diff --git a/.gitignore b/.gitignore
index 1dd5a6c..6901089 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,7 +5,9 @@ coverage
 .nitro
 .cache
 .output
-# .env
+.env
+.env.local
+.env.*.local
 dist/
 dist-*/
 .DS_Store
@@ -16,6 +18,10 @@ api-generator/typedoc.json
 Dev-documentacao/
 supabase/*
 !supabase/functions/
+# Mas os .env dentro de functions NÃO vão pro git (sobrescreve a negação acima)
+supabase/functions/.env
+supabase/functions/.env.local
+supabase/functions/.env.*
 evolution-api/
 
 # Backups locais do banco — não comitar (regeneráveis via db.cjs backup)
@@ -27,3 +33,8 @@ playwright-report/
 
 # Config local do Claude Code (cada dev tem o seu)
 .claude/settings.local.json
+
+# Notas locais do dev e rascunhos de commit — não subir
+informacoes Gerais.txt
+pasteds.txt
+commit.txt
diff --git a/Atestado_Psicológico_1774873197838.pdf b/Atestado_Psicológico_1774873197838.pdf
deleted file mode 100644
index 35e27fe..0000000
Binary files a/Atestado_Psicológico_1774873197838.pdf and /dev/null differ
diff --git a/Atestado_Psicológico_1774873520538.pdf b/Atestado_Psicológico_1774873520538.pdf
deleted file mode 100644
index 5f3d12d..0000000
Binary files a/Atestado_Psicológico_1774873520538.pdf and /dev/null differ
diff --git a/HANDOFF.md b/HANDOFF.md
index 4565daa..8736ac3 100644
--- a/HANDOFF.md
+++ b/HANDOFF.md
@@ -1,4 +1,4 @@
-# HANDOFF — 2026-04-19 (após Sessões 1-10)
+# HANDOFF — 2026-04-21 (CRM WhatsApp Grupo 3 + Marco B/credits + Asaas + polimento)
 
 Documento de continuidade. **Quando voltar, comece lendo esta página.**
 Todo o estado vive no banco (`/saas/desenvolvimento` → Auditoria/Verificações/Testes).
@@ -9,107 +9,165 @@ Todo o estado vive no banco (`/saas/desenvolvimento` → Auditoria/Verificaçõe
 
 | | |
 |---|---|
-| **A# auditoria** abertos | **1** (A#31 — reformular pra "Preparação pra deploy") |
-| **V# verificações** abertos | 14 (todos médios/baixos adiados, plano completo no DB) |
 | **🔴 Críticos** | **0** ✅ |
 | **🟠 Altos** | **0** ✅ |
-| **Áreas auditadas** | **15** (todas as principais do SaaS) |
+| 🟡 Médios adiados | 8 |
+| 🟢 Baixos adiados | 7 |
 | Vitest | 208/208 |
 | SQL integration | 33/33 |
 | E2E (Playwright) | 5/5 |
-| Migrations totais | 18 |
-| Último commit | `d6eb992` (pushed ao Gitea) |
+| Migrations totais | **36** (23 → 36) |
+| Edge functions | **20** |
+| Fases Opção C concluídas | **5 + 5b + Grupo 3 inteiro + Marco A + Marco B (Asaas) + admin SaaS** |
 
 ---
 
-## 🎯 Próxima sessão — A#31-rev (Preparação pra deploy)
+## 🎯 O que rolou hoje (2026-04-21)
 
-**Contexto:** A#31 era "Deploy real" mas você não tem cloud Supabase nem
-secrets reais ainda (MVP). Precisa virar **preparação** — deixar tudo
-pronto pra quando criar a cloud você executar sozinho com mínimo atrito.
+### ✅ Grupo 3 completo — Workflow / CRM
 
-**Tarefas (~2-3h, zero risco):**
+- **3.1 Tags** — migration `conversation_tags` + 5 system tags seed · composable `useConversationTags.js` · popover + pills no drawer · pills nos cards do Kanban
+- **3.2 Atribuição de conversa a terapeuta** (HOJE de tarde) — migration `conversation_assignments` (PK `(tenant_id, thread_key)`, UPSERT, RLS membro-ativo + valida assignee como membro do mesmo tenant) + view `conversation_threads` expandida com `assigned_to` · composable `useConversationAssignment.js` · drawer com Select filtrável + "Assumir" · inbox com filtro aside "Todas/Minhas/Não atribuídas" + chip no card
+- **3.3 Notas internas** — `conversation_notes` + composable + seção colapsável no drawer
+- **3.5 Converter número desconhecido em paciente** — botão + dialog quick-cadastro e "Vincular existente" com Select filter + 500 pacientes
+- **3.6 Histórico de conversa no prontuário** (HOJE) — nova aba "Conversas" no `PatientProntuario.vue` com `PatientConversationsTab.vue` (stats + filter + timeline + mídia + "Abrir no CRM")
 
-1. **`DEPLOY.md`** na raiz — checklist de 8 passos com comandos exatos +
-   diagnóstico de erros comuns + ordem de execução
-2. **Validar migrations num container limpo** — recriar banco do zero,
-   aplicar as 18 migrations + seeds em ordem, garantir zero erro
-3. **`.env.example`** completo — todas VITE_ vars + cada secret de edge
-   function listado com instrução
-4. **Auditoria das edge functions** — CORS, fallback de env var ausente,
-   error handling. Documentar quais env cada uma precisa
-5. **Script `db.cjs deploy-check`** — comando que valida pré-condições
-   antes de deploy (ordena migrations, verifica diffs, lista secrets)
-6. **Atualizar HANDOFF.md** com seção "Pra deployar"
+### ✅ Marco A — Unificação WhatsApp (dois providers)
 
-**Quando voltar, é só dizer "começa A#31-rev" e eu sigo o plano.**
+- **Evolution (pessoal, free)** + **Twilio (AgenciaPSI Oficial, créditos)** — mutuamente exclusivos por tenant
+- Página chooser `ConfiguracoesWhatsappChooserPage.vue` com 2 cards + deactivate via edge `deactivate-notification-channel`
+- `send-whatsapp-message` refatorada — roteamento por provider; Twilio deduz crédito ANTES e refunda em falha
+- **Paridade Twilio** (HOJE) — módulo compartilhado `supabase/functions/_shared/whatsapp-hooks.ts` (provider-agnóstico) consumido por Evolution **e** Twilio inbound. Hooks: opt-in/opt-out/auto-reply + schedule helpers + `makeTwilioCreditedSendFn` (dedução + rollback). Evolution refatorado (~290 linhas duplicadas removidas). Twilio agora roda mesmo pipeline de hooks (antes só inseria a mensagem e saía)
+
+### ✅ Marco B — Sistema de créditos WhatsApp + Asaas
+
+- Migration `whatsapp_credits` (4 tabelas: balance, transactions, packages, purchases) + 2 RPCs atômicas (`add_whatsapp_credits`, `deduct_whatsapp_credits`)
+- Edge `create-whatsapp-credit-charge` — integração Asaas v3 (PIX sandbox + prod); `getOrCreateAsaasCustomer` patcha customer existente com CPF quando falta
+- Edge `asaas-webhook` — recebe `PAYMENT_RECEIVED/CONFIRMED` e credita balance
+- Página tenant `/configuracoes/creditos-whatsapp` — saldo + loja + histórico + dialog PIX com QR code
+- **CPF/CNPJ no dialog de compra** (HOJE) — migration `20260421000013_tenant_cpf_cnpj.sql` (coluna + CHECK 11/14 dígitos), dialog de confirmação com validação (`isValidCPF`/`isValidCNPJ` de `utils/validators`), formatação on-blur, pré-fill de `tenants.cpf_cnpj`, persiste automaticamente no primeiro uso. Fallback sandbox removido
+
+### ✅ Admin SaaS — gestão de créditos (HOJE)
+
+Integrado em `/saas/addons` (reuso do pattern existente, não criou página paralela):
+- **Aba 4 "Pacotes WhatsApp"** — CRUD `whatsapp_credit_packages` com DataTable (destaque, posição, preço + BRL/msg), toggle `is_active` inline, dialog de edição com validação
+- **Aba 5 "Topup WhatsApp"** — tenant Select filtrável com saldo ao vivo; RPC `add_whatsapp_credits` com `p_admin_id = auth.uid()` (auditoria); histórico das últimas 20 transações topup/adjustment/refund
+
+### ✅ Grupo 2 Automação
+
+- **2.3 Auto-reply** — `conversation_autoreply_settings` + `conversation_autoreply_log`; schedule por modo (`agenda` / `business_hours` / `custom`); cooldown por thread; respeita opt-out; agora funciona em **ambos** providers
+- **2.4 Lembretes de sessão** — `conversation_session_reminders_*`; edge `send-session-reminders` (cron); já trata Twilio com dedução + rollback
+
+### ✅ Grupo 5 Compliance (LGPD Art. 18 §2)
+
+- **5.2 Opt-out** — `conversation_optouts` + `conversation_optout_keywords` (10 keywords system + custom); detecção por regex word-boundary; ack automático; opt-in via "voltar/retornar/reativar/restart"
+- Página `/configuracoes/conversas-optouts`
+
+### ✅ Refactor polimórfico — telefones + emails
+
+- `contact_types` + `contact_phones` (polimórfico: `entity_type` + `entity_id`) — migration 20260421000008
+- `contact_email_types` + `contact_emails` — migration 20260421000011
+- Componentes `ContactPhonesEditor.vue` + `ContactEmailsEditor.vue`
+- Trocado em `PatientsCadastroPage.vue`, `MedicosPage.vue`
+- Migration retroativa v2: detecta conversas e cria/atualiza phone como WhatsApp (vinculado)
+
+### ✅ Polimento visual — sessão manhã
+
+- Skeletons simplificados no dashboard terapeuta · animações fade-up com stagger por `[--delay:Xms]` (fix specificity sobre `.dash-card`)
+- ConfirmDialog com `group="conversation-drawer"` (evita duplicata)
+- Image preview PrimeVue com botão **download** injetado via MutationObserver (fetch + blob pra cross-origin)
+- Audio/video com `preload="metadata"`, controles de velocidade herdados do browser
+- `friendlySendError()` no drawer store — mapeia códigos pt-BR via `error.context.json()`
+- Teleport `#cfg-page-actions` pra ações globais da Configurações
+- Brotli/Gzip + auto-import Vue/PrimeVue + bundle analyzer
+
+### ✅ Infra geral
+
+- Bucket privado `whatsapp-media` + decrypt via Evolution `getBase64FromMediaMessage` + upload + signed URLs on-demand
+- Realtime em `conversation_messages` via publication `supabase_realtime`
+- `AppLayout` consolidado (removido duplicatas por área) + `RouterPassthrough`
+- `console.trace` debug removido (watch router/Supabase) que degradava perf
 
 ---
 
-## 📚 Memória persistente (carregada automaticamente)
+## 🎯 Próxima sessão (começar por aqui)
 
-Já saved no memory system (`MEMORY.md` — não precisa lembrar):
-- **Sanitização sempre** — trim, length, regex em toda entrada/saída
-- **Priorização por severidade** — críticos+altos imediatos, médios/baixos adiam com plano
-- **Self-hosted > provider externo** — LGPD/clínico
-- **Gotcha supabase_admin** — `psql -U supabase_admin -h localhost` direto pra ALTER POLICY em tabelas owned
-- **Tracking dev_*_items** — A#/V#/T# vivem no DB, UI `/saas/desenvolvimento`
-- **Project Overview** + **MVP Assessment**
+Do CRM WhatsApp ainda restam:
+
+### Grupo 3 (resto)
+- **3.4 SLA / alerta** — conversa sem resposta > X min. Trigger `conversation_sla_rules` + worker cron
+- **3.7 Bot auto-triagem** — pergunta nome/horário antes de sair pro humano
+
+### Grupo 6 — Conexão resiliente
+- **6.1 Heartbeat** — cron verifica Evolution; dispara incident se desconectado > N min
+- **6.2 Alerta** quando celular desconecta (notification + e-mail admin tenant)
+- **6.3 Reconnect automático** (tentar re-init da instância)
+
+### Grupo 7 — Analytics
+- **7.1 Tempo médio de primeira resposta** (card no ClinicDashboard + filtro por terapeuta)
+
+### Grupo 8 — Integrações
+- **8.2 Botão na agenda** "Lembrar paciente da sessão" — dispara `send-whatsapp-message` com template `lembrete_sessao`
+- **8.3 Status sessão dispara mensagem** (ex: cancelada → aviso auto)
+- **8.4 Link agendador cria lead** — quando paciente preenche intake mas não finaliza, aparece no CRM como thread
+
+### Outros blocos
+- **Notificação de saldo baixo WhatsApp** — trigger em `whatsapp_credits_balance` quando `balance < low_balance_threshold`; e-mail + toast
+- **Dashboard saas de receita créditos** — total arrecadado Asaas por mês, pacotes mais vendidos
+- **Retention policy 5.1** — apagar/anonimizar conversas > X dias (configurável por tenant)
+- **5.4** — seção de conversas no LGPD export do paciente
 
 ---
 
-## 📦 Commits relevantes
+## 🔧 Setup Evolution/WhatsApp / Asaas
 
-```
-d6eb992  Sessoes 6cont-10: hardening em 6 areas + scan completo do SaaS    ← último
-7c20b51  Sessoes 1-6 acumuladas: hardening B2, defesa em camadas, +192 testes
-d088a89  (commit anterior do projeto)
-```
+Tudo em **`WHATSAPP_SETUP.md`**. Resumo crítico:
+
+1. `supabase functions serve --no-verify-jwt --env-file supabase/functions/.env` em terminal separado
+2. `.env` do functions tem: `SUPABASE_URL`, `SUPABASE_ANON_KEY`, `SUPABASE_SERVICE_ROLE_KEY`, `ASAAS_API_KEY`, `ASAAS_API_URL=https://api-sandbox.asaas.com/v3`
+3. Evolution: `/saas/whatsapp` cadastra creds global → `/configuracoes/whatsapp-pessoal` conecta QR
+4. Twilio: `/saas/twilio-whatsapp` provisiona subconta → tenant ativa em `/configuracoes/whatsapp-oficial` (usa créditos)
+
+⚠️ Após editar qualquer `supabase/functions/**` precisa reiniciar o `supabase functions serve` — ele não tem hot reload.
 
 ---
 
-## 🗂️ Áreas auditadas (15)
+## 🌲 Deploy options (guardadas pra depois)
 
-| Área | Estado |
-|---|---|
-| auth, router, stores, agenda, seguranca, saas | 100% fechado/ok |
-| **pacientes** ✨ | **100% fechado** (V#9 — script extraído; template breakdown adiado pra quando houver E2E) |
-| **documentos** ✨ | 100% fechado |
-| **calendario** ✨ | 100% fechado |
-| **servicos** ✨ | 100% fechado |
-| financeiro | 5 fechados, 6 médios/baixos adiados |
-| comunicacao | 5 fechados, 5 médios/baixos adiados |
-| tenants | 6 fechados, 2 baixos adiados |
-| addons | 3 resolvidos, 1 médio adiado |
-| central_saas | 1 alto fechado, 2 médios adiados |
-
-✨ = áreas 100% fechadas (zero pendência).
+- **(a)** Smoke test de infra — subir pra Supabase cloud + hospedagem só pra testar sozinho. ~2-3h.
+- **(b)** Beta fechado com clínicas — precisa: 3.4 SLA, 6.1 heartbeat, 7.1 analytics, retention policy, tour/onboarding refinamento.
+- **(c)** [em andamento] Fechar gaps funcionais.
 
 ---
 
-## ⚠️ Pendências documentadas no DB (14 V# adiados)
+## 📦 Commits
 
-Todos médios/baixos com plano completo em `dev_verificacoes_items.acao_sugerida`.
-**Não esquecer.** Sprint dedicado de polimento depois do deploy.
+Tem um **`commit.txt`** pronto na raiz com mensagem consolidada pra um commit único de tudo que está pendente. `git status` mostra ~160 arquivos modificados/criados. Conferir `commit.txt` antes de usar.
 
-- **financeiro** (6): parcelamento CHECK, payouts flow, recurrence DELETE,
-  composables, máscara PIX, dashboard inadimplência
-- **comunicacao** (5): notifications/schedules silos, email_templates_global
-  filtros, retention notification_logs, dashboard health, audit dismissals
-- **tenants** (2): owner_users policies, company_profiles + dev_user_credentials
-- **central_saas** (2): rate limit voto, valores tipo_acesso
-- **addons** (1): UI de extrato
-
-Plus (não V#):
-- **PatientsCadastroPage template breakdown** — 1951 linhas. Esperar E2E
-- **Sprint de polimento** dos 14 médios/baixos juntos
+Se preferir quebrar em commits menores, os grupos lógicos são:
+1. Migrations CRM + créditos + polimorfismo (pasta `database-novo/migrations/20260420*` + `20260421*`)
+2. Edge functions (pasta `supabase/functions/`)
+3. Frontend CRM (`src/components/conversations/`, `src/features/conversations/`, `src/features/patients/prontuario/PatientConversationsTab.vue`)
+4. Composables novos (`src/composables/useConversation*.js`, `useWhatsappCredits.js`, `useContact*.js`, `useAutoReplySettings.js`, `useSessionReminders.js`)
+5. Páginas config novas (`src/layout/configuracoes/*`)
+6. Admin SaaS (`SaasAddonsPage.vue` com 2 tabs novas)
+7. Refactors (PatientsCadastro/Medicos trocando pra ContactEditors; AppLayout; router)
 
 ---
 
-## 🛠️ Stack lembretes (caso precise)
+## ⚠️ Pendências conhecidas
+
+- **15 V# adiados** (8 médios + 7 baixos) — sprint de polimento depois do beta
+- **Tour guiado / onboarding wizard** — refino deixado pro fim
+- **Dashboard SaaS de receita Asaas** — falta página
+- **Rotação de credenciais Twilio** (segurança) — se subconta vazar, precisa de flow pra regenerar
+
+---
+
+## 🛠️ Stack lembretes
 
 - **DB local:** `docker exec -i supabase_db_agenciapsi-primesakai psql -U postgres -d postgres`
-- **DB local como supabase_admin (pra ALTER POLICY em tabelas owned):**
+- **DB como supabase_admin (ALTER POLICY em tabelas owned):**
   ```bash
   docker exec -i -e PGPASSWORD=postgres -e PGCLIENTENCODING=UTF8 \
     supabase_db_agenciapsi-primesakai \
@@ -117,7 +175,19 @@ Plus (não V#):
   ```
 - **Vitest:** `npx vitest run`
 - **SQL integration:** `node database-novo/tests/run.cjs`
-- **E2E:** `npx playwright test` (precisa dev server: `npm run dev`)
+- **Edge functions serve:** `supabase functions serve --no-verify-jwt --env-file supabase/functions/.env`
+- **Evolution Manager:** `http://localhost:8080/manager/`
+- **Supabase Studio:** `http://localhost:54323`
+- **Asaas sandbox:** `https://sandbox.asaas.com` (login separado do prod)
+
+---
+
+## 📚 Memória persistente (carregada automaticamente)
+
+Já saved em `MEMORY.md`:
+- Project overview · MVP Assessment · Deploy options
+- Sanitização sempre · Priorização por severidade · Self-hosted > provider externo
+- Gotcha supabase_admin · Tracking dev_*_items
 
