npm - @omnizap-system/omnizap - Versions diffs - 2.6.0 → 2.6.2 - Mend

@omnizap-system/omnizap 2.6.0 → 2.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (261) hide show

package/.env.example +58 -13
package/.github/workflows/ci.yml +5 -5
package/.github/workflows/codeql.yml +1 -1
package/.github/workflows/db-migration-check.yml +2 -2
package/.github/workflows/dependency-review.yml +1 -1
package/.github/workflows/deploy.yml +2 -2
package/.github/workflows/release.yml +2 -2
package/.github/workflows/security-attest-provenance.yml +2 -2
package/.github/workflows/security-gitleaks.yml +13 -4
package/.github/workflows/security-runner-hardening.yml +2 -2
package/.github/workflows/security-scorecard.yml +1 -1
package/.github/workflows/security-zap-baseline.yml +1 -1
package/.github/workflows/security-zap-full-scan.yml +2 -1
package/.github/workflows/security-zizmor.yml +1 -1
package/.github/workflows/wiki-sync.yml +1 -1
package/.gitleaksignore +9 -0
package/CODE_OF_CONDUCT.md +2 -2
package/GEMINI.md +64 -0
package/README.md +52 -82
package/SECURITY.md +1 -1
package/app/config/index.js +2 -0
package/app/configParts/adminIdentity.js +5 -5
package/app/configParts/baileysConfig.js +230 -58
package/app/configParts/groupUtils.js +5 -0
package/app/configParts/messagePersistenceService.js +145 -4
package/app/configParts/sessionConfig.js +157 -0
package/app/connection/baileysCompatibility.test.js +1 -1
package/app/connection/groupOwnerWriteStateResolver.js +109 -0
package/app/connection/socketController.js +660 -158
package/app/connection/socketController.multiSession.test.js +108 -0
package/app/controllers/messageController.js +1 -1
package/app/controllers/messagePipeline/commandMiddleware.js +12 -10
package/app/controllers/messagePipeline/conversationMiddleware.js +2 -1
package/app/controllers/messagePipeline/messagePipelineMiddlewares.test.js +104 -0
package/app/controllers/messagePipeline/preProcessingMiddlewares.js +80 -2
package/app/controllers/messageProcessingPipeline.js +93 -13
package/app/controllers/messageProcessingPipeline.test.js +200 -0
package/app/modules/adminModule/AGENT.md +1 -1
package/app/modules/adminModule/commandConfig.json +3318 -1347
package/app/modules/adminModule/groupCommandHandlers.js +858 -15
package/app/modules/adminModule/groupCommandHandlers.test.js +378 -11
package/app/modules/adminModule/groupWarningRepository.js +152 -0
package/app/modules/aiModule/AGENT.md +47 -30
package/app/modules/aiModule/aiConfigRuntime.js +1 -0
package/app/modules/aiModule/catCommand.js +135 -27
package/app/modules/aiModule/commandConfig.json +114 -28
package/app/modules/analyticsModule/messageAnalysisEventRepository.js +54 -6
package/app/modules/gameModule/AGENT.md +1 -1
package/app/modules/gameModule/commandConfig.json +29 -0
package/app/modules/menuModule/AGENT.md +1 -1
package/app/modules/menuModule/commandConfig.json +45 -10
package/app/modules/menuModule/menuCatalogService.js +190 -0
package/app/modules/menuModule/menuCommandUsageRepository.js +109 -0
package/app/modules/menuModule/menuDynamicService.js +511 -0
package/app/modules/menuModule/menuDynamicService.test.js +141 -0
package/app/modules/menuModule/menus.js +36 -5
package/app/modules/playModule/AGENT.md +10 -5
package/app/modules/playModule/commandConfig.json +140 -12
package/app/modules/playModule/playCommand.js +1 -1417
package/app/modules/playModule/playCommandConstants.js +80 -0
package/app/modules/playModule/playCommandCore.js +361 -0
package/app/modules/playModule/playCommandHandlers.js +41 -0
package/app/modules/playModule/playCommandMediaClient.js +1872 -0
package/app/modules/playModule/playConfigRuntime.js +245 -4
package/app/modules/playModule/playModuleCriticalFlows.test.js +152 -0
package/app/modules/quoteModule/AGENT.md +1 -1
package/app/modules/quoteModule/commandConfig.json +29 -0
package/app/modules/quoteModule/quoteCommand.js +3 -2
package/app/modules/rpgPokemonModule/AGENT.md +1 -1
package/app/modules/rpgPokemonModule/commandConfig.json +29 -0
package/app/modules/rpgPokemonModule/rpgBattleCanvasRenderer.js +5 -4
