cdp-edge 1.24.1 → 1.25.0

package/server-edge-tracker/index.ts

@@ -23,6 +23,12 @@ import {
   distanceBucketWeight,
   computeMetaSignalWeights,
   metaSignalBucket,
+  isValidEmail,
+  sanitizeString,
+  isValidUrl,
+  isValidValue,
+  isValidCurrency,
+  isValidUTM,
 } from './modules/utils';
 
 // ── Banco de dados (D1) ───────────────────────────────────────────────────────
@@ -39,6 +45,7 @@ import {
   resurrectUTM,
   upsertLtvProfile,
   recordLtvFeedback,
+  processWebhookDuplicateCheck,
 } from './modules/db';
 
 // ── Dispatch — plataformas de ads ─────────────────────────────────────────────
@@ -135,10 +142,10 @@ export default {
     const url = new URL(request.url);
 
     // ── Rate Limiter — camada 0, antes do Fraud Gate ─────────────────────────
+    // Usa apenas CF-Connecting-IP (injetado pela Cloudflare, não pode ser spoofado)
+    // X-Forwarded-For pode ser falsificado por atacantes para bypass rate limiter
     if (url.pathname === '/track' && request.method === 'POST' && env.RATE_LIMITER) {
-      const ip = request.headers.get('CF-Connecting-IP')
-              || request.headers.get('X-Forwarded-For')?.split(',')[0].trim()
-              || '0.0.0.0';
+      const ip = request.headers.get('CF-Connecting-IP') || 'unknown';
       const { success } = await env.RATE_LIMITER.limit({ key: ip });
       if (!success) {
         return new Response(JSON.stringify({ status: 'ok', queued: true }), { status: 200, headers });
@@ -218,8 +225,8 @@ export default {
         META_ACCESS_TOKEN:        env.META_ACCESS_TOKEN        ? 'set' : 'MISSING',
         GA4_API_SECRET:           env.GA4_API_SECRET           ? 'set' : 'MISSING',
         WA_WEBHOOK_VERIFY_TOKEN:  env.WA_WEBHOOK_VERIFY_TOKEN  ? 'set' : 'MISSING',
-        WHATSAPP_ACCESS_TOKEN:    env.WHATSAPP_ACCESS_TOKEN    ? 'set' : 'not set (optional - only for auto-reply)',
-        WHATSAPP_PHONE_NUMBER_ID: env.WHATSAPP_PHONE_NUMBER_ID ? 'set' : 'not set (optional - only for auto-reply)',
+        WHATSAPP_ACCESS_TOKEN:    (env.WHATSAPP_ACCESS_TOKEN || env.WA_ACCESS_TOKEN)       ? 'set' : 'not set (optional - only for auto-reply)',
+        WHATSAPP_PHONE_NUMBER_ID: (env.WHATSAPP_PHONE_NUMBER_ID || env.WA_PHONE_ID)         ? 'set' : 'not set (optional - only for auto-reply)',
         WA_NOTIFY_NUMBER:         env.WA_NOTIFY_NUMBER         ? 'set' : 'not set (optional - only for auto-reply)',
         TIKTOK_ACCESS_TOKEN:      env.TIKTOK_ACCESS_TOKEN      ? 'set' : 'not set (optional)',
         CALLMEBOT_PHONE:          env.CALLMEBOT_PHONE          ? 'set' : 'not set (optional)',
@@ -265,6 +272,7 @@ export default {
       const { eventName, behavioral_data, ...payload } = body as { eventName?: string; behavioral_data?: BehavioralData; [key: string]: any };
       const trackPayload: TrackPayload = payload;
 
+      // ── Validação de eventName ────────────────────────────────────────
       if (!eventName) {
         return new Response(JSON.stringify({ error: 'eventName é obrigatório' }), { status: 400, headers });
       }
@@ -273,20 +281,88 @@ export default {
         return new Response(JSON.stringify({ error: `eventName desconhecido: ${eventName.slice(0, 64)}` }), { status: 400, headers });
       }
 