 ---
 
diff --git a/WHATSAPP_SETUP.md b/WHATSAPP_SETUP.md
new file mode 100644
index 0000000..f5d62a8
--- /dev/null
+++ b/WHATSAPP_SETUP.md
@@ -0,0 +1,518 @@
+# WhatsApp Setup — CRM de Conversas + Créditos + Automações
+
+Guia end-to-end do subsistema de WhatsApp do AgenciaPSI. Cobre **WhatsApp Pessoal** (Evolution, gratuito), **WhatsApp Oficial AgenciaPSI** (Twilio com créditos), **Asaas** (gateway de pagamento), e todas as automações (auto-reply, lembretes, opt-out, tags, notas).
+
+---
+
+## 🎯 Arquitetura
+
+### Dois provedores, escolha exclusiva por tenant
+
+```
+┌─────────────────────────────────────────────────┐
+│  Tenant escolhe 1 canal em /configuracoes/whatsapp │
+└─────────────────────────────────────────────────┘
+         │                            │
+         ▼                            ▼
+┌────────────────────┐    ┌──────────────────────┐
+│ WhatsApp Pessoal   │    │ WhatsApp Oficial     │
+│ (Evolution)        │    │ AgenciaPSI (Twilio)  │
+│                    │    │                       │
+│ • Gratuito          │    │ • Consome créditos   │
+│ • QR code            │    │ • API oficial Meta   │
+│ • Celular real       │    │ • Zero ban risk      │
+│ • Docker self-host   │    │ • Cloud gerenciado   │
+│ • Tier free do SaaS  │    │ • Tier pago do SaaS  │
+└────────────────────┘    └──────────────────────┘
+         │                            │
+         └───────────┬────────────────┘
+                     ▼
+         ┌─────────────────────────┐
+         │   Edge Functions         │
+         │                           │
+         │ • send-whatsapp-message   │ ← rota por provider
+         │ • send-session-reminders  │ ← idem
+         │ • evolution-whatsapp-inbound (auto-reply, opt-out)
+         │ • twilio-whatsapp-inbound (⚠ sem auto-reply ainda)
+         │ • create-whatsapp-credit-charge (Asaas PIX)
+         │ • asaas-webhook (credita saldo)
+         └─────────────────────────┘
+                     │
+                     ▼
+         ┌─────────────────────────┐
+         │       PostgreSQL         │
+         │                           │
+         │ conversation_messages    │
+         │ conversation_notes       │
+         │ conversation_tags        │
+         │ conversation_optouts     │
+         │ conversation_autoreply_* │
+         │ session_reminder_*       │
+         │ whatsapp_credits_*       │
+         │ whatsapp_credit_packages │
+         └─────────────────────────┘
+```
+
+### Dedução de créditos
+
+```
+Usuário envia pelo drawer / lembrete dispara / auto-reply
+     ↓
+Edge function detecta provider do canal ativo
+     ↓
+  Evolution?              Twilio?
+     ↓                       ↓
+  Envia direto          deduct_whatsapp_credits(1) ← atômico, lock, valida saldo
+     ↓                       ↓
+  Registra msg       ┌──── OK ────┐      ┌── insufficient ──┐
+                     ↓               ↓
+                 send Twilio       return 402
+                     ↓
+              ┌── ok ──┐   ┌── fail ──┐
+              ↓           ↓
+          Registra   add_whatsapp_credits(1, 'refund')
+           msg
+```
+
+---
+
+## 🔧 Setup completo (dev local)
+
+### 1. Supabase local + edge functions
+
+```bash
+# Subir stack Supabase local (Postgres + Auth + Storage + etc)
+npx supabase start
+
+# Em outro terminal: rodar edge functions
+supabase functions serve --no-verify-jwt --env-file supabase/functions/.env
+```
+
+**Funções carregadas:**
+
+| Função | URL | Uso |
+|---|---|---|
+| `evolution-whatsapp-inbound` | `?tenant_id=<uuid>` | Webhook Evolution: inbound msgs + auto-reply + opt-out |
+| `evolution-webhook-provision` | — | Configura webhook na Evolution |
+| `twilio-whatsapp-inbound` | `?tenant_id=<uuid>` | Webhook Twilio (inbound only; sem auto-reply ainda) |
+| `send-whatsapp-message` | — | Envio unificado: detecta provider, deduz crédito se Twilio |
+| `send-session-reminders` | — | Cron/manual: dispara lembretes 24h e 2h antes |
+| `create-whatsapp-credit-charge` | — | Cria PIX Asaas pra compra de créditos |
+| `asaas-webhook` | — | Recebe eventos Asaas e credita saldo |
+| `deactivate-notification-channel` | — | Desativa canal (usado ao trocar provider) |
+
+**Flag `--no-verify-jwt`:** necessária porque webhooks externos (Twilio, Evolution, Asaas) não mandam JWT.
+
+### 2. Evolution API (WhatsApp Pessoal — tier gratuito)
+
+```bash
+# Subir Evolution + Postgres + Redis
+docker compose -f evolution-api/docker-compose.yml up -d
+
+# Verificar status
+docker ps --filter name=evolution_api
+```
+
+Evolution roda em `http://localhost:8080` com API key `minha_chave_123` (ver `evolution-api/docker-compose.yml`).
+
+### 3. Asaas (pagamentos — tier pago)
+
+Ativa só em prod ou quando quiser testar compra de créditos end-to-end.
+
+**Passo 1 — Criar conta sandbox:**
+1. https://sandbox.asaas.com (gratuito, CPF qualquer)
+2. Menu → Integrações → Integrações Avançadas → API → copia a API key (começa com `$aact_...`)
+
+**Passo 2 — Configurar env:**
+
+Edita `supabase/functions/.env`:
+```env
+ASAAS_API_KEY=$aact_sua_chave_aqui
+ASAAS_API_URL=https://sandbox.asaas.com/api/v3
+ASAAS_WEBHOOK_TOKEN=                  # opcional, pra autenticar webhook
+```
+
+**Passo 3 — Reiniciar functions serve:**
+```bash
+# Ctrl+C no terminal do serve
+supabase functions serve --no-verify-jwt --env-file supabase/functions/.env
+```
+
+**Passo 4 — (Opcional) Expor webhook via ngrok pro Asaas alcançar:**
+```bash
+# Outro terminal
+ngrok http 54321
+# Copia a URL (ex: https://abc123.ngrok.app)
+```
+
+Configura no Asaas:
+- Dashboard → Integrações → Webhooks → **Adicionar**
+- URL: `https://abc123.ngrok.app/functions/v1/asaas-webhook`
+- Eventos: marca **Cobranças** (PAYMENT_RECEIVED, PAYMENT_CONFIRMED, PAYMENT_OVERDUE, PAYMENT_DELETED, PAYMENT_REFUNDED)
+- Token (opcional): cadastra o mesmo valor de `ASAAS_WEBHOOK_TOKEN`
+
+**Em produção:**
+```bash
+supabase secrets set ASAAS_API_KEY="$aact_prod_key"
+supabase secrets set ASAAS_API_URL="https://api.asaas.com/v3"
+supabase secrets set ASAAS_WEBHOOK_TOKEN="token_seguro"
+```
+
+Webhook da prod aponta pro URL real do Supabase cloud (sem ngrok).
+
+---
+
+## 📋 Features & como testar
+
+### A. Envio manual via drawer
+
+**Onde:** drawer de qualquer conversa (clica no card do Kanban em `/therapist/conversas`)
+
+**Fluxo:**
+1. Compose no drawer → `store.sendMessage()` → chama `send-whatsapp-message` edge function
+2. Function detecta provider ativo em `notification_channels`
+3. Evolution: envia direto via `/message/sendText/{instance}`
+4. Twilio: `deduct_whatsapp_credits(1)` → se OK envia via Twilio API → se falhar, refunda
+5. Registra em `conversation_messages` (direction=outbound, delivery_status=sent/queued)
+
+**Testar sem Twilio real** (valida dedução + rollback):
+- Topup 100 créditos via SQL (ver seção 🧪 mais abaixo)
+- Criar canal Twilio fake via SQL
+- Enviar msg → deduz, tenta enviar, falha com 401, refunda → saldo volta ao original
+
+### B. Lembretes automáticos de sessão (2.4)
+
+**Onde:** `/configuracoes/lembretes-sessao`
+
+**Config:**
+- Toggle on/off
+- Ativa lembretes 24h e/ou 2h antes da sessão
+- Templates com variáveis: `{{nome_paciente}}`, `{{data_sessao}}`, `{{hora_sessao}}`, `{{modalidade}}`, `{{nome_clinica}}`
+- Quiet hours (default 22h-8h SP)
+- Respeitar opt-out (LGPD — recomendado ON)
+
+**Como dispara:**
+- Cron hit `send-session-reminders` a cada 15min (pg_cron comentado na migration; em prod configure via Supabase Dashboard → Database → Cron Jobs)
+- Em dev: botão **"Testar agora"** na página dispara manualmente
+
+**Query do worker:** busca `agenda_eventos` com `status='agendado'` dentro de:
+- Janela 24h: `inicio_em` entre `now+23h45min` e `now+24h15min`
+- Janela 2h: `inicio_em` entre `now+1h45min` e `now+2h15min`
+
+**Anti-dup:** UNIQUE `(event_id, reminder_type)` no `session_reminder_logs`.
+
+**Testar:**
+```sql
+-- Cria evento daqui a ~2h (no horário de SP)
+-- Pelo UI da agenda é mais fácil; via SQL:
+INSERT INTO agenda_eventos (tenant_id, owner_id, patient_id, inicio_em, fim_em, status, modalidade, tipo, titulo)
+VALUES (
+  '<tenant>',
+  '<user>',
+  (SELECT id FROM patients WHERE tenant_id='<tenant>' LIMIT 1),
+  now() + interval '2 hours',
+  now() + interval '3 hours',
+  'agendado',
+  'presencial',
+  'session',
+  'Teste lembrete'
+);
+```
+Depois clica **"Testar agora"** em `/configuracoes/lembretes-sessao`.
+
+### C. Auto-reply fora do horário (2.3)
+
+**Onde:** `/configuracoes/conversas-autoreply`
+
+**Config:**
+- Toggle on/off + mensagem + cooldown (minutos entre auto-replies pra mesma thread)
+- 3 modos:
+  - **Seguir agenda** — usa `agenda_regras_semanais` dos membros ativos do tenant
+  - **Horário de funcionamento** — janela semanal editável (armazena em JSONB `business_hours`)
+  - **Custom** — janela específica pro auto-reply (`custom_window`)
+
+**Como dispara:**
+- Webhook Evolution `evolution-whatsapp-inbound` recebe msg
+- Depois de inserir msg, chama `maybeSendAutoReply()`
+- Checa: enabled, não está em horário útil, não está em cooldown
+- Se OK → envia via Evolution (futuro: rotear pra Twilio se provider='twilio')
+
+**⚠ Limitação:** atualmente **só funciona com Evolution**. Pra Twilio precisa implementar a mesma lógica em `twilio-whatsapp-inbound` (dívida técnica).
+
+**Testar:**
+- Ativa feature + define janela custom (ex: seg-sex 9h-18h)
+- Fora dessa janela, paciente manda msg → chega no inbox + auto-reply é enviado de volta em ~1s
+
+### D. Opt-out LGPD (5.2)
+
+**Onde:** `/configuracoes/conversas-optouts`
+
+**Como funciona:**
+- Paciente envia "PARAR", "SAIR", "CANCELAR", "STOP", etc (keyword match case-insensitive sem acentos)
+- Edge function `evolution-whatsapp-inbound` detecta → registra em `conversation_optouts` → envia msg de confirmação
+- Paciente envia "VOLTAR" / "RETORNAR" → reativa (opted_back_in_at preenchido)
+- Auto-reply e lembretes **respeitam opt-out** automaticamente (skip + log `opted_out`)
+- Envio manual do terapeuta NÃO é bloqueado (relação terapêutica existe)
+
+**Keywords padrão:** 10 palavras (configuráveis na página — pode adicionar custom do tenant).
+
+**Testar:**
+- Manda mensagem com "parar" pelo WhatsApp conectado
+- Volta em `/configuracoes/conversas-optouts` → número aparece na lista
+- Nova mensagem que dispararia auto-reply → não dispara mais
+
+### E. Notas internas (3.3)
+
+**Onde:** dentro do drawer de conversa, seção "Notas internas" collapsible
+
+**Como funciona:**
+- CRUD simples por thread
+- Visível apenas pra membros ativos do tenant
+- Edição/remoção só pelo criador (ou SaaS admin)
+- Soft delete (`deleted_at`)
+- **NÃO vai pro paciente** — apenas anotação interna da equipe
+
+### F. Tags na conversa (3.1)
+
+**Onde:**
+- **Gestão:** `/configuracoes/conversas-tags` (CRUD de tags custom; system tags são read-only)
+- **Aplicação:** dentro do drawer de conversa + pills visíveis nos cards do Kanban
+
+**Tags system (seedadas):** Urgente (🔴), Primeira consulta (🔵), Remarcação (🟡), Confirmada (🟢), Follow-up (🟣)
+
+**Custom:** tenant cria suas próprias com nome + slug + cor + ícone (primeicons).
+
+### G. Mídia (áudio / imagem / vídeo / documento)
+
+**Arquitetura:**
+- Evolution manda URLs encriptadas do Meta CDN (não tocam direto)
+- Edge function `evolution-whatsapp-inbound` chama `/chat/getBase64FromMediaMessage/{instance}` do Evolution → decripta
+- Decoda base64 → faz upload no bucket **privado `whatsapp-media`**
+- Path: `<tenant_id>/<yyyy>/<mm>/<msg_id>_<timestamp>.<ext>`
+- Salva apenas o PATH em `media_url`, NÃO URL pública
+- Frontend (`ConversationDrawer`) gera **signed URL on-demand** (1h TTL) ao renderizar
+
+**LGPD:** bucket privado, RLS só permite membros ativos do tenant; path tenant-scoped; signed URLs expiram.
+
+**Player de áudio:** `<audio min-w-[260px] controls>` + `preload="metadata"` pra mostrar duração sem baixar tudo.
+
+**Preview de imagem:** `<Image preview>` do PrimeVue (fullscreen com zoom/rotate) + **botão download injetado via MutationObserver** (fetch blob → download attr → force download com nome do arquivo).
+
+### H. Créditos WhatsApp (Marco B)
+
+**Onde:** `/configuracoes/creditos-whatsapp`
+
+**Fluxo de compra:**
+1. User clica "Comprar" num pacote → `create-whatsapp-credit-charge` cria:
+   - Customer Asaas (ou reutiliza via `externalReference=tenant_id`)
+   - Pagamento PIX (`billingType=PIX`, value, dueDate)
+   - Busca QR Code em `/payments/{id}/pixQrCode`
+2. Dialog mostra QR + copia-cola + link cartão
+3. User paga
+4. Asaas → webhook `asaas-webhook` recebe `PAYMENT_RECEIVED`/`CONFIRMED`
+5. Webhook chama `add_whatsapp_credits(tenant, credits, 'purchase')` → saldo atualiza
+
+**Pacotes seedados:** Iniciante (100/R$49,90), Profissional (500/R$199,90, ⭐ featured), Clínica (1500/R$499,90), Enterprise (5000/R$1499,90) — editáveis via DB.
+
+**RPCs atômicas (SECURITY DEFINER):**
+- `add_whatsapp_credits(tenant, amount, kind, purchase_id, admin_id, note)` → retorna novo saldo
+- `deduct_whatsapp_credits(tenant, amount, msg_id, note)` → atômico com `SELECT FOR UPDATE`; lança `insufficient_credits` se saldo < amount
+
+**CPF:** fallback hardcoded `24971563792` em sandbox. Em produção, frontend deve coletar CPF real do user (TODO — adicionar input no dialog + salvar em profile/tenant).
+
+---
+
+## 🧪 Testar sem provedor real
+
+### Pré-requisito: creditar saldo
+
+No Supabase Studio (`http://localhost:54323`) → SQL Editor (**desativa LIMIT 100 no dropdown**):
+
+```sql
+SELECT public.add_whatsapp_credits(
+    tm.tenant_id,
+    100,
+    'topup_manual',
+    NULL,
+    auth.uid(),
+    'Topup de teste'
+) AS novo_saldo
+FROM public.tenant_members tm
+JOIN auth.users u ON u.id = tm.user_id
+WHERE u.email = 'SEU_EMAIL'
+  AND tm.status = 'active'
+LIMIT 1;
+```
+
+### Simular canal Twilio fake (pra testar dedução)
+
+```sql
+-- Desativa Evolution
+UPDATE public.notification_channels
+SET is_active = false, deleted_at = now()
+WHERE tenant_id = (
+    SELECT tm.tenant_id FROM public.tenant_members tm
+    JOIN auth.users u ON u.id = tm.user_id
+    WHERE u.email = 'SEU_EMAIL' AND tm.status = 'active' LIMIT 1
+)
+AND channel = 'whatsapp' AND deleted_at IS NULL;
+
+-- Cria Twilio fake
+INSERT INTO public.notification_channels (
+    tenant_id, owner_id, channel, provider, is_active,
+    twilio_subaccount_sid, twilio_phone_number, credentials
+)
+SELECT
+    tm.tenant_id, u.id, 'whatsapp', 'twilio', true,
+    'ACfake0000000000000000000000000000',
+    '+15557775555',
+    '{"subaccount_auth_token": "fake_token"}'::jsonb
+FROM public.tenant_members tm
+JOIN auth.users u ON u.id = tm.user_id
+WHERE u.email = 'SEU_EMAIL' AND tm.status = 'active'
+LIMIT 1;
+```
+
+Agora qualquer envio:
+- Deduz 1 crédito (`usage -1`)
+- Twilio API retorna 401 (creds fake)
+- Refunda automaticamente (`refund +1`)
+- Saldo final: igual ao inicial
+
+Resultado esperado no extrato:
+```
++1  Estorno   — Refund envio falhou: Twilio 401: ...
+-1  Uso       — Envio manual WhatsApp
++100 Topup manual — Topup de teste
+```
+
+### Simular mensagem inbound via curl
+
+```bash
+curl -X POST "http://localhost:54321/functions/v1/evolution-whatsapp-inbound?tenant_id=<uuid>" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "event": "messages.upsert",
+    "data": {
+      "key": { "remoteJid": "5516912345678@s.whatsapp.net", "fromMe": false, "id": "MSG_TEST" },
+      "message": { "conversation": "parar" },
+      "messageTimestamp": '"$(date +%s)"'
+    }
+  }'
+```
+
+Isso vai testar detecção de opt-out ("parar" é keyword) → registra na lista + envia ACK.
+
+### Testar Twilio sandbox real (opcional)
+
+1. Cria conta trial em https://www.twilio.com/try-twilio (US$15 grátis)
+2. Dashboard → Messaging → Try it out → **Send a WhatsApp Message**
+3. Segue instruções pra join sandbox (`join <frase>` do seu celular pro número Twilio)
+4. Pega Account SID + Auth Token + From number do sandbox
+5. Atualiza o canal Twilio no SQL com valores reais
+6. Envia mensagem do drawer → chega no seu celular
+
+---
+
+## 🆘 Troubleshooting
+
+| Sintoma | Causa provável | Fix |
+|---|---|---|
+| 404 no webhook | `supabase functions serve` não rodando OU function não carregada | Reinicia serve com `--env-file` |
+| 502 edge function | Crash antes do `console.error` — erro de sintaxe, env var faltando, ou API externa timeout | Olha logs do serve; adiciona `console.log` em cada etapa |
+| Asaas 400 "CPF obrigatório" | Customer existente sem CPF | Fix em `getOrCreateAsaasCustomer` faz PATCH com CPF quando falta |
+| QR code PIX não aparece | Asaas sandbox sem PIX habilitado OU endpoint `/pixQrCode` falhou | Ativa PIX em Asaas → Recebimentos → Chaves PIX |
+| Webhook Asaas não chega | URL não pública (localhost) | Usa ngrok OU deploy em prod |
+| "insufficient_credits" no envio | Saldo zerado | Topup via `/configuracoes/creditos-whatsapp` ou SQL manual |
+| Auto-reply não dispara | Tenant fora do modo horário configurado OU em cooldown OU opted-out | Checa banner de status em `/configuracoes/conversas-autoreply`; olha `conversation_autoreply_log` |
+| Lembrete duplicado | Não acontece — UNIQUE `(event_id, reminder_type)` previne | — |
+| Audio não toca (era o ponto inicial do Marco A-I) | URL encriptada do Meta salva direto | Fix: edge function agora decripta via `getBase64FromMediaMessage` + upload pro bucket |
+| Mime `audio/ogg; codecs=opus` rejeitado pelo bucket | `allowed_mime_types` faz match exato | Fix: strip `;codecs=...` antes do upload |
+| Dialog de confirmação aparece 2x | Dois `<ConfirmDialog>` montados (página + drawer global) | Fix: drawer usa `group="conversation-drawer"` pra isolar |
+
+---
+
+## 🔒 Segurança & Compliance
+
+### RLS de `conversation_messages`
+- **SELECT:** tenant members ativos OU saas_admin
+- **INSERT direto:** bloqueado (só service_role via edge function)
+- **UPDATE:** tenant members podem mudar `kanban_status`, `read_at`
+- **DELETE:** bloqueado
+
+### RLS de `whatsapp-media` bucket
+- Privado
+- Read: membros ativos do tenant cujo id é o primeiro segmento do path
+- Write: apenas service_role
+- Delete: apenas saas_admin
+
+### RLS de `whatsapp_credits_*`
+- Balance/transactions: tenant members leem
+- Escrita: via RPCs `add_whatsapp_credits` / `deduct_whatsapp_credits` (SECURITY DEFINER)
+- Packages: tenant members leem os ativos; saas_admin gerencia
+
+### LGPD
+- **Art. 18 §2 (direito de oposição):** opt-out implementado. Auto-reply + lembretes respeitam.
+- **Dados clínicos:** canal Oficial (Twilio) recomendado em prod. Pessoal (Evolution) é uso informal, sem SLA, tenant assume risco.
+- **Audit log:** toda transação de crédito fica em `whatsapp_credits_transactions` (append-only).
+
+### Bot defense / Rate limiting
+- `public_submission_attempts`, `submission_rate_limits` e `math_challenges` são tabelas do sistema de bot defense pro cadastro externo. Não relacionado ao WhatsApp, mas protege fluxo paralelo.
+
+---
+
+## 📚 Referência de arquivos
+
+### Edge functions (`supabase/functions/`)
+- `evolution-whatsapp-inbound/` — webhook Evolution (msgs inbound + auto-reply + opt-out + media)
+- `evolution-webhook-provision/` — configura webhook na Evolution
+- `twilio-whatsapp-inbound/` — webhook Twilio (inbound only, sem automações ainda)
+- `twilio-whatsapp-provision/` — provisiona subconta Twilio (SaaS admin only)
+- `send-whatsapp-message/` — envio unificado (Evolution ou Twilio com dedução)
+- `send-session-reminders/` — worker de lembretes (chamado por cron)
+- `create-whatsapp-credit-charge/` — cria PIX Asaas
+- `asaas-webhook/` — recebe eventos Asaas e credita saldo
+- `deactivate-notification-channel/` — soft-delete de canal (via service_role)
+
+### Composables (`src/composables/`)
+- `useConversations.js` — Kanban threads
+- `useConversationNotes.js` — notas internas
+- `useConversationTags.js` — tags CRUD + apply
+- `useConversationOptouts.js` — opt-outs + keywords
+- `useAutoReplySettings.js` — config auto-reply
+- `useSessionReminders.js` — config lembretes + logs
+- `useWhatsappCredits.js` — saldo + loja + extrato
+
+### Páginas principais (`src/layout/configuracoes/`)
+- `ConfiguracoesWhatsappChooserPage.vue` — landing/chooser
+- `ConfiguracoesWhatsappPage.vue` — setup Evolution (Pessoal)
+- `ConfiguracoesTwilioWhatsappPage.vue` — setup Twilio (Oficial, rebrandeado)
+- `ConfiguracoesConversasTagsPage.vue` — CRUD tags
+- `ConfiguracoesConversasOptoutsPage.vue` — lista opt-outs + keywords
+- `ConfiguracoesConversasAutoreplyPage.vue` — auto-reply
+- `ConfiguracoesLembretesSessaoPage.vue` — lembretes
+- `ConfiguracoesCreditosWhatsappPage.vue` — saldo + loja + histórico
+
+### Tabelas principais (database-novo/schema/)
+Ver dashboard interativo: `database-novo/agenciapsi-db-dashboard.html` (regenerado via `node db.cjs dashboard`).
+
+Domínios no dashboard:
+- **CRM Conversas (WhatsApp)** — todas as tabelas de conversas, notas, tags, opt-outs, auto-reply, lembretes
+- **Addons / Créditos** — créditos WhatsApp (balance, transactions, packages, purchases)
+- **Comunicação / Notificações** — canais, templates, queue
+
+---
+
+## 📌 Dívidas técnicas conhecidas
+
+1. **Auto-reply via Twilio** — hoje só funciona com Evolution. Precisa portar lógica pra `twilio-whatsapp-inbound`.
+2. **Opt-out via Twilio** — idem (keyword detection no inbound Twilio).
+3. **Admin SaaS UI de créditos** — topup manual + gestão de pacotes (hoje via SQL).
+4. **Input de CPF real** no dialog de compra (hoje fallback hardcoded em sandbox).
+5. **Alerta de saldo baixo** — estrutura DB pronta (`low_balance_threshold`, `low_balance_alerted_at`), falta trigger/notification.
+6. **Reconnect Evolution automático** — Grupo 6.3 do roadmap (heartbeat + reconnect).
+7. **pg_cron em prod** — migration tem bloco comentado; ativar via Supabase Dashboard → Database → Cron Jobs ou descomentar após setar `app.settings.service_role_key`.
+
+---
+
+**Última atualização:** 2026-04-21 (sessão de features CRM WhatsApp + Marco B Créditos)
diff --git a/database-novo/agenciapsi-db-dashboard.html b/database-novo/agenciapsi-db-dashboard.html
index d1185ca..1fbeb6d 100644
--- a/database-novo/agenciapsi-db-dashboard.html
+++ b/database-novo/agenciapsi-db-dashboard.html
@@ -3,7 +3,7 @@
 <head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>AgenciaPsi DB · 2026-04-17</title>
+<title>AgenciaPsi DB · 2026-04-21</title>
 <style>
   @import url('https://fonts.googleapis.com/css2?family=IBM+Plex+Mono:wght@400;600&family=Space+Grotesk:wght@300;400;500;600;700&display=swap');
   :root{--bg:#0b0d12;--bg2:#111520;--bg3:#181e2d;--border:#1e2740;--border2:#263050;--text:#e2e8f8;--text2:#7d8fb3;--text3:#4a5a80;--accent:#6366f1;--accent2:#6ee7b7;--pk:#fbbf24;--fk:#f472b6;--ok:#34d399;--warn:#fbbf24;--pend:#f87171;--leg:#94a3b8}
@@ -101,14 +101,14 @@
 <body>
 <div class="topbar">
   <div class="brand">Agência<span>Psi</span> DB</div>
-  <span class="gen">2026-04-17 · 17/04/2026, 09:29:14</span>
+  <span class="gen">2026-04-21 · 21/04/2026, 20:16:35</span>
   <input class="search" id="si" placeholder="Buscar tabela ou coluna..." oninput="search(this.value)">
   <div class="pills">
-    <div class="pill"><strong>97</strong> tabelas</div>
-    <div class="pill"><strong>99</strong> FKs</div>
+    <div class="pill"><strong>128</strong> tabelas</div>
+    <div class="pill"><strong>127</strong> FKs</div>
     <div class="pill"><strong>24</strong> views</div>
-    <div class="pill"><strong>1307</strong> colunas</div>
-    <div class="pill"><strong>23</strong> infra</div>
+    <div class="pill"><strong>1653</strong> colunas</div>
+    <div class="pill"><strong>25</strong> infra</div>
   </div>
 </div>
 <div class="layout">
@@ -116,11 +116,11 @@
   <main class="main" id="mn"></main>
 </div>
 <script>
-const D={"tables":{"subscriptions":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"user_id","type":"uuid","pk":false},{"name":"plan_id","type":"uuid","pk":false},{"name":"status","type":"text","pk":false},{"name":"current_period_start","type":"timestamp with time zone","pk":false},{"name":"current_period_end","type":"timestamp with time zone","pk":false},{"name":"cancel_at_period_end","type":"boolean","pk":false},{"name":"provider","type":"text","pk":false},{"name":"provider_customer_id","type":"text","pk":false},{"name":"provider_subscription_id","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"plan_key","type":"text","pk":false},{"name":"source","type":"text","pk":false},{"name":"started_at","type":"timestamp with time zone","pk":false},{"name":"canceled_at","type":"timestamp with time zone","pk":false},{"name":"activated_at","type":"timestamp with time zone","pk":false},{"name":"past_due_since","type":"timestamp with time zone","pk":false},{"name":"suspended_at","type":"timestamp with time zone","pk":false},{"name":"suspended_reason","type":"text","pk":false},{"name":"cancelled_at","type":"timestamp with time zone","pk":false},{"name":"cancel_reason","type":"text","pk":false},{"name":"expired_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"plan_id","to_table":"plans","to_col":"id"}]},"financial_records":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"amount","type":"numeric","pk":false},{"name":"description","type":"text","pk":false},{"name":"category","type":"text","pk":false},{"name":"payment_method","type":"text","pk":false},{"name":"paid_at","type":"timestamp with time zone","pk":false},{"name":"due_date","type":"date","pk":false},{"name":"installments","type":"smallint","pk":false},{"name":"installment_number","type":"smallint","pk":false},{"name":"installment_group","type":"uuid","pk":false},{"name":"agenda_evento_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"clinic_fee_pct","type":"numeric","pk":false},{"name":"clinic_fee_amount","type":"numeric","pk":false},{"name":"net_amount","type":"numeric","pk":false},{"name":"insurance_plan_id","type":"uuid","pk":false},{"name":"notes","type":"text","pk":false},{"name":"tags","type":"text[]","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false},{"name":"discount_amount","type":"numeric","pk":false},{"name":"final_amount","type":"numeric","pk":false},{"name":"status","type":"text","pk":false},{"name":"category_id","type":"uuid","pk":false}],"fks":[{"from_col":"agenda_evento_id","to_table":"agenda_eventos","to_col":"id"},{"from_col":"category_id","to_table":"financial_categories","to_col":"id"},{"from_col":"insurance_plan_id","to_table":"insurance_plans","to_col":"id"},{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"therapist_payouts":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"period_start","type":"date","pk":false},{"name":"period_end","type":"date","pk":false},{"name":"total_sessions","type":"integer","pk":false},{"name":"gross_amount","type":"numeric","pk":false},{"name":"clinic_fee_total","type":"numeric","pk":false},{"name":"net_amount","type":"numeric","pk":false},{"name":"status","type":"text","pk":false},{"name":"paid_at","type":"timestamp with time zone","pk":false},{"name":"notes","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"tenant_members":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"role","type":"text","pk":false},{"name":"status","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"_db_migrations":{"columns":[{"name":"id","type":"integer","pk":true},{"name":"filename","type":"text","pk":false},{"name":"hash","type":"text","pk":false},{"name":"category","type":"text","pk":false},{"name":"applied_at","type":"timestamp with time zone","pk":false}],"fks":[]},"addon_credits":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"addon_type","type":"text","pk":false},{"name":"balance","type":"integer","pk":false},{"name":"total_purchased","type":"integer","pk":false},{"name":"total_consumed","type":"integer","pk":false},{"name":"low_balance_threshold","type":"integer","pk":false},{"name":"low_balance_notified","type":"boolean","pk":false},{"name":"daily_limit","type":"integer","pk":false},{"name":"hourly_limit","type":"integer","pk":false},{"name":"daily_used","type":"integer","pk":false},{"name":"hourly_used","type":"integer","pk":false},{"name":"daily_reset_at","type":"timestamp with time zone","pk":false},{"name":"hourly_reset_at","type":"timestamp with time zone","pk":false},{"name":"from_number_override","type":"text","pk":false},{"name":"expires_at","type":"timestamp with time zone","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"addon_products":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"slug","type":"text","pk":false},{"name":"name","type":"text","pk":false},{"name":"description","type":"text","pk":false},{"name":"addon_type","type":"text","pk":false},{"name":"icon","type":"text","pk":false},{"name":"credits_amount","type":"integer","pk":false},{"name":"price_cents","type":"integer","pk":false},{"name":"currency","type":"text","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"is_visible","type":"boolean","pk":false},{"name":"sort_order","type":"integer","pk":false},{"name":"metadata","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false}],"fks":[]},"addon_transactions":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"addon_type","type":"text","pk":false},{"name":"type","type":"text","pk":false},{"name":"amount","type":"integer","pk":false},{"name":"balance_before","type":"integer","pk":false},{"name":"balance_after","type":"integer","pk":false},{"name":"product_id","type":"uuid","pk":false},{"name":"queue_id","type":"uuid","pk":false},{"name":"description","type":"text","pk":false},{"name":"admin_user_id","type":"uuid","pk":false},{"name":"payment_method","type":"text","pk":false},{"name":"payment_reference","type":"text","pk":false},{"name":"price_cents","type":"integer","pk":false},{"name":"currency","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"metadata","type":"jsonb","pk":false}],"fks":[{"from_col":"product_id","to_table":"addon_products","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agenda_bloqueios":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"tipo","type":"text","pk":false},{"name":"titulo","type":"text","pk":false},{"name":"data_inicio","type":"date","pk":false},{"name":"data_fim","type":"date","pk":false},{"name":"hora_inicio","type":"time without time zone","pk":false},{"name":"hora_fim","type":"time without time zone","pk":false},{"name":"recorrente","type":"boolean","pk":false},{"name":"dia_semana","type":"smallint","pk":false},{"name":"observacao","type":"text","pk":false},{"name":"origem","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agenda_configuracoes":{"columns":[{"name":"owner_id","type":"uuid","pk":false},{"name":"duracao_padrao_minutos","type":"integer","pk":false},{"name":"intervalo_padrao_minutos","type":"integer","pk":false},{"name":"timezone","type":"text","pk":false},{"name":"usar_horario_admin_custom","type":"boolean","pk":false},{"name":"admin_inicio_visualizacao","type":"time without time zone","pk":false},{"name":"admin_fim_visualizacao","type":"time without time zone","pk":false},{"name":"admin_slot_visual_minutos","type":"integer","pk":false},{"name":"online_ativo","type":"boolean","pk":false},{"name":"online_min_antecedencia_horas","type":"integer","pk":false},{"name":"online_max_dias_futuro","type":"integer","pk":false},{"name":"online_cancelar_ate_horas","type":"integer","pk":false},{"name":"online_reagendar_ate_horas","type":"integer","pk":false},{"name":"online_limite_agendamentos_futuros","type":"integer","pk":false},{"name":"online_modo","type":"text","pk":false},{"name":"online_buffer_antes_min","type":"integer","pk":false},{"name":"online_buffer_depois_min","type":"integer","pk":false},{"name":"online_modalidade","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"usar_granularidade_custom","type":"boolean","pk":false},{"name":"granularidade_min","type":"integer","pk":false},{"name":"setup_concluido","type":"boolean","pk":false},{"name":"setup_concluido_em","type":"timestamp with time zone","pk":false},{"name":"agenda_view_mode","type":"text","pk":false},{"name":"agenda_custom_start","type":"time without time zone","pk":false},{"name":"agenda_custom_end","type":"time without time zone","pk":false},{"name":"session_duration_min","type":"integer","pk":false},{"name":"session_break_min","type":"integer","pk":false},{"name":"pausas_semanais","type":"jsonb","pk":false},{"name":"setup_clinica_concluido","type":"boolean","pk":false},{"name":"setup_clinica_concluido_em","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"jornada_igual_todos","type":"boolean","pk":false},{"name":"slot_mode","type":"text","pk":false},{"name":"atendimento_mode","type":"text","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agenda_eventos":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"titulo","type":"text","pk":false},{"name":"observacoes","type":"text","pk":false},{"name":"inicio_em","type":"timestamp with time zone","pk":false},{"name":"fim_em","type":"timestamp with time zone","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"terapeuta_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"visibility_scope","type":"text","pk":false},{"name":"mirror_of_event_id","type":"uuid","pk":false},{"name":"mirror_source","type":"text","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"determined_commitment_id","type":"uuid","pk":false},{"name":"link_online","type":"text","pk":false},{"name":"titulo_custom","type":"text","pk":false},{"name":"extra_fields","type":"jsonb","pk":false},{"name":"recurrence_id","type":"uuid","pk":false},{"name":"recurrence_date","type":"date","pk":false},{"name":"modalidade","type":"text","pk":false},{"name":"price","type":"numeric","pk":false},{"name":"billing_contract_id","type":"uuid","pk":false},{"name":"billed","type":"boolean","pk":false},{"name":"services_customized","type":"boolean","pk":false},{"name":"insurance_plan_id","type":"uuid","pk":false},{"name":"insurance_guide_number","type":"text","pk":false},{"name":"insurance_value","type":"numeric","pk":false},{"name":"insurance_plan_service_id","type":"uuid","pk":false}],"fks":[{"from_col":"billing_contract_id","to_table":"billing_contracts","to_col":"id"},{"from_col":"determined_commitment_id","to_table":"determined_commitments","to_col":"id"},{"from_col":"insurance_plan_id","to_table":"insurance_plans","to_col":"id"},{"from_col":"insurance_plan_service_id","to_table":"insurance_plan_services","to_col":"id"},{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"recurrence_id","to_table":"recurrence_rules","to_col":"id"}]},"agenda_excecoes":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"data","type":"date","pk":false},{"name":"hora_inicio","type":"time without time zone","pk":false},{"name":"hora_fim","type":"time without time zone","pk":false},{"name":"motivo","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"fonte","type":"text","pk":false},{"name":"aplicavel_online","type":"boolean","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agenda_online_slots":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"weekday","type":"integer","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agenda_regras_semanais":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"dia_semana","type":"smallint","pk":false},{"name":"hora_inicio","type":"time without time zone","pk":false},{"name":"hora_fim","type":"time without time zone","pk":false},{"name":"modalidade","type":"text","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agenda_slots_bloqueados_semanais":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"dia_semana","type":"smallint","pk":false},{"name":"hora_inicio","type":"time without time zone","pk":false},{"name":"motivo","type":"text","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agenda_slots_regras":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"dia_semana","type":"smallint","pk":false},{"name":"passo_minutos","type":"integer","pk":false},{"name":"offset_minutos","type":"integer","pk":false},{"name":"buffer_antes_min","type":"integer","pk":false},{"name":"buffer_depois_min","type":"integer","pk":false},{"name":"min_antecedencia_horas","type":"integer","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agendador_configuracoes":{"columns":[{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"link_slug","type":"text","pk":false},{"name":"imagem_fundo_url","type":"text","pk":false},{"name":"imagem_header_url","type":"text","pk":false},{"name":"logomarca_url","type":"text","pk":false},{"name":"cor_primaria","type":"text","pk":false},{"name":"nome_exibicao","type":"text","pk":false},{"name":"endereco","type":"text","pk":false},{"name":"botao_como_chegar_ativo","type":"boolean","pk":false},{"name":"maps_url","type":"text","pk":false},{"name":"modo_aprovacao","type":"text","pk":false},{"name":"modalidade","type":"text","pk":false},{"name":"tipos_habilitados","type":"jsonb","pk":false},{"name":"duracao_sessao_min","type":"integer","pk":false},{"name":"antecedencia_minima_horas","type":"integer","pk":false},{"name":"prazo_resposta_horas","type":"integer","pk":false},{"name":"reserva_horas","type":"integer","pk":false},{"name":"pagamento_obrigatorio","type":"boolean","pk":false},{"name":"pix_chave","type":"text","pk":false},{"name":"pix_countdown_minutos","type":"integer","pk":false},{"name":"triagem_motivo","type":"boolean","pk":false},{"name":"triagem_como_conheceu","type":"boolean","pk":false},{"name":"verificacao_email","type":"boolean","pk":false},{"name":"exigir_aceite_lgpd","type":"boolean","pk":false},{"name":"mensagem_boas_vindas","type":"text","pk":false},{"name":"texto_como_se_preparar","type":"text","pk":false},{"name":"texto_termos_lgpd","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"pagamento_modo","type":"text","pk":false},{"name":"pagamento_metodos_visiveis","type":"text[]","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agendador_solicitacoes":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"paciente_nome","type":"text","pk":false},{"name":"paciente_sobrenome","type":"text","pk":false},{"name":"paciente_email","type":"text","pk":false},{"name":"paciente_celular","type":"text","pk":false},{"name":"paciente_cpf","type":"text","pk":false},{"name":"tipo","type":"text","pk":false},{"name":"modalidade","type":"text","pk":false},{"name":"data_solicitada","type":"date","pk":false},{"name":"hora_solicitada","type":"time without time zone","pk":false},{"name":"reservado_ate","type":"timestamp with time zone","pk":false},{"name":"motivo","type":"text","pk":false},{"name":"como_conheceu","type":"text","pk":false},{"name":"pix_status","type":"text","pk":false},{"name":"pix_pago_em","type":"timestamp with time zone","pk":false},{"name":"status","type":"text","pk":false},{"name":"recusado_motivo","type":"text","pk":false},{"name":"autorizado_em","type":"timestamp with time zone","pk":false},{"name":"autorizado_por","type":"uuid","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"evento_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"billing_contracts":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"type","type":"text","pk":false},{"name":"total_sessions","type":"integer","pk":false},{"name":"sessions_used","type":"integer","pk":false},{"name":"package_price","type":"numeric","pk":false},{"name":"amount","type":"numeric","pk":false},{"name":"billing_interval","type":"text","pk":false},{"name":"active_from","type":"timestamp with time zone","pk":false},{"name":"active_to","type":"timestamp with time zone","pk":false},{"name":"status","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"}]},"commitment_services":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"commitment_id","type":"uuid","pk":false},{"name":"service_id","type":"uuid","pk":false},{"name":"quantity","type":"integer","pk":false},{"name":"unit_price","type":"numeric","pk":false},{"name":"discount_pct","type":"numeric","pk":false},{"name":"discount_flat","type":"numeric","pk":false},{"name":"final_price","type":"numeric","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"commitment_id","to_table":"agenda_eventos","to_col":"id"},{"from_col":"service_id","to_table":"services","to_col":"id"}]},"commitment_time_logs":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"commitment_id","type":"uuid","pk":false},{"name":"calendar_event_id","type":"uuid","pk":false},{"name":"started_at","type":"timestamp with time zone","pk":false},{"name":"ended_at","type":"timestamp with time zone","pk":false},{"name":"minutes","type":"integer","pk":false},{"name":"created_by","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"calendar_event_id","to_table":"agenda_eventos","to_col":"id"},{"from_col":"commitment_id","to_table":"determined_commitments","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"company_profiles":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"nome_fantasia","type":"text","pk":false},{"name":"razao_social","type":"text","pk":false},{"name":"tipo_empresa","type":"text","pk":false},{"name":"cnpj","type":"text","pk":false},{"name":"ie","type":"text","pk":false},{"name":"im","type":"text","pk":false},{"name":"cep","type":"text","pk":false},{"name":"logradouro","type":"text","pk":false},{"name":"numero","type":"text","pk":false},{"name":"complemento","type":"text","pk":false},{"name":"bairro","type":"text","pk":false},{"name":"cidade","type":"text","pk":false},{"name":"estado","type":"text","pk":false},{"name":"email","type":"text","pk":false},{"name":"telefone","type":"text","pk":false},{"name":"site","type":"text","pk":false},{"name":"logo_url","type":"text","pk":false},{"name":"redes_sociais","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"determined_commitment_fields":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"commitment_id","type":"uuid","pk":false},{"name":"key","type":"text","pk":false},{"name":"label","type":"text","pk":false},{"name":"required","type":"boolean","pk":false},{"name":"sort_order","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"commitment_id","to_table":"determined_commitments","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"determined_commitments":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"created_by","type":"uuid","pk":false},{"name":"is_native","type":"boolean","pk":false},{"name":"native_key","type":"text","pk":false},{"name":"is_locked","type":"boolean","pk":false},{"name":"active","type":"boolean","pk":false},{"name":"name","type":"text","pk":false},{"name":"description","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"bg_color","type":"text","pk":false},{"name":"text_color","type":"text","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"dev_user_credentials":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"user_id","type":"uuid","pk":false},{"name":"email","type":"text","pk":false},{"name":"password_dev","type":"text","pk":false},{"name":"kind","type":"text","pk":false},{"name":"note","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"document_access_logs":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"documento_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"acao","type":"text","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"ip","type":"inet","pk":false},{"name":"user_agent","type":"text","pk":false},{"name":"acessado_em","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"documento_id","to_table":"documents","to_col":"id"}]},"document_generated":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"template_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"dados_preenchidos","type":"jsonb","pk":false},{"name":"pdf_path","type":"text","pk":false},{"name":"storage_bucket","type":"text","pk":false},{"name":"documento_id","type":"uuid","pk":false},{"name":"gerado_por","type":"uuid","pk":false},{"name":"gerado_em","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"documento_id","to_table":"documents","to_col":"id"},{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"template_id","to_table":"document_templates","to_col":"id"}]},"document_share_links":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"documento_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"token","type":"text","pk":false},{"name":"expira_em","type":"timestamp with time zone","pk":false},{"name":"usos_max","type":"smallint","pk":false},{"name":"usos","type":"smallint","pk":false},{"name":"criado_por","type":"uuid","pk":false},{"name":"criado_em","type":"timestamp with time zone","pk":false},{"name":"ativo","type":"boolean","pk":false}],"fks":[{"from_col":"documento_id","to_table":"documents","to_col":"id"}]},"document_signatures":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"documento_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"signatario_tipo","type":"text","pk":false},{"name":"signatario_id","type":"uuid","pk":false},{"name":"signatario_nome","type":"text","pk":false},{"name":"signatario_email","type":"text","pk":false},{"name":"ordem","type":"smallint","pk":false},{"name":"status","type":"text","pk":false},{"name":"ip","type":"inet","pk":false},{"name":"user_agent","type":"text","pk":false},{"name":"assinado_em","type":"timestamp with time zone","pk":false},{"name":"hash_documento","type":"text","pk":false},{"name":"criado_em","type":"timestamp with time zone","pk":false},{"name":"atualizado_em","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"documento_id","to_table":"documents","to_col":"id"}]},"document_templates":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"nome_template","type":"text","pk":false},{"name":"tipo","type":"text","pk":false},{"name":"descricao","type":"text","pk":false},{"name":"corpo_html","type":"text","pk":false},{"name":"cabecalho_html","type":"text","pk":false},{"name":"rodape_html","type":"text","pk":false},{"name":"variaveis","type":"text[]","pk":false},{"name":"logo_url","type":"text","pk":false},{"name":"is_global","type":"boolean","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"documents":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"bucket_path","type":"text","pk":false},{"name":"storage_bucket","type":"text","pk":false},{"name":"nome_original","type":"text","pk":false},{"name":"mime_type","type":"text","pk":false},{"name":"tamanho_bytes","type":"bigint","pk":false},{"name":"tipo_documento","type":"text","pk":false},{"name":"categoria","type":"text","pk":false},{"name":"descricao","type":"text","pk":false},{"name":"tags","type":"text[]","pk":false},{"name":"agenda_evento_id","type":"uuid","pk":false},{"name":"session_note_id","type":"uuid","pk":false},{"name":"visibilidade","type":"text","pk":false},{"name":"compartilhado_portal","type":"boolean","pk":false},{"name":"compartilhado_supervisor","type":"boolean","pk":false},{"name":"compartilhado_em","type":"timestamp with time zone","pk":false},{"name":"expira_compartilhamento","type":"timestamp with time zone","pk":false},{"name":"enviado_pelo_paciente","type":"boolean","pk":false},{"name":"status_revisao","type":"text","pk":false},{"name":"revisado_por","type":"uuid","pk":false},{"name":"revisado_em","type":"timestamp with time zone","pk":false},{"name":"uploaded_by","type":"uuid","pk":false},{"name":"uploaded_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false},{"name":"deleted_by","type":"uuid","pk":false},{"name":"retencao_ate","type":"timestamp with time zone","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"agenda_evento_id","to_table":"agenda_eventos","to_col":"id"},{"from_col":"patient_id","to_table":"patients","to_col":"id"}]},"email_layout_config":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"header_config","type":"jsonb","pk":false},{"name":"footer_config","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"email_templates_global":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"key","type":"text","pk":false},{"name":"domain","type":"text","pk":false},{"name":"channel","type":"text","pk":false},{"name":"subject","type":"text","pk":false},{"name":"body_html","type":"text","pk":false},{"name":"body_text","type":"text","pk":false},{"name":"version","type":"integer","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"variables","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"email_templates_tenant":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"template_key","type":"text","pk":false},{"name":"subject","type":"text","pk":false},{"name":"body_html","type":"text","pk":false},{"name":"body_text","type":"text","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"synced_version","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"entitlements_invalidation":{"columns":[{"name":"owner_id","type":"uuid","pk":false},{"name":"changed_at","type":"timestamp with time zone","pk":false}],"fks":[]},"features":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"key","type":"text","pk":false},{"name":"description","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"descricao","type":"text","pk":false},{"name":"name","type":"text","pk":false}],"fks":[]},"feriados":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"tipo","type":"text","pk":false},{"name":"nome","type":"text","pk":false},{"name":"data","type":"date","pk":false},{"name":"cidade","type":"text","pk":false},{"name":"estado","type":"text","pk":false},{"name":"observacao","type":"text","pk":false},{"name":"bloqueia_sessoes","type":"boolean","pk":false},{"name":"criado_em","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"financial_categories":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"user_id","type":"uuid","pk":false},{"name":"name","type":"text","pk":false},{"name":"color","type":"text","pk":false},{"name":"icon","type":"text","pk":false},{"name":"sort_order","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"financial_exceptions":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"exception_type","type":"text","pk":false},{"name":"charge_mode","type":"text","pk":false},{"name":"charge_value","type":"numeric","pk":false},{"name":"charge_pct","type":"numeric","pk":false},{"name":"min_hours_notice","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"global_notices":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"title","type":"text","pk":false},{"name":"message","type":"text","pk":false},{"name":"variant","type":"text","pk":false},{"name":"roles","type":"text[]","pk":false},{"name":"contexts","type":"text[]","pk":false},{"name":"starts_at","type":"timestamp with time zone","pk":false},{"name":"ends_at","type":"timestamp with time zone","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"priority","type":"integer","pk":false},{"name":"dismissible","type":"boolean","pk":false},{"name":"persist_dismiss","type":"boolean","pk":false},{"name":"dismiss_scope","type":"text","pk":false},{"name":"show_once","type":"boolean","pk":false},{"name":"max_views","type":"integer","pk":false},{"name":"cooldown_minutes","type":"integer","pk":false},{"name":"version","type":"integer","pk":false},{"name":"action_type","type":"text","pk":false},{"name":"action_label","type":"text","pk":false},{"name":"action_url","type":"text","pk":false},{"name":"action_route","type":"text","pk":false},{"name":"views_count","type":"integer","pk":false},{"name":"clicks_count","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"created_by","type":"uuid","pk":false},{"name":"content_align","type":"text","pk":false},{"name":"link_target","type":"text","pk":false}],"fks":[]},"insurance_plan_services":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"insurance_plan_id","type":"uuid","pk":false},{"name":"name","type":"text","pk":false},{"name":"value","type":"numeric","pk":false},{"name":"active","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"insurance_plan_id","to_table":"insurance_plans","to_col":"id"}]},"insurance_plans":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"name","type":"text","pk":false},{"name":"notes","type":"text","pk":false},{"name":"default_value","type":"numeric","pk":false},{"name":"active","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"login_carousel_slides":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"title","type":"text","pk":false},{"name":"body","type":"text","pk":false},{"name":"icon","type":"text","pk":false},{"name":"ordem","type":"integer","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"medicos":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"nome","type":"text","pk":false},{"name":"crm","type":"text","pk":false},{"name":"especialidade","type":"text","pk":false},{"name":"telefone_profissional","type":"text","pk":false},{"name":"telefone_pessoal","type":"text","pk":false},{"name":"email","type":"text","pk":false},{"name":"clinica","type":"text","pk":false},{"name":"cidade","type":"text","pk":false},{"name":"estado","type":"text","pk":false},{"name":"observacoes","type":"text","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"module_features":{"columns":[{"name":"module_id","type":"uuid","pk":false},{"name":"feature_id","type":"uuid","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"limits","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"feature_id","to_table":"features","to_col":"id"},{"from_col":"module_id","to_table":"modules","to_col":"id"}]},"modules":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"key","type":"text","pk":false},{"name":"name","type":"text","pk":false},{"name":"description","type":"text","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"notice_dismissals":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"notice_id","type":"uuid","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"version","type":"integer","pk":false},{"name":"dismissed_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"notice_id","to_table":"global_notices","to_col":"id"}]},"notification_channels":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"channel","type":"text","pk":false},{"name":"provider","type":"text","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"display_name","type":"text","pk":false},{"name":"sender_address","type":"text","pk":false},{"name":"credentials","type":"jsonb","pk":false},{"name":"connection_status","type":"text","pk":false},{"name":"last_health_check","type":"timestamp with time zone","pk":false},{"name":"metadata","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false},{"name":"twilio_subaccount_sid","type":"text","pk":false},{"name":"twilio_phone_number","type":"text","pk":false},{"name":"twilio_phone_sid","type":"text","pk":false},{"name":"webhook_url","type":"text","pk":false},{"name":"cost_per_message_usd","type":"numeric","pk":false},{"name":"price_per_message_brl","type":"numeric","pk":false},{"name":"provisioned_at","type":"timestamp with time zone","pk":false}],"fks":[]},"notification_logs":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"queue_id","type":"uuid","pk":false},{"name":"agenda_evento_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"channel","type":"text","pk":false},{"name":"template_key","type":"text","pk":false},{"name":"schedule_key","type":"text","pk":false},{"name":"recipient_address","type":"text","pk":false},{"name":"resolved_message","type":"text","pk":false},{"name":"resolved_vars","type":"jsonb","pk":false},{"name":"status","type":"text","pk":false},{"name":"provider","type":"text","pk":false},{"name":"provider_message_id","type":"text","pk":false},{"name":"provider_status","type":"text","pk":false},{"name":"provider_response","type":"jsonb","pk":false},{"name":"sent_at","type":"timestamp with time zone","pk":false},{"name":"delivered_at","type":"timestamp with time zone","pk":false},{"name":"read_at","type":"timestamp with time zone","pk":false},{"name":"failed_at","type":"timestamp with time zone","pk":false},{"name":"failure_reason","type":"text","pk":false},{"name":"estimated_cost_brl","type":"numeric","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"queue_id","to_table":"notification_queue","to_col":"id"}]},"notification_preferences":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"whatsapp_opt_in","type":"boolean","pk":false},{"name":"email_opt_in","type":"boolean","pk":false},{"name":"sms_opt_in","type":"boolean","pk":false},{"name":"preferred_time_start","type":"time without time zone","pk":false},{"name":"preferred_time_end","type":"time without time zone","pk":false},{"name":"lgpd_consent_given","type":"boolean","pk":false},{"name":"lgpd_consent_date","type":"timestamp with time zone","pk":false},{"name":"lgpd_consent_version","type":"text","pk":false},{"name":"lgpd_consent_ip","type":"inet","pk":false},{"name":"lgpd_opt_out_date","type":"timestamp with time zone","pk":false},{"name":"lgpd_opt_out_reason","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false}],"fks":[]},"notification_queue":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"agenda_evento_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"channel","type":"text","pk":false},{"name":"template_key","type":"text","pk":false},{"name":"schedule_key","type":"text","pk":false},{"name":"resolved_vars","type":"jsonb","pk":false},{"name":"recipient_address","type":"text","pk":false},{"name":"status","type":"text","pk":false},{"name":"scheduled_at","type":"timestamp with time zone","pk":false},{"name":"sent_at","type":"timestamp with time zone","pk":false},{"name":"next_retry_at","type":"timestamp with time zone","pk":false},{"name":"attempts","type":"integer","pk":false},{"name":"max_attempts","type":"integer","pk":false},{"name":"last_error","type":"text","pk":false},{"name":"idempotency_key","type":"text","pk":false},{"name":"provider_message_id","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"notification_schedules":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"schedule_key","type":"text","pk":false},{"name":"event_type","type":"text","pk":false},{"name":"trigger_type","type":"text","pk":false},{"name":"offset_minutes","type":"integer","pk":false},{"name":"whatsapp_enabled","type":"boolean","pk":false},{"name":"email_enabled","type":"boolean","pk":false},{"name":"sms_enabled","type":"boolean","pk":false},{"name":"allowed_time_start","type":"time without time zone","pk":false},{"name":"allowed_time_end","type":"time without time zone","pk":false},{"name":"skip_weekends","type":"boolean","pk":false},{"name":"skip_holidays","type":"boolean","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"sort_order","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false}],"fks":[]},"notification_templates":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"key","type":"text","pk":false},{"name":"domain","type":"text","pk":false},{"name":"channel","type":"text","pk":false},{"name":"event_type","type":"text","pk":false},{"name":"body_text","type":"text","pk":false},{"name":"meta_template_name","type":"text","pk":false},{"name":"meta_template_namespace","type":"text","pk":false},{"name":"meta_components","type":"jsonb","pk":false},{"name":"meta_status","type":"text","pk":false},{"name":"variables","type":"jsonb","pk":false},{"name":"version","type":"integer","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"is_default","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false}],"fks":[]},"notifications":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"type","type":"text","pk":false},{"name":"ref_id","type":"uuid","pk":false},{"name":"ref_table","type":"text","pk":false},{"name":"payload","type":"jsonb","pk":false},{"name":"read_at","type":"timestamp with time zone","pk":false},{"name":"archived","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"plan_features":{"columns":[{"name":"plan_id","type":"uuid","pk":false},{"name":"feature_id","type":"uuid","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"limits","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"feature_id","to_table":"features","to_col":"id"},{"from_col":"plan_id","to_table":"plans","to_col":"id"}]},"tenant_modules":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"module_id","type":"uuid","pk":false},{"name":"status","type":"text","pk":false},{"name":"settings","type":"jsonb","pk":false},{"name":"provider","type":"text","pk":false},{"name":"provider_item_id","type":"text","pk":false},{"name":"installed_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"module_id","to_table":"modules","to_col":"id"}]},"owner_users":{"columns":[{"name":"owner_id","type":"uuid","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"role","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"patient_contacts":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"patient_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"nome","type":"text","pk":false},{"name":"tipo","type":"text","pk":false},{"name":"relacao","type":"text","pk":false},{"name":"telefone","type":"text","pk":false},{"name":"email","type":"text","pk":false},{"name":"cpf","type":"text","pk":false},{"name":"especialidade","type":"text","pk":false},{"name":"registro_profissional","type":"text","pk":false},{"name":"is_primario","type":"boolean","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patient_discounts":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"discount_pct","type":"numeric","pk":false},{"name":"discount_flat","type":"numeric","pk":false},{"name":"reason","type":"text","pk":false},{"name":"active","type":"boolean","pk":false},{"name":"active_from","type":"timestamp with time zone","pk":false},{"name":"active_to","type":"timestamp with time zone","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"}]},"patient_group_patient":{"columns":[{"name":"patient_group_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patient_groups":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"nome","type":"text","pk":false},{"name":"descricao","type":"text","pk":false},{"name":"cor","type":"text","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"is_system","type":"boolean","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"therapist_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patient_intake_requests":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"token","type":"text","pk":false},{"name":"consent","type":"boolean","pk":false},{"name":"status","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"converted_patient_id","type":"uuid","pk":false},{"name":"rejected_reason","type":"text","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"cpf","type":"text","pk":false},{"name":"rg","type":"text","pk":false},{"name":"cep","type":"text","pk":false},{"name":"nome_completo","type":"text","pk":false},{"name":"email_principal","type":"text","pk":false},{"name":"telefone","type":"text","pk":false},{"name":"pais","type":"text","pk":false},{"name":"cidade","type":"text","pk":false},{"name":"estado","type":"text","pk":false},{"name":"endereco","type":"text","pk":false},{"name":"numero","type":"text","pk":false},{"name":"bairro","type":"text","pk":false},{"name":"complemento","type":"text","pk":false},{"name":"data_nascimento","type":"date","pk":false},{"name":"naturalidade","type":"text","pk":false},{"name":"genero","type":"text","pk":false},{"name":"estado_civil","type":"text","pk":false},{"name":"onde_nos_conheceu","type":"text","pk":false},{"name":"encaminhado_por","type":"text","pk":false},{"name":"observacoes","type":"text","pk":false},{"name":"notas_internas","type":"text","pk":false},{"name":"email_alternativo","type":"text","pk":false},{"name":"telefone_alternativo","type":"text","pk":false},{"name":"profissao","type":"text","pk":false},{"name":"escolaridade","type":"text","pk":false},{"name":"nacionalidade","type":"text","pk":false},{"name":"avatar_url","type":"text","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patient_invites":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"token","type":"text","pk":false},{"name":"active","type":"boolean","pk":false},{"name":"expires_at","type":"timestamp with time zone","pk":false},{"name":"max_uses","type":"integer","pk":false},{"name":"uses","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patient_patient_tag":{"columns":[{"name":"owner_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"tag_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tag_id","to_table":"patient_tags","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"},{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tag_id","to_table":"patient_tags","to_col":"id"}]},"patient_status_history":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"patient_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"status_anterior","type":"text","pk":false},{"name":"status_novo","type":"text","pk":false},{"name":"motivo","type":"text","pk":false},{"name":"encaminhado_para","type":"text","pk":false},{"name":"data_saida","type":"date","pk":false},{"name":"alterado_por","type":"uuid","pk":false},{"name":"alterado_em","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patient_support_contacts":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"patient_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"nome","type":"text","pk":false},{"name":"relacao","type":"text","pk":false},{"name":"tipo","type":"text","pk":false},{"name":"telefone","type":"text","pk":false},{"name":"email","type":"text","pk":false},{"name":"is_primario","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"}]},"patient_tags":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"nome","type":"text","pk":false},{"name":"cor","type":"text","pk":false},{"name":"is_padrao","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patient_timeline":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"patient_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"evento_tipo","type":"text","pk":false},{"name":"titulo","type":"text","pk":false},{"name":"descricao","type":"text","pk":false},{"name":"icone_cor","type":"text","pk":false},{"name":"link_ref_tipo","type":"text","pk":false},{"name":"link_ref_id","type":"uuid","pk":false},{"name":"gerado_por","type":"uuid","pk":false},{"name":"ocorrido_em","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patients":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"nome_completo","type":"text","pk":false},{"name":"email_principal","type":"text","pk":false},{"name":"telefone","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"avatar_url","type":"text","pk":false},{"name":"status","type":"text","pk":false},{"name":"last_attended_at","type":"timestamp with time zone","pk":false},{"name":"is_native","type":"boolean","pk":false},{"name":"naturalidade","type":"text","pk":false},{"name":"data_nascimento","type":"date","pk":false},{"name":"rg","type":"text","pk":false},{"name":"cpf","type":"text","pk":false},{"name":"identification_color","type":"text","pk":false},{"name":"genero","type":"text","pk":false},{"name":"estado_civil","type":"text","pk":false},{"name":"email_alternativo","type":"text","pk":false},{"name":"pais","type":"text","pk":false},{"name":"cep","type":"text","pk":false},{"name":"cidade","type":"text","pk":false},{"name":"estado","type":"text","pk":false},{"name":"endereco","type":"text","pk":false},{"name":"numero","type":"text","pk":false},{"name":"bairro","type":"text","pk":false},{"name":"complemento","type":"text","pk":false},{"name":"escolaridade","type":"text","pk":false},{"name":"profissao","type":"text","pk":false},{"name":"nome_parente","type":"text","pk":false},{"name":"grau_parentesco","type":"text","pk":false},{"name":"telefone_alternativo","type":"text","pk":false},{"name":"onde_nos_conheceu","type":"text","pk":false},{"name":"encaminhado_por","type":"text","pk":false},{"name":"nome_responsavel","type":"text","pk":false},{"name":"telefone_responsavel","type":"text","pk":false},{"name":"cpf_responsavel","type":"text","pk":false},{"name":"observacao_responsavel","type":"text","pk":false},{"name":"cobranca_no_responsavel","type":"boolean","pk":false},{"name":"observacoes","type":"text","pk":false},{"name":"notas_internas","type":"text","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"telefone_parente","type":"text","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"responsible_member_id","type":"uuid","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"patient_scope","type":"text","pk":false},{"name":"therapist_member_id","type":"uuid","pk":false},{"name":"nome_social","type":"text","pk":false},{"name":"pronomes","type":"text","pk":false},{"name":"etnia","type":"text","pk":false},{"name":"religiao","type":"text","pk":false},{"name":"faixa_renda","type":"text","pk":false},{"name":"canal_preferido","type":"text","pk":false},{"name":"horario_contato_inicio","type":"time without time zone","pk":false},{"name":"horario_contato_fim","type":"time without time zone","pk":false},{"name":"idioma","type":"text","pk":false},{"name":"origem","type":"text","pk":false},{"name":"metodo_pagamento_preferido","type":"text","pk":false},{"name":"motivo_saida","type":"text","pk":false},{"name":"data_saida","type":"date","pk":false},{"name":"encaminhado_para","type":"text","pk":false},{"name":"risco_elevado","type":"boolean","pk":false},{"name":"risco_nota","type":"text","pk":false},{"name":"risco_sinalizado_em","type":"timestamp with time zone","pk":false},{"name":"risco_sinalizado_por","type":"uuid","pk":false},{"name":"horario_contato","type":"text","pk":false},{"name":"convenio","type":"text","pk":false},{"name":"convenio_id","type":"uuid","pk":false}],"fks":[{"from_col":"convenio_id","to_table":"insurance_plans","to_col":"id"},{"from_col":"responsible_member_id","to_table":"tenant_members","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"},{"from_col":"therapist_member_id","to_table":"tenant_members","to_col":"id"}]},"payment_settings":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"pix_ativo","type":"boolean","pk":false},{"name":"pix_tipo","type":"text","pk":false},{"name":"pix_chave","type":"text","pk":false},{"name":"pix_nome_titular","type":"text","pk":false},{"name":"deposito_ativo","type":"boolean","pk":false},{"name":"deposito_banco","type":"text","pk":false},{"name":"deposito_agencia","type":"text","pk":false},{"name":"deposito_conta","type":"text","pk":false},{"name":"deposito_tipo_conta","type":"text","pk":false},{"name":"deposito_titular","type":"text","pk":false},{"name":"deposito_cpf_cnpj","type":"text","pk":false},{"name":"dinheiro_ativo","type":"boolean","pk":false},{"name":"cartao_ativo","type":"boolean","pk":false},{"name":"cartao_instrucao","type":"text","pk":false},{"name":"convenio_ativo","type":"boolean","pk":false},{"name":"convenio_lista","type":"text","pk":false},{"name":"observacoes_pagamento","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"plan_prices":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"plan_id","type":"uuid","pk":false},{"name":"currency","type":"text","pk":false},{"name":"amount_cents","type":"integer","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"active_from","type":"timestamp with time zone","pk":false},{"name":"active_to","type":"timestamp with time zone","pk":false},{"name":"source","type":"text","pk":false},{"name":"provider","type":"text","pk":false},{"name":"provider_price_id","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"plan_id","to_table":"plans","to_col":"id"}]},"plan_public":{"columns":[{"name":"plan_id","type":"uuid","pk":false},{"name":"public_name","type":"text","pk":false},{"name":"public_description","type":"text","pk":false},{"name":"badge","type":"text","pk":false},{"name":"is_featured","type":"boolean","pk":false},{"name":"is_visible","type":"boolean","pk":false},{"name":"sort_order","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"plan_id","to_table":"plans","to_col":"id"}]},"plan_public_bullets":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"plan_id","type":"uuid","pk":false},{"name":"text","type":"text","pk":false},{"name":"sort_order","type":"integer","pk":false},{"name":"highlight","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"plan_id","to_table":"plans","to_col":"id"}]},"plans":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"key","type":"text","pk":false},{"name":"name","type":"text","pk":false},{"name":"description","type":"text","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"price_cents","type":"integer","pk":false},{"name":"currency","type":"text","pk":false},{"name":"billing_interval","type":"text","pk":false},{"name":"target","type":"text","pk":false},{"name":"max_supervisees","type":"integer","pk":false}],"fks":[]},"professional_pricing":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"determined_commitment_id","type":"uuid","pk":false},{"name":"price","type":"numeric","pk":false},{"name":"notes","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"profiles":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"role","type":"text","pk":false},{"name":"full_name","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"avatar_url","type":"text","pk":false},{"name":"phone","type":"text","pk":false},{"name":"bio","type":"text","pk":false},{"name":"language","type":"text","pk":false},{"name":"timezone","type":"text","pk":false},{"name":"notify_system_email","type":"boolean","pk":false},{"name":"notify_reminders","type":"boolean","pk":false},{"name":"notify_news","type":"boolean","pk":false},{"name":"account_type","type":"text","pk":false},{"name":"platform_roles","type":"text[]","pk":false},{"name":"nickname","type":"text","pk":false},{"name":"work_description","type":"text","pk":false},{"name":"work_description_other","type":"text","pk":false},{"name":"site_url","type":"text","pk":false},{"name":"social_instagram","type":"text","pk":false},{"name":"social_youtube","type":"text","pk":false},{"name":"social_facebook","type":"text","pk":false},{"name":"social_x","type":"text","pk":false},{"name":"social_custom","type":"jsonb","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"recurrence_exceptions":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"recurrence_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"original_date","type":"date","pk":false},{"name":"new_date","type":"date","pk":false},{"name":"new_start_time","type":"time without time zone","pk":false},{"name":"new_end_time","type":"time without time zone","pk":false},{"name":"modalidade","type":"text","pk":false},{"name":"observacoes","type":"text","pk":false},{"name":"titulo_custom","type":"text","pk":false},{"name":"extra_fields","type":"jsonb","pk":false},{"name":"reason","type":"text","pk":false},{"name":"agenda_evento_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"agenda_evento_id","to_table":"agenda_eventos","to_col":"id"},{"from_col":"recurrence_id","to_table":"recurrence_rules","to_col":"id"}]},"recurrence_rule_services":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"rule_id","type":"uuid","pk":false},{"name":"service_id","type":"uuid","pk":false},{"name":"quantity","type":"integer","pk":false},{"name":"unit_price","type":"numeric","pk":false},{"name":"discount_pct","type":"numeric","pk":false},{"name":"discount_flat","type":"numeric","pk":false},{"name":"final_price","type":"numeric","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"rule_id","to_table":"recurrence_rules","to_col":"id"},{"from_col":"service_id","to_table":"services","to_col":"id"}]},"recurrence_rules":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"therapist_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"determined_commitment_id","type":"uuid","pk":false},{"name":"weekdays","type":"smallint[]","pk":false},{"name":"start_time","type":"time without time zone","pk":false},{"name":"end_time","type":"time without time zone","pk":false},{"name":"timezone","type":"text","pk":false},{"name":"duration_min","type":"smallint","pk":false},{"name":"start_date","type":"date","pk":false},{"name":"end_date","type":"date","pk":false},{"name":"max_occurrences","type":"integer","pk":false},{"name":"open_ended","type":"boolean","pk":false},{"name":"modalidade","type":"text","pk":false},{"name":"titulo_custom","type":"text","pk":false},{"name":"observacoes","type":"text","pk":false},{"name":"extra_fields","type":"jsonb","pk":false},{"name":"status","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"price","type":"numeric","pk":false},{"name":"insurance_plan_id","type":"uuid","pk":false},{"name":"insurance_guide_number","type":"text","pk":false},{"name":"insurance_value","type":"numeric","pk":false},{"name":"insurance_plan_service_id","type":"uuid","pk":false}],"fks":[{"from_col":"insurance_plan_id","to_table":"insurance_plans","to_col":"id"},{"from_col":"insurance_plan_service_id","to_table":"insurance_plan_services","to_col":"id"}]},"saas_admins":{"columns":[{"name":"user_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"saas_doc_votos":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"doc_id","type":"uuid","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"util","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"doc_id","to_table":"saas_docs","to_col":"id"}]},"saas_docs":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"titulo","type":"text","pk":false},{"name":"conteudo","type":"text","pk":false},{"name":"medias","type":"jsonb","pk":false},{"name":"tipo_acesso","type":"text","pk":false},{"name":"pagina_path","type":"text","pk":false},{"name":"docs_relacionados","type":"uuid[]","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"ordem","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"categoria","type":"text","pk":false},{"name":"exibir_no_faq","type":"boolean","pk":false},{"name":"votos_util","type":"integer","pk":false},{"name":"votos_nao_util","type":"integer","pk":false}],"fks":[]},"saas_faq":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"pergunta","type":"text","pk":false},{"name":"categoria","type":"text","pk":false},{"name":"publico","type":"boolean","pk":false},{"name":"votos","type":"integer","pk":false},{"name":"titulo","type":"text","pk":false},{"name":"conteudo","type":"text","pk":false},{"name":"tipo_acesso","type":"text","pk":false},{"name":"pagina_path","type":"text","pk":false},{"name":"pagina_label","type":"text","pk":false},{"name":"medias","type":"jsonb","pk":false},{"name":"faqs_relacionados","type":"uuid[]","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"ordem","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"saas_faq_itens":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"doc_id","type":"uuid","pk":false},{"name":"pergunta","type":"text","pk":false},{"name":"resposta","type":"text","pk":false},{"name":"ordem","type":"integer","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"doc_id","to_table":"saas_docs","to_col":"id"}]},"services":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"name","type":"text","pk":false},{"name":"description","type":"text","pk":false},{"name":"price","type":"numeric","pk":false},{"name":"duration_min","type":"integer","pk":false},{"name":"active","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"subscription_events":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"subscription_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"event_type","type":"text","pk":false},{"name":"old_plan_id","type":"uuid","pk":false},{"name":"new_plan_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"created_by","type":"uuid","pk":false},{"name":"source","type":"text","pk":false},{"name":"reason","type":"text","pk":false},{"name":"metadata","type":"jsonb","pk":false},{"name":"owner_type","type":"text","pk":false},{"name":"owner_ref","type":"uuid","pk":false}],"fks":[{"from_col":"subscription_id","to_table":"subscriptions","to_col":"id"}]},"subscription_intents_personal":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"user_id","type":"uuid","pk":false},{"name":"created_by_user_id","type":"uuid","pk":false},{"name":"email","type":"text","pk":false},{"name":"plan_id","type":"uuid","pk":false},{"name":"plan_key","type":"text","pk":false},{"name":"amount_cents","type":"integer","pk":false},{"name":"currency","type":"text","pk":false},{"name":"status","type":"text","pk":false},{"name":"source","type":"text","pk":false},{"name":"notes","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"paid_at","type":"timestamp with time zone","pk":false},{"name":"subscription_id","type":"uuid","pk":false}],"fks":[{"from_col":"subscription_id","to_table":"subscriptions","to_col":"id"},{"from_col":"plan_id","to_table":"plans","to_col":"id"}]},"subscription_intents_tenant":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"user_id","type":"uuid","pk":false},{"name":"created_by_user_id","type":"uuid","pk":false},{"name":"email","type":"text","pk":false},{"name":"plan_id","type":"uuid","pk":false},{"name":"plan_key","type":"text","pk":false},{"name":"amount_cents","type":"integer","pk":false},{"name":"currency","type":"text","pk":false},{"name":"status","type":"text","pk":false},{"name":"source","type":"text","pk":false},{"name":"notes","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"paid_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"subscription_id","type":"uuid","pk":false}],"fks":[{"from_col":"subscription_id","to_table":"subscriptions","to_col":"id"},{"from_col":"plan_id","to_table":"plans","to_col":"id"}]},"subscription_intents_legacy":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"user_id","type":"uuid","pk":false},{"name":"email","type":"text","pk":false},{"name":"plan_key","type":"text","pk":false},{"name":"amount_cents","type":"integer","pk":false},{"name":"currency","type":"text","pk":false},{"name":"status","type":"text","pk":false},{"name":"source","type":"text","pk":false},{"name":"notes","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"paid_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"created_by_user_id","type":"uuid","pk":false}],"fks":[]},"support_sessions":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"admin_id","type":"uuid","pk":false},{"name":"token","type":"text","pk":false},{"name":"expires_at","type":"timestamp with time zone","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"tenant_feature_exceptions_log":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"feature_key","type":"text","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"reason","type":"text","pk":false},{"name":"created_by","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"tenant_features":{"columns":[{"name":"tenant_id","type":"uuid","pk":false},{"name":"feature_key","type":"text","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"tenant_invites":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"email","type":"text","pk":false},{"name":"role","type":"text","pk":false},{"name":"token","type":"uuid","pk":false},{"name":"invited_by","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"expires_at","type":"timestamp with time zone","pk":false},{"name":"accepted_at","type":"timestamp with time zone","pk":false},{"name":"accepted_by","type":"uuid","pk":false},{"name":"revoked_at","type":"timestamp with time zone","pk":false},{"name":"revoked_by","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"tenants":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"name","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"kind","type":"text","pk":false},{"name":"papel_timbrado","type":"jsonb","pk":false}],"fks":[]},"therapist_payout_records":{"columns":[{"name":"payout_id","type":"uuid","pk":false},{"name":"financial_record_id","type":"uuid","pk":false}],"fks":[{"from_col":"financial_record_id","to_table":"financial_records","to_col":"id"},{"from_col":"payout_id","to_table":"therapist_payouts","to_col":"id"}]},"twilio_subaccount_usage":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"channel_id","type":"uuid","pk":false},{"name":"twilio_subaccount_sid","type":"text","pk":false},{"name":"period_start","type":"date","pk":false},{"name":"period_end","type":"date","pk":false},{"name":"messages_sent","type":"integer","pk":false},{"name":"messages_delivered","type":"integer","pk":false},{"name":"messages_failed","type":"integer","pk":false},{"name":"cost_usd","type":"numeric","pk":false},{"name":"cost_brl","type":"numeric","pk":false},{"name":"revenue_brl","type":"numeric","pk":false},{"name":"margin_brl","type":"numeric","pk":false},{"name":"usd_brl_rate","type":"numeric","pk":false},{"name":"synced_at","type":"timestamp with time zone","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"channel_id","to_table":"notification_channels","to_col":"id"}]},"user_settings":{"columns":[{"name":"user_id","type":"uuid","pk":false},{"name":"theme_mode","type":"text","pk":false},{"name":"preset","type":"text","pk":false},{"name":"primary_color","type":"text","pk":false},{"name":"surface_color","type":"text","pk":false},{"name":"menu_mode","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"layout_variant","type":"text","pk":false}],"fks":[]}},"views":["current_tenant_id","owner_feature_entitlements","subscription_intents","v_auth_users_public","v_commitment_totals","v_patient_groups_with_counts","v_plan_active_prices","v_public_pricing","v_subscription_feature_mismatch","v_subscription_health","v_subscription_health_v2","v_tag_patient_counts","v_tenant_active_subscription","v_tenant_entitlements","v_tenant_entitlements_full","v_tenant_entitlements_json","v_tenant_feature_exceptions","v_tenant_feature_mismatch","v_tenant_members_with_profiles","v_tenant_people","v_tenant_staff","v_twilio_whatsapp_overview","v_user_active_subscription","v_user_entitlements"],"domains":{"SaaS / Planos":["plans","plan_features","plan_prices","plan_public","plan_public_bullets","features","modules","module_features","subscriptions","subscription_events","subscription_intents_legacy","subscription_intents_personal","subscription_intents_tenant","tenant_modules","tenant_features","tenant_feature_exceptions_log","billing_contracts","entitlements_invalidation"],"Addons / Créditos":["addon_products","addon_credits","addon_transactions"],"Tenants / Multi-tenant":["tenants","profiles","user_settings","tenant_invites","tenant_members","company_profiles","support_sessions","saas_admins","owner_users","dev_user_credentials"],"Pacientes":["patients","patient_contacts","patient_support_contacts","patient_groups","patient_group_patient","patient_tags","patient_patient_tag","patient_discounts","patient_intake_requests","patient_invites","patient_status_history","patient_timeline"],"Agenda / Agendamento":["agenda_eventos","agenda_bloqueios","agenda_configuracoes","agenda_excecoes","agenda_online_slots","agenda_regras_semanais","agenda_slots_bloqueados_semanais","agenda_slots_regras","agendador_configuracoes","agendador_solicitacoes"],"Financeiro":["financial_categories","financial_exceptions","financial_records","payment_settings","professional_pricing","therapist_payouts","therapist_payout_records","recurrence_rules","recurrence_exceptions","recurrence_rule_services"],"Serviços / Prontuários":["services","commitment_services","commitment_time_logs","determined_commitments","determined_commitment_fields","insurance_plans","insurance_plan_services","medicos"],"Documentos":["documents","document_templates","document_generated","document_access_logs","document_share_links","document_signatures"],"Comunicação / Notificações":["email_templates_global","email_templates_tenant","email_layout_config","notification_templates","notification_channels","notification_preferences","notification_logs","notification_schedules","notification_queue","notifications","notice_dismissals","global_notices","login_carousel_slides","twilio_subaccount_usage"],"Central SaaS (docs/FAQ)":["saas_docs","saas_doc_votos","saas_faq","saas_faq_itens"],"Estrutura / Calendário":["feriados"]},"slugs":{"SaaS / Planos":"saas-planos","Addons / Créditos":"addons-creditos","Tenants / Multi-tenant":"tenants-multi-tenant","Pacientes":"pacientes","Agenda / Agendamento":"agenda-agendamento","Financeiro":"financeiro","Serviços / Prontuários":"servicos-prontuarios","Documentos":"documentos","Comunicação / Notificações":"comunicacao-notificacoes","Central SaaS (docs/FAQ)":"central-saas-docs-faq","Estrutura / Calendário":"estrutura-calendario"}};
-const C={"SaaS / Planos":"#4f8cff","Addons / Créditos":"#a78bfa","Tenants / Multi-tenant":"#6ee7b7","Pacientes":"#f472b6","Agenda / Agendamento":"#38bdf8","Financeiro":"#f87171","Serviços / Prontuários":"#34d399","Documentos":"#0ea5e9","Comunicação / Notificações":"#fbbf24","Central SaaS (docs/FAQ)":"#c084fc","Estrutura / Calendário":"#fb923c"};
-const INFRA={"Banco & Backend":{"color":"#4f8cff","items":[{"name":"Supabase","role":"Postgres + Auth + Storage + Realtime + Edge Functions","env":"Local (Docker) + Cloud","status":"ativo","notes":"Stack principal. Migrations em database-novo/migrations/. Functions em supabase/functions/. CLI via npx supabase."},{"name":"PostgreSQL 15","role":"Banco de dados relacional (via container supabase_db_agenciapsi-primesakai)","env":"Local (Docker)","status":"ativo","notes":"RLS habilitada em todas as tabelas públicas. Multi-tenant via tenant_id. SECURITY DEFINER em RPCs sensíveis."},{"name":"Docker + Docker Compose","role":"Orquestração dos containers do stack Supabase local + Evolution API","env":"Local","status":"ativo","notes":"docker-compose.yml na raiz. Iniciado via npx supabase start."}]},"Email":{"color":"#fbbf24","items":[{"name":"Mailpit (Supabase inbucket)","role":"Inbox SMTP local para capturar emails de teste","env":"Local (Docker)","status":"ativo","notes":"Container supabase_inbucket. Usado em dev para validar templates sem enviar email real."},{"name":"SMTP produção","role":"Envio real de emails transacionais (faturas, convites, notificações)","env":"Cloud (pendente)","status":"pendente","notes":"Requer SMTP_HOST/PORT/USER/PASS/FROM nos secrets das edge functions."}]},"WhatsApp / SMS":{"color":"#34d399","items":[{"name":"Evolution API","role":"Integração WhatsApp Business (envio/recebimento)","env":"Local (Docker)","status":"ativo","notes":"Container via evolution-api/. whatsapp_instances e notification_channels já cadastrados. Integração real está sendo costurada."},{"name":"Twilio (SMS/Voz)","role":"Provedor de SMS e voz para notificações","env":"Cloud","status":"ativo","notes":"twilio_subaccount_usage rastreia consumo por tenant. SaasTwilioWhatsappPage gerencia contas."}]},"Geração de documentos":{"color":"#38bdf8","items":[{"name":"pdfmake 0.3.7","role":"Geração de PDF client-side (atestados, laudos, recibos)","env":"Browser","status":"ativo","notes":"UMD/webpack. Requer optimizeDeps.include explícito no vite.config.mjs."},{"name":"html-to-pdfmake / html2pdf.js / jsPDF","role":"Conversão HTML→PDF para documentos ricos","env":"Browser","status":"ativo","notes":"Usado em document_templates e documents gerados para pacientes."},{"name":"Jodit + Quill","role":"Editores de texto rico para templates de documentos","env":"Browser","status":"ativo","notes":"Jodit em DocumentTemplateEditor; Quill em páginas legadas. Migração em andamento."},{"name":"html2canvas-pro","role":"Captura de screenshots de DOM (preview/export)","env":"Browser","status":"ativo","notes":"Usado para thumbnails de templates e previews."}]},"Frontend":{"color":"#a78bfa","items":[{"name":"Vue 3 + Composition API","role":"Framework principal (script setup)","env":"Browser","status":"ativo","notes":"~487 componentes Vue. Pinia para state management."},{"name":"Vite 5","role":"Build tool e dev server","env":"Node.js","status":"ativo","notes":"vite-plugin-compression (Brotli/Gzip), unplugin-auto-import para PrimeVue e Vue. rollup-plugin-visualizer para análise de bundle."},{"name":"PrimeVue 4 (tema Sakai)","role":"Biblioteca de componentes UI","env":"Browser","status":"ativo","notes":"@primeuix/themes. auto-import-resolver. DataTable, Dialog, DatePicker, Popover, Toast, ConfirmDialog headless."},{"name":"Tailwind CSS v4","role":"Utility-first CSS","env":"Browser","status":"ativo","notes":"@tailwindcss/vite + tailwindcss-primeui. Surface tokens do PrimeVue (var(--surface-card), var(--text-color-secondary))."},{"name":"Vue Router","role":"Roteamento SPA com guards por role/tenant","env":"Browser","status":"ativo","notes":"Grupos de rota: therapist, admin, supervisor, saas, billing, account, configuracoes, features."},{"name":"FullCalendar 6","role":"Calendário para agenda de terapeutas","env":"Browser","status":"ativo","notes":"Plugins: daygrid, timegrid, interaction, list, resource, resource-timegrid."},{"name":"Chart.js 3","role":"Gráficos para dashboards (financeiro, KPIs)","env":"Browser","status":"ativo","notes":"Usado em dashboards do therapist e clinic."}]},"Dev / Tooling":{"color":"#94a3b8","items":[{"name":"Supabase CLI","role":"Gerencia ambiente local, migrations, edge functions","env":"Node.js","status":"ativo","notes":"Via npx supabase. Start/stop/status/db-push/functions-deploy."},{"name":"db.cjs (este projeto)","role":"CLI auxiliar pra setup/backup/restore/migrate/verify via docker exec","env":"Node.js","status":"ativo","notes":"Complementa o supabase CLI com fluxo schema + fixes + seeds + migrations. Encoding UTF-8 preservado."},{"name":"generate-dashboard.cjs","role":"Gera dashboard HTML estático do schema (tabelas, FKs, infra)","env":"Node.js","status":"ativo","notes":"Standalone, sem dependências externas. Lê config de db.config.json e schema do backup mais recente."},{"name":"Vitest 4","role":"Runner de testes unitários","env":"Node.js","status":"ativo","notes":"npm test / test:watch / test:ui. Bateria inicial em src/**/__tests__."},{"name":"ESLint + Prettier","role":"Lint + formatação automática","env":"Node.js","status":"ativo","notes":"@vue/eslint-config-prettier. Rodado via npm run lint."}]}};
-const INFRA_GROUPS=6;
-const INFRA_ITEMS=23;
+const D={"tables":{"subscriptions":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"user_id","type":"uuid","pk":false},{"name":"plan_id","type":"uuid","pk":false},{"name":"status","type":"text","pk":false},{"name":"current_period_start","type":"timestamp with time zone","pk":false},{"name":"current_period_end","type":"timestamp with time zone","pk":false},{"name":"cancel_at_period_end","type":"boolean","pk":false},{"name":"provider","type":"text","pk":false},{"name":"provider_customer_id","type":"text","pk":false},{"name":"provider_subscription_id","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"plan_key","type":"text","pk":false},{"name":"source","type":"text","pk":false},{"name":"started_at","type":"timestamp with time zone","pk":false},{"name":"canceled_at","type":"timestamp with time zone","pk":false},{"name":"activated_at","type":"timestamp with time zone","pk":false},{"name":"past_due_since","type":"timestamp with time zone","pk":false},{"name":"suspended_at","type":"timestamp with time zone","pk":false},{"name":"suspended_reason","type":"text","pk":false},{"name":"cancelled_at","type":"timestamp with time zone","pk":false},{"name":"cancel_reason","type":"text","pk":false},{"name":"expired_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"plan_id","to_table":"plans","to_col":"id"}]},"financial_records":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"amount","type":"numeric","pk":false},{"name":"description","type":"text","pk":false},{"name":"category","type":"text","pk":false},{"name":"payment_method","type":"text","pk":false},{"name":"paid_at","type":"timestamp with time zone","pk":false},{"name":"due_date","type":"date","pk":false},{"name":"installments","type":"smallint","pk":false},{"name":"installment_number","type":"smallint","pk":false},{"name":"installment_group","type":"uuid","pk":false},{"name":"agenda_evento_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"clinic_fee_pct","type":"numeric","pk":false},{"name":"clinic_fee_amount","type":"numeric","pk":false},{"name":"net_amount","type":"numeric","pk":false},{"name":"insurance_plan_id","type":"uuid","pk":false},{"name":"notes","type":"text","pk":false},{"name":"tags","type":"text[]","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false},{"name":"discount_amount","type":"numeric","pk":false},{"name":"final_amount","type":"numeric","pk":false},{"name":"status","type":"text","pk":false},{"name":"category_id","type":"uuid","pk":false}],"fks":[{"from_col":"agenda_evento_id","to_table":"agenda_eventos","to_col":"id"},{"from_col":"category_id","to_table":"financial_categories","to_col":"id"},{"from_col":"insurance_plan_id","to_table":"insurance_plans","to_col":"id"},{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"therapist_payouts":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"period_start","type":"date","pk":false},{"name":"period_end","type":"date","pk":false},{"name":"total_sessions","type":"integer","pk":false},{"name":"gross_amount","type":"numeric","pk":false},{"name":"clinic_fee_total","type":"numeric","pk":false},{"name":"net_amount","type":"numeric","pk":false},{"name":"status","type":"text","pk":false},{"name":"paid_at","type":"timestamp with time zone","pk":false},{"name":"notes","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"tenant_members":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"role","type":"text","pk":false},{"name":"status","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"_db_migrations":{"columns":[{"name":"id","type":"integer","pk":true},{"name":"filename","type":"text","pk":false},{"name":"hash","type":"text","pk":false},{"name":"category","type":"text","pk":false},{"name":"applied_at","type":"timestamp with time zone","pk":false}],"fks":[]},"addon_credits":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"addon_type","type":"text","pk":false},{"name":"balance","type":"integer","pk":false},{"name":"total_purchased","type":"integer","pk":false},{"name":"total_consumed","type":"integer","pk":false},{"name":"low_balance_threshold","type":"integer","pk":false},{"name":"low_balance_notified","type":"boolean","pk":false},{"name":"daily_limit","type":"integer","pk":false},{"name":"hourly_limit","type":"integer","pk":false},{"name":"daily_used","type":"integer","pk":false},{"name":"hourly_used","type":"integer","pk":false},{"name":"daily_reset_at","type":"timestamp with time zone","pk":false},{"name":"hourly_reset_at","type":"timestamp with time zone","pk":false},{"name":"from_number_override","type":"text","pk":false},{"name":"expires_at","type":"timestamp with time zone","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"addon_products":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"slug","type":"text","pk":false},{"name":"name","type":"text","pk":false},{"name":"description","type":"text","pk":false},{"name":"addon_type","type":"text","pk":false},{"name":"icon","type":"text","pk":false},{"name":"credits_amount","type":"integer","pk":false},{"name":"price_cents","type":"integer","pk":false},{"name":"currency","type":"text","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"is_visible","type":"boolean","pk":false},{"name":"sort_order","type":"integer","pk":false},{"name":"metadata","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false}],"fks":[]},"addon_transactions":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"addon_type","type":"text","pk":false},{"name":"type","type":"text","pk":false},{"name":"amount","type":"integer","pk":false},{"name":"balance_before","type":"integer","pk":false},{"name":"balance_after","type":"integer","pk":false},{"name":"product_id","type":"uuid","pk":false},{"name":"queue_id","type":"uuid","pk":false},{"name":"description","type":"text","pk":false},{"name":"admin_user_id","type":"uuid","pk":false},{"name":"payment_method","type":"text","pk":false},{"name":"payment_reference","type":"text","pk":false},{"name":"price_cents","type":"integer","pk":false},{"name":"currency","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"metadata","type":"jsonb","pk":false}],"fks":[{"from_col":"product_id","to_table":"addon_products","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agenda_bloqueios":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"tipo","type":"text","pk":false},{"name":"titulo","type":"text","pk":false},{"name":"data_inicio","type":"date","pk":false},{"name":"data_fim","type":"date","pk":false},{"name":"hora_inicio","type":"time without time zone","pk":false},{"name":"hora_fim","type":"time without time zone","pk":false},{"name":"recorrente","type":"boolean","pk":false},{"name":"dia_semana","type":"smallint","pk":false},{"name":"observacao","type":"text","pk":false},{"name":"origem","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agenda_configuracoes":{"columns":[{"name":"owner_id","type":"uuid","pk":false},{"name":"duracao_padrao_minutos","type":"integer","pk":false},{"name":"intervalo_padrao_minutos","type":"integer","pk":false},{"name":"timezone","type":"text","pk":false},{"name":"usar_horario_admin_custom","type":"boolean","pk":false},{"name":"admin_inicio_visualizacao","type":"time without time zone","pk":false},{"name":"admin_fim_visualizacao","type":"time without time zone","pk":false},{"name":"admin_slot_visual_minutos","type":"integer","pk":false},{"name":"online_ativo","type":"boolean","pk":false},{"name":"online_min_antecedencia_horas","type":"integer","pk":false},{"name":"online_max_dias_futuro","type":"integer","pk":false},{"name":"online_cancelar_ate_horas","type":"integer","pk":false},{"name":"online_reagendar_ate_horas","type":"integer","pk":false},{"name":"online_limite_agendamentos_futuros","type":"integer","pk":false},{"name":"online_modo","type":"text","pk":false},{"name":"online_buffer_antes_min","type":"integer","pk":false},{"name":"online_buffer_depois_min","type":"integer","pk":false},{"name":"online_modalidade","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"usar_granularidade_custom","type":"boolean","pk":false},{"name":"granularidade_min","type":"integer","pk":false},{"name":"setup_concluido","type":"boolean","pk":false},{"name":"setup_concluido_em","type":"timestamp with time zone","pk":false},{"name":"agenda_view_mode","type":"text","pk":false},{"name":"agenda_custom_start","type":"time without time zone","pk":false},{"name":"agenda_custom_end","type":"time without time zone","pk":false},{"name":"session_duration_min","type":"integer","pk":false},{"name":"session_break_min","type":"integer","pk":false},{"name":"pausas_semanais","type":"jsonb","pk":false},{"name":"setup_clinica_concluido","type":"boolean","pk":false},{"name":"setup_clinica_concluido_em","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"jornada_igual_todos","type":"boolean","pk":false},{"name":"slot_mode","type":"text","pk":false},{"name":"atendimento_mode","type":"text","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agenda_eventos":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"titulo","type":"text","pk":false},{"name":"observacoes","type":"text","pk":false},{"name":"inicio_em","type":"timestamp with time zone","pk":false},{"name":"fim_em","type":"timestamp with time zone","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"terapeuta_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"visibility_scope","type":"text","pk":false},{"name":"mirror_of_event_id","type":"uuid","pk":false},{"name":"mirror_source","type":"text","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"determined_commitment_id","type":"uuid","pk":false},{"name":"link_online","type":"text","pk":false},{"name":"titulo_custom","type":"text","pk":false},{"name":"extra_fields","type":"jsonb","pk":false},{"name":"recurrence_id","type":"uuid","pk":false},{"name":"recurrence_date","type":"date","pk":false},{"name":"modalidade","type":"text","pk":false},{"name":"price","type":"numeric","pk":false},{"name":"billing_contract_id","type":"uuid","pk":false},{"name":"billed","type":"boolean","pk":false},{"name":"services_customized","type":"boolean","pk":false},{"name":"insurance_plan_id","type":"uuid","pk":false},{"name":"insurance_guide_number","type":"text","pk":false},{"name":"insurance_value","type":"numeric","pk":false},{"name":"insurance_plan_service_id","type":"uuid","pk":false}],"fks":[{"from_col":"billing_contract_id","to_table":"billing_contracts","to_col":"id"},{"from_col":"determined_commitment_id","to_table":"determined_commitments","to_col":"id"},{"from_col":"insurance_plan_id","to_table":"insurance_plans","to_col":"id"},{"from_col":"insurance_plan_service_id","to_table":"insurance_plan_services","to_col":"id"},{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"recurrence_id","to_table":"recurrence_rules","to_col":"id"}]},"agenda_excecoes":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"data","type":"date","pk":false},{"name":"hora_inicio","type":"time without time zone","pk":false},{"name":"hora_fim","type":"time without time zone","pk":false},{"name":"motivo","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"fonte","type":"text","pk":false},{"name":"aplicavel_online","type":"boolean","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agenda_online_slots":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"weekday","type":"integer","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agenda_regras_semanais":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"dia_semana","type":"smallint","pk":false},{"name":"hora_inicio","type":"time without time zone","pk":false},{"name":"hora_fim","type":"time without time zone","pk":false},{"name":"modalidade","type":"text","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agenda_slots_bloqueados_semanais":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"dia_semana","type":"smallint","pk":false},{"name":"hora_inicio","type":"time without time zone","pk":false},{"name":"motivo","type":"text","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agenda_slots_regras":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"dia_semana","type":"smallint","pk":false},{"name":"passo_minutos","type":"integer","pk":false},{"name":"offset_minutos","type":"integer","pk":false},{"name":"buffer_antes_min","type":"integer","pk":false},{"name":"buffer_depois_min","type":"integer","pk":false},{"name":"min_antecedencia_horas","type":"integer","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agendador_configuracoes":{"columns":[{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"link_slug","type":"text","pk":false},{"name":"imagem_fundo_url","type":"text","pk":false},{"name":"imagem_header_url","type":"text","pk":false},{"name":"logomarca_url","type":"text","pk":false},{"name":"cor_primaria","type":"text","pk":false},{"name":"nome_exibicao","type":"text","pk":false},{"name":"endereco","type":"text","pk":false},{"name":"botao_como_chegar_ativo","type":"boolean","pk":false},{"name":"maps_url","type":"text","pk":false},{"name":"modo_aprovacao","type":"text","pk":false},{"name":"modalidade","type":"text","pk":false},{"name":"tipos_habilitados","type":"jsonb","pk":false},{"name":"duracao_sessao_min","type":"integer","pk":false},{"name":"antecedencia_minima_horas","type":"integer","pk":false},{"name":"prazo_resposta_horas","type":"integer","pk":false},{"name":"reserva_horas","type":"integer","pk":false},{"name":"pagamento_obrigatorio","type":"boolean","pk":false},{"name":"pix_chave","type":"text","pk":false},{"name":"pix_countdown_minutos","type":"integer","pk":false},{"name":"triagem_motivo","type":"boolean","pk":false},{"name":"triagem_como_conheceu","type":"boolean","pk":false},{"name":"verificacao_email","type":"boolean","pk":false},{"name":"exigir_aceite_lgpd","type":"boolean","pk":false},{"name":"mensagem_boas_vindas","type":"text","pk":false},{"name":"texto_como_se_preparar","type":"text","pk":false},{"name":"texto_termos_lgpd","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"pagamento_modo","type":"text","pk":false},{"name":"pagamento_metodos_visiveis","type":"text[]","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"agendador_solicitacoes":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"paciente_nome","type":"text","pk":false},{"name":"paciente_sobrenome","type":"text","pk":false},{"name":"paciente_email","type":"text","pk":false},{"name":"paciente_celular","type":"text","pk":false},{"name":"paciente_cpf","type":"text","pk":false},{"name":"tipo","type":"text","pk":false},{"name":"modalidade","type":"text","pk":false},{"name":"data_solicitada","type":"date","pk":false},{"name":"hora_solicitada","type":"time without time zone","pk":false},{"name":"reservado_ate","type":"timestamp with time zone","pk":false},{"name":"motivo","type":"text","pk":false},{"name":"como_conheceu","type":"text","pk":false},{"name":"pix_status","type":"text","pk":false},{"name":"pix_pago_em","type":"timestamp with time zone","pk":false},{"name":"status","type":"text","pk":false},{"name":"recusado_motivo","type":"text","pk":false},{"name":"autorizado_em","type":"timestamp with time zone","pk":false},{"name":"autorizado_por","type":"uuid","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"evento_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"audit_logs":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"entity_type","type":"text","pk":false},{"name":"entity_id","type":"text","pk":false},{"name":"action","type":"text","pk":false},{"name":"old_values","type":"jsonb","pk":false},{"name":"new_values","type":"jsonb","pk":false},{"name":"changed_fields","type":"text[]","pk":false},{"name":"metadata","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"document_access_logs":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"documento_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"acao","type":"text","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"ip","type":"inet","pk":false},{"name":"user_agent","type":"text","pk":false},{"name":"acessado_em","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"documento_id","to_table":"documents","to_col":"id"}]},"notification_logs":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"queue_id","type":"uuid","pk":false},{"name":"agenda_evento_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"channel","type":"text","pk":false},{"name":"template_key","type":"text","pk":false},{"name":"schedule_key","type":"text","pk":false},{"name":"recipient_address","type":"text","pk":false},{"name":"resolved_message","type":"text","pk":false},{"name":"resolved_vars","type":"jsonb","pk":false},{"name":"status","type":"text","pk":false},{"name":"provider","type":"text","pk":false},{"name":"provider_message_id","type":"text","pk":false},{"name":"provider_status","type":"text","pk":false},{"name":"provider_response","type":"jsonb","pk":false},{"name":"sent_at","type":"timestamp with time zone","pk":false},{"name":"delivered_at","type":"timestamp with time zone","pk":false},{"name":"read_at","type":"timestamp with time zone","pk":false},{"name":"failed_at","type":"timestamp with time zone","pk":false},{"name":"failure_reason","type":"text","pk":false},{"name":"estimated_cost_brl","type":"numeric","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"queue_id","to_table":"notification_queue","to_col":"id"}]},"patient_status_history":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"patient_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"status_anterior","type":"text","pk":false},{"name":"status_novo","type":"text","pk":false},{"name":"motivo","type":"text","pk":false},{"name":"encaminhado_para","type":"text","pk":false},{"name":"data_saida","type":"date","pk":false},{"name":"alterado_por","type":"uuid","pk":false},{"name":"alterado_em","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"billing_contracts":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"type","type":"text","pk":false},{"name":"total_sessions","type":"integer","pk":false},{"name":"sessions_used","type":"integer","pk":false},{"name":"package_price","type":"numeric","pk":false},{"name":"amount","type":"numeric","pk":false},{"name":"billing_interval","type":"text","pk":false},{"name":"active_from","type":"timestamp with time zone","pk":false},{"name":"active_to","type":"timestamp with time zone","pk":false},{"name":"status","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"}]},"commitment_services":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"commitment_id","type":"uuid","pk":false},{"name":"service_id","type":"uuid","pk":false},{"name":"quantity","type":"integer","pk":false},{"name":"unit_price","type":"numeric","pk":false},{"name":"discount_pct","type":"numeric","pk":false},{"name":"discount_flat","type":"numeric","pk":false},{"name":"final_price","type":"numeric","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"commitment_id","to_table":"agenda_eventos","to_col":"id"},{"from_col":"service_id","to_table":"services","to_col":"id"}]},"commitment_time_logs":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"commitment_id","type":"uuid","pk":false},{"name":"calendar_event_id","type":"uuid","pk":false},{"name":"started_at","type":"timestamp with time zone","pk":false},{"name":"ended_at","type":"timestamp with time zone","pk":false},{"name":"minutes","type":"integer","pk":false},{"name":"created_by","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"calendar_event_id","to_table":"agenda_eventos","to_col":"id"},{"from_col":"commitment_id","to_table":"determined_commitments","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"company_profiles":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"nome_fantasia","type":"text","pk":false},{"name":"razao_social","type":"text","pk":false},{"name":"tipo_empresa","type":"text","pk":false},{"name":"cnpj","type":"text","pk":false},{"name":"ie","type":"text","pk":false},{"name":"im","type":"text","pk":false},{"name":"cep","type":"text","pk":false},{"name":"logradouro","type":"text","pk":false},{"name":"numero","type":"text","pk":false},{"name":"complemento","type":"text","pk":false},{"name":"bairro","type":"text","pk":false},{"name":"cidade","type":"text","pk":false},{"name":"estado","type":"text","pk":false},{"name":"email","type":"text","pk":false},{"name":"telefone","type":"text","pk":false},{"name":"site","type":"text","pk":false},{"name":"logo_url","type":"text","pk":false},{"name":"redes_sociais","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"conversation_autoreply_log":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"thread_key","type":"text","pk":false},{"name":"sent_at","type":"timestamp with time zone","pk":false},{"name":"message_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"conversation_autoreply_settings":{"columns":[{"name":"tenant_id","type":"uuid","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"message","type":"text","pk":false},{"name":"cooldown_minutes","type":"integer","pk":false},{"name":"schedule_mode","type":"text","pk":false},{"name":"business_hours","type":"jsonb","pk":false},{"name":"custom_window","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"conversation_messages":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"channel","type":"text","pk":false},{"name":"direction","type":"text","pk":false},{"name":"from_number","type":"text","pk":false},{"name":"to_number","type":"text","pk":false},{"name":"body","type":"text","pk":false},{"name":"media_url","type":"text","pk":false},{"name":"media_mime","type":"text","pk":false},{"name":"provider","type":"text","pk":false},{"name":"provider_message_id","type":"text","pk":false},{"name":"provider_raw","type":"jsonb","pk":false},{"name":"kanban_status","type":"text","pk":false},{"name":"priority","type":"integer","pk":false},{"name":"read_at","type":"timestamp with time zone","pk":false},{"name":"responded_at","type":"timestamp with time zone","pk":false},{"name":"resolved_at","type":"timestamp with time zone","pk":false},{"name":"received_at","type":"timestamp with time zone","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"delivered_at","type":"timestamp with time zone","pk":false},{"name":"read_by_recipient_at","type":"timestamp with time zone","pk":false},{"name":"delivery_status","type":"text","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"conversation_notes":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"thread_key","type":"text","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"contact_number","type":"text","pk":false},{"name":"body","type":"text","pk":false},{"name":"created_by","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"conversation_optout_keywords":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"keyword","type":"text","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"is_system","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"conversation_optouts":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"phone","type":"text","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"source","type":"text","pk":false},{"name":"keyword_matched","type":"text","pk":false},{"name":"original_message","type":"text","pk":false},{"name":"notes","type":"text","pk":false},{"name":"blocked_by","type":"uuid","pk":false},{"name":"opted_out_at","type":"timestamp with time zone","pk":false},{"name":"opted_back_in_at","type":"timestamp with time zone","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"conversation_tags":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"name","type":"text","pk":false},{"name":"slug","type":"text","pk":false},{"name":"color","type":"text","pk":false},{"name":"icon","type":"text","pk":false},{"name":"is_system","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"conversation_thread_tags":{"columns":[{"name":"tenant_id","type":"uuid","pk":false},{"name":"thread_key","type":"text","pk":false},{"name":"tag_id","type":"uuid","pk":false},{"name":"tagged_by","type":"uuid","pk":false},{"name":"tagged_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tag_id","to_table":"conversation_tags","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patients":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"nome_completo","type":"text","pk":false},{"name":"email_principal","type":"text","pk":false},{"name":"telefone","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"avatar_url","type":"text","pk":false},{"name":"status","type":"text","pk":false},{"name":"last_attended_at","type":"timestamp with time zone","pk":false},{"name":"is_native","type":"boolean","pk":false},{"name":"naturalidade","type":"text","pk":false},{"name":"data_nascimento","type":"date","pk":false},{"name":"rg","type":"text","pk":false},{"name":"cpf","type":"text","pk":false},{"name":"identification_color","type":"text","pk":false},{"name":"genero","type":"text","pk":false},{"name":"estado_civil","type":"text","pk":false},{"name":"email_alternativo","type":"text","pk":false},{"name":"pais","type":"text","pk":false},{"name":"cep","type":"text","pk":false},{"name":"cidade","type":"text","pk":false},{"name":"estado","type":"text","pk":false},{"name":"endereco","type":"text","pk":false},{"name":"numero","type":"text","pk":false},{"name":"bairro","type":"text","pk":false},{"name":"complemento","type":"text","pk":false},{"name":"escolaridade","type":"text","pk":false},{"name":"profissao","type":"text","pk":false},{"name":"nome_parente","type":"text","pk":false},{"name":"grau_parentesco","type":"text","pk":false},{"name":"telefone_alternativo","type":"text","pk":false},{"name":"onde_nos_conheceu","type":"text","pk":false},{"name":"encaminhado_por","type":"text","pk":false},{"name":"nome_responsavel","type":"text","pk":false},{"name":"telefone_responsavel","type":"text","pk":false},{"name":"cpf_responsavel","type":"text","pk":false},{"name":"observacao_responsavel","type":"text","pk":false},{"name":"cobranca_no_responsavel","type":"boolean","pk":false},{"name":"observacoes","type":"text","pk":false},{"name":"notas_internas","type":"text","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"telefone_parente","type":"text","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"responsible_member_id","type":"uuid","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"patient_scope","type":"text","pk":false},{"name":"therapist_member_id","type":"uuid","pk":false},{"name":"nome_social","type":"text","pk":false},{"name":"pronomes","type":"text","pk":false},{"name":"etnia","type":"text","pk":false},{"name":"religiao","type":"text","pk":false},{"name":"faixa_renda","type":"text","pk":false},{"name":"canal_preferido","type":"text","pk":false},{"name":"horario_contato_inicio","type":"time without time zone","pk":false},{"name":"horario_contato_fim","type":"time without time zone","pk":false},{"name":"idioma","type":"text","pk":false},{"name":"origem","type":"text","pk":false},{"name":"metodo_pagamento_preferido","type":"text","pk":false},{"name":"motivo_saida","type":"text","pk":false},{"name":"data_saida","type":"date","pk":false},{"name":"encaminhado_para","type":"text","pk":false},{"name":"risco_elevado","type":"boolean","pk":false},{"name":"risco_nota","type":"text","pk":false},{"name":"risco_sinalizado_em","type":"timestamp with time zone","pk":false},{"name":"risco_sinalizado_por","type":"uuid","pk":false},{"name":"horario_contato","type":"text","pk":false},{"name":"convenio","type":"text","pk":false},{"name":"convenio_id","type":"uuid","pk":false}],"fks":[{"from_col":"convenio_id","to_table":"insurance_plans","to_col":"id"},{"from_col":"responsible_member_id","to_table":"tenant_members","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"},{"from_col":"therapist_member_id","to_table":"tenant_members","to_col":"id"}]},"determined_commitment_fields":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"commitment_id","type":"uuid","pk":false},{"name":"key","type":"text","pk":false},{"name":"label","type":"text","pk":false},{"name":"required","type":"boolean","pk":false},{"name":"sort_order","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"commitment_id","to_table":"determined_commitments","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"determined_commitments":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"created_by","type":"uuid","pk":false},{"name":"is_native","type":"boolean","pk":false},{"name":"native_key","type":"text","pk":false},{"name":"is_locked","type":"boolean","pk":false},{"name":"active","type":"boolean","pk":false},{"name":"name","type":"text","pk":false},{"name":"description","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"bg_color","type":"text","pk":false},{"name":"text_color","type":"text","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"dev_auditoria_items":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"categoria","type":"character varying","pk":false},{"name":"titulo","type":"text","pk":false},{"name":"descricao_problema","type":"text","pk":false},{"name":"solucao","type":"text","pk":false},{"name":"severidade","type":"character varying","pk":false},{"name":"status","type":"character varying","pk":false},{"name":"resolvido_em","type":"date","pk":false},{"name":"sessao_resolucao","type":"character varying","pk":false},{"name":"arquivo_afetado","type":"text","pk":false},{"name":"tags","type":"text[]","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"ordem","type":"integer","pk":false}],"fks":[]},"dev_comparison_competitor_status":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"comparison_id","type":"bigint","pk":false},{"name":"competitor_id","type":"bigint","pk":false},{"name":"status","type":"character varying","pk":false},{"name":"nota","type":"text","pk":false},{"name":"fonte","type":"character varying","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"comparison_id","to_table":"dev_comparison_matrix","to_col":"id"},{"from_col":"competitor_id","to_table":"dev_competitors","to_col":"id"}]},"dev_comparison_matrix":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"dominio","type":"character varying","pk":false},{"name":"feature","type":"text","pk":false},{"name":"nosso_status","type":"character varying","pk":false},{"name":"nossa_nota","type":"text","pk":false},{"name":"importancia","type":"character varying","pk":false},{"name":"ordem","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"dev_competitor_features":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"competitor_id","type":"bigint","pk":false},{"name":"categoria","type":"character varying","pk":false},{"name":"nome","type":"text","pk":false},{"name":"descricao","type":"text","pk":false},{"name":"fonte","type":"character varying","pk":false},{"name":"fonte_url","type":"text","pk":false},{"name":"data_fonte","type":"date","pk":false},{"name":"destaque","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"ordem","type":"integer","pk":false}],"fks":[{"from_col":"competitor_id","to_table":"dev_competitors","to_col":"id"}]},"dev_competitors":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"slug","type":"character varying","pk":false},{"name":"nome","type":"character varying","pk":false},{"name":"pais","type":"character varying","pk":false},{"name":"foco","type":"character varying","pk":false},{"name":"pricing","type":"text","pk":false},{"name":"posicionamento","type":"text","pk":false},{"name":"url","type":"text","pk":false},{"name":"ultima_pesquisa","type":"date","pk":false},{"name":"notas","type":"text","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"ordem","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"dev_generation_log":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"tipo","type":"character varying","pk":false},{"name":"comando","type":"text","pk":false},{"name":"sucesso","type":"boolean","pk":false},{"name":"stdout","type":"text","pk":false},{"name":"stderr","type":"text","pk":false},{"name":"duration_ms","type":"integer","pk":false},{"name":"metadata","type":"jsonb","pk":false},{"name":"trigger_user_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"dev_roadmap_items":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"phase_id","type":"bigint","pk":false},{"name":"numero","type":"integer","pk":false},{"name":"bloco","type":"character varying","pk":false},{"name":"feature","type":"text","pk":false},{"name":"descricao","type":"text","pk":false},{"name":"esforco","type":"character varying","pk":false},{"name":"prioridade","type":"character varying","pk":false},{"name":"status","type":"character varying","pk":false},{"name":"notas","type":"text","pk":false},{"name":"assignee","type":"character varying","pk":false},{"name":"data_inicio","type":"date","pk":false},{"name":"data_conclusao","type":"date","pk":false},{"name":"ordem","type":"integer","pk":false},{"name":"tags","type":"text[]","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"phase_id","to_table":"dev_roadmap_phases","to_col":"id"}]},"dev_roadmap_phases":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"numero","type":"integer","pk":false},{"name":"nome","type":"character varying","pk":false},{"name":"objetivo","type":"text","pk":false},{"name":"timeline_sugerida","type":"character varying","pk":false},{"name":"criterio_saida","type":"text","pk":false},{"name":"status","type":"character varying","pk":false},{"name":"data_inicio","type":"date","pk":false},{"name":"data_fim","type":"date","pk":false},{"name":"ordem","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"dev_test_items":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"area","type":"character varying","pk":false},{"name":"categoria","type":"character varying","pk":false},{"name":"titulo","type":"text","pk":false},{"name":"arquivo","type":"text","pk":false},{"name":"descricao","type":"text","pk":false},{"name":"total_tests","type":"integer","pk":false},{"name":"passing","type":"integer","pk":false},{"name":"failing","type":"integer","pk":false},{"name":"skipped","type":"integer","pk":false},{"name":"cobertura_pct","type":"numeric","pk":false},{"name":"status","type":"character varying","pk":false},{"name":"last_run_at","type":"timestamp with time zone","pk":false},{"name":"sessao_criacao","type":"character varying","pk":false},{"name":"notas","type":"text","pk":false},{"name":"tags","type":"text[]","pk":false},{"name":"ordem","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"dev_user_credentials":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"user_id","type":"uuid","pk":false},{"name":"email","type":"text","pk":false},{"name":"password_dev","type":"text","pk":false},{"name":"kind","type":"text","pk":false},{"name":"note","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"dev_verificacoes_items":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"area","type":"character varying","pk":false},{"name":"categoria","type":"character varying","pk":false},{"name":"titulo","type":"text","pk":false},{"name":"descricao","type":"text","pk":false},{"name":"resultado","type":"text","pk":false},{"name":"acao_sugerida","type":"text","pk":false},{"name":"severidade","type":"character varying","pk":false},{"name":"status","type":"character varying","pk":false},{"name":"verificado_em","type":"date","pk":false},{"name":"sessao_verificacao","type":"character varying","pk":false},{"name":"arquivo_afetado","type":"text","pk":false},{"name":"auditoria_item_id","type":"bigint","pk":false},{"name":"tags","type":"text[]","pk":false},{"name":"ordem","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"auditoria_item_id","to_table":"dev_auditoria_items","to_col":"id"}]},"document_generated":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"template_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"dados_preenchidos","type":"jsonb","pk":false},{"name":"pdf_path","type":"text","pk":false},{"name":"storage_bucket","type":"text","pk":false},{"name":"documento_id","type":"uuid","pk":false},{"name":"gerado_por","type":"uuid","pk":false},{"name":"gerado_em","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"documento_id","to_table":"documents","to_col":"id"},{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"template_id","to_table":"document_templates","to_col":"id"}]},"document_share_links":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"documento_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"token","type":"text","pk":false},{"name":"expira_em","type":"timestamp with time zone","pk":false},{"name":"usos_max","type":"smallint","pk":false},{"name":"usos","type":"smallint","pk":false},{"name":"criado_por","type":"uuid","pk":false},{"name":"criado_em","type":"timestamp with time zone","pk":false},{"name":"ativo","type":"boolean","pk":false}],"fks":[{"from_col":"documento_id","to_table":"documents","to_col":"id"}]},"document_signatures":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"documento_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"signatario_tipo","type":"text","pk":false},{"name":"signatario_id","type":"uuid","pk":false},{"name":"signatario_nome","type":"text","pk":false},{"name":"signatario_email","type":"text","pk":false},{"name":"ordem","type":"smallint","pk":false},{"name":"status","type":"text","pk":false},{"name":"ip","type":"inet","pk":false},{"name":"user_agent","type":"text","pk":false},{"name":"assinado_em","type":"timestamp with time zone","pk":false},{"name":"hash_documento","type":"text","pk":false},{"name":"criado_em","type":"timestamp with time zone","pk":false},{"name":"atualizado_em","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"documento_id","to_table":"documents","to_col":"id"}]},"document_templates":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"nome_template","type":"text","pk":false},{"name":"tipo","type":"text","pk":false},{"name":"descricao","type":"text","pk":false},{"name":"corpo_html","type":"text","pk":false},{"name":"cabecalho_html","type":"text","pk":false},{"name":"rodape_html","type":"text","pk":false},{"name":"variaveis","type":"text[]","pk":false},{"name":"logo_url","type":"text","pk":false},{"name":"is_global","type":"boolean","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"documents":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"bucket_path","type":"text","pk":false},{"name":"storage_bucket","type":"text","pk":false},{"name":"nome_original","type":"text","pk":false},{"name":"mime_type","type":"text","pk":false},{"name":"tamanho_bytes","type":"bigint","pk":false},{"name":"tipo_documento","type":"text","pk":false},{"name":"categoria","type":"text","pk":false},{"name":"descricao","type":"text","pk":false},{"name":"tags","type":"text[]","pk":false},{"name":"agenda_evento_id","type":"uuid","pk":false},{"name":"session_note_id","type":"uuid","pk":false},{"name":"visibilidade","type":"text","pk":false},{"name":"compartilhado_portal","type":"boolean","pk":false},{"name":"compartilhado_supervisor","type":"boolean","pk":false},{"name":"compartilhado_em","type":"timestamp with time zone","pk":false},{"name":"expira_compartilhamento","type":"timestamp with time zone","pk":false},{"name":"enviado_pelo_paciente","type":"boolean","pk":false},{"name":"status_revisao","type":"text","pk":false},{"name":"revisado_por","type":"uuid","pk":false},{"name":"revisado_em","type":"timestamp with time zone","pk":false},{"name":"uploaded_by","type":"uuid","pk":false},{"name":"uploaded_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false},{"name":"deleted_by","type":"uuid","pk":false},{"name":"retencao_ate","type":"timestamp with time zone","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"content_sha256","type":"text","pk":false}],"fks":[{"from_col":"agenda_evento_id","to_table":"agenda_eventos","to_col":"id"},{"from_col":"patient_id","to_table":"patients","to_col":"id"}]},"email_layout_config":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"header_config","type":"jsonb","pk":false},{"name":"footer_config","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"email_templates_global":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"key","type":"text","pk":false},{"name":"domain","type":"text","pk":false},{"name":"channel","type":"text","pk":false},{"name":"subject","type":"text","pk":false},{"name":"body_html","type":"text","pk":false},{"name":"body_text","type":"text","pk":false},{"name":"version","type":"integer","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"variables","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"email_templates_tenant":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"template_key","type":"text","pk":false},{"name":"subject","type":"text","pk":false},{"name":"body_html","type":"text","pk":false},{"name":"body_text","type":"text","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"synced_version","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"entitlements_invalidation":{"columns":[{"name":"owner_id","type":"uuid","pk":false},{"name":"changed_at","type":"timestamp with time zone","pk":false}],"fks":[]},"features":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"key","type":"text","pk":false},{"name":"description","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"descricao","type":"text","pk":false},{"name":"name","type":"text","pk":false},{"name":"is_active","type":"boolean","pk":false}],"fks":[]},"feriados":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"tipo","type":"text","pk":false},{"name":"nome","type":"text","pk":false},{"name":"data","type":"date","pk":false},{"name":"cidade","type":"text","pk":false},{"name":"estado","type":"text","pk":false},{"name":"observacao","type":"text","pk":false},{"name":"bloqueia_sessoes","type":"boolean","pk":false},{"name":"criado_em","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"financial_categories":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"user_id","type":"uuid","pk":false},{"name":"name","type":"text","pk":false},{"name":"color","type":"text","pk":false},{"name":"icon","type":"text","pk":false},{"name":"sort_order","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"financial_exceptions":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"exception_type","type":"text","pk":false},{"name":"charge_mode","type":"text","pk":false},{"name":"charge_value","type":"numeric","pk":false},{"name":"charge_pct","type":"numeric","pk":false},{"name":"min_hours_notice","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"global_notices":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"title","type":"text","pk":false},{"name":"message","type":"text","pk":false},{"name":"variant","type":"text","pk":false},{"name":"roles","type":"text[]","pk":false},{"name":"contexts","type":"text[]","pk":false},{"name":"starts_at","type":"timestamp with time zone","pk":false},{"name":"ends_at","type":"timestamp with time zone","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"priority","type":"integer","pk":false},{"name":"dismissible","type":"boolean","pk":false},{"name":"persist_dismiss","type":"boolean","pk":false},{"name":"dismiss_scope","type":"text","pk":false},{"name":"show_once","type":"boolean","pk":false},{"name":"max_views","type":"integer","pk":false},{"name":"cooldown_minutes","type":"integer","pk":false},{"name":"version","type":"integer","pk":false},{"name":"action_type","type":"text","pk":false},{"name":"action_label","type":"text","pk":false},{"name":"action_url","type":"text","pk":false},{"name":"action_route","type":"text","pk":false},{"name":"views_count","type":"integer","pk":false},{"name":"clicks_count","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"created_by","type":"uuid","pk":false},{"name":"content_align","type":"text","pk":false},{"name":"link_target","type":"text","pk":false}],"fks":[]},"insurance_plan_services":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"insurance_plan_id","type":"uuid","pk":false},{"name":"name","type":"text","pk":false},{"name":"value","type":"numeric","pk":false},{"name":"active","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"insurance_plan_id","to_table":"insurance_plans","to_col":"id"}]},"insurance_plans":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"name","type":"text","pk":false},{"name":"notes","type":"text","pk":false},{"name":"default_value","type":"numeric","pk":false},{"name":"active","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"login_carousel_slides":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"title","type":"text","pk":false},{"name":"body","type":"text","pk":false},{"name":"icon","type":"text","pk":false},{"name":"ordem","type":"integer","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"math_challenges":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"question","type":"text","pk":false},{"name":"answer","type":"integer","pk":false},{"name":"used","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"expires_at","type":"timestamp with time zone","pk":false}],"fks":[]},"medicos":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"nome","type":"text","pk":false},{"name":"crm","type":"text","pk":false},{"name":"especialidade","type":"text","pk":false},{"name":"telefone_profissional","type":"text","pk":false},{"name":"telefone_pessoal","type":"text","pk":false},{"name":"email","type":"text","pk":false},{"name":"clinica","type":"text","pk":false},{"name":"cidade","type":"text","pk":false},{"name":"estado","type":"text","pk":false},{"name":"observacoes","type":"text","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"module_features":{"columns":[{"name":"module_id","type":"uuid","pk":false},{"name":"feature_id","type":"uuid","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"limits","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"feature_id","to_table":"features","to_col":"id"},{"from_col":"module_id","to_table":"modules","to_col":"id"}]},"modules":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"key","type":"text","pk":false},{"name":"name","type":"text","pk":false},{"name":"description","type":"text","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"notice_dismissals":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"notice_id","type":"uuid","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"version","type":"integer","pk":false},{"name":"dismissed_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"notice_id","to_table":"global_notices","to_col":"id"}]},"notification_channels":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"channel","type":"text","pk":false},{"name":"provider","type":"text","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"display_name","type":"text","pk":false},{"name":"sender_address","type":"text","pk":false},{"name":"credentials","type":"jsonb","pk":false},{"name":"connection_status","type":"text","pk":false},{"name":"last_health_check","type":"timestamp with time zone","pk":false},{"name":"metadata","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false},{"name":"twilio_subaccount_sid","type":"text","pk":false},{"name":"twilio_phone_number","type":"text","pk":false},{"name":"twilio_phone_sid","type":"text","pk":false},{"name":"webhook_url","type":"text","pk":false},{"name":"cost_per_message_usd","type":"numeric","pk":false},{"name":"price_per_message_brl","type":"numeric","pk":false},{"name":"provisioned_at","type":"timestamp with time zone","pk":false}],"fks":[]},"notification_preferences":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"whatsapp_opt_in","type":"boolean","pk":false},{"name":"email_opt_in","type":"boolean","pk":false},{"name":"sms_opt_in","type":"boolean","pk":false},{"name":"preferred_time_start","type":"time without time zone","pk":false},{"name":"preferred_time_end","type":"time without time zone","pk":false},{"name":"lgpd_consent_given","type":"boolean","pk":false},{"name":"lgpd_consent_date","type":"timestamp with time zone","pk":false},{"name":"lgpd_consent_version","type":"text","pk":false},{"name":"lgpd_consent_ip","type":"inet","pk":false},{"name":"lgpd_opt_out_date","type":"timestamp with time zone","pk":false},{"name":"lgpd_opt_out_reason","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false}],"fks":[]},"notification_queue":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"agenda_evento_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"channel","type":"text","pk":false},{"name":"template_key","type":"text","pk":false},{"name":"schedule_key","type":"text","pk":false},{"name":"resolved_vars","type":"jsonb","pk":false},{"name":"recipient_address","type":"text","pk":false},{"name":"status","type":"text","pk":false},{"name":"scheduled_at","type":"timestamp with time zone","pk":false},{"name":"sent_at","type":"timestamp with time zone","pk":false},{"name":"next_retry_at","type":"timestamp with time zone","pk":false},{"name":"attempts","type":"integer","pk":false},{"name":"max_attempts","type":"integer","pk":false},{"name":"last_error","type":"text","pk":false},{"name":"idempotency_key","type":"text","pk":false},{"name":"provider_message_id","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"notification_schedules":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"schedule_key","type":"text","pk":false},{"name":"event_type","type":"text","pk":false},{"name":"trigger_type","type":"text","pk":false},{"name":"offset_minutes","type":"integer","pk":false},{"name":"whatsapp_enabled","type":"boolean","pk":false},{"name":"email_enabled","type":"boolean","pk":false},{"name":"sms_enabled","type":"boolean","pk":false},{"name":"allowed_time_start","type":"time without time zone","pk":false},{"name":"allowed_time_end","type":"time without time zone","pk":false},{"name":"skip_weekends","type":"boolean","pk":false},{"name":"skip_holidays","type":"boolean","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"sort_order","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false}],"fks":[]},"notification_templates":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"key","type":"text","pk":false},{"name":"domain","type":"text","pk":false},{"name":"channel","type":"text","pk":false},{"name":"event_type","type":"text","pk":false},{"name":"body_text","type":"text","pk":false},{"name":"meta_template_name","type":"text","pk":false},{"name":"meta_template_namespace","type":"text","pk":false},{"name":"meta_components","type":"jsonb","pk":false},{"name":"meta_status","type":"text","pk":false},{"name":"variables","type":"jsonb","pk":false},{"name":"version","type":"integer","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"is_default","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"deleted_at","type":"timestamp with time zone","pk":false}],"fks":[]},"notifications":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"type","type":"text","pk":false},{"name":"ref_id","type":"uuid","pk":false},{"name":"ref_table","type":"text","pk":false},{"name":"payload","type":"jsonb","pk":false},{"name":"read_at","type":"timestamp with time zone","pk":false},{"name":"archived","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"plan_features":{"columns":[{"name":"plan_id","type":"uuid","pk":false},{"name":"feature_id","type":"uuid","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"limits","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"feature_id","to_table":"features","to_col":"id"},{"from_col":"plan_id","to_table":"plans","to_col":"id"}]},"tenant_modules":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"module_id","type":"uuid","pk":false},{"name":"status","type":"text","pk":false},{"name":"settings","type":"jsonb","pk":false},{"name":"provider","type":"text","pk":false},{"name":"provider_item_id","type":"text","pk":false},{"name":"installed_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"module_id","to_table":"modules","to_col":"id"}]},"owner_users":{"columns":[{"name":"owner_id","type":"uuid","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"role","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"patient_contacts":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"patient_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"nome","type":"text","pk":false},{"name":"tipo","type":"text","pk":false},{"name":"relacao","type":"text","pk":false},{"name":"telefone","type":"text","pk":false},{"name":"email","type":"text","pk":false},{"name":"cpf","type":"text","pk":false},{"name":"especialidade","type":"text","pk":false},{"name":"registro_profissional","type":"text","pk":false},{"name":"is_primario","type":"boolean","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patient_discounts":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"discount_pct","type":"numeric","pk":false},{"name":"discount_flat","type":"numeric","pk":false},{"name":"reason","type":"text","pk":false},{"name":"active","type":"boolean","pk":false},{"name":"active_from","type":"timestamp with time zone","pk":false},{"name":"active_to","type":"timestamp with time zone","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"}]},"patient_group_patient":{"columns":[{"name":"patient_group_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patient_groups":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"nome","type":"text","pk":false},{"name":"descricao","type":"text","pk":false},{"name":"cor","type":"text","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"is_system","type":"boolean","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"therapist_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patient_intake_requests":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"token","type":"text","pk":false},{"name":"consent","type":"boolean","pk":false},{"name":"status","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"converted_patient_id","type":"uuid","pk":false},{"name":"rejected_reason","type":"text","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"cpf","type":"text","pk":false},{"name":"rg","type":"text","pk":false},{"name":"cep","type":"text","pk":false},{"name":"nome_completo","type":"text","pk":false},{"name":"email_principal","type":"text","pk":false},{"name":"telefone","type":"text","pk":false},{"name":"pais","type":"text","pk":false},{"name":"cidade","type":"text","pk":false},{"name":"estado","type":"text","pk":false},{"name":"endereco","type":"text","pk":false},{"name":"numero","type":"text","pk":false},{"name":"bairro","type":"text","pk":false},{"name":"complemento","type":"text","pk":false},{"name":"data_nascimento","type":"date","pk":false},{"name":"naturalidade","type":"text","pk":false},{"name":"genero","type":"text","pk":false},{"name":"estado_civil","type":"text","pk":false},{"name":"onde_nos_conheceu","type":"text","pk":false},{"name":"encaminhado_por","type":"text","pk":false},{"name":"observacoes","type":"text","pk":false},{"name":"notas_internas","type":"text","pk":false},{"name":"email_alternativo","type":"text","pk":false},{"name":"telefone_alternativo","type":"text","pk":false},{"name":"profissao","type":"text","pk":false},{"name":"escolaridade","type":"text","pk":false},{"name":"nacionalidade","type":"text","pk":false},{"name":"avatar_url","type":"text","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patient_invite_attempts":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"token","type":"text","pk":false},{"name":"ok","type":"boolean","pk":false},{"name":"error_code","type":"text","pk":false},{"name":"error_msg","type":"text","pk":false},{"name":"client_info","type":"text","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"patient_invites":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"token","type":"text","pk":false},{"name":"active","type":"boolean","pk":false},{"name":"expires_at","type":"timestamp with time zone","pk":false},{"name":"max_uses","type":"integer","pk":false},{"name":"uses","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patient_patient_tag":{"columns":[{"name":"owner_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"tag_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tag_id","to_table":"patient_tags","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"},{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tag_id","to_table":"patient_tags","to_col":"id"}]},"patient_support_contacts":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"patient_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"nome","type":"text","pk":false},{"name":"relacao","type":"text","pk":false},{"name":"tipo","type":"text","pk":false},{"name":"telefone","type":"text","pk":false},{"name":"email","type":"text","pk":false},{"name":"is_primario","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"}]},"patient_tags":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"nome","type":"text","pk":false},{"name":"cor","type":"text","pk":false},{"name":"is_padrao","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"patient_timeline":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"patient_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"evento_tipo","type":"text","pk":false},{"name":"titulo","type":"text","pk":false},{"name":"descricao","type":"text","pk":false},{"name":"icone_cor","type":"text","pk":false},{"name":"link_ref_tipo","type":"text","pk":false},{"name":"link_ref_id","type":"uuid","pk":false},{"name":"gerado_por","type":"uuid","pk":false},{"name":"ocorrido_em","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"patient_id","to_table":"patients","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"payment_settings":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"pix_ativo","type":"boolean","pk":false},{"name":"pix_tipo","type":"text","pk":false},{"name":"pix_chave","type":"text","pk":false},{"name":"pix_nome_titular","type":"text","pk":false},{"name":"deposito_ativo","type":"boolean","pk":false},{"name":"deposito_banco","type":"text","pk":false},{"name":"deposito_agencia","type":"text","pk":false},{"name":"deposito_conta","type":"text","pk":false},{"name":"deposito_tipo_conta","type":"text","pk":false},{"name":"deposito_titular","type":"text","pk":false},{"name":"deposito_cpf_cnpj","type":"text","pk":false},{"name":"dinheiro_ativo","type":"boolean","pk":false},{"name":"cartao_ativo","type":"boolean","pk":false},{"name":"cartao_instrucao","type":"text","pk":false},{"name":"convenio_ativo","type":"boolean","pk":false},{"name":"convenio_lista","type":"text","pk":false},{"name":"observacoes_pagamento","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"plan_prices":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"plan_id","type":"uuid","pk":false},{"name":"currency","type":"text","pk":false},{"name":"amount_cents","type":"integer","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"active_from","type":"timestamp with time zone","pk":false},{"name":"active_to","type":"timestamp with time zone","pk":false},{"name":"source","type":"text","pk":false},{"name":"provider","type":"text","pk":false},{"name":"provider_price_id","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"plan_id","to_table":"plans","to_col":"id"}]},"plan_public":{"columns":[{"name":"plan_id","type":"uuid","pk":false},{"name":"public_name","type":"text","pk":false},{"name":"public_description","type":"text","pk":false},{"name":"badge","type":"text","pk":false},{"name":"is_featured","type":"boolean","pk":false},{"name":"is_visible","type":"boolean","pk":false},{"name":"sort_order","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"plan_id","to_table":"plans","to_col":"id"}]},"plan_public_bullets":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"plan_id","type":"uuid","pk":false},{"name":"text","type":"text","pk":false},{"name":"sort_order","type":"integer","pk":false},{"name":"highlight","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"plan_id","to_table":"plans","to_col":"id"}]},"plans":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"key","type":"text","pk":false},{"name":"name","type":"text","pk":false},{"name":"description","type":"text","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"price_cents","type":"integer","pk":false},{"name":"currency","type":"text","pk":false},{"name":"billing_interval","type":"text","pk":false},{"name":"target","type":"text","pk":false},{"name":"max_supervisees","type":"integer","pk":false}],"fks":[]},"professional_pricing":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"determined_commitment_id","type":"uuid","pk":false},{"name":"price","type":"numeric","pk":false},{"name":"notes","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"profiles":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"role","type":"text","pk":false},{"name":"full_name","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"avatar_url","type":"text","pk":false},{"name":"phone","type":"text","pk":false},{"name":"bio","type":"text","pk":false},{"name":"language","type":"text","pk":false},{"name":"timezone","type":"text","pk":false},{"name":"notify_system_email","type":"boolean","pk":false},{"name":"notify_reminders","type":"boolean","pk":false},{"name":"notify_news","type":"boolean","pk":false},{"name":"account_type","type":"text","pk":false},{"name":"platform_roles","type":"text[]","pk":false},{"name":"nickname","type":"text","pk":false},{"name":"work_description","type":"text","pk":false},{"name":"work_description_other","type":"text","pk":false},{"name":"site_url","type":"text","pk":false},{"name":"social_instagram","type":"text","pk":false},{"name":"social_youtube","type":"text","pk":false},{"name":"social_facebook","type":"text","pk":false},{"name":"social_x","type":"text","pk":false},{"name":"social_custom","type":"jsonb","pk":false},{"name":"tenant_id","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"public_submission_attempts":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"endpoint","type":"text","pk":false},{"name":"ip_hash","type":"text","pk":false},{"name":"success","type":"boolean","pk":false},{"name":"error_code","type":"text","pk":false},{"name":"error_msg","type":"text","pk":false},{"name":"blocked_by","type":"text","pk":false},{"name":"user_agent","type":"text","pk":false},{"name":"metadata","type":"jsonb","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"recurrence_exceptions":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"recurrence_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"original_date","type":"date","pk":false},{"name":"new_date","type":"date","pk":false},{"name":"new_start_time","type":"time without time zone","pk":false},{"name":"new_end_time","type":"time without time zone","pk":false},{"name":"modalidade","type":"text","pk":false},{"name":"observacoes","type":"text","pk":false},{"name":"titulo_custom","type":"text","pk":false},{"name":"extra_fields","type":"jsonb","pk":false},{"name":"reason","type":"text","pk":false},{"name":"agenda_evento_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"agenda_evento_id","to_table":"agenda_eventos","to_col":"id"},{"from_col":"recurrence_id","to_table":"recurrence_rules","to_col":"id"}]},"recurrence_rule_services":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"rule_id","type":"uuid","pk":false},{"name":"service_id","type":"uuid","pk":false},{"name":"quantity","type":"integer","pk":false},{"name":"unit_price","type":"numeric","pk":false},{"name":"discount_pct","type":"numeric","pk":false},{"name":"discount_flat","type":"numeric","pk":false},{"name":"final_price","type":"numeric","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"rule_id","to_table":"recurrence_rules","to_col":"id"},{"from_col":"service_id","to_table":"services","to_col":"id"}]},"recurrence_rules":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"therapist_id","type":"uuid","pk":false},{"name":"patient_id","type":"uuid","pk":false},{"name":"determined_commitment_id","type":"uuid","pk":false},{"name":"weekdays","type":"smallint[]","pk":false},{"name":"start_time","type":"time without time zone","pk":false},{"name":"end_time","type":"time without time zone","pk":false},{"name":"timezone","type":"text","pk":false},{"name":"duration_min","type":"smallint","pk":false},{"name":"start_date","type":"date","pk":false},{"name":"end_date","type":"date","pk":false},{"name":"max_occurrences","type":"integer","pk":false},{"name":"open_ended","type":"boolean","pk":false},{"name":"modalidade","type":"text","pk":false},{"name":"titulo_custom","type":"text","pk":false},{"name":"observacoes","type":"text","pk":false},{"name":"extra_fields","type":"jsonb","pk":false},{"name":"status","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"price","type":"numeric","pk":false},{"name":"insurance_plan_id","type":"uuid","pk":false},{"name":"insurance_guide_number","type":"text","pk":false},{"name":"insurance_value","type":"numeric","pk":false},{"name":"insurance_plan_service_id","type":"uuid","pk":false}],"fks":[{"from_col":"insurance_plan_id","to_table":"insurance_plans","to_col":"id"},{"from_col":"insurance_plan_service_id","to_table":"insurance_plan_services","to_col":"id"}]},"saas_admins":{"columns":[{"name":"user_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"saas_doc_votos":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"doc_id","type":"uuid","pk":false},{"name":"user_id","type":"uuid","pk":false},{"name":"util","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"doc_id","to_table":"saas_docs","to_col":"id"}]},"saas_docs":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"titulo","type":"text","pk":false},{"name":"conteudo","type":"text","pk":false},{"name":"medias","type":"jsonb","pk":false},{"name":"tipo_acesso","type":"text","pk":false},{"name":"pagina_path","type":"text","pk":false},{"name":"docs_relacionados","type":"uuid[]","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"ordem","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"categoria","type":"text","pk":false},{"name":"exibir_no_faq","type":"boolean","pk":false},{"name":"votos_util","type":"integer","pk":false},{"name":"votos_nao_util","type":"integer","pk":false}],"fks":[]},"saas_faq":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"pergunta","type":"text","pk":false},{"name":"categoria","type":"text","pk":false},{"name":"publico","type":"boolean","pk":false},{"name":"votos","type":"integer","pk":false},{"name":"titulo","type":"text","pk":false},{"name":"conteudo","type":"text","pk":false},{"name":"tipo_acesso","type":"text","pk":false},{"name":"pagina_path","type":"text","pk":false},{"name":"pagina_label","type":"text","pk":false},{"name":"medias","type":"jsonb","pk":false},{"name":"faqs_relacionados","type":"uuid[]","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"ordem","type":"integer","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"saas_faq_itens":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"doc_id","type":"uuid","pk":false},{"name":"pergunta","type":"text","pk":false},{"name":"resposta","type":"text","pk":false},{"name":"ordem","type":"integer","pk":false},{"name":"ativo","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"doc_id","to_table":"saas_docs","to_col":"id"}]},"saas_security_config":{"columns":[{"name":"id","type":"boolean","pk":true},{"name":"honeypot_enabled","type":"boolean","pk":false},{"name":"rate_limit_enabled","type":"boolean","pk":false},{"name":"rate_limit_window_min","type":"integer","pk":false},{"name":"rate_limit_max_attempts","type":"integer","pk":false},{"name":"captcha_after_failures","type":"integer","pk":false},{"name":"captcha_required_globally","type":"boolean","pk":false},{"name":"block_duration_min","type":"integer","pk":false},{"name":"captcha_required_window_min","type":"integer","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"updated_by","type":"uuid","pk":false}],"fks":[]},"saas_twilio_config":{"columns":[{"name":"id","type":"boolean","pk":true},{"name":"account_sid","type":"text","pk":false},{"name":"whatsapp_webhook_url","type":"text","pk":false},{"name":"usd_brl_rate","type":"numeric","pk":false},{"name":"margin_multiplier","type":"numeric","pk":false},{"name":"notes","type":"text","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"updated_by","type":"uuid","pk":false}],"fks":[]},"services":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"owner_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"name","type":"text","pk":false},{"name":"description","type":"text","pk":false},{"name":"price","type":"numeric","pk":false},{"name":"duration_min","type":"integer","pk":false},{"name":"active","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"session_reminder_logs":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"event_id","type":"uuid","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"reminder_type","type":"text","pk":false},{"name":"sent_at","type":"timestamp with time zone","pk":false},{"name":"provider","type":"text","pk":false},{"name":"skip_reason","type":"text","pk":false},{"name":"to_phone","type":"text","pk":false},{"name":"provider_message_id","type":"text","pk":false},{"name":"conversation_message_id","type":"bigint","pk":false}],"fks":[{"from_col":"conversation_message_id","to_table":"conversation_messages","to_col":"id"},{"from_col":"event_id","to_table":"agenda_eventos","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"session_reminder_settings":{"columns":[{"name":"tenant_id","type":"uuid","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"send_24h","type":"boolean","pk":false},{"name":"send_2h","type":"boolean","pk":false},{"name":"template_24h","type":"text","pk":false},{"name":"template_2h","type":"text","pk":false},{"name":"quiet_hours_enabled","type":"boolean","pk":false},{"name":"quiet_hours_start","type":"time without time zone","pk":false},{"name":"quiet_hours_end","type":"time without time zone","pk":false},{"name":"respect_opt_out","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"submission_rate_limits":{"columns":[{"name":"ip_hash","type":"text","pk":false},{"name":"endpoint","type":"text","pk":false},{"name":"attempt_count","type":"integer","pk":false},{"name":"fail_count","type":"integer","pk":false},{"name":"window_start","type":"timestamp with time zone","pk":false},{"name":"blocked_until","type":"timestamp with time zone","pk":false},{"name":"requires_captcha_until","type":"timestamp with time zone","pk":false},{"name":"last_attempt_at","type":"timestamp with time zone","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"subscription_events":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"subscription_id","type":"uuid","pk":false},{"name":"owner_id","type":"uuid","pk":false},{"name":"event_type","type":"text","pk":false},{"name":"old_plan_id","type":"uuid","pk":false},{"name":"new_plan_id","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"created_by","type":"uuid","pk":false},{"name":"source","type":"text","pk":false},{"name":"reason","type":"text","pk":false},{"name":"metadata","type":"jsonb","pk":false},{"name":"owner_type","type":"text","pk":false},{"name":"owner_ref","type":"uuid","pk":false}],"fks":[{"from_col":"subscription_id","to_table":"subscriptions","to_col":"id"}]},"subscription_intents_personal":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"user_id","type":"uuid","pk":false},{"name":"created_by_user_id","type":"uuid","pk":false},{"name":"email","type":"text","pk":false},{"name":"plan_id","type":"uuid","pk":false},{"name":"plan_key","type":"text","pk":false},{"name":"amount_cents","type":"integer","pk":false},{"name":"currency","type":"text","pk":false},{"name":"status","type":"text","pk":false},{"name":"source","type":"text","pk":false},{"name":"notes","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"paid_at","type":"timestamp with time zone","pk":false},{"name":"subscription_id","type":"uuid","pk":false}],"fks":[{"from_col":"subscription_id","to_table":"subscriptions","to_col":"id"},{"from_col":"plan_id","to_table":"plans","to_col":"id"}]},"subscription_intents_tenant":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"user_id","type":"uuid","pk":false},{"name":"created_by_user_id","type":"uuid","pk":false},{"name":"email","type":"text","pk":false},{"name":"plan_id","type":"uuid","pk":false},{"name":"plan_key","type":"text","pk":false},{"name":"amount_cents","type":"integer","pk":false},{"name":"currency","type":"text","pk":false},{"name":"status","type":"text","pk":false},{"name":"source","type":"text","pk":false},{"name":"notes","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"paid_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"subscription_id","type":"uuid","pk":false}],"fks":[{"from_col":"subscription_id","to_table":"subscriptions","to_col":"id"},{"from_col":"plan_id","to_table":"plans","to_col":"id"}]},"subscription_intents_legacy":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"user_id","type":"uuid","pk":false},{"name":"email","type":"text","pk":false},{"name":"plan_key","type":"text","pk":false},{"name":"amount_cents","type":"integer","pk":false},{"name":"currency","type":"text","pk":false},{"name":"status","type":"text","pk":false},{"name":"source","type":"text","pk":false},{"name":"notes","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"paid_at","type":"timestamp with time zone","pk":false},{"name":"tenant_id","type":"uuid","pk":false},{"name":"created_by_user_id","type":"uuid","pk":false}],"fks":[]},"support_sessions":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"admin_id","type":"uuid","pk":false},{"name":"token","type":"text","pk":false},{"name":"expires_at","type":"timestamp with time zone","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"tenant_feature_exceptions_log":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"feature_key","type":"text","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"reason","type":"text","pk":false},{"name":"created_by","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[]},"tenant_features":{"columns":[{"name":"tenant_id","type":"uuid","pk":false},{"name":"feature_key","type":"text","pk":false},{"name":"enabled","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"tenant_invites":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"email","type":"text","pk":false},{"name":"role","type":"text","pk":false},{"name":"token","type":"uuid","pk":false},{"name":"invited_by","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"expires_at","type":"timestamp with time zone","pk":false},{"name":"accepted_at","type":"timestamp with time zone","pk":false},{"name":"accepted_by","type":"uuid","pk":false},{"name":"revoked_at","type":"timestamp with time zone","pk":false},{"name":"revoked_by","type":"uuid","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"tenants":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"name","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"kind","type":"text","pk":false},{"name":"papel_timbrado","type":"jsonb","pk":false}],"fks":[]},"therapist_payout_records":{"columns":[{"name":"payout_id","type":"uuid","pk":false},{"name":"financial_record_id","type":"uuid","pk":false}],"fks":[{"from_col":"financial_record_id","to_table":"financial_records","to_col":"id"},{"from_col":"payout_id","to_table":"therapist_payouts","to_col":"id"}]},"twilio_subaccount_usage":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"channel_id","type":"uuid","pk":false},{"name":"twilio_subaccount_sid","type":"text","pk":false},{"name":"period_start","type":"date","pk":false},{"name":"period_end","type":"date","pk":false},{"name":"messages_sent","type":"integer","pk":false},{"name":"messages_delivered","type":"integer","pk":false},{"name":"messages_failed","type":"integer","pk":false},{"name":"cost_usd","type":"numeric","pk":false},{"name":"cost_brl","type":"numeric","pk":false},{"name":"revenue_brl","type":"numeric","pk":false},{"name":"margin_brl","type":"numeric","pk":false},{"name":"usd_brl_rate","type":"numeric","pk":false},{"name":"synced_at","type":"timestamp with time zone","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"channel_id","to_table":"notification_channels","to_col":"id"}]},"user_settings":{"columns":[{"name":"user_id","type":"uuid","pk":false},{"name":"theme_mode","type":"text","pk":false},{"name":"preset","type":"text","pk":false},{"name":"primary_color","type":"text","pk":false},{"name":"surface_color","type":"text","pk":false},{"name":"menu_mode","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false},{"name":"layout_variant","type":"text","pk":false}],"fks":[]},"whatsapp_credit_packages":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"name","type":"text","pk":false},{"name":"description","type":"text","pk":false},{"name":"credits","type":"integer","pk":false},{"name":"price_brl","type":"numeric","pk":false},{"name":"is_active","type":"boolean","pk":false},{"name":"is_featured","type":"boolean","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[]},"whatsapp_credit_purchases":{"columns":[{"name":"id","type":"uuid","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"package_id","type":"uuid","pk":false},{"name":"package_name","type":"text","pk":false},{"name":"credits","type":"integer","pk":false},{"name":"amount_brl","type":"numeric","pk":false},{"name":"status","type":"text","pk":false},{"name":"asaas_customer_id","type":"text","pk":false},{"name":"asaas_payment_id","type":"text","pk":false},{"name":"asaas_payment_link","type":"text","pk":false},{"name":"asaas_pix_qrcode","type":"text","pk":false},{"name":"asaas_pix_copy_paste","type":"text","pk":false},{"name":"paid_at","type":"timestamp with time zone","pk":false},{"name":"expires_at","type":"timestamp with time zone","pk":false},{"name":"failed_at","type":"timestamp with time zone","pk":false},{"name":"created_by","type":"uuid","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"package_id","to_table":"whatsapp_credit_packages","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"whatsapp_credits_balance":{"columns":[{"name":"tenant_id","type":"uuid","pk":false},{"name":"balance","type":"integer","pk":false},{"name":"lifetime_purchased","type":"integer","pk":false},{"name":"lifetime_used","type":"integer","pk":false},{"name":"low_balance_threshold","type":"integer","pk":false},{"name":"low_balance_alerted_at","type":"timestamp with time zone","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false},{"name":"updated_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]},"whatsapp_credits_transactions":{"columns":[{"name":"id","type":"bigint","pk":true},{"name":"tenant_id","type":"uuid","pk":false},{"name":"kind","type":"text","pk":false},{"name":"amount","type":"integer","pk":false},{"name":"balance_after","type":"integer","pk":false},{"name":"conversation_message_id","type":"bigint","pk":false},{"name":"purchase_id","type":"uuid","pk":false},{"name":"admin_id","type":"uuid","pk":false},{"name":"note","type":"text","pk":false},{"name":"created_at","type":"timestamp with time zone","pk":false}],"fks":[{"from_col":"conversation_message_id","to_table":"conversation_messages","to_col":"id"},{"from_col":"purchase_id","to_table":"whatsapp_credit_purchases","to_col":"id"},{"from_col":"tenant_id","to_table":"tenants","to_col":"id"}]}},"views":["current_tenant_id","owner_feature_entitlements","subscription_intents","v_auth_users_public","v_commitment_totals","v_patient_groups_with_counts","v_plan_active_prices","v_public_pricing","v_subscription_feature_mismatch","v_subscription_health","v_subscription_health_v2","v_tag_patient_counts","v_tenant_active_subscription","v_tenant_entitlements","v_tenant_entitlements_full","v_tenant_entitlements_json","v_tenant_feature_exceptions","v_tenant_feature_mismatch","v_tenant_members_with_profiles","v_tenant_people","v_tenant_staff","v_twilio_whatsapp_overview","v_user_active_subscription","v_user_entitlements"],"domains":{"SaaS / Planos":["plans","plan_features","plan_prices","plan_public","plan_public_bullets","features","modules","module_features","subscriptions","subscription_events","subscription_intents_legacy","subscription_intents_personal","subscription_intents_tenant","tenant_modules","tenant_features","tenant_feature_exceptions_log","billing_contracts","entitlements_invalidation"],"Addons / Créditos":["addon_products","addon_credits","addon_transactions","whatsapp_credits_balance","whatsapp_credits_transactions","whatsapp_credit_packages","whatsapp_credit_purchases"],"Tenants / Multi-tenant":["tenants","profiles","user_settings","tenant_invites","tenant_members","company_profiles","support_sessions","saas_admins","owner_users","dev_user_credentials"],"Pacientes":["patients","patient_contacts","patient_support_contacts","patient_groups","patient_group_patient","patient_tags","patient_patient_tag","patient_discounts","patient_intake_requests","patient_invites","patient_status_history","patient_timeline"],"Agenda / Agendamento":["agenda_eventos","agenda_bloqueios","agenda_configuracoes","agenda_excecoes","agenda_online_slots","agenda_regras_semanais","agenda_slots_bloqueados_semanais","agenda_slots_regras","agendador_configuracoes","agendador_solicitacoes"],"Financeiro":["financial_categories","financial_exceptions","financial_records","payment_settings","professional_pricing","therapist_payouts","therapist_payout_records","recurrence_rules","recurrence_exceptions","recurrence_rule_services"],"Serviços / Prontuários":["services","commitment_services","commitment_time_logs","determined_commitments","determined_commitment_fields","insurance_plans","insurance_plan_services","medicos"],"Documentos":["documents","document_templates","document_generated","document_access_logs","document_share_links","document_signatures"],"Comunicação / Notificações":["email_templates_global","email_templates_tenant","email_layout_config","notification_templates","notification_channels","notification_preferences","notification_logs","notification_schedules","notification_queue","notifications","notice_dismissals","global_notices","login_carousel_slides","twilio_subaccount_usage"],"CRM Conversas (WhatsApp)":["conversation_messages","conversation_notes","conversation_tags","conversation_thread_tags","conversation_optouts","conversation_optout_keywords","conversation_autoreply_settings","conversation_autoreply_log","session_reminder_settings","session_reminder_logs"],"Segurança / Rate limiting":["submission_rate_limits"],"Central SaaS (docs/FAQ)":["saas_docs","saas_doc_votos","saas_faq","saas_faq_itens"],"Estrutura / Calendário":["feriados"],"Outros":["audit_logs","dev_auditoria_items","dev_comparison_competitor_status","dev_comparison_matrix","dev_competitor_features","dev_competitors","dev_generation_log","dev_roadmap_items","dev_roadmap_phases","dev_test_items","dev_verificacoes_items","math_challenges","patient_invite_attempts","public_submission_attempts","saas_security_config","saas_twilio_config"]},"slugs":{"SaaS / Planos":"saas-planos","Addons / Créditos":"addons-creditos","Tenants / Multi-tenant":"tenants-multi-tenant","Pacientes":"pacientes","Agenda / Agendamento":"agenda-agendamento","Financeiro":"financeiro","Serviços / Prontuários":"servicos-prontuarios","Documentos":"documentos","Comunicação / Notificações":"comunicacao-notificacoes","CRM Conversas (WhatsApp)":"crm-conversas-whatsapp","Segurança / Rate limiting":"seguranca-rate-limiting","Central SaaS (docs/FAQ)":"central-saas-docs-faq","Estrutura / Calendário":"estrutura-calendario","Outros":"outros"}};
