npm - @omnizap-system/omnizap - Versions diffs - 2.6.1 → 2.6.3 - Mend

@omnizap-system/omnizap 2.6.1 → 2.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (172) hide show

package/.env.example +78 -9
package/.github/workflows/ci.yml +3 -3
package/.github/workflows/security-runner-hardening.yml +1 -1
package/.github/workflows/security-zap-full-scan.yml +1 -0
package/app/config/index.js +6 -0
package/app/configParts/adminIdentity.js +36 -7
package/app/configParts/baileysConfig.js +343 -56
package/app/configParts/groupUtils.js +226 -0
package/app/configParts/loggerConfig.js +185 -0
package/app/configParts/messagePersistenceService.js +307 -5
package/app/configParts/sessionConfig.js +242 -0
package/app/connection/baileysCompatibility.test.js +10 -1
package/app/connection/baileysDbAuthState.js +205 -9
package/app/connection/baileysLibsignalPatch.js +210 -0
package/app/connection/groupOwnerWriteStateResolver.js +141 -0
package/app/connection/socketController.js +694 -123
package/app/connection/socketController.multiSession.test.js +128 -0
package/app/controllers/messageController.js +1 -1
package/app/controllers/messagePipeline/commandMiddleware.js +12 -10
package/app/controllers/messagePipeline/conversationMiddleware.js +2 -1
package/app/controllers/messagePipeline/messagePipelineMiddlewares.test.js +104 -0
package/app/controllers/messagePipeline/preProcessingMiddlewares.js +96 -4
package/app/controllers/messageProcessingPipeline.js +90 -9
package/app/controllers/messageProcessingPipeline.test.js +202 -0
package/app/modules/adminModule/AGENT.md +1 -1
package/app/modules/adminModule/commandConfig.json +3318 -1347
package/app/modules/adminModule/groupCommandHandlers.js +856 -14
package/app/modules/adminModule/groupCommandHandlers.test.js +375 -9
package/app/modules/adminModule/groupWarningRepository.js +152 -0
package/app/modules/aiModule/AGENT.md +47 -30
package/app/modules/aiModule/aiConfigRuntime.js +1 -0
package/app/modules/aiModule/catCommand.js +132 -25
package/app/modules/aiModule/commandConfig.json +114 -28
package/app/modules/analyticsModule/messageAnalysisEventRepository.js +54 -6
package/app/modules/gameModule/AGENT.md +1 -1
package/app/modules/gameModule/commandConfig.json +29 -0
package/app/modules/menuModule/AGENT.md +1 -1
package/app/modules/menuModule/commandConfig.json +45 -10
package/app/modules/menuModule/menuCatalogService.js +190 -0
package/app/modules/menuModule/menuCommandUsageRepository.js +109 -0
package/app/modules/menuModule/menuDynamicService.js +511 -0
package/app/modules/menuModule/menuDynamicService.test.js +141 -0
package/app/modules/menuModule/menus.js +36 -5
package/app/modules/playModule/AGENT.md +10 -5
package/app/modules/playModule/commandConfig.json +74 -16
package/app/modules/playModule/playCommandConstants.js +13 -7
package/app/modules/playModule/playCommandCore.js +4 -6
package/app/modules/playModule/{playCommandYtDlpClient.js → playCommandMediaClient.js} +684 -332
package/app/modules/playModule/playConfigRuntime.js +5 -6
package/app/modules/playModule/playModuleCriticalFlows.test.js +44 -59
package/app/modules/quoteModule/AGENT.md +1 -1
package/app/modules/quoteModule/commandConfig.json +29 -0
package/app/modules/rpgPokemonModule/AGENT.md +1 -1
package/app/modules/rpgPokemonModule/commandConfig.json +29 -0
package/app/modules/statsModule/AGENT.md +1 -1
package/app/modules/statsModule/commandConfig.json +58 -0
package/app/modules/stickerModule/AGENT.md +1 -1
package/app/modules/stickerModule/commandConfig.json +145 -0
package/app/modules/stickerPackModule/AGENT.md +1 -1
package/app/modules/stickerPackModule/autoPackCollectorService.js +5 -1
package/app/modules/stickerPackModule/commandConfig.json +29 -0
package/app/modules/stickerPackModule/stickerAutoPackByTagsRuntime.js +1 -1
package/app/modules/stickerPackModule/stickerPackCommandHandlers.js +78 -57
package/app/modules/stickerPackModule/stickerPackService.js +13 -6
package/app/modules/systemMetricsModule/AGENT.md +1 -1
package/app/modules/systemMetricsModule/commandConfig.json +29 -0
