Marketing Feature Brief
For the marketing team: what you can pitch safely, what needs a caveat, and what not to promise yet. Source: full codebase review. Last verified: July 4, 2026.
T-Chat (Tesark Chat SDK) is a multi-tenant, embeddable chat product: a drop-in React SDK, a Supabase-powered backend, and an admin dashboard for the customer’s team.
Safe to pitch — shipped and working end-to-end
Core messaging
- Realtime 1:1 and group conversations (delivery via Supabase Realtime)
- Replies/quotes, @mentions, emoji reactions, in-thread message search
- Message edit and delete (1-hour window), optimistic sending
- Attachments: images, video, files — with secure signed download links
- Link previews (server-side, privacy-safe scraping)
- Presence (who’s online), typing indicators, read receipts, unread badges
- System announcements and event timeline messages (e.g. “X joined”) injectable by the host app
Built-in moderation (baseline)
- Every message passes through a moderation pipeline before it lands: profanity filtering, contact-info detection, and custom wordlists — always on, per tenant
Integration & platform
- React SDK published to npm — drop-in
<ChatPanel>plus composable hooks/components, themeable - Clean server-to-server API: scoped API keys, user provisioning, conversation management
- Secure end-user auth: short-lived JWTs minted by the customer’s backend
- Multi-tenant isolation enforced at the database level (row-level security)
Admin dashboard
- Tenant, user, and conversation management; API key lifecycle (create/revoke, scopes, expiry)
- Operator review mode: support staff can open any conversation read-only (time-boxed, audited)
- Webhooks to the customer’s backend (signed, with test ping) — currently for stale-unread alerts
- Full audit trail of admin and API actions
- Usage & plan visibility: live meters for MAU, messages, storage, bandwidth
- Integration snippets, API/chat playgrounds, dark mode
Plans (implemented in product)
- Sandbox (free), Starter $99/mo, Pro $299/mo, Enterprise (custom) — limits enforced per plan; over-limit tenants are gracefully frozen (read-only) rather than cut off
Pitch with a caveat — works, but conditional
| Feature | Reality — how to phrase it |
|---|---|
| AI-assisted moderation | AI harm detection runs only when an OpenAI key is configured; wordlist moderation is always on. Say “AI-assisted moderation available”, not “all messages AI-screened”. |
| Browser push notifications | Fully built, but requires per-deployment setup (VAPID keys + a service worker in the host app). Say “supported”, not “out of the box”. |
| Email digests (unread summaries) | Cron + email integration exists; requires email provider configuration. |
| Usage alerts | Over-limit freeze works; the 80%-usage warning email is not sent yet (in-dashboard alert only). |
Do NOT pitch yet — not built
- Self-serve payments / checkout — upgrades are handled manually (“contact us”); no Stripe integration
- Moderation settings UI — customers cannot edit moderation rules/wordlists from the dashboard yet (backend supports it; UI/API pending)
- User blocking (end-user blocks another user)
- Analytics dashboards
- SSO / Enterprise SLAs
conversation.member_addedwebhook — listed in the catalog as “coming soon”
If any of these come up in a pitch, position them as roadmap, not product.
Feature status checklist
Done
- Operator onboarding & tenant creation — signup creates operator, sandbox tenant, membership, default moderation config
- Message sending with realtime — send/edit via moderated API; delivery, reads, reactions, deletes via Supabase Realtime + RLS
- DM & group conversations — CRUD, members, permissions, archive, nicknames, group icons, external IDs
- Message features — replies/quotes, @mentions, in-thread search, 1-hour edit/delete window, optimistic sends
- Reactions (emoji, realtime)
- Attachments — image/video/file upload with signed download URLs and storage/bandwidth metering
- Link previews (server-side OG scraping)
- Presence, typing indicators, read receipts, unread counts
- System & event messages — host-injected announcements and timeline event lines
- API key management — hashed keys, scopes, expiry, revocation
- End-user auth — API-key-minted 6h JWTs with MAU metering
- Review sessions / operator read-only chat — 1h reviewer JWTs, audited
- Host webhooks — endpoint CRUD, signing secrets, test ping, stale-unread delivery
- Billing & plans (read side) — plan tiers, billing periods, usage meters, past-due handling, commercial-freeze UX in SDK
- Admin dashboard — tenants, users, conversations (with review drawer), API keys, webhooks, audit log, integration snippets, playgrounds, dark mode
- Audit trail & cron job telemetry
Partial (gated or incomplete)
- AI harm moderation — only when OpenAI key configured; wordlists always on
- Web push notifications — needs VAPID keys + host service worker
- Email digests — needs email provider (Resend) configuration
- Usage cap enforcement — freeze works; 80%-threshold alert emails deferred
- JWT refresh — host must re-mint tokens; SDK exposes a refresh callback only
Not built (promised/planned only)
- Self-serve payments / Stripe checkout
- Moderation config dashboard UI
- User blocking
- Analytics dashboards
- SSO / Enterprise SLAs
-
conversation.member_addedwebhook
Domain explanations
Tenant, plans & billing
A tenant is one customer workspace (an app that embeds the chat). Everything — users, conversations, API keys, webhooks, usage — is scoped to a tenant, with isolation enforced at the database level via row-level security. Dashboard operators are linked to tenants through memberships; one operator can own several tenants and switch between them.
Each tenant points at a plan tier (sandbox, starter, pro, enterprise) that defines its limits (MAU, messages, storage, bandwidth). Commercial state is tracked in billing records (provider link, trial, overrides), billing periods (active/past-due cycles), and per-period usage metering — counters incremented as tokens are minted, messages sent, and attachments transferred. When a period goes past due, the tenant is commercially frozen: the SDK shows a banner and sending/typing are disabled, while reading stays available. There is no payment processor integration yet; upgrades are handled manually via a contact flow.
Messages & conversations
A conversation is a DM or group thread, with a members table carrying per-member permissions and nicknames. Messages belong to a conversation and come in three kinds: user (normal chat), system (host announcements), and event (timeline lines like “X joined”). Messages support replies, mentions, reactions, attachments, and soft deletion.
The write and read paths are deliberately different:
- Send/edit goes through the moderation API so every message passes moderation (wordlist + optional AI harm check), the billing freeze check, and usage metering before insert.
- Everything else (reading history, realtime delivery, reactions, deletes, typing, presence, read receipts) talks to Supabase directly under RLS via Realtime channels — the API server is never in that hot path.
Auth model (three lanes)
- API key (server-to-server): the customer’s backend provisions users, manages conversations, and mints end-user JWTs.
- End-user JWT (6h): powers the React SDK for a specific user; a reviewer variant grants 1-hour read-only access.
- Dashboard auth (operator session or admin secret): powers the admin dashboard.
One-paragraph elevator pitch (safe version)
T-Chat is a drop-in chat SDK for React apps: realtime 1:1 and group messaging with reactions, replies, mentions, attachments, link previews, presence, typing, and read receipts — all with built-in message moderation and strict per-tenant data isolation. Your backend keeps control through a clean API and signed webhooks, while your team gets an admin dashboard with audited read-only conversation review, API key management, and live usage metering. Plans from a free sandbox to enterprise.