npm - @omnizap-system/omnizap - Versions diffs - 2.6.1 → 2.6.2 - Mend

@omnizap-system/omnizap 2.6.1 → 2.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (156) hide show

package/.env.example +54 -9
package/.github/workflows/ci.yml +3 -3
package/.github/workflows/security-runner-hardening.yml +1 -1
package/.github/workflows/security-zap-full-scan.yml +1 -0
package/app/config/index.js +2 -0
package/app/configParts/adminIdentity.js +5 -5
package/app/configParts/baileysConfig.js +226 -55
package/app/configParts/groupUtils.js +5 -0
package/app/configParts/messagePersistenceService.js +143 -3
package/app/configParts/sessionConfig.js +157 -0
package/app/connection/baileysCompatibility.test.js +1 -1
package/app/connection/groupOwnerWriteStateResolver.js +109 -0
package/app/connection/socketController.js +625 -124
package/app/connection/socketController.multiSession.test.js +108 -0
package/app/controllers/messageController.js +1 -1
package/app/controllers/messagePipeline/commandMiddleware.js +12 -10
package/app/controllers/messagePipeline/conversationMiddleware.js +2 -1
package/app/controllers/messagePipeline/messagePipelineMiddlewares.test.js +104 -0
package/app/controllers/messagePipeline/preProcessingMiddlewares.js +80 -2
package/app/controllers/messageProcessingPipeline.js +88 -9
package/app/controllers/messageProcessingPipeline.test.js +200 -0
package/app/modules/adminModule/AGENT.md +1 -1
package/app/modules/adminModule/commandConfig.json +3318 -1347
package/app/modules/adminModule/groupCommandHandlers.js +856 -14
package/app/modules/adminModule/groupCommandHandlers.test.js +375 -9
package/app/modules/adminModule/groupWarningRepository.js +152 -0
package/app/modules/aiModule/AGENT.md +47 -30
package/app/modules/aiModule/aiConfigRuntime.js +1 -0
package/app/modules/aiModule/catCommand.js +132 -25
package/app/modules/aiModule/commandConfig.json +114 -28
package/app/modules/analyticsModule/messageAnalysisEventRepository.js +54 -6
package/app/modules/gameModule/AGENT.md +1 -1
package/app/modules/gameModule/commandConfig.json +29 -0
package/app/modules/menuModule/AGENT.md +1 -1
package/app/modules/menuModule/commandConfig.json +45 -10
package/app/modules/menuModule/menuCatalogService.js +190 -0
package/app/modules/menuModule/menuCommandUsageRepository.js +109 -0
package/app/modules/menuModule/menuDynamicService.js +511 -0
package/app/modules/menuModule/menuDynamicService.test.js +141 -0
package/app/modules/menuModule/menus.js +36 -5
package/app/modules/playModule/AGENT.md +10 -5
package/app/modules/playModule/commandConfig.json +74 -16
package/app/modules/playModule/playCommandConstants.js +13 -7
package/app/modules/playModule/playCommandCore.js +4 -6
package/app/modules/playModule/{playCommandYtDlpClient.js → playCommandMediaClient.js} +684 -332
package/app/modules/playModule/playConfigRuntime.js +5 -6
package/app/modules/playModule/playModuleCriticalFlows.test.js +44 -59
package/app/modules/quoteModule/AGENT.md +1 -1
package/app/modules/quoteModule/commandConfig.json +29 -0
package/app/modules/rpgPokemonModule/AGENT.md +1 -1
package/app/modules/rpgPokemonModule/commandConfig.json +29 -0
package/app/modules/statsModule/AGENT.md +1 -1
package/app/modules/statsModule/commandConfig.json +58 -0
package/app/modules/stickerModule/AGENT.md +1 -1
package/app/modules/stickerModule/commandConfig.json +145 -0
package/app/modules/stickerPackModule/AGENT.md +1 -1
package/app/modules/stickerPackModule/autoPackCollectorService.js +5 -1
package/app/modules/stickerPackModule/commandConfig.json +29 -0
package/app/modules/stickerPackModule/stickerAutoPackByTagsRuntime.js +1 -1
package/app/modules/stickerPackModule/stickerPackCommandHandlers.js +78 -57
package/app/modules/stickerPackModule/stickerPackService.js +13 -6
package/app/modules/systemMetricsModule/AGENT.md +1 -1
