@atomoz/workflows-nodes 0.1.26 → 0.1.28

package/dist/index.cjs

@@ -1,6 +1,8 @@
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -14,6 +16,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // index.ts
@@ -26,7 +36,13 @@ __export(index_exports, {
   AiToolNodeFunction: () => AiToolNodeFunction,
   AiToolNodeSchema: () => AiToolNodeSchema,
   BodyFieldSchema: () => BodyFieldSchema,
+  ChatLogNode: () => ChatLogNode,
+  ChatLogNodeFunction: () => ChatLogNodeFunction,
+  ChatLogSchema: () => ChatLogSchema,
   CustomToolSchema: () => CustomToolSchema,
+  GetOrCreateThreadNode: () => GetOrCreateThreadNode,
+  GetOrCreateThreadNodeFunction: () => GetOrCreateThreadNodeFunction,
+  GetOrCreateThreadSchema: () => GetOrCreateThreadSchema,
   HTTP_METHODS: () => HTTP_METHODS,
   HTTP_NODE_TYPES: () => HTTP_NODE_TYPES,
   HeaderSchema: () => HeaderSchema,
@@ -1088,7 +1104,7 @@ async function createLLMFromModel(modelConfig, authToken, streaming = false) {
     case "gemini":
       return new import_google_gauth.ChatGoogle({
         model: "gemini-flash-latest",
-        apiKey: "AIzaSyBzrL8Hx6dHhXgwc2HfLlQsf5Y-9pdtc9M",
+        apiKey: "AIzaSyAWj0Al2sVJ8vqaRN4UY7c6imAg7a3NbEc",
         streaming
       });
     case "openai":
@@ -1114,6 +1130,62 @@ async function createLLMFromModel(modelConfig, authToken, streaming = false) {
 }
 
 // src/utils/guardrail-executor.ts
+function emitGuardrailEvent(context, name, passed, action, details) {
+  if (context?.emitter?.emitThought) {
+    context.emitter.emitThought({
+      content: `guardrail:${passed ? "passed" : "failed"}:${name}`,
+      type: "guardrail",
+      name,
+      passed,
+      action: action || "evaluate",
+      details
+    });
+  }
+}
+async function loadChatHistory(context) {
+  const checkpointer = context?.checkpointer;
+  const sessionId = context?.sessionId;
+  if (!checkpointer || !sessionId) {
+    console.log(`[GUARDRAIL] checkpointer=${!!checkpointer}, sessionId=${sessionId}`);
+    return null;
+  }
+  try {
+    console.log(`[GUARDRAIL] Carregando hist\xF3rico da mem\xF3ria (session: ${sessionId})`);
+    if (typeof checkpointer.setup === "function" && !checkpointer.isSetup) {
+      await checkpointer.setup();
+    }
+    let checkpoint = null;
+    if (typeof checkpointer.getTuple === "function") {
+      const tuple = await checkpointer.getTuple({ configurable: { thread_id: sessionId } });
+      checkpoint = tuple?.checkpoint;
+      console.log(`[GUARDRAIL] getTuple result:`, tuple ? "found" : "null");
+    }
+    if (!checkpoint && typeof checkpointer.get === "function") {
+      checkpoint = await checkpointer.get({ configurable: { thread_id: sessionId } });
+      console.log(`[GUARDRAIL] get result:`, checkpoint ? "found" : "null");
+    }
+    if (!checkpoint) {
+      console.log(`[GUARDRAIL] Nenhum checkpoint encontrado`);
+      return null;
+    }
+    console.log(`[GUARDRAIL] Checkpoint keys:`, Object.keys(checkpoint));
+    const messages = checkpoint?.channel_values?.messages || checkpoint?.values?.messages || checkpoint?.messages || [];
+    if (!messages || messages.length === 0) {
+      console.log(`[GUARDRAIL] Nenhuma mensagem no checkpoint`);
+      return null;
+    }
+    const historyLines = messages.map((m) => {
+      const role = m._getType?.() === "human" || m.type === "human" ? "Usu\xE1rio" : "Assistente";
+      const content = typeof m.content === "string" ? m.content : JSON.stringify(m.content);
+      return `${role}: ${content.slice(0, 200)}${content.length > 200 ? "..." : ""}`;
+    });
+    console.log(`[GUARDRAIL] Hist\xF3rico carregado: ${messages.length} mensagens`);
+    return historyLines.join("\n");
+  } catch (error) {
+    console.error(`[GUARDRAIL] Erro ao carregar hist\xF3rico:`, error);
+    return null;
+  }
+}
 async function executeGuardrails(guardrails, content, mode = "fail-first", context = {}) {
   const list = Array.isArray(guardrails) ? guardrails : [guardrails];
   const result = {
@@ -1164,6 +1236,7 @@ async function executeGuardrails(guardrails, content, mode = "fail-first", conte
       if (!guardPassed && actionInstruction) {
         violationMessage = actionInstruction;
       }
+      emitGuardrailEvent(context, guard.name, guardPassed, guard.action, violationMessage || "Rule passed");
     } else if (guard.type === "function") {
       const { nodeFunction, name, actionInstruction } = guard;
       if (typeof nodeFunction === "function") {
@@ -1196,47 +1269,97 @@ async function executeGuardrails(guardrails, content, mode = "fail-first", conte
           guardPassed = false;
           violationMessage = `Erro na fun\xE7\xE3o guardrail: ${error instanceof Error ? error.message : String(error)}`;
         }
+        emitGuardrailEvent(context, name, guardPassed, guard.action, violationMessage || "Function passed");
       }
     } else if (guard.type === "model") {
       const { model, evaluationPrompt, name, actionInstruction } = guard;
+      console.log(`[GUARDRAIL LLM] Iniciando guardrail "${name}"`);
+      console.log(`[GUARDRAIL LLM] Conte\xFAdo a avaliar (${content.length} chars):`, content.slice(0, 200) + (content.length > 200 ? "..." : ""));
+      console.log(`[GUARDRAIL LLM] Action: ${guard.action}, Model dispon\xEDvel: ${!!model}`);
+      const chatHistory = await loadChatHistory(context);
+      if (chatHistory) {
+        console.log(`[GUARDRAIL LLM] Hist\xF3rico inclu\xEDdo no contexto`);
+      }
       if (model && typeof model.invoke === "function") {
         try {
           let prompt = evaluationPrompt;
+          console.log(`[GUARDRAIL LLM] Evaluation prompt base:`, (prompt || "").slice(0, 200));
           if (actionInstruction) {
             prompt += `
 
