@omnizap-system/omnizap 2.6.1 → 2.6.2

package/app/connection/socketController.multiSession.test.js

@@ -0,0 +1,108 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+
+import { createGroupOwnerWriteStateResolver } from './groupOwnerWriteStateResolver.js';
+
+const createCache = () => {
+  const map = new Map();
+  return {
+    get: (key) => map.get(key),
+    set: (key, value) => {
+      map.set(key, value);
+      return true;
+    },
+    del: (key) => map.delete(key),
+    keys: () => Array.from(map.keys()),
+  };
+};
+
+const buildCacheKey = (groupJid, sessionId) => `${sessionId}:${groupJid}`;
+
+const normalizeSessionId = (value) => String(value || '').trim() || 'default';
+const isGroupJid = (jid) => String(jid || '').endsWith('@g.us');
+
+test('socketController multi-session: fencing token por assignment_version invalida writer stale', async () => {
+  let ownerState = {
+    ownerSessionId: 'session-a',
+    assignmentVersion: 1,
+  };
+
+  const resolver = createGroupOwnerWriteStateResolver({
+    buildCacheKeyImpl: buildCacheKey,
+    getOwnerImpl: async () => ownerState,
+    tryAcquireImpl: async () => ({ acquired: false, reason: 'claim_disabled' }),
+    cacheImpl: createCache(),
+    isGroupJidImpl: isGroupJid,
+    normalizeSessionIdImpl: normalizeSessionId,
+    loggerImpl: { warn: () => {} },
+  });
+
+  const first = await resolver('120363555555555555@g.us', 'session-a', {
+    allowClaim: false,
+    source: 'test_first',
+  });
+  assert.equal(first.allowed, true);
+  assert.equal(first.assignmentVersion, 1);
+
+  ownerState = {
+    ownerSessionId: 'session-a',
+    assignmentVersion: 2,
+  };
+
+  const stale = await resolver('120363555555555555@g.us', 'session-a', {
+    allowClaim: false,
+    source: 'test_stale',
+    expectedAssignmentVersion: 1,
+    enforceFence: true,
+  });
+  assert.equal(stale.allowed, false);
+  assert.equal(stale.reason, 'fence_token_mismatch');
+  assert.equal(stale.assignmentVersion, 2);
+});
+
+test('socketController multi-session: sessão antiga perde escrita após failover de owner', async () => {
+  let ownerState = {
+    ownerSessionId: 'session-a',
+    assignmentVersion: 7,
+  };
+
+  const resolver = createGroupOwnerWriteStateResolver({
+    buildCacheKeyImpl: buildCacheKey,
+    getOwnerImpl: async () => ownerState,
+    tryAcquireImpl: async () => ({ acquired: false, reason: 'claim_disabled' }),
+    cacheImpl: createCache(),
+    isGroupJidImpl: isGroupJid,
+    normalizeSessionIdImpl: normalizeSessionId,
+    loggerImpl: { warn: () => {} },
+  });
+
+  const beforeFailover = await resolver('120363666666666666@g.us', 'session-a', {
+    allowClaim: false,
+    source: 'before_failover',
+  });
+  assert.equal(beforeFailover.allowed, true);
+  assert.equal(beforeFailover.assignmentVersion, 7);
+
+  ownerState = {
+    ownerSessionId: 'session-b',
+    assignmentVersion: 8,
+  };
+
+  const staleOwner = await resolver('120363666666666666@g.us', 'session-a', {
+    allowClaim: false,
+    source: 'after_failover_old_owner',
+    expectedAssignmentVersion: 7,
+    enforceFence: true,
+  });
+  assert.equal(staleOwner.allowed, false);
+  assert.equal(staleOwner.reason, 'owned_by_other');
+
+  const newOwner = await resolver('120363666666666666@g.us', 'session-b', {
+    allowClaim: false,
+    source: 'after_failover_new_owner',
+    expectedAssignmentVersion: 8,
+    enforceFence: true,
+  });
+  assert.equal(newOwner.allowed, true);
+  assert.equal(newOwner.assignmentVersion, 8);
+});

package/app/controllers/messageController.js

@@ -4,4 +4,4 @@ import { handleMessagesThroughPipeline } from './messageProcessingPipeline.js';
  * Facade do controller de mensagens.
  * Mantem assinatura/compatibilidade enquanto delega ao pipeline modular.
  */
-export const handleMessages = async (update, sock) => handleMessagesThroughPipeline(update, sock);
+export const handleMessages = async (update, sock, options = {}) => handleMessagesThroughPipeline(update, sock, options);

package/app/controllers/messagePipeline/commandMiddleware.js

@@ -42,17 +42,19 @@ export const createCommandMiddleware = ({ isAdminCommand, isKnownNonAdminCommand
       }
     }
 
