npm - @omnizap-system/omnizap - Versions diffs - 2.6.0 → 2.6.2 - Mend

@omnizap-system/omnizap 2.6.0 → 2.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (261) hide show

package/.env.example +58 -13
package/.github/workflows/ci.yml +5 -5
package/.github/workflows/codeql.yml +1 -1
package/.github/workflows/db-migration-check.yml +2 -2
package/.github/workflows/dependency-review.yml +1 -1
package/.github/workflows/deploy.yml +2 -2
package/.github/workflows/release.yml +2 -2
package/.github/workflows/security-attest-provenance.yml +2 -2
package/.github/workflows/security-gitleaks.yml +13 -4
package/.github/workflows/security-runner-hardening.yml +2 -2
package/.github/workflows/security-scorecard.yml +1 -1
package/.github/workflows/security-zap-baseline.yml +1 -1
package/.github/workflows/security-zap-full-scan.yml +2 -1
package/.github/workflows/security-zizmor.yml +1 -1
package/.github/workflows/wiki-sync.yml +1 -1
package/.gitleaksignore +9 -0
package/CODE_OF_CONDUCT.md +2 -2
package/GEMINI.md +64 -0
package/README.md +52 -82
package/SECURITY.md +1 -1
package/app/config/index.js +2 -0
package/app/configParts/adminIdentity.js +5 -5
package/app/configParts/baileysConfig.js +230 -58
package/app/configParts/groupUtils.js +5 -0
package/app/configParts/messagePersistenceService.js +145 -4
package/app/configParts/sessionConfig.js +157 -0
package/app/connection/baileysCompatibility.test.js +1 -1
package/app/connection/groupOwnerWriteStateResolver.js +109 -0
package/app/connection/socketController.js +660 -158
package/app/connection/socketController.multiSession.test.js +108 -0
package/app/controllers/messageController.js +1 -1
package/app/controllers/messagePipeline/commandMiddleware.js +12 -10
package/app/controllers/messagePipeline/conversationMiddleware.js +2 -1
package/app/controllers/messagePipeline/messagePipelineMiddlewares.test.js +104 -0
package/app/controllers/messagePipeline/preProcessingMiddlewares.js +80 -2
package/app/controllers/messageProcessingPipeline.js +93 -13
package/app/controllers/messageProcessingPipeline.test.js +200 -0
package/app/modules/adminModule/AGENT.md +1 -1
package/app/modules/adminModule/commandConfig.json +3318 -1347
package/app/modules/adminModule/groupCommandHandlers.js +858 -15
package/app/modules/adminModule/groupCommandHandlers.test.js +378 -11
package/app/modules/adminModule/groupWarningRepository.js +152 -0
package/app/modules/aiModule/AGENT.md +47 -30
package/app/modules/aiModule/aiConfigRuntime.js +1 -0
package/app/modules/aiModule/catCommand.js +135 -27
package/app/modules/aiModule/commandConfig.json +114 -28
package/app/modules/analyticsModule/messageAnalysisEventRepository.js +54 -6
package/app/modules/gameModule/AGENT.md +1 -1
package/app/modules/gameModule/commandConfig.json +29 -0
package/app/modules/menuModule/AGENT.md +1 -1
package/app/modules/menuModule/commandConfig.json +45 -10
package/app/modules/menuModule/menuCatalogService.js +190 -0
package/app/modules/menuModule/menuCommandUsageRepository.js +109 -0
package/app/modules/menuModule/menuDynamicService.js +511 -0
package/app/modules/menuModule/menuDynamicService.test.js +141 -0
package/app/modules/menuModule/menus.js +36 -5
package/app/modules/playModule/AGENT.md +10 -5
package/app/modules/playModule/commandConfig.json +140 -12
package/app/modules/playModule/playCommand.js +1 -1417
package/app/modules/playModule/playCommandConstants.js +80 -0
package/app/modules/playModule/playCommandCore.js +361 -0
package/app/modules/playModule/playCommandHandlers.js +41 -0
