A complete, scannable index of what MessageFoundry does in v0.1 Early Access, grouped by area. Want the story behind each capability? The detailed features page walks through them. What's planned for 0.2 and beyond is in its own table at the end.
| Feature | What it does |
|---|---|
| Open source & no lock-in | |
| AGPL-3.0-or-later | Open license — read it, run it, fork it. A low-cost commercial edition is available when the AGPL doesn't fit. |
| Configuration as code | Connections, Routers, and Handlers are diffable, reviewable modules — wizard-generated or hand-written. The database holds runtime state and messages only, never configuration. |
| Standard databases | No proprietary data platform required, and no proprietary scripting language to staff for. |
| No runtime or contract lock-in | Self-hosted, on your infrastructure, on your terms. |
| Reliability | |
| Durable before acknowledged | The inbound is ACKed only after the received message is committed to the store on ingest, so an accepted message survives a crash before any processing begins. |
| At-least-once delivery | Every accepted message is delivered at least once; nothing is silently dropped. |
| Ordered (FIFO) delivery | Messages to a given destination are delivered first-in, first-out, preserving per-connection sequence. |
| Per-outbound workers | Each destination drains independently; one slow or failing peer never blocks the others. |
| Automatic retries & failure policy | Back off and retry on a configurable policy, then dead-letter, with a bulk-replay view for recovery. |
| Replay | Re-drive a stored message through delivery from the console or API. |
| Automatic crash recovery | After a restart or crash, in-flight messages resume from the durable store with no manual cleanup. |
| Nothing silently dropped | Every message is persisted on ingest, then processed to a recorded disposition — routed, filtered, or unrouted. |
| Message formats | |
| HL7 v2, deeply parsed | Full parsing and validation: fast and tolerant on the hot path, strict and version-aware where you opt in — built to expect real-world, non-conformant HL7. |
| JSON, XML/SOAP, X12/EDI & arbitrary payloads | Routed, transformed, enriched, and delivered alongside HL7 v2 (these flow through without structural parsing). |
| Encoding read from the message | For HL7 v2, the field, component, repetition, escape, and subcomponent separators come from MSH, never hardcoded. |
| Raw message preserved | Kept alongside the transformed form, so an operator always sees exactly what arrived. |
| Parse failures isolated | Routed to the error / dead-letter path and logged, so a bad message never takes down the connection. |
| Connections | |
| MLLP | Correct 0x0B … 0x1C 0x0D framing, inbound and outbound, with ACK/NAK generation (AA / AE / AR) and a per-connection ack mode. |
| TCP | Raw stream endpoints. |
| HTTP / REST & SOAP destinations | Deliver to modern and legacy web-service APIs. (Inbound REST/SOAP listeners are on the roadmap.) |
| Files — local & SFTP / FTP / FTPS | Local directories and remote file transfer, with templated output names (e.g. {MSH-10}.hl7). |
| Database | Poll records in and write results out. |
| Count-and-log invariant | Every message a connection takes in or puts out is counted and logged; a router or filter decision is a recorded outcome (UNROUTED / FILTERED), never a silent drop. |
| Routing & transformation | |
| One-to-many routing with filtering | Fan a message out to multiple destinations, or filter it out entirely; every decision is a recorded outcome. |
| Transform, enrich, validate | Reshape and augment messages mid-flight, with validation where you want it. |
| Reference tables & live lookups | Enrich from static reference / lookup tables, or query a live database during processing. |
| Guided wizards or pure functions | New Connection / New Route wizards generate the wiring, or write Routers and Handlers as plain functions registered by name — no proprietary DSL. |
| Dry-run with before/after diff | Preview a route's effect on a real message before it ships. |
| Security & PHI | |
| Authentication | Local accounts and Active Directory (LDAP / Kerberos) sign-in, with opaque, revocable sessions. |
| RBAC | Fixed built-in roles, deny-by-default, with per-route and per-channel scoping. |
| Localhost-bound API | The API binds 127.0.0.1 by default and requires authentication. |
| TLS in transit | The API and MLLP run over TLS (including MLLP-over-TLS), so PHI never crosses the network in the clear. |
| Tamper-evident audit log | A hash-chained, user-attributed record of every PHI access (raw view, summary, replay), with a verification command. |
| Encryption at rest | Message bodies are encrypted with AES-256-GCM in the store. |
| Retention & purge | Keep messages as long as policy requires, then purge on a configurable schedule. |
| Tooling — console, editor & CLI | |
| Admin console | Dashboards, message search and browse, an HL7 parse-tree viewer, delivery and audit trail, and one-click replay — a separate app reaching the engine only over the localhost API. |
| VS Code extension | Completion, live HL7-aware validate-on-save, a graph view of your integration, source-control integration, and Stage → Promote to a running engine. |