+const C={"SaaS / Planos":"#4f8cff","Addons / Créditos":"#a78bfa","Tenants / Multi-tenant":"#6ee7b7","Pacientes":"#f472b6","Agenda / Agendamento":"#38bdf8","Financeiro":"#f87171","Serviços / Prontuários":"#34d399","Documentos":"#0ea5e9","Comunicação / Notificações":"#fbbf24","CRM Conversas (WhatsApp)":"#25d366","Segurança / Rate limiting":"#ef4444","Central SaaS (docs/FAQ)":"#c084fc","Estrutura / Calendário":"#fb923c","Outros":"#6b7280"};
+const INFRA={"Banco & Backend":{"color":"#4f8cff","items":[{"name":"Supabase","role":"Postgres + Auth + Storage + Realtime + Edge Functions","env":"Local (Docker) + Cloud","status":"ativo","notes":"Stack principal. Migrations em database-novo/migrations/. Functions em supabase/functions/. CLI via npx supabase."},{"name":"PostgreSQL 15","role":"Banco de dados relacional (via container supabase_db_agenciapsi-primesakai)","env":"Local (Docker)","status":"ativo","notes":"RLS habilitada em todas as tabelas públicas. Multi-tenant via tenant_id. SECURITY DEFINER em RPCs sensíveis."},{"name":"Docker + Docker Compose","role":"Orquestração dos containers do stack Supabase local + Evolution API","env":"Local","status":"ativo","notes":"docker-compose.yml na raiz. Iniciado via npx supabase start."}]},"Email":{"color":"#fbbf24","items":[{"name":"Mailpit (Supabase inbucket)","role":"Inbox SMTP local para capturar emails de teste","env":"Local (Docker)","status":"ativo","notes":"Container supabase_inbucket. Usado em dev para validar templates sem enviar email real."},{"name":"SMTP produção","role":"Envio real de emails transacionais (faturas, convites, notificações)","env":"Cloud (pendente)","status":"pendente","notes":"Requer SMTP_HOST/PORT/USER/PASS/FROM nos secrets das edge functions."}]},"WhatsApp / SMS":{"color":"#34d399","items":[{"name":"Evolution API","role":"WhatsApp self-hosted via Baileys (tier gratuito do SaaS — 'WhatsApp Pessoal')","env":"Local (Docker)","status":"ativo","notes":"Container via evolution-api/docker-compose.yml. Uso do usuário conecta via QR code no celular real. Sem SLA, Meta pode banir número. Envio sem custo. Edge functions: evolution-whatsapp-inbound, evolution-webhook-provision, send-whatsapp-message."},{"name":"Twilio WhatsApp Business API","role":"WhatsApp oficial (tier pago rebrandeado como 'WhatsApp Oficial AgenciaPSI')","env":"Cloud","status":"ativo","notes":"API oficial Meta, zero risco de ban. Credenciais em notification_channels (twilio_subaccount_sid + credentials.subaccount_auth_token). Envio consome 1 crédito via RPC deduct_whatsapp_credits (atômico + rollback em falha). Provisionamento: supabase/functions/twilio-whatsapp-provision/."}]},"Pagamentos / Billing":{"color":"#fb923c","items":[{"name":"Asaas (gateway PIX/cartão/boleto)","role":"Processamento de pagamentos pra compra de créditos WhatsApp (Marco B)","env":"Cloud — sandbox.asaas.com em dev, api.asaas.com em prod","status":"ativo","notes":"API key em ASAAS_API_KEY (env secret). URL em ASAAS_API_URL. Webhook token opcional em ASAAS_WEBHOOK_TOKEN. Edge functions: create-whatsapp-credit-charge (cria customer + PIX), asaas-webhook (recebe PAYMENT_RECEIVED/CONFIRMED e credita saldo via add_whatsapp_credits)."},{"name":"ngrok (dev only — tunnel pro webhook)","role":"Expõe edge functions locais pra Asaas alcançar via internet","env":"Local (dev)","status":"opcional","notes":"Uso: ngrok http 54321 → copia URL e cadastra em Asaas → Integrações → Webhooks → /functions/v1/asaas-webhook. Necessário só pra testar fluxo completo local incluindo confirmação de pagamento."}]},"Geração de documentos":{"color":"#38bdf8","items":[{"name":"pdfmake 0.3.7","role":"Geração de PDF client-side (atestados, laudos, recibos)","env":"Browser","status":"ativo","notes":"UMD/webpack. Requer optimizeDeps.include explícito no vite.config.mjs."},{"name":"html-to-pdfmake / html2pdf.js / jsPDF","role":"Conversão HTML→PDF para documentos ricos","env":"Browser","status":"ativo","notes":"Usado em document_templates e documents gerados para pacientes."},{"name":"Jodit + Quill","role":"Editores de texto rico para templates de documentos","env":"Browser","status":"ativo","notes":"Jodit em DocumentTemplateEditor; Quill em páginas legadas. Migração em andamento."},{"name":"html2canvas-pro","role":"Captura de screenshots de DOM (preview/export)","env":"Browser","status":"ativo","notes":"Usado para thumbnails de templates e previews."}]},"Frontend":{"color":"#a78bfa","items":[{"name":"Vue 3 + Composition API","role":"Framework principal (script setup)","env":"Browser","status":"ativo","notes":"~487 componentes Vue. Pinia para state management."},{"name":"Vite 5","role":"Build tool e dev server","env":"Node.js","status":"ativo","notes":"vite-plugin-compression (Brotli/Gzip), unplugin-auto-import para PrimeVue e Vue. rollup-plugin-visualizer para análise de bundle."},{"name":"PrimeVue 4 (tema Sakai)","role":"Biblioteca de componentes UI","env":"Browser","status":"ativo","notes":"@primeuix/themes. auto-import-resolver. DataTable, Dialog, DatePicker, Popover, Toast, ConfirmDialog headless."},{"name":"Tailwind CSS v4","role":"Utility-first CSS","env":"Browser","status":"ativo","notes":"@tailwindcss/vite + tailwindcss-primeui. Surface tokens do PrimeVue (var(--surface-card), var(--text-color-secondary))."},{"name":"Vue Router","role":"Roteamento SPA com guards por role/tenant","env":"Browser","status":"ativo","notes":"Grupos de rota: therapist, admin, supervisor, saas, billing, account, configuracoes, features."},{"name":"FullCalendar 6","role":"Calendário para agenda de terapeutas","env":"Browser","status":"ativo","notes":"Plugins: daygrid, timegrid, interaction, list, resource, resource-timegrid."},{"name":"Chart.js 3","role":"Gráficos para dashboards (financeiro, KPIs)","env":"Browser","status":"ativo","notes":"Usado em dashboards do therapist e clinic."}]},"Dev / Tooling":{"color":"#94a3b8","items":[{"name":"Supabase CLI","role":"Gerencia ambiente local, migrations, edge functions","env":"Node.js","status":"ativo","notes":"Via npx supabase. Start/stop/status/db-push/functions-deploy."},{"name":"db.cjs (este projeto)","role":"CLI auxiliar pra setup/backup/restore/migrate/verify via docker exec","env":"Node.js","status":"ativo","notes":"Complementa o supabase CLI com fluxo schema + fixes + seeds + migrations. Encoding UTF-8 preservado."},{"name":"generate-dashboard.cjs","role":"Gera dashboard HTML estático do schema (tabelas, FKs, infra)","env":"Node.js","status":"ativo","notes":"Standalone, sem dependências externas. Lê config de db.config.json e schema do backup mais recente."},{"name":"Vitest 4","role":"Runner de testes unitários","env":"Node.js","status":"ativo","notes":"npm test / test:watch / test:ui. Bateria inicial em src/**/__tests__."},{"name":"ESLint + Prettier","role":"Lint + formatação automática","env":"Node.js","status":"ativo","notes":"@vue/eslint-config-prettier. Rodado via npm run lint."}]}};
+const INFRA_GROUPS=7;
+const INFRA_ITEMS=25;
 const T2D={};
 Object.entries(D.domains).forEach(([d,ts])=>ts.forEach(t=>T2D[t]=d));
 let dom=null,view='overview',q='';
diff --git a/database-novo/db.config.json b/database-novo/db.config.json
index 9a644ec..85e098a 100644
--- a/database-novo/db.config.json
+++ b/database-novo/db.config.json
@@ -86,7 +86,9 @@
       "billing_contracts", "entitlements_invalidation"
     ],
     "Addons / Créditos": [
-      "addon_products", "addon_credits", "addon_transactions"
+      "addon_products", "addon_credits", "addon_transactions",
+      "whatsapp_credits_balance", "whatsapp_credits_transactions",
+      "whatsapp_credit_packages", "whatsapp_credit_purchases"
     ],
     "Tenants / Multi-tenant": [
       "tenants", "profiles", "user_settings",
@@ -99,7 +101,9 @@
       "patient_groups", "patient_group_patient",
       "patient_tags", "patient_patient_tag",
       "patient_discounts", "patient_intake_requests", "patient_invites",
-      "patient_status_history", "patient_timeline"
+      "patient_status_history", "patient_timeline",
+      "contact_types", "contact_phones",
+      "contact_email_types", "contact_emails"
     ],
     "Agenda / Agendamento": [
       "agenda_eventos", "agenda_bloqueios", "agenda_configuracoes", "agenda_excecoes",
@@ -130,6 +134,17 @@
       "notifications", "notice_dismissals", "global_notices", "login_carousel_slides",
       "twilio_subaccount_usage"
     ],
+    "CRM Conversas (WhatsApp)": [
+      "conversation_messages", "conversation_threads",
+      "conversation_notes",
+      "conversation_tags", "conversation_thread_tags",
+      "conversation_optouts", "conversation_optout_keywords",
+      "conversation_autoreply_settings", "conversation_autoreply_log",
+      "session_reminder_settings", "session_reminder_logs"
+    ],
+    "Segurança / Rate limiting": [
+      "submission_rate_limits"
+    ],
     "Central SaaS (docs/FAQ)": [
       "saas_docs", "saas_doc_votos", "saas_faq", "saas_faq_itens"
     ],
@@ -147,6 +162,8 @@
     "Serviços / Prontuários":         "#34d399",
     "Documentos":                     "#0ea5e9",
     "Comunicação / Notificações":     "#fbbf24",
+    "CRM Conversas (WhatsApp)":       "#25d366",
+    "Segurança / Rate limiting":      "#ef4444",
     "Central SaaS (docs/FAQ)":        "#c084fc",
     "Estrutura / Calendário":         "#fb923c"
   },
@@ -201,17 +218,36 @@
       "items": [
         {
           "name": "Evolution API",
-          "role": "Integração WhatsApp Business (envio/recebimento)",
+          "role": "WhatsApp self-hosted via Baileys (tier gratuito do SaaS — 'WhatsApp Pessoal')",
           "env": "Local (Docker)",
           "status": "ativo",
-          "notes": "Container via evolution-api/. whatsapp_instances e notification_channels já cadastrados. Integração real está sendo costurada."
+          "notes": "Container via evolution-api/docker-compose.yml. Uso do usuário conecta via QR code no celular real. Sem SLA, Meta pode banir número. Envio sem custo. Edge functions: evolution-whatsapp-inbound, evolution-webhook-provision, send-whatsapp-message."
         },
         {
-          "name": "Twilio (SMS/Voz)",
-          "role": "Provedor de SMS e voz para notificações",
+          "name": "Twilio WhatsApp Business API",
+          "role": "WhatsApp oficial (tier pago rebrandeado como 'WhatsApp Oficial AgenciaPSI')",
           "env": "Cloud",
           "status": "ativo",
-          "notes": "twilio_subaccount_usage rastreia consumo por tenant. SaasTwilioWhatsappPage gerencia contas."
+          "notes": "API oficial Meta, zero risco de ban. Credenciais em notification_channels (twilio_subaccount_sid + credentials.subaccount_auth_token). Envio consome 1 crédito via RPC deduct_whatsapp_credits (atômico + rollback em falha). Provisionamento: supabase/functions/twilio-whatsapp-provision/."
+        }
+      ]
+    },
+    "Pagamentos / Billing": {
+      "color": "#fb923c",
+      "items": [
+        {
+          "name": "Asaas (gateway PIX/cartão/boleto)",
+          "role": "Processamento de pagamentos pra compra de créditos WhatsApp (Marco B)",
+          "env": "Cloud — sandbox.asaas.com em dev, api.asaas.com em prod",
+          "status": "ativo",
+          "notes": "API key em ASAAS_API_KEY (env secret). URL em ASAAS_API_URL. Webhook token opcional em ASAAS_WEBHOOK_TOKEN. Edge functions: create-whatsapp-credit-charge (cria customer + PIX), asaas-webhook (recebe PAYMENT_RECEIVED/CONFIRMED e credita saldo via add_whatsapp_credits)."
+        },
+        {
+          "name": "ngrok (dev only — tunnel pro webhook)",
+          "role": "Expõe edge functions locais pra Asaas alcançar via internet",
+          "env": "Local (dev)",
+          "status": "opcional",
+          "notes": "Uso: ngrok http 54321 → copia URL e cadastra em Asaas → Integrações → Webhooks → /functions/v1/asaas-webhook. Necessário só pra testar fluxo completo local incluindo confirmação de pagamento."
         }
       ]
     },
diff --git a/database-novo/fixes/fix_template_keys_rename_en_to_pt.sql b/database-novo/fixes/fix_template_keys_rename_en_to_pt.sql
new file mode 100644
index 0000000..80561e2
--- /dev/null
+++ b/database-novo/fixes/fix_template_keys_rename_en_to_pt.sql
@@ -0,0 +1,163 @@
+-- ============================================================
+-- Fix: Remove templates com keys em inglês (WhatsApp/SMS)
+-- Agência PSI — 2026-04-22
+-- ============================================================
+-- Ambiente de desenvolvimento sem dados reais: DELETE físico.
+-- Mantém apenas as keys canônicas em português definidas
+-- pelo seed_014_global_data.sql. Se alguma key PT estiver
+-- faltando após rodar esta migration, rode o Step 3 de reseed.
+--
+-- Idempotente: rodar de novo não causa erro (DELETE simples
+-- encontra 0 linhas).
+-- ============================================================
+
+BEGIN;
+
+-- ── Step 1: Snapshot ANTES ────────────────────────────────────────────
+-- Útil pra conferir o que vai ser apagado
+SELECT
+  'BEFORE' AS stage,
+  key,
+  channel,
+  event_type,
+  tenant_id IS NULL AS is_global,
+  is_default,
+  is_active,
+  deleted_at
+FROM public.notification_templates
+WHERE channel IN ('whatsapp', 'sms')
+ORDER BY channel, event_type, tenant_id NULLS FIRST, key;
+
+
+-- ── Step 2: DELETE físico de todas as keys em inglês ─────────────────
+DELETE FROM public.notification_templates
+WHERE key IN (
+  -- WhatsApp — variantes em inglês
+  'session.reminder.whatsapp',
+  'session.reminder_2h.whatsapp',
+  'session.confirmation.whatsapp',
+  'session.cancellation.whatsapp',
+  'session.reschedule.whatsapp',
+  'session.rescheduled.whatsapp',
+  'billing.pending.whatsapp',
+  'system.welcome.whatsapp',
+  -- SMS — variantes em inglês
+  'session.reminder.sms',
+  'session.reminder_2h.sms',
+  'session.confirmation.sms',
+  'session.cancellation.sms',
+  'session.reschedule.sms',
+  'session.rescheduled.sms',
+  'billing.pending.sms',
+  'system.welcome.sms'
+);
+
+
+-- ── Step 3: Re-seed (inserção idempotente) das keys PT canônicas ─────
+-- Garante que todas as keys esperadas existem como globais ativas.
+-- Usa INSERT … ON CONFLICT DO UPDATE para ser idempotente.
+-- Os body_text são placeholders padrão; se quiser textos diferentes,
+-- edite depois via /configuracoes/whatsapp-templates ou /saas/notification-templates.
+
+INSERT INTO public.notification_templates
+  (tenant_id, owner_id, key, domain, channel, event_type, body_text, variables, is_default, is_active)
+VALUES
+  -- ── WhatsApp ─────────────────────────────────────────────────────────
+  (NULL, NULL, 'session.lembrete.whatsapp',       'session', 'whatsapp', 'lembrete_sessao',
+   'Olá {{patient_name}}! Lembrete: sua sessão com {{therapist_name}} é amanhã às {{session_time}}. Até lá!',
+   '["patient_name","therapist_name","session_date","session_time"]'::jsonb, true, true),
+
+  (NULL, NULL, 'session.lembrete_2h.whatsapp',    'session', 'whatsapp', 'lembrete_sessao',
+   'Olá {{patient_name}}! Sua sessão com {{therapist_name}} começa em 2 horas ({{session_time}}). Até já!',
+   '["patient_name","therapist_name","session_time"]'::jsonb, true, true),
+
+  (NULL, NULL, 'session.confirmacao.whatsapp',    'session', 'whatsapp', 'confirmacao_sessao',
+   'Olá {{patient_name}}! Sua sessão com {{therapist_name}} foi confirmada para {{session_date}} às {{session_time}}.',
+   '["patient_name","therapist_name","session_date","session_time"]'::jsonb, true, true),
+
+  (NULL, NULL, 'session.cancelamento.whatsapp',   'session', 'whatsapp', 'cancelamento_sessao',
+   'Olá {{patient_name}}. Sua sessão de {{session_date}} às {{session_time}} foi cancelada. Entre em contato para remarcar.',
+   '["patient_name","session_date","session_time"]'::jsonb, true, true),
+
+  (NULL, NULL, 'session.reagendamento.whatsapp',  'session', 'whatsapp', 'reagendamento',
+   'Olá {{patient_name}}! Sua sessão foi reagendada para {{session_date}} às {{session_time}} com {{therapist_name}}.',
+   '["patient_name","therapist_name","session_date","session_time"]'::jsonb, true, true),
+
+  (NULL, NULL, 'cobranca.pendente.whatsapp',      'billing', 'whatsapp', 'cobranca_pendente',
+   'Olá {{patient_name}}! Identificamos um pagamento pendente de {{valor}} com vencimento em {{vencimento}}. Qualquer dúvida, estou à disposição.',
+   '["patient_name","valor","vencimento"]'::jsonb, true, true),
+
+  (NULL, NULL, 'sistema.boas_vindas.whatsapp',    'system', 'whatsapp', 'boas_vindas_paciente',
+   'Olá {{patient_name}}! Bem-vindo(a) à {{clinic_name}}. Seu terapeuta {{therapist_name}} está à disposição.',
+   '["patient_name","clinic_name","therapist_name"]'::jsonb, true, true),
+
+  -- ── SMS ──────────────────────────────────────────────────────────────
+  (NULL, NULL, 'session.lembrete.sms',            'session', 'sms',      'lembrete_sessao',
+   'Lembrete: sua sessao com {{therapist_name}} e amanha as {{session_time}}.',
+   '["therapist_name","session_date","session_time"]'::jsonb, true, true),
+
+  (NULL, NULL, 'session.lembrete_2h.sms',         'session', 'sms',      'lembrete_sessao',
+   'Sua sessao com {{therapist_name}} comeca em 2h ({{session_time}}).',
+   '["therapist_name","session_time"]'::jsonb, true, true),
+
+  (NULL, NULL, 'session.confirmacao.sms',         'session', 'sms',      'confirmacao_sessao',
+   'Sua sessao foi confirmada para {{session_date}} as {{session_time}}.',
+   '["session_date","session_time"]'::jsonb, true, true),
+
+  (NULL, NULL, 'session.cancelamento.sms',        'session', 'sms',      'cancelamento_sessao',
+   'Sua sessao de {{session_date}} as {{session_time}} foi cancelada.',
+   '["session_date","session_time"]'::jsonb, true, true),
+
+  (NULL, NULL, 'session.reagendamento.sms',       'session', 'sms',      'reagendamento',
+   'Sua sessao foi reagendada para {{session_date}} as {{session_time}}.',
+   '["session_date","session_time"]'::jsonb, true, true),
+
+  (NULL, NULL, 'cobranca.pendente.sms',           'billing', 'sms',      'cobranca_pendente',
+   'Pagamento pendente: {{valor}}, venc. {{vencimento}}.',
+   '["valor","vencimento"]'::jsonb, true, true),
+
+  (NULL, NULL, 'sistema.boas_vindas.sms',         'system', 'sms',      'boas_vindas_paciente',
+   'Bem-vindo a {{clinic_name}}! Seu terapeuta e {{therapist_name}}.',
+   '["clinic_name","therapist_name"]'::jsonb, true, true)
+
+ON CONFLICT (tenant_id, owner_id, key, deleted_at)
+DO UPDATE SET
+  body_text  = EXCLUDED.body_text,
+  variables  = EXCLUDED.variables,
+  is_default = EXCLUDED.is_default,
+  is_active  = EXCLUDED.is_active,
+  domain     = EXCLUDED.domain,
+  event_type = EXCLUDED.event_type,
+  updated_at = now();
+
+
+-- ── Step 4: Snapshot DEPOIS ──────────────────────────────────────────
+SELECT
+  'AFTER' AS stage,
+  key,
+  channel,
+  event_type,
+  tenant_id IS NULL AS is_global,
+  is_default,
+  is_active
+FROM public.notification_templates
+WHERE channel IN ('whatsapp', 'sms')
+  AND deleted_at IS NULL
+ORDER BY channel, event_type, tenant_id NULLS FIRST, key;
+
+
+-- ── Step 5: Verificação — esperado 0 linhas ativas em EN ─────────────
+SELECT
+  count(*) AS remaining_english_keys
+FROM public.notification_templates
+WHERE deleted_at IS NULL
+  AND key IN (
+    'session.reminder.whatsapp', 'session.reminder_2h.whatsapp', 'session.confirmation.whatsapp',
+    'session.cancellation.whatsapp', 'session.reschedule.whatsapp', 'session.rescheduled.whatsapp',
+    'billing.pending.whatsapp', 'system.welcome.whatsapp',
+    'session.reminder.sms', 'session.reminder_2h.sms', 'session.confirmation.sms',
+    'session.cancellation.sms', 'session.reschedule.sms', 'session.rescheduled.sms',
+    'billing.pending.sms', 'system.welcome.sms'
+  );
+
+COMMIT;
diff --git a/database-novo/migrations/20260420000001_patient_intake_invite_info_rpc.sql b/database-novo/migrations/20260420000001_patient_intake_invite_info_rpc.sql
new file mode 100644
index 0000000..8db6152
--- /dev/null
+++ b/database-novo/migrations/20260420000001_patient_intake_invite_info_rpc.sql
@@ -0,0 +1,107 @@
+-- =============================================================================
+-- Migration: 20260420000001_patient_intake_invite_info_rpc
+-- A#31 — RPC read-only de lookup público do terapeuta/clínica a partir do
+-- token do patient_invite. Consumida pela edge function get-intake-invite-info
+-- para alimentar o "hero header" da página /cadastro/paciente.
+--
+-- Segurança:
+--   • SECURITY DEFINER (ignora RLS de profiles/company_profiles)
+--   • Valida token: existe, ativo, não-expirado, dentro do max_uses
+--   • Retorna APENAS campos explicitamente seguros (não-sensíveis)
+--   • Execute revogado de PUBLIC/anon; grantado só para service_role (edge)
+--     e authenticated (usos internos futuros)
+--
+-- Payload devolvido:
+--   { ok: true, info: { therapist: {...}, clinic: {...}|null } }
+--   { error: 'invalid-token' }  — token inválido/expirado/esgotado
+--   { error: 'missing-token' }  — input vazio
+-- =============================================================================
+
+CREATE OR REPLACE FUNCTION public.get_patient_intake_invite_info(p_token text)
+RETURNS jsonb
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public, pg_temp
+AS $$
+DECLARE
+    v_token_clean text;
+    v_invite      RECORD;
+    v_result      jsonb;
+BEGIN
+    v_token_clean := nullif(trim(coalesce(p_token, '')), '');
+    IF v_token_clean IS NULL THEN
+        RETURN jsonb_build_object('error', 'missing-token');
+    END IF;
+
+    SELECT pi.owner_id, pi.tenant_id, pi.active, pi.expires_at, pi.max_uses, pi.uses
+      INTO v_invite
+      FROM public.patient_invites pi
+     WHERE pi.token = v_token_clean
+     LIMIT 1;
+
+    IF v_invite.owner_id IS NULL THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    IF v_invite.active IS DISTINCT FROM true THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    IF v_invite.expires_at IS NOT NULL AND v_invite.expires_at < now() THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    IF v_invite.max_uses IS NOT NULL AND v_invite.uses >= v_invite.max_uses THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    SELECT jsonb_build_object(
+        'therapist', jsonb_build_object(
+            'display_name',      coalesce(
+                                     nullif(trim(p.full_name), ''),
+                                     nullif(trim(p.nickname), ''),
+                                     'Profissional'
+                                 ),
+            'avatar_url',        nullif(trim(coalesce(p.avatar_url, '')), ''),
+            'work_description',  nullif(trim(coalesce(p.work_description, '')), ''),
+            'bio',               nullif(trim(coalesce(p.bio, '')), ''),
+            'phone',             nullif(trim(coalesce(p.phone, '')), ''),
+            'site_url',          nullif(trim(coalesce(p.site_url, '')), ''),
+            'instagram',         nullif(trim(coalesce(p.social_instagram, '')), '')
+        ),
+        'clinic', CASE
+            WHEN cp.tenant_id IS NOT NULL THEN jsonb_build_object(
+                'name',       nullif(trim(coalesce(cp.nome_fantasia, '')), ''),
+                'logo_url',   nullif(trim(coalesce(cp.logo_url, '')), ''),
+                'email',      nullif(trim(coalesce(cp.email, '')), ''),
+                'phone',      nullif(trim(coalesce(cp.telefone, '')), ''),
+                'site',       nullif(trim(coalesce(cp.site, '')), ''),
+                'city',       nullif(trim(coalesce(cp.cidade, '')), ''),
+                'state',      nullif(trim(coalesce(cp.estado, '')), ''),
+                'neighborhood', nullif(trim(coalesce(cp.bairro, '')), ''),
+                'street',     nullif(trim(coalesce(cp.logradouro, '')), ''),
+                'number',     nullif(trim(coalesce(cp.numero, '')), ''),
+                'social',     coalesce(cp.redes_sociais, '[]'::jsonb)
+            )
+            ELSE NULL
+        END
+    )
+    INTO v_result
+    FROM public.profiles p
+    LEFT JOIN public.company_profiles cp ON cp.tenant_id = v_invite.tenant_id
+    WHERE p.id = v_invite.owner_id
+    LIMIT 1;
+
+    IF v_result IS NULL THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    RETURN jsonb_build_object('ok', true, 'info', v_result);
+END;
+$$;
+
+REVOKE EXECUTE ON FUNCTION public.get_patient_intake_invite_info(text) FROM PUBLIC, anon;
+GRANT  EXECUTE ON FUNCTION public.get_patient_intake_invite_info(text) TO authenticated, service_role;
+
+COMMENT ON FUNCTION public.get_patient_intake_invite_info(text) IS
+'A#31 — Lookup público read-only (via edge function) dos dados de apresentação do terapeuta/clínica dono do link de cadastro externo. Só retorna campos não-sensíveis.';
diff --git a/database-novo/migrations/20260420000002_audit_logs_lgpd.sql b/database-novo/migrations/20260420000002_audit_logs_lgpd.sql
new file mode 100644
index 0000000..da91923
--- /dev/null
+++ b/database-novo/migrations/20260420000002_audit_logs_lgpd.sql
@@ -0,0 +1,199 @@
+-- =============================================================================
+-- Migration: 20260420000002_audit_logs_lgpd
+-- Sessao 11 - Fase 2a (Opcao C).
+--
+-- Resolve: LGPD Art. 37 - registro das operacoes de tratamento.
+-- Projeto ja tinha logs pontuais (document_access_logs, patient_status_history,
+-- notification_logs, addon_transactions) mas nao registrava:
+--   - Edicao de dados do paciente (nome/CPF/endereco)
+--   - CRUD de sessoes na agenda
+--   - CRUD de registros financeiros
+--   - CRUD de documentos (metadata)
+--   - Mudancas de permissao / members do tenant
+--
+-- Cria tabela audit_logs imutavel + funcao trigger generica + triggers nas
+-- tabelas criticas. RLS: tenant member le; ninguem INSERT/UPDATE/DELETE direto.
+-- =============================================================================
+
+-- ---------------------------------------------------------------------------
+-- Tabela audit_logs
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.audit_logs (
+    id BIGSERIAL PRIMARY KEY,
+    tenant_id UUID NOT NULL REFERENCES public.tenants(id) ON DELETE CASCADE,
+    user_id UUID REFERENCES auth.users(id) ON DELETE SET NULL,
+    entity_type TEXT NOT NULL,
+    entity_id TEXT,
+    action TEXT NOT NULL CHECK (action IN ('insert', 'update', 'delete')),
+    old_values JSONB,
+    new_values JSONB,
+    changed_fields TEXT[],
+    metadata JSONB NOT NULL DEFAULT '{}'::jsonb,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+CREATE INDEX IF NOT EXISTS idx_audit_logs_tenant_created
+    ON public.audit_logs (tenant_id, created_at DESC);
+
+CREATE INDEX IF NOT EXISTS idx_audit_logs_entity
+    ON public.audit_logs (entity_type, entity_id);
+
+CREATE INDEX IF NOT EXISTS idx_audit_logs_user_created
+    ON public.audit_logs (user_id, created_at DESC) WHERE user_id IS NOT NULL;
+
+CREATE INDEX IF NOT EXISTS idx_audit_logs_changed_fields
+    ON public.audit_logs USING GIN (changed_fields);
+
+COMMENT ON TABLE public.audit_logs IS
+    'Registro imutavel de operacoes de tratamento (LGPD Art. 37). INSERT apenas via trigger SECURITY DEFINER.';
+
+-- ---------------------------------------------------------------------------
+-- Funcao trigger generica
+-- ---------------------------------------------------------------------------
+CREATE OR REPLACE FUNCTION public.log_audit_change()
+RETURNS TRIGGER
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public, pg_temp
+AS $$
+DECLARE
+    v_tenant_id UUID;
+    v_entity_id TEXT;
+    v_old JSONB;
+    v_new JSONB;
+    v_changed TEXT[];
+    v_heavy_fields TEXT[] := ARRAY[
+        'content', 'content_html', 'content_json', 'raw_data',
+        'signature_data', 'pdf_blob', 'binary', 'body_html', 'body_text'
+    ];
+    v_noise_fields TEXT[] := ARRAY['updated_at', 'last_seen_at', 'last_activity_at'];
+BEGIN
+    IF TG_OP = 'DELETE' THEN
+        v_tenant_id := OLD.tenant_id;
+        v_entity_id := OLD.id::TEXT;
+        v_old := to_jsonb(OLD) - v_heavy_fields;
+        v_new := NULL;
+    ELSIF TG_OP = 'INSERT' THEN
+        v_tenant_id := NEW.tenant_id;
+        v_entity_id := NEW.id::TEXT;
+        v_old := NULL;
+        v_new := to_jsonb(NEW) - v_heavy_fields;
+    ELSE -- UPDATE
+        v_tenant_id := NEW.tenant_id;
+        v_entity_id := NEW.id::TEXT;
+        v_old := to_jsonb(OLD) - v_heavy_fields;
+        v_new := to_jsonb(NEW) - v_heavy_fields;
+
+        -- calcular campos realmente alterados
+        SELECT array_agg(key ORDER BY key) INTO v_changed
+        FROM jsonb_each(to_jsonb(NEW)) AS kv(key, value)
+        WHERE (to_jsonb(OLD))->kv.key IS DISTINCT FROM kv.value;
+
+        -- se nada mudou, ignora
+        IF v_changed IS NULL THEN
+            RETURN NEW;
+        END IF;
+
+        -- se mudou apenas campos de ruido (ex: updated_at), ignora
+        IF v_changed <@ v_noise_fields THEN
+            RETURN NEW;
+        END IF;
+    END IF;
+
+    INSERT INTO public.audit_logs (
+        tenant_id, user_id, entity_type, entity_id, action,
+        old_values, new_values, changed_fields
+    ) VALUES (
+        v_tenant_id,
+        auth.uid(),
+        TG_TABLE_NAME,
+        v_entity_id,
+        lower(TG_OP),
+        v_old,
+        v_new,
+        v_changed
+    );
+
+    RETURN COALESCE(NEW, OLD);
+END;
+$$;
+
+COMMENT ON FUNCTION public.log_audit_change() IS
+    'Trigger generica de audit. Filtra campos pesados (content, signature_data) e ruido (updated_at).';
+
+-- ---------------------------------------------------------------------------
+-- Triggers nas tabelas criticas
+-- ---------------------------------------------------------------------------
+
+-- patients
+DROP TRIGGER IF EXISTS trg_audit_patients ON public.patients;
+CREATE TRIGGER trg_audit_patients
+    AFTER INSERT OR UPDATE OR DELETE ON public.patients
+    FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
+-- agenda_eventos
+DROP TRIGGER IF EXISTS trg_audit_agenda_eventos ON public.agenda_eventos;
+CREATE TRIGGER trg_audit_agenda_eventos
+    AFTER INSERT OR UPDATE OR DELETE ON public.agenda_eventos
+    FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
+-- financial_records
+DROP TRIGGER IF EXISTS trg_audit_financial_records ON public.financial_records;
+CREATE TRIGGER trg_audit_financial_records
+    AFTER INSERT OR UPDATE OR DELETE ON public.financial_records
+    FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
+-- documents
+DROP TRIGGER IF EXISTS trg_audit_documents ON public.documents;
+CREATE TRIGGER trg_audit_documents
+    AFTER INSERT OR UPDATE OR DELETE ON public.documents
+    FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
+-- tenant_members (mudanca de permissao)
+DROP TRIGGER IF EXISTS trg_audit_tenant_members ON public.tenant_members;
+CREATE TRIGGER trg_audit_tenant_members
+    AFTER INSERT OR UPDATE OR DELETE ON public.tenant_members
+    FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
+-- ---------------------------------------------------------------------------
+-- RLS: tenant member le; saas_admin le tudo; ninguem escreve direto
+-- ---------------------------------------------------------------------------
+ALTER TABLE public.audit_logs ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.audit_logs FORCE ROW LEVEL SECURITY;
+
+DROP POLICY IF EXISTS "audit_logs: select tenant" ON public.audit_logs;
+DROP POLICY IF EXISTS "audit_logs: saas_admin all" ON public.audit_logs;
+DROP POLICY IF EXISTS "audit_logs: no direct insert" ON public.audit_logs;
+DROP POLICY IF EXISTS "audit_logs: no direct update" ON public.audit_logs;
+DROP POLICY IF EXISTS "audit_logs: no direct delete" ON public.audit_logs;
+
+CREATE POLICY "audit_logs: select tenant" ON public.audit_logs
+    FOR SELECT TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR tenant_id IN (
+            SELECT tm.tenant_id FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.status = 'active'
+        )
+    );
+
+-- Explicitamente NEGA insert/update/delete via API
+-- (SECURITY DEFINER na funcao trigger bypassa RLS; app nao consegue escrever direto)
+CREATE POLICY "audit_logs: no direct insert" ON public.audit_logs
+    FOR INSERT TO authenticated
+    WITH CHECK (false);
+
+CREATE POLICY "audit_logs: no direct update" ON public.audit_logs
+    FOR UPDATE TO authenticated
+    USING (false) WITH CHECK (false);
+
+CREATE POLICY "audit_logs: no direct delete" ON public.audit_logs
+    FOR DELETE TO authenticated
+    USING (false);
+
+-- ---------------------------------------------------------------------------
+-- Marca hardening na auditoria
+-- ---------------------------------------------------------------------------
+COMMENT ON COLUMN public.audit_logs.old_values IS 'Estado anterior (jsonb); NULL em INSERT; campos pesados removidos';
+COMMENT ON COLUMN public.audit_logs.new_values IS 'Estado posterior (jsonb); NULL em DELETE; campos pesados removidos';
+COMMENT ON COLUMN public.audit_logs.changed_fields IS 'Lista de campos alterados em UPDATE (NULL em INSERT/DELETE)';
diff --git a/database-novo/migrations/20260420000003_audit_logs_unified_view.sql b/database-novo/migrations/20260420000003_audit_logs_unified_view.sql
new file mode 100644
index 0000000..b63cf72
--- /dev/null
+++ b/database-novo/migrations/20260420000003_audit_logs_unified_view.sql
@@ -0,0 +1,148 @@
+-- =============================================================================
+-- Migration: 20260420000003_audit_logs_unified_view
+-- Sessao 11 - Fase 2a (Opcao C).
+--
+-- View audit_log_unified que junta:
+--   - audit_logs           (nova, trigger generico em patients/agenda/etc)
+--   - document_access_logs (visualizacao/download/impressao de documento)
+--   - patient_status_history (mudancas de status de paciente)
+--   - notification_logs    (envio de SMS/email/WhatsApp)
+--   - addon_transactions   (compras/consumos de recursos extras)
+--
+-- RLS: aplica-se das tabelas base. View usa security_invoker para herdar.
+-- =============================================================================
+
+DROP VIEW IF EXISTS public.audit_log_unified CASCADE;
+
+CREATE VIEW public.audit_log_unified
+WITH (security_invoker = true)
+AS
+-- 1) audit_logs (trigger generico)
+SELECT
+    'audit:' || al.id::text                    AS uid,
+    al.tenant_id                                AS tenant_id,
+    al.user_id                                  AS user_id,
+    al.entity_type                              AS entity_type,
+    al.entity_id                                AS entity_id,
+    al.action                                   AS action,
+    CASE al.action
+        WHEN 'insert' THEN 'Criou ' || al.entity_type
+        WHEN 'update' THEN 'Alterou ' || al.entity_type
+                         || COALESCE(' (' || array_to_string(al.changed_fields, ', ') || ')', '')
+        WHEN 'delete' THEN 'Excluiu ' || al.entity_type
+    END                                         AS description,
+    al.created_at                               AS occurred_at,
+    'audit_logs'                                AS source,
+    jsonb_build_object(
+        'old_values', al.old_values,
+        'new_values', al.new_values,
+        'changed_fields', al.changed_fields
+    )                                           AS details
+FROM public.audit_logs al
+
+UNION ALL
+
+-- 2) document_access_logs
+SELECT
+    'doc_access:' || dal.id::text,
+    dal.tenant_id,
+    dal.user_id,
+    'document'                                  AS entity_type,
+    dal.documento_id::text                      AS entity_id,
+    dal.acao                                    AS action,
+    CASE dal.acao
+        WHEN 'visualizou'   THEN 'Visualizou documento'
+        WHEN 'baixou'       THEN 'Baixou documento'
+        WHEN 'imprimiu'     THEN 'Imprimiu documento'
+        WHEN 'compartilhou' THEN 'Compartilhou documento'
+        WHEN 'assinou'      THEN 'Assinou documento'
+        ELSE dal.acao
+    END                                         AS description,
+    dal.acessado_em                             AS occurred_at,
+    'document_access_logs'                      AS source,
+    jsonb_build_object(
+        'ip', dal.ip::text,
+        'user_agent', dal.user_agent
+    )                                           AS details
+FROM public.document_access_logs dal
+
+UNION ALL
+
+-- 3) patient_status_history
+SELECT
+    'psh:' || psh.id::text,
+    psh.tenant_id,
+    psh.alterado_por,
+    'patient_status'                            AS entity_type,
+    psh.patient_id::text                        AS entity_id,
+    'status_change'                             AS action,
+    'Status do paciente: '
+        || COALESCE(psh.status_anterior, '—') || ' → ' || psh.status_novo
+        || COALESCE(' (' || psh.motivo || ')', '')                AS description,
+    psh.alterado_em                             AS occurred_at,
+    'patient_status_history'                    AS source,
+    jsonb_build_object(
+        'status_anterior', psh.status_anterior,
+        'status_novo', psh.status_novo,
+        'motivo', psh.motivo,
+        'encaminhado_para', psh.encaminhado_para,
+        'data_saida', psh.data_saida
+    )                                           AS details
+FROM public.patient_status_history psh
+
+UNION ALL
+
+-- 4) notification_logs
+SELECT
+    'notif:' || nl.id::text,
+    nl.tenant_id,
+    nl.owner_id                                 AS user_id,
+    'notification'                              AS entity_type,
+    nl.patient_id::text                         AS entity_id,
+    nl.status                                   AS action,
+    'Notificação ' || nl.channel || ' '
+        || nl.status
+        || COALESCE(' para ' || nl.recipient_address, '')          AS description,
+    nl.created_at                               AS occurred_at,
+    'notification_logs'                         AS source,
+    jsonb_build_object(
+        'channel', nl.channel,
+        'template_key', nl.template_key,
+        'status', nl.status,
+        'provider', nl.provider,
+        'failure_reason', nl.failure_reason
+    )                                           AS details
+FROM public.notification_logs nl
+
+UNION ALL
+
+-- 5) addon_transactions
+SELECT
+    'addon:' || at.id::text,
+    at.tenant_id,
+    at.admin_user_id                            AS user_id,
+    'addon_transaction'                         AS entity_type,
+    at.id::text                                 AS entity_id,
+    at.type                                     AS action,
+    CASE at.type
+        WHEN 'purchase'    THEN 'Compra de ' || at.amount || ' créditos de ' || at.addon_type
+        WHEN 'consumption' THEN 'Consumo de ' || abs(at.amount) || ' crédito(s) ' || at.addon_type
+        WHEN 'adjustment'  THEN 'Ajuste de créditos ' || at.addon_type
+        WHEN 'refund'      THEN 'Reembolso de ' || abs(at.amount) || ' créditos ' || at.addon_type
+        ELSE at.type || ' ' || at.addon_type
+    END                                         AS description,
+    at.created_at                               AS occurred_at,
+    'addon_transactions'                        AS source,
+    jsonb_build_object(
+        'addon_type', at.addon_type,
+        'amount', at.amount,
+        'balance_after', at.balance_after,
+        'price_cents', at.price_cents,
+        'payment_reference', at.payment_reference
+    )                                           AS details
+FROM public.addon_transactions at;
+
+COMMENT ON VIEW public.audit_log_unified IS
+    'Timeline unificada de eventos auditaveis (LGPD). Herda RLS das tabelas base via security_invoker.';
+
+GRANT SELECT ON public.audit_log_unified TO authenticated;
diff --git a/database-novo/migrations/20260420000004_lgpd_export_patient_rpc.sql b/database-novo/migrations/20260420000004_lgpd_export_patient_rpc.sql
new file mode 100644
index 0000000..b1e9e3b
--- /dev/null
+++ b/database-novo/migrations/20260420000004_lgpd_export_patient_rpc.sql
@@ -0,0 +1,225 @@
+-- =============================================================================
+-- Migration: 20260420000004_lgpd_export_patient_rpc
+-- Sessao 11 - Fase 2b (Opcao C).
+--
+-- Implementa LGPD Art. 18 - direito de portabilidade do titular.
+-- RPC export_patient_data(p_patient_id uuid) retorna jsonb com todos os dados
+-- relacionados ao paciente. Registra o evento em audit_logs para rastreabilidade.
+--
+-- Seguranca:
+--   - SECURITY DEFINER permite agregar tabelas diversas bypassando RLS
+--   - Verificacao explicita: caller deve ser tenant_member ativo da clinica do paciente
+--   - Proibido acesso cross-tenant
+-- =============================================================================
+
+CREATE OR REPLACE FUNCTION public.export_patient_data(p_patient_id UUID)
+RETURNS JSONB
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public, pg_temp
+AS $$
+DECLARE
+    v_patient RECORD;
+    v_tenant_id UUID;
+    v_caller UUID;
+    v_is_member BOOLEAN;
+    v_result JSONB;
+BEGIN
+    v_caller := auth.uid();
+    IF v_caller IS NULL THEN
+        RAISE EXCEPTION 'Autenticacao obrigatoria' USING ERRCODE = '28000';
+    END IF;
+
+    -- carrega paciente
+    SELECT * INTO v_patient FROM public.patients WHERE id = p_patient_id;
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'Paciente nao encontrado' USING ERRCODE = 'P0002';
+    END IF;
+
+    v_tenant_id := v_patient.tenant_id;
+
+    -- verifica se caller e membro ativo do tenant do paciente
+    SELECT EXISTS (
+        SELECT 1 FROM public.tenant_members tm
+        WHERE tm.tenant_id = v_tenant_id
+          AND tm.user_id = v_caller
+          AND tm.status = 'active'
+    ) OR public.is_saas_admin() INTO v_is_member;
+
+    IF NOT v_is_member THEN
+        RAISE EXCEPTION 'Sem permissao para exportar dados deste paciente' USING ERRCODE = '42501';
+    END IF;
+
+    -- monta o payload
+    v_result := jsonb_build_object(
+        'export_metadata', jsonb_build_object(
+            'generated_at', now(),
+            'generated_by', v_caller,
+            'tenant_id', v_tenant_id,
+            'patient_id', p_patient_id,
+            'lgpd_basis', 'Art. 18, II - portabilidade dos dados do titular',
+            'controller', 'AgenciaPSI - Clinica responsavel',
+            'format_version', '1.0'
+        ),
+        'paciente', to_jsonb(v_patient),
+        'contatos', COALESCE((
+            SELECT jsonb_agg(to_jsonb(pc) ORDER BY pc.created_at)
+            FROM public.patient_contacts pc
+            WHERE pc.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'contatos_apoio', COALESCE((
+            SELECT jsonb_agg(to_jsonb(psc) ORDER BY psc.created_at)
+            FROM public.patient_support_contacts psc
+            WHERE psc.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'historico_status', COALESCE((
+            SELECT jsonb_agg(to_jsonb(psh) ORDER BY psh.alterado_em)
+            FROM public.patient_status_history psh
+            WHERE psh.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'timeline', COALESCE((
+            SELECT jsonb_agg(to_jsonb(pt) ORDER BY pt.ocorrido_em)
+            FROM public.patient_timeline pt
+            WHERE pt.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'descontos', COALESCE((
+            SELECT jsonb_agg(to_jsonb(pd) ORDER BY pd.created_at)
+            FROM public.patient_discounts pd
+            WHERE pd.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'eventos_agenda', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', ae.id,
+                    'tipo', ae.tipo,
+                    'inicio_em', ae.inicio_em,
+                    'fim_em', ae.fim_em,
+                    'status', ae.status,
+                    'observacoes', ae.observacoes,
+                    'created_at', ae.created_at
+                ) ORDER BY ae.inicio_em
+            )
+            FROM public.agenda_eventos ae
+            WHERE ae.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'registros_financeiros', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', fr.id,
+                    'amount', fr.amount,
+                    'discount_amount', fr.discount_amount,
+                    'final_amount', fr.final_amount,
+                    'status', fr.status,
+                    'due_date', fr.due_date,
+                    'paid_at', fr.paid_at,
+                    'payment_method', fr.payment_method,
+                    'notes', fr.notes,
+                    'created_at', fr.created_at
+                ) ORDER BY fr.created_at
+            )
+            FROM public.financial_records fr
+            WHERE fr.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'documentos', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', d.id,
+                    'nome_original', d.nome_original,
+                    'tipo_documento', d.tipo_documento,
+                    'categoria', d.categoria,
+                    'descricao', d.descricao,
+                    'mime_type', d.mime_type,
+                    'tamanho_bytes', d.tamanho_bytes,
+                    'status_revisao', d.status_revisao,
+                    'visibilidade', d.visibilidade,
+                    'uploaded_at', d.uploaded_at,
+                    'created_at', d.created_at
+                ) ORDER BY d.created_at
+            )
+            FROM public.documents d
+            WHERE d.patient_id = p_patient_id AND d.deleted_at IS NULL
+        ), '[]'::jsonb),
+        'notificacoes_enviadas', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', nl.id,
+                    'channel', nl.channel,
+                    'template_key', nl.template_key,
+                    'recipient_address', nl.recipient_address,
+                    'status', nl.status,
+                    'sent_at', nl.sent_at,
+                    'delivered_at', nl.delivered_at,
+                    'read_at', nl.read_at,
+                    'failure_reason', nl.failure_reason,
+                    'created_at', nl.created_at
+                ) ORDER BY nl.created_at
+            )
+            FROM public.notification_logs nl
+            WHERE nl.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'audit_trail', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', al.id,
+                    'action', al.action,
+                    'entity_type', al.entity_type,
+                    'changed_fields', al.changed_fields,
+                    'user_id', al.user_id,
+                    'created_at', al.created_at
+                ) ORDER BY al.created_at
+            )
+            FROM public.audit_logs al
+            WHERE al.tenant_id = v_tenant_id
+              AND al.entity_type = 'patients'
+              AND al.entity_id = p_patient_id::text
+        ), '[]'::jsonb),
+        'acessos_a_documentos', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', dal.id,
+                    'documento_id', dal.documento_id,
+                    'acao', dal.acao,
+                    'user_id', dal.user_id,
+                    'acessado_em', dal.acessado_em
+                ) ORDER BY dal.acessado_em
+            )
+            FROM public.document_access_logs dal
+            WHERE dal.documento_id IN (
+                SELECT id FROM public.documents WHERE patient_id = p_patient_id
+            )
+        ), '[]'::jsonb),
+        'grupos', COALESCE((
+            SELECT jsonb_agg(jsonb_build_object('patient_group_id', pgp.patient_group_id))
+            FROM public.patient_group_patient pgp
+            WHERE pgp.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'tags', COALESCE((
+            SELECT jsonb_agg(jsonb_build_object('tag_id', ppt.tag_id))
+            FROM public.patient_patient_tag ppt
+            WHERE ppt.patient_id = p_patient_id
+        ), '[]'::jsonb)
+    );
+
+    -- registra o export como evento auditavel
+    INSERT INTO public.audit_logs (
+        tenant_id, user_id, entity_type, entity_id, action,
+        old_values, new_values, changed_fields, metadata
+    ) VALUES (
+        v_tenant_id, v_caller, 'patients', p_patient_id::text, 'update',
+        NULL, NULL, ARRAY['__lgpd_export__'],
+        jsonb_build_object(
+            'action_kind', 'lgpd_export',
+            'lgpd_basis', 'Art. 18, II',
+            'patient_name', v_patient.nome_completo
+        )
+    );
+
+    RETURN v_result;
+END;
+$$;
+
+COMMENT ON FUNCTION public.export_patient_data(UUID) IS
+    'LGPD Art. 18, II - exporta todos os dados do paciente em jsonb portavel. Registra evento em audit_logs.';
+
+REVOKE ALL ON FUNCTION public.export_patient_data(UUID) FROM PUBLIC;
+GRANT EXECUTE ON FUNCTION public.export_patient_data(UUID) TO authenticated;
diff --git a/database-novo/migrations/20260420000005_conversation_messages.sql b/database-novo/migrations/20260420000005_conversation_messages.sql
new file mode 100644
index 0000000..974849c
--- /dev/null
+++ b/database-novo/migrations/20260420000005_conversation_messages.sql
@@ -0,0 +1,263 @@
+-- =============================================================================
+-- Migration: 20260420000005_conversation_messages
+-- Sessao 11 - Fase 5a (CRM de WhatsApp / inbox).
+--
+-- Cria infraestrutura para receber mensagens inbound de WhatsApp (Twilio e
+-- Evolution API) e exibir num Kanban de conversas.
+--
+--   - conversation_messages    — todas as mensagens (in/out) com link opcional
+--                                 ao paciente via telefone matching
+--   - function match_patient_by_phone(tenant_id, phone) — encontra paciente
+--   - view conversation_threads — agregado por paciente/numero pra UI Kanban
+--
+-- RLS: tenant members leem; service_role (edge function) escreve via SECURITY
+-- DEFINER match_and_insert. App nao escreve direto.
+-- =============================================================================
+
+-- ---------------------------------------------------------------------------
+-- Tabela de mensagens
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.conversation_messages (
+    id BIGSERIAL PRIMARY KEY,
+    tenant_id UUID NOT NULL REFERENCES public.tenants(id) ON DELETE CASCADE,
+    patient_id UUID REFERENCES public.patients(id) ON DELETE SET NULL,
+
+    channel TEXT NOT NULL CHECK (channel IN ('whatsapp', 'sms', 'email')),
+    direction TEXT NOT NULL CHECK (direction IN ('inbound', 'outbound')),
+
+    from_number TEXT,
+    to_number TEXT,
+    body TEXT,
+    media_url TEXT,
+    media_mime TEXT,
+
+    provider TEXT NOT NULL CHECK (provider IN ('twilio', 'evolution', 'manual')),
+    provider_message_id TEXT,
+    provider_raw JSONB,
+
+    -- estado Kanban
+    kanban_status TEXT NOT NULL DEFAULT 'awaiting_us'
+        CHECK (kanban_status IN ('urgent', 'awaiting_us', 'awaiting_patient', 'resolved')),
+    priority INT NOT NULL DEFAULT 0,
+
+    read_at TIMESTAMPTZ,
+    responded_at TIMESTAMPTZ,
+    resolved_at TIMESTAMPTZ,
+
+    received_at TIMESTAMPTZ,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+CREATE INDEX IF NOT EXISTS idx_conv_msg_tenant_created
+    ON public.conversation_messages (tenant_id, created_at DESC);
+
+CREATE INDEX IF NOT EXISTS idx_conv_msg_patient
+    ON public.conversation_messages (patient_id, created_at DESC) WHERE patient_id IS NOT NULL;
+
+CREATE INDEX IF NOT EXISTS idx_conv_msg_from_number
+    ON public.conversation_messages (tenant_id, from_number);
+
+CREATE INDEX IF NOT EXISTS idx_conv_msg_kanban
+    ON public.conversation_messages (tenant_id, kanban_status, priority DESC, created_at DESC);
+
+CREATE INDEX IF NOT EXISTS idx_conv_msg_provider_msg_id
+    ON public.conversation_messages (provider_message_id) WHERE provider_message_id IS NOT NULL;
+
+-- Trigger de updated_at (usa funcao existente set_updated_at)
+DROP TRIGGER IF EXISTS trg_conv_messages_updated_at ON public.conversation_messages;
+CREATE TRIGGER trg_conv_messages_updated_at
+    BEFORE UPDATE ON public.conversation_messages
+    FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+COMMENT ON TABLE public.conversation_messages IS
+    'Mensagens in/out de WhatsApp/SMS/email. Timeline de conversas do tenant com pacientes.';
+
+-- ---------------------------------------------------------------------------
+-- Funcao: normaliza telefone BR (remove tudo que nao seja digito, tira DDI 55)
+-- ---------------------------------------------------------------------------
+CREATE OR REPLACE FUNCTION public.normalize_phone_br(p_phone TEXT)
+RETURNS TEXT
+LANGUAGE plpgsql
+IMMUTABLE
+AS $$
+DECLARE
+    v_digits TEXT;
+BEGIN
+    IF p_phone IS NULL THEN RETURN NULL; END IF;
+
+    -- remove tudo que nao seja digito
+    v_digits := regexp_replace(p_phone, '\D', '', 'g');
+
+    -- remove DDI 55 se tem 12+ digitos (+55 + DDD + numero)
+    IF length(v_digits) >= 12 AND left(v_digits, 2) = '55' THEN
+        v_digits := substr(v_digits, 3);
+    END IF;
+
+    -- pega os ultimos 11 digitos (DDD + 9digito + 8numero) ou 10 (DDD + 8numero)
+    IF length(v_digits) > 11 THEN
+        v_digits := right(v_digits, 11);
+    END IF;
+
+    RETURN v_digits;
+END;
+$$;
+
+COMMENT ON FUNCTION public.normalize_phone_br(TEXT) IS
+    'Normaliza telefone BR para os ultimos 11 digitos (DDD+numero), removendo DDI +55 e formatacao.';
+
+-- ---------------------------------------------------------------------------
+-- Funcao: match paciente por telefone dentro de um tenant
+-- ---------------------------------------------------------------------------
+CREATE OR REPLACE FUNCTION public.match_patient_by_phone(p_tenant_id UUID, p_phone TEXT)
+RETURNS UUID
+LANGUAGE plpgsql
+STABLE
+SECURITY DEFINER
+SET search_path = public, pg_temp
+AS $$
+DECLARE
+    v_normalized TEXT;
+    v_patient_id UUID;
+BEGIN
+    v_normalized := public.normalize_phone_br(p_phone);
+    IF v_normalized IS NULL OR length(v_normalized) < 10 THEN
+        RETURN NULL;
+    END IF;
+
+    -- prioridade: telefone principal, depois alternativo, depois responsavel
+    SELECT id INTO v_patient_id FROM public.patients
+    WHERE tenant_id = p_tenant_id
+      AND public.normalize_phone_br(telefone) = v_normalized
+    LIMIT 1;
+    IF v_patient_id IS NOT NULL THEN RETURN v_patient_id; END IF;
+
+    SELECT id INTO v_patient_id FROM public.patients
+    WHERE tenant_id = p_tenant_id
+      AND public.normalize_phone_br(telefone_alternativo) = v_normalized
+    LIMIT 1;
+    IF v_patient_id IS NOT NULL THEN RETURN v_patient_id; END IF;
+
+    SELECT id INTO v_patient_id FROM public.patients
+    WHERE tenant_id = p_tenant_id
+      AND public.normalize_phone_br(telefone_responsavel) = v_normalized
+    LIMIT 1;
+
+    RETURN v_patient_id;
+END;
+$$;
+
+COMMENT ON FUNCTION public.match_patient_by_phone(UUID, TEXT) IS
+    'Encontra patient_id do tenant cujo telefone (principal/alternativo/responsavel) bate com o numero.';
+
+-- ---------------------------------------------------------------------------
+-- View: threads agrupadas por paciente ou numero anonimo
+-- ---------------------------------------------------------------------------
+DROP VIEW IF EXISTS public.conversation_threads CASCADE;
+
+CREATE VIEW public.conversation_threads
+WITH (security_invoker = true)
+AS
+WITH base AS (
+    SELECT
+        cm.id,
+        cm.tenant_id,
+        cm.patient_id,
+        cm.channel,
+        cm.body,
+        cm.direction,
+        cm.kanban_status,
+        cm.read_at,
+        cm.created_at,
+        CASE WHEN cm.direction = 'inbound' THEN cm.from_number ELSE cm.to_number END AS contact_number,
+        COALESCE(cm.patient_id::text, 'anon:' || COALESCE(
+            CASE WHEN cm.direction = 'inbound' THEN cm.from_number ELSE cm.to_number END,
+            'unknown'
+        )) AS thread_key
+    FROM public.conversation_messages cm
+),
+latest AS (
+    SELECT DISTINCT ON (tenant_id, thread_key)
+        tenant_id, thread_key, patient_id, channel, contact_number,
+        body AS last_message_body,
+        direction AS last_message_direction,
+        kanban_status,
+        created_at AS last_message_at
+    FROM base
+    ORDER BY tenant_id, thread_key, created_at DESC
+),
+counts AS (
+    SELECT
+        tenant_id, thread_key,
+        COUNT(*) AS message_count,
+        COUNT(*) FILTER (WHERE direction = 'inbound' AND read_at IS NULL) AS unread_count
+    FROM base
+    GROUP BY tenant_id, thread_key
+)
+SELECT
+    l.tenant_id,
+    l.thread_key,
+    l.patient_id,
+    p.nome_completo AS patient_name,
+    l.contact_number,
+    l.channel,
+    c.message_count,
+    c.unread_count,
+    l.last_message_at,
+    l.last_message_body,
+    l.last_message_direction,
+    l.kanban_status
+FROM latest l
+JOIN counts c ON c.tenant_id = l.tenant_id AND c.thread_key = l.thread_key
+LEFT JOIN public.patients p ON p.id = l.patient_id;
+
+COMMENT ON VIEW public.conversation_threads IS
+    'Agregado de conversas por paciente ou por numero anonimo. Base do Kanban.';
+
+GRANT SELECT ON public.conversation_threads TO authenticated;
+
+-- ---------------------------------------------------------------------------
+-- RLS: tenant member le; ninguem escreve direto (so via edge function service_role)
+-- ---------------------------------------------------------------------------
+ALTER TABLE public.conversation_messages ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.conversation_messages FORCE ROW LEVEL SECURITY;
+
+DROP POLICY IF EXISTS "conv_msg: select tenant" ON public.conversation_messages;
+DROP POLICY IF EXISTS "conv_msg: update kanban" ON public.conversation_messages;
+DROP POLICY IF EXISTS "conv_msg: no direct insert" ON public.conversation_messages;
+DROP POLICY IF EXISTS "conv_msg: no direct delete" ON public.conversation_messages;
+
+CREATE POLICY "conv_msg: select tenant" ON public.conversation_messages
+    FOR SELECT TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR tenant_id IN (
+            SELECT tm.tenant_id FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.status = 'active'
+        )
+    );
+
+-- tenant member pode atualizar apenas kanban_status/read_at/responded_at/resolved_at
+-- (nao pode mexer em body, provider, etc)
+CREATE POLICY "conv_msg: update kanban" ON public.conversation_messages
+    FOR UPDATE TO authenticated
+    USING (
+        tenant_id IN (
+            SELECT tm.tenant_id FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.status = 'active'
+        )
+    )
+    WITH CHECK (
+        tenant_id IN (
+            SELECT tm.tenant_id FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.status = 'active'
+        )
+    );
+
+CREATE POLICY "conv_msg: no direct insert" ON public.conversation_messages
+    FOR INSERT TO authenticated
+    WITH CHECK (false);
+
+CREATE POLICY "conv_msg: no direct delete" ON public.conversation_messages
+    FOR DELETE TO authenticated
+    USING (false);
diff --git a/database-novo/migrations/20260420000005_search_global_rpc.sql b/database-novo/migrations/20260420000005_search_global_rpc.sql
new file mode 100644
index 0000000..a5ca07e
--- /dev/null
+++ b/database-novo/migrations/20260420000005_search_global_rpc.sql
@@ -0,0 +1,275 @@
+-- =============================================================================
+-- Migration: 20260420000005_search_global_rpc
+-- Busca global do topbar — RPC única que retorna resultados agrupados por
+-- entidade (pacientes, agendamentos, documentos, serviços).
+--
+-- Segurança:
+--   • SECURITY INVOKER → respeita RLS do chamador (terapeuta vê só os dele,
+--     clínica vê do tenant, saas_admin vê global). Sem reinvenção de permissão.
+--   • GRANT apenas para `authenticated` (paciente anônimo não tem busca global).
+--
+-- Índices trigram:
+--   • patients(nome_completo, email_principal, cpf)
+--   • services(name)
+--   • agenda_eventos(titulo, titulo_custom)
+--   • documents(nome_original) — já existe em 06_indexes/indexes.sql (skip)
+-- =============================================================================
+
+-- -----------------------------------------------------------------------------
+-- Índices trigram (GIN) pra ILIKE/similarity performarem
+-- pg_trgm instalado em schema `extensions`; ops class vive em `public`.
+-- -----------------------------------------------------------------------------
+CREATE INDEX IF NOT EXISTS idx_patients_nome_trgm
+    ON public.patients USING gin (nome_completo public.gin_trgm_ops);
+
+CREATE INDEX IF NOT EXISTS idx_patients_email_trgm
+    ON public.patients USING gin (email_principal public.gin_trgm_ops)
+    WHERE email_principal IS NOT NULL;
+
+CREATE INDEX IF NOT EXISTS idx_patients_cpf_trgm
+    ON public.patients USING gin (cpf public.gin_trgm_ops)
+    WHERE cpf IS NOT NULL;
+
+CREATE INDEX IF NOT EXISTS idx_services_name_trgm
+    ON public.services USING gin (name public.gin_trgm_ops);
+
+CREATE INDEX IF NOT EXISTS idx_agenda_eventos_titulo_trgm
+    ON public.agenda_eventos USING gin (titulo public.gin_trgm_ops)
+    WHERE titulo IS NOT NULL;
+
+CREATE INDEX IF NOT EXISTS idx_agenda_eventos_titulo_custom_trgm
+    ON public.agenda_eventos USING gin (titulo_custom public.gin_trgm_ops)
+    WHERE titulo_custom IS NOT NULL;
+
+CREATE INDEX IF NOT EXISTS idx_patient_intake_requests_nome_trgm
+    ON public.patient_intake_requests USING gin (nome_completo public.gin_trgm_ops)
+    WHERE status = 'new';
+
+-- -----------------------------------------------------------------------------
+-- RPC principal
+-- -----------------------------------------------------------------------------
+CREATE OR REPLACE FUNCTION public.search_global(
+    p_q     text,
+    p_scope text[] DEFAULT NULL,
+    p_limit int    DEFAULT 8
+)
+RETURNS jsonb
+LANGUAGE plpgsql
+SECURITY INVOKER
+STABLE
+SET search_path = public, pg_temp
+AS $$
+DECLARE
+    v_q            text;
+    v_pattern      text;
+    v_limit        int;
+    v_patients     jsonb := '[]'::jsonb;
+    v_appointments jsonb := '[]'::jsonb;
+    v_documents    jsonb := '[]'::jsonb;
+    v_services     jsonb := '[]'::jsonb;
+    v_intakes      jsonb := '[]'::jsonb;
+BEGIN
+    -- Sanitize + length guards
+    v_q := nullif(btrim(coalesce(p_q, '')), '');
+    IF v_q IS NULL OR length(v_q) < 2 THEN
+        RETURN jsonb_build_object(
+            'patients',     '[]'::jsonb,
+            'appointments', '[]'::jsonb,
+            'documents',    '[]'::jsonb,
+            'services',     '[]'::jsonb,
+            'intakes',      '[]'::jsonb
+        );
+    END IF;
+    v_q := left(v_q, 80);
+    v_pattern := '%' || v_q || '%';
+    v_limit := GREATEST(1, LEAST(coalesce(p_limit, 8), 20));
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Pacientes
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'patients' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                p.id,
+                p.nome_completo,
+                p.email_principal,
+                p.telefone,
+                p.avatar_url,
+                GREATEST(
+                    similarity(coalesce(p.nome_completo,   ''), v_q),
+                    similarity(coalesce(p.email_principal, ''), v_q) * 0.7,
+                    similarity(coalesce(p.telefone,        ''), v_q) * 0.5,
+                    similarity(coalesce(p.cpf,             ''), v_q) * 0.6
+                ) AS score
+            FROM public.patients p
+            WHERE p.nome_completo   ILIKE v_pattern
+               OR p.email_principal ILIKE v_pattern
+               OR p.telefone        ILIKE v_pattern
+               OR p.cpf             ILIKE v_pattern
+            ORDER BY score DESC, p.nome_completo ASC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',         id,
+            'label',      nome_completo,
+            'sublabel',   coalesce(nullif(email_principal, ''), nullif(telefone, ''), ''),
+            'avatar_url', avatar_url,
+            'deeplink',   '/therapist/patients/cadastro/' || id::text,
+            'score',      round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_patients
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Agendamentos (com nome do paciente via join)
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'appointments' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                e.id,
+                coalesce(nullif(e.titulo_custom, ''), nullif(e.titulo, ''), 'Sessão') AS label,
+                e.inicio_em,
+                pat.nome_completo AS patient_name,
+                GREATEST(
+                    similarity(coalesce(e.titulo,        ''), v_q),
+                    similarity(coalesce(e.titulo_custom, ''), v_q),
+                    similarity(coalesce(pat.nome_completo, ''), v_q) * 0.9
+                ) AS score
+            FROM public.agenda_eventos e
+            LEFT JOIN public.patients pat ON pat.id = e.patient_id
+            WHERE e.titulo          ILIKE v_pattern
+               OR e.titulo_custom   ILIKE v_pattern
+               OR pat.nome_completo ILIKE v_pattern
+            ORDER BY score DESC, e.inicio_em DESC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    label,
+            'sublabel', trim(both ' · ' from
+                            coalesce(patient_name, '') || ' · '
+                            || to_char(inicio_em, 'DD/MM/YYYY HH24:MI')),
+            'deeplink', '/therapist/agenda?event=' || id::text,
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_appointments
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Documentos
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'documents' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                d.id,
+                d.patient_id,
+                d.nome_original,
+                d.tipo_documento,
+                pat.nome_completo AS patient_name,
+                GREATEST(
+                    similarity(coalesce(d.nome_original, ''), v_q),
+                    similarity(coalesce(d.descricao,     ''), v_q) * 0.7
+                ) AS score
+            FROM public.documents d
+            LEFT JOIN public.patients pat ON pat.id = d.patient_id
+            WHERE d.nome_original ILIKE v_pattern
+               OR d.descricao     ILIKE v_pattern
+            ORDER BY score DESC, d.nome_original ASC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    nome_original,
+            'sublabel', trim(both ' · ' from
+                            coalesce(patient_name, '') || ' · '
+                            || coalesce(tipo_documento, '')),
+            'deeplink', '/therapist/patients/' || patient_id::text || '/documents',
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_documents
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Serviços (ativos)
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'services' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                s.id,
+                s.name,
+                s.price,
+                s.duration_min,
+                GREATEST(
+                    similarity(coalesce(s.name,        ''), v_q),
+                    similarity(coalesce(s.description, ''), v_q) * 0.7
+                ) AS score
+            FROM public.services s
+            WHERE s.active IS TRUE
+              AND (s.name        ILIKE v_pattern
+                OR s.description ILIKE v_pattern)
+            ORDER BY score DESC, s.name ASC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    name,
+            'sublabel', trim(both ' · ' from
+                            'R$ ' || to_char(price, 'FM999G999G990D00') || ' · '
+                            || coalesce(duration_min::text || ' min', '')),
+            'deeplink', '/configuracoes/precificacao',
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_services
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Intakes pendentes (patient_intake_requests com status='new')
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'intakes' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                r.id,
+                r.nome_completo,
+                r.email_principal,
+                r.telefone,
+                r.created_at,
+                GREATEST(
+                    similarity(coalesce(r.nome_completo,   ''), v_q),
+                    similarity(coalesce(r.email_principal, ''), v_q) * 0.7,
+                    similarity(coalesce(r.telefone,        ''), v_q) * 0.5
+                ) AS score
+            FROM public.patient_intake_requests r
+            WHERE r.status = 'new'
+              AND (r.nome_completo   ILIKE v_pattern
+                OR r.email_principal ILIKE v_pattern
+                OR r.telefone        ILIKE v_pattern)
+            ORDER BY score DESC, r.created_at DESC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    coalesce(nullif(trim(nome_completo), ''), '(sem nome)'),
+            'sublabel', trim(both ' · ' from
+                            coalesce(nullif(email_principal, ''), nullif(telefone, ''), '') || ' · '
+                            || 'recebido ' || to_char(created_at, 'DD/MM/YYYY')),
+            'deeplink', '/therapist/patients/cadastro/recebidos?id=' || id::text,
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_intakes
+        FROM ranked;
+    END IF;
+
+    RETURN jsonb_build_object(
+        'patients',     v_patients,
+        'appointments', v_appointments,
+        'documents',    v_documents,
+        'services',     v_services,
+        'intakes',      v_intakes
+    );
+END;
+$$;
+
+REVOKE EXECUTE ON FUNCTION public.search_global(text, text[], int) FROM PUBLIC, anon;
+GRANT  EXECUTE ON FUNCTION public.search_global(text, text[], int) TO authenticated;
+
+COMMENT ON FUNCTION public.search_global(text, text[], int) IS
+'Busca global do topbar — retorna jsonb agrupado por entidade. SECURITY INVOKER (RLS do chamador aplica).';
diff --git a/database-novo/migrations/20260420000006_conv_messages_notifications.sql b/database-novo/migrations/20260420000006_conv_messages_notifications.sql
new file mode 100644
index 0000000..2ff4aa9
--- /dev/null
+++ b/database-novo/migrations/20260420000006_conv_messages_notifications.sql
@@ -0,0 +1,117 @@
+-- =============================================================================
+-- Migration: 20260420000006_conv_messages_notifications
+-- Sessao 11 - Fase 5a (extensao).
+--
+-- Integra conversation_messages ao sistema de notifications existente:
+--   - Adiciona 'inbound_message' ao CHECK do notifications.type
+--   - Trigger em conversation_messages: quando chega inbound, fan-out para
+--     members do tenant apropriados (responsible_member do paciente, ou
+--     todos tenant_admin/clinic_admin/therapist ativos se sem vinculo)
+-- =============================================================================
+
+-- Ajusta CHECK do type
+ALTER TABLE public.notifications
+    DROP CONSTRAINT IF EXISTS notifications_type_check;
+
+ALTER TABLE public.notifications
+    ADD CONSTRAINT notifications_type_check
+    CHECK (type = ANY (ARRAY[
+        'new_scheduling',
+        'new_patient',
+        'recurrence_alert',
+        'session_status',
+        'inbound_message'
+    ]));
+
+-- ---------------------------------------------------------------------------
+-- Trigger function: fan-out mensagem inbound para notifications dos members
+-- ---------------------------------------------------------------------------
+CREATE OR REPLACE FUNCTION public.fanout_inbound_message_to_notifications()
+RETURNS TRIGGER
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public, pg_temp
+AS $$
+DECLARE
+    v_target_user UUID;
+    v_title TEXT;
+    v_detail TEXT;
+    v_initials TEXT;
+    v_deeplink TEXT;
+    v_patient_name TEXT;
+    v_payload JSONB;
+BEGIN
+    -- so processa inbound
+    IF NEW.direction <> 'inbound' THEN
+        RETURN NEW;
+    END IF;
+
+    -- busca nome do paciente (se vinculado)
+    IF NEW.patient_id IS NOT NULL THEN
+        SELECT nome_completo INTO v_patient_name FROM public.patients WHERE id = NEW.patient_id;
+    END IF;
+
+    -- titulo e detalhes
+    v_title := COALESCE(v_patient_name, NEW.from_number, 'Desconhecido');
+    v_detail := COALESCE(left(NEW.body, 100), '[mensagem sem texto]');
+
+    -- iniciais
+    IF v_patient_name IS NOT NULL THEN
+        v_initials := upper(left(v_patient_name, 1)) ||
+                      COALESCE(upper(left(split_part(v_patient_name, ' ', 2), 1)), '');
+    ELSE
+        v_initials := '?';
+    END IF;
+
+    -- deeplink para a pagina de conversas (clinic padrao; therapist tambem funciona via mesma rota na area dele)
+    v_deeplink := '/admin/conversas';
+
+    v_payload := jsonb_build_object(
+        'title', v_title,
+        'detail', v_detail,
+        'avatar_initials', v_initials,
+        'deeplink', v_deeplink,
+        'channel', NEW.channel,
+        'conversation_message_id', NEW.id,
+        'patient_id', NEW.patient_id,
+        'from_number', NEW.from_number
+    );
+
+    -- ─── decide destinatarios ─────────────────────────────────────────────
+
+    -- Caso 1: paciente vinculado e tem responsible_member_id
+    IF NEW.patient_id IS NOT NULL THEN
+        SELECT tm.user_id INTO v_target_user
+        FROM public.patients p
+        JOIN public.tenant_members tm ON tm.id = p.responsible_member_id
+        WHERE p.id = NEW.patient_id
+          AND tm.status = 'active'
+        LIMIT 1;
+
+        IF v_target_user IS NOT NULL THEN
+            INSERT INTO public.notifications (owner_id, tenant_id, type, ref_id, ref_table, payload)
+            VALUES (v_target_user, NEW.tenant_id, 'inbound_message', NULL, 'conversation_messages', v_payload);
+            RETURN NEW;
+        END IF;
+    END IF;
+
+    -- Caso 2: fallback — fan-out pra todos tenant_admin/clinic_admin/therapist ativos
+    INSERT INTO public.notifications (owner_id, tenant_id, type, ref_id, ref_table, payload)
+    SELECT tm.user_id, NEW.tenant_id, 'inbound_message', NULL, 'conversation_messages', v_payload
+    FROM public.tenant_members tm
+    WHERE tm.tenant_id = NEW.tenant_id
+      AND tm.status = 'active'
+      AND tm.role IN ('clinic_admin', 'tenant_admin', 'therapist');
+
+    RETURN NEW;
+END;
+$$;
+
+-- Trigger
+DROP TRIGGER IF EXISTS trg_fanout_inbound_to_notifications ON public.conversation_messages;
+CREATE TRIGGER trg_fanout_inbound_to_notifications
+    AFTER INSERT ON public.conversation_messages
+    FOR EACH ROW EXECUTE FUNCTION public.fanout_inbound_message_to_notifications();
+
+COMMENT ON FUNCTION public.fanout_inbound_message_to_notifications() IS
+    'Cria registros em notifications pra members apropriados quando chega mensagem inbound. Respeita responsible_member do paciente.';
diff --git a/database-novo/migrations/20260420000007_notif_channels_saas_admin_insert.sql b/database-novo/migrations/20260420000007_notif_channels_saas_admin_insert.sql
new file mode 100644
index 0000000..25ec572
--- /dev/null
+++ b/database-novo/migrations/20260420000007_notif_channels_saas_admin_insert.sql
@@ -0,0 +1,26 @@
+-- =============================================================================
+-- Migration: 20260420000007_notif_channels_saas_admin_insert
+--
+-- Fix: SaaS admin nao conseguia INSERT em notification_channels via /saas/whatsapp
+-- porque a policy de insert exigia owner_id = auth.uid() e o saas_admin esta
+-- inserindo em nome do tenant_admin (outro user). As policies de update/delete
+-- ja tinham OR is_saas_admin() — o insert foi esquecido.
+-- =============================================================================
+
+DROP POLICY IF EXISTS "notif_channels_insert" ON public.notification_channels;
+
+CREATE POLICY "notif_channels_insert" ON public.notification_channels
+    FOR INSERT TO authenticated
+    WITH CHECK (
+        public.is_saas_admin()
+        OR (
+            owner_id = auth.uid()
+            AND tenant_id IN (
+                SELECT tm.tenant_id FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid() AND tm.status = 'active'
+            )
+        )
+    );
+
+COMMENT ON POLICY "notif_channels_insert" ON public.notification_channels IS
+    'SaaS admin pode inserir em nome de qualquer tenant; tenant_member insere pra si mesmo.';
diff --git a/database-novo/migrations/20260420000008_conv_messages_realtime.sql b/database-novo/migrations/20260420000008_conv_messages_realtime.sql
new file mode 100644
index 0000000..bc7ce60
--- /dev/null
+++ b/database-novo/migrations/20260420000008_conv_messages_realtime.sql
@@ -0,0 +1,12 @@
+-- =============================================================================
+-- Migration: 20260420000008_conv_messages_realtime
+--
+-- Adiciona conversation_messages na publicacao supabase_realtime para que
+-- INSERT/UPDATE sejam entregues ao subscribe do frontend.
+-- =============================================================================
+
+ALTER PUBLICATION supabase_realtime ADD TABLE public.conversation_messages;
+
+-- REPLICA IDENTITY FULL permite que o payload do Realtime traga a row completa
+-- (necessario pra usar filters e receber old/new em UPDATEs)
+ALTER TABLE public.conversation_messages REPLICA IDENTITY FULL;
diff --git a/database-novo/migrations/20260420000009_conv_messages_delivery_status.sql b/database-novo/migrations/20260420000009_conv_messages_delivery_status.sql
new file mode 100644
index 0000000..36051d8
--- /dev/null
+++ b/database-novo/migrations/20260420000009_conv_messages_delivery_status.sql
@@ -0,0 +1,17 @@
+-- =============================================================================
+-- Migration: 20260420000009_conv_messages_delivery_status
+--
+-- Adiciona colunas para rastrear status de entrega/leitura das mensagens
+-- outbound (envio pelo sistema). Evolution dispara evento messages.update
+-- com status = SENT | DELIVERED | READ que vamos capturar.
+-- =============================================================================
+
+ALTER TABLE public.conversation_messages
+    ADD COLUMN IF NOT EXISTS delivered_at TIMESTAMPTZ,
+    ADD COLUMN IF NOT EXISTS read_by_recipient_at TIMESTAMPTZ,
+    ADD COLUMN IF NOT EXISTS delivery_status TEXT
+        CHECK (delivery_status IS NULL OR delivery_status IN ('pending','sent','delivered','read','failed'));
+
+CREATE INDEX IF NOT EXISTS idx_conv_msg_delivery_status
+    ON public.conversation_messages (tenant_id, delivery_status)
+    WHERE direction = 'outbound';
diff --git a/database-novo/migrations/20260421000001_whatsapp_media_bucket.sql b/database-novo/migrations/20260421000001_whatsapp_media_bucket.sql
new file mode 100644
index 0000000..2d75693
--- /dev/null
+++ b/database-novo/migrations/20260421000001_whatsapp_media_bucket.sql
@@ -0,0 +1,91 @@
+-- ==========================================================================
+-- Agencia PSI — Migracao: Storage Bucket para midia de WhatsApp
+-- ==========================================================================
+-- Criado por: Leonardo Nohama
+-- Data: 2026-04-21 · Sao Carlos/SP — Brasil
+--
+-- Cria bucket privado `whatsapp-media` para armazenar audio/imagem/video/
+-- documentos recebidos via Evolution API. URLs do WhatsApp sao encriptadas
+-- com mediaKey da Meta — precisamos decriptar via Evolution getBase64 e
+-- subir pro nosso storage para playback no browser.
+--
+-- Privacidade LGPD:
+--   - Bucket privado (public=false)
+--   - Upload apenas via service_role (edge function)
+--   - Leitura via signed URLs gerados on-demand pelo frontend (expiracao curta)
+--   - Paths tenant-scoped: <tenant_id>/<yyyy>/<mm>/<uuid>.<ext>
+-- ==========================================================================
+
+-- Bucket whatsapp-media
+INSERT INTO storage.buckets (id, name, public, file_size_limit, allowed_mime_types)
+VALUES (
+    'whatsapp-media',
+    'whatsapp-media',
+    false,
+    26214400,  -- 25 MB (WhatsApp aceita ate 16MB audio/video, margem extra)
+    ARRAY[
+        -- Audio
+        'audio/ogg', 'audio/mpeg', 'audio/mp4', 'audio/aac', 'audio/wav', 'audio/webm',
+        -- Imagem
+        'image/jpeg', 'image/png', 'image/webp', 'image/gif',
+        -- Video
+        'video/mp4', 'video/3gpp', 'video/quicktime', 'video/webm',
+        -- Documento
+        'application/pdf',
+        'application/msword',
+        'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+        'application/vnd.ms-excel',
+        'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+        'text/plain',
+        'application/zip',
+        'application/octet-stream'
+    ]
+)
+ON CONFLICT (id) DO NOTHING;
+
+
+-- --------------------------------------------------------------------------
+-- Storage RLS Policies — whatsapp-media
+-- --------------------------------------------------------------------------
+-- Politica: APENAS service_role faz upload (edge function).
+-- Usuarios autenticados leem se forem membros ativos do tenant no path[0].
+-- --------------------------------------------------------------------------
+
+-- Read: membro ativo do tenant cujo id e o primeiro segmento do path
+CREATE POLICY "whatsapp-media: read tenant members"
+    ON storage.objects
+    FOR SELECT
+    TO authenticated
+    USING (
+        bucket_id = 'whatsapp-media'
+        AND (
+            -- SaaS admins leem qualquer tenant
+            public.is_saas_admin()
+            OR
+            -- Membros ativos do tenant (tenant_id e o primeiro segmento do path)
+            EXISTS (
+                SELECT 1 FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid()
+                  AND tm.status = 'active'
+                  AND (storage.foldername(name))[1] = tm.tenant_id::text
+            )
+        )
+    );
+
+-- Insert: bloqueado para authenticated (apenas service_role sobe)
+-- Sem policy de INSERT para authenticated = bloqueado por default no RLS.
+
+-- Delete: SaaS admin pode deletar (retention policy futura)
+CREATE POLICY "whatsapp-media: delete saas admin"
+    ON storage.objects
+    FOR DELETE
+    TO authenticated
+    USING (
+        bucket_id = 'whatsapp-media'
+        AND public.is_saas_admin()
+    );
+
+
+-- ==========================================================================
+-- FIM DA MIGRACAO
+-- ==========================================================================
diff --git a/database-novo/migrations/20260421000002_conversation_notes.sql b/database-novo/migrations/20260421000002_conversation_notes.sql
new file mode 100644
index 0000000..1f2114f
--- /dev/null
+++ b/database-novo/migrations/20260421000002_conversation_notes.sql
@@ -0,0 +1,116 @@
+-- ==========================================================================
+-- Agencia PSI — Migracao: Notas internas de conversa (CRM Grupo 3.3)
+-- ==========================================================================
+-- Criado por: Leonardo Nohama
+-- Data: 2026-04-21 · Sao Carlos/SP — Brasil
+--
+-- Notas internas da equipe em cada thread de conversa (WhatsApp/SMS/etc).
+-- NAO sao enviadas ao paciente — apenas visiveis aos membros do tenant.
+--
+-- thread_key segue o padrao de conversation_threads:
+--   - '<uuid>'       → thread de paciente conhecido
+--   - 'anon:<phone>' → thread de numero nao identificado
+--
+-- RLS:
+--   - READ/CREATE: qualquer membro ativo do tenant
+--   - UPDATE/DELETE: apenas o criador da nota OU saas_admin
+-- ==========================================================================
+
+CREATE TABLE IF NOT EXISTS public.conversation_notes (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID NOT NULL REFERENCES public.tenants(id) ON DELETE CASCADE,
+    thread_key TEXT NOT NULL,
+    patient_id UUID REFERENCES public.patients(id) ON DELETE SET NULL,
+    contact_number TEXT,
+    body TEXT NOT NULL CHECK (length(body) > 0 AND length(body) <= 4000),
+    created_by UUID NOT NULL REFERENCES auth.users(id) ON DELETE SET NULL,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    deleted_at TIMESTAMPTZ
+);
+
+-- Indexes
+CREATE INDEX IF NOT EXISTS idx_conv_notes_tenant_thread
+    ON public.conversation_notes (tenant_id, thread_key, created_at DESC)
+    WHERE deleted_at IS NULL;
+
+CREATE INDEX IF NOT EXISTS idx_conv_notes_patient
+    ON public.conversation_notes (patient_id, created_at DESC)
+    WHERE deleted_at IS NULL AND patient_id IS NOT NULL;
+
+CREATE INDEX IF NOT EXISTS idx_conv_notes_created_by
+    ON public.conversation_notes (created_by, created_at DESC)
+    WHERE deleted_at IS NULL;
+
+-- Trigger de updated_at (usa funcao existente set_updated_at)
+DROP TRIGGER IF EXISTS trg_conv_notes_updated_at ON public.conversation_notes;
+CREATE TRIGGER trg_conv_notes_updated_at
+    BEFORE UPDATE ON public.conversation_notes
+    FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+COMMENT ON TABLE public.conversation_notes IS
+    'Notas internas por thread de conversa. Visiveis apenas aos membros do tenant; nao enviadas ao paciente.';
+
+-- --------------------------------------------------------------------------
+-- RLS
+-- --------------------------------------------------------------------------
+ALTER TABLE public.conversation_notes ENABLE ROW LEVEL SECURITY;
+
+-- SELECT: membro ativo do tenant OU saas_admin
+DROP POLICY IF EXISTS "conv_notes: select tenant members" ON public.conversation_notes;
+CREATE POLICY "conv_notes: select tenant members"
+    ON public.conversation_notes
+    FOR SELECT
+    TO authenticated
+    USING (
+        deleted_at IS NULL
+        AND (
+            public.is_saas_admin()
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid()
+                  AND tm.tenant_id = conversation_notes.tenant_id
+                  AND tm.status = 'active'
+            )
+        )
+    );
+
+-- INSERT: membro ativo do tenant, created_by deve ser o proprio usuario
+DROP POLICY IF EXISTS "conv_notes: insert tenant members" ON public.conversation_notes;
+CREATE POLICY "conv_notes: insert tenant members"
+    ON public.conversation_notes
+    FOR INSERT
+    TO authenticated
+    WITH CHECK (
+        created_by = auth.uid()
+        AND (
+            public.is_saas_admin()
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid()
+                  AND tm.tenant_id = conversation_notes.tenant_id
+                  AND tm.status = 'active'
+            )
+        )
+    );
+
+-- UPDATE: apenas criador OU saas_admin
+DROP POLICY IF EXISTS "conv_notes: update creator or saas" ON public.conversation_notes;
+CREATE POLICY "conv_notes: update creator or saas"
+    ON public.conversation_notes
+    FOR UPDATE
+    TO authenticated
+    USING (
+        deleted_at IS NULL
+        AND (created_by = auth.uid() OR public.is_saas_admin())
+    )
+    WITH CHECK (
+        created_by = (SELECT created_by FROM public.conversation_notes WHERE id = conversation_notes.id)
+    );
+
+-- DELETE: soft delete via UPDATE deleted_at (nao permite hard delete)
+-- Mantemos politica de DELETE bloqueada por default (sem policy = nao permitido)
+
+-- ==========================================================================
+-- FIM DA MIGRACAO
+-- ==========================================================================
diff --git a/database-novo/migrations/20260421000003_conversation_tags.sql b/database-novo/migrations/20260421000003_conversation_tags.sql
new file mode 100644
index 0000000..af91e17
--- /dev/null
+++ b/database-novo/migrations/20260421000003_conversation_tags.sql
@@ -0,0 +1,226 @@
+-- ==========================================================================
+-- Agencia PSI — Migracao: Tags de conversa (CRM Grupo 3.1)
+-- ==========================================================================
+-- Criado por: Leonardo Nohama
+-- Data: 2026-04-21 · Sao Carlos/SP — Brasil
+--
+-- Tags aplicaveis a uma thread de conversa (urgente, primeira consulta,
+-- remarcacao, etc). Cada tenant pode criar tags custom alem das padrao.
+--
+-- Tabelas:
+--   - conversation_tags        — definicoes (system com tenant_id NULL + custom)
+--   - conversation_thread_tags — join (tenant_id, thread_key, tag_id)
+--
+-- thread_key: mesma logica de conversation_threads
+--   - '<uuid>'       → thread de paciente
+--   - 'anon:<phone>' → thread anonima
+-- ==========================================================================
+
+-- ---------------------------------------------------------------------------
+-- Tabela: conversation_tags (definicoes)
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.conversation_tags (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID REFERENCES public.tenants(id) ON DELETE CASCADE,  -- NULL = system tag
+    name TEXT NOT NULL CHECK (length(name) > 0 AND length(name) <= 40),
+    slug TEXT NOT NULL CHECK (slug ~ '^[a-z0-9_-]{1,40}$'),
+    color TEXT NOT NULL DEFAULT '#6366f1' CHECK (color ~ '^#[0-9a-fA-F]{6}$'),
+    icon TEXT,  -- classe de icone primeicons (ex: 'pi pi-exclamation-triangle')
+    position INT NOT NULL DEFAULT 100,
+    is_system BOOLEAN NOT NULL DEFAULT false,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+-- Unique: (tenant_id, slug). Para tenant_id NULL (system), um indice parcial separado.
+CREATE UNIQUE INDEX IF NOT EXISTS uq_conv_tags_tenant_slug
+    ON public.conversation_tags (tenant_id, slug)
+    WHERE tenant_id IS NOT NULL;
+
+CREATE UNIQUE INDEX IF NOT EXISTS uq_conv_tags_system_slug
+    ON public.conversation_tags (slug)
+    WHERE tenant_id IS NULL;
+
+CREATE INDEX IF NOT EXISTS idx_conv_tags_tenant
+    ON public.conversation_tags (tenant_id, position);
+
+DROP TRIGGER IF EXISTS trg_conv_tags_updated_at ON public.conversation_tags;
+CREATE TRIGGER trg_conv_tags_updated_at
+    BEFORE UPDATE ON public.conversation_tags
+    FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+COMMENT ON TABLE public.conversation_tags IS
+    'Definicoes de tags aplicaveis a threads. tenant_id NULL = tag do sistema (todos veem).';
+
+-- ---------------------------------------------------------------------------
+-- Tabela: conversation_thread_tags (join many-to-many)
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.conversation_thread_tags (
+    tenant_id UUID NOT NULL REFERENCES public.tenants(id) ON DELETE CASCADE,
+    thread_key TEXT NOT NULL,
+    tag_id UUID NOT NULL REFERENCES public.conversation_tags(id) ON DELETE CASCADE,
+    tagged_by UUID REFERENCES auth.users(id) ON DELETE SET NULL,
+    tagged_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    PRIMARY KEY (tenant_id, thread_key, tag_id)
+);
+
+CREATE INDEX IF NOT EXISTS idx_conv_thread_tags_tenant_thread
+    ON public.conversation_thread_tags (tenant_id, thread_key);
+
+CREATE INDEX IF NOT EXISTS idx_conv_thread_tags_tag
+    ON public.conversation_thread_tags (tag_id);
+
+COMMENT ON TABLE public.conversation_thread_tags IS
+    'Join de tags aplicadas a cada thread de conversa.';
+
+-- ---------------------------------------------------------------------------
+-- Seed de tags padrao (system)
+-- ---------------------------------------------------------------------------
+INSERT INTO public.conversation_tags (tenant_id, name, slug, color, icon, position, is_system)
+VALUES
+    (NULL, 'Urgente',          'urgente',          '#ef4444', 'pi pi-exclamation-triangle', 10, true),
+    (NULL, 'Primeira consulta','primeira-consulta','#0ea5e9', 'pi pi-user-plus',            20, true),
+    (NULL, 'Remarcação',       'remarcacao',       '#f59e0b', 'pi pi-calendar-times',       30, true),
+    (NULL, 'Confirmada',       'confirmada',       '#22c55e', 'pi pi-check-circle',         40, true),
+    (NULL, 'Follow-up',        'follow-up',        '#a855f7', 'pi pi-reply',                50, true)
+ON CONFLICT DO NOTHING;
+
+-- ---------------------------------------------------------------------------
+-- RLS: conversation_tags
+-- ---------------------------------------------------------------------------
+ALTER TABLE public.conversation_tags ENABLE ROW LEVEL SECURITY;
+
+-- SELECT: system tags (tenant_id NULL) = todos; custom = membros ativos do tenant
+DROP POLICY IF EXISTS "conv_tags: select" ON public.conversation_tags;
+CREATE POLICY "conv_tags: select"
+    ON public.conversation_tags
+    FOR SELECT
+    TO authenticated
+    USING (
+        tenant_id IS NULL
+        OR public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = conversation_tags.tenant_id
+              AND tm.status = 'active'
+        )
+    );
+
+-- INSERT: membros ativos do tenant criam custom. Nao podem criar system (tenant_id NULL)
+DROP POLICY IF EXISTS "conv_tags: insert custom" ON public.conversation_tags;
+CREATE POLICY "conv_tags: insert custom"
+    ON public.conversation_tags
+    FOR INSERT
+    TO authenticated
+    WITH CHECK (
+        tenant_id IS NOT NULL
+        AND is_system = false
+        AND (
+            public.is_saas_admin()
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid()
+                  AND tm.tenant_id = conversation_tags.tenant_id
+                  AND tm.status = 'active'
+            )
+        )
+    );
+
+-- UPDATE: tenant members para tags proprias (custom). Sistema bloqueado.
+DROP POLICY IF EXISTS "conv_tags: update custom" ON public.conversation_tags;
+CREATE POLICY "conv_tags: update custom"
+    ON public.conversation_tags
+    FOR UPDATE
+    TO authenticated
+    USING (
+        is_system = false
+        AND tenant_id IS NOT NULL
+        AND (
+            public.is_saas_admin()
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid()
+                  AND tm.tenant_id = conversation_tags.tenant_id
+                  AND tm.status = 'active'
+            )
+        )
+    )
+    WITH CHECK (is_system = false);
+
+-- DELETE: tenant members removem tags custom. Sistema bloqueado.
+DROP POLICY IF EXISTS "conv_tags: delete custom" ON public.conversation_tags;
+CREATE POLICY "conv_tags: delete custom"
+    ON public.conversation_tags
+    FOR DELETE
+    TO authenticated
+    USING (
+        is_system = false
+        AND tenant_id IS NOT NULL
+        AND (
+            public.is_saas_admin()
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid()
+                  AND tm.tenant_id = conversation_tags.tenant_id
+                  AND tm.status = 'active'
+            )
+        )
+    );
+
+-- ---------------------------------------------------------------------------
+-- RLS: conversation_thread_tags
+-- ---------------------------------------------------------------------------
+ALTER TABLE public.conversation_thread_tags ENABLE ROW LEVEL SECURITY;
+
+DROP POLICY IF EXISTS "conv_thread_tags: select" ON public.conversation_thread_tags;
+CREATE POLICY "conv_thread_tags: select"
+    ON public.conversation_thread_tags
+    FOR SELECT
+    TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = conversation_thread_tags.tenant_id
+              AND tm.status = 'active'
+        )
+    );
+
+DROP POLICY IF EXISTS "conv_thread_tags: insert" ON public.conversation_thread_tags;
+CREATE POLICY "conv_thread_tags: insert"
+    ON public.conversation_thread_tags
+    FOR INSERT
+    TO authenticated
+    WITH CHECK (
+        tagged_by = auth.uid()
+        AND (
+            public.is_saas_admin()
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid()
+                  AND tm.tenant_id = conversation_thread_tags.tenant_id
+                  AND tm.status = 'active'
+            )
+        )
+    );
+
+DROP POLICY IF EXISTS "conv_thread_tags: delete" ON public.conversation_thread_tags;
+CREATE POLICY "conv_thread_tags: delete"
+    ON public.conversation_thread_tags
+    FOR DELETE
+    TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = conversation_thread_tags.tenant_id
+              AND tm.status = 'active'
+        )
+    );
+
+-- ==========================================================================
+-- FIM DA MIGRACAO
+-- ==========================================================================
diff --git a/database-novo/migrations/20260421000004_conversation_autoreply.sql b/database-novo/migrations/20260421000004_conversation_autoreply.sql
new file mode 100644
index 0000000..ed94f9d
--- /dev/null
+++ b/database-novo/migrations/20260421000004_conversation_autoreply.sql
@@ -0,0 +1,143 @@
+-- ==========================================================================
+-- Agencia PSI — Migracao: Auto-reply fora do horario (CRM Grupo 2.3)
+-- ==========================================================================
+-- Criado por: Leonardo Nohama
+-- Data: 2026-04-21 · Sao Carlos/SP — Brasil
+--
+-- Quando paciente manda mensagem fora do horario de atendimento, dispara
+-- resposta automatica configuravel. Anti-spam via cooldown por thread.
+--
+-- Modos de horario:
+--   - 'agenda'         → usa agenda_regras_semanais dos membros do tenant
+--   - 'business_hours' → janela semanal do tenant (clinica inteira)
+--   - 'custom'         → janela semanal especifica deste auto-reply
+--
+-- business_hours e custom_window usam mesma estrutura JSONB:
+--   [{ "dow": 0-6, "start": "HH:MM", "end": "HH:MM" }, ...]
+--   Multiplas entradas por dia permitidas (ex: 08:00-12:00 + 13:00-18:00)
+-- ==========================================================================
+
+-- ---------------------------------------------------------------------------
+-- Settings per-tenant
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.conversation_autoreply_settings (
+    tenant_id UUID PRIMARY KEY REFERENCES public.tenants(id) ON DELETE CASCADE,
+
+    enabled BOOLEAN NOT NULL DEFAULT false,
+    message TEXT NOT NULL DEFAULT 'Olá! Nosso horário de atendimento acabou. Retornaremos sua mensagem assim que possível. Obrigado!'
+        CHECK (length(message) > 0 AND length(message) <= 2000),
+    cooldown_minutes INT NOT NULL DEFAULT 180
+        CHECK (cooldown_minutes >= 0 AND cooldown_minutes <= 43200),  -- 0 min a 30 dias
+
+    schedule_mode TEXT NOT NULL DEFAULT 'agenda'
+        CHECK (schedule_mode IN ('agenda', 'business_hours', 'custom')),
+
+    -- Janela de funcionamento da clinica (reutilizavel por outras features)
+    -- Ex: [{ "dow": 1, "start": "08:00", "end": "18:00" }, ...]
+    business_hours JSONB NOT NULL DEFAULT '[]'::jsonb,
+
+    -- Janela especifica deste auto-reply (quando schedule_mode = 'custom')
+    custom_window JSONB NOT NULL DEFAULT '[]'::jsonb,
+
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+DROP TRIGGER IF EXISTS trg_conv_autoreply_settings_updated_at ON public.conversation_autoreply_settings;
+CREATE TRIGGER trg_conv_autoreply_settings_updated_at
+    BEFORE UPDATE ON public.conversation_autoreply_settings
+    FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+COMMENT ON TABLE public.conversation_autoreply_settings IS
+    'Configuracao por tenant do auto-reply fora do horario.';
+
+-- ---------------------------------------------------------------------------
+-- Log (anti-spam: uma resposta auto por thread por cooldown)
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.conversation_autoreply_log (
+    id BIGSERIAL PRIMARY KEY,
+    tenant_id UUID NOT NULL REFERENCES public.tenants(id) ON DELETE CASCADE,
+    thread_key TEXT NOT NULL,
+    sent_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    message_id UUID  -- referencia opcional pra message na tabela conversation_messages
+);
+
+CREATE INDEX IF NOT EXISTS idx_autoreply_log_cooldown
+    ON public.conversation_autoreply_log (tenant_id, thread_key, sent_at DESC);
+
+COMMENT ON TABLE public.conversation_autoreply_log IS
+    'Log de auto-replies enviados. Usado pra respeitar cooldown por thread.';
+
+-- ---------------------------------------------------------------------------
+-- RLS: settings
+-- ---------------------------------------------------------------------------
+ALTER TABLE public.conversation_autoreply_settings ENABLE ROW LEVEL SECURITY;
+
+DROP POLICY IF EXISTS "autoreply_settings: select" ON public.conversation_autoreply_settings;
+CREATE POLICY "autoreply_settings: select"
+    ON public.conversation_autoreply_settings
+    FOR SELECT
+    TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = conversation_autoreply_settings.tenant_id
+              AND tm.status = 'active'
+        )
+    );
+
+DROP POLICY IF EXISTS "autoreply_settings: insert" ON public.conversation_autoreply_settings;
+CREATE POLICY "autoreply_settings: insert"
+    ON public.conversation_autoreply_settings
+    FOR INSERT
+    TO authenticated
+    WITH CHECK (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = conversation_autoreply_settings.tenant_id
+              AND tm.status = 'active'
+        )
+    );
+
+DROP POLICY IF EXISTS "autoreply_settings: update" ON public.conversation_autoreply_settings;
+CREATE POLICY "autoreply_settings: update"
+    ON public.conversation_autoreply_settings
+    FOR UPDATE
+    TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = conversation_autoreply_settings.tenant_id
+              AND tm.status = 'active'
+        )
+    );
+
+-- ---------------------------------------------------------------------------
+-- RLS: log (read-only pra tenant members; escrita via service_role)
+-- ---------------------------------------------------------------------------
+ALTER TABLE public.conversation_autoreply_log ENABLE ROW LEVEL SECURITY;
+
+DROP POLICY IF EXISTS "autoreply_log: select" ON public.conversation_autoreply_log;
+CREATE POLICY "autoreply_log: select"
+    ON public.conversation_autoreply_log
+    FOR SELECT
+    TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = conversation_autoreply_log.tenant_id
+              AND tm.status = 'active'
+        )
+    );
+
+-- ==========================================================================
+-- FIM DA MIGRACAO
+-- ==========================================================================
diff --git a/database-novo/migrations/20260421000005_conversation_optouts.sql b/database-novo/migrations/20260421000005_conversation_optouts.sql
new file mode 100644
index 0000000..0c80244
--- /dev/null
+++ b/database-novo/migrations/20260421000005_conversation_optouts.sql
@@ -0,0 +1,226 @@
+-- ==========================================================================
+-- Agencia PSI — Migracao: Opt-out de conversas (CRM Grupo 5.2, LGPD)
+-- ==========================================================================
+-- Criado por: Leonardo Nohama
+-- Data: 2026-04-21 · Sao Carlos/SP — Brasil
+--
+-- Quando paciente envia keyword de opt-out (PARAR, SAIR, CANCELAR, STOP...),
+-- bloqueia envios automaticos (auto-reply + futuros lembretes).
+--
+-- LGPD: direito de oposicao (Art. 18, §2). Pedido de interrupcao deve ser
+-- respeitado. Mensagens manuais do terapeuta nao sao bloqueadas — relacao
+-- terapeutica existe.
+--
+-- Phone e normalizado (apenas digitos) pra matching consistente.
+-- ==========================================================================
+
+CREATE TABLE IF NOT EXISTS public.conversation_optouts (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID NOT NULL REFERENCES public.tenants(id) ON DELETE CASCADE,
+    phone TEXT NOT NULL CHECK (phone ~ '^\d{6,15}$'),
+    patient_id UUID REFERENCES public.patients(id) ON DELETE SET NULL,
+
+    -- 'keyword' = detectado automaticamente por palavra-chave
+    -- 'manual' = adicionado manualmente pelo terapeuta/admin
+    source TEXT NOT NULL DEFAULT 'keyword'
+        CHECK (source IN ('keyword', 'manual')),
+
+    keyword_matched TEXT,       -- palavra/frase que disparou (quando source='keyword')
+    original_message TEXT,      -- texto completo da msg original (truncado)
+    notes TEXT,                 -- observacao do terapeuta (quando manual)
+
+    blocked_by UUID REFERENCES auth.users(id) ON DELETE SET NULL,  -- quem adicionou manual
+
+    opted_out_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    opted_back_in_at TIMESTAMPTZ,  -- quando usuario restaurou (opt-in)
+
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+-- Unique: um registro ativo por tenant+phone. Permite historico se fizer opt-in e depois opt-out de novo.
+-- Active = opted_back_in_at IS NULL
+CREATE UNIQUE INDEX IF NOT EXISTS uq_conv_optouts_active
+    ON public.conversation_optouts (tenant_id, phone)
+    WHERE opted_back_in_at IS NULL;
+
+CREATE INDEX IF NOT EXISTS idx_conv_optouts_tenant_phone
+    ON public.conversation_optouts (tenant_id, phone);
+
+CREATE INDEX IF NOT EXISTS idx_conv_optouts_patient
+    ON public.conversation_optouts (patient_id)
+    WHERE patient_id IS NOT NULL;
+
+DROP TRIGGER IF EXISTS trg_conv_optouts_updated_at ON public.conversation_optouts;
+CREATE TRIGGER trg_conv_optouts_updated_at
+    BEFORE UPDATE ON public.conversation_optouts
+    FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+COMMENT ON TABLE public.conversation_optouts IS
+    'Numeros que pediram pra nao receber mensagens automaticas. LGPD Art. 18 Sec.2.';
+
+-- ---------------------------------------------------------------------------
+-- Keywords de opt-out — lista do tenant (reutilizavel)
+-- Cada tenant pode customizar suas palavras-chave. Default aplicado via seed.
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.conversation_optout_keywords (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID REFERENCES public.tenants(id) ON DELETE CASCADE,  -- NULL = system (todos)
+    keyword TEXT NOT NULL CHECK (length(keyword) > 0 AND length(keyword) <= 100),
+    enabled BOOLEAN NOT NULL DEFAULT true,
+    is_system BOOLEAN NOT NULL DEFAULT false,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+CREATE INDEX IF NOT EXISTS idx_conv_optout_kw_tenant
+    ON public.conversation_optout_keywords (tenant_id)
+    WHERE enabled = true;
+
+-- Seed keywords padrao (system, tenant_id NULL, todos veem)
+INSERT INTO public.conversation_optout_keywords (tenant_id, keyword, is_system, enabled) VALUES
+    (NULL, 'parar',              true, true),
+    (NULL, 'sair',                true, true),
+    (NULL, 'cancelar',            true, true),
+    (NULL, 'stop',                true, true),
+    (NULL, 'descadastrar',        true, true),
+    (NULL, 'remover',             true, true),
+    (NULL, 'nao quero mais',      true, true),
+    (NULL, 'não quero mais',      true, true),
+    (NULL, 'desinscrever',        true, true),
+    (NULL, 'unsubscribe',         true, true)
+ON CONFLICT DO NOTHING;
+
+COMMENT ON TABLE public.conversation_optout_keywords IS
+    'Palavras-chave que disparam opt-out quando paciente envia. Sistema (tenant_id NULL) + custom do tenant.';
+
+-- ---------------------------------------------------------------------------
+-- RLS: optouts
+-- ---------------------------------------------------------------------------
+ALTER TABLE public.conversation_optouts ENABLE ROW LEVEL SECURITY;
+
+DROP POLICY IF EXISTS "optouts: select" ON public.conversation_optouts;
+CREATE POLICY "optouts: select"
+    ON public.conversation_optouts
+    FOR SELECT
+    TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = conversation_optouts.tenant_id
+              AND tm.status = 'active'
+        )
+    );
+
+DROP POLICY IF EXISTS "optouts: insert" ON public.conversation_optouts;
+CREATE POLICY "optouts: insert"
+    ON public.conversation_optouts
+    FOR INSERT
+    TO authenticated
+    WITH CHECK (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = conversation_optouts.tenant_id
+              AND tm.status = 'active'
+        )
+    );
+
+DROP POLICY IF EXISTS "optouts: update" ON public.conversation_optouts;
+CREATE POLICY "optouts: update"
+    ON public.conversation_optouts
+    FOR UPDATE
+    TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = conversation_optouts.tenant_id
+              AND tm.status = 'active'
+        )
+    );
+
+-- ---------------------------------------------------------------------------
+-- RLS: keywords
+-- ---------------------------------------------------------------------------
+ALTER TABLE public.conversation_optout_keywords ENABLE ROW LEVEL SECURITY;
+
+DROP POLICY IF EXISTS "optout_kw: select" ON public.conversation_optout_keywords;
+CREATE POLICY "optout_kw: select"
+    ON public.conversation_optout_keywords
+    FOR SELECT
+    TO authenticated
+    USING (
+        tenant_id IS NULL
+        OR public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = conversation_optout_keywords.tenant_id
+              AND tm.status = 'active'
+        )
+    );
+
+DROP POLICY IF EXISTS "optout_kw: insert custom" ON public.conversation_optout_keywords;
+CREATE POLICY "optout_kw: insert custom"
+    ON public.conversation_optout_keywords
+    FOR INSERT
+    TO authenticated
+    WITH CHECK (
+        tenant_id IS NOT NULL
+        AND is_system = false
+        AND (
+            public.is_saas_admin()
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid()
+                  AND tm.tenant_id = conversation_optout_keywords.tenant_id
+                  AND tm.status = 'active'
+            )
+        )
+    );
+
+DROP POLICY IF EXISTS "optout_kw: update/delete custom" ON public.conversation_optout_keywords;
+CREATE POLICY "optout_kw: update/delete custom"
+    ON public.conversation_optout_keywords
+    FOR UPDATE
+    TO authenticated
+    USING (
+        is_system = false
+        AND tenant_id IS NOT NULL
+        AND (
+            public.is_saas_admin()
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid()
+                  AND tm.tenant_id = conversation_optout_keywords.tenant_id
+                  AND tm.status = 'active'
+            )
+        )
+    );
+
+DROP POLICY IF EXISTS "optout_kw: delete custom" ON public.conversation_optout_keywords;
+CREATE POLICY "optout_kw: delete custom"
+    ON public.conversation_optout_keywords
+    FOR DELETE
+    TO authenticated
+    USING (
+        is_system = false
+        AND tenant_id IS NOT NULL
+        AND (
+            public.is_saas_admin()
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid()
+                  AND tm.tenant_id = conversation_optout_keywords.tenant_id
+                  AND tm.status = 'active'
+            )
+        )
+    );
+
+-- ==========================================================================
+-- FIM DA MIGRACAO
+-- ==========================================================================
diff --git a/database-novo/migrations/20260421000006_session_reminders.sql b/database-novo/migrations/20260421000006_session_reminders.sql
new file mode 100644
index 0000000..bfe9fec
--- /dev/null
+++ b/database-novo/migrations/20260421000006_session_reminders.sql
@@ -0,0 +1,152 @@
+-- ==========================================================================
+-- Agencia PSI — Migracao: Lembretes automáticos de sessão (CRM Grupo 2.4)
+-- ==========================================================================
+-- Criado por: Leonardo Nohama
+-- Data: 2026-04-21 · Sao Carlos/SP — Brasil
+--
+-- Envia WhatsApp automatico antes das sessoes agendadas (24h e 2h antes).
+-- Respeita opt-out (LGPD), quiet hours, canal ativo do tenant.
+--
+-- Arquitetura:
+--   - pg_cron agenda edge function `send-session-reminders` a cada 15 min
+--   - edge function busca eventos na janela de lembretes, envia + registra log
+--   - UNIQUE (event_id, reminder_type) no log impede envio duplicado
+-- ==========================================================================
+
+-- ---------------------------------------------------------------------------
+-- Settings per-tenant
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.session_reminder_settings (
+    tenant_id UUID PRIMARY KEY REFERENCES public.tenants(id) ON DELETE CASCADE,
+    enabled BOOLEAN NOT NULL DEFAULT false,
+
+    -- Lead times (quais lembretes enviar)
+    send_24h BOOLEAN NOT NULL DEFAULT true,
+    send_2h BOOLEAN NOT NULL DEFAULT true,
+
+    -- Templates com variaveis: {{nome_paciente}}, {{data_sessao}}, {{hora_sessao}}, {{nome_clinica}}, {{modalidade}}
+    template_24h TEXT NOT NULL DEFAULT 'Oi {{nome_paciente}}! 👋 Lembrando da sua sessão amanhã, {{data_sessao}} às {{hora_sessao}}. Até lá!'
+        CHECK (length(template_24h) > 0 AND length(template_24h) <= 2000),
+    template_2h TEXT NOT NULL DEFAULT 'Oi {{nome_paciente}}! Sua sessão começa em 2 horas, às {{hora_sessao}}. Te espero! 😊'
+        CHECK (length(template_2h) > 0 AND length(template_2h) <= 2000),
+
+    -- Quiet hours (não envia lembretes nessa janela, mesmo se a sessão estiver na janela)
+    -- Format: 'HH:MM'. Se start > end, janela atravessa a meia-noite (ex: 22:00 → 08:00).
+    quiet_hours_enabled BOOLEAN NOT NULL DEFAULT true,
+    quiet_hours_start TIME NOT NULL DEFAULT '22:00',
+    quiet_hours_end TIME NOT NULL DEFAULT '08:00',
+
+    -- Respeita opt-out (LGPD)? default true, mas expomos pra caso haja tenant com regra especifica.
+    respect_opt_out BOOLEAN NOT NULL DEFAULT true,
+
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+DROP TRIGGER IF EXISTS trg_session_reminder_settings_updated_at ON public.session_reminder_settings;
+CREATE TRIGGER trg_session_reminder_settings_updated_at
+    BEFORE UPDATE ON public.session_reminder_settings
+    FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+COMMENT ON TABLE public.session_reminder_settings IS
+    'Configuracao por tenant dos lembretes automaticos de sessao via WhatsApp.';
+
+-- ---------------------------------------------------------------------------
+-- Log (anti-duplicata + auditoria)
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.session_reminder_logs (
+    id BIGSERIAL PRIMARY KEY,
+    event_id UUID NOT NULL REFERENCES public.agenda_eventos(id) ON DELETE CASCADE,
+    tenant_id UUID NOT NULL REFERENCES public.tenants(id) ON DELETE CASCADE,
+    reminder_type TEXT NOT NULL CHECK (reminder_type IN ('24h', '2h')),
+    sent_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    provider TEXT,                    -- 'evolution', 'twilio', 'skipped'
+    skip_reason TEXT,                 -- quando provider='skipped': opted_out, quiet_hours, no_phone, etc
+    to_phone TEXT,
+    provider_message_id TEXT,
+    conversation_message_id BIGINT REFERENCES public.conversation_messages(id) ON DELETE SET NULL
+);
+
+CREATE UNIQUE INDEX IF NOT EXISTS uq_session_reminder_event_type
+    ON public.session_reminder_logs (event_id, reminder_type);
+
+CREATE INDEX IF NOT EXISTS idx_session_reminder_tenant_sent
+    ON public.session_reminder_logs (tenant_id, sent_at DESC);
+
+COMMENT ON TABLE public.session_reminder_logs IS
+    'Log de lembretes disparados. UNIQUE (event_id, reminder_type) previne duplicata.';
+
+-- ---------------------------------------------------------------------------
+-- RLS
+-- ---------------------------------------------------------------------------
+ALTER TABLE public.session_reminder_settings ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.session_reminder_logs ENABLE ROW LEVEL SECURITY;
+
+DROP POLICY IF EXISTS "reminder_settings: tenant members all" ON public.session_reminder_settings;
+CREATE POLICY "reminder_settings: tenant members all"
+    ON public.session_reminder_settings
+    FOR ALL
+    TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = session_reminder_settings.tenant_id
+              AND tm.status = 'active'
+        )
+    )
+    WITH CHECK (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = session_reminder_settings.tenant_id
+              AND tm.status = 'active'
+        )
+    );
+
+DROP POLICY IF EXISTS "reminder_logs: tenant members select" ON public.session_reminder_logs;
+CREATE POLICY "reminder_logs: tenant members select"
+    ON public.session_reminder_logs
+    FOR SELECT
+    TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = session_reminder_logs.tenant_id
+              AND tm.status = 'active'
+        )
+    );
+
+-- ---------------------------------------------------------------------------
+-- pg_cron: agenda send-session-reminders a cada 15 minutos
+-- ---------------------------------------------------------------------------
+-- Uses pg_net.http_post to hit the edge function. O secret do service_role
+-- deve estar configurado em app.settings.service_role_key (ou use Vault).
+--
+-- Como alternativa mais simples: o user pode configurar um cron externo
+-- (ex: Supabase Dashboard → Database → Cron) apontando pra edge function.
+-- Deixo o schedule abaixo comentado; descomentar em produção quando
+-- app.settings.service_role_key e app.settings.supabase_url estiverem setados.
+-- ---------------------------------------------------------------------------
+-- SELECT cron.schedule(
+--     'session-reminders-every-15min',
+--     '*/15 * * * *',
+--     $$
+--     SELECT net.http_post(
+--         url := current_setting('app.settings.supabase_url') || '/functions/v1/send-session-reminders',
+--         headers := jsonb_build_object(
+--             'Authorization', 'Bearer ' || current_setting('app.settings.service_role_key'),
+--             'Content-Type', 'application/json'
+--         ),
+--         body := '{}'::jsonb
+--     );
+--     $$
+-- );
+
+-- ==========================================================================
+-- FIM DA MIGRACAO
+-- ==========================================================================
diff --git a/database-novo/migrations/20260421000007_whatsapp_credits.sql b/database-novo/migrations/20260421000007_whatsapp_credits.sql
new file mode 100644
index 0000000..ad2ba2d
--- /dev/null
+++ b/database-novo/migrations/20260421000007_whatsapp_credits.sql
@@ -0,0 +1,342 @@
+-- ==========================================================================
+-- Agencia PSI — Migracao: Sistema de créditos WhatsApp (Marco B)
+-- ==========================================================================
+-- Criado por: Leonardo Nohama
+-- Data: 2026-04-21 · Sao Carlos/SP — Brasil
+--
+-- Modelo:
+--   - whatsapp_credits_balance     → saldo atual por tenant (snapshot)
+--   - whatsapp_credits_transactions → extrato (purchase, usage, topup, adj)
+--   - whatsapp_credit_packages     → pacotes oferecidos (SaaS-managed)
+--   - whatsapp_credit_purchases    → ordens de compra via Asaas
+--
+-- Helpers (RPC):
+--   - add_whatsapp_credits(tenant, amount, kind, ...) → novo saldo
+--   - deduct_whatsapp_credits(tenant, amount, message_id) → boolean
+--
+-- Creditos so sao deduzidos quando o tenant usa provider='twilio'
+-- (Evolution e free).
+-- ==========================================================================
+
+-- ---------------------------------------------------------------------------
+-- Saldo por tenant
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.whatsapp_credits_balance (
+    tenant_id UUID PRIMARY KEY REFERENCES public.tenants(id) ON DELETE CASCADE,
+    balance INT NOT NULL DEFAULT 0 CHECK (balance >= 0),
+    lifetime_purchased INT NOT NULL DEFAULT 0,
+    lifetime_used INT NOT NULL DEFAULT 0,
+    low_balance_threshold INT NOT NULL DEFAULT 20 CHECK (low_balance_threshold >= 0),
+    low_balance_alerted_at TIMESTAMPTZ,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+DROP TRIGGER IF EXISTS trg_wa_credits_balance_updated_at ON public.whatsapp_credits_balance;
+CREATE TRIGGER trg_wa_credits_balance_updated_at
+    BEFORE UPDATE ON public.whatsapp_credits_balance
+    FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+COMMENT ON TABLE public.whatsapp_credits_balance IS
+    'Saldo atual de creditos WhatsApp por tenant. 1 credito = 1 mensagem Twilio.';
+
+-- ---------------------------------------------------------------------------
+-- Extrato (transações)
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.whatsapp_credits_transactions (
+    id BIGSERIAL PRIMARY KEY,
+    tenant_id UUID NOT NULL REFERENCES public.tenants(id) ON DELETE CASCADE,
+    kind TEXT NOT NULL CHECK (kind IN ('purchase', 'usage', 'topup_manual', 'refund', 'adjustment')),
+    amount INT NOT NULL,        -- positivo = credito, negativo = debito
+    balance_after INT NOT NULL,
+
+    -- Referencias opcionais
+    conversation_message_id BIGINT REFERENCES public.conversation_messages(id) ON DELETE SET NULL,
+    purchase_id UUID,
+    admin_id UUID REFERENCES auth.users(id) ON DELETE SET NULL,
+    note TEXT,
+
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+CREATE INDEX IF NOT EXISTS idx_wa_credits_tx_tenant_created
+    ON public.whatsapp_credits_transactions (tenant_id, created_at DESC);
+
+CREATE INDEX IF NOT EXISTS idx_wa_credits_tx_kind
+    ON public.whatsapp_credits_transactions (tenant_id, kind, created_at DESC);
+
+COMMENT ON TABLE public.whatsapp_credits_transactions IS
+    'Extrato de creditos WhatsApp. Append-only — nao editar/deletar.';
+
+-- ---------------------------------------------------------------------------
+-- Pacotes (global, gerenciado pelo SaaS admin)
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.whatsapp_credit_packages (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    name TEXT NOT NULL CHECK (length(name) > 0 AND length(name) <= 100),
+    description TEXT,
+    credits INT NOT NULL CHECK (credits > 0),
+    price_brl NUMERIC(10,2) NOT NULL CHECK (price_brl > 0),
+    is_active BOOLEAN NOT NULL DEFAULT true,
+    is_featured BOOLEAN NOT NULL DEFAULT false,
+    position INT NOT NULL DEFAULT 100,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+DROP TRIGGER IF EXISTS trg_wa_credit_packages_updated_at ON public.whatsapp_credit_packages;
+CREATE TRIGGER trg_wa_credit_packages_updated_at
+    BEFORE UPDATE ON public.whatsapp_credit_packages
+    FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+CREATE INDEX IF NOT EXISTS idx_wa_credit_packages_active
+    ON public.whatsapp_credit_packages (is_active, position, price_brl)
+    WHERE is_active = true;
+
+COMMENT ON TABLE public.whatsapp_credit_packages IS
+    'Pacotes de creditos disponiveis pra compra. Gerenciado pelo SaaS admin.';
+
+-- Seed: pacotes padrao
+INSERT INTO public.whatsapp_credit_packages (name, description, credits, price_brl, is_featured, position) VALUES
+    ('Iniciante', 'Ideal pra conhecer a plataforma', 100, 49.90, false, 10),
+    ('Profissional', 'Mais vendido pra clínicas pequenas', 500, 199.90, true, 20),
+    ('Clínica', 'Pra clínicas com alto volume', 1500, 499.90, false, 30),
+    ('Enterprise', 'Pacote grande com desconto', 5000, 1499.90, false, 40)
+ON CONFLICT DO NOTHING;
+
+-- ---------------------------------------------------------------------------
+-- Ordens de compra (Asaas integration)
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.whatsapp_credit_purchases (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID NOT NULL REFERENCES public.tenants(id) ON DELETE CASCADE,
+    package_id UUID REFERENCES public.whatsapp_credit_packages(id) ON DELETE SET NULL,
+
+    -- Snapshot do pacote no momento da compra (caso mude de preço/creditos depois)
+    package_name TEXT NOT NULL,
+    credits INT NOT NULL CHECK (credits > 0),
+    amount_brl NUMERIC(10,2) NOT NULL CHECK (amount_brl > 0),
+
+    status TEXT NOT NULL DEFAULT 'pending'
+        CHECK (status IN ('pending', 'paid', 'failed', 'expired', 'refunded', 'cancelled')),
+
+    -- Asaas integration
+    asaas_customer_id TEXT,
+    asaas_payment_id TEXT,
+    asaas_payment_link TEXT,
+    asaas_pix_qrcode TEXT,          -- base64 da imagem
+    asaas_pix_copy_paste TEXT,      -- codigo PIX copia-cola
+
+    paid_at TIMESTAMPTZ,
+    expires_at TIMESTAMPTZ,
+    failed_at TIMESTAMPTZ,
+
+    created_by UUID REFERENCES auth.users(id) ON DELETE SET NULL,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+DROP TRIGGER IF EXISTS trg_wa_credit_purchases_updated_at ON public.whatsapp_credit_purchases;
+CREATE TRIGGER trg_wa_credit_purchases_updated_at
+    BEFORE UPDATE ON public.whatsapp_credit_purchases
+    FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+CREATE INDEX IF NOT EXISTS idx_wa_credit_purchases_tenant
+    ON public.whatsapp_credit_purchases (tenant_id, created_at DESC);
+
+CREATE INDEX IF NOT EXISTS idx_wa_credit_purchases_status
+    ON public.whatsapp_credit_purchases (status, created_at DESC);
+
+CREATE INDEX IF NOT EXISTS idx_wa_credit_purchases_asaas_payment
+    ON public.whatsapp_credit_purchases (asaas_payment_id)
+    WHERE asaas_payment_id IS NOT NULL;
+
+-- FK pra transactions.purchase_id (circular, então define depois)
+ALTER TABLE public.whatsapp_credits_transactions
+    DROP CONSTRAINT IF EXISTS whatsapp_credits_transactions_purchase_id_fkey;
+ALTER TABLE public.whatsapp_credits_transactions
+    ADD CONSTRAINT whatsapp_credits_transactions_purchase_id_fkey
+    FOREIGN KEY (purchase_id) REFERENCES public.whatsapp_credit_purchases(id) ON DELETE SET NULL;
+
+COMMENT ON TABLE public.whatsapp_credit_purchases IS
+    'Ordens de compra de creditos via Asaas. Webhook atualiza status.';
+
+-- ---------------------------------------------------------------------------
+-- RPC: add_whatsapp_credits (SECURITY DEFINER — atualiza saldo + registra tx)
+-- ---------------------------------------------------------------------------
+CREATE OR REPLACE FUNCTION public.add_whatsapp_credits(
+    p_tenant_id UUID,
+    p_amount INT,
+    p_kind TEXT,
+    p_purchase_id UUID DEFAULT NULL,
+    p_admin_id UUID DEFAULT NULL,
+    p_note TEXT DEFAULT NULL
+)
+RETURNS INT
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public
+AS $$
+DECLARE
+    v_new_balance INT;
+BEGIN
+    IF p_amount <= 0 THEN
+        RAISE EXCEPTION 'amount must be positive';
+    END IF;
+    IF p_kind NOT IN ('purchase', 'topup_manual', 'refund', 'adjustment') THEN
+        RAISE EXCEPTION 'invalid kind for credit: %', p_kind;
+    END IF;
+
+    INSERT INTO public.whatsapp_credits_balance (tenant_id, balance, lifetime_purchased)
+    VALUES (p_tenant_id, p_amount, CASE WHEN p_kind IN ('purchase', 'topup_manual') THEN p_amount ELSE 0 END)
+    ON CONFLICT (tenant_id) DO UPDATE SET
+        balance = whatsapp_credits_balance.balance + EXCLUDED.balance,
+        lifetime_purchased = whatsapp_credits_balance.lifetime_purchased
+            + CASE WHEN p_kind IN ('purchase', 'topup_manual') THEN p_amount ELSE 0 END,
+        low_balance_alerted_at = NULL  -- reset alerta quando recebe creditos
+    RETURNING balance INTO v_new_balance;
+
+    INSERT INTO public.whatsapp_credits_transactions
+        (tenant_id, kind, amount, balance_after, purchase_id, admin_id, note)
+    VALUES
+        (p_tenant_id, p_kind, p_amount, v_new_balance, p_purchase_id, p_admin_id, p_note);
+
+    RETURN v_new_balance;
+END;
+$$;
+
+REVOKE ALL ON FUNCTION public.add_whatsapp_credits(UUID, INT, TEXT, UUID, UUID, TEXT) FROM PUBLIC;
+GRANT EXECUTE ON FUNCTION public.add_whatsapp_credits(UUID, INT, TEXT, UUID, UUID, TEXT) TO service_role;
+
+-- ---------------------------------------------------------------------------
+-- RPC: deduct_whatsapp_credits (atomico, falha se saldo insuficiente)
+-- ---------------------------------------------------------------------------
+CREATE OR REPLACE FUNCTION public.deduct_whatsapp_credits(
+    p_tenant_id UUID,
+    p_amount INT,
+    p_conversation_message_id BIGINT DEFAULT NULL,
+    p_note TEXT DEFAULT NULL
+)
+RETURNS INT
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public
+AS $$
+DECLARE
+    v_new_balance INT;
+    v_row RECORD;
+BEGIN
+    IF p_amount <= 0 THEN
+        RAISE EXCEPTION 'amount must be positive';
+    END IF;
+
+    -- Lock a linha e valida saldo
+    SELECT balance, low_balance_threshold
+        INTO v_row
+        FROM public.whatsapp_credits_balance
+        WHERE tenant_id = p_tenant_id
+        FOR UPDATE;
+
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'insufficient_credits';
+    END IF;
+    IF v_row.balance < p_amount THEN
+        RAISE EXCEPTION 'insufficient_credits';
+    END IF;
+
+    UPDATE public.whatsapp_credits_balance
+        SET balance = balance - p_amount,
+            lifetime_used = lifetime_used + p_amount
+        WHERE tenant_id = p_tenant_id
+        RETURNING balance INTO v_new_balance;
+
+    INSERT INTO public.whatsapp_credits_transactions
+        (tenant_id, kind, amount, balance_after, conversation_message_id, note)
+    VALUES
+        (p_tenant_id, 'usage', -p_amount, v_new_balance, p_conversation_message_id, p_note);
+
+    RETURN v_new_balance;
+END;
+$$;
+
+REVOKE ALL ON FUNCTION public.deduct_whatsapp_credits(UUID, INT, BIGINT, TEXT) FROM PUBLIC;
+GRANT EXECUTE ON FUNCTION public.deduct_whatsapp_credits(UUID, INT, BIGINT, TEXT) TO service_role;
+
+-- ---------------------------------------------------------------------------
+-- RLS
+-- ---------------------------------------------------------------------------
+ALTER TABLE public.whatsapp_credits_balance ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.whatsapp_credits_transactions ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.whatsapp_credit_packages ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.whatsapp_credit_purchases ENABLE ROW LEVEL SECURITY;
+
+-- Balance: members do tenant leem, saas_admin tudo
+DROP POLICY IF EXISTS "wa_credits_balance: select tenant" ON public.whatsapp_credits_balance;
+CREATE POLICY "wa_credits_balance: select tenant"
+    ON public.whatsapp_credits_balance FOR SELECT TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.tenant_id = whatsapp_credits_balance.tenant_id AND tm.status = 'active'
+        )
+    );
+
+-- Settings update: members do tenant podem alterar low_balance_threshold
+DROP POLICY IF EXISTS "wa_credits_balance: update tenant" ON public.whatsapp_credits_balance;
+CREATE POLICY "wa_credits_balance: update tenant"
+    ON public.whatsapp_credits_balance FOR UPDATE TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.tenant_id = whatsapp_credits_balance.tenant_id AND tm.status = 'active'
+        )
+    )
+    WITH CHECK (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.tenant_id = whatsapp_credits_balance.tenant_id AND tm.status = 'active'
+        )
+    );
+
+-- Transactions: read-only pra tenant members, write via RPC
+DROP POLICY IF EXISTS "wa_credits_tx: select tenant" ON public.whatsapp_credits_transactions;
+CREATE POLICY "wa_credits_tx: select tenant"
+    ON public.whatsapp_credits_transactions FOR SELECT TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.tenant_id = whatsapp_credits_transactions.tenant_id AND tm.status = 'active'
+        )
+    );
+
+-- Packages: todos leem os ativos; saas_admin gerencia
+DROP POLICY IF EXISTS "wa_packages: select active" ON public.whatsapp_credit_packages;
+CREATE POLICY "wa_packages: select active"
+    ON public.whatsapp_credit_packages FOR SELECT TO authenticated
+    USING (is_active = true OR public.is_saas_admin());
+
+DROP POLICY IF EXISTS "wa_packages: manage saas admin" ON public.whatsapp_credit_packages;
+CREATE POLICY "wa_packages: manage saas admin"
+    ON public.whatsapp_credit_packages FOR ALL TO authenticated
+    USING (public.is_saas_admin())
+    WITH CHECK (public.is_saas_admin());
+
+-- Purchases: members do tenant leem as proprias
+DROP POLICY IF EXISTS "wa_purchases: select tenant" ON public.whatsapp_credit_purchases;
+CREATE POLICY "wa_purchases: select tenant"
+    ON public.whatsapp_credit_purchases FOR SELECT TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.tenant_id = whatsapp_credit_purchases.tenant_id AND tm.status = 'active'
+        )
+    );
+
+-- ==========================================================================
+-- FIM DA MIGRACAO
+-- ==========================================================================
diff --git a/database-novo/migrations/20260421000008_contact_phones.sql b/database-novo/migrations/20260421000008_contact_phones.sql
new file mode 100644
index 0000000..b0fdbb8
--- /dev/null
+++ b/database-novo/migrations/20260421000008_contact_phones.sql
@@ -0,0 +1,356 @@
+-- ==========================================================================
+-- Agencia PSI — Migracao: Telefones polimorficos com tipo + principal
+-- ==========================================================================
+-- Criado por: Leonardo Nohama
+-- Data: 2026-04-21 · Sao Carlos/SP — Brasil
+--
+-- Substitui campos fixos de telefone (patients.telefone, medicos.telefone_*)
+-- por estrutura flexivel:
+--
+--   - contact_types    → tipos configuraveis (Celular, Fixo, WhatsApp, ...)
+--                        System (tenant_id NULL) + custom por tenant
+--   - contact_phones   → telefones polimorficos (entity_type + entity_id)
+--                        Suporta patient, medico, futuramente emergency, etc
+--
+-- Ate 1 telefone marcado como is_primary por entidade (UNIQUE parcial).
+-- Triggers mantem patients.telefone, telefone_alternativo, medicos.telefone_*
+-- sincronizados pra nao quebrar codigo legado.
+-- ==========================================================================
+
+-- ---------------------------------------------------------------------------
+-- Tabela: contact_types
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.contact_types (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID REFERENCES public.tenants(id) ON DELETE CASCADE,  -- NULL = system
+    name TEXT NOT NULL CHECK (length(name) > 0 AND length(name) <= 40),
+    slug TEXT NOT NULL CHECK (slug ~ '^[a-z0-9_-]{1,40}$'),
+    icon TEXT,                          -- classe primeicons (ex: 'pi pi-mobile')
+    is_mobile BOOLEAN NOT NULL DEFAULT true,  -- true = mascara celular; false = mascara fixo
+    is_system BOOLEAN NOT NULL DEFAULT false,
+    position INT NOT NULL DEFAULT 100,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+CREATE UNIQUE INDEX IF NOT EXISTS uq_contact_types_tenant_slug
+    ON public.contact_types (tenant_id, slug)
+    WHERE tenant_id IS NOT NULL;
+
+CREATE UNIQUE INDEX IF NOT EXISTS uq_contact_types_system_slug
+    ON public.contact_types (slug)
+    WHERE tenant_id IS NULL;
+
+CREATE INDEX IF NOT EXISTS idx_contact_types_tenant
+    ON public.contact_types (tenant_id, position);
+
+DROP TRIGGER IF EXISTS trg_contact_types_updated_at ON public.contact_types;
+CREATE TRIGGER trg_contact_types_updated_at
+    BEFORE UPDATE ON public.contact_types
+    FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+COMMENT ON TABLE public.contact_types IS
+    'Tipos de contato (Celular, Fixo, WhatsApp, ...). System (tenant_id NULL) visiveis a todos; custom por tenant.';
+
+-- Seed: tipos system padrao
+INSERT INTO public.contact_types (tenant_id, name, slug, icon, is_mobile, is_system, position) VALUES
+    (NULL, 'Celular',      'celular',      'pi pi-mobile',           true,  true, 10),
+    (NULL, 'WhatsApp',     'whatsapp',     'pi pi-whatsapp',         true,  true, 20),
+    (NULL, 'Fixo',         'fixo',         'pi pi-phone',            false, true, 30),
+    (NULL, 'Residencial',  'residencial',  'pi pi-home',             false, true, 40),
+    (NULL, 'Comercial',    'comercial',    'pi pi-building',         true,  true, 50),
+    (NULL, 'Fax',          'fax',          'pi pi-print',            false, true, 60)
+ON CONFLICT DO NOTHING;
+
+-- ---------------------------------------------------------------------------
+-- Tabela: contact_phones (polimorfica)
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.contact_phones (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID NOT NULL REFERENCES public.tenants(id) ON DELETE CASCADE,
+
+    entity_type TEXT NOT NULL CHECK (entity_type IN ('patient', 'medico')),
+    entity_id UUID NOT NULL,
+
+    contact_type_id UUID NOT NULL REFERENCES public.contact_types(id) ON DELETE RESTRICT,
+
+    number TEXT NOT NULL CHECK (number ~ '^\d{8,15}$'),  -- digits only, 8-15 (DDI+DDD+num)
+    is_primary BOOLEAN NOT NULL DEFAULT false,
+
+    -- Vinculado automaticamente via drawer de conversa (CRM 3.5)
+    whatsapp_linked_at TIMESTAMPTZ,
+
+    notes TEXT,
+    position INT NOT NULL DEFAULT 100,
+
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+CREATE INDEX IF NOT EXISTS idx_contact_phones_entity
+    ON public.contact_phones (tenant_id, entity_type, entity_id, position);
+
+CREATE INDEX IF NOT EXISTS idx_contact_phones_number
+    ON public.contact_phones (tenant_id, number);
+
+-- Partial unique: apenas 1 primary por entidade
+CREATE UNIQUE INDEX IF NOT EXISTS uq_contact_phones_primary
+    ON public.contact_phones (entity_type, entity_id)
+    WHERE is_primary = true;
+
+DROP TRIGGER IF EXISTS trg_contact_phones_updated_at ON public.contact_phones;
+CREATE TRIGGER trg_contact_phones_updated_at
+    BEFORE UPDATE ON public.contact_phones
+    FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+COMMENT ON TABLE public.contact_phones IS
+    'Telefones polimorficos (patients, medicos, ...). Max 1 primary por entidade. Triggers sincronizam campos legados.';
+
+-- ---------------------------------------------------------------------------
+-- Helper: pega o telefone primary (ou primeiro) de uma entidade
+-- ---------------------------------------------------------------------------
+CREATE OR REPLACE FUNCTION public.get_entity_primary_phone(
+    p_entity_type TEXT,
+    p_entity_id UUID
+) RETURNS TEXT
+LANGUAGE sql
+STABLE
+SECURITY DEFINER
+SET search_path = public
+AS $$
+    SELECT number FROM public.contact_phones
+    WHERE entity_type = p_entity_type
+      AND entity_id = p_entity_id
+    ORDER BY is_primary DESC, position ASC, created_at ASC
+    LIMIT 1;
+$$;
+
+REVOKE ALL ON FUNCTION public.get_entity_primary_phone(TEXT, UUID) FROM PUBLIC;
+GRANT EXECUTE ON FUNCTION public.get_entity_primary_phone(TEXT, UUID) TO authenticated, service_role;
+
+-- ---------------------------------------------------------------------------
+-- Trigger: sincroniza campos legados de patients/medicos apos mudanca
+-- ---------------------------------------------------------------------------
+CREATE OR REPLACE FUNCTION public.sync_legacy_phone_fields() RETURNS TRIGGER
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public
+AS $$
+DECLARE
+    v_entity_type TEXT;
+    v_entity_id UUID;
+    v_primary TEXT;
+    v_secondary TEXT;
+    v_whatsapp_slug TEXT;
+    v_whatsapp TEXT;
+BEGIN
+    -- Identifica entidade afetada (pode ser OLD em delete)
+    IF TG_OP = 'DELETE' THEN
+        v_entity_type := OLD.entity_type;
+        v_entity_id := OLD.entity_id;
+    ELSE
+        v_entity_type := NEW.entity_type;
+        v_entity_id := NEW.entity_id;
+    END IF;
+
+    -- Pega primary (ou primeiro)
+    SELECT number INTO v_primary
+        FROM public.contact_phones
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+        ORDER BY is_primary DESC, position ASC, created_at ASC
+        LIMIT 1;
+
+    -- Pega segundo (depois do primary)
+    SELECT number INTO v_secondary
+        FROM public.contact_phones
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+          AND is_primary = false
+        ORDER BY position ASC, created_at ASC
+        OFFSET 0
+        LIMIT 1;
+
+    -- Sincroniza campos legados
+    IF v_entity_type = 'patient' THEN
+        UPDATE public.patients
+            SET telefone = v_primary,
+                telefone_alternativo = v_secondary
+            WHERE id = v_entity_id;
+    ELSIF v_entity_type = 'medico' THEN
+        -- Medicos: telefone_profissional = primary; telefone_pessoal = secundario
+        UPDATE public.medicos
+            SET telefone_profissional = v_primary,
+                telefone_pessoal = v_secondary
+            WHERE id = v_entity_id;
+    END IF;
+
+    IF TG_OP = 'DELETE' THEN
+        RETURN OLD;
+    ELSE
+        RETURN NEW;
+    END IF;
+END;
+$$;
+
+DROP TRIGGER IF EXISTS trg_contact_phones_sync_legacy ON public.contact_phones;
+CREATE TRIGGER trg_contact_phones_sync_legacy
+    AFTER INSERT OR UPDATE OR DELETE ON public.contact_phones
+    FOR EACH ROW EXECUTE FUNCTION public.sync_legacy_phone_fields();
+
+-- ---------------------------------------------------------------------------
+-- Backfill: migra dados existentes pra contact_phones
+-- ---------------------------------------------------------------------------
+-- Patients: telefone → Celular primary, telefone_alternativo → Fixo
+DO $$
+DECLARE
+    v_celular_id UUID;
+    v_fixo_id UUID;
+    v_profissional_id UUID;
+BEGIN
+    SELECT id INTO v_celular_id FROM public.contact_types WHERE slug = 'celular' AND tenant_id IS NULL LIMIT 1;
+    SELECT id INTO v_fixo_id FROM public.contact_types WHERE slug = 'fixo' AND tenant_id IS NULL LIMIT 1;
+    SELECT id INTO v_profissional_id FROM public.contact_types WHERE slug = 'comercial' AND tenant_id IS NULL LIMIT 1;
+
+    -- Patients.telefone → Celular primary
+    INSERT INTO public.contact_phones (tenant_id, entity_type, entity_id, contact_type_id, number, is_primary, position)
+    SELECT
+        p.tenant_id,
+        'patient',
+        p.id,
+        v_celular_id,
+        regexp_replace(p.telefone, '\D', '', 'g'),
+        true,
+        10
+    FROM public.patients p
+    WHERE p.telefone IS NOT NULL
+      AND length(regexp_replace(p.telefone, '\D', '', 'g')) BETWEEN 8 AND 15
+      AND NOT EXISTS (
+        SELECT 1 FROM public.contact_phones cp
+        WHERE cp.entity_type = 'patient' AND cp.entity_id = p.id
+    )
+    ON CONFLICT DO NOTHING;
+
+    -- Patients.telefone_alternativo → Fixo
+    INSERT INTO public.contact_phones (tenant_id, entity_type, entity_id, contact_type_id, number, is_primary, position)
+    SELECT
+        p.tenant_id,
+        'patient',
+        p.id,
+        v_fixo_id,
+        regexp_replace(p.telefone_alternativo, '\D', '', 'g'),
+        false,
+        20
+    FROM public.patients p
+    WHERE p.telefone_alternativo IS NOT NULL
+      AND length(regexp_replace(p.telefone_alternativo, '\D', '', 'g')) BETWEEN 8 AND 15
+      AND NOT EXISTS (
+        SELECT 1 FROM public.contact_phones cp
+        WHERE cp.entity_type = 'patient' AND cp.entity_id = p.id
+          AND cp.number = regexp_replace(p.telefone_alternativo, '\D', '', 'g')
+    )
+    ON CONFLICT DO NOTHING;
+
+    -- Medicos.telefone_profissional → Comercial primary
+    INSERT INTO public.contact_phones (tenant_id, entity_type, entity_id, contact_type_id, number, is_primary, position)
+    SELECT
+        m.tenant_id,
+        'medico',
+        m.id,
+        v_profissional_id,
+        regexp_replace(m.telefone_profissional, '\D', '', 'g'),
+        true,
+        10
+    FROM public.medicos m
+    WHERE m.telefone_profissional IS NOT NULL
+      AND length(regexp_replace(m.telefone_profissional, '\D', '', 'g')) BETWEEN 8 AND 15
+      AND NOT EXISTS (
+        SELECT 1 FROM public.contact_phones cp
+        WHERE cp.entity_type = 'medico' AND cp.entity_id = m.id
+    )
+    ON CONFLICT DO NOTHING;
+
+    -- Medicos.telefone_pessoal → Celular
+    INSERT INTO public.contact_phones (tenant_id, entity_type, entity_id, contact_type_id, number, is_primary, position)
+    SELECT
+        m.tenant_id,
+        'medico',
+        m.id,
+        v_celular_id,
+        regexp_replace(m.telefone_pessoal, '\D', '', 'g'),
+        false,
+        20
+    FROM public.medicos m
+    WHERE m.telefone_pessoal IS NOT NULL
+      AND length(regexp_replace(m.telefone_pessoal, '\D', '', 'g')) BETWEEN 8 AND 15
+      AND NOT EXISTS (
+        SELECT 1 FROM public.contact_phones cp
+        WHERE cp.entity_type = 'medico' AND cp.entity_id = m.id
+          AND cp.number = regexp_replace(m.telefone_pessoal, '\D', '', 'g')
+    )
+    ON CONFLICT DO NOTHING;
+END $$;
+
+-- ---------------------------------------------------------------------------
+-- RLS: contact_types
+-- ---------------------------------------------------------------------------
+ALTER TABLE public.contact_types ENABLE ROW LEVEL SECURITY;
+
+DROP POLICY IF EXISTS "contact_types: select" ON public.contact_types;
+CREATE POLICY "contact_types: select"
+    ON public.contact_types FOR SELECT TO authenticated
+    USING (
+        tenant_id IS NULL
+        OR public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.tenant_id = contact_types.tenant_id AND tm.status = 'active'
+        )
+    );
+
+DROP POLICY IF EXISTS "contact_types: manage custom" ON public.contact_types;
+CREATE POLICY "contact_types: manage custom"
+    ON public.contact_types FOR ALL TO authenticated
+    USING (
+        is_system = false AND tenant_id IS NOT NULL AND (
+            public.is_saas_admin()
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid() AND tm.tenant_id = contact_types.tenant_id AND tm.status = 'active'
+            )
+        )
+    )
+    WITH CHECK (
+        is_system = false AND tenant_id IS NOT NULL AND (
+            public.is_saas_admin()
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid() AND tm.tenant_id = contact_types.tenant_id AND tm.status = 'active'
+            )
+        )
+    );
+
+-- ---------------------------------------------------------------------------
+-- RLS: contact_phones
+-- ---------------------------------------------------------------------------
+ALTER TABLE public.contact_phones ENABLE ROW LEVEL SECURITY;
+
+DROP POLICY IF EXISTS "contact_phones: all tenant" ON public.contact_phones;
+CREATE POLICY "contact_phones: all tenant"
+    ON public.contact_phones FOR ALL TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.tenant_id = contact_phones.tenant_id AND tm.status = 'active'
+        )
+    )
+    WITH CHECK (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.tenant_id = contact_phones.tenant_id AND tm.status = 'active'
+        )
+    );
+
+-- ==========================================================================
+-- FIM DA MIGRACAO
+-- ==========================================================================
diff --git a/database-novo/migrations/20260421000009_retroactive_whatsapp_link.sql b/database-novo/migrations/20260421000009_retroactive_whatsapp_link.sql
new file mode 100644
index 0000000..28d1592
--- /dev/null
+++ b/database-novo/migrations/20260421000009_retroactive_whatsapp_link.sql
@@ -0,0 +1,64 @@
+-- ==========================================================================
+-- Agencia PSI — Migracao: Retroativa WhatsApp-linked em contact_phones
+-- ==========================================================================
+-- Criado por: Leonardo Nohama
+-- Data: 2026-04-21 · Sao Carlos/SP — Brasil
+--
+-- Pacientes que foram vinculados via drawer de conversa ANTES do refactor
+-- polimorfico de telefones tiveram o numero preservado em patients.telefone
+-- mas sem marca "vinculado WhatsApp" (nao existia o conceito).
+--
+-- Este script:
+--   1. Detecta pacientes com conversation_messages (direction=inbound)
+--   2. Encontra o contact_phone que match o numero da conversa
+--   3. Muda o contact_type_id pra 'whatsapp' + seta whatsapp_linked_at
+--      pra first_message_received_at
+--
+-- Nao destrutivo: so altera phones que claramente foram vinculados via CRM.
+-- Se paciente tem multiplos phones, apenas o que match o numero da conversa
+-- e afetado.
+-- ==========================================================================
+
+DO $$
+DECLARE
+    v_whatsapp_type_id UUID;
+BEGIN
+    SELECT id INTO v_whatsapp_type_id
+        FROM public.contact_types
+        WHERE slug = 'whatsapp' AND tenant_id IS NULL
+        LIMIT 1;
+
+    IF v_whatsapp_type_id IS NULL THEN
+        RAISE NOTICE 'Contact type WhatsApp nao encontrado — pule a migration retroativa';
+        RETURN;
+    END IF;
+
+    -- Atualiza contact_phones que match conversation_messages inbound
+    WITH convs AS (
+        SELECT
+            cm.patient_id,
+            regexp_replace(cm.from_number, '\D', '', 'g') AS phone_digits,
+            MIN(COALESCE(cm.received_at, cm.created_at)) AS first_msg_at
+        FROM public.conversation_messages cm
+        WHERE cm.patient_id IS NOT NULL
+          AND cm.direction = 'inbound'
+          AND cm.from_number IS NOT NULL
+          AND cm.channel = 'whatsapp'
+        GROUP BY cm.patient_id, regexp_replace(cm.from_number, '\D', '', 'g')
+    )
+    UPDATE public.contact_phones cp
+    SET
+        contact_type_id = v_whatsapp_type_id,
+        whatsapp_linked_at = COALESCE(cp.whatsapp_linked_at, convs.first_msg_at)
+    FROM convs
+    WHERE cp.entity_type = 'patient'
+      AND cp.entity_id = convs.patient_id
+      AND cp.number = convs.phone_digits;
+
+    -- Log
+    RAISE NOTICE 'Retroactive WhatsApp link complete';
+END $$;
+
+-- ==========================================================================
+-- FIM DA MIGRACAO
+-- ==========================================================================
diff --git a/database-novo/migrations/20260421000010_retroactive_whatsapp_link_v2.sql b/database-novo/migrations/20260421000010_retroactive_whatsapp_link_v2.sql
new file mode 100644
index 0000000..1055a03
--- /dev/null
+++ b/database-novo/migrations/20260421000010_retroactive_whatsapp_link_v2.sql
@@ -0,0 +1,95 @@
+-- ==========================================================================
+-- Agencia PSI — Migracao: Retroativa WhatsApp-linked v2
+-- ==========================================================================
+-- Criado por: Leonardo Nohama
+-- Data: 2026-04-21 · Sao Carlos/SP — Brasil
+--
+-- Complementa a migration 20260421000009_retroactive_whatsapp_link:
+--
+-- Pacientes vinculados via drawer antes do refactor ficaram sem a info
+-- de "vinculado WhatsApp". Algumas pecularidades:
+--
+-- 1. Mensagens podem ser outbound (to_number) ou inbound (from_number)
+-- 2. O numero da conversa pode NAO existir ainda em contact_phones
+--    (paciente tinha outro telefone cadastrado, CRM WhatsApp linkou um numero diferente)
+--
+-- Estrategia:
+--   - Pra cada paciente com conversa no channel 'whatsapp', coleta TODOS
+--     os numeros unicos (from_number + to_number conforme direction)
+--   - Pra cada numero:
+--       - Se paciente JA tem um contact_phone com esse numero → update pra WhatsApp + linked
+--       - Se NAO tem → insere novo com type='whatsapp' + linked
+-- ==========================================================================
+
+DO $$
+DECLARE
+    v_whatsapp_type_id UUID;
+BEGIN
+    SELECT id INTO v_whatsapp_type_id
+        FROM public.contact_types
+        WHERE slug = 'whatsapp' AND tenant_id IS NULL
+        LIMIT 1;
+
+    IF v_whatsapp_type_id IS NULL THEN
+        RAISE NOTICE 'Contact type WhatsApp nao encontrado';
+        RETURN;
+    END IF;
+
+    -- CTE: extrai (patient_id, phone_digits, first_msg_at) de conversation_messages
+    WITH convs AS (
+        SELECT
+            cm.tenant_id,
+            cm.patient_id,
+            CASE
+                WHEN cm.direction = 'inbound'  THEN regexp_replace(cm.from_number, '\D', '', 'g')
+                WHEN cm.direction = 'outbound' THEN regexp_replace(cm.to_number,   '\D', '', 'g')
+            END AS phone_digits,
+            MIN(COALESCE(cm.received_at, cm.responded_at, cm.created_at)) AS first_msg_at
+        FROM public.conversation_messages cm
+        WHERE cm.patient_id IS NOT NULL
+          AND cm.channel = 'whatsapp'
+          AND (cm.from_number IS NOT NULL OR cm.to_number IS NOT NULL)
+        GROUP BY cm.tenant_id, cm.patient_id, 3
+        HAVING CASE
+            WHEN cm.direction = 'inbound'  THEN regexp_replace(cm.from_number, '\D', '', 'g')
+            WHEN cm.direction = 'outbound' THEN regexp_replace(cm.to_number,   '\D', '', 'g')
+        END IS NOT NULL
+    ),
+    -- Atualiza phones que ja existem
+    updated AS (
+        UPDATE public.contact_phones cp
+        SET
+            contact_type_id = v_whatsapp_type_id,
+            whatsapp_linked_at = COALESCE(cp.whatsapp_linked_at, convs.first_msg_at)
+        FROM convs
+        WHERE cp.entity_type = 'patient'
+          AND cp.entity_id = convs.patient_id
+          AND cp.number = convs.phone_digits
+        RETURNING cp.entity_id, cp.number
+    )
+    -- Insere phones que nao existem ainda pro paciente
+    INSERT INTO public.contact_phones (tenant_id, entity_type, entity_id, contact_type_id, number, is_primary, whatsapp_linked_at, position)
+    SELECT
+        convs.tenant_id,
+        'patient',
+        convs.patient_id,
+        v_whatsapp_type_id,
+        convs.phone_digits,
+        false,  -- nao e primary (paciente ja tem outro)
+        convs.first_msg_at,
+        100  -- final da lista
+    FROM convs
+    WHERE NOT EXISTS (
+        SELECT 1 FROM public.contact_phones cp
+        WHERE cp.entity_type = 'patient'
+          AND cp.entity_id = convs.patient_id
+          AND cp.number = convs.phone_digits
+    )
+    AND length(convs.phone_digits) BETWEEN 8 AND 15;
+
+    RAISE NOTICE 'Retroactive WhatsApp link v2 complete';
+END $$;
+
+-- ==========================================================================
+-- FIM DA MIGRACAO
+-- ==========================================================================
diff --git a/database-novo/migrations/20260421000011_contact_emails.sql b/database-novo/migrations/20260421000011_contact_emails.sql
new file mode 100644
index 0000000..4a8f7e1
--- /dev/null
+++ b/database-novo/migrations/20260421000011_contact_emails.sql
@@ -0,0 +1,266 @@
+-- ==========================================================================
+-- Agencia PSI — Migracao: Emails polimorficos com tipo + principal
+-- ==========================================================================
+-- Criado por: Leonardo Nohama
+-- Data: 2026-04-21 · Sao Carlos/SP — Brasil
+--
+-- Mesmo padrao dos telefones (migration 20260421000008):
+--   - contact_email_types  → tipos configuraveis (Principal, Comercial, Pessoal, ...)
+--   - contact_emails       → emails polimorficos (entity_type + entity_id)
+--
+-- Triggers mantem patients.email_principal/email_alternativo e medicos.email
+-- sincronizados pra nao quebrar codigo legado.
+-- ==========================================================================
+
+-- ---------------------------------------------------------------------------
+-- Tabela: contact_email_types
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.contact_email_types (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID REFERENCES public.tenants(id) ON DELETE CASCADE,
+    name TEXT NOT NULL CHECK (length(name) > 0 AND length(name) <= 40),
+    slug TEXT NOT NULL CHECK (slug ~ '^[a-z0-9_-]{1,40}$'),
+    icon TEXT,
+    is_system BOOLEAN NOT NULL DEFAULT false,
+    position INT NOT NULL DEFAULT 100,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+CREATE UNIQUE INDEX IF NOT EXISTS uq_contact_email_types_tenant_slug
+    ON public.contact_email_types (tenant_id, slug)
+    WHERE tenant_id IS NOT NULL;
+
+CREATE UNIQUE INDEX IF NOT EXISTS uq_contact_email_types_system_slug
+    ON public.contact_email_types (slug)
+    WHERE tenant_id IS NULL;
+
+CREATE INDEX IF NOT EXISTS idx_contact_email_types_tenant
+    ON public.contact_email_types (tenant_id, position);
+
+DROP TRIGGER IF EXISTS trg_contact_email_types_updated_at ON public.contact_email_types;
+CREATE TRIGGER trg_contact_email_types_updated_at
+    BEFORE UPDATE ON public.contact_email_types
+    FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+COMMENT ON TABLE public.contact_email_types IS
+    'Tipos de email (Principal, Comercial, Pessoal, ...). System (tenant_id NULL) + custom.';
+
+-- Seed
+INSERT INTO public.contact_email_types (tenant_id, name, slug, icon, is_system, position) VALUES
+    (NULL, 'Principal',    'principal',    'pi pi-envelope',       true, 10),
+    (NULL, 'Pessoal',      'pessoal',      'pi pi-user',           true, 20),
+    (NULL, 'Comercial',    'comercial',    'pi pi-building',       true, 30),
+    (NULL, 'Faturamento',  'faturamento',  'pi pi-dollar',         true, 40),
+    (NULL, 'Alternativo',  'alternativo',  'pi pi-reply',          true, 50)
+ON CONFLICT DO NOTHING;
+
+-- ---------------------------------------------------------------------------
+-- Tabela: contact_emails (polimorfica)
+-- ---------------------------------------------------------------------------
+CREATE TABLE IF NOT EXISTS public.contact_emails (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID NOT NULL REFERENCES public.tenants(id) ON DELETE CASCADE,
+
+    entity_type TEXT NOT NULL CHECK (entity_type IN ('patient', 'medico')),
+    entity_id UUID NOT NULL,
+
+    contact_email_type_id UUID NOT NULL REFERENCES public.contact_email_types(id) ON DELETE RESTRICT,
+
+    email TEXT NOT NULL CHECK (email ~* '^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}$'),
+    is_primary BOOLEAN NOT NULL DEFAULT false,
+
+    notes TEXT,
+    position INT NOT NULL DEFAULT 100,
+
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+CREATE INDEX IF NOT EXISTS idx_contact_emails_entity
+    ON public.contact_emails (tenant_id, entity_type, entity_id, position);
+
+CREATE INDEX IF NOT EXISTS idx_contact_emails_email
+    ON public.contact_emails (tenant_id, email);
+
+CREATE UNIQUE INDEX IF NOT EXISTS uq_contact_emails_primary
+    ON public.contact_emails (entity_type, entity_id)
+    WHERE is_primary = true;
+
+DROP TRIGGER IF EXISTS trg_contact_emails_updated_at ON public.contact_emails;
+CREATE TRIGGER trg_contact_emails_updated_at
+    BEFORE UPDATE ON public.contact_emails
+    FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+COMMENT ON TABLE public.contact_emails IS
+    'Emails polimorficos (patients, medicos, ...). Max 1 primary por entidade. Triggers sincronizam campos legados.';
+
+-- ---------------------------------------------------------------------------
+-- Trigger: sincroniza campos legados apos mudanca
+-- ---------------------------------------------------------------------------
+CREATE OR REPLACE FUNCTION public.sync_legacy_email_fields() RETURNS TRIGGER
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public
+AS $$
+DECLARE
+    v_entity_type TEXT;
+    v_entity_id UUID;
+    v_primary TEXT;
+    v_secondary TEXT;
+BEGIN
+    IF TG_OP = 'DELETE' THEN
+        v_entity_type := OLD.entity_type;
+        v_entity_id := OLD.entity_id;
+    ELSE
+        v_entity_type := NEW.entity_type;
+        v_entity_id := NEW.entity_id;
+    END IF;
+
+    SELECT email INTO v_primary
+        FROM public.contact_emails
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+        ORDER BY is_primary DESC, position ASC, created_at ASC
+        LIMIT 1;
+
+    SELECT email INTO v_secondary
+        FROM public.contact_emails
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+          AND is_primary = false
+        ORDER BY position ASC, created_at ASC
+        OFFSET 0
+        LIMIT 1;
+
+    IF v_entity_type = 'patient' THEN
+        UPDATE public.patients
+            SET email_principal = v_primary,
+                email_alternativo = v_secondary
+            WHERE id = v_entity_id;
+    ELSIF v_entity_type = 'medico' THEN
+        UPDATE public.medicos
+            SET email = v_primary
+            WHERE id = v_entity_id;
+    END IF;
+
+    IF TG_OP = 'DELETE' THEN RETURN OLD; ELSE RETURN NEW; END IF;
+END;
+$$;
+
+DROP TRIGGER IF EXISTS trg_contact_emails_sync_legacy ON public.contact_emails;
+CREATE TRIGGER trg_contact_emails_sync_legacy
+    AFTER INSERT OR UPDATE OR DELETE ON public.contact_emails
+    FOR EACH ROW EXECUTE FUNCTION public.sync_legacy_email_fields();
+
+-- ---------------------------------------------------------------------------
+-- Backfill: migra emails existentes
+-- ---------------------------------------------------------------------------
+DO $$
+DECLARE
+    v_principal_id UUID;
+    v_alternativo_id UUID;
+BEGIN
+    SELECT id INTO v_principal_id FROM public.contact_email_types WHERE slug = 'principal' AND tenant_id IS NULL LIMIT 1;
+    SELECT id INTO v_alternativo_id FROM public.contact_email_types WHERE slug = 'alternativo' AND tenant_id IS NULL LIMIT 1;
+
+    -- Patients.email_principal → Principal primary
+    INSERT INTO public.contact_emails (tenant_id, entity_type, entity_id, contact_email_type_id, email, is_primary, position)
+    SELECT
+        p.tenant_id, 'patient', p.id, v_principal_id, lower(trim(p.email_principal)), true, 10
+    FROM public.patients p
+    WHERE p.email_principal IS NOT NULL
+      AND trim(p.email_principal) ~* '^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}$'
+      AND NOT EXISTS (
+        SELECT 1 FROM public.contact_emails ce
+        WHERE ce.entity_type = 'patient' AND ce.entity_id = p.id
+    )
+    ON CONFLICT DO NOTHING;
+
+    -- Patients.email_alternativo → Alternativo
+    INSERT INTO public.contact_emails (tenant_id, entity_type, entity_id, contact_email_type_id, email, is_primary, position)
+    SELECT
+        p.tenant_id, 'patient', p.id, v_alternativo_id, lower(trim(p.email_alternativo)), false, 20
+    FROM public.patients p
+    WHERE p.email_alternativo IS NOT NULL
+      AND trim(p.email_alternativo) ~* '^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}$'
+      AND NOT EXISTS (
+        SELECT 1 FROM public.contact_emails ce
+        WHERE ce.entity_type = 'patient' AND ce.entity_id = p.id
+          AND ce.email = lower(trim(p.email_alternativo))
+    )
+    ON CONFLICT DO NOTHING;
+
+    -- Medicos.email → Principal primary
+    INSERT INTO public.contact_emails (tenant_id, entity_type, entity_id, contact_email_type_id, email, is_primary, position)
+    SELECT
+        m.tenant_id, 'medico', m.id, v_principal_id, lower(trim(m.email)), true, 10
+    FROM public.medicos m
+    WHERE m.email IS NOT NULL
+      AND trim(m.email) ~* '^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}$'
+      AND NOT EXISTS (
+        SELECT 1 FROM public.contact_emails ce
+        WHERE ce.entity_type = 'medico' AND ce.entity_id = m.id
+    )
+    ON CONFLICT DO NOTHING;
+END $$;
+
+-- ---------------------------------------------------------------------------
+-- RLS
+-- ---------------------------------------------------------------------------
+ALTER TABLE public.contact_email_types ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.contact_emails ENABLE ROW LEVEL SECURITY;
+
+DROP POLICY IF EXISTS "contact_email_types: select" ON public.contact_email_types;
+CREATE POLICY "contact_email_types: select"
+    ON public.contact_email_types FOR SELECT TO authenticated
+    USING (
+        tenant_id IS NULL
+        OR public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.tenant_id = contact_email_types.tenant_id AND tm.status = 'active'
+        )
+    );
+
+DROP POLICY IF EXISTS "contact_email_types: manage custom" ON public.contact_email_types;
+CREATE POLICY "contact_email_types: manage custom"
+    ON public.contact_email_types FOR ALL TO authenticated
+    USING (
+        is_system = false AND tenant_id IS NOT NULL AND (
+            public.is_saas_admin()
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid() AND tm.tenant_id = contact_email_types.tenant_id AND tm.status = 'active'
+            )
+        )
+    )
+    WITH CHECK (
+        is_system = false AND tenant_id IS NOT NULL AND (
+            public.is_saas_admin()
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm
+                WHERE tm.user_id = auth.uid() AND tm.tenant_id = contact_email_types.tenant_id AND tm.status = 'active'
+            )
+        )
+    );
+
+DROP POLICY IF EXISTS "contact_emails: all tenant" ON public.contact_emails;
+CREATE POLICY "contact_emails: all tenant"
+    ON public.contact_emails FOR ALL TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.tenant_id = contact_emails.tenant_id AND tm.status = 'active'
+        )
+    )
+    WITH CHECK (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid() AND tm.tenant_id = contact_emails.tenant_id AND tm.status = 'active'
+        )
+    );
+
+-- ==========================================================================
+-- FIM DA MIGRACAO
+-- ==========================================================================
diff --git a/database-novo/migrations/20260421000012_conversation_assignments.sql b/database-novo/migrations/20260421000012_conversation_assignments.sql
new file mode 100644
index 0000000..ce1ac76
--- /dev/null
+++ b/database-novo/migrations/20260421000012_conversation_assignments.sql
@@ -0,0 +1,203 @@
+-- ==========================================================================
+-- Agencia PSI — Migracao: Atribuicao de conversa a terapeuta (CRM Grupo 3.2)
+-- ==========================================================================
+-- Criado por: Leonardo Nohama
+-- Data: 2026-04-21 · Sao Carlos/SP — Brasil
+--
+-- Uma linha por (tenant_id, thread_key) — UPSERT em cada reatribuicao.
+-- Historico (quem atribuiu pra quem e quando) pode ser adicionado depois
+-- via trigger INSERT em conversation_assignment_history se virar requisito.
+--
+-- thread_key segue o padrao de conversation_threads:
+--   - '<uuid>'       → thread de paciente conhecido
+--   - 'anon:<phone>' → thread de numero nao identificado
+--
+-- RLS:
+--   - SELECT: qualquer membro ativo do tenant
+--   - INSERT/UPDATE: qualquer membro ativo do tenant (self-assign ou delegar)
+--   - DELETE: nao permitido (unassign = UPDATE assigned_to=NULL)
+-- ==========================================================================
+
+CREATE TABLE IF NOT EXISTS public.conversation_assignments (
+    tenant_id UUID NOT NULL REFERENCES public.tenants(id) ON DELETE CASCADE,
+    thread_key TEXT NOT NULL,
+
+    patient_id UUID REFERENCES public.patients(id) ON DELETE SET NULL,
+    contact_number TEXT,
+
+    assigned_to UUID REFERENCES auth.users(id) ON DELETE SET NULL,
+    assigned_by UUID NOT NULL REFERENCES auth.users(id) ON DELETE SET NULL,
+    assigned_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+
+    PRIMARY KEY (tenant_id, thread_key)
+);
+
+CREATE INDEX IF NOT EXISTS idx_conv_assign_tenant_user
+    ON public.conversation_assignments (tenant_id, assigned_to)
+    WHERE assigned_to IS NOT NULL;
+
+CREATE INDEX IF NOT EXISTS idx_conv_assign_patient
+    ON public.conversation_assignments (patient_id)
+    WHERE patient_id IS NOT NULL;
+
+-- Trigger de updated_at
+DROP TRIGGER IF EXISTS trg_conv_assign_updated_at ON public.conversation_assignments;
+CREATE TRIGGER trg_conv_assign_updated_at
+    BEFORE UPDATE ON public.conversation_assignments
+    FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+COMMENT ON TABLE public.conversation_assignments IS
+    'Atribuicao de threads de conversa a membros do tenant. Uma linha por (tenant_id, thread_key). assigned_to=NULL significa nao atribuida.';
+
+-- --------------------------------------------------------------------------
+-- RLS
+-- --------------------------------------------------------------------------
+ALTER TABLE public.conversation_assignments ENABLE ROW LEVEL SECURITY;
+
+-- SELECT: qualquer membro ativo do tenant OU saas_admin
+DROP POLICY IF EXISTS "conv_assign: select tenant" ON public.conversation_assignments;
+CREATE POLICY "conv_assign: select tenant"
+    ON public.conversation_assignments
+    FOR SELECT
+    TO authenticated
+    USING (
+        public.is_saas_admin()
+        OR EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = conversation_assignments.tenant_id
+              AND tm.status = 'active'
+        )
+    );
+
+-- INSERT: membro ativo do tenant. assigned_by deve ser o proprio user.
+-- assigned_to deve ser membro ativo do mesmo tenant (ou NULL).
+DROP POLICY IF EXISTS "conv_assign: insert tenant" ON public.conversation_assignments;
+CREATE POLICY "conv_assign: insert tenant"
+    ON public.conversation_assignments
+    FOR INSERT
+    TO authenticated
+    WITH CHECK (
+        assigned_by = auth.uid()
+        AND EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = conversation_assignments.tenant_id
+              AND tm.status = 'active'
+        )
+        AND (
+            assigned_to IS NULL
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm2
+                WHERE tm2.user_id = conversation_assignments.assigned_to
+                  AND tm2.tenant_id = conversation_assignments.tenant_id
+                  AND tm2.status = 'active'
+            )
+        )
+    );
+
+-- UPDATE: membro ativo do tenant pode reatribuir. Mesma validacao pra assigned_to.
+DROP POLICY IF EXISTS "conv_assign: update tenant" ON public.conversation_assignments;
+CREATE POLICY "conv_assign: update tenant"
+    ON public.conversation_assignments
+    FOR UPDATE
+    TO authenticated
+    USING (
+        EXISTS (
+            SELECT 1 FROM public.tenant_members tm
+            WHERE tm.user_id = auth.uid()
+              AND tm.tenant_id = conversation_assignments.tenant_id
+              AND tm.status = 'active'
+        )
+    )
+    WITH CHECK (
+        assigned_by = auth.uid()
+        AND (
+            assigned_to IS NULL
+            OR EXISTS (
+                SELECT 1 FROM public.tenant_members tm2
+                WHERE tm2.user_id = conversation_assignments.assigned_to
+                  AND tm2.tenant_id = conversation_assignments.tenant_id
+                  AND tm2.status = 'active'
+            )
+        )
+    );
+
+-- DELETE: bloqueado (unassign = UPDATE assigned_to=NULL)
+
+-- --------------------------------------------------------------------------
+-- Atualiza view conversation_threads pra incluir assignment
+-- --------------------------------------------------------------------------
+DROP VIEW IF EXISTS public.conversation_threads CASCADE;
+
+CREATE VIEW public.conversation_threads
+WITH (security_invoker = true)
+AS
+WITH base AS (
+    SELECT
+        cm.id,
+        cm.tenant_id,
+        cm.patient_id,
+        cm.channel,
+        cm.body,
+        cm.direction,
+        cm.kanban_status,
+        cm.read_at,
+        cm.created_at,
+        CASE WHEN cm.direction = 'inbound' THEN cm.from_number ELSE cm.to_number END AS contact_number,
+        COALESCE(cm.patient_id::text, 'anon:' || COALESCE(
+            CASE WHEN cm.direction = 'inbound' THEN cm.from_number ELSE cm.to_number END,
+            'unknown'
+        )) AS thread_key
+    FROM public.conversation_messages cm
+),
+latest AS (
+    SELECT DISTINCT ON (tenant_id, thread_key)
+        tenant_id, thread_key, patient_id, channel, contact_number,
+        body AS last_message_body,
+        direction AS last_message_direction,
+        kanban_status,
+        created_at AS last_message_at
+    FROM base
+    ORDER BY tenant_id, thread_key, created_at DESC
+),
+counts AS (
+    SELECT
+        tenant_id, thread_key,
+        COUNT(*) AS message_count,
+        COUNT(*) FILTER (WHERE direction = 'inbound' AND read_at IS NULL) AS unread_count
+    FROM base
+    GROUP BY tenant_id, thread_key
+)
+SELECT
+    l.tenant_id,
+    l.thread_key,
+    l.patient_id,
+    p.nome_completo AS patient_name,
+    l.contact_number,
+    l.channel,
+    c.message_count,
+    c.unread_count,
+    l.last_message_at,
+    l.last_message_body,
+    l.last_message_direction,
+    l.kanban_status,
+    ca.assigned_to,
+    ca.assigned_at
+FROM latest l
+JOIN counts c ON c.tenant_id = l.tenant_id AND c.thread_key = l.thread_key
+LEFT JOIN public.patients p ON p.id = l.patient_id
+LEFT JOIN public.conversation_assignments ca
+    ON ca.tenant_id = l.tenant_id AND ca.thread_key = l.thread_key;
+
+COMMENT ON VIEW public.conversation_threads IS
+    'Agregado de conversas por paciente ou numero anonimo. Base do Kanban. Inclui assignment atual do thread.';
+
+GRANT SELECT ON public.conversation_threads TO authenticated;
+
+-- ==========================================================================
+-- FIM DA MIGRACAO
+-- ==========================================================================
diff --git a/database-novo/migrations/20260421000013_tenant_cpf_cnpj.sql b/database-novo/migrations/20260421000013_tenant_cpf_cnpj.sql
new file mode 100644
index 0000000..35e25f6
--- /dev/null
+++ b/database-novo/migrations/20260421000013_tenant_cpf_cnpj.sql
@@ -0,0 +1,31 @@
+-- ==========================================================================
+-- Agencia PSI — Migracao: CPF/CNPJ do tenant (fiscal / Asaas)
+-- ==========================================================================
+-- Criado por: Leonardo Nohama
+-- Data: 2026-04-21 · Sao Carlos/SP — Brasil
+--
+-- Adiciona coluna `cpf_cnpj` em tenants para suportar geracao de cobrancas
+-- Asaas (ex: credits WhatsApp via PIX) e, no futuro, notas fiscais do SaaS.
+-- Armazena apenas digitos (11 pra CPF, 14 pra CNPJ). Frontend formata.
+--
+-- Permissoes: admin do tenant (tenant_admin) pode ler/atualizar via RLS
+-- existente em tenants. Nao adiciona policy extra aqui.
+-- ==========================================================================
+
+ALTER TABLE public.tenants
+    ADD COLUMN IF NOT EXISTS cpf_cnpj TEXT;
+
+-- Permite apenas digitos; comprimento 11 (CPF) ou 14 (CNPJ); NULL tambem ok.
+ALTER TABLE public.tenants
+    DROP CONSTRAINT IF EXISTS tenants_cpf_cnpj_format;
+
+ALTER TABLE public.tenants
+    ADD CONSTRAINT tenants_cpf_cnpj_format
+    CHECK (cpf_cnpj IS NULL OR cpf_cnpj ~ '^[0-9]{11}$' OR cpf_cnpj ~ '^[0-9]{14}$');
+
+COMMENT ON COLUMN public.tenants.cpf_cnpj IS
+    'CPF (11 digitos) ou CNPJ (14 digitos) do titular do tenant. Usado por gateways de pagamento (Asaas). Apenas digitos.';
+
+-- ==========================================================================
+-- FIM DA MIGRACAO
+-- ==========================================================================
diff --git a/database-novo/schema/00_full/schema.sql b/database-novo/schema/00_full/schema.sql
index e96d54d..ba4b9d1 100644
--- a/database-novo/schema/00_full/schema.sql
+++ b/database-novo/schema/00_full/schema.sql
@@ -2,7 +2,7 @@
 -- PostgreSQL database dump
 --
 