package/app/modules/systemMetricsModule/commandConfig.json +29 -0
package/app/modules/tiktokModule/AGENT.md +1 -1
package/app/modules/tiktokModule/commandConfig.json +29 -0
package/app/modules/userModule/AGENT.md +1 -1
package/app/modules/userModule/commandConfig.json +29 -0
package/app/modules/waifuPicsModule/AGENT.md +57 -27
package/app/modules/waifuPicsModule/commandConfig.json +87 -0
package/app/observability/metrics.js +136 -0
package/app/services/ai/commandConfigEnrichmentService.js +229 -47
package/app/services/ai/geminiService.js +131 -7
package/app/services/ai/geminiService.test.js +59 -2
package/app/services/ai/moduleAiHelpCoreService.js +33 -4
package/app/services/group/groupMetadataService.js +24 -1
package/app/services/infra/dbWriteQueue.js +51 -21
package/app/services/messaging/newsBroadcastService.js +843 -27
package/app/services/multiSession/assignmentBalancerService.js +457 -0
package/app/services/multiSession/groupOwnershipRepository.js +381 -0
package/app/services/multiSession/groupOwnershipService.js +890 -0
package/app/services/multiSession/groupOwnershipService.test.js +309 -0
package/app/services/multiSession/sessionRegistryService.js +293 -0
package/app/store/aiPromptStore.js +36 -19
package/app/store/groupConfigStore.js +41 -5
package/app/store/premiumUserStore.js +21 -7
package/app/utils/antiLink/antiLinkModule.js +352 -16
package/app/workers/aiHelperContinuousLearningWorker.js +512 -0
package/database/index.js +6 -0
package/database/migrations/20260307_d0_hardening_down.sql +1 -1
package/database/migrations/20260314_d7_canonical_sender_down.sql +1 -1
package/database/migrations/20260406_d30_security_analytics_down.sql +1 -1
package/database/migrations/20260411_d35_group_community_metadata_down.sql +59 -0
package/database/migrations/20260411_d35_group_community_metadata_up.sql +62 -0
package/database/migrations/20260412_d36_system_config_tables_down.sql +32 -0
package/database/migrations/20260412_d36_system_config_tables_up.sql +66 -0
package/database/migrations/20260413_d37_group_user_warnings_down.sql +11 -0
package/database/migrations/20260413_d37_group_user_warnings_up.sql +24 -0
package/database/migrations/20260414_d38_multi_session_foundation_down.sql +72 -0
package/database/migrations/20260414_d38_multi_session_foundation_up.sql +125 -0
package/database/migrations/20260414_d39_multi_session_cutover_down.sql +103 -0
package/database/migrations/20260414_d39_multi_session_cutover_up.sql +83 -0
package/database/schema.sql +102 -1
package/docker-compose.yml +4 -1
package/docs/compliance/acceptable-use-policy-2026-03-07.md +1 -1
package/docs/compliance/privacy-policy-2026-03-07.md +2 -2
package/docs/security/dsar-lgpd-runbook-2026-03-07.md +1 -1
package/docs/security/network-hardening-runbook-2026-03-07.md +53 -0
package/docs/security/omnizap-static-security-headers.conf +25 -0
package/ecosystem.prod.config.cjs +31 -11
package/index.js +52 -18
package/observability/alert-rules.yml +20 -0
package/observability/grafana/dashboards/omnizap-system-admin.json +229 -0
package/observability/mysql-setup.sql +4 -4
package/observability/system-admin-observability.md +26 -0
package/package.json +12 -5
package/public/comandos/commands-catalog.json +2253 -78
package/public/js/apps/commandsReactApp.js +267 -87
package/public/js/apps/createPackApp.js +3 -3
package/public/js/apps/stickersApp.js +255 -103
package/public/js/apps/termsReactApp.js +57 -8
package/public/js/apps/userPasswordResetReactApp.js +406 -0
package/public/js/apps/userReactApp.js +96 -47
package/public/js/apps/userSystemAdmReactApp.js +1506 -0
package/public/pages/politica-de-privacidade.html +1 -1
package/public/pages/stickers.html +5 -5
package/public/pages/termos-de-uso-texto-integral.html +1 -1
package/public/pages/termos-de-uso.html +1 -1
