@omnizap-system/omnizap 2.6.1 → 2.6.2

package/database/schema.sql

@@ -138,15 +138,50 @@ CREATE TABLE IF NOT EXISTS `group_configs` (
   PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
+CREATE TABLE IF NOT EXISTS `group_user_warnings` (
+  `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
+  `group_id` varchar(255) NOT NULL,
+  `participant_jid` varchar(255) NOT NULL,
+  `warned_by_jid` varchar(255) DEFAULT NULL,
+  `reason` text DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `idx_group_user_warnings_lookup` (`group_id`,`participant_jid`,`created_at`),
+  KEY `idx_group_user_warnings_prune` (`group_id`,`participant_jid`,`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
+CREATE TABLE IF NOT EXISTS `system_premium_users` (
+  `id` varchar(255) NOT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  `updated_at` timestamp NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
+CREATE TABLE IF NOT EXISTS `system_ai_prompts` (
+  `id` varchar(255) NOT NULL,
+  `prompt` longtext NOT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  `updated_at` timestamp NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
 CREATE TABLE IF NOT EXISTS `groups_metadata` (
   `id` varchar(255) NOT NULL,
   `subject` varchar(255) DEFAULT NULL,
   `description` text DEFAULT NULL,
   `owner_jid` varchar(255) DEFAULT NULL,
   `creation` bigint(20) DEFAULT NULL,
+  `linked_parent_jid` varchar(255) DEFAULT NULL,
+  `is_community` tinyint(1) DEFAULT NULL,
+  `is_community_announce` tinyint(1) DEFAULT NULL,
+  `member_add_mode` tinyint(1) DEFAULT NULL,
+  `join_approval_mode` tinyint(1) DEFAULT NULL,
+  `addressing_mode` varchar(8) DEFAULT NULL,
   `participants` longtext CHARACTER SET utf8mb4 COLLATE utf8mb4_bin DEFAULT NULL CHECK (json_valid(`participants`)),
   `updated_at` timestamp NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
-  PRIMARY KEY (`id`)
+  PRIMARY KEY (`id`),
+  KEY `idx_groups_metadata_linked_parent_jid` (`linked_parent_jid`),
+  KEY `idx_groups_metadata_is_community_parent` (`is_community`,`linked_parent_jid`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
 CREATE TABLE IF NOT EXISTS `lid_map` (
@@ -162,6 +197,7 @@ CREATE TABLE IF NOT EXISTS `lid_map` (
 
 CREATE TABLE IF NOT EXISTS `message_analysis_event` (
   `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
+  `session_id` varchar(64) NOT NULL DEFAULT 'default',
   `message_id` varchar(255) DEFAULT NULL,
   `chat_id` varchar(255) DEFAULT NULL,
   `sender_id` varchar(255) DEFAULT NULL,
@@ -185,6 +221,10 @@ CREATE TABLE IF NOT EXISTS `message_analysis_event` (
   `created_at` timestamp NULL DEFAULT current_timestamp(),
   PRIMARY KEY (`id`),
   KEY `idx_message_analysis_created` (`created_at`),
+  KEY `idx_message_analysis_session_created` (`session_id`,`created_at`),
+  KEY `idx_message_analysis_session_chat_created` (`session_id`,`chat_id`,`created_at`),
+  KEY `idx_message_analysis_session_sender_created` (`session_id`,`sender_id`,`created_at`),
+  KEY `idx_message_analysis_session_command_created` (`session_id`,`command_name`,`created_at`),
   KEY `idx_message_analysis_chat_created` (`chat_id`,`created_at`),
   KEY `idx_message_analysis_sender_created` (`sender_id`,`created_at`),
   KEY `idx_message_analysis_command_created` (`command_name`,`created_at`),
@@ -195,6 +235,7 @@ CREATE TABLE IF NOT EXISTS `message_analysis_event` (
 