-\restrict t3AqgfsPfrxKQ6xDOUZgLcwOmqGEQFr9QmWZe441K296WP9E1M31r17ZcywnfKW
+\restrict cL3H2JjRWI00WI0xnJSlufhaNqJV1aSUu220iQjG1A8YccWtKcjoKGeanovDlAc
 
 -- Dumped from database version 17.6
 -- Dumped by pg_dump version 17.6
@@ -1088,6 +1088,43 @@ end;
 $$;
 
 
+--
+-- Name: add_whatsapp_credits(uuid, integer, text, uuid, uuid, text); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.add_whatsapp_credits(p_tenant_id uuid, p_amount integer, p_kind text, p_purchase_id uuid DEFAULT NULL::uuid, p_admin_id uuid DEFAULT NULL::uuid, p_note text DEFAULT NULL::text) RETURNS integer
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_new_balance INT;
+BEGIN
+    IF p_amount <= 0 THEN
+        RAISE EXCEPTION 'amount must be positive';
+    END IF;
+    IF p_kind NOT IN ('purchase', 'topup_manual', 'refund', 'adjustment') THEN
+        RAISE EXCEPTION 'invalid kind for credit: %', p_kind;
+    END IF;
+
+    INSERT INTO public.whatsapp_credits_balance (tenant_id, balance, lifetime_purchased)
+    VALUES (p_tenant_id, p_amount, CASE WHEN p_kind IN ('purchase', 'topup_manual') THEN p_amount ELSE 0 END)
+    ON CONFLICT (tenant_id) DO UPDATE SET
+        balance = whatsapp_credits_balance.balance + EXCLUDED.balance,
+        lifetime_purchased = whatsapp_credits_balance.lifetime_purchased
+            + CASE WHEN p_kind IN ('purchase', 'topup_manual') THEN p_amount ELSE 0 END,
+        low_balance_alerted_at = NULL  -- reset alerta quando recebe creditos
+    RETURNING balance INTO v_new_balance;
+
+    INSERT INTO public.whatsapp_credits_transactions
+        (tenant_id, kind, amount, balance_after, purchase_id, admin_id, note)
+    VALUES
+        (p_tenant_id, p_kind, p_amount, v_new_balance, p_purchase_id, p_admin_id, p_note);
+
+    RETURN v_new_balance;
+END;
+$$;
+
+
 --
 -- Name: admin_credit_addon(uuid, text, integer, uuid, text, text, integer); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -2056,6 +2093,118 @@ end;
 $$;
 
 
+--
+-- Name: check_rate_limit(text, text); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.check_rate_limit(p_ip_hash text, p_endpoint text) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    cfg                       saas_security_config%ROWTYPE;
+    rl                        submission_rate_limits%ROWTYPE;
+    v_now                     timestamptz := now();
+    v_window_start            timestamptz;
+    v_in_window               boolean;
+    v_requires_captcha        boolean := false;
+    v_blocked_until           timestamptz;
+    v_retry_after_seconds     integer := 0;
+BEGIN
+    SELECT * INTO cfg FROM saas_security_config WHERE id = true;
+    IF NOT FOUND THEN
+        -- Sem config: fail-open (libera). Logado.
+        RETURN jsonb_build_object('allowed', true, 'requires_captcha', false, 'reason', 'no_config');
+    END IF;
+
+    -- Modo paranoid global: sempre captcha
+    IF cfg.captcha_required_globally THEN
+        v_requires_captcha := true;
+    END IF;
+
+    -- Sem rate limit ativo: libera (mas pode exigir captcha pelo paranoid)
+    IF NOT cfg.rate_limit_enabled THEN
+        RETURN jsonb_build_object(
+            'allowed',          true,
+            'requires_captcha', v_requires_captcha,
+            'reason',           CASE WHEN v_requires_captcha THEN 'paranoid_global' ELSE 'rate_limit_disabled' END
+        );
+    END IF;
+
+    -- Sem ip_hash: libera (não dá pra rastrear)
+    IF p_ip_hash IS NULL OR length(btrim(p_ip_hash)) = 0 THEN
+        RETURN jsonb_build_object(
+            'allowed',          true,
+            'requires_captcha', v_requires_captcha,
+            'reason',           'no_ip'
+        );
+    END IF;
+
+    SELECT * INTO rl
+      FROM submission_rate_limits
+     WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+
+    -- Bloqueio temporário ativo?
+    IF FOUND AND rl.blocked_until IS NOT NULL AND rl.blocked_until > v_now THEN
+        v_retry_after_seconds := EXTRACT(EPOCH FROM (rl.blocked_until - v_now))::int;
+        RETURN jsonb_build_object(
+            'allowed',             false,
+            'requires_captcha',    false,
+            'retry_after_seconds', v_retry_after_seconds,
+            'reason',              'blocked'
+        );
+    END IF;
+
+    -- Captcha condicional ativo?
+    IF FOUND AND rl.requires_captcha_until IS NOT NULL AND rl.requires_captcha_until > v_now THEN
+        v_requires_captcha := true;
+    END IF;
+
+    -- Janela atual ainda válida?
+    v_window_start := v_now - (cfg.rate_limit_window_min || ' minutes')::interval;
+    v_in_window := FOUND AND rl.window_start >= v_window_start;
+
+    IF v_in_window AND rl.attempt_count >= cfg.rate_limit_max_attempts THEN
+        -- Excedeu — bloqueia
+        v_blocked_until := v_now + (cfg.block_duration_min || ' minutes')::interval;
+        UPDATE submission_rate_limits
+           SET blocked_until = v_blocked_until,
+               last_attempt_at = v_now
+         WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+
+        v_retry_after_seconds := EXTRACT(EPOCH FROM (v_blocked_until - v_now))::int;
+        RETURN jsonb_build_object(
+            'allowed',             false,
+            'requires_captcha',    false,
+            'retry_after_seconds', v_retry_after_seconds,
+            'reason',              'rate_limit_exceeded'
+        );
+    END IF;
+
+    RETURN jsonb_build_object(
+        'allowed',          true,
+        'requires_captcha', v_requires_captcha,
+        'reason',           CASE WHEN v_requires_captcha THEN 'captcha_required' ELSE 'ok' END
+    );
+END;
+$$;
+
+
+--
+-- Name: cleanup_expired_math_challenges(); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.cleanup_expired_math_challenges() RETURNS integer
+    LANGUAGE sql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+    WITH d AS (
+        DELETE FROM math_challenges WHERE expires_at < now() - interval '1 hour' RETURNING 1
+    )
+    SELECT COUNT(*)::int FROM d;
+$$;
+
+
 --
 -- Name: cleanup_notification_queue(); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -2117,7 +2266,7 @@ $$;
 CREATE TABLE public.financial_records (
     id uuid DEFAULT gen_random_uuid() NOT NULL,
     owner_id uuid NOT NULL,
-    tenant_id uuid,
+    tenant_id uuid NOT NULL,
     type public.financial_record_type DEFAULT 'receita'::public.financial_record_type NOT NULL,
     amount numeric(10,2) NOT NULL,
     description text,
@@ -2147,6 +2296,7 @@ CREATE TABLE public.financial_records (
     CONSTRAINT financial_records_clinic_fee_amount_check CHECK ((clinic_fee_amount >= (0)::numeric)),
     CONSTRAINT financial_records_clinic_fee_pct_check CHECK (((clinic_fee_pct >= (0)::numeric) AND (clinic_fee_pct <= (100)::numeric))),
     CONSTRAINT financial_records_discount_amount_check CHECK ((discount_amount >= (0)::numeric)),
+    CONSTRAINT financial_records_fee_lte_amount_chk CHECK (((clinic_fee_amount IS NULL) OR ((clinic_fee_amount >= (0)::numeric) AND (clinic_fee_amount <= amount)))),
     CONSTRAINT financial_records_final_amount_check CHECK ((final_amount >= (0)::numeric)),
     CONSTRAINT financial_records_installments_check CHECK ((installments >= 1)),
     CONSTRAINT financial_records_status_check CHECK ((status = ANY (ARRAY['pending'::text, 'paid'::text, 'partial'::text, 'overdue'::text, 'cancelled'::text, 'refunded'::text])))
@@ -2281,44 +2431,151 @@ CREATE FUNCTION public.create_patient_intake_request_v2(p_token text, p_payload
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
     AS $_$
-declare
-  v_owner_id uuid;
-  v_intake_id uuid;
-  v_birth_raw text;
-  v_birth date;
-begin
-  select owner_id
-    into v_owner_id
-  from public.patient_invites
-  where token = p_token;
+DECLARE
+  v_owner_id   uuid;
+  v_tenant_id  uuid;
+  v_active     boolean;
+  v_expires    timestamptz;
+  v_max_uses   int;
+  v_uses       int;
+  v_intake_id  uuid;
+  v_birth_raw  text;
+  v_birth      date;
+  v_email      text;
+  v_email_alt  text;
+  v_nome       text;
+  v_consent    boolean;
+  v_genero     text;
+  v_estado_civil text;
 
-  if v_owner_id is null then
-    raise exception 'Token inv??lido ou expirado';
-  end if;
+  -- Whitelists para campos tipados
+  c_generos        text[] := ARRAY['male','female','non_binary','other','na'];
+  c_estados_civis  text[] := ARRAY['single','married','divorced','widowed','na'];
+BEGIN
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Carrega invite e valida TUDO (A#16)
+  -- ───────────────────────────────────────────────────────────────────────
+  SELECT owner_id, tenant_id, active, expires_at, max_uses, uses
+    INTO v_owner_id, v_tenant_id, v_active, v_expires, v_max_uses, v_uses
+  FROM public.patient_invites
+  WHERE token = p_token
+  LIMIT 1;
 
-  v_birth_raw := nullif(trim(coalesce(
-    p_payload->>'data_nascimento',
-    ''
-  )), '');
+  IF v_owner_id IS NULL THEN
+    RAISE EXCEPTION 'Token inválido' USING ERRCODE = '28000';
+  END IF;
 
-  v_birth := case
-    when v_birth_raw is null then null
-    when v_birth_raw ~ '^\d{4}-\d{2}-\d{2}$' then v_birth_raw::date
-    when v_birth_raw ~ '^\d{2}-\d{2}-\d{4}$' then to_date(v_birth_raw, 'DD-MM-YYYY')
-    else null
-  end;
+  IF v_active IS NOT TRUE THEN
+    RAISE EXCEPTION 'Link desativado' USING ERRCODE = '28000';
+  END IF;
 
-  insert into public.patient_intake_requests (
+  IF v_expires IS NOT NULL AND now() > v_expires THEN
+    RAISE EXCEPTION 'Link expirado' USING ERRCODE = '28000';
+  END IF;
+
+  IF v_max_uses IS NOT NULL AND v_uses >= v_max_uses THEN
+    RAISE EXCEPTION 'Limite de uso atingido' USING ERRCODE = '28000';
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Resolver tenant_id (A#19)
+  -- Se o invite não tem tenant_id, tenta achar a membership active do owner.
+  -- ───────────────────────────────────────────────────────────────────────
+  IF v_tenant_id IS NULL THEN
+    SELECT tenant_id
+      INTO v_tenant_id
+    FROM public.tenant_members
+    WHERE user_id = v_owner_id
+      AND status = 'active'
+    ORDER BY created_at ASC
+    LIMIT 1;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Sanitização + validações de campos (A#27)
+  -- ───────────────────────────────────────────────────────────────────────
+
+  -- Nome obrigatório (max 200)
+  v_nome := nullif(trim(p_payload->>'nome_completo'), '');
+  IF v_nome IS NULL THEN
+    RAISE EXCEPTION 'Nome é obrigatório';
+  END IF;
+  IF length(v_nome) > 200 THEN
+    RAISE EXCEPTION 'Nome muito longo (máx 200 caracteres)';
+  END IF;
+
+  -- Email principal obrigatório + lower + max 120
+  v_email := nullif(lower(trim(p_payload->>'email_principal')), '');
+  IF v_email IS NULL THEN
+    RAISE EXCEPTION 'E-mail é obrigatório';
+  END IF;
+  IF length(v_email) > 120 THEN
+    RAISE EXCEPTION 'E-mail muito longo (máx 120 caracteres)';
+  END IF;
+  IF v_email !~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$' THEN
+    RAISE EXCEPTION 'E-mail inválido';
+  END IF;
+
+  -- Email alternativo opcional mas validado se presente
+  v_email_alt := nullif(lower(trim(p_payload->>'email_alternativo')), '');
+  IF v_email_alt IS NOT NULL THEN
+    IF length(v_email_alt) > 120 THEN
+      RAISE EXCEPTION 'E-mail alternativo muito longo';
+    END IF;
+    IF v_email_alt !~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$' THEN
+      RAISE EXCEPTION 'E-mail alternativo inválido';
+    END IF;
+  END IF;
+
+  -- Consent obrigatório
+  v_consent := coalesce((p_payload->>'consent')::boolean, false);
+  IF v_consent IS NOT TRUE THEN
+    RAISE EXCEPTION 'Consentimento é obrigatório';
+  END IF;
+
+  -- Data de nascimento: aceita DD-MM-YYYY ou YYYY-MM-DD
+  v_birth_raw := nullif(trim(coalesce(p_payload->>'data_nascimento', '')), '');
+  v_birth := CASE
+    WHEN v_birth_raw IS NULL THEN NULL
+    WHEN v_birth_raw ~ '^\d{4}-\d{2}-\d{2}$' THEN v_birth_raw::date
+    WHEN v_birth_raw ~ '^\d{2}-\d{2}-\d{4}$' THEN to_date(v_birth_raw, 'DD-MM-YYYY')
+    ELSE NULL
+  END;
+  -- Sanidade: nascimento não pode ser no futuro nem antes de 1900
+  IF v_birth IS NOT NULL AND (v_birth > current_date OR v_birth < '1900-01-01'::date) THEN
+    v_birth := NULL;
+  END IF;
+
+  -- Gênero e estado civil: whitelist estrita (rejeita qualquer outra string)
+  v_genero := nullif(trim(p_payload->>'genero'), '');
+  IF v_genero IS NOT NULL AND NOT (v_genero = ANY(c_generos)) THEN
+    v_genero := NULL;
+  END IF;
+
+  v_estado_civil := nullif(trim(p_payload->>'estado_civil'), '');
+  IF v_estado_civil IS NOT NULL AND NOT (v_estado_civil = ANY(c_estados_civis)) THEN
+    v_estado_civil := NULL;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- INSERT com sanitização inline
+  -- NOTA: notas_internas NÃO é lido do payload (A#17) — é campo interno
+  -- do terapeuta, não deve vir do paciente.
+  -- ───────────────────────────────────────────────────────────────────────
+  INSERT INTO public.patient_intake_requests (
     owner_id,
+    tenant_id,
     token,
     status,
     consent,
 
     nome_completo,
     email_principal,
+    email_alternativo,
     telefone,
+    telefone_alternativo,
 
-    avatar_url,  -- ???? AQUI
+    avatar_url,
 
     data_nascimento,
     cpf,
@@ -2340,55 +2597,302 @@ begin
     bairro,
 
     observacoes,
-    notas_internas,
 
     encaminhado_por,
     onde_nos_conheceu
   )
-  values (
+  VALUES (
     v_owner_id,
+    v_tenant_id,
     p_token,
     'new',
-    coalesce((p_payload->>'consent')::boolean, false),
+    v_consent,
 
-    nullif(trim(p_payload->>'nome_completo'), ''),
-    nullif(trim(p_payload->>'email_principal'), ''),
+    v_nome,
+    v_email,
+    v_email_alt,
     nullif(regexp_replace(coalesce(p_payload->>'telefone',''), '\D', '', 'g'), ''),
+    nullif(regexp_replace(coalesce(p_payload->>'telefone_alternativo',''), '\D', '', 'g'), ''),
 
-    nullif(trim(p_payload->>'avatar_url'), ''), -- ???? AQUI
+    left(nullif(trim(p_payload->>'avatar_url'), ''), 500),
 
     v_birth,
     nullif(regexp_replace(coalesce(p_payload->>'cpf',''), '\D', '', 'g'), ''),
-    nullif(trim(p_payload->>'rg'), ''),
-    nullif(trim(p_payload->>'genero'), ''),
-    nullif(trim(p_payload->>'estado_civil'), ''),
-    nullif(trim(p_payload->>'profissao'), ''),
-    nullif(trim(p_payload->>'escolaridade'), ''),
-    nullif(trim(p_payload->>'nacionalidade'), ''),
-    nullif(trim(p_payload->>'naturalidade'), ''),
+    left(nullif(trim(p_payload->>'rg'), ''), 20),
+    v_genero,
+    v_estado_civil,
+    left(nullif(trim(p_payload->>'profissao'), ''), 120),
+    left(nullif(trim(p_payload->>'escolaridade'), ''), 120),
+    left(nullif(trim(p_payload->>'nacionalidade'), ''), 80),
+    left(nullif(trim(p_payload->>'naturalidade'), ''), 120),
 
     nullif(regexp_replace(coalesce(p_payload->>'cep',''), '\D', '', 'g'), ''),
-    nullif(trim(p_payload->>'pais'), ''),
-    nullif(trim(p_payload->>'cidade'), ''),
-    nullif(trim(p_payload->>'estado'), ''),
-    nullif(trim(p_payload->>'endereco'), ''),
-    nullif(trim(p_payload->>'numero'), ''),
-    nullif(trim(p_payload->>'complemento'), ''),
-    nullif(trim(p_payload->>'bairro'), ''),
+    left(nullif(trim(p_payload->>'pais'), ''), 60),
+    left(nullif(trim(p_payload->>'cidade'), ''), 120),
+    left(nullif(trim(p_payload->>'estado'), ''), 2),
+    left(nullif(trim(p_payload->>'endereco'), ''), 200),
+    left(nullif(trim(p_payload->>'numero'), ''), 20),
+    left(nullif(trim(p_payload->>'complemento'), ''), 120),
+    left(nullif(trim(p_payload->>'bairro'), ''), 120),
 
-    nullif(trim(p_payload->>'observacoes'), ''),
-    nullif(trim(p_payload->>'notas_internas'), ''),
+    left(nullif(trim(p_payload->>'observacoes'), ''), 2000),
 
-    nullif(trim(p_payload->>'encaminhado_por'), ''),
-    nullif(trim(p_payload->>'onde_nos_conheceu'), '')
+    left(nullif(trim(p_payload->>'encaminhado_por'), ''), 120),
+    left(nullif(trim(p_payload->>'onde_nos_conheceu'), ''), 80)
   )
-  returning id into v_intake_id;
+  RETURNING id INTO v_intake_id;
 
-  return v_intake_id;
-end;
+  -- Incrementa contador de uso (A#16)
+  UPDATE public.patient_invites
+    SET uses = uses + 1
+  WHERE token = p_token;
+
+  RETURN v_intake_id;
+END;
 $_$;
 
 
+--
+-- Name: FUNCTION create_patient_intake_request_v2(p_token text, p_payload jsonb); Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON FUNCTION public.create_patient_intake_request_v2(p_token text, p_payload jsonb) IS 'Hardened 2026-04-18: valida active/expires/max_uses + incrementa uses; sanitiza todos os campos (trim, length, regex); resolve tenant_id; rejeita notas_internas (campo interno); exige consent=true.';
+
+
+--
+-- Name: create_patient_intake_request_v2(text, jsonb, text); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.create_patient_intake_request_v2(p_token text, p_payload jsonb, p_client_info text DEFAULT NULL::text) RETURNS uuid
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $_$
+DECLARE
+  v_owner_id   uuid;
+  v_tenant_id  uuid;
+  v_active     boolean;
+  v_expires    timestamptz;
+  v_max_uses   int;
+  v_uses       int;
+  v_intake_id  uuid;
+  v_birth_raw  text;
+  v_birth      date;
+  v_email      text;
+  v_email_alt  text;
+  v_nome       text;
+  v_consent    boolean;
+  v_genero     text;
+  v_estado_civil text;
+  v_err_msg    text;
+  v_err_code   text;
+  v_clean_info text;
+
+  c_generos        text[] := ARRAY['male','female','non_binary','other','na'];
+  c_estados_civis  text[] := ARRAY['single','married','divorced','widowed','na'];
+
+  -- Helper para logar: escreve em patient_invite_attempts e não propaga erros.
+  -- Implementado inline porque PL/pgSQL não permite sub-rotina local fácil.
+BEGIN
+  -- Sanitiza client_info recebido (cap + trim)
+  v_clean_info := nullif(left(trim(coalesce(p_client_info, '')), 500), '');
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Resolve invite + valida TUDO (A#16)
+  -- ───────────────────────────────────────────────────────────────────────
+  SELECT owner_id, tenant_id, active, expires_at, max_uses, uses
+    INTO v_owner_id, v_tenant_id, v_active, v_expires, v_max_uses, v_uses
+  FROM public.patient_invites
+  WHERE token = p_token
+  LIMIT 1;
+
+  IF v_owner_id IS NULL THEN
+    v_err_code := 'TOKEN_INVALID';
+    v_err_msg := 'Token inválido';
+    -- Log + raise (owner_id NULL porque token não bateu)
+    BEGIN
+      INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info)
+      VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info);
+    EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg USING ERRCODE = '28000';
+  END IF;
+
+  IF v_active IS NOT TRUE THEN
+    v_err_code := 'TOKEN_DISABLED';
+    v_err_msg := 'Link desativado';
+    BEGIN
+      INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id)
+      VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id);
+    EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg USING ERRCODE = '28000';
+  END IF;
+
+  IF v_expires IS NOT NULL AND now() > v_expires THEN
+    v_err_code := 'TOKEN_EXPIRED';
+    v_err_msg := 'Link expirado';
+    BEGIN
+      INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id)
+      VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id);
+    EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg USING ERRCODE = '28000';
+  END IF;
+
+  IF v_max_uses IS NOT NULL AND v_uses >= v_max_uses THEN
+    v_err_code := 'TOKEN_MAX_USES';
+    v_err_msg := 'Limite de uso atingido';
+    BEGIN
+      INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id)
+      VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id);
+    EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg USING ERRCODE = '28000';
+  END IF;
+
+  -- Resolve tenant_id se invite não tiver (A#19)
+  IF v_tenant_id IS NULL THEN
+    SELECT tenant_id
+      INTO v_tenant_id
+    FROM public.tenant_members
+    WHERE user_id = v_owner_id
+      AND status = 'active'
+    ORDER BY created_at ASC
+    LIMIT 1;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Sanitização + validações de campos (A#27)
+  -- ───────────────────────────────────────────────────────────────────────
+  v_nome := nullif(trim(p_payload->>'nome_completo'), '');
+  IF v_nome IS NULL THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'Nome é obrigatório';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+  IF length(v_nome) > 200 THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'Nome muito longo';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+
+  v_email := nullif(lower(trim(p_payload->>'email_principal')), '');
+  IF v_email IS NULL THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'E-mail é obrigatório';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+  IF length(v_email) > 120 THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'E-mail muito longo';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+  IF v_email !~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$' THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'E-mail inválido';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+
+  v_email_alt := nullif(lower(trim(p_payload->>'email_alternativo')), '');
+  IF v_email_alt IS NOT NULL THEN
+    IF length(v_email_alt) > 120 THEN
+      v_err_code := 'VALIDATION'; v_err_msg := 'E-mail alternativo muito longo';
+      BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+      RAISE EXCEPTION '%', v_err_msg;
+    END IF;
+    IF v_email_alt !~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$' THEN
+      v_err_code := 'VALIDATION'; v_err_msg := 'E-mail alternativo inválido';
+      BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+      RAISE EXCEPTION '%', v_err_msg;
+    END IF;
+  END IF;
+
+  v_consent := coalesce((p_payload->>'consent')::boolean, false);
+  IF v_consent IS NOT TRUE THEN
+    v_err_code := 'CONSENT_REQUIRED'; v_err_msg := 'Consentimento é obrigatório';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+
+  v_birth_raw := nullif(trim(coalesce(p_payload->>'data_nascimento', '')), '');
+  v_birth := CASE
+    WHEN v_birth_raw IS NULL THEN NULL
+    WHEN v_birth_raw ~ '^\d{4}-\d{2}-\d{2}$' THEN v_birth_raw::date
+    WHEN v_birth_raw ~ '^\d{2}-\d{2}-\d{4}$' THEN to_date(v_birth_raw, 'DD-MM-YYYY')
+    ELSE NULL
+  END;
+  IF v_birth IS NOT NULL AND (v_birth > current_date OR v_birth < '1900-01-01'::date) THEN
+    v_birth := NULL;
+  END IF;
+
+  v_genero := nullif(trim(p_payload->>'genero'), '');
+  IF v_genero IS NOT NULL AND NOT (v_genero = ANY(c_generos)) THEN
+    v_genero := NULL;
+  END IF;
+
+  v_estado_civil := nullif(trim(p_payload->>'estado_civil'), '');
+  IF v_estado_civil IS NOT NULL AND NOT (v_estado_civil = ANY(c_estados_civis)) THEN
+    v_estado_civil := NULL;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- INSERT
+  -- ───────────────────────────────────────────────────────────────────────
+  INSERT INTO public.patient_intake_requests (
+    owner_id, tenant_id, token, status, consent,
+    nome_completo, email_principal, email_alternativo, telefone, telefone_alternativo,
+    avatar_url,
+    data_nascimento, cpf, rg, genero, estado_civil,
+    profissao, escolaridade, nacionalidade, naturalidade,
+    cep, pais, cidade, estado, endereco, numero, complemento, bairro,
+    observacoes, encaminhado_por, onde_nos_conheceu
+  )
+  VALUES (
+    v_owner_id, v_tenant_id, p_token, 'new', v_consent,
+    v_nome, v_email, v_email_alt,
+    nullif(regexp_replace(coalesce(p_payload->>'telefone',''), '\D', '', 'g'), ''),
+    nullif(regexp_replace(coalesce(p_payload->>'telefone_alternativo',''), '\D', '', 'g'), ''),
+    left(nullif(trim(p_payload->>'avatar_url'), ''), 500),
+    v_birth,
+    nullif(regexp_replace(coalesce(p_payload->>'cpf',''), '\D', '', 'g'), ''),
+    left(nullif(trim(p_payload->>'rg'), ''), 20),
+    v_genero, v_estado_civil,
+    left(nullif(trim(p_payload->>'profissao'), ''), 120),
+    left(nullif(trim(p_payload->>'escolaridade'), ''), 120),
+    left(nullif(trim(p_payload->>'nacionalidade'), ''), 80),
+    left(nullif(trim(p_payload->>'naturalidade'), ''), 120),
+    nullif(regexp_replace(coalesce(p_payload->>'cep',''), '\D', '', 'g'), ''),
+    left(nullif(trim(p_payload->>'pais'), ''), 60),
+    left(nullif(trim(p_payload->>'cidade'), ''), 120),
+    left(nullif(trim(p_payload->>'estado'), ''), 2),
+    left(nullif(trim(p_payload->>'endereco'), ''), 200),
+    left(nullif(trim(p_payload->>'numero'), ''), 20),
+    left(nullif(trim(p_payload->>'complemento'), ''), 120),
+    left(nullif(trim(p_payload->>'bairro'), ''), 120),
+    left(nullif(trim(p_payload->>'observacoes'), ''), 2000),
+    left(nullif(trim(p_payload->>'encaminhado_por'), ''), 120),
+    left(nullif(trim(p_payload->>'onde_nos_conheceu'), ''), 80)
+  )
+  RETURNING id INTO v_intake_id;
+
+  UPDATE public.patient_invites
+    SET uses = uses + 1
+  WHERE token = p_token;
+
+  -- Log de sucesso (best-effort, não propaga erro)
+  BEGIN
+    INSERT INTO public.patient_invite_attempts (token, ok, client_info, owner_id, tenant_id)
+    VALUES (p_token, true, v_clean_info, v_owner_id, v_tenant_id);
+  EXCEPTION WHEN OTHERS THEN NULL; END;
+
+  RETURN v_intake_id;
+END;
+$_$;
+
+
+--
+-- Name: FUNCTION create_patient_intake_request_v2(p_token text, p_payload jsonb, p_client_info text); Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON FUNCTION public.create_patient_intake_request_v2(p_token text, p_payload jsonb, p_client_info text) IS 'Hardened 2026-04-18: valida active/expires/max_uses + incrementa uses; sanitiza todos os campos (trim, length, regex); resolve tenant_id; rejeita notas_internas; exige consent=true; registra cada tentativa em patient_invite_attempts (A#24).';
+
+
 --
 -- Name: create_support_session(uuid, integer); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -2719,6 +3223,52 @@ $$;
 COMMENT ON FUNCTION public.debit_addon_credit(p_tenant_id uuid, p_addon_type text, p_queue_id uuid, p_description text) IS 'Debita 1 cr??dito de add-on. Verifica saldo, rate limits e expira????o.';
 
 
+--
+-- Name: deduct_whatsapp_credits(uuid, integer, bigint, text); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.deduct_whatsapp_credits(p_tenant_id uuid, p_amount integer, p_conversation_message_id bigint DEFAULT NULL::bigint, p_note text DEFAULT NULL::text) RETURNS integer
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_new_balance INT;
+    v_row RECORD;
+BEGIN
+    IF p_amount <= 0 THEN
+        RAISE EXCEPTION 'amount must be positive';
+    END IF;
+
+    -- Lock a linha e valida saldo
+    SELECT balance, low_balance_threshold
+        INTO v_row
+        FROM public.whatsapp_credits_balance
+        WHERE tenant_id = p_tenant_id
+        FOR UPDATE;
+
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'insufficient_credits';
+    END IF;
+    IF v_row.balance < p_amount THEN
+        RAISE EXCEPTION 'insufficient_credits';
+    END IF;
+
+    UPDATE public.whatsapp_credits_balance
+        SET balance = balance - p_amount,
+            lifetime_used = lifetime_used + p_amount
+        WHERE tenant_id = p_tenant_id
+        RETURNING balance INTO v_new_balance;
+
+    INSERT INTO public.whatsapp_credits_transactions
+        (tenant_id, kind, amount, balance_after, conversation_message_id, note)
+    VALUES
+        (p_tenant_id, 'usage', -p_amount, v_new_balance, p_conversation_message_id, p_note);
+
+    RETURN v_new_balance;
+END;
+$$;
+
+
 --
 -- Name: delete_commitment_full(uuid, uuid); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -2867,6 +3417,63 @@ end;
 $$;
 
 
+--
+-- Name: delete_plan_safe(uuid); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.delete_plan_safe(p_plan_id uuid) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+  v_active_count int;
+  v_plan_key     text;
+BEGIN
+  IF auth.uid() IS NULL THEN
+    RAISE EXCEPTION 'Não autenticado' USING ERRCODE = '28000';
+  END IF;
+
+  IF NOT public.is_saas_admin() THEN
+    RAISE EXCEPTION 'Apenas saas_admin pode deletar planos' USING ERRCODE = '42501';
+  END IF;
+
+  IF p_plan_id IS NULL THEN
+    RAISE EXCEPTION 'plan_id obrigatório' USING ERRCODE = '22023';
+  END IF;
+
+  SELECT key INTO v_plan_key FROM public.plans WHERE id = p_plan_id;
+  IF v_plan_key IS NULL THEN
+    RAISE EXCEPTION 'plano não encontrado' USING ERRCODE = '22023';
+  END IF;
+
+  SELECT COUNT(*) INTO v_active_count
+  FROM public.subscriptions
+  WHERE plan_id = p_plan_id
+    AND status = 'active';
+
+  IF v_active_count > 0 THEN
+    RAISE EXCEPTION 'Plano % tem % assinatura(s) ativa(s); migre os tenants antes de deletar.',
+      v_plan_key, v_active_count
+      USING ERRCODE = 'P0001';
+  END IF;
+
+  -- desativa preços ativos antes de deletar
+  UPDATE public.plan_prices
+     SET is_active = false,
+         active_to = now()
+   WHERE plan_id = p_plan_id
+     AND is_active = true;
+
+  DELETE FROM public.plans WHERE id = p_plan_id;
+
+  RETURN jsonb_build_object(
+    'deleted',  true,
+    'plan_key', v_plan_key
+  );
+END;
+$$;
+
+
 --
 -- Name: dev_list_auth_users(integer); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -3017,6 +3624,20 @@ end;
 $_$;
 
 
+--
+-- Name: dev_set_updated_at(); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.dev_set_updated_at() RETURNS trigger
+    LANGUAGE plpgsql
+    AS $$
+BEGIN
+  NEW.updated_at := now();
+  RETURN NEW;
+END;
+$$;
+
+
 --
 -- Name: ensure_personal_tenant(); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -3103,6 +3724,313 @@ end;
 $$;
 
 
+--
+-- Name: export_patient_data(uuid); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.export_patient_data(p_patient_id uuid) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_patient RECORD;
+    v_tenant_id UUID;
+    v_caller UUID;
+    v_is_member BOOLEAN;
+    v_result JSONB;
+BEGIN
+    v_caller := auth.uid();
+    IF v_caller IS NULL THEN
+        RAISE EXCEPTION 'Autenticacao obrigatoria' USING ERRCODE = '28000';
+    END IF;
+
+    -- carrega paciente
+    SELECT * INTO v_patient FROM public.patients WHERE id = p_patient_id;
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'Paciente nao encontrado' USING ERRCODE = 'P0002';
+    END IF;
+
+    v_tenant_id := v_patient.tenant_id;
+
+    -- verifica se caller e membro ativo do tenant do paciente
+    SELECT EXISTS (
+        SELECT 1 FROM public.tenant_members tm
+        WHERE tm.tenant_id = v_tenant_id
+          AND tm.user_id = v_caller
+          AND tm.status = 'active'
+    ) OR public.is_saas_admin() INTO v_is_member;
+
+    IF NOT v_is_member THEN
+        RAISE EXCEPTION 'Sem permissao para exportar dados deste paciente' USING ERRCODE = '42501';
+    END IF;
+
+    -- monta o payload
+    v_result := jsonb_build_object(
+        'export_metadata', jsonb_build_object(
+            'generated_at', now(),
+            'generated_by', v_caller,
+            'tenant_id', v_tenant_id,
+            'patient_id', p_patient_id,
+            'lgpd_basis', 'Art. 18, II - portabilidade dos dados do titular',
+            'controller', 'AgenciaPSI - Clinica responsavel',
+            'format_version', '1.0'
+        ),
+        'paciente', to_jsonb(v_patient),
+        'contatos', COALESCE((
+            SELECT jsonb_agg(to_jsonb(pc) ORDER BY pc.created_at)
+            FROM public.patient_contacts pc
+            WHERE pc.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'contatos_apoio', COALESCE((
+            SELECT jsonb_agg(to_jsonb(psc) ORDER BY psc.created_at)
+            FROM public.patient_support_contacts psc
+            WHERE psc.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'historico_status', COALESCE((
+            SELECT jsonb_agg(to_jsonb(psh) ORDER BY psh.alterado_em)
+            FROM public.patient_status_history psh
+            WHERE psh.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'timeline', COALESCE((
+            SELECT jsonb_agg(to_jsonb(pt) ORDER BY pt.ocorrido_em)
+            FROM public.patient_timeline pt
+            WHERE pt.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'descontos', COALESCE((
+            SELECT jsonb_agg(to_jsonb(pd) ORDER BY pd.created_at)
+            FROM public.patient_discounts pd
+            WHERE pd.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'eventos_agenda', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', ae.id,
+                    'tipo', ae.tipo,
+                    'inicio_em', ae.inicio_em,
+                    'fim_em', ae.fim_em,
+                    'status', ae.status,
+                    'observacoes', ae.observacoes,
+                    'created_at', ae.created_at
+                ) ORDER BY ae.inicio_em
+            )
+            FROM public.agenda_eventos ae
+            WHERE ae.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'registros_financeiros', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', fr.id,
+                    'amount', fr.amount,
+                    'discount_amount', fr.discount_amount,
+                    'final_amount', fr.final_amount,
+                    'status', fr.status,
+                    'due_date', fr.due_date,
+                    'paid_at', fr.paid_at,
+                    'payment_method', fr.payment_method,
+                    'notes', fr.notes,
+                    'created_at', fr.created_at
+                ) ORDER BY fr.created_at
+            )
+            FROM public.financial_records fr
+            WHERE fr.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'documentos', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', d.id,
+                    'nome_original', d.nome_original,
+                    'tipo_documento', d.tipo_documento,
+                    'categoria', d.categoria,
+                    'descricao', d.descricao,
+                    'mime_type', d.mime_type,
+                    'tamanho_bytes', d.tamanho_bytes,
+                    'status_revisao', d.status_revisao,
+                    'visibilidade', d.visibilidade,
+                    'uploaded_at', d.uploaded_at,
+                    'created_at', d.created_at
+                ) ORDER BY d.created_at
+            )
+            FROM public.documents d
+            WHERE d.patient_id = p_patient_id AND d.deleted_at IS NULL
+        ), '[]'::jsonb),
+        'notificacoes_enviadas', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', nl.id,
+                    'channel', nl.channel,
+                    'template_key', nl.template_key,
+                    'recipient_address', nl.recipient_address,
+                    'status', nl.status,
+                    'sent_at', nl.sent_at,
+                    'delivered_at', nl.delivered_at,
+                    'read_at', nl.read_at,
+                    'failure_reason', nl.failure_reason,
+                    'created_at', nl.created_at
+                ) ORDER BY nl.created_at
+            )
+            FROM public.notification_logs nl
+            WHERE nl.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'audit_trail', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', al.id,
+                    'action', al.action,
+                    'entity_type', al.entity_type,
+                    'changed_fields', al.changed_fields,
+                    'user_id', al.user_id,
+                    'created_at', al.created_at
+                ) ORDER BY al.created_at
+            )
+            FROM public.audit_logs al
+            WHERE al.tenant_id = v_tenant_id
+              AND al.entity_type = 'patients'
+              AND al.entity_id = p_patient_id::text
+        ), '[]'::jsonb),
+        'acessos_a_documentos', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', dal.id,
+                    'documento_id', dal.documento_id,
+                    'acao', dal.acao,
+                    'user_id', dal.user_id,
+                    'acessado_em', dal.acessado_em
+                ) ORDER BY dal.acessado_em
+            )
+            FROM public.document_access_logs dal
+            WHERE dal.documento_id IN (
+                SELECT id FROM public.documents WHERE patient_id = p_patient_id
+            )
+        ), '[]'::jsonb),
+        'grupos', COALESCE((
+            SELECT jsonb_agg(jsonb_build_object('patient_group_id', pgp.patient_group_id))
+            FROM public.patient_group_patient pgp
+            WHERE pgp.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'tags', COALESCE((
+            SELECT jsonb_agg(jsonb_build_object('tag_id', ppt.tag_id))
+            FROM public.patient_patient_tag ppt
+            WHERE ppt.patient_id = p_patient_id
+        ), '[]'::jsonb)
+    );
+
+    -- registra o export como evento auditavel
+    INSERT INTO public.audit_logs (
+        tenant_id, user_id, entity_type, entity_id, action,
+        old_values, new_values, changed_fields, metadata
+    ) VALUES (
+        v_tenant_id, v_caller, 'patients', p_patient_id::text, 'update',
+        NULL, NULL, ARRAY['__lgpd_export__'],
+        jsonb_build_object(
+            'action_kind', 'lgpd_export',
+            'lgpd_basis', 'Art. 18, II',
+            'patient_name', v_patient.nome_completo
+        )
+    );
+
+    RETURN v_result;
+END;
+$$;
+
+
+--
+-- Name: FUNCTION export_patient_data(p_patient_id uuid); Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON FUNCTION public.export_patient_data(p_patient_id uuid) IS 'LGPD Art. 18, II - exporta todos os dados do paciente em jsonb portavel. Registra evento em audit_logs.';
+
+
+--
+-- Name: fanout_inbound_message_to_notifications(); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.fanout_inbound_message_to_notifications() RETURNS trigger
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_target_user UUID;
+    v_title TEXT;
+    v_detail TEXT;
+    v_initials TEXT;
+    v_deeplink TEXT;
+    v_patient_name TEXT;
+    v_payload JSONB;
+BEGIN
+    -- so processa inbound
+    IF NEW.direction <> 'inbound' THEN
+        RETURN NEW;
+    END IF;
+
+    -- busca nome do paciente (se vinculado)
+    IF NEW.patient_id IS NOT NULL THEN
+        SELECT nome_completo INTO v_patient_name FROM public.patients WHERE id = NEW.patient_id;
+    END IF;
+
+    -- titulo e detalhes
+    v_title := COALESCE(v_patient_name, NEW.from_number, 'Desconhecido');
+    v_detail := COALESCE(left(NEW.body, 100), '[mensagem sem texto]');
+
+    -- iniciais
+    IF v_patient_name IS NOT NULL THEN
+        v_initials := upper(left(v_patient_name, 1)) ||
+                      COALESCE(upper(left(split_part(v_patient_name, ' ', 2), 1)), '');
+    ELSE
+        v_initials := '?';
+    END IF;
+
+    -- deeplink para a pagina de conversas (clinic padrao; therapist tambem funciona via mesma rota na area dele)
+    v_deeplink := '/admin/conversas';
+
+    v_payload := jsonb_build_object(
+        'title', v_title,
+        'detail', v_detail,
+        'avatar_initials', v_initials,
+        'deeplink', v_deeplink,
+        'channel', NEW.channel,
+        'conversation_message_id', NEW.id,
+        'patient_id', NEW.patient_id,
+        'from_number', NEW.from_number
+    );
+
+    -- ─── decide destinatarios ─────────────────────────────────────────────
+
+    -- Caso 1: paciente vinculado e tem responsible_member_id
+    IF NEW.patient_id IS NOT NULL THEN
+        SELECT tm.user_id INTO v_target_user
+        FROM public.patients p
+        JOIN public.tenant_members tm ON tm.id = p.responsible_member_id
+        WHERE p.id = NEW.patient_id
+          AND tm.status = 'active'
+        LIMIT 1;
+
+        IF v_target_user IS NOT NULL THEN
+            INSERT INTO public.notifications (owner_id, tenant_id, type, ref_id, ref_table, payload)
+            VALUES (v_target_user, NEW.tenant_id, 'inbound_message', NULL, 'conversation_messages', v_payload);
+            RETURN NEW;
+        END IF;
+    END IF;
+
+    -- Caso 2: fallback — fan-out pra todos tenant_admin/clinic_admin/therapist ativos
+    INSERT INTO public.notifications (owner_id, tenant_id, type, ref_id, ref_table, payload)
+    SELECT tm.user_id, NEW.tenant_id, 'inbound_message', NULL, 'conversation_messages', v_payload
+    FROM public.tenant_members tm
+    WHERE tm.tenant_id = NEW.tenant_id
+      AND tm.status = 'active'
+      AND tm.role IN ('clinic_admin', 'tenant_admin', 'therapist');
+
+    RETURN NEW;
+END;
+$$;
+
+
+--
+-- Name: FUNCTION fanout_inbound_message_to_notifications(); Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON FUNCTION public.fanout_inbound_message_to_notifications() IS 'Cria registros em notifications pra members apropriados quando chega mensagem inbound. Respeita responsible_member do paciente.';
+
+
 --
 -- Name: faq_votar(uuid); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -3118,6 +4046,26 @@ CREATE FUNCTION public.faq_votar(faq_id uuid) RETURNS void
 $$;
 
 
+--
+-- Name: financial_records_inject_tenant(); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.financial_records_inject_tenant() RETURNS trigger
+    LANGUAGE plpgsql
+    AS $$
+BEGIN
+  IF NEW.tenant_id IS NULL AND NEW.owner_id IS NOT NULL THEN
+    SELECT tm.tenant_id INTO NEW.tenant_id
+    FROM public.tenant_members tm
+    WHERE tm.user_id = NEW.owner_id AND tm.status = 'active'
+    ORDER BY tm.created_at DESC
+    LIMIT 1;
+  END IF;
+  RETURN NEW;
+END;
+$$;
+
+
 --
 -- Name: fix_all_subscription_mismatches(); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -3244,6 +4192,64 @@ END;
 $$;
 
 
+--
+-- Name: generate_math_challenge(); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.generate_math_challenge() RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_a    integer;
+    v_b    integer;
+    v_op   text;
+    v_ans  integer;
+    v_q    text;
+    v_id   uuid;
+BEGIN
+    v_a := 1 + floor(random() * 9)::int;
+    v_b := 1 + floor(random() * 9)::int;
+    v_op := (ARRAY['+','-','*'])[1 + floor(random() * 3)::int];
+
+    -- garantir resultado positivo na subtração
+    IF v_op = '-' AND v_b > v_a THEN
+        v_a := v_a + v_b;
+    END IF;
+
+    v_ans := CASE v_op
+        WHEN '+' THEN v_a + v_b
+        WHEN '-' THEN v_a - v_b
+        WHEN '*' THEN v_a * v_b
+    END;
+
+    v_q := format('Quanto é %s %s %s?', v_a, v_op, v_b);
+
+    INSERT INTO math_challenges (question, answer)
+    VALUES (v_q, v_ans)
+    RETURNING id INTO v_id;
+
+    RETURN jsonb_build_object('id', v_id, 'question', v_q);
+END;
+$$;
+
+
+--
+-- Name: get_entity_primary_phone(text, uuid); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.get_entity_primary_phone(p_entity_type text, p_entity_id uuid) RETURNS text
+    LANGUAGE sql STABLE SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+    SELECT number FROM public.contact_phones
+    WHERE entity_type = p_entity_type
+      AND entity_id = p_entity_id
+    ORDER BY is_primary DESC, position ASC, created_at ASC
+    LIMIT 1;
+$$;
+
+
 --
 -- Name: get_financial_report(uuid, date, date, text); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -3401,6 +4407,163 @@ CREATE FUNCTION public.get_my_email() RETURNS text
 $$;
 
 
+--
+-- Name: get_patient_intake_invite_info(text); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.get_patient_intake_invite_info(p_token text) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_token_clean text;
+    v_invite      RECORD;
+    v_result      jsonb;
+BEGIN
+    v_token_clean := nullif(trim(coalesce(p_token, '')), '');
+    IF v_token_clean IS NULL THEN
+        RETURN jsonb_build_object('error', 'missing-token');
+    END IF;
+
+    SELECT pi.owner_id, pi.tenant_id, pi.active, pi.expires_at, pi.max_uses, pi.uses
+      INTO v_invite
+      FROM public.patient_invites pi
+     WHERE pi.token = v_token_clean
+     LIMIT 1;
+
+    IF v_invite.owner_id IS NULL THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    IF v_invite.active IS DISTINCT FROM true THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    IF v_invite.expires_at IS NOT NULL AND v_invite.expires_at < now() THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    IF v_invite.max_uses IS NOT NULL AND v_invite.uses >= v_invite.max_uses THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    SELECT jsonb_build_object(
+        'therapist', jsonb_build_object(
+            'display_name',      coalesce(
+                                     nullif(trim(p.full_name), ''),
+                                     nullif(trim(p.nickname), ''),
+                                     'Profissional'
+                                 ),
+            'avatar_url',        nullif(trim(coalesce(p.avatar_url, '')), ''),
+            'work_description',  nullif(trim(coalesce(p.work_description, '')), ''),
+            'bio',               nullif(trim(coalesce(p.bio, '')), ''),
+            'phone',             nullif(trim(coalesce(p.phone, '')), ''),
+            'site_url',          nullif(trim(coalesce(p.site_url, '')), ''),
+            'instagram',         nullif(trim(coalesce(p.social_instagram, '')), '')
+        ),
+        'clinic', CASE
+            WHEN cp.tenant_id IS NOT NULL THEN jsonb_build_object(
+                'name',       nullif(trim(coalesce(cp.nome_fantasia, '')), ''),
+                'logo_url',   nullif(trim(coalesce(cp.logo_url, '')), ''),
+                'email',      nullif(trim(coalesce(cp.email, '')), ''),
+                'phone',      nullif(trim(coalesce(cp.telefone, '')), ''),
+                'site',       nullif(trim(coalesce(cp.site, '')), ''),
+                'city',       nullif(trim(coalesce(cp.cidade, '')), ''),
+                'state',      nullif(trim(coalesce(cp.estado, '')), ''),
+                'neighborhood', nullif(trim(coalesce(cp.bairro, '')), ''),
+                'street',     nullif(trim(coalesce(cp.logradouro, '')), ''),
+                'number',     nullif(trim(coalesce(cp.numero, '')), ''),
+                'social',     coalesce(cp.redes_sociais, '[]'::jsonb)
+            )
+            ELSE NULL
+        END
+    )
+    INTO v_result
+    FROM public.profiles p
+    LEFT JOIN public.company_profiles cp ON cp.tenant_id = v_invite.tenant_id
+    WHERE p.id = v_invite.owner_id
+    LIMIT 1;
+
+    IF v_result IS NULL THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    RETURN jsonb_build_object('ok', true, 'info', v_result);
+END;
+$$;
+
+
+--
+-- Name: FUNCTION get_patient_intake_invite_info(p_token text); Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON FUNCTION public.get_patient_intake_invite_info(p_token text) IS 'A#31 — Lookup público read-only (via edge function) dos dados de apresentação do terapeuta/clínica dono do link de cadastro externo. Só retorna campos não-sensíveis.';
+
+
+--
+-- Name: get_patient_session_counts(uuid[]); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.get_patient_session_counts(p_patient_ids uuid[]) RETURNS TABLE(patient_id uuid, session_count integer, last_session_at timestamp with time zone)
+    LANGUAGE sql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+    SELECT
+        ae.patient_id,
+        COUNT(*)::int                AS session_count,
+        MAX(ae.inicio_em)            AS last_session_at
+    FROM public.agenda_eventos ae
+    WHERE ae.patient_id = ANY(p_patient_ids)
+      AND ae.tenant_id IN (
+          SELECT tm.tenant_id
+          FROM public.tenant_members tm
+          WHERE tm.user_id = auth.uid()
+            AND tm.status = 'active'
+      )
+    GROUP BY ae.patient_id;
+$$;
+
+
+--
+-- Name: get_twilio_config(); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.get_twilio_config() RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    cfg saas_twilio_config%ROWTYPE;
+BEGIN
+    -- Permite quem é saas_admin (UI) ou quando chamado via service_role (edge function)
+    -- coalesce protege de NULL (auth.role() pode ser NULL fora de contexto JWT)
+    IF NOT (public.is_saas_admin() OR coalesce(auth.role(), '') = 'service_role') THEN
+        RAISE EXCEPTION 'Sem permissão' USING ERRCODE = '42501';
+    END IF;
+
+    SELECT * INTO cfg FROM saas_twilio_config WHERE id = true;
+    IF NOT FOUND THEN
+        RETURN jsonb_build_object(
+            'account_sid',          NULL,
+            'whatsapp_webhook_url', NULL,
+            'usd_brl_rate',         5.5,
+            'margin_multiplier',    1.4
+        );
+    END IF;
+
+    RETURN jsonb_build_object(
+        'account_sid',          cfg.account_sid,
+        'whatsapp_webhook_url', cfg.whatsapp_webhook_url,
+        'usd_brl_rate',         cfg.usd_brl_rate,
+        'margin_multiplier',    cfg.margin_multiplier,
+        'notes',                cfg.notes,
+        'updated_at',           cfg.updated_at,
+        'updated_by',           cfg.updated_by
+    );
+END;
+$$;
+
+
 --
 -- Name: guard_account_type_immutable(); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -3686,6 +4849,63 @@ CREATE FUNCTION public.is_therapist_tenant(_tenant_id uuid) RETURNS boolean
 $$;
 
 
+--
+-- Name: issue_patient_invite(); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.issue_patient_invite() RETURNS text
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+  v_uid        uuid;
+  v_tenant_id  uuid;
+  v_token      text;
+  v_existing   text;
+BEGIN
+  v_uid := auth.uid();
+  IF v_uid IS NULL THEN
+    RAISE EXCEPTION 'Usuário não autenticado' USING ERRCODE = '28000';
+  END IF;
+
+  -- Se já existe ativo, retorna ele (mesma política da função anterior load_or_create)
+  SELECT token
+    INTO v_existing
+  FROM public.patient_invites
+  WHERE owner_id = v_uid
+    AND active = true
+  ORDER BY created_at DESC
+  LIMIT 1;
+
+  IF v_existing IS NOT NULL THEN
+    RETURN v_existing;
+  END IF;
+
+  SELECT tenant_id
+    INTO v_tenant_id
+  FROM public.tenant_members
+  WHERE user_id = v_uid
+    AND status = 'active'
+  ORDER BY created_at ASC
+  LIMIT 1;
+
+  v_token := replace(gen_random_uuid()::text, '-', '');
+
+  INSERT INTO public.patient_invites (owner_id, tenant_id, token, active)
+  VALUES (v_uid, v_tenant_id, v_token, true);
+
+  RETURN v_token;
+END;
+$$;
+
+
+--
+-- Name: FUNCTION issue_patient_invite(); Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON FUNCTION public.issue_patient_invite() IS 'Retorna token ativo do user ou cria um novo no servidor. Remove necessidade de gerar token no cliente.';
+
+
 --
 -- Name: jwt_email(); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -3720,6 +4940,84 @@ CREATE FUNCTION public.list_financial_records(p_owner_id uuid, p_year integer DE
 $$;
 
 
+--
+-- Name: log_audit_change(); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.log_audit_change() RETURNS trigger
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_tenant_id UUID;
+    v_entity_id TEXT;
+    v_old JSONB;
+    v_new JSONB;
+    v_changed TEXT[];
+    v_heavy_fields TEXT[] := ARRAY[
+        'content', 'content_html', 'content_json', 'raw_data',
+        'signature_data', 'pdf_blob', 'binary', 'body_html', 'body_text'
+    ];
+    v_noise_fields TEXT[] := ARRAY['updated_at', 'last_seen_at', 'last_activity_at'];
+BEGIN
+    IF TG_OP = 'DELETE' THEN
+        v_tenant_id := OLD.tenant_id;
+        v_entity_id := OLD.id::TEXT;
+        v_old := to_jsonb(OLD) - v_heavy_fields;
+        v_new := NULL;
+    ELSIF TG_OP = 'INSERT' THEN
+        v_tenant_id := NEW.tenant_id;
+        v_entity_id := NEW.id::TEXT;
+        v_old := NULL;
+        v_new := to_jsonb(NEW) - v_heavy_fields;
+    ELSE -- UPDATE
+        v_tenant_id := NEW.tenant_id;
+        v_entity_id := NEW.id::TEXT;
+        v_old := to_jsonb(OLD) - v_heavy_fields;
+        v_new := to_jsonb(NEW) - v_heavy_fields;
+
+        -- calcular campos realmente alterados
+        SELECT array_agg(key ORDER BY key) INTO v_changed
+        FROM jsonb_each(to_jsonb(NEW)) AS kv(key, value)
+        WHERE (to_jsonb(OLD))->kv.key IS DISTINCT FROM kv.value;
+
+        -- se nada mudou, ignora
+        IF v_changed IS NULL THEN
+            RETURN NEW;
+        END IF;
+
+        -- se mudou apenas campos de ruido (ex: updated_at), ignora
+        IF v_changed <@ v_noise_fields THEN
+            RETURN NEW;
+        END IF;
+    END IF;
+
+    INSERT INTO public.audit_logs (
+        tenant_id, user_id, entity_type, entity_id, action,
+        old_values, new_values, changed_fields
+    ) VALUES (
+        v_tenant_id,
+        auth.uid(),
+        TG_TABLE_NAME,
+        v_entity_id,
+        lower(TG_OP),
+        v_old,
+        v_new,
+        v_changed
+    );
+
+    RETURN COALESCE(NEW, OLD);
+END;
+$$;
+
+
+--
+-- Name: FUNCTION log_audit_change(); Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON FUNCTION public.log_audit_change() IS 'Trigger generica de audit. Filtra campos pesados (content, signature_data) e ruido (updated_at).';
+
+
 --
 -- Name: mark_as_paid(uuid, text); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -3812,6 +5110,53 @@ $$;
 COMMENT ON FUNCTION public.mark_payout_as_paid(p_payout_id uuid) IS 'Marca um repasse de terapeuta como pago. Apenas o tenant_admin pode chamar. Apenas repasses com status=pending podem ser finalizados.';
 
 
+--
+-- Name: match_patient_by_phone(uuid, text); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.match_patient_by_phone(p_tenant_id uuid, p_phone text) RETURNS uuid
+    LANGUAGE plpgsql STABLE SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_normalized TEXT;
+    v_patient_id UUID;
+BEGIN
+    v_normalized := public.normalize_phone_br(p_phone);
+    IF v_normalized IS NULL OR length(v_normalized) < 10 THEN
+        RETURN NULL;
+    END IF;
+
+    -- prioridade: telefone principal, depois alternativo, depois responsavel
+    SELECT id INTO v_patient_id FROM public.patients
+    WHERE tenant_id = p_tenant_id
+      AND public.normalize_phone_br(telefone) = v_normalized
+    LIMIT 1;
+    IF v_patient_id IS NOT NULL THEN RETURN v_patient_id; END IF;
+
+    SELECT id INTO v_patient_id FROM public.patients
+    WHERE tenant_id = p_tenant_id
+      AND public.normalize_phone_br(telefone_alternativo) = v_normalized
+    LIMIT 1;
+    IF v_patient_id IS NOT NULL THEN RETURN v_patient_id; END IF;
+
+    SELECT id INTO v_patient_id FROM public.patients
+    WHERE tenant_id = p_tenant_id
+      AND public.normalize_phone_br(telefone_responsavel) = v_normalized
+    LIMIT 1;
+
+    RETURN v_patient_id;
+END;
+$$;
+
+
+--
+-- Name: FUNCTION match_patient_by_phone(p_tenant_id uuid, p_phone text); Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON FUNCTION public.match_patient_by_phone(p_tenant_id uuid, p_phone text) IS 'Encontra patient_id do tenant cujo telefone (principal/alternativo/responsavel) bate com o numero.';
+
+
 --
 -- Name: my_tenants(); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -3830,6 +5175,43 @@ CREATE FUNCTION public.my_tenants() RETURNS TABLE(tenant_id uuid, role text, sta
 $$;
 
 
+--
+-- Name: normalize_phone_br(text); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.normalize_phone_br(p_phone text) RETURNS text
+    LANGUAGE plpgsql IMMUTABLE
+    AS $$
+DECLARE
+    v_digits TEXT;
+BEGIN
+    IF p_phone IS NULL THEN RETURN NULL; END IF;
+
+    -- remove tudo que nao seja digito
+    v_digits := regexp_replace(p_phone, '\D', '', 'g');
+
+    -- remove DDI 55 se tem 12+ digitos (+55 + DDD + numero)
+    IF length(v_digits) >= 12 AND left(v_digits, 2) = '55' THEN
+        v_digits := substr(v_digits, 3);
+    END IF;
+
+    -- pega os ultimos 11 digitos (DDD + 9digito + 8numero) ou 10 (DDD + 8numero)
+    IF length(v_digits) > 11 THEN
+        v_digits := right(v_digits, 11);
+    END IF;
+
+    RETURN v_digits;
+END;
+$$;
+
+
+--
+-- Name: FUNCTION normalize_phone_br(p_phone text); Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON FUNCTION public.normalize_phone_br(p_phone text) IS 'Normaliza telefone BR para os ultimos 11 digitos (DDD+numero), removendo DDI +55 e formatacao.';
+
+
 --
 -- Name: notice_track_click(uuid); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -4430,6 +5812,80 @@ end;
 $$;
 
 
+--
+-- Name: record_submission_attempt(text, text, boolean, text, text, text, text, jsonb); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.record_submission_attempt(p_endpoint text, p_ip_hash text, p_success boolean, p_blocked_by text DEFAULT NULL::text, p_error_code text DEFAULT NULL::text, p_error_msg text DEFAULT NULL::text, p_user_agent text DEFAULT NULL::text, p_metadata jsonb DEFAULT NULL::jsonb) RETURNS void
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    cfg            saas_security_config%ROWTYPE;
+    v_now          timestamptz := now();
+    v_window_start timestamptz;
+    rl             submission_rate_limits%ROWTYPE;
+BEGIN
+    -- Log sempre (mesmo sem ip)
+    INSERT INTO public_submission_attempts
+        (endpoint, ip_hash, success, blocked_by, error_code, error_msg, user_agent, metadata)
+    VALUES
+        (p_endpoint, p_ip_hash, p_success, p_blocked_by,
+         left(coalesce(p_error_code, ''), 80),
+         left(coalesce(p_error_msg, ''), 500),
+         left(coalesce(p_user_agent, ''), 500),
+         p_metadata);
+
+    -- Sem ip ou rate limit desligado: não atualiza contador
+    IF p_ip_hash IS NULL OR length(btrim(p_ip_hash)) = 0 THEN RETURN; END IF;
+
+    SELECT * INTO cfg FROM saas_security_config WHERE id = true;
+    IF NOT FOUND OR NOT cfg.rate_limit_enabled THEN RETURN; END IF;
+
+    v_window_start := v_now - (cfg.rate_limit_window_min || ' minutes')::interval;
+
+    SELECT * INTO rl
+      FROM submission_rate_limits
+     WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+
+    IF NOT FOUND THEN
+        INSERT INTO submission_rate_limits
+            (ip_hash, endpoint, attempt_count, fail_count, window_start, last_attempt_at)
+        VALUES
+            (p_ip_hash, p_endpoint, 1, CASE WHEN p_success THEN 0 ELSE 1 END, v_now, v_now);
+    ELSE
+        IF rl.window_start < v_window_start THEN
+            -- Reset janela
+            UPDATE submission_rate_limits
+               SET attempt_count = 1,
+                   fail_count = CASE WHEN p_success THEN 0 ELSE 1 END,
+                   window_start = v_now,
+                   last_attempt_at = v_now,
+                   blocked_until = NULL
+             WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+        ELSE
+            UPDATE submission_rate_limits
+               SET attempt_count = attempt_count + 1,
+                   fail_count = fail_count + CASE WHEN p_success THEN 0 ELSE 1 END,
+                   last_attempt_at = v_now
+             WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+        END IF;
+
+        -- Se atingiu threshold de captcha condicional, marca
+        IF NOT p_success THEN
+            SELECT * INTO rl FROM submission_rate_limits WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+            IF rl.fail_count >= cfg.captcha_after_failures
+               AND (rl.requires_captcha_until IS NULL OR rl.requires_captcha_until < v_now) THEN
+                UPDATE submission_rate_limits
+                   SET requires_captcha_until = v_now + (cfg.captcha_required_window_min || ' minutes')::interval
+                 WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+            END IF;
+        END IF;
+    END IF;
+END;
+$$;
+
+
 --
 -- Name: revoke_support_session(text); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -4495,6 +5951,58 @@ end;
 $$;
 
 
+--
+-- Name: rotate_patient_invite_token_v2(); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.rotate_patient_invite_token_v2() RETURNS text
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+  v_uid        uuid;
+  v_tenant_id  uuid;
+  v_new_token  text;
+BEGIN
+  v_uid := auth.uid();
+  IF v_uid IS NULL THEN
+    RAISE EXCEPTION 'Usuário não autenticado' USING ERRCODE = '28000';
+  END IF;
+
+  -- Token gerado no servidor (criptograficamente seguro via pgcrypto)
+  v_new_token := replace(gen_random_uuid()::text, '-', '');
+
+  -- Resolve tenant_id do usuário (active)
+  SELECT tenant_id
+    INTO v_tenant_id
+  FROM public.tenant_members
+  WHERE user_id = v_uid
+    AND status = 'active'
+  ORDER BY created_at ASC
+  LIMIT 1;
+
+  -- Desativa tokens ativos anteriores
+  UPDATE public.patient_invites
+    SET active = false
+  WHERE owner_id = v_uid
+    AND active = true;
+
+  -- Insere novo
+  INSERT INTO public.patient_invites (owner_id, tenant_id, token, active)
+  VALUES (v_uid, v_tenant_id, v_new_token, true);
+
+  RETURN v_new_token;
+END;
+$$;
+
+
+--
+-- Name: FUNCTION rotate_patient_invite_token_v2(); Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON FUNCTION public.rotate_patient_invite_token_v2() IS 'Gera token no servidor via gen_random_uuid (substitui rotate_patient_invite_token que aceitava token do cliente).';
+
+
 --
 -- Name: saas_votar_doc(uuid, boolean); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -4617,6 +6125,231 @@ CREATE FUNCTION public.sanitize_phone_br(raw_phone text) RETURNS text
   END; $$;
 
 
+--
+-- Name: search_global(text, text[], integer); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.search_global(p_q text, p_scope text[] DEFAULT NULL::text[], p_limit integer DEFAULT 8) RETURNS jsonb
+    LANGUAGE plpgsql STABLE
+    SET search_path TO 'public', 'pg_temp'
+    AS $_$
+DECLARE
+    v_q            text;
+    v_pattern      text;
+    v_limit        int;
+    v_patients     jsonb := '[]'::jsonb;
+    v_appointments jsonb := '[]'::jsonb;
+    v_documents    jsonb := '[]'::jsonb;
+    v_services     jsonb := '[]'::jsonb;
+    v_intakes      jsonb := '[]'::jsonb;
+BEGIN
+    -- Sanitize + length guards
+    v_q := nullif(btrim(coalesce(p_q, '')), '');
+    IF v_q IS NULL OR length(v_q) < 2 THEN
+        RETURN jsonb_build_object(
+            'patients',     '[]'::jsonb,
+            'appointments', '[]'::jsonb,
+            'documents',    '[]'::jsonb,
+            'services',     '[]'::jsonb,
+            'intakes',      '[]'::jsonb
+        );
+    END IF;
+    v_q := left(v_q, 80);
+    v_pattern := '%' || v_q || '%';
+    v_limit := GREATEST(1, LEAST(coalesce(p_limit, 8), 20));
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Pacientes
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'patients' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                p.id,
+                p.nome_completo,
+                p.email_principal,
+                p.telefone,
+                p.avatar_url,
+                GREATEST(
+                    similarity(coalesce(p.nome_completo,   ''), v_q),
+                    similarity(coalesce(p.email_principal, ''), v_q) * 0.7,
+                    similarity(coalesce(p.telefone,        ''), v_q) * 0.5,
+                    similarity(coalesce(p.cpf,             ''), v_q) * 0.6
+                ) AS score
+            FROM public.patients p
+            WHERE p.nome_completo   ILIKE v_pattern
+               OR p.email_principal ILIKE v_pattern
+               OR p.telefone        ILIKE v_pattern
+               OR p.cpf             ILIKE v_pattern
+            ORDER BY score DESC, p.nome_completo ASC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',         id,
+            'label',      nome_completo,
+            'sublabel',   coalesce(nullif(email_principal, ''), nullif(telefone, ''), ''),
+            'avatar_url', avatar_url,
+            'deeplink',   '/therapist/patients/cadastro/' || id::text,
+            'score',      round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_patients
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Agendamentos (com nome do paciente via join)
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'appointments' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                e.id,
+                coalesce(nullif(e.titulo_custom, ''), nullif(e.titulo, ''), 'Sessão') AS label,
+                e.inicio_em,
+                pat.nome_completo AS patient_name,
+                GREATEST(
+                    similarity(coalesce(e.titulo,        ''), v_q),
+                    similarity(coalesce(e.titulo_custom, ''), v_q),
+                    similarity(coalesce(pat.nome_completo, ''), v_q) * 0.9
+                ) AS score
+            FROM public.agenda_eventos e
+            LEFT JOIN public.patients pat ON pat.id = e.patient_id
+            WHERE e.titulo          ILIKE v_pattern
+               OR e.titulo_custom   ILIKE v_pattern
+               OR pat.nome_completo ILIKE v_pattern
+            ORDER BY score DESC, e.inicio_em DESC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    label,
+            'sublabel', trim(both ' · ' from
+                            coalesce(patient_name, '') || ' · '
+                            || to_char(inicio_em, 'DD/MM/YYYY HH24:MI')),
+            'deeplink', '/therapist/agenda?event=' || id::text,
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_appointments
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Documentos
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'documents' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                d.id,
+                d.patient_id,
+                d.nome_original,
+                d.tipo_documento,
+                pat.nome_completo AS patient_name,
+                GREATEST(
+                    similarity(coalesce(d.nome_original, ''), v_q),
+                    similarity(coalesce(d.descricao,     ''), v_q) * 0.7
+                ) AS score
+            FROM public.documents d
+            LEFT JOIN public.patients pat ON pat.id = d.patient_id
+            WHERE d.nome_original ILIKE v_pattern
+               OR d.descricao     ILIKE v_pattern
+            ORDER BY score DESC, d.nome_original ASC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    nome_original,
+            'sublabel', trim(both ' · ' from
+                            coalesce(patient_name, '') || ' · '
+                            || coalesce(tipo_documento, '')),
+            'deeplink', '/therapist/patients/' || patient_id::text || '/documents',
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_documents
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Serviços (ativos)
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'services' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                s.id,
+                s.name,
+                s.price,
+                s.duration_min,
+                GREATEST(
+                    similarity(coalesce(s.name,        ''), v_q),
+                    similarity(coalesce(s.description, ''), v_q) * 0.7
+                ) AS score
+            FROM public.services s
+            WHERE s.active IS TRUE
+              AND (s.name        ILIKE v_pattern
+                OR s.description ILIKE v_pattern)
+            ORDER BY score DESC, s.name ASC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    name,
+            'sublabel', trim(both ' · ' from
+                            'R$ ' || to_char(price, 'FM999G999G990D00') || ' · '
+                            || coalesce(duration_min::text || ' min', '')),
+            'deeplink', '/configuracoes/precificacao',
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_services
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Intakes pendentes (patient_intake_requests com status='new')
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'intakes' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                r.id,
+                r.nome_completo,
+                r.email_principal,
+                r.telefone,
+                r.created_at,
+                GREATEST(
+                    similarity(coalesce(r.nome_completo,   ''), v_q),
+                    similarity(coalesce(r.email_principal, ''), v_q) * 0.7,
+                    similarity(coalesce(r.telefone,        ''), v_q) * 0.5
+                ) AS score
+            FROM public.patient_intake_requests r
+            WHERE r.status = 'new'
+              AND (r.nome_completo   ILIKE v_pattern
+                OR r.email_principal ILIKE v_pattern
+                OR r.telefone        ILIKE v_pattern)
+            ORDER BY score DESC, r.created_at DESC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    coalesce(nullif(trim(nome_completo), ''), '(sem nome)'),
+            'sublabel', trim(both ' · ' from
+                            coalesce(nullif(email_principal, ''), nullif(telefone, ''), '') || ' · '
+                            || 'recebido ' || to_char(created_at, 'DD/MM/YYYY')),
+            'deeplink', '/therapist/patients/cadastro/recebidos?id=' || id::text,
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_intakes
+        FROM ranked;
+    END IF;
+
+    RETURN jsonb_build_object(
+        'patients',     v_patients,
+        'appointments', v_appointments,
+        'documents',    v_documents,
+        'services',     v_services,
+        'intakes',      v_intakes
+    );
+END;
+$_$;
+
+
+--
+-- Name: FUNCTION search_global(p_q text, p_scope text[], p_limit integer); Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON FUNCTION public.search_global(p_q text, p_scope text[], p_limit integer) IS 'Busca global do topbar — retorna jsonb agrupado por entidade. SECURITY INVOKER (RLS do chamador aplica).';
+
+
 --
 -- Name: seed_default_financial_categories(uuid); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -4898,33 +6631,132 @@ $$;
 -- Name: set_tenant_feature_exception(uuid, text, boolean, text); Type: FUNCTION; Schema: public; Owner: -
 --
 
-CREATE FUNCTION public.set_tenant_feature_exception(p_tenant_id uuid, p_feature_key text, p_enabled boolean, p_reason text DEFAULT NULL::text) RETURNS void
+CREATE FUNCTION public.set_tenant_feature_exception(p_tenant_id uuid, p_feature_key text, p_enabled boolean, p_reason text DEFAULT NULL::text) RETURNS jsonb
     LANGUAGE plpgsql SECURITY DEFINER
-    AS $$
-begin
-  -- ??? S?? owner ou admin do tenant podem alterar features
-  if not exists (
-    select 1 from public.tenant_members
-    where tenant_id = p_tenant_id
-      and user_id = auth.uid()
-      and role in ('owner', 'admin')
-      and status = 'active'
-  ) then
-    raise exception 'Acesso negado: apenas owner/admin pode alterar features do tenant.';
-  end if;
+    SET search_path TO 'public'
+    AS $_$
+DECLARE
+  v_caller         uuid := auth.uid();
+  v_is_saas        boolean := public.is_saas_admin();
+  v_is_tenant_adm  boolean;
+  v_plan_allows    boolean;
+  v_feature_key    text;
+  v_reason         text;
+  v_is_exception   boolean;
+BEGIN
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Sanitização (padrão V#31)
+  -- ───────────────────────────────────────────────────────────────────────
+  IF v_caller IS NULL THEN
+    RAISE EXCEPTION 'Não autenticado' USING ERRCODE = '28000';
+  END IF;
 
-  insert into public.tenant_features (tenant_id, feature_key, enabled)
-  values (p_tenant_id, p_feature_key, p_enabled)
-  on conflict (tenant_id, feature_key)
-  do update set enabled = excluded.enabled;
+  IF p_tenant_id IS NULL THEN
+    RAISE EXCEPTION 'tenant_id obrigatório' USING ERRCODE = '22023';
+  END IF;
 
-  insert into public.tenant_feature_exceptions_log (
-    tenant_id, feature_key, enabled, reason, created_by
-  ) values (
-    p_tenant_id, p_feature_key, p_enabled, p_reason, auth.uid()
+  IF p_enabled IS NULL THEN
+    RAISE EXCEPTION 'enabled obrigatório' USING ERRCODE = '22023';
+  END IF;
+
+  v_feature_key := nullif(btrim(coalesce(p_feature_key, '')), '');
+  IF v_feature_key IS NULL THEN
+    RAISE EXCEPTION 'feature_key obrigatório' USING ERRCODE = '22023';
+  END IF;
+  IF length(v_feature_key) > 80 THEN
+    RAISE EXCEPTION 'feature_key inválido (>80)' USING ERRCODE = '22023';
+  END IF;
+  IF v_feature_key !~ '^[a-z][a-z0-9_.]*$' THEN
+    RAISE EXCEPTION 'feature_key formato inválido' USING ERRCODE = '22023';
+  END IF;
+
+  v_reason := nullif(btrim(coalesce(p_reason, '')), '');
+  IF v_reason IS NOT NULL AND length(v_reason) > 500 THEN
+    v_reason := substring(v_reason FROM 1 FOR 500);
+  END IF;
+
+  IF NOT EXISTS (SELECT 1 FROM public.features WHERE key = v_feature_key) THEN
+    RAISE EXCEPTION 'feature_key desconhecida: %', v_feature_key USING ERRCODE = '22023';
+  END IF;
+
+  IF NOT EXISTS (SELECT 1 FROM public.tenants WHERE id = p_tenant_id) THEN
+    RAISE EXCEPTION 'tenant não encontrado' USING ERRCODE = '22023';
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Plano permite essa feature?
+  -- ───────────────────────────────────────────────────────────────────────
+  SELECT EXISTS (
+    SELECT 1
+    FROM public.v_tenant_entitlements vte
+    WHERE vte.tenant_id = p_tenant_id
+      AND vte.feature_key = v_feature_key
+  ) INTO v_plan_allows;
+
+  v_is_exception := (p_enabled = true AND NOT v_plan_allows);
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Caller é tenant_admin desse tenant?
+  -- ───────────────────────────────────────────────────────────────────────
+  v_is_tenant_adm := EXISTS (
+    SELECT 1 FROM public.tenant_members tm
+    WHERE tm.tenant_id = p_tenant_id
+      AND tm.user_id   = v_caller
+      AND tm.status    = 'active'
+      AND tm.role IN ('tenant_admin','admin','owner')
   );
-end;
-$$;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Autorização (assimétrica — V#34 Opção B2)
+  -- ───────────────────────────────────────────────────────────────────────
+  IF v_is_exception THEN
+    -- Override positivo fora do plano = exceção comercial
+    IF NOT v_is_saas THEN
+      RAISE EXCEPTION 'Apenas saas_admin pode liberar feature fora do plano' USING ERRCODE = '42501';
+    END IF;
+    IF v_reason IS NULL THEN
+      RAISE EXCEPTION 'reason obrigatório para exceção comercial' USING ERRCODE = '22023';
+    END IF;
+  ELSE
+    -- Demais casos: tenant_admin OR saas_admin
+    IF NOT (v_is_saas OR v_is_tenant_adm) THEN
+      RAISE EXCEPTION 'Sem permissão para alterar features deste tenant' USING ERRCODE = '42501';
+    END IF;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Persistência: bypass controlado do trigger guard quando é exceção
+  -- (escopo de transação via SET LOCAL — só esta RPC vê)
+  -- ───────────────────────────────────────────────────────────────────────
+  IF v_is_exception THEN
+    PERFORM set_config('app.allow_feature_exception', 'true', true);
+  END IF;
+
+  INSERT INTO public.tenant_features (tenant_id, feature_key, enabled, updated_at)
+  VALUES (p_tenant_id, v_feature_key, p_enabled, now())
+  ON CONFLICT (tenant_id, feature_key)
+  DO UPDATE SET enabled = EXCLUDED.enabled, updated_at = now();
+
+  -- Restaura flag (defensivo — SET LOCAL já é por transação, mas explicito)
+  IF v_is_exception THEN
+    PERFORM set_config('app.allow_feature_exception', 'false', true);
+  END IF;
+
+  INSERT INTO public.tenant_feature_exceptions_log
+    (tenant_id, feature_key, enabled, reason, created_by)
+  VALUES
+    (p_tenant_id, v_feature_key, p_enabled, v_reason, v_caller);
+
+  RETURN jsonb_build_object(
+    'tenant_id',    p_tenant_id,
+    'feature_key',  v_feature_key,
+    'enabled',      p_enabled,
+    'plan_allows',  v_plan_allows,
+    'is_exception', v_is_exception,
+    'reason',       v_reason
+  );
+END;
+$_$;
 
 
 --
@@ -5254,6 +7086,122 @@ end;
 $$;
 
 
+--
+-- Name: sync_legacy_email_fields(); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.sync_legacy_email_fields() RETURNS trigger
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_entity_type TEXT;
+    v_entity_id UUID;
+    v_primary TEXT;
+    v_secondary TEXT;
+BEGIN
+    IF TG_OP = 'DELETE' THEN
+        v_entity_type := OLD.entity_type;
+        v_entity_id := OLD.entity_id;
+    ELSE
+        v_entity_type := NEW.entity_type;
+        v_entity_id := NEW.entity_id;
+    END IF;
+
+    SELECT email INTO v_primary
+        FROM public.contact_emails
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+        ORDER BY is_primary DESC, position ASC, created_at ASC
+        LIMIT 1;
+
+    SELECT email INTO v_secondary
+        FROM public.contact_emails
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+          AND is_primary = false
+        ORDER BY position ASC, created_at ASC
+        OFFSET 0
+        LIMIT 1;
+
+    IF v_entity_type = 'patient' THEN
+        UPDATE public.patients
+            SET email_principal = v_primary,
+                email_alternativo = v_secondary
+            WHERE id = v_entity_id;
+    ELSIF v_entity_type = 'medico' THEN
+        UPDATE public.medicos
+            SET email = v_primary
+            WHERE id = v_entity_id;
+    END IF;
+
+    IF TG_OP = 'DELETE' THEN RETURN OLD; ELSE RETURN NEW; END IF;
+END;
+$$;
+
+
+--
+-- Name: sync_legacy_phone_fields(); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.sync_legacy_phone_fields() RETURNS trigger
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_entity_type TEXT;
+    v_entity_id UUID;
+    v_primary TEXT;
+    v_secondary TEXT;
+    v_whatsapp_slug TEXT;
+    v_whatsapp TEXT;
+BEGIN
+    -- Identifica entidade afetada (pode ser OLD em delete)
+    IF TG_OP = 'DELETE' THEN
+        v_entity_type := OLD.entity_type;
+        v_entity_id := OLD.entity_id;
+    ELSE
+        v_entity_type := NEW.entity_type;
+        v_entity_id := NEW.entity_id;
+    END IF;
+
+    -- Pega primary (ou primeiro)
+    SELECT number INTO v_primary
+        FROM public.contact_phones
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+        ORDER BY is_primary DESC, position ASC, created_at ASC
+        LIMIT 1;
+
+    -- Pega segundo (depois do primary)
+    SELECT number INTO v_secondary
+        FROM public.contact_phones
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+          AND is_primary = false
+        ORDER BY position ASC, created_at ASC
+        OFFSET 0
+        LIMIT 1;
+
+    -- Sincroniza campos legados
+    IF v_entity_type = 'patient' THEN
+        UPDATE public.patients
+            SET telefone = v_primary,
+                telefone_alternativo = v_secondary
+            WHERE id = v_entity_id;
+    ELSIF v_entity_type = 'medico' THEN
+        -- Medicos: telefone_profissional = primary; telefone_pessoal = secundario
+        UPDATE public.medicos
+            SET telefone_profissional = v_primary,
+                telefone_pessoal = v_secondary
+            WHERE id = v_entity_id;
+    END IF;
+
+    IF TG_OP = 'DELETE' THEN
+        RETURN OLD;
+    ELSE
+        RETURN NEW;
+    END IF;
+END;
+$$;
+
+
 --
 -- Name: sync_overdue_financial_records(); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -5490,32 +7438,39 @@ $$;
 CREATE FUNCTION public.tenant_features_guard_with_plan() RETURNS trigger
     LANGUAGE plpgsql
     AS $$
-declare
-  v_allowed boolean;
-begin
-  -- s?? valida quando est?? habilitando
-  if new.enabled is distinct from true then
-    return new;
-  end if;
+DECLARE
+  v_allowed   boolean;
+  v_bypass    text;
+BEGIN
+  -- Só valida quando está habilitando
+  IF new.enabled IS DISTINCT FROM true THEN
+    RETURN new;
+  END IF;
 
-  -- permitido pelo plano do tenant?
-  select exists (
-    select 1
-    from public.v_tenant_entitlements_full v
-    where v.tenant_id = new.tenant_id
-      and v.feature_key = new.feature_key
-      and v.allowed = true
-  )
-  into v_allowed;
+  -- Bypass autorizado: setado pela RPC set_tenant_feature_exception
+  -- após validar que o caller é saas_admin com reason.
+  v_bypass := current_setting('app.allow_feature_exception', true);
+  IF v_bypass = 'true' THEN
+    RETURN new;
+  END IF;
 
-  if not v_allowed then
-    raise exception 'Feature % n??o permitida pelo plano atual do tenant %.',
+  -- Permitido pelo plano do tenant?
+  SELECT EXISTS (
+    SELECT 1
+    FROM public.v_tenant_entitlements_full v
+    WHERE v.tenant_id = new.tenant_id
+      AND v.feature_key = new.feature_key
+      AND v.allowed = true
+  ) INTO v_allowed;
+
+  IF NOT v_allowed THEN
+    RAISE EXCEPTION 'Feature % não permitida pelo plano atual do tenant %.',
       new.feature_key, new.tenant_id
-      using errcode = 'P0001';
-  end if;
+      USING ERRCODE = 'P0001';
+  END IF;
 
-  return new;
-end;
+  RETURN new;
+END;
 $$;
 
 
@@ -6200,6 +8155,63 @@ END;
 $$;
 
 
+--
+-- Name: update_twilio_config(text, text, numeric, numeric, text); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.update_twilio_config(p_account_sid text DEFAULT NULL::text, p_whatsapp_webhook_url text DEFAULT NULL::text, p_usd_brl_rate numeric DEFAULT NULL::numeric, p_margin_multiplier numeric DEFAULT NULL::numeric, p_notes text DEFAULT NULL::text) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $_$
+DECLARE
+    v_caller         uuid := auth.uid();
+    v_account_sid    text;
+    v_webhook_url    text;
+    v_notes          text;
+BEGIN
+    IF v_caller IS NULL THEN
+        RAISE EXCEPTION 'Não autenticado' USING ERRCODE = '28000';
+    END IF;
+    IF NOT public.is_saas_admin() THEN
+        RAISE EXCEPTION 'Apenas saas_admin pode atualizar config Twilio' USING ERRCODE = '42501';
+    END IF;
+
+    -- Sanitização
+    v_account_sid := nullif(btrim(coalesce(p_account_sid, '')), '');
+    v_webhook_url := nullif(btrim(coalesce(p_whatsapp_webhook_url, '')), '');
+    v_notes       := nullif(btrim(coalesce(p_notes, '')), '');
+
+    IF v_account_sid IS NOT NULL AND v_account_sid !~ '^AC[a-zA-Z0-9]{32}$' THEN
+        RAISE EXCEPTION 'account_sid inválido (esperado AC + 32 chars)' USING ERRCODE = '22023';
+    END IF;
+    IF v_webhook_url IS NOT NULL AND v_webhook_url !~ '^https?://' THEN
+        RAISE EXCEPTION 'webhook_url deve começar com http(s)://' USING ERRCODE = '22023';
+    END IF;
+    IF p_usd_brl_rate IS NOT NULL AND (p_usd_brl_rate <= 0 OR p_usd_brl_rate >= 100) THEN
+        RAISE EXCEPTION 'usd_brl_rate fora da faixa (0..100)' USING ERRCODE = '22023';
+    END IF;
+    IF p_margin_multiplier IS NOT NULL AND (p_margin_multiplier < 1 OR p_margin_multiplier > 10) THEN
+        RAISE EXCEPTION 'margin_multiplier fora da faixa (1..10)' USING ERRCODE = '22023';
+    END IF;
+    IF v_notes IS NOT NULL AND length(v_notes) > 1000 THEN
+        v_notes := substring(v_notes FROM 1 FOR 1000);
+    END IF;
+
+    UPDATE saas_twilio_config
+       SET account_sid          = COALESCE(v_account_sid, account_sid),
+           whatsapp_webhook_url = COALESCE(v_webhook_url, whatsapp_webhook_url),
+           usd_brl_rate         = COALESCE(p_usd_brl_rate, usd_brl_rate),
+           margin_multiplier    = COALESCE(p_margin_multiplier, margin_multiplier),
+           notes                = COALESCE(v_notes, notes),
+           updated_at           = now(),
+           updated_by           = v_caller
+     WHERE id = true;
+
+    RETURN public.get_twilio_config();
+END;
+$_$;
+
+
 --
 -- Name: user_has_feature(uuid, text); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -6217,6 +8229,62 @@ CREATE FUNCTION public.user_has_feature(_user_id uuid, _feature text) RETURNS bo
 $$;
 
 
+--
+-- Name: validate_share_token(text); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.validate_share_token(p_token text) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    sl document_share_links%ROWTYPE;
+    v_doc documents%ROWTYPE;
+    v_token text;
+BEGIN
+    v_token := nullif(btrim(coalesce(p_token, '')), '');
+    IF v_token IS NULL THEN
+        RAISE EXCEPTION 'token obrigatório' USING ERRCODE = '22023';
+    END IF;
+
+    SELECT * INTO sl FROM document_share_links WHERE token = v_token LIMIT 1;
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'Token inválido' USING ERRCODE = '28000';
+    END IF;
+    IF sl.ativo IS NOT TRUE THEN
+        RAISE EXCEPTION 'Link desativado' USING ERRCODE = '28000';
+    END IF;
+    IF sl.expira_em IS NOT NULL AND sl.expira_em < now() THEN
+        RAISE EXCEPTION 'Link expirado' USING ERRCODE = '28000';
+    END IF;
+    IF sl.usos_max IS NOT NULL AND sl.usos >= sl.usos_max THEN
+        RAISE EXCEPTION 'Limite de uso atingido' USING ERRCODE = '28000';
+    END IF;
+
+    UPDATE document_share_links SET usos = usos + 1 WHERE id = sl.id;
+
+    BEGIN
+        INSERT INTO document_access_logs (document_id, tenant_id, action, share_link_id)
+        SELECT sl.document_id, d.tenant_id, 'shared_link_access', sl.id
+        FROM documents d WHERE d.id = sl.document_id;
+    EXCEPTION WHEN OTHERS THEN
+        NULL;
+    END;
+
+    SELECT * INTO v_doc FROM documents WHERE id = sl.document_id;
+
+    RETURN jsonb_build_object(
+        'document_id',    sl.document_id,
+        'bucket',         v_doc.storage_bucket,
+        'bucket_path',    v_doc.bucket_path,
+        'nome_original',  v_doc.nome_original,
+        'mime_type',      v_doc.mime_type,
+        'tamanho_bytes',  v_doc.tamanho_bytes
+    );
+END;
+$$;
+
+
 --
 -- Name: validate_support_session(text); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -6250,6 +8318,31 @@ END;
 $$;
 
 
+--
+-- Name: verify_math_challenge(uuid, integer); Type: FUNCTION; Schema: public; Owner: -
+--
+
+CREATE FUNCTION public.verify_math_challenge(p_id uuid, p_answer integer) RETURNS boolean
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    mc math_challenges%ROWTYPE;
+BEGIN
+    IF p_id IS NULL OR p_answer IS NULL THEN RETURN false; END IF;
+
+    SELECT * INTO mc FROM math_challenges WHERE id = p_id;
+    IF NOT FOUND OR mc.used OR mc.expires_at < now() THEN
+        RETURN false;
+    END IF;
+
+    UPDATE math_challenges SET used = true WHERE id = p_id;
+
+    RETURN mc.answer = p_answer;
+END;
+$$;
+
+
 --
 -- Name: whoami(); Type: FUNCTION; Schema: public; Owner: -
 --
@@ -8547,7 +10640,10 @@ CREATE TABLE public.addon_credits (
     expires_at timestamp with time zone,
     is_active boolean DEFAULT true,
     created_at timestamp with time zone DEFAULT now(),
-    updated_at timestamp with time zone DEFAULT now()
+    updated_at timestamp with time zone DEFAULT now(),
+    CONSTRAINT addon_credits_balance_nonneg_chk CHECK ((balance >= 0)),
+    CONSTRAINT addon_credits_consumed_nonneg_chk CHECK ((total_consumed >= 0)),
+    CONSTRAINT addon_credits_purchased_nonneg_chk CHECK ((total_purchased >= 0))
 );
 
 
@@ -8985,6 +11081,257 @@ CREATE TABLE public.agendador_solicitacoes (
 );
 
 
+--
+-- Name: audit_logs; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.audit_logs (
+    id bigint NOT NULL,
+    tenant_id uuid NOT NULL,
+    user_id uuid,
+    entity_type text NOT NULL,
+    entity_id text,
+    action text NOT NULL,
+    old_values jsonb,
+    new_values jsonb,
+    changed_fields text[],
+    metadata jsonb DEFAULT '{}'::jsonb NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT audit_logs_action_check CHECK ((action = ANY (ARRAY['insert'::text, 'update'::text, 'delete'::text])))
+);
+
+ALTER TABLE ONLY public.audit_logs FORCE ROW LEVEL SECURITY;
+
+
+--
+-- Name: TABLE audit_logs; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.audit_logs IS 'Registro imutavel de operacoes de tratamento (LGPD Art. 37). INSERT apenas via trigger SECURITY DEFINER.';
+
+
+--
+-- Name: COLUMN audit_logs.old_values; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.audit_logs.old_values IS 'Estado anterior (jsonb); NULL em INSERT; campos pesados removidos';
+
+
+--
+-- Name: COLUMN audit_logs.new_values; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.audit_logs.new_values IS 'Estado posterior (jsonb); NULL em DELETE; campos pesados removidos';
+
+
+--
+-- Name: COLUMN audit_logs.changed_fields; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.audit_logs.changed_fields IS 'Lista de campos alterados em UPDATE (NULL em INSERT/DELETE)';
+
+
+--
+-- Name: document_access_logs; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.document_access_logs (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    documento_id uuid NOT NULL,
+    tenant_id uuid NOT NULL,
+    acao text NOT NULL,
+    user_id uuid,
+    ip inet,
+    user_agent text,
+    acessado_em timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT dal_acao_check CHECK ((acao = ANY (ARRAY['visualizou'::text, 'baixou'::text, 'imprimiu'::text, 'compartilhou'::text, 'assinou'::text])))
+);
+
+
+--
+-- Name: TABLE document_access_logs; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.document_access_logs IS 'Log imutavel de acessos a documentos. Conformidade CFP e LGPD. Sem UPDATE/DELETE.';
+
+
+--
+-- Name: COLUMN document_access_logs.acao; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.document_access_logs.acao IS 'visualizou|baixou|imprimiu|compartilhou|assinou.';
+
+
+--
+-- Name: notification_logs; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.notification_logs (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid NOT NULL,
+    owner_id uuid NOT NULL,
+    queue_id uuid,
+    agenda_evento_id uuid,
+    patient_id uuid NOT NULL,
+    channel text NOT NULL,
+    template_key text NOT NULL,
+    schedule_key text,
+    recipient_address text NOT NULL,
+    resolved_message text,
+    resolved_vars jsonb,
+    status text NOT NULL,
+    provider text,
+    provider_message_id text,
+    provider_status text,
+    provider_response jsonb,
+    sent_at timestamp with time zone,
+    delivered_at timestamp with time zone,
+    read_at timestamp with time zone,
+    failed_at timestamp with time zone,
+    failure_reason text,
+    estimated_cost_brl numeric(8,4) DEFAULT 0,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT notification_logs_status_check CHECK ((status = ANY (ARRAY['sent'::text, 'delivered'::text, 'read'::text, 'failed'::text, 'bounced'::text, 'opted_out'::text])))
+);
+
+
+--
+-- Name: patient_status_history; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.patient_status_history (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    patient_id uuid NOT NULL,
+    tenant_id uuid NOT NULL,
+    status_anterior text,
+    status_novo text NOT NULL,
+    motivo text,
+    encaminhado_para text,
+    data_saida date,
+    alterado_por uuid,
+    alterado_em timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT psh_status_novo_check CHECK ((status_novo = ANY (ARRAY['Ativo'::text, 'Inativo'::text, 'Alta'::text, 'Encaminhado'::text, 'Arquivado'::text])))
+);
+
+
+--
+-- Name: TABLE patient_status_history; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.patient_status_history IS 'Histórico imutável de todas as mudanças de status do paciente — não editar, apenas inserir';
+
+
+--
+-- Name: audit_log_unified; Type: VIEW; Schema: public; Owner: -
+--
+
+CREATE VIEW public.audit_log_unified WITH (security_invoker='true') AS
+ SELECT ('audit:'::text || (al.id)::text) AS uid,
+    al.tenant_id,
+    al.user_id,
+    al.entity_type,
+    al.entity_id,
+    al.action,
+        CASE al.action
+            WHEN 'insert'::text THEN ('Criou '::text || al.entity_type)
+            WHEN 'update'::text THEN (('Alterou '::text || al.entity_type) || COALESCE(((' ('::text || array_to_string(al.changed_fields, ', '::text)) || ')'::text), ''::text))
+            WHEN 'delete'::text THEN ('Excluiu '::text || al.entity_type)
+            ELSE NULL::text
+        END AS description,
+    al.created_at AS occurred_at,
+    'audit_logs'::text AS source,
+    jsonb_build_object('old_values', al.old_values, 'new_values', al.new_values, 'changed_fields', al.changed_fields) AS details
+   FROM public.audit_logs al
+UNION ALL
+ SELECT ('doc_access:'::text || (dal.id)::text) AS uid,
+    dal.tenant_id,
+    dal.user_id,
+    'document'::text AS entity_type,
+    (dal.documento_id)::text AS entity_id,
+    dal.acao AS action,
+        CASE dal.acao
+            WHEN 'visualizou'::text THEN 'Visualizou documento'::text
+            WHEN 'baixou'::text THEN 'Baixou documento'::text
+            WHEN 'imprimiu'::text THEN 'Imprimiu documento'::text
+            WHEN 'compartilhou'::text THEN 'Compartilhou documento'::text
+            WHEN 'assinou'::text THEN 'Assinou documento'::text
+            ELSE dal.acao
+        END AS description,
+    dal.acessado_em AS occurred_at,
+    'document_access_logs'::text AS source,
+    jsonb_build_object('ip', (dal.ip)::text, 'user_agent', dal.user_agent) AS details
+   FROM public.document_access_logs dal
+UNION ALL
+ SELECT ('psh:'::text || (psh.id)::text) AS uid,
+    psh.tenant_id,
+    psh.alterado_por AS user_id,
+    'patient_status'::text AS entity_type,
+    (psh.patient_id)::text AS entity_id,
+    'status_change'::text AS action,
+    (((('Status do paciente: '::text || COALESCE(psh.status_anterior, '—'::text)) || ' → '::text) || psh.status_novo) || COALESCE(((' ('::text || psh.motivo) || ')'::text), ''::text)) AS description,
+    psh.alterado_em AS occurred_at,
+    'patient_status_history'::text AS source,
+    jsonb_build_object('status_anterior', psh.status_anterior, 'status_novo', psh.status_novo, 'motivo', psh.motivo, 'encaminhado_para', psh.encaminhado_para, 'data_saida', psh.data_saida) AS details
+   FROM public.patient_status_history psh
+UNION ALL
+ SELECT ('notif:'::text || (nl.id)::text) AS uid,
+    nl.tenant_id,
+    nl.owner_id AS user_id,
+    'notification'::text AS entity_type,
+    (nl.patient_id)::text AS entity_id,
+    nl.status AS action,
+    (((('Notificação '::text || nl.channel) || ' '::text) || nl.status) || COALESCE((' para '::text || nl.recipient_address), ''::text)) AS description,
+    nl.created_at AS occurred_at,
+    'notification_logs'::text AS source,
+    jsonb_build_object('channel', nl.channel, 'template_key', nl.template_key, 'status', nl.status, 'provider', nl.provider, 'failure_reason', nl.failure_reason) AS details
+   FROM public.notification_logs nl
+UNION ALL
+ SELECT ('addon:'::text || (at.id)::text) AS uid,
+    at.tenant_id,
+    at.admin_user_id AS user_id,
+    'addon_transaction'::text AS entity_type,
+    (at.id)::text AS entity_id,
+    at.type AS action,
+        CASE at.type
+            WHEN 'purchase'::text THEN ((('Compra de '::text || at.amount) || ' créditos de '::text) || at.addon_type)
+            WHEN 'consumption'::text THEN ((('Consumo de '::text || abs(at.amount)) || ' crédito(s) '::text) || at.addon_type)
+            WHEN 'adjustment'::text THEN ('Ajuste de créditos '::text || at.addon_type)
+            WHEN 'refund'::text THEN ((('Reembolso de '::text || abs(at.amount)) || ' créditos '::text) || at.addon_type)
+            ELSE ((at.type || ' '::text) || at.addon_type)
+        END AS description,
+    at.created_at AS occurred_at,
+    'addon_transactions'::text AS source,
+    jsonb_build_object('addon_type', at.addon_type, 'amount', at.amount, 'balance_after', at.balance_after, 'price_cents', at.price_cents, 'payment_reference', at.payment_reference) AS details
+   FROM public.addon_transactions at;
+
+
+--
+-- Name: VIEW audit_log_unified; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON VIEW public.audit_log_unified IS 'Timeline unificada de eventos auditaveis (LGPD). Herda RLS das tabelas base via security_invoker.';
+
+
+--
+-- Name: audit_logs_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.audit_logs_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: audit_logs_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.audit_logs_id_seq OWNED BY public.audit_logs.id;
+
+
 --
 -- Name: billing_contracts; Type: TABLE; Schema: public; Owner: -
 --
@@ -9081,6 +11428,673 @@ CREATE TABLE public.company_profiles (
 );
 
