cdp-edge 2.0.2 → 2.0.4

package/server-edge-tracker/modules/dispatch/platforms.js

@@ -0,0 +1,237 @@
+/**
+ * CDP Edge — Plataformas Adicionais
+ * Pinterest CAPI v5, Reddit CAPI v2.0, LinkedIn CAPI 202401, Spotify CAPI v1
+ */
+
+import { sha256, normalizePhone } from '../utils.js';
+import { logApiFailure } from '../db.js';
+
+// ── Pinterest Conversions API v5 ──────────────────────────────────────────────
+export async function sendPinterestCapi(env, eventName, payload, request, ctx) {
+  if (!env.PINTEREST_ACCESS_TOKEN || !env.PINTEREST_AD_ACCOUNT_ID) {
+    return { skipped: 'Pinterest credentials not set' };
+  }
+
+  const { email, phone, userId, eventId, pageUrl, value, currency, contentIds, contentName } = payload;
+  const phoneNorm = normalizePhone(phone);
+
+  const pinterestEventMap = {
+    PageView: 'pagevisit', ViewContent: 'pagevisit', Lead: 'lead', Purchase: 'checkout',
+    AddToCart: 'addtocart', InitiateCheckout: 'checkout', CompleteRegistration: 'signup',
+    Search: 'search', Contact: 'lead',
+  };
+  const pEvent = pinterestEventMap[eventName] || 'custom';
+
+  const userData = {
+    ...(email     && { em: [await sha256(email)] }),
+    ...(phoneNorm && { ph: [await sha256(phoneNorm)] }),
+    ...(userId    && { external_id: [await sha256(String(userId))] }),
+    client_ip_address: request.headers.get('CF-Connecting-IP') || '',
+    client_user_agent: request.headers.get('User-Agent') || '',
+  };
+
+  const body = {
+    data: [{
+      event_name:       pEvent,
+      action_source:    'web',
+      event_time:       Math.floor(Date.now() / 1000),
+      event_id:         eventId || `cdp_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
+      event_source_url: pageUrl || '',
+      user_data:        userData,
+      custom_data: {
+        currency:     (currency || 'BRL').toUpperCase(),
+        value:        value ? String(parseFloat(value)) : '0',
+        ...(contentIds?.length > 0 && { content_ids: contentIds.map(String) }),
+        ...(contentName            && { content_name: contentName }),
+        content_type: 'product',
+      },
+    }],
+  };
+
+  try {
+    const res = await fetch(
+      `https://api.pinterest.com/v5/ad_accounts/${env.PINTEREST_AD_ACCOUNT_ID}/events`,
+      { method: 'POST', headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${env.PINTEREST_ACCESS_TOKEN}` }, body: JSON.stringify(body) }
+    );
+    const data = await res.json();
+    if (!res.ok) {
+      const msg = data.message || data.code || String(res.status);
+      console.error('Pinterest CAPI error:', res.status, msg);
+      if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'pinterest', eventName, String(res.status), msg, body.data[0].event_id, JSON.stringify(body)));
+    }
+    return data;
+  } catch (err) {
+    console.error('Pinterest CAPI fetch failed:', err.message);
+    if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'pinterest', eventName, 'FETCH_ERROR', err.message, null, JSON.stringify(body)));
+    return { error: err.message };
+  }
+}
+
+// ── Reddit Conversions API v2.0 ───────────────────────────────────────────────
+export async function sendRedditCapi(env, eventName, payload, request, ctx) {
+  if (!env.REDDIT_ACCESS_TOKEN || !env.REDDIT_AD_ACCOUNT_ID) {
+    return { skipped: 'Reddit credentials not set' };
+  }
+
+  const { email, phone, userId, eventId, pageUrl, value, currency } = payload;
+  const phoneNorm = normalizePhone(phone);
+
+  const redditEventMap = {
+    PageView: 'PageVisit', ViewContent: 'ViewContent', Lead: 'Lead', Purchase: 'Purchase',
