npm - cdp-edge - Versions diffs - 1.23.2 → 1.24.0 - Mend

cdp-edge 1.23.2 → 1.24.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

package/server-edge-tracker/worker.js DELETED Viewed

@@ -1,4577 +0,0 @@
-/**
- * CDP Edge Server — server-edge-tracker.seu-usuario.workers.dev
- * Meta CAPI v22.0 + GA4 Measurement Protocol + TikTok Events API + D1
- * Cloudflare Workers (plano gratuito)
- *
- * Endpoints:
- *   POST /track           → evento do browser (PageView, Lead, Purchase…)
- *   POST /webhook/ticto   → compra confirmada pela Ticto (v2 JSON)
- *   GET  /health          → status do Worker
- *
- * Secrets (configurar via: wrangler secret put NOME):
- *   META_ACCESS_TOKEN    → token da Conversions API Meta
- *   GA4_API_SECRET       → secret do Measurement Protocol (GA4 → Admin → Data Streams → API secrets)
- *   TIKTOK_ACCESS_TOKEN  → token da TikTok Events API (TikTok for Business → Assets → Events → Web Events → Manage → API)
- *   META_TEST_CODE       → só em testes (ex: TEST12345) — remover em produção
- */
-// ── Constantes ────────────────────────────────────────────────────────────────
-// IDs de pixel lidos exclusivamente de env.* (wrangler.toml [vars] ou wrangler secret put)
-// CORS — aceita o domínio raiz e qualquer subdomínio (domínio vem de env.SITE_DOMAIN)
-function isAllowedOrigin(origin, siteDomain) {
-  if (!origin || !siteDomain) return false;
-  return origin === `https://${siteDomain}`
-    || origin.endsWith(`.${siteDomain}`)
-    || origin === 'http://localhost:3000'
-    || origin === 'http://localhost:5173';
-}
-// ── SHA-256 via WebCrypto (obrigatório no Cloudflare Workers) ─────────────────
-async function sha256(value) {
-  if (!value) return undefined;
-  const clean = String(value).toLowerCase().trim();
-  if (!clean) return undefined;
-  const buf = await crypto.subtle.digest(
-    'SHA-256',
-    new TextEncoder().encode(clean)
-  );
-  return Array.from(new Uint8Array(buf))
-    .map(b => b.toString(16).padStart(2, '0'))
-    .join('');
-}
-// ── Normalização de telefone → somente dígitos + DDI 55 ──────────────────────
-function normalizePhone(phone) {
-  if (!phone) return undefined;
-  let digits = String(phone).replace(/\D/g, '');
-  if (digits.length === 11 && !digits.startsWith('55')) digits = '55' + digits;
-  if (digits.length === 10 && !digits.startsWith('55')) digits = '55' + digits;
-  return digits.length >= 10 ? digits : undefined;
-}
-// ── Normalização de cidade → lowercase sem acentos ────────────────────────────
-function normalizeCity(city) {
-  if (!city) return undefined;
-  return String(city)
-    .toLowerCase()
-    .normalize('NFD')
-    .replace(/[\u0300-\u036f]/g, '')
-    .replace(/[^a-z0-9]/g, '');
-}
-// ── CORS ──────────────────────────────────────────────────────────────────────
-function corsHeaders(origin, siteDomain) {
-  const allowed = isAllowedOrigin(origin, siteDomain) ? origin : `https://${siteDomain}`;
-  return {
-    'Access-Control-Allow-Origin':  allowed,
-    'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
-    'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With',
-    'Access-Control-Max-Age':       '86400',
-  };
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// LOGISTIC REGRESSION — LTV Model (pure JS, sem deps externas)
-// ─────────────────────────────────────────────────────────────────────────────
-const _UTM_SCORES = {
-  facebook: 0.90, instagram: 0.90, meta: 0.90,
-  google: 0.82, youtube: 0.82, tiktok: 0.75,
-  email: 0.68, sms: 0.68, organic: 0.30, direct: 0.20,
-};
-const _INTENTION_SCORES = {
-  comprador: 1.00, high_intent: 1.00, interessado: 0.60, nurture: 0.30, curioso: 0.15,
-};
-function _extractFeatures(row) {
-  const src       = (row.utm_source || '').toLowerCase().trim();
-  const intention = (row.intention_level || '').toLowerCase().trim();
-  const daysSince = row.days_since_lead || 0;
-  return [
-    _UTM_SCORES[src] ?? (src ? 0.10 : 0.05),
-    Math.min((row.engagement_score || 0) / 5, 1),
-    _INTENTION_SCORES[intention] ?? 0,
-    Math.max(0, 1 - daysSince / 90),
-    row.has_email  ? 1 : 0,
-    row.has_phone  ? 1 : 0,
-    row.is_br      ? 1 : 0,
-    ((row.hour || 12) / 23),
-  ];
-}
-function _sigmoid(z) {
-  if (z > 20) return 1;
-  if (z < -20) return 0;
-  return 1 / (1 + Math.exp(-z));
-}
-function _dot(weights, features) {
-  return features.reduce((sum, f, i) => sum + (weights[i] || 0) * f, 0);
-}
-function _trainLogisticRegression(dataset, opts = {}) {
-  if (!dataset || dataset.length < 50) return null;
-  const iterations   = opts.iterations   || 200;
-  const learningRate = opts.learningRate  || 0.1;
-  const lambda       = opts.lambda        || 0.01;
-  const nFeatures    = dataset[0].features.length;
-  let bias    = 0;
-  let weights = new Array(nFeatures).fill(0);
-  const positives    = dataset.filter(d => d.label === 1).length;
-  const positiveRate = positives / dataset.length;
-  if (positiveRate < 0.03) return null;
-  for (let iter = 0; iter < iterations; iter++) {
-    let dBias = 0;
-    const dWeights = new Array(nFeatures).fill(0);
-    for (const { features, label } of dataset) {
-      const error = _sigmoid(_dot(weights, features) + bias) - label;
-      dBias += error;
-      for (let j = 0; j < nFeatures; j++) dWeights[j] += error * features[j];
-    }
-    const n = dataset.length;
-    bias -= learningRate * (dBias / n);
-    for (let j = 0; j < nFeatures; j++) {
-      weights[j] -= learningRate * ((dWeights[j] / n) + lambda * weights[j]);
-    }
-  }
-  let correct = 0;
-  const threshold = positiveRate > 0.3 ? 0.5 : Math.max(0.3, positiveRate * 1.5);
-  for (const { features, label } of dataset) {
-    if ((_sigmoid(_dot(weights, features) + bias) >= threshold ? 1 : 0) === label) correct++;
-  }
-  return { bias, weights, accuracy: correct / dataset.length, positiveRate, sampleSize: dataset.length, threshold, trainedAt: new Date().toISOString() };
-}
-function _predictWithWeights(model, features) {
-  return Math.round(_sigmoid(_dot(model.weights, features) + model.bias) * 100);
-}
-const _LTV_WEIGHTS_KV_KEY = 'ltv_weights_active';
-async function _loadActiveWeights(env) {
-  if (env.GEO_CACHE) {
-    try {
-      const cached = await env.GEO_CACHE.get(_LTV_WEIGHTS_KV_KEY, 'json');
-      if (cached?.weights?.length) return cached;
-    } catch {}
-  }
-  if (!env.DB) return null;
-  try {
-    const row = await env.DB.prepare(
-      `SELECT weights_json FROM ltv_model_weights WHERE is_active = 1 ORDER BY trained_at DESC LIMIT 1`
-    ).first();
-    if (!row?.weights_json) return null;
-    const model = JSON.parse(row.weights_json);
-    if (env.GEO_CACHE && model?.weights?.length) {
-      env.GEO_CACHE.put(_LTV_WEIGHTS_KV_KEY, JSON.stringify(model), { expirationTtl: 604800 }).catch(() => {});
-    }
-    return model;
-  } catch { return null; }
-}
-async function _saveWeights(DB, model) {
-  if (!DB || !model) return;
-  await DB.prepare(`UPDATE ltv_model_weights SET is_active = 0 WHERE is_active = 1`).run();
-  await DB.prepare(`
-    INSERT INTO ltv_model_weights (trained_at, is_active, sample_size, positive_rate, accuracy, weights_json)
-    VALUES (?, 1, ?, ?, ?, ?)
-  `).bind(new Date().toISOString(), model.sampleSize, model.positiveRate, model.accuracy, JSON.stringify(model)).run();
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// MATCH QUALITY — Tracking de qualidade dos dados enviados ao Meta CAPI
-// ─────────────────────────────────────────────────────────────────────────────
-const _MQ_THRESHOLDS = {
-  email_rate_min: 0.40, fbp_rate_min: 0.30, composite_min: 0.45, min_events_alert: 10,
-};
-async function _logMatchQuality(DB, eventName, payload, recovered = {}) {
-  if (!DB) return;
-  try {
-    await DB.prepare(`
-      INSERT INTO match_quality_log (
-        event_name, has_email, has_phone, has_fbp, has_fbc, has_external_id,
-        was_email_recovered, was_utm_restored
-      ) VALUES (?,?,?,?,?,?,?,?)
-    `).bind(
-      eventName,
-      payload.email   ? 1 : 0, payload.phone    ? 1 : 0,
-      payload.fbp     ? 1 : 0, payload.fbc      ? 1 : 0,
-      payload.userId  ? 1 : 0,
-      recovered.email ? 1 : 0, recovered.utm    ? 1 : 0,
-    ).run();
-  } catch { /* não bloquear dispatch */ }
-}
-async function _autoEnrichPayload(env, payload) {
-  const recovered = { email: false, utm: false };
-  if (!env.DB) return { payload, recovered };
-  if (!payload.email && payload.userId) {
-    try {
-      const profile = await env.DB.prepare(
-        `SELECT email, fbp, fbc, phone FROM user_profiles WHERE user_id = ? LIMIT 1`
-      ).bind(payload.userId).first();
-      if (profile) {
-        if (profile.email && !payload.email) { payload.email = profile.email; recovered.email = true; }
-        if (profile.fbp   && !payload.fbp)   payload.fbp   = profile.fbp;
-        if (profile.fbc   && !payload.fbc)   payload.fbc   = profile.fbc;
-        if (profile.phone && !payload.phone) payload.phone = profile.phone;
-      }
-    } catch {}
-  }
-  if (payload.utmRestored) recovered.utm = true;
-  return { payload, recovered };
-}
-async function _analyzeMatchQuality(env) {
-  if (!env.DB) return null;
-  try {
-    const row = await env.DB.prepare(`
-      SELECT
-        COUNT(*) AS total,
-        ROUND(AVG(has_email)       * 100, 1) AS email_rate,
-        ROUND(AVG(has_phone)       * 100, 1) AS phone_rate,
-        ROUND(AVG(has_fbp)         * 100, 1) AS fbp_rate,
-        ROUND(AVG(has_fbc)         * 100, 1) AS fbc_rate,
-        ROUND(AVG(has_external_id) * 100, 1) AS ext_id_rate,
-        ROUND(AVG(was_email_recovered) * 100, 1) AS email_recovered_rate,
-        ROUND((AVG(has_email)*0.4 + AVG(has_fbp)*0.3 + AVG(has_phone)*0.2 + AVG(has_fbc)*0.1) * 100, 1) AS composite_score
-      FROM match_quality_log
-      WHERE logged_at >= datetime('now', '-2 hours')
-    `).first();
-    if (!row || row.total < _MQ_THRESHOLDS.min_events_alert) return { total: row?.total || 0, alerts: [] };
-    const alerts = [];
-    if ((row.email_rate || 0) < _MQ_THRESHOLDS.email_rate_min * 100)
-      alerts.push({ type: 'email_low',        message: `Taxa de email baixa: ${row.email_rate}%` });
-    if ((row.fbp_rate || 0) < _MQ_THRESHOLDS.fbp_rate_min * 100)
-      alerts.push({ type: 'fbp_low',          message: `Cookie fbp ausente em ${100 - row.fbp_rate}% dos eventos` });
-    if ((row.composite_score || 0) < _MQ_THRESHOLDS.composite_min * 100)
-      alerts.push({ type: 'composite_critical', message: `Score composto crítico: ${row.composite_score}%`, severity: 'critical' });
-    return { ...row, alerts };
-  } catch (err) { console.error('[MatchQuality] analyze error:', err.message); return null; }
-}
-async function _alertMatchQuality(env, analysis) {
-  if (!analysis || analysis.alerts.length === 0) return;
-  const hasCritical = analysis.alerts.some(a => a.severity === 'critical');
-  const icon = hasCritical ? '🚨' : '⚠️';
-  const lines = [
-    `${icon} CDP Edge — Match Quality Alert`,
-    ``,
-    `📊 Últimas 2h (${analysis.total} eventos):`,
-    `  Email: ${analysis.email_rate ?? 0}% ${(analysis.email_rate ?? 0) < 40 ? '❌' : '✅'}`,
-    `  fbp:   ${analysis.fbp_rate   ?? 0}% ${(analysis.fbp_rate   ?? 0) < 30 ? '❌' : '✅'}`,
-    `  Score: ${analysis.composite_score ?? 0}%`,
-    ``,
-    `🔍 Problemas:`,
-    ...analysis.alerts.map(a => `  · ${a.message}`),
-    ``,
-    `🛠 Identity Graph recovery: ${analysis.email_recovered_rate ?? 0}% emails recuperados`,
-    new Date().toLocaleString('pt-BR', { timeZone: 'America/Sao_Paulo' }),
-  ];
-  await sendCallMeBot(env, lines.join('\n'));
-}
-async function _purgeOldMatchQualityLogs(DB) {
-  if (!DB) return;
-  try {
-    await DB.prepare(`DELETE FROM match_quality_log WHERE logged_at < datetime('now', '-30 days')`).run();
-  } catch {}
-}
-// ── Meta CAPI v22.0 ───────────────────────────────────────────────────────────
-async function sendMetaCapi(env, eventName, payload, request, ctx) {
-  // Auto-enriquecer payload com dados do Identity Graph antes do envio
-  let recovered = { email: false, utm: false };
-  if (env.DB && payload) {
-    const enriched = await _autoEnrichPayload(env, payload);
-    payload        = enriched.payload;
-    recovered      = enriched.recovered;
-  }
-  const {
-    email, phone, firstName, lastName,
-    city, state, country,
-    zip, dob,
-    fbp, fbc, userId,
-    eventId, pageUrl,
-    value, currency,
-    contentIds, contentName, contentType, numItems,
-  } = payload;
-  const phoneNorm   = normalizePhone(phone);
-  const countryCode = (country || request.cf?.country || 'br').toLowerCase();
-  const stateCode   = state ? String(state).toLowerCase() : undefined;
-  const cityNorm    = normalizeCity(city);
-  // user_data — hashear tudo com SHA-256 antes de enviar
-  const userData = {
-    ...(email      && { em:       await sha256(email) }),
-    ...(phoneNorm  && { ph:       await sha256(phoneNorm) }),
-    ...(firstName  && { fn:       await sha256(firstName) }),
-    ...(lastName   && { ln:       await sha256(lastName) }),
-    ...(cityNorm   && { ct:       await sha256(cityNorm) }),
-    ...(stateCode  && { st:       await sha256(stateCode) }),
-    ...(countryCode && { country: await sha256(countryCode) }),
-    ...(userId     && { external_id: await sha256(String(userId)) }),
-    ...(zip        && { zp:         await sha256(zip) }),
-    ...(dob        && { db:         await sha256(dob) }),
-    ...(fbp        && { fbp }),   // cookies NÃO são hasheados
-    ...(fbc        && { fbc }),
-    client_ip_address: request.headers.get('CF-Connecting-IP')
-                    || request.headers.get('X-Forwarded-For')
-                    || '',
-    client_user_agent: request.headers.get('User-Agent') || '',
-  };
-  // custom_data — dados do produto/valor
-  const customData = {
-    ...(value       !== undefined && { value: parseFloat(value) }),
-    ...(currency    && { currency: String(currency).toUpperCase() }),
-    ...(contentIds  && contentIds.length > 0 && { content_ids: contentIds }),
-    ...(contentName && { content_name: contentName }),
-    ...(contentType && { content_type: contentType }),
-    ...(numItems    && { num_items: parseInt(numItems) }),
-  };
-  const eventPayload = {
-    event_name:       eventName,
-    event_time:       Math.floor(Date.now() / 1000),
-    event_id:         eventId || `cdp_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
-    event_source_url: pageUrl || `https://${env.SITE_DOMAIN}`,
-    action_source:    'website',
-    user_data:        userData,
-    ...(Object.keys(customData).length > 0 && { custom_data: customData }),
-  };
-  const requestBody = {
-    data:         [eventPayload],
-    access_token: env.META_ACCESS_TOKEN,
-  };
-  // Test Event Code — só em staging, remover em produção
-  if (env.META_TEST_CODE) {
-    requestBody.test_event_code = env.META_TEST_CODE;
-  }
-  // Logar match quality em background (não bloqueia dispatch)
-  if (env.DB && ctx) {
-    ctx.waitUntil(_logMatchQuality(env.DB, eventName, payload, recovered));
-  } else if (env.DB) {
-    _logMatchQuality(env.DB, eventName, payload, recovered).catch(() => {});
-  }
-  const endpoint = `https://graph.facebook.com/v22.0/${env.META_PIXEL_ID}/events`;
-  try {
-    const res = await fetch(endpoint, {
-      method:  'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body:    JSON.stringify(requestBody),
-    });
-    const data = await res.json();
-    if (!res.ok) {
-      const errorCode = data.error?.code || String(res.status);
-      const errorMessage = data.error?.message || data.error?.error_user_msg || 'Unknown error';
-      console.error('Meta CAPI error:', res.status, data.error?.message || data.error?.error_user_msg || 'unknown');
-      // Log de falha para Feedback Loop
-      if (env.DB) {
-        ctx.waitUntil(logApiFailure(
-          env.DB,
-          'meta',
-          eventName,
-          errorCode,
-          errorMessage,
-          eventPayload.event_id,
-          JSON.stringify(requestBody)
-        ));
-      }
-    }
-    return data;
-  } catch (err) {
-    console.error('Meta CAPI fetch failed:', err.message);
-    // Log de falha para Feedback Loop
-    if (env.DB) {
-      ctx.waitUntil(logApiFailure(
-        env.DB,
-        'meta',
-        eventName,
-        'FETCH_ERROR',
-        err.message,
-        eventPayload.event_id,
-        JSON.stringify(requestBody)
-      ));
-    }
-    return { error: err.message };
-  }
-}
-// ── GA4 Measurement Protocol ──────────────────────────────────────────────────
-async function sendGA4Mp(env, ga4EventName, payload, ctx) {
-  if (!env.GA4_API_SECRET) return { skipped: 'GA4_API_SECRET not set' };
-  const {
-    clientId, sessionId,
-    value, currency, contentName,
-    email, phone, firstName,
-    orderId,
-  } = payload;
-  // GA4 MP exige client_id (cookie _ga)
-  if (!clientId) return { skipped: 'no clientId' };
-  const eventParams = {
-    ...(value       !== undefined && { value: parseFloat(value) }),
-    ...(currency    && { currency: String(currency).toUpperCase() }),
-    ...(contentName && { content_name: contentName }),
-    ...(orderId     && { transaction_id: orderId }),
-    ...(email       && { user_data_email_address: email.toLowerCase().trim() }),
-    ...(phone       && { user_data_phone_number: normalizePhone(phone) }),
-    ...(firstName   && { user_data_first_name: firstName.toLowerCase().trim() }),
-    ...(sessionId   && { session_id: sessionId }),
-    engagement_time_msec: 100,
-  };
-  const body = {
-    client_id: clientId,
-    events: [{ name: ga4EventName, params: eventParams }],
-  };
-  const url = `https://www.google-analytics.com/mp/collect`
-            + `?measurement_id=${env.GA4_MEASUREMENT_ID}`
-            + `&api_secret=${env.GA4_API_SECRET}`;
-  try {
-    const res = await fetch(url, {
-      method:  'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body:    JSON.stringify(body),
-    });
-    // GA4 MP retorna 204 em sucesso (sem body)
-    if (res.status !== 204) {
-      // Log de falha para Feedback Loop
-      if (env.DB && ctx) {
-        ctx.waitUntil(logApiFailure(
-          env.DB,
-          'ga4',
-          ga4EventName,
-          String(res.status),
-          'GA4 returned non-204 status',
-          null,
-          JSON.stringify(body)
-        ));
-      }
-    }
-    return res.status === 204 ? { ok: true } : { status: res.status };
-  } catch (err) {
-    console.error('GA4 MP fetch failed:', err.message);
-    // Log de falha para Feedback Loop
-    if (env.DB && ctx) {
-      ctx.waitUntil(logApiFailure(
-        env.DB,
-        'ga4',
-        ga4EventName,
-        'FETCH_ERROR',
-        err.message,
-        null,
-        JSON.stringify(body)
-      ));
-    }
-    return { error: err.message };
-  }
-}
-// ── D1 — salvar lead ──────────────────────────────────────────────────────────
-async function saveLead(env, eventName, payload, request, platform = 'website') {
-  if (!env.DB) return;
-  try {
-    const {
-      email, phone, firstName, lastName,
-      city, state, country,
-      fbp, fbc, userId,
-      utmSource, utmMedium, utmCampaign, utmContent, utmTerm,
-      pageUrl, value, currency, eventId, botScore,
-      engagementScore, intentionLevel, utmRestored,
-    } = payload;
-    await env.DB.prepare(`
-      INSERT INTO leads (
-        event_name, event_id, email, phone, first_name, last_name,
-        city, state, country, fbp, fbc, user_id,
-        utm_source, utm_medium, utm_campaign, utm_content, utm_term,
-        page_url, value, currency, ip_address, platform, bot_score,
-        engagement_score, intention_level, utm_restored, created_at
-      ) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,datetime('now'))
-    `).bind(
-      eventName,
-      eventId       || null,
-      email         || null,
-      normalizePhone(phone) || null,
-      firstName     || null,
-      lastName      || null,
-      city          || null,
-      state         || null,
-      (country      || request.cf?.country || null),
-      fbp           || null,
-      fbc           || null,
-      userId        || null,
-      utmSource     || null,
-      utmMedium     || null,
-      utmCampaign   || null,
-      utmContent    || null,
-      utmTerm       || null,
-      pageUrl       || null,
-      value !== undefined ? parseFloat(value) : null,
-      currency      || 'BRL',
-      request.headers.get('CF-Connecting-IP') || null,
-      platform,
-      botScore      || 0,
-      engagementScore !== undefined ? parseFloat(engagementScore) : null,
-      intentionLevel || null,
-      utmRestored ? 1 : 0,
-    ).run();
-  } catch (err) {
-    console.error('D1 saveLead error:', err.message);
-  }
-}
-// ── D1 — upsert perfil (acumula cookies entre visitas) ───────────────────────
-// ── Cálculo de Cohort Label baseado no score acumulado ───────────────────────
-function calculateCohortLabel(score, eventName) {
-  if (eventName === 'Purchase') return 'buyer_lookalike';
-  if (score >= 80)  return 'high_intent';
-  if (score >= 30)  return 'nurture';
-  return 'lost';
-}
-async function upsertProfile(env, eventName, payload, request) {
-  if (!env.DB || !payload.userId) return;
-  try {
-    const {
-      userId, email, phone,
-      fbp, fbc, ttp, gclid, ttclid, gaClientId,
-      city, state, country,
-      engagementScore, userScore,
-    } = payload;
-    // Score base por evento + bônus de engajamento do browser
-    const scoreMap = { PageView: 5, ViewContent: 10, ScrollDepth: 3, TimeOnPage: 5, Lead: 30, InitiateCheckout: 50, Purchase: 100 };
-    const eventScore = scoreMap[eventName] || 2;
-    // userScore vem do BehaviorEngine (0-100), engagementScore do engagement-scoring.js (0-5)
-    // Normaliza ambos para uma escala de bônus adicional (0-20)
-    const behaviorBonus = userScore
-      ? Math.round((Math.min(userScore, 100) / 100) * 20)
-      : (engagementScore ? Math.round((Math.min(engagementScore, 5) / 5) * 10) : 0);
-    const totalDelta = eventScore + behaviorBonus;
-    await env.DB.prepare(`
-      INSERT INTO user_profiles
-        (user_id, email, phone, fbp, fbc, ttp, gclid, ttclid, ga_client_id,
-         city, state, country, score, cohort_label, created_at, updated_at)
-      VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,datetime('now'),datetime('now'))
-      ON CONFLICT(user_id) DO UPDATE SET
-        email        = COALESCE(excluded.email,        user_profiles.email),
-        phone        = COALESCE(excluded.phone,        user_profiles.phone),
-        fbp          = COALESCE(excluded.fbp,          user_profiles.fbp),
-        fbc          = COALESCE(excluded.fbc,          user_profiles.fbc),
-        ttp          = COALESCE(excluded.ttp,          user_profiles.ttp),
-        gclid        = COALESCE(excluded.gclid,        user_profiles.gclid),
-        ttclid       = COALESCE(excluded.ttclid,       user_profiles.ttclid),
-        ga_client_id = COALESCE(excluded.ga_client_id, user_profiles.ga_client_id),
-        city         = COALESCE(excluded.city,         user_profiles.city),
-        state        = COALESCE(excluded.state,        user_profiles.state),
-        country      = COALESCE(excluded.country,      user_profiles.country),
-        score        = user_profiles.score + excluded.score,
-        cohort_label = excluded.cohort_label,
-        updated_at   = datetime('now')
-    `).bind(
-      userId,
-      email              || null,
-      normalizePhone(phone) || null,
-      fbp                || null,
-      fbc                || null,
-      ttp                || null,
-      gclid              || null,
-      ttclid             || null,
-      gaClientId         || null,
-      city               || null,
-      state              || null,
-      (country           || request.cf?.country || null),
-      totalDelta,
-      calculateCohortLabel(totalDelta, eventName),
-    ).run();
-  } catch (err) {
-    console.error('D1 upsertProfile error:', err.message);
-  }
-}
-// ── D1 — Cross-Device Graph (matching probabilístico) ────────────────────────
-// Quando email ou phone aparecem em outro _cdp_uid, registra o par no device_graph.