-    if (COMMAND_REACT_EMOJI) {
-      try {
-        await sendAndStore(ctx.sock, ctx.remoteJid, {
-          react: {
-            text: COMMAND_REACT_EMOJI,
-            key: ctx.key,
-          },
+    if (COMMAND_REACT_EMOJI?.trim() && ctx?.key) {
+      sendAndStore(ctx.sock, ctx.remoteJid, {
+        react: {
+          text: COMMAND_REACT_EMOJI,
+          key: ctx.key,
+        },
+      }).catch((error) => {
+        logger.warn('Falha ao enviar reação de comando', {
+          error: error?.message,
+          jid: ctx.remoteJid,
+          messageId: ctx.key?.id,
         });
-      } catch (error) {
-        logger.warn('Falha ao enviar reação de comando:', error?.message);
-      }
+      });
     }
 
     const execution = await executeMessageCommandRoute({

package/app/controllers/messagePipeline/conversationMiddleware.js

@@ -1,4 +1,4 @@
-export const createConversationMiddleware = ({ logger, resolveSenderAdminForContext, resolveSenderOwnerForContext, resolveHasGoogleLoginForContext, isUserAdmin, isAdminSenderAsync, resolveCanonicalSenderJidForContext, isWhatsAppUserLinkedToGoogleWebAccount, WHATSAPP_COMMAND_REQUIRES_GOOGLE_LOGIN, ensureUserHasGoogleWebLoginForCommand, executeMessageCommandRoute, isAdminCommand, runCommand, sendReply, routeConversationMessage, stopMessagePipeline }) => {
+export const createConversationMiddleware = ({ logger, resolveSenderAdminForContext, resolveSenderOwnerForContext, resolveHasGoogleLoginForContext, isUserAdmin, isAdminSenderAsync, resolveCanonicalSenderJidForContext, isWhatsAppUserLinkedToGoogleWebAccount, WHATSAPP_COMMAND_REQUIRES_GOOGLE_LOGIN, ensureUserHasGoogleWebLoginForCommand, executeMessageCommandRoute, isAdminCommand, runCommand, sendReply, routeConversationMessage, stopMessagePipeline, conversationAutoReplyEnabled = true }) => {
   const resolveToolSecurityContextForConversation = async (ctx) => {
     if (ctx.memo.toolSecurityContext) return ctx.memo.toolSecurityContext;
 
@@ -133,6 +133,7 @@ export const createConversationMiddleware = ({ logger, resolveSenderAdminForCont
   };
 
   return async (ctx) => {
+    if (!conversationAutoReplyEnabled) return null;
     if (ctx.isCommandMessage || ctx.isMessageFromBot || !ctx.isNotifyUpsert) return null;
 
     try {

package/app/controllers/messagePipeline/messagePipelineMiddlewares.test.js

@@ -26,6 +26,8 @@ const createBaseContext = (overrides = {}) => ({
   mediaEntries: [],
   upsertType: 'notify',
   isNotifyUpsert: true,
+  sessionId: 'session-default',
+  ownerSessionId: null,
   isCommandMessage: false,
   hasCommandPrefix: false,
   analysisPayload: {
@@ -166,6 +168,108 @@ test('pre-processing trata trigger de iniciar login', async () => {
   assert.equal(stopSpy.calls[0].metadataPatch.flow, 'whatsapp_google_login');
 });
 