package/app/modules/tiktokModule/AGENT.md +1 -1
package/app/modules/tiktokModule/commandConfig.json +29 -0
package/app/modules/userModule/AGENT.md +1 -1
package/app/modules/userModule/commandConfig.json +29 -0
package/app/modules/waifuPicsModule/AGENT.md +57 -27
package/app/modules/waifuPicsModule/commandConfig.json +87 -0
package/app/observability/metrics.js +136 -0
package/app/services/ai/commandConfigEnrichmentService.js +229 -47
package/app/services/ai/geminiService.js +131 -7
package/app/services/ai/geminiService.test.js +59 -2
package/app/services/ai/moduleAiHelpCoreService.js +33 -4
package/app/services/group/groupMetadataService.js +24 -1
package/app/services/infra/dbWriteQueue.js +51 -21
package/app/services/messaging/newsBroadcastService.js +843 -27
package/app/services/multiSession/assignmentBalancerService.js +452 -0
package/app/services/multiSession/groupOwnershipRepository.js +346 -0
package/app/services/multiSession/groupOwnershipService.js +809 -0
package/app/services/multiSession/groupOwnershipService.test.js +317 -0
package/app/services/multiSession/sessionRegistryService.js +239 -0
package/app/store/aiPromptStore.js +36 -19
package/app/store/groupConfigStore.js +41 -5
package/app/store/premiumUserStore.js +21 -7
package/app/utils/antiLink/antiLinkModule.js +391 -25
package/app/workers/aiHelperContinuousLearningWorker.js +512 -0
package/database/index.js +6 -0
package/database/migrations/20260307_d0_hardening_down.sql +1 -1
package/database/migrations/20260314_d7_canonical_sender_down.sql +1 -1
package/database/migrations/20260406_d30_security_analytics_down.sql +1 -1
package/database/migrations/20260411_d35_group_community_metadata_down.sql +59 -0
package/database/migrations/20260411_d35_group_community_metadata_up.sql +62 -0
package/database/migrations/20260412_d36_system_config_tables_down.sql +32 -0
package/database/migrations/20260412_d36_system_config_tables_up.sql +66 -0
package/database/migrations/20260413_d37_group_user_warnings_down.sql +11 -0
package/database/migrations/20260413_d37_group_user_warnings_up.sql +24 -0
package/database/migrations/20260414_d38_multi_session_foundation_down.sql +72 -0
package/database/migrations/20260414_d38_multi_session_foundation_up.sql +125 -0
package/database/migrations/20260414_d39_multi_session_cutover_down.sql +103 -0
package/database/migrations/20260414_d39_multi_session_cutover_up.sql +83 -0
package/database/schema.sql +102 -1
package/docker-compose.yml +4 -1
package/docs/compliance/acceptable-use-policy-2026-03-07.md +1 -1
package/docs/compliance/privacy-policy-2026-03-07.md +2 -2
package/docs/security/dsar-lgpd-runbook-2026-03-07.md +1 -1
package/docs/security/network-hardening-runbook-2026-03-07.md +53 -0
package/docs/security/omnizap-static-security-headers.conf +25 -0
package/ecosystem.prod.config.cjs +31 -11
package/index.js +52 -18
package/observability/alert-rules.yml +20 -0
package/observability/grafana/dashboards/omnizap-system-admin.json +229 -0
package/observability/mysql-setup.sql +4 -4
package/observability/system-admin-observability.md +26 -0
package/package.json +14 -6
package/public/comandos/commands-catalog.json +2253 -78
package/public/css/payments-react.css +478 -0
package/public/js/apps/commandsReactApp.js +267 -87
package/public/js/apps/createPackApp.js +3 -3
package/public/js/apps/homeReactApp.js +2 -2
package/public/js/apps/paymentsCancelReactApp.js +45 -0
package/public/js/apps/paymentsReactApp.js +399 -0
package/public/js/apps/paymentsSuccessReactApp.js +148 -0
package/public/js/apps/stickersApp.js +255 -103
package/public/js/apps/termsReactApp.js +57 -8
package/public/js/apps/userPasswordResetReactApp.js +406 -0
package/public/js/apps/userReactApp.js +96 -47
package/public/js/apps/userSystemAdmReactApp.js +1506 -0
package/public/pages/pagamentos-cancelado.html +21 -0
package/public/pages/pagamentos-sucesso.html +21 -0
package/public/pages/pagamentos.html +30 -0
package/public/pages/politica-de-privacidade.html +1 -1
package/public/pages/stickers.html +5 -5