package/public/pages/user-password-reset.html +3 -4
package/public/pages/user-systemadm.html +8 -462
package/public/pages/user.html +1 -1
package/scripts/clear-whatsapp-session.sh +123 -0
package/scripts/core-ai-mode.mjs +163 -0
package/scripts/deploy.sh +10 -0
package/scripts/enrich-command-config-ux-openai.mjs +492 -0
package/scripts/generate-commands-catalog.mjs +155 -0
package/scripts/new-whatsapp-session.sh +317 -0
package/scripts/security-web-surface-check.mjs +218 -0
package/server/controllers/admin/adminPanelHandlers.js +253 -3
package/server/controllers/admin/systemAdminController.js +267 -0
package/server/controllers/sticker/stickerCatalogController.js +9 -23
package/server/controllers/system/contactController.js +9 -17
package/server/controllers/system/stickerCatalogSystemContext.js +27 -6
package/server/controllers/system/systemController.js +254 -1
package/server/controllers/userController.js +6 -0
package/server/email/emailTemplateService.js +3 -2
package/server/http/httpServer.js +8 -4
package/server/middleware/securityHeaders.js +20 -1
package/server/routes/admin/systemAdminRouter.js +6 -0
package/server/routes/indexRouter.js +30 -6
package/server/routes/observability/grafanaProxyRouter.js +254 -0
package/server/routes/static/staticPageRouter.js +27 -1
package/server/utils/publicContact.js +31 -0
package/utils/whatsapp/contactEnv.js +39 -0
package/vite.config.mjs +2 -1
package/app/modules/playModule/local/installYtDlp.js +0 -25
package/app/modules/playModule/local/ytDlpInstaller.js +0 -28

package/app/modules/adminModule/groupCommandHandlers.test.js CHANGED Viewed

@@ -17,6 +17,7 @@ const ENV_OVERRIDES = {
   DB_MONITOR_ENABLED: 'false',
   METRICS_ENABLED: 'false',
   ADMIN_AI_HELP_SCHEDULER_ENABLED: 'false',
+  WHATSAPP_ADMIN_JID: OWNER_JID,
   USER_ADMIN: OWNER_PHONE,
 };
@@ -56,27 +57,113 @@ const normalizeSql = (sql) =>
 const createDbHarness = () => {
   const groupConfigRows = new Map();
   const groupMetadataRows = new Map();
+  const premiumUserRows = new Set();
+  const groupUserWarningsRows = [];
+  let warningAutoIncrement = 1;
   const execute = async (sql, params = []) => {
     const normalized = normalizeSql(sql);
+    const normalizedNoTicks = normalized.replaceAll('`', '');
-    if (normalized.startsWith('select * from `groups_metadata` where id = ?')) {
+    if (normalizedNoTicks.startsWith('select * from groups_metadata where id = ?')) {
       const row = groupMetadataRows.get(params[0]);
       return [[row].filter(Boolean), []];
     }
-    if (normalized.startsWith('select * from `group_configs` where id = ?')) {
+    if (normalizedNoTicks.startsWith('select * from group_configs where id = ?')) {
       const row = groupConfigRows.get(params[0]);
       return [[row].filter(Boolean), []];
     }
-    if (normalized.startsWith('insert into `group_configs`')) {
+    if (normalizedNoTicks.startsWith('insert into group_configs')) {
       const [id, config] = params;
       groupConfigRows.set(id, { id, config: String(config) });
       return [{ affectedRows: 1 }, []];
     }
-    if (normalized.includes('from lid_map') || normalized.includes('from `lid_map`') || normalized.includes('into `lid_map`') || normalized.startsWith('update `messages`')) {
+    if (normalizedNoTicks.startsWith('select id from system_premium_users')) {
+      const rows = Array.from(premiumUserRows.values())
+        .sort((left, right) => String(left).localeCompare(String(right)))
+        .map((id) => ({ id }));
+      return [rows, []];
+    }
+    if (normalizedNoTicks.startsWith('delete from system_premium_users')) {
+      premiumUserRows.clear();
+      return [{ affectedRows: 1 }, []];
+    }
+    if (normalizedNoTicks.startsWith('insert into system_premium_users')) {
+      const [id] = params;
+      premiumUserRows.add(String(id || ''));