 INSTRU\xC7\xC3O ADICIONAL DE A\xC7\xC3O:
 ${actionInstruction}`;
+          }
+          if (chatHistory) {
+            prompt += `
+
+HIST\xD3RICO DA CONVERSA:
+${chatHistory}`;
           }
           if (prompt.includes("{{content}}")) {
             prompt = prompt.replace("{{content}}", content);
           } else {
             prompt = `${prompt}
 
-CONTE\xDADO PARA AVALIAR:
+CONTE\xDADO A AVALIAR (resposta atual):
 ${content}`;
           }
+          console.log(`[GUARDRAIL LLM] Chamando modelo...`);
           const response = await model.invoke(prompt);
           const resultText = typeof response.content === "string" ? response.content : String(response.content);
+          console.log(`[GUARDRAIL LLM] Resposta do modelo:`, resultText.slice(0, 300));
+          const isUnsafe = resultText.toUpperCase().includes("UNSAFE");
+          const isSafe = resultText.toUpperCase().startsWith("SAFE") || resultText.toUpperCase().includes("SAFE") && !isUnsafe;
           if (guard.action === "fix") {
-            if (resultText && resultText.trim() !== content.trim() && !resultText.includes("SAFE")) {
-              result.modifiedContent = resultText;
-              violationMessage = `Conte\xFAdo reescrito pelo guardrail "${name}".`;
-              result.violations.push({
-                name: guard.name,
-                message: violationMessage,
-                action: "fix"
-              });
+            if (isUnsafe) {
+              console.log(`[GUARDRAIL LLM] Modo FIX - Detectado UNSAFE, chamando modelo para corrigir...`);
+              const fixPrompt = `Voc\xEA \xE9 um corretor de conte\xFAdo. O texto abaixo foi marcado como UNSAFE por violar uma regra.
+
+REGRA VIOLADA:
+${evaluationPrompt}
+
+${actionInstruction ? `INSTRU\xC7\xC3O DE CORRE\xC7\xC3O:
+${actionInstruction}
+` : ""}
+
+CONTE\xDADO ORIGINAL:
+${content}
+
+Reescreva o conte\xFAdo corrigindo a viola\xE7\xE3o. Retorne APENAS o texto corrigido, sem explica\xE7\xF5es ou prefixos.`;
+              try {
+                const fixResponse = await model.invoke(fixPrompt);
+                const fixedContent = typeof fixResponse.content === "string" ? fixResponse.content : String(fixResponse.content);
+                console.log(`[GUARDRAIL LLM] Conte\xFAdo corrigido:`, fixedContent.slice(0, 300));
+                result.modifiedContent = fixedContent;
+                violationMessage = `Conte\xFAdo reescrito pelo guardrail "${name}".`;
+                result.violations.push({
+                  name: guard.name,
+                  message: violationMessage,
+                  action: "fix"
+                });
+                emitGuardrailEvent(context, name, false, "fix", `Content fixed: ${fixedContent.slice(0, 100)}...`);
+              } catch (fixError) {
+                console.error(`[GUARDRAIL LLM] Erro ao corrigir conte\xFAdo:`, fixError);
+              }
+            } else {
+              console.log(`[GUARDRAIL LLM] Modo FIX - Conte\xFAdo aprovado (SAFE)`);
             }
           } else {
-            if (resultText.toUpperCase().includes("UNSAFE")) {
+            if (isUnsafe) {
               guardPassed = false;
               violationMessage = actionInstruction || `Modelo de avalia\xE7\xE3o "${name}" detectou viola\xE7\xE3o de seguran\xE7a/pol\xEDtica.`;
+              console.log(`[GUARDRAIL LLM] Resultado: UNSAFE - Bloqueado`);
+              emitGuardrailEvent(context, name, false, guard.action, violationMessage);
+            } else {
+              console.log(`[GUARDRAIL LLM] Resultado: SAFE - Aprovado`);
+              emitGuardrailEvent(context, name, true, "approve", "Content passed evaluation");
             }
           }
         } catch (error) {
-          console.error(`Error executing model guardrail "${name}":`, error);
+          console.error(`[GUARDRAIL LLM] Erro ao executar guardrail "${name}":`, error);
         }
+      } else {
+        console.log(`[GUARDRAIL LLM] Model n\xE3o dispon\xEDvel ou n\xE3o \xE9 invoc\xE1vel para guardrail "${name}"`);
       }
     }
     if (!guardPassed) {
@@ -1300,7 +1423,7 @@ var IaAgentNodeFunction = async (inputs) => {
   let guardrailViolations = [];
   if (message && beforeGuardrails) {
     const preparedBefore = await prepareGuardrails(beforeGuardrails);
-    const context = { ...inputs, input: message };
+    const context = { ...inputs, input: message, checkpointer, sessionId };
     const beforeResults = await executeGuardrails(preparedBefore, message, guardrailMode, context);
     if (beforeResults.blocked) {
       console.log(`\u{1F6E1}\uFE0F IaAgentNode "${name}": Blocked by before-agent guardrail:`, beforeResults.message);
@@ -1502,7 +1625,7 @@ IMPORTANT: You must base your response on the last message in the conversation h
       }
       if (output && afterGuardrails) {
         const preparedAfter = await prepareGuardrails(afterGuardrails);
-        const context = { ...inputs, input: output };
+        const context = { ...inputs, input: output, checkpointer, sessionId };
         const afterResults = await executeGuardrails(preparedAfter, output, guardrailMode, context);
         if (afterResults.blocked) {
           console.log(`\u{1F6E1}\uFE0F IaAgentNode "${name}": Response blocked by after-agent guardrail:`, afterResults.message);
@@ -2391,8 +2514,271 @@ var WhatsappMessageTriggerNode = {
   ]
 };
 
