cdp-edge 2.0.2 → 2.0.4

package/contracts/agent-versions.json

@@ -0,0 +1,364 @@
+{
+  "_comment": "Fonte de verdade para versões dos agent files. Atualizar manualmente quando worker.js mudar. Use scripts/validate-agents.js para detectar drifts.",
+  "worker_version": "2.0.3",
+  "worker_hash_date": "2026-04-10",
+  "agents": {
+    "master-orchestrator": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:fetch",
+        "worker.js:endpoints",
+        "worker.js:events"
+      ],
+      "critical_sections": [
+        "endpoints",
+        "event_names",
+        "secret_names",
+        "phases"
+      ],
+      "status": "synced"
+    },
+    "server-tracking": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:fetch",
+        "worker.js:saveLead",
+        "worker.js:upsertProfile",
+        "worker.js:secrets"
+      ],
+      "critical_sections": [
+        "endpoint /track",
+        "secret names",
+        "D1 binding",
+        "identity graph"
+      ],
+      "status": "synced"
+    },
+    "meta-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:sendMetaCapi",
+        "contracts/api-versions.json:meta"
+      ],
+      "critical_sections": [
+        "Meta CAPI version",
+        "endpoint pattern",
+        "event names"
+      ],
+      "status": "synced"
+    },
+    "google-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:sendGA4Mp",
+        "contracts/api-versions.json:google"
+      ],
+      "critical_sections": [
+        "GA4 Measurement Protocol endpoint",
+        "event names"
+      ],
+      "status": "synced"
+    },
+    "tiktok-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:sendTikTokApi",
+        "contracts/api-versions.json:tiktok"
+      ],
+      "critical_sections": [
+        "TikTok Events API v1.3",
+        "endpoint pattern",
+        "event names"
+      ],
+      "status": "synced"
+    },
+    "youtube-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "contracts/api-versions.json:youtube"
+      ],
+      "critical_sections": [
+        "video milestone events: video_25/50/75/video_complete",
+        "YT IFrame API"
+      ],
+      "status": "synced"
+    },
+    "whatsapp-ctwa-setup-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:sendWhatsApp",
+        "worker.js:processWhatsAppWebhook"
+      ],
+      "critical_sections": [
+        "WHATSAPP_ACCESS_TOKEN",
+        "WHATSAPP_PHONE_NUMBER_ID",
+        "WA_WEBHOOK_VERIFY_TOKEN"
+      ],
+      "status": "synced"
+    },
+    "intelligence-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:runIntelligenceAgent",
+        "worker.js:checkApiVersionsIntelligence"
+      ],
+      "critical_sections": [
+        "cron schedule",
+        "endpoint /track",
+        "secret names"
+      ],
+      "status": "synced"
+    },
+    "fraud-detection-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:checkFraudGate",
+        "worker.js:handleFraudAlerts",
+        "schema-fraud.sql"
+      ],
+      "critical_sections": [
+        "fraud score threshold",
+        "KV blocklist",
+        "endpoints /api/fraud/"
+      ],
+      "status": "synced"
+    },
+    "ml-clustering-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:handleSegmentationCluster",
+        "schema-segmentation.sql"
+      ],
+      "critical_sections": [
+        "Workers AI model",
+        "endpoints /api/segmentation/",
+        "D1 binding"
+      ],
+      "status": "synced"
+    },
+    "bidding-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:handleBiddingRecommend",
+        "schema-bidding.sql"
+      ],
+      "critical_sections": [
+        "endpoints /api/bidding/",
+        "segment multipliers"
+      ],
+      "status": "synced"
+    },
+    "ab-ltv-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:predictLtv",
+        "worker.js:getLtvAbVariation",
+        "schema-ab-ltv.sql"
+      ],
+      "critical_sections": [
+        "Workers AI model @cf/meta/llama-3.1-8b-instruct",
+        "endpoints /api/ltv/"
+      ],
+      "status": "synced"
+    },
+    "security-enterprise-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:checkFraudGate",
+        "worker.js:verifyHmac"
+      ],
+      "critical_sections": [
+        "env.DB.prepare",
+        "env.GEO_CACHE",
+        "HMAC validation"
+      ],