package/app/modules/playModule/playCommandMediaClient.js +1872 -0
package/app/modules/playModule/playConfigRuntime.js +245 -4
package/app/modules/playModule/playModuleCriticalFlows.test.js +152 -0
package/app/modules/quoteModule/AGENT.md +1 -1
package/app/modules/quoteModule/commandConfig.json +29 -0
package/app/modules/quoteModule/quoteCommand.js +3 -2
package/app/modules/rpgPokemonModule/AGENT.md +1 -1
package/app/modules/rpgPokemonModule/commandConfig.json +29 -0
package/app/modules/rpgPokemonModule/rpgBattleCanvasRenderer.js +5 -4
package/app/modules/rpgPokemonModule/rpgBattleService.test.js +2 -1
package/app/modules/rpgPokemonModule/rpgPokemonDomain.js +2 -1
package/app/modules/rpgPokemonModule/rpgPokemonService.js +38 -37
package/app/modules/rpgPokemonModule/rpgProfileCanvasRenderer.js +4 -3
package/app/modules/statsModule/AGENT.md +1 -1
package/app/modules/statsModule/commandConfig.json +58 -0
package/app/modules/statsModule/rankingCommon.js +5 -4
package/app/modules/stickerModule/AGENT.md +1 -1
package/app/modules/stickerModule/addStickerMetadata.js +4 -3
package/app/modules/stickerModule/commandConfig.json +145 -0
package/app/modules/stickerModule/stickerCommand.js +1 -1
package/app/modules/stickerPackModule/AGENT.md +1 -1
package/app/modules/stickerPackModule/autoPackCollectorService.js +5 -1
package/app/modules/stickerPackModule/commandConfig.json +29 -0
package/app/modules/stickerPackModule/semanticThemeClusterService.js +7 -6
package/app/modules/stickerPackModule/stickerAutoPackByTagsRuntime.js +10 -9
package/app/modules/stickerPackModule/stickerClassificationBackgroundRuntime.js +9 -8
package/app/modules/stickerPackModule/stickerDomainEventConsumerRuntime.js +3 -2
package/app/modules/stickerPackModule/stickerMarketplaceDriftService.js +2 -1
package/app/modules/stickerPackModule/stickerPackCommandHandlers.js +80 -58
package/app/modules/stickerPackModule/stickerPackMarketplaceService.js +2 -1
package/app/modules/stickerPackModule/stickerPackRepository.js +2 -1
package/app/modules/stickerPackModule/stickerPackScoreSnapshotRuntime.js +5 -4
package/app/modules/stickerPackModule/stickerPackService.js +13 -6
package/app/modules/stickerPackModule/stickerStorageService.js +3 -2
package/app/modules/stickerPackModule/stickerWorkerPipelineRuntime.js +2 -1
package/app/modules/systemMetricsModule/AGENT.md +1 -1
package/app/modules/systemMetricsModule/commandConfig.json +29 -0
package/app/modules/systemMetricsModule/pingCommand.js +6 -5
package/app/modules/tiktokModule/AGENT.md +1 -1
package/app/modules/tiktokModule/commandConfig.json +29 -0
package/app/modules/tiktokModule/tiktokCommand.js +2 -1
package/app/modules/userModule/AGENT.md +1 -1
package/app/modules/userModule/commandConfig.json +29 -0
package/app/modules/userModule/userCommand.js +72 -23
package/app/modules/waifuPicsModule/AGENT.md +57 -27
package/app/modules/waifuPicsModule/commandConfig.json +87 -0
package/app/modules/waifuPicsModule/waifuPicsCommand.js +3 -2
package/app/observability/metrics.js +136 -0
package/app/services/ai/commandConfigEnrichmentService.js +229 -47
package/app/services/ai/conversationRouterService.js +4 -3
package/app/services/ai/geminiService.js +132 -7
package/app/services/ai/geminiService.test.js +59 -2
package/app/services/ai/globalModuleAiHelpService.js +3 -2
package/app/services/ai/messageCommandExecutionService.js +2 -1
package/app/services/ai/moduleAiHelpCoreService.js +45 -14
package/app/services/ai/moduleToolExecutorService.js +3 -2
