@omnizap-system/omnizap 2.6.1 → 2.6.2

package/.env.example

@@ -10,8 +10,6 @@
 # ==============================
 # PRIORIDADE 1 - CRITICO (startup)
 # ==============================
-BOT_NUMBER=
-BOT_PHONE_NUMBER=
 COMMAND_PREFIX="#"
 COMMAND_REACT_EMOJI=🤖
 DB_HOST=localhost
@@ -35,8 +33,6 @@ NODE_ENV=development
 OPENAI_API_KEY=
 GEMINI_API_KEY=
 GEMINI_API_BASE_URL=https://generativelanguage.googleapis.com/v1beta
-OWNER_NUMBER=5511999999999
-PHONE_NUMBER=
 PM2_APP_NAME=omnizap
 SITE_ORIGIN=https://omnizap.shop
 STICKER_API_BASE_PATH=/api/sticker-packs
@@ -46,13 +42,22 @@ SYSTEM_ADMIN_API_BASE_PATH=/api/admin
 STICKER_STORAGE_DIR=./data/stickers
 STICKER_WEB_ORIGIN=https://omnizap.shop
 STICKER_WEB_PATH=/stickers
-USER_ADMIN=seu_jid_de_admin@s.whatsapp.net
 WHATSAPP_BOT_NUMBER=5511999999999
+WHATSAPP_SUPPORT_NUMBER=5511999999999
+WHATSAPP_ADMIN_NUMBER=5511999999999
+WHATSAPP_ADMIN_JID=seu_jid_de_admin@s.whatsapp.net
 WHATSAPP_LOGIN_BASE_URL=https://omnizap.shop
 WHATSAPP_LOGIN_LINK_SECRET=troque_por_um_segredo_forte
 WHATSAPP_LOGIN_PATH=/login/
 WHATSAPP_LOGIN_TRIGGER=iniciar
-WHATSAPP_SUPPORT_NUMBER=5511999999999
+
+# Legado (compatibilidade): mantenha vazio quando usar as variaveis canonicas acima
+BOT_NUMBER=
+BOT_PHONE_NUMBER=
+OWNER_NUMBER=
+PHONE_NUMBER=
+USER_ADMIN=
+WHATSAPP_PUBLIC_CONTACT_NUMBER=
 