package/public/pages/termos-de-uso-texto-integral.html +1 -1
package/public/pages/termos-de-uso.html +1 -1
package/public/pages/user-password-reset.html +3 -4
package/public/pages/user-systemadm.html +8 -462
package/public/pages/user.html +1 -1
package/scripts/clear-whatsapp-session.sh +123 -0
package/scripts/core-ai-mode.mjs +163 -0
package/scripts/deploy.sh +13 -0
package/scripts/enrich-command-config-ux-openai.mjs +492 -0
package/scripts/generate-commands-catalog.mjs +155 -0
package/scripts/new-whatsapp-session.sh +564 -0
package/scripts/security-web-surface-check.mjs +218 -0
package/server/controllers/admin/adminPanelHandlers.js +253 -3
package/server/controllers/admin/systemAdminController.js +254 -0
package/server/controllers/payments/paymentsController.js +731 -0
package/server/controllers/sticker/stickerCatalogController.js +9 -23
package/server/controllers/system/contactController.js +9 -17
package/server/controllers/system/stickerCatalogSystemContext.js +27 -6
package/server/controllers/system/systemController.js +228 -1
package/server/controllers/userController.js +6 -0
package/server/email/emailAutomationRuntime.js +36 -1
package/server/email/emailAutomationService.js +42 -1
package/server/email/emailTemplateService.js +140 -33
package/server/http/httpRequestUtils.js +18 -14
package/server/http/httpServer.js +8 -4
package/server/middleware/securityHeaders.js +35 -3
package/server/routes/admin/systemAdminRouter.js +6 -0
package/server/routes/indexRouter.js +50 -6
package/server/routes/observability/grafanaProxyRouter.js +254 -0
package/server/routes/payments/paymentsRouter.js +47 -0
package/server/routes/static/staticPageRouter.js +30 -1
package/server/utils/publicContact.js +31 -0
package/utils/whatsapp/contactEnv.js +39 -0
package/vite.config.mjs +5 -1
package/app/modules/playModule/local/installYtDlp.js +0 -25
package/app/modules/playModule/local/ytDlpInstaller.js +0 -28

package/app/controllers/messageProcessingPipeline.js CHANGED Viewed

@@ -4,7 +4,7 @@ import 'dotenv/config';
 import { isAdminCommand } from '../modules/adminModule/groupCommandHandlers.js';
 import { explicarComandoGlobal, registerGlobalHelpCommandExecution } from '../services/ai/globalModuleAiHelpService.js';
 import { extractSupportedStickerMediaDetails, processSticker } from '../modules/stickerModule/stickerCommand.js';
-import { detectAllMediaTypes, extractMessageContent, getExpiration, getJidServer, isGroupJid, isStatusJid, isSameJidUser, normalizeJid, normalizeWAPresence, resolveBotJid, extractSenderInfoFromMessage, resolveUserId, resolveAddressingModeFromMessageKey, resolveCanonicalWhatsAppJid, parseEnvBool, parseEnvInt } from '../config/index.js';
+import { detectAllMediaTypes, extractMessageContent, getExpiration, getJidServer, isGroupJid, isStatusJid, isSameJidUser, normalizeJid, normalizeWAPresence, resolveBotJid, extractSenderInfoFromMessage, resolveUserId, resolveAddressingModeFromMessageKey, resolveCanonicalWhatsAppJid, parseEnvBool, parseEnvInt, getMultiSessionRuntimeConfig } from '../config/index.js';
 import { isUserAdmin } from '../config/index.js';
 import { isAdminSenderAsync } from '../config/index.js';
 import { executeQuery, TABLES } from '../../database/index.js';
@@ -20,6 +20,7 @@ import { createMessageAnalysisEvent } from '../modules/analyticsModule/messageAn
 import { routeConversationMessage } from '../services/ai/conversationRouterService.js';
 import { executeMessageCommandRoute, isKnownNonAdminCommand } from '../services/ai/messageCommandExecutionService.js';
 import { canSendMessageInStickerFocus, registerMessageUsageInStickerFocus, resolveStickerFocusMessageClassification, resolveStickerFocusState, shouldSendStickerFocusWarning } from '../services/sticker/stickerFocusService.js';
+import { getOwner as getGroupOwner } from '../services/multiSession/groupOwnershipService.js';
 import { createPreProcessingMiddlewares } from './messagePipeline/preProcessingMiddlewares.js';
 import { createConversationMiddleware } from './messagePipeline/conversationMiddleware.js';