package/app/services/ai/moduleToolRegistryService.js +2 -1
package/app/services/ai/toolCandidateSelectorService.js +6 -5
package/app/services/auth/googleWebLinkService.js +3 -2
package/app/services/auth/whatsappLoginLinkService.js +3 -2
package/app/services/external/pokeApiService.js +4 -3
package/app/services/group/groupMetadataService.js +24 -1
package/app/services/infra/dbWriteQueue.js +57 -26
package/app/services/infra/featureFlagService.js +2 -1
package/app/services/messaging/captchaService.js +3 -2
package/app/services/messaging/newsBroadcastService.js +846 -29
package/app/services/multiSession/assignmentBalancerService.js +457 -0
package/app/services/multiSession/groupOwnershipRepository.js +381 -0
package/app/services/multiSession/groupOwnershipService.js +890 -0
package/app/services/multiSession/groupOwnershipService.test.js +309 -0
package/app/services/multiSession/sessionRegistryService.js +293 -0
package/app/services/sticker/stickerFocusService.js +11 -10
package/app/store/aiPromptStore.js +36 -19
package/app/store/conversationSessionStore.js +7 -6
package/app/store/groupConfigStore.js +41 -5
package/app/store/premiumUserStore.js +21 -7
package/app/utils/antiLink/antiLinkModule.js +352 -16
package/app/workers/aiHelperContinuousLearningWorker.js +512 -0
package/app/workers/aiLearningWorker.js +6 -5
package/app/workers/commandConfigEnrichmentWorker.js +4 -3
package/database/index.js +14 -8
package/database/migrations/20260307_d0_hardening_down.sql +1 -1
package/database/migrations/20260314_d7_canonical_sender_down.sql +1 -1
package/database/migrations/20260406_d30_security_analytics_down.sql +1 -1
package/database/migrations/20260411_d35_group_community_metadata_down.sql +59 -0
package/database/migrations/20260411_d35_group_community_metadata_up.sql +62 -0
package/database/migrations/20260412_d36_system_config_tables_down.sql +32 -0
package/database/migrations/20260412_d36_system_config_tables_up.sql +66 -0
package/database/migrations/20260413_d37_group_user_warnings_down.sql +11 -0
package/database/migrations/20260413_d37_group_user_warnings_up.sql +24 -0
package/database/migrations/20260414_d38_multi_session_foundation_down.sql +72 -0
package/database/migrations/20260414_d38_multi_session_foundation_up.sql +125 -0
package/database/migrations/20260414_d39_multi_session_cutover_down.sql +103 -0
package/database/migrations/20260414_d39_multi_session_cutover_up.sql +83 -0
package/database/schema.sql +102 -1
package/docker-compose.yml +4 -1
package/docs/compliance/acceptable-use-policy-2026-03-07.md +1 -1
package/docs/compliance/dpa-b2b-standard-2026-03-07.md +1 -1
package/docs/compliance/privacy-policy-2026-03-07.md +4 -4
package/docs/security/dsar-lgpd-runbook-2026-03-07.md +1 -1
package/docs/security/incident-response-lgpd-anpd-runbook-2026-03-07.md +1 -1
package/docs/security/network-hardening-runbook-2026-03-07.md +53 -0
package/docs/security/omnizap-static-security-headers.conf +25 -0
package/docs/wiki/Home.md +1 -1
package/ecosystem.prod.config.cjs +32 -12
package/index.js +57 -23
package/observability/alert-rules.yml +20 -0
package/observability/grafana/dashboards/omnizap-system-admin.json +229 -0
package/observability/mysql-setup.sql +4 -4
package/observability/system-admin-observability.md +26 -0
package/package.json +20 -6
package/public/apple-touch-icon.png +0 -0
package/public/comandos/commands-catalog.json +2853 -3326
package/public/favicon-16x16.png +0 -0
package/public/favicon-32x32.png +0 -0
package/public/favicon.ico +0 -0
package/public/js/apps/apiDocsApp.js +3 -2
