@atomoz/workflows-nodes 0.1.25 → 0.1.27

package/dist/index.cjs

@@ -1,6 +1,8 @@
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -14,6 +16,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // index.ts
@@ -1088,7 +1098,7 @@ async function createLLMFromModel(modelConfig, authToken, streaming = false) {
     case "gemini":
       return new import_google_gauth.ChatGoogle({
         model: "gemini-flash-latest",
-        apiKey: "AIzaSyBzrL8Hx6dHhXgwc2HfLlQsf5Y-9pdtc9M",
+        apiKey: "AIzaSyAWj0Al2sVJ8vqaRN4UY7c6imAg7a3NbEc",
         streaming
       });
     case "openai":
@@ -1114,6 +1124,50 @@ async function createLLMFromModel(modelConfig, authToken, streaming = false) {
 }
 
 // src/utils/guardrail-executor.ts
+async function loadChatHistory(context) {
+  const checkpointer = context?.checkpointer;
+  const sessionId = context?.sessionId;
+  if (!checkpointer || !sessionId) {
+    console.log(`[GUARDRAIL] checkpointer=${!!checkpointer}, sessionId=${sessionId}`);
+    return null;
+  }
+  try {
+    console.log(`[GUARDRAIL] Carregando hist\xF3rico da mem\xF3ria (session: ${sessionId})`);
+    if (typeof checkpointer.setup === "function" && !checkpointer.isSetup) {
+      await checkpointer.setup();
+    }
+    let checkpoint = null;
+    if (typeof checkpointer.getTuple === "function") {
+      const tuple = await checkpointer.getTuple({ configurable: { thread_id: sessionId } });
+      checkpoint = tuple?.checkpoint;
+      console.log(`[GUARDRAIL] getTuple result:`, tuple ? "found" : "null");
+    }
+    if (!checkpoint && typeof checkpointer.get === "function") {
+      checkpoint = await checkpointer.get({ configurable: { thread_id: sessionId } });
+      console.log(`[GUARDRAIL] get result:`, checkpoint ? "found" : "null");
+    }
+    if (!checkpoint) {
+      console.log(`[GUARDRAIL] Nenhum checkpoint encontrado`);
+      return null;
+    }
+    console.log(`[GUARDRAIL] Checkpoint keys:`, Object.keys(checkpoint));
+    const messages = checkpoint?.channel_values?.messages || checkpoint?.values?.messages || checkpoint?.messages || [];
+    if (!messages || messages.length === 0) {
+      console.log(`[GUARDRAIL] Nenhuma mensagem no checkpoint`);
+      return null;
+    }
+    const historyLines = messages.map((m) => {
+      const role = m._getType?.() === "human" || m.type === "human" ? "Usu\xE1rio" : "Assistente";
+      const content = typeof m.content === "string" ? m.content : JSON.stringify(m.content);
+      return `${role}: ${content.slice(0, 200)}${content.length > 200 ? "..." : ""}`;
+    });
+    console.log(`[GUARDRAIL] Hist\xF3rico carregado: ${messages.length} mensagens`);
+    return historyLines.join("\n");
+  } catch (error) {
+    console.error(`[GUARDRAIL] Erro ao carregar hist\xF3rico:`, error);
+    return null;
+  }
+}
 async function executeGuardrails(guardrails, content, mode = "fail-first", context = {}) {
   const list = Array.isArray(guardrails) ? guardrails : [guardrails];
   const result = {
@@ -1199,44 +1253,90 @@ async function executeGuardrails(guardrails, content, mode = "fail-first", conte
       }
     } else if (guard.type === "model") {
       const { model, evaluationPrompt, name, actionInstruction } = guard;
+      console.log(`[GUARDRAIL LLM] Iniciando guardrail "${name}"`);
+      console.log(`[GUARDRAIL LLM] Conte\xFAdo a avaliar (${content.length} chars):`, content.slice(0, 200) + (content.length > 200 ? "..." : ""));
+      console.log(`[GUARDRAIL LLM] Action: ${guard.action}, Model dispon\xEDvel: ${!!model}`);
+      const chatHistory = await loadChatHistory(context);
+      if (chatHistory) {
+        console.log(`[GUARDRAIL LLM] Hist\xF3rico inclu\xEDdo no contexto`);
+      }
       if (model && typeof model.invoke === "function") {
         try {
           let prompt = evaluationPrompt;
+          console.log(`[GUARDRAIL LLM] Evaluation prompt base:`, (prompt || "").slice(0, 200));
           if (actionInstruction) {
             prompt += `
 
 INSTRU\xC7\xC3O ADICIONAL DE A\xC7\xC3O:
 ${actionInstruction}`;
+          }
+          if (chatHistory) {
+            prompt += `
+
+HIST\xD3RICO DA CONVERSA:
+${chatHistory}`;
           }
           if (prompt.includes("{{content}}")) {
             prompt = prompt.replace("{{content}}", content);
           } else {
             prompt = `${prompt}
 