 CREATE TABLE IF NOT EXISTS `baileys_event_journal` (
   `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
+  `session_id` varchar(64) NOT NULL DEFAULT 'default',
   `event_name` varchar(64) NOT NULL,
   `socket_generation` int(10) unsigned DEFAULT NULL,
   `chat_id` varchar(255) DEFAULT NULL,
@@ -205,6 +246,10 @@ CREATE TABLE IF NOT EXISTS `baileys_event_journal` (
   `created_at` timestamp NULL DEFAULT current_timestamp(),
   PRIMARY KEY (`id`),
   KEY `idx_baileys_event_created` (`created_at`),
+  KEY `idx_baileys_event_session_created` (`session_id`,`created_at`),
+  KEY `idx_baileys_event_session_name_created` (`session_id`,`event_name`,`created_at`),
+  KEY `idx_baileys_event_session_chat_created` (`session_id`,`chat_id`,`created_at`),
+  KEY `idx_baileys_event_session_message_created` (`session_id`,`message_id`,`created_at`),
   KEY `idx_baileys_event_name_created` (`event_name`,`created_at`),
   KEY `idx_baileys_event_chat_created` (`chat_id`,`created_at`),
   KEY `idx_baileys_event_message_created` (`message_id`,`created_at`),
@@ -222,9 +267,61 @@ CREATE TABLE IF NOT EXISTS `baileys_auth_state` (
   KEY `idx_baileys_auth_state_category_updated` (`category`,`updated_at`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
+CREATE TABLE IF NOT EXISTS `wa_session_registry` (
+  `session_id` varchar(64) NOT NULL,
+  `bot_jid` varchar(255) DEFAULT NULL,
+  `status` varchar(24) NOT NULL DEFAULT 'offline',
+  `capacity_weight` int(10) unsigned NOT NULL DEFAULT 1,
+  `current_score` decimal(12,4) NOT NULL DEFAULT 0.0000,
+  `last_heartbeat_at` datetime DEFAULT NULL,
+  `last_connected_at` datetime DEFAULT NULL,
+  `last_disconnected_at` datetime DEFAULT NULL,
+  `metadata` longtext CHARACTER SET utf8mb4 COLLATE utf8mb4_bin DEFAULT NULL CHECK (json_valid(`metadata`)),
+  `created_at` timestamp NOT NULL DEFAULT current_timestamp(),
+  `updated_at` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
+  PRIMARY KEY (`session_id`),
+  KEY `idx_wa_session_registry_status_updated` (`status`,`updated_at`),
+  KEY `idx_wa_session_registry_heartbeat` (`last_heartbeat_at`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
+CREATE TABLE IF NOT EXISTS `group_assignment` (
+  `group_jid` varchar(255) NOT NULL,
+  `owner_session_id` varchar(64) NOT NULL,
+  `lease_expires_at` datetime NOT NULL,
+  `cooldown_until` datetime DEFAULT NULL,
+  `assignment_version` bigint(20) unsigned NOT NULL DEFAULT 1,
+  `pinned` tinyint(1) NOT NULL DEFAULT 0,
+  `last_reason` varchar(64) DEFAULT NULL,
+  `created_at` timestamp NOT NULL DEFAULT current_timestamp(),
+  `updated_at` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
+  PRIMARY KEY (`group_jid`),
+  KEY `idx_group_assignment_owner_lease` (`owner_session_id`,`lease_expires_at`),
+  KEY `idx_group_assignment_lease` (`lease_expires_at`),
+  KEY `idx_group_assignment_cooldown` (`cooldown_until`),
+  KEY `idx_group_assignment_pinned_updated` (`pinned`,`updated_at`),
+  CONSTRAINT `fk_group_assignment_owner_session` FOREIGN KEY (`owner_session_id`) REFERENCES `wa_session_registry` (`session_id`) ON UPDATE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
+CREATE TABLE IF NOT EXISTS `group_assignment_history` (
+  `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
+  `group_jid` varchar(255) NOT NULL,
+  `previous_session_id` varchar(64) DEFAULT NULL,
+  `new_session_id` varchar(64) NOT NULL,
+  `change_reason` varchar(64) DEFAULT NULL,
+  `changed_by` varchar(64) NOT NULL DEFAULT 'system',
+  `assignment_version` bigint(20) unsigned NOT NULL,
+  `metadata` longtext CHARACTER SET utf8mb4 COLLATE utf8mb4_bin DEFAULT NULL CHECK (json_valid(`metadata`)),
+  `created_at` timestamp NOT NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `idx_group_assignment_history_group_created` (`group_jid`,`created_at`),
+  KEY `idx_group_assignment_history_new_session_created` (`new_session_id`,`created_at`),
+  KEY `idx_group_assignment_history_prev_session_created` (`previous_session_id`,`created_at`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
 CREATE TABLE IF NOT EXISTS `messages` (
   `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
   `message_id` varchar(255) NOT NULL,
+  `session_id` varchar(64) NOT NULL DEFAULT 'default',
   `chat_id` varchar(255) NOT NULL,
   `sender_id` varchar(255) DEFAULT NULL,
   `canonical_sender_id` varchar(255) DEFAULT NULL,
@@ -234,6 +331,10 @@ CREATE TABLE IF NOT EXISTS `messages` (
   `created_at` timestamp NULL DEFAULT current_timestamp(),
   PRIMARY KEY (`id`),
   UNIQUE KEY `message_id` (`message_id`),
+  KEY `idx_messages_session_message_id` (`session_id`,`message_id`),
+  KEY `idx_messages_session_chat_timestamp` (`session_id`,`chat_id`,`timestamp`),
+  KEY `idx_messages_session_sender_timestamp` (`session_id`,`sender_id`,`timestamp`),
+  KEY `idx_messages_session_canonical_sender_timestamp` (`session_id`,`canonical_sender_id`,`timestamp`),
   KEY `idx_chat_timestamp` (`chat_id`,`timestamp`),
   KEY `idx_sender` (`sender_id`),
   KEY `idx_timestamp` (`timestamp`),