+    AddToCart: 'AddToCart', InitiateCheckout: 'Purchase', CompleteRegistration: 'SignUp',
+    Search: 'Search', Contact: 'Lead',
+  };
+  const rEvent = redditEventMap[eventName] || 'Custom';
+
+  const user = {
+    ...(email     && { email:       { value: await sha256(email) } }),
+    ...(phoneNorm && { phoneNumber: { value: await sha256(phoneNorm) } }),
+    ...(userId    && { externalId:  { value: await sha256(String(userId)) } }),
+    ipAddress: { value: request.headers.get('CF-Connecting-IP') || '' },
+    userAgent: { value: request.headers.get('User-Agent') || '' },
+  };
+
+  const event = {
+    event_at:   new Date().toISOString(),
+    event_type: { tracking_type: rEvent, ...(eventName === 'InitiateCheckout' && { conversion_type: 'BEGIN_CHECKOUT' }) },
+    click_id:   payload.rdtClid || '',
+    event_metadata: {
+      currency:      (currency || 'BRL').toUpperCase(),
+      value_decimal: String(value || 0),
+      item_count:    '1',
+      conversion_id: eventId || `cdp_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
+    },
+    user,
+  };
+
+  const body = { events: [event] };
+
+  try {
+    const res = await fetch(
+      `https://ads-api.reddit.com/api/v2.0/conversions/events/${env.REDDIT_AD_ACCOUNT_ID}`,
+      { method: 'POST', headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${env.REDDIT_ACCESS_TOKEN}` }, body: JSON.stringify(body) }
+    );
+    if (!res.ok) {
+      const txt = await res.text();
+      console.error('Reddit CAPI error:', txt);
+      if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'reddit', eventName, String(res.status), txt, event.event_metadata.conversion_id, JSON.stringify(body)));
+      return { error: `HTTP ${res.status}` };
+    }
+    return await res.json();
+  } catch (err) {
+    console.error('Reddit CAPI fetch failed:', err.message);
+    if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'reddit', eventName, 'FETCH_ERROR', err.message, null, JSON.stringify(body)));
+    return { error: err.message };
+  }
+}
+
+// ── LinkedIn Conversions API (LinkedIn-Version: 202401) ───────────────────────
+export async function sendLinkedInCapi(env, eventName, payload, request, ctx) {
+  if (!env.LINKEDIN_ACCESS_TOKEN || !env.LINKEDIN_CONVERSION_ID) {
+    return { skipped: 'LinkedIn credentials not set' };
+  }
+
+  const { email, phone, firstName, lastName, userId, eventId, pageUrl, value, currency } = payload;
+  const phoneNorm = normalizePhone(phone);
+
+  const linkedInEventMap = {
+    Lead: 'LEAD', Purchase: 'PURCHASE', CompleteRegistration: 'REGISTRATION',
+    AddToCart: 'ADD_TO_CART', InitiateCheckout: 'OTHER', ViewContent: 'OTHER',
+    PageView: 'OTHER', Contact: 'LEAD',
+  };
+
+  const userInfo = {
+    ...(email     && { 'SHA256_EMAIL':      await sha256(email) }),
+    ...(phoneNorm && { 'SHA256_PHONE':      await sha256(phoneNorm) }),
+    ...(firstName && { 'SHA256_FIRST_NAME': await sha256(firstName.toLowerCase().trim()) }),
+    ...(lastName  && { 'SHA256_LAST_NAME':  await sha256(lastName.toLowerCase().trim()) }),
+  };
+
+  const body = {
+    conversion:    `urn:li:conversion:${env.LINKEDIN_CONVERSION_ID}`,
+    conversionHappenedAt: Date.now(),
+    conversionValue: value ? { currencyCode: (currency || 'BRL').toUpperCase(), amount: String(parseFloat(value)) } : undefined,
+    eventId: eventId || `cdp_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
+    ...(Object.keys(userInfo).length > 0 && { user: { userIds: Object.entries(userInfo).map(([idType, idValue]) => ({ idType, idValue })) } }),