-CONTE\xDADO PARA AVALIAR:
+CONTE\xDADO A AVALIAR (resposta atual):
 ${content}`;
           }
+          console.log(`[GUARDRAIL LLM] Chamando modelo...`);
           const response = await model.invoke(prompt);
           const resultText = typeof response.content === "string" ? response.content : String(response.content);
+          console.log(`[GUARDRAIL LLM] Resposta do modelo:`, resultText.slice(0, 300));
+          const isUnsafe = resultText.toUpperCase().includes("UNSAFE");
+          const isSafe = resultText.toUpperCase().startsWith("SAFE") || resultText.toUpperCase().includes("SAFE") && !isUnsafe;
           if (guard.action === "fix") {
-            if (resultText && resultText.trim() !== content.trim() && !resultText.includes("SAFE")) {
-              result.modifiedContent = resultText;
-              violationMessage = `Conte\xFAdo reescrito pelo guardrail "${name}".`;
-              result.violations.push({
-                name: guard.name,
-                message: violationMessage,
-                action: "fix"
-              });
+            if (isUnsafe) {
+              console.log(`[GUARDRAIL LLM] Modo FIX - Detectado UNSAFE, chamando modelo para corrigir...`);
+              const fixPrompt = `Voc\xEA \xE9 um corretor de conte\xFAdo. O texto abaixo foi marcado como UNSAFE por violar uma regra.
+
+REGRA VIOLADA:
+${evaluationPrompt}
+
+${actionInstruction ? `INSTRU\xC7\xC3O DE CORRE\xC7\xC3O:
+${actionInstruction}
+` : ""}
+
+CONTE\xDADO ORIGINAL:
+${content}
+
+Reescreva o conte\xFAdo corrigindo a viola\xE7\xE3o. Retorne APENAS o texto corrigido, sem explica\xE7\xF5es ou prefixos.`;
+              try {
+                const fixResponse = await model.invoke(fixPrompt);
+                const fixedContent = typeof fixResponse.content === "string" ? fixResponse.content : String(fixResponse.content);
+                console.log(`[GUARDRAIL LLM] Conte\xFAdo corrigido:`, fixedContent.slice(0, 300));
+                result.modifiedContent = fixedContent;
+                violationMessage = `Conte\xFAdo reescrito pelo guardrail "${name}".`;
+                result.violations.push({
+                  name: guard.name,
+                  message: violationMessage,
+                  action: "fix"
+                });
+              } catch (fixError) {
+                console.error(`[GUARDRAIL LLM] Erro ao corrigir conte\xFAdo:`, fixError);
+              }
+            } else {
+              console.log(`[GUARDRAIL LLM] Modo FIX - Conte\xFAdo aprovado (SAFE)`);
             }
           } else {
-            if (resultText.toUpperCase().includes("UNSAFE")) {
+            if (isUnsafe) {
               guardPassed = false;
               violationMessage = actionInstruction || `Modelo de avalia\xE7\xE3o "${name}" detectou viola\xE7\xE3o de seguran\xE7a/pol\xEDtica.`;
+              console.log(`[GUARDRAIL LLM] Resultado: UNSAFE - Bloqueado`);
+            } else {
+              console.log(`[GUARDRAIL LLM] Resultado: SAFE - Aprovado`);
             }
           }
         } catch (error) {
-          console.error(`Error executing model guardrail "${name}":`, error);
+          console.error(`[GUARDRAIL LLM] Erro ao executar guardrail "${name}":`, error);
         }
+      } else {
+        console.log(`[GUARDRAIL LLM] Model n\xE3o dispon\xEDvel ou n\xE3o \xE9 invoc\xE1vel para guardrail "${name}"`);
       }
     }
     if (!guardPassed) {
@@ -1300,7 +1400,7 @@ var IaAgentNodeFunction = async (inputs) => {
   let guardrailViolations = [];
   if (message && beforeGuardrails) {
     const preparedBefore = await prepareGuardrails(beforeGuardrails);
-    const context = { ...inputs, input: message };
+    const context = { ...inputs, input: message, checkpointer, sessionId };
     const beforeResults = await executeGuardrails(preparedBefore, message, guardrailMode, context);
     if (beforeResults.blocked) {
       console.log(`\u{1F6E1}\uFE0F IaAgentNode "${name}": Blocked by before-agent guardrail:`, beforeResults.message);
@@ -1502,7 +1602,7 @@ IMPORTANT: You must base your response on the last message in the conversation h
       }
       if (output && afterGuardrails) {
         const preparedAfter = await prepareGuardrails(afterGuardrails);
-        const context = { ...inputs, input: output };
+        const context = { ...inputs, input: output, checkpointer, sessionId };
         const afterResults = await executeGuardrails(preparedAfter, output, guardrailMode, context);
         if (afterResults.blocked) {
           console.log(`\u{1F6E1}\uFE0F IaAgentNode "${name}": Response blocked by after-agent guardrail:`, afterResults.message);
@@ -2391,8 +2491,271 @@ var WhatsappMessageTriggerNode = {
   ]
 };
 