+      "status": "synced"
+    },
+    "attribution-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:saveLead",
+        "worker.js:sendMetaCapi",
+        "worker.js:sendTikTokApi"
+      ],
+      "critical_sections": [
+        "env.DB.prepare",
+        "env.META_ACCESS_TOKEN",
+        "env.TIKTOK_ACCESS_TOKEN"
+      ],
+      "status": "synced"
+    },
+    "devops-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "wrangler.toml",
+        "schema.sql",
+        "schema-segmentation.sql",
+        "schema-bidding.sql",
+        "schema-ab-ltv.sql",
+        "schema-fraud.sql"
+      ],
+      "critical_sections": [
+        "D1 binding names",
+        "secret names",
+        "schema execution order",
+        "Workers AI binding"
+      ],
+      "status": "synced"
+    },
+    "validator-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js",
+        "all agents"
+      ],
+      "critical_sections": [
+        "canonical event names 19",
+        "canonical secret names",
+        "canonical endpoints"
+      ],
+      "status": "synced"
+    },
+    "ltv-predictor-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:predictLtv"
+      ],
+      "critical_sections": [
+        "@cf/meta/llama-3.1-8b-instruct model name"
+      ],
+      "status": "synced"
+    },
+    "database-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "schema.sql",
+        "schema-segmentation.sql",
+        "schema-bidding.sql",
+        "schema-ab-ltv.sql",
+        "schema-fraud.sql",
+        "schema-indexes.sql"
+      ],
+      "critical_sections": [
+        "table count (24 tables)",
+        "binding: DB",
+        "KV: GEO_CACHE"
+      ],
+      "status": "synced"
+    },
+    "performance-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:getHealthMetrics"
+      ],
+      "critical_sections": [
+        "env.DB.prepare",
+        "env.GEO_CACHE"
+      ],
+      "status": "synced"
+    },
+    "dashboard-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:generateDailyReport"
+      ],
+      "critical_sections": [
+        "env.DB.prepare",
+        "env.GEO_CACHE"
+      ],
+      "status": "synced"
+    },
+    "browser-tracking": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "extracted-skill/tracking-events-generator/cdpTrack.js"
+      ],
+      "critical_sections": [
+        "endpoint /track",
+        "event_id deduplication",
+        "cdp_uid cookie"
+      ],
+      "status": "synced"
+    },
+    "debug-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js",
+        "all endpoints"
+      ],
+      "critical_sections": [
+        "endpoint /track",
+        "endpoint /health",
+        "D1 binding"
+      ],
+      "status": "synced"
+    },
+    "crm-integration-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js:saveLead",
+        "worker.js:upsertProfile"
+      ],
+      "critical_sections": [
+        "env.DB.prepare",
+        "leads table schema"
+      ],
+      "status": "synced"
+    },
+    "performance-optimization-agent": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "worker.js"
+      ],
+      "critical_sections": [
+        "env.GEO_CACHE (not env.CACHE_KV)"
+      ],
+      "status": "synced"
+    },
+    "master-feedback-loop": {
+      "version": "2.0.3",
+      "last_synced": "2026-04-10",
+      "depends_on": [
+        "all agents"
+      ],
+      "critical_sections": [
+        "env.DB.prepare",
+        "cron schedule"
+      ],
+      "status": "synced"
+    }
+  },
+  "change_triggers": {
+    "worker.js:addNewEndpoint": "Atualizar: master-orchestrator, server-tracking, browser-tracking, debug-agent, intelligence-agent",
+    "worker.js:changeSecretName": "Atualizar: devops-agent, server-tracking, intelligence-agent, whatsapp-ctwa-setup-agent, database-agent",
+    "worker.js:changeEventName": "Atualizar: master-orchestrator, youtube-agent, validator-agent, browser-tracking",
+    "worker.js:changeAIModel": "Atualizar: ml-clustering-agent, ab-ltv-agent, ltv-predictor-agent",
+    "schema.sql:addTable": "Atualizar: database-agent (table count), devops-agent (migration order)",
+    "wrangler.toml:addBinding": "Atualizar: devops-agent, database-agent, debug-agent",
+    "contracts/api-versions.json:bumpVersion": "Atualizar: agent especialista + master-orchestrator"
+  }
+}