package/docker-compose.yml

@@ -22,8 +22,10 @@ services:
     environment:
       - GF_SECURITY_ADMIN_USER=${GRAFANA_ADMIN_USER:-admin}
       - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD:-admin}
+      - GF_SECURITY_ALLOW_EMBEDDING=${GRAFANA_ALLOW_EMBEDDING:-true}
       - GF_USERS_ALLOW_SIGN_UP=false
       - GF_SERVER_ROOT_URL=${GRAFANA_ROOT_URL:-%(protocol)s://%(domain)s:%(http_port)s/}
+      - GF_SERVER_SERVE_FROM_SUB_PATH=${GRAFANA_SERVE_FROM_SUB_PATH:-true}
       # Opcional: se quiser setar timezone do Grafana
       - GF_DATE_FORMATS_DEFAULT_TIMEZONE=${GRAFANA_TIMEZONE:-America/Boa_Vista}
     volumes:
@@ -65,7 +67,7 @@ services:
     image: prom/mysqld-exporter:${MYSQL_EXPORTER_IMAGE_TAG:-v0.15.1}
     restart: unless-stopped
     environment:
-      - DATA_SOURCE_NAME=${MYSQL_EXPORTER_DSN:-exporter:exporter@(host.docker.internal:3306)/}
+      - DATA_SOURCE_NAME=${MYSQL_EXPORTER_DSN:-exporter:exporter@unix(/run/mysqld/mysqld.sock)/}
     command:
       - "--config.my-cnf=/etc/mysql-exporter/my.cnf"
       - "--collect.global_status"
@@ -79,6 +81,7 @@ services:
       - "--collect.perf_schema.tablelocks"
     volumes:
       - ${MYSQL_EXPORTER_CNF_PATH:-./observability/mysql-exporter.cnf}:/etc/mysql-exporter/my.cnf:ro
+      - /run/mysqld:/run/mysqld
     ports:
       - "${MYSQL_EXPORTER_BIND_HOST:-127.0.0.1}:${MYSQL_EXPORTER_PORT:-9104}:9104"
     extra_hosts:

package/docs/compliance/acceptable-use-policy-2026-03-07.md

@@ -32,4 +32,4 @@ Definir usos permitidos e proibidos na plataforma OmniZap para reduzir risco jur
 ## 5) Canal de denúncia
 
 - Página formal: `/notice-and-takedown/`.
-- Contato oficial: https://wa.me/559591122954.
+- Contato oficial: `https://wa.me/<WHATSAPP_SUPPORT_NUMBER>`.