 # ==============================
 # PRIORIDADE 2 - OPERACAO BASE
@@ -120,11 +125,18 @@ BAILEYS_REPLY_PRESENCE_BEFORE=composing
 BAILEYS_REPLY_PRESENCE_AFTER=paused
 BAILEYS_REPLY_PRESENCE_DELAY_MS=280
 BAILEYS_AUTH_SESSION_ID=default
+BAILEYS_SESSION_IDS=default
+BAILEYS_PRIMARY_SESSION_ID=default
+BAILEYS_SESSION_WEIGHTS=default=1
 BAILEYS_AUTH_BOOTSTRAP_FROM_FILES=true
 BAILEYS_SINGLE_WRITER_LOCK_ENABLED=true
 BAILEYS_SINGLE_WRITER_LOCK_NAME=
 BAILEYS_SINGLE_WRITER_LOCK_TIMEOUT_SECONDS=2
 BAILEYS_SINGLE_WRITER_LOCK_RETRY_DELAY_MS=15000
+GROUP_OWNER_ENFORCEMENT_MODE=off
+GROUP_OWNER_LEASE_MS=120000
+GROUP_OWNER_HEARTBEAT_MS=30000
+GROUP_BALANCER_ENABLED=false
 BAILEYS_EVENT_BATCH_SIZE=100
 BAILEYS_EVENT_QUEUE_MAX=4000
 BAILEYS_EVENT_JOURNAL_RETENTION_DAYS=14
@@ -160,6 +172,7 @@ HOME_MARKETPLACE_STATS_CACHE_SECONDS=45
 HOSTNAME=
 IMAGE_MENU=https://example.com/assets/omnizap-banner.png
 HELMET_CONTENT_SECURITY_POLICY_ENABLED=true
+HELMET_CSP_FRAME_SRC_EXTRA=
 LID_BACKFILL_BATCH=50000
 LID_BACKFILL_ON_START=true
 COMMAND_CONFIG_VALIDATE_ON_BOOT=true
@@ -171,6 +184,7 @@ MESSAGE_REPLY_PRESENCE_BEFORE=composing
 MESSAGE_REPLY_PRESENCE_AFTER=paused
 MESSAGE_REPLY_PRESENCE_DELAY_MS=280
 MESSAGE_REPLY_PRESENCE_SUBSCRIBE=true
+CONVERSATIONAL_AUTO_REPLY_ENABLED=false
 METRICS_ENABLED=true
 METRICS_ENDPOINT=
 METRICS_HOST=127.0.0.1
@@ -320,6 +334,26 @@ FFMPEG_PATH=ffmpeg
 FFPROBE_PATH=ffprobe
 HTTP_SLO_TARGET_MS=750
 NEWS_API_URL=http://127.0.0.1:3001
+NEWS_API_ARTICLES_PATH=/articles
+NEWS_API_ARTICLE_BY_ID_PATH=/articles/:id
+NEWS_API_ARTICLE_BY_SLUG_PATH=/articles/slug/:slug
+NEWS_API_TRENDS_PATH=/trends
+NEWS_API_FRANCHISES_PATH=/franchises
+NEWS_API_FRANCHISE_BY_SLUG_PATH=/franchises/:slug
+NEWS_API_SOURCES_PATH=/sources
+NEWS_API_SOURCE_BY_ID_PATH=/sources/:sourceId
+NEWS_API_SEO_ENTITIES_PATH=/seo/entities
+NEWS_API_SEO_BY_TYPE_SLUG_PATH=/seo/:type/:slug
+NEWS_API_LIMIT=120
+NEWS_API_TIMEOUT_MS=15000
+NEWS_API_DETAILS_TIMEOUT_MS=15000
+NEWS_API_CONTEXT_TTL_MS=180000
+NEWS_API_DETAILS_CACHE_TTL_MS=360000
+NEWS_API_CONTEXT_TOP=40
+NEWS_API_LEGACY_FALLBACK=true
+NEWS_SMART_SELECTION_ENABLED=true
+NEWS_SMART_SELECTION_WINDOW=80
+NEWS_CAPTION_CONTEXT_ENABLED=true
 NEWS_SENT_IDS_LIMIT=500
 OMNIZAP_SOCIAL_METRICS=0
 OPENAI_IMAGE_MODEL=gpt-5-nano
@@ -774,23 +808,34 @@ GITHUB_REPOSITORY=Omnizap-System/omnizap
 GITHUB_TOKEN=
 GRAFANA_ADMIN_PASSWORD=admin
 GRAFANA_ADMIN_USER=admin
+GRAFANA_ALLOW_EMBEDDING=true
 GRAFANA_DASHBOARDS_PATH=./observability/grafana/dashboards
 GRAFANA_IMAGE_TAG=10.4.3
 GRAFANA_BIND_HOST=127.0.0.1
 GRAFANA_PORT=3003
+GRAFANA_PUBLIC_URL=https://omnizap.shop/api/grafana
 GRAFANA_PROVISIONING_PATH=./observability/grafana/provisioning
-GRAFANA_ROOT_URL=%(protocol)s://%(domain)s:%(http_port)s/
+GRAFANA_ROOT_URL=https://omnizap.shop/api/grafana
+GRAFANA_SERVE_FROM_SUB_PATH=true
+GRAFANA_PROXY_BASE_PATH=/api/grafana
+GRAFANA_PROXY_LEGACY_BASE_PATH=/grafana
+GRAFANA_PROXY_TARGET_URL=http://127.0.0.1:3003
+SYSTEM_ADMIN_GRAFANA_URL=https://omnizap.shop/api/grafana
+SYSTEM_ADMIN_GRAFANA_DASHBOARDS=omnizap-system-admin|System Admin,omnizap-overview|Overview,omnizap-mysql|MySQL
+SYSTEM_ADMIN_GRAFANA_TIME_FROM=now-6h
+SYSTEM_ADMIN_GRAFANA_TIME_TO=now
+SYSTEM_ADMIN_GRAFANA_REFRESH=10s
 GRAFANA_TIMEZONE=America/Boa_Vista
 LOKI_CONFIG_PATH=./observability/loki-config.yml
 LOKI_IMAGE_TAG=2.9.4
 LOKI_BIND_HOST=127.0.0.1
 LOKI_PORT=3100
 MYSQL_EXPORTER_CNF_PATH=./observability/mysql-exporter.cnf
-MYSQL_EXPORTER_DSN=exporter:exporter@(host.docker.internal:3306)/
+MYSQL_EXPORTER_DSN=exporter:exporter@unix(/run/mysqld/mysqld.sock)/
 MYSQL_EXPORTER_IMAGE_TAG=v0.15.1
 MYSQL_EXPORTER_BIND_HOST=127.0.0.1
 MYSQL_EXPORTER_PORT=9104
-MYSQL_LOGS_PATH=/var/lib/mysql
+MYSQL_LOGS_PATH=/var/log/mysql
 NODE_AUTH_TOKEN=
 NODE_EXPORTER_IMAGE_TAG=v1.7.0
 NODE_EXPORTER_BIND_HOST=127.0.0.1