package/public/js/apps/commandsReactApp.js +280 -99
package/public/js/apps/createPackApp.js +11 -10
package/public/js/apps/homeReactApp.js +181 -130
package/public/js/apps/loginReactApp.js +1 -1
package/public/js/apps/stickersApp.js +263 -110
package/public/js/apps/termsReactApp.js +73 -24
package/public/js/apps/userApp.js +4 -3
package/public/js/apps/userPasswordResetReactApp.js +406 -0
package/public/js/apps/userReactApp.js +355 -280
package/public/js/apps/userSystemAdmReactApp.js +1506 -0
package/public/pages/api-docs.html +1 -1
package/public/pages/aup.html +2 -2
package/public/pages/dpa.html +3 -3
package/public/pages/licenca.html +4 -4
package/public/pages/login.html +1 -1
package/public/pages/notice-and-takedown.html +2 -2
package/public/pages/politica-de-privacidade.html +6 -6
package/public/pages/seo-bot-whatsapp-para-grupo.html +3 -3
package/public/pages/seo-bot-whatsapp-sem-programar.html +3 -3
package/public/pages/seo-como-automatizar-avisos-no-whatsapp.html +3 -3
package/public/pages/seo-como-criar-comandos-whatsapp.html +3 -3
package/public/pages/seo-como-evitar-spam-no-whatsapp.html +3 -3
package/public/pages/seo-como-moderar-grupo-whatsapp.html +3 -3
package/public/pages/seo-como-organizar-comunidade-whatsapp.html +3 -3
package/public/pages/seo-melhor-bot-whatsapp-para-grupos.html +3 -3
package/public/pages/stickers-admin.html +1 -1
package/public/pages/stickers-create.html +1 -1
package/public/pages/stickers.html +6 -6
package/public/pages/suboperadores.html +2 -2
package/public/pages/termos-de-uso-texto-integral.html +6 -6
package/public/pages/termos-de-uso.html +3 -3
package/public/pages/user-password-reset.html +4 -5
package/public/pages/user-systemadm.html +9 -463
package/public/pages/user.html +2 -2
package/scripts/clear-whatsapp-session.sh +123 -0
package/scripts/core-ai-mode.mjs +163 -0
package/scripts/deploy.sh +11 -1
package/scripts/email-broadcast-terms-update.mjs +2 -1
package/scripts/enrich-command-config-ux-openai.mjs +492 -0
package/scripts/generate-commands-catalog.mjs +166 -2
package/scripts/generate-module-agents.mjs +2 -1
package/scripts/generate-seo-satellite-pages.mjs +5 -4
package/scripts/github-deploy-notify.mjs +2 -1
package/scripts/github-release-notify.mjs +25 -10
package/scripts/new-whatsapp-session.sh +317 -0
package/scripts/release.sh +2 -19
package/scripts/security-smoketest.mjs +6 -5
package/scripts/security-web-surface-check.mjs +218 -0
package/scripts/sticker-catalog-loadtest.mjs +5 -4
package/server/auth/googleWebAuth/googleWebAuthService.js +8 -7
package/server/auth/jwt/webJwtService.js +1 -1
package/server/auth/stickerCatalogAuthContext.js +2 -1
package/server/auth/termsAcceptance/termsAcceptanceHandler.js +2 -1
package/server/auth/userPassword/userPasswordAuthService.js +2 -1
package/server/auth/userPassword/userPasswordRecoveryService.js +4 -3
package/server/auth/webAccount/webAccountHandlers.js +9 -10
package/server/controllers/admin/adminPanelHandlers.js +267 -16
package/server/controllers/admin/systemAdminController.js +267 -0
package/server/controllers/seo/stickerCatalogSeoContext.js +10 -9
package/server/controllers/sticker/nonCatalogHandlers.js +2 -1
package/server/controllers/sticker/stickerCatalogController.js +23 -36
package/server/controllers/system/contactController.js +9 -17
package/server/controllers/system/githubController.js +3 -2
package/server/controllers/system/stickerCatalogSystemContext.js +41 -19
package/server/controllers/system/systemController.js +254 -1
