cdp-edge 1.17.0 → 1.18.1

package/extracted-skill/tracking-events-generator/agents/youtube-agent.md

@@ -89,39 +89,152 @@ const _gbraid = _urlParams.get('gbraid') || '';  // App campaigns (privacy)
 **ATENÇÃO wbraid/gbraid**: São os click IDs para campanhas YouTube em iOS (pós ATT).
 Nunca hashear — enviar como texto plano para Google Ads API.
 
-### 2. Rastreamento de vídeo YouTube na página
+### 2. Rastreamento de vídeo YouTube na página — YouTube IFrame API
 
-O `behavior-engine.js` já implementa rastreamento de vídeos via YouTube IFrame API.
 Para usar, o iframe deve ter `enablejsapi=1`:
 
 ```html
-<!-- Embed YouTube com JS API habilitada -->
+<!-- Embed YouTube com JS API habilitada (obrigatório) -->
 <iframe
   id="video-tour-imovel"
-  src="https://www.youtube.com/embed/VIDEO_ID?enablejsapi=1"
+  src="https://www.youtube.com/embed/VIDEO_ID?enablejsapi=1&origin=https://seudominio.com.br"
   allow="autoplay"
 ></iframe>
 ```
 
-O BehaviorEngine detecta automaticamente e dispara via `cdpTrack.track()`:
-- `video_milestone` com `percent: 25, 50, 75, 100`
-- Score: +10 (25%), +15 (50%), +25 (75%/100%)
+#### Implementação real do YouTube IFrame API listener
+
+```javascript
+/**
+ * YouTube IFrame API Listener — injeta no behavior-engine.js ou tracking.js
+ * Rastreia: video_start, video_25, video_50, video_75, video_complete
+ * Dispara via cdpTrack.track() para o Worker → GA4 MP + demais plataformas
+ */
+
+// Carregar YouTube IFrame API (uma vez por página)
+(function initYouTubeTracking() {
+  if (window._ytTrackingInitialized) return;
+  window._ytTrackingInitialized = true;
+
+  // Mapa de iframes já trackeados
+  const trackedPlayers = new Map();
+
+  // Injetar API script do YouTube (não carrega 2x se já existe)
+  if (!document.getElementById('youtube-iframe-api')) {
+    const tag = document.createElement('script');
+    tag.id  = 'youtube-iframe-api';
+    tag.src = 'https://www.youtube.com/iframe_api';
+    document.head.appendChild(tag);
+  }
+
+  // Callback global chamado pelo YouTube quando API estiver pronta
+  window.onYouTubeIframeAPIReady = function() {
+    // Auto-detectar todos os iframes com enablejsapi=1
+    document.querySelectorAll('iframe[src*="youtube.com/embed"]').forEach(iframe => {
+      if (trackedPlayers.has(iframe.id)) return;
+
+      const videoTitle = iframe.title || iframe.id || 'YouTube Video';
+
+      const player = new YT.Player(iframe.id, {
+        events: {
+          onStateChange: (event) => handlePlayerStateChange(event, player, videoTitle),
+          onReady:       (event) => handlePlayerReady(event, player, videoTitle)
+        }
+      });
+
+      trackedPlayers.set(iframe.id, { player, milestone: new Set() });
+    });
+  };
+
+  // Se API já carregada (SPA reload), inicializar diretamente
+  if (typeof YT !== 'undefined' && YT.Player) {
+    window.onYouTubeIframeAPIReady();
+  }
+
+  function handlePlayerReady(event, player, videoTitle) {
+    // Iniciar polling de progresso
+    const iframeId = player.getIframe().id;
+    const state = trackedPlayers.get(iframeId);
+
+    const interval = setInterval(() => {
+      if (!player.getDuration) return;
+      const duration = player.getDuration();
+      const current  = player.getCurrentTime();
+      if (duration <= 0) return;
+
+      const percent = Math.floor((current / duration) * 100);
+
+      // Disparar milestones: 25, 50, 75 (100% é coberto pelo estado ENDED)
+      const milestoneEvents = { 25: 'video_25', 50: 'video_50', 75: 'video_75' };
+      [25, 50, 75].forEach(milestone => {
+        if (percent >= milestone && !state.milestone.has(milestone)) {
+          state.milestone.add(milestone);
+
+          window.cdpTrack?.track(milestoneEvents[milestone], {
+            content_name:   videoTitle,
+            video_percent:  milestone,
+            video_duration: Math.round(duration),
+            video_provider: 'youtube',
+            value:          0,
+            currency:       'BRL'
+          });
+        }
+      });
+    }, 1000); // checar a cada 1s
+
+    state.progressInterval = interval;
+  }
+
+  function handlePlayerStateChange(event, player, videoTitle) {
+    const iframeId = player.getIframe().id;
+    const state    = trackedPlayers.get(iframeId);
+
+    // YT.PlayerState: PLAYING=1, PAUSED=2, ENDED=0, BUFFERING=3
+    switch (event.data) {
+      case YT.PlayerState.PLAYING:
+        if (!state.started) {
+          state.started = true;
+          window.cdpTrack?.track('video_start', {
+            content_name:   videoTitle,
+            video_duration: Math.round(player.getDuration() || 0),
+            video_provider: 'youtube'
+          });
+        }
+        break;
+
+      case YT.PlayerState.ENDED:
+        clearInterval(state.progressInterval);
+        window.cdpTrack?.track('video_complete', {
+          content_name:   videoTitle,
+          video_duration: Math.round(player.getDuration() || 0),
+          video_provider: 'youtube'
+        });
+        break;
+    }
+  }
+})();
+```
+
+O listener dispara via `cdpTrack.track()`:
+- `video_start` — primeiros 2s de play
+- `video_25`, `video_50`, `video_75` — marcos de progresso (25/50/75%)
+- `video_complete` — 100% assistido
 
