adm01-debug · adm01-debug · Mar 17, 2026 · Mar 17, 2026 · Mar 17, 2026 · Mar 17, 2026
@@ -1,3 +1,6 @@
-VITE_SUPABASE_PROJECT_ID="allrjhkpuscmgbsnmjlv"
-VITE_SUPABASE_PUBLISHABLE_KEY="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFsbHJqaGtwdXNjbWdic25tamx2Iiwicm9sZSI6ImFub24iLCJpYXQiOjE3NjU3NDc3NDQsImV4cCI6MjA4MTMyMzc0NH0.7S2yN87sjm22J9DXC7Njo7UaXQ2tHk6XMJheNVqHA74"
-VITE_SUPABASE_URL="https://allrjhkpuscmgbsnmjlv.supabase.co"
+VITE_SUPABASE_PROJECT_ID="rhqfnvvjdwvnulxybmrk"
+VITE_SUPABASE_PUBLISHABLE_KEY="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InJocWZudnZqZHd2bnVseHlibXJrIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NjkxMDYyMjcsImV4cCI6MjA4NDY4MjIyN30.Kv1vBdF0mA0cCfyQI63AdzuIvYW1uxtn6Gu8UZrqBng"
+VITE_SUPABASE_URL="https://rhqfnvvjdwvnulxybmrk.supabase.co"
+
+# EVOLUTION API
+VITE_EVOLUTION_API_URL=https://evolution.atomicabr.com.br
@@ -5,11 +5,13 @@
 
 # SUPABASE
 VITE_SUPABASE_URL=https://seu-projeto.supabase.co
-VITE_SUPABASE_ANON_KEY=sua-anon-key-aqui
+VITE_SUPABASE_PUBLISHABLE_KEY=sua-anon-key-aqui
 
 # BITRIX24 (opcional - se integrado)
 VITE_BITRIX_WEBHOOK_URL=https://promobrindes.bitrix24.com.br/rest/1/seu-webhook/
 
+# Evolution API credentials are configured as Supabase Edge Function secrets (not in frontend)
+
 # APP CONFIG
 VITE_APP_NAME=Sistema Empresarial
 VITE_APP_ENV=production
@@ -18,6 +20,19 @@ VITE_APP_ENV=production
 VITE_ENABLE_ANALYTICS=true
 VITE_ENABLE_DEBUG=false
 