-// Não mescla dados — preserva ambos os perfis, apenas cria o link de identidade.
-// O primary_user_id é o perfil mais antigo (mais confiável historicamente).
-async function resolveDeviceGraph(DB, currentUserId, email, phone) {
-  if (!DB || !currentUserId) return;
-  if (!email && !phone) return;
-  try {
-    // Busca perfis com mesmo email OU mesmo phone mas _cdp_uid diferente
-    const conditions = [];
-    const bindings   = [];
-    if (email) {
-      conditions.push('email = ?');
-      bindings.push(email.toLowerCase().trim());
-    }
-    if (phone) {
-      const digits = String(phone).replace(/\D/g, '');
-      if (digits.length >= 10) {
-        conditions.push('phone LIKE ?');
-        bindings.push(`%${digits.slice(-10)}`);  // sufixo dos últimos 10 dígitos
-      }
-    }
-    if (conditions.length === 0) return;
-    bindings.push(currentUserId);
-    const rows = await DB.prepare(`
-      SELECT user_id, email, phone, created_at
-      FROM user_profiles
-      WHERE (${conditions.join(' OR ')})
-        AND user_id != ?
-      ORDER BY created_at ASC
-      LIMIT 5
-    `).bind(...bindings).all();
-    if (!rows.results || rows.results.length === 0) return;
-    for (const match of rows.results) {
-      // Determinar tipo de match e confiança
-      const emailMatch = email && match.email &&
-        email.toLowerCase().trim() === match.email.toLowerCase().trim();
-      const phoneMatch = phone && match.phone && (() => {
-        const a = String(phone).replace(/\D/g, '');
-        const b = String(match.phone).replace(/\D/g, '');
-        return a.slice(-10) === b.slice(-10) && a.length >= 10;
-      })();
-      if (!emailMatch && !phoneMatch) continue;
-      const matchType       = emailMatch && phoneMatch ? 'email+phone' : (emailMatch ? 'email' : 'phone');
-      const matchConfidence = emailMatch && phoneMatch ? 0.99 : (emailMatch ? 0.95 : 0.85);
-      // primary = mais antigo (âncora de identidade)
-      const primary   = match.user_id;    // veio da query ORDER BY created_at ASC
-      const secondary = currentUserId;
-      await DB.prepare(`
-        INSERT OR IGNORE INTO device_graph
-          (primary_user_id, secondary_user_id, match_type, match_confidence)
-        VALUES (?, ?, ?, ?)
-      `).bind(primary, secondary, matchType, matchConfidence).run();
-    }
-  } catch (err) {
-    console.error('resolveDeviceGraph error:', err.message);
-  }
-}
-// ── Automação de Mensagens — avalia regras e dispara WA/Email ────────────────
-// Chamado via ctx.waitUntil após saveLead() para não bloquear o browser.
-// Requer secrets: WHATSAPP_ACCESS_TOKEN, WHATSAPP_PHONE_NUMBER_ID, RESEND_API_KEY, RESEND_FROM_EMAIL
-async function fireAutomation(env, eventName, leadId, payload) {
-  if (!env.DB) return;
-  try {
-    const { results: rules } = await env.DB
-      .prepare(
-        `SELECT id, channel, subject_template, message_template
-         FROM automation_rules
-         WHERE trigger_event = ?1 AND is_active = 1`
-      )
-      .bind(eventName)
-      .all();
-    if (!rules || rules.length === 0) return;
-    const vars = {
-      name:       String(payload.firstName || payload.name || ''),
-      email:      String(payload.email     || ''),
-      phone:      String(payload.phone     || ''),
-      campaign:   String(payload.utm_campaign || payload.utmCampaign || ''),
-      intention:  String(payload.intentionLevel || payload.intention_level || ''),
-    };
-    const interpolate = (tpl) =>
-      tpl.replace(/\{\{(\w+)\}\}/g, (_, k) => vars[k] ?? '');
-    for (const rule of rules) {
-      const message = interpolate(rule.message_template);
-      const subject = rule.subject_template ? interpolate(rule.subject_template) : null;
-      try {
-        if (rule.channel === 'whatsapp' && payload.phone && env.WHATSAPP_ACCESS_TOKEN && env.WHATSAPP_PHONE_NUMBER_ID) {
-          const digits  = String(payload.phone).replace(/\D/g, '');
-          const e164    = digits.startsWith('55') ? `+${digits}` : `+55${digits}`;
-          const waRes   = await fetch(
-            `https://graph.facebook.com/v22.0/${env.WHATSAPP_PHONE_NUMBER_ID}/messages`,
-            {
-              method: 'POST',
-              headers: { 'Authorization': `Bearer ${env.WHATSAPP_ACCESS_TOKEN}`, 'Content-Type': 'application/json' },
-              body: JSON.stringify({ messaging_product: 'whatsapp', recipient_type: 'individual', to: e164, type: 'text', text: { body: message } }),
-            }
-          );
-          const waData  = await waRes.json();
-          const status  = waRes.ok ? 'sent' : 'failed';
-          const meta    = waRes.ok ? (waData.messages?.[0]?.id ?? null) : JSON.stringify(waData);
-          await env.DB.prepare(
-            `INSERT INTO messaging_history (lead_id, channel, recipient, subject, content, status, meta) VALUES (?1,?2,?3,?4,?5,?6,?7)`
-          ).bind(leadId, 'whatsapp', e164, null, message, status, meta).run();
-        } else if (rule.channel === 'email' && payload.email && env.RESEND_API_KEY) {
-          const resendRes  = await fetch('https://api.resend.com/emails', {
-            method: 'POST',
-            headers: { 'Authorization': `Bearer ${env.RESEND_API_KEY}`, 'Content-Type': 'application/json' },
-            body: JSON.stringify({
-              from:    env.RESEND_FROM_EMAIL || 'noreply@cdp-edge.app',
-              to:      [payload.email],
-              subject: subject || `Olá, ${vars.name || 'você'}!`,
-              html:    `<p>${message.replace(/\n/g, '<br>')}</p>`,
-            }),
-          });
-          const resendData = await resendRes.json();
-          const status     = resendRes.ok ? 'sent' : 'failed';
-          const meta       = resendRes.ok ? (resendData.id ?? null) : JSON.stringify(resendData);
-          await env.DB.prepare(
-            `INSERT INTO messaging_history (lead_id, channel, recipient, subject, content, status, meta) VALUES (?1,?2,?3,?4,?5,?6,?7)`
-          ).bind(leadId, 'email', payload.email, subject, message, status, meta).run();
-        }
-      } catch (err) {
-        console.error(`[Automation] rule ${rule.id} error:`, err.message);
-      }
-    }
-  } catch (err) {
-    console.error('[Automation] fireAutomation error:', err.message);
-  }
-}
-// ── D1 — buscar perfil por email (para webhooks) ──────────────────────────────
-async function getProfileByEmail(env, email) {
-  if (!env.DB || !email) return null;
-  try {
-    return await env.DB.prepare(
-      'SELECT * FROM user_profiles WHERE email = ? ORDER BY updated_at DESC LIMIT 1'
-    ).bind(email.toLowerCase().trim()).first();
-  } catch {
-    return null;
-  }
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// EDGE FINGERPRINT — UTM Resurrection
-// ─────────────────────────────────────────────────────────────────────────────
-// ── Edge Geo Enrichment — Workers Paid: cidade, estado, CEP, lat/lon ─────────
-// Free tier:    cf.country, cf.continent, cf.asn (sempre disponíveis)
-// Workers Paid: cf.city, cf.region, cf.regionCode, cf.postalCode,
-//               cf.latitude, cf.longitude, cf.timezone, cf.metroCode
-// Quando Workers Paid não está ativo, os campos Paid retornam undefined
-// e o payload é enriquecido apenas com os dados Free disponíveis.
-// Ao contratar Workers Paid ($5/mês) os dados passam a chegar automaticamente.
-async function enrichGeoFromEdge(request, env, payload) {
-  const cf = request.cf || {};
-  const ip = request.headers.get('CF-Connecting-IP') || '';
-  // ── Tentar cache KV (TTL 1h) — evita lookup redundante por IP ────────────
-  let geoData = null;
-  if (env.GEO_CACHE && ip) {
-    try {
-      const cached = await env.GEO_CACHE.get(`geo:${ip}`, 'json');
-      if (cached) geoData = cached;
-    } catch {}
-  }
-  if (!geoData) {
-    geoData = {
-      // ── Free tier (sempre disponível) ──────────────────────────────────────
-      country:    cf.country          || null, // 'BR', 'US'
-      continent:  cf.continent        || null, // 'SA', 'NA'
-      asn:        cf.asn              || null, // 7628
-      asOrg:      cf.asOrganization   || null, // 'VIVO (Telefonica Brasil)'
-      colo:       cf.colo             || null, // 'GRU' (datacenter mais próximo)
-      // ── Workers Paid ($5/mês) ───────────────────────────────────────────────
-      city:       cf.city             || null, // 'São Paulo'
-      region:     cf.region           || null, // 'São Paulo' (nome do estado)
-      regionCode: cf.regionCode       || null, // 'SP'
-      postalCode: cf.postalCode       || null, // '01310-100'
-      latitude:   cf.latitude         || null, // '-23.5505'
-      longitude:  cf.longitude        || null, // '-46.6333'
-      timezone:   cf.timezone         || null, // 'America/Sao_Paulo'
-      metroCode:  cf.metroCode        || null, // código de área metropolitana
-    };
-    // Salvar no KV por 1h (geo de IP raramente muda)
-    if (env.GEO_CACHE && ip && geoData.country) {
-      try {
-        await env.GEO_CACHE.put(`geo:${ip}`, JSON.stringify(geoData), { expirationTtl: 3600 });
-      } catch {}
-    }
-  }
-  // ── Enriquecer payload (edge tem prioridade menor que dados do browser) ───
-  payload.country = payload.country || geoData.country;
-  payload.city    = payload.city    || geoData.city;
-  payload.state   = payload.state   || geoData.regionCode; // 'SP', 'RJ'
-  payload.zip     = payload.zip     || geoData.postalCode;
-  // Objeto completo disponível para agentes (Analytics, Attribution, LTV)
-  payload.geo = geoData;
-  return geoData;
-}
-// ── R2 Audit Log — grava evento consolidado no bucket cdp-edge-logs ──────────
-// Só executa quando env.AUDIT_LOGS estiver disponível (R2 habilitado no CF Dashboard)
-// Chamado via ctx.waitUntil — não bloqueia resposta ao browser
-async function writeAuditLog(env, eventName, payload, geoData) {
-  if (!env.AUDIT_LOGS) return;
-  try {
-    const now = new Date();
-    const y   = now.getUTCFullYear();
-    const m   = String(now.getUTCMonth() + 1).padStart(2, '0');
-    const d   = String(now.getUTCDate()).padStart(2, '0');
-    const key = `logs/${y}/${m}/${d}/${now.getTime()}_${eventName}.json`;
-    const log = {
-      timestamp: now.toISOString(),
-      event:     eventName,
-      userId:    payload.userId    || null,
-      eventId:   payload.eventId   || null,
-      value:     payload.value     || null,
-      currency:  payload.currency  || null,
-      ltvClass:  payload.ltvClass  || null,
-      utm: {
-        source:   payload.utmSource   || null,
-        medium:   payload.utmMedium   || null,
-        campaign: payload.utmCampaign || null,
-        content:  payload.utmContent  || null,
-        term:     payload.utmTerm     || null,
-        restored: payload.utmRestored || false,
-      },
-      geo: geoData || null,
-    };
-    await env.AUDIT_LOGS.put(key, JSON.stringify(log), {
-      httpMetadata: { contentType: 'application/json' },
-    });
-  } catch (err) {
-    console.error('[R2 Audit] Error:', err.message);
-  }
-}
-// ── Gerar fingerprint a partir de signals de borda (sem PII) ─────────────────
-// Combina: ASN (rede do usuário) + Accept-Language + base do User-Agent
-// Efêmero por design: identifica o dispositivo/rede, não a pessoa.
-async function generateEdgeFingerprint(request) {
-  const asn      = String(request.cf?.asn || '0');
-  const lang     = (request.headers.get('Accept-Language') || 'unknown').split(',')[0].trim();
-  const ua       = request.headers.get('User-Agent') || '';
-  // Base do UA: apenas plataforma + browser (sem versão — mais estável entre sessões)
-  // Ex: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
-  //  → "windows applewebkit"
-  const uaBase = ua
-    .toLowerCase()
-    .replace(/[\d.]+/g, '')           // remove números de versão
-    .replace(/[^a-z\s]/g, ' ')        // remove caracteres especiais
-    .split(' ')
-    .filter(w => w.length > 3)        // só palavras com >3 chars (remove ruído)
-    .slice(0, 4)                       // pega até 4 tokens
-    .join(' ')
-    .trim();
-  const raw = `${asn}|${lang}|${uaBase}`;
-  return sha256(raw);
-}
-// ── Salvar fingerprint + UTM no D1 (quando UTM presente) ─────────────────────
-async function saveEdgeFingerprint(DB, fingerprint, userId, payload) {
-  if (!DB || !fingerprint) return;
-  const { utmSource, utmMedium, utmCampaign, utmContent, utmTerm } = payload;
-  if (!utmSource) return; // só salva quando há UTM real
-  try {
-    await DB.prepare(`
-      INSERT INTO edge_fingerprints (fingerprint, user_id, utm_source, utm_medium, utm_campaign, utm_content, utm_term)
-      VALUES (?, ?, ?, ?, ?, ?, ?)
-    `).bind(
-      fingerprint,
-      userId      || null,
-      utmSource   || null,
-      utmMedium   || null,
-      utmCampaign || null,
-      utmContent  || null,
-      utmTerm     || null,
-    ).run();
-  } catch (err) {
-    console.error('saveEdgeFingerprint error:', err.message);
-  }
-}
-// ── Recuperar UTM perdida por fingerprint (últimas 48h) ───────────────────────
-async function resurrectUTM(DB, fingerprint) {
-  if (!DB || !fingerprint) return null;
-  try {
-    return await DB.prepare(`
-      SELECT utm_source, utm_medium, utm_campaign, utm_content, utm_term
-      FROM edge_fingerprints
-      WHERE fingerprint = ?
-        AND utm_source IS NOT NULL
-        AND created_at > datetime('now', '-48 hours')
-      ORDER BY created_at DESC
-      LIMIT 1
-    `).bind(fingerprint).first();
-  } catch {
-    return null;
-  }
-}
-// ── TikTok Events API v1.3 ───────────────────────────────────────────────────
-async function sendTikTokApi(env, eventName, payload, request, ctx) {
-  if (!env.TIKTOK_ACCESS_TOKEN) return { skipped: 'TIKTOK_ACCESS_TOKEN not set' };
-  const pixelId = env.TIKTOK_PIXEL_ID || TIKTOK_PIXEL_ID;
-  if (!pixelId || pixelId === 'SEU_TIKTOK_PIXEL_ID') return { skipped: 'TIKTOK_PIXEL_ID not configured' };
-  const {
-    email, phone, firstName, lastName,
-    fbp, fbc, ttp, ttclid, userId,
-    eventId, pageUrl,
-    value, currency,
-    contentIds, contentName, contentType,
-  } = payload;
-  const phoneNorm = normalizePhone(phone);
-  // user — hashear com SHA-256
-  const user = {
-    ...(email      && { email:       await sha256(email) }),
-    ...(phoneNorm  && { phone_number: await sha256(phoneNorm) }),
-    ...(userId     && { external_id: await sha256(String(userId)) }),
-    ...(ttp        && { ttp }),      // _ttp cookie — não hashear
-    ...(ttclid     && { ttclid }),   // click ID — não hashear
-  };
-  // properties — dados do produto
-  const properties = {
-    ...(value       !== undefined && { value: parseFloat(value) }),
-    ...(currency    && { currency: String(currency).toUpperCase() }),
-    ...(contentIds  && contentIds.length > 0 && {
-      contents: contentIds.map(id => ({
-        content_id:   String(id),
-        content_name: contentName || '',
-        content_type: contentType || 'product',
-        quantity:     1,
-        price:        value ? parseFloat(value) : 0,
-      })),
-    }),
-  };
-  const event = {
-    event:      eventName,
-    event_time: Math.floor(Date.now() / 1000),
-    event_id:   eventId || `cdp_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
-    user,
-    page: {
-      url:      pageUrl || `https://${env.SITE_DOMAIN}`,
-      referrer: request.headers.get('Referer') || '',
-    },
-    ...(Object.keys(properties).length > 0 && { properties }),
-    context: {
-      ip:         request.headers.get('CF-Connecting-IP') || '',
-      user_agent: request.headers.get('User-Agent') || '',
-    },
-  };
-  const body = {
-    event_source:    'web',
-    event_source_id: pixelId,
-    data:            [event],
-  };
-  // Endpoint obrigatório: sempre /v1.3/event/track/ (nunca /pixel/track/)
-  const endpoint = 'https://business-api.tiktok.com/open_api/v1.3/event/track/';
-  try {
-    const res = await fetch(endpoint, {
-      method:  'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'Access-Token':  env.TIKTOK_ACCESS_TOKEN,
-      },
-      body: JSON.stringify(body),
-    });
-    const data = await res.json();
-    if (!res.ok || data.code !== 0) {
-      console.error('TikTok Events API error:', res.status, data.message || data.code || 'unknown');
-      // Log de falha para Feedback Loop
-      if (env.DB && ctx) {
-        ctx.waitUntil(logApiFailure(
-          env.DB,
-          'tiktok',
-          eventName,
-          String(data.code || res.status),
-          data.message || 'TikTok API error',
-          event.event_id,
-          JSON.stringify(body)
-        ));
-      }
-    }
-    return data;
-  } catch (err) {
-    console.error('TikTok Events API fetch failed:', err.message);
-    // Log de falha para Feedback Loop
-    if (env.DB && ctx) {
-      ctx.waitUntil(logApiFailure(
-        env.DB,
-        'tiktok',
-        eventName,
-        'FETCH_ERROR',
-        err.message,
-        null,
-        JSON.stringify(body)
-      ));
-    }
-    return { error: err.message };
-  }
-}
-// ── Pinterest — Conversions API v5 (server-side) — TEMPLATE (não ativo em prod)
-// Para ativar: configurar PINTEREST_ACCESS_TOKEN e PINTEREST_AD_ACCOUNT_ID
-// e descomentar a chamada no Promise.allSettled do /track
-//
-async function sendPinterestCapi(env, eventName, payload, request, ctx) {
-  if (!env.PINTEREST_ACCESS_TOKEN || !env.PINTEREST_AD_ACCOUNT_ID) {
-    return { skipped: 'Pinterest credentials not set' };
-  }
-  const {
-    email, phone, userId,
-    eventId, pageUrl,
-    value, currency,
-    contentIds, contentName,
-  } = payload;
-  const phoneNorm = normalizePhone(phone);
-  const pinterestEventMap = {
-    PageView:             'pagevisit',
-    ViewContent:          'pagevisit',
-    Lead:                 'lead',
-    Purchase:             'checkout',
-    AddToCart:            'addtocart',
-    InitiateCheckout:     'checkout',
-    CompleteRegistration: 'signup',
-    Search:               'search',
-    Contact:              'lead',
-  };
-  const pEvent = pinterestEventMap[eventName] || 'custom';
-  const userData = {
-    ...(email     && { em: [await sha256(email)] }),
-    ...(phoneNorm && { ph: [await sha256(phoneNorm)] }),
-    ...(userId    && { external_id: [await sha256(String(userId))] }),
-    client_ip_address: request.headers.get('CF-Connecting-IP') || '',
-    client_user_agent: request.headers.get('User-Agent') || '',
-  };
-  const body = {
-    data: [{
-      event_name:       pEvent,
-      action_source:    'web',
-      event_time:       Math.floor(Date.now() / 1000),
-      event_id:         eventId || `cdp_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
-      event_source_url: pageUrl || '',
-      user_data:        userData,
-      custom_data: {
-        currency:     (currency || 'BRL').toUpperCase(),
-        value:        value ? String(parseFloat(value)) : '0',
-        ...(contentIds?.length > 0 && { content_ids: contentIds.map(String) }),
-        ...(contentName            && { content_name: contentName }),
-        content_type: 'product',
-      },
-    }],
-  };
-  try {
-    const res = await fetch(
-      `https://api.pinterest.com/v5/ad_accounts/${env.PINTEREST_AD_ACCOUNT_ID}/events`,
-      {
-        method:  'POST',
-        headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${env.PINTEREST_ACCESS_TOKEN}` },
-        body:    JSON.stringify(body),
-      }
-    );
-    const data = await res.json();
-    if (!res.ok) {
-      const pinterestErrMsg = data.message || data.code || String(res.status);
-      console.error('Pinterest CAPI error:', res.status, pinterestErrMsg);
-      if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'pinterest', eventName, String(res.status), pinterestErrMsg, body.data[0].event_id, JSON.stringify(body)));
-    }
-    return data;
-  } catch (err) {
-    console.error('Pinterest CAPI fetch failed:', err.message);
-    if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'pinterest', eventName, 'FETCH_ERROR', err.message, null, JSON.stringify(body)));
-    return { error: err.message };
-  }
-}
-// ── Reddit — Conversions API v2.0 (server-side) ───────────────────────────────
-//
-//  Secrets necessários (wrangler secret put):
-//    REDDIT_ACCESS_TOKEN   → Bearer token da Reddit Conversions API
-//    REDDIT_AD_ACCOUNT_ID  → ID da conta de anúncios (ex: t2_XXXXXXX)
-//
-async function sendRedditCapi(env, eventName, payload, request, ctx) {
-  if (!env.REDDIT_ACCESS_TOKEN || !env.REDDIT_AD_ACCOUNT_ID) {
-    return { skipped: 'Reddit credentials not set' };
-  }
-  const {
-    email, phone, userId,
-    eventId, pageUrl,
-    value, currency,
-  } = payload;
-  const phoneNorm = normalizePhone(phone);
-  const redditEventMap = {
-    PageView:             'PageVisit',
-    ViewContent:          'ViewContent',
-    Lead:                 'Lead',
-    Purchase:             'Purchase',
-    AddToCart:            'AddToCart',
-    InitiateCheckout:     'Purchase',
-    CompleteRegistration: 'SignUp',
-    Search:               'Search',
-    Contact:              'Lead',
-  };
-  const rEvent = redditEventMap[eventName] || 'Custom';
-  const user = {
-    ...(email     && { email:       { value: await sha256(email) } }),
-    ...(phoneNorm && { phoneNumber: { value: await sha256(phoneNorm) } }),
-    ...(userId    && { externalId:  { value: await sha256(String(userId)) } }),
-    ipAddress: { value: request.headers.get('CF-Connecting-IP') || '' },
-    userAgent: { value: request.headers.get('User-Agent') || '' },
-  };
-  const event = {
-    event_at:   new Date().toISOString(),
-    event_type: { tracking_type: rEvent, ...(eventName === 'InitiateCheckout' && { conversion_type: 'BEGIN_CHECKOUT' }) },
-    click_id:   payload.rdtClid || '',
-    event_metadata: {
-      currency:       (currency || 'BRL').toUpperCase(),
-      value_decimal:  String(value || 0),
-      item_count:     '1',