 ### 3. Evento de Lead após assistir vídeo (imóveis)
 
 ```javascript
 // Disparar Lead qualificado quando usuário assiste 75%+ do tour
-document.addEventListener('pb:video_milestone', (e) => {
-  if (e.detail.percent >= 75) {
-    cdpTrack.track('InitiateCheckout', {
-      content_name: 'Tour_Virtual_Empreendimento',
-      value: 0,
-      currency: 'BRL',
-      // Sinaliza alta intenção para Meta + Google
-      meta_intensity: 'high',
-    });
-  }
-});
+// Adicionar dentro do callback de milestoneEvents no IFrame API listener:
+// milestoneEvents[75] → 'video_75' — adicionar lógica abaixo no bloco forEach
+if (milestone === 75) {
+  window.cdpTrack?.track('InitiateCheckout', {
+    content_name: 'Tour_Virtual_Empreendimento',
+    value: 0,
+    currency: 'BRL',
+    // Sinaliza alta intenção para Meta + Google
+    meta_intensity: 'high',
+  });
+}
 ```
 
 ### 4. Consent Mode v2 — OBRIGATÓRIO para YouTube/Google Ads
@@ -161,9 +274,11 @@ Para verificar persistência correta:
 ```javascript
 // No sendGA4Mp() — adicionar mapeamento de eventos YouTube
 const VIDEO_GA4_MAP = {
-  video_start:     'video_start',
-  video_milestone: 'video_progress',   // GA4 usa video_progress com percent
-  video_complete:  'video_complete',
+  video_start:    'video_start',
+  video_25:       'video_progress',   // GA4 usa video_progress com percent
+  video_50:       'video_progress',
+  video_75:       'video_progress',
+  video_complete: 'video_complete',
 };
 
 // Params obrigatórios para video_progress (GA4)
@@ -228,9 +343,9 @@ if (!payload.gclid && payload.utmSource === 'youtube') {
 | Evento cdpTrack | Mapeamento GA4 | Mapeamento Google Ads | Quando Disparar |
 |---|---|---|---|
 | `video_start` | `video_start` | — | Primeiros 2s de reprodução |
-| `video_milestone` (25%) | `video_progress` | — | 25% assistido |
-| `video_milestone` (50%) | `video_progress` | `engaged_view` candidate | 50% assistido |
-| `video_milestone` (75%) | `video_progress` | `engaged_view` | 75% assistido — alta intenção |
+| `video_25` | `video_progress` | — | 25% assistido |
+| `video_50` | `video_progress` | `engaged_view` candidate | 50% assistido |
+| `video_75` | `video_progress` | `engaged_view` | 75% assistido — alta intenção |
 | `video_complete` | `video_complete` | `video_view_complete` | 100% assistido |
 | `Lead` (após vídeo) | `generate_lead` | Conversão primária | Formulário submetido |
 | `InitiateCheckout` | `begin_checkout` | Conversão micro | Clique em "Quero saber mais" |
@@ -244,7 +359,7 @@ if (!payload.gclid && payload.utmSource === 'youtube') {
 ```
 FASE 1: AWARENESS (YouTube TrueView 30s)
   ↓ Tour aéreo do empreendimento / lifestyle do bairro
-  ↓ Rastrear: video_milestone 50% + 75% → score alto no LTV
+  ↓ Rastrear: video_50 + video_75 → score alto no LTV
   ↓ Remarketing: quem assistiu 50%+ vira audiência no Google Ads
 