package/docs/compliance/privacy-policy-2026-03-07.md

@@ -12,14 +12,14 @@ Escopo: site, login web, painel, API e operação de automação do Omnizap.
 ## 1) Controlador e contato
 
 - Controlador: 59.034.123 KAIKY BRITO RIBEIRO (CNPJ 59.034.123/0001-96).
-- Contato de privacidade: https://wa.me/559591122954
+- Contato de privacidade: `https://wa.me/<WHATSAPP_SUPPORT_NUMBER>`
 - Canal para titulares (LGPD): mensagem com assunto "DSAR LGPD" no contato oficial.
 - Para serviços de terceiros baseados em fork/self-host, o contato de privacidade deve ser solicitado diretamente ao operador da respectiva instância.
 
 ## 1.1) Encarregado pelo tratamento (LGPD art. 41)
 
 - Encarregado (DPO): Kaiky Brito Ribeiro (59.034.123 KAIKY BRITO RIBEIRO, CNPJ 59.034.123/0001-96).
-- Contato do encarregado: https://wa.me/559591122954 (assunto recomendado: "ENCARREGADO LGPD").
+- Contato do encarregado: `https://wa.me/<WHATSAPP_SUPPORT_NUMBER>` (assunto recomendado: "ENCARREGADO LGPD").
 - Divulgação pública mantida para transparência regulatória.
 
 ## 2) Tabela de tratamento de dados

package/docs/security/dsar-lgpd-runbook-2026-03-07.md

@@ -8,7 +8,7 @@ Padronizar resposta para direitos do titular: acesso, correção, exclusão, opo
 
 ## 2) Canais de entrada
 
-- WhatsApp oficial: https://wa.me/559591122954
+- WhatsApp oficial: `https://wa.me/<WHATSAPP_SUPPORT_NUMBER>`
 - Canal interno de compliance (registro em ticket obrigatório)
 
 ## 3) Papéis e responsáveis

package/docs/security/network-hardening-runbook-2026-03-07.md

@@ -129,6 +129,59 @@ Resultado esperado:
 - `22`, `80`, `443` abertos;
 - `3001` e `8007` filtrados/fechados externamente.
 
+## 8) Hardening da superficie web estatica (ZAP issue #103)
+
+Objetivo: eliminar soft-404 e alinhar headers de seguranca em rotas estaticas servidas direto pelo Nginx (`/`, `/comandos/`, `/login/`, etc.).
+
+1. Publicar snippet de headers estaticos:
+
+```bash
+sudo install -D -m 0644 docs/security/omnizap-static-security-headers.conf /etc/nginx/snippets/omnizap-static-security-headers.conf
+```
+
+2. No `server { ... }` de producao, garantir que rotas proxy (`/api/`, `/stickers/`, `/data/`) venham antes do fallback estatico e aplicar:
+
+```nginx
+# Nao permitir dotfiles sensiveis
+location ~* (^|/)\.(?!well-known/) {
+  return 404;
+}
+
+# Fallback estatico sem soft-404 (nao retorna home para caminho inexistente)
+location / {
+  try_files $uri $uri/ =404;
+  include /etc/nginx/snippets/omnizap-static-security-headers.conf;
+}
+```
+
+3. Validar e recarregar:
+
+```bash
+sudo nginx -t
+sudo systemctl reload nginx
+```
+
+4. Validacao rapida manual:
+
+```bash
+curl -I https://omnizap.shop/
+curl -I https://omnizap.shop/notice-and-takedown/
+curl -I https://omnizap.shop/.env
+curl -I https://omnizap.shop/__security_probe_nonexistent_omnizap__.txt
+```
+
+5. Validacao automatizada (repositorio):
+
+```bash
+npm run security:web-surface
+```
+
+Resultado esperado:
+
+- rotas estaticas com `Content-Security-Policy`, `X-Frame-Options`, `Strict-Transport-Security`, `X-Content-Type-Options`, `Permissions-Policy`;
+- `/.env` sem `200`;
+- caminho inexistente sem fallback `200` para a home.
+
 ## Referências
 