 import { createCommandMiddleware } from './messagePipeline/commandMiddleware.js';
@@ -41,13 +42,28 @@ const MESSAGE_REPLY_PRESENCE_BEFORE = normalizeWAPresence(process.env.MESSAGE_RE
 const MESSAGE_REPLY_PRESENCE_AFTER = normalizeWAPresence(process.env.MESSAGE_REPLY_PRESENCE_AFTER, 'paused');
 const MESSAGE_REPLY_PRESENCE_DELAY_MS = parseEnvInt(process.env.MESSAGE_REPLY_PRESENCE_DELAY_MS, 280, 0, 3_000);
 const MESSAGE_REPLY_PRESENCE_SUBSCRIBE = parseEnvBool(process.env.MESSAGE_REPLY_PRESENCE_SUBSCRIBE, true);
+const CONVERSATIONAL_AUTO_REPLY_ENABLED = parseEnvBool(process.env.CONVERSATIONAL_AUTO_REPLY_ENABLED, false);
 const WHATSAPP_COMMAND_REQUIRES_GOOGLE_LOGIN = parseEnvBool(process.env.WHATSAPP_COMMAND_REQUIRES_GOOGLE_LOGIN, true);
+const WHATSAPP_ALLOW_SELF_COMMANDS_ON_APPEND = parseEnvBool(process.env.WHATSAPP_ALLOW_SELF_COMMANDS_ON_APPEND, true);
 const SITE_ORIGIN =
   String(process.env.SITE_ORIGIN || process.env.WHATSAPP_LOGIN_BASE_URL || 'https://omnizap.shop')
     .trim()
     .replace(/\/+$/, '') || 'https://omnizap.shop';
 const SITE_LOGIN_URL = `${SITE_ORIGIN}/login/`;
 const SITE_GROUP_LOGIN_URL = `${SITE_ORIGIN}/login`;
+const MULTI_SESSION_RUNTIME_CONFIG = getMultiSessionRuntimeConfig();
+const PRIMARY_SESSION_ID = String(MULTI_SESSION_RUNTIME_CONFIG?.primarySessionId || 'default').trim() || 'default';
+const VALID_SESSION_IDS = new Set(Array.isArray(MULTI_SESSION_RUNTIME_CONFIG?.sessionIds) ? MULTI_SESSION_RUNTIME_CONFIG.sessionIds : [PRIMARY_SESSION_ID]);
+const GROUP_OWNER_ENFORCEMENT_MODE = String(MULTI_SESSION_RUNTIME_CONFIG?.ownerEnforcementMode || 'off')
+  .trim()
+  .toLowerCase();
+const normalizeSessionId = (sessionId) => {
+  const normalized = String(sessionId || '').trim();
+  if (!normalized) return PRIMARY_SESSION_ID;
+  if (VALID_SESSION_IDS.has(normalized)) return normalized;
+  return PRIMARY_SESSION_ID;
+};
 let messageAnalyticsTableMissingLogged = false;
 const recentCommandExecutions = new Map();
@@ -170,7 +186,7 @@ const maybeHandleStartLoginMessage = async ({ sock, messageInfo, extractedText,
   if (isGroupMessage) {
     await sendReply(sock, remoteJid, messageInfo, expirationMessage, {
-      text: 'Por seguranca, envie *iniciar* no privado do bot para receber seu link de login.',
+      text: '🔐 *Segurança dos seus dados*\n\n' + 'Para proteger sua conta, o acesso é feito apenas no *privado*.\n' + 'Envie *iniciar* no chat privado do bot para receber seu link de login seguro.\n\n' + '⚠️ Por segurança, não enviamos links de acesso em grupos.',
     });
     return true;
   }
@@ -199,7 +215,7 @@ const maybeHandleStartLoginMessage = async ({ sock, messageInfo, extractedText,
   const safeName = String(senderName || '').trim();
   const greeting = safeName ? `Oi, *${safeName}*!` : 'Oi!';
   await sendReply(sock, remoteJid, messageInfo, expirationMessage, {
-    text: `${greeting}\n\n` + 'Para continuar no OmniZap, faca login com Google neste link:\n' + `${loginUrl}\n\n` + 'Seu numero do WhatsApp sera vinculado automaticamente a conta logada.',
+    text: `${greeting}\n\n` + '🚀 *Bem-vindo ao OmniZap!*\n\n' + 'Para continuar, faça login com sua conta *Google* no link abaixo:\n\n' + `${loginUrl}\n\n` + '🔐 Seu número do WhatsApp será vinculado automaticamente à conta após o login.\n' + '⚠️ Use apenas este link e não compartilhe com outras pessoas.',
   });
   return true;
@@ -374,7 +390,7 @@ const ensureUserHasGoogleWebLoginForCommand = async ({ sock, messageInfo, sender
   }
   const loginUrl = isGroupMessage ? SITE_GROUP_LOGIN_URL : buildSiteLoginUrlForUser(resolvedCanonicalUserId || senderJid);
-  const loginMessage = isGroupMessage ? `Para usar os comandos do bot, você precisa estar logado no site com sua conta Google.\n\nAcesse:\n${loginUrl}` : `Para usar os comandos do bot, você precisa estar logado no site com sua conta Google.\n\nCadastre-se / faça login em:\n${loginUrl}\n\nDepois volte aqui e envie o comando novamente (ex.: ${commandPrefix}menu).`;