package/dist/commands/install.js

@@ -32,7 +32,7 @@ function printBanner() {
   console.log(chalk.cyan('╚██████╗██████╔╝██║         ███████╗██████╔╝╚██████╔╝███████╗'));
   console.log(chalk.cyan(' ╚═════╝╚═════╝ ╚═╝         ╚══════╝╚═════╝  ╚═════╝╚══════╝'));
   console.log('');
-  console.log(chalk.gray('  Customer Data Platform on the Edge · Global Edge Tracking · v2.0.2'));
+  console.log(chalk.gray('  Customer Data Platform on the Edge · Global Edge Tracking · v2.0.4'));
   console.log('');
   console.log(chalk.gray('═'.repeat(68)));
   console.log('');

package/dist/commands/setup.js

@@ -19,7 +19,7 @@ function printBanner() {
   console.log(chalk.cyan('╚██████╗██████╔╝██║         ███████╗██████╔╝╚██████╔╝███████╗'));
   console.log(chalk.cyan(' ╚═════╝╚═════╝ ╚═╝         ╚══════╝╚═════╝  ╚═════╝╚══════╝'));
   console.log('');
-  console.log(chalk.gray('  Customer Data Platform on the Edge · Global Edge Tracking · v2.0.2'));
+  console.log(chalk.gray('  Customer Data Platform on the Edge · Global Edge Tracking · v2.0.4'));
   console.log('');
   console.log(chalk.gray('═'.repeat(68)));
   console.log('');

package/extracted-skill/tracking-events-generator/agents/browser-tracking.md

@@ -33,7 +33,7 @@ Database: Cloudflare D1 (Persistência)
 ## 📊 FUNCIONALIDADES DO SDK
 
 ### 1. Direct Fetch
-O rastreamento utiliza chamadas diretas via `fetch()` para o endpoint `/api/tracking` no mesmo domínio.
+O rastreamento utiliza chamadas diretas via `fetch()` para o endpoint `/track` no mesmo domínio.
 
 ### 2. Deduplicação
 Gera um `event_id` único para cada evento disparado no browser para que o Worker possa bater com a CAPI.
@@ -311,7 +311,7 @@ document.getElementById('buy-btn').addEventListener('click', function() {
 | Depende de | Input Esperado | O que faz com isso |
 |-------------|----------------|------------------|
 | **Page Analyzer** | Lista de elementos HTML | Mapeia `content_name` e `content_id` |
-| **Server Tracking Agent** | Lista de plataformas | Adiciona endpoint Spotify `/api/wh/spotify` |
+| **Server Tracking Agent** | Lista de plataformas | Adiciona endpoint Spotify `/webhook/spotify` |
 | **Premium Tracking Intelligence** | Estratégia de tracking | Define eventos prioritários para Spotify |
 | **Validator Agent** | Código gerado | Valida conformidade com Spotify API v1 |
 

package/extracted-skill/tracking-events-generator/agents/master-orchestrator.md

@@ -359,7 +359,7 @@ Perguntar ao cliente qual opção se aplica:
       "reddit":    ["Lead", "Purchase", "SignUp", "AddToCart", "PageVisit"],
       "linkedin":  ["LEAD", "PURCHASE", "REGISTRATION", "ADD_TO_CART"],
       "spotify":   ["LEAD", "PURCHASE", "SIGN_UP", "ADD_TO_CART"],
-      "youtube":   ["video_start", "video_progress_25", "video_progress_50", "video_complete"],
+      "youtube":   ["video_start", "video_25", "video_50", "video_75", "video_complete"],
       "bing":      ["generate_lead", "purchase", "begin_checkout", "view_item"]
     },
     "engagement_scoring": {
@@ -370,7 +370,7 @@ Perguntar ao cliente qual opção se aplica:
     "anti_bloqueio": {
       "adblock_detection": "3 metodos",
       "first_party_cookie": "365 dias",
-      "same_domain_endpoint": "/api/tracking",
+      "same_domain_endpoint": "/track",
       "fallback_server_side": "POST request"
     }
   }
@@ -679,7 +679,7 @@ src/tracking/platforms/
 - Gerar `wrangler.toml` (configuração completa Cloudflare)
 - Gerar `schema.sql` (D1: events_log, identity_graph, leads)
 - Gerar `worker.js` (Cloudflare Worker principal)
-- Implementar endpoint `/api/tracking` (recebe eventos do browser)
+- Implementar endpoint `/track` (recebe eventos do browser)
 - Implementar Engagement Scoring (0.0 - 5.0) calculado no servidor
 - Implementar Intention Level (curioso, interessado, comprador) calculado no servidor
 - Implementar SHA256 hashing (WebCrypto) para PII
@@ -708,7 +708,7 @@ cloudflare/
     "cloudflare/DEPLOY.md"
   ],
   "recursos_implementados": {
-    "worker_endpoint": "/api/tracking",
+    "worker_endpoint": "/track",
     "d1_database": "cdp-edge-db",
     "cloudflare_queue": "cdp-edge-retry",
     "kv_namespace": "geo-cache",
@@ -741,7 +741,7 @@ cloudflare/
 - JSON do Premium Tracking Intelligence Agent (estratégia de tracking)
 