+test('pre-processing owner gate bloqueia sessao nao-owner em modo enforce', async () => {
+  const stopSpy = createStopSpy();
+
+  const middlewares = createPreProcessingMiddlewares({
+    executeQuery: async () => [],
+    TABLES: { RPG_PLAYER: 'rpg_player' },
+    isStatusJid: () => false,
+    stopMessagePipeline: stopSpy.stopMessagePipeline,
+    handleAntiLink: async () => false,
+    ensureCommandPrefixForContext: async () => '/',
+    resolveCaptchaByMessage: async () => {},
+    maybeHandleStartLoginMessage: async () => false,
+    mergeAnalysisMetadata: (analysisPayload, patch) => {
+      analysisPayload.metadata = {
+        ...(analysisPayload.metadata || {}),
+        ...(patch || {}),
+      };
+    },
+    ensureGroupConfigForContext: async () => ({}),
+    resolveStickerFocusState: () => ({ enabled: false }),
+    resolveStickerFocusMessageClassification: () => ({ isThrottleCandidate: false }),
+    resolveGroupOwnerForContext: async (ctx) => {
+      ctx.ownerSessionId = 'session-owner';
+      return { ownerSessionId: 'session-owner' };
+    },
+    ownerEnforcementMode: 'enforce',
+    primarySessionId: 'session-primary',
+    isUserAdmin: async () => false,
+    canSendMessageInStickerFocus: () => ({ allowed: true, remainingMs: 0 }),
+    registerMessageUsageInStickerFocus: () => {},
+    shouldSendStickerFocusWarning: () => false,
+    sendReply: async () => {},
+    formatStickerFocusRuleLabel: () => '',
+    formatRemainingMinutesLabel: () => 1,
+    logger: { warn: () => {}, info: () => {} },
+  });
+
+  const ctx = createBaseContext({
+    sessionId: 'session-worker',
+    isGroupMessage: true,
+    remoteJid: '120363111111111111@g.us',
+  });
+  const result = await middlewares.enforceGroupOwnerMiddleware(ctx);
+
+  assert.deepEqual(result, { stop: true });
+  assert.equal(stopSpy.calls.length, 1);
+  assert.equal(stopSpy.calls[0].processingResult, 'blocked_group_owner_enforcement');
+  assert.equal(ctx.analysisPayload.metadata.owner_enforcement_result, 'blocked_non_owner');
+  assert.equal(ctx.analysisPayload.metadata.owner_session_id, 'session-owner');
+});
+
+test('pre-processing owner gate apenas loga em modo shadow para sessao nao-owner', async () => {
+  const stopSpy = createStopSpy();
+  const infoLogs = [];
+
+  const middlewares = createPreProcessingMiddlewares({
+    executeQuery: async () => [],
+    TABLES: { RPG_PLAYER: 'rpg_player' },
+    isStatusJid: () => false,
+    stopMessagePipeline: stopSpy.stopMessagePipeline,
+    handleAntiLink: async () => false,
+    ensureCommandPrefixForContext: async () => '/',
+    resolveCaptchaByMessage: async () => {},
+    maybeHandleStartLoginMessage: async () => false,
+    mergeAnalysisMetadata: (analysisPayload, patch) => {
+      analysisPayload.metadata = {
+        ...(analysisPayload.metadata || {}),
+        ...(patch || {}),
+      };
+    },
+    ensureGroupConfigForContext: async () => ({}),
+    resolveStickerFocusState: () => ({ enabled: false }),
+    resolveStickerFocusMessageClassification: () => ({ isThrottleCandidate: false }),
+    resolveGroupOwnerForContext: async (ctx) => {
+      ctx.ownerSessionId = 'session-owner';
+      return { ownerSessionId: 'session-owner' };
+    },
+    ownerEnforcementMode: 'shadow',
+    primarySessionId: 'session-primary',
+    isUserAdmin: async () => false,
+    canSendMessageInStickerFocus: () => ({ allowed: true, remainingMs: 0 }),
+    registerMessageUsageInStickerFocus: () => {},
+    shouldSendStickerFocusWarning: () => false,
+    sendReply: async () => {},
+    formatStickerFocusRuleLabel: () => '',
+    formatRemainingMinutesLabel: () => 1,
+    logger: { warn: () => {}, info: (msg, payload) => infoLogs.push({ msg, payload }) },
+  });
+
+  const ctx = createBaseContext({
+    sessionId: 'session-worker',
+    isGroupMessage: true,
+  });
+  const result = await middlewares.enforceGroupOwnerMiddleware(ctx);
+
+  assert.equal(result, null);
+  assert.equal(stopSpy.calls.length, 0);
+  assert.equal(ctx.pipelineStopped, false);
+  assert.equal(ctx.analysisPayload.metadata.owner_enforcement_result, 'shadow_non_owner');
+  assert.equal(infoLogs.length, 1);
+});
+
 test('conversation middleware responde e interrompe pipeline', async () => {
   const stopSpy = createStopSpy();
   const replies = [];