-      conversion_id:  eventId || `cdp_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
-    },
-    user,
-  };
-  const body = { events: [event] };
-  try {
-    const res = await fetch(
-      `https://ads-api.reddit.com/api/v2.0/conversions/events/${env.REDDIT_AD_ACCOUNT_ID}`,
-      {
-        method:  'POST',
-        headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${env.REDDIT_ACCESS_TOKEN}` },
-        body:    JSON.stringify(body),
-      }
-    );
-    if (!res.ok) {
-      const txt = await res.text();
-      console.error('Reddit CAPI error:', txt);
-      if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'reddit', eventName, String(res.status), txt, event.event_metadata.conversion_id, JSON.stringify(body)));
-      return { error: `HTTP ${res.status}` };
-    }
-    const data = await res.json();
-    return data;
-  } catch (err) {
-    console.error('Reddit CAPI fetch failed:', err.message);
-    if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'reddit', eventName, 'FETCH_ERROR', err.message, null, JSON.stringify(body)));
-    return { error: err.message };
-  }
-}
-// ── LinkedIn — Conversions API v2 (server-side) ───────────────────────────────
-//
-//  Secrets necessários (wrangler secret put):
-//    LINKEDIN_ACCESS_TOKEN   → OAuth2 Bearer token da LinkedIn Marketing API
-//    LINKEDIN_CONVERSION_ID  → ID da conversão (URN: urn:li:conversion:XXXXXXXXX)
-//    LINKEDIN_AD_ACCOUNT_ID  → ID da conta de anúncios (ex: 123456789)
-//
-async function sendLinkedInCapi(env, eventName, payload, request, ctx) {
-  if (!env.LINKEDIN_ACCESS_TOKEN || !env.LINKEDIN_CONVERSION_ID) {
-    return { skipped: 'LinkedIn credentials not set' };
-  }
-  const {
-    email, phone, firstName, lastName, userId,
-    eventId, pageUrl,
-    value, currency,
-  } = payload;
-  const phoneNorm = normalizePhone(phone);
-  // LinkedIn só suporta conversões (Lead, Purchase, CompleteRegistration)
-  const linkedInEventMap = {
-    Lead:                 'LEAD',
-    Purchase:             'PURCHASE',
-    CompleteRegistration: 'REGISTRATION',
-    AddToCart:            'ADD_TO_CART',
-    InitiateCheckout:     'OTHER',
-    ViewContent:          'OTHER',
-    PageView:             'OTHER',
-    Contact:              'LEAD',
-  };
-  const liEvent = linkedInEventMap[eventName] || 'OTHER';
-  // user — SHA-256 em campos PII
-  const userInfo = {
-    ...(email     && { 'SHA256_EMAIL':      await sha256(email) }),
-    ...(phoneNorm && { 'SHA256_PHONE':      await sha256(phoneNorm) }),
-    ...(firstName && { 'SHA256_FIRST_NAME': await sha256(firstName.toLowerCase().trim()) }),
-    ...(lastName  && { 'SHA256_LAST_NAME':  await sha256(lastName.toLowerCase().trim()) }),
-  };
-  const body = {
-    conversion:    `urn:li:conversion:${env.LINKEDIN_CONVERSION_ID}`,
-    conversionHappenedAt: Date.now(),
-    conversionValue: value ? { currencyCode: (currency || 'BRL').toUpperCase(), amount: String(parseFloat(value)) } : undefined,
-    eventId:       eventId || `cdp_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
-    ...(Object.keys(userInfo).length > 0 && { user: { userIds: Object.entries(userInfo).map(([idType, idValue]) => ({ idType, idValue })) } }),
-  };
-  try {
-    const res = await fetch(
-      'https://api.linkedin.com/rest/conversionEvents',
-      {
-        method:  'POST',
-        headers: {
-          'Content-Type':           'application/json',
-          Authorization:            `Bearer ${env.LINKEDIN_ACCESS_TOKEN}`,
-          'LinkedIn-Version':       '202405',
-          'X-Restli-Protocol-Version': '2.0.0',
-        },
-        body: JSON.stringify(body),
-      }
-    );
-    if (!res.ok) {
-      const txt = await res.text();
-      console.error('LinkedIn CAPI error:', txt);
-      if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'linkedin', eventName, String(res.status), txt, body.eventId, JSON.stringify(body)));
-      return { error: `HTTP ${res.status}` };
-    }
-    return { ok: true };
-  } catch (err) {
-    console.error('LinkedIn CAPI fetch failed:', err.message);
-    if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'linkedin', eventName, 'FETCH_ERROR', err.message, null, JSON.stringify(body)));
-    return { error: err.message };
-  }
-}
-// ── Spotify — Conversions API v1 (server-side) ────────────────────────────────
-//
-//  Secrets necessários (wrangler secret put):
-//    SPOTIFY_ACCESS_TOKEN   → Bearer token da Spotify Advertising API
-//    SPOTIFY_AD_ACCOUNT_ID  → ID da conta de anúncios Spotify Ads
-//
-async function sendSpotifyCapi(env, eventName, payload, request, ctx) {
-  if (!env.SPOTIFY_ACCESS_TOKEN || !env.SPOTIFY_AD_ACCOUNT_ID) {
-    return { skipped: 'Spotify credentials not set' };
-  }
-  const {
-    email, phone, userId,
-    eventId, pageUrl,
-    value, currency,
-  } = payload;
-  const phoneNorm = normalizePhone(phone);
-  const spotifyEventMap = {
-    Purchase:             'PURCHASE',
-    Lead:                 'LEAD',
-    CompleteRegistration: 'SIGN_UP',
-    AddToCart:            'ADD_TO_CART',
-    InitiateCheckout:     'INITIATE_CHECKOUT',
-    ViewContent:          'VIEW_CONTENT',
-    PageView:             'PAGE_VIEW',
-    Contact:              'LEAD',
-  };
-  const spEvent = spotifyEventMap[eventName] || 'CUSTOM';
-  // user — SHA-256 em campos PII
-  const user = {
-    ...(email     && { hashed_email: await sha256(email) }),
-    ...(phoneNorm && { hashed_phone: await sha256(phoneNorm) }),
-    ...(userId    && { user_id:      userId }),
-    ip_address: request.headers.get('CF-Connecting-IP') || '',
-    user_agent: request.headers.get('User-Agent') || '',
-  };
-  const body = {
-    data: [{
-      event_id:    eventId || `cdp_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
-      event_type:  spEvent,
-      event_time:  Math.floor(Date.now() / 1000),
-      url:         pageUrl || '',
-      user,
-      ...(value !== undefined && {
-        value: {
-          currency: (currency || 'BRL').toUpperCase(),
-          amount:   parseFloat(value),
-        },
-      }),
-    }],
-  };
-  try {
-    const res = await fetch(
-      `https://advertising-api.spotify.com/conversion/v1/accounts/${env.SPOTIFY_AD_ACCOUNT_ID}/events`,
-      {
-        method:  'POST',
-        headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${env.SPOTIFY_ACCESS_TOKEN}` },
-        body:    JSON.stringify(body),
-      }
-    );
-    if (!res.ok) {
-      const txt = await res.text();
-      console.error('Spotify CAPI error:', txt);
-      if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'spotify', eventName, String(res.status), txt, body.data[0].event_id, JSON.stringify(body)));
-      return { error: `HTTP ${res.status}` };
-    }
-    const data = await res.json();
-    return data;
-  } catch (err) {
-    console.error('Spotify CAPI fetch failed:', err.message);
-    if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'spotify', eventName, 'FETCH_ERROR', err.message, null, JSON.stringify(body)));
-    return { error: err.message };
-  }
-}
-// ── WhatsApp — Meta Cloud API v22.0 ──────────────────────────────────────────
-//
-//  Secrets necessários (wrangler secret put):
-//    WHATSAPP_PHONE_NUMBER_ID  → Meta: "Phone Number ID" (ex: 123456789012345)
-//    WHATSAPP_ACCESS_TOKEN     → Meta: "Access Token" (Token permanente)
-//    WA_NOTIFY_NUMBER     → Número do dono para receber notificações (ex: 5511999998888)
-//
-//  Formatos suportados:
-//    text      → Texto livre (só funciona dentro da janela de 24h)
-//    template  → Mensagem pré-aprovada pela Meta (inicia conversa proativamente)
-//    image     → Imagem com legenda opcional (URL pública)
-//    video     → Vídeo com legenda opcional (URL pública)
-//    document  → PDF/arquivo com nome e legenda (URL pública)
-//    audio     → Áudio (URL pública, OGG/MP4)
-//    interactive → Botões (até 3) ou lista de opções (até 10 itens)
-//
-//  Regra crítica: para iniciar conversa proativamente (Purchase, Lead, etc.)
-//  é OBRIGATÓRIO usar type: 'template'. Texto livre só funciona em resposta
-//  a uma mensagem do usuário nos últimos 24h.
-//
-async function sendWhatsApp(env, tipo, payload, options = {}) {
-  if (!env.WHATSAPP_PHONE_NUMBER_ID || !env.WHATSAPP_ACCESS_TOKEN || !env.WA_NOTIFY_NUMBER) {
-    return { skipped: 'WhatsApp não configurado' };
-  }
-  const to = options.to || env.WA_NOTIFY_NUMBER;
-  // ── Template (proativo — fora da janela de 24h) ───────────────────────────
-  // Usar quando: Purchase, Lead, ou qualquer disparo iniciado pelo sistema
-  // O template deve estar aprovado no Meta Business Suite → WhatsApp → Templates
-  // Formato dos componentes segue a API de Templates da Meta
-  if (options.template) {
-    const { name, language = 'pt_BR', components = [] } = options.template;
-    const body = {
-      messaging_product: 'whatsapp',
-      to,
-      type: 'template',
-      template: { name, language: { code: language }, components },
-    };
-    return _sendWARequest(env, body);
-  }
-  // ── Mídia — image, video, document, audio ────────────────────────────────
-  // Usar quando: envio de PDF de nota fiscal, vídeo de boas-vindas, etc.
-  // mediaUrl deve ser uma URL pública acessível pela Meta
-  if (options.mediaType && options.mediaUrl) {
-    const mediaPayload = { link: options.mediaUrl };
-    if (options.caption) mediaPayload.caption = options.caption;
-    if (options.filename) mediaPayload.filename = options.filename; // só para document
-    const body = {
-      messaging_product: 'whatsapp',
-      to,
-      type: options.mediaType,
-      [options.mediaType]: mediaPayload,
-    };
-    return _sendWARequest(env, body);
-  }
-  // ── Interactive — botões (até 3) ─────────────────────────────────────────
-  // Usar quando: confirmação de compra com botões de ação
-  // buttons: [{ id: 'btn_1', title: 'Ver Pedido' }, ...]
-  if (options.interactive === 'buttons' && options.buttons?.length) {
-    const body = {
-      messaging_product: 'whatsapp',
-      to,
-      type: 'interactive',
-      interactive: {
-        type: 'button',
-        body: { text: options.bodyText || '' },
-        action: {
-          buttons: options.buttons.slice(0, 3).map(b => ({
-            type: 'reply',
-            reply: { id: b.id, title: b.title },
-          })),
-        },
-      },
-    };
-    return _sendWARequest(env, body);
-  }
-  // ── Interactive — lista de opções (até 10 itens) ──────────────────────────
-  // Usar quando: menu de suporte, seleção de produto, etc.
-  // rows: [{ id: 'opt_1', title: 'Suporte', description: 'Falar com equipe' }, ...]
-  if (options.interactive === 'list' && options.rows?.length) {
-    const body = {
-      messaging_product: 'whatsapp',
-      to,
-      type: 'interactive',
-      interactive: {
-        type: 'list',
-        body: { text: options.bodyText || '' },
-        action: {
-          button: options.listButton || 'Ver opções',
-          sections: [{ rows: options.rows.slice(0, 10) }],
-        },
-      },
-    };
-    return _sendWARequest(env, body);
-  }
-  // ── Text — fallback (dentro da janela de 24h) ─────────────────────────────
-  const nome    = [payload.firstName, payload.lastName].filter(Boolean).join(' ') || 'sem nome';
-  const valor   = payload.value ? `R$ ${parseFloat(payload.value).toFixed(2)}` : '—';
-  const utm     = payload.utmSource || 'direto';
-  const produto = payload.contentName || '';
-  let texto = '';
-  if (tipo === 'Purchase') {
-    texto =
-      `🛒 *Nova Venda!*\n\n` +
-      `👤 ${nome}\n` +
-      `📧 ${payload.email || '—'}\n` +
-      `📱 ${payload.phone || '—'}\n` +
-      `💰 ${valor}\n` +
-      (produto ? `📦 ${produto}\n` : '') +
-      `🔗 UTM: ${utm}\n` +
-      `🕐 ${new Date().toLocaleString('pt-BR', { timeZone: 'America/Sao_Paulo' })}`;
-  } else if (tipo === 'Lead') {
-    texto =
-      `📋 *Novo Lead!*\n\n` +
-      `📧 ${payload.email || '—'}\n` +
-      `🔗 UTM: ${utm}\n` +
-      `🌐 ${payload.pageUrl || '—'}\n` +
-      `🕐 ${new Date().toLocaleString('pt-BR', { timeZone: 'America/Sao_Paulo' })}`;
-  } else {
-    return { skipped: `tipo ${tipo} não suportado sem template` };
-  }
-  return _sendWARequest(env, {
-    messaging_product: 'whatsapp',
-    to,
-    type: 'text',
-    text: { body: texto },
-  });
-}
-// ── Executor interno — evita duplicação de fetch entre os formatos ────────────
-async function _sendWARequest(env, body) {
-  try {
-    const res = await fetch(`https://graph.facebook.com/v22.0/${env.WHATSAPP_PHONE_NUMBER_ID}/messages`, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'Authorization': `Bearer ${env.WHATSAPP_ACCESS_TOKEN}`,
-      },
-      body: JSON.stringify(body),
-    });
-    const data = await res.json();
-    if (!res.ok) console.error('WhatsApp Meta API error:', res.status, data.error?.message || 'unknown');
-    return { ok: res.ok, status: res.status, data };
-  } catch (err) {
-    console.error('WhatsApp Meta API failed:', err.message);
-    return { ok: false, error: err.message };
-  }
-}
-// ── CallMeBot — Alertas de sistema (falhas Cloudflare, API down, erros críticos)
-//
-//  Secrets necessários (wrangler secret put):
-//    CALLMEBOT_PHONE      → Número do admin no formato internacional (ex: +5511999998888)
-//    CALLMEBOT_APIKEY     → API Key gerada pelo CallMeBot (ativar via WhatsApp: wa.me/34638398527)
-//
-//  Usado para: alertas internos do sistema — Worker com erro, API falhando,
-//              token expirado, D1 com problema. NÃO para mensagens a clientes.
-//
-async function sendCallMeBot(env, mensagem) {
-  if (!env.CALLMEBOT_PHONE || !env.CALLMEBOT_APIKEY) {
-    return { skipped: 'CallMeBot não configurado' };
-  }
-  try {
-    const url = `https://api.callmebot.com/whatsapp.php?phone=${encodeURIComponent(env.CALLMEBOT_PHONE)}&text=${encodeURIComponent(mensagem)}&apikey=${env.CALLMEBOT_APIKEY}`;
-    const res = await fetch(url);
-    return { ok: res.ok, status: res.status };
-  } catch (err) {
-    console.error('CallMeBot failed:', err.message);
-    return { ok: false, error: err.message };
-  }
-}
-// ── WhatsApp CTWA — Processa webhook de mensagem recebida ─────────────────────
-// Acionado em POST /webhook/whatsapp quando um usuário envia mensagem após
-// clicar em um anúncio "Click to WhatsApp" (CTWA) no Facebook/Instagram.
-//
-// O payload da Meta Cloud API inclui:
-//   message.from          → número do usuário (sem "+", ex: "5511999998888")
-//   message.id (wamid)    → ID único da mensagem (usado para deduplicação)
-//   message.referral      → dados do anúncio que gerou o clique:
-//     .ctwa_clid           → identificador do clique (equivalente ao fbclid para CTWA)
-//     .source_id           → ID do anúncio
-//     .source_url          → URL do anúncio no Facebook/Instagram
-//     .headline            → título do anúncio
-//
-// O evento enviado à Meta CAPI usa action_source="chat" (obrigatório para CTWA)
-// e inclui ctwa_clid em user_data (sem hash) junto com ph (phone hasheado).
-// Isso permite à Meta fechar o loop: clique no anúncio → conversa no WhatsApp.
-async function processWhatsAppWebhook(env, body, request, ctx) {
-  const entry  = body?.entry?.[0];
-  const change = entry?.changes?.find(c => c.field === 'messages');
-  if (!change) return { skipped: 'no messages field' };
-  const messages = change.value?.messages;
-  if (!messages || messages.length === 0) return { skipped: 'no messages' };
-  const results = [];
-  for (const message of messages) {
-    const phone       = message.from;                  // ex: "5511999998888"
-    const wamid       = message.id;                    // ID único da mensagem
-    const referral    = message.referral || {};
-    const ctwaClid    = referral.ctwa_clid  || null;   // click ID do anúncio
-    const adId        = referral.source_id  || null;
-    const sourceUrl   = referral.source_url || null;
-    const headline    = referral.headline   || null;
-    const messageBody = message.text?.body  || message.type || '';
-    if (!phone) {
-      results.push({ skipped: 'no phone' });
-      continue;
-    }
-    const phoneNorm = normalizePhone(phone) || phone;
-    const phoneHash = await sha256(phoneNorm);
-    // Deduplicação — mesmo wamid não dispara duas vezes
-    if (env.DB && wamid) {
-      try {
-        const existing = await env.DB.prepare(
-          'SELECT id FROM whatsapp_contacts WHERE wamid = ?'
-        ).bind(wamid).first();
-        if (existing) {
-          results.push({ skipped: 'duplicate wamid', wamid });
-          continue;
-        }
-      } catch { /* não bloquear se D1 falhar */ }
-    }
-    const eventId = `ctwa_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
-    // Persistir contato no D1 (antes de enviar ao CAPI)
-    if (env.DB) {
-      ctx.waitUntil(
-        env.DB.prepare(
-          `INSERT OR IGNORE INTO whatsapp_contacts
-           (phone_hash, phone_raw, wamid, ctwa_clid, ad_id, source_url, headline, capi_sent, capi_event_id, message_body)
-           VALUES (?,?,?,?,?,?,?,0,?,?)`
-        ).bind(phoneHash, phoneNorm, wamid || null, ctwaClid, adId,
-               sourceUrl, headline, eventId, messageBody || null).run()
-      );
-    }
-    // Montar evento para Meta CAPI
-    // action_source: "chat" é obrigatório para eventos originados no WhatsApp
-    // ctwa_clid vai em user_data sem hash (a Meta exige assim)
-    const capiEvent = {
-      event_name:    'Contact',
-      event_time:    Math.floor(Date.now() / 1000),
-      event_id:      eventId,
-      action_source: 'chat',
-      user_data: {
-        ph: phoneHash,
-        ...(ctwaClid && { ctwa_clid: ctwaClid }),
-        client_ip_address: request.headers.get('CF-Connecting-IP') || '',
-        client_user_agent: request.headers.get('User-Agent') || '',
-      },
-      ...(sourceUrl && { event_source_url: sourceUrl }),
-    };
-    const pixelId = env.META_PIXEL_ID || META_PIXEL_ID;
-    // Enviar ao Meta CAPI de forma assíncrona (não bloqueia a resposta ao WhatsApp)
-    ctx.waitUntil(
-      (async () => {
-        try {
-          const requestBody = {
-            data:         [capiEvent],
-            access_token: env.META_ACCESS_TOKEN,
-          };
-          if (env.META_TEST_CODE) requestBody.test_event_code = env.META_TEST_CODE;
-          const res = await fetch(
-            `https://graph.facebook.com/v22.0/${pixelId}/events`,
-            {
-              method:  'POST',
-              headers: { 'Content-Type': 'application/json' },
-              body:    JSON.stringify(requestBody),
-            }
-          );
-          const data = await res.json();
-          if (res.ok && env.DB && wamid) {
-            await env.DB.prepare(
-              'UPDATE whatsapp_contacts SET capi_sent = 1 WHERE wamid = ?'
-            ).bind(wamid).run();
-          } else if (!res.ok) {
-            console.error('[CTWA] Meta CAPI error:', res.status, data.error?.message || 'unknown');
-            if (env.DB) {
-              await logApiFailure(env.DB, 'meta', 'Contact', data.error?.code || res.status,
-                data.error?.message || 'CTWA CAPI error', eventId, JSON.stringify(requestBody));
-            }
-          }
-        } catch (err) {
-          console.error('[CTWA] Meta CAPI fetch failed:', err.message);
-        }
-      })()
-    );
-    // Registrar também na tabela leads para aparecer no CRM Dashboard
-    ctx.waitUntil(
-      saveLead(env, 'Contact', {
-        phone:       phoneNorm,
-        eventId:     eventId,
-        pageUrl:     sourceUrl,
-        utmSource:   'whatsapp_ctwa',
-        utmMedium:   'paid_social',
-      }, request, 'whatsapp')
-    );
-    results.push({
-      ok:        true,
-      phone:     phoneNorm.slice(0, 4) + '****',
-      ctwa_clid: ctwaClid ? 'present' : 'absent',
-      event_id:  eventId,
-    });
-  }
-  return { processed: results.length, results };
-}
-// ── Verificação de assinatura HMAC-SHA256 (webhooks) ─────────────────────────
-async function verifyHmac(secret, rawBody, receivedSignature) {
-  if (!secret || !receivedSignature) return false;
-  try {
-    const key = await crypto.subtle.importKey(
-      'raw',
-      new TextEncoder().encode(secret),
-      { name: 'HMAC', hash: 'SHA-256' },
-      false,
-      ['sign']
-    );
-    const sig = await crypto.subtle.sign(
-      'HMAC', key, new TextEncoder().encode(rawBody)
-    );
-    const computed = Array.from(new Uint8Array(sig))
-      .map(b => b.toString(16).padStart(2, '0')).join('');
-    // Comparação constant-time (evita timing attack)
-    if (computed.length !== receivedSignature.length) return false;
-    let diff = 0;
-    for (let i = 0; i < computed.length; i++) {
-      diff |= computed.charCodeAt(i) ^ receivedSignature.charCodeAt(i);
-    }
-    return diff === 0;
-  } catch {
-    return false;
-  }
-}
-// ── Mapa Meta → GA4 event names ───────────────────────────────────────────────
-const META_TO_GA4 = {
-  PageView:             'page_view',
-  ViewContent:          'view_item',
-  Lead:                 'generate_lead',
-  Contact:              'generate_lead',
-  Schedule:             'generate_lead',
-  InitiateCheckout:     'begin_checkout',
-  AddToCart:            'add_to_cart',
-  AddPaymentInfo:       'add_payment_info',
-  Purchase:             'purchase',
-  CompleteRegistration: 'sign_up',
-  Subscribe:            'subscribe',
-  StartTrial:           'start_trial',
-  Search:               'search',
-  AddToWishlist:        'add_to_wishlist',
-};
-// ── Persistir LTV no perfil D1 ───────────────────────────────────────────────
-async function upsertLtvProfile(env, userId, ltv) {
-  if (!env.DB || !userId) return;
-  try {
-    await env.DB.prepare(`
-      UPDATE user_profiles
-      SET predicted_ltv_class = ?,
-          predicted_ltv_value = ?,
-          updated_at          = datetime('now')
-      WHERE user_id = ?