 **RESPONSABILIDADE:**
-- Gerar endpoint `/api/wh/*` (recebe webhooks de Hotmart, Kiwify, Eduzz, Ticto)
+- Gerar endpoint `/webhook/*` (recebe webhooks de Hotmart, Kiwify, Eduzz, Ticto)
 - Implementar Lead Lock (salvar PII no D1, vincular com fbp/fbc)
 - Implementar despacho de Purchase via Server-Side (CAPI, Events API)
 - Implementar Advanced Matching Máximo (email, phone, city, state) via checkout data
@@ -751,9 +751,9 @@ cloudflare/
 ```
 cloudflare/
 └── webhooks/
-    ├── hotmart-webhook.js    ← Rota /api/wh/hotmart
-    ├── kiwify-webhook.js     ← Rota /api/wh/kiwify
-    ├── eduzz-webhook.js      ← Rota /api/wh/eduzz
+    ├── hotmart-webhook.js    ← Rota /webhook/hotmart
+    ├── kiwify-webhook.js     ← Rota /webhook/kiwify
+    ├── eduzz-webhook.js      ← Rota /webhook/eduzz
     └── ticto-webhook.js      ← Rota /webhook/ticto (HMAC-SHA256 X-Ticto-Signature)
 ```
 
@@ -1092,7 +1092,7 @@ Aguardar resposta. Armazenar em `PROJECT_TYPE`.
    - Gera / valida worker.js com:
        GET  /webhook/whatsapp → verifica hub.verify_token
        POST /webhook/whatsapp → processWhatsAppWebhook()
-       /api/tracking (manter ativo — pode ser usado no futuro)
+       /track (manter ativo — pode ser usado no futuro)
    - Confirma wrangler.toml com D1 binding
 
 ✅ FASE B-3 — Database Agent
@@ -1143,9 +1143,9 @@ Aguardar resposta. Armazenar em `PROJECT_TYPE`.
 
 📋 Próximos passos para qualificar leads do WhatsApp:
    • Quando lead qualificado → dispare Lead via:
-     POST /api/tracking { event: "Lead", phone: "+5511...", ... }
+     POST /track { event: "Lead", phone: "+5511...", ... }
    • Quando venda confirmada → dispare Purchase via:
-     POST /api/tracking { event: "Purchase", value: 97, phone: "+5511..." }
+     POST /track { event: "Purchase", value: 97, phone: "+5511..." }
 ```
 
 ---
@@ -1164,7 +1164,7 @@ Aguardar resposta. Armazenar em `PROJECT_TYPE`.
    com o link de afiliado correto injetado
 
 ✅ FASE C-2 — Server Tracking Agent (mínimo)
-   Worker com: /api/tracking + /webhook/{plataforma}
+   Worker com: /track + /webhook/{plataforma}
 
 ✅ FASE C-3 — Database Agent
    Schema identity_graph + webhook_events
@@ -1386,7 +1386,7 @@ Define a estratégia completa de tracking profissional para reduzir 30-50% no cu
       "reddit":    ["Lead", "Purchase", "SignUp", "AddToCart", "PageVisit"],
       "linkedin":  ["LEAD", "PURCHASE", "REGISTRATION", "ADD_TO_CART"],
       "spotify":   ["LEAD", "PURCHASE", "SIGN_UP", "ADD_TO_CART"],
-      "youtube":   ["video_start", "video_progress_25", "video_progress_50", "video_complete"],
+      "youtube":   ["video_start", "video_25", "video_50", "video_75", "video_complete"],
       "bing":      ["generate_lead", "purchase", "begin_checkout", "view_item"]
     },
     "engagement_scoring": {
@@ -1397,7 +1397,7 @@ Define a estratégia completa de tracking profissional para reduzir 30-50% no cu
     "anti_bloqueio": {
       "adblock_detection": "3 metodos",
       "first_party_cookie": "365 dias",
-      "same_domain_endpoint": "/api/tracking",
+      "same_domain_endpoint": "/track",
       "fallback_server_side": "POST request"
     }
   }
@@ -1408,12 +1408,6 @@ Define a estratégia completa de tracking profissional para reduzir 30-50% no cu
 
 Com base nas plataformas selecionadas, spawnar os agentes em paralelo utilizando os modelos de referência em `models/`.
 
----
-
-### FASE 3 — Geração em paralelo (agentes especialistas)
-
-Com base nas plataformas selecionadas, spawnar os agentes em paralelo utilizando os modelos de referência em `models/`.
-
 **IMPORTANTE: Ordem de Execução Sequencial:**
 
 Antes de spawnar agentes em paralelo, seguir esta ordem **OBRIGATÓRIA**:

package/extracted-skill/tracking-events-generator/agents/premium-tracking-intelligence-agent.md

@@ -553,7 +553,7 @@ function detectAdBlock() {
 function handleAdBlockFallback(eventData) {
   if (detectAdBlock()) {
     // AdBlock ativo: enviar via servidor (não pode usar scripts de terceiros)
-    fetch('/api/tracking', {
+    fetch('/track', {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify({
@@ -619,9 +619,9 @@ function getSessionId() {
 ```javascript
 /**
  * Endpoint de Tracking no Mesmo Domínio
- * URL: https://meusite.com/api/tracking (NÃO third-party)
+ * URL: https://meusite.com/track (NÃO third-party)
  */
-const TRACKING_ENDPOINT = '/api/tracking'; // Same-Domain Protocol
+const TRACKING_ENDPOINT = '/track'; // Same-Domain Protocol
 