package/app/controllers/messagePipeline/preProcessingMiddlewares.js

@@ -1,4 +1,9 @@
-export const createPreProcessingMiddlewares = ({ executeQuery, TABLES, isStatusJid, stopMessagePipeline, handleAntiLink, ensureCommandPrefixForContext, resolveCaptchaByMessage, maybeHandleStartLoginMessage, mergeAnalysisMetadata, ensureGroupConfigForContext, resolveStickerFocusState, resolveStickerFocusMessageClassification, resolveSenderAdminForContext, isUserAdmin, canSendMessageInStickerFocus, registerMessageUsageInStickerFocus, shouldSendStickerFocusWarning, sendReply, formatStickerFocusRuleLabel, formatRemainingMinutesLabel, logger }) => {
+export const createPreProcessingMiddlewares = ({ executeQuery, TABLES, isStatusJid, stopMessagePipeline, handleAntiLink, ensureCommandPrefixForContext, resolveCaptchaByMessage, maybeHandleStartLoginMessage, mergeAnalysisMetadata, ensureGroupConfigForContext, resolveStickerFocusState, resolveStickerFocusMessageClassification, resolveGroupOwnerForContext, ownerEnforcementMode = 'off', primarySessionId = 'default', resolveSenderAdminForContext, isUserAdmin, canSendMessageInStickerFocus, registerMessageUsageInStickerFocus, shouldSendStickerFocusWarning, sendReply, formatStickerFocusRuleLabel, formatRemainingMinutesLabel, logger }) => {
+  const normalizedOwnerEnforcementMode = String(ownerEnforcementMode || 'off')
+    .trim()
+    .toLowerCase();
+  const effectiveOwnerEnforcementMode = normalizedOwnerEnforcementMode === 'enforce' || normalizedOwnerEnforcementMode === 'shadow' ? normalizedOwnerEnforcementMode : 'off';
+
   const touchSenderLastSeenMiddleware = async (ctx) => {
     if (!ctx.senderJid || isStatusJid(ctx.remoteJid)) return;
 
@@ -21,6 +26,78 @@ export const createPreProcessingMiddlewares = ({ executeQuery, TABLES, isStatusJ
     });
   };
 
+  const enforceGroupOwnerMiddleware = async (ctx) => {
+    if (!ctx.isGroupMessage) return null;
+
+    mergeAnalysisMetadata(ctx.analysisPayload, {
+      owner_enforcement_mode: effectiveOwnerEnforcementMode,
+      processing_session_id: ctx.sessionId,
+    });
+
+    if (effectiveOwnerEnforcementMode === 'off') return null;
+
+    if (typeof resolveGroupOwnerForContext !== 'function') {
+      logger.warn('Middleware de owner enforcement sem resolver de owner configurado.', {
+        action: 'group_owner_enforcement_missing_resolver',
+        sessionId: ctx.sessionId,
+        groupId: ctx.remoteJid,
+      });
+      return null;
+    }
+
+    const ownerState = await resolveGroupOwnerForContext(ctx);
+    const ownerSessionId = String(ctx.ownerSessionId || ownerState?.ownerSessionId || '').trim() || null;
+    ctx.ownerSessionId = ownerSessionId;
+
+    mergeAnalysisMetadata(ctx.analysisPayload, {
+      owner_session_id: ownerSessionId,
+    });
+
+    if (!ownerSessionId) {
+      mergeAnalysisMetadata(ctx.analysisPayload, {
+        owner_enforcement_result: 'owner_not_found',
+      });
+      return null;
+    }
+
+    const currentSessionId = String(ctx.sessionId || '').trim() || primarySessionId;
+    const isOwnerSession = ownerSessionId === currentSessionId;
+    if (isOwnerSession) {
+      mergeAnalysisMetadata(ctx.analysisPayload, {
+        owner_enforcement_result: 'owner_match',
+      });
+      return null;
+    }
+
+    if (effectiveOwnerEnforcementMode === 'shadow') {
+      mergeAnalysisMetadata(ctx.analysisPayload, {
+        owner_enforcement_result: 'shadow_non_owner',
+      });
+      logger.info('Owner enforcement (shadow): sessao nao-owner detectada no grupo.', {
+        action: 'group_owner_enforcement_shadow_non_owner',
+        groupId: ctx.remoteJid,
+        sessionId: currentSessionId,
+        ownerSessionId,
+        messageId: ctx.key?.id || null,
+      });
+      return null;
+    }
+
+    mergeAnalysisMetadata(ctx.analysisPayload, {
+      owner_enforcement_result: 'blocked_non_owner',
+      blocked_by: 'group_owner_enforcement',
+    });
+    logger.info('Owner enforcement: mensagem bloqueada em sessao nao-owner.', {
+      action: 'group_owner_enforcement_blocked_non_owner',
+      groupId: ctx.remoteJid,
+      sessionId: currentSessionId,
+      ownerSessionId,
+      messageId: ctx.key?.id || null,
+      isCommand: ctx.isCommandMessage,
+    });
+    return stopMessagePipeline(ctx, 'blocked_group_owner_enforcement');
+  };
+
   const applyGroupPolicyMiddleware = async (ctx) => {
     if (!ctx.isGroupMessage) return null;
 