+// src/utils/sandbox-executor.ts
+var ivmModule = null;
+async function getIVM() {
+  if (ivmModule !== null) return ivmModule;
+  try {
+    const mod = await import("isolated-vm");
+    ivmModule = {
+      Isolate: mod.Isolate || mod.default?.Isolate,
+      ExternalCopy: mod.ExternalCopy || mod.default?.ExternalCopy,
+      Reference: mod.Reference || mod.default?.Reference
+    };
+    if (!ivmModule.Isolate) {
+      console.warn("[Sandbox] isolated-vm Isolate n\xE3o encontrado");
+      return null;
+    }
+    return ivmModule;
+  } catch (e) {
+    console.warn("[Sandbox] isolated-vm n\xE3o dispon\xEDvel, usando fallback inseguro");
+    return null;
+  }
+}
+var DEFAULT_OPTIONS = {
+  timeout: 1e4,
+  memoryLimit: 128,
+  allowFetch: true
+};
+async function executeSandboxed(code, sandboxContext, options = {}) {
+  const opts = { ...DEFAULT_OPTIONS, ...options };
+  const ivm = await getIVM();
+  if (!ivm) {
+    return executeFallback(code, sandboxContext);
+  }
+  let isolate = null;
+  let context = null;
+  try {
+    isolate = new ivm.Isolate({ memoryLimit: opts.memoryLimit });
+    context = await isolate.createContext();
+    const jail = context.global;
+    await jail.set("globalThis", jail.derefInto());
+    await injectContextVariables(jail, sandboxContext, ivm);
+    await jail.set("__logRef", new ivm.Reference(function(...args) {
+      console.log("[Sandbox]", ...args);
+    }));
+    if (opts.allowFetch) {
+      await jail.set("__fetchRef", new ivm.Reference(async function(url, optionsJson) {
+        try {
+          const options2 = optionsJson ? JSON.parse(optionsJson) : {};
+          const res = await fetch(url, {
+            method: options2?.method || "GET",
+            headers: options2?.headers,
+            body: options2?.body
+          });
+          const contentType = res.headers.get("content-type") || "";
+          let data;
+          if (contentType.includes("application/json")) {
+            data = await res.json();
+          } else {
+            data = await res.text();
+          }
+          return JSON.stringify({
+            ok: res.ok,
+            status: res.status,
+            statusText: res.statusText,
+            data
+          });
+        } catch (error) {
+          return JSON.stringify({
+            ok: false,
+            status: 0,
+            statusText: "Network Error",
+            error: error.message
+          });
+        }
+      }));
+    }
+    const bootstrapCode = `
+            // Console
+            const console = {
+                log: (...args) => __logRef.applySync(undefined, args.map(a => typeof a === 'object' ? JSON.stringify(a) : String(a))),
+                warn: (...args) => __logRef.applySync(undefined, ['[WARN]', ...args.map(a => typeof a === 'object' ? JSON.stringify(a) : String(a))]),
+                error: (...args) => __logRef.applySync(undefined, ['[ERROR]', ...args.map(a => typeof a === 'object' ? JSON.stringify(a) : String(a))]),
+                info: (...args) => __logRef.applySync(undefined, args.map(a => typeof a === 'object' ? JSON.stringify(a) : String(a))),
+            };
+            globalThis.console = console;
+
+            ${opts.allowFetch ? `
+            // Fetch
+            globalThis.fetch = async (url, options = {}) => {
+                const optionsJson = JSON.stringify(options);
+                const resultJson = await __fetchRef.apply(undefined, [url, optionsJson], { result: { promise: true } });
+                const result = JSON.parse(resultJson);
+                
+                if (!result.ok && result.error) {
+                    throw new Error(result.error);
+                }
+                
+                return {
+                    ok: result.ok,
+                    status: result.status,
+                    statusText: result.statusText,
+                    json: async () => result.data,
+                    text: async () => typeof result.data === 'string' ? result.data : JSON.stringify(result.data),
+                };
+            };
+            ` : ""}
+
+            // Base64
+            globalThis.atob = (str) => {
+                const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
+                let output = '';
+                str = String(str).replace(/=+$/, '');
+                for (let i = 0; i < str.length; i += 4) {
+                    const enc1 = chars.indexOf(str.charAt(i));
+                    const enc2 = chars.indexOf(str.charAt(i + 1));
+                    const enc3 = chars.indexOf(str.charAt(i + 2));
+                    const enc4 = chars.indexOf(str.charAt(i + 3));
+                    const chr1 = (enc1 << 2) | (enc2 >> 4);
+                    const chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
+                    const chr3 = ((enc3 & 3) << 6) | enc4;
+                    output += String.fromCharCode(chr1);
+                    if (enc3 !== 64) output += String.fromCharCode(chr2);
+                    if (enc4 !== 64) output += String.fromCharCode(chr3);
+                }
+                return output;
+            };
+
+            globalThis.btoa = (str) => {
+                const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
+                str = String(str);
+                let output = '';
+                for (let i = 0; i < str.length; i += 3) {
+                    const chr1 = str.charCodeAt(i);
+                    const chr2 = str.charCodeAt(i + 1);
+                    const chr3 = str.charCodeAt(i + 2);
+                    const enc1 = chr1 >> 2;
+                    const enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
+                    const enc3 = isNaN(chr2) ? 64 : ((chr2 & 15) << 2) | (chr3 >> 6);
+                    const enc4 = isNaN(chr3) ? 64 : chr3 & 63;
+                    output += chars.charAt(enc1) + chars.charAt(enc2) + chars.charAt(enc3) + chars.charAt(enc4);
+                }
+                return output;
+            };
+        `;
+    const bootstrapScript = await isolate.compileScript(bootstrapCode);
+    await bootstrapScript.run(context);
+    const wrappedCode = wrapUserCode(code);
+    const finalCode = `
+            (async () => {
+                const __userResult = await (${wrappedCode});
+                // Serializa o resultado para poder transferir
+                if (__userResult === undefined) return '__UNDEFINED__';
+                if (__userResult === null) return 'null';
+                if (typeof __userResult === 'object') {
+                    return JSON.stringify({ __type: 'object', value: __userResult });
+                }
+                return JSON.stringify({ __type: typeof __userResult, value: __userResult });
+            })()
+        `;
+    const script = await isolate.compileScript(finalCode);
+    const rawResult = await script.run(context, {
+      timeout: opts.timeout,
+      promise: true
+    });
+    if (rawResult === "__UNDEFINED__") return void 0;
+    if (rawResult === "null") return null;
+    try {
+      const parsed = JSON.parse(rawResult);
+      return parsed.value;
+    } catch {
+      return rawResult;
+    }
+  } catch (error) {
+    if (error.message?.includes("Script execution timed out")) {