package/server/controllers/system/systemMetricsController.js +2 -1
package/server/controllers/userController.js +6 -0
package/server/email/emailTemplateService.js +5 -3
package/server/http/httpServer.js +11 -6
package/server/middleware/rateLimit.js +2 -1
package/server/middleware/securityHeaders.js +20 -1
package/server/routes/admin/systemAdminRouter.js +6 -0
package/server/routes/indexRouter.js +30 -6
package/server/routes/observability/grafanaProxyRouter.js +254 -0
package/server/routes/static/staticPageRouter.js +27 -1
package/server/utils/publicContact.js +31 -0
package/utils/time/timeModule.js +135 -0
package/utils/time/timeModule.test.js +65 -0
package/utils/whatsapp/contactEnv.js +39 -0
package/vite.config.mjs +7 -1
package/public/assets/images/brand-icon-192.png +0 -0
package/scripts/sync-readme-snapshot.mjs +0 -133

package/app/modules/menuModule/menuCatalogService.js ADDED Viewed

@@ -0,0 +1,190 @@
+import { readFile } from 'node:fs/promises';
+import path from 'node:path';
+import logger from '#logger';
+const DEFAULT_LOCAL_CATALOG_PATH = path.resolve(process.cwd(), 'public/comandos/commands-catalog.json');
+const DEFAULT_REMOTE_CATALOG_URL = 'https://omnizap.shop/comandos/commands-catalog.json';
+const DEFAULT_CACHE_TTL_MS = 5 * 60 * 1000;
+const DEFAULT_FETCH_TIMEOUT_MS = 2500;
+const toPositiveInt = (value, fallback, min = 1, max = Number.MAX_SAFE_INTEGER) => {
+  const numeric = Number.parseInt(String(value ?? ''), 10);
+  if (!Number.isFinite(numeric) || numeric < min) return fallback;
+  return Math.max(min, Math.min(max, numeric));
+};
+const MENU_CATALOG_LOCAL_PATH = String(process.env.MENU_CATALOG_LOCAL_PATH || DEFAULT_LOCAL_CATALOG_PATH).trim() || DEFAULT_LOCAL_CATALOG_PATH;
+const MENU_CATALOG_REMOTE_URL = String(process.env.MENU_CATALOG_REMOTE_URL || DEFAULT_REMOTE_CATALOG_URL).trim() || DEFAULT_REMOTE_CATALOG_URL;
+const MENU_CATALOG_CACHE_TTL_MS = toPositiveInt(process.env.MENU_CATALOG_CACHE_TTL_MS, DEFAULT_CACHE_TTL_MS, 15_000, 30 * 60 * 1000);
+const MENU_CATALOG_FETCH_TIMEOUT_MS = toPositiveInt(process.env.MENU_CATALOG_FETCH_TIMEOUT_MS, DEFAULT_FETCH_TIMEOUT_MS, 500, 15_000);
+const MENU_CATALOG_REMOTE_ENABLED =
+  String(process.env.MENU_CATALOG_REMOTE_ENABLED ?? 'true')
+    .trim()
+    .toLowerCase() !== 'false';
+const sanitizeLogValue = (value) =>
+  String(value ?? '')
+    .replace(/[\r\n\t]+/g, ' ')
+    .replace(/\s+/g, ' ')
+    .trim();
+const normalizeCatalogCategories = (categories = []) =>
+  categories
+    .map((entry) => {
+      const key = String(entry?.key || '').trim();
+      const label = String(entry?.label || key || 'Categoria').trim();
+      const commands = Array.isArray(entry?.commands) ? entry.commands : [];
+      if (!key || !commands.length) return null;
+      return {
+        ...entry,
+        key,
+        label,
+        commands,
+      };
+    })
+    .filter(Boolean);
+const parseGeneratedAtMs = (catalog = null) => {
+  const parsed = Date.parse(String(catalog?.generated_at || '').trim());
+  return Number.isFinite(parsed) ? parsed : 0;
+};
+const normalizeCatalogPayload = (rawCatalog = null) => {
+  if (!rawCatalog || typeof rawCatalog !== 'object') {
+    throw new Error('catalogo_invalido: payload ausente');
+  }
+  const categories = normalizeCatalogCategories(rawCatalog.categories);
+  if (!categories.length) {
+    throw new Error('catalogo_invalido: sem categorias');
+  }
+  return {
+    ...rawCatalog,
+    categories,
+  };
+};
+const buildSnapshot = ({ catalog, source = 'unknown' } = {}) => ({