package/app/modules/rpgPokemonModule/rpgBattleService.test.js +2 -1
package/app/modules/rpgPokemonModule/rpgPokemonDomain.js +2 -1
package/app/modules/rpgPokemonModule/rpgPokemonService.js +38 -37
package/app/modules/rpgPokemonModule/rpgProfileCanvasRenderer.js +4 -3
package/app/modules/statsModule/AGENT.md +1 -1
package/app/modules/statsModule/commandConfig.json +58 -0
package/app/modules/statsModule/rankingCommon.js +5 -4
package/app/modules/stickerModule/AGENT.md +1 -1
package/app/modules/stickerModule/addStickerMetadata.js +4 -3
package/app/modules/stickerModule/commandConfig.json +145 -0
package/app/modules/stickerModule/stickerCommand.js +1 -1
package/app/modules/stickerPackModule/AGENT.md +1 -1
package/app/modules/stickerPackModule/autoPackCollectorService.js +5 -1
package/app/modules/stickerPackModule/commandConfig.json +29 -0
package/app/modules/stickerPackModule/semanticThemeClusterService.js +7 -6
package/app/modules/stickerPackModule/stickerAutoPackByTagsRuntime.js +10 -9
package/app/modules/stickerPackModule/stickerClassificationBackgroundRuntime.js +9 -8
package/app/modules/stickerPackModule/stickerDomainEventConsumerRuntime.js +3 -2
package/app/modules/stickerPackModule/stickerMarketplaceDriftService.js +2 -1
package/app/modules/stickerPackModule/stickerPackCommandHandlers.js +80 -58
package/app/modules/stickerPackModule/stickerPackMarketplaceService.js +2 -1
package/app/modules/stickerPackModule/stickerPackRepository.js +2 -1
package/app/modules/stickerPackModule/stickerPackScoreSnapshotRuntime.js +5 -4
package/app/modules/stickerPackModule/stickerPackService.js +13 -6
package/app/modules/stickerPackModule/stickerStorageService.js +3 -2
package/app/modules/stickerPackModule/stickerWorkerPipelineRuntime.js +2 -1
package/app/modules/systemMetricsModule/AGENT.md +1 -1
package/app/modules/systemMetricsModule/commandConfig.json +29 -0
package/app/modules/systemMetricsModule/pingCommand.js +6 -5
package/app/modules/tiktokModule/AGENT.md +1 -1
package/app/modules/tiktokModule/commandConfig.json +29 -0
package/app/modules/tiktokModule/tiktokCommand.js +2 -1
package/app/modules/userModule/AGENT.md +1 -1
package/app/modules/userModule/commandConfig.json +29 -0
package/app/modules/userModule/userCommand.js +72 -23
package/app/modules/waifuPicsModule/AGENT.md +57 -27
package/app/modules/waifuPicsModule/commandConfig.json +87 -0
package/app/modules/waifuPicsModule/waifuPicsCommand.js +3 -2
package/app/observability/metrics.js +136 -0
package/app/services/ai/commandConfigEnrichmentService.js +229 -47
package/app/services/ai/conversationRouterService.js +4 -3
package/app/services/ai/geminiService.js +132 -7
package/app/services/ai/geminiService.test.js +59 -2
package/app/services/ai/globalModuleAiHelpService.js +3 -2
package/app/services/ai/messageCommandExecutionService.js +2 -1
package/app/services/ai/moduleAiHelpCoreService.js +45 -14
package/app/services/ai/moduleToolExecutorService.js +3 -2
package/app/services/ai/moduleToolRegistryService.js +2 -1
package/app/services/ai/toolCandidateSelectorService.js +6 -5
package/app/services/auth/googleWebLinkService.js +3 -2
package/app/services/auth/whatsappLoginLinkService.js +3 -2
package/app/services/external/pokeApiService.js +4 -3
package/app/services/group/groupMetadataService.js +24 -1
package/app/services/infra/dbWriteQueue.js +57 -26
package/app/services/infra/featureFlagService.js +2 -1
package/app/services/messaging/captchaService.js +3 -2
package/app/services/messaging/newsBroadcastService.js +846 -29
package/app/services/multiSession/assignmentBalancerService.js +457 -0
package/app/services/multiSession/groupOwnershipRepository.js +381 -0
package/app/services/multiSession/groupOwnershipService.js +890 -0
package/app/services/multiSession/groupOwnershipService.test.js +309 -0
package/app/services/multiSession/sessionRegistryService.js +293 -0
package/app/services/sticker/stickerFocusService.js +11 -10
package/app/store/aiPromptStore.js +36 -19
package/app/store/conversationSessionStore.js +7 -6
package/app/store/groupConfigStore.js +41 -5