+      throw new Error("Tempo de execu\xE7\xE3o excedido (timeout)");
+    }
+    if (error.message?.includes("Isolate was disposed")) {
+      throw new Error("Execu\xE7\xE3o cancelada: limite de mem\xF3ria excedido");
+    }
+    throw new Error(`Erro na execu\xE7\xE3o do c\xF3digo: ${error.message || "Erro desconhecido"}`);
+  } finally {
+    if (context) {
+      try {
+        context.release();
+      } catch {
+      }
+    }
+    if (isolate) {
+      try {
+        isolate.dispose();
+      } catch {
+      }
+    }
+  }
+}
+async function injectContextVariables(jail, ctx, ivm) {
+  const safeClone = (value) => {
+    if (value === void 0 || value === null) {
+      return value;
+    }
+    try {
+      if (typeof value !== "object") {
+        return value;
+      }
+      return new ivm.ExternalCopy(value).copyInto();
+    } catch {
+      try {
+        return JSON.parse(JSON.stringify(value));
+      } catch {
+        return void 0;
+      }
+    }
+  };
+  await jail.set("input", safeClone(ctx.input));
+  await jail.set("context", safeClone(ctx.context ?? {}));
+  await jail.set("$inputs", safeClone(ctx.$inputs ?? {}));
+  await jail.set("$vars", safeClone(ctx.$vars ?? {}));
+  await jail.set("$field", safeClone(ctx.$field ?? {}));
+  await jail.set("request", safeClone(ctx.request));
+  await jail.set("params", safeClone(ctx.params));
+  await jail.set("__placeholders", safeClone(ctx.__placeholders ?? {}));
+}
+function wrapUserCode(code) {
+  const trimmed = code.trim();
+  if (trimmed.startsWith("return ")) {
+    return `(async function() { ${code} })()`;
+  }
+  const isSimpleExpression = !trimmed.includes("{") && !trimmed.includes("if ") && !trimmed.includes("for ") && !trimmed.includes("while ") && !trimmed.includes("function ") && !trimmed.includes("const ") && !trimmed.includes("let ") && !trimmed.includes("var ");
+  if (isSimpleExpression) {
+    return `(async function() { return ${code} })()`;
+  }
+  return `(async function() { ${code} })()`;
+}
+function executeFallback(code, ctx) {
+  console.warn("[Sandbox] Usando execu\xE7\xE3o INSEGURA (new Function). Instale isolated-vm para seguran\xE7a.");
+  const customFunction = new Function(
+    "input",
+    "context",
+    "request",
+    "params",
+    "$inputs",
+    "$vars",
+    "$field",
+    "__placeholders",
+    code
+  );
+  return customFunction(
+    ctx.input,
+    ctx.context,
+    ctx.request,
+    ctx.params,
+    ctx.$inputs,
+    ctx.$vars,
+    ctx.$field,
+    ctx.__placeholders
+  );
+}
+function looksLikeCode(code) {
+  if (typeof code !== "string") return false;
+  const c = code.trim();
+  if (c.length < 3) return false;
+  return /(return\s+|=>|function\s*\(|;|\n|\{|\})/.test(c);
+}
+
 // src/nodes/processors/custom-code.ts
-var NodeFunction = (params) => {
+var NodeFunction = async (params) => {
   let input = params?.inputValue ?? params?.input;
   const context = params && params.fieldValues ? params.fieldValues : params || {};
   let customCode = context?.customCode ?? params?.customCode;
@@ -2405,12 +2768,6 @@ var NodeFunction = (params) => {
       else if (firstInputField.value !== void 0) input = firstInputField.value;
     }
   }
-  const looksLikeCode = (code) => {
-    if (typeof code !== "string") return false;
-    const c = code.trim();
-    if (c.length < 3) return false;
-    return /(return\s+|=>|function\s*\(|;|\n|\{|\})/.test(c);
-  };
   if (typeof customCode === "string" && !looksLikeCode(customCode)) {
     if (input === void 0) input = customCode;
     customCode = "";
@@ -2418,18 +2775,25 @@ var NodeFunction = (params) => {
   if (!customCode || typeof customCode === "string" && customCode.trim() === "") {
     return input;
   }
-  try {
-    const $inputs = params?.results || {};
-    const $vars = context && context.variables || params?.variables || void 0;
-    const __placeholders = params?.__codePlaceholders ?? context?.__codePlaceholders;
-    const customFunction = new Function("input", "context", "request", "params", "$inputs", "$vars", "__placeholders", customCode);
-    const result = customFunction(input, context, params?.request, params, $inputs, $vars, __placeholders);
-    return result;
-  } catch (error) {
-    throw new Error(`Erro ao executar c\xF3digo customizado: ${error instanceof Error ? error.message : "Erro desconhecido"}`);
-  }
+  const sandboxContext = {
+    input,
+    context,
+    $inputs: params?.results || {},
+    $vars: context && context.variables || params?.variables || void 0,
+    request: params?.request,
+    params,
+    __placeholders: params?.__codePlaceholders ?? context?.__codePlaceholders
+  };
+  const result = await executeSandboxed(customCode, sandboxContext, {
+    timeout: 3e4,
+    // 30 segundos
+    memoryLimit: 128,
+    // 128MB
+    allowFetch: true
+  });
+  return result;
 };
-var CustomNodeFunction = (params) => {
+var CustomNodeFunction = async (params) => {
   const context = params && params.fieldValues ? params.fieldValues : params || {};
   const customCode = context?.customCode;
   if (!customCode || typeof customCode === "string" && customCode.trim() === "") {
@@ -2452,29 +2816,36 @@ var CustomNodeFunction = (params) => {
     }
     $field[fieldId] = value;
   });
-  try {
-    const $inputs = params?.results || {};
-    const $vars = context && context.variables || params?.variables || void 0;
-    const customFunction = new Function("$field", "context", "request", "params", "$inputs", "$vars", customCode);
-    const result = customFunction($field, context, params?.request, params, $inputs, $vars);
-    return result;
-  } catch (error) {
-    throw new Error(`Erro ao executar CustomNode: ${error instanceof Error ? error.message : "Erro desconhecido"}`);
-  }
+  const sandboxContext = {
+    $field,
+    context,
+    $inputs: params?.results || {},
+    $vars: context && context.variables || params?.variables || void 0,
+    request: params?.request,
+    params
+  };
+  const result = await executeSandboxed(customCode, sandboxContext, {
+    timeout: 3e4,
+    // 30 segundos
+    memoryLimit: 128,
+    // 128MB
+    allowFetch: true
+  });
+  return result;
 };
 var CustomCodeNode = {
   label: "Custom Code",
   type: "CustomCodeNode",
   category: "step",
   icon: "\u{1F4BB}",
-  description: "Node para executar c\xF3digo JavaScript customizado",
+  description: "Node para executar c\xF3digo JavaScript customizado (sandbox segura)",
   fields: [
     {
       id: "customCode",
       label: "C\xF3digo Customizado",
       type: "code",
       required: false,
-      placeholder: '// Seu c\xF3digo JavaScript aqui\n// Use "input" para acessar o valor de entrada\n// Use "context" para acessar os dados do n\xF3\nreturn input;'
+      placeholder: '// Seu c\xF3digo JavaScript aqui\n// Use "input" para acessar o valor de entrada\n// Use "context" para acessar os dados do n\xF3\n// fetch(), JSON, Math, Date est\xE3o dispon\xEDveis\nreturn input;'
     },
     {
       id: "input",
@@ -2751,7 +3122,7 @@ var FunctionGuardrailNode = {
         label: "Fun\xE7\xE3o",
         name: "function",
         fieldType: "function",
-        acceptTypes: ["code", "http", "any"],
+        acceptTypes: ["function", "code", "http", "any"],
         maxConnections: 1
       }
     },

