Mekari Action (AI Agent)
Give the Qontak AI Agent a self-service way to take actions in other Mekari products (Talenta, Jurnal, Desty) during a conversation, granted via a one-time, scope-limited SSO Super Admin approval and authenticated with HMAC. The goal is to make cross-product agent capability a configuration step for non-technical builders — not a custom engineering build — so Qontak can be sold bundled with sister Mekari products (PUMA cross-tribe selling).
QA Lane
Lane B — keeps a human QA gate. Security/isolation: cross-product SSO approval and HMAC-authenticated action calls. No E2E test specs exist for this initiative yet, so the Lane-A entry bar (100% E2E, spec-mapped coverage) is unmet regardless. Classified 2026-06-29.
One of three sibling "action" initiatives. They share one Action drawer (IA) but differ in what they target and how they authenticate:
Initiative Targets Auth Drawer groups Mekari Action (this) Other Mekari products HMAC + SSO Super Admin approval Mekari Talenta / Jurnal / Desty Qontak Action Qontak's own features Company token Mekari Qontak Native Integration Third-party apps outside Mekari OAuth / per-provider Other integration
Master index (ANCHOR)
mekari-action-anchor.md— the ANCHOR PRD: the initiative master index (identity, Phase Index, north-star metrics, decisions). It carries no acceptance criteria of its own (those live in the Phase PRDs), so it sits at the initiative root rather than underprds/. Synced with the Confluence Mekari Action — ANCHOR (v1.3) and reconciled against code — it carries a Development Status section: the HMAC auth foundation is shipped (BOT-4210); the SSO approval flow and the Talenta/Jurnal/Desty action catalog are next. Phase 1's PRD is still to be imported underprds/; the first per-product action PRD (Jurnal Create SO/SI) is imported and listed in the anchor's Product Action Catalog.
Phases
| Phase | Goal | Status | Epic |
|---|---|---|---|
| Phase 1 — Action Picker + One-Time Approval | Self-service grant of scope-limited cross-product Mekari Actions during agent config | In progress — HMAC foundation shipped (BOT-4210); approval flow + Talenta/Jurnal/Desty actions pending | BOT-4210 (foundation) |
| Phase 2 — Credential Rotation, Revocation, Re-Consent | Proactive credential rotation, admin revocation UI, re-consent on scope change | Planned | TBD |
| Phase 3 — Multi-Credential per Company + Audit Log | Multiple credential sets per company + runtime action audit log | Planned | TBD |
Contents
prds/— Phase PRDs and per-product action PRDs (each with its own ACs → Jira Epic) land here.prds/jurnal-create-sales-order-invoice.md— Jurnal: Create Sales Order & Sales Invoice (first per-product action; DRAFT).
rfcs/— Request for Comments (technical design proposals).tests/— E2E / acceptance test specs.delivery/— TPM program-management docs (timeline, status, decisions).