 
+--
+-- Name: contact_email_types; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.contact_email_types (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid,
+    name text NOT NULL,
+    slug text NOT NULL,
+    icon text,
+    is_system boolean DEFAULT false NOT NULL,
+    "position" integer DEFAULT 100 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT contact_email_types_name_check CHECK (((length(name) > 0) AND (length(name) <= 40))),
+    CONSTRAINT contact_email_types_slug_check CHECK ((slug ~ '^[a-z0-9_-]{1,40}$'::text))
+);
+
+
+--
+-- Name: TABLE contact_email_types; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.contact_email_types IS 'Tipos de email (Principal, Comercial, Pessoal, ...). System (tenant_id NULL) + custom.';
+
+
+--
+-- Name: contact_emails; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.contact_emails (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid NOT NULL,
+    entity_type text NOT NULL,
+    entity_id uuid NOT NULL,
+    contact_email_type_id uuid NOT NULL,
+    email text NOT NULL,
+    is_primary boolean DEFAULT false NOT NULL,
+    notes text,
+    "position" integer DEFAULT 100 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT contact_emails_email_check CHECK ((email ~* '^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}$'::text)),
+    CONSTRAINT contact_emails_entity_type_check CHECK ((entity_type = ANY (ARRAY['patient'::text, 'medico'::text])))
+);
+
+
+--
+-- Name: TABLE contact_emails; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.contact_emails IS 'Emails polimorficos (patients, medicos, ...). Max 1 primary por entidade. Triggers sincronizam campos legados.';
+
+
+--
+-- Name: contact_phones; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.contact_phones (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid NOT NULL,
+    entity_type text NOT NULL,
+    entity_id uuid NOT NULL,
+    contact_type_id uuid NOT NULL,
+    number text NOT NULL,
+    is_primary boolean DEFAULT false NOT NULL,
+    whatsapp_linked_at timestamp with time zone,
+    notes text,
+    "position" integer DEFAULT 100 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT contact_phones_entity_type_check CHECK ((entity_type = ANY (ARRAY['patient'::text, 'medico'::text]))),
+    CONSTRAINT contact_phones_number_check CHECK ((number ~ '^\d{8,15}$'::text))
+);
+
+
+--
+-- Name: TABLE contact_phones; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.contact_phones IS 'Telefones polimorficos (patients, medicos, ...). Max 1 primary por entidade. Triggers sincronizam campos legados.';
+
+
+--
+-- Name: contact_types; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.contact_types (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid,
+    name text NOT NULL,
+    slug text NOT NULL,
+    icon text,
+    is_mobile boolean DEFAULT true NOT NULL,
+    is_system boolean DEFAULT false NOT NULL,
+    "position" integer DEFAULT 100 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT contact_types_name_check CHECK (((length(name) > 0) AND (length(name) <= 40))),
+    CONSTRAINT contact_types_slug_check CHECK ((slug ~ '^[a-z0-9_-]{1,40}$'::text))
+);
+
+
+--
+-- Name: TABLE contact_types; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.contact_types IS 'Tipos de contato (Celular, Fixo, WhatsApp, ...). System (tenant_id NULL) visiveis a todos; custom por tenant.';
+
+
+--
+-- Name: conversation_autoreply_log; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.conversation_autoreply_log (
+    id bigint NOT NULL,
+    tenant_id uuid NOT NULL,
+    thread_key text NOT NULL,
+    sent_at timestamp with time zone DEFAULT now() NOT NULL,
+    message_id uuid
+);
+
+
+--
+-- Name: TABLE conversation_autoreply_log; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.conversation_autoreply_log IS 'Log de auto-replies enviados. Usado pra respeitar cooldown por thread.';
+
+
+--
+-- Name: conversation_autoreply_log_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.conversation_autoreply_log_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: conversation_autoreply_log_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.conversation_autoreply_log_id_seq OWNED BY public.conversation_autoreply_log.id;
+
+
+--
+-- Name: conversation_autoreply_settings; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.conversation_autoreply_settings (
+    tenant_id uuid NOT NULL,
+    enabled boolean DEFAULT false NOT NULL,
+    message text DEFAULT 'Olá! Nosso horário de atendimento acabou. Retornaremos sua mensagem assim que possível. Obrigado!'::text NOT NULL,
+    cooldown_minutes integer DEFAULT 180 NOT NULL,
+    schedule_mode text DEFAULT 'agenda'::text NOT NULL,
+    business_hours jsonb DEFAULT '[]'::jsonb NOT NULL,
+    custom_window jsonb DEFAULT '[]'::jsonb NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT conversation_autoreply_settings_cooldown_minutes_check CHECK (((cooldown_minutes >= 0) AND (cooldown_minutes <= 43200))),
+    CONSTRAINT conversation_autoreply_settings_message_check CHECK (((length(message) > 0) AND (length(message) <= 2000))),
+    CONSTRAINT conversation_autoreply_settings_schedule_mode_check CHECK ((schedule_mode = ANY (ARRAY['agenda'::text, 'business_hours'::text, 'custom'::text])))
+);
+
+
+--
+-- Name: TABLE conversation_autoreply_settings; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.conversation_autoreply_settings IS 'Configuracao por tenant do auto-reply fora do horario.';
+
+
+--
+-- Name: conversation_messages; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.conversation_messages (
+    id bigint NOT NULL,
+    tenant_id uuid NOT NULL,
+    patient_id uuid,
+    channel text NOT NULL,
+    direction text NOT NULL,
+    from_number text,
+    to_number text,
+    body text,
+    media_url text,
+    media_mime text,
+    provider text NOT NULL,
+    provider_message_id text,
+    provider_raw jsonb,
+    kanban_status text DEFAULT 'awaiting_us'::text NOT NULL,
+    priority integer DEFAULT 0 NOT NULL,
+    read_at timestamp with time zone,
+    responded_at timestamp with time zone,
+    resolved_at timestamp with time zone,
+    received_at timestamp with time zone,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    delivered_at timestamp with time zone,
+    read_by_recipient_at timestamp with time zone,
+    delivery_status text,
+    CONSTRAINT conversation_messages_channel_check CHECK ((channel = ANY (ARRAY['whatsapp'::text, 'sms'::text, 'email'::text]))),
+    CONSTRAINT conversation_messages_delivery_status_check CHECK (((delivery_status IS NULL) OR (delivery_status = ANY (ARRAY['pending'::text, 'sent'::text, 'delivered'::text, 'read'::text, 'failed'::text])))),
+    CONSTRAINT conversation_messages_direction_check CHECK ((direction = ANY (ARRAY['inbound'::text, 'outbound'::text]))),
+    CONSTRAINT conversation_messages_kanban_status_check CHECK ((kanban_status = ANY (ARRAY['urgent'::text, 'awaiting_us'::text, 'awaiting_patient'::text, 'resolved'::text]))),
+    CONSTRAINT conversation_messages_provider_check CHECK ((provider = ANY (ARRAY['twilio'::text, 'evolution'::text, 'manual'::text])))
+);
+
+ALTER TABLE ONLY public.conversation_messages REPLICA IDENTITY FULL;
+
+ALTER TABLE ONLY public.conversation_messages FORCE ROW LEVEL SECURITY;
+
+
+--
+-- Name: TABLE conversation_messages; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.conversation_messages IS 'Mensagens in/out de WhatsApp/SMS/email. Timeline de conversas do tenant com pacientes.';
+
+
+--
+-- Name: conversation_messages_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.conversation_messages_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: conversation_messages_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.conversation_messages_id_seq OWNED BY public.conversation_messages.id;
+
+
+--
+-- Name: conversation_notes; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.conversation_notes (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid NOT NULL,
+    thread_key text NOT NULL,
+    patient_id uuid,
+    contact_number text,
+    body text NOT NULL,
+    created_by uuid NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    deleted_at timestamp with time zone,
+    CONSTRAINT conversation_notes_body_check CHECK (((length(body) > 0) AND (length(body) <= 4000)))
+);
+
+
+--
+-- Name: TABLE conversation_notes; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.conversation_notes IS 'Notas internas por thread de conversa. Visiveis apenas aos membros do tenant; nao enviadas ao paciente.';
+
+
+--
+-- Name: conversation_optout_keywords; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.conversation_optout_keywords (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid,
+    keyword text NOT NULL,
+    enabled boolean DEFAULT true NOT NULL,
+    is_system boolean DEFAULT false NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT conversation_optout_keywords_keyword_check CHECK (((length(keyword) > 0) AND (length(keyword) <= 100)))
+);
+
+
+--
+-- Name: TABLE conversation_optout_keywords; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.conversation_optout_keywords IS 'Palavras-chave que disparam opt-out quando paciente envia. Sistema (tenant_id NULL) + custom do tenant.';
+
+
+--
+-- Name: conversation_optouts; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.conversation_optouts (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid NOT NULL,
+    phone text NOT NULL,
+    patient_id uuid,
+    source text DEFAULT 'keyword'::text NOT NULL,
+    keyword_matched text,
+    original_message text,
+    notes text,
+    blocked_by uuid,
+    opted_out_at timestamp with time zone DEFAULT now() NOT NULL,
+    opted_back_in_at timestamp with time zone,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT conversation_optouts_phone_check CHECK ((phone ~ '^\d{6,15}$'::text)),
+    CONSTRAINT conversation_optouts_source_check CHECK ((source = ANY (ARRAY['keyword'::text, 'manual'::text])))
+);
+
+
+--
+-- Name: TABLE conversation_optouts; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.conversation_optouts IS 'Numeros que pediram pra nao receber mensagens automaticas. LGPD Art. 18 Sec.2.';
+
+
+--
+-- Name: conversation_tags; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.conversation_tags (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid,
+    name text NOT NULL,
+    slug text NOT NULL,
+    color text DEFAULT '#6366f1'::text NOT NULL,
+    icon text,
+    "position" integer DEFAULT 100 NOT NULL,
+    is_system boolean DEFAULT false NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT conversation_tags_color_check CHECK ((color ~ '^#[0-9a-fA-F]{6}$'::text)),
+    CONSTRAINT conversation_tags_name_check CHECK (((length(name) > 0) AND (length(name) <= 40))),
+    CONSTRAINT conversation_tags_slug_check CHECK ((slug ~ '^[a-z0-9_-]{1,40}$'::text))
+);
+
+
+--
+-- Name: TABLE conversation_tags; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.conversation_tags IS 'Definicoes de tags aplicaveis a threads. tenant_id NULL = tag do sistema (todos veem).';
+
+
+--
+-- Name: conversation_thread_tags; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.conversation_thread_tags (
+    tenant_id uuid NOT NULL,
+    thread_key text NOT NULL,
+    tag_id uuid NOT NULL,
+    tagged_by uuid,
+    tagged_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+
+--
+-- Name: TABLE conversation_thread_tags; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.conversation_thread_tags IS 'Join de tags aplicadas a cada thread de conversa.';
+
+
+--
+-- Name: patients; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.patients (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    nome_completo text NOT NULL,
+    email_principal text,
+    telefone text,
+    created_at timestamp with time zone DEFAULT now(),
+    owner_id uuid,
+    avatar_url text,
+    status text DEFAULT 'Ativo'::text,
+    last_attended_at timestamp with time zone,
+    is_native boolean DEFAULT false,
+    naturalidade text,
+    data_nascimento date,
+    rg text,
+    cpf text,
+    identification_color text,
+    genero text,
+    estado_civil text,
+    email_alternativo text,
+    pais text DEFAULT 'Brasil'::text,
+    cep text,
+    cidade text,
+    estado text,
+    endereco text,
+    numero text,
+    bairro text,
+    complemento text,
+    escolaridade text,
+    profissao text,
+    nome_parente text,
+    grau_parentesco text,
+    telefone_alternativo text,
+    onde_nos_conheceu text,
+    encaminhado_por text,
+    nome_responsavel text,
+    telefone_responsavel text,
+    cpf_responsavel text,
+    observacao_responsavel text,
+    cobranca_no_responsavel boolean DEFAULT false,
+    observacoes text,
+    notas_internas text,
+    updated_at timestamp with time zone DEFAULT now(),
+    telefone_parente text,
+    tenant_id uuid NOT NULL,
+    responsible_member_id uuid NOT NULL,
+    user_id uuid,
+    patient_scope text DEFAULT 'clinic'::text NOT NULL,
+    therapist_member_id uuid,
+    nome_social text,
+    pronomes text,
+    etnia text,
+    religiao text,
+    faixa_renda text,
+    canal_preferido text DEFAULT 'whatsapp'::text,
+    horario_contato_inicio time without time zone DEFAULT '08:00:00'::time without time zone,
+    horario_contato_fim time without time zone DEFAULT '20:00:00'::time without time zone,
+    idioma text DEFAULT 'pt-BR'::text,
+    origem text,
+    metodo_pagamento_preferido text,
+    motivo_saida text,
+    data_saida date,
+    encaminhado_para text,
+    risco_elevado boolean DEFAULT false NOT NULL,
+    risco_nota text,
+    risco_sinalizado_em timestamp with time zone,
+    risco_sinalizado_por uuid,
+    horario_contato text,
+    convenio text,
+    convenio_id uuid,
+    CONSTRAINT cpf_responsavel_format_check CHECK (((cpf_responsavel IS NULL) OR (cpf_responsavel ~ '^\d{11}$'::text))),
+    CONSTRAINT patients_cpf_format_check CHECK (((cpf IS NULL) OR (cpf ~ '^\d{11}$'::text))),
+    CONSTRAINT patients_faixa_renda_check CHECK (((faixa_renda IS NULL) OR (faixa_renda = ANY (ARRAY['ate_1sm'::text, '1_3sm'::text, '3_6sm'::text, '6_10sm'::text, 'acima_10sm'::text, 'nao_informado'::text])))),
+    CONSTRAINT patients_metodo_pagamento_check CHECK (((metodo_pagamento_preferido IS NULL) OR (metodo_pagamento_preferido = ANY (ARRAY['pix'::text, 'cartao'::text, 'dinheiro'::text, 'deposito'::text, 'convenio'::text])))),
+    CONSTRAINT patients_risco_consistency_check CHECK (((risco_elevado = false) OR ((risco_elevado = true) AND (risco_nota IS NOT NULL) AND (risco_sinalizado_por IS NOT NULL)))),
+    CONSTRAINT patients_status_check CHECK ((status = ANY (ARRAY['Ativo'::text, 'Em espera'::text, 'Inativo'::text, 'Alta'::text, 'Encaminhado'::text, 'Arquivado'::text])))
+);
+
+
+--
+-- Name: COLUMN patients.avatar_url; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.avatar_url IS 'URL p??blica da imagem de avatar armazenada no Supabase Storage';
+
+
+--
+-- Name: COLUMN patients.nome_social; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.nome_social IS 'Nome social / como prefere ser chamado(a) no atendimento.';
+
+
+--
+-- Name: COLUMN patients.pronomes; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.pronomes IS 'Pronomes de tratamento. Ex: ela/dela, ele/dele. Exibido no header do perfil.';
+
+
+--
+-- Name: COLUMN patients.etnia; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.etnia IS 'Etnia / raça autodeclarada. Exibida no card "Dados pessoais".';
+
+
+--
+-- Name: COLUMN patients.religiao; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.religiao IS 'Religião ou espiritualidade (opcional, relevante clinicamente)';
+
+
+--
+-- Name: COLUMN patients.faixa_renda; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.faixa_renda IS 'Faixa de renda em salários mínimos — usado para precificação solidária';
+
+
+--
+-- Name: COLUMN patients.canal_preferido; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.canal_preferido IS 'Canal preferido de contato. Ex: WhatsApp, Telefone, E-mail.';
+
+
+--
+-- Name: COLUMN patients.horario_contato_inicio; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.horario_contato_inicio IS 'Início da janela de horário preferida para contato';
+
+
+--
+-- Name: COLUMN patients.horario_contato_fim; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.horario_contato_fim IS 'Fim da janela de horário preferida para contato';
+
+
+--
+-- Name: COLUMN patients.origem; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.origem IS 'Como o paciente chegou: indicacao, agendador, redes_sociais, encaminhamento, outro';
+
+
+--
+-- Name: COLUMN patients.metodo_pagamento_preferido; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.metodo_pagamento_preferido IS 'Método de pagamento preferido. Ex: PIX, Cartão crédito. Exibido no card Origem.';
+
+
+--
+-- Name: COLUMN patients.motivo_saida; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.motivo_saida IS 'Motivo de encerramento do acompanhamento. Exibido no card Origem quando preenchido.';
+
+
+--
+-- Name: COLUMN patients.data_saida; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.data_saida IS 'Data em que o paciente foi desligado/encaminhado';
+
+
+--
+-- Name: COLUMN patients.encaminhado_para; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.encaminhado_para IS 'Nome ou serviço para onde o paciente foi encaminhado';
+
+
+--
+-- Name: COLUMN patients.risco_elevado; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.risco_elevado IS 'Flag de atenção clínica — exibe alerta no topo do cadastro e prontuário';
+
+
+--
+-- Name: COLUMN patients.risco_nota; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.risco_nota IS 'Descrição do risco (obrigatória quando risco_elevado = true)';
+
+
+--
+-- Name: COLUMN patients.risco_sinalizado_em; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.risco_sinalizado_em IS 'Timestamp em que o risco foi sinalizado';
+
+
+--
+-- Name: COLUMN patients.risco_sinalizado_por; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.risco_sinalizado_por IS 'Usuário que sinalizou o risco';
+
+
+--
+-- Name: COLUMN patients.horario_contato; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.horario_contato IS 'Horário preferido para contato. Ex: 08h–18h.';
+
+
+--
+-- Name: COLUMN patients.convenio; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.convenio IS 'Nome do convênio para exibição (badge azul no header). Derivado de convenio_id.';
+
+
+--
+-- Name: COLUMN patients.convenio_id; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patients.convenio_id IS 'FK para insurance_plans.id. Vincula o paciente ao convênio cadastrado.';
+
+
+--
+-- Name: conversation_threads; Type: VIEW; Schema: public; Owner: -
+--
+
+CREATE VIEW public.conversation_threads WITH (security_invoker='true') AS
+ WITH base AS (
+         SELECT cm.id,
+            cm.tenant_id,
+            cm.patient_id,
+            cm.channel,
+            cm.body,
+            cm.direction,
+            cm.kanban_status,
+            cm.read_at,
+            cm.created_at,
+                CASE
+                    WHEN (cm.direction = 'inbound'::text) THEN cm.from_number
+                    ELSE cm.to_number
+                END AS contact_number,
+            COALESCE((cm.patient_id)::text, ('anon:'::text || COALESCE(
+                CASE
+                    WHEN (cm.direction = 'inbound'::text) THEN cm.from_number
+                    ELSE cm.to_number
+                END, 'unknown'::text))) AS thread_key
+           FROM public.conversation_messages cm
+        ), latest AS (
+         SELECT DISTINCT ON (base.tenant_id, base.thread_key) base.tenant_id,
+            base.thread_key,
+            base.patient_id,
+            base.channel,
+            base.contact_number,
+            base.body AS last_message_body,
+            base.direction AS last_message_direction,
+            base.kanban_status,
+            base.created_at AS last_message_at
+           FROM base
+          ORDER BY base.tenant_id, base.thread_key, base.created_at DESC
+        ), counts AS (
+         SELECT base.tenant_id,
+            base.thread_key,
+            count(*) AS message_count,
+            count(*) FILTER (WHERE ((base.direction = 'inbound'::text) AND (base.read_at IS NULL))) AS unread_count
+           FROM base
+          GROUP BY base.tenant_id, base.thread_key
+        )
+ SELECT l.tenant_id,
+    l.thread_key,
+    l.patient_id,
+    p.nome_completo AS patient_name,
+    l.contact_number,
+    l.channel,
+    c.message_count,
+    c.unread_count,
+    l.last_message_at,
+    l.last_message_body,
+    l.last_message_direction,
+    l.kanban_status
+   FROM ((latest l
+     JOIN counts c ON (((c.tenant_id = l.tenant_id) AND (c.thread_key = l.thread_key))))
+     LEFT JOIN public.patients p ON ((p.id = l.patient_id)));
+
+
+--
+-- Name: VIEW conversation_threads; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON VIEW public.conversation_threads IS 'Agregado de conversas por paciente ou por numero anonimo. Base do Kanban.';
+
+
 --
 -- Name: current_tenant_id; Type: VIEW; Schema: public; Owner: -
 --
@@ -9128,6 +12142,439 @@ CREATE TABLE public.determined_commitments (
 );
 
 
+--
+-- Name: dev_auditoria_items; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.dev_auditoria_items (
+    id bigint NOT NULL,
+    categoria character varying(120),
+    titulo text NOT NULL,
+    descricao_problema text,
+    solucao text,
+    severidade character varying(20),
+    status character varying(20) DEFAULT 'aberto'::character varying NOT NULL,
+    resolvido_em date,
+    sessao_resolucao character varying(160),
+    arquivo_afetado text,
+    tags text[] DEFAULT '{}'::text[],
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    ordem integer DEFAULT 0 NOT NULL,
+    CONSTRAINT dev_auditoria_items_severidade_check CHECK (((severidade IS NULL) OR ((severidade)::text = ANY ((ARRAY['critico'::character varying, 'alto'::character varying, 'medio'::character varying, 'baixo'::character varying])::text[])))),
+    CONSTRAINT dev_auditoria_items_status_check CHECK (((status)::text = ANY ((ARRAY['aberto'::character varying, 'em_analise'::character varying, 'resolvido'::character varying, 'wontfix'::character varying, 'duplicado'::character varying])::text[])))
+);
+
+
+--
+-- Name: TABLE dev_auditoria_items; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.dev_auditoria_items IS 'Bugs, dívidas técnicas e decisões arquiteturais.';
+
+
+--
+-- Name: dev_auditoria_items_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.dev_auditoria_items_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: dev_auditoria_items_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.dev_auditoria_items_id_seq OWNED BY public.dev_auditoria_items.id;
+
+
+--
+-- Name: dev_comparison_competitor_status; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.dev_comparison_competitor_status (
+    id bigint NOT NULL,
+    comparison_id bigint NOT NULL,
+    competitor_id bigint NOT NULL,
+    status character varying(20) DEFAULT 'a_definir'::character varying NOT NULL,
+    nota text,
+    fonte character varying(20),
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT dev_comparison_competitor_status_fonte_check CHECK (((fonte IS NULL) OR ((fonte)::text = ANY ((ARRAY['fetched'::character varying, 'observacao'::character varying, 'publico'::character varying, 'hipotese'::character varying])::text[])))),
+    CONSTRAINT dev_comparison_competitor_status_status_check CHECK (((status)::text = ANY ((ARRAY['tem'::character varying, 'parcial'::character varying, 'gap'::character varying, 'na'::character varying, 'a_definir'::character varying])::text[])))
+);
+
+
+--
+-- Name: TABLE dev_comparison_competitor_status; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.dev_comparison_competitor_status IS 'Qual concorrente tem qual feature (ponte N-N com matrix).';
+
+
+--
+-- Name: dev_comparison_competitor_status_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.dev_comparison_competitor_status_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: dev_comparison_competitor_status_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.dev_comparison_competitor_status_id_seq OWNED BY public.dev_comparison_competitor_status.id;
+
+
+--
+-- Name: dev_comparison_matrix; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.dev_comparison_matrix (
+    id bigint NOT NULL,
+    dominio character varying(120),
+    feature text NOT NULL,
+    nosso_status character varying(20) DEFAULT 'a_definir'::character varying NOT NULL,
+    nossa_nota text,
+    importancia character varying(20),
+    ordem integer DEFAULT 0 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT dev_comparison_matrix_importancia_check CHECK (((importancia IS NULL) OR ((importancia)::text = ANY ((ARRAY['alta'::character varying, 'media'::character varying, 'baixa'::character varying])::text[])))),
+    CONSTRAINT dev_comparison_matrix_nosso_status_check CHECK (((nosso_status)::text = ANY ((ARRAY['tem'::character varying, 'parcial'::character varying, 'gap'::character varying, 'na'::character varying, 'a_definir'::character varying])::text[])))
+);
+
+
+--
+-- Name: TABLE dev_comparison_matrix; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.dev_comparison_matrix IS 'Matriz de comparação AgenciaPsi × features esperadas do mercado.';
+
+
+--
+-- Name: dev_comparison_matrix_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.dev_comparison_matrix_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: dev_comparison_matrix_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.dev_comparison_matrix_id_seq OWNED BY public.dev_comparison_matrix.id;
+
+
+--
+-- Name: dev_competitor_features; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.dev_competitor_features (
+    id bigint NOT NULL,
+    competitor_id bigint NOT NULL,
+    categoria character varying(120),
+    nome text NOT NULL,
+    descricao text,
+    fonte character varying(20) DEFAULT 'publico'::character varying NOT NULL,
+    fonte_url text,
+    data_fonte date,
+    destaque boolean DEFAULT false NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    ordem integer DEFAULT 0 NOT NULL,
+    CONSTRAINT dev_competitor_features_fonte_check CHECK (((fonte)::text = ANY ((ARRAY['fetched'::character varying, 'observacao'::character varying, 'publico'::character varying, 'hipotese'::character varying])::text[])))
+);
+
+
+--
+-- Name: TABLE dev_competitor_features; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.dev_competitor_features IS 'Features catalogadas de cada concorrente.';
+
+
+--
+-- Name: dev_competitor_features_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.dev_competitor_features_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: dev_competitor_features_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.dev_competitor_features_id_seq OWNED BY public.dev_competitor_features.id;
+
+
+--
+-- Name: dev_competitors; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.dev_competitors (
+    id bigint NOT NULL,
+    slug character varying(80) NOT NULL,
+    nome character varying(160) NOT NULL,
+    pais character varying(40),
+    foco character varying(160),
+    pricing text,
+    posicionamento text,
+    url text,
+    ultima_pesquisa date,
+    notas text,
+    ativo boolean DEFAULT true NOT NULL,
+    ordem integer DEFAULT 0 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+
+--
+-- Name: TABLE dev_competitors; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.dev_competitors IS 'Concorrentes analisados no benchmark.';
+
+
+--
+-- Name: dev_competitors_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.dev_competitors_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: dev_competitors_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.dev_competitors_id_seq OWNED BY public.dev_competitors.id;
+
+
+--
+-- Name: dev_generation_log; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.dev_generation_log (
+    id bigint NOT NULL,
+    tipo character varying(40) NOT NULL,
+    comando text,
+    sucesso boolean DEFAULT false NOT NULL,
+    stdout text,
+    stderr text,
+    duration_ms integer,
+    metadata jsonb DEFAULT '{}'::jsonb,
+    trigger_user_id uuid,
+    created_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+
+--
+-- Name: TABLE dev_generation_log; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.dev_generation_log IS 'Histórico de execuções (backup, dashboard, export, seed, etc).';
+
+
+--
+-- Name: dev_generation_log_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.dev_generation_log_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: dev_generation_log_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.dev_generation_log_id_seq OWNED BY public.dev_generation_log.id;
+
+
+--
+-- Name: dev_roadmap_items; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.dev_roadmap_items (
+    id bigint NOT NULL,
+    phase_id bigint NOT NULL,
+    numero integer,
+    bloco character varying(160),
+    feature text NOT NULL,
+    descricao text,
+    esforco character varying(4),
+    prioridade character varying(20),
+    status character varying(20) DEFAULT 'pendente'::character varying NOT NULL,
+    notas text,
+    assignee character varying(120),
+    data_inicio date,
+    data_conclusao date,
+    ordem integer DEFAULT 0 NOT NULL,
+    tags text[] DEFAULT '{}'::text[],
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT dev_roadmap_items_esforco_check CHECK (((esforco IS NULL) OR ((esforco)::text = ANY ((ARRAY['S'::character varying, 'M'::character varying, 'L'::character varying, 'XL'::character varying])::text[])))),
+    CONSTRAINT dev_roadmap_items_prioridade_check CHECK (((prioridade IS NULL) OR ((prioridade)::text = ANY ((ARRAY['bloqueador'::character varying, 'alta'::character varying, 'media'::character varying, 'diferencial'::character varying])::text[])))),
+    CONSTRAINT dev_roadmap_items_status_check CHECK (((status)::text = ANY ((ARRAY['pendente'::character varying, 'em_andamento'::character varying, 'concluido'::character varying, 'cancelado'::character varying, 'bloqueado'::character varying])::text[])))
+);
+
+
+--
+-- Name: TABLE dev_roadmap_items; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.dev_roadmap_items IS 'Itens de cada fase do roadmap.';
+
+
+--
+-- Name: dev_roadmap_items_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.dev_roadmap_items_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: dev_roadmap_items_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.dev_roadmap_items_id_seq OWNED BY public.dev_roadmap_items.id;
+
+
+--
+-- Name: dev_roadmap_phases; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.dev_roadmap_phases (
+    id bigint NOT NULL,
+    numero integer NOT NULL,
+    nome character varying(160) NOT NULL,
+    objetivo text,
+    timeline_sugerida character varying(160),
+    criterio_saida text,
+    status character varying(20) DEFAULT 'planejada'::character varying NOT NULL,
+    data_inicio date,
+    data_fim date,
+    ordem integer DEFAULT 0 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT dev_roadmap_phases_status_check CHECK (((status)::text = ANY ((ARRAY['planejada'::character varying, 'em_andamento'::character varying, 'concluida'::character varying, 'arquivada'::character varying])::text[])))
+);
+
+
+--
+-- Name: TABLE dev_roadmap_phases; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.dev_roadmap_phases IS 'Fases do roadmap (MVP, Paridade, Diferenciação). Visível só pra saas_admins.';
+
+
+--
+-- Name: dev_roadmap_phases_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.dev_roadmap_phases_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: dev_roadmap_phases_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.dev_roadmap_phases_id_seq OWNED BY public.dev_roadmap_phases.id;
+
+
+--
+-- Name: dev_test_items; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.dev_test_items (
+    id bigint NOT NULL,
+    area character varying(80) NOT NULL,
+    categoria character varying(120),
+    titulo text NOT NULL,
+    arquivo text,
+    descricao text,
+    total_tests integer DEFAULT 0,
+    passing integer DEFAULT 0,
+    failing integer DEFAULT 0,
+    skipped integer DEFAULT 0,
+    cobertura_pct numeric(5,2),
+    status character varying(20) DEFAULT 'ok'::character varying NOT NULL,
+    last_run_at timestamp with time zone,
+    sessao_criacao character varying(160),
+    notas text,
+    tags text[] DEFAULT '{}'::text[],
+    ordem integer DEFAULT 0 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT dev_test_items_status_check CHECK (((status)::text = ANY ((ARRAY['ok'::character varying, 'falhando'::character varying, 'pendente'::character varying, 'obsoleto'::character varying, 'a_escrever'::character varying])::text[])))
+);
+
+
+--
+-- Name: TABLE dev_test_items; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.dev_test_items IS 'Catálogo de suítes de teste por área. Responde "o que está testado?" sem precisar rodar npm test.';
+
+
+--
+-- Name: dev_test_items_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.dev_test_items_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: dev_test_items_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.dev_test_items_id_seq OWNED BY public.dev_test_items.id;
+
+
 --
 -- Name: dev_user_credentials; Type: TABLE; Schema: public; Owner: -
 --
@@ -9144,34 +12591,70 @@ CREATE TABLE public.dev_user_credentials (
 
 
 --
--- Name: document_access_logs; Type: TABLE; Schema: public; Owner: -
+-- Name: dev_verificacoes_items; Type: TABLE; Schema: public; Owner: -
 --
 
-CREATE TABLE public.document_access_logs (
-    id uuid DEFAULT gen_random_uuid() NOT NULL,
-    documento_id uuid NOT NULL,
-    tenant_id uuid NOT NULL,
-    acao text NOT NULL,
-    user_id uuid,
-    ip inet,
-    user_agent text,
-    acessado_em timestamp with time zone DEFAULT now() NOT NULL,
-    CONSTRAINT dal_acao_check CHECK ((acao = ANY (ARRAY['visualizou'::text, 'baixou'::text, 'imprimiu'::text, 'compartilhou'::text, 'assinou'::text])))
+CREATE TABLE public.dev_verificacoes_items (
+    id bigint NOT NULL,
+    area character varying(80) NOT NULL,
+    categoria character varying(120),
+    titulo text NOT NULL,
+    descricao text,
+    resultado text,
+    acao_sugerida text,
+    severidade character varying(20),
+    status character varying(20) DEFAULT 'pendente'::character varying NOT NULL,
+    verificado_em date,
+    sessao_verificacao character varying(160),
+    arquivo_afetado text,
+    auditoria_item_id bigint,
+    tags text[] DEFAULT '{}'::text[],
+    ordem integer DEFAULT 0 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT dev_verificacoes_items_severidade_check CHECK (((severidade IS NULL) OR ((severidade)::text = ANY ((ARRAY['critico'::character varying, 'alto'::character varying, 'medio'::character varying, 'baixo'::character varying])::text[])))),
+    CONSTRAINT dev_verificacoes_items_status_check CHECK (((status)::text = ANY ((ARRAY['pendente'::character varying, 'verificando'::character varying, 'ok'::character varying, 'problema'::character varying, 'corrigido'::character varying, 'wontfix'::character varying])::text[])))
 );
 
 
 --
--- Name: TABLE document_access_logs; Type: COMMENT; Schema: public; Owner: -
+-- Name: TABLE dev_verificacoes_items; Type: COMMENT; Schema: public; Owner: -
 --
 
-COMMENT ON TABLE public.document_access_logs IS 'Log imutavel de acessos a documentos. Conformidade CFP e LGPD. Sem UPDATE/DELETE.';
+COMMENT ON TABLE public.dev_verificacoes_items IS 'Revisão sênior por área/sessão — o que foi verificado e o que foi encontrado.';
 
 
 --
--- Name: COLUMN document_access_logs.acao; Type: COMMENT; Schema: public; Owner: -
+-- Name: COLUMN dev_verificacoes_items.area; Type: COMMENT; Schema: public; Owner: -
 --
 
-COMMENT ON COLUMN public.document_access_logs.acao IS 'visualizou|baixou|imprimiu|compartilhou|assinou.';
+COMMENT ON COLUMN public.dev_verificacoes_items.area IS 'Domínio revisado: auth, router, agenda, financeiro, pacientes, comunicacao, etc.';
+
+
+--
+-- Name: COLUMN dev_verificacoes_items.auditoria_item_id; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.dev_verificacoes_items.auditoria_item_id IS 'Link opcional: se a verificação virou um bug em dev_auditoria_items.';
+
+
+--
+-- Name: dev_verificacoes_items_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.dev_verificacoes_items_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: dev_verificacoes_items_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.dev_verificacoes_items_id_seq OWNED BY public.dev_verificacoes_items.id;
 
 
 --
@@ -9470,6 +12953,7 @@ CREATE TABLE public.documents (
     retencao_ate timestamp with time zone,
     created_at timestamp with time zone DEFAULT now(),
     updated_at timestamp with time zone DEFAULT now(),
+    content_sha256 text,
     CONSTRAINT documents_status_revisao_check CHECK ((status_revisao = ANY (ARRAY['pendente'::text, 'aprovado'::text, 'rejeitado'::text]))),
     CONSTRAINT documents_tipo_check CHECK ((tipo_documento = ANY (ARRAY['laudo'::text, 'receita'::text, 'exame'::text, 'termo_assinado'::text, 'relatorio_externo'::text, 'identidade'::text, 'convenio'::text, 'declaracao'::text, 'atestado'::text, 'recibo'::text, 'outro'::text]))),
     CONSTRAINT documents_visibilidade_check CHECK ((visibilidade = ANY (ARRAY['privado'::text, 'compartilhado_supervisor'::text, 'compartilhado_portal'::text])))
@@ -9609,6 +13093,13 @@ COMMENT ON COLUMN public.documents.deleted_at IS 'Soft delete: data da exclusao.
 COMMENT ON COLUMN public.documents.retencao_ate IS 'LGPD/CFP: arquivo retido ate esta data mesmo apos soft delete.';
 
 
+--
+-- Name: COLUMN documents.content_sha256; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.documents.content_sha256 IS 'V#51: SHA-256 hex (64 chars) do conteúdo no momento do upload. Permite verificar integridade. NULL pra documentos legados pré-V#51.';
+
+
 --
 -- Name: email_layout_config; Type: TABLE; Schema: public; Owner: -
 --
@@ -9682,7 +13173,8 @@ CREATE TABLE public.features (
     description text,
     created_at timestamp with time zone DEFAULT now() NOT NULL,
     descricao text DEFAULT ''::text NOT NULL,
-    name text DEFAULT ''::text NOT NULL
+    name text DEFAULT ''::text NOT NULL,
+    is_active boolean DEFAULT true NOT NULL
 );
 
 
@@ -9693,6 +13185,13 @@ CREATE TABLE public.features (
 COMMENT ON COLUMN public.features.descricao IS 'Descri????o humana da feature (exibi????o no admin e documenta????o).';
 
 
+--
+-- Name: COLUMN features.is_active; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.features.is_active IS 'V#40: false = feature depreciada, escondida no catálogo SaaS mas continua válida em planos/tenants existentes.';
+
+
 --
 -- Name: feriados; Type: TABLE; Schema: public; Owner: -
 --
@@ -9838,6 +13337,27 @@ CREATE TABLE public.login_carousel_slides (
 );
 
 
+--
+-- Name: math_challenges; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.math_challenges (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    question text NOT NULL,
+    answer integer NOT NULL,
+    used boolean DEFAULT false NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    expires_at timestamp with time zone DEFAULT (now() + '00:05:00'::interval) NOT NULL
+);
+
+
+--
+-- Name: TABLE math_challenges; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.math_challenges IS 'Challenges de math captcha. TTL 5min. Escrita/leitura apenas via RPC.';
+
+
 --
 -- Name: medicos; Type: TABLE; Schema: public; Owner: -
 --
@@ -10082,40 +13602,6 @@ COMMENT ON COLUMN public.notification_channels.price_per_message_brl IS 'Valor c
 COMMENT ON COLUMN public.notification_channels.provisioned_at IS 'Timestamp do provisionamento da subconta';
 
 
---
--- Name: notification_logs; Type: TABLE; Schema: public; Owner: -
---
-
-CREATE TABLE public.notification_logs (
-    id uuid DEFAULT gen_random_uuid() NOT NULL,
-    tenant_id uuid NOT NULL,
-    owner_id uuid NOT NULL,
-    queue_id uuid,
-    agenda_evento_id uuid,
-    patient_id uuid NOT NULL,
-    channel text NOT NULL,
-    template_key text NOT NULL,
-    schedule_key text,
-    recipient_address text NOT NULL,
-    resolved_message text,
-    resolved_vars jsonb,
-    status text NOT NULL,
-    provider text,
-    provider_message_id text,
-    provider_status text,
-    provider_response jsonb,
-    sent_at timestamp with time zone,
-    delivered_at timestamp with time zone,
-    read_at timestamp with time zone,
-    failed_at timestamp with time zone,
-    failure_reason text,
-    estimated_cost_brl numeric(8,4) DEFAULT 0,
-    created_at timestamp with time zone DEFAULT now() NOT NULL,
-    updated_at timestamp with time zone DEFAULT now() NOT NULL,
-    CONSTRAINT notification_logs_status_check CHECK ((status = ANY (ARRAY['sent'::text, 'delivered'::text, 'read'::text, 'failed'::text, 'bounced'::text, 'opted_out'::text])))
-);
-
-
 --
 -- Name: notification_preferences; Type: TABLE; Schema: public; Owner: -
 --
@@ -10248,7 +13734,7 @@ CREATE TABLE public.notifications (
     read_at timestamp with time zone,
     archived boolean DEFAULT false NOT NULL,
     created_at timestamp with time zone DEFAULT now() NOT NULL,
-    CONSTRAINT notifications_type_check CHECK ((type = ANY (ARRAY['new_scheduling'::text, 'new_patient'::text, 'recurrence_alert'::text, 'session_status'::text])))
+    CONSTRAINT notifications_type_check CHECK ((type = ANY (ARRAY['new_scheduling'::text, 'new_patient'::text, 'recurrence_alert'::text, 'session_status'::text, 'inbound_message'::text])))
 );
 
 
@@ -10468,6 +13954,37 @@ CREATE TABLE public.patient_intake_requests (
 );
 
 
+--
+-- Name: patient_invite_attempts; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.patient_invite_attempts (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    token text NOT NULL,
+    ok boolean NOT NULL,
+    error_code text,
+    error_msg text,
+    client_info text,
+    owner_id uuid,
+    tenant_id uuid,
+    created_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+
+--
+-- Name: TABLE patient_invite_attempts; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.patient_invite_attempts IS 'Log de tentativas (ok e falhas) de submit do form público de cadastro externo. Base para monitoramento de flood/tentativas maliciosas. Sem IP direto — proteção LGPD.';
+
+
+--
+-- Name: COLUMN patient_invite_attempts.client_info; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON COLUMN public.patient_invite_attempts.client_info IS 'User-agent enviado pelo cliente (opcional). Limitado a 500 chars no insert. Não contém PII.';
+
+
 --
 -- Name: patient_invites; Type: TABLE; Schema: public; Owner: -
 --
@@ -10498,32 +14015,6 @@ CREATE TABLE public.patient_patient_tag (
 );
 
 
---
--- Name: patient_status_history; Type: TABLE; Schema: public; Owner: -
---
-
-CREATE TABLE public.patient_status_history (
-    id uuid DEFAULT gen_random_uuid() NOT NULL,
-    patient_id uuid NOT NULL,
-    tenant_id uuid NOT NULL,
-    status_anterior text,
-    status_novo text NOT NULL,
-    motivo text,
-    encaminhado_para text,
-    data_saida date,
-    alterado_por uuid,
-    alterado_em timestamp with time zone DEFAULT now() NOT NULL,
-    CONSTRAINT psh_status_novo_check CHECK ((status_novo = ANY (ARRAY['Ativo'::text, 'Inativo'::text, 'Alta'::text, 'Encaminhado'::text, 'Arquivado'::text])))
-);
-
-
---
--- Name: TABLE patient_status_history; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON TABLE public.patient_status_history IS 'Histórico imutável de todas as mudanças de status do paciente — não editar, apenas inserir';
-
-
 --
 -- Name: patient_support_contacts; Type: TABLE; Schema: public; Owner: -
 --
@@ -10623,235 +14114,6 @@ COMMENT ON COLUMN public.patient_timeline.link_ref_tipo IS 'Tipo da entidade ref
 COMMENT ON COLUMN public.patient_timeline.link_ref_id IS 'ID da entidade referenciada — sem FK formal para suportar múltiplos tipos';
 
 
---
--- Name: patients; Type: TABLE; Schema: public; Owner: -
---
-
-CREATE TABLE public.patients (
-    id uuid DEFAULT gen_random_uuid() NOT NULL,
-    nome_completo text NOT NULL,
-    email_principal text,
-    telefone text,
-    created_at timestamp with time zone DEFAULT now(),
-    owner_id uuid,
-    avatar_url text,
-    status text DEFAULT 'Ativo'::text,
-    last_attended_at timestamp with time zone,
-    is_native boolean DEFAULT false,
-    naturalidade text,
-    data_nascimento date,
-    rg text,
-    cpf text,
-    identification_color text,
-    genero text,
-    estado_civil text,
-    email_alternativo text,
-    pais text DEFAULT 'Brasil'::text,
-    cep text,
-    cidade text,
-    estado text,
-    endereco text,
-    numero text,
-    bairro text,
-    complemento text,
-    escolaridade text,
-    profissao text,
-    nome_parente text,
-    grau_parentesco text,
-    telefone_alternativo text,
-    onde_nos_conheceu text,
-    encaminhado_por text,
-    nome_responsavel text,
-    telefone_responsavel text,
-    cpf_responsavel text,
-    observacao_responsavel text,
-    cobranca_no_responsavel boolean DEFAULT false,
-    observacoes text,
-    notas_internas text,
-    updated_at timestamp with time zone DEFAULT now(),
-    telefone_parente text,
-    tenant_id uuid NOT NULL,
-    responsible_member_id uuid NOT NULL,
-    user_id uuid,
-    patient_scope text DEFAULT 'clinic'::text NOT NULL,
-    therapist_member_id uuid,
-    nome_social text,
-    pronomes text,
-    etnia text,
-    religiao text,
-    faixa_renda text,
-    canal_preferido text DEFAULT 'whatsapp'::text,
-    horario_contato_inicio time without time zone DEFAULT '08:00:00'::time without time zone,
-    horario_contato_fim time without time zone DEFAULT '20:00:00'::time without time zone,
-    idioma text DEFAULT 'pt-BR'::text,
-    origem text,
-    metodo_pagamento_preferido text,
-    motivo_saida text,
-    data_saida date,
-    encaminhado_para text,
-    risco_elevado boolean DEFAULT false NOT NULL,
-    risco_nota text,
-    risco_sinalizado_em timestamp with time zone,
-    risco_sinalizado_por uuid,
-    horario_contato text,
-    convenio text,
-    convenio_id uuid,
-    CONSTRAINT cpf_responsavel_format_check CHECK (((cpf_responsavel IS NULL) OR (cpf_responsavel ~ '^\d{11}$'::text))),
-    CONSTRAINT patients_cpf_format_check CHECK (((cpf IS NULL) OR (cpf ~ '^\d{11}$'::text))),
-    CONSTRAINT patients_faixa_renda_check CHECK (((faixa_renda IS NULL) OR (faixa_renda = ANY (ARRAY['ate_1sm'::text, '1_3sm'::text, '3_6sm'::text, '6_10sm'::text, 'acima_10sm'::text, 'nao_informado'::text])))),
-    CONSTRAINT patients_metodo_pagamento_check CHECK (((metodo_pagamento_preferido IS NULL) OR (metodo_pagamento_preferido = ANY (ARRAY['pix'::text, 'cartao'::text, 'dinheiro'::text, 'deposito'::text, 'convenio'::text])))),
-    CONSTRAINT patients_risco_consistency_check CHECK (((risco_elevado = false) OR ((risco_elevado = true) AND (risco_nota IS NOT NULL) AND (risco_sinalizado_por IS NOT NULL)))),
-    CONSTRAINT patients_status_check CHECK ((status = ANY (ARRAY['Ativo'::text, 'Em espera'::text, 'Inativo'::text, 'Alta'::text, 'Encaminhado'::text, 'Arquivado'::text])))
-);
-
-
---
--- Name: COLUMN patients.avatar_url; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.avatar_url IS 'URL p??blica da imagem de avatar armazenada no Supabase Storage';
-
-
---
--- Name: COLUMN patients.nome_social; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.nome_social IS 'Nome social / como prefere ser chamado(a) no atendimento.';
-
-
---
--- Name: COLUMN patients.pronomes; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.pronomes IS 'Pronomes de tratamento. Ex: ela/dela, ele/dele. Exibido no header do perfil.';
-
-
---
--- Name: COLUMN patients.etnia; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.etnia IS 'Etnia / raça autodeclarada. Exibida no card "Dados pessoais".';
-
-
---
--- Name: COLUMN patients.religiao; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.religiao IS 'Religião ou espiritualidade (opcional, relevante clinicamente)';
-
-
---
--- Name: COLUMN patients.faixa_renda; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.faixa_renda IS 'Faixa de renda em salários mínimos — usado para precificação solidária';
-
-
---
--- Name: COLUMN patients.canal_preferido; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.canal_preferido IS 'Canal preferido de contato. Ex: WhatsApp, Telefone, E-mail.';
-
-
---
--- Name: COLUMN patients.horario_contato_inicio; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.horario_contato_inicio IS 'Início da janela de horário preferida para contato';
-
-
---
--- Name: COLUMN patients.horario_contato_fim; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.horario_contato_fim IS 'Fim da janela de horário preferida para contato';
-
-
---
--- Name: COLUMN patients.origem; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.origem IS 'Como o paciente chegou: indicacao, agendador, redes_sociais, encaminhamento, outro';
-
-
---
--- Name: COLUMN patients.metodo_pagamento_preferido; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.metodo_pagamento_preferido IS 'Método de pagamento preferido. Ex: PIX, Cartão crédito. Exibido no card Origem.';
-
-
---
--- Name: COLUMN patients.motivo_saida; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.motivo_saida IS 'Motivo de encerramento do acompanhamento. Exibido no card Origem quando preenchido.';
-
-
---
--- Name: COLUMN patients.data_saida; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.data_saida IS 'Data em que o paciente foi desligado/encaminhado';
-
-
---
--- Name: COLUMN patients.encaminhado_para; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.encaminhado_para IS 'Nome ou serviço para onde o paciente foi encaminhado';
-
-
---
--- Name: COLUMN patients.risco_elevado; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.risco_elevado IS 'Flag de atenção clínica — exibe alerta no topo do cadastro e prontuário';
-
-
---
--- Name: COLUMN patients.risco_nota; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.risco_nota IS 'Descrição do risco (obrigatória quando risco_elevado = true)';
-
-
---
--- Name: COLUMN patients.risco_sinalizado_em; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.risco_sinalizado_em IS 'Timestamp em que o risco foi sinalizado';
-
-
---
--- Name: COLUMN patients.risco_sinalizado_por; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.risco_sinalizado_por IS 'Usuário que sinalizou o risco';
-
-
---
--- Name: COLUMN patients.horario_contato; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.horario_contato IS 'Horário preferido para contato. Ex: 08h–18h.';
-
-
---
--- Name: COLUMN patients.convenio; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.convenio IS 'Nome do convênio para exibição (badge azul no header). Derivado de convenio_id.';
-
-
---
--- Name: COLUMN patients.convenio_id; Type: COMMENT; Schema: public; Owner: -
---
-
-COMMENT ON COLUMN public.patients.convenio_id IS 'FK para insurance_plans.id. Vincula o paciente ao convênio cadastrado.';
-
-
 --
 -- Name: payment_settings; Type: TABLE; Schema: public; Owner: -
 --
@@ -11139,6 +14401,31 @@ COMMENT ON COLUMN public.profiles.social_x IS 'Handle ou URL do perfil no X (Twi
 COMMENT ON COLUMN public.profiles.social_custom IS 'Array JSON com redes adicionais livres: [{name, url}]';
 
 
+--
+-- Name: public_submission_attempts; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.public_submission_attempts (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    endpoint text NOT NULL,
+    ip_hash text,
+    success boolean NOT NULL,
+    error_code text,
+    error_msg text,
+    blocked_by text,
+    user_agent text,
+    metadata jsonb,
+    created_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+
+--
+-- Name: TABLE public_submission_attempts; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.public_submission_attempts IS 'Log de tentativas em endpoints públicos (intake, signup, agendador). Escrita apenas via RPC SECURITY DEFINER.';
+
+
 --
 -- Name: recurrence_exceptions; Type: TABLE; Schema: public; Owner: -
 --
@@ -11333,6 +14620,61 @@ CREATE TABLE public.saas_faq_itens (
 COMMENT ON TABLE public.saas_faq_itens IS 'Pares pergunta/resposta vinculados a um documento de ajuda';
 
 
+--
+-- Name: saas_security_config; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.saas_security_config (
+    id boolean DEFAULT true NOT NULL,
+    honeypot_enabled boolean DEFAULT true NOT NULL,
+    rate_limit_enabled boolean DEFAULT true NOT NULL,
+    rate_limit_window_min integer DEFAULT 10 NOT NULL,
+    rate_limit_max_attempts integer DEFAULT 5 NOT NULL,
+    captcha_after_failures integer DEFAULT 3 NOT NULL,
+    captcha_required_globally boolean DEFAULT false NOT NULL,
+    block_duration_min integer DEFAULT 30 NOT NULL,
+    captcha_required_window_min integer DEFAULT 60 NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_by uuid,
+    CONSTRAINT saas_security_config_singleton CHECK ((id = true))
+);
+
+
+--
+-- Name: TABLE saas_security_config; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.saas_security_config IS 'Singleton: configuração global de defesa contra bots em endpoints públicos.';
+
+
+--
+-- Name: saas_twilio_config; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.saas_twilio_config (
+    id boolean DEFAULT true NOT NULL,
+    account_sid text,
+    whatsapp_webhook_url text,
+    usd_brl_rate numeric(10,4) DEFAULT 5.5 NOT NULL,
+    margin_multiplier numeric(10,4) DEFAULT 1.4 NOT NULL,
+    notes text,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_by uuid,
+    CONSTRAINT saas_twilio_config_mult_chk CHECK (((margin_multiplier >= (1)::numeric) AND (margin_multiplier <= (10)::numeric))),
+    CONSTRAINT saas_twilio_config_rate_chk CHECK (((usd_brl_rate > (0)::numeric) AND (usd_brl_rate < (100)::numeric))),
+    CONSTRAINT saas_twilio_config_sid_chk CHECK (((account_sid IS NULL) OR (account_sid ~ '^AC[a-zA-Z0-9]{32}$'::text))),
+    CONSTRAINT saas_twilio_config_singleton CHECK ((id = true)),
+    CONSTRAINT saas_twilio_config_url_chk CHECK (((whatsapp_webhook_url IS NULL) OR (whatsapp_webhook_url ~ '^https?://'::text)))
+);
+
+
+--
+-- Name: TABLE saas_twilio_config; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.saas_twilio_config IS 'Config operacional Twilio editável via painel. AUTH_TOKEN continua em env var por segurança.';
+
+
 --
 -- Name: services; Type: TABLE; Schema: public; Owner: -
 --
@@ -11351,6 +14693,104 @@ CREATE TABLE public.services (
 );
 
 
+--
+-- Name: session_reminder_logs; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.session_reminder_logs (
+    id bigint NOT NULL,
+    event_id uuid NOT NULL,
+    tenant_id uuid NOT NULL,
+    reminder_type text NOT NULL,
+    sent_at timestamp with time zone DEFAULT now() NOT NULL,
+    provider text,
+    skip_reason text,
+    to_phone text,
+    provider_message_id text,
+    conversation_message_id bigint,
+    CONSTRAINT session_reminder_logs_reminder_type_check CHECK ((reminder_type = ANY (ARRAY['24h'::text, '2h'::text])))
+);
+
+
+--
+-- Name: TABLE session_reminder_logs; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.session_reminder_logs IS 'Log de lembretes disparados. UNIQUE (event_id, reminder_type) previne duplicata.';
+
+
+--
+-- Name: session_reminder_logs_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.session_reminder_logs_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: session_reminder_logs_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.session_reminder_logs_id_seq OWNED BY public.session_reminder_logs.id;
+
+
+--
+-- Name: session_reminder_settings; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.session_reminder_settings (
+    tenant_id uuid NOT NULL,
+    enabled boolean DEFAULT false NOT NULL,
+    send_24h boolean DEFAULT true NOT NULL,
+    send_2h boolean DEFAULT true NOT NULL,
+    template_24h text DEFAULT 'Oi {{nome_paciente}}! 👋 Lembrando da sua sessão amanhã, {{data_sessao}} às {{hora_sessao}}. Até lá!'::text NOT NULL,
+    template_2h text DEFAULT 'Oi {{nome_paciente}}! Sua sessão começa em 2 horas, às {{hora_sessao}}. Te espero! 😊'::text NOT NULL,
+    quiet_hours_enabled boolean DEFAULT true NOT NULL,
+    quiet_hours_start time without time zone DEFAULT '22:00:00'::time without time zone NOT NULL,
+    quiet_hours_end time without time zone DEFAULT '08:00:00'::time without time zone NOT NULL,
+    respect_opt_out boolean DEFAULT true NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT session_reminder_settings_template_24h_check CHECK (((length(template_24h) > 0) AND (length(template_24h) <= 2000))),
+    CONSTRAINT session_reminder_settings_template_2h_check CHECK (((length(template_2h) > 0) AND (length(template_2h) <= 2000)))
+);
+
+
+--
+-- Name: TABLE session_reminder_settings; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.session_reminder_settings IS 'Configuracao por tenant dos lembretes automaticos de sessao via WhatsApp.';
+
+
+--
+-- Name: submission_rate_limits; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.submission_rate_limits (
+    ip_hash text NOT NULL,
+    endpoint text NOT NULL,
+    attempt_count integer DEFAULT 0 NOT NULL,
+    fail_count integer DEFAULT 0 NOT NULL,
+    window_start timestamp with time zone DEFAULT now() NOT NULL,
+    blocked_until timestamp with time zone,
+    requires_captcha_until timestamp with time zone,
+    last_attempt_at timestamp with time zone DEFAULT now() NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+
+--
+-- Name: TABLE submission_rate_limits; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.submission_rate_limits IS 'Estado de rate limit por IP+endpoint. Escrita apenas via RPC. SaaS admin lê pra dashboard.';
+
+
 --
 -- Name: subscription_events; Type: TABLE; Schema: public; Owner: -
 --
@@ -11535,6 +14975,13 @@ CREATE TABLE public.tenant_features (
 );
 
 
+--
+-- Name: TABLE tenant_features; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.tenant_features IS 'Controle de features por tenant. RLS: member do tenant lê; tenant_admin ou saas_admin escreve. Antes da migration 20260418000005 estava com RLS off + GRANT ALL pra anon (A#30).';
+
+
 --
 -- Name: tenant_invites; Type: TABLE; Schema: public; Owner: -
 --
@@ -11556,6 +15003,13 @@ CREATE TABLE public.tenant_invites (
 );
 
 
+--
+-- Name: TABLE tenant_invites; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.tenant_invites IS 'Convites pra entrar em tenant. Aceitar deve ser via RPC tenant_accept_invite (SECURITY DEFINER). Criar/revogar via UI por tenant_admin.';
+
+
 --
 -- Name: tenants; Type: TABLE; Schema: public; Owner: -
 --
@@ -12303,6 +15757,140 @@ CREATE VIEW public.v_user_entitlements AS
      JOIN public.features f ON ((f.id = pf.feature_id)));
 
 
+--
+-- Name: whatsapp_credit_packages; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.whatsapp_credit_packages (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    name text NOT NULL,
+    description text,
+    credits integer NOT NULL,
+    price_brl numeric(10,2) NOT NULL,
+    is_active boolean DEFAULT true NOT NULL,
+    is_featured boolean DEFAULT false NOT NULL,
+    "position" integer DEFAULT 100 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT whatsapp_credit_packages_credits_check CHECK ((credits > 0)),
+    CONSTRAINT whatsapp_credit_packages_name_check CHECK (((length(name) > 0) AND (length(name) <= 100))),
+    CONSTRAINT whatsapp_credit_packages_price_brl_check CHECK ((price_brl > (0)::numeric))
+);
+
+
+--
+-- Name: TABLE whatsapp_credit_packages; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.whatsapp_credit_packages IS 'Pacotes de creditos disponiveis pra compra. Gerenciado pelo SaaS admin.';
+
+
+--
+-- Name: whatsapp_credit_purchases; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.whatsapp_credit_purchases (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid NOT NULL,
+    package_id uuid,
+    package_name text NOT NULL,
+    credits integer NOT NULL,
+    amount_brl numeric(10,2) NOT NULL,
+    status text DEFAULT 'pending'::text NOT NULL,
+    asaas_customer_id text,
+    asaas_payment_id text,
+    asaas_payment_link text,
+    asaas_pix_qrcode text,
+    asaas_pix_copy_paste text,
+    paid_at timestamp with time zone,
+    expires_at timestamp with time zone,
+    failed_at timestamp with time zone,
+    created_by uuid,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT whatsapp_credit_purchases_amount_brl_check CHECK ((amount_brl > (0)::numeric)),
+    CONSTRAINT whatsapp_credit_purchases_credits_check CHECK ((credits > 0)),
+    CONSTRAINT whatsapp_credit_purchases_status_check CHECK ((status = ANY (ARRAY['pending'::text, 'paid'::text, 'failed'::text, 'expired'::text, 'refunded'::text, 'cancelled'::text])))
+);
+
+
+--
+-- Name: TABLE whatsapp_credit_purchases; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.whatsapp_credit_purchases IS 'Ordens de compra de creditos via Asaas. Webhook atualiza status.';
+
+
+--
+-- Name: whatsapp_credits_balance; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.whatsapp_credits_balance (
+    tenant_id uuid NOT NULL,
+    balance integer DEFAULT 0 NOT NULL,
+    lifetime_purchased integer DEFAULT 0 NOT NULL,
+    lifetime_used integer DEFAULT 0 NOT NULL,
+    low_balance_threshold integer DEFAULT 20 NOT NULL,
+    low_balance_alerted_at timestamp with time zone,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT whatsapp_credits_balance_balance_check CHECK ((balance >= 0)),
+    CONSTRAINT whatsapp_credits_balance_low_balance_threshold_check CHECK ((low_balance_threshold >= 0))
+);
+
+
+--
+-- Name: TABLE whatsapp_credits_balance; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.whatsapp_credits_balance IS 'Saldo atual de creditos WhatsApp por tenant. 1 credito = 1 mensagem Twilio.';
+
+
+--
+-- Name: whatsapp_credits_transactions; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public.whatsapp_credits_transactions (
+    id bigint NOT NULL,
+    tenant_id uuid NOT NULL,
+    kind text NOT NULL,
+    amount integer NOT NULL,
+    balance_after integer NOT NULL,
+    conversation_message_id bigint,
+    purchase_id uuid,
+    admin_id uuid,
+    note text,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT whatsapp_credits_transactions_kind_check CHECK ((kind = ANY (ARRAY['purchase'::text, 'usage'::text, 'topup_manual'::text, 'refund'::text, 'adjustment'::text])))
+);
+
+
+--
+-- Name: TABLE whatsapp_credits_transactions; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON TABLE public.whatsapp_credits_transactions IS 'Extrato de creditos WhatsApp. Append-only — nao editar/deletar.';
+
+
+--
+-- Name: whatsapp_credits_transactions_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public.whatsapp_credits_transactions_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: whatsapp_credits_transactions_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public.whatsapp_credits_transactions_id_seq OWNED BY public.whatsapp_credits_transactions.id;
+
+
 --
 -- Name: messages; Type: TABLE; Schema: realtime; Owner: -
 --
@@ -12320,70 +15908,6 @@ CREATE TABLE realtime.messages (
 PARTITION BY RANGE (inserted_at);
 
 
---
--- Name: messages_2026_04_14; Type: TABLE; Schema: realtime; Owner: -
---
-
-CREATE TABLE realtime.messages_2026_04_14 (
-    topic text NOT NULL,
-    extension text NOT NULL,
-    payload jsonb,
-    event text,
-    private boolean DEFAULT false,
-    updated_at timestamp without time zone DEFAULT now() NOT NULL,
-    inserted_at timestamp without time zone DEFAULT now() NOT NULL,
-    id uuid DEFAULT gen_random_uuid() NOT NULL
-);
-
-
---
--- Name: messages_2026_04_15; Type: TABLE; Schema: realtime; Owner: -
---
-
-CREATE TABLE realtime.messages_2026_04_15 (
-    topic text NOT NULL,
-    extension text NOT NULL,
-    payload jsonb,
-    event text,
-    private boolean DEFAULT false,
-    updated_at timestamp without time zone DEFAULT now() NOT NULL,
-    inserted_at timestamp without time zone DEFAULT now() NOT NULL,
-    id uuid DEFAULT gen_random_uuid() NOT NULL
-);
-
-
---
--- Name: messages_2026_04_16; Type: TABLE; Schema: realtime; Owner: -
---
-
-CREATE TABLE realtime.messages_2026_04_16 (
-    topic text NOT NULL,
-    extension text NOT NULL,
-    payload jsonb,
-    event text,
-    private boolean DEFAULT false,
-    updated_at timestamp without time zone DEFAULT now() NOT NULL,
-    inserted_at timestamp without time zone DEFAULT now() NOT NULL,
-    id uuid DEFAULT gen_random_uuid() NOT NULL
-);
-
-
---
--- Name: messages_2026_04_17; Type: TABLE; Schema: realtime; Owner: -
---
-
-CREATE TABLE realtime.messages_2026_04_17 (
-    topic text NOT NULL,
-    extension text NOT NULL,
-    payload jsonb,
-    event text,
-    private boolean DEFAULT false,
-    updated_at timestamp without time zone DEFAULT now() NOT NULL,
-    inserted_at timestamp without time zone DEFAULT now() NOT NULL,
-    id uuid DEFAULT gen_random_uuid() NOT NULL
-);
-
-
 --
 -- Name: messages_2026_04_18; Type: TABLE; Schema: realtime; Owner: -
 --
@@ -12432,6 +15956,70 @@ CREATE TABLE realtime.messages_2026_04_20 (
 );
 
 
+--
+-- Name: messages_2026_04_21; Type: TABLE; Schema: realtime; Owner: -
+--
+
+CREATE TABLE realtime.messages_2026_04_21 (
+    topic text NOT NULL,
+    extension text NOT NULL,
+    payload jsonb,
+    event text,
+    private boolean DEFAULT false,
+    updated_at timestamp without time zone DEFAULT now() NOT NULL,
+    inserted_at timestamp without time zone DEFAULT now() NOT NULL,
+    id uuid DEFAULT gen_random_uuid() NOT NULL
+);
+
+
+--
+-- Name: messages_2026_04_22; Type: TABLE; Schema: realtime; Owner: -
+--
+
+CREATE TABLE realtime.messages_2026_04_22 (
+    topic text NOT NULL,
+    extension text NOT NULL,
+    payload jsonb,
+    event text,
+    private boolean DEFAULT false,
+    updated_at timestamp without time zone DEFAULT now() NOT NULL,
+    inserted_at timestamp without time zone DEFAULT now() NOT NULL,
+    id uuid DEFAULT gen_random_uuid() NOT NULL
+);
+
+
+--
+-- Name: messages_2026_04_23; Type: TABLE; Schema: realtime; Owner: -
+--
+
+CREATE TABLE realtime.messages_2026_04_23 (
+    topic text NOT NULL,
+    extension text NOT NULL,
+    payload jsonb,
+    event text,
+    private boolean DEFAULT false,
+    updated_at timestamp without time zone DEFAULT now() NOT NULL,
+    inserted_at timestamp without time zone DEFAULT now() NOT NULL,
+    id uuid DEFAULT gen_random_uuid() NOT NULL
+);
+
+
+--
+-- Name: messages_2026_04_24; Type: TABLE; Schema: realtime; Owner: -
+--
+
+CREATE TABLE realtime.messages_2026_04_24 (
+    topic text NOT NULL,
+    extension text NOT NULL,
+    payload jsonb,
+    event text,
+    private boolean DEFAULT false,
+    updated_at timestamp without time zone DEFAULT now() NOT NULL,
+    inserted_at timestamp without time zone DEFAULT now() NOT NULL,
+    id uuid DEFAULT gen_random_uuid() NOT NULL
+);
+
+
 --
 -- Name: schema_migrations; Type: TABLE; Schema: realtime; Owner: -
 --
@@ -12698,34 +16286,6 @@ CREATE TABLE supabase_functions.migrations (
 );
 
 
---
--- Name: messages_2026_04_14; Type: TABLE ATTACH; Schema: realtime; Owner: -
---
-
-ALTER TABLE ONLY realtime.messages ATTACH PARTITION realtime.messages_2026_04_14 FOR VALUES FROM ('2026-04-14 00:00:00') TO ('2026-04-15 00:00:00');
-
-
---
--- Name: messages_2026_04_15; Type: TABLE ATTACH; Schema: realtime; Owner: -
---
-
-ALTER TABLE ONLY realtime.messages ATTACH PARTITION realtime.messages_2026_04_15 FOR VALUES FROM ('2026-04-15 00:00:00') TO ('2026-04-16 00:00:00');
-
-
---
--- Name: messages_2026_04_16; Type: TABLE ATTACH; Schema: realtime; Owner: -
---
-
-ALTER TABLE ONLY realtime.messages ATTACH PARTITION realtime.messages_2026_04_16 FOR VALUES FROM ('2026-04-16 00:00:00') TO ('2026-04-17 00:00:00');
-
-
---
--- Name: messages_2026_04_17; Type: TABLE ATTACH; Schema: realtime; Owner: -
---
-
-ALTER TABLE ONLY realtime.messages ATTACH PARTITION realtime.messages_2026_04_17 FOR VALUES FROM ('2026-04-17 00:00:00') TO ('2026-04-18 00:00:00');
-
-
 --
 -- Name: messages_2026_04_18; Type: TABLE ATTACH; Schema: realtime; Owner: -
 --
@@ -12747,6 +16307,34 @@ ALTER TABLE ONLY realtime.messages ATTACH PARTITION realtime.messages_2026_04_19
 ALTER TABLE ONLY realtime.messages ATTACH PARTITION realtime.messages_2026_04_20 FOR VALUES FROM ('2026-04-20 00:00:00') TO ('2026-04-21 00:00:00');
 
 
+--
+-- Name: messages_2026_04_21; Type: TABLE ATTACH; Schema: realtime; Owner: -
+--
+
+ALTER TABLE ONLY realtime.messages ATTACH PARTITION realtime.messages_2026_04_21 FOR VALUES FROM ('2026-04-21 00:00:00') TO ('2026-04-22 00:00:00');
+
+
+--
+-- Name: messages_2026_04_22; Type: TABLE ATTACH; Schema: realtime; Owner: -
+--
+
+ALTER TABLE ONLY realtime.messages ATTACH PARTITION realtime.messages_2026_04_22 FOR VALUES FROM ('2026-04-22 00:00:00') TO ('2026-04-23 00:00:00');
+
+
+--
+-- Name: messages_2026_04_23; Type: TABLE ATTACH; Schema: realtime; Owner: -
+--
+
+ALTER TABLE ONLY realtime.messages ATTACH PARTITION realtime.messages_2026_04_23 FOR VALUES FROM ('2026-04-23 00:00:00') TO ('2026-04-24 00:00:00');
+
+
+--
+-- Name: messages_2026_04_24; Type: TABLE ATTACH; Schema: realtime; Owner: -
+--
+
+ALTER TABLE ONLY realtime.messages ATTACH PARTITION realtime.messages_2026_04_24 FOR VALUES FROM ('2026-04-24 00:00:00') TO ('2026-04-25 00:00:00');
+
+
 --
 -- Name: refresh_tokens id; Type: DEFAULT; Schema: auth; Owner: -
 --
@@ -12768,6 +16356,111 @@ ALTER TABLE ONLY public._db_migrations ALTER COLUMN id SET DEFAULT nextval('publ
 ALTER TABLE ONLY public.agenda_online_slots ALTER COLUMN id SET DEFAULT nextval('public.agenda_online_slots_id_seq'::regclass);
 
 
+--
+-- Name: audit_logs id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.audit_logs ALTER COLUMN id SET DEFAULT nextval('public.audit_logs_id_seq'::regclass);
+
+
+--
+-- Name: conversation_autoreply_log id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_autoreply_log ALTER COLUMN id SET DEFAULT nextval('public.conversation_autoreply_log_id_seq'::regclass);
+
+
+--
+-- Name: conversation_messages id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_messages ALTER COLUMN id SET DEFAULT nextval('public.conversation_messages_id_seq'::regclass);
+
+
+--
+-- Name: dev_auditoria_items id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_auditoria_items ALTER COLUMN id SET DEFAULT nextval('public.dev_auditoria_items_id_seq'::regclass);
+
+
+--
+-- Name: dev_comparison_competitor_status id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_comparison_competitor_status ALTER COLUMN id SET DEFAULT nextval('public.dev_comparison_competitor_status_id_seq'::regclass);
+
+
+--
+-- Name: dev_comparison_matrix id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_comparison_matrix ALTER COLUMN id SET DEFAULT nextval('public.dev_comparison_matrix_id_seq'::regclass);
+
+
+--
+-- Name: dev_competitor_features id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_competitor_features ALTER COLUMN id SET DEFAULT nextval('public.dev_competitor_features_id_seq'::regclass);
+
+
+--
+-- Name: dev_competitors id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_competitors ALTER COLUMN id SET DEFAULT nextval('public.dev_competitors_id_seq'::regclass);
+
+
+--
+-- Name: dev_generation_log id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_generation_log ALTER COLUMN id SET DEFAULT nextval('public.dev_generation_log_id_seq'::regclass);
+
+
+--
+-- Name: dev_roadmap_items id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_roadmap_items ALTER COLUMN id SET DEFAULT nextval('public.dev_roadmap_items_id_seq'::regclass);
+
+
+--
+-- Name: dev_roadmap_phases id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_roadmap_phases ALTER COLUMN id SET DEFAULT nextval('public.dev_roadmap_phases_id_seq'::regclass);
+
+
+--
+-- Name: dev_test_items id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_test_items ALTER COLUMN id SET DEFAULT nextval('public.dev_test_items_id_seq'::regclass);
+
+
+--
+-- Name: dev_verificacoes_items id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_verificacoes_items ALTER COLUMN id SET DEFAULT nextval('public.dev_verificacoes_items_id_seq'::regclass);
+
+
+--
+-- Name: session_reminder_logs id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.session_reminder_logs ALTER COLUMN id SET DEFAULT nextval('public.session_reminder_logs_id_seq'::regclass);
+
+
+--
+-- Name: whatsapp_credits_transactions id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.whatsapp_credits_transactions ALTER COLUMN id SET DEFAULT nextval('public.whatsapp_credits_transactions_id_seq'::regclass);
+
+
 --
 -- Name: hooks id; Type: DEFAULT; Schema: supabase_functions; Owner: -
 --
@@ -13199,6 +16892,14 @@ ALTER TABLE ONLY public.agendador_solicitacoes
     ADD CONSTRAINT agendador_solicitacoes_pkey PRIMARY KEY (id);
 
 
+--
+-- Name: audit_logs audit_logs_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.audit_logs
+    ADD CONSTRAINT audit_logs_pkey PRIMARY KEY (id);
+
+
 --
 -- Name: billing_contracts billing_contracts_pkey; Type: CONSTRAINT; Schema: public; Owner: -
 --
@@ -13239,6 +16940,102 @@ ALTER TABLE ONLY public.company_profiles
     ADD CONSTRAINT company_profiles_tenant_id_key UNIQUE (tenant_id);
 
 
+--
+-- Name: contact_email_types contact_email_types_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.contact_email_types
+    ADD CONSTRAINT contact_email_types_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: contact_emails contact_emails_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.contact_emails
+    ADD CONSTRAINT contact_emails_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: contact_phones contact_phones_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.contact_phones
+    ADD CONSTRAINT contact_phones_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: contact_types contact_types_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.contact_types
+    ADD CONSTRAINT contact_types_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: conversation_autoreply_log conversation_autoreply_log_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_autoreply_log
+    ADD CONSTRAINT conversation_autoreply_log_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: conversation_autoreply_settings conversation_autoreply_settings_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_autoreply_settings
+    ADD CONSTRAINT conversation_autoreply_settings_pkey PRIMARY KEY (tenant_id);
+
+
+--
+-- Name: conversation_messages conversation_messages_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_messages
+    ADD CONSTRAINT conversation_messages_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: conversation_notes conversation_notes_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_notes
+    ADD CONSTRAINT conversation_notes_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: conversation_optout_keywords conversation_optout_keywords_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_optout_keywords
+    ADD CONSTRAINT conversation_optout_keywords_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: conversation_optouts conversation_optouts_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_optouts
+    ADD CONSTRAINT conversation_optouts_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: conversation_tags conversation_tags_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_tags
+    ADD CONSTRAINT conversation_tags_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: conversation_thread_tags conversation_thread_tags_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_thread_tags
+    ADD CONSTRAINT conversation_thread_tags_pkey PRIMARY KEY (tenant_id, thread_key, tag_id);
+
+
 --
 -- Name: determined_commitment_fields determined_commitment_fields_pkey; Type: CONSTRAINT; Schema: public; Owner: -
 --
@@ -13263,6 +17060,102 @@ ALTER TABLE ONLY public.determined_commitments
     ADD CONSTRAINT determined_commitments_tenant_native_key_uq UNIQUE (tenant_id, native_key);
 
 
+--
+-- Name: dev_auditoria_items dev_auditoria_items_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_auditoria_items
+    ADD CONSTRAINT dev_auditoria_items_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: dev_comparison_competitor_status dev_comparison_competitor_statu_comparison_id_competitor_id_key; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_comparison_competitor_status
+    ADD CONSTRAINT dev_comparison_competitor_statu_comparison_id_competitor_id_key UNIQUE (comparison_id, competitor_id);
+
+
+--
+-- Name: dev_comparison_competitor_status dev_comparison_competitor_status_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_comparison_competitor_status
+    ADD CONSTRAINT dev_comparison_competitor_status_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: dev_comparison_matrix dev_comparison_matrix_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_comparison_matrix
+    ADD CONSTRAINT dev_comparison_matrix_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: dev_competitor_features dev_competitor_features_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_competitor_features
+    ADD CONSTRAINT dev_competitor_features_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: dev_competitors dev_competitors_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_competitors
+    ADD CONSTRAINT dev_competitors_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: dev_competitors dev_competitors_slug_key; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_competitors
+    ADD CONSTRAINT dev_competitors_slug_key UNIQUE (slug);
+
+
+--
+-- Name: dev_generation_log dev_generation_log_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_generation_log
+    ADD CONSTRAINT dev_generation_log_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: dev_roadmap_items dev_roadmap_items_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_roadmap_items
+    ADD CONSTRAINT dev_roadmap_items_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: dev_roadmap_phases dev_roadmap_phases_numero_key; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_roadmap_phases
+    ADD CONSTRAINT dev_roadmap_phases_numero_key UNIQUE (numero);
+
+
+--
+-- Name: dev_roadmap_phases dev_roadmap_phases_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_roadmap_phases
+    ADD CONSTRAINT dev_roadmap_phases_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: dev_test_items dev_test_items_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_test_items
+    ADD CONSTRAINT dev_test_items_pkey PRIMARY KEY (id);
+
+
 --
 -- Name: dev_user_credentials dev_user_credentials_email_key; Type: CONSTRAINT; Schema: public; Owner: -
 --
@@ -13279,6 +17172,14 @@ ALTER TABLE ONLY public.dev_user_credentials
     ADD CONSTRAINT dev_user_credentials_pkey PRIMARY KEY (id);
 
 
+--
+-- Name: dev_verificacoes_items dev_verificacoes_items_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_verificacoes_items
+    ADD CONSTRAINT dev_verificacoes_items_pkey PRIMARY KEY (id);
+
+
 --
 -- Name: document_access_logs document_access_logs_pkey; Type: CONSTRAINT; Schema: public; Owner: -
 --
@@ -13479,6 +17380,14 @@ ALTER TABLE ONLY public.login_carousel_slides
     ADD CONSTRAINT login_carousel_slides_pkey PRIMARY KEY (id);
 
 
+--
+-- Name: math_challenges math_challenges_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.math_challenges
+    ADD CONSTRAINT math_challenges_pkey PRIMARY KEY (id);
+
+
 --
 -- Name: medicos medicos_crm_owner_unique; Type: CONSTRAINT; Schema: public; Owner: -
 --
@@ -13639,6 +17548,14 @@ ALTER TABLE ONLY public.patient_intake_requests
     ADD CONSTRAINT patient_intake_requests_pkey PRIMARY KEY (id);
 
 
+--
+-- Name: patient_invite_attempts patient_invite_attempts_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.patient_invite_attempts
+    ADD CONSTRAINT patient_invite_attempts_pkey PRIMARY KEY (id);
+
+
 --
 -- Name: patient_invites patient_invites_pkey; Type: CONSTRAINT; Schema: public; Owner: -
 --
@@ -13799,6 +17716,14 @@ ALTER TABLE ONLY public.profiles
     ADD CONSTRAINT profiles_pkey PRIMARY KEY (id);
 
 
+--
+-- Name: public_submission_attempts public_submission_attempts_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.public_submission_attempts
+    ADD CONSTRAINT public_submission_attempts_pkey PRIMARY KEY (id);
+
+
 --
 -- Name: recurrence_exceptions recurrence_exceptions_pkey; Type: CONSTRAINT; Schema: public; Owner: -
 --
@@ -13879,6 +17804,22 @@ ALTER TABLE ONLY public.saas_faq
     ADD CONSTRAINT saas_faq_pkey PRIMARY KEY (id);
 
 
+--
+-- Name: saas_security_config saas_security_config_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.saas_security_config
+    ADD CONSTRAINT saas_security_config_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: saas_twilio_config saas_twilio_config_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.saas_twilio_config
+    ADD CONSTRAINT saas_twilio_config_pkey PRIMARY KEY (id);
+
+
 --
 -- Name: services services_pkey; Type: CONSTRAINT; Schema: public; Owner: -
 --
@@ -13887,6 +17828,30 @@ ALTER TABLE ONLY public.services
     ADD CONSTRAINT services_pkey PRIMARY KEY (id);
 
 
+--
+-- Name: session_reminder_logs session_reminder_logs_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.session_reminder_logs
+    ADD CONSTRAINT session_reminder_logs_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: session_reminder_settings session_reminder_settings_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.session_reminder_settings
+    ADD CONSTRAINT session_reminder_settings_pkey PRIMARY KEY (tenant_id);
+
+
+--
+-- Name: submission_rate_limits submission_rate_limits_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.submission_rate_limits
+    ADD CONSTRAINT submission_rate_limits_pkey PRIMARY KEY (ip_hash, endpoint);
+
+
 --
 -- Name: subscription_events subscription_events_pkey; Type: CONSTRAINT; Schema: public; Owner: -
 --
@@ -14087,6 +18052,38 @@ ALTER TABLE ONLY public.user_settings
     ADD CONSTRAINT user_settings_pkey PRIMARY KEY (user_id);
 
 
+--
+-- Name: whatsapp_credit_packages whatsapp_credit_packages_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.whatsapp_credit_packages
+    ADD CONSTRAINT whatsapp_credit_packages_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: whatsapp_credit_purchases whatsapp_credit_purchases_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.whatsapp_credit_purchases
+    ADD CONSTRAINT whatsapp_credit_purchases_pkey PRIMARY KEY (id);
+
+
+--
+-- Name: whatsapp_credits_balance whatsapp_credits_balance_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.whatsapp_credits_balance
+    ADD CONSTRAINT whatsapp_credits_balance_pkey PRIMARY KEY (tenant_id);
+
+
+--
+-- Name: whatsapp_credits_transactions whatsapp_credits_transactions_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.whatsapp_credits_transactions
+    ADD CONSTRAINT whatsapp_credits_transactions_pkey PRIMARY KEY (id);
+
+
 --
 -- Name: messages messages_pkey; Type: CONSTRAINT; Schema: realtime; Owner: -
 --
@@ -14095,38 +18092,6 @@ ALTER TABLE ONLY realtime.messages
     ADD CONSTRAINT messages_pkey PRIMARY KEY (id, inserted_at);
 
 
---
--- Name: messages_2026_04_14 messages_2026_04_14_pkey; Type: CONSTRAINT; Schema: realtime; Owner: -
---
-
-ALTER TABLE ONLY realtime.messages_2026_04_14
-    ADD CONSTRAINT messages_2026_04_14_pkey PRIMARY KEY (id, inserted_at);
-
-
---
--- Name: messages_2026_04_15 messages_2026_04_15_pkey; Type: CONSTRAINT; Schema: realtime; Owner: -
---
-
-ALTER TABLE ONLY realtime.messages_2026_04_15
-    ADD CONSTRAINT messages_2026_04_15_pkey PRIMARY KEY (id, inserted_at);
-
-
---
--- Name: messages_2026_04_16 messages_2026_04_16_pkey; Type: CONSTRAINT; Schema: realtime; Owner: -
---
-
-ALTER TABLE ONLY realtime.messages_2026_04_16
-    ADD CONSTRAINT messages_2026_04_16_pkey PRIMARY KEY (id, inserted_at);
-
-
---
--- Name: messages_2026_04_17 messages_2026_04_17_pkey; Type: CONSTRAINT; Schema: realtime; Owner: -
---
-
-ALTER TABLE ONLY realtime.messages_2026_04_17
-    ADD CONSTRAINT messages_2026_04_17_pkey PRIMARY KEY (id, inserted_at);
-
-
 --
 -- Name: messages_2026_04_18 messages_2026_04_18_pkey; Type: CONSTRAINT; Schema: realtime; Owner: -
 --
@@ -14151,6 +18116,38 @@ ALTER TABLE ONLY realtime.messages_2026_04_20
     ADD CONSTRAINT messages_2026_04_20_pkey PRIMARY KEY (id, inserted_at);
 
 
+--
+-- Name: messages_2026_04_21 messages_2026_04_21_pkey; Type: CONSTRAINT; Schema: realtime; Owner: -
+--
+
+ALTER TABLE ONLY realtime.messages_2026_04_21
+    ADD CONSTRAINT messages_2026_04_21_pkey PRIMARY KEY (id, inserted_at);
+
+
+--
+-- Name: messages_2026_04_22 messages_2026_04_22_pkey; Type: CONSTRAINT; Schema: realtime; Owner: -
+--
+
+ALTER TABLE ONLY realtime.messages_2026_04_22
+    ADD CONSTRAINT messages_2026_04_22_pkey PRIMARY KEY (id, inserted_at);
+
+
+--
+-- Name: messages_2026_04_23 messages_2026_04_23_pkey; Type: CONSTRAINT; Schema: realtime; Owner: -
+--
+
+ALTER TABLE ONLY realtime.messages_2026_04_23
+    ADD CONSTRAINT messages_2026_04_23_pkey PRIMARY KEY (id, inserted_at);
+
+
+--
+-- Name: messages_2026_04_24 messages_2026_04_24_pkey; Type: CONSTRAINT; Schema: realtime; Owner: -
+--
+
+ALTER TABLE ONLY realtime.messages_2026_04_24
+    ADD CONSTRAINT messages_2026_04_24_pkey PRIMARY KEY (id, inserted_at);
+
+
 --
 -- Name: subscription pk_subscription; Type: CONSTRAINT; Schema: realtime; Owner: -
 --
@@ -15202,6 +19199,20 @@ CREATE INDEX idx_addon_tx_type ON public.addon_transactions USING btree (type);
 CREATE INDEX idx_agenda_eventos_determined_commitment_id ON public.agenda_eventos USING btree (determined_commitment_id);
 
 
+--
+-- Name: idx_agenda_eventos_titulo_custom_trgm; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_agenda_eventos_titulo_custom_trgm ON public.agenda_eventos USING gin (titulo_custom public.gin_trgm_ops) WHERE (titulo_custom IS NOT NULL);
+
+
+--
+-- Name: idx_agenda_eventos_titulo_trgm; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_agenda_eventos_titulo_trgm ON public.agenda_eventos USING gin (titulo public.gin_trgm_ops) WHERE (titulo IS NOT NULL);
+
+
 --
 -- Name: idx_agenda_excecoes_owner_data; Type: INDEX; Schema: public; Owner: -
 --
@@ -15216,6 +19227,398 @@ CREATE INDEX idx_agenda_excecoes_owner_data ON public.agenda_excecoes USING btre
 CREATE INDEX idx_agenda_slots_regras_owner_dia ON public.agenda_slots_regras USING btree (owner_id, dia_semana);
 
 
+--
+-- Name: idx_audit_logs_changed_fields; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_audit_logs_changed_fields ON public.audit_logs USING gin (changed_fields);
+
+
+--
+-- Name: idx_audit_logs_entity; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_audit_logs_entity ON public.audit_logs USING btree (entity_type, entity_id);
+
+
+--
+-- Name: idx_audit_logs_tenant_created; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_audit_logs_tenant_created ON public.audit_logs USING btree (tenant_id, created_at DESC);
+
+
+--
+-- Name: idx_audit_logs_user_created; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_audit_logs_user_created ON public.audit_logs USING btree (user_id, created_at DESC) WHERE (user_id IS NOT NULL);
+
+
+--
+-- Name: idx_autoreply_log_cooldown; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_autoreply_log_cooldown ON public.conversation_autoreply_log USING btree (tenant_id, thread_key, sent_at DESC);
+
+
+--
+-- Name: idx_contact_email_types_tenant; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_contact_email_types_tenant ON public.contact_email_types USING btree (tenant_id, "position");
+
+
+--
+-- Name: idx_contact_emails_email; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_contact_emails_email ON public.contact_emails USING btree (tenant_id, email);
+
+
+--
+-- Name: idx_contact_emails_entity; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_contact_emails_entity ON public.contact_emails USING btree (tenant_id, entity_type, entity_id, "position");
+
+
+--
+-- Name: idx_contact_phones_entity; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_contact_phones_entity ON public.contact_phones USING btree (tenant_id, entity_type, entity_id, "position");
+
+
+--
+-- Name: idx_contact_phones_number; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_contact_phones_number ON public.contact_phones USING btree (tenant_id, number);
+
+
+--
+-- Name: idx_contact_types_tenant; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_contact_types_tenant ON public.contact_types USING btree (tenant_id, "position");
+
+
+--
+-- Name: idx_conv_msg_delivery_status; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_msg_delivery_status ON public.conversation_messages USING btree (tenant_id, delivery_status) WHERE (direction = 'outbound'::text);
+
+
+--
+-- Name: idx_conv_msg_from_number; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_msg_from_number ON public.conversation_messages USING btree (tenant_id, from_number);
+
+
+--
+-- Name: idx_conv_msg_kanban; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_msg_kanban ON public.conversation_messages USING btree (tenant_id, kanban_status, priority DESC, created_at DESC);
+
+
+--
+-- Name: idx_conv_msg_patient; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_msg_patient ON public.conversation_messages USING btree (patient_id, created_at DESC) WHERE (patient_id IS NOT NULL);
+
+
+--
+-- Name: idx_conv_msg_provider_msg_id; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_msg_provider_msg_id ON public.conversation_messages USING btree (provider_message_id) WHERE (provider_message_id IS NOT NULL);
+
+
+--
+-- Name: idx_conv_msg_tenant_created; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_msg_tenant_created ON public.conversation_messages USING btree (tenant_id, created_at DESC);
+
+
+--
+-- Name: idx_conv_notes_created_by; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_notes_created_by ON public.conversation_notes USING btree (created_by, created_at DESC) WHERE (deleted_at IS NULL);
+
+
+--
+-- Name: idx_conv_notes_patient; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_notes_patient ON public.conversation_notes USING btree (patient_id, created_at DESC) WHERE ((deleted_at IS NULL) AND (patient_id IS NOT NULL));
+
+
+--
+-- Name: idx_conv_notes_tenant_thread; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_notes_tenant_thread ON public.conversation_notes USING btree (tenant_id, thread_key, created_at DESC) WHERE (deleted_at IS NULL);
+
+
+--
+-- Name: idx_conv_optout_kw_tenant; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_optout_kw_tenant ON public.conversation_optout_keywords USING btree (tenant_id) WHERE (enabled = true);
+
+
+--
+-- Name: idx_conv_optouts_patient; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_optouts_patient ON public.conversation_optouts USING btree (patient_id) WHERE (patient_id IS NOT NULL);
+
+
+--
+-- Name: idx_conv_optouts_tenant_phone; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_optouts_tenant_phone ON public.conversation_optouts USING btree (tenant_id, phone);
+
+
+--
+-- Name: idx_conv_tags_tenant; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_tags_tenant ON public.conversation_tags USING btree (tenant_id, "position");
+
+
+--
+-- Name: idx_conv_thread_tags_tag; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_thread_tags_tag ON public.conversation_thread_tags USING btree (tag_id);
+
+
+--
+-- Name: idx_conv_thread_tags_tenant_thread; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_conv_thread_tags_tenant_thread ON public.conversation_thread_tags USING btree (tenant_id, thread_key);
+
+
+--
+-- Name: idx_dev_auditoria_items_categoria; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_auditoria_items_categoria ON public.dev_auditoria_items USING btree (categoria);
+
+
+--
+-- Name: idx_dev_auditoria_items_ordem; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_auditoria_items_ordem ON public.dev_auditoria_items USING btree (ordem);
+
+
+--
+-- Name: idx_dev_auditoria_items_severidade; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_auditoria_items_severidade ON public.dev_auditoria_items USING btree (severidade);
+
+
+--
+-- Name: idx_dev_auditoria_items_status; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_auditoria_items_status ON public.dev_auditoria_items USING btree (status);
+
+
+--
+-- Name: idx_dev_ccs_comp; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_ccs_comp ON public.dev_comparison_competitor_status USING btree (competitor_id);
+
+
+--
+-- Name: idx_dev_ccs_comparison; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_ccs_comparison ON public.dev_comparison_competitor_status USING btree (comparison_id);
+
+
+--
+-- Name: idx_dev_comparison_matrix_dominio; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_comparison_matrix_dominio ON public.dev_comparison_matrix USING btree (dominio);
+
+
+--
+-- Name: idx_dev_comparison_matrix_status; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_comparison_matrix_status ON public.dev_comparison_matrix USING btree (nosso_status);
+
+
+--
+-- Name: idx_dev_competitor_features_cat; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_competitor_features_cat ON public.dev_competitor_features USING btree (categoria);
+
+
+--
+-- Name: idx_dev_competitor_features_comp; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_competitor_features_comp ON public.dev_competitor_features USING btree (competitor_id);
+
+
+--
+-- Name: idx_dev_competitor_features_destaque; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_competitor_features_destaque ON public.dev_competitor_features USING btree (destaque);
+
+
+--
+-- Name: idx_dev_competitor_features_ordem; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_competitor_features_ordem ON public.dev_competitor_features USING btree (competitor_id, ordem);
+
+
+--
+-- Name: idx_dev_competitors_ativo; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_competitors_ativo ON public.dev_competitors USING btree (ativo);
+
+
+--
+-- Name: idx_dev_competitors_pais; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_competitors_pais ON public.dev_competitors USING btree (pais);
+
+
+--
+-- Name: idx_dev_generation_log_created; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_generation_log_created ON public.dev_generation_log USING btree (created_at DESC);
+
+
+--
+-- Name: idx_dev_generation_log_tipo; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_generation_log_tipo ON public.dev_generation_log USING btree (tipo);
+
+
+--
+-- Name: idx_dev_roadmap_items_ordem; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_roadmap_items_ordem ON public.dev_roadmap_items USING btree (phase_id, ordem);
+
+
+--
+-- Name: idx_dev_roadmap_items_phase; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_roadmap_items_phase ON public.dev_roadmap_items USING btree (phase_id);
+
+
+--
+-- Name: idx_dev_roadmap_items_prior; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_roadmap_items_prior ON public.dev_roadmap_items USING btree (prioridade);
+
+
+--
+-- Name: idx_dev_roadmap_items_status; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_roadmap_items_status ON public.dev_roadmap_items USING btree (status);
+
+
+--
+-- Name: idx_dev_roadmap_phases_ordem; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_roadmap_phases_ordem ON public.dev_roadmap_phases USING btree (ordem);
+
+
+--
+-- Name: idx_dev_roadmap_phases_status; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_roadmap_phases_status ON public.dev_roadmap_phases USING btree (status);
+
+
+--
+-- Name: idx_dev_test_items_area; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_test_items_area ON public.dev_test_items USING btree (area);
+
+
+--
+-- Name: idx_dev_test_items_ordem; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_test_items_ordem ON public.dev_test_items USING btree (area, ordem);
+
+
+--
+-- Name: idx_dev_test_items_status; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_test_items_status ON public.dev_test_items USING btree (status);
+
+
+--
+-- Name: idx_dev_verificacoes_area; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_verificacoes_area ON public.dev_verificacoes_items USING btree (area);
+
+
+--
+-- Name: idx_dev_verificacoes_ordem; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_verificacoes_ordem ON public.dev_verificacoes_items USING btree (area, ordem);
+
+
+--
+-- Name: idx_dev_verificacoes_severidade; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_verificacoes_severidade ON public.dev_verificacoes_items USING btree (severidade);
+
+
+--
+-- Name: idx_dev_verificacoes_status; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_dev_verificacoes_status ON public.dev_verificacoes_items USING btree (status);
+
+
+--
+-- Name: idx_documents_content_sha256; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_documents_content_sha256 ON public.documents USING btree (content_sha256) WHERE (content_sha256 IS NOT NULL);
+
+
 --
 -- Name: idx_email_templates_global_domain; Type: INDEX; Schema: public; Owner: -
 --
@@ -15244,6 +19647,13 @@ CREATE INDEX idx_email_templates_tenant_lookup ON public.email_templates_tenant
 CREATE INDEX idx_email_templates_tenant_owner ON public.email_templates_tenant USING btree (owner_id, template_key) WHERE ((enabled = true) AND (owner_id IS NOT NULL));
 
 
+--
+-- Name: idx_features_is_active; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_features_is_active ON public.features USING btree (is_active) WHERE (is_active = false);
+
+
 --
 -- Name: idx_financial_categories_user_id; Type: INDEX; Schema: public; Owner: -
 --
@@ -15377,6 +19787,13 @@ CREATE INDEX idx_intakes_owner_status_created ON public.patient_intake_requests
 CREATE INDEX idx_intakes_status_created ON public.patient_intake_requests USING btree (status, created_at DESC);
 
 
+--
+-- Name: idx_mc_expires; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_mc_expires ON public.math_challenges USING btree (expires_at);
+
+
 --
 -- Name: idx_notice_dismissals_user; Type: INDEX; Schema: public; Owner: -
 --
@@ -15566,6 +19983,41 @@ CREATE INDEX idx_patient_groups_owner ON public.patient_groups USING btree (owne
 CREATE INDEX idx_patient_groups_owner_system_nome ON public.patient_groups USING btree (owner_id, is_system, nome);
 
 
+--
+-- Name: idx_patient_intake_requests_nome_trgm; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_patient_intake_requests_nome_trgm ON public.patient_intake_requests USING gin (nome_completo public.gin_trgm_ops) WHERE (status = 'new'::text);
+
+
+--
+-- Name: idx_patient_invite_attempts_created; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_patient_invite_attempts_created ON public.patient_invite_attempts USING btree (created_at DESC);
+
+
+--
+-- Name: idx_patient_invite_attempts_ok; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_patient_invite_attempts_ok ON public.patient_invite_attempts USING btree (ok) WHERE (ok = false);
+
+
+--
+-- Name: idx_patient_invite_attempts_owner; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_patient_invite_attempts_owner ON public.patient_invite_attempts USING btree (owner_id);
+
+
+--
+-- Name: idx_patient_invite_attempts_token; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_patient_invite_attempts_token ON public.patient_invite_attempts USING btree (token);
+
+
 --
 -- Name: idx_patient_tags_owner; Type: INDEX; Schema: public; Owner: -
 --
@@ -15573,6 +20025,13 @@ CREATE INDEX idx_patient_groups_owner_system_nome ON public.patient_groups USING
 CREATE INDEX idx_patient_tags_owner ON public.patient_tags USING btree (owner_id);
 
 
+--
+-- Name: idx_patients_cpf_trgm; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_patients_cpf_trgm ON public.patients USING gin (cpf public.gin_trgm_ops) WHERE (cpf IS NOT NULL);
+
+
 --
 -- Name: idx_patients_created_at; Type: INDEX; Schema: public; Owner: -
 --
@@ -15580,6 +20039,13 @@ CREATE INDEX idx_patient_tags_owner ON public.patient_tags USING btree (owner_id
 CREATE INDEX idx_patients_created_at ON public.patients USING btree (created_at DESC);
 
 
+--
+-- Name: idx_patients_email_trgm; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_patients_email_trgm ON public.patients USING gin (email_principal public.gin_trgm_ops) WHERE (email_principal IS NOT NULL);
+
+
 --
 -- Name: idx_patients_last_attended; Type: INDEX; Schema: public; Owner: -
 --
@@ -15587,6 +20053,13 @@ CREATE INDEX idx_patients_created_at ON public.patients USING btree (created_at
 CREATE INDEX idx_patients_last_attended ON public.patients USING btree (last_attended_at DESC);
 
 
+--
+-- Name: idx_patients_nome_trgm; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_patients_nome_trgm ON public.patients USING gin (nome_completo public.gin_trgm_ops);
+
+
 --
 -- Name: idx_patients_origem; Type: INDEX; Schema: public; Owner: -
 --
@@ -15685,6 +20158,27 @@ CREATE INDEX idx_ppt_patient ON public.patient_patient_tag USING btree (patient_
 CREATE INDEX idx_ppt_tag ON public.patient_patient_tag USING btree (tag_id);
 
 
+--
+-- Name: idx_psa_endpoint_created; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_psa_endpoint_created ON public.public_submission_attempts USING btree (endpoint, created_at DESC);
+
+
+--
+-- Name: idx_psa_failed; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_psa_failed ON public.public_submission_attempts USING btree (created_at DESC) WHERE (success = false);
+
+
+--
+-- Name: idx_psa_ip_hash_created; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_psa_ip_hash_created ON public.public_submission_attempts USING btree (ip_hash, created_at DESC) WHERE (ip_hash IS NOT NULL);
+
+
 --
 -- Name: idx_psh_patient; Type: INDEX; Schema: public; Owner: -
 --
@@ -15720,6 +20214,20 @@ CREATE INDEX idx_pt_patient_ocorrido ON public.patient_timeline USING btree (pat
 CREATE INDEX idx_pt_tenant ON public.patient_timeline USING btree (tenant_id, ocorrido_em DESC);
 
 
+--
+-- Name: idx_services_name_trgm; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_services_name_trgm ON public.services USING gin (name public.gin_trgm_ops);
+
+
+--
+-- Name: idx_session_reminder_tenant_sent; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_session_reminder_tenant_sent ON public.session_reminder_logs USING btree (tenant_id, sent_at DESC);
+
+
 --
 -- Name: idx_slots_bloq_owner_dia; Type: INDEX; Schema: public; Owner: -
 --
@@ -15727,6 +20235,20 @@ CREATE INDEX idx_pt_tenant ON public.patient_timeline USING btree (tenant_id, oc
 CREATE INDEX idx_slots_bloq_owner_dia ON public.agenda_slots_bloqueados_semanais USING btree (owner_id, dia_semana);
 
 
+--
+-- Name: idx_srl_blocked_until; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_srl_blocked_until ON public.submission_rate_limits USING btree (blocked_until) WHERE (blocked_until IS NOT NULL);
+
+
+--
+-- Name: idx_srl_endpoint; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_srl_endpoint ON public.submission_rate_limits USING btree (endpoint, last_attempt_at DESC);
+
+
 --
 -- Name: idx_subscription_intents_plan_interval; Type: INDEX; Schema: public; Owner: -
 --
@@ -15825,6 +20347,48 @@ CREATE INDEX idx_twilio_usage_tenant_period ON public.twilio_subaccount_usage US
 CREATE UNIQUE INDEX idx_twilio_usage_unique_period ON public.twilio_subaccount_usage USING btree (channel_id, period_start, period_end);
 
 
+--
+-- Name: idx_wa_credit_packages_active; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_wa_credit_packages_active ON public.whatsapp_credit_packages USING btree (is_active, "position", price_brl) WHERE (is_active = true);
+
+
+--
+-- Name: idx_wa_credit_purchases_asaas_payment; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_wa_credit_purchases_asaas_payment ON public.whatsapp_credit_purchases USING btree (asaas_payment_id) WHERE (asaas_payment_id IS NOT NULL);
+
+
+--
+-- Name: idx_wa_credit_purchases_status; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_wa_credit_purchases_status ON public.whatsapp_credit_purchases USING btree (status, created_at DESC);
+
+
+--
+-- Name: idx_wa_credit_purchases_tenant; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_wa_credit_purchases_tenant ON public.whatsapp_credit_purchases USING btree (tenant_id, created_at DESC);
+
+
+--
+-- Name: idx_wa_credits_tx_kind; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_wa_credits_tx_kind ON public.whatsapp_credits_transactions USING btree (tenant_id, kind, created_at DESC);
+
+
+--
+-- Name: idx_wa_credits_tx_tenant_created; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX idx_wa_credits_tx_tenant_created ON public.whatsapp_credits_transactions USING btree (tenant_id, created_at DESC);
+
+
 --
 -- Name: insurance_plans_owner_idx; Type: INDEX; Schema: public; Owner: -
 --
@@ -16448,6 +21012,69 @@ CREATE INDEX tenant_modules_owner_idx ON public.tenant_modules USING btree (owne
 CREATE UNIQUE INDEX unique_member_per_tenant ON public.tenant_members USING btree (tenant_id, user_id);
 
 
+--
+-- Name: uq_contact_email_types_system_slug; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE UNIQUE INDEX uq_contact_email_types_system_slug ON public.contact_email_types USING btree (slug) WHERE (tenant_id IS NULL);
+
+
+--
+-- Name: uq_contact_email_types_tenant_slug; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE UNIQUE INDEX uq_contact_email_types_tenant_slug ON public.contact_email_types USING btree (tenant_id, slug) WHERE (tenant_id IS NOT NULL);
+
+
+--
+-- Name: uq_contact_emails_primary; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE UNIQUE INDEX uq_contact_emails_primary ON public.contact_emails USING btree (entity_type, entity_id) WHERE (is_primary = true);
+
+
+--
+-- Name: uq_contact_phones_primary; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE UNIQUE INDEX uq_contact_phones_primary ON public.contact_phones USING btree (entity_type, entity_id) WHERE (is_primary = true);
+
+
+--
+-- Name: uq_contact_types_system_slug; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE UNIQUE INDEX uq_contact_types_system_slug ON public.contact_types USING btree (slug) WHERE (tenant_id IS NULL);
+
+
+--
+-- Name: uq_contact_types_tenant_slug; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE UNIQUE INDEX uq_contact_types_tenant_slug ON public.contact_types USING btree (tenant_id, slug) WHERE (tenant_id IS NOT NULL);
+
+
+--
+-- Name: uq_conv_optouts_active; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE UNIQUE INDEX uq_conv_optouts_active ON public.conversation_optouts USING btree (tenant_id, phone) WHERE (opted_back_in_at IS NULL);
+
+
+--
+-- Name: uq_conv_tags_system_slug; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE UNIQUE INDEX uq_conv_tags_system_slug ON public.conversation_tags USING btree (slug) WHERE (tenant_id IS NULL);
+
+
+--
+-- Name: uq_conv_tags_tenant_slug; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE UNIQUE INDEX uq_conv_tags_tenant_slug ON public.conversation_tags USING btree (tenant_id, slug) WHERE (tenant_id IS NOT NULL);
+
+
 --
 -- Name: uq_patient_contacts_primario; Type: INDEX; Schema: public; Owner: -
 --
@@ -16476,6 +21103,13 @@ CREATE UNIQUE INDEX uq_plan_price_active ON public.plan_prices USING btree (plan
 CREATE UNIQUE INDEX uq_plan_prices_active ON public.plan_prices USING btree (plan_id, "interval") WHERE (is_active = true);
 
 
+--
+-- Name: uq_session_reminder_event_type; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE UNIQUE INDEX uq_session_reminder_event_type ON public.session_reminder_logs USING btree (event_id, reminder_type);
+
+
 --
 -- Name: uq_subscriptions_active_by_tenant; Type: INDEX; Schema: public; Owner: -
 --
@@ -16532,34 +21166,6 @@ CREATE INDEX ix_realtime_subscription_entity ON realtime.subscription USING btre
 CREATE INDEX messages_inserted_at_topic_index ON ONLY realtime.messages USING btree (inserted_at DESC, topic) WHERE ((extension = 'broadcast'::text) AND (private IS TRUE));
 
 
---
--- Name: messages_2026_04_14_inserted_at_topic_idx; Type: INDEX; Schema: realtime; Owner: -
---
-
-CREATE INDEX messages_2026_04_14_inserted_at_topic_idx ON realtime.messages_2026_04_14 USING btree (inserted_at DESC, topic) WHERE ((extension = 'broadcast'::text) AND (private IS TRUE));
-
-
---
--- Name: messages_2026_04_15_inserted_at_topic_idx; Type: INDEX; Schema: realtime; Owner: -
---
-
-CREATE INDEX messages_2026_04_15_inserted_at_topic_idx ON realtime.messages_2026_04_15 USING btree (inserted_at DESC, topic) WHERE ((extension = 'broadcast'::text) AND (private IS TRUE));
-
-
---
--- Name: messages_2026_04_16_inserted_at_topic_idx; Type: INDEX; Schema: realtime; Owner: -
---
-
-CREATE INDEX messages_2026_04_16_inserted_at_topic_idx ON realtime.messages_2026_04_16 USING btree (inserted_at DESC, topic) WHERE ((extension = 'broadcast'::text) AND (private IS TRUE));
-
-
---
--- Name: messages_2026_04_17_inserted_at_topic_idx; Type: INDEX; Schema: realtime; Owner: -
---
-
-CREATE INDEX messages_2026_04_17_inserted_at_topic_idx ON realtime.messages_2026_04_17 USING btree (inserted_at DESC, topic) WHERE ((extension = 'broadcast'::text) AND (private IS TRUE));
-
-
 --
 -- Name: messages_2026_04_18_inserted_at_topic_idx; Type: INDEX; Schema: realtime; Owner: -
 --
@@ -16581,6 +21187,34 @@ CREATE INDEX messages_2026_04_19_inserted_at_topic_idx ON realtime.messages_2026
 CREATE INDEX messages_2026_04_20_inserted_at_topic_idx ON realtime.messages_2026_04_20 USING btree (inserted_at DESC, topic) WHERE ((extension = 'broadcast'::text) AND (private IS TRUE));
 
 
+--
+-- Name: messages_2026_04_21_inserted_at_topic_idx; Type: INDEX; Schema: realtime; Owner: -
+--
+
+CREATE INDEX messages_2026_04_21_inserted_at_topic_idx ON realtime.messages_2026_04_21 USING btree (inserted_at DESC, topic) WHERE ((extension = 'broadcast'::text) AND (private IS TRUE));
+
+
+--
+-- Name: messages_2026_04_22_inserted_at_topic_idx; Type: INDEX; Schema: realtime; Owner: -
+--
+
+CREATE INDEX messages_2026_04_22_inserted_at_topic_idx ON realtime.messages_2026_04_22 USING btree (inserted_at DESC, topic) WHERE ((extension = 'broadcast'::text) AND (private IS TRUE));
+
+
+--
+-- Name: messages_2026_04_23_inserted_at_topic_idx; Type: INDEX; Schema: realtime; Owner: -
+--
+
+CREATE INDEX messages_2026_04_23_inserted_at_topic_idx ON realtime.messages_2026_04_23 USING btree (inserted_at DESC, topic) WHERE ((extension = 'broadcast'::text) AND (private IS TRUE));
+
+
+--
+-- Name: messages_2026_04_24_inserted_at_topic_idx; Type: INDEX; Schema: realtime; Owner: -
+--
+
+CREATE INDEX messages_2026_04_24_inserted_at_topic_idx ON realtime.messages_2026_04_24 USING btree (inserted_at DESC, topic) WHERE ((extension = 'broadcast'::text) AND (private IS TRUE));
+
+
 --
 -- Name: subscription_subscription_id_entity_filters_key; Type: INDEX; Schema: realtime; Owner: -
 --
@@ -16679,62 +21313,6 @@ CREATE INDEX supabase_functions_hooks_h_table_id_h_name_idx ON supabase_function
 CREATE INDEX supabase_functions_hooks_request_id_idx ON supabase_functions.hooks USING btree (request_id);
 
 
---
--- Name: messages_2026_04_14_inserted_at_topic_idx; Type: INDEX ATTACH; Schema: realtime; Owner: -
---
-
-ALTER INDEX realtime.messages_inserted_at_topic_index ATTACH PARTITION realtime.messages_2026_04_14_inserted_at_topic_idx;
-
-
---
--- Name: messages_2026_04_14_pkey; Type: INDEX ATTACH; Schema: realtime; Owner: -
---
-
-ALTER INDEX realtime.messages_pkey ATTACH PARTITION realtime.messages_2026_04_14_pkey;
-
-
---
--- Name: messages_2026_04_15_inserted_at_topic_idx; Type: INDEX ATTACH; Schema: realtime; Owner: -
---
-
-ALTER INDEX realtime.messages_inserted_at_topic_index ATTACH PARTITION realtime.messages_2026_04_15_inserted_at_topic_idx;
-
-
---
--- Name: messages_2026_04_15_pkey; Type: INDEX ATTACH; Schema: realtime; Owner: -
---
-
-ALTER INDEX realtime.messages_pkey ATTACH PARTITION realtime.messages_2026_04_15_pkey;
-
-
---
--- Name: messages_2026_04_16_inserted_at_topic_idx; Type: INDEX ATTACH; Schema: realtime; Owner: -
---
-
-ALTER INDEX realtime.messages_inserted_at_topic_index ATTACH PARTITION realtime.messages_2026_04_16_inserted_at_topic_idx;
-
-
---
--- Name: messages_2026_04_16_pkey; Type: INDEX ATTACH; Schema: realtime; Owner: -
---
-
-ALTER INDEX realtime.messages_pkey ATTACH PARTITION realtime.messages_2026_04_16_pkey;
-
-
---
--- Name: messages_2026_04_17_inserted_at_topic_idx; Type: INDEX ATTACH; Schema: realtime; Owner: -
---
-
-ALTER INDEX realtime.messages_inserted_at_topic_index ATTACH PARTITION realtime.messages_2026_04_17_inserted_at_topic_idx;
-
-
---
--- Name: messages_2026_04_17_pkey; Type: INDEX ATTACH; Schema: realtime; Owner: -
---
-
-ALTER INDEX realtime.messages_pkey ATTACH PARTITION realtime.messages_2026_04_17_pkey;
-
-
 --
 -- Name: messages_2026_04_18_inserted_at_topic_idx; Type: INDEX ATTACH; Schema: realtime; Owner: -
 --
@@ -16777,6 +21355,62 @@ ALTER INDEX realtime.messages_inserted_at_topic_index ATTACH PARTITION realtime.
 ALTER INDEX realtime.messages_pkey ATTACH PARTITION realtime.messages_2026_04_20_pkey;
 
 
+--
+-- Name: messages_2026_04_21_inserted_at_topic_idx; Type: INDEX ATTACH; Schema: realtime; Owner: -
+--
+
+ALTER INDEX realtime.messages_inserted_at_topic_index ATTACH PARTITION realtime.messages_2026_04_21_inserted_at_topic_idx;
+
+
+--
+-- Name: messages_2026_04_21_pkey; Type: INDEX ATTACH; Schema: realtime; Owner: -
+--
+
+ALTER INDEX realtime.messages_pkey ATTACH PARTITION realtime.messages_2026_04_21_pkey;
+
+
+--
+-- Name: messages_2026_04_22_inserted_at_topic_idx; Type: INDEX ATTACH; Schema: realtime; Owner: -
+--
+
+ALTER INDEX realtime.messages_inserted_at_topic_index ATTACH PARTITION realtime.messages_2026_04_22_inserted_at_topic_idx;
+
+
+--
+-- Name: messages_2026_04_22_pkey; Type: INDEX ATTACH; Schema: realtime; Owner: -
+--
+
+ALTER INDEX realtime.messages_pkey ATTACH PARTITION realtime.messages_2026_04_22_pkey;
+
+
+--
+-- Name: messages_2026_04_23_inserted_at_topic_idx; Type: INDEX ATTACH; Schema: realtime; Owner: -
+--
+
+ALTER INDEX realtime.messages_inserted_at_topic_index ATTACH PARTITION realtime.messages_2026_04_23_inserted_at_topic_idx;
+
+
+--
+-- Name: messages_2026_04_23_pkey; Type: INDEX ATTACH; Schema: realtime; Owner: -
+--
+
+ALTER INDEX realtime.messages_pkey ATTACH PARTITION realtime.messages_2026_04_23_pkey;
+
+
+--
+-- Name: messages_2026_04_24_inserted_at_topic_idx; Type: INDEX ATTACH; Schema: realtime; Owner: -
+--
+
+ALTER INDEX realtime.messages_inserted_at_topic_index ATTACH PARTITION realtime.messages_2026_04_24_inserted_at_topic_idx;
+
+
+--
+-- Name: messages_2026_04_24_pkey; Type: INDEX ATTACH; Schema: realtime; Owner: -
+--
+
+ALTER INDEX realtime.messages_pkey ATTACH PARTITION realtime.messages_2026_04_24_pkey;
+
+
 --
 -- Name: users on_auth_user_created; Type: TRIGGER; Schema: auth; Owner: -
 --
@@ -16910,6 +21544,41 @@ CREATE TRIGGER trg_agenda_eventos_busy_mirror_upd AFTER UPDATE ON public.agenda_
 CREATE TRIGGER trg_agenda_regras_semanais_no_overlap BEFORE INSERT OR UPDATE ON public.agenda_regras_semanais FOR EACH ROW EXECUTE FUNCTION public.fn_agenda_regras_semanais_no_overlap();
 
 
+--
+-- Name: agenda_eventos trg_audit_agenda_eventos; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_audit_agenda_eventos AFTER INSERT OR DELETE OR UPDATE ON public.agenda_eventos FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
+
+--
+-- Name: documents trg_audit_documents; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_audit_documents AFTER INSERT OR DELETE OR UPDATE ON public.documents FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
+
+--
+-- Name: financial_records trg_audit_financial_records; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_audit_financial_records AFTER INSERT OR DELETE OR UPDATE ON public.financial_records FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
+
+--
+-- Name: patients trg_audit_patients; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_audit_patients AFTER INSERT OR DELETE OR UPDATE ON public.patients FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
+
+--
+-- Name: tenant_members trg_audit_tenant_members; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_audit_tenant_members AFTER INSERT OR DELETE OR UPDATE ON public.tenant_members FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
+
 --
 -- Name: agenda_eventos trg_auto_financial_from_session; Type: TRIGGER; Schema: public; Owner: -
 --
@@ -16938,6 +21607,83 @@ CREATE TRIGGER trg_cancel_notifs_on_session_cancel AFTER UPDATE ON public.agenda
 CREATE TRIGGER trg_company_profiles_updated_at BEFORE UPDATE ON public.company_profiles FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
 
 
+--
+-- Name: contact_email_types trg_contact_email_types_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_contact_email_types_updated_at BEFORE UPDATE ON public.contact_email_types FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+
+--
+-- Name: contact_emails trg_contact_emails_sync_legacy; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_contact_emails_sync_legacy AFTER INSERT OR DELETE OR UPDATE ON public.contact_emails FOR EACH ROW EXECUTE FUNCTION public.sync_legacy_email_fields();
+
+
+--
+-- Name: contact_emails trg_contact_emails_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_contact_emails_updated_at BEFORE UPDATE ON public.contact_emails FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+
+--
+-- Name: contact_phones trg_contact_phones_sync_legacy; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_contact_phones_sync_legacy AFTER INSERT OR DELETE OR UPDATE ON public.contact_phones FOR EACH ROW EXECUTE FUNCTION public.sync_legacy_phone_fields();
+
+
+--
+-- Name: contact_phones trg_contact_phones_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_contact_phones_updated_at BEFORE UPDATE ON public.contact_phones FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+
+--
+-- Name: contact_types trg_contact_types_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_contact_types_updated_at BEFORE UPDATE ON public.contact_types FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+
+--
+-- Name: conversation_autoreply_settings trg_conv_autoreply_settings_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_conv_autoreply_settings_updated_at BEFORE UPDATE ON public.conversation_autoreply_settings FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+
+--
+-- Name: conversation_messages trg_conv_messages_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_conv_messages_updated_at BEFORE UPDATE ON public.conversation_messages FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+
+--
+-- Name: conversation_notes trg_conv_notes_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_conv_notes_updated_at BEFORE UPDATE ON public.conversation_notes FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+
+--
+-- Name: conversation_optouts trg_conv_optouts_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_conv_optouts_updated_at BEFORE UPDATE ON public.conversation_optouts FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+
+--
+-- Name: conversation_tags trg_conv_tags_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_conv_tags_updated_at BEFORE UPDATE ON public.conversation_tags FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+
 --
 -- Name: determined_commitment_fields trg_determined_commitment_fields_updated_at; Type: TRIGGER; Schema: public; Owner: -
 --
@@ -16952,6 +21698,69 @@ CREATE TRIGGER trg_determined_commitment_fields_updated_at BEFORE UPDATE ON publ
 CREATE TRIGGER trg_determined_commitments_updated_at BEFORE UPDATE ON public.determined_commitments FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
 
 
+--
+-- Name: dev_auditoria_items trg_dev_auditoria_items_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_dev_auditoria_items_updated_at BEFORE UPDATE ON public.dev_auditoria_items FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+
+--
+-- Name: dev_comparison_competitor_status trg_dev_ccs_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_dev_ccs_updated_at BEFORE UPDATE ON public.dev_comparison_competitor_status FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+
+--
+-- Name: dev_comparison_matrix trg_dev_comparison_matrix_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_dev_comparison_matrix_updated_at BEFORE UPDATE ON public.dev_comparison_matrix FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+
+--
+-- Name: dev_competitor_features trg_dev_competitor_features_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_dev_competitor_features_updated_at BEFORE UPDATE ON public.dev_competitor_features FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+
+--
+-- Name: dev_competitors trg_dev_competitors_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_dev_competitors_updated_at BEFORE UPDATE ON public.dev_competitors FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+
+--
+-- Name: dev_roadmap_items trg_dev_roadmap_items_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_dev_roadmap_items_updated_at BEFORE UPDATE ON public.dev_roadmap_items FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+
+--
+-- Name: dev_roadmap_phases trg_dev_roadmap_phases_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_dev_roadmap_phases_updated_at BEFORE UPDATE ON public.dev_roadmap_phases FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+
+--
+-- Name: dev_test_items trg_dev_test_items_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_dev_test_items_updated_at BEFORE UPDATE ON public.dev_test_items FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+
+--
+-- Name: dev_verificacoes_items trg_dev_verificacoes_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_dev_verificacoes_updated_at BEFORE UPDATE ON public.dev_verificacoes_items FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+
 --
 -- Name: documents trg_documents_timeline_insert; Type: TRIGGER; Schema: public; Owner: -
 --
@@ -17008,6 +21817,13 @@ CREATE TRIGGER trg_email_templates_global_updated_at BEFORE UPDATE ON public.ema
 CREATE TRIGGER trg_email_templates_tenant_updated_at BEFORE UPDATE ON public.email_templates_tenant FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
 
 
+--
+-- Name: conversation_messages trg_fanout_inbound_to_notifications; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_fanout_inbound_to_notifications AFTER INSERT ON public.conversation_messages FOR EACH ROW EXECUTE FUNCTION public.fanout_inbound_message_to_notifications();
+
+
 --
 -- Name: financial_exceptions trg_financial_exceptions_updated_at; Type: TRIGGER; Schema: public; Owner: -
 --
@@ -17022,6 +21838,13 @@ CREATE TRIGGER trg_financial_exceptions_updated_at BEFORE UPDATE ON public.finan
 CREATE TRIGGER trg_financial_records_auto_overdue BEFORE UPDATE ON public.financial_records FOR EACH ROW EXECUTE FUNCTION public.trg_fn_financial_records_auto_overdue();
 
 
+--
+-- Name: financial_records trg_financial_records_inject_tenant; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_financial_records_inject_tenant BEFORE INSERT ON public.financial_records FOR EACH ROW EXECUTE FUNCTION public.financial_records_inject_tenant();
+
+
 --
 -- Name: financial_records trg_financial_records_updated_at; Type: TRIGGER; Schema: public; Owner: -
 --
@@ -17253,6 +22076,13 @@ CREATE TRIGGER trg_psc_updated_at BEFORE UPDATE ON public.patient_support_contac
 CREATE TRIGGER trg_services_updated_at BEFORE UPDATE ON public.services FOR EACH ROW EXECUTE FUNCTION public.set_services_updated_at();
 
 
+--
+-- Name: session_reminder_settings trg_session_reminder_settings_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_session_reminder_settings_updated_at BEFORE UPDATE ON public.session_reminder_settings FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+
 --
 -- Name: subscription_intents trg_subscription_intents_view_insert; Type: TRIGGER; Schema: public; Owner: -
 --
@@ -17302,6 +22132,27 @@ CREATE TRIGGER trg_therapist_payouts_updated_at BEFORE UPDATE ON public.therapis
 CREATE TRIGGER trg_user_settings_updated_at BEFORE UPDATE ON public.user_settings FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
 
 
+--
+-- Name: whatsapp_credit_packages trg_wa_credit_packages_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_wa_credit_packages_updated_at BEFORE UPDATE ON public.whatsapp_credit_packages FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+
+--
+-- Name: whatsapp_credit_purchases trg_wa_credit_purchases_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_wa_credit_purchases_updated_at BEFORE UPDATE ON public.whatsapp_credit_purchases FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+
+--
+-- Name: whatsapp_credits_balance trg_wa_credits_balance_updated_at; Type: TRIGGER; Schema: public; Owner: -
+--
+
+CREATE TRIGGER trg_wa_credits_balance_updated_at BEFORE UPDATE ON public.whatsapp_credits_balance FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+
 --
 -- Name: subscription tr_check_filters; Type: TRIGGER; Schema: realtime; Owner: -
 --
@@ -17681,6 +22532,22 @@ ALTER TABLE ONLY public.agendador_solicitacoes
     ADD CONSTRAINT agendador_sol_tenant_fk FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
 
 
+--
+-- Name: audit_logs audit_logs_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.audit_logs
+    ADD CONSTRAINT audit_logs_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: audit_logs audit_logs_user_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.audit_logs
+    ADD CONSTRAINT audit_logs_user_id_fkey FOREIGN KEY (user_id) REFERENCES auth.users(id) ON DELETE SET NULL;
+
+
 --
 -- Name: billing_contracts billing_contracts_owner_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
 --
@@ -17745,6 +22612,174 @@ ALTER TABLE ONLY public.company_profiles
     ADD CONSTRAINT company_profiles_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
 