package/dist/index.d.cts

@@ -183,8 +183,8 @@ declare const nodeFunctions: {
     AiSupervisorNode: (params: any) => Promise<any>;
     WhatsappNode: (fieldValues: any) => Promise<any>;
     WhatsappSendMessageNode: (fieldValues: any) => Promise<any>;
-    CustomCodeNode: (params: any) => any;
-    CustomNode: (params: any) => any;
+    CustomCodeNode: (params: any) => Promise<any>;
+    CustomNode: (params: any) => Promise<any>;
     PostgresMemoryNode: (inputs: any) => Promise<any>;
     RedisMemoryNode: (inputs: any) => Promise<any>;
     PromptGuardrailNode: (inputs: any) => Promise<any>;

package/dist/index.d.ts

@@ -183,8 +183,8 @@ declare const nodeFunctions: {
     AiSupervisorNode: (params: any) => Promise<any>;
     WhatsappNode: (fieldValues: any) => Promise<any>;
     WhatsappSendMessageNode: (fieldValues: any) => Promise<any>;
-    CustomCodeNode: (params: any) => any;
-    CustomNode: (params: any) => any;
+    CustomCodeNode: (params: any) => Promise<any>;
+    CustomNode: (params: any) => Promise<any>;
     PostgresMemoryNode: (inputs: any) => Promise<any>;
     RedisMemoryNode: (inputs: any) => Promise<any>;
     PromptGuardrailNode: (inputs: any) => Promise<any>;

package/dist/index.js

@@ -1008,7 +1008,7 @@ async function createLLMFromModel(modelConfig, authToken, streaming = false) {
     case "gemini":
       return new ChatGoogle({
         model: "gemini-flash-latest",
-        apiKey: "AIzaSyBzrL8Hx6dHhXgwc2HfLlQsf5Y-9pdtc9M",
+        apiKey: "AIzaSyAWj0Al2sVJ8vqaRN4UY7c6imAg7a3NbEc",
         streaming
       });
     case "openai":
@@ -1034,6 +1034,50 @@ async function createLLMFromModel(modelConfig, authToken, streaming = false) {
 }
 
 // src/utils/guardrail-executor.ts
+async function loadChatHistory(context) {
+  const checkpointer = context?.checkpointer;
+  const sessionId = context?.sessionId;
+  if (!checkpointer || !sessionId) {
+    console.log(`[GUARDRAIL] checkpointer=${!!checkpointer}, sessionId=${sessionId}`);
+    return null;
+  }
+  try {
+    console.log(`[GUARDRAIL] Carregando hist\xF3rico da mem\xF3ria (session: ${sessionId})`);
+    if (typeof checkpointer.setup === "function" && !checkpointer.isSetup) {
+      await checkpointer.setup();
+    }
+    let checkpoint = null;
+    if (typeof checkpointer.getTuple === "function") {
+      const tuple = await checkpointer.getTuple({ configurable: { thread_id: sessionId } });
+      checkpoint = tuple?.checkpoint;
+      console.log(`[GUARDRAIL] getTuple result:`, tuple ? "found" : "null");
+    }
+    if (!checkpoint && typeof checkpointer.get === "function") {
+      checkpoint = await checkpointer.get({ configurable: { thread_id: sessionId } });
+      console.log(`[GUARDRAIL] get result:`, checkpoint ? "found" : "null");
+    }
+    if (!checkpoint) {
+      console.log(`[GUARDRAIL] Nenhum checkpoint encontrado`);
+      return null;
+    }
+    console.log(`[GUARDRAIL] Checkpoint keys:`, Object.keys(checkpoint));
+    const messages = checkpoint?.channel_values?.messages || checkpoint?.values?.messages || checkpoint?.messages || [];
+    if (!messages || messages.length === 0) {
+      console.log(`[GUARDRAIL] Nenhuma mensagem no checkpoint`);
+      return null;
+    }
+    const historyLines = messages.map((m) => {
+      const role = m._getType?.() === "human" || m.type === "human" ? "Usu\xE1rio" : "Assistente";
+      const content = typeof m.content === "string" ? m.content : JSON.stringify(m.content);
+      return `${role}: ${content.slice(0, 200)}${content.length > 200 ? "..." : ""}`;
+    });
+    console.log(`[GUARDRAIL] Hist\xF3rico carregado: ${messages.length} mensagens`);
+    return historyLines.join("\n");
+  } catch (error) {
+    console.error(`[GUARDRAIL] Erro ao carregar hist\xF3rico:`, error);
+    return null;
+  }
+}
 async function executeGuardrails(guardrails, content, mode = "fail-first", context = {}) {
   const list = Array.isArray(guardrails) ? guardrails : [guardrails];
   const result = {
@@ -1119,44 +1163,90 @@ async function executeGuardrails(guardrails, content, mode = "fail-first", conte
       }
     } else if (guard.type === "model") {
       const { model, evaluationPrompt, name, actionInstruction } = guard;
+      console.log(`[GUARDRAIL LLM] Iniciando guardrail "${name}"`);
+      console.log(`[GUARDRAIL LLM] Conte\xFAdo a avaliar (${content.length} chars):`, content.slice(0, 200) + (content.length > 200 ? "..." : ""));
+      console.log(`[GUARDRAIL LLM] Action: ${guard.action}, Model dispon\xEDvel: ${!!model}`);
+      const chatHistory = await loadChatHistory(context);
+      if (chatHistory) {
+        console.log(`[GUARDRAIL LLM] Hist\xF3rico inclu\xEDdo no contexto`);
+      }
       if (model && typeof model.invoke === "function") {
         try {
           let prompt = evaluationPrompt;
+          console.log(`[GUARDRAIL LLM] Evaluation prompt base:`, (prompt || "").slice(0, 200));
           if (actionInstruction) {
             prompt += `
 
 INSTRU\xC7\xC3O ADICIONAL DE A\xC7\xC3O:
 ${actionInstruction}`;
+          }
+          if (chatHistory) {
+            prompt += `
+
+HIST\xD3RICO DA CONVERSA:
+${chatHistory}`;
           }
           if (prompt.includes("{{content}}")) {
             prompt = prompt.replace("{{content}}", content);
           } else {
             prompt = `${prompt}
 