package/app/store/premiumUserStore.js +21 -7
package/app/utils/antiLink/antiLinkModule.js +352 -16
package/app/workers/aiHelperContinuousLearningWorker.js +512 -0
package/app/workers/aiLearningWorker.js +6 -5
package/app/workers/commandConfigEnrichmentWorker.js +4 -3
package/database/index.js +14 -8
package/database/migrations/20260307_d0_hardening_down.sql +1 -1
package/database/migrations/20260314_d7_canonical_sender_down.sql +1 -1
package/database/migrations/20260406_d30_security_analytics_down.sql +1 -1
package/database/migrations/20260411_d35_group_community_metadata_down.sql +59 -0
package/database/migrations/20260411_d35_group_community_metadata_up.sql +62 -0
package/database/migrations/20260412_d36_system_config_tables_down.sql +32 -0
package/database/migrations/20260412_d36_system_config_tables_up.sql +66 -0
package/database/migrations/20260413_d37_group_user_warnings_down.sql +11 -0
package/database/migrations/20260413_d37_group_user_warnings_up.sql +24 -0
package/database/migrations/20260414_d38_multi_session_foundation_down.sql +72 -0
package/database/migrations/20260414_d38_multi_session_foundation_up.sql +125 -0
package/database/migrations/20260414_d39_multi_session_cutover_down.sql +103 -0
package/database/migrations/20260414_d39_multi_session_cutover_up.sql +83 -0
package/database/schema.sql +102 -1
package/docker-compose.yml +4 -1
package/docs/compliance/acceptable-use-policy-2026-03-07.md +1 -1
package/docs/compliance/dpa-b2b-standard-2026-03-07.md +1 -1
package/docs/compliance/privacy-policy-2026-03-07.md +4 -4
package/docs/security/dsar-lgpd-runbook-2026-03-07.md +1 -1
package/docs/security/incident-response-lgpd-anpd-runbook-2026-03-07.md +1 -1
package/docs/security/network-hardening-runbook-2026-03-07.md +53 -0
package/docs/security/omnizap-static-security-headers.conf +25 -0
package/docs/wiki/Home.md +1 -1
package/ecosystem.prod.config.cjs +32 -12
package/index.js +57 -23
package/observability/alert-rules.yml +20 -0
package/observability/grafana/dashboards/omnizap-system-admin.json +229 -0
package/observability/mysql-setup.sql +4 -4
package/observability/system-admin-observability.md +26 -0
package/package.json +20 -6
package/public/apple-touch-icon.png +0 -0
package/public/comandos/commands-catalog.json +2853 -3326
package/public/favicon-16x16.png +0 -0
package/public/favicon-32x32.png +0 -0
package/public/favicon.ico +0 -0
package/public/js/apps/apiDocsApp.js +3 -2
package/public/js/apps/commandsReactApp.js +280 -99
package/public/js/apps/createPackApp.js +11 -10
package/public/js/apps/homeReactApp.js +181 -130
package/public/js/apps/loginReactApp.js +1 -1
package/public/js/apps/stickersApp.js +263 -110
package/public/js/apps/termsReactApp.js +73 -24
package/public/js/apps/userApp.js +4 -3
package/public/js/apps/userPasswordResetReactApp.js +406 -0
package/public/js/apps/userReactApp.js +355 -280
package/public/js/apps/userSystemAdmReactApp.js +1506 -0
package/public/pages/api-docs.html +1 -1
package/public/pages/aup.html +2 -2
package/public/pages/dpa.html +3 -3
package/public/pages/licenca.html +4 -4
package/public/pages/login.html +1 -1
package/public/pages/notice-and-takedown.html +2 -2
package/public/pages/politica-de-privacidade.html +6 -6
package/public/pages/seo-bot-whatsapp-para-grupo.html +3 -3
package/public/pages/seo-bot-whatsapp-sem-programar.html +3 -3
package/public/pages/seo-como-automatizar-avisos-no-whatsapp.html +3 -3
package/public/pages/seo-como-criar-comandos-whatsapp.html +3 -3
package/public/pages/seo-como-evitar-spam-no-whatsapp.html +3 -3
package/public/pages/seo-como-moderar-grupo-whatsapp.html +3 -3
package/public/pages/seo-como-organizar-comunidade-whatsapp.html +3 -3
package/public/pages/seo-melhor-bot-whatsapp-para-grupos.html +3 -3
package/public/pages/stickers-admin.html +1 -1
package/public/pages/stickers-create.html +1 -1
package/public/pages/stickers.html +6 -6
package/public/pages/suboperadores.html +2 -2
package/public/pages/termos-de-uso-texto-integral.html +6 -6
package/public/pages/termos-de-uso.html +3 -3