package/.github/workflows/ci.yml

@@ -57,6 +57,9 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
+      - name: DB bootstrap smoke test
+        run: npm run db:init
+
       - name: Check formatting
         run: npm run format:check
 
@@ -68,6 +71,3 @@ jobs:
 
       - name: Build
         run: npm run build
-
-      - name: DB bootstrap smoke test
-        run: npm run db:init

package/.github/workflows/security-runner-hardening.yml

@@ -18,7 +18,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Harden runner
-        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594
         with:
           egress-policy: audit
 

package/.github/workflows/security-zap-full-scan.yml

@@ -39,5 +39,6 @@ jobs:
         with:
           target: ${{ env.TARGET_URL }}
           fail_action: false
+          artifact_name: zap-scan-full
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package/app/config/index.js

@@ -2,3 +2,5 @@ export * from '../configParts/baileysConfig.js';
 export * from '../configParts/groupUtils.js';
 export * from '../configParts/adminIdentity.js';
 export * from '../configParts/loggerConfig.js';
+export * from '../configParts/sessionConfig.js';
+export * from '../../utils/whatsapp/contactEnv.js';

package/app/configParts/adminIdentity.js

@@ -1,11 +1,8 @@
 import { encodeJid, getJidUser, isSameJidUser, normalizeJid } from './baileysConfig.js';
 import { extractUserIdInfo, resolveUserId, resolveUserIdCached } from './baileysConfig.js';
+import { normalizePhoneDigits, resolveAdminIdentityRawFromEnv, resolveAdminPhoneFromEnv } from '../../utils/whatsapp/contactEnv.js';
 
-const ADMIN_ENV_KEY = 'USER_ADMIN';
-
-const normalizePhoneDigits = (value) => String(value || '').replace(/\D+/g, '');
-
-export const getAdminRawValue = () => String(process.env[ADMIN_ENV_KEY] || '').trim();
+export const getAdminRawValue = () => resolveAdminIdentityRawFromEnv();
 
 export const getAdminJid = () => {
   const raw = getAdminRawValue();
@@ -28,6 +25,9 @@ export const getAdminJid = () => {
 };
 
 export const getAdminPhone = () => {
+  const explicitAdminPhone = resolveAdminPhoneFromEnv({ fallback: '' });
+  if (explicitAdminPhone) return explicitAdminPhone;
+
   const adminJid = getAdminJid();
   if (!adminJid) return null;