+// src/utils/sandbox-executor.ts
+var ivmModule = null;
+async function getIVM() {
+  if (ivmModule !== null) return ivmModule;
+  try {
+    const mod = await import("isolated-vm");
+    ivmModule = {
+      Isolate: mod.Isolate || mod.default?.Isolate,
+      ExternalCopy: mod.ExternalCopy || mod.default?.ExternalCopy,
+      Reference: mod.Reference || mod.default?.Reference
+    };
+    if (!ivmModule.Isolate) {
+      console.warn("[Sandbox] isolated-vm Isolate n\xE3o encontrado");
+      return null;
+    }
+    return ivmModule;
+  } catch (e) {
+    console.warn("[Sandbox] isolated-vm n\xE3o dispon\xEDvel, usando fallback inseguro");
+    return null;
+  }
+}
+var DEFAULT_OPTIONS = {
+  timeout: 1e4,
+  memoryLimit: 128,
+  allowFetch: true
+};
+async function executeSandboxed(code, sandboxContext, options = {}) {
+  const opts = { ...DEFAULT_OPTIONS, ...options };
+  const ivm = await getIVM();
+  if (!ivm) {
+    return executeFallback(code, sandboxContext);
+  }
+  let isolate = null;
+  let context = null;
+  try {
+    isolate = new ivm.Isolate({ memoryLimit: opts.memoryLimit });
+    context = await isolate.createContext();
+    const jail = context.global;
+    await jail.set("globalThis", jail.derefInto());
+    await injectContextVariables(jail, sandboxContext, ivm);
+    await jail.set("__logRef", new ivm.Reference(function(...args) {
+      console.log("[Sandbox]", ...args);
+    }));
+    if (opts.allowFetch) {
+      await jail.set("__fetchRef", new ivm.Reference(async function(url, optionsJson) {
+        try {
+          const options2 = optionsJson ? JSON.parse(optionsJson) : {};
+          const res = await fetch(url, {
+            method: options2?.method || "GET",
+            headers: options2?.headers,
+            body: options2?.body
+          });
+          const contentType = res.headers.get("content-type") || "";
+          let data;
+          if (contentType.includes("application/json")) {
+            data = await res.json();
+          } else {
+            data = await res.text();
+          }
+          return JSON.stringify({
+            ok: res.ok,
+            status: res.status,
+            statusText: res.statusText,
+            data
+          });
+        } catch (error) {
+          return JSON.stringify({
+            ok: false,
+            status: 0,
+            statusText: "Network Error",
+            error: error.message
+          });
+        }
+      }));
+    }
+    const bootstrapCode = `
+            // Console
+            const console = {
+                log: (...args) => __logRef.applySync(undefined, args.map(a => typeof a === 'object' ? JSON.stringify(a) : String(a))),
+                warn: (...args) => __logRef.applySync(undefined, ['[WARN]', ...args.map(a => typeof a === 'object' ? JSON.stringify(a) : String(a))]),
+                error: (...args) => __logRef.applySync(undefined, ['[ERROR]', ...args.map(a => typeof a === 'object' ? JSON.stringify(a) : String(a))]),
+                info: (...args) => __logRef.applySync(undefined, args.map(a => typeof a === 'object' ? JSON.stringify(a) : String(a))),
+            };
+            globalThis.console = console;
+
+            ${opts.allowFetch ? `
+            // Fetch
+            globalThis.fetch = async (url, options = {}) => {
+                const optionsJson = JSON.stringify(options);
+                const resultJson = await __fetchRef.apply(undefined, [url, optionsJson], { result: { promise: true } });
+                const result = JSON.parse(resultJson);
+                
+                if (!result.ok && result.error) {
+                    throw new Error(result.error);
+                }
+                
+                return {
+                    ok: result.ok,
+                    status: result.status,
+                    statusText: result.statusText,
+                    json: async () => result.data,
+                    text: async () => typeof result.data === 'string' ? result.data : JSON.stringify(result.data),
+                };
+            };
+            ` : ""}
+
+            // Base64
+            globalThis.atob = (str) => {
+                const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
+                let output = '';
+                str = String(str).replace(/=+$/, '');
+                for (let i = 0; i < str.length; i += 4) {
+                    const enc1 = chars.indexOf(str.charAt(i));
+                    const enc2 = chars.indexOf(str.charAt(i + 1));
+                    const enc3 = chars.indexOf(str.charAt(i + 2));
+                    const enc4 = chars.indexOf(str.charAt(i + 3));
+                    const chr1 = (enc1 << 2) | (enc2 >> 4);
+                    const chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
+                    const chr3 = ((enc3 & 3) << 6) | enc4;
+                    output += String.fromCharCode(chr1);
+                    if (enc3 !== 64) output += String.fromCharCode(chr2);
+                    if (enc4 !== 64) output += String.fromCharCode(chr3);
+                }
+                return output;
+            };
+
+            globalThis.btoa = (str) => {
+                const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
+                str = String(str);
+                let output = '';
+                for (let i = 0; i < str.length; i += 3) {
+                    const chr1 = str.charCodeAt(i);
+                    const chr2 = str.charCodeAt(i + 1);
+                    const chr3 = str.charCodeAt(i + 2);
+                    const enc1 = chr1 >> 2;
+                    const enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
+                    const enc3 = isNaN(chr2) ? 64 : ((chr2 & 15) << 2) | (chr3 >> 6);
+                    const enc4 = isNaN(chr3) ? 64 : chr3 & 63;
+                    output += chars.charAt(enc1) + chars.charAt(enc2) + chars.charAt(enc3) + chars.charAt(enc4);
+                }
+                return output;
+            };
+        `;
+    const bootstrapScript = await isolate.compileScript(bootstrapCode);
+    await bootstrapScript.run(context);
+    const wrappedCode = wrapUserCode(code);
+    const finalCode = `
+            (async () => {
+                const __userResult = await (${wrappedCode});
+                // Serializa o resultado para poder transferir
+                if (__userResult === undefined) return '__UNDEFINED__';
+                if (__userResult === null) return 'null';
+                if (typeof __userResult === 'object') {
+                    return JSON.stringify({ __type: 'object', value: __userResult });
+                }
+                return JSON.stringify({ __type: typeof __userResult, value: __userResult });
+            })()
+        `;
+    const script = await isolate.compileScript(finalCode);
+    const rawResult = await script.run(context, {
+      timeout: opts.timeout,
+      promise: true
+    });
+    if (rawResult === "__UNDEFINED__") return void 0;
+    if (rawResult === "null") return null;
+    try {
+      const parsed = JSON.parse(rawResult);
+      return parsed.value;
+    } catch {
+      return rawResult;
+    }