package/public/pages/user-password-reset.html +4 -5
package/public/pages/user-systemadm.html +9 -463
package/public/pages/user.html +2 -2
package/scripts/clear-whatsapp-session.sh +123 -0
package/scripts/core-ai-mode.mjs +163 -0
package/scripts/deploy.sh +11 -1
package/scripts/email-broadcast-terms-update.mjs +2 -1
package/scripts/enrich-command-config-ux-openai.mjs +492 -0
package/scripts/generate-commands-catalog.mjs +166 -2
package/scripts/generate-module-agents.mjs +2 -1
package/scripts/generate-seo-satellite-pages.mjs +5 -4
package/scripts/github-deploy-notify.mjs +2 -1
package/scripts/github-release-notify.mjs +25 -10
package/scripts/new-whatsapp-session.sh +317 -0
package/scripts/release.sh +2 -19
package/scripts/security-smoketest.mjs +6 -5
package/scripts/security-web-surface-check.mjs +218 -0
package/scripts/sticker-catalog-loadtest.mjs +5 -4
package/server/auth/googleWebAuth/googleWebAuthService.js +8 -7
package/server/auth/jwt/webJwtService.js +1 -1
package/server/auth/stickerCatalogAuthContext.js +2 -1
package/server/auth/termsAcceptance/termsAcceptanceHandler.js +2 -1
package/server/auth/userPassword/userPasswordAuthService.js +2 -1
package/server/auth/userPassword/userPasswordRecoveryService.js +4 -3
package/server/auth/webAccount/webAccountHandlers.js +9 -10
package/server/controllers/admin/adminPanelHandlers.js +267 -16
package/server/controllers/admin/systemAdminController.js +267 -0
package/server/controllers/seo/stickerCatalogSeoContext.js +10 -9
package/server/controllers/sticker/nonCatalogHandlers.js +2 -1
package/server/controllers/sticker/stickerCatalogController.js +23 -36
package/server/controllers/system/contactController.js +9 -17
package/server/controllers/system/githubController.js +3 -2
package/server/controllers/system/stickerCatalogSystemContext.js +41 -19
package/server/controllers/system/systemController.js +254 -1
package/server/controllers/system/systemMetricsController.js +2 -1
package/server/controllers/userController.js +6 -0
package/server/email/emailTemplateService.js +5 -3
package/server/http/httpServer.js +11 -6
package/server/middleware/rateLimit.js +2 -1
package/server/middleware/securityHeaders.js +20 -1
package/server/routes/admin/systemAdminRouter.js +6 -0
package/server/routes/indexRouter.js +30 -6
package/server/routes/observability/grafanaProxyRouter.js +254 -0
package/server/routes/static/staticPageRouter.js +27 -1
package/server/utils/publicContact.js +31 -0
package/utils/time/timeModule.js +135 -0
package/utils/time/timeModule.test.js +65 -0
package/utils/whatsapp/contactEnv.js +39 -0
package/vite.config.mjs +7 -1
package/public/assets/images/brand-icon-192.png +0 -0
package/scripts/sync-readme-snapshot.mjs +0 -133

package/server/controllers/admin/adminPanelHandlers.js CHANGED Viewed

@@ -1,6 +1,8 @@
+import { now as __timeNow, nowIso as __timeNowIso, toUnixMs as __timeNowMs } from '#time';
 import { randomUUID, randomBytes, scryptSync, timingSafeEqual } from 'node:crypto';
-import { URLSearchParams } from 'node:url';
+import { URL, URLSearchParams } from 'node:url';
+import { setAdminOverviewSnapshot } from '../../../app/observability/metrics.js';
 import { parseAdminModeratorUpsertPayload, parseAdminSessionPasswordPayload } from '../../auth/validation/authSchemas.js';
 export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger, sendJson, readJsonBody, parseCookies, getCookieValuesFromRequest, appendSetCookie, buildCookieString, sanitizeText, normalizeGoogleSubject, normalizeEmail, normalizeJid, toIsoOrNull, toWhatsAppPhoneDigits, mapGoogleSessionResponseData, resolveGoogleWebSessionFromRequest, revokeGoogleWebSessionsByIdentity, getMarketplaceGlobalStatsCached, getSystemSummaryCached, getFeatureFlagsSnapshot, refreshFeatureFlags, listAdminBans, createAdminBanRecord, revokeAdminBanRecord, normalizeVisitPath, stickerWebPath, findStickerPackByPackKey, stickerPackService, buildManagedPackResponseData, sendManagedMutationStatus, sendManagedPackMutationStatus, deleteManagedPackWithCleanup, mapStickerPackWebManageError, cleanupOrphanStickerAssets, invalidateStickerCatalogDerivedCaches }) => {