 FASE 2: CONSIDERAÇÃO (YouTube Non-skip 15s + Display)

package/extracted-skill/tracking-events-generator/contracts/api-versions.json

@@ -212,10 +212,14 @@
         ]
       },
       "conversions_api": {
-        "current": "v2",
-        "minimum_supported": "v1",
-        "recommended": "v2",
-        "endpoint_pattern": "https://api.linkedin.com/rest/attributionConversions/{VERSION}",
+        "current": "202401",
+        "minimum_supported": "202401",
+        "recommended": "202401",
+        "endpoint_pattern": "https://api.linkedin.com/rest/conversionEvents",
+        "required_headers": {
+          "LinkedIn-Version": "202401",
+          "X-Restli-Protocol-Version": "2.0.0"
+        },
         "authentication": "Bearer token (LINKEDIN_ACCESS_TOKEN)",
         "rate_limits": {
           "requests_per_second": 10,
@@ -359,10 +363,10 @@
   },
 
   "last_updated_by": {
-    "agent": "Intelligence Agent",
-    "session_id": "CDP_2026-03-28_sync",
-    "timestamp": "2026-03-28T00:00:00.000Z"
+    "agent": "Audit — CDP Edge v2.0",
+    "session_id": "CDP_2026-04-10_audit",
+    "timestamp": "2026-04-10T00:00:00.000Z"
   },
 
-  "next_review_date": "2026-04-27T00:00:00.000Z"
+  "next_review_date": "2026-05-10T00:00:00.000Z"
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cdp-edge",
-  "version": "1.17.0",
+  "version": "1.18.1",
   "description": "CDP Edge - Quantum Tracking - Sistema multi-agente para tracking digital Cloudflare Native (Workers + D1)",
   "main": "dist/index.js",
   "type": "module",
@@ -23,7 +23,7 @@
     "build": "node build.js",
     "dev": "node build.js --watch",
     "test": "node test.js",
-    "test:unit": "node tests/unit/*.test.js",
+    "test:unit": "node tests/unit/normalization.test.js && node tests/unit/hashing.test.js && node tests/unit/deduplication.test.js && node tests/unit/payload-validation.test.js && node tests/unit/new-features.test.js",
     "test:unit:normalize": "node tests/unit/normalization.test.js",
     "test:unit:hash": "node tests/unit/hashing.test.js",
     "test:unit:dedup": "node tests/unit/deduplication.test.js",

package/server-edge-tracker/worker.js

@@ -151,7 +151,7 @@ async function sendMetaCapi(env, eventName, payload, request, ctx) {
     if (!res.ok) {
       const errorCode = data.error?.code || String(res.status);
       const errorMessage = data.error?.message || data.error?.error_user_msg || 'Unknown error';
-      console.error('Meta CAPI error:', JSON.stringify(data));
+      console.error('Meta CAPI error:', res.status, data.error?.message || data.error?.error_user_msg || 'unknown');
 
       // Log de falha para Feedback Loop
       if (env.DB) {
@@ -802,7 +802,7 @@ async function sendTikTokApi(env, eventName, payload, request, ctx) {
 
     const data = await res.json();
     if (!res.ok || data.code !== 0) {
-      console.error('TikTok Events API error:', JSON.stringify(data));
+      console.error('TikTok Events API error:', res.status, data.message || data.code || 'unknown');
 
       // Log de falha para Feedback Loop
       if (env.DB && ctx) {
@@ -907,8 +907,9 @@ async function sendPinterestCapi(env, eventName, payload, request, ctx) {
     );
     const data = await res.json();
     if (!res.ok) {
-      console.error('Pinterest CAPI error:', JSON.stringify(data));
-      if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'pinterest', eventName, String(res.status), JSON.stringify(data), body.data[0].event_id, JSON.stringify(body)));
+      const pinterestErrMsg = data.message || data.code || String(res.status);
+      console.error('Pinterest CAPI error:', res.status, pinterestErrMsg);
+      if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'pinterest', eventName, String(res.status), pinterestErrMsg, body.data[0].event_id, JSON.stringify(body)));
     }
     return data;
   } catch (err) {
@@ -1306,7 +1307,7 @@ async function _sendWARequest(env, body) {
       body: JSON.stringify(body),
     });
     const data = await res.json();
-    if (!res.ok) console.error('WhatsApp Meta API error:', JSON.stringify(data));
+    if (!res.ok) console.error('WhatsApp Meta API error:', res.status, data.error?.message || 'unknown');
     return { ok: res.ok, status: res.status, data };
   } catch (err) {
     console.error('WhatsApp Meta API failed:', err.message);
@@ -1452,7 +1453,7 @@ async function processWhatsAppWebhook(env, body, request, ctx) {
               'UPDATE whatsapp_contacts SET capi_sent = 1 WHERE wamid = ?'
             ).bind(wamid).run();
           } else if (!res.ok) {
-            console.error('[CTWA] Meta CAPI error:', JSON.stringify(data));
+            console.error('[CTWA] Meta CAPI error:', res.status, data.error?.message || 'unknown');
             if (env.DB) {
               await logApiFailure(env.DB, 'meta', 'Contact', data.error?.code || res.status,
                 data.error?.message || 'CTWA CAPI error', eventId, JSON.stringify(requestBody));
@@ -1931,7 +1932,7 @@ async function runIntelligenceAgent(env, runType) {
 