+  };
+
+  try {
+    const res = await fetch('https://api.linkedin.com/rest/conversionEvents', {
+      method:  'POST',
+      headers: {
+        'Content-Type':              'application/json',
+        Authorization:               `Bearer ${env.LINKEDIN_ACCESS_TOKEN}`,
+        'LinkedIn-Version':          '202401',
+        'X-Restli-Protocol-Version': '2.0.0',
+      },
+      body: JSON.stringify(body),
+    });
+    if (!res.ok) {
+      const txt = await res.text();
+      console.error('LinkedIn CAPI error:', txt);
+      if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'linkedin', eventName, String(res.status), txt, body.eventId, JSON.stringify(body)));
+      return { error: `HTTP ${res.status}` };
+    }
+    return { ok: true };
+  } catch (err) {
+    console.error('LinkedIn CAPI fetch failed:', err.message);
+    if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'linkedin', eventName, 'FETCH_ERROR', err.message, null, JSON.stringify(body)));
+    return { error: err.message };
+  }
+}
+
+// ── Spotify Conversions API v1 ────────────────────────────────────────────────
+export async function sendSpotifyCapi(env, eventName, payload, request, ctx) {
+  if (!env.SPOTIFY_ACCESS_TOKEN || !env.SPOTIFY_AD_ACCOUNT_ID) {
+    return { skipped: 'Spotify credentials not set' };
+  }
+
+  const { email, phone, userId, eventId, pageUrl, value, currency } = payload;
+  const phoneNorm = normalizePhone(phone);
+
+  const spotifyEventMap = {
+    Purchase: 'PURCHASE', Lead: 'LEAD', CompleteRegistration: 'SIGN_UP',
+    AddToCart: 'ADD_TO_CART', InitiateCheckout: 'INITIATE_CHECKOUT',
+    ViewContent: 'VIEW_CONTENT', PageView: 'PAGE_VIEW', Contact: 'LEAD',
+  };
+  const spEvent = spotifyEventMap[eventName] || 'CUSTOM';
+
+  const user = {
+    ...(email     && { hashed_email: await sha256(email) }),
+    ...(phoneNorm && { hashed_phone: await sha256(phoneNorm) }),
+    ...(userId    && { user_id: userId }),
+    ip_address: request.headers.get('CF-Connecting-IP') || '',
+    user_agent: request.headers.get('User-Agent') || '',
+  };
+
+  const body = {
+    data: [{
+      event_id:   eventId || `cdp_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
+      event_type: spEvent,
+      event_time: Math.floor(Date.now() / 1000),
+      url:        pageUrl || '',
+      user,
+      ...(value !== undefined && {
+        value: { currency: (currency || 'BRL').toUpperCase(), amount: parseFloat(value) },
+      }),
+    }],
+  };
+
+  try {
+    const res = await fetch(
+      `https://advertising-api.spotify.com/conversion/v1/accounts/${env.SPOTIFY_AD_ACCOUNT_ID}/events`,
+      { method: 'POST', headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${env.SPOTIFY_ACCESS_TOKEN}` }, body: JSON.stringify(body) }
+    );
+    if (!res.ok) {
+      const txt = await res.text();
+      console.error('Spotify CAPI error:', txt);
+      if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'spotify', eventName, String(res.status), txt, body.data[0].event_id, JSON.stringify(body)));
+      return { error: `HTTP ${res.status}` };
+    }
+    return await res.json();
+  } catch (err) {
+    console.error('Spotify CAPI fetch failed:', err.message);
+    if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'spotify', eventName, 'FETCH_ERROR', err.message, null, JSON.stringify(body)));
+    return { error: err.message };
+  }
+}

package/server-edge-tracker/modules/dispatch/tiktok.js

@@ -0,0 +1,100 @@
+/**
+ * CDP Edge — TikTok Events API v1.3
+ * Envia eventos server-side para a TikTok Events API.
