In cisco secure firewall there is a feature named connection SLA monitoring.
The details can be seen at the youtube video:
https://youtu.be/KPp3BgBKm34

I was thinking about writing a set of scripts that will monitor a WAN connection and then dynamically modify the PBR mangle rules and routing tables.
In the case that RouterOS doesn't have the relevant tools we can use an external container to implement the tests and then to use the fetch tool to extract the raw DATA.
The tests results shown in the YT video for the sla are:
* RTT
* Jitter
* Packet loss

and also application based routing.
So, to apply application based routing it's much more complicated since we need to monitor or control the DNS requests or TLS information to identify the related connections such as for example: *.youtube.com or *.yahoo.com and related domains for a specific application.
The basic way to identify youtube related destinations in RouterOS is firewall address lists and or tls sni host but these are currently not available before the connections are initiated.
Also, in the case of TLS sni, a request can be crafted for www.youtube.com but with another destination ip address like 1.1.1.1:443 etc and the RouterOS device will "think" that it's a youtube domain.
So, we need to pre-populate the address lists with domains somehow.

To find the right domains and cidrs per application or group of applications we can try to use the technical details at:
https://github.com/ntop/nDPI/

which are pretty up to date and can be used to research the relevat cidrs and domain names to create such "application" list.

Also there is another thing which I was thinking about and it's the WAN connection active state monitoring using 3 http(s) requests to microsoft/google/apple/other urls.

If even 1 of the requests are OK then the connection is up.
If all 3 of them are down then the connection is down.

The implementation will rely on couple scripts and PBR.

If anyone is interested in helping with this feel free to put some thumbs up and I am also available at the discord channels.

You mention several different topics. Some quick thoughts:

1. /tool/netwatch with icmp monitors can monitor latency/RTT, and a script can modify PBRs to steer new connection over different route. You can use interval/count to spread the test over a long period so the netwatch calculation isn't based on some instantaneous reading. And you can have multiple netwatch too. But generally speaking netwatch is what you got "built in", so if you can use it, likely the best IMO.

2. For nDPI... I have not tried this... But why not just run nTop and along with its NetFlow collector as a container? While indirect, RouterOS can NetFlow data to nTop. And, with nTop running, the collected data from nDPI/nTop could be periodically exported to JSON or CSV, and be imported into RouterOS array and used in a netwatch script to make a routing decision.

3. One limit your up against in PBR and netwatch is neither can use /ip/firewall/address-list – /routing/rule only take raw IP/subnet, not RouterOS "lists". I believe you could use mangle rules to put them into a routing table first, and then have PBR match on the routing table (and potentially change it). But that begs the question if you need fine-grain control, firewall mangle rule are more flexible since they have the full compliment of matchers, while PBR is limited just src/dst address/etc.

You mention several different topics. Some quick thoughts:

...
3. One limit your up against in PBR and netwatch is neither can use /ip/firewall/address-list – /routing/rule only take raw IP/subnet, not RouterOS "lists". I believe you could use mangle rules to put them into a routing table first, and then have PBR match on the routing table (and potentially change it). But that begs the question if you need fine-grain control, firewall mangle rule are more flexible since they have the full compliment of matchers, while PBR is limited just src/dst address/etc.

Plain PBR in RouterOS from my tests doesn't work for routing decisions but rather for RouterOS local IP addresses.
The only option that I found can be used is routing marks.
PBR is based on mangle rules in general unless not possible.

About NTOP, it's an options but requires a price: https://shop.ntop.org/
So, instead of using NTOP I can use a product the does a similar thing like PA or FortiGate.
These should be able to do what I was thinking but I an not sure.
I have seen that Cisco have such an option but again the price might not worth it...
It's very easy for me to write the tooling to collect the DNS queries required to build the infrastructure for applications domains lists so I am not running to use NTOP or cisco or PA for now.

About the netwatch option, I do have the source address option but I cannot use hostnames for requests so it's pretty useless for some of my use cases.
I am working on a demo and when it will be finished I will post it.

Thanks for the response.

I have created a basic example for failover on RouterOS v7.15.2 in a lab with 4 WAN connections.
https://youtu.be/z5o8xBRttYo

There will be some updates later on.