| CLI & localhost API | messagefoundry serve exposes connection control, message search/detail, replay, stats, and a live WebSocket feed; check gates commits and generate produces synthetic HL7. |
| Alerting | Webhook and email alerts when a connection stalls or a message dead-letters. |
| Hot-reload & environment promotion | Configuration hot-reload, with DEV/PROD values layering over the same modules. |
| ACK modes & guards | Configurable ACK modes plus message-size and segment guards. |
| Authoring & AI assist | |
| Setup wizards | Guided New Connection and New Route flows that generate the Python for you — guided authoring whose output is plain code you own and review. |
| PHI-safe AI assistance | An in-editor assistant governed by a central, environment-aware policy that sends only code, never message bodies, gated by RBAC. |
| AI-assisted migration | Paste existing Mirth / Cloverleaf / Rhapsody logic and the assistant helps you express it as Python — code-only and governed. |
| Test & verify | |
| Interactive test bench | Send / receive / file / compose / monitor tools for driving inbound and outbound endpoints by hand. |
| Headless scenario runner | Assert routing and transform behavior on every commit, in CI. |
| Test Bench dry-runs in VS Code | Run .hl7 files through a route with before/after diffs. |
| Synthetic HL7 generator | Realistic, PHI-free messages for load and edge-case testing. |
check commit gate | Validate configuration before it ships. |
| CI/CD | |
| Pull-request review | Every interface change is a readable diff your team approves, with full history and instant rollback. |
| Build gate | messagefoundry check validates config and dry-runs messages, failing the build on a broken route before it merges. |
| Automated tests in CI | A headless scenario runner asserts the engine's outcome on synthetic data in GitHub Actions, GitLab CI, Jenkins, or Azure DevOps. |
| Reproducible promotion | Only a reviewed, green change is promoted to each environment, so production matches git — no config drift. |
| Auditable by default | Reviewed, tested, timestamped change control, the way compliance already expects it. |
| Message store — three backends, one contract | |
| SQLite | The zero-config, single-node default — WAL, one file, no server to run. The baseline every other backend matches byte-for-byte. |
| PostgreSQL | The production server-DB for horizontal scale-out: many engine hosts share one store, with leader election, strict per-lane FIFO ordering, and failover/HA. |
| SQL Server | A first-class production backend at parity with PostgreSQL — the same staged pipeline, concurrency-safe claiming, row leases, and multi-node HA. |
| One Store contract | The same at-least-once model — dispositions, retries, replay, audit, encryption at rest, and retention/purge — runs across all three backends. |
| High availability | |
| Active-passive failover | A standby promotes on primary failure; in-flight work resumes from the durable store. |
| No message loss | Failover picks up from committed state, so nothing accepted is dropped. |
| Database-tier HA | PostgreSQL streaming replication or SQL Server Always On availability groups back the store. |
| Runs in your environment | On-premises, on your infrastructure, on your DR terms. |
| Deploy & support | |
| Windows service via NSSM | Install / uninstall scripts included. |
| Headless engine | No GUI imports; testable and runnable as a service. |
| One config, many environments | DEV/PROD values layer over the same Python modules. |
| Support & consulting | Commercial support and expert HL7 + Python consulting — migration assistance, custom connectors, and operational guidance. |
Everything in this table ships in v0.1 Early Access and is described in present tense as what the engine does. Early Access has not yet had an external code review or penetration test. For the full narrative behind each item, see the features page.
Not in v0.1 Early Access. Listed here so the table above stays honest about today versus tomorrow.
| Planned | What it adds |
|---|---|
| Scale-out | |
| Active-active clustering | Horizontal throughput across active nodes, beyond today's active-passive HA. |
| Partition-key parallelism | Ordered lanes per key (e.g. per patient) for parallel processing without losing per-key order. |
| Connectivity & standards | |
| Inbound REST & SOAP listeners | Accept inbound web-service calls, complementing today's outbound REST/SOAP destinations. |
| FHIR | FHIR support alongside HL7 v2. |
| OAuth 2.0, SMART on FHIR & SSO federation | OIDC/SAML and AD FS/Entra ID single sign-on. |
| More databases | MySQL/MariaDB and Oracle as additional store backends. |
| Security & operations | |
| Multi-factor authentication | MFA on top of the existing local and Active Directory sign-in. |
| Built-in de-identification | Native PHI de-identification. |
| Structured logging & SIEM forwarding | Machine-readable logs forwarded to a SIEM. |
| Expanded console | A dead-letter page, alert management, and a multi-engine view. |
| Managed BAA-backed AI provider | A hosted AI option covered by a Business Associate Agreement. |
| Independent external review | An independent external code review and penetration test. |