+  } catch (error) {
+    if (error.message?.includes("Script execution timed out")) {
+      throw new Error("Tempo de execu\xE7\xE3o excedido (timeout)");
+    }
+    if (error.message?.includes("Isolate was disposed")) {
+      throw new Error("Execu\xE7\xE3o cancelada: limite de mem\xF3ria excedido");
+    }
+    throw new Error(`Erro na execu\xE7\xE3o do c\xF3digo: ${error.message || "Erro desconhecido"}`);
+  } finally {
+    if (context) {
+      try {
+        context.release();
+      } catch {
+      }
+    }
+    if (isolate) {
+      try {
+        isolate.dispose();
+      } catch {
+      }
+    }
+  }
+}
+async function injectContextVariables(jail, ctx, ivm) {
+  const safeClone = (value) => {
+    if (value === void 0 || value === null) {
+      return value;
+    }
+    try {
+      if (typeof value !== "object") {
+        return value;
+      }
+      return new ivm.ExternalCopy(value).copyInto();
+    } catch {
+      try {
+        return JSON.parse(JSON.stringify(value));
+      } catch {
+        return void 0;
+      }
+    }
+  };
+  await jail.set("input", safeClone(ctx.input));
+  await jail.set("context", safeClone(ctx.context ?? {}));
+  await jail.set("$inputs", safeClone(ctx.$inputs ?? {}));
+  await jail.set("$vars", safeClone(ctx.$vars ?? {}));
+  await jail.set("$field", safeClone(ctx.$field ?? {}));
+  await jail.set("request", safeClone(ctx.request));
+  await jail.set("params", safeClone(ctx.params));
+  await jail.set("__placeholders", safeClone(ctx.__placeholders ?? {}));
+}
+function wrapUserCode(code) {
+  const trimmed = code.trim();
+  if (trimmed.startsWith("return ")) {
+    return `(async function() { ${code} })()`;
+  }
+  const isSimpleExpression = !trimmed.includes("{") && !trimmed.includes("if ") && !trimmed.includes("for ") && !trimmed.includes("while ") && !trimmed.includes("function ") && !trimmed.includes("const ") && !trimmed.includes("let ") && !trimmed.includes("var ");
+  if (isSimpleExpression) {
+    return `(async function() { return ${code} })()`;
+  }
+  return `(async function() { ${code} })()`;
+}
+function executeFallback(code, ctx) {
+  console.warn("[Sandbox] Usando execu\xE7\xE3o INSEGURA (new Function). Instale isolated-vm para seguran\xE7a.");
+  const customFunction = new Function(
+    "input",
+    "context",
+    "request",
+    "params",
+    "$inputs",
+    "$vars",
+    "$field",
+    "__placeholders",
+    code
+  );
+  return customFunction(
+    ctx.input,
+    ctx.context,
+    ctx.request,
+    ctx.params,
+    ctx.$inputs,
+    ctx.$vars,
+    ctx.$field,
+    ctx.__placeholders
+  );
+}
+function looksLikeCode(code) {
+  if (typeof code !== "string") return false;
+  const c = code.trim();
+  if (c.length < 3) return false;
+  return /(return\s+|=>|function\s*\(|;|\n|\{|\})/.test(c);
+}
+
 // src/nodes/processors/custom-code.ts
-var NodeFunction = (params) => {
+var NodeFunction = async (params) => {
   let input = params?.inputValue ?? params?.input;
   const context = params && params.fieldValues ? params.fieldValues : params || {};
   let customCode = context?.customCode ?? params?.customCode;
@@ -2405,12 +2791,6 @@ var NodeFunction = (params) => {
       else if (firstInputField.value !== void 0) input = firstInputField.value;
     }
   }
-  const looksLikeCode = (code) => {
-    if (typeof code !== "string") return false;
-    const c = code.trim();
-    if (c.length < 3) return false;
-    return /(return\s+|=>|function\s*\(|;|\n|\{|\})/.test(c);
-  };
   if (typeof customCode === "string" && !looksLikeCode(customCode)) {
     if (input === void 0) input = customCode;
     customCode = "";
@@ -2418,18 +2798,25 @@ var NodeFunction = (params) => {
   if (!customCode || typeof customCode === "string" && customCode.trim() === "") {
     return input;
   }
-  try {
-    const $inputs = params?.results || {};
-    const $vars = context && context.variables || params?.variables || void 0;
-    const __placeholders = params?.__codePlaceholders ?? context?.__codePlaceholders;
-    const customFunction = new Function("input", "context", "request", "params", "$inputs", "$vars", "__placeholders", customCode);
-    const result = customFunction(input, context, params?.request, params, $inputs, $vars, __placeholders);
-    return result;
-  } catch (error) {
-    throw new Error(`Erro ao executar c\xF3digo customizado: ${error instanceof Error ? error.message : "Erro desconhecido"}`);
-  }
+  const sandboxContext = {
+    input,
+    context,
+    $inputs: params?.results || {},
+    $vars: context && context.variables || params?.variables || void 0,
+    request: params?.request,
+    params,
+    __placeholders: params?.__codePlaceholders ?? context?.__codePlaceholders
+  };
+  const result = await executeSandboxed(customCode, sandboxContext, {
+    timeout: 3e4,
+    // 30 segundos
+    memoryLimit: 128,
+    // 128MB
+    allowFetch: true
+  });
+  return result;
 };
-var CustomNodeFunction = (params) => {
+var CustomNodeFunction = async (params) => {
   const context = params && params.fieldValues ? params.fieldValues : params || {};
   const customCode = context?.customCode;
   if (!customCode || typeof customCode === "string" && customCode.trim() === "") {
@@ -2452,29 +2839,36 @@ var CustomNodeFunction = (params) => {
     }
     $field[fieldId] = value;
   });
-  try {
-    const $inputs = params?.results || {};
-    const $vars = context && context.variables || params?.variables || void 0;
-    const customFunction = new Function("$field", "context", "request", "params", "$inputs", "$vars", customCode);
-    const result = customFunction($field, context, params?.request, params, $inputs, $vars);
-    return result;
-  } catch (error) {
-    throw new Error(`Erro ao executar CustomNode: ${error instanceof Error ? error.message : "Erro desconhecido"}`);
-  }
+  const sandboxContext = {
+    $field,
+    context,
+    $inputs: params?.results || {},
+    $vars: context && context.variables || params?.variables || void 0,
+    request: params?.request,
+    params
+  };
+  const result = await executeSandboxed(customCode, sandboxContext, {
+    timeout: 3e4,
+    // 30 segundos
+    memoryLimit: 128,
+    // 128MB
+    allowFetch: true
+  });
+  return result;
 };
 var CustomCodeNode = {
   label: "Custom Code",
   type: "CustomCodeNode",
   category: "step",
   icon: "\u{1F4BB}",
-  description: "Node para executar c\xF3digo JavaScript customizado",
+  description: "Node para executar c\xF3digo JavaScript customizado (sandbox segura)",
   fields: [
     {
       id: "customCode",
       label: "C\xF3digo Customizado",
       type: "code",
       required: false,
-      placeholder: '// Seu c\xF3digo JavaScript aqui\n// Use "input" para acessar o valor de entrada\n// Use "context" para acessar os dados do n\xF3\nreturn input;'
+      placeholder: '// Seu c\xF3digo JavaScript aqui\n// Use "input" para acessar o valor de entrada\n// Use "context" para acessar os dados do n\xF3\n// fetch(), JSON, Math, Date est\xE3o dispon\xEDveis\nreturn input;'
     },
     {
       id: "input",
@@ -2936,6 +3330,335 @@ var ModelGuardrailNodeFunction = async (inputs) => {
   };
 };
 