-    `).bind(ltv.class, ltv.value, userId).run();
-  } catch (err) {
-    console.error('upsertLtvProfile error:', err.message);
-  }
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// LTV PREDICTION — Valor Preditivo de Lifetime Value
-// ─────────────────────────────────────────────────────────────────────────────
-/**
- * Prediz o LTV (Lifetime Value) de um lead no momento do primeiro contato.
- *
- * Modelo heurístico em 5 dimensões (0–100 pontos):
- *   1. Engajamento browser   (0–30 pts) — engagement_score + user_score
- *   2. Origem de tráfego     (0–25 pts) — UTM source (paid > organic > direct)
- *   3. Contexto de rede      (0–15 pts) — ASN corporativo, país, hora do dia
- *   4. Contexto do evento    (0–20 pts) — InitiateCheckout visto antes = +20
- *   5. Dados PII disponíveis (0–10 pts) — email + phone + nome = melhor match
- *
- * Retorna: { score, class, value }
- *   score: 0–100
- *   class: 'High' | 'Medium' | 'Low'
- *   value: valor em BRL (base × multiplicador da classe)
- */
-async function predictLtv(env, payload, request, customSystemPrompt = null) {
-  // 0. Tentar modelo treinado (regressão logística via D1/KV)
-  try {
-    const model = await _loadActiveWeights(env);
-    if (model?.weights?.length) {
-      const hour    = new Date().getUTCHours();
-      const country = (payload.country || request.cf?.country || '').toUpperCase();
-      const features = _extractFeatures({
-        utm_source:       payload.utmSource,
-        engagement_score: parseFloat(payload.engagementScore || 0),
-        intention_level:  payload.intentionLevel,
-        days_since_lead:  0,
-        has_email:        !!payload.email,
-        has_phone:        !!payload.phone,
-        is_br:            country === 'BR',
-        hour,
-      });
-      const score100   = _predictWithWeights(model, features);
-      const ltvClass   = score100 >= 70 ? 'High' : score100 >= 40 ? 'Medium' : 'Low';
-      const multiplier = ltvClass === 'High' ? 3.5 : ltvClass === 'Medium' ? 1.8 : 0.8;
-      const base       = payload.value ? parseFloat(payload.value) : 197;
-      return { score: score100, class: ltvClass, value: Math.round(base * multiplier * 100) / 100, source: 'model' };
-    }
-  } catch { /* fallback heurístico */ }
-  let score = 0;
-  // 1. Engajamento browser (0–30)
-  const engScore  = parseFloat(payload.engagementScore || 0);
-  const userScore = parseFloat(payload.userScore || 0);
-  // engagement_score é 0-5 → normaliza para 0-15
-  score += Math.min(15, Math.round((engScore / 5) * 15));
-  // user_score é 0-100 → normaliza para 0-15
-  score += Math.min(15, Math.round((userScore / 100) * 15));
-  // 2. Origem de tráfego (0–25)
-  const src = (payload.utmSource || '').toLowerCase();
-  const utm_score_map = {
-    facebook: 25, instagram: 25, meta: 25,
-    google: 22, youtube: 22, tiktok: 20,   // youtube = mesmo nível do google search (alta intenção)
-    email: 18, sms: 18,
-    organic: 10, direct: 5,
-  };
-  const utmScore = utm_score_map[src] ?? (src ? 8 : 3);
-  score += utmScore;
-  // 3. Contexto de rede (0–15)
-  const hour   = new Date().getUTCHours();
-  const country = (payload.country || request.cf?.country || '').toUpperCase();
-  const org    = String(request.cf?.asOrganization || '').toLowerCase();
-  // Horário de alta conversão: 18h-23h BRT (21h-02h UTC) = +8
-  const isHighConvTime = hour >= 21 || hour <= 2;
-  score += isHighConvTime ? 8 : (hour >= 12 && hour <= 20 ? 4 : 1);
-  // País Brasil = público-alvo primário = +5; outros LATAM = +3
-  const latam = ['AR', 'CL', 'CO', 'MX', 'PE', 'UY', 'PY', 'BO'];
-  score += country === 'BR' ? 5 : (latam.includes(country) ? 3 : 1);
-  // ASN corporativo (empresa/datacenter = B2B = alto LTV) = +2
-  const isCorp = /ltda|s\.a\.|corp|telecom|fibra|claro|vivo|tim|oi/.test(org);
-  score += isCorp ? 2 : 0;
-  // 4. Contexto do evento (0–20)
-  // InitiateCheckout visto antes deste Lead = usuário já na jornada de compra
-  const intentionLevel = (payload.intentionLevel || '').toLowerCase();
-  if (intentionLevel === 'comprador' || intentionLevel === 'high_intent') score += 20;
-  else if (intentionLevel === 'interessado') score += 12;
-  else if (intentionLevel === 'nurture') score += 6;
-  // 5. Dados PII disponíveis (0–10)
-  if (payload.email) score += 4;
-  if (payload.phone) score += 4;
-  if (payload.firstName) score += 2;
-  score = Math.min(100, score);
-  // Classificação
-  let ltvClass, ltvMultiplier;
-  if (score >= 70) {
-    ltvClass = 'High';   ltvMultiplier = 3.5;
-  } else if (score >= 40) {
-    ltvClass = 'Medium'; ltvMultiplier = 1.8;
-  } else {
-    ltvClass = 'Low';    ltvMultiplier = 0.8;
-  }
-  // Valor base do produto (do payload) ou estimativa por classe
-  const productValue = payload.value ? parseFloat(payload.value) : 0;
-  const baseValue = productValue > 0 ? productValue : 197; // ticket médio padrão BR
-  const predictedValue = Math.round(baseValue * ltvMultiplier * 100) / 100;
-  // Enriquecimento opcional via Workers AI (se binding disponível)
-  // Usado apenas para ajuste fino do score — não bloqueia o fluxo principal
-  let aiAdjustment = 0;
-  if (env.AI && score >= 40) {
-    try {
-      const systemContent = customSystemPrompt ||
-        'You are a conversion rate expert. Reply ONLY with a JSON object {"adjustment": <number between -10 and 10>} based on the lead data provided. No explanation.';
-      const prompt = [
-        { role: 'system', content: systemContent },
-        { role: 'user', content: JSON.stringify({
-          utm_source: payload.utmSource,
-          intention: intentionLevel,
-          engagement: engScore,
-          hour_utc: hour,
-          country,
-          has_email: !!payload.email,
-          has_phone: !!payload.phone,
-        })},
-      ];
-      const aiRes = await env.AI.run('@cf/meta/llama-3.1-8b-instruct', { messages: prompt, max_tokens: 32 });
-      const parsed = JSON.parse(aiRes.response.trim());
-      if (typeof parsed.adjustment === 'number') {
-        aiAdjustment = Math.max(-10, Math.min(10, parsed.adjustment));
-      }
-    } catch { /* graceful fallback — AI opcional */ }
-  }
-  const finalScore = Math.min(100, Math.max(0, score + aiAdjustment));
-  return {
-    score:  finalScore,
-    class:  ltvClass,
-    value:  predictedValue,
-  };
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// FEEDBACK LOOP — Monitoramento de Falhas e Saúde
-// ─────────────────────────────────────────────────────────────────────────────
-// ── Log de Falha de API ─────────────────────────────────────────────────────
-async function logApiFailure(DB, platform, eventName, errorCode, errorMessage, eventId, rawPayload) {
-  try {
-    await DB.prepare(`
-      INSERT INTO api_failures (platform, event_name, error_code, error_message, event_id, raw_payload, retry_count, final_status)
-      VALUES (?, ?, ?, ?, ?, ?, 0, 'failed')
-    `).bind(platform, eventName, String(errorCode), errorMessage, eventId, rawPayload).run();
-  } catch (err) {
-    console.error('Failed to log API failure:', err.message);
-  }
-}
-// ── Métricas de Saúde (últimas 24h) ─────────────────────────────────────────
-async function getHealthMetrics(DB, platform, hours = 24) {
-  try {
-    // Total de eventos com falha
-    const failures = await DB.prepare(`
-      SELECT COUNT(*) as count, error_code
-      FROM api_failures
-      WHERE platform = ? AND created_at > datetime('now', '-${hours} hours')
-      GROUP BY error_code
-    `).bind(platform).all();
-    // Total de eventos enviados (leads table)
-    const totalSent = await DB.prepare(`
-      SELECT COUNT(*) as count
-      FROM leads
-      WHERE platform = ? AND created_at > datetime('now', '-${hours} hours')
-    `).bind(platform).first();
-    const totalFailed = failures.reduce((sum, f) => sum + f.count, 0);
-    const successRate = totalSent?.count > 0
-      ? ((totalSent.count - totalFailed) / totalSent.count) * 100
-      : 100;
-    return {
-      platform,
-      hours,
-      events_sent: totalSent?.count || 0,
-      events_failed: totalFailed,
-      success_rate: successRate,
-      errors_detected: failures.map(f => ({ code: f.error_code, count: f.count })),
-      issues: totalFailed > (totalSent?.count || 0) * 0.1 ? ['high_error_rate'] : [],
-    };
-  } catch (err) {
-    console.error('Failed to get health metrics:', err.message);
-    return {
-      platform,
-      hours,
-      events_sent: 0,
-      events_failed: 0,
-      success_rate: 0,
-      errors_detected: [],
-      issues: ['metrics_unavailable'],
-    };
-  }
-}
-// ── Gerar Relatório Diário ────────────────────────────────────────────────────
-async function generateDailyReport(DB) {
-  const platforms = ['meta', 'ga4', 'tiktok', 'pinterest', 'reddit'];
-  const today = new Date().toISOString().split('T')[0];
-  const reports = [];
-  for (const platform of platforms) {
-    const metrics = await getHealthMetrics(DB, platform, 24);
-    try {
-      await DB.prepare(`
-        INSERT INTO health_reports (report_date, platform, events_sent, events_failed, success_rate, errors_detected, issues_detected)
-        VALUES (?, ?, ?, ?, ?, ?, ?)
-      `).bind(
-        today,
-        platform,
-        metrics.events_sent,
-        metrics.events_failed,
-        metrics.success_rate,
-        JSON.stringify(metrics.errors_detected),
-        JSON.stringify(metrics.issues)
-      ).run();
-      reports.push({ platform, status: 'ok' });
-    } catch (err) {
-      console.error(`Failed to generate report for ${platform}:`, err.message);
-      reports.push({ platform, status: 'failed' });
-    }
-  }
-  return reports;
-}
-// ── Verificar Versões de API (scheduled task) ────────────────────────────────
-async function checkApiVersions() {
-  // Consulta api-versions.json para verificar versões atuais
-  // Em produção, isso poderia fazer fetch para documentação oficial
-  const currentVersions = {
-    meta: 'v22.0',
-    ga4: 'latest',
-    tiktok: 'v1.3',
-    pinterest: 'v5',
-    reddit: 'v2.0',
-  };
-  const today = new Date().toISOString().split('T')[0];
-  const nextReview = '2026-04-27'; // Data do próximo review
-  return {
-    check_date: today,
-    next_review: nextReview,
-    versions: currentVersions,
-    status: 'ok',
-  };
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// INTELLIGENCE AGENT — Monitoramento Autônomo
-// ─────────────────────────────────────────────────────────────────────────────
-// Versões esperadas das APIs (fonte da verdade: contracts/api-versions.json)
-const EXPECTED_API_VERSIONS = {
-  meta:      'v22.0',
-  ga4:       'latest',
-  tiktok:    'v1.3',
-  pinterest: 'v5',
-  reddit:    'v2.0',
-};
-// Thresholds de alerta
-const ALERT_THRESHOLDS = {
-  errorRateCritical: 0.20, // > 20% de falha = crítico
-  errorRateWarning:  0.10, // > 10% de falha = aviso
-};
-// ── Log de execução do Intelligence Agent no D1 ──────────────────────────────
-async function logIntelligence(DB, runType, platform, checkType, status, currentValue, expectedValue, message, alertSent = false) {
-  if (!DB) return;
-  try {
-    await DB.prepare(`
-      INSERT INTO intelligence_logs (run_type, platform, check_type, status, current_value, expected_value, message, alert_sent)
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?)
-    `).bind(runType, platform, checkType, status, String(currentValue ?? ''), String(expectedValue ?? ''), message, alertSent ? 1 : 0).run();
-  } catch (err) {
-    console.error('logIntelligence error:', err.message);
-  }
-}
-// ── Alerta CallMeBot para o admin (falhas de sistema, API down, erros críticos)
-async function sendIntelligenceAlert(env, severity, title, details) {
-  const icon = severity === 'critical' ? '🚨' : '⚠️';
-  const texto =
-    `${icon} CDP Edge — ${title}\n\n` +
-    details + '\n\n' +
-    new Date().toLocaleString('pt-BR', { timeZone: 'America/Sao_Paulo' });
-  return sendCallMeBot(env, texto);
-}
-// ── Check de versões de API ───────────────────────────────────────────────────
-async function checkApiVersionsIntelligence(env, runType) {
-  const results = [];
-  for (const [platform, expected] of Object.entries(EXPECTED_API_VERSIONS)) {
-    // Versão atual baseada no código deployado
-    const currentMap = { meta: 'v22.0', tiktok: 'v1.3', ga4: 'latest', pinterest: 'v5', reddit: 'v2.0' };
-    const current = currentMap[platform] || 'unknown';
-    const isOk = current === expected || expected === 'latest';
-    const status = isOk ? 'ok' : 'warning';
-    await logIntelligence(env.DB, runType, platform, 'api_version', status, current, expected,
-      isOk ? `${platform} ${current} — versão correta` : `${platform} ${current} desatualizado, esperado ${expected}`
-    );
-    results.push({ platform, current, expected, status });
-  }
-  return results;
-}
-// ── Auditoria de taxa de erro por plataforma (últimas 24h) ───────────────────
-async function auditErrorRates(env, runType) {
-  if (!env.DB) return [];
-  const alerts = [];
-  for (const platform of ['meta', 'ga4', 'tiktok']) {
-    const metrics = await getHealthMetrics(env.DB, platform, 24);
-    const errorRate = metrics.events_sent > 0
-      ? metrics.events_failed / metrics.events_sent
-      : 0;
-    let status = 'ok';
-    if (errorRate >= ALERT_THRESHOLDS.errorRateCritical) status = 'critical';
-    else if (errorRate >= ALERT_THRESHOLDS.errorRateWarning)  status = 'warning';
-    const message = `${platform}: ${metrics.events_sent} eventos, ${metrics.events_failed} falhas (${(errorRate * 100).toFixed(1)}%)`;
-    const alertSent = status !== 'ok'
-      ? await sendIntelligenceAlert(env, status, `Taxa de Erro Alta — ${platform.toUpperCase()}`,
-          `📊 ${message}\n🎯 Taxa: ${(errorRate * 100).toFixed(1)}% (limite: ${ALERT_THRESHOLDS.errorRateWarning * 100}%)`)
-      : false;
-    await logIntelligence(env.DB, runType, platform, 'error_rate', status,
-      `${(errorRate * 100).toFixed(1)}%`,
-      `${ALERT_THRESHOLDS.errorRateWarning * 100}%`,
-      message, alertSent
-    );
-    if (status !== 'ok') alerts.push({ platform, errorRate, status });
-  }
-  return alerts;
-}
-// ── Treinar modelo LTV com dados reais do D1 ─────────────────────────────────
-async function _trainLtvModel(env) {
-  if (!env.DB) return { skipped: 'DB não disponível' };
-  try {
-    const rows = await env.DB.prepare(`
-      SELECT
-        l.utm_source, l.engagement_score, l.intention_level,
-        CAST(julianday('now') - julianday(l.created_at) AS INTEGER) AS days_since_lead,
-        CASE WHEN l.email IS NOT NULL AND l.email != '' THEN 1 ELSE 0 END AS has_email,
-        CASE WHEN l.phone IS NOT NULL AND l.phone != '' THEN 1 ELSE 0 END AS has_phone,
-        CASE WHEN (l.country = 'br' OR l.country = 'BR' OR l.country IS NULL) THEN 1 ELSE 0 END AS is_br,
-        CAST(strftime('%H', l.created_at) AS INTEGER) AS hour,
-        CASE WHEN EXISTS (
-          SELECT 1 FROM events e
-          WHERE e.user_id = l.user_id
-            AND e.event_name IN ('Purchase','purchase','PURCHASE')
-            AND e.created_at > l.created_at
-        ) THEN 1 ELSE 0 END AS label
-      FROM leads l
-      WHERE l.created_at >= datetime('now', '-90 days')
-      LIMIT 5000
-    `).all();
-    const dataset = (rows.results || []).map(row => ({ features: _extractFeatures(row), label: row.label || 0 }));
-    const model   = _trainLogisticRegression(dataset);
-    if (!model) {
-      return { skipped: 'dados insuficientes', samples: dataset.length };
-    }
-    await _saveWeights(env.DB, model);
-    if (env.GEO_CACHE) env.GEO_CACHE.delete(_LTV_WEIGHTS_KV_KEY).catch(() => {});
-    return { trained: true, samples: dataset.length, accuracy: model.accuracy, positiveRate: model.positiveRate };
-  } catch (err) {
-    console.error('[LTV Train] Erro:', err.message);
-    return { error: err.message };
-  }
-}
-// ── Auto-decisão de winner no A/B LTV Test ────────────────────────────────────
-const _AB_LTV_CACHE_KEY = 'ab_ltv_active_test';
-async function _autoDecideAbWinner(env) {
-  if (!env.DB) return null;
-  try {
-    const test = await env.DB.prepare(`
-      SELECT id, min_sample_size FROM ltv_ab_tests WHERE status = 'running' ORDER BY created_at DESC LIMIT 1
-    `).first();
-    if (!test) return { decided: false };
-    const variations = await env.DB.prepare(`
-      SELECT id, name, is_control, sample_count, accuracy_score
-      FROM ltv_ab_variations WHERE test_id = ?
-    `).bind(test.id).all();
-    const vars = variations.results || [];
-    if (vars.some(v => (v.sample_count || 0) < (test.min_sample_size || 50))) return { decided: false };
-    const control = vars.find(v => v.is_control) || vars[0];
-    const best    = vars.reduce((a, b) => (b.accuracy_score || 0) > (a.accuracy_score || 0) ? b : a, control);
-    if (best.id === control.id) return { decided: false };
-    const improvement = (best.accuracy_score || 0) - (control.accuracy_score || 0);
-    if (improvement < 5) return { decided: false };
-    await env.DB.prepare(`
-      UPDATE ltv_ab_tests SET status='completed', winner_id=?, auto_decided_at=datetime('now'), auto_decided_reason=?
-      WHERE id=?
-    `).bind(best.id, `Auto: +${improvement.toFixed(1)}pp vs control`, test.id).run();
-    if (env.GEO_CACHE) env.GEO_CACHE.delete(_AB_LTV_CACHE_KEY).catch(() => {});
-    const winnerVar = await env.DB.prepare(
-      `SELECT system_prompt FROM ltv_ab_variations WHERE id = ?`
-    ).bind(best.id).first();
-    return { decided: true, test_id: test.id, winner_name: best.name, improvement, winning_prompt: winnerVar?.system_prompt };
-  } catch (err) {
-    console.error('[AB Auto-Decide] Erro:', err.message);
-    return null;
-  }
-}
-// ── Runner principal do Intelligence Agent ────────────────────────────────────
-async function runIntelligenceAgent(env, runType) {
-  // 1. Check de versões (sempre)
-  const versionResults = await checkApiVersionsIntelligence(env, runType);
-  // 2. Relatório diário de saúde (sempre)
-  if (env.DB) {
-    const reports = await generateDailyReport(env.DB);
-  }
-  // 3. Auditoria de taxas de erro (sempre)
-  const errorAlerts = await auditErrorRates(env, runType);
-  if (errorAlerts.length > 0) {
-    console.warn(`[Intelligence Agent] ${errorAlerts.length} alertas de taxa de erro enviados`);
-  }
-  // 4. Treinar modelo LTV com dados reais do D1 (toda semana)
-  const ltvTrainResult = await _trainLtvModel(env);
-  if (ltvTrainResult.trained) {
-    if (env.DB) {
-      logIntelligence(env.DB, runType, 'ltv', 'model_training', 'ok',
-        `accuracy=${(ltvTrainResult.accuracy * 100).toFixed(1)}%`, null,
-        `Modelo LTV re-treinado com ${ltvTrainResult.samples} amostras`
-      ).catch(() => {});
-    }
-  }
-  // 5. Auto-decisão de winner no A/B LTV Test
-  try {
-    const abResult = await _autoDecideAbWinner(env);
-    if (abResult?.decided) {
-      await sendIntelligenceAlert(env, 'info',
-        `A/B LTV Test — Winner Declarado`,
-        `🏆 Vencedor: ${abResult.winner_name}\n📈 Melhoria: +${abResult.improvement?.toFixed(1) ?? '?'}pp vs controle\n🆔 Test ID: ${abResult.test_id}\n\n✅ Prompt vencedor ativado automaticamente`
-      );
-    }
-  } catch (err) {
-    console.error('[Intelligence Agent] A/B auto-decide error:', err.message);
-  }
-  // 6. Match Quality — análise + alertas
-  try {
-    const mqAnalysis = await _analyzeMatchQuality(env);
-    if (mqAnalysis) {
-      await _alertMatchQuality(env, mqAnalysis);
-    }
-  } catch (err) {
-    console.error('[Intelligence Agent] Match quality error:', err.message);
-  }
-  // 7. Auditoria mensal adicional
-  if (runType === 'monthly_audit') {
-    if (env.DB) {
-      try {
-        const ltvStats = await env.DB.prepare(`
-          SELECT predicted_ltv_class, COUNT(*) as count
-          FROM user_profiles
-          WHERE predicted_ltv_class IS NOT NULL
-            AND updated_at > datetime('now', '-30 days')
-          GROUP BY predicted_ltv_class
-        `).all();
-        const summary = ltvStats.results?.map(r => `${r.predicted_ltv_class}: ${r.count}`).join(', ') || 'sem dados';
-        await logIntelligence(env.DB, runType, 'all', 'ltv_distribution', 'ok', summary, null,
-          `Distribuição LTV últimos 30 dias: ${summary}`);
-      } catch (err) {
-        console.error('LTV audit error:', err.message);
-      }
-      // Purge de logs antigos de match quality (> 30 dias)
-      await _purgeOldMatchQualityLogs(env.DB);
-    }
-  }
-  // 8. Customer Match — sync semanal D1 → Meta Custom Audience
-  const cmResult = await syncMetaCustomAudience(env);
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// CUSTOMER MATCH — Sync automático D1 → Meta Custom Audiences
-// ─────────────────────────────────────────────────────────────────────────────
-/**
- * Busca leads high_intent + buyer_lookalike do D1 e envia para Meta Custom Audience.
- *
- * Secrets necessários (wrangler secret put):
- *   META_AD_ACCOUNT_ID  → ID da conta de anúncios (act_XXXXXXXXX)
- *   META_AUDIENCE_ID    → ID da Custom Audience já criada no Meta Ads
- *
- * Meta aceita até 10.000 usuários por chamada.
- * Formato: schema EMAIL_SHA256 + PHONE_SHA256, dados já hasheados.