+  catalog,
+  source,
+  generatedAtMs: parseGeneratedAtMs(catalog),
+  fetchedAtMs: Date.now(),
+});
+const compareSnapshots = (left, right) => {
+  const leftGenerated = Number(left?.generatedAtMs || 0);
+  const rightGenerated = Number(right?.generatedAtMs || 0);
+  if (leftGenerated !== rightGenerated) return rightGenerated - leftGenerated;
+  const priority = {
+    remote: 3,
+    local: 2,
+    cache: 1,
+  };
+  return (priority[right?.source] || 0) - (priority[left?.source] || 0);
+};
+let catalogCache = {
+  snapshot: null,
+  expiresAt: 0,
+};
+const readLocalCatalogSnapshot = async () => {
+  const text = await readFile(MENU_CATALOG_LOCAL_PATH, 'utf8');
+  const parsed = JSON.parse(text);
+  const catalog = normalizeCatalogPayload(parsed);
+  return buildSnapshot({
+    catalog,
+    source: 'local',
+  });
+};
+const fetchRemoteCatalogSnapshot = async () => {
+  if (!MENU_CATALOG_REMOTE_ENABLED) return null;
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), MENU_CATALOG_FETCH_TIMEOUT_MS);
+  try {
+    const response = await fetch(MENU_CATALOG_REMOTE_URL, {
+      method: 'GET',
+      headers: {
+        accept: 'application/json',
+      },
+      signal: controller.signal,
+    });
+    if (!response.ok) {
+      throw new Error(`http_${response.status}`);
+    }
+    const parsed = await response.json();
+    const catalog = normalizeCatalogPayload(parsed);
+    return buildSnapshot({
+      catalog,
+      source: 'remote',
+    });
+  } finally {
+    clearTimeout(timeoutId);
+  }
+};
+export const getCommandsCatalogSnapshot = async ({ forceRefresh = false } = {}) => {
+  const now = Date.now();
+  if (!forceRefresh && catalogCache.snapshot && now < catalogCache.expiresAt) {
+    return catalogCache.snapshot;
+  }
+  const localPromise = readLocalCatalogSnapshot();
+  const remotePromise = MENU_CATALOG_REMOTE_ENABLED ? fetchRemoteCatalogSnapshot() : Promise.resolve(null);
+  const [localResult, remoteResult] = await Promise.allSettled([localPromise, remotePromise]);
+  const candidates = [];
+  if (localResult.status === 'fulfilled' && localResult.value) {
+    candidates.push(localResult.value);
+  } else if (localResult.status === 'rejected') {
+    logger.warn('Falha ao carregar catalogo local de comandos para o menu dinamico.', {
+      action: 'menu_catalog_local_load_failed',
+      error: sanitizeLogValue(localResult.reason?.message) || 'unknown_error',
+      catalogPath: MENU_CATALOG_LOCAL_PATH,
+    });
+  }
+  if (remoteResult.status === 'fulfilled' && remoteResult.value) {
+    candidates.push(remoteResult.value);
+  } else if (remoteResult.status === 'rejected') {
+    logger.warn('Falha ao atualizar catalogo remoto de comandos para o menu dinamico.', {
+      action: 'menu_catalog_remote_fetch_failed',
+      error: sanitizeLogValue(remoteResult.reason?.message) || 'unknown_error',
+      catalogUrl: MENU_CATALOG_REMOTE_URL,
+    });
+  }
+  if (catalogCache.snapshot) {
+    candidates.push({
+      ...catalogCache.snapshot,
+      source: 'cache',
+    });
+  }
+  candidates.sort(compareSnapshots);
+  const selectedSnapshot = candidates[0] || null;
+  if (!selectedSnapshot?.catalog) {
+    throw new Error('catalogo_indisponivel');
+  }
+  catalogCache = {
+    snapshot: selectedSnapshot,
+    expiresAt: now + MENU_CATALOG_CACHE_TTL_MS,
+  };
+  return selectedSnapshot;
+};
+export const resetMenuCatalogCacheForTests = () => {
+  catalogCache = {
+    snapshot: null,
+    expiresAt: 0,
+  };
+};