 - Nginx admin guide: https://nginx.org/en/docs/

package/docs/security/omnizap-static-security-headers.conf

@@ -0,0 +1,25 @@
+# OmniZap static web hardening snippet (Nginx)
+#
+# Uso recomendado:
+# 1) Salvar em /etc/nginx/snippets/omnizap-static-security-headers.conf
+# 2) Incluir SOMENTE em blocos de location que servem conteudo estatico.
+# 3) Nao incluir em locations proxy de API/catalogo que ja recebem headers do backend.
+#
+# Exemplo:
+#   location / {
+#     try_files $uri $uri/ =404;
+#     include /etc/nginx/snippets/omnizap-static-security-headers.conf;
+#   }
+
+add_header Content-Security-Policy "default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; script-src 'self' 'unsafe-inline' https://accounts.google.com https://cdn.tailwindcss.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://accounts.google.com https://oauth2.googleapis.com https://api.github.com; frame-src 'self' https://accounts.google.com https://omnizap.shop; worker-src 'self' blob:; manifest-src 'self'" always;
+add_header Cross-Origin-Opener-Policy "same-origin" always;
+add_header Cross-Origin-Resource-Policy "same-origin" always;
+add_header Referrer-Policy "no-referrer" always;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header X-DNS-Prefetch-Control "off" always;
+add_header X-Download-Options "noopen" always;
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header X-Permitted-Cross-Domain-Policies "none" always;
+add_header X-XSS-Protection "0" always;
+add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;

package/ecosystem.prod.config.cjs

@@ -29,15 +29,31 @@ const baseEnv = {
   STICKER_WORKER_CURATION_CADENCE_MS: '21600000',
   STICKER_WORKER_REBUILD_CADENCE_MS: '43200000',
   STICKER_DEDICATED_WORKERS_ENABLED: 'false',
-  STICKER_DEDICATED_WORKER_POLL_INTERVAL_MS: '30000',
-  STICKER_DEDICATED_WORKER_IDLE_BACKOFF_MULTIPLIER: '2.5',
-  STICKER_DEDICATED_WORKER_IDLE_MAX_POLL_INTERVAL_MS: '180000',
-  STICKER_DEDICATED_WORKER_IDLE_JITTER_PERCENT: '15',
+  STICKER_DEDICATED_WORKER_POLL_INTERVAL_MS: '45000',
+  STICKER_DEDICATED_WORKER_IDLE_BACKOFF_MULTIPLIER: '3',
+  STICKER_DEDICATED_WORKER_IDLE_MAX_POLL_INTERVAL_MS: '300000',
+  STICKER_DEDICATED_WORKER_IDLE_JITTER_PERCENT: '12',
   STICKER_DOMAIN_EVENT_CONSUMER_ENABLED: 'false',
   STICKER_DOMAIN_EVENT_CONSUMER_POLLER_INTERVAL_MS: '15000',
   STICKER_SCORE_SNAPSHOT_ENABLED: 'false',
   STICKER_SCORE_SNAPSHOT_REFRESH_INTERVAL_MS: '1500000',
   STICKER_SCORE_SNAPSHOT_BATCH_SIZE: '20',
+  // Core IA defaults locked in PM2 env to avoid drift between restarts.
+  AI_HELP_LLM_PROVIDER: process.env.AI_HELP_LLM_PROVIDER || 'gemini',
+  GEMINI_AUTH_MODE: process.env.GEMINI_AUTH_MODE || 'cli',
+  GEMINI_MODEL: process.env.GEMINI_MODEL || 'gemini-2.5-flash',
+  GEMINI_CLI_COMMAND: process.env.GEMINI_CLI_COMMAND || 'gemini',
+  COMMAND_CONFIG_ENRICHMENT_WORKER_PROVIDER: process.env.COMMAND_CONFIG_ENRICHMENT_WORKER_PROVIDER || 'gemini',
+  COMMAND_CONFIG_ENRICHMENT_WORKER_MODEL: process.env.COMMAND_CONFIG_ENRICHMENT_WORKER_MODEL || 'gemini-2.5-flash',
+  COMMAND_CONFIG_ENRICHMENT_WORKER_GEMINI_AUTH_MODE: process.env.COMMAND_CONFIG_ENRICHMENT_WORKER_GEMINI_AUTH_MODE || 'cli',
+  COMMAND_CONFIG_ENRICHMENT_WORKER_TIMEOUT_MS: process.env.COMMAND_CONFIG_ENRICHMENT_WORKER_TIMEOUT_MS || '90000',
+  COMMAND_CONFIG_ENRICHMENT_PROVIDER_FAILURE_COOLDOWN_MS: process.env.COMMAND_CONFIG_ENRICHMENT_PROVIDER_FAILURE_COOLDOWN_MS || '900000',
+  AI_HELP_CONTINUOUS_LEARNING_ENABLED: process.env.AI_HELP_CONTINUOUS_LEARNING_ENABLED || 'true',
+  AI_HELP_CONTINUOUS_LEARNING_INTERVAL_MS: process.env.AI_HELP_CONTINUOUS_LEARNING_INTERVAL_MS || '120000',
+  AI_HELP_CONTINUOUS_LEARNING_BATCH_SIZE: process.env.AI_HELP_CONTINUOUS_LEARNING_BATCH_SIZE || '18',
+  AI_HELP_CONTINUOUS_LEARNING_MIN_AUTO_APPLY_CONFIDENCE: process.env.AI_HELP_CONTINUOUS_LEARNING_MIN_AUTO_APPLY_CONFIDENCE || '0.72',
+  AI_HELP_CONTINUOUS_LEARNING_MAX_HELP_QUESTIONS_PER_COMMAND: process.env.AI_HELP_CONTINUOUS_LEARNING_MAX_HELP_QUESTIONS_PER_COMMAND || '4',
+  AI_HELP_CONTINUOUS_LEARNING_MAX_HELP_CALLS_PER_CYCLE: process.env.AI_HELP_CONTINUOUS_LEARNING_MAX_HELP_CALLS_PER_CYCLE || '90',
   METRICS_HOST: process.env.METRICS_HOST || '127.0.0.1',
 };
 