+      // ── Sanitização e Validação de Campos String ──────────────────────
+      const SANITIZE_FIELDS = {
+        email: (val: string) => {
+          if (!isValidEmail(val)) return { error: 'email inválido (formato incorreto)' };
+          return { sanitized: val.toLowerCase().trim() };
+        },
+        firstName: (val: string) => ({ sanitized: sanitizeString(val, 100) }),
+        lastName: (val: string) => ({ sanitized: sanitizeString(val, 100) }),
+        city: (val: string) => ({ sanitized: sanitizeString(val, 100) }),
+        state: (val: string) => ({ sanitized: sanitizeString(val, 100) }),
+        zip: (val: string) => ({ sanitized: sanitizeString(val, 20) }),
+        dob: (val: string) => ({ sanitized: sanitizeString(val, 20) }),
+        productName: (val: string) => ({ sanitized: sanitizeString(val, 200) }),
+        pageUrl: (val: string) => {
+          if (!isValidUrl(val)) return { error: 'pageUrl inválido (formato incorreto)' };
+          return { sanitized: val.trim() };
+        },
+        currency: (val: string) => {
+          if (!isValidCurrency(val)) return { error: 'currency inválido (deve ser código ISO 4217)' };
+          return { sanitized: val.trim().toUpperCase() };
+        },
+      };
+
+      // Sanitiza e valida campos específicos
+      for (const [field, validator] of Object.entries(SANITIZE_FIELDS)) {
+        const value = trackPayload[field as keyof TrackPayload];
+        if (value !== undefined && value !== null) {
+          if (typeof value !== 'string') {
+            return new Response(JSON.stringify({ error: `Campo ${field} deve ser string` }), { status: 400, headers });
+          }
+          const result = validator(value);
+          if (result.error) {
+            return new Response(JSON.stringify({ error: result.error }), { status: 400, headers });
+          }
+          if (result.sanitized !== null) {
+            trackPayload[field as keyof TrackPayload] = result.sanitized as any;
+          }
+        }
+      }
+
+      // Sanitiza campos de string genéricos
+      const GENERIC_SANITIZE_FIELDS = ['utmSource', 'utmMedium', 'utmCampaign', 'utmContent', 'utmTerm'];
+      for (const field of GENERIC_SANITIZE_FIELDS) {
+        const value = trackPayload[field as keyof TrackPayload];
+        if (value !== undefined && value !== null) {
+          if (typeof value !== 'string') {
+            return new Response(JSON.stringify({ error: `Campo ${field} deve ser string` }), { status: 400, headers });
+          }
+          const utmType = `utm_${field.replace('utm', '').toLowerCase()}`;
+          if (!isValidUTM(value, utmType)) {
+            return new Response(JSON.stringify({ error: `Campo ${field} contém caracteres perigosos` }), { status: 400, headers });
+          }
+          const sanitized = sanitizeString(value, 200);
+          if (sanitized === null) {
+            return new Response(JSON.stringify({ error: `Campo ${field} inválido após sanitização` }), { status: 400, headers });
+          }
+          trackPayload[field as keyof TrackPayload] = sanitized as any;
+        }
+      }
+
+      // Sanitiza campos de string restantes
+      const STR_FIELDS = ['transactionId', 'fbclid', 'ttclid', 'gclid'];
       for (const field of STR_FIELDS) {
-        if (trackPayload[field as keyof TrackPayload] !== undefined && trackPayload[field as keyof TrackPayload] !== null) {
-          if (typeof trackPayload[field as keyof TrackPayload] !== 'string' || String(trackPayload[field as keyof TrackPayload]).length > 512) {
-            return new Response(JSON.stringify({ error: `Campo inválido: ${field}` }), { status: 400, headers });
+        const value = trackPayload[field as keyof TrackPayload];
+        if (value !== undefined && value !== null) {
+          if (typeof value !== 'string') {
+            return new Response(JSON.stringify({ error: `Campo ${field} deve ser string` }), { status: 400, headers });
+          }
+          const sanitized = sanitizeString(value, 512);
+          if (sanitized === null) {
+            return new Response(JSON.stringify({ error: `Campo ${field} inválido após sanitização` }), { status: 400, headers });
           }
+          trackPayload[field as keyof TrackPayload] = sanitized as any;
         }
       }
 