@@ -129,7 +206,7 @@ export const createPreProcessingMiddlewares = ({ executeQuery, TABLES, isStatusJ
       if (shouldSendStickerFocusWarning({ groupId: ctx.remoteJid, senderJid: ctx.senderJid })) {
         try {
           await sendReply(ctx.sock, ctx.remoteJid, ctx.messageInfo, ctx.expirationMessage, {
-            text: '🖼️ Este chat está com *foco em sticker* ativo.\n' + 'Siga o padrão: envie apenas *imagens* ou *vídeos* para criação automática, ou compartilhe seus *stickers*.\n' + `Mensagens como texto e áudio seguem uma janela de tempo: *${formatStickerFocusRuleLabel(stickerFocusState)}*.\n` + `Tente novamente em ~${formatRemainingMinutesLabel(messageGate.remainingMs)} min ou peça para um admin abrir a janela com *${ctx.commandPrefix}chatwindow on*.`,
+            text: '🖼️ *Modo Sticker ativo!*\n\n' + 'Este chat está focado em *stickers automáticos*.\n' + '👉 Envie apenas *imagens* ou *vídeos* para gerar stickers,\n' + '👉 Ou compartilhe *stickers* normalmente.\n\n' + '⏳ *Texto e áudio estão temporariamente limitados*.\n' + `Janela atual: *${formatStickerFocusRuleLabel(stickerFocusState)}*\n` + `Tente novamente em ~${formatRemainingMinutesLabel(messageGate.remainingMs)}.\n\n` + `💡 Um admin pode liberar com: *${ctx.commandPrefix}chatwindow on*`,
           });
         } catch (error) {
           logger.warn('Falha ao enviar aviso de sticker focus.', {
@@ -157,6 +234,7 @@ export const createPreProcessingMiddlewares = ({ executeQuery, TABLES, isStatusJ
   return {
     touchSenderLastSeenMiddleware,
     ignoreUnprocessableMessageMiddleware,
+    enforceGroupOwnerMiddleware,
     applyGroupPolicyMiddleware,
     resolveCaptchaMiddleware,
     handleStartLoginTriggerMiddleware,

package/app/controllers/messageProcessingPipeline.js

@@ -4,7 +4,7 @@ import 'dotenv/config';
 import { isAdminCommand } from '../modules/adminModule/groupCommandHandlers.js';
 import { explicarComandoGlobal, registerGlobalHelpCommandExecution } from '../services/ai/globalModuleAiHelpService.js';
 import { extractSupportedStickerMediaDetails, processSticker } from '../modules/stickerModule/stickerCommand.js';
-import { detectAllMediaTypes, extractMessageContent, getExpiration, getJidServer, isGroupJid, isStatusJid, isSameJidUser, normalizeJid, normalizeWAPresence, resolveBotJid, extractSenderInfoFromMessage, resolveUserId, resolveAddressingModeFromMessageKey, resolveCanonicalWhatsAppJid, parseEnvBool, parseEnvInt } from '../config/index.js';
+import { detectAllMediaTypes, extractMessageContent, getExpiration, getJidServer, isGroupJid, isStatusJid, isSameJidUser, normalizeJid, normalizeWAPresence, resolveBotJid, extractSenderInfoFromMessage, resolveUserId, resolveAddressingModeFromMessageKey, resolveCanonicalWhatsAppJid, parseEnvBool, parseEnvInt, getMultiSessionRuntimeConfig } from '../config/index.js';
 import { isUserAdmin } from '../config/index.js';
 import { isAdminSenderAsync } from '../config/index.js';
 import { executeQuery, TABLES } from '../../database/index.js';
@@ -20,6 +20,7 @@ import { createMessageAnalysisEvent } from '../modules/analyticsModule/messageAn
 import { routeConversationMessage } from '../services/ai/conversationRouterService.js';
 import { executeMessageCommandRoute, isKnownNonAdminCommand } from '../services/ai/messageCommandExecutionService.js';
 import { canSendMessageInStickerFocus, registerMessageUsageInStickerFocus, resolveStickerFocusMessageClassification, resolveStickerFocusState, shouldSendStickerFocusWarning } from '../services/sticker/stickerFocusService.js';
+import { getOwner as getGroupOwner } from '../services/multiSession/groupOwnershipService.js';
 import { createPreProcessingMiddlewares } from './messagePipeline/preProcessingMiddlewares.js';
 import { createConversationMiddleware } from './messagePipeline/conversationMiddleware.js';
 import { createCommandMiddleware } from './messagePipeline/commandMiddleware.js';
@@ -41,6 +42,7 @@ const MESSAGE_REPLY_PRESENCE_BEFORE = normalizeWAPresence(process.env.MESSAGE_RE
 const MESSAGE_REPLY_PRESENCE_AFTER = normalizeWAPresence(process.env.MESSAGE_REPLY_PRESENCE_AFTER, 'paused');
 const MESSAGE_REPLY_PRESENCE_DELAY_MS = parseEnvInt(process.env.MESSAGE_REPLY_PRESENCE_DELAY_MS, 280, 0, 3_000);
 const MESSAGE_REPLY_PRESENCE_SUBSCRIBE = parseEnvBool(process.env.MESSAGE_REPLY_PRESENCE_SUBSCRIBE, true);
+const CONVERSATIONAL_AUTO_REPLY_ENABLED = parseEnvBool(process.env.CONVERSATIONAL_AUTO_REPLY_ENABLED, false);
 const WHATSAPP_COMMAND_REQUIRES_GOOGLE_LOGIN = parseEnvBool(process.env.WHATSAPP_COMMAND_REQUIRES_GOOGLE_LOGIN, true);
 const SITE_ORIGIN =
   String(process.env.SITE_ORIGIN || process.env.WHATSAPP_LOGIN_BASE_URL || 'https://omnizap.shop')
@@ -48,6 +50,19 @@ const SITE_ORIGIN =
     .replace(/\/+$/, '') || 'https://omnizap.shop';
 const SITE_LOGIN_URL = `${SITE_ORIGIN}/login/`;
 const SITE_GROUP_LOGIN_URL = `${SITE_ORIGIN}/login`;
+const MULTI_SESSION_RUNTIME_CONFIG = getMultiSessionRuntimeConfig();
+const PRIMARY_SESSION_ID = String(MULTI_SESSION_RUNTIME_CONFIG?.primarySessionId || 'default').trim() || 'default';
+const VALID_SESSION_IDS = new Set(Array.isArray(MULTI_SESSION_RUNTIME_CONFIG?.sessionIds) ? MULTI_SESSION_RUNTIME_CONFIG.sessionIds : [PRIMARY_SESSION_ID]);
+const GROUP_OWNER_ENFORCEMENT_MODE = String(MULTI_SESSION_RUNTIME_CONFIG?.ownerEnforcementMode || 'off')
+  .trim()
+  .toLowerCase();
+
+const normalizeSessionId = (sessionId) => {
+  const normalized = String(sessionId || '').trim();
+  if (!normalized) return PRIMARY_SESSION_ID;
+  if (VALID_SESSION_IDS.has(normalized)) return normalized;
+  return PRIMARY_SESSION_ID;
+};
 