@@ -78,9 +94,9 @@ module.exports = {
       env: {
         ...baseEnv,
         STICKER_DEDICATED_WORKERS_ENABLED: 'true',
-        STICKER_DEDICATED_WORKER_POLL_INTERVAL_MS: '25000',
-        STICKER_DEDICATED_WORKER_IDLE_BACKOFF_MULTIPLIER: '2.4',
-        STICKER_DEDICATED_WORKER_IDLE_MAX_POLL_INTERVAL_MS: '180000',
+        STICKER_DEDICATED_WORKER_POLL_INTERVAL_MS: '45000',
+        STICKER_DEDICATED_WORKER_IDLE_BACKOFF_MULTIPLIER: '3',
+        STICKER_DEDICATED_WORKER_IDLE_MAX_POLL_INTERVAL_MS: '300000',
         STICKER_CLASSIFICATION_BACKGROUND_BATCH_SIZE: '3',
         STICKER_CLASSIFICATION_BACKGROUND_CONCURRENCY: '1',
         STICKER_REPROCESS_QUEUE_ENABLED: 'false',
@@ -104,9 +120,11 @@ module.exports = {
       error_file: `logs/${appName}-worker-curation-error.log`,
       env: {
         ...baseEnv,
-        STICKER_DEDICATED_WORKERS_ENABLED: 'false',
+        STICKER_DEDICATED_WORKERS_ENABLED: 'true',
         STICKER_DEDICATED_WORKER_POLL_INTERVAL_MS: '60000',
-        STICKER_AUTO_PACK_BY_TAGS_ENABLED: 'false',
+        STICKER_AUTO_PACK_BY_TAGS_ENABLED: 'true',
+        STICKER_AUTO_PACK_BY_TAGS_MAX_SCAN_ASSETS: '1200',
+        STICKER_AUTO_PACK_BY_TAGS_SCAN_PASSES: '1',
       },
       kill_timeout: 5000,
     },
@@ -125,9 +143,11 @@ module.exports = {
       error_file: `logs/${appName}-worker-rebuild-error.log`,
       env: {
         ...baseEnv,
-        STICKER_DEDICATED_WORKERS_ENABLED: 'false',
+        STICKER_DEDICATED_WORKERS_ENABLED: 'true',
         STICKER_DEDICATED_WORKER_POLL_INTERVAL_MS: '60000',
-        STICKER_AUTO_PACK_BY_TAGS_ENABLED: 'false',
+        STICKER_AUTO_PACK_BY_TAGS_ENABLED: 'true',
+        STICKER_AUTO_PACK_BY_TAGS_MAX_SCAN_ASSETS: '1200',
+        STICKER_AUTO_PACK_BY_TAGS_SCAN_PASSES: '1',
       },
       kill_timeout: 5000,
     },