+      // ── Validação de Valor Numérico ───────────────────────────────────
       if (trackPayload.value !== undefined && trackPayload.value !== null) {
-        const v = Number(trackPayload.value);
-        if (isNaN(v) || v < 0 || v > 9_999_999) {
-          return new Response(JSON.stringify({ error: 'value fora do intervalo permitido' }), { status: 400, headers });
+        if (!isValidValue(trackPayload.value)) {
+          return new Response(JSON.stringify({ error: 'value fora do intervalo permitido (0-9,999,999)' }), { status: 400, headers });
         }
-        trackPayload.value = v;
+        trackPayload.value = Number(trackPayload.value);
       }
 
       // ── Extrair dados comportamentais do browser ──────────────────────────
@@ -297,14 +373,46 @@ export default {
         // Sinais de engajamento profundo — usados no anti-falso-positivo e no LTV
         payload.scrollScore     = behavioral_data.scroll_score     ?? null;
         payload.timeLevel       = behavioral_data.time_level       ?? null;
-        payload.email     = payload.email     || behavioral_data.email      || null;
-        payload.phone     = payload.phone     || behavioral_data.phone      || null;
-        payload.firstName = payload.firstName || behavioral_data.first_name  || behavioral_data.firstName || null;
-        payload.lastName  = payload.lastName  || behavioral_data.last_name   || behavioral_data.lastName  || null;
-        payload.city      = payload.city      || behavioral_data.city        || null;
-        payload.state     = payload.state     || behavioral_data.state       || null;
-        payload.zip       = payload.zip       || behavioral_data.zip         || null;
-        payload.dob       = payload.dob       || behavioral_data.dob         || null;
+
+        // ── Sanitiza dados do behavioral_data ────────────────────────
+        // Os dados do behavioral_data podem vir do browser e ser manipulados
+        const sanitizedBehavioralEmail = behavioral_data.email && isValidEmail(behavioral_data.email)
+          ? behavioral_data.email.toLowerCase().trim()
+          : null;
+        const sanitizedBehavioralPhone = behavioral_data.phone
+          ? sanitizeString(behavioral_data.phone, 50)
+          : null;
+        const sanitizedBehavioralFirstName = behavioral_data.first_name || behavioral_data.firstName
+          ? sanitizeString(behavioral_data.first_name || behavioral_data.firstName, 100)
+          : null;
+        const sanitizedBehavioralLastName = behavioral_data.last_name || behavioral_data.lastName
+          ? sanitizeString(behavioral_data.last_name || behavioral_data.lastName, 100)
+          : null;
+        const sanitizedBehavioralCity = behavioral_data.city
+          ? sanitizeString(behavioral_data.city, 100)
+          : null;
+
+        // Usa dados sanitizados do behavioral_data se não existirem no payload principal
+        payload.email     = payload.email     || sanitizedBehavioralEmail;
+        payload.phone     = payload.phone     || sanitizedBehavioralPhone;
+        payload.firstName = payload.firstName || sanitizedBehavioralFirstName;
+        payload.lastName  = payload.lastName  || sanitizedBehavioralLastName;
+        payload.city      = payload.city      || sanitizedBehavioralCity;
+
+        // Sanitiza campos restantes do behavioral_data
+        const sanitizedBehavioralState = behavioral_data.state
+          ? sanitizeString(behavioral_data.state, 100)
+          : null;
+        const sanitizedBehavioralZip = behavioral_data.zip
+          ? sanitizeString(behavioral_data.zip, 20)
+          : null;
+        const sanitizedBehavioralDob = behavioral_data.dob
+          ? sanitizeString(behavioral_data.dob, 20)
+          : null;
+
+        payload.state = payload.state || sanitizedBehavioralState;
+        payload.zip   = payload.zip   || sanitizedBehavioralZip;
+        payload.dob   = payload.dob   || sanitizedBehavioralDob;
       }
 