 let messageAnalyticsTableMissingLogged = false;
 const recentCommandExecutions = new Map();
@@ -170,7 +185,7 @@ const maybeHandleStartLoginMessage = async ({ sock, messageInfo, extractedText,
 
   if (isGroupMessage) {
     await sendReply(sock, remoteJid, messageInfo, expirationMessage, {
-      text: 'Por seguranca, envie *iniciar* no privado do bot para receber seu link de login.',
+      text: '🔐 *Segurança dos seus dados*\n\n' + 'Para proteger sua conta, o acesso é feito apenas no *privado*.\n' + 'Envie *iniciar* no chat privado do bot para receber seu link de login seguro.\n\n' + '⚠️ Por segurança, não enviamos links de acesso em grupos.',
     });
     return true;
   }
@@ -199,7 +214,7 @@ const maybeHandleStartLoginMessage = async ({ sock, messageInfo, extractedText,
   const safeName = String(senderName || '').trim();
   const greeting = safeName ? `Oi, *${safeName}*!` : 'Oi!';
   await sendReply(sock, remoteJid, messageInfo, expirationMessage, {
-    text: `${greeting}\n\n` + 'Para continuar no OmniZap, faca login com Google neste link:\n' + `${loginUrl}\n\n` + 'Seu numero do WhatsApp sera vinculado automaticamente a conta logada.',
+    text: `${greeting}\n\n` + '🚀 *Bem-vindo ao OmniZap!*\n\n' + 'Para continuar, faça login com sua conta *Google* no link abaixo:\n\n' + `${loginUrl}\n\n` + '🔐 Seu número do WhatsApp será vinculado automaticamente à conta após o login.\n' + '⚠️ Use apenas este link e não compartilhe com outras pessoas.',
   });
 
   return true;
@@ -374,7 +389,7 @@ const ensureUserHasGoogleWebLoginForCommand = async ({ sock, messageInfo, sender
   }
 
   const loginUrl = isGroupMessage ? SITE_GROUP_LOGIN_URL : buildSiteLoginUrlForUser(resolvedCanonicalUserId || senderJid);
-  const loginMessage = isGroupMessage ? `Para usar os comandos do bot, você precisa estar logado no site com sua conta Google.\n\nAcesse:\n${loginUrl}` : `Para usar os comandos do bot, você precisa estar logado no site com sua conta Google.\n\nCadastre-se / faça login em:\n${loginUrl}\n\nDepois volte aqui e envie o comando novamente (ex.: ${commandPrefix}menu).`;
+  const loginMessage = isGroupMessage ? '🔐 *Login necessário*\n\n' + 'Para usar os comandos do bot, você precisa estar logado com sua conta *Google*.\n\n' + 'Acesse o link abaixo para entrar:\n' + `${loginUrl}\n\n` + '⚠️ Por segurança, recomendamos abrir o link no privado.' : '🔐 *Login necessário*\n\n' + 'Para usar os comandos do bot, faça login com sua conta *Google* no link abaixo:\n\n' + `${loginUrl}\n\n` + '✅ Após entrar, volte aqui e envie o comando novamente\n' + `(ex.: *${commandPrefix}menu*).`;
 