+# ==============================================================================
+# SUPABASE EDGE FUNCTIONS (configurar no dashboard do Supabase)
+# ==============================================================================
+# ALLOWED_ORIGINS=https://seu-dominio.com,https://app.seu-dominio.com
+# EVOLUTION_API_URL=https://sua-evolution-api.com
+# EVOLUTION_API_KEY=sua-chave-aqui
+# WHATSAPP_VERIFY_TOKEN=seu-token-verificacao-aqui
+# RESEND_API_KEY=sua-chave-resend-aqui
+# ELEVENLABS_API_KEY=sua-chave-elevenlabs-aqui
+# MAPBOX_PUBLIC_TOKEN=seu-token-mapbox-aqui
+
 # ==============================================================================
 # IMPORTANTE: Nunca commitar o arquivo .env com valores reais!
+# Credenciais NUNCA devem ser expostas no frontend (VITE_*)
+# Use Supabase Secrets para chaves de Edge Functions
 # ==============================================================================
@@ -0,0 +1,28 @@
+# Code owners for zapp-web
+# These users/teams will be automatically requested for review
+
+# Default owners for everything
+* @zapp-team
+
+# Security-sensitive files require security team review
+supabase/migrations/ @zapp-team @security-team
+supabase/functions/_shared/jwtVerifier.ts @zapp-team @security-team
+supabase/functions/_shared/corsHandler.ts @zapp-team @security-team
+supabase/functions/_shared/ssrfGuard.ts @zapp-team @security-team
+supabase/functions/_shared/rateLimiter.ts @zapp-team @security-team
+
+# CI/CD changes require DevOps review
+.github/ @zapp-team @devops-team
+
+# Edge Functions
+supabase/functions/ @zapp-team @backend-team
+
+# Authentication and authorization
+src/hooks/useAuth.tsx @zapp-team @security-team
+src/components/auth/ @zapp-team @security-team
+supabase/functions/webauthn/ @zapp-team @security-team
+supabase/functions/approve-password-reset/ @zapp-team @security-team
+
+# Validation schemas
+src/validations/ @zapp-team @backend-team
+supabase/functions/_shared/validation.ts @zapp-team @backend-team
@@ -0,0 +1,41 @@
+---
+name: Bug Report
+about: Reportar um problema no sistema
+title: "[BUG] "
+labels: bug
+assignees: ''
+---
+
+## Descrição do Bug
+
+<!-- Descreva claramente o que está acontecendo -->
+
+## Passos para Reproduzir
+
+1. Vá para '...'
+2. Clique em '...'
+3. Role até '...'
+4. Observe o erro
+
+## Comportamento Esperado
+
+<!-- O que deveria acontecer? -->
+
+## Comportamento Atual
+
+<!-- O que realmente acontece? -->
+
+## Screenshots / Logs
+
+<!-- Se aplicável, adicione screenshots ou logs do console -->
+
+## Ambiente
+
+- Navegador: [ex: Chrome 120, Firefox 122]
+- SO: [ex: Windows 11, macOS 14]
+- Versão do sistema: [ex: v1.0.0]
+- Resolução da tela: [ex: 1920x1080]
+
+## Contexto Adicional
+
+<!-- Informações extras que podem ajudar -->
@@ -0,0 +1,33 @@
+---
+name: Feature Request
+about: Sugerir uma nova funcionalidade
+title: "[FEATURE] "
+labels: enhancement
+assignees: ''
+---
+
+## Problema
+
+<!-- Qual problema esta feature resolve? -->
+
+## Solução Proposta
+
+<!-- Descreva a solução que você gostaria -->
+
+## Alternativas Consideradas
+
+<!-- Outras abordagens que foram consideradas -->
+
+## Critérios de Aceite
+
+- [ ] ...
+- [ ] ...
+- [ ] ...
+
+## Mockup / Referência Visual
+
+<!-- Se aplicável, adicione mockups ou referências -->
+
+## Contexto Adicional
+
+<!-- Informações extras sobre a feature -->
@@ -0,0 +1,40 @@
+## Descrição
+
+<!-- O que este PR faz? Por que essa mudança é necessária? -->
+
+## Tipo de Mudança
+
+- [ ] Bug fix (correção que não quebra funcionalidade existente)
+- [ ] Feature (nova funcionalidade)
+- [ ] Breaking change (correção/feature que quebraria funcionalidade existente)
+- [ ] Refactoring (sem mudança de comportamento)
+- [ ] Documentação
+- [ ] CI/CD / Infraestrutura
+
+## Checklist
+
+### Obrigatório
+- [ ] Testes passam (`npm run test`)
+- [ ] Lint passa (`npm run lint`)
+- [ ] TypeScript compila sem erros (`npx tsc --noEmit`)
+- [ ] Build funciona (`npm run build`)
+
+### Segurança
+- [ ] Nenhum secret/credencial hardcoded
+- [ ] Inputs validados no backend (Edge Functions)
+- [ ] RLS policies revisadas (se alterou schema)
+- [ ] Sem `console.log` em código de produção
+
+### Qualidade
+- [ ] Testes adicionados/atualizados para mudanças
+- [ ] Sem `: any` desnecessário
+- [ ] Strings de UI usam i18n (`useTranslation`)
+- [ ] Componentes acessíveis (aria-labels, keyboard nav)
+
+## Screenshots (se aplicável)
+
+## Como Testar
+
+1. ...
+2. ...
+3. ...
@@ -0,0 +1,32 @@
+version: 2
+
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "zapp-team"
+    labels:
+      - "dependencies"
+      - "security"
+    commit-message:
+      prefix: "chore(deps):"
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+      development-dependencies:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "ci"
+      - "dependencies"
@@ -0,0 +1,129 @@
+name: CI
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+      - run: npm ci
+      - run: npm run lint
+
+  typecheck:
+    name: Type Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+      - run: npm ci
+      - name: Generate Supabase types
+        run: npx supabase gen types typescript --project-id "$SUPABASE_PROJECT_ID" > src/integrations/supabase/types.ts
+        env:
+          SUPABASE_PROJECT_ID: ${{ secrets.SUPABASE_PROJECT_ID }}
+          SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
+        continue-on-error: true
+      - run: npx tsc --noEmit
+
+  security:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+      - run: npm ci
+      - name: Check for known vulnerabilities
+        run: npm audit --audit-level=high
+        continue-on-error: true
+      - name: Check for secrets in code
+        run: |
+          echo "Checking for potential secrets..."
+          ! grep -rn 'sk_live\|pk_live\|AKIA[A-Z0-9]\|password\s*=\s*["\x27][^"\x27]\+["\x27]' src/ --include='*.ts' --include='*.tsx' || echo "Warning: potential secrets found"
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+      - run: npm ci
+      - name: Run tests with coverage
+        run: npx vitest run --reporter=verbose --coverage
+        env:
+          CI: true
+      - name: Upload coverage report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-report
+          path: coverage/
+          retention-days: 7
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    needs: [lint, typecheck, test, security]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+      - run: npm ci
+      - run: npm run build
+      - uses: actions/upload-artifact@v4
+        with:
+          name: build
+          path: dist/
+          retention-days: 7
+
+  deploy-preview:
+    name: Deploy Preview
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: github.event_name == 'pull_request'
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/download-artifact@v4
+        with:
+          name: build
+          path: dist/
+      - name: Deploy preview
+        run: echo "Preview deployment would go here (Vercel/Netlify/etc)"
+
+  deploy-production:
+    name: Deploy Production
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    environment: production
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/download-artifact@v4
+        with:
+          name: build
+          path: dist/
+      - name: Deploy to production
+        run: echo "Production deployment would go here"