- */
-async function syncMetaCustomAudience(env) {
-  if (!env.META_ACCESS_TOKEN || !env.META_AD_ACCOUNT_ID || !env.META_AUDIENCE_ID) {
-    return { skipped: 'META_AD_ACCOUNT_ID ou META_AUDIENCE_ID não configurados' };
-  }
-  if (!env.DB) return { skipped: 'DB não disponível' };
-  try {
-    // Busca perfis high_intent e buyer_lookalike atualizados nos últimos 30 dias
-    const profiles = await env.DB.prepare(`
-      SELECT email, phone
-      FROM user_profiles
-      WHERE cohort_label IN ('high_intent', 'buyer_lookalike')
-        AND updated_at > datetime('now', '-30 days')
-        AND email IS NOT NULL
-      LIMIT 10000
-    `).all();
-    if (!profiles.results || profiles.results.length === 0) {
-      return { sent: 0 };
-    }
-    // Hash de cada linha — Meta exige SHA-256 lowercase sem espaços
-    const data = await Promise.all(
-      profiles.results.map(async (p) => {
-        const row = [];
-        row.push(p.email ? await sha256(p.email) : '');
-        row.push(p.phone ? await sha256(p.phone) : '');
-        return row;
-      })
-    );
-    const body = {
-      payload: {
-        schema: ['EMAIL_SHA256', 'PHONE_SHA256'],
-        data,
-      },
-    };
-    const endpoint = `https://graph.facebook.com/v22.0/${env.META_AUDIENCE_ID}/users`;
-    const res = await fetch(endpoint, {
-      method:  'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body:    JSON.stringify({ ...body, access_token: env.META_ACCESS_TOKEN }),
-    });
-    const result = await res.json();
-    if (!res.ok) {
-      console.error('[CustomerMatch] Meta erro:', res.status, result.error?.message || 'unknown');
-      return { error: result.error?.message, sent: 0 };
-    }
-    return { sent: profiles.results.length, num_received: result.num_received };
-  } catch (err) {
-    console.error('[CustomerMatch] Meta fetch error:', err.message);
-    return { error: err.message, sent: 0 };
-  }
-}
-/**
- * Gera payload formatado para Google Ads Customer Match (upload manual ou via API).
- * Retorna JSON com emails e phones hasheados prontos para upload.
- *
- * Google Ads Customer Match não tem API simples disponível via Workers sem OAuth2.
- * Esta função gera o arquivo — o upload é feito via endpoint GET /export/customer-match.
- */
-async function buildGoogleCustomerMatchExport(env) {
-  if (!env.DB) return [];
-  const profiles = await env.DB.prepare(`
-    SELECT email, phone, first_name, last_name
-    FROM user_profiles
-    WHERE cohort_label IN ('high_intent', 'buyer_lookalike')
-      AND updated_at > datetime('now', '-30 days')
-      AND email IS NOT NULL
-    LIMIT 10000
-  `).all();
-  if (!profiles.results?.length) return [];
-  return Promise.all(
-    profiles.results.map(async (p) => ({
-      hashed_email:      p.email      ? await sha256(p.email)      : '',
-      hashed_phone:      p.phone      ? await sha256(p.phone)      : '',
-      first_name:        p.first_name || '',
-      last_name:         p.last_name  || '',
-    }))
-  );
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// SEGMENTAÇÃO DINÂMICA ML — Handlers das Rotas de Clustering
-// ─────────────────────────────────────────────────────────────────────────────
-// Helper: parse seguro de JSON armazenado como TEXT no D1
-function tryParseJson(str, fallback) {
-  if (!str) return fallback !== undefined ? fallback : null;
-  try { return JSON.parse(str); } catch { return fallback !== undefined ? fallback : null; }
-}
-// ── POST /api/segmentation/cluster ───────────────────────────────────────────
-// Executa clustering K-means/DBSCAN/Hierarchical via Workers AI
-// Requer bindings: DB + AI
-async function handleSegmentationCluster(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  if (!env.AI) return new Response(JSON.stringify({ error: 'Workers AI não configurado (verifique binding AI no wrangler.toml)' }), { status: 503, headers });
-  const url = new URL(request.url);
-  const algorithm      = url.searchParams.get('algorithm') || 'kmeans';
-  const nClusters      = Math.min(10, Math.max(3, parseInt(url.searchParams.get('n_clusters') || '5')));
-  const clientVertical = url.searchParams.get('vertical') || 'general';
-  const forceRecluster = url.searchParams.get('force') === 'true';
-  if (!['kmeans', 'dbscan', 'hierarchical'].includes(algorithm)) {
-    return new Response(JSON.stringify({ error: 'algorithm deve ser: kmeans, dbscan ou hierarchical', received: algorithm }), { status: 400, headers });
-  }
-  try {
-    // 1. Cluster recente? Evitar re-clustering desnecessário (< 7 dias)
-    if (!forceRecluster) {
-      const existing = await env.DB.prepare(`
-        SELECT id, created_at, cluster_name FROM ml_segments
-        WHERE clustering_algorithm = ? AND is_active = 1 AND client_vertical = ?
-        ORDER BY created_at DESC LIMIT 1
-      `).bind(algorithm, clientVertical).first();
-      if (existing) {
-        const ageDays = (Date.now() - new Date(existing.created_at).getTime()) / (1000 * 60 * 60 * 24);
-        if (ageDays < 7) {
-          return new Response(JSON.stringify({
-            success:      true,
-            message:      'Cluster existente ainda válido (< 7 dias). Use ?force=true para re-clustering.',
-            cluster_id:   existing.id,
-            cluster_name: existing.cluster_name,
-            age_days:     Math.round(ageDays * 10) / 10,
-            use_existing: true,
-          }), { status: 200, headers });
-        }
-      }
-    }
-    // 2. Extrair leads históricos do D1 (últimos 6 meses, excluindo bots confirmados)
-    const leadsRes = await env.DB.prepare(`
-      SELECT id, predicted_ltv_class, engagement_score, intention_level,
-             country, state, utm_source, utm_medium, bot_score,
-             CAST(strftime('%H', created_at) AS INTEGER) AS hour_of_day,
-             CAST(julianday('now') - julianday(created_at) AS INTEGER) AS days_since_lead,
-             CASE WHEN strftime('%w', created_at) IN ('0','6') THEN 1 ELSE 0 END AS is_weekend
-      FROM leads
-      WHERE created_at >= datetime('now', '-6 months')
-        AND (bot_score IS NULL OR bot_score < 2)
-      ORDER BY RANDOM()
-      LIMIT 2000
-    `).all();
-    const leads = leadsRes.results || [];
-    if (leads.length < 50) {
-      return new Response(JSON.stringify({
-        error:       'Dados insuficientes para clustering. Mínimo: 50 leads nos últimos 6 meses.',
-        leads_found: leads.length,
-        required:    50,
-      }), { status: 400, headers });
-    }
-    // 3. Feature Engineering — normalização 0–1
-    const features = leads.map(l => ({
-      id:         l.id,
-      ltv:        l.predicted_ltv_class === 'High' ? 1 : (l.predicted_ltv_class === 'Medium' ? 0.5 : 0),
-      engagement: Math.min((l.engagement_score || 0) / 100, 1),
-      intention:  l.intention_level === 'comprador' || l.intention_level === 'high_intent' ? 1
-                : l.intention_level === 'interessado' ? 0.6
-                : l.intention_level === 'curioso'     ? 0.3 : 0,
-      recency:    Math.max(0, 1 - (l.days_since_lead || 0) / 180),
-      hour:       (l.hour_of_day || 12) / 23,
-      is_weekend: l.is_weekend || 0,
-      is_br:      l.country === 'BR' ? 1 : 0,
-      is_paid:    ['facebook','google','tiktok','instagram','youtube'].includes(
-                    (l.utm_source || '').toLowerCase()) ? 1 : 0,
-    }));
-    // 4. Prompt para Workers AI
-    const sampleSize = Math.min(features.length, 100);
-    const sample     = features.slice(0, sampleSize);
-    const clusteringPrompt =
-`You are a customer segmentation ML expert. Perform ${algorithm} clustering on ${sampleSize} customers into ${nClusters} segments.
-Customer features (all normalized 0-1):
-- ltv: predicted lifetime value (0=Low, 0.5=Medium, 1=High)
-- engagement: browser engagement score
-- intention: purchase intention (0=none, 0.3=curious, 0.6=interested, 1=buyer)
-- recency: lead recency (1=today, 0=6 months ago)
-- hour: conversion hour of day
-- is_weekend: converted on weekend (0/1)
-- is_br: lead from Brazil (0/1)
-- is_paid: from paid traffic channel (0/1)
-Data (${sampleSize} customers): ${JSON.stringify(sample.slice(0, 50))}
-Return ONLY valid JSON, zero explanation:
-{
-  "clusters": [
-    {
-      "cluster_id": 0,
-      "name": "[Nome Descritivo em Português]",
-      "size": ${Math.round(sampleSize / nClusters)},
-      "percentage": ${Math.round(100 / nClusters)},
-      "characteristics": {
-        "avg_ltv_class": 0.5,
-        "avg_behavior_score": 0.5,
-        "avg_engagement_score": 0.5,
-        "avg_intention_level": 0.5,
-        "avg_days_since_lead": 30,
-        "dominant_countries": ["BR"],
-        "dominant_states": ["SP", "RJ"],
-        "dominant_utm_sources": ["facebook"],
-        "top_features": ["ltv", "engagement"]
-      },
-      "centroid": { "ltv": 0.5, "engagement": 0.5, "intention": 0.5 },
-      "action_recommendation": "[Recomendação de campanha específica para este segmento]"
-    }
-  ],
-  "silhouette_score": 0.65,
-  "total_processed": ${sampleSize}
-}`;
-    // 5. Executar via Workers AI
-    const startTime = Date.now();
-    const aiRes = await env.AI.run('@cf/meta/llama-3.1-8b-instruct', {
-      messages:   [{ role: 'user', content: clusteringPrompt }],
-      max_tokens: 2000,
-    });
-    const duration = Date.now() - startTime;
-    if (!aiRes?.response) throw new Error('Workers AI não retornou resposta');
-    // 6. Parse do resultado
-    const jsonMatch = aiRes.response.trim().match(/\{[\s\S]*\}/);
-    if (!jsonMatch) throw new Error('Resposta do Workers AI não contém JSON válido');
-    const mlResult = JSON.parse(jsonMatch[0]);
-    if (!Array.isArray(mlResult.clusters) || mlResult.clusters.length === 0) {
-      throw new Error('Workers AI não retornou clusters válidos');
-    }
-    // 7. Inativar clusters anteriores do mesmo algoritmo/vertical
-    await env.DB.prepare(
-      `UPDATE ml_segments SET is_active = 0 WHERE clustering_algorithm = ? AND client_vertical = ? AND is_active = 1`
-    ).bind(algorithm, clientVertical).run();
-    // 8. Persistir novos clusters no D1
-    const now = new Date().toISOString();
-    for (const cluster of mlResult.clusters) {
-      const ch = cluster.characteristics || {};
-      await env.DB.prepare(`
-        INSERT INTO ml_segments (
-          cluster_id, cluster_name, clustering_algorithm, client_vertical,
-          size, percentage,
-          avg_ltv_class, avg_behavior_score, avg_engagement_score,
-          avg_intention_level, avg_days_since_lead,
-          dominant_countries, dominant_states, dominant_utm_sources, dominant_features,
-          silhouette_score, action_recommendations, bid_recommendations, campaign_recommendations,
-          is_active, created_at, updated_at
-        ) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,1,?,?)
-      `).bind(
-        cluster.cluster_id || 0,
-        cluster.name        || `Segmento ${cluster.cluster_id}`,
-        algorithm,
-        clientVertical,
-        cluster.size        || 0,
-        cluster.percentage  || 0,
-        ch.avg_ltv_class    || 0,
-        ch.avg_behavior_score   || 0,
-        ch.avg_engagement_score || 0,
-        ch.avg_intention_level  || 0,
-        ch.avg_days_since_lead  || 0,
-        JSON.stringify(ch.dominant_countries   || ['BR']),
-        JSON.stringify(ch.dominant_states      || []),
-        JSON.stringify(ch.dominant_utm_sources || []),
-        JSON.stringify(ch.top_features         || []),
-        mlResult.silhouette_score             || 0,
-        JSON.stringify([cluster.action_recommendation || '']),
-        JSON.stringify([]),
-        JSON.stringify([]),
-        now,
-        now,
-      ).run();
-    }
-    // 9. Log no histórico de clustering
-    try {
-      await env.DB.prepare(`
-        INSERT INTO ml_clustering_history (
-          clustering_id, started_at, completed_at, algorithm,
-          n_leads_processed, n_clusters_created, total_duration_ms,
-          workers_ai_neurons_used, status, parameters, results_summary
-        ) VALUES (0, ?, datetime('now'), ?, ?, ?, ?, ?, 'completed', ?, ?)
-      `).bind(
-        new Date(startTime).toISOString(),
-        algorithm,
-        leads.length,
-        mlResult.clusters.length,
-        duration,
-        Math.ceil(duration * 0.01),
-        JSON.stringify({ algorithm, n_clusters: nClusters, vertical: clientVertical }),
-        JSON.stringify({ clusters: mlResult.clusters.length, silhouette: mlResult.silhouette_score }),
-      ).run();
-    } catch (e) { console.error('[Segmentation] history log error:', e.message); }
-    return new Response(JSON.stringify({
-      success:          true,
-      algorithm,
-      n_clusters:       mlResult.clusters.length,
-      client_vertical:  clientVertical,
-      leads_analyzed:   leads.length,
-      duration_ms:      duration,
-      silhouette_score: mlResult.silhouette_score || null,
-      clusters:         mlResult.clusters,
-      generated_at:     now,
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[Segmentation] cluster error:', err.message);
-    try {
-      if (env.DB) {
-        await env.DB.prepare(`
-          INSERT INTO ml_clustering_history
-            (clustering_id, started_at, algorithm, n_leads_processed, n_clusters_created,
-             total_duration_ms, workers_ai_neurons_used, status, error_message, parameters, results_summary)
-          VALUES (0, datetime('now'), ?, 0, 0, 0, 0, 'failed', ?, ?, '{}')
-        `).bind(algorithm, err.message, JSON.stringify({ algorithm, n_clusters: nClusters })).run();
-      }
-    } catch { /* não bloquear a resposta de erro */ }
-    return new Response(JSON.stringify({ error: 'Erro ao executar clustering', message: err.message }), { status: 500, headers });
-  }
-}
-// ── GET /api/segmentation/list ────────────────────────────────────────────────
-// Lista todos os segmentos ativos com estatísticas
-async function handleSegmentationList(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  const url       = new URL(request.url);
-  const algorithm = url.searchParams.get('algorithm') || null;
-  const vertical  = url.searchParams.get('vertical')  || null;
-  try {
-    const conditions = ['is_active = 1'];
-    const bindings   = [];
-    if (algorithm) { conditions.push('clustering_algorithm = ?'); bindings.push(algorithm); }
-    if (vertical)  { conditions.push('client_vertical = ?');       bindings.push(vertical);  }
-    const query = `
-      SELECT id, cluster_id, cluster_name, clustering_algorithm, client_vertical,
-             size, percentage, avg_ltv_class, avg_behavior_score, avg_engagement_score,
-             avg_intention_level, avg_days_since_lead, silhouette_score,
-             dominant_countries, dominant_states, dominant_utm_sources, dominant_features,
-             action_recommendations, bid_recommendations, campaign_recommendations,
-             is_active, created_at, updated_at
-      FROM ml_segments
-      WHERE ${conditions.join(' AND ')}
-      ORDER BY created_at DESC
-      LIMIT 50
-    `;
-    const result   = await env.DB.prepare(query).bind(...bindings).all();
-    const segments = (result.results || []).map(s => ({
-      ...s,
-      dominant_countries:       tryParseJson(s.dominant_countries, []),
-      dominant_states:          tryParseJson(s.dominant_states, []),
-      dominant_utm_sources:     tryParseJson(s.dominant_utm_sources, []),
-      dominant_features:        tryParseJson(s.dominant_features, []),
-      action_recommendations:   tryParseJson(s.action_recommendations, []),
-      bid_recommendations:      tryParseJson(s.bid_recommendations, []),
-      campaign_recommendations: tryParseJson(s.campaign_recommendations, []),
-    }));
-    return new Response(JSON.stringify({
-      success: true,
-      total:   segments.length,
-      segments,
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[Segmentation] list error:', err.message);
-    return new Response(JSON.stringify({ error: err.message }), { status: 500, headers });
-  }
-}
-// ── GET /api/segmentation/outliers ───────────────────────────────────────────
-// Lista leads marcados como outliers no ml_segment_members (DBSCAN)
-async function handleSegmentationOutliers(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  const url   = new URL(request.url);
-  const limit = Math.min(parseInt(url.searchParams.get('limit') || '50'), 200);
-  const days  = parseInt(url.searchParams.get('days') || '30');
-  try {
-    const result = await env.DB.prepare(`
-      SELECT msm.lead_id, msm.cluster_id, msm.confidence, msm.is_outlier,
-             msm.outlier_reason, msm.assigned_at,
-             l.email, l.phone, l.country, l.state, l.city,
-             l.utm_source, l.bot_score, l.engagement_score, l.intention_level,
-             l.created_at AS lead_created_at
-      FROM ml_segment_members msm
-      LEFT JOIN leads l ON CAST(msm.lead_id AS INTEGER) = l.id
-      WHERE msm.is_outlier = 1
-        AND msm.assigned_at >= datetime('now', '-' || ? || ' days')
-      ORDER BY msm.assigned_at DESC
-      LIMIT ?
-    `).bind(days, limit).all();
-    return new Response(JSON.stringify({
-      success:     true,
-      total:       (result.results || []).length,
-      period_days: days,
-      outliers:    result.results || [],
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[Segmentation] outliers error:', err.message);
-    return new Response(JSON.stringify({ error: err.message }), { status: 500, headers });
-  }
-}
-// ── PUT /api/segmentation/update ─────────────────────────────────────────────
-// Atualiza recomendações de ação/bid/campanha de um segmento existente
-async function handleSegmentationUpdate(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  let body;
-  try { body = await request.json(); }
-  catch { return new Response(JSON.stringify({ error: 'JSON inválido no body da requisição' }), { status: 400, headers }); }
-  const { cluster_id, action_recommendations, bid_recommendations, campaign_recommendations } = body;
-  if (cluster_id === undefined || cluster_id === null) {
-    return new Response(JSON.stringify({ error: 'cluster_id é obrigatório' }), { status: 400, headers });
-  }
-  try {
-    const sets     = [];
-    const bindings = [];
-    if (action_recommendations   !== undefined) { sets.push('action_recommendations = ?');   bindings.push(JSON.stringify(action_recommendations));   }
-    if (bid_recommendations      !== undefined) { sets.push('bid_recommendations = ?');      bindings.push(JSON.stringify(bid_recommendations));      }
-    if (campaign_recommendations !== undefined) { sets.push('campaign_recommendations = ?'); bindings.push(JSON.stringify(campaign_recommendations)); }
-    if (sets.length === 0) {
-      return new Response(JSON.stringify({ error: 'Nenhum campo válido para atualizar (action_recommendations, bid_recommendations, campaign_recommendations)' }), { status: 400, headers });
-    }
-    sets.push("updated_at = datetime('now')");
-    bindings.push(cluster_id);
-    await env.DB.prepare(
-      `UPDATE ml_segments SET ${sets.join(', ')} WHERE id = ?`
-    ).bind(...bindings).run();
-    return new Response(JSON.stringify({
-      success:        true,
-      cluster_id,
-      fields_updated: sets.length - 1, // exclui o updated_at
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[Segmentation] update error:', err.message);
-    return new Response(JSON.stringify({ error: err.message }), { status: 500, headers });
-  }
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// FRAUD DETECTION ENGINE — Fase 4 Enterprise-Level
-// Heurístico puro (sem AI) — latência zero no /track
-// ─────────────────────────────────────────────────────────────────────────────
-// Domínios de email descartáveis
-const DISPOSABLE_EMAIL_DOMAINS = new Set([
-  'mailinator.com','guerrillamail.com','tempmail.com','throwaway.email',
-  'yopmail.com','sharklasers.com','guerrillamailblock.com','spam4.me',
-  '10minutemail.com','trashmail.com','maildrop.cc','fakeinbox.com',
-  'dispostable.com','mailnull.com','tempr.email','getnada.com',
-]);
-// ASNs conhecidos de datacenters (evitar falsos negativos em ASNs legítimos)
-const DATACENTER_PATTERNS = /amazon|google|microsoft|digitalocean|linode|ovh|vultr|hetzner|contabo|cloudflare|packet|rackspace|leaseweb/i;
-// ── checkFraudGate — roda sincronamente ANTES de processar o evento ────────────
-// Retorna { allowed, score, reasons, action }
-// NUNCA joga erro — qualquer falha = allowed (fail-safe)
-async function checkFraudGate(env, request, payload) {
-  const result = { allowed: true, score: 0, reasons: [], action: 'allowed' };
-  try {
-    const ip          = request.headers.get('CF-Connecting-IP') || '';
-    const ua          = request.headers.get('User-Agent')        || '';
-    const fingerprint = payload.fingerprint                       || '';
-    const email       = payload.email                             || '';
-    const botScore    = parseInt(payload.botScore || payload.bot_score || 0);
-    const asn         = String(request.cf?.asOrganization || '').toLowerCase();
-    const country     = (request.cf?.country || '').toUpperCase();
-    const acceptLang  = request.headers.get('Accept-Language');
-    // 1. KV blocklist check — instantâneo (~0ms)
-    if (env.GEO_CACHE && ip) {
-      const ipBlocked = await env.GEO_CACHE.get(`fraud_block:ip:${ip}`);
-      if (ipBlocked) {
-        return { allowed: false, score: 100, reasons: ['ip_blocklisted'], action: 'dropped' };
-      }
-    }
-    if (env.GEO_CACHE && fingerprint) {
-      const fpBlocked = await env.GEO_CACHE.get(`fraud_block:fp:${fingerprint}`);
-      if (fpBlocked) {
-        return { allowed: false, score: 100, reasons: ['fingerprint_blocklisted'], action: 'dropped' };
-      }
-    }
-    // 2. Bot score (já calculado pelo Worker)
-    if (botScore >= 3) { result.score += 60; result.reasons.push('bot_score_high'); }
-    else if (botScore === 2) { result.score += 30; result.reasons.push('bot_score_medium'); }
-    // 3. User-Agent suspeito
-    if (/headless|phantomjs|selenium|webdriver|curl|python|scrapy|bot|crawler|spider/i.test(ua)) {
-      result.score += 40; result.reasons.push('suspicious_user_agent');
-    }
-    // 4. Datacenter IP
-    if (ip && DATACENTER_PATTERNS.test(asn)) {
-      result.score += 35; result.reasons.push('datacenter_ip');
-    }
-    // 5. Sem Accept-Language (bots raramente enviam)
-    if (!acceptLang) {
-      result.score += 20; result.reasons.push('no_accept_language');
-    }
-    // 6. Email descartável
-    if (email) {
-      const domain = email.split('@')[1]?.toLowerCase();
-      if (domain && DISPOSABLE_EMAIL_DOMAINS.has(domain)) {
-        result.score += 25; result.reasons.push('disposable_email');
-      }
-    }
-    // 7. Velocity check via KV
-    if (env.GEO_CACHE && ip) {
-      const velKey1h = `fraud_velocity:${ip}:h`;
-      const velStr   = await env.GEO_CACHE.get(velKey1h);
-      const vel1h    = parseInt(velStr || '0') + 1;
-      // Atualizar contador (TTL: 3600s = 1h)
-      await env.GEO_CACHE.put(velKey1h, String(vel1h), { expirationTtl: 3600 });
-      if (vel1h > 20) { result.score += 50; result.reasons.push('ip_velocity_very_high'); }
-      else if (vel1h > 10) { result.score += 25; result.reasons.push('ip_velocity_high'); }
-    }
-    result.score = Math.min(100, result.score);
-    // 8. Decisão final
-    if (result.score >= 80) {
-      result.allowed = false;
-      result.action  = 'dropped';
-    } else if (result.score >= 40) {
-      result.action = 'flagged';
-      // Ainda permite o evento, mas loga como suspeito
-    }
-    return result;
-  } catch (err) {
-    console.error('[Fraud] checkFraudGate error:', err.message);
-    return { allowed: true, score: 0, reasons: ['gate_error_fallback'], action: 'allowed' };
-  }
-}
-// ── logFraudSignal — persiste no D1 em background via ctx.waitUntil ───────────
-async function logFraudSignal(env, request, payload, fraudResult) {
-  if (!env.DB || fraudResult.action === 'allowed') return; // só loga suspeitos/dropped
-  try {
-    const ip          = request.headers.get('CF-Connecting-IP') || '';
-    const ua          = request.headers.get('User-Agent')        || '';
-    const fingerprint = payload.fingerprint                       || '';
-    const botScore    = parseInt(payload.botScore || payload.bot_score || 0);
-    const asn         = String(request.cf?.asOrganization || '');
-    const country     = (request.cf?.country              || '');
-    const velKey1h    = `fraud_velocity:${ip}:h`;
-    const vel1h       = env.GEO_CACHE ? parseInt(await env.GEO_CACHE.get(velKey1h) || '0') : 0;
-    let emailHash = null;
-    if (payload.email) {
-      try { emailHash = await sha256(payload.email.trim().toLowerCase()); } catch {}
-    }
-    await env.DB.prepare(`
-      INSERT INTO fraud_signals (
-        ip_address, fingerprint, user_id, email_hash, event_name, event_id,
-        fraud_score, action_taken, reasons,
-        ip_country, ip_asn, user_agent, bot_score, velocity_1h, detected_at
-      ) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,datetime('now'))
-    `).bind(
-      ip, fingerprint || null, payload.userId || null, emailHash,
-      payload.eventName || null, payload.eventId || null,
-      fraudResult.score, fraudResult.action, JSON.stringify(fraudResult.reasons),
-      country, asn, ua.substring(0, 255), botScore, vel1h,
-    ).run();
-    // Se dropped com score alto → criar/atualizar fraud_alert para este IP
-    if (fraudResult.action === 'dropped' && ip) {
-      await env.DB.prepare(`
-        INSERT INTO fraud_alerts (alert_type, entity_type, entity_value, events_total, events_dropped, peak_score, first_seen, last_seen, top_reasons)
-        VALUES ('ip_attack', 'ip', ?, 1, 1, ?, datetime('now'), datetime('now'), ?)