package/index.js

@@ -18,8 +18,8 @@
 import 'dotenv/config';
 
 import logger from '#logger';
-import { connectToWhatsApp, getActiveSocket } from './app/connection/socketController.js';
-import { backfillLidMapFromMessagesOnce } from './app/config/index.js';
+import { connectAllWhatsAppSessions, disconnectAllWhatsAppSessions } from './app/connection/socketController.js';
+import { backfillLidMapFromMessagesOnce, getMultiSessionRuntimeConfig } from './app/config/index.js';
 import { initializeNewsBroadcastService, stopNewsBroadcastService } from './app/services/messaging/newsBroadcastService.js';
 import initializeDatabase from './database/init.js';
 import { startHttpServer, stopHttpServer } from './server/index.js';
@@ -31,7 +31,9 @@ import { startStickerPackScoreSnapshotRuntime, stopStickerPackScoreSnapshotRunti
 import { startStickerDomainEventConsumer, stopStickerDomainEventConsumer } from './app/modules/stickerPackModule/stickerDomainEventConsumerRuntime.js';
 import { startAiLearningWorker, stopAiLearningWorker } from './app/workers/aiLearningWorker.js';
 import { startCommandConfigEnrichmentWorker, stopCommandConfigEnrichmentWorker } from './app/workers/commandConfigEnrichmentWorker.js';
+import { startAiHelperContinuousLearningWorker, stopAiHelperContinuousLearningWorker } from './app/workers/aiHelperContinuousLearningWorker.js';
 import { formatCommandConfigValidationReport, validateAllCommandConfigs } from './app/services/ai/commandConfigValidationService.js';
+import { startGroupAssignmentBalancer, stopGroupAssignmentBalancer } from './app/services/multiSession/assignmentBalancerService.js';
 
 /**
  * Timeout máximo para inicialização do banco (criar/verificar DB + tabelas).
@@ -187,6 +189,21 @@ async function closeDatabasePool() {
 async function startApp() {
   try {
     logger.info('Iniciando Omnizap...');
+    const multiSessionConfig = getMultiSessionRuntimeConfig();
+    logger.info('Configuracao de sessoes WhatsApp carregada.', {
+      sessionIds: multiSessionConfig.sessionIds,
+      primarySessionId: multiSessionConfig.primarySessionId,
+      sessionWeights: multiSessionConfig.sessionWeights,
+      ownerEnforcementMode: multiSessionConfig.ownerEnforcementMode,
+      ownerLeaseMs: multiSessionConfig.ownerLeaseMs,
+      ownerHeartbeatMs: multiSessionConfig.ownerHeartbeatMs,
+      balancerEnabled: multiSessionConfig.balancerEnabled,
+    });
+    if (multiSessionConfig.warnings.length > 0) {
+      logger.warn('Ajustes aplicados na configuracao multi-sessao do WhatsApp.', {
+        warnings: multiSessionConfig.warnings,
+      });
+    }
 
     const shouldValidateCommandConfigs = process.env.COMMAND_CONFIG_VALIDATE_ON_BOOT !== 'false';
     if (shouldValidateCommandConfigs) {
@@ -224,6 +241,7 @@ async function startApp() {
     startStickerDomainEventConsumer();
     startAiLearningWorker();
     startCommandConfigEnrichmentWorker();
+    startAiHelperContinuousLearningWorker();
 