 /**
  * Enviar evento via servidor (adblock-proof)
@@ -804,7 +804,7 @@ const serverTracking = {
 
 ### Server Tracking (O que processar no Worker)
 
-- [x] Receber eventos do browser (POST /api/tracking)
+- [x] Receber eventos do browser (POST /track)
 - [x] Capturar IP e geolocalização (Cloudflare headers)
 - [x] Recuperar PII do D1 (Lead Lock)
 - [x] Calcular Engagement Score (0.0 - 5.0)

package/extracted-skill/tracking-events-generator/agents/server-tracking.md

@@ -27,7 +27,7 @@ Browser (Visitante)
        ▼
 Cloudflare Edge (Worker)
   ├── Route Principal: /api/*     ← Same-Domain Protocol
-  ├── Route Webhook: /api/wh/*    ← Rota para Gateways de Pagamento
+  ├── Route Webhook: /webhook/*    ← Rota para Gateways de Pagamento
   ├── Edge Routing (A/B)         ← Interceptação via A/B Testing Agent
   ├── Edge Localization          ← Manipulação de Checkout/Moeda
   ├── ML LTV Prediction          ← Predição de Valor via Workers AI
@@ -526,7 +526,7 @@ async function syncIdentity(DB, body) {
   const fp = body.fingerprint || null;
   if (!fp || !DB) return body;
 
-  const existing = await DB.prepare(
+  const existing = await env.DB.prepare(
     'SELECT * FROM identity_graph WHERE fingerprint = ?'
   ).bind(fp).first();
 
@@ -541,7 +541,7 @@ async function syncIdentity(DB, body) {
       visit_count: (existing.visit_count || 1) + 1
     };
   } else {
-    await DB.prepare(`
+    await env.DB.prepare(`
       INSERT OR IGNORE INTO identity_graph (fingerprint, fbp, fbc, ga_client_id, external_id, ttclid, first_utm)
       VALUES (?, ?, ?, ?, ?, ?, ?)
     `).bind(fp, body.fbp, body.fbc, body.ga_client_id, body.external_id, body.ttclid, JSON.stringify(body.utm || {})).run();
@@ -635,7 +635,7 @@ function buildCookieHeader(visitor, umbrellaDomain) {
 async function logBehavioralEvent(DB, body, visitor, engagementScore) {
   if (!DB) return;
 
-  await DB.prepare(`
+  await env.DB.prepare(`
     INSERT OR REPLACE INTO behavioral_events (
       event_id, user_id, session_id,
       engagement_score, time_level, scroll_score, click_score, video_score, hover_score, intention_level,
@@ -812,7 +812,7 @@ context: {
 ### Estratégias para Maximizar Resiliência
 
 **1. Same-Domain Endpoint:**
-- Worker deve estar no mesmo domínio do site: `site.com/api/tracking`
+- Worker deve estar no mesmo domínio do site: `site.com/track`
 - Evita bloqueios de CORS e ad-blockers que bloqueiam requests cross-origin
 
 **2. First-Party Cookies:**
@@ -843,9 +843,9 @@ const corsHeaders = {
 - Ad-blockers podem falsificar user-agent
 - Validação deve ser baseada em token/secret, não UA
 