   await sendReply(sock, remoteJid, messageInfo, expirationMessage, {
     text: loginMessage,
@@ -459,6 +474,43 @@ const resolveSenderOwnerForContext = async (ctx) => {
   return ctx.memo.senderOwnerPromise;
 };
 
+const resolveGroupOwnerForContext = async (ctx, { bypassCache = false } = {}) => {
+  if (!ctx.isGroupMessage) return null;
+
+  if (!bypassCache && ctx.memo.groupOwnerPromise) {
+    return ctx.memo.groupOwnerPromise;
+  }
+
+  const fetchOwnerPromise = (async () => {
+    try {
+      const ownerState = await getGroupOwner(ctx.remoteJid, { bypassCache });
+      const ownerSessionId = String(ownerState?.ownerSessionId || '').trim() || null;
+      ctx.ownerSessionId = ownerSessionId;
+      mergeAnalysisMetadata(ctx.analysisPayload, {
+        owner_session_id: ownerSessionId,
+      });
+      return ownerState;
+    } catch (error) {
+      logger.warn('Falha ao resolver owner de grupo para roteamento de sessão.', {
+        action: 'group_owner_resolution_failed',
+        sessionId: ctx.sessionId,
+        groupId: ctx.remoteJid,
+        error: error?.message,
+      });
+      ctx.ownerSessionId = null;
+      mergeAnalysisMetadata(ctx.analysisPayload, {
+        owner_resolution_error: String(error?.code || error?.name || 'lookup_failed')
+          .trim()
+          .toLowerCase(),
+      });
+      return null;
+    }
+  })();
+
+  ctx.memo.groupOwnerPromise = fetchOwnerPromise;
+  return fetchOwnerPromise;
+};
+
 const resolveHasGoogleLoginForContext = async (ctx) => {
   if (ctx.isMessageFromBot || !WHATSAPP_COMMAND_REQUIRES_GOOGLE_LOGIN) {
     return undefined;
@@ -476,10 +528,11 @@ const resolveHasGoogleLoginForContext = async (ctx) => {
   return ctx.memo.hasGoogleLoginPromise;
 };
 
-const createMessagePipelineContext = async ({ messageInfo, upsertType, isNotifyUpsert, sock }) => {
+const createMessagePipelineContext = async ({ messageInfo, upsertType, isNotifyUpsert, sock, sessionId }) => {
   const key = messageInfo?.key || {};
   const remoteJid = key?.remoteJid;
   if (!remoteJid) return null;
+  const normalizedSessionId = normalizeSessionId(sessionId);
 
   const isGroupMessage = isGroupJid(remoteJid);
   const extractedText = extractMessageContent(messageInfo);
@@ -505,6 +558,7 @@ const createMessagePipelineContext = async ({ messageInfo, upsertType, isNotifyU
     .slice(0, 10);
 
   const analysisPayload = {
+    sessionId: normalizedSessionId,
     messageId: key?.id || null,
     chatId: remoteJid || null,
     senderId: senderJid || null,
@@ -530,6 +584,8 @@ const createMessagePipelineContext = async ({ messageInfo, upsertType, isNotifyU
       upsert_type: upsertType,
       is_notify_upsert: isNotifyUpsert,
       is_history_append: upsertType === 'append',
+      session_id: normalizedSessionId,
+      owner_session_id: null,
       addressing_mode: addressingMode || null,
       participant_alt: key?.participantAlt || null,
       remote_jid_alt: key?.remoteJidAlt || null,
@@ -550,6 +606,8 @@ const createMessagePipelineContext = async ({ messageInfo, upsertType, isNotifyU
     botJidCandidates,
     botJid,
     isMessageFromBot,
+    sessionId: normalizedSessionId,
+    ownerSessionId: null,
     commandPrefix: DEFAULT_COMMAND_PREFIX,
     groupConfig: null,
     groupConfigLoaded: false,
@@ -564,7 +622,7 @@ const createMessagePipelineContext = async ({ messageInfo, upsertType, isNotifyU
   };
 };
 