+      return [{ affectedRows: 1 }, []];
+    }
+    if (normalizedNoTicks.startsWith('insert into group_user_warnings')) {
+      const [groupId, participantJid, warnedByJid, reason] = params;
+      groupUserWarningsRows.push({
+        id: warningAutoIncrement++,
+        group_id: String(groupId || ''),
+        participant_jid: String(participantJid || '').toLowerCase(),
+        warned_by_jid: warnedByJid ? String(warnedByJid).toLowerCase() : null,
+        reason: reason ? String(reason) : null,
+        created_at: new Date(__timeNowMs()).toISOString(),
+      });
+      return [{ affectedRows: 1 }, []];
+    }
+    if (normalizedNoTicks.startsWith('select count(*) as total from group_user_warnings')) {
+      const [groupId, participantJid] = params;
+      const filtered = groupUserWarningsRows.filter((row) => row.group_id === String(groupId || '') && row.participant_jid === String(participantJid || '').toLowerCase());
+      return [[{ total: filtered.length }], []];
+    }
+    if (normalizedNoTicks.startsWith('select id, group_id, participant_jid, warned_by_jid, reason, created_at from group_user_warnings')) {
+      const [groupId, participantJid, limit] = params;
+      const safeLimit = Number.parseInt(String(limit || 0), 10);
+      const filtered = groupUserWarningsRows
+        .filter((row) => row.group_id === String(groupId || '') && row.participant_jid === String(participantJid || '').toLowerCase())
+        .sort((left, right) => right.id - left.id)
+        .slice(0, Number.isFinite(safeLimit) && safeLimit > 0 ? safeLimit : 20)
+        .map((row) => ({ ...row }));
+      return [filtered, []];
+    }
+    if (normalizedNoTicks.startsWith('delete from group_user_warnings') && normalizedNoTicks.includes('order by id desc limit ?')) {
+      const [groupId, participantJid, limit] = params;
+      const safeGroupId = String(groupId || '');
+      const safeParticipantJid = String(participantJid || '').toLowerCase();
+      const safeLimit = Number.parseInt(String(limit || 0), 10);
+      const rowsToDelete = groupUserWarningsRows
+        .filter((row) => row.group_id === safeGroupId && row.participant_jid === safeParticipantJid)
+        .sort((left, right) => right.id - left.id)
+        .slice(0, Number.isFinite(safeLimit) && safeLimit > 0 ? safeLimit : 1)
+        .map((row) => row.id);
+      if (rowsToDelete.length > 0) {
+        for (let index = groupUserWarningsRows.length - 1; index >= 0; index -= 1) {
+          if (!rowsToDelete.includes(groupUserWarningsRows[index].id)) continue;
+          groupUserWarningsRows.splice(index, 1);
+        }
+      }
+      return [{ affectedRows: rowsToDelete.length }, []];
+    }
+    if (normalizedNoTicks.startsWith('delete from group_user_warnings')) {
+      const [groupId, participantJid] = params;
+      const safeGroupId = String(groupId || '');
+      const safeParticipantJid = String(participantJid || '').toLowerCase();
+      let removed = 0;
+      for (let index = groupUserWarningsRows.length - 1; index >= 0; index -= 1) {
+        if (groupUserWarningsRows[index].group_id !== safeGroupId || groupUserWarningsRows[index].participant_jid !== safeParticipantJid) continue;
+        groupUserWarningsRows.splice(index, 1);
+        removed += 1;
+      }
+      return [{ affectedRows: removed }, []];
+    }
+    if (normalizedNoTicks.includes('from lid_map') || normalizedNoTicks.includes('into lid_map') || normalizedNoTicks.startsWith('update messages')) {
       return [[], []];
     }
@@ -102,11 +189,19 @@ const createDbHarness = () => {
     return row ? JSON.parse(row.config) : {};
   };
+  const setPremiumUsers = (premiumUsers) => {
+    premiumUserRows.clear();
+    for (const premiumUser of premiumUsers || []) {
+      premiumUserRows.add(String(premiumUser || ''));