-CONTE\xDADO PARA AVALIAR:
+CONTE\xDADO A AVALIAR (resposta atual):
 ${content}`;
           }
+          console.log(`[GUARDRAIL LLM] Chamando modelo...`);
           const response = await model.invoke(prompt);
           const resultText = typeof response.content === "string" ? response.content : String(response.content);
+          console.log(`[GUARDRAIL LLM] Resposta do modelo:`, resultText.slice(0, 300));
+          const isUnsafe = resultText.toUpperCase().includes("UNSAFE");
+          const isSafe = resultText.toUpperCase().startsWith("SAFE") || resultText.toUpperCase().includes("SAFE") && !isUnsafe;
           if (guard.action === "fix") {
-            if (resultText && resultText.trim() !== content.trim() && !resultText.includes("SAFE")) {
-              result.modifiedContent = resultText;
-              violationMessage = `Conte\xFAdo reescrito pelo guardrail "${name}".`;
-              result.violations.push({
-                name: guard.name,
-                message: violationMessage,
-                action: "fix"
-              });
+            if (isUnsafe) {
+              console.log(`[GUARDRAIL LLM] Modo FIX - Detectado UNSAFE, chamando modelo para corrigir...`);
+              const fixPrompt = `Voc\xEA \xE9 um corretor de conte\xFAdo. O texto abaixo foi marcado como UNSAFE por violar uma regra.
+
+REGRA VIOLADA:
+${evaluationPrompt}
+
+${actionInstruction ? `INSTRU\xC7\xC3O DE CORRE\xC7\xC3O:
+${actionInstruction}
+` : ""}
+
+CONTE\xDADO ORIGINAL:
+${content}
+
+Reescreva o conte\xFAdo corrigindo a viola\xE7\xE3o. Retorne APENAS o texto corrigido, sem explica\xE7\xF5es ou prefixos.`;
+              try {
+                const fixResponse = await model.invoke(fixPrompt);
+                const fixedContent = typeof fixResponse.content === "string" ? fixResponse.content : String(fixResponse.content);
+                console.log(`[GUARDRAIL LLM] Conte\xFAdo corrigido:`, fixedContent.slice(0, 300));
+                result.modifiedContent = fixedContent;
+                violationMessage = `Conte\xFAdo reescrito pelo guardrail "${name}".`;
+                result.violations.push({
+                  name: guard.name,
+                  message: violationMessage,
+                  action: "fix"
+                });
+              } catch (fixError) {
+                console.error(`[GUARDRAIL LLM] Erro ao corrigir conte\xFAdo:`, fixError);
+              }
+            } else {
+              console.log(`[GUARDRAIL LLM] Modo FIX - Conte\xFAdo aprovado (SAFE)`);
             }
           } else {
-            if (resultText.toUpperCase().includes("UNSAFE")) {
+            if (isUnsafe) {
               guardPassed = false;
               violationMessage = actionInstruction || `Modelo de avalia\xE7\xE3o "${name}" detectou viola\xE7\xE3o de seguran\xE7a/pol\xEDtica.`;
+              console.log(`[GUARDRAIL LLM] Resultado: UNSAFE - Bloqueado`);
+            } else {
+              console.log(`[GUARDRAIL LLM] Resultado: SAFE - Aprovado`);
             }
           }
         } catch (error) {
-          console.error(`Error executing model guardrail "${name}":`, error);
+          console.error(`[GUARDRAIL LLM] Erro ao executar guardrail "${name}":`, error);
         }
+      } else {
+        console.log(`[GUARDRAIL LLM] Model n\xE3o dispon\xEDvel ou n\xE3o \xE9 invoc\xE1vel para guardrail "${name}"`);
       }
     }
     if (!guardPassed) {
@@ -1220,7 +1310,7 @@ var IaAgentNodeFunction = async (inputs) => {
   let guardrailViolations = [];
   if (message && beforeGuardrails) {
     const preparedBefore = await prepareGuardrails(beforeGuardrails);
-    const context = { ...inputs, input: message };
+    const context = { ...inputs, input: message, checkpointer, sessionId };
     const beforeResults = await executeGuardrails(preparedBefore, message, guardrailMode, context);
     if (beforeResults.blocked) {
       console.log(`\u{1F6E1}\uFE0F IaAgentNode "${name}": Blocked by before-agent guardrail:`, beforeResults.message);
@@ -1422,7 +1512,7 @@ IMPORTANT: You must base your response on the last message in the conversation h
       }
       if (output && afterGuardrails) {
         const preparedAfter = await prepareGuardrails(afterGuardrails);
-        const context = { ...inputs, input: output };
+        const context = { ...inputs, input: output, checkpointer, sessionId };
         const afterResults = await executeGuardrails(preparedAfter, output, guardrailMode, context);
         if (afterResults.blocked) {
           console.log(`\u{1F6E1}\uFE0F IaAgentNode "${name}": Response blocked by after-agent guardrail:`, afterResults.message);
@@ -2311,8 +2401,271 @@ var WhatsappMessageTriggerNode = {
   ]
 };
 