+// src/nodes/chat/getOrCreateThread/data.ts
+var import_zod17 = require("zod");
+var GetOrCreateThreadSchema = import_zod17.z.object({
+  source: import_zod17.z.string().describe("Channel source: whatsapp, telegram, web, etc."),
+  identifier: import_zod17.z.string().describe("User identifier: phone number, chat_id, userId"),
+  timeoutMinutes: import_zod17.z.number().optional().describe("Inactivity timeout in minutes (default: 1440 = 24h)")
+});
+var GetOrCreateThreadNode = {
+  label: "Get or Create Thread",
+  type: "GetOrCreateThreadNode",
+  category: "chat",
+  description: "Generates or retrieves a threadId based on identifier + timeout. Ensures tenant isolation.",
+  icon: "\u{1F9F5}",
+  group: "Chat",
+  tags: {
+    execution: "async",
+    group: "Chat"
+  },
+  fields: [
+    {
+      id: "source",
+      label: "Source",
+      type: "string",
+      required: true,
+      defaultValue: "whatsapp",
+      placeholder: "whatsapp, telegram, web",
+      handle: {
+        type: "input",
+        label: "Source",
+        name: "source",
+        fieldType: "string"
+      }
+    },
+    {
+      id: "identifier",
+      label: "Identifier",
+      type: "string",
+      required: true,
+      placeholder: "+5511999999999",
+      handle: {
+        type: "input",
+        label: "Identifier",
+        name: "identifier",
+        fieldType: "string"
+      }
+    },
+    {
+      id: "timeoutMinutes",
+      label: "Timeout (minutes)",
+      type: "number",
+      required: false,
+      defaultValue: "1440",
+      placeholder: "1440 (24 hours)"
+    },
+    {
+      id: "threadId",
+      label: "Thread ID",
+      type: "string",
+      required: true,
+      typeable: false,
+      handle: {
+        type: "output",
+        label: "Thread ID",
+        name: "threadId",
+        fieldType: "string"
+      }
+    },
+    {
+      id: "isNew",
+      label: "Is New Thread",
+      type: "boolean",
+      required: true,
+      typeable: false,
+      handle: {
+        type: "output",
+        label: "Is New",
+        name: "isNew",
+        fieldType: "boolean"
+      }
+    }
+  ]
+};
+
+// src/nodes/chat/getOrCreateThread/function.ts
+var GetOrCreateThreadNodeFunction = async (inputs) => {
+  const fieldValues = inputs.fieldValues || {};
+  const context = inputs.context || {};
+  const source = fieldValues.source;
+  const identifier = fieldValues.identifier;
+  const timeoutMinutes = Number(fieldValues.timeoutMinutes) || 1440;
+  const companyId = context?.companyId;
+  if (!companyId) {
+    throw new Error("GetOrCreateThread requires companyId in context for tenant isolation");
+  }
+  if (!source || !identifier) {
+    throw new Error("GetOrCreateThread requires source and identifier");
+  }
+  const timeoutMs = timeoutMinutes * 60 * 1e3;
+  const thresholdDate = new Date(Date.now() - timeoutMs);
+  const db = context?.db;
+  if (!db) {
+    throw new Error("GetOrCreateThread requires database connection in context");
+  }
+  try {
+    const existingSessions = await db.query(`
+            SELECT id, session_id, updated_at 
+            FROM chat_sessions 
+            WHERE company_id = $1 
+              AND metadata->>'source' = $2 
+              AND metadata->>'identifier' = $3
+              AND updated_at > $4
+            ORDER BY updated_at DESC
+            LIMIT 1
+        `, [companyId, source, identifier, thresholdDate]);
+    if (existingSessions.rows && existingSessions.rows.length > 0) {
+      const session = existingSessions.rows[0];
+      await db.query(`
+                UPDATE chat_sessions 
+                SET updated_at = NOW() 
+                WHERE id = $1 AND company_id = $2
+            `, [session.id, companyId]);
+      return {
+        threadId: session.session_id,
+        isNew: false
+      };
+    }
+    const newSessionId = crypto.randomUUID();
+    const workflowId = context?.workflowId;
+    await db.query(`
+            INSERT INTO chat_sessions (workflow_id, company_id, chat_id, session_id, metadata)
+            VALUES ($1, $2, $3, $4, $5)
+        `, [
+      workflowId || companyId,
+      // fallback to companyId if no workflowId
+      companyId,
+      `${source}:${identifier}`,
+      // chatId as composite key
+      newSessionId,
+      JSON.stringify({ source, identifier })
+    ]);
+    return {
+      threadId: newSessionId,
+      isNew: true
+    };
+  } catch (error) {
+    console.error("[GetOrCreateThread] Error:", error);
+    throw error;
+  }
+};
+
+// src/nodes/chat/chatLog/data.ts
+var import_zod18 = require("zod");
+var ChatLogSchema = import_zod18.z.object({
+  threadId: import_zod18.z.string().describe("Thread ID from GetOrCreateThread"),
+  direction: import_zod18.z.enum(["inbound", "outbound"]).describe("Message direction"),
+  content: import_zod18.z.string().describe("Message content"),
+  source: import_zod18.z.string().optional().describe("Channel source"),