     // Backfill é opcional, rodando em background.
     const shouldBackfill = process.env.LID_BACKFILL_ON_START !== 'false';
@@ -242,9 +260,12 @@ async function startApp() {
         });
     }
 
-    logger.info('Conectando ao WhatsApp...');
-    await withTimeout(connectToWhatsApp(), WHATSAPP_CONNECT_TIMEOUT_MS, 'Conexao WhatsApp');
-    logger.info('WhatsApp conectado.');
+    logger.info('Conectando sessoes do WhatsApp...');
+    const sessionConnectTimeoutMs = Math.max(WHATSAPP_CONNECT_TIMEOUT_MS, multiSessionConfig.sessionIds.length * WHATSAPP_CONNECT_TIMEOUT_MS);
+    await withTimeout(connectAllWhatsAppSessions(), sessionConnectTimeoutMs, 'Conexao WhatsApp (multi-session)');
+    logger.info('Sessoes do WhatsApp conectadas.');
+
+    startGroupAssignmentBalancer();
 
     logger.info('Inicializando servico de noticias...');
     await initializeNewsBroadcastService();
@@ -309,6 +330,14 @@ async function shutdown(signal, error) {
       logger.warn('Falha ao encerrar servico de noticias.', { error: stopError.message });
     }
 
+    try {
+      stopGroupAssignmentBalancer();
+    } catch (balancerStopError) {
+      logger.warn('Falha ao encerrar balanceador de grupos.', {
+        error: balancerStopError?.message,
+      });
+    }
+
     // 2) Esperar backfill (best-effort) com timeout
     if (backfillPromise) {
       try {
@@ -322,19 +351,16 @@ async function shutdown(signal, error) {
       }
     }
 
-    // 3) Encerrar conexão WhatsApp
-    const sock = getActiveSocket();
-    if (sock) {
-      try {
-        logger.info('Encerrando conexão do WhatsApp...');
-        await withTimeout(sock.end(), 8000, 'Encerramento WhatsApp');
-        logger.info('Conexao do WhatsApp encerrada.');
-      } catch (sockError) {
-        logger.error('Erro ao encerrar a conexão do WhatsApp:', {
-          error: sockError.message,
-          stack: sockError.stack,
-        });
-      }
+    // 3) Encerrar conexões WhatsApp
+    try {
+      logger.info('Encerrando sessoes do WhatsApp...');
+      await withTimeout(disconnectAllWhatsAppSessions(), 12000, 'Encerramento WhatsApp multi-session');
+      logger.info('Sessoes do WhatsApp encerradas.');
+    } catch (sockError) {
+      logger.error('Erro ao encerrar conexões do WhatsApp:', {
+        error: sockError.message,
+        stack: sockError.stack,
+      });
     }
 
     // 4) Encerrar servidor HTTP
@@ -403,6 +429,14 @@ async function shutdown(signal, error) {
       });
     }
 
+    try {
+      stopAiHelperContinuousLearningWorker();
+    } catch (continuousLearningWorkerError) {
+      logger.warn('Falha ao encerrar worker de aprendizado contínuo de IA.', {
+        error: continuousLearningWorkerError?.message,
+      });
+    }
+
     try {
       stopEmailAutomationRuntime();
     } catch (emailRuntimeError) {

package/observability/alert-rules.yml

@@ -58,3 +58,23 @@ groups:
         annotations:
           summary: "Memória acima de 80%"
           description: "Uso de memória acima de 80% por 10 minutos."
+
+  - name: omnizap-admin
+    rules:
+      - alert: OmniZapAdminSnapshotStale
+        expr: (time() - omnizap_admin_overview_updated_at_seconds) > 300
+        for: 15m
+        labels:
+          severity: warning
+        annotations:
+          summary: "Snapshot admin sem atualizacao recente"
+          description: "As métricas do painel admin estão sem atualização há mais de 5 minutos."
+
+      - alert: OmniZapAdminCriticalAlerts
+        expr: omnizap_admin_alerts_total{severity="critical"} > 0
+        for: 2m
+        labels:
+          severity: critical
+        annotations:
+          summary: "Alertas críticos ativos no painel admin"
+          description: "Existe ao menos um alerta crítico no snapshot de observabilidade do System Admin."