@@ -15,6 +17,229 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
   const ADMIN_PANEL_SESSION_TTL_MS = Math.max(10 * 60 * 1000, Number(process.env.ADM_PANEL_SESSION_TTL_MS) || 12 * 60 * 60 * 1000);
   const ADMIN_MODERATOR_PASSWORD_MIN_LENGTH = Math.max(6, Number(process.env.ADM_MODERATOR_PASSWORD_MIN_LENGTH) || 8);
   const ADMIN_PANEL_SESSION_COOKIE_NAME = 'omnizap_admin_panel_session';
+  const SYSTEM_ADMIN_GRAFANA_TIME_FROM = sanitizeText(process.env.SYSTEM_ADMIN_GRAFANA_TIME_FROM || 'now-6h', 40, { allowEmpty: true }) || 'now-6h';
+  const SYSTEM_ADMIN_GRAFANA_TIME_TO = sanitizeText(process.env.SYSTEM_ADMIN_GRAFANA_TIME_TO || 'now', 40, { allowEmpty: true }) || 'now';
+  const SYSTEM_ADMIN_GRAFANA_REFRESH = sanitizeText(process.env.SYSTEM_ADMIN_GRAFANA_REFRESH || '10s', 20, { allowEmpty: true }) || '10s';
+  const SYSTEM_ADMIN_GRAFANA_STATUS_TIMEOUT_MS = Math.max(800, Number(process.env.SYSTEM_ADMIN_GRAFANA_STATUS_TIMEOUT_MS) || 2500);
+  const SYSTEM_ADMIN_GRAFANA_STATUS_CACHE_TTL_MS = Math.max(5000, Number(process.env.SYSTEM_ADMIN_GRAFANA_STATUS_CACHE_TTL_MS) || 15000);
+  const normalizeGrafanaBaseUrl = (value) => {
+    const raw = String(value || '').trim();
+    if (!raw) return '';
+    try {
+      const parsed = new URL(raw);
+      if (!['http:', 'https:'].includes(parsed.protocol)) return '';
+      const normalizedPathname = String(parsed.pathname || '/').replace(/\/+$/, '');
+      parsed.search = '';
+      parsed.hash = '';
+      return `${parsed.origin}${normalizedPathname === '/' ? '' : normalizedPathname}`;
+    } catch {
+      return '';
+    }
+  };
+  const normalizeGrafanaUid = (value) =>
+    String(value || '')
+      .trim()
+      .replace(/[^a-zA-Z0-9_-]/g, '')
+      .slice(0, 120);
+  const slugifyGrafanaDashboard = (value) => {
+    const raw = String(value || '')
+      .trim()
+      .toLowerCase();
+    const slug = raw
+      .replace(/[^a-z0-9]+/g, '-')
+      .replace(/^-+|-+$/g, '')
+      .slice(0, 90);
+    return slug || 'dashboard';
+  };
+  const parseGrafanaDashboardDefinitions = () => {
+    const raw = String(process.env.SYSTEM_ADMIN_GRAFANA_DASHBOARDS || '')
+      .split(',')
+      .map((item) => String(item || '').trim())
+      .filter(Boolean);
+    const parsed = raw
+      .map((entry) => {
+        const [uidPart, ...titleParts] = entry.split('|');
+        const uid = normalizeGrafanaUid(uidPart);
+        const title = sanitizeText(titleParts.join('|') || '', 90, { allowEmpty: true }) || '';
+        return uid ? { uid, title } : null;
+      })
+      .filter(Boolean);
+    if (parsed.length) return parsed;
+    return [
+      { uid: 'omnizap-system-admin', title: 'System Admin' },
+      { uid: 'omnizap-overview', title: 'Overview' },
+      { uid: 'omnizap-mysql', title: 'MySQL' },
+    ];
+  };
+  const buildAdminGrafanaObservabilityLinks = () => {
+    const baseUrl = normalizeGrafanaBaseUrl(process.env.SYSTEM_ADMIN_GRAFANA_URL || process.env.GRAFANA_PUBLIC_URL || '');
+    if (!baseUrl) {
+      return {
+        enabled: false,
+        base_url: null,
+        dashboards: [],
+      };
+    }
+    const base = new URL(`${baseUrl}/`);
+    const definitions = parseGrafanaDashboardDefinitions();
+    const dashboards = definitions
+      .map((entry, index) => {
+        const uid = normalizeGrafanaUid(entry?.uid || '');
+        if (!uid) return null;
+        const title = sanitizeText(entry?.title || '', 90, { allowEmpty: true }) || `Dashboard ${index + 1}`;
+        const slug = slugifyGrafanaDashboard(title || uid);
+        const viewUrl = new URL(`d/${encodeURIComponent(uid)}/${encodeURIComponent(slug)}`, base);
+        viewUrl.searchParams.set('orgId', '1');
+        viewUrl.searchParams.set('from', SYSTEM_ADMIN_GRAFANA_TIME_FROM);
+        viewUrl.searchParams.set('to', SYSTEM_ADMIN_GRAFANA_TIME_TO);
+        viewUrl.searchParams.set('refresh', SYSTEM_ADMIN_GRAFANA_REFRESH);
+        const embedUrl = new URL(String(viewUrl));