       // ── Normalização de intent_score → 0.0–1.0 ──────────────────────────
@@ -510,7 +618,13 @@ export default {
         try {
           const profileRow = await env.DB.prepare('SELECT score FROM user_profiles WHERE user_id = ?').bind(trackPayload.userId).first();
           if (profileRow) currentScore = Number(profileRow.score) || 0;
-        } catch {}
+        } catch (err: any) {
+          console.error('[POST /track] Error fetching user profile score:', {
+            userId: trackPayload.userId,
+            error: err?.message || String(err),
+            stack: err?.stack,
+          });
+        }
       }
 
       const resHeaders = new Headers(headers);
@@ -549,15 +663,12 @@ export default {
       }
 
       const hmTxId = String(purchase.transaction || '');
-      if (hmTxId && env.DB) {
-        try {
-          const dup = await env.DB.prepare(
-            'SELECT id FROM webhook_events WHERE transaction_id = ? AND status = ?'
-          ).bind(hmTxId, 'processed').first();
-          if (dup) {
-            return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
-          }
-        } catch {}
+      const dupCheck = await processWebhookDuplicateCheck(env, 'hotmart', hmTxId, JSON.stringify(wh), {
+        email: buyer.email,
+      });
+
+      if (dupCheck.duplicate) {
+        return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
       }
 
       const profile = await getProfileByEmail(env, buyer.email);
@@ -584,14 +695,6 @@ export default {
         country:     profile?.country,
       };
 
-      if (hmTxId && env.DB) {
-        try {
-          await env.DB.prepare(
-            'INSERT OR IGNORE INTO webhook_events (platform, transaction_id, email, status, raw_payload) VALUES (?,?,?,?,?)'
-          ).bind('hotmart', hmTxId, buyer.email || null, 'processed', JSON.stringify(wh)).run();
-        } catch {}
-      }
-
       ctx.waitUntil(Promise.allSettled([
         sendMetaCapi(env, 'Purchase', payload, request, ctx),
         sendGA4Mp(env, 'purchase', payload, ctx),
@@ -622,15 +725,12 @@ export default {
       }
 
       const kwTxId = String(wh.order_id || '');
-      if (kwTxId && env.DB) {
-        try {
-          const dup = await env.DB.prepare(
-            'SELECT id FROM webhook_events WHERE transaction_id = ? AND status = ?'
-          ).bind(kwTxId, 'processed').first();
-          if (dup) {
-            return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
-          }
-        } catch {}
+      const dupCheck = await processWebhookDuplicateCheck(env, 'kiwify', kwTxId, JSON.stringify(wh), {
+        email: customer.email,
+      });
+
+      if (dupCheck.duplicate) {
+        return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
       }
 
       const customer = wh.Customer || {};
@@ -659,14 +759,6 @@ export default {
         country:     profile?.country,
       };
 
-      if (kwTxId && env.DB) {
-        try {
-          await env.DB.prepare(
-            'INSERT OR IGNORE INTO webhook_events (platform, transaction_id, email, status, raw_payload) VALUES (?,?,?,?,?)'
-          ).bind('kiwify', kwTxId, customer.email || null, 'processed', JSON.stringify(wh)).run();
-        } catch {}
-      }
-
       ctx.waitUntil(Promise.allSettled([
         sendMetaCapi(env, 'Purchase', payload, request, ctx),
         sendGA4Mp(env, 'purchase', payload, ctx),
@@ -716,15 +808,12 @@ export default {
       const transactionId = order.hash || order.transaction_hash || order.id;
       const tcTxId        = String(order.hash || order.transaction_hash || order.id || '');
 