 
+--
+-- Name: contact_email_types contact_email_types_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.contact_email_types
+    ADD CONSTRAINT contact_email_types_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: contact_emails contact_emails_contact_email_type_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.contact_emails
+    ADD CONSTRAINT contact_emails_contact_email_type_id_fkey FOREIGN KEY (contact_email_type_id) REFERENCES public.contact_email_types(id) ON DELETE RESTRICT;
+
+
+--
+-- Name: contact_emails contact_emails_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.contact_emails
+    ADD CONSTRAINT contact_emails_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: contact_phones contact_phones_contact_type_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.contact_phones
+    ADD CONSTRAINT contact_phones_contact_type_id_fkey FOREIGN KEY (contact_type_id) REFERENCES public.contact_types(id) ON DELETE RESTRICT;
+
+
+--
+-- Name: contact_phones contact_phones_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.contact_phones
+    ADD CONSTRAINT contact_phones_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: contact_types contact_types_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.contact_types
+    ADD CONSTRAINT contact_types_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: conversation_autoreply_log conversation_autoreply_log_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_autoreply_log
+    ADD CONSTRAINT conversation_autoreply_log_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: conversation_autoreply_settings conversation_autoreply_settings_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_autoreply_settings
+    ADD CONSTRAINT conversation_autoreply_settings_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: conversation_messages conversation_messages_patient_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_messages
+    ADD CONSTRAINT conversation_messages_patient_id_fkey FOREIGN KEY (patient_id) REFERENCES public.patients(id) ON DELETE SET NULL;
+
+
+--
+-- Name: conversation_messages conversation_messages_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_messages
+    ADD CONSTRAINT conversation_messages_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: conversation_notes conversation_notes_created_by_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_notes
+    ADD CONSTRAINT conversation_notes_created_by_fkey FOREIGN KEY (created_by) REFERENCES auth.users(id) ON DELETE SET NULL;
+
+
+--
+-- Name: conversation_notes conversation_notes_patient_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_notes
+    ADD CONSTRAINT conversation_notes_patient_id_fkey FOREIGN KEY (patient_id) REFERENCES public.patients(id) ON DELETE SET NULL;
+
+
+--
+-- Name: conversation_notes conversation_notes_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_notes
+    ADD CONSTRAINT conversation_notes_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: conversation_optout_keywords conversation_optout_keywords_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_optout_keywords
+    ADD CONSTRAINT conversation_optout_keywords_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: conversation_optouts conversation_optouts_blocked_by_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_optouts
+    ADD CONSTRAINT conversation_optouts_blocked_by_fkey FOREIGN KEY (blocked_by) REFERENCES auth.users(id) ON DELETE SET NULL;
+
+
+--
+-- Name: conversation_optouts conversation_optouts_patient_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_optouts
+    ADD CONSTRAINT conversation_optouts_patient_id_fkey FOREIGN KEY (patient_id) REFERENCES public.patients(id) ON DELETE SET NULL;
+
+
+--
+-- Name: conversation_optouts conversation_optouts_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_optouts
+    ADD CONSTRAINT conversation_optouts_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: conversation_tags conversation_tags_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_tags
+    ADD CONSTRAINT conversation_tags_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: conversation_thread_tags conversation_thread_tags_tag_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_thread_tags
+    ADD CONSTRAINT conversation_thread_tags_tag_id_fkey FOREIGN KEY (tag_id) REFERENCES public.conversation_tags(id) ON DELETE CASCADE;
+
+
+--
+-- Name: conversation_thread_tags conversation_thread_tags_tagged_by_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_thread_tags
+    ADD CONSTRAINT conversation_thread_tags_tagged_by_fkey FOREIGN KEY (tagged_by) REFERENCES auth.users(id) ON DELETE SET NULL;
+
+
+--
+-- Name: conversation_thread_tags conversation_thread_tags_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.conversation_thread_tags
+    ADD CONSTRAINT conversation_thread_tags_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
 --
 -- Name: determined_commitment_fields determined_commitment_fields_commitment_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
 --
@@ -17769,6 +22804,46 @@ ALTER TABLE ONLY public.determined_commitments
     ADD CONSTRAINT determined_commitments_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
 
 
+--
+-- Name: dev_comparison_competitor_status dev_comparison_competitor_status_comparison_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_comparison_competitor_status
+    ADD CONSTRAINT dev_comparison_competitor_status_comparison_id_fkey FOREIGN KEY (comparison_id) REFERENCES public.dev_comparison_matrix(id) ON DELETE CASCADE;
+
+
+--
+-- Name: dev_comparison_competitor_status dev_comparison_competitor_status_competitor_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_comparison_competitor_status
+    ADD CONSTRAINT dev_comparison_competitor_status_competitor_id_fkey FOREIGN KEY (competitor_id) REFERENCES public.dev_competitors(id) ON DELETE CASCADE;
+
+
+--
+-- Name: dev_competitor_features dev_competitor_features_competitor_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_competitor_features
+    ADD CONSTRAINT dev_competitor_features_competitor_id_fkey FOREIGN KEY (competitor_id) REFERENCES public.dev_competitors(id) ON DELETE CASCADE;
+
+
+--
+-- Name: dev_roadmap_items dev_roadmap_items_phase_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_roadmap_items
+    ADD CONSTRAINT dev_roadmap_items_phase_id_fkey FOREIGN KEY (phase_id) REFERENCES public.dev_roadmap_phases(id) ON DELETE CASCADE;
+
+
+--
+-- Name: dev_verificacoes_items dev_verificacoes_items_auditoria_item_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.dev_verificacoes_items
+    ADD CONSTRAINT dev_verificacoes_items_auditoria_item_id_fkey FOREIGN KEY (auditoria_item_id) REFERENCES public.dev_auditoria_items(id) ON DELETE SET NULL;
+
+
 --
 -- Name: document_access_logs document_access_logs_documento_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
 --
@@ -18417,6 +23492,38 @@ ALTER TABLE ONLY public.services
     ADD CONSTRAINT services_owner_id_fkey FOREIGN KEY (owner_id) REFERENCES auth.users(id) ON DELETE CASCADE;
 
 
+--
+-- Name: session_reminder_logs session_reminder_logs_conversation_message_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.session_reminder_logs
+    ADD CONSTRAINT session_reminder_logs_conversation_message_id_fkey FOREIGN KEY (conversation_message_id) REFERENCES public.conversation_messages(id) ON DELETE SET NULL;
+
+
+--
+-- Name: session_reminder_logs session_reminder_logs_event_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.session_reminder_logs
+    ADD CONSTRAINT session_reminder_logs_event_id_fkey FOREIGN KEY (event_id) REFERENCES public.agenda_eventos(id) ON DELETE CASCADE;
+
+
+--
+-- Name: session_reminder_logs session_reminder_logs_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.session_reminder_logs
+    ADD CONSTRAINT session_reminder_logs_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: session_reminder_settings session_reminder_settings_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.session_reminder_settings
+    ADD CONSTRAINT session_reminder_settings_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
 --
 -- Name: subscription_intents_personal sint_personal_subscription_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
 --
@@ -18617,6 +23724,70 @@ ALTER TABLE ONLY public.user_settings
     ADD CONSTRAINT user_settings_user_id_fkey FOREIGN KEY (user_id) REFERENCES auth.users(id) ON DELETE CASCADE;
 
 
+--
+-- Name: whatsapp_credit_purchases whatsapp_credit_purchases_created_by_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.whatsapp_credit_purchases
+    ADD CONSTRAINT whatsapp_credit_purchases_created_by_fkey FOREIGN KEY (created_by) REFERENCES auth.users(id) ON DELETE SET NULL;
+
+
+--
+-- Name: whatsapp_credit_purchases whatsapp_credit_purchases_package_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.whatsapp_credit_purchases
+    ADD CONSTRAINT whatsapp_credit_purchases_package_id_fkey FOREIGN KEY (package_id) REFERENCES public.whatsapp_credit_packages(id) ON DELETE SET NULL;
+
+
+--
+-- Name: whatsapp_credit_purchases whatsapp_credit_purchases_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.whatsapp_credit_purchases
+    ADD CONSTRAINT whatsapp_credit_purchases_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: whatsapp_credits_balance whatsapp_credits_balance_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.whatsapp_credits_balance
+    ADD CONSTRAINT whatsapp_credits_balance_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
+--
+-- Name: whatsapp_credits_transactions whatsapp_credits_transactions_admin_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.whatsapp_credits_transactions
+    ADD CONSTRAINT whatsapp_credits_transactions_admin_id_fkey FOREIGN KEY (admin_id) REFERENCES auth.users(id) ON DELETE SET NULL;
+
+
+--
+-- Name: whatsapp_credits_transactions whatsapp_credits_transactions_conversation_message_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.whatsapp_credits_transactions
+    ADD CONSTRAINT whatsapp_credits_transactions_conversation_message_id_fkey FOREIGN KEY (conversation_message_id) REFERENCES public.conversation_messages(id) ON DELETE SET NULL;
+
+
+--
+-- Name: whatsapp_credits_transactions whatsapp_credits_transactions_purchase_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.whatsapp_credits_transactions
+    ADD CONSTRAINT whatsapp_credits_transactions_purchase_id_fkey FOREIGN KEY (purchase_id) REFERENCES public.whatsapp_credit_purchases(id) ON DELETE SET NULL;
+
+
+--
+-- Name: whatsapp_credits_transactions whatsapp_credits_transactions_tenant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public.whatsapp_credits_transactions
+    ADD CONSTRAINT whatsapp_credits_transactions_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+
 --
 -- Name: iceberg_namespaces iceberg_namespaces_catalog_id_fkey; Type: FK CONSTRAINT; Schema: storage; Owner: -
 --
@@ -18845,8 +24016,8 @@ ALTER TABLE public.addon_transactions ENABLE ROW LEVEL SECURITY;
 --
 
 CREATE POLICY addon_transactions_admin_insert ON public.addon_transactions FOR INSERT TO authenticated WITH CHECK ((EXISTS ( SELECT 1
-   FROM public.saas_admins
-  WHERE (saas_admins.user_id = auth.uid()))));
+   FROM public.saas_admins sa
+  WHERE (sa.user_id = auth.uid()))));
 
 
 --
@@ -19121,6 +24292,78 @@ CREATE POLICY agendador_sol_public_insert ON public.agendador_solicitacoes FOR I
 
 ALTER TABLE public.agendador_solicitacoes ENABLE ROW LEVEL SECURITY;
 
+--
+-- Name: audit_logs; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.audit_logs ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: audit_logs audit_logs: no direct delete; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "audit_logs: no direct delete" ON public.audit_logs FOR DELETE TO authenticated USING (false);
+
+
+--
+-- Name: audit_logs audit_logs: no direct insert; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "audit_logs: no direct insert" ON public.audit_logs FOR INSERT TO authenticated WITH CHECK (false);
+
+
+--
+-- Name: audit_logs audit_logs: no direct update; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "audit_logs: no direct update" ON public.audit_logs FOR UPDATE TO authenticated USING (false) WITH CHECK (false);
+
+
+--
+-- Name: audit_logs audit_logs: select tenant; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "audit_logs: select tenant" ON public.audit_logs FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: conversation_autoreply_log autoreply_log: select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "autoreply_log: select" ON public.conversation_autoreply_log FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_autoreply_log.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: conversation_autoreply_settings autoreply_settings: insert; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "autoreply_settings: insert" ON public.conversation_autoreply_settings FOR INSERT TO authenticated WITH CHECK ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_autoreply_settings.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: conversation_autoreply_settings autoreply_settings: select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "autoreply_settings: select" ON public.conversation_autoreply_settings FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_autoreply_settings.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: conversation_autoreply_settings autoreply_settings: update; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "autoreply_settings: update" ON public.conversation_autoreply_settings FOR UPDATE TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_autoreply_settings.tenant_id) AND (tm.status = 'active'::text))))));
+
+
 --
 -- Name: billing_contracts; Type: ROW SECURITY; Schema: public; Owner: -
 --
@@ -19128,10 +24371,35 @@ ALTER TABLE public.agendador_solicitacoes ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.billing_contracts ENABLE ROW LEVEL SECURITY;
 
 --
--- Name: billing_contracts billing_contracts: owner full access; Type: POLICY; Schema: public; Owner: -
+-- Name: billing_contracts billing_contracts: delete; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY "billing_contracts: owner full access" ON public.billing_contracts USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
+CREATE POLICY "billing_contracts: delete" ON public.billing_contracts FOR DELETE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+
+--
+-- Name: billing_contracts billing_contracts: insert; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "billing_contracts: insert" ON public.billing_contracts FOR INSERT TO authenticated WITH CHECK (((owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: billing_contracts billing_contracts: select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "billing_contracts: select" ON public.billing_contracts FOR SELECT TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: billing_contracts billing_contracts: update; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "billing_contracts: update" ON public.billing_contracts FOR UPDATE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((owner_id = auth.uid()) OR public.is_saas_admin()));
 
 
 --
@@ -19187,14 +24455,16 @@ CREATE POLICY clinic_admin_read_all_docs ON public.saas_docs FOR SELECT TO authe
 ALTER TABLE public.commitment_services ENABLE ROW LEVEL SECURITY;
 
 --
--- Name: commitment_services commitment_services: owner full access; Type: POLICY; Schema: public; Owner: -
+-- Name: commitment_services commitment_services: tenant_member; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY "commitment_services: owner full access" ON public.commitment_services USING ((EXISTS ( SELECT 1
+CREATE POLICY "commitment_services: tenant_member" ON public.commitment_services TO authenticated USING ((EXISTS ( SELECT 1
    FROM public.services s
-  WHERE ((s.id = commitment_services.service_id) AND (s.owner_id = auth.uid()))))) WITH CHECK ((EXISTS ( SELECT 1
+  WHERE ((s.id = commitment_services.service_id) AND ((s.owner_id = auth.uid()) OR public.is_saas_admin() OR (s.tenant_id IN ( SELECT tm.tenant_id
+           FROM public.tenant_members tm
+          WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))))))) WITH CHECK ((EXISTS ( SELECT 1
    FROM public.services s
-  WHERE ((s.id = commitment_services.service_id) AND (s.owner_id = auth.uid())))));
+  WHERE ((s.id = commitment_services.service_id) AND ((s.owner_id = auth.uid()) OR public.is_saas_admin())))));
 
 
 --
@@ -19247,6 +24517,264 @@ CREATE POLICY company_profiles_update ON public.company_profiles FOR UPDATE USIN
   WHERE ((tenant_members.tenant_id = company_profiles.tenant_id) AND (tenant_members.user_id = auth.uid())))));
 
 
+--
+-- Name: contact_email_types; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.contact_email_types ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: contact_email_types contact_email_types: manage custom; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "contact_email_types: manage custom" ON public.contact_email_types TO authenticated USING (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_email_types.tenant_id) AND (tm.status = 'active'::text))))))) WITH CHECK (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_email_types.tenant_id) AND (tm.status = 'active'::text)))))));
+
+
+--
+-- Name: contact_email_types contact_email_types: select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "contact_email_types: select" ON public.contact_email_types FOR SELECT TO authenticated USING (((tenant_id IS NULL) OR public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_email_types.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: contact_emails; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.contact_emails ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: contact_emails contact_emails: all tenant; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "contact_emails: all tenant" ON public.contact_emails TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_emails.tenant_id) AND (tm.status = 'active'::text)))))) WITH CHECK ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_emails.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: contact_phones; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.contact_phones ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: contact_phones contact_phones: all tenant; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "contact_phones: all tenant" ON public.contact_phones TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_phones.tenant_id) AND (tm.status = 'active'::text)))))) WITH CHECK ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_phones.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: contact_types; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.contact_types ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: contact_types contact_types: manage custom; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "contact_types: manage custom" ON public.contact_types TO authenticated USING (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_types.tenant_id) AND (tm.status = 'active'::text))))))) WITH CHECK (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_types.tenant_id) AND (tm.status = 'active'::text)))))));
+
+
+--
+-- Name: contact_types contact_types: select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "contact_types: select" ON public.contact_types FOR SELECT TO authenticated USING (((tenant_id IS NULL) OR public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_types.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: conversation_messages conv_msg: no direct delete; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "conv_msg: no direct delete" ON public.conversation_messages FOR DELETE TO authenticated USING (false);
+
+
+--
+-- Name: conversation_messages conv_msg: no direct insert; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "conv_msg: no direct insert" ON public.conversation_messages FOR INSERT TO authenticated WITH CHECK (false);
+
+
+--
+-- Name: conversation_messages conv_msg: select tenant; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "conv_msg: select tenant" ON public.conversation_messages FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: conversation_messages conv_msg: update kanban; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "conv_msg: update kanban" ON public.conversation_messages FOR UPDATE TO authenticated USING ((tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))) WITH CHECK ((tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
+
+
+--
+-- Name: conversation_notes conv_notes: insert tenant members; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "conv_notes: insert tenant members" ON public.conversation_notes FOR INSERT TO authenticated WITH CHECK (((created_by = auth.uid()) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_notes.tenant_id) AND (tm.status = 'active'::text)))))));
+
+
+--
+-- Name: conversation_notes conv_notes: select tenant members; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "conv_notes: select tenant members" ON public.conversation_notes FOR SELECT TO authenticated USING (((deleted_at IS NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_notes.tenant_id) AND (tm.status = 'active'::text)))))));
+
+
+--
+-- Name: conversation_notes conv_notes: update creator or saas; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "conv_notes: update creator or saas" ON public.conversation_notes FOR UPDATE TO authenticated USING (((deleted_at IS NULL) AND ((created_by = auth.uid()) OR public.is_saas_admin()))) WITH CHECK ((created_by = ( SELECT conversation_notes_1.created_by
+   FROM public.conversation_notes conversation_notes_1
+  WHERE (conversation_notes_1.id = conversation_notes_1.id))));
+
+
+--
+-- Name: conversation_tags conv_tags: delete custom; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "conv_tags: delete custom" ON public.conversation_tags FOR DELETE TO authenticated USING (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_tags.tenant_id) AND (tm.status = 'active'::text)))))));
+
+
+--
+-- Name: conversation_tags conv_tags: insert custom; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "conv_tags: insert custom" ON public.conversation_tags FOR INSERT TO authenticated WITH CHECK (((tenant_id IS NOT NULL) AND (is_system = false) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_tags.tenant_id) AND (tm.status = 'active'::text)))))));
+
+
+--
+-- Name: conversation_tags conv_tags: select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "conv_tags: select" ON public.conversation_tags FOR SELECT TO authenticated USING (((tenant_id IS NULL) OR public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_tags.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: conversation_tags conv_tags: update custom; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "conv_tags: update custom" ON public.conversation_tags FOR UPDATE TO authenticated USING (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_tags.tenant_id) AND (tm.status = 'active'::text))))))) WITH CHECK ((is_system = false));
+
+
+--
+-- Name: conversation_thread_tags conv_thread_tags: delete; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "conv_thread_tags: delete" ON public.conversation_thread_tags FOR DELETE TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_thread_tags.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: conversation_thread_tags conv_thread_tags: insert; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "conv_thread_tags: insert" ON public.conversation_thread_tags FOR INSERT TO authenticated WITH CHECK (((tagged_by = auth.uid()) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_thread_tags.tenant_id) AND (tm.status = 'active'::text)))))));
+
+
+--
+-- Name: conversation_thread_tags conv_thread_tags: select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "conv_thread_tags: select" ON public.conversation_thread_tags FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_thread_tags.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: conversation_autoreply_log; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.conversation_autoreply_log ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: conversation_autoreply_settings; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.conversation_autoreply_settings ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: conversation_messages; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.conversation_messages ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: conversation_notes; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.conversation_notes ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: conversation_optout_keywords; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.conversation_optout_keywords ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: conversation_optouts; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.conversation_optouts ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: conversation_tags; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.conversation_tags ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: conversation_thread_tags; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.conversation_thread_tags ENABLE ROW LEVEL SECURITY;
+
 --
 -- Name: commitment_time_logs ctl_delete_for_active_member; Type: POLICY; Schema: public; Owner: -
 --
@@ -19260,9 +24788,9 @@ CREATE POLICY ctl_delete_for_active_member ON public.commitment_time_logs FOR DE
 -- Name: commitment_time_logs ctl_insert_for_active_member; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY ctl_insert_for_active_member ON public.commitment_time_logs FOR INSERT TO authenticated WITH CHECK ((EXISTS ( SELECT 1
+CREATE POLICY ctl_insert_for_active_member ON public.commitment_time_logs FOR INSERT TO authenticated WITH CHECK ((tenant_id IN ( SELECT tm.tenant_id
    FROM public.tenant_members tm
-  WHERE ((tm.tenant_id = commitment_time_logs.tenant_id) AND (tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
 
 
 --
@@ -19289,7 +24817,9 @@ CREATE POLICY ctl_update_for_active_member ON public.commitment_time_logs FOR UP
 -- Name: document_access_logs dal: tenant members can insert; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY "dal: tenant members can insert" ON public.document_access_logs FOR INSERT WITH CHECK (true);
+CREATE POLICY "dal: tenant members can insert" ON public.document_access_logs FOR INSERT TO authenticated WITH CHECK ((tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
 
 
 --
@@ -19314,9 +24844,9 @@ CREATE POLICY dc_delete_custom_for_active_member ON public.determined_commitment
 -- Name: determined_commitments dc_insert_for_active_member; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY dc_insert_for_active_member ON public.determined_commitments FOR INSERT TO authenticated WITH CHECK ((EXISTS ( SELECT 1
+CREATE POLICY dc_insert_for_active_member ON public.determined_commitments FOR INSERT TO authenticated WITH CHECK ((tenant_id IN ( SELECT tm.tenant_id
    FROM public.tenant_members tm
-  WHERE ((tm.tenant_id = determined_commitments.tenant_id) AND (tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
 
 
 --
@@ -19352,9 +24882,9 @@ CREATE POLICY dcf_delete_for_active_member ON public.determined_commitment_field
 -- Name: determined_commitment_fields dcf_insert_for_active_member; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY dcf_insert_for_active_member ON public.determined_commitment_fields FOR INSERT TO authenticated WITH CHECK ((EXISTS ( SELECT 1
+CREATE POLICY dcf_insert_for_active_member ON public.determined_commitment_fields FOR INSERT TO authenticated WITH CHECK ((tenant_id IN ( SELECT tm.tenant_id
    FROM public.tenant_members tm
-  WHERE ((tm.tenant_id = determined_commitment_fields.tenant_id) AND (tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
 
 
 --
@@ -19396,6 +24926,71 @@ ALTER TABLE public.determined_commitment_fields ENABLE ROW LEVEL SECURITY;
 
 ALTER TABLE public.determined_commitments ENABLE ROW LEVEL SECURITY;
 
+--
+-- Name: dev_auditoria_items; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.dev_auditoria_items ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: dev_auditoria_items dev_auditoria_items_saas_admin_all; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY dev_auditoria_items_saas_admin_all ON public.dev_auditoria_items TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
+--
+-- Name: dev_comparison_competitor_status; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.dev_comparison_competitor_status ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: dev_comparison_competitor_status dev_comparison_competitor_status_saas_admin_all; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY dev_comparison_competitor_status_saas_admin_all ON public.dev_comparison_competitor_status TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
+--
+-- Name: dev_comparison_matrix; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.dev_comparison_matrix ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: dev_comparison_matrix dev_comparison_matrix_saas_admin_all; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY dev_comparison_matrix_saas_admin_all ON public.dev_comparison_matrix TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
+--
+-- Name: dev_competitor_features; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.dev_competitor_features ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: dev_competitor_features dev_competitor_features_saas_admin_all; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY dev_competitor_features_saas_admin_all ON public.dev_competitor_features TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
+--
+-- Name: dev_competitors; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.dev_competitors ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: dev_competitors dev_competitors_saas_admin_all; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY dev_competitors_saas_admin_all ON public.dev_competitors TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
 --
 -- Name: dev_user_credentials dev_creds_select_saas_admin; Type: POLICY; Schema: public; Owner: -
 --
@@ -19416,12 +25011,77 @@ CREATE POLICY dev_creds_write_saas_admin ON public.dev_user_credentials TO authe
   WHERE ((p.id = auth.uid()) AND (p.role = 'saas_admin'::text)))));
 
 
+--
+-- Name: dev_generation_log; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.dev_generation_log ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: dev_generation_log dev_generation_log_saas_admin_all; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY dev_generation_log_saas_admin_all ON public.dev_generation_log TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
+--
+-- Name: dev_roadmap_items; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.dev_roadmap_items ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: dev_roadmap_items dev_roadmap_items_saas_admin_all; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY dev_roadmap_items_saas_admin_all ON public.dev_roadmap_items TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
+--
+-- Name: dev_roadmap_phases; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.dev_roadmap_phases ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: dev_roadmap_phases dev_roadmap_phases_saas_admin_all; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY dev_roadmap_phases_saas_admin_all ON public.dev_roadmap_phases TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
+--
+-- Name: dev_test_items; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.dev_test_items ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: dev_test_items dev_test_items_saas_admin_all; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY dev_test_items_saas_admin_all ON public.dev_test_items TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
 --
 -- Name: dev_user_credentials; Type: ROW SECURITY; Schema: public; Owner: -
 --
 
 ALTER TABLE public.dev_user_credentials ENABLE ROW LEVEL SECURITY;
 
+--
+-- Name: dev_verificacoes_items; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.dev_verificacoes_items ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: dev_verificacoes_items dev_verificacoes_items_saas_admin_all; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY dev_verificacoes_items_saas_admin_all ON public.dev_verificacoes_items TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
 --
 -- Name: document_generated dg: generator full access; Type: POLICY; Schema: public; Owner: -
 --
@@ -19475,35 +25135,92 @@ ALTER TABLE public.document_templates ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.documents ENABLE ROW LEVEL SECURITY;
 
 --
--- Name: documents documents: owner full access; Type: POLICY; Schema: public; Owner: -
+-- Name: documents documents: delete; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY "documents: owner full access" ON public.documents USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
+CREATE POLICY "documents: delete" ON public.documents FOR DELETE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
 
 
 --
--- Name: document_signatures ds: tenant members access; Type: POLICY; Schema: public; Owner: -
+-- Name: documents documents: insert; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY "ds: tenant members access" ON public.document_signatures USING ((tenant_id IN ( SELECT tm.tenant_id
+CREATE POLICY "documents: insert" ON public.documents FOR INSERT TO authenticated WITH CHECK (((owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
    FROM public.tenant_members tm
-  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))) WITH CHECK ((tenant_id IN ( SELECT tm.tenant_id
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: documents documents: portal patient read; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "documents: portal patient read" ON public.documents FOR SELECT TO authenticated USING (((compartilhado_portal = true) AND (patient_id IN ( SELECT p.id
+   FROM public.patients p
+  WHERE (p.user_id = auth.uid()))) AND ((expira_compartilhamento IS NULL) OR (expira_compartilhamento > now()))));
+
+
+--
+-- Name: POLICY "documents: portal patient read" ON documents; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON POLICY "documents: portal patient read" ON public.documents IS 'V#50: paciente lê documento quando compartilhado_portal=true E patient_id pertence ao auth.uid + não expirou.';
+
+
+--
+-- Name: documents documents: select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "documents: select" ON public.documents FOR SELECT TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
    FROM public.tenant_members tm
-  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: documents documents: update; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "documents: update" ON public.documents FOR UPDATE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+
+--
+-- Name: document_signatures ds: delete; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "ds: delete" ON public.document_signatures FOR DELETE TO authenticated USING (((signatario_id = auth.uid()) OR public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
+
+
+--
+-- Name: document_signatures ds: insert; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "ds: insert" ON public.document_signatures FOR INSERT TO authenticated WITH CHECK (((tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))) AND ((signatario_id IS NULL) OR (signatario_id = auth.uid()))));
+
+
+--
+-- Name: document_signatures ds: select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "ds: select" ON public.document_signatures FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: document_signatures ds: update; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "ds: update" ON public.document_signatures FOR UPDATE TO authenticated USING (((signatario_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((signatario_id = auth.uid()) OR public.is_saas_admin()));
 
 
 --
 -- Name: document_share_links dsl: creator full access; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY "dsl: creator full access" ON public.document_share_links USING ((criado_por = auth.uid())) WITH CHECK ((criado_por = auth.uid()));
-
-
---
--- Name: document_share_links dsl: public read by token; Type: POLICY; Schema: public; Owner: -
---
-
-CREATE POLICY "dsl: public read by token" ON public.document_share_links FOR SELECT USING (((ativo = true) AND (expira_em > now()) AND (usos < usos_max)));
+CREATE POLICY "dsl: creator full access" ON public.document_share_links TO authenticated USING (((criado_por = auth.uid()) OR public.is_saas_admin())) WITH CHECK ((criado_por = auth.uid()));
 
 
 --
@@ -19524,7 +25241,9 @@ CREATE POLICY "dt: owner can delete" ON public.document_templates FOR DELETE USI
 -- Name: document_templates dt: owner can insert; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY "dt: owner can insert" ON public.document_templates FOR INSERT WITH CHECK (((owner_id = auth.uid()) AND (is_global = false)));
+CREATE POLICY "dt: owner can insert" ON public.document_templates FOR INSERT TO authenticated WITH CHECK (((is_global = false) AND (owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
 
 
 --
@@ -19545,7 +25264,7 @@ CREATE POLICY "dt: saas admin can delete global" ON public.document_templates FO
 -- Name: document_templates dt: saas admin can insert global; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY "dt: saas admin can insert global" ON public.document_templates FOR INSERT WITH CHECK (((is_global = true) AND public.is_saas_admin()));
+CREATE POLICY "dt: saas admin can insert global" ON public.document_templates FOR INSERT TO authenticated WITH CHECK (((is_global = true) AND public.is_saas_admin()));
 
 
 --
@@ -19570,6 +25289,17 @@ CREATE POLICY "dt: tenant members can select" ON public.document_templates FOR S
 
 ALTER TABLE public.email_layout_config ENABLE ROW LEVEL SECURITY;
 
+--
+-- Name: email_layout_config email_layout_config: tenant_admin all; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "email_layout_config: tenant_admin all" ON public.email_layout_config TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text]))))))) WITH CHECK ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
+
+
 --
 -- Name: email_templates_global; Type: ROW SECURITY; Schema: public; Owner: -
 --
@@ -19582,6 +25312,17 @@ ALTER TABLE public.email_templates_global ENABLE ROW LEVEL SECURITY;
 
 ALTER TABLE public.email_templates_tenant ENABLE ROW LEVEL SECURITY;
 
+--
+-- Name: email_templates_tenant email_templates_tenant: tenant_admin all; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "email_templates_tenant: tenant_admin all" ON public.email_templates_tenant TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text]))))))) WITH CHECK ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
+
+
 --
 -- Name: entitlements_invalidation ent_inv_select_own; Type: POLICY; Schema: public; Owner: -
 --
@@ -19609,15 +25350,6 @@ CREATE POLICY ent_inv_write_saas ON public.entitlements_invalidation FOR INSERT
 
 ALTER TABLE public.entitlements_invalidation ENABLE ROW LEVEL SECURITY;
 
---
--- Name: saas_faq faq_admin_write; Type: POLICY; Schema: public; Owner: -
---
-
-CREATE POLICY faq_admin_write ON public.saas_faq TO authenticated USING ((EXISTS ( SELECT 1
-   FROM public.profiles
-  WHERE ((profiles.id = auth.uid()) AND (profiles.role = ANY (ARRAY['saas_admin'::text, 'tenant_admin'::text, 'clinic_admin'::text]))))));
-
-
 --
 -- Name: saas_faq faq_auth_read; Type: POLICY; Schema: public; Owner: -
 --
@@ -19625,15 +25357,6 @@ CREATE POLICY faq_admin_write ON public.saas_faq TO authenticated USING ((EXISTS
 CREATE POLICY faq_auth_read ON public.saas_faq FOR SELECT TO authenticated USING ((ativo = true));
 
 
---
--- Name: saas_faq_itens faq_itens_admin_write; Type: POLICY; Schema: public; Owner: -
---
-
-CREATE POLICY faq_itens_admin_write ON public.saas_faq_itens TO authenticated USING ((EXISTS ( SELECT 1
-   FROM public.profiles
-  WHERE ((profiles.id = auth.uid()) AND (profiles.role = ANY (ARRAY['saas_admin'::text, 'tenant_admin'::text, 'clinic_admin'::text]))))));
-
-
 --
 -- Name: saas_faq_itens faq_itens_auth_read; Type: POLICY; Schema: public; Owner: -
 --
@@ -19643,6 +25366,13 @@ CREATE POLICY faq_itens_auth_read ON public.saas_faq_itens FOR SELECT TO authent
   WHERE ((d.id = saas_faq_itens.doc_id) AND (d.ativo = true))))));
 
 
+--
+-- Name: saas_faq_itens faq_itens_saas_admin_write; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY faq_itens_saas_admin_write ON public.saas_faq_itens TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
 --
 -- Name: saas_faq faq_public_read; Type: POLICY; Schema: public; Owner: -
 --
@@ -19650,6 +25380,13 @@ CREATE POLICY faq_itens_auth_read ON public.saas_faq_itens FOR SELECT TO authent
 CREATE POLICY faq_public_read ON public.saas_faq FOR SELECT USING (((publico = true) AND (ativo = true)));
 
 
+--
+-- Name: saas_faq faq_saas_admin_write; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY faq_saas_admin_write ON public.saas_faq TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
 --
 -- Name: features; Type: ROW SECURITY; Schema: public; Owner: -
 --
@@ -19663,6 +25400,13 @@ ALTER TABLE public.features ENABLE ROW LEVEL SECURITY;
 CREATE POLICY features_read_authenticated ON public.features FOR SELECT TO authenticated USING (true);
 
 
+--
+-- Name: POLICY features_read_authenticated ON features; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON POLICY features_read_authenticated ON public.features IS 'Qualquer logado lê o catálogo de features.';
+
+
 --
 -- Name: features features_write_saas_admin; Type: POLICY; Schema: public; Owner: -
 --
@@ -19670,6 +25414,13 @@ CREATE POLICY features_read_authenticated ON public.features FOR SELECT TO authe
 CREATE POLICY features_write_saas_admin ON public.features TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
 
 
+--
+-- Name: POLICY features_write_saas_admin ON features; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON POLICY features_write_saas_admin ON public.features IS 'Somente saas_admin escreve. DELETE = soft delete via is_active=false (V#40).';
+
+
 --
 -- Name: feriados; Type: ROW SECURITY; Schema: public; Owner: -
 --
@@ -19680,7 +25431,9 @@ ALTER TABLE public.feriados ENABLE ROW LEVEL SECURITY;
 -- Name: feriados feriados_delete; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY feriados_delete ON public.feriados FOR DELETE USING ((owner_id = auth.uid()));
+CREATE POLICY feriados_delete ON public.feriados FOR DELETE TO authenticated USING (((owner_id = auth.uid()) OR ((tenant_id IS NOT NULL) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text]))))))));
 
 
 --
@@ -19694,9 +25447,9 @@ CREATE POLICY feriados_global_select ON public.feriados FOR SELECT USING ((tenan
 -- Name: feriados feriados_insert; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY feriados_insert ON public.feriados FOR INSERT WITH CHECK ((tenant_id IN ( SELECT tenant_members.tenant_id
-   FROM public.tenant_members
-  WHERE (tenant_members.user_id = auth.uid()))));
+CREATE POLICY feriados_insert ON public.feriados FOR INSERT TO authenticated WITH CHECK (((tenant_id IS NOT NULL) AND (owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
 
 
 --
@@ -19712,9 +25465,9 @@ CREATE POLICY feriados_saas_delete ON public.feriados FOR DELETE USING ((EXISTS
 -- Name: feriados feriados_saas_insert; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY feriados_saas_insert ON public.feriados FOR INSERT WITH CHECK ((EXISTS ( SELECT 1
-   FROM public.saas_admins
-  WHERE (saas_admins.user_id = auth.uid()))));
+CREATE POLICY feriados_saas_insert ON public.feriados FOR INSERT TO authenticated WITH CHECK (((tenant_id IS NULL) AND (EXISTS ( SELECT 1
+   FROM public.saas_admins sa
+  WHERE (sa.user_id = auth.uid())))));
 
 
 --
@@ -19842,14 +25595,16 @@ CREATE POLICY "insert own" ON public.agenda_bloqueios FOR INSERT WITH CHECK ((ow
 ALTER TABLE public.insurance_plan_services ENABLE ROW LEVEL SECURITY;
 
 --
--- Name: insurance_plan_services insurance_plan_services_owner; Type: POLICY; Schema: public; Owner: -
+-- Name: insurance_plan_services insurance_plan_services: tenant_member; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY insurance_plan_services_owner ON public.insurance_plan_services USING ((EXISTS ( SELECT 1
+CREATE POLICY "insurance_plan_services: tenant_member" ON public.insurance_plan_services TO authenticated USING ((EXISTS ( SELECT 1
    FROM public.insurance_plans ip
-  WHERE ((ip.id = insurance_plan_services.insurance_plan_id) AND (ip.owner_id = auth.uid()))))) WITH CHECK ((EXISTS ( SELECT 1
+  WHERE ((ip.id = insurance_plan_services.insurance_plan_id) AND ((ip.owner_id = auth.uid()) OR public.is_saas_admin() OR (ip.tenant_id IN ( SELECT tm.tenant_id
+           FROM public.tenant_members tm
+          WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))))))) WITH CHECK ((EXISTS ( SELECT 1
    FROM public.insurance_plans ip
-  WHERE ((ip.id = insurance_plan_services.insurance_plan_id) AND (ip.owner_id = auth.uid())))));
+  WHERE ((ip.id = insurance_plan_services.insurance_plan_id) AND ((ip.owner_id = auth.uid()) OR public.is_saas_admin())))));
 
 
 --
@@ -19859,10 +25614,35 @@ CREATE POLICY insurance_plan_services_owner ON public.insurance_plan_services US
 ALTER TABLE public.insurance_plans ENABLE ROW LEVEL SECURITY;
 
 --
--- Name: insurance_plans insurance_plans: owner full access; Type: POLICY; Schema: public; Owner: -
+-- Name: insurance_plans insurance_plans: delete; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY "insurance_plans: owner full access" ON public.insurance_plans USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
+CREATE POLICY "insurance_plans: delete" ON public.insurance_plans FOR DELETE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+
+--
+-- Name: insurance_plans insurance_plans: insert; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "insurance_plans: insert" ON public.insurance_plans FOR INSERT TO authenticated WITH CHECK (((owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: insurance_plans insurance_plans: select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "insurance_plans: select" ON public.insurance_plans FOR SELECT TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: insurance_plans insurance_plans: update; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "insurance_plans: update" ON public.insurance_plans FOR UPDATE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((owner_id = auth.uid()) OR public.is_saas_admin()));
 
 
 --
@@ -19871,6 +25651,12 @@ CREATE POLICY "insurance_plans: owner full access" ON public.insurance_plans USI
 
 ALTER TABLE public.login_carousel_slides ENABLE ROW LEVEL SECURITY;
 
+--
+-- Name: math_challenges; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.math_challenges ENABLE ROW LEVEL SECURITY;
+
 --
 -- Name: medicos; Type: ROW SECURITY; Schema: public; Owner: -
 --
@@ -19878,10 +25664,35 @@ ALTER TABLE public.login_carousel_slides ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.medicos ENABLE ROW LEVEL SECURITY;
 
 --
--- Name: medicos medicos: owner full access; Type: POLICY; Schema: public; Owner: -
+-- Name: medicos medicos: delete; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY "medicos: owner full access" ON public.medicos USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
+CREATE POLICY "medicos: delete" ON public.medicos FOR DELETE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+
+--
+-- Name: medicos medicos: insert; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "medicos: insert" ON public.medicos FOR INSERT TO authenticated WITH CHECK (((owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: medicos medicos: select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "medicos: select" ON public.medicos FOR SELECT TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: medicos medicos: update; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "medicos: update" ON public.medicos FOR UPDATE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((owner_id = auth.uid()) OR public.is_saas_admin()));
 
 
 --
@@ -19937,6 +25748,45 @@ ALTER TABLE public.notice_dismissals ENABLE ROW LEVEL SECURITY;
 CREATE POLICY notice_dismissals_own ON public.notice_dismissals TO authenticated USING ((user_id = auth.uid())) WITH CHECK ((user_id = auth.uid()));
 
 
+--
+-- Name: notification_channels notif_channels_delete; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY notif_channels_delete ON public.notification_channels FOR DELETE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+
+--
+-- Name: notification_channels notif_channels_insert; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY notif_channels_insert ON public.notification_channels FOR INSERT TO authenticated WITH CHECK ((public.is_saas_admin() OR ((owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))))));
+
+
+--
+-- Name: POLICY notif_channels_insert ON notification_channels; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON POLICY notif_channels_insert ON public.notification_channels IS 'SaaS admin pode inserir em nome de qualquer tenant; tenant_member insere pra si mesmo.';
+
+
+--
+-- Name: notification_channels notif_channels_modify; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY notif_channels_modify ON public.notification_channels FOR UPDATE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+
+--
+-- Name: notification_channels notif_channels_select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY notif_channels_select ON public.notification_channels FOR SELECT TO authenticated USING (((deleted_at IS NULL) AND (public.is_saas_admin() OR (owner_id = auth.uid()) OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))))));
+
+
 --
 -- Name: notification_logs notif_logs_owner; Type: POLICY; Schema: public; Owner: -
 --
@@ -19944,6 +25794,15 @@ CREATE POLICY notice_dismissals_own ON public.notice_dismissals TO authenticated
 CREATE POLICY notif_logs_owner ON public.notification_logs FOR SELECT USING ((owner_id = auth.uid()));
 
 
+--
+-- Name: notification_logs notif_logs_tenant_member; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY notif_logs_tenant_member ON public.notification_logs FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
 --
 -- Name: notification_preferences notif_prefs_owner; Type: POLICY; Schema: public; Owner: -
 --
@@ -19958,6 +25817,15 @@ CREATE POLICY notif_prefs_owner ON public.notification_preferences USING (((owne
 CREATE POLICY notif_queue_owner ON public.notification_queue FOR SELECT USING ((owner_id = auth.uid()));
 
 
+--
+-- Name: notification_queue notif_queue_tenant_member; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY notif_queue_tenant_member ON public.notification_queue FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
 --
 -- Name: notification_schedules notif_schedules_owner; Type: POLICY; Schema: public; Owner: -
 --
@@ -19996,13 +25864,6 @@ CREATE POLICY notif_templates_write_owner ON public.notification_templates TO au
 
 ALTER TABLE public.notification_channels ENABLE ROW LEVEL SECURITY;
 
---
--- Name: notification_channels notification_channels_owner; Type: POLICY; Schema: public; Owner: -
---
-
-CREATE POLICY notification_channels_owner ON public.notification_channels USING (((owner_id = auth.uid()) AND (deleted_at IS NULL))) WITH CHECK ((owner_id = auth.uid()));
-
-
 --
 -- Name: notification_logs; Type: ROW SECURITY; Schema: public; Owner: -
 --
@@ -20039,6 +25900,69 @@ ALTER TABLE public.notification_templates ENABLE ROW LEVEL SECURITY;
 
 ALTER TABLE public.notifications ENABLE ROW LEVEL SECURITY;
 
+--
+-- Name: conversation_optout_keywords optout_kw: delete custom; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "optout_kw: delete custom" ON public.conversation_optout_keywords FOR DELETE TO authenticated USING (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_optout_keywords.tenant_id) AND (tm.status = 'active'::text)))))));
+
+
+--
+-- Name: conversation_optout_keywords optout_kw: insert custom; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "optout_kw: insert custom" ON public.conversation_optout_keywords FOR INSERT TO authenticated WITH CHECK (((tenant_id IS NOT NULL) AND (is_system = false) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_optout_keywords.tenant_id) AND (tm.status = 'active'::text)))))));
+
+
+--
+-- Name: conversation_optout_keywords optout_kw: select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "optout_kw: select" ON public.conversation_optout_keywords FOR SELECT TO authenticated USING (((tenant_id IS NULL) OR public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_optout_keywords.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: conversation_optout_keywords optout_kw: update/delete custom; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "optout_kw: update/delete custom" ON public.conversation_optout_keywords FOR UPDATE TO authenticated USING (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_optout_keywords.tenant_id) AND (tm.status = 'active'::text)))))));
+
+
+--
+-- Name: conversation_optouts optouts: insert; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "optouts: insert" ON public.conversation_optouts FOR INSERT TO authenticated WITH CHECK ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_optouts.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: conversation_optouts optouts: select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "optouts: select" ON public.conversation_optouts FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_optouts.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: conversation_optouts optouts: update; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "optouts: update" ON public.conversation_optouts FOR UPDATE TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_optouts.tenant_id) AND (tm.status = 'active'::text))))));
+
+
 --
 -- Name: notifications owner only; Type: POLICY; Schema: public; Owner: -
 --
@@ -20177,6 +26101,19 @@ CREATE POLICY patient_intake_requests_select ON public.patient_intake_requests F
 CREATE POLICY patient_intake_requests_write ON public.patient_intake_requests USING ((public.is_clinic_tenant(tenant_id) AND public.is_tenant_member(tenant_id) AND public.tenant_has_feature(tenant_id, 'patients.edit'::text))) WITH CHECK ((public.is_clinic_tenant(tenant_id) AND public.is_tenant_member(tenant_id) AND public.tenant_has_feature(tenant_id, 'patients.edit'::text)));
 
 
+--
+-- Name: patient_invite_attempts; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.patient_invite_attempts ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: patient_invite_attempts patient_invite_attempts_owner_read; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY patient_invite_attempts_owner_read ON public.patient_invite_attempts FOR SELECT TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+
 --
 -- Name: patient_invites; Type: ROW SECURITY; Schema: public; Owner: -
 --
@@ -20330,6 +26267,15 @@ ALTER TABLE public.payment_settings ENABLE ROW LEVEL SECURITY;
 CREATE POLICY "payment_settings: owner full access" ON public.payment_settings USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
 
 
+--
+-- Name: payment_settings payment_settings: tenant_admin read; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "payment_settings: tenant_admin read" ON public.payment_settings FOR SELECT TO authenticated USING (((tenant_id IS NOT NULL) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
+
+
 --
 -- Name: plan_features; Type: ROW SECURITY; Schema: public; Owner: -
 --
@@ -20343,6 +26289,13 @@ ALTER TABLE public.plan_features ENABLE ROW LEVEL SECURITY;
 CREATE POLICY plan_features_read_authenticated ON public.plan_features FOR SELECT TO authenticated USING (true);
 
 
+--
+-- Name: POLICY plan_features_read_authenticated ON plan_features; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON POLICY plan_features_read_authenticated ON public.plan_features IS 'Qualquer logado lê o vínculo plano↔feature (necessário para entitlements).';
+
+
 --
 -- Name: plan_features plan_features_write_saas_admin; Type: POLICY; Schema: public; Owner: -
 --
@@ -20350,6 +26303,73 @@ CREATE POLICY plan_features_read_authenticated ON public.plan_features FOR SELEC
 CREATE POLICY plan_features_write_saas_admin ON public.plan_features TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
 
 
+--
+-- Name: POLICY plan_features_write_saas_admin ON plan_features; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON POLICY plan_features_write_saas_admin ON public.plan_features IS 'Somente saas_admin escreve.';
+
+
+--
+-- Name: plan_prices; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.plan_prices ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: plan_prices plan_prices_read; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY plan_prices_read ON public.plan_prices FOR SELECT TO authenticated USING (true);
+
+
+--
+-- Name: plan_prices plan_prices_write; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY plan_prices_write ON public.plan_prices TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
+--
+-- Name: plan_public; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.plan_public ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: plan_public_bullets; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.plan_public_bullets ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: plan_public_bullets plan_public_bullets_read_anon; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY plan_public_bullets_read_anon ON public.plan_public_bullets FOR SELECT TO authenticated, anon USING (true);
+
+
+--
+-- Name: plan_public_bullets plan_public_bullets_write; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY plan_public_bullets_write ON public.plan_public_bullets TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
+--
+-- Name: plan_public plan_public_read_anon; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY plan_public_read_anon ON public.plan_public FOR SELECT TO authenticated, anon USING (true);
+
+
+--
+-- Name: plan_public plan_public_write; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY plan_public_write ON public.plan_public TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
 --
 -- Name: plans; Type: ROW SECURITY; Schema: public; Owner: -
 --
@@ -20363,6 +26383,13 @@ ALTER TABLE public.plans ENABLE ROW LEVEL SECURITY;
 CREATE POLICY plans_read_authenticated ON public.plans FOR SELECT TO authenticated USING (true);
 
 
+--
+-- Name: POLICY plans_read_authenticated ON plans; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON POLICY plans_read_authenticated ON public.plans IS 'Qualquer usuário autenticado lê o catálogo de planos (vitrine, upgrade UI).';
+
+
 --
 -- Name: plans plans_write_saas_admin; Type: POLICY; Schema: public; Owner: -
 --
@@ -20370,6 +26397,13 @@ CREATE POLICY plans_read_authenticated ON public.plans FOR SELECT TO authenticat
 CREATE POLICY plans_write_saas_admin ON public.plans TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
 
 
+--
+-- Name: POLICY plans_write_saas_admin ON plans; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON POLICY plans_write_saas_admin ON public.plans IS 'Somente saas_admin escreve. DELETE deve ser via RPC delete_plan_safe (V#36).';
+
+
 --
 -- Name: professional_pricing; Type: ROW SECURITY; Schema: public; Owner: -
 --
@@ -20383,6 +26417,15 @@ ALTER TABLE public.professional_pricing ENABLE ROW LEVEL SECURITY;
 CREATE POLICY "professional_pricing: owner full access" ON public.professional_pricing USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
 
 
+--
+-- Name: professional_pricing professional_pricing: tenant_admin read; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "professional_pricing: tenant_admin read" ON public.professional_pricing FOR SELECT TO authenticated USING ((tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text]))))));
+
+
 --
 -- Name: profiles; Type: ROW SECURITY; Schema: public; Owner: -
 --
@@ -20393,7 +26436,7 @@ ALTER TABLE public.profiles ENABLE ROW LEVEL SECURITY;
 -- Name: profiles profiles_insert_own; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY profiles_insert_own ON public.profiles FOR INSERT WITH CHECK ((id = auth.uid()));
+CREATE POLICY profiles_insert_own ON public.profiles FOR INSERT TO authenticated WITH CHECK ((id = auth.uid()));
 
 
 --
@@ -20417,6 +26460,13 @@ CREATE POLICY profiles_select_own ON public.profiles FOR SELECT USING ((id = aut
 CREATE POLICY profiles_update_own ON public.profiles FOR UPDATE USING ((id = auth.uid())) WITH CHECK ((id = auth.uid()));
 
 
+--
+-- Name: public_submission_attempts psa_read_saas_admin; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY psa_read_saas_admin ON public.public_submission_attempts FOR SELECT TO authenticated USING (public.is_saas_admin());
+
+
 --
 -- Name: patient_support_contacts psc: owner full access; Type: POLICY; Schema: public; Owner: -
 --
@@ -20460,25 +26510,10 @@ CREATE POLICY public_read ON public.login_carousel_slides FOR SELECT USING ((ati
 
 
 --
--- Name: features read features (auth); Type: POLICY; Schema: public; Owner: -
+-- Name: public_submission_attempts; Type: ROW SECURITY; Schema: public; Owner: -
 --
 
-CREATE POLICY "read features (auth)" ON public.features FOR SELECT TO authenticated USING (true);
-
-
---
--- Name: plan_features read plan_features (auth); Type: POLICY; Schema: public; Owner: -
---
-
-CREATE POLICY "read plan_features (auth)" ON public.plan_features FOR SELECT TO authenticated USING (true);
-
-
---
--- Name: plans read plans (auth); Type: POLICY; Schema: public; Owner: -
---
-
-CREATE POLICY "read plans (auth)" ON public.plans FOR SELECT TO authenticated USING (true);
-
+ALTER TABLE public.public_submission_attempts ENABLE ROW LEVEL SECURITY;
 
 --
 -- Name: recurrence_exceptions; Type: ROW SECURITY; Schema: public; Owner: -
@@ -20561,6 +26596,26 @@ CREATE POLICY recurrence_rules_clinic_write ON public.recurrence_rules USING ((p
 CREATE POLICY recurrence_rules_owner ON public.recurrence_rules TO authenticated USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
 
 
+--
+-- Name: session_reminder_logs reminder_logs: tenant members select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "reminder_logs: tenant members select" ON public.session_reminder_logs FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = session_reminder_logs.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: session_reminder_settings reminder_settings: tenant members all; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "reminder_settings: tenant members all" ON public.session_reminder_settings TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = session_reminder_settings.tenant_id) AND (tm.status = 'active'::text)))))) WITH CHECK ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = session_reminder_settings.tenant_id) AND (tm.status = 'active'::text))))));
+
+
 --
 -- Name: subscription_intents_legacy saas_admin can read subscription_intents; Type: POLICY; Schema: public; Owner: -
 --
@@ -20638,6 +26693,39 @@ ALTER TABLE public.saas_faq ENABLE ROW LEVEL SECURITY;
 
 ALTER TABLE public.saas_faq_itens ENABLE ROW LEVEL SECURITY;
 
+--
+-- Name: saas_security_config; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.saas_security_config ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: saas_security_config saas_security_config_read; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY saas_security_config_read ON public.saas_security_config FOR SELECT TO authenticated USING (true);
+
+
+--
+-- Name: saas_security_config saas_security_config_write; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY saas_security_config_write ON public.saas_security_config FOR UPDATE TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
+--
+-- Name: saas_twilio_config; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.saas_twilio_config ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: saas_twilio_config saas_twilio_config_read; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY saas_twilio_config_read ON public.saas_twilio_config FOR SELECT TO authenticated USING (public.is_saas_admin());
+
+
 --
 -- Name: agenda_bloqueios select own; Type: POLICY; Schema: public; Owner: -
 --
@@ -20659,12 +26747,62 @@ CREATE POLICY service_role_manage_usage ON public.twilio_subaccount_usage USING
 ALTER TABLE public.services ENABLE ROW LEVEL SECURITY;
 
 --
--- Name: services services: owner full access; Type: POLICY; Schema: public; Owner: -
+-- Name: services services: delete; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY "services: owner full access" ON public.services USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
+CREATE POLICY "services: delete" ON public.services FOR DELETE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
 
 
+--
+-- Name: services services: insert; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "services: insert" ON public.services FOR INSERT TO authenticated WITH CHECK (((owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: services services: select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "services: select" ON public.services FOR SELECT TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: services services: update; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "services: update" ON public.services FOR UPDATE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+
+--
+-- Name: session_reminder_logs; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.session_reminder_logs ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: session_reminder_settings; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.session_reminder_settings ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: submission_rate_limits srl_read_saas_admin; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY srl_read_saas_admin ON public.submission_rate_limits FOR SELECT TO authenticated USING (public.is_saas_admin());
+
+
+--
+-- Name: submission_rate_limits; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.submission_rate_limits ENABLE ROW LEVEL SECURITY;
+
 --
 -- Name: subscription_events; Type: ROW SECURITY; Schema: public; Owner: -
 --
@@ -20698,6 +26836,19 @@ CREATE POLICY subscription_intents_insert_own ON public.subscription_intents_leg
 
 ALTER TABLE public.subscription_intents_legacy ENABLE ROW LEVEL SECURITY;
 
+--
+-- Name: subscription_intents_personal; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.subscription_intents_personal ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: subscription_intents_personal subscription_intents_personal_owner; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY subscription_intents_personal_owner ON public.subscription_intents_personal TO authenticated USING (((user_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((user_id = auth.uid()) OR public.is_saas_admin()));
+
+
 --
 -- Name: subscription_intents_legacy subscription_intents_select_own; Type: POLICY; Schema: public; Owner: -
 --
@@ -20705,19 +26856,29 @@ ALTER TABLE public.subscription_intents_legacy ENABLE ROW LEVEL SECURITY;
 CREATE POLICY subscription_intents_select_own ON public.subscription_intents_legacy FOR SELECT TO authenticated USING ((user_id = auth.uid()));
 
 
+--
+-- Name: subscription_intents_tenant; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.subscription_intents_tenant ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: subscription_intents_tenant subscription_intents_tenant_member; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY subscription_intents_tenant_member ON public.subscription_intents_tenant TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text]))))))) WITH CHECK ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text])))))));
+
+
 --
 -- Name: subscriptions; Type: ROW SECURITY; Schema: public; Owner: -
 --
 
 ALTER TABLE public.subscriptions ENABLE ROW LEVEL SECURITY;
 
---
--- Name: subscriptions subscriptions read own; Type: POLICY; Schema: public; Owner: -
---
-
-CREATE POLICY "subscriptions read own" ON public.subscriptions FOR SELECT TO authenticated USING ((user_id = auth.uid()));
-
-
 --
 -- Name: subscriptions subscriptions: read if linked owner_users; Type: POLICY; Schema: public; Owner: -
 --
@@ -20727,6 +26888,13 @@ CREATE POLICY "subscriptions: read if linked owner_users" ON public.subscription
   WHERE ((ou.owner_id = subscriptions.user_id) AND (ou.user_id = auth.uid())))));
 
 
+--
+-- Name: POLICY "subscriptions: read if linked owner_users" ON subscriptions; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON POLICY "subscriptions: read if linked owner_users" ON public.subscriptions IS 'Caso especial: usuários ligados ao owner via owner_users (terapeutas de uma clínica que precisam ver a assinatura do owner).';
+
+
 --
 -- Name: subscriptions subscriptions_insert_own_personal; Type: POLICY; Schema: public; Owner: -
 --
@@ -20735,10 +26903,10 @@ CREATE POLICY subscriptions_insert_own_personal ON public.subscriptions FOR INSE
 
 
 --
--- Name: subscriptions subscriptions_no_direct_update; Type: POLICY; Schema: public; Owner: -
+-- Name: POLICY subscriptions_insert_own_personal ON subscriptions; Type: COMMENT; Schema: public; Owner: -
 --
 
-CREATE POLICY subscriptions_no_direct_update ON public.subscriptions FOR UPDATE TO authenticated USING (false) WITH CHECK (false);
+COMMENT ON POLICY subscriptions_insert_own_personal ON public.subscriptions IS 'Usuário cria a própria assinatura pessoal (intent → conversion).';
 
 
 --
@@ -20748,6 +26916,13 @@ CREATE POLICY subscriptions_no_direct_update ON public.subscriptions FOR UPDATE
 CREATE POLICY subscriptions_read_own ON public.subscriptions FOR SELECT TO authenticated USING (((user_id = auth.uid()) OR public.is_saas_admin()));
 
 
+--
+-- Name: POLICY subscriptions_read_own ON subscriptions; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON POLICY subscriptions_read_own ON public.subscriptions IS 'Dono da assinatura (user_id) ou saas_admin. Cobre o caso pessoal.';
+
+
 --
 -- Name: subscriptions subscriptions_select_for_tenant_members; Type: POLICY; Schema: public; Owner: -
 --
@@ -20758,10 +26933,10 @@ CREATE POLICY subscriptions_select_for_tenant_members ON public.subscriptions FO
 
 
 --
--- Name: subscriptions subscriptions_select_own_personal; Type: POLICY; Schema: public; Owner: -
+-- Name: POLICY subscriptions_select_for_tenant_members ON subscriptions; Type: COMMENT; Schema: public; Owner: -
 --
 
-CREATE POLICY subscriptions_select_own_personal ON public.subscriptions FOR SELECT TO authenticated USING (((user_id = auth.uid()) AND (tenant_id IS NULL)));
+COMMENT ON POLICY subscriptions_select_for_tenant_members ON public.subscriptions IS 'Membros ativos do tenant leem assinaturas do tenant.';
 
 
 --
@@ -20771,6 +26946,13 @@ CREATE POLICY subscriptions_select_own_personal ON public.subscriptions FOR SELE
 CREATE POLICY subscriptions_update_only_saas_admin ON public.subscriptions FOR UPDATE TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
 
 
+--
+-- Name: POLICY subscriptions_update_only_saas_admin ON subscriptions; Type: COMMENT; Schema: public; Owner: -
+--
+
+COMMENT ON POLICY subscriptions_update_only_saas_admin ON public.subscriptions IS 'UPDATE direto somente via saas_admin. Mudanças de tenant devem passar por RPC dedicada.';
+
+
 --
 -- Name: support_sessions; Type: ROW SECURITY; Schema: public; Owner: -
 --
@@ -20790,9 +26972,9 @@ CREATE POLICY support_sessions_saas_delete ON public.support_sessions FOR DELETE
 -- Name: support_sessions support_sessions_saas_insert; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY support_sessions_saas_insert ON public.support_sessions FOR INSERT WITH CHECK (((auth.uid() = admin_id) AND (EXISTS ( SELECT 1
-   FROM public.profiles
-  WHERE ((profiles.id = auth.uid()) AND (profiles.role = 'saas_admin'::text))))));
+CREATE POLICY support_sessions_saas_insert ON public.support_sessions FOR INSERT TO authenticated WITH CHECK (((admin_id = auth.uid()) AND (EXISTS ( SELECT 1
+   FROM public.saas_admins sa
+  WHERE (sa.user_id = auth.uid())))));
 
 
 --
@@ -20805,17 +26987,84 @@ CREATE POLICY support_sessions_saas_select ON public.support_sessions FOR SELECT
 
 
 --
--- Name: email_templates_tenant tenant manages own overrides; Type: POLICY; Schema: public; Owner: -
+-- Name: tenant_feature_exceptions_log; Type: ROW SECURITY; Schema: public; Owner: -
 --
 
-CREATE POLICY "tenant manages own overrides" ON public.email_templates_tenant USING ((tenant_id = auth.uid())) WITH CHECK ((tenant_id = auth.uid()));
+ALTER TABLE public.tenant_feature_exceptions_log ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: tenant_feature_exceptions_log tenant_feature_exceptions_log_read; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY tenant_feature_exceptions_log_read ON public.tenant_feature_exceptions_log FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
 
 
 --
--- Name: email_layout_config tenant owns email layout config; Type: POLICY; Schema: public; Owner: -
+-- Name: tenant_features; Type: ROW SECURITY; Schema: public; Owner: -
 --
 
-CREATE POLICY "tenant owns email layout config" ON public.email_layout_config USING ((tenant_id = auth.uid())) WITH CHECK ((tenant_id = auth.uid()));
+ALTER TABLE public.tenant_features ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: tenant_features tenant_features_select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY tenant_features_select ON public.tenant_features FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: tenant_features tenant_features_write_saas_only; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY tenant_features_write_saas_only ON public.tenant_features TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
+--
+-- Name: tenant_invites; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.tenant_invites ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: tenant_invites tenant_invites_delete; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY tenant_invites_delete ON public.tenant_invites FOR DELETE TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
+
+
+--
+-- Name: tenant_invites tenant_invites_insert; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY tenant_invites_insert ON public.tenant_invites FOR INSERT TO authenticated WITH CHECK (((invited_by = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
+
+
+--
+-- Name: tenant_invites tenant_invites_select; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY tenant_invites_select ON public.tenant_invites FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
+
+
+--
+-- Name: tenant_invites tenant_invites_update; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY tenant_invites_update ON public.tenant_invites FOR UPDATE TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text]))))))) WITH CHECK ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
 
 
 --
@@ -20965,7 +27214,7 @@ ALTER TABLE public.user_settings ENABLE ROW LEVEL SECURITY;
 -- Name: user_settings user_settings_insert_own; Type: POLICY; Schema: public; Owner: -
 --
 
-CREATE POLICY user_settings_insert_own ON public.user_settings FOR INSERT WITH CHECK ((user_id = auth.uid()));
+CREATE POLICY user_settings_insert_own ON public.user_settings FOR INSERT TO authenticated WITH CHECK ((user_id = auth.uid()));
 
 
 --
@@ -21003,6 +27252,82 @@ CREATE POLICY votos_select_own ON public.saas_doc_votos FOR SELECT TO authentica
 CREATE POLICY votos_upsert_own ON public.saas_doc_votos TO authenticated USING ((user_id = auth.uid())) WITH CHECK ((user_id = auth.uid()));
 
 
+--
+-- Name: whatsapp_credits_balance wa_credits_balance: select tenant; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "wa_credits_balance: select tenant" ON public.whatsapp_credits_balance FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = whatsapp_credits_balance.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: whatsapp_credits_balance wa_credits_balance: update tenant; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "wa_credits_balance: update tenant" ON public.whatsapp_credits_balance FOR UPDATE TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = whatsapp_credits_balance.tenant_id) AND (tm.status = 'active'::text)))))) WITH CHECK ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = whatsapp_credits_balance.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: whatsapp_credits_transactions wa_credits_tx: select tenant; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "wa_credits_tx: select tenant" ON public.whatsapp_credits_transactions FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = whatsapp_credits_transactions.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: whatsapp_credit_packages wa_packages: manage saas admin; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "wa_packages: manage saas admin" ON public.whatsapp_credit_packages TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+
+--
+-- Name: whatsapp_credit_packages wa_packages: select active; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "wa_packages: select active" ON public.whatsapp_credit_packages FOR SELECT TO authenticated USING (((is_active = true) OR public.is_saas_admin()));
+
+
+--
+-- Name: whatsapp_credit_purchases wa_purchases: select tenant; Type: POLICY; Schema: public; Owner: -
+--
+
+CREATE POLICY "wa_purchases: select tenant" ON public.whatsapp_credit_purchases FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = whatsapp_credit_purchases.tenant_id) AND (tm.status = 'active'::text))))));
+
+
+--
+-- Name: whatsapp_credit_packages; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.whatsapp_credit_packages ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: whatsapp_credit_purchases; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.whatsapp_credit_purchases ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: whatsapp_credits_balance; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.whatsapp_credits_balance ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: whatsapp_credits_transactions; Type: ROW SECURITY; Schema: public; Owner: -
+--
+
+ALTER TABLE public.whatsapp_credits_transactions ENABLE ROW LEVEL SECURITY;
+
 --
 -- Name: messages; Type: ROW SECURITY; Schema: realtime; Owner: -
 --
@@ -21161,45 +27486,57 @@ ALTER TABLE storage.buckets_analytics ENABLE ROW LEVEL SECURITY;
 ALTER TABLE storage.buckets_vectors ENABLE ROW LEVEL SECURITY;
 
 --
--- Name: objects documents: authenticated delete; Type: POLICY; Schema: storage; Owner: -
+-- Name: objects documents: tenant member delete; Type: POLICY; Schema: storage; Owner: -
 --
 
-CREATE POLICY "documents: authenticated delete" ON storage.objects FOR DELETE TO authenticated USING ((bucket_id = 'documents'::text));
+CREATE POLICY "documents: tenant member delete" ON storage.objects FOR DELETE TO authenticated USING (((bucket_id = 'documents'::text) AND (public.is_saas_admin() OR (((storage.foldername(name))[1])::uuid IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))))));
 
 
 --
--- Name: objects documents: authenticated read; Type: POLICY; Schema: storage; Owner: -
+-- Name: objects documents: tenant member read; Type: POLICY; Schema: storage; Owner: -
 --
 
-CREATE POLICY "documents: authenticated read" ON storage.objects FOR SELECT TO authenticated USING ((bucket_id = 'documents'::text));
+CREATE POLICY "documents: tenant member read" ON storage.objects FOR SELECT TO authenticated USING (((bucket_id = 'documents'::text) AND (public.is_saas_admin() OR (((storage.foldername(name))[1])::uuid IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))))));
 
 
 --
--- Name: objects documents: authenticated upload; Type: POLICY; Schema: storage; Owner: -
+-- Name: objects documents: tenant member upload; Type: POLICY; Schema: storage; Owner: -
 --
 
-CREATE POLICY "documents: authenticated upload" ON storage.objects FOR INSERT TO authenticated WITH CHECK ((bucket_id = 'documents'::text));
+CREATE POLICY "documents: tenant member upload" ON storage.objects FOR INSERT TO authenticated WITH CHECK (((bucket_id = 'documents'::text) AND (((storage.foldername(name))[1])::uuid IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
 
 
 --
--- Name: objects generated-docs: authenticated delete; Type: POLICY; Schema: storage; Owner: -
+-- Name: objects generated-docs: tenant member delete; Type: POLICY; Schema: storage; Owner: -
 --
 
-CREATE POLICY "generated-docs: authenticated delete" ON storage.objects FOR DELETE TO authenticated USING ((bucket_id = 'generated-docs'::text));
+CREATE POLICY "generated-docs: tenant member delete" ON storage.objects FOR DELETE TO authenticated USING (((bucket_id = 'generated-docs'::text) AND (public.is_saas_admin() OR (((storage.foldername(name))[1])::uuid IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))))));
 
 
 --
--- Name: objects generated-docs: authenticated read; Type: POLICY; Schema: storage; Owner: -
+-- Name: objects generated-docs: tenant member read; Type: POLICY; Schema: storage; Owner: -
 --
 
-CREATE POLICY "generated-docs: authenticated read" ON storage.objects FOR SELECT TO authenticated USING ((bucket_id = 'generated-docs'::text));
+CREATE POLICY "generated-docs: tenant member read" ON storage.objects FOR SELECT TO authenticated USING (((bucket_id = 'generated-docs'::text) AND (public.is_saas_admin() OR (((storage.foldername(name))[1])::uuid IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))))));
 
 
 --
--- Name: objects generated-docs: authenticated upload; Type: POLICY; Schema: storage; Owner: -
+-- Name: objects generated-docs: tenant member upload; Type: POLICY; Schema: storage; Owner: -
 --
 
-CREATE POLICY "generated-docs: authenticated upload" ON storage.objects FOR INSERT TO authenticated WITH CHECK ((bucket_id = 'generated-docs'::text));
+CREATE POLICY "generated-docs: tenant member upload" ON storage.objects FOR INSERT TO authenticated WITH CHECK (((bucket_id = 'generated-docs'::text) AND (((storage.foldername(name))[1])::uuid IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
 
 
 --
@@ -21215,31 +27552,10 @@ ALTER TABLE storage.iceberg_namespaces ENABLE ROW LEVEL SECURITY;
 ALTER TABLE storage.iceberg_tables ENABLE ROW LEVEL SECURITY;
 
 --
--- Name: objects intake_read_anon; Type: POLICY; Schema: storage; Owner: -
+-- Name: objects intake_read_owner_only; Type: POLICY; Schema: storage; Owner: -
 --
 
-CREATE POLICY intake_read_anon ON storage.objects FOR SELECT TO anon USING (((bucket_id = 'avatars'::text) AND (name ~~ 'intakes/%'::text)));
-
-
---
--- Name: objects intake_read_public; Type: POLICY; Schema: storage; Owner: -
---
-
-CREATE POLICY intake_read_public ON storage.objects FOR SELECT USING (((bucket_id = 'avatars'::text) AND (name ~~ 'intakes/%'::text)));
-
-
---
--- Name: objects intake_upload_anon; Type: POLICY; Schema: storage; Owner: -
---
-
-CREATE POLICY intake_upload_anon ON storage.objects FOR INSERT TO anon WITH CHECK (((bucket_id = 'avatars'::text) AND (name ~~ 'intakes/%'::text)));
-
-
---
--- Name: objects intake_upload_public; Type: POLICY; Schema: storage; Owner: -
---
-
-CREATE POLICY intake_upload_public ON storage.objects FOR INSERT WITH CHECK (((bucket_id = 'avatars'::text) AND (name ~~ 'intakes/%'::text)));
+CREATE POLICY intake_read_owner_only ON storage.objects FOR SELECT TO authenticated USING (((bucket_id = 'avatars'::text) AND ((storage.foldername(name))[1] = 'intakes'::text)));
 
 
 --
@@ -21297,6 +27613,22 @@ CREATE POLICY saas_admin_upload ON storage.objects FOR INSERT TO authenticated W
 
 ALTER TABLE storage.vector_indexes ENABLE ROW LEVEL SECURITY;
 
+--
+-- Name: objects whatsapp-media: delete saas admin; Type: POLICY; Schema: storage; Owner: -
+--
+
+CREATE POLICY "whatsapp-media: delete saas admin" ON storage.objects FOR DELETE TO authenticated USING (((bucket_id = 'whatsapp-media'::text) AND public.is_saas_admin()));
+
+
+--
+-- Name: objects whatsapp-media: read tenant members; Type: POLICY; Schema: storage; Owner: -
+--
+
+CREATE POLICY "whatsapp-media: read tenant members" ON storage.objects FOR SELECT TO authenticated USING (((bucket_id = 'whatsapp-media'::text) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND ((storage.foldername(objects.name))[1] = (tm.tenant_id)::text)))))));
+
+
 --
 -- Name: supabase_realtime; Type: PUBLICATION; Schema: -; Owner: -
 --
@@ -21311,6 +27643,13 @@ CREATE PUBLICATION supabase_realtime WITH (publish = 'insert, update, delete, tr
 CREATE PUBLICATION supabase_realtime_messages_publication WITH (publish = 'insert, update, delete, truncate');
 
 
+--
+-- Name: supabase_realtime conversation_messages; Type: PUBLICATION TABLE; Schema: public; Owner: -
+--
+
+ALTER PUBLICATION supabase_realtime ADD TABLE ONLY public.conversation_messages;
+
+
 --
 -- Name: supabase_realtime notifications; Type: PUBLICATION TABLE; Schema: public; Owner: -
 --
@@ -21381,5 +27720,5 @@ CREATE EVENT TRIGGER pgrst_drop_watch ON sql_drop
 -- PostgreSQL database dump complete
 --
 
-\unrestrict t3AqgfsPfrxKQ6xDOUZgLcwOmqGEQFr9QmWZe441K296WP9E1M31r17ZcywnfKW
+\unrestrict cL3H2JjRWI00WI0xnJSlufhaNqJV1aSUu220iQjG1A8YccWtKcjoKGeanovDlAc
 
diff --git a/database-novo/schema/01_extensions/extensions.sql b/database-novo/schema/01_extensions/extensions.sql
index 3274258..004794c 100644
--- a/database-novo/schema/01_extensions/extensions.sql
+++ b/database-novo/schema/01_extensions/extensions.sql
@@ -1,5 +1,5 @@
 -- Extensions
--- Gerado automaticamente em 2026-04-17T12:23:04.148Z
+-- Gerado automaticamente em 2026-04-21T23:16:33.041Z
 -- Total: 10
 
 CREATE EXTENSION IF NOT EXISTS btree_gist WITH SCHEMA public;
diff --git a/database-novo/schema/03_functions/_all.sql b/database-novo/schema/03_functions/_all.sql
index 5a465d8..7c85b2d 100644
--- a/database-novo/schema/03_functions/_all.sql
+++ b/database-novo/schema/03_functions/_all.sql
@@ -1,6 +1,6 @@
 -- All Functions
--- Gerado automaticamente em 2026-04-17T12:23:05.224Z
--- Total: 165
+-- Gerado automaticamente em 2026-04-21T23:16:34.950Z
+-- Total: 192
 
 CREATE FUNCTION auth.email() RETURNS text
     LANGUAGE sql STABLE
@@ -419,6 +419,38 @@ begin
 end;
 $$;
 
+CREATE FUNCTION public.add_whatsapp_credits(p_tenant_id uuid, p_amount integer, p_kind text, p_purchase_id uuid DEFAULT NULL::uuid, p_admin_id uuid DEFAULT NULL::uuid, p_note text DEFAULT NULL::text) RETURNS integer
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_new_balance INT;
+BEGIN
+    IF p_amount <= 0 THEN
+        RAISE EXCEPTION 'amount must be positive';
+    END IF;
+    IF p_kind NOT IN ('purchase', 'topup_manual', 'refund', 'adjustment') THEN
+        RAISE EXCEPTION 'invalid kind for credit: %', p_kind;
+    END IF;
+
+    INSERT INTO public.whatsapp_credits_balance (tenant_id, balance, lifetime_purchased)
+    VALUES (p_tenant_id, p_amount, CASE WHEN p_kind IN ('purchase', 'topup_manual') THEN p_amount ELSE 0 END)
+    ON CONFLICT (tenant_id) DO UPDATE SET
+        balance = whatsapp_credits_balance.balance + EXCLUDED.balance,
+        lifetime_purchased = whatsapp_credits_balance.lifetime_purchased
+            + CASE WHEN p_kind IN ('purchase', 'topup_manual') THEN p_amount ELSE 0 END,
+        low_balance_alerted_at = NULL  -- reset alerta quando recebe creditos
+    RETURNING balance INTO v_new_balance;
+
+    INSERT INTO public.whatsapp_credits_transactions
+        (tenant_id, kind, amount, balance_after, purchase_id, admin_id, note)
+    VALUES
+        (p_tenant_id, p_kind, p_amount, v_new_balance, p_purchase_id, p_admin_id, p_note);
+
+    RETURN v_new_balance;
+END;
+$$;
+
 CREATE FUNCTION public.admin_credit_addon(p_tenant_id uuid, p_addon_type text, p_amount integer, p_product_id uuid DEFAULT NULL::uuid, p_description text DEFAULT 'Cr??dito manual'::text, p_payment_method text DEFAULT 'manual'::text, p_price_cents integer DEFAULT 0) RETURNS jsonb
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
@@ -1280,6 +1312,108 @@ begin
 end;
 $$;
 
+CREATE FUNCTION public.check_rate_limit(p_ip_hash text, p_endpoint text) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    cfg                       saas_security_config%ROWTYPE;
+    rl                        submission_rate_limits%ROWTYPE;
+    v_now                     timestamptz := now();
+    v_window_start            timestamptz;
+    v_in_window               boolean;
+    v_requires_captcha        boolean := false;
+    v_blocked_until           timestamptz;
+    v_retry_after_seconds     integer := 0;
+BEGIN
+    SELECT * INTO cfg FROM saas_security_config WHERE id = true;
+    IF NOT FOUND THEN
+        -- Sem config: fail-open (libera). Logado.
+        RETURN jsonb_build_object('allowed', true, 'requires_captcha', false, 'reason', 'no_config');
+    END IF;
+
+    -- Modo paranoid global: sempre captcha
+    IF cfg.captcha_required_globally THEN
+        v_requires_captcha := true;
+    END IF;
+
+    -- Sem rate limit ativo: libera (mas pode exigir captcha pelo paranoid)
+    IF NOT cfg.rate_limit_enabled THEN
+        RETURN jsonb_build_object(
+            'allowed',          true,
+            'requires_captcha', v_requires_captcha,
+            'reason',           CASE WHEN v_requires_captcha THEN 'paranoid_global' ELSE 'rate_limit_disabled' END
+        );
+    END IF;
+
+    -- Sem ip_hash: libera (não dá pra rastrear)
+    IF p_ip_hash IS NULL OR length(btrim(p_ip_hash)) = 0 THEN
+        RETURN jsonb_build_object(
+            'allowed',          true,
+            'requires_captcha', v_requires_captcha,
+            'reason',           'no_ip'
+        );
+    END IF;
+
+    SELECT * INTO rl
+      FROM submission_rate_limits
+     WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+
+    -- Bloqueio temporário ativo?
+    IF FOUND AND rl.blocked_until IS NOT NULL AND rl.blocked_until > v_now THEN
+        v_retry_after_seconds := EXTRACT(EPOCH FROM (rl.blocked_until - v_now))::int;
+        RETURN jsonb_build_object(
+            'allowed',             false,
+            'requires_captcha',    false,
+            'retry_after_seconds', v_retry_after_seconds,
+            'reason',              'blocked'
+        );
+    END IF;
+
+    -- Captcha condicional ativo?
+    IF FOUND AND rl.requires_captcha_until IS NOT NULL AND rl.requires_captcha_until > v_now THEN
+        v_requires_captcha := true;
+    END IF;
+
+    -- Janela atual ainda válida?
+    v_window_start := v_now - (cfg.rate_limit_window_min || ' minutes')::interval;
+    v_in_window := FOUND AND rl.window_start >= v_window_start;
+
+    IF v_in_window AND rl.attempt_count >= cfg.rate_limit_max_attempts THEN
+        -- Excedeu — bloqueia
+        v_blocked_until := v_now + (cfg.block_duration_min || ' minutes')::interval;
+        UPDATE submission_rate_limits
+           SET blocked_until = v_blocked_until,
+               last_attempt_at = v_now
+         WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+
+        v_retry_after_seconds := EXTRACT(EPOCH FROM (v_blocked_until - v_now))::int;
+        RETURN jsonb_build_object(
+            'allowed',             false,
+            'requires_captcha',    false,
+            'retry_after_seconds', v_retry_after_seconds,
+            'reason',              'rate_limit_exceeded'
+        );
+    END IF;
+
+    RETURN jsonb_build_object(
+        'allowed',          true,
+        'requires_captcha', v_requires_captcha,
+        'reason',           CASE WHEN v_requires_captcha THEN 'captcha_required' ELSE 'ok' END
+    );
+END;
+$$;
+
+CREATE FUNCTION public.cleanup_expired_math_challenges() RETURNS integer
+    LANGUAGE sql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+    WITH d AS (
+        DELETE FROM math_challenges WHERE expires_at < now() - interval '1 hour' RETURNING 1
+    )
+    SELECT COUNT(*)::int FROM d;
+$$;
+
 CREATE FUNCTION public.cleanup_notification_queue() RETURNS integer
     LANGUAGE plpgsql SECURITY DEFINER
     AS $$
@@ -1438,44 +1572,151 @@ CREATE FUNCTION public.create_patient_intake_request_v2(p_token text, p_payload
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
     AS $_$
-declare
-  v_owner_id uuid;
-  v_intake_id uuid;
-  v_birth_raw text;
-  v_birth date;
-begin
-  select owner_id
-    into v_owner_id
-  from public.patient_invites
-  where token = p_token;
+DECLARE
+  v_owner_id   uuid;
+  v_tenant_id  uuid;
+  v_active     boolean;
+  v_expires    timestamptz;
+  v_max_uses   int;
+  v_uses       int;
+  v_intake_id  uuid;
+  v_birth_raw  text;
+  v_birth      date;
+  v_email      text;
+  v_email_alt  text;
+  v_nome       text;
+  v_consent    boolean;
+  v_genero     text;
+  v_estado_civil text;
 
-  if v_owner_id is null then
-    raise exception 'Token inv??lido ou expirado';
-  end if;
+  -- Whitelists para campos tipados
+  c_generos        text[] := ARRAY['male','female','non_binary','other','na'];
+  c_estados_civis  text[] := ARRAY['single','married','divorced','widowed','na'];
+BEGIN
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Carrega invite e valida TUDO (A#16)
+  -- ───────────────────────────────────────────────────────────────────────
+  SELECT owner_id, tenant_id, active, expires_at, max_uses, uses
+    INTO v_owner_id, v_tenant_id, v_active, v_expires, v_max_uses, v_uses
+  FROM public.patient_invites
+  WHERE token = p_token
+  LIMIT 1;
 
-  v_birth_raw := nullif(trim(coalesce(
-    p_payload->>'data_nascimento',
-    ''
-  )), '');
+  IF v_owner_id IS NULL THEN
+    RAISE EXCEPTION 'Token inválido' USING ERRCODE = '28000';
+  END IF;
 
-  v_birth := case
-    when v_birth_raw is null then null
-    when v_birth_raw ~ '^\d{4}-\d{2}-\d{2}$' then v_birth_raw::date
-    when v_birth_raw ~ '^\d{2}-\d{2}-\d{4}$' then to_date(v_birth_raw, 'DD-MM-YYYY')
-    else null
-  end;
+  IF v_active IS NOT TRUE THEN
+    RAISE EXCEPTION 'Link desativado' USING ERRCODE = '28000';
+  END IF;
 
-  insert into public.patient_intake_requests (
+  IF v_expires IS NOT NULL AND now() > v_expires THEN
+    RAISE EXCEPTION 'Link expirado' USING ERRCODE = '28000';
+  END IF;
+
+  IF v_max_uses IS NOT NULL AND v_uses >= v_max_uses THEN
+    RAISE EXCEPTION 'Limite de uso atingido' USING ERRCODE = '28000';
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Resolver tenant_id (A#19)
+  -- Se o invite não tem tenant_id, tenta achar a membership active do owner.
+  -- ───────────────────────────────────────────────────────────────────────
+  IF v_tenant_id IS NULL THEN
+    SELECT tenant_id
+      INTO v_tenant_id
+    FROM public.tenant_members
+    WHERE user_id = v_owner_id
+      AND status = 'active'
+    ORDER BY created_at ASC
+    LIMIT 1;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Sanitização + validações de campos (A#27)
+  -- ───────────────────────────────────────────────────────────────────────
+
+  -- Nome obrigatório (max 200)
+  v_nome := nullif(trim(p_payload->>'nome_completo'), '');
+  IF v_nome IS NULL THEN
+    RAISE EXCEPTION 'Nome é obrigatório';
+  END IF;
+  IF length(v_nome) > 200 THEN
+    RAISE EXCEPTION 'Nome muito longo (máx 200 caracteres)';
+  END IF;
+
+  -- Email principal obrigatório + lower + max 120
+  v_email := nullif(lower(trim(p_payload->>'email_principal')), '');
+  IF v_email IS NULL THEN
+    RAISE EXCEPTION 'E-mail é obrigatório';
+  END IF;
+  IF length(v_email) > 120 THEN
+    RAISE EXCEPTION 'E-mail muito longo (máx 120 caracteres)';
+  END IF;
+  IF v_email !~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$' THEN
+    RAISE EXCEPTION 'E-mail inválido';
+  END IF;
+
+  -- Email alternativo opcional mas validado se presente
+  v_email_alt := nullif(lower(trim(p_payload->>'email_alternativo')), '');
+  IF v_email_alt IS NOT NULL THEN
+    IF length(v_email_alt) > 120 THEN
+      RAISE EXCEPTION 'E-mail alternativo muito longo';
+    END IF;
+    IF v_email_alt !~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$' THEN
+      RAISE EXCEPTION 'E-mail alternativo inválido';
+    END IF;
+  END IF;
+
+  -- Consent obrigatório
+  v_consent := coalesce((p_payload->>'consent')::boolean, false);
+  IF v_consent IS NOT TRUE THEN
+    RAISE EXCEPTION 'Consentimento é obrigatório';
+  END IF;
+
+  -- Data de nascimento: aceita DD-MM-YYYY ou YYYY-MM-DD
+  v_birth_raw := nullif(trim(coalesce(p_payload->>'data_nascimento', '')), '');
+  v_birth := CASE
+    WHEN v_birth_raw IS NULL THEN NULL
+    WHEN v_birth_raw ~ '^\d{4}-\d{2}-\d{2}$' THEN v_birth_raw::date
+    WHEN v_birth_raw ~ '^\d{2}-\d{2}-\d{4}$' THEN to_date(v_birth_raw, 'DD-MM-YYYY')
+    ELSE NULL
+  END;
+  -- Sanidade: nascimento não pode ser no futuro nem antes de 1900
+  IF v_birth IS NOT NULL AND (v_birth > current_date OR v_birth < '1900-01-01'::date) THEN
+    v_birth := NULL;
+  END IF;
+
+  -- Gênero e estado civil: whitelist estrita (rejeita qualquer outra string)
+  v_genero := nullif(trim(p_payload->>'genero'), '');
+  IF v_genero IS NOT NULL AND NOT (v_genero = ANY(c_generos)) THEN
+    v_genero := NULL;
+  END IF;
+
+  v_estado_civil := nullif(trim(p_payload->>'estado_civil'), '');
+  IF v_estado_civil IS NOT NULL AND NOT (v_estado_civil = ANY(c_estados_civis)) THEN
+    v_estado_civil := NULL;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- INSERT com sanitização inline
+  -- NOTA: notas_internas NÃO é lido do payload (A#17) — é campo interno
+  -- do terapeuta, não deve vir do paciente.
+  -- ───────────────────────────────────────────────────────────────────────
+  INSERT INTO public.patient_intake_requests (
     owner_id,
+    tenant_id,
     token,
     status,
     consent,
 
     nome_completo,
     email_principal,
+    email_alternativo,
     telefone,
+    telefone_alternativo,
 
-    avatar_url,  -- ???? AQUI
+    avatar_url,
 
     data_nascimento,
     cpf,
@@ -1497,52 +1738,280 @@ begin
     bairro,
 
     observacoes,
-    notas_internas,
 
     encaminhado_por,
     onde_nos_conheceu
   )
-  values (
+  VALUES (
     v_owner_id,
+    v_tenant_id,
     p_token,
     'new',
-    coalesce((p_payload->>'consent')::boolean, false),
+    v_consent,
 
-    nullif(trim(p_payload->>'nome_completo'), ''),
-    nullif(trim(p_payload->>'email_principal'), ''),
+    v_nome,
+    v_email,
+    v_email_alt,
     nullif(regexp_replace(coalesce(p_payload->>'telefone',''), '\D', '', 'g'), ''),
+    nullif(regexp_replace(coalesce(p_payload->>'telefone_alternativo',''), '\D', '', 'g'), ''),
 
-    nullif(trim(p_payload->>'avatar_url'), ''), -- ???? AQUI
+    left(nullif(trim(p_payload->>'avatar_url'), ''), 500),
 
     v_birth,
     nullif(regexp_replace(coalesce(p_payload->>'cpf',''), '\D', '', 'g'), ''),
-    nullif(trim(p_payload->>'rg'), ''),
-    nullif(trim(p_payload->>'genero'), ''),
-    nullif(trim(p_payload->>'estado_civil'), ''),
-    nullif(trim(p_payload->>'profissao'), ''),
-    nullif(trim(p_payload->>'escolaridade'), ''),
-    nullif(trim(p_payload->>'nacionalidade'), ''),
-    nullif(trim(p_payload->>'naturalidade'), ''),
+    left(nullif(trim(p_payload->>'rg'), ''), 20),
+    v_genero,
+    v_estado_civil,
+    left(nullif(trim(p_payload->>'profissao'), ''), 120),
+    left(nullif(trim(p_payload->>'escolaridade'), ''), 120),
+    left(nullif(trim(p_payload->>'nacionalidade'), ''), 80),
+    left(nullif(trim(p_payload->>'naturalidade'), ''), 120),
 
     nullif(regexp_replace(coalesce(p_payload->>'cep',''), '\D', '', 'g'), ''),
-    nullif(trim(p_payload->>'pais'), ''),
-    nullif(trim(p_payload->>'cidade'), ''),
-    nullif(trim(p_payload->>'estado'), ''),
-    nullif(trim(p_payload->>'endereco'), ''),
-    nullif(trim(p_payload->>'numero'), ''),
-    nullif(trim(p_payload->>'complemento'), ''),
-    nullif(trim(p_payload->>'bairro'), ''),
+    left(nullif(trim(p_payload->>'pais'), ''), 60),
+    left(nullif(trim(p_payload->>'cidade'), ''), 120),
+    left(nullif(trim(p_payload->>'estado'), ''), 2),
+    left(nullif(trim(p_payload->>'endereco'), ''), 200),
+    left(nullif(trim(p_payload->>'numero'), ''), 20),
+    left(nullif(trim(p_payload->>'complemento'), ''), 120),
+    left(nullif(trim(p_payload->>'bairro'), ''), 120),
 
-    nullif(trim(p_payload->>'observacoes'), ''),
-    nullif(trim(p_payload->>'notas_internas'), ''),
+    left(nullif(trim(p_payload->>'observacoes'), ''), 2000),
 
-    nullif(trim(p_payload->>'encaminhado_por'), ''),
-    nullif(trim(p_payload->>'onde_nos_conheceu'), '')
+    left(nullif(trim(p_payload->>'encaminhado_por'), ''), 120),
+    left(nullif(trim(p_payload->>'onde_nos_conheceu'), ''), 80)
   )
-  returning id into v_intake_id;
+  RETURNING id INTO v_intake_id;
 
-  return v_intake_id;
-end;
+  -- Incrementa contador de uso (A#16)
+  UPDATE public.patient_invites
+    SET uses = uses + 1
+  WHERE token = p_token;
+
+  RETURN v_intake_id;
+END;
+$_$;
+
+CREATE FUNCTION public.create_patient_intake_request_v2(p_token text, p_payload jsonb, p_client_info text DEFAULT NULL::text) RETURNS uuid
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $_$
+DECLARE
+  v_owner_id   uuid;
+  v_tenant_id  uuid;
+  v_active     boolean;
+  v_expires    timestamptz;
+  v_max_uses   int;
+  v_uses       int;
+  v_intake_id  uuid;
+  v_birth_raw  text;
+  v_birth      date;
+  v_email      text;
+  v_email_alt  text;
+  v_nome       text;
+  v_consent    boolean;
+  v_genero     text;
+  v_estado_civil text;
+  v_err_msg    text;
+  v_err_code   text;
+  v_clean_info text;
+
+  c_generos        text[] := ARRAY['male','female','non_binary','other','na'];
+  c_estados_civis  text[] := ARRAY['single','married','divorced','widowed','na'];
+
+  -- Helper para logar: escreve em patient_invite_attempts e não propaga erros.
+  -- Implementado inline porque PL/pgSQL não permite sub-rotina local fácil.
+BEGIN
+  -- Sanitiza client_info recebido (cap + trim)
+  v_clean_info := nullif(left(trim(coalesce(p_client_info, '')), 500), '');
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Resolve invite + valida TUDO (A#16)
+  -- ───────────────────────────────────────────────────────────────────────
+  SELECT owner_id, tenant_id, active, expires_at, max_uses, uses
+    INTO v_owner_id, v_tenant_id, v_active, v_expires, v_max_uses, v_uses
+  FROM public.patient_invites
+  WHERE token = p_token
+  LIMIT 1;
+
+  IF v_owner_id IS NULL THEN
+    v_err_code := 'TOKEN_INVALID';
+    v_err_msg := 'Token inválido';
+    -- Log + raise (owner_id NULL porque token não bateu)
+    BEGIN
+      INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info)
+      VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info);
+    EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg USING ERRCODE = '28000';
+  END IF;
+
+  IF v_active IS NOT TRUE THEN
+    v_err_code := 'TOKEN_DISABLED';
+    v_err_msg := 'Link desativado';
+    BEGIN
+      INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id)
+      VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id);
+    EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg USING ERRCODE = '28000';
+  END IF;
+
+  IF v_expires IS NOT NULL AND now() > v_expires THEN
+    v_err_code := 'TOKEN_EXPIRED';
+    v_err_msg := 'Link expirado';
+    BEGIN
+      INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id)
+      VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id);
+    EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg USING ERRCODE = '28000';
+  END IF;
+
+  IF v_max_uses IS NOT NULL AND v_uses >= v_max_uses THEN
+    v_err_code := 'TOKEN_MAX_USES';
+    v_err_msg := 'Limite de uso atingido';
+    BEGIN
+      INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id)
+      VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id);
+    EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg USING ERRCODE = '28000';
+  END IF;
+
+  -- Resolve tenant_id se invite não tiver (A#19)
+  IF v_tenant_id IS NULL THEN
+    SELECT tenant_id
+      INTO v_tenant_id
+    FROM public.tenant_members
+    WHERE user_id = v_owner_id
+      AND status = 'active'
+    ORDER BY created_at ASC
+    LIMIT 1;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Sanitização + validações de campos (A#27)
+  -- ───────────────────────────────────────────────────────────────────────
+  v_nome := nullif(trim(p_payload->>'nome_completo'), '');
+  IF v_nome IS NULL THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'Nome é obrigatório';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+  IF length(v_nome) > 200 THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'Nome muito longo';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+
+  v_email := nullif(lower(trim(p_payload->>'email_principal')), '');
+  IF v_email IS NULL THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'E-mail é obrigatório';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+  IF length(v_email) > 120 THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'E-mail muito longo';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+  IF v_email !~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$' THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'E-mail inválido';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+
+  v_email_alt := nullif(lower(trim(p_payload->>'email_alternativo')), '');
+  IF v_email_alt IS NOT NULL THEN
+    IF length(v_email_alt) > 120 THEN
+      v_err_code := 'VALIDATION'; v_err_msg := 'E-mail alternativo muito longo';
+      BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+      RAISE EXCEPTION '%', v_err_msg;
+    END IF;
+    IF v_email_alt !~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$' THEN
+      v_err_code := 'VALIDATION'; v_err_msg := 'E-mail alternativo inválido';
+      BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+      RAISE EXCEPTION '%', v_err_msg;
+    END IF;
+  END IF;
+
+  v_consent := coalesce((p_payload->>'consent')::boolean, false);
+  IF v_consent IS NOT TRUE THEN
+    v_err_code := 'CONSENT_REQUIRED'; v_err_msg := 'Consentimento é obrigatório';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+
+  v_birth_raw := nullif(trim(coalesce(p_payload->>'data_nascimento', '')), '');
+  v_birth := CASE
+    WHEN v_birth_raw IS NULL THEN NULL
+    WHEN v_birth_raw ~ '^\d{4}-\d{2}-\d{2}$' THEN v_birth_raw::date
+    WHEN v_birth_raw ~ '^\d{2}-\d{2}-\d{4}$' THEN to_date(v_birth_raw, 'DD-MM-YYYY')
+    ELSE NULL
+  END;
+  IF v_birth IS NOT NULL AND (v_birth > current_date OR v_birth < '1900-01-01'::date) THEN
+    v_birth := NULL;
+  END IF;
+
+  v_genero := nullif(trim(p_payload->>'genero'), '');
+  IF v_genero IS NOT NULL AND NOT (v_genero = ANY(c_generos)) THEN
+    v_genero := NULL;
+  END IF;
+
+  v_estado_civil := nullif(trim(p_payload->>'estado_civil'), '');
+  IF v_estado_civil IS NOT NULL AND NOT (v_estado_civil = ANY(c_estados_civis)) THEN
+    v_estado_civil := NULL;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- INSERT
+  -- ───────────────────────────────────────────────────────────────────────
+  INSERT INTO public.patient_intake_requests (
+    owner_id, tenant_id, token, status, consent,
+    nome_completo, email_principal, email_alternativo, telefone, telefone_alternativo,
+    avatar_url,
+    data_nascimento, cpf, rg, genero, estado_civil,
+    profissao, escolaridade, nacionalidade, naturalidade,
+    cep, pais, cidade, estado, endereco, numero, complemento, bairro,
+    observacoes, encaminhado_por, onde_nos_conheceu
+  )
+  VALUES (
+    v_owner_id, v_tenant_id, p_token, 'new', v_consent,
+    v_nome, v_email, v_email_alt,
+    nullif(regexp_replace(coalesce(p_payload->>'telefone',''), '\D', '', 'g'), ''),
+    nullif(regexp_replace(coalesce(p_payload->>'telefone_alternativo',''), '\D', '', 'g'), ''),
+    left(nullif(trim(p_payload->>'avatar_url'), ''), 500),
+    v_birth,
+    nullif(regexp_replace(coalesce(p_payload->>'cpf',''), '\D', '', 'g'), ''),
+    left(nullif(trim(p_payload->>'rg'), ''), 20),
+    v_genero, v_estado_civil,
+    left(nullif(trim(p_payload->>'profissao'), ''), 120),
+    left(nullif(trim(p_payload->>'escolaridade'), ''), 120),
+    left(nullif(trim(p_payload->>'nacionalidade'), ''), 80),
+    left(nullif(trim(p_payload->>'naturalidade'), ''), 120),
+    nullif(regexp_replace(coalesce(p_payload->>'cep',''), '\D', '', 'g'), ''),
+    left(nullif(trim(p_payload->>'pais'), ''), 60),
+    left(nullif(trim(p_payload->>'cidade'), ''), 120),
+    left(nullif(trim(p_payload->>'estado'), ''), 2),
+    left(nullif(trim(p_payload->>'endereco'), ''), 200),
+    left(nullif(trim(p_payload->>'numero'), ''), 20),
+    left(nullif(trim(p_payload->>'complemento'), ''), 120),
+    left(nullif(trim(p_payload->>'bairro'), ''), 120),
+    left(nullif(trim(p_payload->>'observacoes'), ''), 2000),
+    left(nullif(trim(p_payload->>'encaminhado_por'), ''), 120),
+    left(nullif(trim(p_payload->>'onde_nos_conheceu'), ''), 80)
+  )
+  RETURNING id INTO v_intake_id;
+
+  UPDATE public.patient_invites
+    SET uses = uses + 1
+  WHERE token = p_token;
+
+  -- Log de sucesso (best-effort, não propaga erro)
+  BEGIN
+    INSERT INTO public.patient_invite_attempts (token, ok, client_info, owner_id, tenant_id)
+    VALUES (p_token, true, v_clean_info, v_owner_id, v_tenant_id);
+  EXCEPTION WHEN OTHERS THEN NULL; END;
+
+  RETURN v_intake_id;
+END;
 $_$;
 
 CREATE FUNCTION public.create_support_session(p_tenant_id uuid, p_ttl_minutes integer DEFAULT 60) RETURNS json
@@ -1809,6 +2278,47 @@ BEGIN
 END;
 $$;
 
+CREATE FUNCTION public.deduct_whatsapp_credits(p_tenant_id uuid, p_amount integer, p_conversation_message_id bigint DEFAULT NULL::bigint, p_note text DEFAULT NULL::text) RETURNS integer
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_new_balance INT;
+    v_row RECORD;
+BEGIN
+    IF p_amount <= 0 THEN
+        RAISE EXCEPTION 'amount must be positive';
+    END IF;
+
+    -- Lock a linha e valida saldo
+    SELECT balance, low_balance_threshold
+        INTO v_row
+        FROM public.whatsapp_credits_balance
+        WHERE tenant_id = p_tenant_id
+        FOR UPDATE;
+
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'insufficient_credits';
+    END IF;
+    IF v_row.balance < p_amount THEN
+        RAISE EXCEPTION 'insufficient_credits';
+    END IF;
+
+    UPDATE public.whatsapp_credits_balance
+        SET balance = balance - p_amount,
+            lifetime_used = lifetime_used + p_amount
+        WHERE tenant_id = p_tenant_id
+        RETURNING balance INTO v_new_balance;
+
+    INSERT INTO public.whatsapp_credits_transactions
+        (tenant_id, kind, amount, balance_after, conversation_message_id, note)
+    VALUES
+        (p_tenant_id, 'usage', -p_amount, v_new_balance, p_conversation_message_id, p_note);
+
+    RETURN v_new_balance;
+END;
+$$;
+
 CREATE FUNCTION public.delete_commitment_full(p_tenant_id uuid, p_commitment_id uuid) RETURNS jsonb
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
@@ -1947,6 +2457,58 @@ begin
 end;
 $$;
 
+CREATE FUNCTION public.delete_plan_safe(p_plan_id uuid) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+  v_active_count int;
+  v_plan_key     text;
+BEGIN
+  IF auth.uid() IS NULL THEN
+    RAISE EXCEPTION 'Não autenticado' USING ERRCODE = '28000';
+  END IF;
+
+  IF NOT public.is_saas_admin() THEN
+    RAISE EXCEPTION 'Apenas saas_admin pode deletar planos' USING ERRCODE = '42501';
+  END IF;
+
+  IF p_plan_id IS NULL THEN
+    RAISE EXCEPTION 'plan_id obrigatório' USING ERRCODE = '22023';
+  END IF;
+
+  SELECT key INTO v_plan_key FROM public.plans WHERE id = p_plan_id;
+  IF v_plan_key IS NULL THEN
+    RAISE EXCEPTION 'plano não encontrado' USING ERRCODE = '22023';
+  END IF;
+
+  SELECT COUNT(*) INTO v_active_count
+  FROM public.subscriptions
+  WHERE plan_id = p_plan_id
+    AND status = 'active';
+
+  IF v_active_count > 0 THEN
+    RAISE EXCEPTION 'Plano % tem % assinatura(s) ativa(s); migre os tenants antes de deletar.',
+      v_plan_key, v_active_count
+      USING ERRCODE = 'P0001';
+  END IF;
+
+  -- desativa preços ativos antes de deletar
+  UPDATE public.plan_prices
+     SET is_active = false,
+         active_to = now()
+   WHERE plan_id = p_plan_id
+     AND is_active = true;
+
+  DELETE FROM public.plans WHERE id = p_plan_id;
+
+  RETURN jsonb_build_object(
+    'deleted',  true,
+    'plan_key', v_plan_key
+  );
+END;
+$$;
+
 CREATE FUNCTION public.dev_list_auth_users(p_limit integer DEFAULT 50) RETURNS TABLE(id uuid, email text, created_at timestamp with time zone)
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public', 'auth'
@@ -2077,6 +2639,15 @@ begin
 end;
 $_$;
 
+CREATE FUNCTION public.dev_set_updated_at() RETURNS trigger
+    LANGUAGE plpgsql
+    AS $$
+BEGIN
+  NEW.updated_at := now();
+  RETURN NEW;
+END;
+$$;
+
 CREATE FUNCTION public.ensure_personal_tenant() RETURNS uuid
     LANGUAGE plpgsql SECURITY DEFINER
     AS $$
@@ -2153,6 +2724,289 @@ begin
 end;
 $$;
 
+CREATE FUNCTION public.export_patient_data(p_patient_id uuid) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_patient RECORD;
+    v_tenant_id UUID;
+    v_caller UUID;
+    v_is_member BOOLEAN;
+    v_result JSONB;
+BEGIN
+    v_caller := auth.uid();
+    IF v_caller IS NULL THEN
+        RAISE EXCEPTION 'Autenticacao obrigatoria' USING ERRCODE = '28000';
+    END IF;
+
+    -- carrega paciente
+    SELECT * INTO v_patient FROM public.patients WHERE id = p_patient_id;
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'Paciente nao encontrado' USING ERRCODE = 'P0002';
+    END IF;
+
+    v_tenant_id := v_patient.tenant_id;
+
+    -- verifica se caller e membro ativo do tenant do paciente
+    SELECT EXISTS (
+        SELECT 1 FROM public.tenant_members tm
+        WHERE tm.tenant_id = v_tenant_id
+          AND tm.user_id = v_caller
+          AND tm.status = 'active'
+    ) OR public.is_saas_admin() INTO v_is_member;
+
+    IF NOT v_is_member THEN
+        RAISE EXCEPTION 'Sem permissao para exportar dados deste paciente' USING ERRCODE = '42501';
+    END IF;
+
+    -- monta o payload
+    v_result := jsonb_build_object(
+        'export_metadata', jsonb_build_object(
+            'generated_at', now(),
+            'generated_by', v_caller,
+            'tenant_id', v_tenant_id,
+            'patient_id', p_patient_id,
+            'lgpd_basis', 'Art. 18, II - portabilidade dos dados do titular',
+            'controller', 'AgenciaPSI - Clinica responsavel',
+            'format_version', '1.0'
+        ),
+        'paciente', to_jsonb(v_patient),
+        'contatos', COALESCE((
+            SELECT jsonb_agg(to_jsonb(pc) ORDER BY pc.created_at)
+            FROM public.patient_contacts pc
+            WHERE pc.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'contatos_apoio', COALESCE((
+            SELECT jsonb_agg(to_jsonb(psc) ORDER BY psc.created_at)
+            FROM public.patient_support_contacts psc
+            WHERE psc.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'historico_status', COALESCE((
+            SELECT jsonb_agg(to_jsonb(psh) ORDER BY psh.alterado_em)
+            FROM public.patient_status_history psh
+            WHERE psh.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'timeline', COALESCE((
+            SELECT jsonb_agg(to_jsonb(pt) ORDER BY pt.ocorrido_em)
+            FROM public.patient_timeline pt
+            WHERE pt.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'descontos', COALESCE((
+            SELECT jsonb_agg(to_jsonb(pd) ORDER BY pd.created_at)
+            FROM public.patient_discounts pd
+            WHERE pd.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'eventos_agenda', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', ae.id,
+                    'tipo', ae.tipo,
+                    'inicio_em', ae.inicio_em,
+                    'fim_em', ae.fim_em,
+                    'status', ae.status,
+                    'observacoes', ae.observacoes,
+                    'created_at', ae.created_at
+                ) ORDER BY ae.inicio_em
+            )
+            FROM public.agenda_eventos ae
+            WHERE ae.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'registros_financeiros', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', fr.id,
+                    'amount', fr.amount,
+                    'discount_amount', fr.discount_amount,
+                    'final_amount', fr.final_amount,
+                    'status', fr.status,
+                    'due_date', fr.due_date,
+                    'paid_at', fr.paid_at,
+                    'payment_method', fr.payment_method,
+                    'notes', fr.notes,
+                    'created_at', fr.created_at
+                ) ORDER BY fr.created_at
+            )
+            FROM public.financial_records fr
+            WHERE fr.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'documentos', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', d.id,
+                    'nome_original', d.nome_original,
+                    'tipo_documento', d.tipo_documento,
+                    'categoria', d.categoria,
+                    'descricao', d.descricao,
+                    'mime_type', d.mime_type,
+                    'tamanho_bytes', d.tamanho_bytes,
+                    'status_revisao', d.status_revisao,
+                    'visibilidade', d.visibilidade,
+                    'uploaded_at', d.uploaded_at,
+                    'created_at', d.created_at
+                ) ORDER BY d.created_at
+            )
+            FROM public.documents d
+            WHERE d.patient_id = p_patient_id AND d.deleted_at IS NULL
+        ), '[]'::jsonb),
+        'notificacoes_enviadas', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', nl.id,
+                    'channel', nl.channel,
+                    'template_key', nl.template_key,
+                    'recipient_address', nl.recipient_address,
+                    'status', nl.status,
+                    'sent_at', nl.sent_at,
+                    'delivered_at', nl.delivered_at,
+                    'read_at', nl.read_at,
+                    'failure_reason', nl.failure_reason,
+                    'created_at', nl.created_at
+                ) ORDER BY nl.created_at
+            )
+            FROM public.notification_logs nl
+            WHERE nl.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'audit_trail', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', al.id,
+                    'action', al.action,
+                    'entity_type', al.entity_type,
+                    'changed_fields', al.changed_fields,
+                    'user_id', al.user_id,
+                    'created_at', al.created_at
+                ) ORDER BY al.created_at
+            )
+            FROM public.audit_logs al
+            WHERE al.tenant_id = v_tenant_id
+              AND al.entity_type = 'patients'
+              AND al.entity_id = p_patient_id::text
+        ), '[]'::jsonb),
+        'acessos_a_documentos', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', dal.id,
+                    'documento_id', dal.documento_id,
+                    'acao', dal.acao,
+                    'user_id', dal.user_id,
+                    'acessado_em', dal.acessado_em
+                ) ORDER BY dal.acessado_em
+            )
+            FROM public.document_access_logs dal
+            WHERE dal.documento_id IN (
+                SELECT id FROM public.documents WHERE patient_id = p_patient_id
+            )
+        ), '[]'::jsonb),
+        'grupos', COALESCE((
+            SELECT jsonb_agg(jsonb_build_object('patient_group_id', pgp.patient_group_id))
+            FROM public.patient_group_patient pgp
+            WHERE pgp.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'tags', COALESCE((
+            SELECT jsonb_agg(jsonb_build_object('tag_id', ppt.tag_id))
+            FROM public.patient_patient_tag ppt
+            WHERE ppt.patient_id = p_patient_id
+        ), '[]'::jsonb)
+    );
+
+    -- registra o export como evento auditavel
+    INSERT INTO public.audit_logs (
+        tenant_id, user_id, entity_type, entity_id, action,
+        old_values, new_values, changed_fields, metadata
+    ) VALUES (
+        v_tenant_id, v_caller, 'patients', p_patient_id::text, 'update',
+        NULL, NULL, ARRAY['__lgpd_export__'],
+        jsonb_build_object(
+            'action_kind', 'lgpd_export',
+            'lgpd_basis', 'Art. 18, II',
+            'patient_name', v_patient.nome_completo
+        )
+    );
+
+    RETURN v_result;
+END;
+$$;
+
+CREATE FUNCTION public.fanout_inbound_message_to_notifications() RETURNS trigger
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_target_user UUID;
+    v_title TEXT;
+    v_detail TEXT;
+    v_initials TEXT;
+    v_deeplink TEXT;
+    v_patient_name TEXT;
+    v_payload JSONB;
+BEGIN
+    -- so processa inbound
+    IF NEW.direction <> 'inbound' THEN
+        RETURN NEW;
+    END IF;
+
+    -- busca nome do paciente (se vinculado)
+    IF NEW.patient_id IS NOT NULL THEN
+        SELECT nome_completo INTO v_patient_name FROM public.patients WHERE id = NEW.patient_id;
+    END IF;
+
+    -- titulo e detalhes
+    v_title := COALESCE(v_patient_name, NEW.from_number, 'Desconhecido');
+    v_detail := COALESCE(left(NEW.body, 100), '[mensagem sem texto]');
+
+    -- iniciais
+    IF v_patient_name IS NOT NULL THEN
+        v_initials := upper(left(v_patient_name, 1)) ||
+                      COALESCE(upper(left(split_part(v_patient_name, ' ', 2), 1)), '');
+    ELSE
+        v_initials := '?';
+    END IF;
+
+    -- deeplink para a pagina de conversas (clinic padrao; therapist tambem funciona via mesma rota na area dele)
+    v_deeplink := '/admin/conversas';
+
+    v_payload := jsonb_build_object(
+        'title', v_title,
+        'detail', v_detail,
+        'avatar_initials', v_initials,
+        'deeplink', v_deeplink,
+        'channel', NEW.channel,
+        'conversation_message_id', NEW.id,
+        'patient_id', NEW.patient_id,
+        'from_number', NEW.from_number
+    );
+
+    -- ─── decide destinatarios ─────────────────────────────────────────────
+
+    -- Caso 1: paciente vinculado e tem responsible_member_id
+    IF NEW.patient_id IS NOT NULL THEN
+        SELECT tm.user_id INTO v_target_user
+        FROM public.patients p
+        JOIN public.tenant_members tm ON tm.id = p.responsible_member_id
+        WHERE p.id = NEW.patient_id
+          AND tm.status = 'active'
+        LIMIT 1;
+
+        IF v_target_user IS NOT NULL THEN
+            INSERT INTO public.notifications (owner_id, tenant_id, type, ref_id, ref_table, payload)
+            VALUES (v_target_user, NEW.tenant_id, 'inbound_message', NULL, 'conversation_messages', v_payload);
+            RETURN NEW;
+        END IF;
+    END IF;
+
+    -- Caso 2: fallback — fan-out pra todos tenant_admin/clinic_admin/therapist ativos
+    INSERT INTO public.notifications (owner_id, tenant_id, type, ref_id, ref_table, payload)
+    SELECT tm.user_id, NEW.tenant_id, 'inbound_message', NULL, 'conversation_messages', v_payload
+    FROM public.tenant_members tm
+    WHERE tm.tenant_id = NEW.tenant_id
+      AND tm.status = 'active'
+      AND tm.role IN ('clinic_admin', 'tenant_admin', 'therapist');
+
+    RETURN NEW;
+END;
+$$;
+
 CREATE FUNCTION public.faq_votar(faq_id uuid) RETURNS void
     LANGUAGE sql SECURITY DEFINER
     AS $$
@@ -2163,6 +3017,21 @@ CREATE FUNCTION public.faq_votar(faq_id uuid) RETURNS void
     and ativo = true;
 $$;
 
+CREATE FUNCTION public.financial_records_inject_tenant() RETURNS trigger
+    LANGUAGE plpgsql
+    AS $$
+BEGIN
+  IF NEW.tenant_id IS NULL AND NEW.owner_id IS NOT NULL THEN
+    SELECT tm.tenant_id INTO NEW.tenant_id
+    FROM public.tenant_members tm
+    WHERE tm.user_id = NEW.owner_id AND tm.status = 'active'
+    ORDER BY tm.created_at DESC
+    LIMIT 1;
+  END IF;
+  RETURN NEW;
+END;
+$$;
+
 CREATE FUNCTION public.fix_all_subscription_mismatches() RETURNS void
     LANGUAGE plpgsql SECURITY DEFINER
     AS $$
@@ -2269,6 +3138,54 @@ BEGIN
 END;
 $$;
 