   // 5. Customer Match — sync semanal D1 → Meta Custom Audience
   const cmResult = await syncMetaCustomAudience(env);
-  console.log(`[Intelligence Agent] Customer Match Meta: ${JSON.stringify(cmResult)}`);
+  console.log(`[Intelligence Agent] Customer Match Meta: sent=${cmResult?.sent ?? 0}, received=${cmResult?.num_received ?? 0}`);
 
   console.log(`[Intelligence Agent] ${runType} concluído`);
 }
@@ -2000,7 +2001,7 @@ async function syncMetaCustomAudience(env) {
     const result = await res.json();
 
     if (!res.ok) {
-      console.error('[CustomerMatch] Meta erro:', JSON.stringify(result));
+      console.error('[CustomerMatch] Meta erro:', res.status, result.error?.message || 'unknown');
       return { error: result.error?.message, sent: 0 };
     }
 
@@ -3508,6 +3509,12 @@ export default {
 
     // ── POST /track — evento do browser ───────────────────────────────────────
     if (request.method === 'POST' && url.pathname === '/track') {
+      // Reject oversized payloads before reading body (64 KB limit)
+      const contentLength = parseInt(request.headers.get('Content-Length') || '0', 10);
+      if (contentLength > 65536) {
+        return new Response(JSON.stringify({ error: 'Payload muito grande' }), { status: 413, headers });
+      }
+
       let body;
       try {
         body = await request.json();
@@ -3518,6 +3525,22 @@ export default {
         );
       }
 
+      // ── Payload validation ────────────────────────────────────────────────────
+      // Reject non-object bodies and oversized string fields to prevent injection
+      if (typeof body !== 'object' || Array.isArray(body) || body === null) {
+        return new Response(JSON.stringify({ error: 'Payload inválido' }), { status: 400, headers });
+      }
+
+      const VALID_EVENT_NAMES = new Set([
+        'PageView','ViewContent','Lead','Purchase','InitiateCheckout',
+        'AddToCart','CompleteRegistration','Contact','Schedule',
+        'StartTrial','Subscribe','SubmitApplication','Search',
+        'video_start','video_25','video_50','video_75','video_complete'
+      ]);
+      const STR_FIELDS = ['email','phone','firstName','lastName','city','state','zip','userId',
+                          'utmSource','utmMedium','utmCampaign','utmContent','utmTerm',
+                          'fbclid','ttclid','gclid','transactionId','productName','currency'];
+
       const { eventName, behavioral_data, ...payload } = body;
 
       if (!eventName) {
@@ -3527,6 +3550,28 @@ export default {
         );
       }
 
+      if (typeof eventName !== 'string' || eventName.length > 64 || !VALID_EVENT_NAMES.has(eventName)) {
+        return new Response(JSON.stringify({ error: `eventName desconhecido: ${eventName.slice(0, 64)}` }), { status: 400, headers });
+      }
+
+      // Enforce max string length on known PII/UTM fields to block injection payloads
+      for (const field of STR_FIELDS) {
+        if (payload[field] !== undefined && payload[field] !== null) {
+          if (typeof payload[field] !== 'string' || payload[field].length > 512) {
+            return new Response(JSON.stringify({ error: `Campo inválido: ${field}` }), { status: 400, headers });
+          }
+        }
+      }
+
+      // value must be a non-negative number when present
+      if (payload.value !== undefined && payload.value !== null) {
+        const v = Number(payload.value);
+        if (isNaN(v) || v < 0 || v > 9_999_999) {
+          return new Response(JSON.stringify({ error: 'value fora do intervalo permitido' }), { status: 400, headers });
+        }
+        payload.value = v;
+      }
+
       // ── Extrair dados comportamentais do browser ──────────────────────────────
       // behavioral_data vem do engagement-scoring.js (engagement_score 0-5, intention_level)
       // e do BehaviorEngine (user_score 0-100)