+ */
+
+import { sha256, normalizePhone } from '../utils.js';
+import { logApiFailure } from '../db.js';
+
+export async function sendTikTokApi(env, eventName, payload, request, ctx) {
+  if (!env.TIKTOK_ACCESS_TOKEN) return { skipped: 'TIKTOK_ACCESS_TOKEN not set' };
+
+  const pixelId = env.TIKTOK_PIXEL_ID;
+  if (!pixelId || pixelId === 'SEU_TIKTOK_PIXEL_ID') return { skipped: 'TIKTOK_PIXEL_ID not configured' };
+
+  const {
+    email, phone, firstName, lastName,
+    fbp, fbc, ttp, ttclid, userId,
+    eventId, pageUrl,
+    value, currency,
+    contentIds, contentName, contentType,
+  } = payload;
+
+  const phoneNorm = normalizePhone(phone);
+
+  const user = {
+    ...(email      && { email:        await sha256(email) }),
+    ...(phoneNorm  && { phone_number: await sha256(phoneNorm) }),
+    ...(userId     && { external_id:  await sha256(String(userId)) }),
+    ...(ttp        && { ttp }),
+    ...(ttclid     && { ttclid }),
+  };
+
+  const properties = {
+    ...(value       !== undefined && { value: parseFloat(value) }),
+    ...(currency    && { currency: String(currency).toUpperCase() }),
+    ...(contentIds  && contentIds.length > 0 && {
+      contents: contentIds.map(id => ({
+        content_id:   String(id),
+        content_name: contentName || '',
+        content_type: contentType || 'product',
+        quantity:     1,
+        price:        value ? parseFloat(value) : 0,
+      })),
+    }),
+  };
+
+  const event = {
+    event:      eventName,
+    event_time: Math.floor(Date.now() / 1000),
+    event_id:   eventId || `cdp_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
+    user,
+    page: {
+      url:      pageUrl || `https://${env.SITE_DOMAIN}`,
+      referrer: request.headers.get('Referer') || '',
+    },
+    ...(Object.keys(properties).length > 0 && { properties }),
+    context: {
+      ip:         request.headers.get('CF-Connecting-IP') || '',
+      user_agent: request.headers.get('User-Agent') || '',
+    },
+  };
+
+  const body = {
+    event_source:    'web',
+    event_source_id: pixelId,
+    data:            [event],
+  };
+
+  // Endpoint canônico: sempre /v1.3/event/track/
+  const endpoint = 'https://business-api.tiktok.com/open_api/v1.3/event/track/';
+
+  try {
+    const res = await fetch(endpoint, {
+      method:  'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Access-Token':  env.TIKTOK_ACCESS_TOKEN,
+      },
+      body: JSON.stringify(body),
+    });
+
+    const data = await res.json();
+    if (!res.ok || data.code !== 0) {
+      console.error('TikTok Events API error:', res.status, data.message || data.code || 'unknown');
+
+      if (env.DB && ctx) {
+        ctx.waitUntil(logApiFailure(env.DB, 'tiktok', eventName, String(data.code || res.status), data.message || 'TikTok API error', event.event_id, JSON.stringify(body)));
+      }
+    }
+    return data;
+  } catch (err) {
+    console.error('TikTok Events API fetch failed:', err.message);
+
+    if (env.DB && ctx) {
+      ctx.waitUntil(logApiFailure(env.DB, 'tiktok', eventName, 'FETCH_ERROR', err.message, null, JSON.stringify(body)));
+    }
+
+    return { error: err.message };
+  }
+}

package/server-edge-tracker/modules/dispatch/whatsapp.js

@@ -0,0 +1,233 @@
+/**
+ * CDP Edge — WhatsApp Cloud API v22.0 + HMAC Verification
+ * sendWhatsApp, processWhatsAppWebhook, verifyHmac, sendCallMeBot
+ */
+
+import { sha256, normalizePhone } from '../utils.js';
+import { saveLead, logApiFailure } from '../db.js';
+
+// ── sendWhatsApp — envia mensagem via Meta Cloud API ──────────────────────────
+export async function sendWhatsApp(env, tipo, payload, options = {}) {
+  if (!env.WHATSAPP_PHONE_NUMBER_ID || !env.WHATSAPP_ACCESS_TOKEN || !env.WA_NOTIFY_NUMBER) {
+    return { skipped: 'WhatsApp não configurado' };
+  }
+
+  const to = options.to || env.WA_NOTIFY_NUMBER;
+
+  if (options.template) {
+    const { name, language = 'pt_BR', components = [] } = options.template;
+    const body = { messaging_product: 'whatsapp', to, type: 'template', template: { name, language: { code: language }, components } };
+    return _sendWARequest(env, body);
+  }
+
+  if (options.mediaType && options.mediaUrl) {
+    const mediaPayload = { link: options.mediaUrl };