+  const loginMessage = isGroupMessage ? '🔐 *Login necessário*\n\n' + 'Para usar os comandos do bot, você precisa estar logado com sua conta *Google*.\n\n' + 'Acesse o link abaixo para entrar:\n' + `${loginUrl}\n\n` + '⚠️ Por segurança, recomendamos abrir o link no privado.' : '🔐 *Login necessário*\n\n' + 'Para usar os comandos do bot, faça login com sua conta *Google* no link abaixo:\n\n' + `${loginUrl}\n\n` + '✅ Após entrar, volte aqui e envie o comando novamente\n' + `(ex.: *${commandPrefix}menu*).`;
   await sendReply(sock, remoteJid, messageInfo, expirationMessage, {
     text: loginMessage,
@@ -459,6 +475,43 @@ const resolveSenderOwnerForContext = async (ctx) => {
   return ctx.memo.senderOwnerPromise;
 };
+const resolveGroupOwnerForContext = async (ctx, { bypassCache = false } = {}) => {
+  if (!ctx.isGroupMessage) return null;
+  if (!bypassCache && ctx.memo.groupOwnerPromise) {
+    return ctx.memo.groupOwnerPromise;
+  }
+  const fetchOwnerPromise = (async () => {
+    try {
+      const ownerState = await getGroupOwner(ctx.remoteJid, { bypassCache });
+      const ownerSessionId = String(ownerState?.ownerSessionId || '').trim() || null;
+      ctx.ownerSessionId = ownerSessionId;
+      mergeAnalysisMetadata(ctx.analysisPayload, {
+        owner_session_id: ownerSessionId,
+      });
+      return ownerState;
+    } catch (error) {
+      logger.warn('Falha ao resolver owner de grupo para roteamento de sessão.', {
+        action: 'group_owner_resolution_failed',
+        sessionId: ctx.sessionId,
+        groupId: ctx.remoteJid,
+        error: error?.message,
+      });
+      ctx.ownerSessionId = null;
+      mergeAnalysisMetadata(ctx.analysisPayload, {
+        owner_resolution_error: String(error?.code || error?.name || 'lookup_failed')
+          .trim()
+          .toLowerCase(),
+      });
+      return null;
+    }
+  })();
+  ctx.memo.groupOwnerPromise = fetchOwnerPromise;
+  return fetchOwnerPromise;
+};
 const resolveHasGoogleLoginForContext = async (ctx) => {
   if (ctx.isMessageFromBot || !WHATSAPP_COMMAND_REQUIRES_GOOGLE_LOGIN) {
     return undefined;
@@ -476,10 +529,11 @@ const resolveHasGoogleLoginForContext = async (ctx) => {
   return ctx.memo.hasGoogleLoginPromise;
 };
-const createMessagePipelineContext = async ({ messageInfo, upsertType, isNotifyUpsert, sock }) => {
+const createMessagePipelineContext = async ({ messageInfo, upsertType, isNotifyUpsert, sock, sessionId }) => {
   const key = messageInfo?.key || {};
   const remoteJid = key?.remoteJid;
   if (!remoteJid) return null;
+  const normalizedSessionId = normalizeSessionId(sessionId);
   const isGroupMessage = isGroupJid(remoteJid);
   const extractedText = extractMessageContent(messageInfo);
@@ -505,6 +559,7 @@ const createMessagePipelineContext = async ({ messageInfo, upsertType, isNotifyU
     .slice(0, 10);
   const analysisPayload = {
+    sessionId: normalizedSessionId,
     messageId: key?.id || null,
     chatId: remoteJid || null,
     senderId: senderJid || null,
@@ -530,6 +585,8 @@ const createMessagePipelineContext = async ({ messageInfo, upsertType, isNotifyU
       upsert_type: upsertType,
       is_notify_upsert: isNotifyUpsert,
       is_history_append: upsertType === 'append',
+      session_id: normalizedSessionId,
+      owner_session_id: null,
       addressing_mode: addressingMode || null,
       participant_alt: key?.participantAlt || null,
       remote_jid_alt: key?.remoteJidAlt || null,
@@ -550,6 +607,8 @@ const createMessagePipelineContext = async ({ messageInfo, upsertType, isNotifyU
     botJidCandidates,
     botJid,
     isMessageFromBot,
+    sessionId: normalizedSessionId,
+    ownerSessionId: null,
     commandPrefix: DEFAULT_COMMAND_PREFIX,
     groupConfig: null,
     groupConfigLoaded: false,
@@ -564,7 +623,7 @@ const createMessagePipelineContext = async ({ messageInfo, upsertType, isNotifyU
   };
 };
-const { touchSenderLastSeenMiddleware, ignoreUnprocessableMessageMiddleware, applyGroupPolicyMiddleware, resolveCaptchaMiddleware, handleStartLoginTriggerMiddleware, detectCommandIntentMiddleware, applyStickerFocusMiddleware } = createPreProcessingMiddlewares({
