacted from all webhook logs via redactPhi() helper
• Auth middleware added to all /api/oscar/* routes (except /health)
• Graceful shutdown handler (10s drain on SIGTERM/SIGINT)
• Production launch backlog documented (11 items)

v3.2.0 (February 11, 2026)

• Multi-auth webhook: HMAC-SHA256 primary + API key + Bearer fallback
• 18 Zod validation schemas with .strict() enforcement
• Pino structured logging (replaced 48 console.log statements)
• Helmet.js security headers
• Standardized error handler with request correlation
• Full TypeScript rewrite of webhook handler (vapi-webhook.ts)
• Prisma ORM with 13 models (replaced 4 separate connection pools)
• Dead code removal (3 vapiEndpoints variants consolidated to 1)

v3.1.0 (February 11, 2026)

• AES-256-GCM credential encryption at rest (lib/crypto.ts)
• Audit logging middleware (captures all POST/PUT/DELETE mutations)
• Append-only audit log (no DELETE endpoint exposed)
• Data retention scheduler (node-cron, 3 AM daily)
• Configurable retention: transcripts 90 days, call logs 365 days
• Privacy officer and BAA tracking fields in clinic config

v3.0.0 (February 10, 2026)

• 9-agent dual-track EN/ZH squad architecture
• Explicit Router language gate
• Per-language STT: Deepgram nova-2 en / zh
• Per-language TTS: ElevenLabs (EN) / Azure Xiaoxiao (ZH)
• ZH endpointing tuning for Mandarin speech patterns
• Vapi GitOps (config-as-code) for all 9 assistants + 14 tools
• callMetadataCache bridging tool-call and end-of-call-report
• Modification agent consolidates reschedule + cancel
• Confirmation agent eliminated
• 20 handoff routes across squad

v2.3.0 (February 9, 2026)

• AssemblyAI Universal transcriber (replaces Deepgram multi)
• Silent transfers (patient doesn't hear handoff)
• Inline confirmation flow
• Slot collision checking
• Non-numeric providerId handling

v2.2.0 (February 6, 2026)

• Caller phone auto-detection (server extracts from call.customer.number)
• Booking-first flow (find slot immediately)
• Past-date clamping server-side
• Provider name fuzzy matching
• Appointment type mapping

v2.1.0 (February 3, 2026)

• Admin Vapi management endpoints
• Webhook call log saving with clinic resolution
• OSCAR providerId mapping fix
• EMR TEST/SYNC admin buttons
• 37 integration tests

v2.0.0 (February 2, 2026)

• 5-agent squad architecture (Router, Booking, Reschedule, Cancel, Registration)
• 6 new tool handlers
• Phonetic confirmation
• Emergency/frustration detection

v1.5.1 (January 16, 2026)

• Fixed API response pagination preservation
• Fixed frontend field name mapping (clinic_id, clinic_name)
• Added safeJsonParse helper for JSONB columns
• Fixed Nginx Authorization header forwarding
• Added seed data (5 clinics, 5 users, 22 audit logs)

v1.5.0 (January 14, 2026)

• React Admin UI with Vitara Admin and Clinic Manager roles
• PassportJS + JWT authentication with refresh tokens
• Account lockout after 5 failed attempts
• admin_users and audit_log tables
• Per-clinic emr_live flag for go-live workflow
• Demo mode when emr_live = false
• 125 new unit tests

v1.4.0 (January 14, 2026)

• EMR Abstraction Layer (adapter pattern)
• IEmrAdapter, BaseEmrAdapter, OscarUniversalAdapter
• EmrService integration layer
• Feature flags system (USE_EMR_ADAPTER)
• Patient, Provider, Appointment transformers
• 224 total unit tests

v1.3.2 (January 14, 2026)

• Admission records on patient registration
• Configuration centralization (env vars)
• Health check improvements
• Graceful shutdown

v1.3.1 (January 13, 2026)

• DB-based availability endpoint
• Schedule pattern parsing
• Voice agent integration improvements

v1.3.0 (January 13, 2026)

• Bearer Token Authentication for Vapi
• Phone number normalization
• Name spelling confirmation
• OSCAR phone search fix
• Deepgram Nova-3 transcriber

v1.2.0 (January 13, 2026)

• Input Validation (Joi schemas)
• Structured Logging (Pino)
• Circuit Breaker (Opossum)
• Health Checks (K8s-ready)
• Error Standardization

v1.1.0 (January 12, 2026)

• Added BC Health registration requirements (PHN, BC Services Card)
• Added get_clinic_info endpoint for registration status
• Added add_to_waitlist endpoint
• Improved delay handling (3-second threshold)
• Enhanced error messages for voice agent
• Documentation overhaul

v1.0.0 (December 29, 2025)

• Multi-clinic support with phone number routing
• PostgreSQL database for configuration
• New patient registration flow
• Waitlist management
• Mandarin Chinese language support
• Admin dashboard (basic)
• Call logging and analytics

v0.5.0 (December 19, 2025)

• Initial release
• Single-clinic appointment booking
• Patient lookup by phone and name
• OSCAR EMR integration (OAuth 1.0a)
• English language support
• Docker deployment

---

Next Steps

• Data Flow & Guardrails →
• What's Built →