+    if (options.caption) mediaPayload.caption = options.caption;
+    if (options.filename) mediaPayload.filename = options.filename;
+    const body = { messaging_product: 'whatsapp', to, type: options.mediaType, [options.mediaType]: mediaPayload };
+    return _sendWARequest(env, body);
+  }
+
+  if (options.interactive === 'buttons' && options.buttons?.length) {
+    const body = {
+      messaging_product: 'whatsapp', to, type: 'interactive',
+      interactive: {
+        type: 'button',
+        body: { text: options.bodyText || '' },
+        action: {
+          buttons: options.buttons.slice(0, 3).map(b => ({ type: 'reply', reply: { id: b.id, title: b.title } })),
+        },
+      },
+    };
+    return _sendWARequest(env, body);
+  }
+
+  if (options.interactive === 'list' && options.rows?.length) {
+    const body = {
+      messaging_product: 'whatsapp', to, type: 'interactive',
+      interactive: {
+        type: 'list',
+        body: { text: options.bodyText || '' },
+        action: { button: options.listButton || 'Ver opções', sections: [{ rows: options.rows.slice(0, 10) }] },
+      },
+    };
+    return _sendWARequest(env, body);
+  }
+
+  // Text fallback (dentro da janela de 24h)
+  const nome    = [payload.firstName, payload.lastName].filter(Boolean).join(' ') || 'sem nome';
+  const valor   = payload.value ? `R$ ${parseFloat(payload.value).toFixed(2)}` : '—';
+  const utm     = payload.utmSource || 'direto';
+  const produto = payload.contentName || '';
+
+  let texto = '';
+  if (tipo === 'Purchase') {
+    texto =
+      `🛒 *Nova Venda!*\n\n` +
+      `👤 ${nome}\n📧 ${payload.email || '—'}\n📱 ${payload.phone || '—'}\n` +
+      `💰 ${valor}\n${produto ? `📦 ${produto}\n` : ''}` +
+      `🔗 UTM: ${utm}\n🕐 ${new Date().toLocaleString('pt-BR', { timeZone: 'America/Sao_Paulo' })}`;
+  } else if (tipo === 'Lead') {
+    texto =
+      `📋 *Novo Lead!*\n\n` +
+      `📧 ${payload.email || '—'}\n🔗 UTM: ${utm}\n` +
+      `🌐 ${payload.pageUrl || '—'}\n🕐 ${new Date().toLocaleString('pt-BR', { timeZone: 'America/Sao_Paulo' })}`;
+  } else {
+    return { skipped: `tipo ${tipo} não suportado sem template` };
+  }
+
+  return _sendWARequest(env, { messaging_product: 'whatsapp', to, type: 'text', text: { body: texto } });
+}
+
+// ── _sendWARequest — executor interno ─────────────────────────────────────────
+async function _sendWARequest(env, body) {
+  try {
+    const res = await fetch(`https://graph.facebook.com/v22.0/${env.WHATSAPP_PHONE_NUMBER_ID}/messages`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${env.WHATSAPP_ACCESS_TOKEN}` },
+      body: JSON.stringify(body),
+    });
+    const data = await res.json();
+    if (!res.ok) console.error('WhatsApp Meta API error:', res.status, data.error?.message || 'unknown');
+    return { ok: res.ok, status: res.status, data };
+  } catch (err) {
+    console.error('WhatsApp Meta API failed:', err.message);
+    return { ok: false, error: err.message };
+  }
+}
+
+// ── sendCallMeBot — alertas de sistema via WhatsApp ───────────────────────────
+export async function sendCallMeBot(env, mensagem) {
+  if (!env.CALLMEBOT_PHONE || !env.CALLMEBOT_APIKEY) {
+    return { skipped: 'CallMeBot não configurado' };
+  }
+  try {
+    const url = `https://api.callmebot.com/whatsapp.php?phone=${encodeURIComponent(env.CALLMEBOT_PHONE)}&text=${encodeURIComponent(mensagem)}&apikey=${env.CALLMEBOT_APIKEY}`;
+    const res = await fetch(url);
+    return { ok: res.ok, status: res.status };
+  } catch (err) {
+    console.error('CallMeBot failed:', err.message);
+    return { ok: false, error: err.message };
+  }
+}
+
+// ── processWhatsAppWebhook — CTWA (Click to WhatsApp) ────────────────────────
+export async function processWhatsAppWebhook(env, body, request, ctx) {
+  const entry  = body?.entry?.[0];
+  const change = entry?.changes?.find(c => c.field === 'messages');
+  if (!change) return { skipped: 'no messages field' };
+
+  const messages = change.value?.messages;
+  if (!messages || messages.length === 0) return { skipped: 'no messages' };
+
+  const results = [];
+
+  for (const message of messages) {
+    const phone       = message.from;
+    const wamid       = message.id;