+const { touchSenderLastSeenMiddleware, ignoreUnprocessableMessageMiddleware, enforceGroupOwnerMiddleware, applyGroupPolicyMiddleware, resolveCaptchaMiddleware, handleStartLoginTriggerMiddleware, detectCommandIntentMiddleware, applyStickerFocusMiddleware } = createPreProcessingMiddlewares({
   executeQuery,
   TABLES,
   isStatusJid,
@@ -577,6 +636,10 @@ const { touchSenderLastSeenMiddleware, ignoreUnprocessableMessageMiddleware, app
   ensureGroupConfigForContext,
   resolveStickerFocusState,
   resolveStickerFocusMessageClassification,
+  resolveGroupOwnerForContext,
+  ownerEnforcementMode: GROUP_OWNER_ENFORCEMENT_MODE,
+  primarySessionId: PRIMARY_SESSION_ID,
+  allowSelfCommandsOnAppend: WHATSAPP_ALLOW_SELF_COMMANDS_ON_APPEND,
   resolveSenderAdminForContext,
   isUserAdmin,
   canSendMessageInStickerFocus,
@@ -605,6 +668,7 @@ const routeConversationMiddleware = createConversationMiddleware({
   sendReply,
   routeConversationMessage,
   stopMessagePipeline,
+  conversationAutoReplyEnabled: CONVERSATIONAL_AUTO_REPLY_ENABLED,
 });
 const executeCommandMiddleware = createCommandMiddleware({
@@ -642,7 +706,7 @@ const runPostProcessingMiddleware = createPostProcessingMiddleware({
   normalizeAnalysisErrorCode,
 });
-const MESSAGE_PIPELINE_MIDDLEWARES = [touchSenderLastSeenMiddleware, ignoreUnprocessableMessageMiddleware, applyGroupPolicyMiddleware, resolveCaptchaMiddleware, handleStartLoginTriggerMiddleware, detectCommandIntentMiddleware, applyStickerFocusMiddleware, routeConversationMiddleware, executeCommandMiddleware, runPostProcessingMiddleware];
+const MESSAGE_PIPELINE_MIDDLEWARES = [touchSenderLastSeenMiddleware, ignoreUnprocessableMessageMiddleware, enforceGroupOwnerMiddleware, applyGroupPolicyMiddleware, resolveCaptchaMiddleware, handleStartLoginTriggerMiddleware, detectCommandIntentMiddleware, applyStickerFocusMiddleware, routeConversationMiddleware, executeCommandMiddleware, runPostProcessingMiddleware];
 const runMessagePipeline = async (ctx) => {
   for (const middleware of MESSAGE_PIPELINE_MIDDLEWARES) {
@@ -657,7 +721,8 @@ const runMessagePipeline = async (ctx) => {
  *
  * @param {Object} update - Objeto contendo a atualização do WhatsApp.
  */
-export const handleMessagesThroughPipeline = async (update, sock) => {
+export const handleMessagesThroughPipeline = async (update, sock, options = {}) => {
+  const sessionId = normalizeSessionId(options?.sessionId);
   if (update.messages && Array.isArray(update.messages)) {
     try {
       const upsertType = update?.type || null;
@@ -669,6 +734,7 @@ export const handleMessagesThroughPipeline = async (update, sock) => {
           upsertType,
           isNotifyUpsert,
           sock,
+          sessionId,
         });
         if (!context) continue;
@@ -678,19 +744,34 @@ export const handleMessagesThroughPipeline = async (update, sock) => {
           context.analysisPayload.processingResult = 'error';
           context.analysisPayload.errorCode = normalizeAnalysisErrorCode(messageError);
           logger.error('Erro ao processar mensagem individual:', {
+            sessionId,
+            ownerSessionId: context.ownerSessionId || null,
             error: messageError?.message,
             messageId: context.key?.id || null,
             remoteJid: context.remoteJid,
           });
         } finally {
+          logger.debug('Mensagem processada pelo pipeline.', {
+            action: 'message_pipeline_processed',
+            sessionId: context.sessionId,
+            ownerSessionId: context.ownerSessionId || null,
+            messageId: context.key?.id || null,
+            remoteJid: context.remoteJid,
+            result: context.analysisPayload.processingResult,
+            isCommand: context.analysisPayload.isCommand,
+          });
           persistMessageAnalysisEvent(context.analysisPayload);
         }
       }
     } catch (error) {
-      logger.error('Erro ao processar mensagens:', error?.message);
