Merge 17 open PRs (with conflict resolution + dep alignment)

.claude/settings.json

@@ -0,0 +1,4 @@
+{
+  "$schema": "https://json.schemastore.org/claude-code-settings.json",
+  "_comment": "MCP servers are declared in .mcp.json but NOT auto-enabled here. Each contributor opts in via their own ~/.claude/settings.json or with `claude --add-mcp` so a fresh checkout never grants tool access by default. See README.md for the per-contributor setup."
+}

.env.example

@@ -19,6 +19,9 @@ VITE_EXTERNAL_SUPABASE_ANON_KEY=your-external-anon-key
 # ==============================================================================
 EVOLUTION_API_URL=https://evolution.atomicabr.com.br
 EVOLUTION_API_KEY=sua-evolution-api-key
+# Anti-ban: força uma versão conhecida-boa do WhatsApp Web na sessão Baileys.
+# Atualizar quando o WA quebrar (verificar issue EvolutionAPI/#2437).
+CONFIG_SESSION_PHONE_VERSION=2.3000.1033773198
 
 # Webhook signature secret(s). Single value for legacy mode, OR a comma-separated
 # list for zero-downtime rotation. When rotating: deploy with [new,old] →

.github/workflows/ci.yml

@@ -14,6 +14,13 @@ on:
     branches: [main, develop]
   workflow_dispatch:
 
+# Default to read-only at the workflow level; only the `test` job needs to
+# post a PR comment with the vitest tail on failure, so write scopes are
+# granted at the job level instead of repo-wide. Keeps third-party actions
+# in other jobs (build / e2e / smoke) on read-only tokens.
+permissions:
+  contents: read
+
 env:
   NODE_VERSION: '20'
   VITE_SUPABASE_URL: ${{ secrets.VITE_SUPABASE_URL }}
@@ -28,12 +35,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 📥 Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
       - name: 📦 Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ env.NODE_VERSION }}
 
@@ -70,25 +77,87 @@ jobs:
     name: 🧪 Unit Tests
     runs-on: ubuntu-latest
     needs: lint-and-typecheck
+    # Scoped here (not workflow-wide): only the failure-comment step needs
+    # to post on the PR. Build / e2e / smoke remain read-only.
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
     steps:
       - name: 📥 Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: 📦 Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ env.NODE_VERSION }}
 
       - name: 📚 Install dependencies
         run: npm install --no-audit --no-fund
 
       - name: 🧪 Run Vitest
-        run: npm run test -- --reporter=verbose
+        id: vitest
+        run: |
+          set -o pipefail
+          npm run test -- --reporter=verbose --bail=1 2>&1 | tee vitest-output.log
         env:
           CI: true
 
+      - name: 📜 Print last 200 lines on failure (so it shows in the job page)
+        if: failure() && steps.vitest.conclusion == 'failure'
+        run: |
+          echo "::group::Vitest tail"
+          tail -200 vitest-output.log || true
+          echo "::endgroup::"
+
+      - name: 💬 Post Vitest tail as PR comment on failure
+        # Skip on forked PRs: GITHUB_TOKEN is downgraded to read-only there
+        # regardless of `permissions:` overrides (security default), so the
+        # createComment call would fail noisily. Compare full_name (not the
+        # `.fork` flag, which only tells you if the *source* repo is itself a
+        # fork of someone else's, not whether THIS PR is cross-repo).
+        if: |
+          failure()
+          && steps.vitest.conclusion == 'failure'
+          && github.event_name == 'pull_request'
+          && github.event.pull_request.head.repo.full_name == github.repository
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            const tail = fs.readFileSync('vitest-output.log', 'utf8').split('\n').slice(-200).join('\n');
+            // Use HEAD of the tail (not the trailing 60k chars) so the failure
+            // header (assertion message + source location) survives truncation.
+            // Vitest puts the noisy stack/teardown last; head gives us value.
+            const trimmed = tail.length > 60_000 ? tail.slice(0, 60_000) + '\n…[truncated]' : tail;
+            // 4-backtick fence so any embedded ``` in the vitest output
+            // (markdown in assertions, snapshot diffs, fixture JSON) does not
+            // close the outer fence and leak the rest of the log as raw md.
+            const body = [
+              '🧪 **Unit Tests failed** — last 200 lines of vitest output:',
+              '',
+              '````',
+              trimmed,
+              '````',
+            ].join('\n');
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body,
+            });
+
+      - name: 📦 Upload Vitest log on failure
+        if: failure()
+        uses: actions/upload-artifact@v7
+        with:
+          name: vitest-output
+          path: vitest-output.log
+          retention-days: 7
+          if-no-files-found: warn
+
       - name: 📊 Upload coverage report
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         if: always()
         with:
           name: coverage-report
@@ -104,10 +173,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 📥 Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: 🦕 Setup Deno
-        uses: denoland/setup-deno@v1
+        uses: denoland/setup-deno@v2
         with:
           deno-version: v1.x
 
@@ -133,13 +202,13 @@ jobs:
     needs: [test, deno-edge-tests]
     steps:
       - name: 📥 Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: 📦 Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ env.NODE_VERSION }}
       - name: 🦕 Setup Deno
-        uses: denoland/setup-deno@v1
+        uses: denoland/setup-deno@v2
         with:
           deno-version: v1.x
       - name: 📚 Install dependencies
@@ -156,10 +225,10 @@ jobs:
     needs: [lint-and-typecheck, deno-edge-tests, smoke-pre-deploy]
     steps:
       - name: 📥 Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: 📦 Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ env.NODE_VERSION }}
 
@@ -175,7 +244,7 @@ jobs:
           VITE_EXTERNAL_SUPABASE_ANON_KEY: ${{ secrets.VITE_EXTERNAL_SUPABASE_ANON_KEY }}
 
       - name: 📦 Upload build artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: dist
           path: dist/
@@ -207,18 +276,18 @@ jobs:
         shard: ['1/2', '2/2']
     steps:
       - name: 📥 Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: 📦 Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ env.NODE_VERSION }}
 
       - name: 📚 Install dependencies
         run: npm install --no-audit --no-fund
 
       - name: 📦 Download build artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8
         with:
           name: dist
           path: dist/
@@ -243,7 +312,7 @@ jobs:
           PLAYWRIGHT_ALL_BROWSERS: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && '1' || '0' }}
 
       - name: 📊 Upload Playwright report
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         if: always()
         with:
           name: playwright-report-shard-${{ strategy.job-index }}
@@ -260,10 +329,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 📥 Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: 📦 Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ env.NODE_VERSION }}
 

.gitignore

@@ -148,6 +148,15 @@ supabase/.temp/
 *_old*
 *.orig
 
+# ====================
+# PYTHON
+# ====================
+# Bytecode + caches generated by `python -m py_compile` syntax checks
+# during dev / CI on the rabbit-consumer scripts under infra/.
+__pycache__/
+*.py[cod]
+*$py.class
+
 # ====================
 # OUTROS
 # ====================

.mcp.json

@@ -0,0 +1,12 @@
+{
+  "mcpServers": {
+    "portainer": {
+      "type": "http",
+      "url": "https://portainer-mcp.atomicabr.com.br/mcp"
+    },
+    "evolution": {
+      "type": "http",
+      "url": "https://evolution-mcp.adm01.workers.dev/mcp"
+    }
+  }
+}