+    }
+  };
   return {
     execute,
     setGroupParticipants,
     setGroupConfig,
     getGroupConfig,
+    setPremiumUsers,
   };
 };
@@ -135,10 +230,26 @@ const createSockStub = () => {
   };
 };
-const buildMessageInfo = (participant = OWNER_JID) => ({
-  key: { participant },
-  message: {},
-});
+const buildMessageInfo = (participant = OWNER_JID, { mentionedJid = [], replyParticipant = '' } = {}) => {
+  const contextInfo = {};
+  if (Array.isArray(mentionedJid) && mentionedJid.length > 0) {
+    contextInfo.mentionedJid = mentionedJid;
+  }
+  if (replyParticipant) {
+    contextInfo.participant = replyParticipant;
+  }
+  return {
+    key: { participant },
+    message: Object.keys(contextInfo).length
+      ? {
+          extendedTextMessage: {
+            contextInfo,
+          },
+        }
+      : {},
+  };
+};
 const runAdminCommand = async ({ command, args = [], text = args.join(' '), sock, senderJid = OWNER_JID, remoteJid = GROUP_JID, isGroupMessage = true, messageInfo, botJid = BOT_JID }) =>
   handleAdminCommand({
@@ -182,6 +293,13 @@ after(() => {
 test('isAdminCommand reconhece comandos válidos', () => {
   assert.equal(isAdminCommand('nsfw'), true);
   assert.equal(isAdminCommand('banir'), true);
+  assert.equal(isAdminCommand('warn'), true);
+  assert.equal(isAdminCommand('warnings'), true);
+  assert.equal(isAdminCommand('clearwarn'), true);
+  assert.equal(isAdminCommand('warnlimit'), true);
+  assert.equal(isAdminCommand('stickerallowance'), true);
+  assert.equal(isAdminCommand('noticiasfiltro'), true);
+  assert.equal(isAdminCommand('grupoaudit'), true);
   assert.equal(isAdminCommand('comando-inexistente'), false);
 });
@@ -289,6 +407,167 @@ test('ban bloqueia tentativa de remover o próprio bot', async () => {
   assert.equal(messages[0].content.text, 'Operação cancelada: o bot não pode remover a própria conta.');
 });
+test('warn registra advertência e warnings lista histórico', async () => {
+  const { sock, messages } = createSockStub();
+  dbHarness.setGroupParticipants(GROUP_JID, [{ id: OWNER_JID, admin: 'admin' }]);
+  await runAdminCommand({
+    command: 'warn',
+    args: ['@alvo', 'spam', 'repetitivo'],
+    sock,
+    messageInfo: buildMessageInfo(OWNER_JID, { mentionedJid: [TARGET_JID] }),
+  });
+  assert.match(messages[messages.length - 1].content.text, /Advertência registrada/i);
+  assert.match(messages[messages.length - 1].content.text, /spam repetitivo/i);
+  await runAdminCommand({
+    command: 'warnings',
+    args: [],
+    sock,
+    messageInfo: buildMessageInfo(OWNER_JID, { replyParticipant: TARGET_JID }),
+  });
+  assert.match(messages[messages.length - 1].content.text, /Histórico de advertências/i);
+  assert.match(messages[messages.length - 1].content.text, /Total neste grupo: \*1\*/i);
+  assert.match(messages[messages.length - 1].content.text, /spam repetitivo/i);
+});
+test('warn aplica auto-ban no limite padrão de 3 advertências', async () => {
+  const { sock, messages, participantUpdates } = createSockStub();
+  dbHarness.setGroupParticipants(GROUP_JID, [{ id: OWNER_JID, admin: 'admin' }]);
+  await runAdminCommand({
+    command: 'warn',
+    args: [TARGET_JID, 'motivo-1'],
+    sock,
+  });
+  await runAdminCommand({
+    command: 'warn',
+    args: [TARGET_JID, 'motivo-2'],
+    sock,
+  });
+  await runAdminCommand({
+    command: 'warn',
+    args: [TARGET_JID, 'motivo-3'],
+    sock,
+  });
+  assert.equal(participantUpdates.length, 1);
+  assert.deepEqual(participantUpdates[0], {
+    groupId: GROUP_JID,
+    participants: [TARGET_JID],
+    action: 'remove',
+  });
+  assert.match(messages[messages.length - 1].content.text, /Auto-ban configurado para: \*3\*/i);
+  assert.match(messages[messages.length - 1].content.text, /Limite atingido/i);