+// src/utils/sandbox-executor.ts
+var ivmModule = null;
+async function getIVM() {
+  if (ivmModule !== null) return ivmModule;
+  try {
+    const mod = await import("isolated-vm");
+    ivmModule = {
+      Isolate: mod.Isolate || mod.default?.Isolate,
+      ExternalCopy: mod.ExternalCopy || mod.default?.ExternalCopy,
+      Reference: mod.Reference || mod.default?.Reference
+    };
+    if (!ivmModule.Isolate) {
+      console.warn("[Sandbox] isolated-vm Isolate n\xE3o encontrado");
+      return null;
+    }
+    return ivmModule;
+  } catch (e) {
+    console.warn("[Sandbox] isolated-vm n\xE3o dispon\xEDvel, usando fallback inseguro");
+    return null;
+  }
+}
+var DEFAULT_OPTIONS = {
+  timeout: 1e4,
+  memoryLimit: 128,
+  allowFetch: true
+};
+async function executeSandboxed(code, sandboxContext, options = {}) {
+  const opts = { ...DEFAULT_OPTIONS, ...options };
+  const ivm = await getIVM();
+  if (!ivm) {
+    return executeFallback(code, sandboxContext);
+  }
+  let isolate = null;
+  let context = null;
+  try {
+    isolate = new ivm.Isolate({ memoryLimit: opts.memoryLimit });
+    context = await isolate.createContext();
+    const jail = context.global;
+    await jail.set("globalThis", jail.derefInto());
+    await injectContextVariables(jail, sandboxContext, ivm);
+    await jail.set("__logRef", new ivm.Reference(function(...args) {
+      console.log("[Sandbox]", ...args);
+    }));
+    if (opts.allowFetch) {
+      await jail.set("__fetchRef", new ivm.Reference(async function(url, optionsJson) {
+        try {
+          const options2 = optionsJson ? JSON.parse(optionsJson) : {};
+          const res = await fetch(url, {
+            method: options2?.method || "GET",
+            headers: options2?.headers,
+            body: options2?.body
+          });
+          const contentType = res.headers.get("content-type") || "";
+          let data;
+          if (contentType.includes("application/json")) {
+            data = await res.json();
+          } else {
+            data = await res.text();
+          }
+          return JSON.stringify({
+            ok: res.ok,
+            status: res.status,
+            statusText: res.statusText,
+            data
+          });
+        } catch (error) {
+          return JSON.stringify({
+            ok: false,
+            status: 0,
+            statusText: "Network Error",
+            error: error.message
+          });
+        }
+      }));
+    }
+    const bootstrapCode = `
+            // Console
+            const console = {
+                log: (...args) => __logRef.applySync(undefined, args.map(a => typeof a === 'object' ? JSON.stringify(a) : String(a))),
+                warn: (...args) => __logRef.applySync(undefined, ['[WARN]', ...args.map(a => typeof a === 'object' ? JSON.stringify(a) : String(a))]),
+                error: (...args) => __logRef.applySync(undefined, ['[ERROR]', ...args.map(a => typeof a === 'object' ? JSON.stringify(a) : String(a))]),
+                info: (...args) => __logRef.applySync(undefined, args.map(a => typeof a === 'object' ? JSON.stringify(a) : String(a))),
+            };
+            globalThis.console = console;
+
+            ${opts.allowFetch ? `
+            // Fetch
+            globalThis.fetch = async (url, options = {}) => {
+                const optionsJson = JSON.stringify(options);
+                const resultJson = await __fetchRef.apply(undefined, [url, optionsJson], { result: { promise: true } });
+                const result = JSON.parse(resultJson);
+                
+                if (!result.ok && result.error) {
+                    throw new Error(result.error);
+                }
+                
+                return {
+                    ok: result.ok,
+                    status: result.status,
+                    statusText: result.statusText,
+                    json: async () => result.data,
+                    text: async () => typeof result.data === 'string' ? result.data : JSON.stringify(result.data),
+                };
+            };
+            ` : ""}
+
+            // Base64
+            globalThis.atob = (str) => {
+                const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
+                let output = '';
+                str = String(str).replace(/=+$/, '');
+                for (let i = 0; i < str.length; i += 4) {
+                    const enc1 = chars.indexOf(str.charAt(i));
+                    const enc2 = chars.indexOf(str.charAt(i + 1));
+                    const enc3 = chars.indexOf(str.charAt(i + 2));
+                    const enc4 = chars.indexOf(str.charAt(i + 3));
+                    const chr1 = (enc1 << 2) | (enc2 >> 4);
+                    const chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
+                    const chr3 = ((enc3 & 3) << 6) | enc4;
+                    output += String.fromCharCode(chr1);
+                    if (enc3 !== 64) output += String.fromCharCode(chr2);
+                    if (enc4 !== 64) output += String.fromCharCode(chr3);
+                }
+                return output;
+            };
+
+            globalThis.btoa = (str) => {
+                const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
+                str = String(str);
+                let output = '';
+                for (let i = 0; i < str.length; i += 3) {
+                    const chr1 = str.charCodeAt(i);
+                    const chr2 = str.charCodeAt(i + 1);
+                    const chr3 = str.charCodeAt(i + 2);
+                    const enc1 = chr1 >> 2;
+                    const enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
+                    const enc3 = isNaN(chr2) ? 64 : ((chr2 & 15) << 2) | (chr3 >> 6);
+                    const enc4 = isNaN(chr3) ? 64 : chr3 & 63;
+                    output += chars.charAt(enc1) + chars.charAt(enc2) + chars.charAt(enc3) + chars.charAt(enc4);
+                }
+                return output;
+            };
+        `;
+    const bootstrapScript = await isolate.compileScript(bootstrapCode);
+    await bootstrapScript.run(context);
+    const wrappedCode = wrapUserCode(code);
+    const finalCode = `
+            (async () => {
+                const __userResult = await (${wrappedCode});
+                // Serializa o resultado para poder transferir
+                if (__userResult === undefined) return '__UNDEFINED__';
+                if (__userResult === null) return 'null';
+                if (typeof __userResult === 'object') {
+                    return JSON.stringify({ __type: 'object', value: __userResult });
+                }
+                return JSON.stringify({ __type: typeof __userResult, value: __userResult });
+            })()
+        `;
+    const script = await isolate.compileScript(finalCode);
+    const rawResult = await script.run(context, {
+      timeout: opts.timeout,
+      promise: true
+    });
+    if (rawResult === "__UNDEFINED__") return void 0;
+    if (rawResult === "null") return null;
+    try {
+      const parsed = JSON.parse(rawResult);
+      return parsed.value;
+    } catch {
+      return rawResult;
+    }
+  } catch (error) {
+    if (error.message?.includes("Script execution timed out")) {
+      throw new Error("Tempo de execu\xE7\xE3o excedido (timeout)");
+    }
+    if (error.message?.includes("Isolate was disposed")) {
+      throw new Error("Execu\xE7\xE3o cancelada: limite de mem\xF3ria excedido");
+    }