+  identifier: import_zod18.z.string().optional().describe("User identifier"),
+  metadata: import_zod18.z.record(import_zod18.z.string(), import_zod18.z.any()).optional().describe("Additional metadata")
+});
+var ChatLogNode = {
+  label: "Chat Log",
+  type: "ChatLogNode",
+  category: "chat",
+  description: "Saves a message to the chat history. Supports inbound (user) and outbound (assistant) messages.",
+  icon: "\u{1F4AC}",
+  group: "Chat",
+  tags: {
+    execution: "async",
+    group: "Chat"
+  },
+  fields: [
+    {
+      id: "threadId",
+      label: "Thread ID",
+      type: "string",
+      required: true,
+      placeholder: "From GetOrCreateThread node",
+      handle: {
+        type: "input",
+        label: "Thread ID",
+        name: "threadId",
+        fieldType: "string"
+      }
+    },
+    {
+      id: "direction",
+      label: "Direction",
+      type: "select",
+      required: true,
+      defaultValue: "inbound",
+      options: [
+        { label: "Inbound (User \u2192 System)", value: "inbound" },
+        { label: "Outbound (System \u2192 User)", value: "outbound" }
+      ]
+    },
+    {
+      id: "content",
+      label: "Content",
+      type: "string",
+      required: true,
+      placeholder: "Message content",
+      handle: {
+        type: "input",
+        label: "Content",
+        name: "content",
+        fieldType: "string"
+      }
+    },
+    {
+      id: "source",
+      label: "Source",
+      type: "string",
+      required: false,
+      defaultValue: "whatsapp",
+      placeholder: "whatsapp, telegram, web",
+      handle: {
+        type: "input",
+        label: "Source",
+        name: "source",
+        fieldType: "string"
+      }
+    },
+    {
+      id: "identifier",
+      label: "Identifier",
+      type: "string",
+      required: false,
+      placeholder: "+5511999999999",
+      handle: {
+        type: "input",
+        label: "Identifier",
+        name: "identifier",
+        fieldType: "string"
+      }
+    },
+    {
+      id: "messageId",
+      label: "Message ID",
+      type: "string",
+      required: true,
+      typeable: false,
+      handle: {
+        type: "output",
+        label: "Message ID",
+        name: "messageId",
+        fieldType: "string"
+      }
+    },
+    {
+      id: "success",
+      label: "Success",
+      type: "boolean",
+      required: true,
+      typeable: false,
+      handle: {
+        type: "output",
+        label: "Success",
+        name: "success",
+        fieldType: "boolean"
+      }
+    }
+  ]
+};
+
+// src/nodes/chat/chatLog/function.ts
+var ChatLogNodeFunction = async (inputs) => {
+  const fieldValues = inputs.fieldValues || {};
+  const context = inputs.context || {};
+  const threadId = fieldValues.threadId;
+  const direction = fieldValues.direction;
+  const content = fieldValues.content;
+  const source = fieldValues.source;
+  const identifier = fieldValues.identifier;
+  const companyId = context?.companyId;
+  if (!companyId) {
+    throw new Error("ChatLog requires companyId in context for tenant isolation");
+  }
+  if (!threadId || !content) {
+    throw new Error("ChatLog requires threadId and content");
+  }
+  const role = direction === "inbound" ? "user" : "assistant";
+  const db = context?.db;
+  if (!db) {
+    throw new Error("ChatLog requires database connection in context");
+  }
+  try {
+    const sessionResult = await db.query(`
+            SELECT id FROM chat_sessions 
+            WHERE session_id = $1 AND company_id = $2
+            LIMIT 1
+        `, [threadId, companyId]);
+    if (!sessionResult.rows || sessionResult.rows.length === 0) {
+      throw new Error(`Session not found for threadId: ${threadId}`);
+    }
+    const sessionId = sessionResult.rows[0].id;
+    const messageId = crypto.randomUUID();
+    await db.query(`
+            INSERT INTO chat_messages (id, session_id, role, content, metadata)
+            VALUES ($1, $2, $3, $4, $5)
+        `, [
+      messageId,
+      sessionId,
+      role,
+      content,
+      JSON.stringify({
+        direction,
+        source: source || null,
+        identifier: identifier || null
+      })
+    ]);
+    await db.query(`
+            UPDATE chat_sessions 
+            SET updated_at = NOW() 
+            WHERE id = $1 AND company_id = $2
+        `, [sessionId, companyId]);
+    return {
+      messageId,
+      success: true
+    };
+  } catch (error) {
+    console.error("[ChatLog] Error:", error);
+    return {
+      messageId: null,
+      success: false
+    };
+  }
+};
+
 // src/nodes/consts/nodes.ts
 var nodes = [
   ChatInputNode,
@@ -2962,7 +3685,9 @@ var nodes = [
   PromptGuardrailNode,
   RuleGuardrailNode,
   FunctionGuardrailNode,
-  ModelGuardrailNode
+  ModelGuardrailNode,
+  GetOrCreateThreadNode,
+  ChatLogNode
 ];
 var nodes_default = nodes;
 