-        ON CONFLICT(entity_type, entity_value) DO UPDATE SET
-          events_total   = events_total + 1,
-          events_dropped = events_dropped + 1,
-          peak_score     = MAX(peak_score, excluded.peak_score),
-          last_seen      = datetime('now'),
-          updated_at     = datetime('now')
-      `).bind(ip, fraudResult.score, JSON.stringify(fraudResult.reasons)).run().catch(() => {
-        // Pode falhar se ON CONFLICT não funcionar (schema sem UNIQUE) — silent
-      });
-    }
-  } catch (err) {
-    console.error('[Fraud] logFraudSignal error:', err.message);
-  }
-}
-// ── handleFraudAlerts — GET /api/fraud/alerts ─────────────────────────────────
-async function handleFraudAlerts(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  const url    = new URL(request.url);
-  const action = url.searchParams.get('action') || null; // 'dropped','flagged'
-  const hours  = parseInt(url.searchParams.get('hours') || '24');
-  const limit  = Math.min(parseInt(url.searchParams.get('limit') || '50'), 200);
-  try {
-    const cond     = action ? 'AND action_taken = ?' : '';
-    const bindings = action ? [hours, action, limit] : [hours, limit];
-    const result = await env.DB.prepare(`
-      SELECT ip_address, fingerprint, event_name, fraud_score, action_taken,
-             reasons, ip_country, ip_asn, bot_score, velocity_1h, detected_at
-      FROM fraud_signals
-      WHERE detected_at >= datetime('now', '-' || ? || ' hours')
-        ${cond}
-      ORDER BY fraud_score DESC, detected_at DESC
-      LIMIT ?
-    `).bind(...bindings).all();
-    const signals = (result.results || []).map(s => ({
-      ...s,
-      reasons: tryParseJson(s.reasons, []),
-    }));
-    // Stats rápidas
-    const stats = await env.DB.prepare(`SELECT * FROM v_fraud_dashboard`).first().catch(() => null);
-    return new Response(JSON.stringify({
-      success:  true,
-      period_hours: hours,
-      total:    signals.length,
-      stats,
-      alerts:   signals,
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[Fraud] alerts error:', err.message);
-    return new Response(JSON.stringify({ error: err.message }), { status: 500, headers });
-  }
-}
-// ── handleFraudBlocklist — GET /api/fraud/blocklist ──────────────────────────
-async function handleFraudBlocklist(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  try {
-    const result = await env.DB.prepare(`
-      SELECT entity_type, entity_value, events_total, events_dropped,
-             peak_score, first_seen, last_seen, blocked_at, block_expires, top_reasons
-      FROM fraud_alerts
-      WHERE is_blocked = 1
-      ORDER BY events_dropped DESC
-      LIMIT 100
-    `).all();
-    const blocklist = (result.results || []).map(r => ({
-      ...r,
-      top_reasons: tryParseJson(r.top_reasons, []),
-    }));
-    return new Response(JSON.stringify({
-      success:   true,
-      total:     blocklist.length,
-      blocklist,
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[Fraud] blocklist error:', err.message);
-    return new Response(JSON.stringify({ error: err.message }), { status: 500, headers });
-  }
-}
-// ── handleFraudBlocklistAdd — POST /api/fraud/blocklist/add ──────────────────
-async function handleFraudBlocklistAdd(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  let body;
-  try { body = await request.json(); }
-  catch { return new Response(JSON.stringify({ error: 'JSON inválido' }), { status: 400, headers }); }
-  const { entity_type, entity_value, ttl_hours = 24, reason = 'manual_block' } = body;
-  if (!entity_type || !entity_value) {
-    return new Response(JSON.stringify({ error: 'entity_type (ip|fingerprint) e entity_value são obrigatórios' }), { status: 400, headers });
-  }
-  if (!['ip', 'fingerprint'].includes(entity_type)) {
-    return new Response(JSON.stringify({ error: 'entity_type deve ser: ip ou fingerprint' }), { status: 400, headers });
-  }
-  try {
-    const kvKey    = `fraud_block:${entity_type}:${entity_value}`;
-    const ttlSec   = Math.min(ttl_hours * 3600, 7 * 24 * 3600); // max 7 dias
-    const expiresAt = new Date(Date.now() + ttlSec * 1000).toISOString();
-    // Adicionar no KV (checagem instantânea em /track)
-    if (env.GEO_CACHE) {
-      await env.GEO_CACHE.put(kvKey, JSON.stringify({ reason, blocked_at: new Date().toISOString() }), { expirationTtl: ttlSec });
-    }
-    // Registrar no D1 para auditoria
-    await env.DB.prepare(`
-      INSERT INTO fraud_alerts (alert_type, entity_type, entity_value, events_total, events_dropped, peak_score, first_seen, last_seen, is_blocked, blocked_at, block_expires, top_reasons)
-      VALUES ('manual', ?, ?, 0, 0, 100, datetime('now'), datetime('now'), 1, datetime('now'), ?, ?)
-      ON CONFLICT DO UPDATE SET is_blocked = 1, blocked_at = datetime('now'), block_expires = excluded.block_expires, updated_at = datetime('now')
-    `).bind(entity_type, entity_value, expiresAt, JSON.stringify([reason])).run().catch(() => {
-      // fallback se não tiver UNIQUE constraint na fraud_alerts
-    });
-    return new Response(JSON.stringify({
-      success:      true,
-      entity_type,
-      entity_value,
-      kv_key:       kvKey,
-      ttl_hours,
-      expires_at:   expiresAt,
-      message:      `${entity_type} '${entity_value}' bloqueado por ${ttl_hours}h. Efeito imediato via KV.`,
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[Fraud] blocklist add error:', err.message);
-    return new Response(JSON.stringify({ error: err.message }), { status: 500, headers });
-  }
-}
-// ── handleFraudBlocklistRemove — DELETE /api/fraud/blocklist/remove ──────────
-async function handleFraudBlocklistRemove(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  let body;
-  try { body = await request.json(); }
-  catch { return new Response(JSON.stringify({ error: 'JSON inválido' }), { status: 400, headers }); }
-  const { entity_type, entity_value } = body;
-  if (!entity_type || !entity_value) {
-    return new Response(JSON.stringify({ error: 'entity_type e entity_value são obrigatórios' }), { status: 400, headers });
-  }
-  try {
-    const kvKey = `fraud_block:${entity_type}:${entity_value}`;
-    if (env.GEO_CACHE) await env.GEO_CACHE.delete(kvKey);
-    await env.DB.prepare(
-      `UPDATE fraud_alerts SET is_blocked = 0, resolved_at = datetime('now'), resolved_by = 'manual' WHERE entity_type = ? AND entity_value = ?`
-    ).bind(entity_type, entity_value).run();
-    return new Response(JSON.stringify({
-      success:      true,
-      entity_type,
-      entity_value,
-      message:      `${entity_type} '${entity_value}' removido do blocklist. Efeito imediato via KV.`,
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[Fraud] blocklist remove error:', err.message);
-    return new Response(JSON.stringify({ error: err.message }), { status: 500, headers });
-  }
-}
-// ── handleFraudStats — GET /api/fraud/stats ───────────────────────────────────
-async function handleFraudStats(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  try {
-    const dashboard = await env.DB.prepare(`SELECT * FROM v_fraud_dashboard`).first();
-    const topIps    = await env.DB.prepare(`
-      SELECT ip_address, COUNT(*) as events, MAX(fraud_score) as peak_score
-      FROM fraud_signals
-      WHERE detected_at >= datetime('now', '-24 hours') AND action_taken = 'dropped'
-      GROUP BY ip_address ORDER BY events DESC LIMIT 10
-    `).all();
-    const topReasons = await env.DB.prepare(`
-      SELECT action_taken, COUNT(*) as count FROM fraud_signals
-      WHERE detected_at >= datetime('now', '-24 hours')
-      GROUP BY action_taken
-    `).all();
-    return new Response(JSON.stringify({
-      success:       true,
-      period:        '24h',
-      dashboard,
-      top_attacking_ips: topIps.results || [],
-      by_action:     topReasons.results || [],
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[Fraud] stats error:', err.message);
-    return new Response(JSON.stringify({ error: err.message }), { status: 500, headers });
-  }
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// A/B TESTING DE PROMPTS LTV — Fase 3 Enterprise-Level
-// ─────────────────────────────────────────────────────────────────────────────
-// Cache key para o teste ativo (KV — evita hit no D1 a cada request /track)
-const AB_LTV_CACHE_KEY = 'ab_ltv_active_test';
-// ── getLtvAbVariation — busca e sorteia variação do teste ativo ─────────────
-// Retorna null se não há teste ativo ou DB/KV indisponíveis
-async function getLtvAbVariation(env) {
-  if (!env.DB) return null;
-  try {
-    // 1. Tentar cache KV (TTL: 5 min)
-    let testData = null;
-    if (env.GEO_CACHE) {
-      const cached = await env.GEO_CACHE.get(AB_LTV_CACHE_KEY, 'json');
-      if (cached) testData = cached;
-    }
-    // 2. Cache miss ou KV indisponível → buscar do D1
-    if (!testData) {
-      const test = await env.DB.prepare(`
-        SELECT t.id AS test_id, v.id AS variation_id,
-               v.name, v.system_prompt, v.weight, v.is_control
-        FROM ltv_ab_tests t
-        JOIN ltv_ab_variations v ON v.test_id = t.id
-        WHERE t.status = 'running'
-        ORDER BY t.id DESC
-      `).all();
-      if (!test.results || test.results.length === 0) {
-        // Sem teste ativo — cachear null por 5 min para não bater no D1
-        if (env.GEO_CACHE) {
-          await env.GEO_CACHE.put(AB_LTV_CACHE_KEY, JSON.stringify(null), { expirationTtl: 300 });
-        }
-        return null;
-      }
-      testData = test.results;
-      if (env.GEO_CACHE) {
-        await env.GEO_CACHE.put(AB_LTV_CACHE_KEY, JSON.stringify(testData), { expirationTtl: 300 });
-      }
-    }
-    if (!testData || testData.length === 0) return null;
-    // 3. Sortear variação por peso ponderado
-    const totalWeight = testData.reduce((s, v) => s + (v.weight || 0.5), 0);
-    let rand = Math.random() * totalWeight;
-    for (const variation of testData) {
-      rand -= (variation.weight || 0.5);
-      if (rand <= 0) return variation;
-    }
-    return testData[testData.length - 1];
-  } catch (err) {
-    console.error('[AB-LTV] getLtvAbVariation error:', err.message);
-    return null; // graceful fallback — nunca quebra o fluxo principal
-  }
-}
-// ── recordAbAssignment — registra a variação usada para um lead ──────────────
-// Executado via ctx.waitUntil — não bloqueia o /track
-async function recordAbAssignment(env, userId, variationId, testId, predictedLtv, predictedClass, emailHash) {
-  if (!env.DB) return;
-  try {
-    await env.DB.prepare(`
-      INSERT INTO ltv_ab_assignments
-        (test_id, variation_id, user_id, email_hash, predicted_ltv, predicted_class, assigned_at)
-      VALUES (?, ?, ?, ?, ?, ?, datetime('now'))
-    `).bind(testId, variationId, userId, emailHash || null, predictedLtv || null, predictedClass || null).run();
-    // Incrementar contador na variação
-    await env.DB.prepare(
-      `UPDATE ltv_ab_variations SET total_assigned = total_assigned + 1 WHERE id = ?`
-    ).bind(variationId).run();
-  } catch (err) {
-    console.error('[AB-LTV] recordAbAssignment error:', err.message);
-  }
-}
-// ── handleLtvAbTestCreate — POST /api/ltv/ab-test/create ─────────────────────
-async function handleLtvAbTestCreate(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  let body;
-  try { body = await request.json(); }
-  catch { return new Response(JSON.stringify({ error: 'JSON inválido no body' }), { status: 400, headers }); }
-  const { name, description, min_sample = 100, variations } = body;
-  if (!name) return new Response(JSON.stringify({ error: 'name é obrigatório' }), { status: 400, headers });
-  if (!Array.isArray(variations) || variations.length < 2) {
-    return new Response(JSON.stringify({ error: 'Mínimo 2 variações são necessárias' }), { status: 400, headers });
-  }
-  // Verificar se há teste em andamento
-  const running = await env.DB.prepare(`SELECT id FROM ltv_ab_tests WHERE status = 'running' LIMIT 1`).first();
-  if (running) {
-    return new Response(JSON.stringify({
-      error: 'Já existe um teste em andamento. Pause ou conclua o teste atual antes de criar um novo.',
-      running_test_id: running.id,
-    }), { status: 409, headers });
-  }
-  try {
-    const now = new Date().toISOString();
-    // Validar que pesos somam aproximadamente 1.0
-    const totalWeight = variations.reduce((s, v) => s + (v.weight || 0.5), 0);
-    if (Math.abs(totalWeight - 1.0) > 0.05) {
-      return new Response(JSON.stringify({
-        error: `A soma dos weights deve ser 1.0. Recebido: ${totalWeight.toFixed(3)}`,
-      }), { status: 400, headers });
-    }
-    const hasControl = variations.some(v => v.is_control);
-    if (!hasControl) {
-      return new Response(JSON.stringify({ error: 'Pelo menos uma variação deve ter is_control: true (baseline)' }), { status: 400, headers });
-    }
-    // Criar teste
-    const testRes = await env.DB.prepare(`
-      INSERT INTO ltv_ab_tests (name, description, status, min_sample, created_at)
-      VALUES (?, ?, 'running', ?, ?)
-    `).bind(name, description || null, min_sample, now).run();
-    const testId = testRes.meta?.last_row_id;
-    if (!testId) throw new Error('Falha ao criar o teste no D1');
-    // Criar variações
-    const createdVariations = [];
-    for (const v of variations) {
-      const vRes = await env.DB.prepare(`
-        INSERT INTO ltv_ab_variations (test_id, name, system_prompt, weight, is_control, created_at)
-        VALUES (?, ?, ?, ?, ?, ?)
-      `).bind(testId, v.name, v.system_prompt, v.weight || 0.5, v.is_control ? 1 : 0, now).run();
-      createdVariations.push({ id: vRes.meta?.last_row_id, name: v.name, weight: v.weight, is_control: !!v.is_control });
-    }
-    // Invalidar cache KV
-    if (env.GEO_CACHE) await env.GEO_CACHE.delete(AB_LTV_CACHE_KEY);
-    return new Response(JSON.stringify({
-      success:         true,
-      test_id:         testId,
-      name,
-      status:          'running',
-      min_sample,
-      variations:      createdVariations,
-      started_at:      now,
-    }), { status: 201, headers });
-  } catch (err) {
-    console.error('[AB-LTV] create error:', err.message);
-    return new Response(JSON.stringify({ error: err.message }), { status: 500, headers });
-  }
-}
-// ── handleLtvAbTestList — GET /api/ltv/ab-test/list ──────────────────────────
-async function handleLtvAbTestList(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  const url    = new URL(request.url);
-  const status = url.searchParams.get('status') || null;
-  const limit  = Math.min(parseInt(url.searchParams.get('limit') || '20'), 50);
-  try {
-    const cond     = status ? 'WHERE t.status = ?' : '';
-    const bindings = status ? [status, limit] : [limit];
-    const tests = await env.DB.prepare(`
-      SELECT t.id, t.name, t.description, t.status, t.winner_id,
-             t.started_at, t.completed_at, t.created_at, t.min_sample,
-             COUNT(DISTINCT v.id) AS variation_count,
-             SUM(v.total_assigned) AS total_assigned
-      FROM ltv_ab_tests t
-      LEFT JOIN ltv_ab_variations v ON v.test_id = t.id
-      ${cond}
-      GROUP BY t.id
-      ORDER BY t.created_at DESC
-      LIMIT ?
-    `).bind(...bindings).all();
-    return new Response(JSON.stringify({
-      success: true,
-      total:   (tests.results || []).length,
-      tests:   tests.results || [],
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[AB-LTV] list error:', err.message);
-    return new Response(JSON.stringify({ error: err.message }), { status: 500, headers });
-  }
-}
-// ── handleLtvAbTestResults — GET /api/ltv/ab-test/results ────────────────────
-async function handleLtvAbTestResults(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  const url    = new URL(request.url);
-  const testId = url.searchParams.get('test_id') || null;
-  try {
-    const cond     = testId ? 'WHERE test_id = ?' : 'WHERE status = \'running\'';
-    const testBind = testId ? [parseInt(testId)] : [];
-    const testRes = await env.DB.prepare(`
-      SELECT id, name, status, min_sample, winner_id, started_at FROM ltv_ab_tests ${cond} LIMIT 1
-    `).bind(...testBind).first();
-    if (!testRes) {
-      return new Response(JSON.stringify({ error: 'Nenhum teste encontrado' }), { status: 404, headers });
-    }
-    const perf = await env.DB.prepare(`
-      SELECT * FROM v_ab_test_performance WHERE test_id = ?
-    `).bind(testRes.id).all();
-    const variations = perf.results || [];
-    const ready      = variations.every(v => (v.total_assigned || 0) >= testRes.min_sample);
-    let recommendation = null;
-    if (ready && variations.length > 0) {
-      const best = variations.reduce((a, b) =>
-        (b.accuracy_score || 0) > (a.accuracy_score || 0) ? b : a
-      );
-      const control = variations.find(v => v.is_control);
-      const improvement = control
-        ? ((best.accuracy_score || 0) - (control.accuracy_score || 0)) * 100
-        : null;
-      recommendation = {
-        winner_variation_id:   best.variation_id,
-        winner_variation_name: best.variation_name,
-        accuracy_score:        best.accuracy_score,
-        improvement_vs_control: improvement ? `+${improvement.toFixed(1)}%` : null,
-        ready_to_declare:       true,
-      };
-    }
-    return new Response(JSON.stringify({
-      success: true,
-      test: {
-        id:          testRes.id,
-        name:        testRes.name,
-        status:      testRes.status,
-        min_sample:  testRes.min_sample,
-        started_at:  testRes.started_at,
-        is_ready:    ready,
-      },
-      variations,
-      recommendation,
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[AB-LTV] results error:', err.message);
-    return new Response(JSON.stringify({ error: err.message }), { status: 500, headers });
-  }
-}
-// ── handleLtvAbTestWinner — POST /api/ltv/ab-test/winner ─────────────────────
-async function handleLtvAbTestWinner(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  let body;
-  try { body = await request.json(); }
-  catch { return new Response(JSON.stringify({ error: 'JSON inválido' }), { status: 400, headers }); }
-  const { test_id, variation_id } = body;
-  if (!test_id || !variation_id) {
-    return new Response(JSON.stringify({ error: 'test_id e variation_id são obrigatórios' }), { status: 400, headers });
-  }
-  try {
-    const variation = await env.DB.prepare(
-      `SELECT id, name, system_prompt, is_control FROM ltv_ab_variations WHERE id = ? AND test_id = ?`
-    ).bind(variation_id, test_id).first();
-    if (!variation) {
-      return new Response(JSON.stringify({ error: 'Variação não encontrada para este teste' }), { status: 404, headers });
-    }
-    // Marcar winner e concluir o teste
-    await env.DB.prepare(
-      `UPDATE ltv_ab_tests SET winner_id = ?, status = 'completed', completed_at = datetime('now') WHERE id = ?`
-    ).bind(variation_id, test_id).run();
-    // Invalidar cache KV (não há mais teste ativo)
-    if (env.GEO_CACHE) await env.GEO_CACHE.delete(AB_LTV_CACHE_KEY);
-    return new Response(JSON.stringify({
-      success:             true,
-      test_id,
-      winner_variation_id: variation_id,
-      winner_name:         variation.name,
-      is_control:          variation.is_control === 1,
-      winning_prompt:      variation.system_prompt,
-      message:             variation.is_control === 1
-        ? 'O prompt original (controle) venceu. Nenhuma alteração necessária.'