+        embedUrl.searchParams.set('kiosk', 'tv');
+        return {
+          uid,
+          title,
+          view_url: viewUrl.toString(),
+          embed_url: embedUrl.toString(),
+        };
+      })
+      .filter(Boolean);
+    return {
+      enabled: dashboards.length > 0,
+      base_url: baseUrl,
+      dashboards,
+    };
+  };
+  const grafanaObservabilityLinks = buildAdminGrafanaObservabilityLinks();
+  let grafanaRuntimeSnapshotCache = {
+    expires_at_ms: 0,
+    payload: null,
+  };
+  const resolveGrafanaHealthEndpointUrl = () => {
+    const candidates = [process.env.GRAFANA_PROXY_TARGET_URL, process.env.GRAFANA_INTERNAL_URL, process.env.SYSTEM_ADMIN_GRAFANA_URL, process.env.GRAFANA_PUBLIC_URL];
+    for (const candidate of candidates) {
+      const baseUrl = normalizeGrafanaBaseUrl(candidate);
+      if (!baseUrl) continue;
+      try {
+        return new URL('api/health', `${baseUrl}/`).toString();
+      } catch {
+        // noop
+      }
+    }
+    return '';
+  };
+  const getGrafanaRuntimeSnapshot = async () => {
+    const nowMs = __timeNowMs();
+    if (grafanaRuntimeSnapshotCache.payload && nowMs < grafanaRuntimeSnapshotCache.expires_at_ms) {
+      return grafanaRuntimeSnapshotCache.payload;
+    }
+    const dashboardsTotal = Array.isArray(grafanaObservabilityLinks?.dashboards) ? grafanaObservabilityLinks.dashboards.length : 0;
+    const baseSnapshot = {
+      enabled: Boolean(grafanaObservabilityLinks?.enabled),
+      available: false,
+      status: 'unavailable',
+      response_ms: null,
+      checked_at: __timeNowIso(),
+      http_status: null,
+      version: null,
+      database: null,
+      commit: null,
+      dashboards_total: dashboardsTotal,
+      error: null,
+    };
+    const healthEndpointUrl = resolveGrafanaHealthEndpointUrl();
+    if (!healthEndpointUrl) {
+      grafanaRuntimeSnapshotCache = {
+        expires_at_ms: nowMs + SYSTEM_ADMIN_GRAFANA_STATUS_CACHE_TTL_MS,
+        payload: baseSnapshot,
+      };
+      return baseSnapshot;
+    }
+    const controller = typeof AbortController === 'function' ? new AbortController() : null;
+    const timeoutId =
+      controller && Number.isFinite(SYSTEM_ADMIN_GRAFANA_STATUS_TIMEOUT_MS)
+        ? setTimeout(() => {
+            controller.abort();
+          }, SYSTEM_ADMIN_GRAFANA_STATUS_TIMEOUT_MS)
+        : null;
+    const startedAtMs = __timeNowMs();
+    try {
+      const response = await globalThis.fetch(healthEndpointUrl, {
+        method: 'GET',
+        headers: {
+          Accept: 'application/json',
+        },
+        signal: controller?.signal,
+      });
+      const responseMs = Math.max(0, __timeNowMs() - startedAtMs);
+      let payload = null;
+      try {
+        payload = await response.json();
+      } catch {
+        payload = null;
+      }
+      const version = sanitizeText(payload?.version || '', 40, { allowEmpty: true }) || null;
+      const commit = sanitizeText(payload?.commit || '', 80, { allowEmpty: true }) || null;
+      const database = sanitizeText(payload?.database || '', 30, { allowEmpty: true }) || null;
+      const normalizedDatabase = String(database || '')
+        .trim()
+        .toLowerCase();
+      const status = !response.ok ? 'offline' : normalizedDatabase === 'ok' ? 'online' : normalizedDatabase ? 'degraded' : 'online';
+      const snapshot = {
+        ...baseSnapshot,
+        available: response.ok,
+        status,
+        response_ms: responseMs,
+        checked_at: __timeNowIso(),
+        http_status: Number(response.status || 0) || null,
+        version,
+        database,
+        commit,
+      };
+      grafanaRuntimeSnapshotCache = {
+        expires_at_ms: __timeNowMs() + SYSTEM_ADMIN_GRAFANA_STATUS_CACHE_TTL_MS,
+        payload: snapshot,
+      };
+      return snapshot;
+    } catch (error) {
+      const responseMs = Math.max(0, __timeNowMs() - startedAtMs);
+      const isAbort = error?.name === 'AbortError';
+      const snapshot = {
+        ...baseSnapshot,
+        status: 'offline',
+        response_ms: responseMs,