+    const referral    = message.referral || {};
+    const ctwaClid    = referral.ctwa_clid  || null;
+    const adId        = referral.source_id  || null;
+    const sourceUrl   = referral.source_url || null;
+    const headline    = referral.headline   || null;
+    const messageBody = message.text?.body  || message.type || '';
+
+    if (!phone) { results.push({ skipped: 'no phone' }); continue; }
+
+    const phoneNorm = normalizePhone(phone) || phone;
+    const phoneHash = await sha256(phoneNorm);
+
+    // Deduplicação por wamid
+    if (env.DB && wamid) {
+      try {
+        const existing = await env.DB.prepare('SELECT id FROM whatsapp_contacts WHERE wamid = ?').bind(wamid).first();
+        if (existing) { results.push({ skipped: 'duplicate wamid', wamid }); continue; }
+      } catch { /* não bloquear se D1 falhar */ }
+    }
+
+    const eventId = `ctwa_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+
+    if (env.DB) {
+      ctx.waitUntil(
+        env.DB.prepare(
+          `INSERT OR IGNORE INTO whatsapp_contacts (phone_hash, phone_raw, wamid, ctwa_clid, ad_id, source_url, headline, capi_sent, capi_event_id, message_body) VALUES (?,?,?,?,?,?,?,0,?,?)`
+        ).bind(phoneHash, phoneNorm, wamid || null, ctwaClid, adId, sourceUrl, headline, eventId, messageBody || null).run()
+      );
+    }
+
+    const capiEvent = {
+      event_name:    'Contact',
+      event_time:    Math.floor(Date.now() / 1000),
+      event_id:      eventId,
+      action_source: 'chat',
+      user_data: {
+        ph: phoneHash,
+        ...(ctwaClid && { ctwa_clid: ctwaClid }),
+        client_ip_address: request.headers.get('CF-Connecting-IP') || '',
+        client_user_agent: request.headers.get('User-Agent') || '',
+      },
+      ...(sourceUrl && { event_source_url: sourceUrl }),
+    };
+
+    ctx.waitUntil(
+      (async () => {
+        try {
+          const requestBody = { data: [capiEvent], access_token: env.META_ACCESS_TOKEN };
+          if (env.META_TEST_CODE) requestBody.test_event_code = env.META_TEST_CODE;
+
+          const res = await fetch(
+            `https://graph.facebook.com/v22.0/${env.META_PIXEL_ID}/events`,
+            { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(requestBody) }
+          );
+          const data = await res.json();
+
+          if (res.ok && env.DB && wamid) {
+            await env.DB.prepare('UPDATE whatsapp_contacts SET capi_sent = 1 WHERE wamid = ?').bind(wamid).run();
+          } else if (!res.ok) {
+            console.error('[CTWA] Meta CAPI error:', res.status, data.error?.message || 'unknown');
+            if (env.DB) {
+              await logApiFailure(env.DB, 'meta', 'Contact', data.error?.code || res.status, data.error?.message || 'CTWA CAPI error', eventId, JSON.stringify(requestBody));
+            }
+          }
+        } catch (err) {
+          console.error('[CTWA] Meta CAPI fetch failed:', err.message);
+        }
+      })()
+    );
+
+    ctx.waitUntil(
+      saveLead(env, 'Contact', {
+        phone: phoneNorm, eventId, pageUrl: sourceUrl,
+        utmSource: 'whatsapp_ctwa', utmMedium: 'paid_social',
+      }, request, 'whatsapp')
+    );
+
+    results.push({ ok: true, phone: phoneNorm.slice(0, 4) + '****', ctwa_clid: ctwaClid ? 'present' : 'absent', event_id: eventId });
+  }
+
+  return { processed: results.length, results };
+}
+
+// ── verifyHmac — validação constant-time de assinatura HMAC-SHA256 ─────────────
+export async function verifyHmac(secret, rawBody, receivedSignature) {
+  if (!secret || !receivedSignature) return false;
+  try {
+    const key = await crypto.subtle.importKey(
+      'raw',
+      new TextEncoder().encode(secret),
+      { name: 'HMAC', hash: 'SHA-256' },
+      false,
+      ['sign']
+    );
+    const sig = await crypto.subtle.sign('HMAC', key, new TextEncoder().encode(rawBody));
+    const computed = Array.from(new Uint8Array(sig)).map(b => b.toString(16).padStart(2, '0')).join('');
+    if (computed.length !== receivedSignature.length) return false;
+    let diff = 0;
+    for (let i = 0; i < computed.length; i++) {
+      diff |= computed.charCodeAt(i) ^ receivedSignature.charCodeAt(i);
+    }
+    return diff === 0;
+  } catch {
+    return false;
+  }
+}