-        : 'Novo prompt vencedor identificado. Copie o campo winning_prompt e aplique ao predictLtv() como novo default.',
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[AB-LTV] winner error:', err.message);
-    return new Response(JSON.stringify({ error: err.message }), { status: 500, headers });
-  }
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// BIDDING RECOMMENDATIONS — Handlers das Rotas de Otimização de Bids
-// ─────────────────────────────────────────────────────────────────────────────
-// Fatores de plataforma (conservadores por design — usuário escala gradualmente)
-const PLATFORM_FACTORS = { meta: 0.85, google: 0.90, tiktok: 0.75 };
-// Multiplicadores por tier de segmento (baseado em avg_ltv_class + avg_behavior_score)
-function getSegmentMultiplier(avgLtvClass, avgBehaviorScore) {
-  const ltv  = parseFloat(avgLtvClass    || 0);
-  const eng  = parseFloat(avgBehaviorScore || 0);
-  if (ltv >= 0.7 && eng >= 0.7)  return 1.4;  // Alto Valor + Alto Engajamento
-  if (ltv >= 0.7 && eng >= 0.4)  return 1.2;  // Alto Valor + Médio Engajamento
-  if (ltv >= 0.4 && eng >= 0.7)  return 1.0;  // Médio Valor + Alto Engajamento
-  if (ltv >= 0.4 && eng >= 0.4)  return 0.8;  // Médio Valor + Médio Engajamento
-  return 0.6;                                   // Baixo Valor ou Baixo Engajamento
-}
-// Ajuste de confiança baseado em volume de conversões
-function getConfidenceAdjustment(confidence) {
-  if (confidence >= 0.7) return 1.00;
-  if (confidence >= 0.4) return 0.85;
-  return 0.70;
-}
-// ── POST /api/bidding/recommend ───────────────────────────────────────────────
-// Gera recomendações de bid para uma plataforma e vertical
-// Requer binding: DB (AI é opcional — usa fórmula determinística se indisponível)
-async function handleBiddingRecommend(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  let body;
-  try { body = await request.json(); }
-  catch { return new Response(JSON.stringify({ error: 'JSON inválido no body' }), { status: 400, headers }); }
-  const {
-    vertical    = 'geral',
-    platform    = 'meta',
-    target_roi  = 3.5,
-    period_days = 30,
-    campaign_id = null,
-    budget      = null,
-  } = body;
-  const platforms = platform === 'all'
-    ? Object.keys(PLATFORM_FACTORS)
-    : [platform].filter(p => PLATFORM_FACTORS[p]);
-  if (platforms.length === 0) {
-    return new Response(JSON.stringify({ error: 'platform deve ser: meta, google, tiktok ou all' }), { status: 400, headers });
-  }
-  if (target_roi < 1 || target_roi > 20) {
-    return new Response(JSON.stringify({ error: 'target_roi deve estar entre 1 e 20' }), { status: 400, headers });
-  }
-  try {
-    // 1. Checar se há segmentos ML ativos (com dados de LTV real)
-    const segmentsRes = await env.DB.prepare(`
-      SELECT
-        ms.id        AS segment_id,
-        ms.cluster_name,
-        ms.avg_ltv_class,
-        ms.avg_behavior_score,
-        ms.avg_engagement_score,
-        ms.silhouette_score,
-        COUNT(msm.id)    AS member_count,
-        AVG(l.predicted_ltv) AS real_avg_ltv,
-        SUM(CASE WHEN l.event_name IN ('Purchase','CompletePayment') THEN 1 ELSE 0 END) AS conversions
-      FROM ml_segments ms
-      LEFT JOIN ml_segment_members msm ON msm.cluster_id = ms.id
-      LEFT JOIN leads l ON CAST(msm.lead_id AS INTEGER) = l.id
-        AND l.created_at >= datetime('now', '-' || ? || ' days')
-      WHERE ms.is_active = 1
-        AND ms.client_vertical IN (?, 'general')
-      GROUP BY ms.id
-      HAVING member_count > 0
-      ORDER BY real_avg_ltv DESC
-      LIMIT 10
-    `).bind(period_days, vertical).all();
-    const segments = segmentsRes.results || [];
-    // 2. Fallback se não houver segmentos: usar LTV global dos leads
-    let globalLtv = 0, globalLeads = 0, globalConversions = 0;
-    if (segments.length === 0) {
-      const globalRes = await env.DB.prepare(`
-        SELECT
-          COUNT(*) AS total_leads,
-          AVG(predicted_ltv) AS avg_ltv,
-          SUM(CASE WHEN event_name IN ('Purchase','CompletePayment') THEN 1 ELSE 0 END) AS conversions
-        FROM leads
-        WHERE created_at >= datetime('now', '-' || ? || ' days')
-          AND (bot_score IS NULL OR bot_score < 2)
-      `).bind(period_days).first();
-      globalLeads       = globalRes?.total_leads  || 0;
-      globalLtv         = globalRes?.avg_ltv       || 0;
-      globalConversions = globalRes?.conversions    || 0;
-      if (globalLeads < 10) {
-        return new Response(JSON.stringify({
-          error:   `Dados insuficientes. Apenas ${globalLeads} leads no período de ${period_days} dias. Mínimo: 10.`,
-          leads_found:  globalLeads,
-          required: 10,
-        }), { status: 400, headers });
-      }
-    }
-    // 3. Gerar recomendações por plataforma × segmento
-    const now = new Date().toISOString();
-    const recommendations = [];
-    const targetSegments = segments.length > 0
-      ? segments
-      : [{ segment_id: null, cluster_name: 'Global (sem segmentação)', avg_ltv_class: 0.5, avg_behavior_score: 0.5, avg_engagement_score: 0.5, member_count: globalLeads, real_avg_ltv: globalLtv, conversions: globalConversions }];
-    for (const seg of targetSegments) {
-      const avgLtv     = parseFloat(seg.real_avg_ltv || 0);
-      const convs      = parseInt(seg.conversions || 0);
-      const confidence = Math.min(1, convs / 100);
-      // Sem LTV real? Usar LTV estimado pela classe do segmento
-      const estimatedLtv = avgLtv > 0 ? avgLtv :
-        seg.avg_ltv_class >= 0.7 ? 497 :
-        seg.avg_ltv_class >= 0.4 ? 297 : 97;
-      const cpaTarget    = estimatedLtv / target_roi;
-      const segMult      = getSegmentMultiplier(seg.avg_ltv_class, seg.avg_behavior_score);
-      const confAdj      = getConfidenceAdjustment(confidence);
-      const alertMsg = convs < 30
-        ? `Atenção: apenas ${convs} conversões no período. Bid baseado em estimativa de LTV — aplique com cautela.`
-        : null;
-      for (const plat of platforms) {
-        const platFactor   = PLATFORM_FACTORS[plat];
-        const recommendedBid = Math.max(5, cpaTarget * platFactor * segMult * confAdj);
-        const expectedRoi    = estimatedLtv / (recommendedBid / platFactor);
-        // Guardar no D1 em background
-        const reasoning = `Segmento "${seg.cluster_name}": LTV=${estimatedLtv.toFixed(0)} BRL, ` +
-          `CPA_alvo=${cpaTarget.toFixed(0)} BRL, fator_plataforma=${platFactor}, ` +
-          `mult_segmento=${segMult}, ajuste_confiança=${confAdj}, ` +
-          `base: ${convs} conversões em ${period_days} dias.`;
-        try {
-          await env.DB.prepare(`
-            INSERT INTO bid_recommendations (
-              generated_at, vertical, platform, period_days, target_roi,
-              segment_id, segment_name, leads_analyzed, conversions_found,
-              avg_ltv, cpa_target, recommended_bid, bid_currency,
-              confidence, expected_roi, reasoning, ai_used, alert_message,
-              platform_factor, confidence_adjustment, segment_multiplier, is_active
-            ) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0,?,?,?,?,1)
-          `).bind(
-            now, vertical, plat, period_days, target_roi,
-            seg.segment_id || null, seg.cluster_name,
-            seg.member_count || globalLeads, convs,
-            estimatedLtv, cpaTarget, recommendedBid, 'BRL',
-            confidence, expectedRoi, reasoning, alertMsg || null,
-            platFactor, confAdj, segMult,
-          ).run();
-        } catch (e) { console.error('[Bidding] D1 insert error:', e.message); }
-        recommendations.push({
-          platform:        plat,
-          segment:         seg.cluster_name,
-          segment_id:      seg.segment_id || null,
-          avg_ltv:         Math.round(estimatedLtv * 100) / 100,
-          avg_ltv_class:   seg.avg_ltv_class >= 0.7 ? 'High' : seg.avg_ltv_class >= 0.4 ? 'Medium' : 'Low',
-          cpa_target:      Math.round(cpaTarget * 100) / 100,
-          recommended_bid: Math.round(recommendedBid * 100) / 100,
-          bid_currency:    'BRL',
-          confidence:      Math.round(confidence * 100) / 100,
-          expected_roi:    Math.round(expectedRoi * 100) / 100,
-          reasoning,
-          alert:           alertMsg,
-        });
-      }
-    }
-    // Desativar recomendações anteriores da mesma vertical/plataforma
-    await env.DB.prepare(
-      `UPDATE bid_recommendations SET is_active = 0 WHERE vertical = ? AND generated_at < ? AND is_active = 1`
-    ).bind(vertical, now).run().catch(() => {});
-    const avgConfidence = recommendations.length > 0
-      ? recommendations.reduce((s, r) => s + r.confidence, 0) / recommendations.length
-      : 0;
-    return new Response(JSON.stringify({
-      success:      true,
-      generated_at: now,
-      vertical,
-      period_days,
-      target_roi,
-      data_quality: {
-        leads_analyzed:    targetSegments.reduce((s, sg) => s + (sg.member_count || 0), 0),
-        conversions_found: targetSegments.reduce((s, sg) => s + (sg.conversions || 0), 0),
-        segments_active:   segments.length,
-        confidence:        Math.round(avgConfidence * 100) / 100,
-      },
-      recommendations,
-      global_summary: {
-        total_recommendations:  recommendations.length,
-        avg_confidence:         Math.round(avgConfidence * 100) / 100,
-        expected_cost_reduction: avgConfidence >= 0.7 ? '-20%' : avgConfidence >= 0.4 ? '-10%' : 'indefinido (dados insuficientes)',
-        segments_analyzed:       segments.length,
-      },
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[Bidding] recommend error:', err.message);
-    return new Response(JSON.stringify({ error: 'Erro ao gerar recomendações', message: err.message }), { status: 500, headers });
-  }
-}
-// ── GET /api/bidding/history ──────────────────────────────────────────────────
-// Retorna histórico de recomendações de bids geradas
-async function handleBiddingHistory(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  const url      = new URL(request.url);
-  const vertical = url.searchParams.get('vertical') || null;
-  const platform = url.searchParams.get('platform') || null;
-  const limit    = Math.min(parseInt(url.searchParams.get('limit') || '20'), 100);
-  try {
-    const conditions = [];
-    const bindings   = [];
-    if (vertical) { conditions.push('vertical = ?');  bindings.push(vertical); }
-    if (platform) { conditions.push('platform = ?');  bindings.push(platform); }
-    const where = conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '';
-    const result = await env.DB.prepare(`
-      SELECT id, generated_at, vertical, platform, period_days, target_roi,
-             segment_name, leads_analyzed, conversions_found, avg_ltv, cpa_target,
-             recommended_bid, bid_currency, confidence, expected_roi,
-             reasoning, alert_message, ai_used, is_active,
-             applied_at, applied_campaign, applied_result
-      FROM bid_recommendations
-      ${where}
-      ORDER BY generated_at DESC
-      LIMIT ?
-    `).bind(...bindings, limit).all();
-    const items = (result.results || []).map(r => ({
-      ...r,
-      applied_result: tryParseJson(r.applied_result, null),
-    }));
-    return new Response(JSON.stringify({
-      success: true,
-      total:   items.length,
-      history: items,
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[Bidding] history error:', err.message);
-    return new Response(JSON.stringify({ error: err.message }), { status: 500, headers });
-  }
-}
-// ── GET /api/bidding/status ───────────────────────────────────────────────────
-// Status atual das recomendações ativas (última por plataforma por vertical)
-async function handleBiddingStatus(env, request, headers) {
-  if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
-  const url      = new URL(request.url);
-  const vertical = url.searchParams.get('vertical') || null;
-  try {
-    let query = `
-      SELECT platform, vertical, MAX(generated_at) as last_generated,
-             AVG(confidence) as avg_confidence, AVG(recommended_bid) as avg_bid,
-             COUNT(*) as recommendations_count,
-             SUM(CASE WHEN alert_message IS NOT NULL THEN 1 ELSE 0 END) as alerts_count
-      FROM bid_recommendations
-      WHERE is_active = 1
-    `;
-    const bindings = [];
-    if (vertical) { query += ' AND vertical = ?'; bindings.push(vertical); }
-    query += ' GROUP BY platform, vertical ORDER BY last_generated DESC';
-    const result = await env.DB.prepare(query).bind(...bindings).all();
-    return new Response(JSON.stringify({
-      success: true,
-      status:  result.results || [],
-    }), { status: 200, headers });
-  } catch (err) {
-    console.error('[Bidding] status error:', err.message);
-    return new Response(JSON.stringify({ error: err.message }), { status: 500, headers });
-  }
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// HANDLER PRINCIPAL
-// ─────────────────────────────────────────────────────────────────────────────
-export default {
-  async fetch(request, env, ctx) {
-    const origin  = request.headers.get('Origin') || '';
-    const headers = {
-      'Content-Type': 'application/json',
-      ...corsHeaders(origin, env.SITE_DOMAIN),
-    };
-    // Preflight CORS
-    if (request.method === 'OPTIONS') {
-      return new Response(null, { status: 204, headers });
-    }
-    const url = new URL(request.url);
-    // ── Rate Limiter — camada 0, antes do Fraud Gate ─────────────────────────
-    // Bloqueia na borda por IP antes de qualquer CPU ser consumida
-    // Silent drop (200) — atacante não sabe que foi bloqueado
-    // Requer binding RATE_LIMITER no wrangler.toml (Workers Paid)
-    // Fail-open: se binding não existir, deixa passar (não quebra o fluxo)
-    if (url.pathname === '/track' && request.method === 'POST' && env.RATE_LIMITER) {
-      const ip = request.headers.get('CF-Connecting-IP')
-              || request.headers.get('X-Forwarded-For')?.split(',')[0].trim()
-              || '0.0.0.0';
-      const { success } = await env.RATE_LIMITER.limit({ key: ip });
-      if (!success) {
-        return new Response(JSON.stringify({ status: 'ok', queued: true }), { status: 200, headers });
-      }
-    }
-    // ── Fraud Gate — Fase 4 (apenas em /track e /api) ────────────────────────
-    // Roda ANTES de qualquer processamento de evento
-    // Silent drop (200) — bots não sabem que foram detectados
-    if (url.pathname === '/track' && request.method === 'POST') {
-      let trackBodyForFraud;
-      try {
-        const cloned = request.clone();
-        trackBodyForFraud = await cloned.json().catch(() => ({}));
-      } catch { trackBodyForFraud = {}; }
-      const fraudResult = await checkFraudGate(env, request, trackBodyForFraud);
-      if (!fraudResult.allowed) {
-        // Log em background — não bloqueia a resposta
-        ctx.waitUntil(logFraudSignal(env, request, trackBodyForFraud, fraudResult));
-        // Silent drop: retorna 200 com payload de sucesso falso
-        return new Response(JSON.stringify({ status: 'ok', queued: true }), { status: 200, headers });
-      }
-      if (fraudResult.action === 'flagged') {
-        // Suspeito mas permitido — loga em background
-        ctx.waitUntil(logFraudSignal(env, request, trackBodyForFraud, fraudResult));
-      }
-    }
-    // ── GET /export/customer-match — exporta leads para Google Ads (download) ──
-    if (request.method === 'GET' && url.pathname === '/export/customer-match') {
-      // Proteção simples por token (mesmo META_ACCESS_TOKEN ou secret dedicado)
-      const authHeader = request.headers.get('Authorization') || '';
-      const token = authHeader.replace('Bearer ', '');
-      if (!env.META_ACCESS_TOKEN || token !== env.META_ACCESS_TOKEN) {
-        return new Response('Unauthorized', { status: 401 });
-      }
-      const rows = await buildGoogleCustomerMatchExport(env);
-      return new Response(JSON.stringify({ total: rows.length, data: rows }, null, 2), {
-        headers: { ...headers, 'Content-Disposition': 'attachment; filename="customer-match.json"' },
-      });
-    }
-    // ── GET /health — Smoke Test completo ────────────────────────────────────
-    if (request.method === 'GET' && url.pathname === '/health') {
-      const results = {};
-      // D1 — query real
-      try {
-        await env.DB.prepare('SELECT 1').run();
-        results.d1 = 'ok';
-      } catch (err) {
-        results.d1 = `FAILED: ${err.message}`;
-      }
-      // KV — leitura real
-      try {
-        await env.GEO_CACHE.get('__health_check__');
-        results.kv = 'ok';
-      } catch (err) {
-        results.kv = `FAILED: ${err.message}`;
-      }
-      // Workers AI — ping
-      try {
-        await env.AI.run('@cf/meta/llama-3.1-8b-instruct', {
-          messages: [{ role: 'user', content: 'ping' }],
-          max_tokens: 1,
-        });
-        results.ai = 'ok';
-      } catch (err) {
-        results.ai = `FAILED: ${err.message}`;
-      }
-      // Vars obrigatórias
-      const vars = {
-        META_PIXEL_ID:       env.META_PIXEL_ID       ? 'set' : 'MISSING',
-        GA4_MEASUREMENT_ID:  env.GA4_MEASUREMENT_ID  ? 'set' : 'MISSING',
-        TIKTOK_PIXEL_ID:     env.TIKTOK_PIXEL_ID     ? 'set' : 'MISSING',
-        SITE_DOMAIN:         env.SITE_DOMAIN         ? 'set' : 'MISSING',
-      };
-      // Secrets obrigatórios
-      const secrets = {
-        META_ACCESS_TOKEN:           env.META_ACCESS_TOKEN           ? 'set' : 'MISSING',
-        GA4_API_SECRET:              env.GA4_API_SECRET              ? 'set' : 'MISSING',
-        WA_WEBHOOK_VERIFY_TOKEN:    env.WA_WEBHOOK_VERIFY_TOKEN    ? 'set' : 'MISSING',
-        WHATSAPP_ACCESS_TOKEN:     env.WHATSAPP_ACCESS_TOKEN     ? 'set' : 'not set (optional - only for auto-reply)',
-        WHATSAPP_PHONE_NUMBER_ID: env.WHATSAPP_PHONE_NUMBER_ID ? 'set' : 'not set (optional - only for auto-reply)',
-        WA_NOTIFY_NUMBER:          env.WA_NOTIFY_NUMBER          ? 'set' : 'not set (optional - only for auto-reply)',
-        TIKTOK_ACCESS_TOKEN:       env.TIKTOK_ACCESS_TOKEN       ? 'set' : 'not set (optional)',
-        CALLMEBOT_PHONE:           env.CALLMEBOT_PHONE           ? 'set' : 'not set (optional)',
-      };
-      const hasMissing =
-        Object.values(vars).includes('MISSING') ||
-        Object.values(secrets).includes('MISSING') ||
-        results.d1 !== 'ok';
-      return new Response(JSON.stringify({
-        status:    hasMissing ? 'degraded' : 'ok',
-        timestamp: new Date().toISOString(),
-        bindings:  results,
-        vars,
-        secrets,
-      }, null, 2), { headers });
-    }
-    // ── POST /track — evento do browser ───────────────────────────────────────
-    if (request.method === 'POST' && url.pathname === '/track') {
-      // Reject oversized payloads before reading body (64 KB limit)
-      const contentLength = parseInt(request.headers.get('Content-Length') || '0', 10);
-      if (contentLength > 65536) {
-        return new Response(JSON.stringify({ error: 'Payload muito grande' }), { status: 413, headers });
-      }
-      let body;
-      try {
-        body = await request.json();
-      } catch {
-        return new Response(
-          JSON.stringify({ error: 'JSON inválido' }),
-          { status: 400, headers }
-        );
-      }
-      // ── Payload validation ────────────────────────────────────────────────────
-      // Reject non-object bodies and oversized string fields to prevent injection
-      if (typeof body !== 'object' || Array.isArray(body) || body === null) {
-        return new Response(JSON.stringify({ error: 'Payload inválido' }), { status: 400, headers });
-      }
-      const VALID_EVENT_NAMES = new Set([
-        'PageView','ViewContent','Lead','Purchase','InitiateCheckout',
-        'AddToCart','CompleteRegistration','Contact','Schedule',
-        'StartTrial','Subscribe','SubmitApplication','Search',
-        'video_start','video_25','video_50','video_75','video_complete'
-      ]);
-      const STR_FIELDS = ['email','phone','firstName','lastName','city','state','zip','userId',
-                          'utmSource','utmMedium','utmCampaign','utmContent','utmTerm',
-                          'fbclid','ttclid','gclid','transactionId','productName','currency'];
-      const { eventName, behavioral_data, ...payload } = body;
-      if (!eventName) {
-        return new Response(
-          JSON.stringify({ error: 'eventName é obrigatório' }),
-          { status: 400, headers }
-        );
-      }
-      if (typeof eventName !== 'string' || eventName.length > 64 || !VALID_EVENT_NAMES.has(eventName)) {
-        return new Response(JSON.stringify({ error: `eventName desconhecido: ${eventName.slice(0, 64)}` }), { status: 400, headers });
-      }
-      // Enforce max string length on known PII/UTM fields to block injection payloads
-      for (const field of STR_FIELDS) {
-        if (payload[field] !== undefined && payload[field] !== null) {
-          if (typeof payload[field] !== 'string' || payload[field].length > 512) {
-            return new Response(JSON.stringify({ error: `Campo inválido: ${field}` }), { status: 400, headers });
-          }
-        }
-      }
-      // value must be a non-negative number when present
-      if (payload.value !== undefined && payload.value !== null) {
-        const v = Number(payload.value);
-        if (isNaN(v) || v < 0 || v > 9_999_999) {
-          return new Response(JSON.stringify({ error: 'value fora do intervalo permitido' }), { status: 400, headers });
-        }
-        payload.value = v;
-      }
-      // ── Extrair dados comportamentais do browser ──────────────────────────────
-      // behavioral_data vem do engagement-scoring.js (engagement_score 0-5, intention_level)
-      // e do BehaviorEngine (user_score 0-100)
-      if (behavioral_data) {
-        payload.engagementScore = behavioral_data.engagement_score ?? behavioral_data.totalScore ?? null;
-        payload.intentionLevel  = behavioral_data.intention_level  ?? null;
-        payload.userScore       = behavioral_data.user_score       ?? null;
-        // PII extraído pelo advanced-matching.js chega aninhado em behavioral_data
-        // (trackLead passa piiData como `data`, que é spread em behavioral_data)
-        payload.email     = payload.email     || behavioral_data.email      || null;
-        payload.phone     = payload.phone     || behavioral_data.phone      || null;
-        payload.firstName = payload.firstName || behavioral_data.first_name  || behavioral_data.firstName || null;
-        payload.lastName  = payload.lastName  || behavioral_data.last_name   || behavioral_data.lastName  || null;
-        payload.city      = payload.city      || behavioral_data.city        || null;
-        payload.state     = payload.state     || behavioral_data.state       || null;
-        payload.zip       = payload.zip       || behavioral_data.zip         || null;
-        payload.dob       = payload.dob       || behavioral_data.dob         || null;
-      }
-      // ── Edge Fingerprint + UTM Resurrection ───────────────────────────────────
-      const fingerprint = await generateEdgeFingerprint(request);
-      payload.utmRestored = false;
-      if (fingerprint) {
-        if (payload.utmSource) {
-          // Tem UTM → salvar fingerprint para uso futuro
-          ctx.waitUntil(saveEdgeFingerprint(env.DB, fingerprint, payload.userId, payload));
-        } else {
-          // Sem UTM → tentar recuperar das últimas 48h
-          const recovered = await resurrectUTM(env.DB, fingerprint);
-          if (recovered) {
-            payload.utmSource   = payload.utmSource   || recovered.utm_source;
-            payload.utmMedium   = payload.utmMedium   || recovered.utm_medium;
-            payload.utmCampaign = payload.utmCampaign || recovered.utm_campaign;
-            payload.utmContent  = payload.utmContent  || recovered.utm_content;
-            payload.utmTerm     = payload.utmTerm     || recovered.utm_term;
-            payload.utmRestored = true;
-          }
-        }
-      }
-      // ── Bot Mitigation ────────────────────────────────────────────────────────
-      const botScoreStr = request.cf?.botManagement?.score;
-      const cfBotScore = botScoreStr !== undefined ? parseInt(botScoreStr) : 100;
-      const ua = (request.headers.get('User-Agent') || '').toLowerCase();
-      const isBotPattern = /bot|crawler|spider|lighthouse|postman|curl|inspect|headless/i.test(ua);
-      const isBot = cfBotScore < 30 || isBotPattern;
-      payload.botScore = isBot ? 2 : (cfBotScore < 60 ? 1 : 0);
-      // Dropar silenciosamente eventos de lixo (exceto conversões core para evitar falso positivo)
-      if (isBot && !['Contact', 'Lead', 'Purchase'].includes(eventName)) {
-        return new Response(JSON.stringify({ ok: true, skipped_due_to_bot: true }), { status: 200, headers });
-      }
-      // ── Edge Geo Enrichment ───────────────────────────────────────────────────
-      // Free: country, continent, asn | Paid: city, state, zip, lat/lon, timezone
-      const geoData = await enrichGeoFromEdge(request, env, payload);
-      // ── First-Party Cookie (Identity Resolution) ──────────────────────────────
-      const cookieHeader = request.headers.get('Cookie') || '';
-      const cdpUidMatch = cookieHeader.match(/_cdp_uid=([^;]+)/);
-      const finalUserId = payload.userId || (cdpUidMatch ? cdpUidMatch[1] : crypto.randomUUID());
-      payload.userId = finalUserId;
-      const ga4Name = META_TO_GA4[eventName] || eventName.toLowerCase();
-      // ── LTV Prediction (+ A/B Testing de Prompts) ────────────────────────────
-      // Lead, Contact, Schedule: sem valor monetário real → injetar LTV preditivo
-      // Isso treina os algoritmos de Meta/TikTok a priorizar leads de alto valor
-      const LTV_EVENTS = ['Lead', 'Contact', 'Schedule', 'CompleteRegistration'];
-      if (LTV_EVENTS.includes(eventName) && !payload.value) {
-        // A/B Testing: busca variação ativa (usa KV cache — ~0ms de latência extra)
-        const abVariation = await getLtvAbVariation(env);
-        const ltv = await predictLtv(env, payload, request, abVariation?.system_prompt || null);
-        payload.value           = ltv.value;
-        payload.currency        = payload.currency || 'BRL';
-        payload.ltvClass        = ltv.class;
-        payload.ltvScore        = ltv.score;
-        // Persiste no perfil em background
-        ctx.waitUntil(
-          upsertLtvProfile(env, payload.userId, ltv)
-        );
-        // Registrar assignment do A/B test em background (não bloqueia)
-        if (abVariation) {
-          const emailHash = payload.email
-            ? await sha256(payload.email.trim().toLowerCase())
-            : null;
-          ctx.waitUntil(
-            recordAbAssignment(
-              env,
-              payload.userId,
-              abVariation.variation_id,
-              abVariation.test_id,
-              ltv.value,
-              ltv.class,
-              emailHash,
-            )
-          );
-        }
-      }
-      // Cross-Device Graph — background (não bloqueia resposta)
-      // Só dispara quando tem PII e um userId confirmado
-      if (env.DB && payload.userId && (payload.email || payload.phone)) {
-        ctx.waitUntil(
-          resolveDeviceGraph(env.DB, payload.userId, payload.email, payload.phone)
-        );
-      }
-      // ── R2 Audit Log — background, não bloqueia ──────────────────────────────
-      ctx.waitUntil(writeAuditLog(env, eventName, payload, geoData));
-      // Disparar tudo em paralelo — não bloquear o browser
-      // WhatsApp: só notifica Lead e Purchase para não lotar o celular
-      const WHATSAPP_NOTIFY_EVENTS = ['Lead', 'Purchase', 'CompleteRegistration'];
-      const [metaRes, ga4Res, ttRes] = await Promise.allSettled([
-        sendMetaCapi(env, eventName, payload, request, ctx),
-        sendGA4Mp(env, ga4Name, payload, ctx),
-        sendTikTokApi(env, eventName, payload, request, ctx),
-        saveLead(env, eventName, payload, request, 'website'),
-        upsertProfile(env, eventName, payload, request),
-        ...(WHATSAPP_NOTIFY_EVENTS.includes(eventName)
-          ? [sendWhatsApp(env, eventName, payload)]
-          : []),
-      ]);
-      // Automação de mensagens — dispara regras ativas para este evento em background
-      // saveLead() já foi chamado acima; usamos o leadId gerado pelo D1 (last_row_id)
-      const AUTOMATION_EVENTS = ['Lead', 'Purchase', 'InitiateCheckout'];
-      if (AUTOMATION_EVENTS.includes(eventName) && env.DB) {
-        ctx.waitUntil(
-          (async () => {
-            try {
-              const lastLead = await env.DB
-                .prepare(`SELECT id FROM leads WHERE event_id = ?1 LIMIT 1`)
-                .bind(payload.eventId || payload.event_id || '')
-                .first();
-              const leadId = lastLead?.id ?? null;
-              if (leadId) await fireAutomation(env, eventName, leadId, payload);
-            } catch (e) { console.error('[Automation] lead lookup error:', e.message); }
-          })()
-        );
-      }
-      // ── Edge Personalization (Retornar Score) ───────────────────────────────
-      let currentScore = 0;
-      if (env.DB && payload.userId) {
-         try {
-           const profileRow = await env.DB.prepare('SELECT score FROM user_profiles WHERE user_id = ?').bind(payload.userId).first();
-           if (profileRow) currentScore = profileRow.score;
-         } catch(e) {}
-      }
-      const resHeaders = new Headers(headers);
-      resHeaders.set('Set-Cookie', `_cdp_uid=${finalUserId}; HttpOnly; Secure; SameSite=Lax; Max-Age=31536000; Path=/; Domain=.${env.SITE_DOMAIN}`);
-      return new Response(JSON.stringify({
-        ok:     true,
-        userProfile: { score: currentScore, user_id: finalUserId },
-        meta:   metaRes.value   ?? { error: metaRes.reason?.message },
-        ga4:    ga4Res.value    ?? { error: ga4Res.reason?.message },
-        tiktok: ttRes.value     ?? { error: ttRes.reason?.message },
-      }), { status: 200, headers: resHeaders });
-    }
-    // ── POST /webhook/hotmart ─────────────────────────────────────────────────
-    if (request.method === 'POST' && url.pathname === '/webhook/hotmart') {
-      // Validação de token Hotmart (X-Hotmart-Webhook-Token)
-      // Secret: wrangler secret put WEBHOOK_SECRET_HOTMART
-      if (env.WEBHOOK_SECRET_HOTMART) {
-        const token = request.headers.get('X-Hotmart-Webhook-Token') || '';
-        if (token !== env.WEBHOOK_SECRET_HOTMART) {
-          return new Response('Unauthorized', { status: 401 });
-        }
-      }
-      let wh;
-      try { wh = await request.json(); } catch {
-        return new Response('JSON inválido', { status: 400 });
-      }
-      const data     = wh.data || wh;
-      const buyer    = data.buyer    || {};
-      const purchase = data.purchase || {};
-      const product  = data.product  || {};
-      // Só processar compras aprovadas
-      if (!['APPROVED', 'COMPLETE', 'approved', 'complete'].includes(purchase.status)) {
-        return new Response(
-          JSON.stringify({ skipped: `status ${purchase.status}` }),
-          { status: 200, headers }
-        );
-      }
-      // Deduplicação — verificar se transação já foi processada
-      const hmTxId = String(purchase.transaction || '');
-      if (hmTxId && env.DB) {
-        try {
-          const dup = await env.DB.prepare(
-            'SELECT id FROM webhook_events WHERE transaction_id = ? AND status = ?'