+        checked_at: __timeNowIso(),
+        error: sanitizeText(isAbort ? 'timeout' : error?.message || 'fetch_failed', 80, { allowEmpty: true }) || 'fetch_failed',
+      };
+      grafanaRuntimeSnapshotCache = {
+        expires_at_ms: __timeNowMs() + SYSTEM_ADMIN_GRAFANA_STATUS_CACHE_TTL_MS,
+        payload: snapshot,
+      };
+      return snapshot;
+    } finally {
+      if (timeoutId) clearTimeout(timeoutId);
+    }
+  };
   const adminPanelSessionMap = new Map();
   let adminPanelSessionPruneAt = 0;
@@ -298,7 +523,7 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
   };
   const pruneExpiredAdminPanelSessions = () => {
-    const now = Date.now();
+    const now = __timeNowMs();
     if (now - adminPanelSessionPruneAt < 30_000) return;
     adminPanelSessionPruneAt = now;
     for (const [token, session] of adminPanelSessionMap.entries()) {
@@ -334,7 +559,7 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
   const createAdminPanelSession = (googleSession, { role = 'owner' } = {}) => {
     pruneExpiredAdminPanelSessions();
-    const now = Date.now();
+    const now = __timeNowMs();
     const normalizedRole = normalizeAdminPanelRole(role, 'owner');
     const token = randomUUID();
     const session = {
@@ -359,7 +584,7 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
     if (!token) return null;
     const session = adminPanelSessionMap.get(token);
     if (!session) return null;
-    if (Number(session.expiresAt || 0) <= Date.now()) {
+    if (Number(session.expiresAt || 0) <= __timeNowMs()) {
       adminPanelSessionMap.delete(token);
       return null;
     }
@@ -616,7 +841,7 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
       rollout_percent: Math.max(0, Math.min(100, Number(row?.rollout_percent ?? normalizedRollout))),
       description: sanitizeText(row?.description || '', 255, { allowEmpty: true }) || null,
       updated_by: sanitizeText(row?.updated_by || '', 120, { allowEmpty: true }) || null,
-      updated_at: toIsoOrNull(row?.updated_at) || new Date().toISOString(),
+      updated_at: toIsoOrNull(row?.updated_at) || __timeNowIso(),
     };
   };
@@ -759,7 +984,7 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
   const buildAdminAlertSnapshot = ({ dashboardQuick = null, systemHealth = null, systemSummary = null, systemMeta = null } = {}) => {
     const alerts = [];
-    const updatedAt = toIsoOrNull(systemSummary?.updated_at) || new Date().toISOString();
+    const updatedAt = toIsoOrNull(systemSummary?.updated_at) || __timeNowIso();
     const pushAlert = (severity, code, title, message) => {
       alerts.push({
         id: `${code}:${severity}`,
@@ -956,7 +1181,7 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
   };
   const buildAdminOverviewPayload = async ({ adminSession = null } = {}) => {
-    const [marketplaceStats, activeSessions, knownUsers, bans, packsCountRows, stickersCountRows, recentPacks, visitSummary, systemSummaryPayload, messageFlowDaily, moderationQueue, auditLog, featureFlags] = await Promise.all([
+    const [marketplaceStats, activeSessions, knownUsers, bans, packsCountRows, stickersCountRows, recentPacks, visitSummary, systemSummaryPayload, messageFlowDaily, moderationQueue, auditLog, featureFlags, grafanaRuntimeSnapshot] = await Promise.all([
       getMarketplaceGlobalStatsCached().catch(() => null),
       listAdminActiveGoogleWebSessions({ limit: 80 }),
       listAdminKnownGoogleUsers({ limit: 120 }),
@@ -975,6 +1200,19 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
       buildModerationQueueSnapshot({ limit: 80 }).catch(() => []),
       listAdminAuditLog({ limit: 120 }).catch(() => []),
       listAdminFeatureFlagsDetailed({ limit: 300 }).catch(() => []),
+      getGrafanaRuntimeSnapshot().catch(() => ({
+        enabled: Boolean(grafanaObservabilityLinks?.enabled),
+        available: false,
+        status: 'offline',
+        response_ms: null,
+        checked_at: __timeNowIso(),
+        http_status: null,
+        version: null,
+        database: null,