+CREATE FUNCTION public.generate_math_challenge() RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_a    integer;
+    v_b    integer;
+    v_op   text;
+    v_ans  integer;
+    v_q    text;
+    v_id   uuid;
+BEGIN
+    v_a := 1 + floor(random() * 9)::int;
+    v_b := 1 + floor(random() * 9)::int;
+    v_op := (ARRAY['+','-','*'])[1 + floor(random() * 3)::int];
+
+    -- garantir resultado positivo na subtração
+    IF v_op = '-' AND v_b > v_a THEN
+        v_a := v_a + v_b;
+    END IF;
+
+    v_ans := CASE v_op
+        WHEN '+' THEN v_a + v_b
+        WHEN '-' THEN v_a - v_b
+        WHEN '*' THEN v_a * v_b
+    END;
+
+    v_q := format('Quanto é %s %s %s?', v_a, v_op, v_b);
+
+    INSERT INTO math_challenges (question, answer)
+    VALUES (v_q, v_ans)
+    RETURNING id INTO v_id;
+
+    RETURN jsonb_build_object('id', v_id, 'question', v_q);
+END;
+$$;
+
+CREATE FUNCTION public.get_entity_primary_phone(p_entity_type text, p_entity_id uuid) RETURNS text
+    LANGUAGE sql STABLE SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+    SELECT number FROM public.contact_phones
+    WHERE entity_type = p_entity_type
+      AND entity_id = p_entity_id
+    ORDER BY is_primary DESC, position ASC, created_at ASC
+    LIMIT 1;
+$$;
+
 CREATE FUNCTION public.get_financial_report(p_owner_id uuid, p_start_date date, p_end_date date, p_group_by text DEFAULT 'month'::text) RETURNS TABLE(group_key text, group_label text, total_receitas numeric, total_despesas numeric, saldo numeric, total_pendente numeric, total_overdue numeric, count_records bigint)
     LANGUAGE sql STABLE SECURITY DEFINER
     SET search_path TO 'public'
@@ -2404,6 +3321,141 @@ CREATE FUNCTION public.get_my_email() RETURNS text
   where id = auth.uid();
 $$;
 
+CREATE FUNCTION public.get_patient_intake_invite_info(p_token text) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_token_clean text;
+    v_invite      RECORD;
+    v_result      jsonb;
+BEGIN
+    v_token_clean := nullif(trim(coalesce(p_token, '')), '');
+    IF v_token_clean IS NULL THEN
+        RETURN jsonb_build_object('error', 'missing-token');
+    END IF;
+
+    SELECT pi.owner_id, pi.tenant_id, pi.active, pi.expires_at, pi.max_uses, pi.uses
+      INTO v_invite
+      FROM public.patient_invites pi
+     WHERE pi.token = v_token_clean
+     LIMIT 1;
+
+    IF v_invite.owner_id IS NULL THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    IF v_invite.active IS DISTINCT FROM true THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    IF v_invite.expires_at IS NOT NULL AND v_invite.expires_at < now() THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    IF v_invite.max_uses IS NOT NULL AND v_invite.uses >= v_invite.max_uses THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    SELECT jsonb_build_object(
+        'therapist', jsonb_build_object(
+            'display_name',      coalesce(
+                                     nullif(trim(p.full_name), ''),
+                                     nullif(trim(p.nickname), ''),
+                                     'Profissional'
+                                 ),
+            'avatar_url',        nullif(trim(coalesce(p.avatar_url, '')), ''),
+            'work_description',  nullif(trim(coalesce(p.work_description, '')), ''),
+            'bio',               nullif(trim(coalesce(p.bio, '')), ''),
+            'phone',             nullif(trim(coalesce(p.phone, '')), ''),
+            'site_url',          nullif(trim(coalesce(p.site_url, '')), ''),
+            'instagram',         nullif(trim(coalesce(p.social_instagram, '')), '')
+        ),
+        'clinic', CASE
+            WHEN cp.tenant_id IS NOT NULL THEN jsonb_build_object(
+                'name',       nullif(trim(coalesce(cp.nome_fantasia, '')), ''),
+                'logo_url',   nullif(trim(coalesce(cp.logo_url, '')), ''),
+                'email',      nullif(trim(coalesce(cp.email, '')), ''),
+                'phone',      nullif(trim(coalesce(cp.telefone, '')), ''),
+                'site',       nullif(trim(coalesce(cp.site, '')), ''),
+                'city',       nullif(trim(coalesce(cp.cidade, '')), ''),
+                'state',      nullif(trim(coalesce(cp.estado, '')), ''),
+                'neighborhood', nullif(trim(coalesce(cp.bairro, '')), ''),
+                'street',     nullif(trim(coalesce(cp.logradouro, '')), ''),
+                'number',     nullif(trim(coalesce(cp.numero, '')), ''),
+                'social',     coalesce(cp.redes_sociais, '[]'::jsonb)
+            )
+            ELSE NULL
+        END
+    )
+    INTO v_result
+    FROM public.profiles p
+    LEFT JOIN public.company_profiles cp ON cp.tenant_id = v_invite.tenant_id
+    WHERE p.id = v_invite.owner_id
+    LIMIT 1;
+
+    IF v_result IS NULL THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    RETURN jsonb_build_object('ok', true, 'info', v_result);
+END;
+$$;
+
+CREATE FUNCTION public.get_patient_session_counts(p_patient_ids uuid[]) RETURNS TABLE(patient_id uuid, session_count integer, last_session_at timestamp with time zone)
+    LANGUAGE sql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+    SELECT
+        ae.patient_id,
+        COUNT(*)::int                AS session_count,
+        MAX(ae.inicio_em)            AS last_session_at
+    FROM public.agenda_eventos ae
+    WHERE ae.patient_id = ANY(p_patient_ids)
+      AND ae.tenant_id IN (
+          SELECT tm.tenant_id
+          FROM public.tenant_members tm
+          WHERE tm.user_id = auth.uid()
+            AND tm.status = 'active'
+      )
+    GROUP BY ae.patient_id;
+$$;
+
+CREATE FUNCTION public.get_twilio_config() RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    cfg saas_twilio_config%ROWTYPE;
+BEGIN
+    -- Permite quem é saas_admin (UI) ou quando chamado via service_role (edge function)
+    -- coalesce protege de NULL (auth.role() pode ser NULL fora de contexto JWT)
+    IF NOT (public.is_saas_admin() OR coalesce(auth.role(), '') = 'service_role') THEN
+        RAISE EXCEPTION 'Sem permissão' USING ERRCODE = '42501';
+    END IF;
+
+    SELECT * INTO cfg FROM saas_twilio_config WHERE id = true;
+    IF NOT FOUND THEN
+        RETURN jsonb_build_object(
+            'account_sid',          NULL,
+            'whatsapp_webhook_url', NULL,
+            'usd_brl_rate',         5.5,
+            'margin_multiplier',    1.4
+        );
+    END IF;
+
+    RETURN jsonb_build_object(
+        'account_sid',          cfg.account_sid,
+        'whatsapp_webhook_url', cfg.whatsapp_webhook_url,
+        'usd_brl_rate',         cfg.usd_brl_rate,
+        'margin_multiplier',    cfg.margin_multiplier,
+        'notes',                cfg.notes,
+        'updated_at',           cfg.updated_at,
+        'updated_by',           cfg.updated_by
+    );
+END;
+$$;
+
 CREATE FUNCTION public.guard_account_type_immutable() RETURNS trigger
     LANGUAGE plpgsql
     AS $$
@@ -2614,6 +3666,51 @@ CREATE FUNCTION public.is_therapist_tenant(_tenant_id uuid) RETURNS boolean
   );
 $$;
 
+CREATE FUNCTION public.issue_patient_invite() RETURNS text
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+  v_uid        uuid;
+  v_tenant_id  uuid;
+  v_token      text;
+  v_existing   text;
+BEGIN
+  v_uid := auth.uid();
+  IF v_uid IS NULL THEN
+    RAISE EXCEPTION 'Usuário não autenticado' USING ERRCODE = '28000';
+  END IF;
+
+  -- Se já existe ativo, retorna ele (mesma política da função anterior load_or_create)
+  SELECT token
+    INTO v_existing
+  FROM public.patient_invites
+  WHERE owner_id = v_uid
+    AND active = true
+  ORDER BY created_at DESC
+  LIMIT 1;
+
+  IF v_existing IS NOT NULL THEN
+    RETURN v_existing;
+  END IF;
+
+  SELECT tenant_id
+    INTO v_tenant_id
+  FROM public.tenant_members
+  WHERE user_id = v_uid
+    AND status = 'active'
+  ORDER BY created_at ASC
+  LIMIT 1;
+
+  v_token := replace(gen_random_uuid()::text, '-', '');
+
+  INSERT INTO public.patient_invites (owner_id, tenant_id, token, active)
+  VALUES (v_uid, v_tenant_id, v_token, true);
+
+  RETURN v_token;
+END;
+$$;
+
 CREATE FUNCTION public.jwt_email() RETURNS text
     LANGUAGE sql STABLE
     AS $$
@@ -2638,6 +3735,72 @@ CREATE FUNCTION public.list_financial_records(p_owner_id uuid, p_year integer DE
   OFFSET p_offset;
 $$;
 
+CREATE FUNCTION public.log_audit_change() RETURNS trigger
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_tenant_id UUID;
+    v_entity_id TEXT;
+    v_old JSONB;
+    v_new JSONB;
+    v_changed TEXT[];
+    v_heavy_fields TEXT[] := ARRAY[
+        'content', 'content_html', 'content_json', 'raw_data',
+        'signature_data', 'pdf_blob', 'binary', 'body_html', 'body_text'
+    ];
+    v_noise_fields TEXT[] := ARRAY['updated_at', 'last_seen_at', 'last_activity_at'];
+BEGIN
+    IF TG_OP = 'DELETE' THEN
+        v_tenant_id := OLD.tenant_id;
+        v_entity_id := OLD.id::TEXT;
+        v_old := to_jsonb(OLD) - v_heavy_fields;
+        v_new := NULL;
+    ELSIF TG_OP = 'INSERT' THEN
+        v_tenant_id := NEW.tenant_id;
+        v_entity_id := NEW.id::TEXT;
+        v_old := NULL;
+        v_new := to_jsonb(NEW) - v_heavy_fields;
+    ELSE -- UPDATE
+        v_tenant_id := NEW.tenant_id;
+        v_entity_id := NEW.id::TEXT;
+        v_old := to_jsonb(OLD) - v_heavy_fields;
+        v_new := to_jsonb(NEW) - v_heavy_fields;
+
+        -- calcular campos realmente alterados
+        SELECT array_agg(key ORDER BY key) INTO v_changed
+        FROM jsonb_each(to_jsonb(NEW)) AS kv(key, value)
+        WHERE (to_jsonb(OLD))->kv.key IS DISTINCT FROM kv.value;
+
+        -- se nada mudou, ignora
+        IF v_changed IS NULL THEN
+            RETURN NEW;
+        END IF;
+
+        -- se mudou apenas campos de ruido (ex: updated_at), ignora
+        IF v_changed <@ v_noise_fields THEN
+            RETURN NEW;
+        END IF;
+    END IF;
+
+    INSERT INTO public.audit_logs (
+        tenant_id, user_id, entity_type, entity_id, action,
+        old_values, new_values, changed_fields
+    ) VALUES (
+        v_tenant_id,
+        auth.uid(),
+        TG_TABLE_NAME,
+        v_entity_id,
+        lower(TG_OP),
+        v_old,
+        v_new,
+        v_changed
+    );
+
+    RETURN COALESCE(NEW, OLD);
+END;
+$$;
+
 CREATE FUNCTION public.mark_as_paid(p_financial_record_id uuid, p_payment_method text) RETURNS SETOF public.financial_records
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
@@ -2713,6 +3876,41 @@ BEGIN
 END;
 $$;
 
+CREATE FUNCTION public.match_patient_by_phone(p_tenant_id uuid, p_phone text) RETURNS uuid
+    LANGUAGE plpgsql STABLE SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_normalized TEXT;
+    v_patient_id UUID;
+BEGIN
+    v_normalized := public.normalize_phone_br(p_phone);
+    IF v_normalized IS NULL OR length(v_normalized) < 10 THEN
+        RETURN NULL;
+    END IF;
+
+    -- prioridade: telefone principal, depois alternativo, depois responsavel
+    SELECT id INTO v_patient_id FROM public.patients
+    WHERE tenant_id = p_tenant_id
+      AND public.normalize_phone_br(telefone) = v_normalized
+    LIMIT 1;
+    IF v_patient_id IS NOT NULL THEN RETURN v_patient_id; END IF;
+
+    SELECT id INTO v_patient_id FROM public.patients
+    WHERE tenant_id = p_tenant_id
+      AND public.normalize_phone_br(telefone_alternativo) = v_normalized
+    LIMIT 1;
+    IF v_patient_id IS NOT NULL THEN RETURN v_patient_id; END IF;
+
+    SELECT id INTO v_patient_id FROM public.patients
+    WHERE tenant_id = p_tenant_id
+      AND public.normalize_phone_br(telefone_responsavel) = v_normalized
+    LIMIT 1;
+
+    RETURN v_patient_id;
+END;
+$$;
+
 CREATE FUNCTION public.my_tenants() RETURNS TABLE(tenant_id uuid, role text, status text, kind text)
     LANGUAGE sql STABLE
     AS $$
@@ -2726,6 +3924,31 @@ CREATE FUNCTION public.my_tenants() RETURNS TABLE(tenant_id uuid, role text, sta
   where tm.user_id = auth.uid();
 $$;
 
+CREATE FUNCTION public.normalize_phone_br(p_phone text) RETURNS text
+    LANGUAGE plpgsql IMMUTABLE
+    AS $$
+DECLARE
+    v_digits TEXT;
+BEGIN
+    IF p_phone IS NULL THEN RETURN NULL; END IF;
+
+    -- remove tudo que nao seja digito
+    v_digits := regexp_replace(p_phone, '\D', '', 'g');
+
+    -- remove DDI 55 se tem 12+ digitos (+55 + DDD + numero)
+    IF length(v_digits) >= 12 AND left(v_digits, 2) = '55' THEN
+        v_digits := substr(v_digits, 3);
+    END IF;
+
+    -- pega os ultimos 11 digitos (DDD + 9digito + 8numero) ou 10 (DDD + 8numero)
+    IF length(v_digits) > 11 THEN
+        v_digits := right(v_digits, 11);
+    END IF;
+
+    RETURN v_digits;
+END;
+$$;
+
 CREATE FUNCTION public.notice_track_click(p_notice_id uuid) RETURNS void
     LANGUAGE plpgsql SECURITY DEFINER
     AS $$
@@ -3244,6 +4467,75 @@ begin
 end;
 $$;
 
+CREATE FUNCTION public.record_submission_attempt(p_endpoint text, p_ip_hash text, p_success boolean, p_blocked_by text DEFAULT NULL::text, p_error_code text DEFAULT NULL::text, p_error_msg text DEFAULT NULL::text, p_user_agent text DEFAULT NULL::text, p_metadata jsonb DEFAULT NULL::jsonb) RETURNS void
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    cfg            saas_security_config%ROWTYPE;
+    v_now          timestamptz := now();
+    v_window_start timestamptz;
+    rl             submission_rate_limits%ROWTYPE;
+BEGIN
+    -- Log sempre (mesmo sem ip)
+    INSERT INTO public_submission_attempts
+        (endpoint, ip_hash, success, blocked_by, error_code, error_msg, user_agent, metadata)
+    VALUES
+        (p_endpoint, p_ip_hash, p_success, p_blocked_by,
+         left(coalesce(p_error_code, ''), 80),
+         left(coalesce(p_error_msg, ''), 500),
+         left(coalesce(p_user_agent, ''), 500),
+         p_metadata);
+
+    -- Sem ip ou rate limit desligado: não atualiza contador
+    IF p_ip_hash IS NULL OR length(btrim(p_ip_hash)) = 0 THEN RETURN; END IF;
+
+    SELECT * INTO cfg FROM saas_security_config WHERE id = true;
+    IF NOT FOUND OR NOT cfg.rate_limit_enabled THEN RETURN; END IF;
+
+    v_window_start := v_now - (cfg.rate_limit_window_min || ' minutes')::interval;
+
+    SELECT * INTO rl
+      FROM submission_rate_limits
+     WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+
+    IF NOT FOUND THEN
+        INSERT INTO submission_rate_limits
+            (ip_hash, endpoint, attempt_count, fail_count, window_start, last_attempt_at)
+        VALUES
+            (p_ip_hash, p_endpoint, 1, CASE WHEN p_success THEN 0 ELSE 1 END, v_now, v_now);
+    ELSE
+        IF rl.window_start < v_window_start THEN
+            -- Reset janela
+            UPDATE submission_rate_limits
+               SET attempt_count = 1,
+                   fail_count = CASE WHEN p_success THEN 0 ELSE 1 END,
+                   window_start = v_now,
+                   last_attempt_at = v_now,
+                   blocked_until = NULL
+             WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+        ELSE
+            UPDATE submission_rate_limits
+               SET attempt_count = attempt_count + 1,
+                   fail_count = fail_count + CASE WHEN p_success THEN 0 ELSE 1 END,
+                   last_attempt_at = v_now
+             WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+        END IF;
+
+        -- Se atingiu threshold de captcha condicional, marca
+        IF NOT p_success THEN
+            SELECT * INTO rl FROM submission_rate_limits WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+            IF rl.fail_count >= cfg.captcha_after_failures
+               AND (rl.requires_captcha_until IS NULL OR rl.requires_captcha_until < v_now) THEN
+                UPDATE submission_rate_limits
+                   SET requires_captcha_until = v_now + (cfg.captcha_required_window_min || ' minutes')::interval
+                 WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+            END IF;
+        END IF;
+    END IF;
+END;
+$$;
+
 CREATE FUNCTION public.revoke_support_session(p_token text) RETURNS boolean
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
@@ -3299,6 +4591,46 @@ begin
 end;
 $$;
 
+CREATE FUNCTION public.rotate_patient_invite_token_v2() RETURNS text
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+  v_uid        uuid;
+  v_tenant_id  uuid;
+  v_new_token  text;
+BEGIN
+  v_uid := auth.uid();
+  IF v_uid IS NULL THEN
+    RAISE EXCEPTION 'Usuário não autenticado' USING ERRCODE = '28000';
+  END IF;
+
+  -- Token gerado no servidor (criptograficamente seguro via pgcrypto)
+  v_new_token := replace(gen_random_uuid()::text, '-', '');
+
+  -- Resolve tenant_id do usuário (active)
+  SELECT tenant_id
+    INTO v_tenant_id
+  FROM public.tenant_members
+  WHERE user_id = v_uid
+    AND status = 'active'
+  ORDER BY created_at ASC
+  LIMIT 1;
+
+  -- Desativa tokens ativos anteriores
+  UPDATE public.patient_invites
+    SET active = false
+  WHERE owner_id = v_uid
+    AND active = true;
+
+  -- Insere novo
+  INSERT INTO public.patient_invites (owner_id, tenant_id, token, active)
+  VALUES (v_uid, v_tenant_id, v_new_token, true);
+
+  RETURN v_new_token;
+END;
+$$;
+
 CREATE FUNCTION public.saas_votar_doc(p_doc_id uuid, p_util boolean) RETURNS jsonb
     LANGUAGE plpgsql SECURITY DEFINER
     AS $$
@@ -3406,6 +4738,219 @@ CREATE FUNCTION public.sanitize_phone_br(raw_phone text) RETURNS text
     RETURN digits;
   END; $$;
 
+CREATE FUNCTION public.search_global(p_q text, p_scope text[] DEFAULT NULL::text[], p_limit integer DEFAULT 8) RETURNS jsonb
+    LANGUAGE plpgsql STABLE
+    SET search_path TO 'public', 'pg_temp'
+    AS $_$
+DECLARE
+    v_q            text;
+    v_pattern      text;
+    v_limit        int;
+    v_patients     jsonb := '[]'::jsonb;
+    v_appointments jsonb := '[]'::jsonb;
+    v_documents    jsonb := '[]'::jsonb;
+    v_services     jsonb := '[]'::jsonb;
+    v_intakes      jsonb := '[]'::jsonb;
+BEGIN
+    -- Sanitize + length guards
+    v_q := nullif(btrim(coalesce(p_q, '')), '');
+    IF v_q IS NULL OR length(v_q) < 2 THEN
+        RETURN jsonb_build_object(
+            'patients',     '[]'::jsonb,
+            'appointments', '[]'::jsonb,
+            'documents',    '[]'::jsonb,
+            'services',     '[]'::jsonb,
+            'intakes',      '[]'::jsonb
+        );
+    END IF;
+    v_q := left(v_q, 80);
+    v_pattern := '%' || v_q || '%';
+    v_limit := GREATEST(1, LEAST(coalesce(p_limit, 8), 20));
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Pacientes
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'patients' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                p.id,
+                p.nome_completo,
+                p.email_principal,
+                p.telefone,
+                p.avatar_url,
+                GREATEST(
+                    similarity(coalesce(p.nome_completo,   ''), v_q),
+                    similarity(coalesce(p.email_principal, ''), v_q) * 0.7,
+                    similarity(coalesce(p.telefone,        ''), v_q) * 0.5,
+                    similarity(coalesce(p.cpf,             ''), v_q) * 0.6
+                ) AS score
+            FROM public.patients p
+            WHERE p.nome_completo   ILIKE v_pattern
+               OR p.email_principal ILIKE v_pattern
+               OR p.telefone        ILIKE v_pattern
+               OR p.cpf             ILIKE v_pattern
+            ORDER BY score DESC, p.nome_completo ASC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',         id,
+            'label',      nome_completo,
+            'sublabel',   coalesce(nullif(email_principal, ''), nullif(telefone, ''), ''),
+            'avatar_url', avatar_url,
+            'deeplink',   '/therapist/patients/cadastro/' || id::text,
+            'score',      round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_patients
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Agendamentos (com nome do paciente via join)
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'appointments' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                e.id,
+                coalesce(nullif(e.titulo_custom, ''), nullif(e.titulo, ''), 'Sessão') AS label,
+                e.inicio_em,
+                pat.nome_completo AS patient_name,
+                GREATEST(
+                    similarity(coalesce(e.titulo,        ''), v_q),
+                    similarity(coalesce(e.titulo_custom, ''), v_q),
+                    similarity(coalesce(pat.nome_completo, ''), v_q) * 0.9
+                ) AS score
+            FROM public.agenda_eventos e
+            LEFT JOIN public.patients pat ON pat.id = e.patient_id
+            WHERE e.titulo          ILIKE v_pattern
+               OR e.titulo_custom   ILIKE v_pattern
+               OR pat.nome_completo ILIKE v_pattern
+            ORDER BY score DESC, e.inicio_em DESC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    label,
+            'sublabel', trim(both ' · ' from
+                            coalesce(patient_name, '') || ' · '
+                            || to_char(inicio_em, 'DD/MM/YYYY HH24:MI')),
+            'deeplink', '/therapist/agenda?event=' || id::text,
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_appointments
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Documentos
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'documents' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                d.id,
+                d.patient_id,
+                d.nome_original,
+                d.tipo_documento,
+                pat.nome_completo AS patient_name,
+                GREATEST(
+                    similarity(coalesce(d.nome_original, ''), v_q),
+                    similarity(coalesce(d.descricao,     ''), v_q) * 0.7
+                ) AS score
+            FROM public.documents d
+            LEFT JOIN public.patients pat ON pat.id = d.patient_id
+            WHERE d.nome_original ILIKE v_pattern
+               OR d.descricao     ILIKE v_pattern
+            ORDER BY score DESC, d.nome_original ASC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    nome_original,
+            'sublabel', trim(both ' · ' from
+                            coalesce(patient_name, '') || ' · '
+                            || coalesce(tipo_documento, '')),
+            'deeplink', '/therapist/patients/' || patient_id::text || '/documents',
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_documents
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Serviços (ativos)
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'services' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                s.id,
+                s.name,
+                s.price,
+                s.duration_min,
+                GREATEST(
+                    similarity(coalesce(s.name,        ''), v_q),
+                    similarity(coalesce(s.description, ''), v_q) * 0.7
+                ) AS score
+            FROM public.services s
+            WHERE s.active IS TRUE
+              AND (s.name        ILIKE v_pattern
+                OR s.description ILIKE v_pattern)
+            ORDER BY score DESC, s.name ASC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    name,
+            'sublabel', trim(both ' · ' from
+                            'R$ ' || to_char(price, 'FM999G999G990D00') || ' · '
+                            || coalesce(duration_min::text || ' min', '')),
+            'deeplink', '/configuracoes/precificacao',
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_services
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Intakes pendentes (patient_intake_requests com status='new')
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'intakes' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                r.id,
+                r.nome_completo,
+                r.email_principal,
+                r.telefone,
+                r.created_at,
+                GREATEST(
+                    similarity(coalesce(r.nome_completo,   ''), v_q),
+                    similarity(coalesce(r.email_principal, ''), v_q) * 0.7,
+                    similarity(coalesce(r.telefone,        ''), v_q) * 0.5
+                ) AS score
+            FROM public.patient_intake_requests r
+            WHERE r.status = 'new'
+              AND (r.nome_completo   ILIKE v_pattern
+                OR r.email_principal ILIKE v_pattern
+                OR r.telefone        ILIKE v_pattern)
+            ORDER BY score DESC, r.created_at DESC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    coalesce(nullif(trim(nome_completo), ''), '(sem nome)'),
+            'sublabel', trim(both ' · ' from
+                            coalesce(nullif(email_principal, ''), nullif(telefone, ''), '') || ' · '
+                            || 'recebido ' || to_char(created_at, 'DD/MM/YYYY')),
+            'deeplink', '/therapist/patients/cadastro/recebidos?id=' || id::text,
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_intakes
+        FROM ranked;
+    END IF;
+
+    RETURN jsonb_build_object(
+        'patients',     v_patients,
+        'appointments', v_appointments,
+        'documents',    v_documents,
+        'services',     v_services,
+        'intakes',      v_intakes
+    );
+END;
+$_$;
+
 CREATE FUNCTION public.seed_default_financial_categories(p_user_id uuid) RETURNS void
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
@@ -3648,33 +5193,132 @@ BEGIN
 END;
 $$;
 
-CREATE FUNCTION public.set_tenant_feature_exception(p_tenant_id uuid, p_feature_key text, p_enabled boolean, p_reason text DEFAULT NULL::text) RETURNS void
+CREATE FUNCTION public.set_tenant_feature_exception(p_tenant_id uuid, p_feature_key text, p_enabled boolean, p_reason text DEFAULT NULL::text) RETURNS jsonb
     LANGUAGE plpgsql SECURITY DEFINER
-    AS $$
-begin
-  -- ??? S?? owner ou admin do tenant podem alterar features
-  if not exists (
-    select 1 from public.tenant_members
-    where tenant_id = p_tenant_id
-      and user_id = auth.uid()
-      and role in ('owner', 'admin')
-      and status = 'active'
-  ) then
-    raise exception 'Acesso negado: apenas owner/admin pode alterar features do tenant.';
-  end if;
+    SET search_path TO 'public'
+    AS $_$
+DECLARE
+  v_caller         uuid := auth.uid();
+  v_is_saas        boolean := public.is_saas_admin();
+  v_is_tenant_adm  boolean;
+  v_plan_allows    boolean;
+  v_feature_key    text;
+  v_reason         text;
+  v_is_exception   boolean;
+BEGIN
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Sanitização (padrão V#31)
+  -- ───────────────────────────────────────────────────────────────────────
+  IF v_caller IS NULL THEN
+    RAISE EXCEPTION 'Não autenticado' USING ERRCODE = '28000';
+  END IF;
 
-  insert into public.tenant_features (tenant_id, feature_key, enabled)
-  values (p_tenant_id, p_feature_key, p_enabled)
-  on conflict (tenant_id, feature_key)
-  do update set enabled = excluded.enabled;
+  IF p_tenant_id IS NULL THEN
+    RAISE EXCEPTION 'tenant_id obrigatório' USING ERRCODE = '22023';
+  END IF;
 
-  insert into public.tenant_feature_exceptions_log (
-    tenant_id, feature_key, enabled, reason, created_by
-  ) values (
-    p_tenant_id, p_feature_key, p_enabled, p_reason, auth.uid()
+  IF p_enabled IS NULL THEN
+    RAISE EXCEPTION 'enabled obrigatório' USING ERRCODE = '22023';
+  END IF;
+
+  v_feature_key := nullif(btrim(coalesce(p_feature_key, '')), '');
+  IF v_feature_key IS NULL THEN
+    RAISE EXCEPTION 'feature_key obrigatório' USING ERRCODE = '22023';
+  END IF;
+  IF length(v_feature_key) > 80 THEN
+    RAISE EXCEPTION 'feature_key inválido (>80)' USING ERRCODE = '22023';
+  END IF;
+  IF v_feature_key !~ '^[a-z][a-z0-9_.]*$' THEN
+    RAISE EXCEPTION 'feature_key formato inválido' USING ERRCODE = '22023';
+  END IF;
+
+  v_reason := nullif(btrim(coalesce(p_reason, '')), '');
+  IF v_reason IS NOT NULL AND length(v_reason) > 500 THEN
+    v_reason := substring(v_reason FROM 1 FOR 500);
+  END IF;
+
+  IF NOT EXISTS (SELECT 1 FROM public.features WHERE key = v_feature_key) THEN
+    RAISE EXCEPTION 'feature_key desconhecida: %', v_feature_key USING ERRCODE = '22023';
+  END IF;
+
+  IF NOT EXISTS (SELECT 1 FROM public.tenants WHERE id = p_tenant_id) THEN
+    RAISE EXCEPTION 'tenant não encontrado' USING ERRCODE = '22023';
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Plano permite essa feature?
+  -- ───────────────────────────────────────────────────────────────────────
+  SELECT EXISTS (
+    SELECT 1
+    FROM public.v_tenant_entitlements vte
+    WHERE vte.tenant_id = p_tenant_id
+      AND vte.feature_key = v_feature_key
+  ) INTO v_plan_allows;
+
+  v_is_exception := (p_enabled = true AND NOT v_plan_allows);
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Caller é tenant_admin desse tenant?
+  -- ───────────────────────────────────────────────────────────────────────
+  v_is_tenant_adm := EXISTS (
+    SELECT 1 FROM public.tenant_members tm
+    WHERE tm.tenant_id = p_tenant_id
+      AND tm.user_id   = v_caller
+      AND tm.status    = 'active'
+      AND tm.role IN ('tenant_admin','admin','owner')
   );
-end;
-$$;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Autorização (assimétrica — V#34 Opção B2)
+  -- ───────────────────────────────────────────────────────────────────────
+  IF v_is_exception THEN
+    -- Override positivo fora do plano = exceção comercial
+    IF NOT v_is_saas THEN
+      RAISE EXCEPTION 'Apenas saas_admin pode liberar feature fora do plano' USING ERRCODE = '42501';
+    END IF;
+    IF v_reason IS NULL THEN
+      RAISE EXCEPTION 'reason obrigatório para exceção comercial' USING ERRCODE = '22023';
+    END IF;
+  ELSE
+    -- Demais casos: tenant_admin OR saas_admin
+    IF NOT (v_is_saas OR v_is_tenant_adm) THEN
+      RAISE EXCEPTION 'Sem permissão para alterar features deste tenant' USING ERRCODE = '42501';
+    END IF;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Persistência: bypass controlado do trigger guard quando é exceção
+  -- (escopo de transação via SET LOCAL — só esta RPC vê)
+  -- ───────────────────────────────────────────────────────────────────────
+  IF v_is_exception THEN
+    PERFORM set_config('app.allow_feature_exception', 'true', true);
+  END IF;
+
+  INSERT INTO public.tenant_features (tenant_id, feature_key, enabled, updated_at)
+  VALUES (p_tenant_id, v_feature_key, p_enabled, now())
+  ON CONFLICT (tenant_id, feature_key)
+  DO UPDATE SET enabled = EXCLUDED.enabled, updated_at = now();
+
+  -- Restaura flag (defensivo — SET LOCAL já é por transação, mas explicito)
+  IF v_is_exception THEN
+    PERFORM set_config('app.allow_feature_exception', 'false', true);
+  END IF;
+
+  INSERT INTO public.tenant_feature_exceptions_log
+    (tenant_id, feature_key, enabled, reason, created_by)
+  VALUES
+    (p_tenant_id, v_feature_key, p_enabled, v_reason, v_caller);
+
+  RETURN jsonb_build_object(
+    'tenant_id',    p_tenant_id,
+    'feature_key',  v_feature_key,
+    'enabled',      p_enabled,
+    'plan_allows',  v_plan_allows,
+    'is_exception', v_is_exception,
+    'reason',       v_reason
+  );
+END;
+$_$;
 
 CREATE FUNCTION public.set_updated_at() RETURNS trigger
     LANGUAGE plpgsql
@@ -3973,6 +5617,112 @@ begin
 end;
 $$;
 
+CREATE FUNCTION public.sync_legacy_email_fields() RETURNS trigger
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_entity_type TEXT;
+    v_entity_id UUID;
+    v_primary TEXT;
+    v_secondary TEXT;
+BEGIN
+    IF TG_OP = 'DELETE' THEN
+        v_entity_type := OLD.entity_type;
+        v_entity_id := OLD.entity_id;
+    ELSE
+        v_entity_type := NEW.entity_type;
+        v_entity_id := NEW.entity_id;
+    END IF;
+
+    SELECT email INTO v_primary
+        FROM public.contact_emails
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+        ORDER BY is_primary DESC, position ASC, created_at ASC
+        LIMIT 1;
+
+    SELECT email INTO v_secondary
+        FROM public.contact_emails
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+          AND is_primary = false
+        ORDER BY position ASC, created_at ASC
+        OFFSET 0
+        LIMIT 1;
+
+    IF v_entity_type = 'patient' THEN
+        UPDATE public.patients
+            SET email_principal = v_primary,
+                email_alternativo = v_secondary
+            WHERE id = v_entity_id;
+    ELSIF v_entity_type = 'medico' THEN
+        UPDATE public.medicos
+            SET email = v_primary
+            WHERE id = v_entity_id;
+    END IF;
+
+    IF TG_OP = 'DELETE' THEN RETURN OLD; ELSE RETURN NEW; END IF;
+END;
+$$;
+
+CREATE FUNCTION public.sync_legacy_phone_fields() RETURNS trigger
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_entity_type TEXT;
+    v_entity_id UUID;
+    v_primary TEXT;
+    v_secondary TEXT;
+    v_whatsapp_slug TEXT;
+    v_whatsapp TEXT;
+BEGIN
+    -- Identifica entidade afetada (pode ser OLD em delete)
+    IF TG_OP = 'DELETE' THEN
+        v_entity_type := OLD.entity_type;
+        v_entity_id := OLD.entity_id;
+    ELSE
+        v_entity_type := NEW.entity_type;
+        v_entity_id := NEW.entity_id;
+    END IF;
+
+    -- Pega primary (ou primeiro)
+    SELECT number INTO v_primary
+        FROM public.contact_phones
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+        ORDER BY is_primary DESC, position ASC, created_at ASC
+        LIMIT 1;
+
+    -- Pega segundo (depois do primary)
+    SELECT number INTO v_secondary
+        FROM public.contact_phones
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+          AND is_primary = false
+        ORDER BY position ASC, created_at ASC
+        OFFSET 0
+        LIMIT 1;
+
+    -- Sincroniza campos legados
+    IF v_entity_type = 'patient' THEN
+        UPDATE public.patients
+            SET telefone = v_primary,
+                telefone_alternativo = v_secondary
+            WHERE id = v_entity_id;
+    ELSIF v_entity_type = 'medico' THEN
+        -- Medicos: telefone_profissional = primary; telefone_pessoal = secundario
+        UPDATE public.medicos
+            SET telefone_profissional = v_primary,
+                telefone_pessoal = v_secondary
+            WHERE id = v_entity_id;
+    END IF;
+
+    IF TG_OP = 'DELETE' THEN
+        RETURN OLD;
+    ELSE
+        RETURN NEW;
+    END IF;
+END;
+$$;
+
 CREATE FUNCTION public.sync_overdue_financial_records() RETURNS integer
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
@@ -4159,32 +5909,39 @@ $$;
 CREATE FUNCTION public.tenant_features_guard_with_plan() RETURNS trigger
     LANGUAGE plpgsql
     AS $$
-declare
-  v_allowed boolean;
-begin
-  -- s?? valida quando est?? habilitando
-  if new.enabled is distinct from true then
-    return new;
-  end if;
+DECLARE
+  v_allowed   boolean;
+  v_bypass    text;
+BEGIN
+  -- Só valida quando está habilitando
+  IF new.enabled IS DISTINCT FROM true THEN
+    RETURN new;
+  END IF;
 
-  -- permitido pelo plano do tenant?
-  select exists (
-    select 1
-    from public.v_tenant_entitlements_full v
-    where v.tenant_id = new.tenant_id
-      and v.feature_key = new.feature_key
-      and v.allowed = true
-  )
-  into v_allowed;
+  -- Bypass autorizado: setado pela RPC set_tenant_feature_exception
+  -- após validar que o caller é saas_admin com reason.
+  v_bypass := current_setting('app.allow_feature_exception', true);
+  IF v_bypass = 'true' THEN
+    RETURN new;
+  END IF;
 
-  if not v_allowed then
-    raise exception 'Feature % n??o permitida pelo plano atual do tenant %.',
+  -- Permitido pelo plano do tenant?
+  SELECT EXISTS (
+    SELECT 1
+    FROM public.v_tenant_entitlements_full v
+    WHERE v.tenant_id = new.tenant_id
+      AND v.feature_key = new.feature_key
+      AND v.allowed = true
+  ) INTO v_allowed;
+
+  IF NOT v_allowed THEN
+    RAISE EXCEPTION 'Feature % não permitida pelo plano atual do tenant %.',
       new.feature_key, new.tenant_id
-      using errcode = 'P0001';
-  end if;
+      USING ERRCODE = 'P0001';
+  END IF;
 
-  return new;
-end;
+  RETURN new;
+END;
 $$;
 
 CREATE FUNCTION public.tenant_has_feature(_tenant_id uuid, _feature text) RETURNS boolean
@@ -4778,6 +6535,58 @@ BEGIN
 END;
 $$;
 
+CREATE FUNCTION public.update_twilio_config(p_account_sid text DEFAULT NULL::text, p_whatsapp_webhook_url text DEFAULT NULL::text, p_usd_brl_rate numeric DEFAULT NULL::numeric, p_margin_multiplier numeric DEFAULT NULL::numeric, p_notes text DEFAULT NULL::text) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $_$
+DECLARE
+    v_caller         uuid := auth.uid();
+    v_account_sid    text;
+    v_webhook_url    text;
+    v_notes          text;
+BEGIN
+    IF v_caller IS NULL THEN
+        RAISE EXCEPTION 'Não autenticado' USING ERRCODE = '28000';
+    END IF;
+    IF NOT public.is_saas_admin() THEN
+        RAISE EXCEPTION 'Apenas saas_admin pode atualizar config Twilio' USING ERRCODE = '42501';
+    END IF;
+
+    -- Sanitização
+    v_account_sid := nullif(btrim(coalesce(p_account_sid, '')), '');
+    v_webhook_url := nullif(btrim(coalesce(p_whatsapp_webhook_url, '')), '');
+    v_notes       := nullif(btrim(coalesce(p_notes, '')), '');
+
+    IF v_account_sid IS NOT NULL AND v_account_sid !~ '^AC[a-zA-Z0-9]{32}$' THEN
+        RAISE EXCEPTION 'account_sid inválido (esperado AC + 32 chars)' USING ERRCODE = '22023';
+    END IF;
+    IF v_webhook_url IS NOT NULL AND v_webhook_url !~ '^https?://' THEN
+        RAISE EXCEPTION 'webhook_url deve começar com http(s)://' USING ERRCODE = '22023';
+    END IF;
+    IF p_usd_brl_rate IS NOT NULL AND (p_usd_brl_rate <= 0 OR p_usd_brl_rate >= 100) THEN
+        RAISE EXCEPTION 'usd_brl_rate fora da faixa (0..100)' USING ERRCODE = '22023';
+    END IF;
+    IF p_margin_multiplier IS NOT NULL AND (p_margin_multiplier < 1 OR p_margin_multiplier > 10) THEN
+        RAISE EXCEPTION 'margin_multiplier fora da faixa (1..10)' USING ERRCODE = '22023';
+    END IF;
+    IF v_notes IS NOT NULL AND length(v_notes) > 1000 THEN
+        v_notes := substring(v_notes FROM 1 FOR 1000);
+    END IF;
+
+    UPDATE saas_twilio_config
+       SET account_sid          = COALESCE(v_account_sid, account_sid),
+           whatsapp_webhook_url = COALESCE(v_webhook_url, whatsapp_webhook_url),
+           usd_brl_rate         = COALESCE(p_usd_brl_rate, usd_brl_rate),
+           margin_multiplier    = COALESCE(p_margin_multiplier, margin_multiplier),
+           notes                = COALESCE(v_notes, notes),
+           updated_at           = now(),
+           updated_by           = v_caller
+     WHERE id = true;
+
+    RETURN public.get_twilio_config();
+END;
+$_$;
+
 CREATE FUNCTION public.user_has_feature(_user_id uuid, _feature text) RETURNS boolean
     LANGUAGE sql STABLE
     AS $$
@@ -4790,6 +6599,57 @@ CREATE FUNCTION public.user_has_feature(_user_id uuid, _feature text) RETURNS bo
   );
 $$;
 
+CREATE FUNCTION public.validate_share_token(p_token text) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    sl document_share_links%ROWTYPE;
+    v_doc documents%ROWTYPE;
+    v_token text;
+BEGIN
+    v_token := nullif(btrim(coalesce(p_token, '')), '');
+    IF v_token IS NULL THEN
+        RAISE EXCEPTION 'token obrigatório' USING ERRCODE = '22023';
+    END IF;
+
+    SELECT * INTO sl FROM document_share_links WHERE token = v_token LIMIT 1;
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'Token inválido' USING ERRCODE = '28000';
+    END IF;
+    IF sl.ativo IS NOT TRUE THEN
+        RAISE EXCEPTION 'Link desativado' USING ERRCODE = '28000';
+    END IF;
+    IF sl.expira_em IS NOT NULL AND sl.expira_em < now() THEN
+        RAISE EXCEPTION 'Link expirado' USING ERRCODE = '28000';
+    END IF;
+    IF sl.usos_max IS NOT NULL AND sl.usos >= sl.usos_max THEN
+        RAISE EXCEPTION 'Limite de uso atingido' USING ERRCODE = '28000';
+    END IF;
+
+    UPDATE document_share_links SET usos = usos + 1 WHERE id = sl.id;
+
+    BEGIN
+        INSERT INTO document_access_logs (document_id, tenant_id, action, share_link_id)
+        SELECT sl.document_id, d.tenant_id, 'shared_link_access', sl.id
+        FROM documents d WHERE d.id = sl.document_id;
+    EXCEPTION WHEN OTHERS THEN
+        NULL;
+    END;
+
+    SELECT * INTO v_doc FROM documents WHERE id = sl.document_id;
+
+    RETURN jsonb_build_object(
+        'document_id',    sl.document_id,
+        'bucket',         v_doc.storage_bucket,
+        'bucket_path',    v_doc.bucket_path,
+        'nome_original',  v_doc.nome_original,
+        'mime_type',      v_doc.mime_type,
+        'tamanho_bytes',  v_doc.tamanho_bytes
+    );
+END;
+$$;
+
 CREATE FUNCTION public.validate_support_session(p_token text) RETURNS json
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
@@ -4818,6 +6678,26 @@ BEGIN
 END;
 $$;
 
+CREATE FUNCTION public.verify_math_challenge(p_id uuid, p_answer integer) RETURNS boolean
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    mc math_challenges%ROWTYPE;
+BEGIN
+    IF p_id IS NULL OR p_answer IS NULL THEN RETURN false; END IF;
+
+    SELECT * INTO mc FROM math_challenges WHERE id = p_id;
+    IF NOT FOUND OR mc.used OR mc.expires_at < now() THEN
+        RETURN false;
+    END IF;
+
+    UPDATE math_challenges SET used = true WHERE id = p_id;
+
+    RETURN mc.answer = p_answer;
+END;
+$$;
+
 CREATE FUNCTION public.whoami() RETURNS TABLE(uid uuid, role text)
     LANGUAGE sql STABLE
     AS $$
diff --git a/database-novo/schema/03_functions/auth.sql b/database-novo/schema/03_functions/auth.sql
index c646c30..d578487 100644
--- a/database-novo/schema/03_functions/auth.sql
+++ b/database-novo/schema/03_functions/auth.sql
@@ -1,5 +1,5 @@
 -- Functions: auth
--- Gerado automaticamente em 2026-04-17T12:23:05.221Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.941Z
 -- Total: 4
 
 CREATE FUNCTION auth.email() RETURNS text
diff --git a/database-novo/schema/03_functions/extensions.sql b/database-novo/schema/03_functions/extensions.sql
index 935536b..caa4021 100644
--- a/database-novo/schema/03_functions/extensions.sql
+++ b/database-novo/schema/03_functions/extensions.sql
@@ -1,5 +1,5 @@
 -- Functions: extensions
--- Gerado automaticamente em 2026-04-17T12:23:05.222Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.942Z
 -- Total: 6
 
 CREATE FUNCTION extensions.grant_pg_cron_access() RETURNS event_trigger
diff --git a/database-novo/schema/03_functions/pgbouncer.sql b/database-novo/schema/03_functions/pgbouncer.sql
index 2cb77aa..91e0630 100644
--- a/database-novo/schema/03_functions/pgbouncer.sql
+++ b/database-novo/schema/03_functions/pgbouncer.sql
@@ -1,5 +1,5 @@
 -- Functions: pgbouncer
--- Gerado automaticamente em 2026-04-17T12:23:05.222Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.943Z
 -- Total: 1
 
 CREATE FUNCTION pgbouncer.get_auth(p_usename text) RETURNS TABLE(username text, password text)
diff --git a/database-novo/schema/03_functions/public.sql b/database-novo/schema/03_functions/public.sql
index ab9658f..2c723bd 100644
--- a/database-novo/schema/03_functions/public.sql
+++ b/database-novo/schema/03_functions/public.sql
@@ -1,6 +1,6 @@
 -- Functions: public
--- Gerado automaticamente em 2026-04-17T12:23:05.222Z
--- Total: 126
+-- Gerado automaticamente em 2026-04-21T23:16:34.944Z
+-- Total: 153
 
 CREATE FUNCTION public.__rls_ping() RETURNS text
     LANGUAGE sql STABLE
@@ -140,6 +140,38 @@ begin
 end;
 $$;
 
+CREATE FUNCTION public.add_whatsapp_credits(p_tenant_id uuid, p_amount integer, p_kind text, p_purchase_id uuid DEFAULT NULL::uuid, p_admin_id uuid DEFAULT NULL::uuid, p_note text DEFAULT NULL::text) RETURNS integer
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_new_balance INT;
+BEGIN
+    IF p_amount <= 0 THEN
+        RAISE EXCEPTION 'amount must be positive';
+    END IF;
+    IF p_kind NOT IN ('purchase', 'topup_manual', 'refund', 'adjustment') THEN
+        RAISE EXCEPTION 'invalid kind for credit: %', p_kind;
+    END IF;
+
+    INSERT INTO public.whatsapp_credits_balance (tenant_id, balance, lifetime_purchased)
+    VALUES (p_tenant_id, p_amount, CASE WHEN p_kind IN ('purchase', 'topup_manual') THEN p_amount ELSE 0 END)
+    ON CONFLICT (tenant_id) DO UPDATE SET
+        balance = whatsapp_credits_balance.balance + EXCLUDED.balance,
+        lifetime_purchased = whatsapp_credits_balance.lifetime_purchased
+            + CASE WHEN p_kind IN ('purchase', 'topup_manual') THEN p_amount ELSE 0 END,
+        low_balance_alerted_at = NULL  -- reset alerta quando recebe creditos
+    RETURNING balance INTO v_new_balance;
+
+    INSERT INTO public.whatsapp_credits_transactions
+        (tenant_id, kind, amount, balance_after, purchase_id, admin_id, note)
+    VALUES
+        (p_tenant_id, p_kind, p_amount, v_new_balance, p_purchase_id, p_admin_id, p_note);
+
+    RETURN v_new_balance;
+END;
+$$;
+
 CREATE FUNCTION public.admin_credit_addon(p_tenant_id uuid, p_addon_type text, p_amount integer, p_product_id uuid DEFAULT NULL::uuid, p_description text DEFAULT 'Cr??dito manual'::text, p_payment_method text DEFAULT 'manual'::text, p_price_cents integer DEFAULT 0) RETURNS jsonb
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
@@ -1001,6 +1033,108 @@ begin
 end;
 $$;
 
+CREATE FUNCTION public.check_rate_limit(p_ip_hash text, p_endpoint text) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    cfg                       saas_security_config%ROWTYPE;
+    rl                        submission_rate_limits%ROWTYPE;
+    v_now                     timestamptz := now();
+    v_window_start            timestamptz;
+    v_in_window               boolean;
+    v_requires_captcha        boolean := false;
+    v_blocked_until           timestamptz;
+    v_retry_after_seconds     integer := 0;
+BEGIN
+    SELECT * INTO cfg FROM saas_security_config WHERE id = true;
+    IF NOT FOUND THEN
+        -- Sem config: fail-open (libera). Logado.
+        RETURN jsonb_build_object('allowed', true, 'requires_captcha', false, 'reason', 'no_config');
+    END IF;
+
+    -- Modo paranoid global: sempre captcha
+    IF cfg.captcha_required_globally THEN
+        v_requires_captcha := true;
+    END IF;
+
+    -- Sem rate limit ativo: libera (mas pode exigir captcha pelo paranoid)
+    IF NOT cfg.rate_limit_enabled THEN
+        RETURN jsonb_build_object(
+            'allowed',          true,
+            'requires_captcha', v_requires_captcha,
+            'reason',           CASE WHEN v_requires_captcha THEN 'paranoid_global' ELSE 'rate_limit_disabled' END
+        );
+    END IF;
+
+    -- Sem ip_hash: libera (não dá pra rastrear)
+    IF p_ip_hash IS NULL OR length(btrim(p_ip_hash)) = 0 THEN
+        RETURN jsonb_build_object(
+            'allowed',          true,
+            'requires_captcha', v_requires_captcha,
+            'reason',           'no_ip'
+        );
+    END IF;
+
+    SELECT * INTO rl
+      FROM submission_rate_limits
+     WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+
+    -- Bloqueio temporário ativo?
+    IF FOUND AND rl.blocked_until IS NOT NULL AND rl.blocked_until > v_now THEN
+        v_retry_after_seconds := EXTRACT(EPOCH FROM (rl.blocked_until - v_now))::int;
+        RETURN jsonb_build_object(
+            'allowed',             false,
+            'requires_captcha',    false,
+            'retry_after_seconds', v_retry_after_seconds,
+            'reason',              'blocked'
+        );
+    END IF;
+
+    -- Captcha condicional ativo?
+    IF FOUND AND rl.requires_captcha_until IS NOT NULL AND rl.requires_captcha_until > v_now THEN
+        v_requires_captcha := true;
+    END IF;
+
+    -- Janela atual ainda válida?
+    v_window_start := v_now - (cfg.rate_limit_window_min || ' minutes')::interval;
+    v_in_window := FOUND AND rl.window_start >= v_window_start;
+
+    IF v_in_window AND rl.attempt_count >= cfg.rate_limit_max_attempts THEN
+        -- Excedeu — bloqueia
+        v_blocked_until := v_now + (cfg.block_duration_min || ' minutes')::interval;
+        UPDATE submission_rate_limits
+           SET blocked_until = v_blocked_until,
+               last_attempt_at = v_now
+         WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+
+        v_retry_after_seconds := EXTRACT(EPOCH FROM (v_blocked_until - v_now))::int;
+        RETURN jsonb_build_object(
+            'allowed',             false,
+            'requires_captcha',    false,
+            'retry_after_seconds', v_retry_after_seconds,
+            'reason',              'rate_limit_exceeded'
+        );
+    END IF;
+
+    RETURN jsonb_build_object(
+        'allowed',          true,
+        'requires_captcha', v_requires_captcha,
+        'reason',           CASE WHEN v_requires_captcha THEN 'captcha_required' ELSE 'ok' END
+    );
+END;
+$$;
+
+CREATE FUNCTION public.cleanup_expired_math_challenges() RETURNS integer
+    LANGUAGE sql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+    WITH d AS (
+        DELETE FROM math_challenges WHERE expires_at < now() - interval '1 hour' RETURNING 1
+    )
+    SELECT COUNT(*)::int FROM d;
+$$;
+
 CREATE FUNCTION public.cleanup_notification_queue() RETURNS integer
     LANGUAGE plpgsql SECURITY DEFINER
     AS $$
@@ -1159,44 +1293,151 @@ CREATE FUNCTION public.create_patient_intake_request_v2(p_token text, p_payload
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
     AS $_$
-declare
-  v_owner_id uuid;
-  v_intake_id uuid;
-  v_birth_raw text;
-  v_birth date;
-begin
-  select owner_id
-    into v_owner_id
-  from public.patient_invites
-  where token = p_token;
+DECLARE
+  v_owner_id   uuid;
+  v_tenant_id  uuid;
+  v_active     boolean;
+  v_expires    timestamptz;
+  v_max_uses   int;
+  v_uses       int;
+  v_intake_id  uuid;
+  v_birth_raw  text;
+  v_birth      date;
+  v_email      text;
+  v_email_alt  text;
+  v_nome       text;
+  v_consent    boolean;
+  v_genero     text;
+  v_estado_civil text;
 
-  if v_owner_id is null then
-    raise exception 'Token inv??lido ou expirado';
-  end if;
+  -- Whitelists para campos tipados
+  c_generos        text[] := ARRAY['male','female','non_binary','other','na'];
+  c_estados_civis  text[] := ARRAY['single','married','divorced','widowed','na'];
+BEGIN
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Carrega invite e valida TUDO (A#16)
+  -- ───────────────────────────────────────────────────────────────────────
+  SELECT owner_id, tenant_id, active, expires_at, max_uses, uses
+    INTO v_owner_id, v_tenant_id, v_active, v_expires, v_max_uses, v_uses
+  FROM public.patient_invites
+  WHERE token = p_token
+  LIMIT 1;
 
-  v_birth_raw := nullif(trim(coalesce(
-    p_payload->>'data_nascimento',
-    ''
-  )), '');
+  IF v_owner_id IS NULL THEN
+    RAISE EXCEPTION 'Token inválido' USING ERRCODE = '28000';
+  END IF;
 
-  v_birth := case
-    when v_birth_raw is null then null
-    when v_birth_raw ~ '^\d{4}-\d{2}-\d{2}$' then v_birth_raw::date
-    when v_birth_raw ~ '^\d{2}-\d{2}-\d{4}$' then to_date(v_birth_raw, 'DD-MM-YYYY')
-    else null
-  end;
+  IF v_active IS NOT TRUE THEN
+    RAISE EXCEPTION 'Link desativado' USING ERRCODE = '28000';
+  END IF;
 
-  insert into public.patient_intake_requests (
+  IF v_expires IS NOT NULL AND now() > v_expires THEN
+    RAISE EXCEPTION 'Link expirado' USING ERRCODE = '28000';
+  END IF;
+
+  IF v_max_uses IS NOT NULL AND v_uses >= v_max_uses THEN
+    RAISE EXCEPTION 'Limite de uso atingido' USING ERRCODE = '28000';
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Resolver tenant_id (A#19)
+  -- Se o invite não tem tenant_id, tenta achar a membership active do owner.
+  -- ───────────────────────────────────────────────────────────────────────
+  IF v_tenant_id IS NULL THEN
+    SELECT tenant_id
+      INTO v_tenant_id
+    FROM public.tenant_members
+    WHERE user_id = v_owner_id
+      AND status = 'active'
+    ORDER BY created_at ASC
+    LIMIT 1;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Sanitização + validações de campos (A#27)
+  -- ───────────────────────────────────────────────────────────────────────
+
+  -- Nome obrigatório (max 200)
+  v_nome := nullif(trim(p_payload->>'nome_completo'), '');
+  IF v_nome IS NULL THEN
+    RAISE EXCEPTION 'Nome é obrigatório';
+  END IF;
+  IF length(v_nome) > 200 THEN
+    RAISE EXCEPTION 'Nome muito longo (máx 200 caracteres)';
+  END IF;
+
+  -- Email principal obrigatório + lower + max 120
+  v_email := nullif(lower(trim(p_payload->>'email_principal')), '');
+  IF v_email IS NULL THEN
+    RAISE EXCEPTION 'E-mail é obrigatório';
+  END IF;
+  IF length(v_email) > 120 THEN
+    RAISE EXCEPTION 'E-mail muito longo (máx 120 caracteres)';
+  END IF;
+  IF v_email !~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$' THEN
+    RAISE EXCEPTION 'E-mail inválido';
+  END IF;
+
+  -- Email alternativo opcional mas validado se presente
+  v_email_alt := nullif(lower(trim(p_payload->>'email_alternativo')), '');
+  IF v_email_alt IS NOT NULL THEN
+    IF length(v_email_alt) > 120 THEN
+      RAISE EXCEPTION 'E-mail alternativo muito longo';
+    END IF;
+    IF v_email_alt !~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$' THEN
+      RAISE EXCEPTION 'E-mail alternativo inválido';
+    END IF;
+  END IF;
+
+  -- Consent obrigatório
+  v_consent := coalesce((p_payload->>'consent')::boolean, false);
+  IF v_consent IS NOT TRUE THEN
+    RAISE EXCEPTION 'Consentimento é obrigatório';
+  END IF;
+
+  -- Data de nascimento: aceita DD-MM-YYYY ou YYYY-MM-DD
+  v_birth_raw := nullif(trim(coalesce(p_payload->>'data_nascimento', '')), '');
+  v_birth := CASE
+    WHEN v_birth_raw IS NULL THEN NULL
+    WHEN v_birth_raw ~ '^\d{4}-\d{2}-\d{2}$' THEN v_birth_raw::date
+    WHEN v_birth_raw ~ '^\d{2}-\d{2}-\d{4}$' THEN to_date(v_birth_raw, 'DD-MM-YYYY')
+    ELSE NULL
+  END;
+  -- Sanidade: nascimento não pode ser no futuro nem antes de 1900
+  IF v_birth IS NOT NULL AND (v_birth > current_date OR v_birth < '1900-01-01'::date) THEN
+    v_birth := NULL;
+  END IF;
+
+  -- Gênero e estado civil: whitelist estrita (rejeita qualquer outra string)
+  v_genero := nullif(trim(p_payload->>'genero'), '');
+  IF v_genero IS NOT NULL AND NOT (v_genero = ANY(c_generos)) THEN
+    v_genero := NULL;
+  END IF;
+
+  v_estado_civil := nullif(trim(p_payload->>'estado_civil'), '');
+  IF v_estado_civil IS NOT NULL AND NOT (v_estado_civil = ANY(c_estados_civis)) THEN
+    v_estado_civil := NULL;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- INSERT com sanitização inline
+  -- NOTA: notas_internas NÃO é lido do payload (A#17) — é campo interno
+  -- do terapeuta, não deve vir do paciente.
+  -- ───────────────────────────────────────────────────────────────────────
+  INSERT INTO public.patient_intake_requests (
     owner_id,
+    tenant_id,
     token,
     status,
     consent,
 
     nome_completo,
     email_principal,
+    email_alternativo,
     telefone,
+    telefone_alternativo,
 
-    avatar_url,  -- ???? AQUI
+    avatar_url,
 
     data_nascimento,
     cpf,
@@ -1218,52 +1459,280 @@ begin
     bairro,
 
     observacoes,
-    notas_internas,
 
     encaminhado_por,
     onde_nos_conheceu
   )
-  values (
+  VALUES (
     v_owner_id,
+    v_tenant_id,
     p_token,
     'new',
-    coalesce((p_payload->>'consent')::boolean, false),
+    v_consent,
 
-    nullif(trim(p_payload->>'nome_completo'), ''),
-    nullif(trim(p_payload->>'email_principal'), ''),
+    v_nome,
+    v_email,
+    v_email_alt,
     nullif(regexp_replace(coalesce(p_payload->>'telefone',''), '\D', '', 'g'), ''),
+    nullif(regexp_replace(coalesce(p_payload->>'telefone_alternativo',''), '\D', '', 'g'), ''),
 
-    nullif(trim(p_payload->>'avatar_url'), ''), -- ???? AQUI
+    left(nullif(trim(p_payload->>'avatar_url'), ''), 500),
 
     v_birth,
     nullif(regexp_replace(coalesce(p_payload->>'cpf',''), '\D', '', 'g'), ''),
-    nullif(trim(p_payload->>'rg'), ''),
-    nullif(trim(p_payload->>'genero'), ''),
-    nullif(trim(p_payload->>'estado_civil'), ''),
-    nullif(trim(p_payload->>'profissao'), ''),
-    nullif(trim(p_payload->>'escolaridade'), ''),
-    nullif(trim(p_payload->>'nacionalidade'), ''),
-    nullif(trim(p_payload->>'naturalidade'), ''),
+    left(nullif(trim(p_payload->>'rg'), ''), 20),
+    v_genero,
+    v_estado_civil,
+    left(nullif(trim(p_payload->>'profissao'), ''), 120),
+    left(nullif(trim(p_payload->>'escolaridade'), ''), 120),
+    left(nullif(trim(p_payload->>'nacionalidade'), ''), 80),
+    left(nullif(trim(p_payload->>'naturalidade'), ''), 120),
 
     nullif(regexp_replace(coalesce(p_payload->>'cep',''), '\D', '', 'g'), ''),
-    nullif(trim(p_payload->>'pais'), ''),
-    nullif(trim(p_payload->>'cidade'), ''),
-    nullif(trim(p_payload->>'estado'), ''),
-    nullif(trim(p_payload->>'endereco'), ''),
-    nullif(trim(p_payload->>'numero'), ''),
-    nullif(trim(p_payload->>'complemento'), ''),
-    nullif(trim(p_payload->>'bairro'), ''),
+    left(nullif(trim(p_payload->>'pais'), ''), 60),
+    left(nullif(trim(p_payload->>'cidade'), ''), 120),
+    left(nullif(trim(p_payload->>'estado'), ''), 2),
+    left(nullif(trim(p_payload->>'endereco'), ''), 200),
+    left(nullif(trim(p_payload->>'numero'), ''), 20),
+    left(nullif(trim(p_payload->>'complemento'), ''), 120),
+    left(nullif(trim(p_payload->>'bairro'), ''), 120),
 
-    nullif(trim(p_payload->>'observacoes'), ''),
-    nullif(trim(p_payload->>'notas_internas'), ''),
+    left(nullif(trim(p_payload->>'observacoes'), ''), 2000),
 
-    nullif(trim(p_payload->>'encaminhado_por'), ''),
-    nullif(trim(p_payload->>'onde_nos_conheceu'), '')
+    left(nullif(trim(p_payload->>'encaminhado_por'), ''), 120),
+    left(nullif(trim(p_payload->>'onde_nos_conheceu'), ''), 80)
   )
-  returning id into v_intake_id;
+  RETURNING id INTO v_intake_id;
 
-  return v_intake_id;
-end;
+  -- Incrementa contador de uso (A#16)
+  UPDATE public.patient_invites
+    SET uses = uses + 1
+  WHERE token = p_token;
+
+  RETURN v_intake_id;
+END;
+$_$;
+
+CREATE FUNCTION public.create_patient_intake_request_v2(p_token text, p_payload jsonb, p_client_info text DEFAULT NULL::text) RETURNS uuid
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $_$
+DECLARE
+  v_owner_id   uuid;
+  v_tenant_id  uuid;
+  v_active     boolean;
+  v_expires    timestamptz;
+  v_max_uses   int;
+  v_uses       int;
+  v_intake_id  uuid;
+  v_birth_raw  text;
+  v_birth      date;
+  v_email      text;
+  v_email_alt  text;
+  v_nome       text;
+  v_consent    boolean;
+  v_genero     text;
+  v_estado_civil text;
+  v_err_msg    text;
+  v_err_code   text;
+  v_clean_info text;
+
+  c_generos        text[] := ARRAY['male','female','non_binary','other','na'];
+  c_estados_civis  text[] := ARRAY['single','married','divorced','widowed','na'];
+
+  -- Helper para logar: escreve em patient_invite_attempts e não propaga erros.
+  -- Implementado inline porque PL/pgSQL não permite sub-rotina local fácil.
+BEGIN
+  -- Sanitiza client_info recebido (cap + trim)
+  v_clean_info := nullif(left(trim(coalesce(p_client_info, '')), 500), '');
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Resolve invite + valida TUDO (A#16)
+  -- ───────────────────────────────────────────────────────────────────────
+  SELECT owner_id, tenant_id, active, expires_at, max_uses, uses
+    INTO v_owner_id, v_tenant_id, v_active, v_expires, v_max_uses, v_uses
+  FROM public.patient_invites
+  WHERE token = p_token
+  LIMIT 1;
+
+  IF v_owner_id IS NULL THEN
+    v_err_code := 'TOKEN_INVALID';
+    v_err_msg := 'Token inválido';
+    -- Log + raise (owner_id NULL porque token não bateu)
+    BEGIN
+      INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info)
+      VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info);
+    EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg USING ERRCODE = '28000';
+  END IF;
+
+  IF v_active IS NOT TRUE THEN
+    v_err_code := 'TOKEN_DISABLED';
+    v_err_msg := 'Link desativado';
+    BEGIN
+      INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id)
+      VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id);
+    EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg USING ERRCODE = '28000';
+  END IF;
+
+  IF v_expires IS NOT NULL AND now() > v_expires THEN
+    v_err_code := 'TOKEN_EXPIRED';
+    v_err_msg := 'Link expirado';
+    BEGIN
+      INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id)
+      VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id);
+    EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg USING ERRCODE = '28000';
+  END IF;
+
+  IF v_max_uses IS NOT NULL AND v_uses >= v_max_uses THEN
+    v_err_code := 'TOKEN_MAX_USES';
+    v_err_msg := 'Limite de uso atingido';
+    BEGIN
+      INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id)
+      VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id);
+    EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg USING ERRCODE = '28000';
+  END IF;
+
+  -- Resolve tenant_id se invite não tiver (A#19)
+  IF v_tenant_id IS NULL THEN
+    SELECT tenant_id
+      INTO v_tenant_id
+    FROM public.tenant_members
+    WHERE user_id = v_owner_id
+      AND status = 'active'
+    ORDER BY created_at ASC
+    LIMIT 1;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Sanitização + validações de campos (A#27)
+  -- ───────────────────────────────────────────────────────────────────────
+  v_nome := nullif(trim(p_payload->>'nome_completo'), '');
+  IF v_nome IS NULL THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'Nome é obrigatório';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+  IF length(v_nome) > 200 THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'Nome muito longo';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+
+  v_email := nullif(lower(trim(p_payload->>'email_principal')), '');
+  IF v_email IS NULL THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'E-mail é obrigatório';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+  IF length(v_email) > 120 THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'E-mail muito longo';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+  IF v_email !~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$' THEN
+    v_err_code := 'VALIDATION'; v_err_msg := 'E-mail inválido';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+
+  v_email_alt := nullif(lower(trim(p_payload->>'email_alternativo')), '');
+  IF v_email_alt IS NOT NULL THEN
+    IF length(v_email_alt) > 120 THEN
+      v_err_code := 'VALIDATION'; v_err_msg := 'E-mail alternativo muito longo';
+      BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+      RAISE EXCEPTION '%', v_err_msg;
+    END IF;
+    IF v_email_alt !~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$' THEN
+      v_err_code := 'VALIDATION'; v_err_msg := 'E-mail alternativo inválido';
+      BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+      RAISE EXCEPTION '%', v_err_msg;
+    END IF;
+  END IF;
+
+  v_consent := coalesce((p_payload->>'consent')::boolean, false);
+  IF v_consent IS NOT TRUE THEN
+    v_err_code := 'CONSENT_REQUIRED'; v_err_msg := 'Consentimento é obrigatório';
+    BEGIN INSERT INTO public.patient_invite_attempts (token, ok, error_code, error_msg, client_info, owner_id, tenant_id) VALUES (p_token, false, v_err_code, v_err_msg, v_clean_info, v_owner_id, v_tenant_id); EXCEPTION WHEN OTHERS THEN NULL; END;
+    RAISE EXCEPTION '%', v_err_msg;
+  END IF;
+
+  v_birth_raw := nullif(trim(coalesce(p_payload->>'data_nascimento', '')), '');
+  v_birth := CASE
+    WHEN v_birth_raw IS NULL THEN NULL
+    WHEN v_birth_raw ~ '^\d{4}-\d{2}-\d{2}$' THEN v_birth_raw::date
+    WHEN v_birth_raw ~ '^\d{2}-\d{2}-\d{4}$' THEN to_date(v_birth_raw, 'DD-MM-YYYY')
+    ELSE NULL
+  END;
+  IF v_birth IS NOT NULL AND (v_birth > current_date OR v_birth < '1900-01-01'::date) THEN
+    v_birth := NULL;
+  END IF;
+
+  v_genero := nullif(trim(p_payload->>'genero'), '');
+  IF v_genero IS NOT NULL AND NOT (v_genero = ANY(c_generos)) THEN
+    v_genero := NULL;
+  END IF;
+
+  v_estado_civil := nullif(trim(p_payload->>'estado_civil'), '');
+  IF v_estado_civil IS NOT NULL AND NOT (v_estado_civil = ANY(c_estados_civis)) THEN
+    v_estado_civil := NULL;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- INSERT
+  -- ───────────────────────────────────────────────────────────────────────
+  INSERT INTO public.patient_intake_requests (
+    owner_id, tenant_id, token, status, consent,
+    nome_completo, email_principal, email_alternativo, telefone, telefone_alternativo,
+    avatar_url,
+    data_nascimento, cpf, rg, genero, estado_civil,
+    profissao, escolaridade, nacionalidade, naturalidade,
+    cep, pais, cidade, estado, endereco, numero, complemento, bairro,
+    observacoes, encaminhado_por, onde_nos_conheceu
+  )
+  VALUES (
+    v_owner_id, v_tenant_id, p_token, 'new', v_consent,
+    v_nome, v_email, v_email_alt,
+    nullif(regexp_replace(coalesce(p_payload->>'telefone',''), '\D', '', 'g'), ''),
+    nullif(regexp_replace(coalesce(p_payload->>'telefone_alternativo',''), '\D', '', 'g'), ''),
+    left(nullif(trim(p_payload->>'avatar_url'), ''), 500),
+    v_birth,
+    nullif(regexp_replace(coalesce(p_payload->>'cpf',''), '\D', '', 'g'), ''),
+    left(nullif(trim(p_payload->>'rg'), ''), 20),
+    v_genero, v_estado_civil,
+    left(nullif(trim(p_payload->>'profissao'), ''), 120),
+    left(nullif(trim(p_payload->>'escolaridade'), ''), 120),
+    left(nullif(trim(p_payload->>'nacionalidade'), ''), 80),
+    left(nullif(trim(p_payload->>'naturalidade'), ''), 120),
+    nullif(regexp_replace(coalesce(p_payload->>'cep',''), '\D', '', 'g'), ''),
+    left(nullif(trim(p_payload->>'pais'), ''), 60),
+    left(nullif(trim(p_payload->>'cidade'), ''), 120),
+    left(nullif(trim(p_payload->>'estado'), ''), 2),
+    left(nullif(trim(p_payload->>'endereco'), ''), 200),
+    left(nullif(trim(p_payload->>'numero'), ''), 20),
+    left(nullif(trim(p_payload->>'complemento'), ''), 120),
+    left(nullif(trim(p_payload->>'bairro'), ''), 120),
+    left(nullif(trim(p_payload->>'observacoes'), ''), 2000),
+    left(nullif(trim(p_payload->>'encaminhado_por'), ''), 120),
+    left(nullif(trim(p_payload->>'onde_nos_conheceu'), ''), 80)
+  )
+  RETURNING id INTO v_intake_id;
+
+  UPDATE public.patient_invites
+    SET uses = uses + 1
+  WHERE token = p_token;
+
+  -- Log de sucesso (best-effort, não propaga erro)
+  BEGIN
+    INSERT INTO public.patient_invite_attempts (token, ok, client_info, owner_id, tenant_id)
+    VALUES (p_token, true, v_clean_info, v_owner_id, v_tenant_id);
+  EXCEPTION WHEN OTHERS THEN NULL; END;
+
+  RETURN v_intake_id;
+END;
 $_$;
 
 CREATE FUNCTION public.create_support_session(p_tenant_id uuid, p_ttl_minutes integer DEFAULT 60) RETURNS json
@@ -1530,6 +1999,47 @@ BEGIN
 END;
 $$;
 
+CREATE FUNCTION public.deduct_whatsapp_credits(p_tenant_id uuid, p_amount integer, p_conversation_message_id bigint DEFAULT NULL::bigint, p_note text DEFAULT NULL::text) RETURNS integer
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_new_balance INT;
+    v_row RECORD;
+BEGIN
+    IF p_amount <= 0 THEN
+        RAISE EXCEPTION 'amount must be positive';
+    END IF;
+
+    -- Lock a linha e valida saldo
+    SELECT balance, low_balance_threshold
+        INTO v_row
+        FROM public.whatsapp_credits_balance
+        WHERE tenant_id = p_tenant_id
+        FOR UPDATE;
+
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'insufficient_credits';
+    END IF;
+    IF v_row.balance < p_amount THEN
+        RAISE EXCEPTION 'insufficient_credits';
+    END IF;
+
+    UPDATE public.whatsapp_credits_balance
+        SET balance = balance - p_amount,
+            lifetime_used = lifetime_used + p_amount
+        WHERE tenant_id = p_tenant_id
+        RETURNING balance INTO v_new_balance;
+
+    INSERT INTO public.whatsapp_credits_transactions
+        (tenant_id, kind, amount, balance_after, conversation_message_id, note)
+    VALUES
+        (p_tenant_id, 'usage', -p_amount, v_new_balance, p_conversation_message_id, p_note);
+
+    RETURN v_new_balance;
+END;
+$$;
+
 CREATE FUNCTION public.delete_commitment_full(p_tenant_id uuid, p_commitment_id uuid) RETURNS jsonb
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
@@ -1668,6 +2178,58 @@ begin
 end;
 $$;
 
+CREATE FUNCTION public.delete_plan_safe(p_plan_id uuid) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+  v_active_count int;
+  v_plan_key     text;
+BEGIN
+  IF auth.uid() IS NULL THEN
+    RAISE EXCEPTION 'Não autenticado' USING ERRCODE = '28000';
+  END IF;
+
+  IF NOT public.is_saas_admin() THEN
+    RAISE EXCEPTION 'Apenas saas_admin pode deletar planos' USING ERRCODE = '42501';
+  END IF;
+
+  IF p_plan_id IS NULL THEN
+    RAISE EXCEPTION 'plan_id obrigatório' USING ERRCODE = '22023';
+  END IF;
+
+  SELECT key INTO v_plan_key FROM public.plans WHERE id = p_plan_id;
+  IF v_plan_key IS NULL THEN
+    RAISE EXCEPTION 'plano não encontrado' USING ERRCODE = '22023';
+  END IF;
+
+  SELECT COUNT(*) INTO v_active_count
+  FROM public.subscriptions
+  WHERE plan_id = p_plan_id
+    AND status = 'active';
+
+  IF v_active_count > 0 THEN
+    RAISE EXCEPTION 'Plano % tem % assinatura(s) ativa(s); migre os tenants antes de deletar.',
+      v_plan_key, v_active_count
+      USING ERRCODE = 'P0001';
+  END IF;
+
+  -- desativa preços ativos antes de deletar
+  UPDATE public.plan_prices
+     SET is_active = false,
+         active_to = now()
+   WHERE plan_id = p_plan_id
+     AND is_active = true;
+
+  DELETE FROM public.plans WHERE id = p_plan_id;
+
+  RETURN jsonb_build_object(
+    'deleted',  true,
+    'plan_key', v_plan_key
+  );
+END;
+$$;
+
 CREATE FUNCTION public.dev_list_auth_users(p_limit integer DEFAULT 50) RETURNS TABLE(id uuid, email text, created_at timestamp with time zone)
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public', 'auth'
@@ -1798,6 +2360,15 @@ begin
 end;
 $_$;
 
+CREATE FUNCTION public.dev_set_updated_at() RETURNS trigger
+    LANGUAGE plpgsql
+    AS $$
+BEGIN
+  NEW.updated_at := now();
+  RETURN NEW;
+END;
+$$;
+
 CREATE FUNCTION public.ensure_personal_tenant() RETURNS uuid
     LANGUAGE plpgsql SECURITY DEFINER
     AS $$
@@ -1874,6 +2445,289 @@ begin
 end;
 $$;
 
+CREATE FUNCTION public.export_patient_data(p_patient_id uuid) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_patient RECORD;
+    v_tenant_id UUID;
+    v_caller UUID;
+    v_is_member BOOLEAN;
+    v_result JSONB;
+BEGIN
+    v_caller := auth.uid();
+    IF v_caller IS NULL THEN
+        RAISE EXCEPTION 'Autenticacao obrigatoria' USING ERRCODE = '28000';
+    END IF;
+
+    -- carrega paciente
+    SELECT * INTO v_patient FROM public.patients WHERE id = p_patient_id;
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'Paciente nao encontrado' USING ERRCODE = 'P0002';
+    END IF;
+
+    v_tenant_id := v_patient.tenant_id;
+
+    -- verifica se caller e membro ativo do tenant do paciente
+    SELECT EXISTS (
+        SELECT 1 FROM public.tenant_members tm
+        WHERE tm.tenant_id = v_tenant_id
+          AND tm.user_id = v_caller
+          AND tm.status = 'active'
+    ) OR public.is_saas_admin() INTO v_is_member;
+
+    IF NOT v_is_member THEN
+        RAISE EXCEPTION 'Sem permissao para exportar dados deste paciente' USING ERRCODE = '42501';
+    END IF;
+
+    -- monta o payload
+    v_result := jsonb_build_object(
+        'export_metadata', jsonb_build_object(
+            'generated_at', now(),
+            'generated_by', v_caller,
+            'tenant_id', v_tenant_id,
+            'patient_id', p_patient_id,
+            'lgpd_basis', 'Art. 18, II - portabilidade dos dados do titular',
+            'controller', 'AgenciaPSI - Clinica responsavel',
+            'format_version', '1.0'
+        ),
+        'paciente', to_jsonb(v_patient),
+        'contatos', COALESCE((
+            SELECT jsonb_agg(to_jsonb(pc) ORDER BY pc.created_at)
+            FROM public.patient_contacts pc
+            WHERE pc.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'contatos_apoio', COALESCE((
+            SELECT jsonb_agg(to_jsonb(psc) ORDER BY psc.created_at)
+            FROM public.patient_support_contacts psc
+            WHERE psc.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'historico_status', COALESCE((
+            SELECT jsonb_agg(to_jsonb(psh) ORDER BY psh.alterado_em)
+            FROM public.patient_status_history psh
+            WHERE psh.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'timeline', COALESCE((
+            SELECT jsonb_agg(to_jsonb(pt) ORDER BY pt.ocorrido_em)
+            FROM public.patient_timeline pt
+            WHERE pt.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'descontos', COALESCE((
+            SELECT jsonb_agg(to_jsonb(pd) ORDER BY pd.created_at)
+            FROM public.patient_discounts pd
+            WHERE pd.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'eventos_agenda', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', ae.id,
+                    'tipo', ae.tipo,
+                    'inicio_em', ae.inicio_em,
+                    'fim_em', ae.fim_em,
+                    'status', ae.status,
+                    'observacoes', ae.observacoes,
+                    'created_at', ae.created_at
+                ) ORDER BY ae.inicio_em
+            )
+            FROM public.agenda_eventos ae
+            WHERE ae.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'registros_financeiros', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', fr.id,
+                    'amount', fr.amount,
+                    'discount_amount', fr.discount_amount,
+                    'final_amount', fr.final_amount,
+                    'status', fr.status,
+                    'due_date', fr.due_date,
+                    'paid_at', fr.paid_at,
+                    'payment_method', fr.payment_method,
+                    'notes', fr.notes,
+                    'created_at', fr.created_at
+                ) ORDER BY fr.created_at
+            )
+            FROM public.financial_records fr
+            WHERE fr.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'documentos', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', d.id,
+                    'nome_original', d.nome_original,
+                    'tipo_documento', d.tipo_documento,
+                    'categoria', d.categoria,
+                    'descricao', d.descricao,
+                    'mime_type', d.mime_type,
+                    'tamanho_bytes', d.tamanho_bytes,
+                    'status_revisao', d.status_revisao,
+                    'visibilidade', d.visibilidade,
+                    'uploaded_at', d.uploaded_at,
+                    'created_at', d.created_at
+                ) ORDER BY d.created_at
+            )
+            FROM public.documents d
+            WHERE d.patient_id = p_patient_id AND d.deleted_at IS NULL
+        ), '[]'::jsonb),
+        'notificacoes_enviadas', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', nl.id,
+                    'channel', nl.channel,
+                    'template_key', nl.template_key,
+                    'recipient_address', nl.recipient_address,
+                    'status', nl.status,
+                    'sent_at', nl.sent_at,
+                    'delivered_at', nl.delivered_at,
+                    'read_at', nl.read_at,
+                    'failure_reason', nl.failure_reason,
+                    'created_at', nl.created_at
+                ) ORDER BY nl.created_at
+            )
+            FROM public.notification_logs nl
+            WHERE nl.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'audit_trail', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', al.id,
+                    'action', al.action,
+                    'entity_type', al.entity_type,
+                    'changed_fields', al.changed_fields,
+                    'user_id', al.user_id,
+                    'created_at', al.created_at
+                ) ORDER BY al.created_at
+            )
+            FROM public.audit_logs al
+            WHERE al.tenant_id = v_tenant_id
+              AND al.entity_type = 'patients'
+              AND al.entity_id = p_patient_id::text
+        ), '[]'::jsonb),
+        'acessos_a_documentos', COALESCE((
+            SELECT jsonb_agg(
+                jsonb_build_object(
+                    'id', dal.id,
+                    'documento_id', dal.documento_id,
+                    'acao', dal.acao,
+                    'user_id', dal.user_id,
+                    'acessado_em', dal.acessado_em
+                ) ORDER BY dal.acessado_em
+            )
+            FROM public.document_access_logs dal
+            WHERE dal.documento_id IN (
+                SELECT id FROM public.documents WHERE patient_id = p_patient_id
+            )
+        ), '[]'::jsonb),
+        'grupos', COALESCE((
+            SELECT jsonb_agg(jsonb_build_object('patient_group_id', pgp.patient_group_id))
+            FROM public.patient_group_patient pgp
+            WHERE pgp.patient_id = p_patient_id
+        ), '[]'::jsonb),
+        'tags', COALESCE((
+            SELECT jsonb_agg(jsonb_build_object('tag_id', ppt.tag_id))
+            FROM public.patient_patient_tag ppt
+            WHERE ppt.patient_id = p_patient_id
+        ), '[]'::jsonb)
+    );
+
+    -- registra o export como evento auditavel
+    INSERT INTO public.audit_logs (
+        tenant_id, user_id, entity_type, entity_id, action,
+        old_values, new_values, changed_fields, metadata
+    ) VALUES (
+        v_tenant_id, v_caller, 'patients', p_patient_id::text, 'update',
+        NULL, NULL, ARRAY['__lgpd_export__'],
+        jsonb_build_object(
+            'action_kind', 'lgpd_export',
+            'lgpd_basis', 'Art. 18, II',
+            'patient_name', v_patient.nome_completo
+        )
+    );
+
+    RETURN v_result;
+END;
+$$;
+
+CREATE FUNCTION public.fanout_inbound_message_to_notifications() RETURNS trigger
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_target_user UUID;
+    v_title TEXT;
+    v_detail TEXT;
+    v_initials TEXT;
+    v_deeplink TEXT;
+    v_patient_name TEXT;
+    v_payload JSONB;
+BEGIN
+    -- so processa inbound
+    IF NEW.direction <> 'inbound' THEN
+        RETURN NEW;
+    END IF;
+
+    -- busca nome do paciente (se vinculado)
+    IF NEW.patient_id IS NOT NULL THEN
+        SELECT nome_completo INTO v_patient_name FROM public.patients WHERE id = NEW.patient_id;
+    END IF;
+
+    -- titulo e detalhes
+    v_title := COALESCE(v_patient_name, NEW.from_number, 'Desconhecido');
+    v_detail := COALESCE(left(NEW.body, 100), '[mensagem sem texto]');
+
+    -- iniciais
+    IF v_patient_name IS NOT NULL THEN
+        v_initials := upper(left(v_patient_name, 1)) ||
+                      COALESCE(upper(left(split_part(v_patient_name, ' ', 2), 1)), '');
+    ELSE
+        v_initials := '?';
+    END IF;
+
+    -- deeplink para a pagina de conversas (clinic padrao; therapist tambem funciona via mesma rota na area dele)
+    v_deeplink := '/admin/conversas';
+
+    v_payload := jsonb_build_object(
+        'title', v_title,
+        'detail', v_detail,
+        'avatar_initials', v_initials,
+        'deeplink', v_deeplink,
+        'channel', NEW.channel,
+        'conversation_message_id', NEW.id,
+        'patient_id', NEW.patient_id,
+        'from_number', NEW.from_number
+    );
+
+    -- ─── decide destinatarios ─────────────────────────────────────────────
+
+    -- Caso 1: paciente vinculado e tem responsible_member_id
+    IF NEW.patient_id IS NOT NULL THEN
+        SELECT tm.user_id INTO v_target_user
+        FROM public.patients p
+        JOIN public.tenant_members tm ON tm.id = p.responsible_member_id
+        WHERE p.id = NEW.patient_id
+          AND tm.status = 'active'
+        LIMIT 1;
+
+        IF v_target_user IS NOT NULL THEN
+            INSERT INTO public.notifications (owner_id, tenant_id, type, ref_id, ref_table, payload)
+            VALUES (v_target_user, NEW.tenant_id, 'inbound_message', NULL, 'conversation_messages', v_payload);
+            RETURN NEW;
+        END IF;
+    END IF;
+
+    -- Caso 2: fallback — fan-out pra todos tenant_admin/clinic_admin/therapist ativos
+    INSERT INTO public.notifications (owner_id, tenant_id, type, ref_id, ref_table, payload)
+    SELECT tm.user_id, NEW.tenant_id, 'inbound_message', NULL, 'conversation_messages', v_payload
+    FROM public.tenant_members tm
+    WHERE tm.tenant_id = NEW.tenant_id
+      AND tm.status = 'active'
+      AND tm.role IN ('clinic_admin', 'tenant_admin', 'therapist');
+
+    RETURN NEW;
+END;
+$$;
+
 CREATE FUNCTION public.faq_votar(faq_id uuid) RETURNS void
     LANGUAGE sql SECURITY DEFINER
     AS $$
@@ -1884,6 +2738,21 @@ CREATE FUNCTION public.faq_votar(faq_id uuid) RETURNS void
     and ativo = true;
 $$;
 
+CREATE FUNCTION public.financial_records_inject_tenant() RETURNS trigger
+    LANGUAGE plpgsql
+    AS $$
+BEGIN
+  IF NEW.tenant_id IS NULL AND NEW.owner_id IS NOT NULL THEN
+    SELECT tm.tenant_id INTO NEW.tenant_id
+    FROM public.tenant_members tm
+    WHERE tm.user_id = NEW.owner_id AND tm.status = 'active'
+    ORDER BY tm.created_at DESC
+    LIMIT 1;
+  END IF;
+  RETURN NEW;
+END;
+$$;
+
 CREATE FUNCTION public.fix_all_subscription_mismatches() RETURNS void
     LANGUAGE plpgsql SECURITY DEFINER
     AS $$
@@ -1990,6 +2859,54 @@ BEGIN
 END;
 $$;
 
+CREATE FUNCTION public.generate_math_challenge() RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_a    integer;
+    v_b    integer;
+    v_op   text;
+    v_ans  integer;
+    v_q    text;
+    v_id   uuid;
+BEGIN
+    v_a := 1 + floor(random() * 9)::int;
+    v_b := 1 + floor(random() * 9)::int;
+    v_op := (ARRAY['+','-','*'])[1 + floor(random() * 3)::int];
+
+    -- garantir resultado positivo na subtração
+    IF v_op = '-' AND v_b > v_a THEN
+        v_a := v_a + v_b;
+    END IF;
+
+    v_ans := CASE v_op
+        WHEN '+' THEN v_a + v_b
+        WHEN '-' THEN v_a - v_b
+        WHEN '*' THEN v_a * v_b
+    END;
+
+    v_q := format('Quanto é %s %s %s?', v_a, v_op, v_b);
+
+    INSERT INTO math_challenges (question, answer)
+    VALUES (v_q, v_ans)
+    RETURNING id INTO v_id;
+
+    RETURN jsonb_build_object('id', v_id, 'question', v_q);
+END;
+$$;
+
+CREATE FUNCTION public.get_entity_primary_phone(p_entity_type text, p_entity_id uuid) RETURNS text
+    LANGUAGE sql STABLE SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+    SELECT number FROM public.contact_phones
+    WHERE entity_type = p_entity_type
+      AND entity_id = p_entity_id
+    ORDER BY is_primary DESC, position ASC, created_at ASC
+    LIMIT 1;
+$$;
+
 CREATE FUNCTION public.get_financial_report(p_owner_id uuid, p_start_date date, p_end_date date, p_group_by text DEFAULT 'month'::text) RETURNS TABLE(group_key text, group_label text, total_receitas numeric, total_despesas numeric, saldo numeric, total_pendente numeric, total_overdue numeric, count_records bigint)
     LANGUAGE sql STABLE SECURITY DEFINER
     SET search_path TO 'public'
@@ -2125,6 +3042,141 @@ CREATE FUNCTION public.get_my_email() RETURNS text
   where id = auth.uid();
 $$;
 
+CREATE FUNCTION public.get_patient_intake_invite_info(p_token text) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_token_clean text;
+    v_invite      RECORD;
+    v_result      jsonb;
+BEGIN
+    v_token_clean := nullif(trim(coalesce(p_token, '')), '');
+    IF v_token_clean IS NULL THEN
+        RETURN jsonb_build_object('error', 'missing-token');
+    END IF;
+
+    SELECT pi.owner_id, pi.tenant_id, pi.active, pi.expires_at, pi.max_uses, pi.uses
+      INTO v_invite
+      FROM public.patient_invites pi
+     WHERE pi.token = v_token_clean
+     LIMIT 1;
+
+    IF v_invite.owner_id IS NULL THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    IF v_invite.active IS DISTINCT FROM true THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    IF v_invite.expires_at IS NOT NULL AND v_invite.expires_at < now() THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    IF v_invite.max_uses IS NOT NULL AND v_invite.uses >= v_invite.max_uses THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    SELECT jsonb_build_object(
+        'therapist', jsonb_build_object(
+            'display_name',      coalesce(
+                                     nullif(trim(p.full_name), ''),
+                                     nullif(trim(p.nickname), ''),
+                                     'Profissional'
+                                 ),
+            'avatar_url',        nullif(trim(coalesce(p.avatar_url, '')), ''),
+            'work_description',  nullif(trim(coalesce(p.work_description, '')), ''),
+            'bio',               nullif(trim(coalesce(p.bio, '')), ''),
+            'phone',             nullif(trim(coalesce(p.phone, '')), ''),
+            'site_url',          nullif(trim(coalesce(p.site_url, '')), ''),
+            'instagram',         nullif(trim(coalesce(p.social_instagram, '')), '')
+        ),
+        'clinic', CASE
+            WHEN cp.tenant_id IS NOT NULL THEN jsonb_build_object(
+                'name',       nullif(trim(coalesce(cp.nome_fantasia, '')), ''),
+                'logo_url',   nullif(trim(coalesce(cp.logo_url, '')), ''),
+                'email',      nullif(trim(coalesce(cp.email, '')), ''),
+                'phone',      nullif(trim(coalesce(cp.telefone, '')), ''),
+                'site',       nullif(trim(coalesce(cp.site, '')), ''),
+                'city',       nullif(trim(coalesce(cp.cidade, '')), ''),
+                'state',      nullif(trim(coalesce(cp.estado, '')), ''),
+                'neighborhood', nullif(trim(coalesce(cp.bairro, '')), ''),
+                'street',     nullif(trim(coalesce(cp.logradouro, '')), ''),
+                'number',     nullif(trim(coalesce(cp.numero, '')), ''),
+                'social',     coalesce(cp.redes_sociais, '[]'::jsonb)
+            )
+            ELSE NULL
+        END
+    )
+    INTO v_result
+    FROM public.profiles p
+    LEFT JOIN public.company_profiles cp ON cp.tenant_id = v_invite.tenant_id
+    WHERE p.id = v_invite.owner_id
+    LIMIT 1;
+
+    IF v_result IS NULL THEN
+        RETURN jsonb_build_object('error', 'invalid-token');
+    END IF;
+
+    RETURN jsonb_build_object('ok', true, 'info', v_result);
+END;
+$$;
+
+CREATE FUNCTION public.get_patient_session_counts(p_patient_ids uuid[]) RETURNS TABLE(patient_id uuid, session_count integer, last_session_at timestamp with time zone)
+    LANGUAGE sql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+    SELECT
+        ae.patient_id,
+        COUNT(*)::int                AS session_count,
+        MAX(ae.inicio_em)            AS last_session_at
+    FROM public.agenda_eventos ae
+    WHERE ae.patient_id = ANY(p_patient_ids)
+      AND ae.tenant_id IN (
+          SELECT tm.tenant_id
+          FROM public.tenant_members tm
+          WHERE tm.user_id = auth.uid()
+            AND tm.status = 'active'
+      )
+    GROUP BY ae.patient_id;
+$$;
+
+CREATE FUNCTION public.get_twilio_config() RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    cfg saas_twilio_config%ROWTYPE;
+BEGIN
+    -- Permite quem é saas_admin (UI) ou quando chamado via service_role (edge function)
+    -- coalesce protege de NULL (auth.role() pode ser NULL fora de contexto JWT)
+    IF NOT (public.is_saas_admin() OR coalesce(auth.role(), '') = 'service_role') THEN
+        RAISE EXCEPTION 'Sem permissão' USING ERRCODE = '42501';
+    END IF;
+
+    SELECT * INTO cfg FROM saas_twilio_config WHERE id = true;
+    IF NOT FOUND THEN
+        RETURN jsonb_build_object(
+            'account_sid',          NULL,
+            'whatsapp_webhook_url', NULL,
+            'usd_brl_rate',         5.5,
+            'margin_multiplier',    1.4
+        );
+    END IF;
+
+    RETURN jsonb_build_object(
+        'account_sid',          cfg.account_sid,
+        'whatsapp_webhook_url', cfg.whatsapp_webhook_url,
+        'usd_brl_rate',         cfg.usd_brl_rate,
+        'margin_multiplier',    cfg.margin_multiplier,
+        'notes',                cfg.notes,
+        'updated_at',           cfg.updated_at,
+        'updated_by',           cfg.updated_by
+    );
+END;
+$$;
+
 CREATE FUNCTION public.guard_account_type_immutable() RETURNS trigger
     LANGUAGE plpgsql
     AS $$
@@ -2335,6 +3387,51 @@ CREATE FUNCTION public.is_therapist_tenant(_tenant_id uuid) RETURNS boolean
   );
 $$;
 
+CREATE FUNCTION public.issue_patient_invite() RETURNS text
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+  v_uid        uuid;
+  v_tenant_id  uuid;
+  v_token      text;
+  v_existing   text;
+BEGIN
+  v_uid := auth.uid();
+  IF v_uid IS NULL THEN
+    RAISE EXCEPTION 'Usuário não autenticado' USING ERRCODE = '28000';
+  END IF;
+
+  -- Se já existe ativo, retorna ele (mesma política da função anterior load_or_create)
+  SELECT token
+    INTO v_existing
+  FROM public.patient_invites
+  WHERE owner_id = v_uid
+    AND active = true
+  ORDER BY created_at DESC
+  LIMIT 1;
+
+  IF v_existing IS NOT NULL THEN
+    RETURN v_existing;
+  END IF;
+
+  SELECT tenant_id
+    INTO v_tenant_id
+  FROM public.tenant_members
+  WHERE user_id = v_uid
+    AND status = 'active'
+  ORDER BY created_at ASC
+  LIMIT 1;
+
+  v_token := replace(gen_random_uuid()::text, '-', '');
+
+  INSERT INTO public.patient_invites (owner_id, tenant_id, token, active)
+  VALUES (v_uid, v_tenant_id, v_token, true);
+
+  RETURN v_token;
+END;
+$$;
+
 CREATE FUNCTION public.jwt_email() RETURNS text
     LANGUAGE sql STABLE
     AS $$
@@ -2359,6 +3456,72 @@ CREATE FUNCTION public.list_financial_records(p_owner_id uuid, p_year integer DE
   OFFSET p_offset;
 $$;
 
+CREATE FUNCTION public.log_audit_change() RETURNS trigger
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_tenant_id UUID;
+    v_entity_id TEXT;
+    v_old JSONB;
+    v_new JSONB;
+    v_changed TEXT[];
+    v_heavy_fields TEXT[] := ARRAY[
+        'content', 'content_html', 'content_json', 'raw_data',
+        'signature_data', 'pdf_blob', 'binary', 'body_html', 'body_text'
+    ];
+    v_noise_fields TEXT[] := ARRAY['updated_at', 'last_seen_at', 'last_activity_at'];
+BEGIN
+    IF TG_OP = 'DELETE' THEN
+        v_tenant_id := OLD.tenant_id;
+        v_entity_id := OLD.id::TEXT;
+        v_old := to_jsonb(OLD) - v_heavy_fields;
+        v_new := NULL;
+    ELSIF TG_OP = 'INSERT' THEN
+        v_tenant_id := NEW.tenant_id;
+        v_entity_id := NEW.id::TEXT;
+        v_old := NULL;
+        v_new := to_jsonb(NEW) - v_heavy_fields;
+    ELSE -- UPDATE
+        v_tenant_id := NEW.tenant_id;
+        v_entity_id := NEW.id::TEXT;
+        v_old := to_jsonb(OLD) - v_heavy_fields;
+        v_new := to_jsonb(NEW) - v_heavy_fields;
+
+        -- calcular campos realmente alterados
+        SELECT array_agg(key ORDER BY key) INTO v_changed
+        FROM jsonb_each(to_jsonb(NEW)) AS kv(key, value)
+        WHERE (to_jsonb(OLD))->kv.key IS DISTINCT FROM kv.value;
+
+        -- se nada mudou, ignora
+        IF v_changed IS NULL THEN
+            RETURN NEW;
+        END IF;
+
+        -- se mudou apenas campos de ruido (ex: updated_at), ignora
+        IF v_changed <@ v_noise_fields THEN
+            RETURN NEW;
+        END IF;
+    END IF;
+
+    INSERT INTO public.audit_logs (
+        tenant_id, user_id, entity_type, entity_id, action,
+        old_values, new_values, changed_fields
+    ) VALUES (
+        v_tenant_id,
+        auth.uid(),
+        TG_TABLE_NAME,
+        v_entity_id,
+        lower(TG_OP),
+        v_old,
+        v_new,
+        v_changed
+    );
+
+    RETURN COALESCE(NEW, OLD);
+END;
+$$;
+
 CREATE FUNCTION public.mark_as_paid(p_financial_record_id uuid, p_payment_method text) RETURNS SETOF public.financial_records
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
@@ -2434,6 +3597,41 @@ BEGIN
 END;
 $$;
 
+CREATE FUNCTION public.match_patient_by_phone(p_tenant_id uuid, p_phone text) RETURNS uuid
+    LANGUAGE plpgsql STABLE SECURITY DEFINER
+    SET search_path TO 'public', 'pg_temp'
+    AS $$
+DECLARE
+    v_normalized TEXT;
+    v_patient_id UUID;
+BEGIN
+    v_normalized := public.normalize_phone_br(p_phone);
+    IF v_normalized IS NULL OR length(v_normalized) < 10 THEN
+        RETURN NULL;
+    END IF;
+
+    -- prioridade: telefone principal, depois alternativo, depois responsavel
+    SELECT id INTO v_patient_id FROM public.patients
+    WHERE tenant_id = p_tenant_id
+      AND public.normalize_phone_br(telefone) = v_normalized
+    LIMIT 1;
+    IF v_patient_id IS NOT NULL THEN RETURN v_patient_id; END IF;
+
+    SELECT id INTO v_patient_id FROM public.patients
+    WHERE tenant_id = p_tenant_id
+      AND public.normalize_phone_br(telefone_alternativo) = v_normalized
+    LIMIT 1;
+    IF v_patient_id IS NOT NULL THEN RETURN v_patient_id; END IF;
+
+    SELECT id INTO v_patient_id FROM public.patients
+    WHERE tenant_id = p_tenant_id
+      AND public.normalize_phone_br(telefone_responsavel) = v_normalized
+    LIMIT 1;
+
+    RETURN v_patient_id;
+END;
+$$;
+
 CREATE FUNCTION public.my_tenants() RETURNS TABLE(tenant_id uuid, role text, status text, kind text)
     LANGUAGE sql STABLE
     AS $$
@@ -2447,6 +3645,31 @@ CREATE FUNCTION public.my_tenants() RETURNS TABLE(tenant_id uuid, role text, sta
   where tm.user_id = auth.uid();
 $$;
 
+CREATE FUNCTION public.normalize_phone_br(p_phone text) RETURNS text
+    LANGUAGE plpgsql IMMUTABLE
+    AS $$
+DECLARE
+    v_digits TEXT;
+BEGIN
+    IF p_phone IS NULL THEN RETURN NULL; END IF;
+
+    -- remove tudo que nao seja digito
+    v_digits := regexp_replace(p_phone, '\D', '', 'g');
+
+    -- remove DDI 55 se tem 12+ digitos (+55 + DDD + numero)
+    IF length(v_digits) >= 12 AND left(v_digits, 2) = '55' THEN
+        v_digits := substr(v_digits, 3);
+    END IF;
+
+    -- pega os ultimos 11 digitos (DDD + 9digito + 8numero) ou 10 (DDD + 8numero)
+    IF length(v_digits) > 11 THEN
+        v_digits := right(v_digits, 11);
+    END IF;
+
+    RETURN v_digits;
+END;
+$$;
+
 CREATE FUNCTION public.notice_track_click(p_notice_id uuid) RETURNS void
     LANGUAGE plpgsql SECURITY DEFINER
     AS $$
@@ -2965,6 +4188,75 @@ begin
 end;
 $$;
 
+CREATE FUNCTION public.record_submission_attempt(p_endpoint text, p_ip_hash text, p_success boolean, p_blocked_by text DEFAULT NULL::text, p_error_code text DEFAULT NULL::text, p_error_msg text DEFAULT NULL::text, p_user_agent text DEFAULT NULL::text, p_metadata jsonb DEFAULT NULL::jsonb) RETURNS void
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    cfg            saas_security_config%ROWTYPE;
+    v_now          timestamptz := now();
+    v_window_start timestamptz;
+    rl             submission_rate_limits%ROWTYPE;
+BEGIN
+    -- Log sempre (mesmo sem ip)
+    INSERT INTO public_submission_attempts
+        (endpoint, ip_hash, success, blocked_by, error_code, error_msg, user_agent, metadata)
+    VALUES
+        (p_endpoint, p_ip_hash, p_success, p_blocked_by,
+         left(coalesce(p_error_code, ''), 80),
+         left(coalesce(p_error_msg, ''), 500),
+         left(coalesce(p_user_agent, ''), 500),
+         p_metadata);
+
+    -- Sem ip ou rate limit desligado: não atualiza contador
+    IF p_ip_hash IS NULL OR length(btrim(p_ip_hash)) = 0 THEN RETURN; END IF;
+
+    SELECT * INTO cfg FROM saas_security_config WHERE id = true;
+    IF NOT FOUND OR NOT cfg.rate_limit_enabled THEN RETURN; END IF;
+
+    v_window_start := v_now - (cfg.rate_limit_window_min || ' minutes')::interval;
+
+    SELECT * INTO rl
+      FROM submission_rate_limits
+     WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+
+    IF NOT FOUND THEN
+        INSERT INTO submission_rate_limits
+            (ip_hash, endpoint, attempt_count, fail_count, window_start, last_attempt_at)
+        VALUES
+            (p_ip_hash, p_endpoint, 1, CASE WHEN p_success THEN 0 ELSE 1 END, v_now, v_now);
+    ELSE
+        IF rl.window_start < v_window_start THEN
+            -- Reset janela
+            UPDATE submission_rate_limits
+               SET attempt_count = 1,
+                   fail_count = CASE WHEN p_success THEN 0 ELSE 1 END,
+                   window_start = v_now,
+                   last_attempt_at = v_now,
+                   blocked_until = NULL
+             WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+        ELSE
+            UPDATE submission_rate_limits
+               SET attempt_count = attempt_count + 1,
+                   fail_count = fail_count + CASE WHEN p_success THEN 0 ELSE 1 END,
+                   last_attempt_at = v_now
+             WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+        END IF;
+
+        -- Se atingiu threshold de captcha condicional, marca
+        IF NOT p_success THEN
+            SELECT * INTO rl FROM submission_rate_limits WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+            IF rl.fail_count >= cfg.captcha_after_failures
+               AND (rl.requires_captcha_until IS NULL OR rl.requires_captcha_until < v_now) THEN
+                UPDATE submission_rate_limits
+                   SET requires_captcha_until = v_now + (cfg.captcha_required_window_min || ' minutes')::interval
+                 WHERE ip_hash = p_ip_hash AND endpoint = p_endpoint;
+            END IF;
+        END IF;
+    END IF;
+END;
+$$;
+
 CREATE FUNCTION public.revoke_support_session(p_token text) RETURNS boolean
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
@@ -3020,6 +4312,46 @@ begin
 end;
 $$;
 
+CREATE FUNCTION public.rotate_patient_invite_token_v2() RETURNS text
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+  v_uid        uuid;
+  v_tenant_id  uuid;
+  v_new_token  text;
+BEGIN
+  v_uid := auth.uid();
+  IF v_uid IS NULL THEN
+    RAISE EXCEPTION 'Usuário não autenticado' USING ERRCODE = '28000';
+  END IF;
+
+  -- Token gerado no servidor (criptograficamente seguro via pgcrypto)
+  v_new_token := replace(gen_random_uuid()::text, '-', '');
+
+  -- Resolve tenant_id do usuário (active)
+  SELECT tenant_id
+    INTO v_tenant_id
+  FROM public.tenant_members
+  WHERE user_id = v_uid
+    AND status = 'active'
+  ORDER BY created_at ASC
+  LIMIT 1;
+
+  -- Desativa tokens ativos anteriores
+  UPDATE public.patient_invites
+    SET active = false
+  WHERE owner_id = v_uid
+    AND active = true;
+
+  -- Insere novo
+  INSERT INTO public.patient_invites (owner_id, tenant_id, token, active)
+  VALUES (v_uid, v_tenant_id, v_new_token, true);
+
+  RETURN v_new_token;
+END;
+$$;
+
 CREATE FUNCTION public.saas_votar_doc(p_doc_id uuid, p_util boolean) RETURNS jsonb
     LANGUAGE plpgsql SECURITY DEFINER
     AS $$
@@ -3127,6 +4459,219 @@ CREATE FUNCTION public.sanitize_phone_br(raw_phone text) RETURNS text
     RETURN digits;
   END; $$;
 
+CREATE FUNCTION public.search_global(p_q text, p_scope text[] DEFAULT NULL::text[], p_limit integer DEFAULT 8) RETURNS jsonb
+    LANGUAGE plpgsql STABLE
+    SET search_path TO 'public', 'pg_temp'
+    AS $_$
+DECLARE
+    v_q            text;
+    v_pattern      text;
+    v_limit        int;
+    v_patients     jsonb := '[]'::jsonb;
+    v_appointments jsonb := '[]'::jsonb;
+    v_documents    jsonb := '[]'::jsonb;
+    v_services     jsonb := '[]'::jsonb;
+    v_intakes      jsonb := '[]'::jsonb;
+BEGIN
+    -- Sanitize + length guards
+    v_q := nullif(btrim(coalesce(p_q, '')), '');
+    IF v_q IS NULL OR length(v_q) < 2 THEN
+        RETURN jsonb_build_object(
+            'patients',     '[]'::jsonb,
+            'appointments', '[]'::jsonb,
+            'documents',    '[]'::jsonb,
+            'services',     '[]'::jsonb,
+            'intakes',      '[]'::jsonb
+        );
+    END IF;
+    v_q := left(v_q, 80);
+    v_pattern := '%' || v_q || '%';
+    v_limit := GREATEST(1, LEAST(coalesce(p_limit, 8), 20));
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Pacientes
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'patients' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                p.id,
+                p.nome_completo,
+                p.email_principal,
+                p.telefone,
+                p.avatar_url,
+                GREATEST(
+                    similarity(coalesce(p.nome_completo,   ''), v_q),
+                    similarity(coalesce(p.email_principal, ''), v_q) * 0.7,
+                    similarity(coalesce(p.telefone,        ''), v_q) * 0.5,
+                    similarity(coalesce(p.cpf,             ''), v_q) * 0.6
+                ) AS score
+            FROM public.patients p
+            WHERE p.nome_completo   ILIKE v_pattern
+               OR p.email_principal ILIKE v_pattern
+               OR p.telefone        ILIKE v_pattern
+               OR p.cpf             ILIKE v_pattern
+            ORDER BY score DESC, p.nome_completo ASC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',         id,
+            'label',      nome_completo,
+            'sublabel',   coalesce(nullif(email_principal, ''), nullif(telefone, ''), ''),
+            'avatar_url', avatar_url,
+            'deeplink',   '/therapist/patients/cadastro/' || id::text,
+            'score',      round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_patients
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Agendamentos (com nome do paciente via join)
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'appointments' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                e.id,
+                coalesce(nullif(e.titulo_custom, ''), nullif(e.titulo, ''), 'Sessão') AS label,
+                e.inicio_em,
+                pat.nome_completo AS patient_name,
+                GREATEST(
+                    similarity(coalesce(e.titulo,        ''), v_q),
+                    similarity(coalesce(e.titulo_custom, ''), v_q),
+                    similarity(coalesce(pat.nome_completo, ''), v_q) * 0.9
+                ) AS score
+            FROM public.agenda_eventos e
+            LEFT JOIN public.patients pat ON pat.id = e.patient_id
+            WHERE e.titulo          ILIKE v_pattern
+               OR e.titulo_custom   ILIKE v_pattern
+               OR pat.nome_completo ILIKE v_pattern
+            ORDER BY score DESC, e.inicio_em DESC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    label,
+            'sublabel', trim(both ' · ' from
+                            coalesce(patient_name, '') || ' · '
+                            || to_char(inicio_em, 'DD/MM/YYYY HH24:MI')),
+            'deeplink', '/therapist/agenda?event=' || id::text,
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_appointments
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Documentos
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'documents' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                d.id,
+                d.patient_id,
+                d.nome_original,
+                d.tipo_documento,
+                pat.nome_completo AS patient_name,
+                GREATEST(
+                    similarity(coalesce(d.nome_original, ''), v_q),
+                    similarity(coalesce(d.descricao,     ''), v_q) * 0.7
+                ) AS score
+            FROM public.documents d
+            LEFT JOIN public.patients pat ON pat.id = d.patient_id
+            WHERE d.nome_original ILIKE v_pattern
+               OR d.descricao     ILIKE v_pattern
+            ORDER BY score DESC, d.nome_original ASC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    nome_original,
+            'sublabel', trim(both ' · ' from
+                            coalesce(patient_name, '') || ' · '
+                            || coalesce(tipo_documento, '')),
+            'deeplink', '/therapist/patients/' || patient_id::text || '/documents',
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_documents
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Serviços (ativos)
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'services' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                s.id,
+                s.name,
+                s.price,
+                s.duration_min,
+                GREATEST(
+                    similarity(coalesce(s.name,        ''), v_q),
+                    similarity(coalesce(s.description, ''), v_q) * 0.7
+                ) AS score
+            FROM public.services s
+            WHERE s.active IS TRUE
+              AND (s.name        ILIKE v_pattern
+                OR s.description ILIKE v_pattern)
+            ORDER BY score DESC, s.name ASC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    name,
+            'sublabel', trim(both ' · ' from
+                            'R$ ' || to_char(price, 'FM999G999G990D00') || ' · '
+                            || coalesce(duration_min::text || ' min', '')),
+            'deeplink', '/configuracoes/precificacao',
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_services
+        FROM ranked;
+    END IF;
+
+    -- ─────────────────────────────────────────────────────────────────────
+    -- Intakes pendentes (patient_intake_requests com status='new')
+    -- ─────────────────────────────────────────────────────────────────────
+    IF p_scope IS NULL OR 'intakes' = ANY(p_scope) THEN
+        WITH ranked AS (
+            SELECT
+                r.id,
+                r.nome_completo,
+                r.email_principal,
+                r.telefone,
+                r.created_at,
+                GREATEST(
+                    similarity(coalesce(r.nome_completo,   ''), v_q),
+                    similarity(coalesce(r.email_principal, ''), v_q) * 0.7,
+                    similarity(coalesce(r.telefone,        ''), v_q) * 0.5
+                ) AS score
+            FROM public.patient_intake_requests r
+            WHERE r.status = 'new'
+              AND (r.nome_completo   ILIKE v_pattern
+                OR r.email_principal ILIKE v_pattern
+                OR r.telefone        ILIKE v_pattern)
+            ORDER BY score DESC, r.created_at DESC
+            LIMIT v_limit
+        )
+        SELECT coalesce(jsonb_agg(jsonb_build_object(
+            'id',       id,
+            'label',    coalesce(nullif(trim(nome_completo), ''), '(sem nome)'),
+            'sublabel', trim(both ' · ' from
+                            coalesce(nullif(email_principal, ''), nullif(telefone, ''), '') || ' · '
+                            || 'recebido ' || to_char(created_at, 'DD/MM/YYYY')),
+            'deeplink', '/therapist/patients/cadastro/recebidos?id=' || id::text,
+            'score',    round(score::numeric, 3)
+        )), '[]'::jsonb) INTO v_intakes
+        FROM ranked;
+    END IF;
+
+    RETURN jsonb_build_object(
+        'patients',     v_patients,
+        'appointments', v_appointments,
+        'documents',    v_documents,
+        'services',     v_services,
+        'intakes',      v_intakes
+    );
+END;
+$_$;
+
 CREATE FUNCTION public.seed_default_financial_categories(p_user_id uuid) RETURNS void
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
@@ -3369,33 +4914,132 @@ BEGIN
 END;
 $$;
 
-CREATE FUNCTION public.set_tenant_feature_exception(p_tenant_id uuid, p_feature_key text, p_enabled boolean, p_reason text DEFAULT NULL::text) RETURNS void
+CREATE FUNCTION public.set_tenant_feature_exception(p_tenant_id uuid, p_feature_key text, p_enabled boolean, p_reason text DEFAULT NULL::text) RETURNS jsonb
     LANGUAGE plpgsql SECURITY DEFINER
-    AS $$
-begin
-  -- ??? S?? owner ou admin do tenant podem alterar features
-  if not exists (
-    select 1 from public.tenant_members
-    where tenant_id = p_tenant_id
-      and user_id = auth.uid()
-      and role in ('owner', 'admin')
-      and status = 'active'
-  ) then
-    raise exception 'Acesso negado: apenas owner/admin pode alterar features do tenant.';
-  end if;
+    SET search_path TO 'public'
+    AS $_$
+DECLARE
+  v_caller         uuid := auth.uid();
+  v_is_saas        boolean := public.is_saas_admin();
+  v_is_tenant_adm  boolean;
+  v_plan_allows    boolean;
+  v_feature_key    text;
+  v_reason         text;
+  v_is_exception   boolean;
+BEGIN
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Sanitização (padrão V#31)
+  -- ───────────────────────────────────────────────────────────────────────
+  IF v_caller IS NULL THEN
+    RAISE EXCEPTION 'Não autenticado' USING ERRCODE = '28000';
+  END IF;
 
