Current Solution

TAKU Web is a Next.js console for managing businesses, WhatsApp phone records, bots, schedules, and bot assignments.

TAKU API Service is a separate Express + TypeScript API. It owns the current TAKU data model and stores records in a local JSON file while we design the production model.

WA Service remains the WhatsApp runtime. It manages WhatsApp sessions, QR pairing, message transport, and bot reply dispatch.

TAKU Web loads businesses, WhatsApp connections, bots, and bot assignments from TAKU API.

The client-user onboarding wizard at `/onboarding` creates records from the values the user submits. Its fourth step is QR pairing: it creates a phone record, creates an active starter bot, assigns that bot to the phone, requests a WA Service QR, and opens Admin after the phone connects.

Creating a phone in the console persists a WA connection record in TAKU API.

Creating a bot persists a bot record in TAKU API.

Pairing actions in onboarding and admin call TAKU API, and TAKU API calls WA Service for connection creation, start, status, and QR.

Admin can unlink a phone by asking TAKU API to reset the WA Service session and clear the local phone pairing state.

Stopping a phone marks the automation inactive in WA Service. The WhatsApp socket can remain connected, but TAKU bot replies are skipped while active is false.

For incoming messages on TAKU-managed WA connections, WA Service resolves the active bot assignment from TAKU API and sends that bot's instructions to Bot Service.

WA Service enforces the phone active schedule before calling Bot Service. No schedule means always active.

Changing bot status, changing phone state, editing schedules, and assigning bots to phones are persisted through TAKU API.

TAKU API returns account entitlements with businesses. Trial accounts last 30 days, can create one bot, and cannot use schedules. Paid accounts can use all current features.

Suspended client accounts see a blocking payment prompt in Admin. Superowners can still inspect suspended accounts.

Superowners see a Users & Payments panel in Admin with client users, business account status, and the latest stored payment record.

The payment screen at `/payment` creates a Mercado Pago Checkout Pro preference through TAKU API, redirects the user to Mercado Pago, and confirms approved returned payments before marking the business as paid. A local dev mock button remains available in development.

Mercado Pago can also call `POST /v1/billing/mercadopago/webhook`; TAKU API verifies the webhook signature when configured, fetches the payment from Mercado Pago, stores it, and activates the linked business when approved.

Approved Mercado Pago and mock payments are persisted in TAKU API and linked to the business account before the account is activated.

QR and Start are now routed through WA Service, but they require WA Service to be running and configured with matching service credentials.

Bot runtime depends on Bot Service and the configured AI provider being available.

TAKU Web now signs in through TAKU API and sends a bearer session token. Passwords are still development-level shared credentials until real user password storage exists.

Existing local JSON data can contain older test records. A clean TAKU API data file now starts empty instead of seeding demo businesses, phones, bots, or members.

TAKU Web reads the API location and shared dev token from `apps/taku-web/.env`. The current API target is `http://localhost:3010`.

NEXT_PUBLIC_TAKU_API_BASE_URL=http://localhost:3010
NEXT_PUBLIC_TAKU_API_KEY=taku-local-dev-token

TAKU_WEB_BASE_URL=http://localhost:3003
MERCADOPAGO_ACCESS_TOKEN=your-mercado-pago-access-token
MERCADOPAGO_USE_SANDBOX=true

Because these values are `NEXT_PUBLIC_`, the browser can see the API allow-token. User scope is carried by a signed TAKU session token after login.

Requests to `/v1/*` must include the configured `x-api-key`.

curl -s \
  -H 'x-api-key: taku-local-dev-token' \
  http://localhost:3010/v1/businesses