+    throw new Error(`Erro na execu\xE7\xE3o do c\xF3digo: ${error.message || "Erro desconhecido"}`);
+  } finally {
+    if (context) {
+      try {
+        context.release();
+      } catch {
+      }
+    }
+    if (isolate) {
+      try {
+        isolate.dispose();
+      } catch {
+      }
+    }
+  }
+}
+async function injectContextVariables(jail, ctx, ivm) {
+  const safeClone = (value) => {
+    if (value === void 0 || value === null) {
+      return value;
+    }
+    try {
+      if (typeof value !== "object") {
+        return value;
+      }
+      return new ivm.ExternalCopy(value).copyInto();
+    } catch {
+      try {
+        return JSON.parse(JSON.stringify(value));
+      } catch {
+        return void 0;
+      }
+    }
+  };
+  await jail.set("input", safeClone(ctx.input));
+  await jail.set("context", safeClone(ctx.context ?? {}));
+  await jail.set("$inputs", safeClone(ctx.$inputs ?? {}));
+  await jail.set("$vars", safeClone(ctx.$vars ?? {}));
+  await jail.set("$field", safeClone(ctx.$field ?? {}));
+  await jail.set("request", safeClone(ctx.request));
+  await jail.set("params", safeClone(ctx.params));
+  await jail.set("__placeholders", safeClone(ctx.__placeholders ?? {}));
+}
+function wrapUserCode(code) {
+  const trimmed = code.trim();
+  if (trimmed.startsWith("return ")) {
+    return `(async function() { ${code} })()`;
+  }
+  const isSimpleExpression = !trimmed.includes("{") && !trimmed.includes("if ") && !trimmed.includes("for ") && !trimmed.includes("while ") && !trimmed.includes("function ") && !trimmed.includes("const ") && !trimmed.includes("let ") && !trimmed.includes("var ");
+  if (isSimpleExpression) {
+    return `(async function() { return ${code} })()`;
+  }
+  return `(async function() { ${code} })()`;
+}
+function executeFallback(code, ctx) {
+  console.warn("[Sandbox] Usando execu\xE7\xE3o INSEGURA (new Function). Instale isolated-vm para seguran\xE7a.");
+  const customFunction = new Function(
+    "input",
+    "context",
+    "request",
+    "params",
+    "$inputs",
+    "$vars",
+    "$field",
+    "__placeholders",
+    code
+  );
+  return customFunction(
+    ctx.input,
+    ctx.context,
+    ctx.request,
+    ctx.params,
+    ctx.$inputs,
+    ctx.$vars,
+    ctx.$field,
+    ctx.__placeholders
+  );
+}
+function looksLikeCode(code) {
+  if (typeof code !== "string") return false;
+  const c = code.trim();
+  if (c.length < 3) return false;
+  return /(return\s+|=>|function\s*\(|;|\n|\{|\})/.test(c);
+}
+
 // src/nodes/processors/custom-code.ts
-var NodeFunction = (params) => {
+var NodeFunction = async (params) => {
   let input = params?.inputValue ?? params?.input;
   const context = params && params.fieldValues ? params.fieldValues : params || {};
   let customCode = context?.customCode ?? params?.customCode;
@@ -2325,12 +2678,6 @@ var NodeFunction = (params) => {
       else if (firstInputField.value !== void 0) input = firstInputField.value;
     }
   }
-  const looksLikeCode = (code) => {
-    if (typeof code !== "string") return false;
-    const c = code.trim();
-    if (c.length < 3) return false;
-    return /(return\s+|=>|function\s*\(|;|\n|\{|\})/.test(c);
-  };
   if (typeof customCode === "string" && !looksLikeCode(customCode)) {
     if (input === void 0) input = customCode;
     customCode = "";
@@ -2338,18 +2685,25 @@ var NodeFunction = (params) => {
   if (!customCode || typeof customCode === "string" && customCode.trim() === "") {
     return input;
   }
-  try {
-    const $inputs = params?.results || {};
-    const $vars = context && context.variables || params?.variables || void 0;
-    const __placeholders = params?.__codePlaceholders ?? context?.__codePlaceholders;
-    const customFunction = new Function("input", "context", "request", "params", "$inputs", "$vars", "__placeholders", customCode);
-    const result = customFunction(input, context, params?.request, params, $inputs, $vars, __placeholders);
-    return result;
-  } catch (error) {
-    throw new Error(`Erro ao executar c\xF3digo customizado: ${error instanceof Error ? error.message : "Erro desconhecido"}`);
-  }
+  const sandboxContext = {
+    input,
+    context,
+    $inputs: params?.results || {},
+    $vars: context && context.variables || params?.variables || void 0,
+    request: params?.request,
+    params,
+    __placeholders: params?.__codePlaceholders ?? context?.__codePlaceholders
+  };
+  const result = await executeSandboxed(customCode, sandboxContext, {
+    timeout: 3e4,
+    // 30 segundos
+    memoryLimit: 128,
+    // 128MB
+    allowFetch: true
+  });
+  return result;
 };
-var CustomNodeFunction = (params) => {
+var CustomNodeFunction = async (params) => {
   const context = params && params.fieldValues ? params.fieldValues : params || {};
   const customCode = context?.customCode;
   if (!customCode || typeof customCode === "string" && customCode.trim() === "") {
@@ -2372,29 +2726,36 @@ var CustomNodeFunction = (params) => {
     }
     $field[fieldId] = value;
   });
-  try {
-    const $inputs = params?.results || {};
-    const $vars = context && context.variables || params?.variables || void 0;
-    const customFunction = new Function("$field", "context", "request", "params", "$inputs", "$vars", customCode);
-    const result = customFunction($field, context, params?.request, params, $inputs, $vars);
-    return result;
-  } catch (error) {
-    throw new Error(`Erro ao executar CustomNode: ${error instanceof Error ? error.message : "Erro desconhecido"}`);
-  }
+  const sandboxContext = {
+    $field,
+    context,
+    $inputs: params?.results || {},
+    $vars: context && context.variables || params?.variables || void 0,
+    request: params?.request,
+    params
+  };
+  const result = await executeSandboxed(customCode, sandboxContext, {
+    timeout: 3e4,
+    // 30 segundos
+    memoryLimit: 128,
+    // 128MB
+    allowFetch: true
+  });
+  return result;
 };
 var CustomCodeNode = {
   label: "Custom Code",
   type: "CustomCodeNode",
   category: "step",
   icon: "\u{1F4BB}",
-  description: "Node para executar c\xF3digo JavaScript customizado",
+  description: "Node para executar c\xF3digo JavaScript customizado (sandbox segura)",
   fields: [
     {
       id: "customCode",
       label: "C\xF3digo Customizado",
       type: "code",
       required: false,
-      placeholder: '// Seu c\xF3digo JavaScript aqui\n// Use "input" para acessar o valor de entrada\n// Use "context" para acessar os dados do n\xF3\nreturn input;'
+      placeholder: '// Seu c\xF3digo JavaScript aqui\n// Use "input" para acessar o valor de entrada\n// Use "context" para acessar os dados do n\xF3\n// fetch(), JSON, Math, Date est\xE3o dispon\xEDveis\nreturn input;'
     },
     {
       id: "input",
@@ -2671,7 +3032,7 @@ var FunctionGuardrailNode = {
         label: "Fun\xE7\xE3o",
         name: "function",
         fieldType: "function",
-        acceptTypes: ["code", "http", "any"],
+        acceptTypes: ["function", "code", "http", "any"],
         maxConnections: 1
       }
     },

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@atomoz/workflows-nodes",
-    "version": "0.1.25",
+    "version": "0.1.27",
     "description": "Atomoz Workflows - Node Library",
     "type": "module",
     "main": "./dist/index.js",
@@ -40,6 +40,7 @@
     },
     "dependencies": {
         "@langchain/core": "^0.3.66",
+        "isolated-vm": "^6.0.2",
         "@langchain/google-gauth": "^0.2.16",
         "@langchain/langgraph": "^0.4.3",
         "@langchain/langgraph-checkpoint-postgres": "^1.0.0",