-          ).bind(hmTxId, 'processed').first();
-          if (dup) {
-            return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
-          }
-        } catch { /* continua mesmo se a consulta falhar */ }
-      }
-      // Recuperar cookies do comprador (fbp/fbc) pelo email
-      const profile = await getProfileByEmail(env, buyer.email);
-      const payload = {
-        email:       buyer.email,
-        phone:       buyer.phone,
-        firstName:   buyer.name?.split(' ')[0],
-        lastName:    buyer.name?.split(' ').slice(1).join(' ') || undefined,
-        fbp:         profile?.fbp,
-        fbc:         profile?.fbc,
-        userId:      profile?.user_id,
-        gaClientId:  profile?.ga_client_id,
-        value:       purchase.price?.value,
-        currency:    purchase.price?.currency_value || 'BRL',
-        contentIds:  [String(product.id || product.ucode || '')],
-        contentName: product.name,
-        contentType: 'product',
-        pageUrl:     profile?.page_url || `https://${env.SITE_DOMAIN || 'seu-dominio.com.br'}`,
-        orderId:     purchase.transaction,
-        eventId:     `hotmart_${purchase.transaction}`,
-        city:        profile?.city,
-        state:       profile?.state,
-        country:     profile?.country,
-      };
-      // Registrar transação no D1 (prevenção de duplicatas em reenvios)
-      if (hmTxId && env.DB) {
-        try {
-          await env.DB.prepare(
-            'INSERT OR IGNORE INTO webhook_events (platform, transaction_id, email, status, raw_payload) VALUES (?,?,?,?,?)'
-          ).bind('hotmart', hmTxId, buyer.email || null, 'processed', JSON.stringify(wh)).run();
-        } catch { /* não bloquear envio se D1 falhar */ }
-      }
-      ctx.waitUntil(Promise.allSettled([
-        sendMetaCapi(env, 'Purchase', payload, request, ctx),
-        sendGA4Mp(env, 'purchase', payload, ctx),
-        sendTikTokApi(env, 'CompletePayment', payload, request, ctx),
-        saveLead(env, 'Purchase', payload, request, 'hotmart'),
-        sendWhatsApp(env, 'Purchase', payload),
-      ]));
-      return new Response(JSON.stringify({ ok: true }), { status: 200, headers });
-    }
-    // ── POST /webhook/kiwify ──────────────────────────────────────────────────
-    if (request.method === 'POST' && url.pathname === '/webhook/kiwify') {
-      // Validação de token Kiwify (X-Kiwify-Event-Token)
-      // Secret: wrangler secret put WEBHOOK_SECRET_KIWIFY
-      if (env.WEBHOOK_SECRET_KIWIFY) {
-        const token = request.headers.get('X-Kiwify-Event-Token') || '';
-        if (token !== env.WEBHOOK_SECRET_KIWIFY) {
-          return new Response('Unauthorized', { status: 401 });
-        }
-      }
-      let wh;
-      try { wh = await request.json(); } catch {
-        return new Response('JSON inválido', { status: 400 });
-      }
-      // Só processar compras aprovadas
-      if (wh.order_status !== 'paid' && wh.order_status !== 'approved') {
-        return new Response(
-          JSON.stringify({ skipped: `status ${wh.order_status}` }),
-          { status: 200, headers }
-        );
-      }
-      // Deduplicação — verificar se transação já foi processada
-      const kwTxId = String(wh.order_id || '');
-      if (kwTxId && env.DB) {
-        try {
-          const dup = await env.DB.prepare(
-            'SELECT id FROM webhook_events WHERE transaction_id = ? AND status = ?'
-          ).bind(kwTxId, 'processed').first();
-          if (dup) {
-            return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
-          }
-        } catch { /* continua mesmo se a consulta falhar */ }
-      }
-      const customer = wh.Customer || {};
-      const product  = wh.Product  || {};
-      const profile  = await getProfileByEmail(env, customer.email);
-      const payload = {
-        email:       customer.email,
-        phone:       customer.mobile,
-        firstName:   customer.full_name?.split(' ')[0],
-        lastName:    customer.full_name?.split(' ').slice(1).join(' ') || undefined,
-        fbp:         profile?.fbp,
-        fbc:         profile?.fbc,
-        userId:      profile?.user_id,
-        gaClientId:  profile?.ga_client_id,
-        value:       wh.order_value ? parseFloat(wh.order_value) / 100 : undefined,
-        currency:    'BRL',
-        contentIds:  [String(product.product_id || '')],
-        contentName: product.product_name,
-        contentType: 'product',
-        pageUrl:     profile?.page_url || `https://${env.SITE_DOMAIN || 'seu-dominio.com.br'}`,
-        orderId:     wh.order_id,
-        eventId:     `kiwify_${wh.order_id}`,
-        city:        profile?.city,
-        state:       profile?.state,
-        country:     profile?.country,
-      };
-      // Registrar transação no D1
-      if (kwTxId && env.DB) {
-        try {
-          await env.DB.prepare(
-            'INSERT OR IGNORE INTO webhook_events (platform, transaction_id, email, status, raw_payload) VALUES (?,?,?,?,?)'
-          ).bind('kiwify', kwTxId, customer.email || null, 'processed', JSON.stringify(wh)).run();
-        } catch { /* não bloquear envio se D1 falhar */ }
-      }
-      ctx.waitUntil(Promise.allSettled([
-        sendMetaCapi(env, 'Purchase', payload, request, ctx),
-        sendGA4Mp(env, 'purchase', payload, ctx),
-        sendTikTokApi(env, 'CompletePayment', payload, request, ctx),
-        sendPinterestCapi(env, 'Purchase', payload, request, ctx),
-        sendRedditCapi(env, 'Purchase', payload, request, ctx),
-        sendLinkedInCapi(env, 'Purchase', payload, request, ctx),
-        sendSpotifyCapi(env, 'Purchase', payload, request, ctx),
-        saveLead(env, 'Purchase', payload, request, 'kiwify'),
-        sendWhatsApp(env, 'Purchase', payload),
-      ]));
-      return new Response(JSON.stringify({ ok: true }), { status: 200, headers });
-    }
-    // ── POST /webhook/ticto ───────────────────────────────────────────────────
-    // Ticto Webhook v2 (JSON) — configurar em: Produto → Webhooks → Versão 2.0 → JSON
-    // URL a cadastrar na Ticto: https://SEU_DOMINIO/webhook/ticto
-    // Evento a selecionar: "Venda Realizada" (status: paid | approved | complete)
-    if (request.method === 'POST' && url.pathname === '/webhook/ticto') {
-      // Validação HMAC-SHA256 Ticto (X-Ticto-Signature)
-      // Secret: wrangler secret put WEBHOOK_SECRET_TICTO
-      let rawBody;
-      try { rawBody = await request.text(); } catch {
-        return new Response('Leitura de body falhou', { status: 400 });
-      }
-      if (env.WEBHOOK_SECRET_TICTO) {
-        const sig = request.headers.get('X-Ticto-Signature') || '';
-        const valid = await verifyHmac(env.WEBHOOK_SECRET_TICTO, rawBody, sig);
-        if (!valid) {
-          return new Response('Unauthorized', { status: 401 });
-        }
-      }
-      let wh;
-      try { wh = JSON.parse(rawBody); } catch {
-        return new Response('JSON inválido', { status: 400 });
-      }
-      // ── Estrutura Ticto v2 ────────────────────────────────────────────────
-      // {
-      //   "version": "2.0",
-      //   "status": "paid",           ← paid | approved | complete | refunded | chargeback
-      //   "status_date": "...",
-      //   "token": "...",
-      //   "payment_method": "credit_card | boleto | pix",
-      //   "customer": {
-      //     "name": "João Silva",
-      //     "email": "joao@email.com",
-      //     "phone": "11999998888",
-      //     "document": "12345678901"  ← CPF (não enviamos para plataformas de ads)
-      //   },
-      //   "order": {
-      //     "id": "ORD123",
-      //     "hash": "abc123",
-      //     "transaction_hash": "xyz456",
-      //     "paid_amount": 29700,     ← valor em centavos (R$ 297,00)
-      //     "installments": 1,
-      //     "order_date": "2024-01-01"
-      //   },
-      //   "item": {
-      //     "product_name": "Curso XYZ",
-      //     "product_id": "PROD123"
-      //   },
-      //   "tracking": {               ← parâmetros de URL capturados no checkout
-      //     "src": "facebook",
-      //     "utm_source": "...",
-      //     "utm_medium": "...",
-      //     "utm_campaign": "...",
-      //     "utm_content": "...",
-      //     "utm_term": "..."
-      //   },
-      //   "url_params": {             ← fallback de parâmetros extras (fbclid, sck, xcod...)
-      //     "fbclid": "...",
-      //     "sck": "..."
-      //   }
-      // }
-      // Aceitar apenas vendas aprovadas/pagas
-      const STATUS_PAID = ['paid', 'approved', 'complete', 'completed'];
-      if (!STATUS_PAID.includes((wh.status || '').toLowerCase())) {
-        return new Response(
-          JSON.stringify({ skipped: `status ${wh.status}` }),
-          { status: 200, headers }
-        );
-      }
-      const customer  = wh.customer  || {};
-      const order     = wh.order     || {};
-      const item      = wh.item      || {};
-      const tracking  = wh.tracking  || wh.url_params || {};
-      // Valor: paid_amount está em centavos → dividir por 100
-      const valueRaw = order.paid_amount ?? order.total ?? order.amount;
-      const value    = valueRaw ? parseFloat(valueRaw) / 100 : undefined;
-      // Transaction ID: usar hash se disponível (mais estável que id numérico)
-      const transactionId = order.hash || order.transaction_hash || order.id;
-      // Deduplicação — verificar se transação já foi processada
-      const tcTxId = String(order.hash || order.transaction_hash || order.id || '');
-      if (tcTxId && env.DB) {
-        try {
-          const dup = await env.DB.prepare(
-            'SELECT id FROM webhook_events WHERE transaction_id = ? AND status = ?'
-          ).bind(tcTxId, 'processed').first();
-          if (dup) {
-            return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
-          }
-        } catch { /* continua mesmo se a consulta falhar */ }
-      }
-      // Buscar perfil do comprador pelo email; fallback por user_id passado via URL (cdpTrack passCheckoutParams)
-      const urlUserId = tracking.user_id || wh.url_params?.user_id;
-      let profile = await getProfileByEmail(env, customer.email);
-      if (!profile && urlUserId && env.DB) {
-        try {
-          profile = await env.DB.prepare(
-            'SELECT * FROM user_profiles WHERE user_id = ? ORDER BY updated_at DESC LIMIT 1'
-          ).bind(urlUserId).first();
-        } catch { /* continua sem perfil */ }
-      }
-      // Construir fbc a partir do fbclid se o profile não tiver fbc
-      const fbclid = tracking.fbclid || wh.url_params?.fbclid;
-      const fbc    = profile?.fbc || (fbclid ? `fb.1.${Date.now()}.${fbclid}` : undefined);
-      const payload = {
-        email:       customer.email,
-        phone:       customer.phone,
-        firstName:   customer.name?.split(' ')[0],
-        lastName:    customer.name?.split(' ').slice(1).join(' ') || undefined,
-        fbp:         profile?.fbp,
-        fbc,
-        ttp:         profile?.ttp,
-        userId:      profile?.user_id,
-        gaClientId:  profile?.ga_client_id,
-        value,
-        currency:    'BRL',
-        contentIds:  [String(item.product_id || '')],
-        contentName: item.product_name,
-        contentType: 'product',
-        pageUrl:     profile?.page_url || `https://${env.SITE_DOMAIN || 'seu-dominio.com.br'}`,
-        orderId:     transactionId,
-        eventId:     `ticto_${transactionId}`,
-        city:        profile?.city,
-        state:       profile?.state,
-        country:     profile?.country || 'br',
-        utmSource:   tracking.utm_source   || tracking.src || '',
-        utmMedium:   tracking.utm_medium   || '',
-        utmCampaign: tracking.utm_campaign || '',
-        utmContent:  tracking.utm_content  || '',
-      };
-      // Registrar transação no D1
-      if (tcTxId && env.DB) {
-        try {
-          await env.DB.prepare(
-            'INSERT OR IGNORE INTO webhook_events (platform, transaction_id, email, status, raw_payload) VALUES (?,?,?,?,?)'
-          ).bind('ticto', tcTxId, customer.email || null, 'processed', JSON.stringify(wh)).run();
-        } catch { /* não bloquear envio se D1 falhar */ }
-      }
-      ctx.waitUntil(Promise.allSettled([
-        sendMetaCapi(env, 'Purchase', payload, request, ctx),
-        sendGA4Mp(env, 'purchase', payload, ctx),
-        sendTikTokApi(env, 'CompletePayment', payload, request, ctx),
-        sendPinterestCapi(env, 'Purchase', payload, request, ctx),
-        sendRedditCapi(env, 'Purchase', payload, request, ctx),
-        sendLinkedInCapi(env, 'Purchase', payload, request, ctx),
-        sendSpotifyCapi(env, 'Purchase', payload, request, ctx),
-        saveLead(env, 'Purchase', payload, request, 'ticto'),
-        sendWhatsApp(env, 'Purchase', payload),
-      ]));
-      return new Response(JSON.stringify({ ok: true }), { status: 200, headers });
-    }
-    // ── GET /webhook/whatsapp — verificação do webhook pela Meta ─────────────────
-    // A Meta faz um GET nessa URL quando você cadastra o webhook no Business Manager.
-    // Ela envia: hub.mode=subscribe, hub.verify_token=<seu token>, hub.challenge=<número>
-    // Você responde com hub.challenge para confirmar que é seu servidor.
-    // Secret: wrangler secret put WA_WEBHOOK_VERIFY_TOKEN
-    if (request.method === 'GET' && url.pathname === '/webhook/whatsapp') {
-      const mode      = url.searchParams.get('hub.mode');
-      const token     = url.searchParams.get('hub.verify_token');
-      const challenge = url.searchParams.get('hub.challenge');
-      if (mode === 'subscribe' && env.WA_WEBHOOK_VERIFY_TOKEN && token === env.WA_WEBHOOK_VERIFY_TOKEN) {
-        return new Response(challenge, { status: 200, headers: { 'Content-Type': 'text/plain' } });
-      }
-      return new Response('Forbidden', { status: 403 });
-    }
-    // ── POST /webhook/whatsapp — mensagens recebidas (CTWA) ───────────────────────
-    // Recebe eventos da Meta Cloud API: mensagens de usuários que clicaram em
-    // anúncios "Click to WhatsApp". Extrai phone + ctwa_clid e dispara Contact
-    // no Meta CAPI com action_source="chat".
-    // URL a cadastrar: Meta Business Manager → WhatsApp → Configuration → Webhook URL
-    // Campos a assinar (subscribe): messages
-    if (request.method === 'POST' && url.pathname === '/webhook/whatsapp') {
-      let body;
-      try { body = await request.json(); } catch {
-        return new Response('JSON inválido', { status: 400 });
-      }
-      const result = await processWhatsAppWebhook(env, body, request, ctx);
-      // A Meta exige resposta 200 em até 20s — mesmo que não haja nada a processar
-      return new Response(JSON.stringify({ ok: true, ...result }), { status: 200, headers });
-    }
-    // ── Segmentação Dinâmica ML ──────────────────────────────────────────
-    if (url.pathname === '/api/segmentation/cluster' && request.method === 'POST') {
-      return handleSegmentationCluster(env, request, headers);
-    }
-    if (url.pathname === '/api/segmentation/list' && request.method === 'GET') {
-      return handleSegmentationList(env, request, headers);
-    }
-    if (url.pathname === '/api/segmentation/outliers' && request.method === 'GET') {
-      return handleSegmentationOutliers(env, request, headers);
-    }
-    if (url.pathname === '/api/segmentation/update' && request.method === 'PUT') {
-      return handleSegmentationUpdate(env, request, headers);
-    }
-    // ── Bidding Recommendations ML ────────────────────────────────────────────
-    if (url.pathname === '/api/bidding/recommend' && request.method === 'POST') {
-      return handleBiddingRecommend(env, request, headers);
-    }
-    if (url.pathname === '/api/bidding/history' && request.method === 'GET') {
-      return handleBiddingHistory(env, request, headers);
-    }
-    if (url.pathname === '/api/bidding/status' && request.method === 'GET') {
-      return handleBiddingStatus(env, request, headers);
-    }
-    // ── A/B Testing de Prompts LTV ────────────────────────────────────────────
-    if (url.pathname === '/api/ltv/ab-test/create' && request.method === 'POST') {
-      return handleLtvAbTestCreate(env, request, headers);
-    }
-    if (url.pathname === '/api/ltv/ab-test/list' && request.method === 'GET') {
-      return handleLtvAbTestList(env, request, headers);
-    }
-    if (url.pathname === '/api/ltv/ab-test/results' && request.method === 'GET') {
-      return handleLtvAbTestResults(env, request, headers);
-    }
-    if (url.pathname === '/api/ltv/ab-test/winner' && request.method === 'POST') {
-      return handleLtvAbTestWinner(env, request, headers);
-    }
-    // ── Fraud Detection — Fase 4 ──────────────────────────────────────────────
-    if (url.pathname === '/api/fraud/alerts' && request.method === 'GET') {
-      return handleFraudAlerts(env, request, headers);
-    }
-    if (url.pathname === '/api/fraud/blocklist' && request.method === 'GET') {
-      return handleFraudBlocklist(env, request, headers);
-    }
-    if (url.pathname === '/api/fraud/blocklist/add' && request.method === 'POST') {
-      return handleFraudBlocklistAdd(env, request, headers);
-    }
-    if (url.pathname === '/api/fraud/blocklist/remove' && request.method === 'DELETE') {
-      return handleFraudBlocklistRemove(env, request, headers);
-    }
-    if (url.pathname === '/api/fraud/stats' && request.method === 'GET') {
-      return handleFraudStats(env, request, headers);
-    }
-    // 404 para rotas não encontradas
-    return new Response(
-      JSON.stringify({ error: 'rota não encontrada' }),
-      { status: 404, headers }
-    );
-  },
-  // ── Cron Handler — Intelligence Agent ──────────────────────────────────────
-  async scheduled(event, env, ctx) {
-    const cron = event.cron; // '0 2 * * 0' ou '0 3 1 * *'
-    const isMonthly = cron === '0 3 1 * *';
-    ctx.waitUntil(runIntelligenceAgent(env, isMonthly ? 'monthly_audit' : 'weekly_check'));
-  },
-  // ── Queue Consumer — Retry de eventos com falha ────────────────────────────
-  async queue(batch, env) {
-    for (const message of batch.messages) {
-      const { eventType, payload, platform, attempt = 1 } = message.body;
-      try {
-        if (platform === 'meta')   await sendMetaCapi(env, eventType, payload, null, null);
-        if (platform === 'ga4')    await sendGA4Mp(env, eventType, payload, null);
-        if (platform === 'tiktok') await sendTikTokApi(env, eventType, payload, null, null);
-        message.ack(); // sucesso — remove da fila
-      } catch (err) {
-        console.error(`[Queue] Falha ao reprocessar ${platform}/${eventType}:`, err.message);
-        message.retry(); // reenfileira até max_retries, depois vai para DLQ
-      }
-    }
-  },
-};