+        commit: null,
+        dashboards_total: Array.isArray(grafanaObservabilityLinks?.dashboards) ? grafanaObservabilityLinks.dashboards.length : 0,
+        error: 'runtime_snapshot_failed',
+      })),
     ]);
     const systemSummary = systemSummaryPayload?.data || null;
@@ -996,7 +1234,7 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
       systemMeta,
     });
-    return {
+    const overviewPayload = {
       admin_session: mapAdminPanelSessionResponseData(adminSession),
       marketplace_stats: marketplaceStats,
       counters: {
@@ -1044,9 +1282,22 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
       visit_metrics: visitSummary,
       system_summary: systemSummary,
       system_meta: systemMeta,
+      observability_links: {
+        grafana: grafanaObservabilityLinks,
+      },
+      observability_runtime: {
+        grafana: grafanaRuntimeSnapshot,
+      },
       message_flow_daily: messageFlowDaily,
-      updated_at: new Date().toISOString(),
+      updated_at: __timeNowIso(),
     };
+    setAdminOverviewSnapshot({
+      overview: overviewPayload,
+      source: 'admin_overview_payload',
+    });
+    return overviewPayload;
   };
   const findAdminPackContextByKey = async (rawPackKey) => {
@@ -1364,7 +1615,7 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
             action,
             success: true,
             message: 'Caches internos invalidados com sucesso.',
-            updated_at: new Date().toISOString(),
+            updated_at: __timeNowIso(),
           },
         });
         return;
@@ -1408,7 +1659,7 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
             success: true,
             released_processing_items: released,
             message: released > 0 ? 'Itens em processamento foram recolocados em pending.' : 'Nenhum item travado encontrado nas filas.',
-            updated_at: new Date().toISOString(),
+            updated_at: __timeNowIso(),
           },
         });
         return;
@@ -1418,7 +1669,7 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
         const payloadJson = JSON.stringify({
           source: 'admin_panel',
           requested_by: normalizeEmail(adminSession?.email) || normalizeGoogleSubject(adminSession?.googleSub) || 'admin',
-          requested_at: new Date().toISOString(),
+          requested_at: __timeNowIso(),
         });
         await executeQuery(
           `INSERT INTO ${TABLES.STICKER_WORKER_TASK_QUEUE}
@@ -1440,7 +1691,7 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
             success: true,
             enqueued_tasks: 2,
             message: 'Ciclos de classificação e curadoria foram agendados.',
-            updated_at: new Date().toISOString(),
+            updated_at: __timeNowIso(),
           },
         });
         return;
@@ -1632,7 +1883,7 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
         data: {
           type,
           format: 'json',
-          exported_at: new Date().toISOString(),
+          exported_at: __timeNowIso(),
           payload: exportData,
         },
       });
@@ -1705,7 +1956,7 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
     }
     const csv = buildCsv(rows, headers);
-    const stamp = new Date().toISOString().slice(0, 19).replace(/[:T]/g, '-');
+    const stamp = __timeNowIso().slice(0, 19).replace(/[:T]/g, '-');
     res.statusCode = 200;
     res.setHeader('Content-Type', 'text/csv; charset=utf-8');
     res.setHeader('Content-Disposition', `attachment; filename="admin-${type}-${stamp}.csv"`);
@@ -1862,7 +2113,7 @@ export const createStickerCatalogAdminHandlers = ({ executeQuery, tables, logger
       deleted: !result?.missing,
       pack_key: result?.deletedPack?.pack_key || context.packKey,
       id: result?.deletedPack?.id || context.fullPack?.id || null,
-      deleted_at: toIsoOrNull(result?.deletedPack?.deleted_at || new Date()),
+      deleted_at: toIsoOrNull(result?.deletedPack?.deleted_at || __timeNow()),
       removed_sticker_count: Number(result?.removedCount || 0),
     });
   };