+      logger.error('Erro ao processar mensagens:', {
+        sessionId,
+        error: error?.message,
+      });
     }
   } else {
     logger.info('🔄 Processando evento recebido:', {
+      sessionId,
       eventType: update?.type || 'unknown',
       eventData: update,
     });

package/app/controllers/messageProcessingPipeline.test.js ADDED Viewed

@@ -0,0 +1,202 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { createPreProcessingMiddlewares } from './messagePipeline/preProcessingMiddlewares.js';
+import { createCommandMiddleware } from './messagePipeline/commandMiddleware.js';
+const createContext = (overrides = {}) => ({
+  sock: {},
+  messageInfo: { key: { id: 'msg-1' }, message: { conversation: '/menu' } },
+  key: { id: 'msg-1' },
+  remoteJid: '120363111111111111@g.us',
+  isGroupMessage: true,
+  extractedText: '/menu',
+  senderJid: '5511999999999@s.whatsapp.net',
+  senderIdentity: '5511999999999@s.whatsapp.net',
+  senderName: 'Tester',
+  expirationMessage: 0,
+  botJid: '5511888888888@s.whatsapp.net',
+  isMessageFromBot: false,
+  commandPrefix: '/',
+  mediaEntries: [],
+  upsertType: 'notify',
+  isNotifyUpsert: true,
+  sessionId: 'session-a',
+  ownerSessionId: null,
+  isCommandMessage: false,
+  hasCommandPrefix: false,
+  pipelineStopped: false,
+  analysisPayload: {
+    processingResult: 'processed',
+    errorCode: null,
+    metadata: {},
+    isCommand: false,
+    commandPrefix: '/',
+    commandName: null,
+    commandArgsCount: 0,
+    commandKnown: null,
+  },
+  ...overrides,
+});
+const createStopMessagePipeline =
+  () =>
+  (ctx, processingResult = '', metadataPatch = null) => {
+    if (processingResult) {
+      ctx.analysisPayload.processingResult = processingResult;
+    }
+    if (metadataPatch) {
+      ctx.analysisPayload.metadata = {
+        ...(ctx.analysisPayload.metadata || {}),
+        ...(metadataPatch || {}),
+      };
+    }
+    ctx.pipelineStopped = true;
+    return { stop: true };
+  };
+const mergeAnalysisMetadata = (analysisPayload, patch) => {
+  analysisPayload.metadata = {
+    ...(analysisPayload.metadata || {}),
+    ...(patch || {}),
+  };
+};
+const createSharedCommandDedupe = () => {
+  const cache = new Map();
+  return {
+    isDuplicateCommandExecution: (chatId, messageId) => cache.has(`${chatId}:${messageId}`),
+    markCommandExecution: (chatId, messageId) => {
+      cache.set(`${chatId}:${messageId}`, true);
+    },
+  };
+};
+const createCommandMiddlewareForTest = ({ executeRouteSpy, dedupe }) =>
+  createCommandMiddleware({
+    isAdminCommand: () => false,
+    isKnownNonAdminCommand: () => true,
+    isDuplicateCommandExecution: dedupe.isDuplicateCommandExecution,
+    markCommandExecution: dedupe.markCommandExecution,
+    MESSAGE_COMMAND_DEDUPE_TTL_MS: 120_000,
+    stopMessagePipeline: createStopMessagePipeline(),
+    WHATSAPP_COMMAND_REQUIRES_GOOGLE_LOGIN: false,
+    resolveCanonicalSenderJidForContext: async () => '5511999999999@s.whatsapp.net',
+    ensureUserHasGoogleWebLoginForCommand: async () => ({ allowed: true }),
+    SITE_LOGIN_URL: 'https://omnizap.shop/login',
+    COMMAND_REACT_EMOJI: '',
+    sendAndStore: async () => {},
+    executeMessageCommandRoute: async (payload) => {
+      executeRouteSpy.push(payload);
+      return {
+        commandRoute: payload.command || 'menu',
+        commandResult: { ok: true },
+      };
+    },
+    runCommand: async (_label, handler) => {
+      try {
+        await handler();
+        return { ok: true };
+      } catch (error) {
+        return { ok: false, error };
+      }
+    },
+    sendReply: async () => {},
+    registerGlobalHelpCommandExecution: async () => {},
+    logger: { warn: () => {} },
+    normalizeAnalysisErrorCode: () => 'processing_error',
+    resolveSenderAdminForContext: async () => false,
+    isUserAdmin: async () => false,
+    buildCommandErrorHelpText: async () => '',
+    mergeAnalysisMetadata,
+  });