-const { touchSenderLastSeenMiddleware, ignoreUnprocessableMessageMiddleware, applyGroupPolicyMiddleware, resolveCaptchaMiddleware, handleStartLoginTriggerMiddleware, detectCommandIntentMiddleware, applyStickerFocusMiddleware } = createPreProcessingMiddlewares({
+const { touchSenderLastSeenMiddleware, ignoreUnprocessableMessageMiddleware, enforceGroupOwnerMiddleware, applyGroupPolicyMiddleware, resolveCaptchaMiddleware, handleStartLoginTriggerMiddleware, detectCommandIntentMiddleware, applyStickerFocusMiddleware } = createPreProcessingMiddlewares({
   executeQuery,
   TABLES,
   isStatusJid,
@@ -577,6 +635,9 @@ const { touchSenderLastSeenMiddleware, ignoreUnprocessableMessageMiddleware, app
   ensureGroupConfigForContext,
   resolveStickerFocusState,
   resolveStickerFocusMessageClassification,
+  resolveGroupOwnerForContext,
+  ownerEnforcementMode: GROUP_OWNER_ENFORCEMENT_MODE,
+  primarySessionId: PRIMARY_SESSION_ID,
   resolveSenderAdminForContext,
   isUserAdmin,
   canSendMessageInStickerFocus,
@@ -605,6 +666,7 @@ const routeConversationMiddleware = createConversationMiddleware({
   sendReply,
   routeConversationMessage,
   stopMessagePipeline,
+  conversationAutoReplyEnabled: CONVERSATIONAL_AUTO_REPLY_ENABLED,
 });
 
 const executeCommandMiddleware = createCommandMiddleware({
@@ -642,7 +704,7 @@ const runPostProcessingMiddleware = createPostProcessingMiddleware({
   normalizeAnalysisErrorCode,
 });
 
-const MESSAGE_PIPELINE_MIDDLEWARES = [touchSenderLastSeenMiddleware, ignoreUnprocessableMessageMiddleware, applyGroupPolicyMiddleware, resolveCaptchaMiddleware, handleStartLoginTriggerMiddleware, detectCommandIntentMiddleware, applyStickerFocusMiddleware, routeConversationMiddleware, executeCommandMiddleware, runPostProcessingMiddleware];
+const MESSAGE_PIPELINE_MIDDLEWARES = [touchSenderLastSeenMiddleware, ignoreUnprocessableMessageMiddleware, enforceGroupOwnerMiddleware, applyGroupPolicyMiddleware, resolveCaptchaMiddleware, handleStartLoginTriggerMiddleware, detectCommandIntentMiddleware, applyStickerFocusMiddleware, routeConversationMiddleware, executeCommandMiddleware, runPostProcessingMiddleware];
 
 const runMessagePipeline = async (ctx) => {
   for (const middleware of MESSAGE_PIPELINE_MIDDLEWARES) {
@@ -657,7 +719,8 @@ const runMessagePipeline = async (ctx) => {
  *
  * @param {Object} update - Objeto contendo a atualização do WhatsApp.
  */
-export const handleMessagesThroughPipeline = async (update, sock) => {
+export const handleMessagesThroughPipeline = async (update, sock, options = {}) => {
+  const sessionId = normalizeSessionId(options?.sessionId);
   if (update.messages && Array.isArray(update.messages)) {
     try {
       const upsertType = update?.type || null;
@@ -669,6 +732,7 @@ export const handleMessagesThroughPipeline = async (update, sock) => {
           upsertType,
           isNotifyUpsert,
           sock,
+          sessionId,
         });
         if (!context) continue;
 
@@ -678,19 +742,34 @@ export const handleMessagesThroughPipeline = async (update, sock) => {
           context.analysisPayload.processingResult = 'error';
           context.analysisPayload.errorCode = normalizeAnalysisErrorCode(messageError);
           logger.error('Erro ao processar mensagem individual:', {
+            sessionId,
+            ownerSessionId: context.ownerSessionId || null,
             error: messageError?.message,
             messageId: context.key?.id || null,
             remoteJid: context.remoteJid,
           });
         } finally {
+          logger.debug('Mensagem processada pelo pipeline.', {
+            action: 'message_pipeline_processed',
+            sessionId: context.sessionId,
+            ownerSessionId: context.ownerSessionId || null,
+            messageId: context.key?.id || null,
+            remoteJid: context.remoteJid,
+            result: context.analysisPayload.processingResult,
+            isCommand: context.analysisPayload.isCommand,
+          });
           persistMessageAnalysisEvent(context.analysisPayload);
         }
       }
     } catch (error) {
-      logger.error('Erro ao processar mensagens:', error?.message);
+      logger.error('Erro ao processar mensagens:', {
+        sessionId,
+        error: error?.message,
+      });
     }
   } else {
     logger.info('🔄 Processando evento recebido:', {
+      sessionId,
       eventType: update?.type || 'unknown',
       eventData: update,
     });