+});
+test('warnlimit permite ajustar limite por grupo e resetar para padrão', async () => {
+  const { sock, messages, participantUpdates } = createSockStub();
+  dbHarness.setGroupParticipants(GROUP_JID, [{ id: OWNER_JID, admin: 'admin' }]);
+  await runAdminCommand({
+    command: 'warnlimit',
+    args: ['2'],
+    sock,
+  });
+  assert.equal(dbHarness.getGroupConfig(GROUP_JID).warnAutoBanThreshold, 2);
+  await runAdminCommand({
+    command: 'warn',
+    args: [TARGET_JID, 'motivo-1'],
+    sock,
+  });
+  await runAdminCommand({
+    command: 'warn',
+    args: [TARGET_JID, 'motivo-2'],
+    sock,
+  });
+  assert.equal(participantUpdates.length, 1);
+  assert.deepEqual(participantUpdates[0], {
+    groupId: GROUP_JID,
+    participants: [TARGET_JID],
+    action: 'remove',
+  });
+  await runAdminCommand({
+    command: 'warnlimit',
+    args: ['status'],
+    sock,
+  });
+  assert.match(messages[messages.length - 1].content.text, /Limite atual de auto-ban/i);
+  assert.match(messages[messages.length - 1].content.text, /\*2\*/);
+  await runAdminCommand({
+    command: 'warnlimit',
+    args: ['reset'],
+    sock,
+  });
+  assert.equal(dbHarness.getGroupConfig(GROUP_JID).warnAutoBanThreshold, null);
+  assert.match(messages[messages.length - 1].content.text, /padrão: \*3\*/i);
+});
+test('clearwarn remove parcialmente e depois remove todas as advertências', async () => {
+  const { sock, messages } = createSockStub();
+  dbHarness.setGroupParticipants(GROUP_JID, [{ id: OWNER_JID, admin: 'admin' }]);
+  await runAdminCommand({
+    command: 'warn',
+    args: [TARGET_JID, 'motivo-1'],
+    sock,
+  });
+  await runAdminCommand({
+    command: 'warn',
+    args: [TARGET_JID, 'motivo-2'],
+    sock,
+  });
+  await runAdminCommand({
+    command: 'warn',
+    args: [TARGET_JID, 'motivo-3'],
+    sock,
+  });
+  await runAdminCommand({
+    command: 'clearwarn',
+    args: [TARGET_JID, '2'],
+    sock,
+  });
+  assert.match(messages[messages.length - 1].content.text, /removi \*2 advertência\(s\)\*/i);
+  assert.match(messages[messages.length - 1].content.text, /Advertências restantes neste grupo: \*1\*/i);
+  await runAdminCommand({
+    command: 'clearwarn',
+    args: [TARGET_JID, 'all'],
+    sock,
+  });
+  assert.match(messages[messages.length - 1].content.text, /todas as advertências \(1\)/i);
+  assert.match(messages[messages.length - 1].content.text, /Advertências restantes neste grupo: \*0\*/i);
+  await runAdminCommand({
+    command: 'warnings',
+    args: [TARGET_JID],
+    sock,
+  });
+  assert.match(messages[messages.length - 1].content.text, /não possui advertências/i);
+});
+test('clearwarn retorna uso ao receber quantidade inválida', async () => {
+  const { sock, messages } = createSockStub();
+  dbHarness.setGroupParticipants(GROUP_JID, [{ id: OWNER_JID, admin: 'admin' }]);
+  await runAdminCommand({
+    command: 'clearwarn',
+    args: [TARGET_JID, 'zero'],
+    sock,
+  });
+  assert.equal(messages.length, 1);
+  assert.match(messages[0].content.text, /Formato de uso/i);
+  assert.match(messages[0].content.text, /clearwarn/i);
+});
 test('premium exige admin principal e lista usuários quando autorizado', async () => {
   const texts = getAdminTextConfig();
   const denied = createSockStub();
@@ -306,7 +585,7 @@ test('premium exige admin principal e lista usuários quando autorizado', async
   assert.equal(denied.messages.length, 1);
   assert.equal(denied.messages[0].content.text, texts.owner_only_command_message);
-  dbHarness.setGroupConfig('system:premium_users', { premiumUsers: [TARGET_JID] });
+  dbHarness.setPremiumUsers([TARGET_JID]);
   const allowed = createSockStub();
   await runAdminCommand({
@@ -349,3 +628,90 @@ test('prefix atualiza, consulta status e reseta para padrão', async () => {
   });