package/app/modules/menuModule/menuCommandUsageRepository.js ADDED Viewed

@@ -0,0 +1,109 @@
+import logger from '#logger';
+import { executeQuery, TABLES } from '../../../database/index.js';
+const DEFAULT_USAGE_WINDOW_DAYS = 30;
+const DEFAULT_TOP_LIMIT = 20;
+const DEFAULT_CACHE_TTL_MS = 90_000;
+const toPositiveInt = (value, fallback, min = 1, max = Number.MAX_SAFE_INTEGER) => {
+  const numeric = Number.parseInt(String(value ?? ''), 10);
+  if (!Number.isFinite(numeric) || numeric < min) return fallback;
+  return Math.max(min, Math.min(max, numeric));
+};
+const MENU_USAGE_CACHE_TTL_MS = toPositiveInt(process.env.MENU_USAGE_CACHE_TTL_MS, DEFAULT_CACHE_TTL_MS, 5000, 10 * 60 * 1000);
+const sanitizeLogValue = (value) =>
+  String(value ?? '')
+    .replace(/[\r\n\t]+/g, ' ')
+    .replace(/\s+/g, ' ')
+    .trim();
+const normalizeCommandName = (value) =>
+  String(value || '')
+    .trim()
+    .toLowerCase()
+    .replace(/[^a-z0-9_-]/g, '')
+    .slice(0, 64);
+const normalizeChatId = (value) => {
+  const normalized = String(value || '')
+    .trim()
+    .slice(0, 255);
+  return normalized || null;
+};
+const buildCacheKey = ({ days, limit, chatId }) => `days:${days}|limit:${limit}|chat:${chatId || 'global'}`;
+let usageCache = new Map();
+export const listTopCommandsByUsage = async ({ days = DEFAULT_USAGE_WINDOW_DAYS, limit = DEFAULT_TOP_LIMIT, chatId = null, forceRefresh = false } = {}) => {
+  const safeDays = toPositiveInt(days, DEFAULT_USAGE_WINDOW_DAYS, 1, 365);
+  const safeLimit = toPositiveInt(limit, DEFAULT_TOP_LIMIT, 1, 100);
+  const safeChatId = normalizeChatId(chatId);
+  const cacheKey = buildCacheKey({
+    days: safeDays,
+    limit: safeLimit,
+    chatId: safeChatId,
+  });
+  const now = Date.now();
+  const cached = usageCache.get(cacheKey);
+  if (!forceRefresh && cached && cached.expiresAt > now) {
+    return cached.rows;
+  }
+  const where = ['is_command = 1', 'command_known = 1', 'command_name IS NOT NULL', "command_name <> ''", 'created_at >= (UTC_TIMESTAMP() - INTERVAL ? DAY)'];
+  const params = [safeDays];
+  if (safeChatId) {
+    where.push('chat_id = ?');
+    params.push(safeChatId);
+  }
+  params.push(safeLimit);
+  try {
+    const rows = await executeQuery(
+      `SELECT command_name AS command_name, COUNT(*) AS usage_count
+         FROM ${TABLES.MESSAGE_ANALYSIS_EVENT}
+        WHERE ${where.join(' AND ')}
+        GROUP BY command_name
+        ORDER BY usage_count DESC
+        LIMIT ?`,
+      params,
+    );
+    const normalizedRows = (Array.isArray(rows) ? rows : [])
+      .map((row) => {
+        const commandName = normalizeCommandName(row?.command_name);
+        const usageCount = Number(row?.usage_count || 0);
+        if (!commandName || !Number.isFinite(usageCount) || usageCount <= 0) return null;
+        return {
+          commandName,
+          usageCount: Math.max(1, Math.floor(usageCount)),
+        };
+      })
+      .filter(Boolean);
+    usageCache.set(cacheKey, {
+      rows: normalizedRows,
+      expiresAt: now + MENU_USAGE_CACHE_TTL_MS,
+    });
+    return normalizedRows;
+  } catch (error) {
+    logger.warn('Falha ao consultar top comandos por uso para o menu dinamico.', {
+      action: 'menu_usage_query_failed',
+      error: sanitizeLogValue(error?.message) || 'unknown_error',
+      chatId: safeChatId || null,
+      days: safeDays,
+      limit: safeLimit,
+    });
+    return [];
+  }
+};
+export const resetMenuUsageCacheForTests = () => {
+  usageCache = new Map();
+};