-      if (tcTxId && env.DB) {
-        try {
-          const dup = await env.DB.prepare(
-            'SELECT id FROM webhook_events WHERE transaction_id = ? AND status = ?'
-          ).bind(tcTxId, 'processed').first();
-          if (dup) {
-            return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
-          }
-        } catch {}
+      const dupCheck = await processWebhookDuplicateCheck(env, 'ticto', tcTxId, rawBody, {
+        email: customer.email,
+      });
+
+      if (dupCheck.duplicate) {
+        return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
       }
 
       const urlUserId = tracking.user_id || wh.url_params?.user_id;
@@ -734,7 +823,14 @@ export default {
           profile = await env.DB.prepare(
             'SELECT * FROM user_profiles WHERE user_id = ? ORDER BY updated_at DESC LIMIT 1'
           ).bind(urlUserId).first();
-        } catch {}
+        } catch (err: any) {
+          console.error('[POST /webhook/ticto] Error fetching user profile by userId:', {
+            userId: urlUserId,
+            email: customer.email,
+            error: err?.message || String(err),
+            stack: err?.stack,
+          });
+        }
       }
 
       const fbclid = tracking.fbclid || wh.url_params?.fbclid;
@@ -767,14 +863,6 @@ export default {
         utmContent:  tracking.utm_content  || '',
       };
 
-      if (tcTxId && env.DB) {
-        try {
-          await env.DB.prepare(
-            'INSERT OR IGNORE INTO webhook_events (platform, transaction_id, email, status, raw_payload) VALUES (?,?,?,?,?)'
-          ).bind('ticto', tcTxId, customer.email || null, 'processed', JSON.stringify(wh)).run();
-        } catch {}
-      }
-
       ctx.waitUntil(Promise.allSettled([
         sendMetaCapi(env, 'Purchase', payload, request, ctx),
         sendGA4Mp(env, 'purchase', payload, ctx),

package/server-edge-tracker/modules/db.ts

@@ -226,7 +226,7 @@ export async function resolveDeviceGraph(DB: D1Database, currentUserId: string,
         VALUES (?, ?, ?, ?)
       `).bind(primary, secondary, matchType, matchConfidence).run();
 
-      console.log(`[DeviceGraph] Linked ${secondary} → ${primary} via ${matchType} (confidence: ${matchConfidence})`);
+      // sem log de user IDs — dados sensíveis não entram em Workers log
     }
   } catch (err: any) {
     console.error('resolveDeviceGraph error:', err?.message || String(err));
@@ -332,7 +332,13 @@ export async function enrichGeoFromEdge(request: Request, env: Env, payload: Tra
     try {
       const cached = await env.GEO_CACHE.get(`geo:${ip}`, 'json') as GeoData | null;
       if (cached) geoData = cached;
-    } catch {}
+    } catch (err: any) {
+      console.error('[DB] Error fetching geo data from cache:', {
+        ip,
+        error: err?.message || String(err),
+        stack: err?.stack,
+      });
+    }
   }
 
   if (!geoData) {
@@ -355,7 +361,14 @@ export async function enrichGeoFromEdge(request: Request, env: Env, payload: Tra
     if (env.GEO_CACHE && ip && geoData.country) {
       try {
         await env.GEO_CACHE.put(`geo:${ip}`, JSON.stringify(geoData), { expirationTtl: 3600 });
-      } catch {}
+      } catch (err: any) {
+        console.error('[DB] Error caching geo data:', {
+          ip,
+          country: geoData.country,
+          error: err?.message || String(err),
+          stack: err?.stack,
+        });
+      }
     }
   }
 