   assert.equal(dbHarness.getGroupConfig(GROUP_JID).commandPrefix, null);
 });
+test('stickerallowance atualiza e consulta limite por janela', async () => {
+  const { sock, messages } = createSockStub();
+  dbHarness.setGroupParticipants(GROUP_JID, [{ id: OWNER_JID, admin: 'admin' }]);
+  await runAdminCommand({
+    command: 'stickerallowance',
+    args: ['4'],
+    sock,
+  });
+  const updatedConfig = dbHarness.getGroupConfig(GROUP_JID);
+  assert.equal(updatedConfig.stickerFocusMessageAllowance, 4);
+  assert.equal(updatedConfig.stickerFocusMessageAllowanceCount, 4);
+  await runAdminCommand({
+    command: 'stickerallowance',
+    args: ['status'],
+    sock,
+  });
+  assert.match(messages[messages.length - 1].content.text, /Limite atual de mensagens por usuário/i);
+  assert.match(messages[messages.length - 1].content.text, /\*4\*/);
+});
+test('noticiasfiltro aplica source/tag e trending no config do grupo', async () => {
+  const { sock } = createSockStub();
+  dbHarness.setGroupParticipants(GROUP_JID, [{ id: OWNER_JID, admin: 'admin' }]);
+  await runAdminCommand({
+    command: 'noticiasfiltro',
+    args: ['source', 'add', 'ann,mal'],
+    sock,
+  });
+  await runAdminCommand({
+    command: 'noticiasfiltro',
+    args: ['tag', 'add', 'shounen'],
+    sock,
+  });
+  await runAdminCommand({
+    command: 'noticiasfiltro',
+    args: ['trending', 'on'],
+    sock,
+  });
+  const updatedConfig = dbHarness.getGroupConfig(GROUP_JID);
+  assert.deepEqual(updatedConfig.newsSourceIds, ['ann', 'mal']);
+  assert.deepEqual(updatedConfig.newsEntitySlugs, ['shounen']);
+  assert.equal(updatedConfig.newsOnlyTrending, true);
+  assert.equal(updatedConfig.newsFilters.onlyTrending, true);
+});
+test('grupoaudit retorna resumo consolidado do grupo', async () => {
+  const { sock, messages } = createSockStub();
+  dbHarness.setGroupParticipants(GROUP_JID, [{ id: OWNER_JID, admin: 'admin' }]);
+  dbHarness.setGroupConfig(GROUP_JID, {
+    commandPrefix: '!',
+    nsfwEnabled: true,
+    autoStickerEnabled: false,
+    stickerFocusEnabled: true,
+    stickerFocusMessageCooldownMinutes: 30,
+    stickerFocusMessageAllowance: 3,
+    captchaEnabled: true,
+    autoApproveRequestsEnabled: false,
+    antilinkEnabled: true,
+    antilinkAllowedNetworks: ['youtube'],
+    antilinkAllowedDomains: ['example.com'],
+    newsEnabled: true,
+    newsSentIds: ['n1', 'n2'],
+    newsLastSentAt: '2026-03-18T00:00:00.000Z',
+    welcomeMessageEnabled: true,
+    farewellMessageEnabled: false,
+  });
+  await runAdminCommand({
+    command: 'grupoaudit',
+    args: [],
+    sock,
+  });
+  assert.equal(messages.length, 1);
+  assert.match(messages[0].content.text, /Auditoria do Grupo/i);
+  assert.match(messages[0].content.text, /Notícias enviadas: \*2\*/i);
+  assert.match(messages[0].content.text, /Antilink: \*ativado\*/i);
+});

package/app/modules/adminModule/groupWarningRepository.js ADDED Viewed

@@ -0,0 +1,152 @@
+import { executeQuery, TABLES } from '../../../database/index.js';
+const MAX_REASON_CHARS = 500;
+const DEFAULT_LIST_LIMIT = 20;
+const normalizeGroupId = (value) => {
+  const normalized = String(value || '')
+    .trim()
+    .slice(0, 255);
+  return normalized || null;
+};
+const normalizeParticipantJid = (value) => {
+  const normalized = String(value || '')
+    .trim()
+    .toLowerCase()
+    .slice(0, 255);
+  return normalized || null;
+};
+const normalizeReason = (value) => {
+  const normalized = String(value || '')
+    .replace(/\s+/g, ' ')
+    .trim()
+    .slice(0, MAX_REASON_CHARS);
+  return normalized || null;
+};
+const normalizeWarnByJid = (value) => {
+  const normalized = String(value || '')
+    .trim()
+    .toLowerCase()
+    .slice(0, 255);
+  return normalized || null;
+};