@@ -3084,7 +3809,9 @@ var nodeFunctions = {
   PromptGuardrailNode: PromptGuardrailNodeFunction,
   RuleGuardrailNode: RuleGuardrailNodeFunction,
   FunctionGuardrailNode: FunctionGuardrailNodeFunction,
-  ModelGuardrailNode: ModelGuardrailNodeFunction
+  ModelGuardrailNode: ModelGuardrailNodeFunction,
+  GetOrCreateThreadNode: GetOrCreateThreadNodeFunction,
+  ChatLogNode: ChatLogNodeFunction
 };
 var node_functions_default = nodeFunctions;
 
@@ -3198,12 +3925,12 @@ var HttpPutInputNodeFunction = (params) => {
 };
 
 // src/nodes/inputs/http/put/schema.ts
-var import_zod17 = require("zod");
-var HttpPutInputNodeSchema = import_zod17.z.object({
+var import_zod19 = require("zod");
+var HttpPutInputNodeSchema = import_zod19.z.object({
   route: RouteSchema,
-  queryParams: import_zod17.z.array(QueryParamSchema).optional().describe("Query parameters configuration"),
-  headers: import_zod17.z.array(HeaderSchema).optional().describe("Headers configuration"),
-  body: import_zod17.z.array(BodyFieldSchema).optional().describe("Body fields configuration")
+  queryParams: import_zod19.z.array(QueryParamSchema).optional().describe("Query parameters configuration"),
+  headers: import_zod19.z.array(HeaderSchema).optional().describe("Headers configuration"),
+  body: import_zod19.z.array(BodyFieldSchema).optional().describe("Body fields configuration")
 });
 