@@ -640,3 +653,50 @@ export async function logIntelligence(DB: D1Database, runType: string, platform:
     console.error('logIntelligence error:', err?.message || String(err));
   }
 }
+
+// ── Webhook Processing Helper ─────────────────────────────────────────────────
+/**
+ * Processa webhook de e-commerce (Hotmart, Kiwify, Ticto, etc.)
+ * - Verifica duplicatas
+ * - Registra evento em webhook_events
+ * - Retorna true se já foi processado, false se deve continuar
+ */
+export async function processWebhookDuplicateCheck(
+  env: Env,
+  platform: string,
+  transactionId: string,
+  rawPayload: string,
+  context?: { email?: string; orderId?: string }
+): Promise<{ duplicate: boolean; error?: string }> {
+  if (!env.DB) {
+    return { duplicate: false };
+  }
+
+  try {
+    // 1. Verifica duplicatas
+    const dup = await env.DB.prepare(
+      'SELECT id FROM webhook_events WHERE transaction_id = ? AND platform = ? AND status = ?'
+    ).bind(transactionId, platform, 'processed').first();
+
+    if (dup) {
+      console.log(`[Webhook] Duplicate event skipped: ${platform}/${transactionId}`);
+      return { duplicate: true };
+    }
+
+    // 2. Registra o evento
+    await env.DB.prepare(
+      'INSERT OR IGNORE INTO webhook_events (platform, transaction_id, email, status, raw_payload) VALUES (?,?,?,?,?)'
+    ).bind(platform, transactionId, context?.email || null, 'processed', rawPayload).run();
+
+    return { duplicate: false };
+  } catch (err: any) {
+    console.error(`[Webhook] Error processing ${platform}/${transactionId}:`, {
+      platform,
+      transactionId,
+      email: context?.email,
+      error: err?.message || String(err),
+      stack: err?.stack,
+    });
+    return { duplicate: false, error: err?.message || String(err) };
+  }
+}

package/server-edge-tracker/modules/dispatch/whatsapp.ts

@@ -40,9 +40,19 @@ interface WhatsAppMessage {
   };
 }
 
+// ── Resolvedores de secrets (canônico + legado) ────────────────────────────────
+// Meta Cloud API v22.0 usa PHONE_NUMBER_ID e ACCESS_TOKEN como termos oficiais.
+// Suportamos ambos os nomes para compatibilidade com secrets já configurados.
+function resolvePhoneNumberId(env: Env): string | undefined {
+  return env.WHATSAPP_PHONE_NUMBER_ID || env.WA_PHONE_ID;
+}
+function resolveAccessToken(env: Env): string | undefined {
+  return env.WHATSAPP_ACCESS_TOKEN || env.WA_ACCESS_TOKEN;
+}
+
 // ── sendWhatsApp — envia mensagem via Meta Cloud API ──────────────────────────
 export async function sendWhatsApp(env: Env, tipo: string, payload: TrackPayload, options: WhatsAppOptions = {}): Promise<any> {
-  if (!env.WHATSAPP_PHONE_NUMBER_ID || !env.WHATSAPP_ACCESS_TOKEN || !env.WA_NOTIFY_NUMBER) {
+  if (!resolvePhoneNumberId(env) || !resolveAccessToken(env) || !env.WA_NOTIFY_NUMBER) {
     return { skipped: 'WhatsApp não configurado' };
   }
 
@@ -116,9 +126,11 @@ export async function sendWhatsApp(env: Env, tipo: string, payload: TrackPayload
 // ── _sendWARequest — executor interno ─────────────────────────────────────────
 async function _sendWARequest(env: Env, body: Record<string, any>): Promise<any> {
   try {
-    const res = await fetch(`https://graph.facebook.com/v22.0/${env.WHATSAPP_PHONE_NUMBER_ID}/messages`, {
+    const phoneNumberId = resolvePhoneNumberId(env);
+    const accessToken   = resolveAccessToken(env);
+    const res = await fetch(`https://graph.facebook.com/v22.0/${phoneNumberId}/messages`, {
       method: 'POST',
-      headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${env.WHATSAPP_ACCESS_TOKEN}` },
+      headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${accessToken}` },
       body: JSON.stringify(body),
     });
     const data = await res.json();

package/server-edge-tracker/modules/ml/fraud.ts

@@ -110,7 +110,15 @@ export async function logFraudSignal(env: Env, request: Request, payload: TrackP
 