+const toPositiveInt = (value, fallback, min = 1, max = Number.MAX_SAFE_INTEGER) => {
+  const numeric = Number.parseInt(String(value ?? ''), 10);
+  if (!Number.isFinite(numeric) || numeric < min) return fallback;
+  return Math.max(min, Math.min(max, numeric));
+};
+export const addGroupWarning = async ({ groupId, participantJid, warnedByJid, reason = null } = {}) => {
+  const safeGroupId = normalizeGroupId(groupId);
+  const safeParticipantJid = normalizeParticipantJid(participantJid);
+  const safeWarnedByJid = normalizeWarnByJid(warnedByJid);
+  if (!safeGroupId || !safeParticipantJid) {
+    throw new Error('group_warning_invalid_target');
+  }
+  await executeQuery(
+    `INSERT INTO ${TABLES.GROUP_USER_WARNINGS}
+      (group_id, participant_jid, warned_by_jid, reason)
+      VALUES (?, ?, ?, ?)`,
+    [safeGroupId, safeParticipantJid, safeWarnedByJid, normalizeReason(reason)],
+  );
+  return true;
+};
+export const countGroupWarnings = async ({ groupId, participantJid } = {}) => {
+  const safeGroupId = normalizeGroupId(groupId);
+  const safeParticipantJid = normalizeParticipantJid(participantJid);
+  if (!safeGroupId || !safeParticipantJid) return 0;
+  const rows = await executeQuery(
+    `SELECT COUNT(*) AS total
+       FROM ${TABLES.GROUP_USER_WARNINGS}
+      WHERE group_id = ? AND participant_jid = ?`,
+    [safeGroupId, safeParticipantJid],
+  );
+  const total = Number(rows?.[0]?.total || 0);
+  return Number.isFinite(total) ? Math.max(0, Math.floor(total)) : 0;
+};
+export const listGroupWarnings = async ({ groupId, participantJid, limit = DEFAULT_LIST_LIMIT } = {}) => {
+  const safeGroupId = normalizeGroupId(groupId);
+  const safeParticipantJid = normalizeParticipantJid(participantJid);
+  const safeLimit = toPositiveInt(limit, DEFAULT_LIST_LIMIT, 1, 100);
+  if (!safeGroupId || !safeParticipantJid) return [];
+  const rows = await executeQuery(
+    `SELECT id, group_id, participant_jid, warned_by_jid, reason, created_at
+       FROM ${TABLES.GROUP_USER_WARNINGS}
+      WHERE group_id = ? AND participant_jid = ?
+      ORDER BY id DESC
+      LIMIT ?`,
+    [safeGroupId, safeParticipantJid, safeLimit],
+  );
+  return (Array.isArray(rows) ? rows : []).map((row) => ({
+    id: Number(row?.id || 0),
+    groupId: normalizeGroupId(row?.group_id),
+    participantJid: normalizeParticipantJid(row?.participant_jid),
+    warnedByJid: normalizeWarnByJid(row?.warned_by_jid),
+    reason: normalizeReason(row?.reason),
+    createdAt: row?.created_at || null,
+  }));
+};
+export const clearGroupWarnings = async ({ groupId, participantJid, clearAll = false, limit = 1 } = {}) => {
+  const safeGroupId = normalizeGroupId(groupId);
+  const safeParticipantJid = normalizeParticipantJid(participantJid);
+  const safeLimit = toPositiveInt(limit, 1, 1, 500);
+  if (!safeGroupId || !safeParticipantJid) {
+    return {
+      removedCount: 0,
+      remainingCount: 0,
+    };
+  }
+  const beforeCount = await countGroupWarnings({
+    groupId: safeGroupId,
+    participantJid: safeParticipantJid,
+  });
+  if (beforeCount <= 0) {
+    return {
+      removedCount: 0,
+      remainingCount: 0,
+    };
+  }
+  if (clearAll) {
+    await executeQuery(
+      `DELETE FROM ${TABLES.GROUP_USER_WARNINGS}
+        WHERE group_id = ? AND participant_jid = ?`,
+      [safeGroupId, safeParticipantJid],
+    );
+  } else {
+    await executeQuery(
+      `DELETE FROM ${TABLES.GROUP_USER_WARNINGS}
+        WHERE group_id = ? AND participant_jid = ?
+        ORDER BY id DESC
+        LIMIT ?`,
+      [safeGroupId, safeParticipantJid, safeLimit],
+    );
+  }
+  const remainingCount = await countGroupWarnings({
+    groupId: safeGroupId,
+    participantJid: safeParticipantJid,
+  });
+  return {
+    removedCount: Math.max(0, beforeCount - remainingCount),
+    remainingCount,
+  };
+};