+test('messageProcessingPipeline: com owner enforcement ativo, apenas owner executa comando no grupo', async () => {
+  const pre = createPreProcessingMiddlewares({
+    executeQuery: async () => [],
+    TABLES: { RPG_PLAYER: 'rpg_player' },
+    isStatusJid: () => false,
+    stopMessagePipeline: createStopMessagePipeline(),
+    handleAntiLink: async () => false,
+    ensureCommandPrefixForContext: async () => '/',
+    resolveCaptchaByMessage: async () => {},
+    maybeHandleStartLoginMessage: async () => false,
+    mergeAnalysisMetadata,
+    ensureGroupConfigForContext: async () => ({}),
+    resolveStickerFocusState: () => ({ enabled: false }),
+    resolveStickerFocusMessageClassification: () => ({ isThrottleCandidate: false }),
+    resolveGroupOwnerForContext: async (ctx) => {
+      ctx.ownerSessionId = 'session-a';
+      return { ownerSessionId: 'session-a', assignmentVersion: 7 };
+    },
+    ownerEnforcementMode: 'enforce',
+    primarySessionId: 'session-a',
+    resolveSenderAdminForContext: async () => false,
+    isUserAdmin: async () => false,
+    canSendMessageInStickerFocus: () => ({ allowed: true, remainingMs: 0 }),
+    registerMessageUsageInStickerFocus: () => {},
+    shouldSendStickerFocusWarning: () => false,
+    sendReply: async () => {},
+    formatStickerFocusRuleLabel: () => '',
+    formatRemainingMinutesLabel: () => 1,
+    logger: { warn: () => {}, info: () => {} },
+  });
+  const executeRouteSpy = [];
+  const dedupe = createSharedCommandDedupe();
+  const commandMiddleware = createCommandMiddlewareForTest({ executeRouteSpy, dedupe });
+  const ownerCtx = createContext({
+    sessionId: 'session-a',
+    key: { id: 'msg-shared' },
+    messageInfo: { key: { id: 'msg-shared' }, message: { conversation: '/menu' } },
+  });
+  const nonOwnerCtx = createContext({
+    sessionId: 'session-b',
+    key: { id: 'msg-shared' },
+    messageInfo: { key: { id: 'msg-shared' }, message: { conversation: '/menu' } },
+  });
+  await pre.enforceGroupOwnerMiddleware(ownerCtx);
+  await pre.detectCommandIntentMiddleware(ownerCtx);
+  await commandMiddleware(ownerCtx);
+  const blockedResult = await pre.enforceGroupOwnerMiddleware(nonOwnerCtx);
+  assert.deepEqual(blockedResult, { stop: true });
+  await pre.detectCommandIntentMiddleware(nonOwnerCtx);
+  if (!nonOwnerCtx.pipelineStopped) {
+    await commandMiddleware(nonOwnerCtx);
+  }
+  assert.equal(executeRouteSpy.length, 1);
+  assert.equal(ownerCtx.analysisPayload.processingResult, 'command_executed');
+  assert.equal(nonOwnerCtx.analysisPayload.processingResult, 'blocked_group_owner_enforcement');
+});
+test('messageProcessingPipeline: dedupe de comando por chat+message impede execução dupla em duas sessões', async () => {
+  const executeRouteSpy = [];
+  const dedupe = createSharedCommandDedupe();
+  const commandMiddleware = createCommandMiddlewareForTest({ executeRouteSpy, dedupe });
+  const firstCtx = createContext({
+    sessionId: 'session-a',
+    isCommandMessage: true,
+    hasCommandPrefix: true,
+    key: { id: 'dup-msg-1' },
+    messageInfo: { key: { id: 'dup-msg-1' }, message: { conversation: '/menu' } },
+  });
+  const secondCtx = createContext({
+    sessionId: 'session-b',
+    isCommandMessage: true,
+    hasCommandPrefix: true,
+    key: { id: 'dup-msg-1' },
+    messageInfo: { key: { id: 'dup-msg-1' }, message: { conversation: '/menu' } },
+  });
+  await commandMiddleware(firstCtx);
+  await commandMiddleware(secondCtx);
+  assert.equal(executeRouteSpy.length, 1);
+  assert.equal(firstCtx.analysisPayload.processingResult, 'command_executed');
+  assert.equal(secondCtx.analysisPayload.processingResult, 'duplicate_command_ignored');
+});

package/app/modules/adminModule/AGENT.md CHANGED Viewed

@@ -7,7 +7,7 @@ Este arquivo e destinado a agentes de IA para gerar respostas no contexto dos co
 - arquivo_base: `app/modules/adminModule/commandConfig.json`
 - schema_version: `2.0.0`
 - module_enabled: `true`
-- generated_at: `2026-03-11T02:35:17.177Z`
+- generated_at: `2026-03-17T04:04:14.195Z`
 ## Escopo do Modulo