     let emailHash = null;
     if (payload.email) {
-      try { emailHash = await sha256(payload.email.trim().toLowerCase()); } catch {}
+      try {
+        emailHash = await sha256(payload.email.trim().toLowerCase());
+      } catch (err: any) {
+        console.error('[Fraud] Error generating email hash:', {
+          email: payload.email,
+          error: err?.message || String(err),
+          stack: err?.stack,
+        });
+      }
     }
 
     await env.DB.prepare(`

package/server-edge-tracker/modules/ml/logistic.ts

@@ -177,7 +177,13 @@ export async function loadActiveWeights(env: Env): Promise<LogisticModel | null>
     try {
       const cached = await env.GEO_CACHE.get(LTV_WEIGHTS_KV_KEY, 'json') as LogisticModel | null;
       if (cached?.weights?.length) return cached;
-    } catch {}
+    } catch (err: any) {
+      console.error('[Logistic] Error fetching LTV weights from KV cache:', {
+        key: LTV_WEIGHTS_KV_KEY,
+        error: err?.message || String(err),
+        stack: err?.stack,
+      });
+    }
   }
 
   // 2. Fallback: D1

package/server-edge-tracker/modules/ml/ltv.ts

@@ -378,13 +378,28 @@ export async function handleLtvAbTestResults(env: Env, request: Request, headers
   if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
 
   const url    = new URL(request.url);
-  const testId = url.searchParams.get('test_id') || null;
+  const testId = url.searchParams.get('test_id');
 
   try {
-    const cond    = testId ? 'WHERE test_id = ?' : 'WHERE status = \'running\'';
-    const testBind = testId ? [parseInt(testId)] : [];
-
-    const testRes = await env.DB.prepare(`SELECT id, name, status, min_sample, winner_id, started_at FROM ltv_ab_tests ${cond} LIMIT 1`).bind(...testBind).first();
+    let testRes: any;
+
+    if (testId) {
+      // Query específica para teste por ID
+      testRes = await env.DB.prepare(`
+        SELECT id, name, status, min_sample, winner_id, started_at
+        FROM ltv_ab_tests
+        WHERE test_id = ?
+        LIMIT 1
+      `).bind(parseInt(testId)).first();
+    } else {
+      // Query padrão: busca teste ativo em execução
+      testRes = await env.DB.prepare(`
+        SELECT id, name, status, min_sample, winner_id, started_at
+        FROM ltv_ab_tests
+        WHERE status = 'running'
+        LIMIT 1
+      `).first();
+    }
     if (!testRes) return new Response(JSON.stringify({ error: 'Nenhum teste encontrado' }), { status: 404, headers });
 
     const perf = await env.DB.prepare(`SELECT * FROM v_ab_test_performance WHERE test_id = ?`).bind((testRes as any).id).all();

package/server-edge-tracker/modules/ml/matchquality.ts

@@ -101,7 +101,14 @@ export async function autoEnrichPayload(env: Env, payload: TrackPayload): Promis
         if (profile.fbc && !payload.fbc)  payload.fbc = profile.fbc as string;
         if (profile.phone && !payload.phone) payload.phone = profile.phone as string;
       }
-    } catch {}
+    } catch (err: any) {
+      console.error('[MatchQuality] Error enriching payload with profile data:', {
+        userId: payload.userId,
+        email: payload.email,
+        error: err?.message || String(err),
+        stack: err?.stack,
+      });
+    }
   }
 
   // 2. UTM Resurrection já foi tentada no /track handler (payload.utmRestored)
@@ -216,5 +223,10 @@ export async function purgeOldMatchQualityLogs(DB: D1Database): Promise<void> {
     await DB.prepare(
       `DELETE FROM match_quality_log WHERE logged_at < datetime('now', '-30 days')`
     ).run();
-  } catch {}
+  } catch (err: any) {
+    console.error('[MatchQuality] Error purging old match quality logs:', {
+      error: err?.message || String(err),
+      stack: err?.stack,
+    });
+  }
 }