-**6. No Sensitive Keywords in Paths:**
-- Evitar paths com palavras que ativam ad-blockers: `/track`, `/pixel`, `/analytics`
-- Usar `/api/tracking` ou `/api/events` em vez disso
+**6. Same-Domain via Worker Route (anti-blocking):**
+- Endpoint de tracking: `/track` (Worker route same-domain — ad-blockers não bloqueiam requests same-domain)
+- A proteção real vem do same-domain, não do nome do path
 
 ---
 
@@ -972,7 +972,7 @@ CREATE INDEX IF NOT EXISTS idx_retry_scheduled ON retry_queue(scheduled_at, stat
 async function logEventSuccess(DB, platform, eventId) {
   if (!DB) return;
 
-  await DB.prepare(`
+  await env.DB.prepare(`
     UPDATE events_log
     SET status = 'success',
         retry_count = 0,
@@ -988,7 +988,7 @@ async function logEventFailure(DB, platform, eventId, errorMessage, retryCount)
   const maxRetries = 3;
   const isFinalFailure = retryCount >= maxRetries;
 
-  await DB.prepare(`
+  await env.DB.prepare(`
     UPDATE events_log
     SET status = ?,
         retry_count = ?,
@@ -1150,7 +1150,7 @@ export async function queue(batch, env) {
 
 - Gerar `wrangler.toml` completo com bindings D1, KV, R2, Queues e Cron Triggers
 - Gerar `schema.sql` com todas as tabelas: `events_log`, `identity_graph`, `leads`, `behavioral_events`, `webhook_events`, `user_profiles`
-- Gerar `worker.js` principal com endpoint `/api/tracking` (recebe eventos do browser)
+- Gerar `worker.js` principal com endpoint `/track` (recebe eventos do browser)
 - Implementar Identity Graph sync, Engagement Scoring server-side e First-Party Cookie (`_cdp_uid`)
 - Implementar Anti-Blocking: CORS same-domain, headers limpos, sem keywords bloqueáveis
 - Implementar sistema de retry com Cloudflare Queues (3-Tier: imediato → 5min → 15min → 45min)
@@ -1167,9 +1167,9 @@ export async function queue(batch, env) {
     "DEPLOY.md"
   ],
   "endpoints": {
-    "tracking":  "POST /api/tracking",
+    "tracking":  "POST /track",
     "health":    "GET  /api/health",
-    "webhooks":  "POST /api/wh/{gateway}",
+    "webhooks":  "POST /webhook/{gateway}",
     "ticto":     "POST /webhook/ticto"
   },
   "bindings_cloudflare": {

package/extracted-skill/tracking-events-generator/agents/spotify-agent.md

@@ -310,7 +310,7 @@ export async function hashPII(data) {
 | Depende de | Input Esperado | O que faz com isso |
 |-------------|----------------|------------------|
 | **Page Analyzer** | Lista de elementos HTML | Mapeia `content_name` e `content_id` |
-| **Server Tracking Agent** | Lista de plataformas | Adiciona endpoint Spotify `/api/wh/spotify` |
+| **Server Tracking Agent** | Lista de plataformas | Adiciona endpoint Spotify `/webhook/spotify` |
 | **Premium Tracking Intelligence** | Estratégia de tracking | Define eventos prioritários para Spotify |
 | **Validator Agent** | Código gerado | Valida conformidade com Spotify API v1 |
 

package/extracted-skill/tracking-events-generator/agents/webhook-agent.md

@@ -65,7 +65,7 @@ async function hashWebhookUserData(webhookPayload) {
 
 ## 📦 ENTREGÁVEIS
 
-1.  **Route Handler**: `/api/wh/{gateway}` no Worker.
+1.  **Route Handler**: `/webhook/{gateway}` no Worker.
 2.  **D1 Query**: Lógica de atualização do perfil do usuário com o status de comprador.
 3.  **CAPI Dispatch**: Envio dos dados enriquecidos para as redes de anúncio.
 
@@ -153,10 +153,10 @@ ctx.waitUntil(Promise.allSettled([
 ```json
 {
   "rotas_geradas": {
-    "hotmart":  "/api/wh/hotmart",
-    "kiwify":   "/api/wh/kiwify",
+    "hotmart":  "/webhook/hotmart",
+    "kiwify":   "/webhook/kiwify",
     "ticto":    "/webhook/ticto",
-    "stripe":   "/api/wh/stripe"
+    "stripe":   "/webhook/stripe"
   },
   "validacao_hmac": {
     "hotmart": "X-Hotmart-Hottok",