 // src/nodes/inputs/http/delete/data.ts
@@ -3295,11 +4022,11 @@ var HttpDeleteInputNodeFunction = async (params) => {
 };
 
 // src/nodes/inputs/http/delete/schema.ts
-var import_zod18 = require("zod");
-var HttpDeleteInputNodeSchema = import_zod18.z.object({
+var import_zod20 = require("zod");
+var HttpDeleteInputNodeSchema = import_zod20.z.object({
   route: RouteSchema,
-  queryParams: import_zod18.z.array(QueryParamSchema).optional().describe("Query parameters configuration"),
-  headers: import_zod18.z.array(HeaderSchema).optional().describe("Headers configuration")
+  queryParams: import_zod20.z.array(QueryParamSchema).optional().describe("Query parameters configuration"),
+  headers: import_zod20.z.array(HeaderSchema).optional().describe("Headers configuration")
 });
 
 // src/nodes/inputs/http/patch/data.ts
@@ -3412,12 +4139,12 @@ var HttpPatchInputNodeFunction = (params) => {
 };
 
 // src/nodes/inputs/http/patch/schema.ts
-var import_zod19 = require("zod");
-var HttpPatchInputNodeSchema = import_zod19.z.object({
+var import_zod21 = require("zod");
+var HttpPatchInputNodeSchema = import_zod21.z.object({
   route: RouteSchema,
-  queryParams: import_zod19.z.array(QueryParamSchema).optional().describe("Query parameters configuration"),
-  headers: import_zod19.z.array(HeaderSchema).optional().describe("Headers configuration"),
-  body: import_zod19.z.array(BodyFieldSchema).optional().describe("Body fields configuration")
+  queryParams: import_zod21.z.array(QueryParamSchema).optional().describe("Query parameters configuration"),
+  headers: import_zod21.z.array(HeaderSchema).optional().describe("Headers configuration"),
+  body: import_zod21.z.array(BodyFieldSchema).optional().describe("Body fields configuration")
 });
 
 // src/nodes/inputs/http/utils.ts
@@ -3477,7 +4204,13 @@ var getHttpMethodFromFriendlyId = (friendlyId) => {
   AiToolNodeFunction,
   AiToolNodeSchema,
   BodyFieldSchema,
+  ChatLogNode,
+  ChatLogNodeFunction,
+  ChatLogSchema,
   CustomToolSchema,
+  GetOrCreateThreadNode,
+  GetOrCreateThreadNodeFunction,
+  GetOrCreateThreadSchema,
   HTTP_METHODS,
   HTTP_NODE_TYPES,
   HeaderSchema,