-  insert into public.tenant_features (tenant_id, feature_key, enabled)
-  values (p_tenant_id, p_feature_key, p_enabled)
-  on conflict (tenant_id, feature_key)
-  do update set enabled = excluded.enabled;
+  IF p_tenant_id IS NULL THEN
+    RAISE EXCEPTION 'tenant_id obrigatório' USING ERRCODE = '22023';
+  END IF;
 
-  insert into public.tenant_feature_exceptions_log (
-    tenant_id, feature_key, enabled, reason, created_by
-  ) values (
-    p_tenant_id, p_feature_key, p_enabled, p_reason, auth.uid()
+  IF p_enabled IS NULL THEN
+    RAISE EXCEPTION 'enabled obrigatório' USING ERRCODE = '22023';
+  END IF;
+
+  v_feature_key := nullif(btrim(coalesce(p_feature_key, '')), '');
+  IF v_feature_key IS NULL THEN
+    RAISE EXCEPTION 'feature_key obrigatório' USING ERRCODE = '22023';
+  END IF;
+  IF length(v_feature_key) > 80 THEN
+    RAISE EXCEPTION 'feature_key inválido (>80)' USING ERRCODE = '22023';
+  END IF;
+  IF v_feature_key !~ '^[a-z][a-z0-9_.]*$' THEN
+    RAISE EXCEPTION 'feature_key formato inválido' USING ERRCODE = '22023';
+  END IF;
+
+  v_reason := nullif(btrim(coalesce(p_reason, '')), '');
+  IF v_reason IS NOT NULL AND length(v_reason) > 500 THEN
+    v_reason := substring(v_reason FROM 1 FOR 500);
+  END IF;
+
+  IF NOT EXISTS (SELECT 1 FROM public.features WHERE key = v_feature_key) THEN
+    RAISE EXCEPTION 'feature_key desconhecida: %', v_feature_key USING ERRCODE = '22023';
+  END IF;
+
+  IF NOT EXISTS (SELECT 1 FROM public.tenants WHERE id = p_tenant_id) THEN
+    RAISE EXCEPTION 'tenant não encontrado' USING ERRCODE = '22023';
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Plano permite essa feature?
+  -- ───────────────────────────────────────────────────────────────────────
+  SELECT EXISTS (
+    SELECT 1
+    FROM public.v_tenant_entitlements vte
+    WHERE vte.tenant_id = p_tenant_id
+      AND vte.feature_key = v_feature_key
+  ) INTO v_plan_allows;
+
+  v_is_exception := (p_enabled = true AND NOT v_plan_allows);
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Caller é tenant_admin desse tenant?
+  -- ───────────────────────────────────────────────────────────────────────
+  v_is_tenant_adm := EXISTS (
+    SELECT 1 FROM public.tenant_members tm
+    WHERE tm.tenant_id = p_tenant_id
+      AND tm.user_id   = v_caller
+      AND tm.status    = 'active'
+      AND tm.role IN ('tenant_admin','admin','owner')
   );
-end;
-$$;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Autorização (assimétrica — V#34 Opção B2)
+  -- ───────────────────────────────────────────────────────────────────────
+  IF v_is_exception THEN
+    -- Override positivo fora do plano = exceção comercial
+    IF NOT v_is_saas THEN
+      RAISE EXCEPTION 'Apenas saas_admin pode liberar feature fora do plano' USING ERRCODE = '42501';
+    END IF;
+    IF v_reason IS NULL THEN
+      RAISE EXCEPTION 'reason obrigatório para exceção comercial' USING ERRCODE = '22023';
+    END IF;
+  ELSE
+    -- Demais casos: tenant_admin OR saas_admin
+    IF NOT (v_is_saas OR v_is_tenant_adm) THEN
+      RAISE EXCEPTION 'Sem permissão para alterar features deste tenant' USING ERRCODE = '42501';
+    END IF;
+  END IF;
+
+  -- ───────────────────────────────────────────────────────────────────────
+  -- Persistência: bypass controlado do trigger guard quando é exceção
+  -- (escopo de transação via SET LOCAL — só esta RPC vê)
+  -- ───────────────────────────────────────────────────────────────────────
+  IF v_is_exception THEN
+    PERFORM set_config('app.allow_feature_exception', 'true', true);
+  END IF;
+
+  INSERT INTO public.tenant_features (tenant_id, feature_key, enabled, updated_at)
+  VALUES (p_tenant_id, v_feature_key, p_enabled, now())
+  ON CONFLICT (tenant_id, feature_key)
+  DO UPDATE SET enabled = EXCLUDED.enabled, updated_at = now();
+
+  -- Restaura flag (defensivo — SET LOCAL já é por transação, mas explicito)
+  IF v_is_exception THEN
+    PERFORM set_config('app.allow_feature_exception', 'false', true);
+  END IF;
+
+  INSERT INTO public.tenant_feature_exceptions_log
+    (tenant_id, feature_key, enabled, reason, created_by)
+  VALUES
+    (p_tenant_id, v_feature_key, p_enabled, v_reason, v_caller);
+
+  RETURN jsonb_build_object(
+    'tenant_id',    p_tenant_id,
+    'feature_key',  v_feature_key,
+    'enabled',      p_enabled,
+    'plan_allows',  v_plan_allows,
+    'is_exception', v_is_exception,
+    'reason',       v_reason
+  );
+END;
+$_$;
 
 CREATE FUNCTION public.set_updated_at() RETURNS trigger
     LANGUAGE plpgsql
@@ -3694,6 +5338,112 @@ begin
 end;
 $$;
 
+CREATE FUNCTION public.sync_legacy_email_fields() RETURNS trigger
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_entity_type TEXT;
+    v_entity_id UUID;
+    v_primary TEXT;
+    v_secondary TEXT;
+BEGIN
+    IF TG_OP = 'DELETE' THEN
+        v_entity_type := OLD.entity_type;
+        v_entity_id := OLD.entity_id;
+    ELSE
+        v_entity_type := NEW.entity_type;
+        v_entity_id := NEW.entity_id;
+    END IF;
+
+    SELECT email INTO v_primary
+        FROM public.contact_emails
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+        ORDER BY is_primary DESC, position ASC, created_at ASC
+        LIMIT 1;
+
+    SELECT email INTO v_secondary
+        FROM public.contact_emails
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+          AND is_primary = false
+        ORDER BY position ASC, created_at ASC
+        OFFSET 0
+        LIMIT 1;
+
+    IF v_entity_type = 'patient' THEN
+        UPDATE public.patients
+            SET email_principal = v_primary,
+                email_alternativo = v_secondary
+            WHERE id = v_entity_id;
+    ELSIF v_entity_type = 'medico' THEN
+        UPDATE public.medicos
+            SET email = v_primary
+            WHERE id = v_entity_id;
+    END IF;
+
+    IF TG_OP = 'DELETE' THEN RETURN OLD; ELSE RETURN NEW; END IF;
+END;
+$$;
+
+CREATE FUNCTION public.sync_legacy_phone_fields() RETURNS trigger
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    v_entity_type TEXT;
+    v_entity_id UUID;
+    v_primary TEXT;
+    v_secondary TEXT;
+    v_whatsapp_slug TEXT;
+    v_whatsapp TEXT;
+BEGIN
+    -- Identifica entidade afetada (pode ser OLD em delete)
+    IF TG_OP = 'DELETE' THEN
+        v_entity_type := OLD.entity_type;
+        v_entity_id := OLD.entity_id;
+    ELSE
+        v_entity_type := NEW.entity_type;
+        v_entity_id := NEW.entity_id;
+    END IF;
+
+    -- Pega primary (ou primeiro)
+    SELECT number INTO v_primary
+        FROM public.contact_phones
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+        ORDER BY is_primary DESC, position ASC, created_at ASC
+        LIMIT 1;
+
+    -- Pega segundo (depois do primary)
+    SELECT number INTO v_secondary
+        FROM public.contact_phones
+        WHERE entity_type = v_entity_type AND entity_id = v_entity_id
+          AND is_primary = false
+        ORDER BY position ASC, created_at ASC
+        OFFSET 0
+        LIMIT 1;
+
+    -- Sincroniza campos legados
+    IF v_entity_type = 'patient' THEN
+        UPDATE public.patients
+            SET telefone = v_primary,
+                telefone_alternativo = v_secondary
+            WHERE id = v_entity_id;
+    ELSIF v_entity_type = 'medico' THEN
+        -- Medicos: telefone_profissional = primary; telefone_pessoal = secundario
+        UPDATE public.medicos
+            SET telefone_profissional = v_primary,
+                telefone_pessoal = v_secondary
+            WHERE id = v_entity_id;
+    END IF;
+
+    IF TG_OP = 'DELETE' THEN
+        RETURN OLD;
+    ELSE
+        RETURN NEW;
+    END IF;
+END;
+$$;
+
 CREATE FUNCTION public.sync_overdue_financial_records() RETURNS integer
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
@@ -3880,32 +5630,39 @@ $$;
 CREATE FUNCTION public.tenant_features_guard_with_plan() RETURNS trigger
     LANGUAGE plpgsql
     AS $$
-declare
-  v_allowed boolean;
-begin
-  -- s?? valida quando est?? habilitando
-  if new.enabled is distinct from true then
-    return new;
-  end if;
+DECLARE
+  v_allowed   boolean;
+  v_bypass    text;
+BEGIN
+  -- Só valida quando está habilitando
+  IF new.enabled IS DISTINCT FROM true THEN
+    RETURN new;
+  END IF;
 
-  -- permitido pelo plano do tenant?
-  select exists (
-    select 1
-    from public.v_tenant_entitlements_full v
-    where v.tenant_id = new.tenant_id
-      and v.feature_key = new.feature_key
-      and v.allowed = true
-  )
-  into v_allowed;
+  -- Bypass autorizado: setado pela RPC set_tenant_feature_exception
+  -- após validar que o caller é saas_admin com reason.
+  v_bypass := current_setting('app.allow_feature_exception', true);
+  IF v_bypass = 'true' THEN
+    RETURN new;
+  END IF;
 
-  if not v_allowed then
-    raise exception 'Feature % n??o permitida pelo plano atual do tenant %.',
+  -- Permitido pelo plano do tenant?
+  SELECT EXISTS (
+    SELECT 1
+    FROM public.v_tenant_entitlements_full v
+    WHERE v.tenant_id = new.tenant_id
+      AND v.feature_key = new.feature_key
+      AND v.allowed = true
+  ) INTO v_allowed;
+
+  IF NOT v_allowed THEN
+    RAISE EXCEPTION 'Feature % não permitida pelo plano atual do tenant %.',
       new.feature_key, new.tenant_id
-      using errcode = 'P0001';
-  end if;
+      USING ERRCODE = 'P0001';
+  END IF;
 
-  return new;
-end;
+  RETURN new;
+END;
 $$;
 
 CREATE FUNCTION public.tenant_has_feature(_tenant_id uuid, _feature text) RETURNS boolean
@@ -4499,6 +6256,58 @@ BEGIN
 END;
 $$;
 
+CREATE FUNCTION public.update_twilio_config(p_account_sid text DEFAULT NULL::text, p_whatsapp_webhook_url text DEFAULT NULL::text, p_usd_brl_rate numeric DEFAULT NULL::numeric, p_margin_multiplier numeric DEFAULT NULL::numeric, p_notes text DEFAULT NULL::text) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $_$
+DECLARE
+    v_caller         uuid := auth.uid();
+    v_account_sid    text;
+    v_webhook_url    text;
+    v_notes          text;
+BEGIN
+    IF v_caller IS NULL THEN
+        RAISE EXCEPTION 'Não autenticado' USING ERRCODE = '28000';
+    END IF;
+    IF NOT public.is_saas_admin() THEN
+        RAISE EXCEPTION 'Apenas saas_admin pode atualizar config Twilio' USING ERRCODE = '42501';
+    END IF;
+
+    -- Sanitização
+    v_account_sid := nullif(btrim(coalesce(p_account_sid, '')), '');
+    v_webhook_url := nullif(btrim(coalesce(p_whatsapp_webhook_url, '')), '');
+    v_notes       := nullif(btrim(coalesce(p_notes, '')), '');
+
+    IF v_account_sid IS NOT NULL AND v_account_sid !~ '^AC[a-zA-Z0-9]{32}$' THEN
+        RAISE EXCEPTION 'account_sid inválido (esperado AC + 32 chars)' USING ERRCODE = '22023';
+    END IF;
+    IF v_webhook_url IS NOT NULL AND v_webhook_url !~ '^https?://' THEN
+        RAISE EXCEPTION 'webhook_url deve começar com http(s)://' USING ERRCODE = '22023';
+    END IF;
+    IF p_usd_brl_rate IS NOT NULL AND (p_usd_brl_rate <= 0 OR p_usd_brl_rate >= 100) THEN
+        RAISE EXCEPTION 'usd_brl_rate fora da faixa (0..100)' USING ERRCODE = '22023';
+    END IF;
+    IF p_margin_multiplier IS NOT NULL AND (p_margin_multiplier < 1 OR p_margin_multiplier > 10) THEN
+        RAISE EXCEPTION 'margin_multiplier fora da faixa (1..10)' USING ERRCODE = '22023';
+    END IF;
+    IF v_notes IS NOT NULL AND length(v_notes) > 1000 THEN
+        v_notes := substring(v_notes FROM 1 FOR 1000);
+    END IF;
+
+    UPDATE saas_twilio_config
+       SET account_sid          = COALESCE(v_account_sid, account_sid),
+           whatsapp_webhook_url = COALESCE(v_webhook_url, whatsapp_webhook_url),
+           usd_brl_rate         = COALESCE(p_usd_brl_rate, usd_brl_rate),
+           margin_multiplier    = COALESCE(p_margin_multiplier, margin_multiplier),
+           notes                = COALESCE(v_notes, notes),
+           updated_at           = now(),
+           updated_by           = v_caller
+     WHERE id = true;
+
+    RETURN public.get_twilio_config();
+END;
+$_$;
+
 CREATE FUNCTION public.user_has_feature(_user_id uuid, _feature text) RETURNS boolean
     LANGUAGE sql STABLE
     AS $$
@@ -4511,6 +6320,57 @@ CREATE FUNCTION public.user_has_feature(_user_id uuid, _feature text) RETURNS bo
   );
 $$;
 
+CREATE FUNCTION public.validate_share_token(p_token text) RETURNS jsonb
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    sl document_share_links%ROWTYPE;
+    v_doc documents%ROWTYPE;
+    v_token text;
+BEGIN
+    v_token := nullif(btrim(coalesce(p_token, '')), '');
+    IF v_token IS NULL THEN
+        RAISE EXCEPTION 'token obrigatório' USING ERRCODE = '22023';
+    END IF;
+
+    SELECT * INTO sl FROM document_share_links WHERE token = v_token LIMIT 1;
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'Token inválido' USING ERRCODE = '28000';
+    END IF;
+    IF sl.ativo IS NOT TRUE THEN
+        RAISE EXCEPTION 'Link desativado' USING ERRCODE = '28000';
+    END IF;
+    IF sl.expira_em IS NOT NULL AND sl.expira_em < now() THEN
+        RAISE EXCEPTION 'Link expirado' USING ERRCODE = '28000';
+    END IF;
+    IF sl.usos_max IS NOT NULL AND sl.usos >= sl.usos_max THEN
+        RAISE EXCEPTION 'Limite de uso atingido' USING ERRCODE = '28000';
+    END IF;
+
+    UPDATE document_share_links SET usos = usos + 1 WHERE id = sl.id;
+
+    BEGIN
+        INSERT INTO document_access_logs (document_id, tenant_id, action, share_link_id)
+        SELECT sl.document_id, d.tenant_id, 'shared_link_access', sl.id
+        FROM documents d WHERE d.id = sl.document_id;
+    EXCEPTION WHEN OTHERS THEN
+        NULL;
+    END;
+
+    SELECT * INTO v_doc FROM documents WHERE id = sl.document_id;
+
+    RETURN jsonb_build_object(
+        'document_id',    sl.document_id,
+        'bucket',         v_doc.storage_bucket,
+        'bucket_path',    v_doc.bucket_path,
+        'nome_original',  v_doc.nome_original,
+        'mime_type',      v_doc.mime_type,
+        'tamanho_bytes',  v_doc.tamanho_bytes
+    );
+END;
+$$;
+
 CREATE FUNCTION public.validate_support_session(p_token text) RETURNS json
     LANGUAGE plpgsql SECURITY DEFINER
     SET search_path TO 'public'
@@ -4539,6 +6399,26 @@ BEGIN
 END;
 $$;
 
+CREATE FUNCTION public.verify_math_challenge(p_id uuid, p_answer integer) RETURNS boolean
+    LANGUAGE plpgsql SECURITY DEFINER
+    SET search_path TO 'public'
+    AS $$
+DECLARE
+    mc math_challenges%ROWTYPE;
+BEGIN
+    IF p_id IS NULL OR p_answer IS NULL THEN RETURN false; END IF;
+
+    SELECT * INTO mc FROM math_challenges WHERE id = p_id;
+    IF NOT FOUND OR mc.used OR mc.expires_at < now() THEN
+        RETURN false;
+    END IF;
+
+    UPDATE math_challenges SET used = true WHERE id = p_id;
+
+    RETURN mc.answer = p_answer;
+END;
+$$;
+
 CREATE FUNCTION public.whoami() RETURNS TABLE(uid uuid, role text)
     LANGUAGE sql STABLE
     AS $$
diff --git a/database-novo/schema/03_functions/realtime.sql b/database-novo/schema/03_functions/realtime.sql
index 59ed93d..f2aec30 100644
--- a/database-novo/schema/03_functions/realtime.sql
+++ b/database-novo/schema/03_functions/realtime.sql
@@ -1,5 +1,5 @@
 -- Functions: realtime
--- Gerado automaticamente em 2026-04-17T12:23:05.223Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.949Z
 -- Total: 12
 
 CREATE FUNCTION realtime.apply_rls(wal jsonb, max_record_bytes integer DEFAULT (1024 * 1024)) RETURNS SETOF realtime.wal_rls
diff --git a/database-novo/schema/03_functions/storage.sql b/database-novo/schema/03_functions/storage.sql
index 3ea94f0..2854673 100644
--- a/database-novo/schema/03_functions/storage.sql
+++ b/database-novo/schema/03_functions/storage.sql
@@ -1,5 +1,5 @@
 -- Functions: storage
--- Gerado automaticamente em 2026-04-17T12:23:05.224Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.950Z
 -- Total: 15
 
 CREATE FUNCTION storage.can_insert_object(bucketid text, name text, owner uuid, metadata jsonb) RETURNS void
diff --git a/database-novo/schema/03_functions/supabase_functions.sql b/database-novo/schema/03_functions/supabase_functions.sql
index 3423455..112db86 100644
--- a/database-novo/schema/03_functions/supabase_functions.sql
+++ b/database-novo/schema/03_functions/supabase_functions.sql
@@ -1,5 +1,5 @@
 -- Functions: supabase_functions
--- Gerado automaticamente em 2026-04-17T12:23:05.224Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.950Z
 -- Total: 1
 
 CREATE FUNCTION supabase_functions.http_request() RETURNS trigger
diff --git a/database-novo/schema/04_tables/addons_cr_ditos.sql b/database-novo/schema/04_tables/addons_cr_ditos.sql
index e5218e9..8229cad 100644
--- a/database-novo/schema/04_tables/addons_cr_ditos.sql
+++ b/database-novo/schema/04_tables/addons_cr_ditos.sql
@@ -1,6 +1,6 @@
 -- Tables: Addons / Créditos
--- Gerado automaticamente em 2026-04-17T12:23:05.228Z
--- Total: 3
+-- Gerado automaticamente em 2026-04-21T23:16:34.955Z
+-- Total: 7
 
 CREATE TABLE public.addon_credits (
     id uuid DEFAULT gen_random_uuid() NOT NULL,
@@ -22,7 +22,10 @@ CREATE TABLE public.addon_credits (
     expires_at timestamp with time zone,
     is_active boolean DEFAULT true,
     created_at timestamp with time zone DEFAULT now(),
-    updated_at timestamp with time zone DEFAULT now()
+    updated_at timestamp with time zone DEFAULT now(),
+    CONSTRAINT addon_credits_balance_nonneg_chk CHECK ((balance >= 0)),
+    CONSTRAINT addon_credits_consumed_nonneg_chk CHECK ((total_consumed >= 0)),
+    CONSTRAINT addon_credits_purchased_nonneg_chk CHECK ((total_purchased >= 0))
 );
 
 CREATE TABLE public.addon_products (
@@ -64,3 +67,70 @@ CREATE TABLE public.addon_transactions (
     created_at timestamp with time zone DEFAULT now(),
     metadata jsonb DEFAULT '{}'::jsonb
 );
+
+CREATE TABLE public.whatsapp_credit_packages (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    name text NOT NULL,
+    description text,
+    credits integer NOT NULL,
+    price_brl numeric(10,2) NOT NULL,
+    is_active boolean DEFAULT true NOT NULL,
+    is_featured boolean DEFAULT false NOT NULL,
+    "position" integer DEFAULT 100 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT whatsapp_credit_packages_credits_check CHECK ((credits > 0)),
+    CONSTRAINT whatsapp_credit_packages_name_check CHECK (((length(name) > 0) AND (length(name) <= 100))),
+    CONSTRAINT whatsapp_credit_packages_price_brl_check CHECK ((price_brl > (0)::numeric))
+);
+
+CREATE TABLE public.whatsapp_credit_purchases (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid NOT NULL,
+    package_id uuid,
+    package_name text NOT NULL,
+    credits integer NOT NULL,
+    amount_brl numeric(10,2) NOT NULL,
+    status text DEFAULT 'pending'::text NOT NULL,
+    asaas_customer_id text,
+    asaas_payment_id text,
+    asaas_payment_link text,
+    asaas_pix_qrcode text,
+    asaas_pix_copy_paste text,
+    paid_at timestamp with time zone,
+    expires_at timestamp with time zone,
+    failed_at timestamp with time zone,
+    created_by uuid,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT whatsapp_credit_purchases_amount_brl_check CHECK ((amount_brl > (0)::numeric)),
+    CONSTRAINT whatsapp_credit_purchases_credits_check CHECK ((credits > 0)),
+    CONSTRAINT whatsapp_credit_purchases_status_check CHECK ((status = ANY (ARRAY['pending'::text, 'paid'::text, 'failed'::text, 'expired'::text, 'refunded'::text, 'cancelled'::text])))
+);
+
+CREATE TABLE public.whatsapp_credits_balance (
+    tenant_id uuid NOT NULL,
+    balance integer DEFAULT 0 NOT NULL,
+    lifetime_purchased integer DEFAULT 0 NOT NULL,
+    lifetime_used integer DEFAULT 0 NOT NULL,
+    low_balance_threshold integer DEFAULT 20 NOT NULL,
+    low_balance_alerted_at timestamp with time zone,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT whatsapp_credits_balance_balance_check CHECK ((balance >= 0)),
+    CONSTRAINT whatsapp_credits_balance_low_balance_threshold_check CHECK ((low_balance_threshold >= 0))
+);
+
+CREATE TABLE public.whatsapp_credits_transactions (
+    id bigint NOT NULL,
+    tenant_id uuid NOT NULL,
+    kind text NOT NULL,
+    amount integer NOT NULL,
+    balance_after integer NOT NULL,
+    conversation_message_id bigint,
+    purchase_id uuid,
+    admin_id uuid,
+    note text,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT whatsapp_credits_transactions_kind_check CHECK ((kind = ANY (ARRAY['purchase'::text, 'usage'::text, 'topup_manual'::text, 'refund'::text, 'adjustment'::text])))
+);
diff --git a/database-novo/schema/04_tables/agenda_agendamento.sql b/database-novo/schema/04_tables/agenda_agendamento.sql
index a1a1662..e596130 100644
--- a/database-novo/schema/04_tables/agenda_agendamento.sql
+++ b/database-novo/schema/04_tables/agenda_agendamento.sql
@@ -1,5 +1,5 @@
 -- Tables: Agenda / Agendamento
--- Gerado automaticamente em 2026-04-17T12:23:05.229Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.955Z
 -- Total: 10
 
 CREATE TABLE public.agenda_bloqueios (
diff --git a/database-novo/schema/04_tables/central_saas_docs_faq.sql b/database-novo/schema/04_tables/central_saas_docs_faq.sql
index ba00291..ea079ea 100644
--- a/database-novo/schema/04_tables/central_saas_docs_faq.sql
+++ b/database-novo/schema/04_tables/central_saas_docs_faq.sql
@@ -1,5 +1,5 @@
 -- Tables: Central SaaS (docs/FAQ)
--- Gerado automaticamente em 2026-04-17T12:23:05.230Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.957Z
 -- Total: 4
 
 CREATE TABLE public.saas_doc_votos (
diff --git a/database-novo/schema/04_tables/comunica_o_notifica_es.sql b/database-novo/schema/04_tables/comunica_o_notifica_es.sql
index e589fb4..293fd61 100644
--- a/database-novo/schema/04_tables/comunica_o_notifica_es.sql
+++ b/database-novo/schema/04_tables/comunica_o_notifica_es.sql
@@ -1,7 +1,36 @@
 -- Tables: Comunicação / Notificações
--- Gerado automaticamente em 2026-04-17T12:23:05.230Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.955Z
 -- Total: 14
 
+CREATE TABLE public.notification_logs (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid NOT NULL,
+    owner_id uuid NOT NULL,
+    queue_id uuid,
+    agenda_evento_id uuid,
+    patient_id uuid NOT NULL,
+    channel text NOT NULL,
+    template_key text NOT NULL,
+    schedule_key text,
+    recipient_address text NOT NULL,
+    resolved_message text,
+    resolved_vars jsonb,
+    status text NOT NULL,
+    provider text,
+    provider_message_id text,
+    provider_status text,
+    provider_response jsonb,
+    sent_at timestamp with time zone,
+    delivered_at timestamp with time zone,
+    read_at timestamp with time zone,
+    failed_at timestamp with time zone,
+    failure_reason text,
+    estimated_cost_brl numeric(8,4) DEFAULT 0,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT notification_logs_status_check CHECK ((status = ANY (ARRAY['sent'::text, 'delivered'::text, 'read'::text, 'failed'::text, 'bounced'::text, 'opted_out'::text])))
+);
+
 CREATE TABLE public.email_layout_config (
     id uuid DEFAULT gen_random_uuid() NOT NULL,
     tenant_id uuid NOT NULL,
@@ -123,35 +152,6 @@ CREATE TABLE public.notification_channels (
     CONSTRAINT notification_channels_provider_check CHECK ((provider = ANY (ARRAY['evolution_api'::text, 'meta_official'::text, 'twilio'::text, 'zenvia'::text, 'sendgrid'::text, 'resend'::text, 'smtp'::text, 'zapi'::text])))
 );
 
-CREATE TABLE public.notification_logs (
-    id uuid DEFAULT gen_random_uuid() NOT NULL,
-    tenant_id uuid NOT NULL,
-    owner_id uuid NOT NULL,
-    queue_id uuid,
-    agenda_evento_id uuid,
-    patient_id uuid NOT NULL,
-    channel text NOT NULL,
-    template_key text NOT NULL,
-    schedule_key text,
-    recipient_address text NOT NULL,
-    resolved_message text,
-    resolved_vars jsonb,
-    status text NOT NULL,
-    provider text,
-    provider_message_id text,
-    provider_status text,
-    provider_response jsonb,
-    sent_at timestamp with time zone,
-    delivered_at timestamp with time zone,
-    read_at timestamp with time zone,
-    failed_at timestamp with time zone,
-    failure_reason text,
-    estimated_cost_brl numeric(8,4) DEFAULT 0,
-    created_at timestamp with time zone DEFAULT now() NOT NULL,
-    updated_at timestamp with time zone DEFAULT now() NOT NULL,
-    CONSTRAINT notification_logs_status_check CHECK ((status = ANY (ARRAY['sent'::text, 'delivered'::text, 'read'::text, 'failed'::text, 'bounced'::text, 'opted_out'::text])))
-);
-
 CREATE TABLE public.notification_preferences (
     id uuid DEFAULT gen_random_uuid() NOT NULL,
     tenant_id uuid NOT NULL,
@@ -260,7 +260,7 @@ CREATE TABLE public.notifications (
     read_at timestamp with time zone,
     archived boolean DEFAULT false NOT NULL,
     created_at timestamp with time zone DEFAULT now() NOT NULL,
-    CONSTRAINT notifications_type_check CHECK ((type = ANY (ARRAY['new_scheduling'::text, 'new_patient'::text, 'recurrence_alert'::text, 'session_status'::text])))
+    CONSTRAINT notifications_type_check CHECK ((type = ANY (ARRAY['new_scheduling'::text, 'new_patient'::text, 'recurrence_alert'::text, 'session_status'::text, 'inbound_message'::text])))
 );
 
 CREATE TABLE public.twilio_subaccount_usage (
diff --git a/database-novo/schema/04_tables/crm_conversas_whatsapp.sql b/database-novo/schema/04_tables/crm_conversas_whatsapp.sql
new file mode 100644
index 0000000..6026e1a
--- /dev/null
+++ b/database-novo/schema/04_tables/crm_conversas_whatsapp.sql
@@ -0,0 +1,155 @@
+-- Tables: CRM Conversas (WhatsApp)
+-- Gerado automaticamente em 2026-04-21T23:16:34.956Z
+-- Total: 10
+
+CREATE TABLE public.conversation_autoreply_log (
+    id bigint NOT NULL,
+    tenant_id uuid NOT NULL,
+    thread_key text NOT NULL,
+    sent_at timestamp with time zone DEFAULT now() NOT NULL,
+    message_id uuid
+);
+
+CREATE TABLE public.conversation_autoreply_settings (
+    tenant_id uuid NOT NULL,
+    enabled boolean DEFAULT false NOT NULL,
+    message text DEFAULT 'Olá! Nosso horário de atendimento acabou. Retornaremos sua mensagem assim que possível. Obrigado!'::text NOT NULL,
+    cooldown_minutes integer DEFAULT 180 NOT NULL,
+    schedule_mode text DEFAULT 'agenda'::text NOT NULL,
+    business_hours jsonb DEFAULT '[]'::jsonb NOT NULL,
+    custom_window jsonb DEFAULT '[]'::jsonb NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT conversation_autoreply_settings_cooldown_minutes_check CHECK (((cooldown_minutes >= 0) AND (cooldown_minutes <= 43200))),
+    CONSTRAINT conversation_autoreply_settings_message_check CHECK (((length(message) > 0) AND (length(message) <= 2000))),
+    CONSTRAINT conversation_autoreply_settings_schedule_mode_check CHECK ((schedule_mode = ANY (ARRAY['agenda'::text, 'business_hours'::text, 'custom'::text])))
+);
+
+CREATE TABLE public.conversation_messages (
+    id bigint NOT NULL,
+    tenant_id uuid NOT NULL,
+    patient_id uuid,
+    channel text NOT NULL,
+    direction text NOT NULL,
+    from_number text,
+    to_number text,
+    body text,
+    media_url text,
+    media_mime text,
+    provider text NOT NULL,
+    provider_message_id text,
+    provider_raw jsonb,
+    kanban_status text DEFAULT 'awaiting_us'::text NOT NULL,
+    priority integer DEFAULT 0 NOT NULL,
+    read_at timestamp with time zone,
+    responded_at timestamp with time zone,
+    resolved_at timestamp with time zone,
+    received_at timestamp with time zone,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    delivered_at timestamp with time zone,
+    read_by_recipient_at timestamp with time zone,
+    delivery_status text,
+    CONSTRAINT conversation_messages_channel_check CHECK ((channel = ANY (ARRAY['whatsapp'::text, 'sms'::text, 'email'::text]))),
+    CONSTRAINT conversation_messages_delivery_status_check CHECK (((delivery_status IS NULL) OR (delivery_status = ANY (ARRAY['pending'::text, 'sent'::text, 'delivered'::text, 'read'::text, 'failed'::text])))),
+    CONSTRAINT conversation_messages_direction_check CHECK ((direction = ANY (ARRAY['inbound'::text, 'outbound'::text]))),
+    CONSTRAINT conversation_messages_kanban_status_check CHECK ((kanban_status = ANY (ARRAY['urgent'::text, 'awaiting_us'::text, 'awaiting_patient'::text, 'resolved'::text]))),
+    CONSTRAINT conversation_messages_provider_check CHECK ((provider = ANY (ARRAY['twilio'::text, 'evolution'::text, 'manual'::text])))
+);
+
+CREATE TABLE public.conversation_notes (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid NOT NULL,
+    thread_key text NOT NULL,
+    patient_id uuid,
+    contact_number text,
+    body text NOT NULL,
+    created_by uuid NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    deleted_at timestamp with time zone,
+    CONSTRAINT conversation_notes_body_check CHECK (((length(body) > 0) AND (length(body) <= 4000)))
+);
+
+CREATE TABLE public.conversation_optout_keywords (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid,
+    keyword text NOT NULL,
+    enabled boolean DEFAULT true NOT NULL,
+    is_system boolean DEFAULT false NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT conversation_optout_keywords_keyword_check CHECK (((length(keyword) > 0) AND (length(keyword) <= 100)))
+);
+
+CREATE TABLE public.conversation_optouts (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid NOT NULL,
+    phone text NOT NULL,
+    patient_id uuid,
+    source text DEFAULT 'keyword'::text NOT NULL,
+    keyword_matched text,
+    original_message text,
+    notes text,
+    blocked_by uuid,
+    opted_out_at timestamp with time zone DEFAULT now() NOT NULL,
+    opted_back_in_at timestamp with time zone,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT conversation_optouts_phone_check CHECK ((phone ~ '^\d{6,15}$'::text)),
+    CONSTRAINT conversation_optouts_source_check CHECK ((source = ANY (ARRAY['keyword'::text, 'manual'::text])))
+);
+
+CREATE TABLE public.conversation_tags (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid,
+    name text NOT NULL,
+    slug text NOT NULL,
+    color text DEFAULT '#6366f1'::text NOT NULL,
+    icon text,
+    "position" integer DEFAULT 100 NOT NULL,
+    is_system boolean DEFAULT false NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT conversation_tags_color_check CHECK ((color ~ '^#[0-9a-fA-F]{6}$'::text)),
+    CONSTRAINT conversation_tags_name_check CHECK (((length(name) > 0) AND (length(name) <= 40))),
+    CONSTRAINT conversation_tags_slug_check CHECK ((slug ~ '^[a-z0-9_-]{1,40}$'::text))
+);
+
+CREATE TABLE public.conversation_thread_tags (
+    tenant_id uuid NOT NULL,
+    thread_key text NOT NULL,
+    tag_id uuid NOT NULL,
+    tagged_by uuid,
+    tagged_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+CREATE TABLE public.session_reminder_logs (
+    id bigint NOT NULL,
+    event_id uuid NOT NULL,
+    tenant_id uuid NOT NULL,
+    reminder_type text NOT NULL,
+    sent_at timestamp with time zone DEFAULT now() NOT NULL,
+    provider text,
+    skip_reason text,
+    to_phone text,
+    provider_message_id text,
+    conversation_message_id bigint,
+    CONSTRAINT session_reminder_logs_reminder_type_check CHECK ((reminder_type = ANY (ARRAY['24h'::text, '2h'::text])))
+);
+
+CREATE TABLE public.session_reminder_settings (
+    tenant_id uuid NOT NULL,
+    enabled boolean DEFAULT false NOT NULL,
+    send_24h boolean DEFAULT true NOT NULL,
+    send_2h boolean DEFAULT true NOT NULL,
+    template_24h text DEFAULT 'Oi {{nome_paciente}}! 👋 Lembrando da sua sessão amanhã, {{data_sessao}} às {{hora_sessao}}. Até lá!'::text NOT NULL,
+    template_2h text DEFAULT 'Oi {{nome_paciente}}! Sua sessão começa em 2 horas, às {{hora_sessao}}. Te espero! 😊'::text NOT NULL,
+    quiet_hours_enabled boolean DEFAULT true NOT NULL,
+    quiet_hours_start time without time zone DEFAULT '22:00:00'::time without time zone NOT NULL,
+    quiet_hours_end time without time zone DEFAULT '08:00:00'::time without time zone NOT NULL,
+    respect_opt_out boolean DEFAULT true NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT session_reminder_settings_template_24h_check CHECK (((length(template_24h) > 0) AND (length(template_24h) <= 2000))),
+    CONSTRAINT session_reminder_settings_template_2h_check CHECK (((length(template_2h) > 0) AND (length(template_2h) <= 2000)))
+);
diff --git a/database-novo/schema/04_tables/documentos.sql b/database-novo/schema/04_tables/documentos.sql
index c1f61a1..7091457 100644
--- a/database-novo/schema/04_tables/documentos.sql
+++ b/database-novo/schema/04_tables/documentos.sql
@@ -1,5 +1,5 @@
 -- Tables: Documentos
--- Gerado automaticamente em 2026-04-17T12:23:05.229Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.955Z
 -- Total: 6
 
 CREATE TABLE public.document_access_logs (
@@ -111,6 +111,7 @@ CREATE TABLE public.documents (
     retencao_ate timestamp with time zone,
     created_at timestamp with time zone DEFAULT now(),
     updated_at timestamp with time zone DEFAULT now(),
+    content_sha256 text,
     CONSTRAINT documents_status_revisao_check CHECK ((status_revisao = ANY (ARRAY['pendente'::text, 'aprovado'::text, 'rejeitado'::text]))),
     CONSTRAINT documents_tipo_check CHECK ((tipo_documento = ANY (ARRAY['laudo'::text, 'receita'::text, 'exame'::text, 'termo_assinado'::text, 'relatorio_externo'::text, 'identidade'::text, 'convenio'::text, 'declaracao'::text, 'atestado'::text, 'recibo'::text, 'outro'::text]))),
     CONSTRAINT documents_visibilidade_check CHECK ((visibilidade = ANY (ARRAY['privado'::text, 'compartilhado_supervisor'::text, 'compartilhado_portal'::text])))
diff --git a/database-novo/schema/04_tables/estrutura_calend_rio.sql b/database-novo/schema/04_tables/estrutura_calend_rio.sql
index 810a92a..a0291cb 100644
--- a/database-novo/schema/04_tables/estrutura_calend_rio.sql
+++ b/database-novo/schema/04_tables/estrutura_calend_rio.sql
@@ -1,5 +1,5 @@
 -- Tables: Estrutura / Calendário
--- Gerado automaticamente em 2026-04-17T12:23:05.230Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.956Z
 -- Total: 1
 
 CREATE TABLE public.feriados (
diff --git a/database-novo/schema/04_tables/financeiro.sql b/database-novo/schema/04_tables/financeiro.sql
index 26de5c2..0c2fdb7 100644
--- a/database-novo/schema/04_tables/financeiro.sql
+++ b/database-novo/schema/04_tables/financeiro.sql
@@ -1,11 +1,11 @@
 -- Tables: Financeiro
--- Gerado automaticamente em 2026-04-17T12:23:05.228Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.954Z
 -- Total: 10
 
 CREATE TABLE public.financial_records (
     id uuid DEFAULT gen_random_uuid() NOT NULL,
     owner_id uuid NOT NULL,
-    tenant_id uuid,
+    tenant_id uuid NOT NULL,
     type public.financial_record_type DEFAULT 'receita'::public.financial_record_type NOT NULL,
     amount numeric(10,2) NOT NULL,
     description text,
@@ -35,6 +35,7 @@ CREATE TABLE public.financial_records (
     CONSTRAINT financial_records_clinic_fee_amount_check CHECK ((clinic_fee_amount >= (0)::numeric)),
     CONSTRAINT financial_records_clinic_fee_pct_check CHECK (((clinic_fee_pct >= (0)::numeric) AND (clinic_fee_pct <= (100)::numeric))),
     CONSTRAINT financial_records_discount_amount_check CHECK ((discount_amount >= (0)::numeric)),
+    CONSTRAINT financial_records_fee_lte_amount_chk CHECK (((clinic_fee_amount IS NULL) OR ((clinic_fee_amount >= (0)::numeric) AND (clinic_fee_amount <= amount)))),
     CONSTRAINT financial_records_final_amount_check CHECK ((final_amount >= (0)::numeric)),
     CONSTRAINT financial_records_installments_check CHECK ((installments >= 1)),
     CONSTRAINT financial_records_status_check CHECK ((status = ANY (ARRAY['pending'::text, 'paid'::text, 'partial'::text, 'overdue'::text, 'cancelled'::text, 'refunded'::text])))
diff --git a/database-novo/schema/04_tables/outros.sql b/database-novo/schema/04_tables/outros.sql
index 3803ba4..cbeddea 100644
--- a/database-novo/schema/04_tables/outros.sql
+++ b/database-novo/schema/04_tables/outros.sql
@@ -1,6 +1,6 @@
 -- Tables: outros
--- Gerado automaticamente em 2026-04-17T12:23:05.228Z
--- Total: 1
+-- Gerado automaticamente em 2026-04-21T23:16:34.954Z
+-- Total: 17
 
 CREATE TABLE public._db_migrations (
     id integer NOT NULL,
@@ -9,3 +9,259 @@ CREATE TABLE public._db_migrations (
     category text DEFAULT 'migration'::text NOT NULL,
     applied_at timestamp with time zone DEFAULT now() NOT NULL
 );
+
+CREATE TABLE public.audit_logs (
+    id bigint NOT NULL,
+    tenant_id uuid NOT NULL,
+    user_id uuid,
+    entity_type text NOT NULL,
+    entity_id text,
+    action text NOT NULL,
+    old_values jsonb,
+    new_values jsonb,
+    changed_fields text[],
+    metadata jsonb DEFAULT '{}'::jsonb NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT audit_logs_action_check CHECK ((action = ANY (ARRAY['insert'::text, 'update'::text, 'delete'::text])))
+);
+
+CREATE TABLE public.dev_auditoria_items (
+    id bigint NOT NULL,
+    categoria character varying(120),
+    titulo text NOT NULL,
+    descricao_problema text,
+    solucao text,
+    severidade character varying(20),
+    status character varying(20) DEFAULT 'aberto'::character varying NOT NULL,
+    resolvido_em date,
+    sessao_resolucao character varying(160),
+    arquivo_afetado text,
+    tags text[] DEFAULT '{}'::text[],
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    ordem integer DEFAULT 0 NOT NULL,
+    CONSTRAINT dev_auditoria_items_severidade_check CHECK (((severidade IS NULL) OR ((severidade)::text = ANY ((ARRAY['critico'::character varying, 'alto'::character varying, 'medio'::character varying, 'baixo'::character varying])::text[])))),
+    CONSTRAINT dev_auditoria_items_status_check CHECK (((status)::text = ANY ((ARRAY['aberto'::character varying, 'em_analise'::character varying, 'resolvido'::character varying, 'wontfix'::character varying, 'duplicado'::character varying])::text[])))
+);
+
+CREATE TABLE public.dev_comparison_competitor_status (
+    id bigint NOT NULL,
+    comparison_id bigint NOT NULL,
+    competitor_id bigint NOT NULL,
+    status character varying(20) DEFAULT 'a_definir'::character varying NOT NULL,
+    nota text,
+    fonte character varying(20),
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT dev_comparison_competitor_status_fonte_check CHECK (((fonte IS NULL) OR ((fonte)::text = ANY ((ARRAY['fetched'::character varying, 'observacao'::character varying, 'publico'::character varying, 'hipotese'::character varying])::text[])))),
+    CONSTRAINT dev_comparison_competitor_status_status_check CHECK (((status)::text = ANY ((ARRAY['tem'::character varying, 'parcial'::character varying, 'gap'::character varying, 'na'::character varying, 'a_definir'::character varying])::text[])))
+);
+
+CREATE TABLE public.dev_comparison_matrix (
+    id bigint NOT NULL,
+    dominio character varying(120),
+    feature text NOT NULL,
+    nosso_status character varying(20) DEFAULT 'a_definir'::character varying NOT NULL,
+    nossa_nota text,
+    importancia character varying(20),
+    ordem integer DEFAULT 0 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT dev_comparison_matrix_importancia_check CHECK (((importancia IS NULL) OR ((importancia)::text = ANY ((ARRAY['alta'::character varying, 'media'::character varying, 'baixa'::character varying])::text[])))),
+    CONSTRAINT dev_comparison_matrix_nosso_status_check CHECK (((nosso_status)::text = ANY ((ARRAY['tem'::character varying, 'parcial'::character varying, 'gap'::character varying, 'na'::character varying, 'a_definir'::character varying])::text[])))
+);
+
+CREATE TABLE public.dev_competitor_features (
+    id bigint NOT NULL,
+    competitor_id bigint NOT NULL,
+    categoria character varying(120),
+    nome text NOT NULL,
+    descricao text,
+    fonte character varying(20) DEFAULT 'publico'::character varying NOT NULL,
+    fonte_url text,
+    data_fonte date,
+    destaque boolean DEFAULT false NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    ordem integer DEFAULT 0 NOT NULL,
+    CONSTRAINT dev_competitor_features_fonte_check CHECK (((fonte)::text = ANY ((ARRAY['fetched'::character varying, 'observacao'::character varying, 'publico'::character varying, 'hipotese'::character varying])::text[])))
+);
+
+CREATE TABLE public.dev_competitors (
+    id bigint NOT NULL,
+    slug character varying(80) NOT NULL,
+    nome character varying(160) NOT NULL,
+    pais character varying(40),
+    foco character varying(160),
+    pricing text,
+    posicionamento text,
+    url text,
+    ultima_pesquisa date,
+    notas text,
+    ativo boolean DEFAULT true NOT NULL,
+    ordem integer DEFAULT 0 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+CREATE TABLE public.dev_generation_log (
+    id bigint NOT NULL,
+    tipo character varying(40) NOT NULL,
+    comando text,
+    sucesso boolean DEFAULT false NOT NULL,
+    stdout text,
+    stderr text,
+    duration_ms integer,
+    metadata jsonb DEFAULT '{}'::jsonb,
+    trigger_user_id uuid,
+    created_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+CREATE TABLE public.dev_roadmap_items (
+    id bigint NOT NULL,
+    phase_id bigint NOT NULL,
+    numero integer,
+    bloco character varying(160),
+    feature text NOT NULL,
+    descricao text,
+    esforco character varying(4),
+    prioridade character varying(20),
+    status character varying(20) DEFAULT 'pendente'::character varying NOT NULL,
+    notas text,
+    assignee character varying(120),
+    data_inicio date,
+    data_conclusao date,
+    ordem integer DEFAULT 0 NOT NULL,
+    tags text[] DEFAULT '{}'::text[],
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT dev_roadmap_items_esforco_check CHECK (((esforco IS NULL) OR ((esforco)::text = ANY ((ARRAY['S'::character varying, 'M'::character varying, 'L'::character varying, 'XL'::character varying])::text[])))),
+    CONSTRAINT dev_roadmap_items_prioridade_check CHECK (((prioridade IS NULL) OR ((prioridade)::text = ANY ((ARRAY['bloqueador'::character varying, 'alta'::character varying, 'media'::character varying, 'diferencial'::character varying])::text[])))),
+    CONSTRAINT dev_roadmap_items_status_check CHECK (((status)::text = ANY ((ARRAY['pendente'::character varying, 'em_andamento'::character varying, 'concluido'::character varying, 'cancelado'::character varying, 'bloqueado'::character varying])::text[])))
+);
+
+CREATE TABLE public.dev_roadmap_phases (
+    id bigint NOT NULL,
+    numero integer NOT NULL,
+    nome character varying(160) NOT NULL,
+    objetivo text,
+    timeline_sugerida character varying(160),
+    criterio_saida text,
+    status character varying(20) DEFAULT 'planejada'::character varying NOT NULL,
+    data_inicio date,
+    data_fim date,
+    ordem integer DEFAULT 0 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT dev_roadmap_phases_status_check CHECK (((status)::text = ANY ((ARRAY['planejada'::character varying, 'em_andamento'::character varying, 'concluida'::character varying, 'arquivada'::character varying])::text[])))
+);
+
+CREATE TABLE public.dev_test_items (
+    id bigint NOT NULL,
+    area character varying(80) NOT NULL,
+    categoria character varying(120),
+    titulo text NOT NULL,
+    arquivo text,
+    descricao text,
+    total_tests integer DEFAULT 0,
+    passing integer DEFAULT 0,
+    failing integer DEFAULT 0,
+    skipped integer DEFAULT 0,
+    cobertura_pct numeric(5,2),
+    status character varying(20) DEFAULT 'ok'::character varying NOT NULL,
+    last_run_at timestamp with time zone,
+    sessao_criacao character varying(160),
+    notas text,
+    tags text[] DEFAULT '{}'::text[],
+    ordem integer DEFAULT 0 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT dev_test_items_status_check CHECK (((status)::text = ANY ((ARRAY['ok'::character varying, 'falhando'::character varying, 'pendente'::character varying, 'obsoleto'::character varying, 'a_escrever'::character varying])::text[])))
+);
+
+CREATE TABLE public.dev_verificacoes_items (
+    id bigint NOT NULL,
+    area character varying(80) NOT NULL,
+    categoria character varying(120),
+    titulo text NOT NULL,
+    descricao text,
+    resultado text,
+    acao_sugerida text,
+    severidade character varying(20),
+    status character varying(20) DEFAULT 'pendente'::character varying NOT NULL,
+    verificado_em date,
+    sessao_verificacao character varying(160),
+    arquivo_afetado text,
+    auditoria_item_id bigint,
+    tags text[] DEFAULT '{}'::text[],
+    ordem integer DEFAULT 0 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT dev_verificacoes_items_severidade_check CHECK (((severidade IS NULL) OR ((severidade)::text = ANY ((ARRAY['critico'::character varying, 'alto'::character varying, 'medio'::character varying, 'baixo'::character varying])::text[])))),
+    CONSTRAINT dev_verificacoes_items_status_check CHECK (((status)::text = ANY ((ARRAY['pendente'::character varying, 'verificando'::character varying, 'ok'::character varying, 'problema'::character varying, 'corrigido'::character varying, 'wontfix'::character varying])::text[])))
+);
+
+CREATE TABLE public.math_challenges (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    question text NOT NULL,
+    answer integer NOT NULL,
+    used boolean DEFAULT false NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    expires_at timestamp with time zone DEFAULT (now() + '00:05:00'::interval) NOT NULL
+);
+
+CREATE TABLE public.patient_invite_attempts (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    token text NOT NULL,
+    ok boolean NOT NULL,
+    error_code text,
+    error_msg text,
+    client_info text,
+    owner_id uuid,
+    tenant_id uuid,
+    created_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+CREATE TABLE public.public_submission_attempts (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    endpoint text NOT NULL,
+    ip_hash text,
+    success boolean NOT NULL,
+    error_code text,
+    error_msg text,
+    blocked_by text,
+    user_agent text,
+    metadata jsonb,
+    created_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+CREATE TABLE public.saas_security_config (
+    id boolean DEFAULT true NOT NULL,
+    honeypot_enabled boolean DEFAULT true NOT NULL,
+    rate_limit_enabled boolean DEFAULT true NOT NULL,
+    rate_limit_window_min integer DEFAULT 10 NOT NULL,
+    rate_limit_max_attempts integer DEFAULT 5 NOT NULL,
+    captcha_after_failures integer DEFAULT 3 NOT NULL,
+    captcha_required_globally boolean DEFAULT false NOT NULL,
+    block_duration_min integer DEFAULT 30 NOT NULL,
+    captcha_required_window_min integer DEFAULT 60 NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_by uuid,
+    CONSTRAINT saas_security_config_singleton CHECK ((id = true))
+);
+
+CREATE TABLE public.saas_twilio_config (
+    id boolean DEFAULT true NOT NULL,
+    account_sid text,
+    whatsapp_webhook_url text,
+    usd_brl_rate numeric(10,4) DEFAULT 5.5 NOT NULL,
+    margin_multiplier numeric(10,4) DEFAULT 1.4 NOT NULL,
+    notes text,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_by uuid,
+    CONSTRAINT saas_twilio_config_mult_chk CHECK (((margin_multiplier >= (1)::numeric) AND (margin_multiplier <= (10)::numeric))),
+    CONSTRAINT saas_twilio_config_rate_chk CHECK (((usd_brl_rate > (0)::numeric) AND (usd_brl_rate < (100)::numeric))),
+    CONSTRAINT saas_twilio_config_sid_chk CHECK (((account_sid IS NULL) OR (account_sid ~ '^AC[a-zA-Z0-9]{32}$'::text))),
+    CONSTRAINT saas_twilio_config_singleton CHECK ((id = true)),
+    CONSTRAINT saas_twilio_config_url_chk CHECK (((whatsapp_webhook_url IS NULL) OR (whatsapp_webhook_url ~ '^https?://'::text)))
+);
diff --git a/database-novo/schema/04_tables/pacientes.sql b/database-novo/schema/04_tables/pacientes.sql
index acf7131..69ddab3 100644
--- a/database-novo/schema/04_tables/pacientes.sql
+++ b/database-novo/schema/04_tables/pacientes.sql
@@ -1,6 +1,159 @@
 -- Tables: Pacientes
--- Gerado automaticamente em 2026-04-17T12:23:05.230Z
--- Total: 12
+-- Gerado automaticamente em 2026-04-21T23:16:34.956Z
+-- Total: 16
+
+CREATE TABLE public.patient_status_history (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    patient_id uuid NOT NULL,
+    tenant_id uuid NOT NULL,
+    status_anterior text,
+    status_novo text NOT NULL,
+    motivo text,
+    encaminhado_para text,
+    data_saida date,
+    alterado_por uuid,
+    alterado_em timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT psh_status_novo_check CHECK ((status_novo = ANY (ARRAY['Ativo'::text, 'Inativo'::text, 'Alta'::text, 'Encaminhado'::text, 'Arquivado'::text])))
+);
+
+CREATE TABLE public.contact_email_types (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid,
+    name text NOT NULL,
+    slug text NOT NULL,
+    icon text,
+    is_system boolean DEFAULT false NOT NULL,
+    "position" integer DEFAULT 100 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT contact_email_types_name_check CHECK (((length(name) > 0) AND (length(name) <= 40))),
+    CONSTRAINT contact_email_types_slug_check CHECK ((slug ~ '^[a-z0-9_-]{1,40}$'::text))
+);
+
+CREATE TABLE public.contact_emails (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid NOT NULL,
+    entity_type text NOT NULL,
+    entity_id uuid NOT NULL,
+    contact_email_type_id uuid NOT NULL,
+    email text NOT NULL,
+    is_primary boolean DEFAULT false NOT NULL,
+    notes text,
+    "position" integer DEFAULT 100 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT contact_emails_email_check CHECK ((email ~* '^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}$'::text)),
+    CONSTRAINT contact_emails_entity_type_check CHECK ((entity_type = ANY (ARRAY['patient'::text, 'medico'::text])))
+);
+
+CREATE TABLE public.contact_phones (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid NOT NULL,
+    entity_type text NOT NULL,
+    entity_id uuid NOT NULL,
+    contact_type_id uuid NOT NULL,
+    number text NOT NULL,
+    is_primary boolean DEFAULT false NOT NULL,
+    whatsapp_linked_at timestamp with time zone,
+    notes text,
+    "position" integer DEFAULT 100 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT contact_phones_entity_type_check CHECK ((entity_type = ANY (ARRAY['patient'::text, 'medico'::text]))),
+    CONSTRAINT contact_phones_number_check CHECK ((number ~ '^\d{8,15}$'::text))
+);
+
+CREATE TABLE public.contact_types (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    tenant_id uuid,
+    name text NOT NULL,
+    slug text NOT NULL,
+    icon text,
+    is_mobile boolean DEFAULT true NOT NULL,
+    is_system boolean DEFAULT false NOT NULL,
+    "position" integer DEFAULT 100 NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    CONSTRAINT contact_types_name_check CHECK (((length(name) > 0) AND (length(name) <= 40))),
+    CONSTRAINT contact_types_slug_check CHECK ((slug ~ '^[a-z0-9_-]{1,40}$'::text))
+);
+
+CREATE TABLE public.patients (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    nome_completo text NOT NULL,
+    email_principal text,
+    telefone text,
+    created_at timestamp with time zone DEFAULT now(),
+    owner_id uuid,
+    avatar_url text,
+    status text DEFAULT 'Ativo'::text,
+    last_attended_at timestamp with time zone,
+    is_native boolean DEFAULT false,
+    naturalidade text,
+    data_nascimento date,
+    rg text,
+    cpf text,
+    identification_color text,
+    genero text,
+    estado_civil text,
+    email_alternativo text,
+    pais text DEFAULT 'Brasil'::text,
+    cep text,
+    cidade text,
+    estado text,
+    endereco text,
+    numero text,
+    bairro text,
+    complemento text,
+    escolaridade text,
+    profissao text,
+    nome_parente text,
+    grau_parentesco text,
+    telefone_alternativo text,
+    onde_nos_conheceu text,
+    encaminhado_por text,
+    nome_responsavel text,
+    telefone_responsavel text,
+    cpf_responsavel text,
+    observacao_responsavel text,
+    cobranca_no_responsavel boolean DEFAULT false,
+    observacoes text,
+    notas_internas text,
+    updated_at timestamp with time zone DEFAULT now(),
+    telefone_parente text,
+    tenant_id uuid NOT NULL,
+    responsible_member_id uuid NOT NULL,
+    user_id uuid,
+    patient_scope text DEFAULT 'clinic'::text NOT NULL,
+    therapist_member_id uuid,
+    nome_social text,
+    pronomes text,
+    etnia text,
+    religiao text,
+    faixa_renda text,
+    canal_preferido text DEFAULT 'whatsapp'::text,
+    horario_contato_inicio time without time zone DEFAULT '08:00:00'::time without time zone,
+    horario_contato_fim time without time zone DEFAULT '20:00:00'::time without time zone,
+    idioma text DEFAULT 'pt-BR'::text,
+    origem text,
+    metodo_pagamento_preferido text,
+    motivo_saida text,
+    data_saida date,
+    encaminhado_para text,
+    risco_elevado boolean DEFAULT false NOT NULL,
+    risco_nota text,
+    risco_sinalizado_em timestamp with time zone,
+    risco_sinalizado_por uuid,
+    horario_contato text,
+    convenio text,
+    convenio_id uuid,
+    CONSTRAINT cpf_responsavel_format_check CHECK (((cpf_responsavel IS NULL) OR (cpf_responsavel ~ '^\d{11}$'::text))),
+    CONSTRAINT patients_cpf_format_check CHECK (((cpf IS NULL) OR (cpf ~ '^\d{11}$'::text))),
+    CONSTRAINT patients_faixa_renda_check CHECK (((faixa_renda IS NULL) OR (faixa_renda = ANY (ARRAY['ate_1sm'::text, '1_3sm'::text, '3_6sm'::text, '6_10sm'::text, 'acima_10sm'::text, 'nao_informado'::text])))),
+    CONSTRAINT patients_metodo_pagamento_check CHECK (((metodo_pagamento_preferido IS NULL) OR (metodo_pagamento_preferido = ANY (ARRAY['pix'::text, 'cartao'::text, 'dinheiro'::text, 'deposito'::text, 'convenio'::text])))),
+    CONSTRAINT patients_risco_consistency_check CHECK (((risco_elevado = false) OR ((risco_elevado = true) AND (risco_nota IS NOT NULL) AND (risco_sinalizado_por IS NOT NULL)))),
+    CONSTRAINT patients_status_check CHECK ((status = ANY (ARRAY['Ativo'::text, 'Em espera'::text, 'Inativo'::text, 'Alta'::text, 'Encaminhado'::text, 'Arquivado'::text])))
+);
 
 CREATE TABLE public.patient_contacts (
     id uuid DEFAULT gen_random_uuid() NOT NULL,
@@ -117,20 +270,6 @@ CREATE TABLE public.patient_patient_tag (
     tenant_id uuid NOT NULL
 );
 
-CREATE TABLE public.patient_status_history (
-    id uuid DEFAULT gen_random_uuid() NOT NULL,
-    patient_id uuid NOT NULL,
-    tenant_id uuid NOT NULL,
-    status_anterior text,
-    status_novo text NOT NULL,
-    motivo text,
-    encaminhado_para text,
-    data_saida date,
-    alterado_por uuid,
-    alterado_em timestamp with time zone DEFAULT now() NOT NULL,
-    CONSTRAINT psh_status_novo_check CHECK ((status_novo = ANY (ARRAY['Ativo'::text, 'Inativo'::text, 'Alta'::text, 'Encaminhado'::text, 'Arquivado'::text])))
-);
-
 CREATE TABLE public.patient_support_contacts (
     id uuid DEFAULT gen_random_uuid() NOT NULL,
     patient_id uuid NOT NULL,
@@ -172,80 +311,3 @@ CREATE TABLE public.patient_timeline (
     CONSTRAINT pt_evento_tipo_check CHECK ((evento_tipo = ANY (ARRAY['primeira_sessao'::text, 'sessao_realizada'::text, 'sessao_cancelada'::text, 'falta'::text, 'status_alterado'::text, 'risco_sinalizado'::text, 'risco_removido'::text, 'documento_assinado'::text, 'documento_adicionado'::text, 'escala_respondida'::text, 'escala_enviada'::text, 'pagamento_vencido'::text, 'pagamento_recebido'::text, 'tarefa_combinada'::text, 'contato_adicionado'::text, 'prontuario_editado'::text, 'nota_adicionada'::text, 'manual'::text]))),
     CONSTRAINT pt_icone_cor_check CHECK ((icone_cor = ANY (ARRAY['green'::text, 'blue'::text, 'amber'::text, 'red'::text, 'gray'::text, 'purple'::text])))
 );
-
-CREATE TABLE public.patients (
-    id uuid DEFAULT gen_random_uuid() NOT NULL,
-    nome_completo text NOT NULL,
-    email_principal text,
-    telefone text,
-    created_at timestamp with time zone DEFAULT now(),
-    owner_id uuid,
-    avatar_url text,
-    status text DEFAULT 'Ativo'::text,
-    last_attended_at timestamp with time zone,
-    is_native boolean DEFAULT false,
-    naturalidade text,
-    data_nascimento date,
-    rg text,
-    cpf text,
-    identification_color text,
-    genero text,
-    estado_civil text,
-    email_alternativo text,
-    pais text DEFAULT 'Brasil'::text,
-    cep text,
-    cidade text,
-    estado text,
-    endereco text,
-    numero text,
-    bairro text,
-    complemento text,
-    escolaridade text,
-    profissao text,
-    nome_parente text,
-    grau_parentesco text,
-    telefone_alternativo text,
-    onde_nos_conheceu text,
-    encaminhado_por text,
-    nome_responsavel text,
-    telefone_responsavel text,
-    cpf_responsavel text,
-    observacao_responsavel text,
-    cobranca_no_responsavel boolean DEFAULT false,
-    observacoes text,
-    notas_internas text,
-    updated_at timestamp with time zone DEFAULT now(),
-    telefone_parente text,
-    tenant_id uuid NOT NULL,
-    responsible_member_id uuid NOT NULL,
-    user_id uuid,
-    patient_scope text DEFAULT 'clinic'::text NOT NULL,
-    therapist_member_id uuid,
-    nome_social text,
-    pronomes text,
-    etnia text,
-    religiao text,
-    faixa_renda text,
-    canal_preferido text DEFAULT 'whatsapp'::text,
-    horario_contato_inicio time without time zone DEFAULT '08:00:00'::time without time zone,
-    horario_contato_fim time without time zone DEFAULT '20:00:00'::time without time zone,
-    idioma text DEFAULT 'pt-BR'::text,
-    origem text,
-    metodo_pagamento_preferido text,
-    motivo_saida text,
-    data_saida date,
-    encaminhado_para text,
-    risco_elevado boolean DEFAULT false NOT NULL,
-    risco_nota text,
-    risco_sinalizado_em timestamp with time zone,
-    risco_sinalizado_por uuid,
-    horario_contato text,
-    convenio text,
-    convenio_id uuid,
-    CONSTRAINT cpf_responsavel_format_check CHECK (((cpf_responsavel IS NULL) OR (cpf_responsavel ~ '^\d{11}$'::text))),
-    CONSTRAINT patients_cpf_format_check CHECK (((cpf IS NULL) OR (cpf ~ '^\d{11}$'::text))),
-    CONSTRAINT patients_faixa_renda_check CHECK (((faixa_renda IS NULL) OR (faixa_renda = ANY (ARRAY['ate_1sm'::text, '1_3sm'::text, '3_6sm'::text, '6_10sm'::text, 'acima_10sm'::text, 'nao_informado'::text])))),
-    CONSTRAINT patients_metodo_pagamento_check CHECK (((metodo_pagamento_preferido IS NULL) OR (metodo_pagamento_preferido = ANY (ARRAY['pix'::text, 'cartao'::text, 'dinheiro'::text, 'deposito'::text, 'convenio'::text])))),
-    CONSTRAINT patients_risco_consistency_check CHECK (((risco_elevado = false) OR ((risco_elevado = true) AND (risco_nota IS NOT NULL) AND (risco_sinalizado_por IS NOT NULL)))),
-    CONSTRAINT patients_status_check CHECK ((status = ANY (ARRAY['Ativo'::text, 'Em espera'::text, 'Inativo'::text, 'Alta'::text, 'Encaminhado'::text, 'Arquivado'::text])))
-);
diff --git a/database-novo/schema/04_tables/saas_planos.sql b/database-novo/schema/04_tables/saas_planos.sql
index 913e2fe..e1e813a 100644
--- a/database-novo/schema/04_tables/saas_planos.sql
+++ b/database-novo/schema/04_tables/saas_planos.sql
@@ -1,5 +1,5 @@
 -- Tables: SaaS / Planos
--- Gerado automaticamente em 2026-04-17T12:23:05.227Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.953Z
 -- Total: 18
 
 CREATE TABLE public.subscriptions (
@@ -66,7 +66,8 @@ CREATE TABLE public.features (
     description text,
     created_at timestamp with time zone DEFAULT now() NOT NULL,
     descricao text DEFAULT ''::text NOT NULL,
-    name text DEFAULT ''::text NOT NULL
+    name text DEFAULT ''::text NOT NULL,
+    is_active boolean DEFAULT true NOT NULL
 );
 
 CREATE TABLE public.module_features (
diff --git a/database-novo/schema/04_tables/seguran_a_rate_limiting.sql b/database-novo/schema/04_tables/seguran_a_rate_limiting.sql
new file mode 100644
index 0000000..0cffab7
--- /dev/null
+++ b/database-novo/schema/04_tables/seguran_a_rate_limiting.sql
@@ -0,0 +1,15 @@
+-- Tables: Segurança / Rate limiting
+-- Gerado automaticamente em 2026-04-21T23:16:34.957Z
+-- Total: 1
+
+CREATE TABLE public.submission_rate_limits (
+    ip_hash text NOT NULL,
+    endpoint text NOT NULL,
+    attempt_count integer DEFAULT 0 NOT NULL,
+    fail_count integer DEFAULT 0 NOT NULL,
+    window_start timestamp with time zone DEFAULT now() NOT NULL,
+    blocked_until timestamp with time zone,
+    requires_captcha_until timestamp with time zone,
+    last_attempt_at timestamp with time zone DEFAULT now() NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL
+);
diff --git a/database-novo/schema/04_tables/servi_os_prontu_rios.sql b/database-novo/schema/04_tables/servi_os_prontu_rios.sql
index d0aa74d..271e1fc 100644
--- a/database-novo/schema/04_tables/servi_os_prontu_rios.sql
+++ b/database-novo/schema/04_tables/servi_os_prontu_rios.sql
@@ -1,5 +1,5 @@
 -- Tables: Serviços / Prontuários
--- Gerado automaticamente em 2026-04-17T12:23:05.229Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.956Z
 -- Total: 8
 
 CREATE TABLE public.commitment_services (
diff --git a/database-novo/schema/04_tables/tenants_multi_tenant.sql b/database-novo/schema/04_tables/tenants_multi_tenant.sql
index a6ec9c5..15a25ed 100644
--- a/database-novo/schema/04_tables/tenants_multi_tenant.sql
+++ b/database-novo/schema/04_tables/tenants_multi_tenant.sql
@@ -1,5 +1,5 @@
 -- Tables: Tenants / Multi-tenant
--- Gerado automaticamente em 2026-04-17T12:23:05.228Z
+-- Gerado automaticamente em 2026-04-21T23:16:34.954Z
 -- Total: 10
 
 CREATE TABLE public.tenant_members (
diff --git a/database-novo/schema/05_views/views.sql b/database-novo/schema/05_views/views.sql
index b78149a..b53d1aa 100644
--- a/database-novo/schema/05_views/views.sql
+++ b/database-novo/schema/05_views/views.sql
@@ -1,6 +1,142 @@
 -- Views
--- Gerado automaticamente em 2026-04-17T12:23:05.233Z
--- Total: 27
+-- Gerado automaticamente em 2026-04-21T23:16:34.958Z
+-- Total: 29
+
+CREATE VIEW public.audit_log_unified WITH (security_invoker='true') AS
+ SELECT ('audit:'::text || (al.id)::text) AS uid,
+    al.tenant_id,
+    al.user_id,
+    al.entity_type,
+    al.entity_id,
+    al.action,
+        CASE al.action
+            WHEN 'insert'::text THEN ('Criou '::text || al.entity_type)
+            WHEN 'update'::text THEN (('Alterou '::text || al.entity_type) || COALESCE(((' ('::text || array_to_string(al.changed_fields, ', '::text)) || ')'::text), ''::text))
+            WHEN 'delete'::text THEN ('Excluiu '::text || al.entity_type)
+            ELSE NULL::text
+        END AS description,
+    al.created_at AS occurred_at,
+    'audit_logs'::text AS source,
+    jsonb_build_object('old_values', al.old_values, 'new_values', al.new_values, 'changed_fields', al.changed_fields) AS details
+   FROM public.audit_logs al
+UNION ALL
+ SELECT ('doc_access:'::text || (dal.id)::text) AS uid,
+    dal.tenant_id,
+    dal.user_id,
+    'document'::text AS entity_type,
+    (dal.documento_id)::text AS entity_id,
+    dal.acao AS action,
+        CASE dal.acao
+            WHEN 'visualizou'::text THEN 'Visualizou documento'::text
+            WHEN 'baixou'::text THEN 'Baixou documento'::text
+            WHEN 'imprimiu'::text THEN 'Imprimiu documento'::text
+            WHEN 'compartilhou'::text THEN 'Compartilhou documento'::text
+            WHEN 'assinou'::text THEN 'Assinou documento'::text
+            ELSE dal.acao
+        END AS description,
+    dal.acessado_em AS occurred_at,
+    'document_access_logs'::text AS source,
+    jsonb_build_object('ip', (dal.ip)::text, 'user_agent', dal.user_agent) AS details
+   FROM public.document_access_logs dal
+UNION ALL
+ SELECT ('psh:'::text || (psh.id)::text) AS uid,
+    psh.tenant_id,
+    psh.alterado_por AS user_id,
+    'patient_status'::text AS entity_type,
+    (psh.patient_id)::text AS entity_id,
+    'status_change'::text AS action,
+    (((('Status do paciente: '::text || COALESCE(psh.status_anterior, '—'::text)) || ' → '::text) || psh.status_novo) || COALESCE(((' ('::text || psh.motivo) || ')'::text), ''::text)) AS description,
+    psh.alterado_em AS occurred_at,
+    'patient_status_history'::text AS source,
+    jsonb_build_object('status_anterior', psh.status_anterior, 'status_novo', psh.status_novo, 'motivo', psh.motivo, 'encaminhado_para', psh.encaminhado_para, 'data_saida', psh.data_saida) AS details
+   FROM public.patient_status_history psh
+UNION ALL
+ SELECT ('notif:'::text || (nl.id)::text) AS uid,
+    nl.tenant_id,
+    nl.owner_id AS user_id,
+    'notification'::text AS entity_type,
+    (nl.patient_id)::text AS entity_id,
+    nl.status AS action,
+    (((('Notificação '::text || nl.channel) || ' '::text) || nl.status) || COALESCE((' para '::text || nl.recipient_address), ''::text)) AS description,
+    nl.created_at AS occurred_at,
+    'notification_logs'::text AS source,
+    jsonb_build_object('channel', nl.channel, 'template_key', nl.template_key, 'status', nl.status, 'provider', nl.provider, 'failure_reason', nl.failure_reason) AS details
+   FROM public.notification_logs nl
+UNION ALL
+ SELECT ('addon:'::text || (at.id)::text) AS uid,
+    at.tenant_id,
+    at.admin_user_id AS user_id,
+    'addon_transaction'::text AS entity_type,
+    (at.id)::text AS entity_id,
+    at.type AS action,
+        CASE at.type
+            WHEN 'purchase'::text THEN ((('Compra de '::text || at.amount) || ' créditos de '::text) || at.addon_type)
+            WHEN 'consumption'::text THEN ((('Consumo de '::text || abs(at.amount)) || ' crédito(s) '::text) || at.addon_type)
+            WHEN 'adjustment'::text THEN ('Ajuste de créditos '::text || at.addon_type)
+            WHEN 'refund'::text THEN ((('Reembolso de '::text || abs(at.amount)) || ' créditos '::text) || at.addon_type)
+            ELSE ((at.type || ' '::text) || at.addon_type)
+        END AS description,
+    at.created_at AS occurred_at,
+    'addon_transactions'::text AS source,
+    jsonb_build_object('addon_type', at.addon_type, 'amount', at.amount, 'balance_after', at.balance_after, 'price_cents', at.price_cents, 'payment_reference', at.payment_reference) AS details
+   FROM public.addon_transactions at;
+
+CREATE VIEW public.conversation_threads WITH (security_invoker='true') AS
+ WITH base AS (
+         SELECT cm.id,
+            cm.tenant_id,
+            cm.patient_id,
+            cm.channel,
+            cm.body,
+            cm.direction,
+            cm.kanban_status,
+            cm.read_at,
+            cm.created_at,
+                CASE
+                    WHEN (cm.direction = 'inbound'::text) THEN cm.from_number
+                    ELSE cm.to_number
+                END AS contact_number,
+            COALESCE((cm.patient_id)::text, ('anon:'::text || COALESCE(
+                CASE
+                    WHEN (cm.direction = 'inbound'::text) THEN cm.from_number
+                    ELSE cm.to_number
+                END, 'unknown'::text))) AS thread_key
+           FROM public.conversation_messages cm
+        ), latest AS (
+         SELECT DISTINCT ON (base.tenant_id, base.thread_key) base.tenant_id,
+            base.thread_key,
+            base.patient_id,
+            base.channel,
+            base.contact_number,
+            base.body AS last_message_body,
+            base.direction AS last_message_direction,
+            base.kanban_status,
+            base.created_at AS last_message_at
+           FROM base
+          ORDER BY base.tenant_id, base.thread_key, base.created_at DESC
+        ), counts AS (
+         SELECT base.tenant_id,
+            base.thread_key,
+            count(*) AS message_count,
+            count(*) FILTER (WHERE ((base.direction = 'inbound'::text) AND (base.read_at IS NULL))) AS unread_count
+           FROM base
+          GROUP BY base.tenant_id, base.thread_key
+        )
+ SELECT l.tenant_id,
+    l.thread_key,
+    l.patient_id,
+    p.nome_completo AS patient_name,
+    l.contact_number,
+    l.channel,
+    c.message_count,
+    c.unread_count,
+    l.last_message_at,
+    l.last_message_body,
+    l.last_message_direction,
+    l.kanban_status
+   FROM ((latest l
+     JOIN counts c ON (((c.tenant_id = l.tenant_id) AND (c.thread_key = l.thread_key))))
+     LEFT JOIN public.patients p ON ((p.id = l.patient_id)));
 
 CREATE VIEW public.current_tenant_id AS
  SELECT current_setting('request.jwt.claim.tenant_id'::text, true) AS current_setting;
diff --git a/database-novo/schema/06_indexes/indexes.sql b/database-novo/schema/06_indexes/indexes.sql
index a0b5c59..7c2120e 100644
--- a/database-novo/schema/06_indexes/indexes.sql
+++ b/database-novo/schema/06_indexes/indexes.sql
@@ -1,6 +1,6 @@
 -- Indexes
--- Gerado automaticamente em 2026-04-17T12:23:05.235Z
--- Total: 270
+-- Gerado automaticamente em 2026-04-21T23:16:34.961Z
+-- Total: 361
 
 CREATE INDEX agenda_bloqueios_owner_data_idx ON public.agenda_bloqueios USING btree (owner_id, data_inicio, data_fim);
 
@@ -166,10 +166,126 @@ CREATE INDEX idx_addon_tx_type ON public.addon_transactions USING btree (type);
 
 CREATE INDEX idx_agenda_eventos_determined_commitment_id ON public.agenda_eventos USING btree (determined_commitment_id);
 
+CREATE INDEX idx_agenda_eventos_titulo_custom_trgm ON public.agenda_eventos USING gin (titulo_custom public.gin_trgm_ops) WHERE (titulo_custom IS NOT NULL);
+
+CREATE INDEX idx_agenda_eventos_titulo_trgm ON public.agenda_eventos USING gin (titulo public.gin_trgm_ops) WHERE (titulo IS NOT NULL);
+
 CREATE INDEX idx_agenda_excecoes_owner_data ON public.agenda_excecoes USING btree (owner_id, data);
 
 CREATE INDEX idx_agenda_slots_regras_owner_dia ON public.agenda_slots_regras USING btree (owner_id, dia_semana);
 
+CREATE INDEX idx_audit_logs_changed_fields ON public.audit_logs USING gin (changed_fields);
+
+CREATE INDEX idx_audit_logs_entity ON public.audit_logs USING btree (entity_type, entity_id);
+
+CREATE INDEX idx_audit_logs_tenant_created ON public.audit_logs USING btree (tenant_id, created_at DESC);
+
+CREATE INDEX idx_audit_logs_user_created ON public.audit_logs USING btree (user_id, created_at DESC) WHERE (user_id IS NOT NULL);
+
+CREATE INDEX idx_autoreply_log_cooldown ON public.conversation_autoreply_log USING btree (tenant_id, thread_key, sent_at DESC);
+
+CREATE INDEX idx_contact_email_types_tenant ON public.contact_email_types USING btree (tenant_id, "position");
+
+CREATE INDEX idx_contact_emails_email ON public.contact_emails USING btree (tenant_id, email);
+
+CREATE INDEX idx_contact_emails_entity ON public.contact_emails USING btree (tenant_id, entity_type, entity_id, "position");
+
+CREATE INDEX idx_contact_phones_entity ON public.contact_phones USING btree (tenant_id, entity_type, entity_id, "position");
+
+CREATE INDEX idx_contact_phones_number ON public.contact_phones USING btree (tenant_id, number);
+
+CREATE INDEX idx_contact_types_tenant ON public.contact_types USING btree (tenant_id, "position");
+
+CREATE INDEX idx_conv_msg_delivery_status ON public.conversation_messages USING btree (tenant_id, delivery_status) WHERE (direction = 'outbound'::text);
+
+CREATE INDEX idx_conv_msg_from_number ON public.conversation_messages USING btree (tenant_id, from_number);
+
+CREATE INDEX idx_conv_msg_kanban ON public.conversation_messages USING btree (tenant_id, kanban_status, priority DESC, created_at DESC);
+
+CREATE INDEX idx_conv_msg_patient ON public.conversation_messages USING btree (patient_id, created_at DESC) WHERE (patient_id IS NOT NULL);
+
+CREATE INDEX idx_conv_msg_provider_msg_id ON public.conversation_messages USING btree (provider_message_id) WHERE (provider_message_id IS NOT NULL);
+
+CREATE INDEX idx_conv_msg_tenant_created ON public.conversation_messages USING btree (tenant_id, created_at DESC);
+
+CREATE INDEX idx_conv_notes_created_by ON public.conversation_notes USING btree (created_by, created_at DESC) WHERE (deleted_at IS NULL);
+
+CREATE INDEX idx_conv_notes_patient ON public.conversation_notes USING btree (patient_id, created_at DESC) WHERE ((deleted_at IS NULL) AND (patient_id IS NOT NULL));
+
+CREATE INDEX idx_conv_notes_tenant_thread ON public.conversation_notes USING btree (tenant_id, thread_key, created_at DESC) WHERE (deleted_at IS NULL);
+
+CREATE INDEX idx_conv_optout_kw_tenant ON public.conversation_optout_keywords USING btree (tenant_id) WHERE (enabled = true);
+
+CREATE INDEX idx_conv_optouts_patient ON public.conversation_optouts USING btree (patient_id) WHERE (patient_id IS NOT NULL);
+
+CREATE INDEX idx_conv_optouts_tenant_phone ON public.conversation_optouts USING btree (tenant_id, phone);
+
+CREATE INDEX idx_conv_tags_tenant ON public.conversation_tags USING btree (tenant_id, "position");
+
+CREATE INDEX idx_conv_thread_tags_tag ON public.conversation_thread_tags USING btree (tag_id);
+
+CREATE INDEX idx_conv_thread_tags_tenant_thread ON public.conversation_thread_tags USING btree (tenant_id, thread_key);
+
+CREATE INDEX idx_dev_auditoria_items_categoria ON public.dev_auditoria_items USING btree (categoria);
+
+CREATE INDEX idx_dev_auditoria_items_ordem ON public.dev_auditoria_items USING btree (ordem);
+
+CREATE INDEX idx_dev_auditoria_items_severidade ON public.dev_auditoria_items USING btree (severidade);
+
+CREATE INDEX idx_dev_auditoria_items_status ON public.dev_auditoria_items USING btree (status);
+
+CREATE INDEX idx_dev_ccs_comp ON public.dev_comparison_competitor_status USING btree (competitor_id);
+
+CREATE INDEX idx_dev_ccs_comparison ON public.dev_comparison_competitor_status USING btree (comparison_id);
+
+CREATE INDEX idx_dev_comparison_matrix_dominio ON public.dev_comparison_matrix USING btree (dominio);
+
+CREATE INDEX idx_dev_comparison_matrix_status ON public.dev_comparison_matrix USING btree (nosso_status);
+
+CREATE INDEX idx_dev_competitor_features_cat ON public.dev_competitor_features USING btree (categoria);
+
+CREATE INDEX idx_dev_competitor_features_comp ON public.dev_competitor_features USING btree (competitor_id);
+
+CREATE INDEX idx_dev_competitor_features_destaque ON public.dev_competitor_features USING btree (destaque);
+
+CREATE INDEX idx_dev_competitor_features_ordem ON public.dev_competitor_features USING btree (competitor_id, ordem);
+
+CREATE INDEX idx_dev_competitors_ativo ON public.dev_competitors USING btree (ativo);
+
+CREATE INDEX idx_dev_competitors_pais ON public.dev_competitors USING btree (pais);
+
+CREATE INDEX idx_dev_generation_log_created ON public.dev_generation_log USING btree (created_at DESC);
+
+CREATE INDEX idx_dev_generation_log_tipo ON public.dev_generation_log USING btree (tipo);
+
+CREATE INDEX idx_dev_roadmap_items_ordem ON public.dev_roadmap_items USING btree (phase_id, ordem);
+
+CREATE INDEX idx_dev_roadmap_items_phase ON public.dev_roadmap_items USING btree (phase_id);
+
+CREATE INDEX idx_dev_roadmap_items_prior ON public.dev_roadmap_items USING btree (prioridade);
+
+CREATE INDEX idx_dev_roadmap_items_status ON public.dev_roadmap_items USING btree (status);
+
+CREATE INDEX idx_dev_roadmap_phases_ordem ON public.dev_roadmap_phases USING btree (ordem);
+
+CREATE INDEX idx_dev_roadmap_phases_status ON public.dev_roadmap_phases USING btree (status);
+
+CREATE INDEX idx_dev_test_items_area ON public.dev_test_items USING btree (area);
+
+CREATE INDEX idx_dev_test_items_ordem ON public.dev_test_items USING btree (area, ordem);
+
+CREATE INDEX idx_dev_test_items_status ON public.dev_test_items USING btree (status);
+
+CREATE INDEX idx_dev_verificacoes_area ON public.dev_verificacoes_items USING btree (area);
+
+CREATE INDEX idx_dev_verificacoes_ordem ON public.dev_verificacoes_items USING btree (area, ordem);
+
+CREATE INDEX idx_dev_verificacoes_severidade ON public.dev_verificacoes_items USING btree (severidade);
+
+CREATE INDEX idx_dev_verificacoes_status ON public.dev_verificacoes_items USING btree (status);
+
+CREATE INDEX idx_documents_content_sha256 ON public.documents USING btree (content_sha256) WHERE (content_sha256 IS NOT NULL);
+
 CREATE INDEX idx_email_templates_global_domain ON public.email_templates_global USING btree (domain) WHERE (is_active = true);
 
 CREATE INDEX idx_email_templates_global_key ON public.email_templates_global USING btree (key) WHERE (is_active = true);
@@ -178,6 +294,8 @@ CREATE INDEX idx_email_templates_tenant_lookup ON public.email_templates_tenant
 
 CREATE INDEX idx_email_templates_tenant_owner ON public.email_templates_tenant USING btree (owner_id, template_key) WHERE ((enabled = true) AND (owner_id IS NOT NULL));
 
+CREATE INDEX idx_features_is_active ON public.features USING btree (is_active) WHERE (is_active = false);
+
 CREATE INDEX idx_financial_categories_user_id ON public.financial_categories USING btree (user_id);
 
 CREATE INDEX idx_financial_records_active ON public.financial_records USING btree (owner_id, paid_at DESC) WHERE (deleted_at IS NULL);
@@ -216,6 +334,8 @@ CREATE INDEX idx_intakes_owner_status_created ON public.patient_intake_requests
 
 CREATE INDEX idx_intakes_status_created ON public.patient_intake_requests USING btree (status, created_at DESC);
 
+CREATE INDEX idx_mc_expires ON public.math_challenges USING btree (expires_at);
+
 CREATE INDEX idx_notice_dismissals_user ON public.notice_dismissals USING btree (user_id, notice_id);
 
 CREATE INDEX idx_notif_channels_owner_active ON public.notification_channels USING btree (owner_id, channel) WHERE ((is_active = true) AND (deleted_at IS NULL));
@@ -270,12 +390,28 @@ CREATE INDEX idx_patient_groups_owner ON public.patient_groups USING btree (owne
 
 CREATE INDEX idx_patient_groups_owner_system_nome ON public.patient_groups USING btree (owner_id, is_system, nome);
 
+CREATE INDEX idx_patient_intake_requests_nome_trgm ON public.patient_intake_requests USING gin (nome_completo public.gin_trgm_ops) WHERE (status = 'new'::text);
+
+CREATE INDEX idx_patient_invite_attempts_created ON public.patient_invite_attempts USING btree (created_at DESC);
+
+CREATE INDEX idx_patient_invite_attempts_ok ON public.patient_invite_attempts USING btree (ok) WHERE (ok = false);
+
+CREATE INDEX idx_patient_invite_attempts_owner ON public.patient_invite_attempts USING btree (owner_id);
+
+CREATE INDEX idx_patient_invite_attempts_token ON public.patient_invite_attempts USING btree (token);
+
 CREATE INDEX idx_patient_tags_owner ON public.patient_tags USING btree (owner_id);
 
+CREATE INDEX idx_patients_cpf_trgm ON public.patients USING gin (cpf public.gin_trgm_ops) WHERE (cpf IS NOT NULL);
+
 CREATE INDEX idx_patients_created_at ON public.patients USING btree (created_at DESC);
 
+CREATE INDEX idx_patients_email_trgm ON public.patients USING gin (email_principal public.gin_trgm_ops) WHERE (email_principal IS NOT NULL);
+
 CREATE INDEX idx_patients_last_attended ON public.patients USING btree (last_attended_at DESC);
 
+CREATE INDEX idx_patients_nome_trgm ON public.patients USING gin (nome_completo public.gin_trgm_ops);
+
 CREATE INDEX idx_patients_origem ON public.patients USING btree (tenant_id, origem) WHERE (origem IS NOT NULL);
 
 CREATE INDEX idx_patients_owner_email_principal ON public.patients USING btree (owner_id, email_principal);
@@ -304,6 +440,12 @@ CREATE INDEX idx_ppt_patient ON public.patient_patient_tag USING btree (patient_
 
 CREATE INDEX idx_ppt_tag ON public.patient_patient_tag USING btree (tag_id);
 
+CREATE INDEX idx_psa_endpoint_created ON public.public_submission_attempts USING btree (endpoint, created_at DESC);
+
+CREATE INDEX idx_psa_failed ON public.public_submission_attempts USING btree (created_at DESC) WHERE (success = false);
+
+CREATE INDEX idx_psa_ip_hash_created ON public.public_submission_attempts USING btree (ip_hash, created_at DESC) WHERE (ip_hash IS NOT NULL);
+
 CREATE INDEX idx_psh_patient ON public.patient_status_history USING btree (patient_id, alterado_em DESC);
 
 CREATE INDEX idx_psh_tenant ON public.patient_status_history USING btree (tenant_id, alterado_em DESC);
@@ -314,8 +456,16 @@ CREATE INDEX idx_pt_patient_ocorrido ON public.patient_timeline USING btree (pat
 
 CREATE INDEX idx_pt_tenant ON public.patient_timeline USING btree (tenant_id, ocorrido_em DESC);
 
+CREATE INDEX idx_services_name_trgm ON public.services USING gin (name public.gin_trgm_ops);
+
+CREATE INDEX idx_session_reminder_tenant_sent ON public.session_reminder_logs USING btree (tenant_id, sent_at DESC);
+
 CREATE INDEX idx_slots_bloq_owner_dia ON public.agenda_slots_bloqueados_semanais USING btree (owner_id, dia_semana);
 
+CREATE INDEX idx_srl_blocked_until ON public.submission_rate_limits USING btree (blocked_until) WHERE (blocked_until IS NOT NULL);
+
+CREATE INDEX idx_srl_endpoint ON public.submission_rate_limits USING btree (endpoint, last_attempt_at DESC);
+
 CREATE INDEX idx_subscription_intents_plan_interval ON public.subscription_intents_legacy USING btree (plan_key, "interval");
 
 CREATE INDEX idx_subscription_intents_status ON public.subscription_intents_legacy USING btree (status);
@@ -344,6 +494,18 @@ CREATE INDEX idx_twilio_usage_tenant_period ON public.twilio_subaccount_usage US
 
 CREATE UNIQUE INDEX idx_twilio_usage_unique_period ON public.twilio_subaccount_usage USING btree (channel_id, period_start, period_end);
 
+CREATE INDEX idx_wa_credit_packages_active ON public.whatsapp_credit_packages USING btree (is_active, "position", price_brl) WHERE (is_active = true);
+
+CREATE INDEX idx_wa_credit_purchases_asaas_payment ON public.whatsapp_credit_purchases USING btree (asaas_payment_id) WHERE (asaas_payment_id IS NOT NULL);
+
+CREATE INDEX idx_wa_credit_purchases_status ON public.whatsapp_credit_purchases USING btree (status, created_at DESC);
+
+CREATE INDEX idx_wa_credit_purchases_tenant ON public.whatsapp_credit_purchases USING btree (tenant_id, created_at DESC);
+
+CREATE INDEX idx_wa_credits_tx_kind ON public.whatsapp_credits_transactions USING btree (tenant_id, kind, created_at DESC);
+
+CREATE INDEX idx_wa_credits_tx_tenant_created ON public.whatsapp_credits_transactions USING btree (tenant_id, created_at DESC);
+
 CREATE INDEX insurance_plans_owner_idx ON public.insurance_plans USING btree (owner_id);
 
 CREATE INDEX insurance_plans_tenant_idx ON public.insurance_plans USING btree (tenant_id);
@@ -522,6 +684,24 @@ CREATE INDEX tenant_modules_owner_idx ON public.tenant_modules USING btree (owne
 
 CREATE UNIQUE INDEX unique_member_per_tenant ON public.tenant_members USING btree (tenant_id, user_id);
 
+CREATE UNIQUE INDEX uq_contact_email_types_system_slug ON public.contact_email_types USING btree (slug) WHERE (tenant_id IS NULL);
+
+CREATE UNIQUE INDEX uq_contact_email_types_tenant_slug ON public.contact_email_types USING btree (tenant_id, slug) WHERE (tenant_id IS NOT NULL);
+
+CREATE UNIQUE INDEX uq_contact_emails_primary ON public.contact_emails USING btree (entity_type, entity_id) WHERE (is_primary = true);
+
+CREATE UNIQUE INDEX uq_contact_phones_primary ON public.contact_phones USING btree (entity_type, entity_id) WHERE (is_primary = true);
+
+CREATE UNIQUE INDEX uq_contact_types_system_slug ON public.contact_types USING btree (slug) WHERE (tenant_id IS NULL);
+
+CREATE UNIQUE INDEX uq_contact_types_tenant_slug ON public.contact_types USING btree (tenant_id, slug) WHERE (tenant_id IS NOT NULL);
+
+CREATE UNIQUE INDEX uq_conv_optouts_active ON public.conversation_optouts USING btree (tenant_id, phone) WHERE (opted_back_in_at IS NULL);
+
+CREATE UNIQUE INDEX uq_conv_tags_system_slug ON public.conversation_tags USING btree (slug) WHERE (tenant_id IS NULL);
+
+CREATE UNIQUE INDEX uq_conv_tags_tenant_slug ON public.conversation_tags USING btree (tenant_id, slug) WHERE (tenant_id IS NOT NULL);
+
 CREATE UNIQUE INDEX uq_patient_contacts_primario ON public.patient_contacts USING btree (patient_id) WHERE ((is_primario = true) AND (ativo = true));
 
 CREATE UNIQUE INDEX uq_patients_tenant_user ON public.patients USING btree (tenant_id, user_id) WHERE (user_id IS NOT NULL);
@@ -530,6 +710,8 @@ CREATE UNIQUE INDEX uq_plan_price_active ON public.plan_prices USING btree (plan
 
 CREATE UNIQUE INDEX uq_plan_prices_active ON public.plan_prices USING btree (plan_id, "interval") WHERE (is_active = true);
 
+CREATE UNIQUE INDEX uq_session_reminder_event_type ON public.session_reminder_logs USING btree (event_id, reminder_type);
+
 CREATE UNIQUE INDEX uq_subscriptions_active_by_tenant ON public.subscriptions USING btree (tenant_id) WHERE ((tenant_id IS NOT NULL) AND (status = 'active'::text));
 
 CREATE UNIQUE INDEX uq_subscriptions_active_personal_by_user ON public.subscriptions USING btree (user_id) WHERE ((tenant_id IS NULL) AND (status = 'active'::text));
diff --git a/database-novo/schema/07_foreign_keys/constraints.sql b/database-novo/schema/07_foreign_keys/constraints.sql
index 5fe585c..53b0e7e 100644
--- a/database-novo/schema/07_foreign_keys/constraints.sql
+++ b/database-novo/schema/07_foreign_keys/constraints.sql
@@ -1,6 +1,6 @@
 -- Constraints (PK, FK, UNIQUE, CHECK)
--- Gerado automaticamente em 2026-04-17T12:23:05.237Z
--- Total: 275
+-- Gerado automaticamente em 2026-04-21T23:16:34.963Z
+-- Total: 353
 
 ALTER TABLE ONLY public._db_migrations
     ADD CONSTRAINT _db_migrations_filename_key UNIQUE (filename);
@@ -65,6 +65,9 @@ ALTER TABLE ONLY public.agendador_configuracoes
 ALTER TABLE ONLY public.agendador_solicitacoes
     ADD CONSTRAINT agendador_solicitacoes_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY public.audit_logs
+    ADD CONSTRAINT audit_logs_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY public.billing_contracts
     ADD CONSTRAINT billing_contracts_pkey PRIMARY KEY (id);
 
@@ -80,6 +83,42 @@ ALTER TABLE ONLY public.company_profiles
 ALTER TABLE ONLY public.company_profiles
     ADD CONSTRAINT company_profiles_tenant_id_key UNIQUE (tenant_id);
 
+ALTER TABLE ONLY public.contact_email_types
+    ADD CONSTRAINT contact_email_types_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.contact_emails
+    ADD CONSTRAINT contact_emails_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.contact_phones
+    ADD CONSTRAINT contact_phones_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.contact_types
+    ADD CONSTRAINT contact_types_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.conversation_autoreply_log
+    ADD CONSTRAINT conversation_autoreply_log_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.conversation_autoreply_settings
+    ADD CONSTRAINT conversation_autoreply_settings_pkey PRIMARY KEY (tenant_id);
+
+ALTER TABLE ONLY public.conversation_messages
+    ADD CONSTRAINT conversation_messages_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.conversation_notes
+    ADD CONSTRAINT conversation_notes_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.conversation_optout_keywords
+    ADD CONSTRAINT conversation_optout_keywords_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.conversation_optouts
+    ADD CONSTRAINT conversation_optouts_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.conversation_tags
+    ADD CONSTRAINT conversation_tags_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.conversation_thread_tags
+    ADD CONSTRAINT conversation_thread_tags_pkey PRIMARY KEY (tenant_id, thread_key, tag_id);
+
 ALTER TABLE ONLY public.determined_commitment_fields
     ADD CONSTRAINT determined_commitment_fields_pkey PRIMARY KEY (id);
 
@@ -89,12 +128,51 @@ ALTER TABLE ONLY public.determined_commitments
 ALTER TABLE ONLY public.determined_commitments
     ADD CONSTRAINT determined_commitments_tenant_native_key_uq UNIQUE (tenant_id, native_key);
 
+ALTER TABLE ONLY public.dev_auditoria_items
+    ADD CONSTRAINT dev_auditoria_items_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.dev_comparison_competitor_status
+    ADD CONSTRAINT dev_comparison_competitor_statu_comparison_id_competitor_id_key UNIQUE (comparison_id, competitor_id);
+
+ALTER TABLE ONLY public.dev_comparison_competitor_status
+    ADD CONSTRAINT dev_comparison_competitor_status_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.dev_comparison_matrix
+    ADD CONSTRAINT dev_comparison_matrix_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.dev_competitor_features
+    ADD CONSTRAINT dev_competitor_features_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.dev_competitors
+    ADD CONSTRAINT dev_competitors_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.dev_competitors
+    ADD CONSTRAINT dev_competitors_slug_key UNIQUE (slug);
+
+ALTER TABLE ONLY public.dev_generation_log
+    ADD CONSTRAINT dev_generation_log_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.dev_roadmap_items
+    ADD CONSTRAINT dev_roadmap_items_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.dev_roadmap_phases
+    ADD CONSTRAINT dev_roadmap_phases_numero_key UNIQUE (numero);
+
+ALTER TABLE ONLY public.dev_roadmap_phases
+    ADD CONSTRAINT dev_roadmap_phases_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.dev_test_items
+    ADD CONSTRAINT dev_test_items_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY public.dev_user_credentials
     ADD CONSTRAINT dev_user_credentials_email_key UNIQUE (email);
 
 ALTER TABLE ONLY public.dev_user_credentials
     ADD CONSTRAINT dev_user_credentials_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY public.dev_verificacoes_items
+    ADD CONSTRAINT dev_verificacoes_items_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY public.document_access_logs
     ADD CONSTRAINT document_access_logs_pkey PRIMARY KEY (id);
 
@@ -170,6 +248,9 @@ ALTER TABLE ONLY public.insurance_plans
 ALTER TABLE ONLY public.login_carousel_slides
     ADD CONSTRAINT login_carousel_slides_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY public.math_challenges
+    ADD CONSTRAINT math_challenges_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY public.medicos
     ADD CONSTRAINT medicos_crm_owner_unique UNIQUE NULLS NOT DISTINCT (owner_id, crm);
 
@@ -230,6 +311,9 @@ ALTER TABLE ONLY public.patient_groups
 ALTER TABLE ONLY public.patient_intake_requests
     ADD CONSTRAINT patient_intake_requests_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY public.patient_invite_attempts
+    ADD CONSTRAINT patient_invite_attempts_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY public.patient_invites
     ADD CONSTRAINT patient_invites_pkey PRIMARY KEY (id);
 
@@ -290,6 +374,9 @@ ALTER TABLE ONLY public.professional_pricing
 ALTER TABLE ONLY public.profiles
     ADD CONSTRAINT profiles_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY public.public_submission_attempts
+    ADD CONSTRAINT public_submission_attempts_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY public.recurrence_exceptions
     ADD CONSTRAINT recurrence_exceptions_pkey PRIMARY KEY (id);
 
@@ -320,9 +407,24 @@ ALTER TABLE ONLY public.saas_faq_itens
 ALTER TABLE ONLY public.saas_faq
     ADD CONSTRAINT saas_faq_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY public.saas_security_config
+    ADD CONSTRAINT saas_security_config_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.saas_twilio_config
+    ADD CONSTRAINT saas_twilio_config_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY public.services
     ADD CONSTRAINT services_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY public.session_reminder_logs
+    ADD CONSTRAINT session_reminder_logs_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.session_reminder_settings
+    ADD CONSTRAINT session_reminder_settings_pkey PRIMARY KEY (tenant_id);
+
+ALTER TABLE ONLY public.submission_rate_limits
+    ADD CONSTRAINT submission_rate_limits_pkey PRIMARY KEY (ip_hash, endpoint);
+
 ALTER TABLE ONLY public.subscription_events
     ADD CONSTRAINT subscription_events_pkey PRIMARY KEY (id);
 
@@ -398,6 +500,18 @@ ALTER TABLE ONLY public.notification_templates
 ALTER TABLE ONLY public.user_settings
     ADD CONSTRAINT user_settings_pkey PRIMARY KEY (user_id);
 
+ALTER TABLE ONLY public.whatsapp_credit_packages
+    ADD CONSTRAINT whatsapp_credit_packages_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.whatsapp_credit_purchases
+    ADD CONSTRAINT whatsapp_credit_purchases_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY public.whatsapp_credits_balance
+    ADD CONSTRAINT whatsapp_credits_balance_pkey PRIMARY KEY (tenant_id);
+
+ALTER TABLE ONLY public.whatsapp_credits_transactions
+    ADD CONSTRAINT whatsapp_credits_transactions_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY public.addon_credits
     ADD CONSTRAINT addon_credits_owner_id_fkey FOREIGN KEY (owner_id) REFERENCES auth.users(id);
 
@@ -476,6 +590,12 @@ ALTER TABLE ONLY public.agendador_solicitacoes
 ALTER TABLE ONLY public.agendador_solicitacoes
     ADD CONSTRAINT agendador_sol_tenant_fk FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY public.audit_logs
+    ADD CONSTRAINT audit_logs_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.audit_logs
+    ADD CONSTRAINT audit_logs_user_id_fkey FOREIGN KEY (user_id) REFERENCES auth.users(id) ON DELETE SET NULL;
+
 ALTER TABLE ONLY public.billing_contracts
     ADD CONSTRAINT billing_contracts_owner_id_fkey FOREIGN KEY (owner_id) REFERENCES auth.users(id) ON DELETE CASCADE;
 
@@ -500,6 +620,69 @@ ALTER TABLE ONLY public.commitment_time_logs
 ALTER TABLE ONLY public.company_profiles
     ADD CONSTRAINT company_profiles_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY public.contact_email_types
+    ADD CONSTRAINT contact_email_types_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.contact_emails
+    ADD CONSTRAINT contact_emails_contact_email_type_id_fkey FOREIGN KEY (contact_email_type_id) REFERENCES public.contact_email_types(id) ON DELETE RESTRICT;
+
+ALTER TABLE ONLY public.contact_emails
+    ADD CONSTRAINT contact_emails_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.contact_phones
+    ADD CONSTRAINT contact_phones_contact_type_id_fkey FOREIGN KEY (contact_type_id) REFERENCES public.contact_types(id) ON DELETE RESTRICT;
+
+ALTER TABLE ONLY public.contact_phones
+    ADD CONSTRAINT contact_phones_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.contact_types
+    ADD CONSTRAINT contact_types_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.conversation_autoreply_log
+    ADD CONSTRAINT conversation_autoreply_log_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.conversation_autoreply_settings
+    ADD CONSTRAINT conversation_autoreply_settings_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.conversation_messages
+    ADD CONSTRAINT conversation_messages_patient_id_fkey FOREIGN KEY (patient_id) REFERENCES public.patients(id) ON DELETE SET NULL;
+
+ALTER TABLE ONLY public.conversation_messages
+    ADD CONSTRAINT conversation_messages_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.conversation_notes
+    ADD CONSTRAINT conversation_notes_created_by_fkey FOREIGN KEY (created_by) REFERENCES auth.users(id) ON DELETE SET NULL;
+
+ALTER TABLE ONLY public.conversation_notes
+    ADD CONSTRAINT conversation_notes_patient_id_fkey FOREIGN KEY (patient_id) REFERENCES public.patients(id) ON DELETE SET NULL;
+
+ALTER TABLE ONLY public.conversation_notes
+    ADD CONSTRAINT conversation_notes_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.conversation_optout_keywords
+    ADD CONSTRAINT conversation_optout_keywords_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.conversation_optouts
+    ADD CONSTRAINT conversation_optouts_blocked_by_fkey FOREIGN KEY (blocked_by) REFERENCES auth.users(id) ON DELETE SET NULL;
+
+ALTER TABLE ONLY public.conversation_optouts
+    ADD CONSTRAINT conversation_optouts_patient_id_fkey FOREIGN KEY (patient_id) REFERENCES public.patients(id) ON DELETE SET NULL;
+
+ALTER TABLE ONLY public.conversation_optouts
+    ADD CONSTRAINT conversation_optouts_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.conversation_tags
+    ADD CONSTRAINT conversation_tags_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.conversation_thread_tags
+    ADD CONSTRAINT conversation_thread_tags_tag_id_fkey FOREIGN KEY (tag_id) REFERENCES public.conversation_tags(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.conversation_thread_tags
+    ADD CONSTRAINT conversation_thread_tags_tagged_by_fkey FOREIGN KEY (tagged_by) REFERENCES auth.users(id) ON DELETE SET NULL;
+
+ALTER TABLE ONLY public.conversation_thread_tags
+    ADD CONSTRAINT conversation_thread_tags_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY public.determined_commitment_fields
     ADD CONSTRAINT determined_commitment_fields_commitment_id_fkey FOREIGN KEY (commitment_id) REFERENCES public.determined_commitments(id) ON DELETE CASCADE;
 
@@ -509,6 +692,21 @@ ALTER TABLE ONLY public.determined_commitment_fields
 ALTER TABLE ONLY public.determined_commitments
     ADD CONSTRAINT determined_commitments_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY public.dev_comparison_competitor_status
+    ADD CONSTRAINT dev_comparison_competitor_status_comparison_id_fkey FOREIGN KEY (comparison_id) REFERENCES public.dev_comparison_matrix(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.dev_comparison_competitor_status
+    ADD CONSTRAINT dev_comparison_competitor_status_competitor_id_fkey FOREIGN KEY (competitor_id) REFERENCES public.dev_competitors(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.dev_competitor_features
+    ADD CONSTRAINT dev_competitor_features_competitor_id_fkey FOREIGN KEY (competitor_id) REFERENCES public.dev_competitors(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.dev_roadmap_items
+    ADD CONSTRAINT dev_roadmap_items_phase_id_fkey FOREIGN KEY (phase_id) REFERENCES public.dev_roadmap_phases(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.dev_verificacoes_items
+    ADD CONSTRAINT dev_verificacoes_items_auditoria_item_id_fkey FOREIGN KEY (auditoria_item_id) REFERENCES public.dev_auditoria_items(id) ON DELETE SET NULL;
+
 ALTER TABLE ONLY public.document_access_logs
     ADD CONSTRAINT document_access_logs_documento_id_fkey FOREIGN KEY (documento_id) REFERENCES public.documents(id) ON DELETE CASCADE;
 
@@ -752,6 +950,18 @@ ALTER TABLE ONLY public.saas_faq_itens
 ALTER TABLE ONLY public.services
     ADD CONSTRAINT services_owner_id_fkey FOREIGN KEY (owner_id) REFERENCES auth.users(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY public.session_reminder_logs
+    ADD CONSTRAINT session_reminder_logs_conversation_message_id_fkey FOREIGN KEY (conversation_message_id) REFERENCES public.conversation_messages(id) ON DELETE SET NULL;
+
+ALTER TABLE ONLY public.session_reminder_logs
+    ADD CONSTRAINT session_reminder_logs_event_id_fkey FOREIGN KEY (event_id) REFERENCES public.agenda_eventos(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.session_reminder_logs
+    ADD CONSTRAINT session_reminder_logs_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.session_reminder_settings
+    ADD CONSTRAINT session_reminder_settings_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY public.subscription_intents_personal
     ADD CONSTRAINT sint_personal_subscription_id_fkey FOREIGN KEY (subscription_id) REFERENCES public.subscriptions(id) ON DELETE SET NULL;
 
@@ -826,3 +1036,27 @@ ALTER TABLE ONLY public.twilio_subaccount_usage
 
 ALTER TABLE ONLY public.user_settings
     ADD CONSTRAINT user_settings_user_id_fkey FOREIGN KEY (user_id) REFERENCES auth.users(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.whatsapp_credit_purchases
+    ADD CONSTRAINT whatsapp_credit_purchases_created_by_fkey FOREIGN KEY (created_by) REFERENCES auth.users(id) ON DELETE SET NULL;
+
+ALTER TABLE ONLY public.whatsapp_credit_purchases
+    ADD CONSTRAINT whatsapp_credit_purchases_package_id_fkey FOREIGN KEY (package_id) REFERENCES public.whatsapp_credit_packages(id) ON DELETE SET NULL;
+
+ALTER TABLE ONLY public.whatsapp_credit_purchases
+    ADD CONSTRAINT whatsapp_credit_purchases_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.whatsapp_credits_balance
+    ADD CONSTRAINT whatsapp_credits_balance_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public.whatsapp_credits_transactions
+    ADD CONSTRAINT whatsapp_credits_transactions_admin_id_fkey FOREIGN KEY (admin_id) REFERENCES auth.users(id) ON DELETE SET NULL;
+
+ALTER TABLE ONLY public.whatsapp_credits_transactions
+    ADD CONSTRAINT whatsapp_credits_transactions_conversation_message_id_fkey FOREIGN KEY (conversation_message_id) REFERENCES public.conversation_messages(id) ON DELETE SET NULL;
+
+ALTER TABLE ONLY public.whatsapp_credits_transactions
+    ADD CONSTRAINT whatsapp_credits_transactions_purchase_id_fkey FOREIGN KEY (purchase_id) REFERENCES public.whatsapp_credit_purchases(id) ON DELETE SET NULL;
+
+ALTER TABLE ONLY public.whatsapp_credits_transactions
+    ADD CONSTRAINT whatsapp_credits_transactions_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES public.tenants(id) ON DELETE CASCADE;
diff --git a/database-novo/schema/08_triggers/triggers.sql b/database-novo/schema/08_triggers/triggers.sql
index 88538b6..16d805c 100644
--- a/database-novo/schema/08_triggers/triggers.sql
+++ b/database-novo/schema/08_triggers/triggers.sql
@@ -1,6 +1,6 @@
 -- Triggers
--- Gerado automaticamente em 2026-04-17T12:23:05.238Z
--- Total: 80
+-- Gerado automaticamente em 2026-04-21T23:16:34.965Z
+-- Total: 111
 
 CREATE TRIGGER on_auth_user_created AFTER INSERT ON auth.users FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();
 
@@ -40,6 +40,16 @@ CREATE TRIGGER trg_agenda_eventos_busy_mirror_upd AFTER UPDATE ON public.agenda_
 
 CREATE TRIGGER trg_agenda_regras_semanais_no_overlap BEFORE INSERT OR UPDATE ON public.agenda_regras_semanais FOR EACH ROW EXECUTE FUNCTION public.fn_agenda_regras_semanais_no_overlap();
 
+CREATE TRIGGER trg_audit_agenda_eventos AFTER INSERT OR DELETE OR UPDATE ON public.agenda_eventos FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
+CREATE TRIGGER trg_audit_documents AFTER INSERT OR DELETE OR UPDATE ON public.documents FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
+CREATE TRIGGER trg_audit_financial_records AFTER INSERT OR DELETE OR UPDATE ON public.financial_records FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
+CREATE TRIGGER trg_audit_patients AFTER INSERT OR DELETE OR UPDATE ON public.patients FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
+CREATE TRIGGER trg_audit_tenant_members AFTER INSERT OR DELETE OR UPDATE ON public.tenant_members FOR EACH ROW EXECUTE FUNCTION public.log_audit_change();
+
 CREATE TRIGGER trg_auto_financial_from_session AFTER UPDATE OF status ON public.agenda_eventos FOR EACH ROW EXECUTE FUNCTION public.auto_create_financial_record_from_session();
 
 CREATE TRIGGER trg_cancel_notifs_on_opt_out AFTER UPDATE ON public.notification_preferences FOR EACH ROW EXECUTE FUNCTION public.cancel_notifications_on_opt_out();
@@ -48,10 +58,50 @@ CREATE TRIGGER trg_cancel_notifs_on_session_cancel AFTER UPDATE ON public.agenda
 
 CREATE TRIGGER trg_company_profiles_updated_at BEFORE UPDATE ON public.company_profiles FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
 
+CREATE TRIGGER trg_contact_email_types_updated_at BEFORE UPDATE ON public.contact_email_types FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+CREATE TRIGGER trg_contact_emails_sync_legacy AFTER INSERT OR DELETE OR UPDATE ON public.contact_emails FOR EACH ROW EXECUTE FUNCTION public.sync_legacy_email_fields();
+
+CREATE TRIGGER trg_contact_emails_updated_at BEFORE UPDATE ON public.contact_emails FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+CREATE TRIGGER trg_contact_phones_sync_legacy AFTER INSERT OR DELETE OR UPDATE ON public.contact_phones FOR EACH ROW EXECUTE FUNCTION public.sync_legacy_phone_fields();
+
+CREATE TRIGGER trg_contact_phones_updated_at BEFORE UPDATE ON public.contact_phones FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+CREATE TRIGGER trg_contact_types_updated_at BEFORE UPDATE ON public.contact_types FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+CREATE TRIGGER trg_conv_autoreply_settings_updated_at BEFORE UPDATE ON public.conversation_autoreply_settings FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+CREATE TRIGGER trg_conv_messages_updated_at BEFORE UPDATE ON public.conversation_messages FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+CREATE TRIGGER trg_conv_notes_updated_at BEFORE UPDATE ON public.conversation_notes FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+CREATE TRIGGER trg_conv_optouts_updated_at BEFORE UPDATE ON public.conversation_optouts FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+CREATE TRIGGER trg_conv_tags_updated_at BEFORE UPDATE ON public.conversation_tags FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
 CREATE TRIGGER trg_determined_commitment_fields_updated_at BEFORE UPDATE ON public.determined_commitment_fields FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
 
 CREATE TRIGGER trg_determined_commitments_updated_at BEFORE UPDATE ON public.determined_commitments FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
 
+CREATE TRIGGER trg_dev_auditoria_items_updated_at BEFORE UPDATE ON public.dev_auditoria_items FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+CREATE TRIGGER trg_dev_ccs_updated_at BEFORE UPDATE ON public.dev_comparison_competitor_status FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+CREATE TRIGGER trg_dev_comparison_matrix_updated_at BEFORE UPDATE ON public.dev_comparison_matrix FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+CREATE TRIGGER trg_dev_competitor_features_updated_at BEFORE UPDATE ON public.dev_competitor_features FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+CREATE TRIGGER trg_dev_competitors_updated_at BEFORE UPDATE ON public.dev_competitors FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+CREATE TRIGGER trg_dev_roadmap_items_updated_at BEFORE UPDATE ON public.dev_roadmap_items FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+CREATE TRIGGER trg_dev_roadmap_phases_updated_at BEFORE UPDATE ON public.dev_roadmap_phases FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+CREATE TRIGGER trg_dev_test_items_updated_at BEFORE UPDATE ON public.dev_test_items FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
+CREATE TRIGGER trg_dev_verificacoes_updated_at BEFORE UPDATE ON public.dev_verificacoes_items FOR EACH ROW EXECUTE FUNCTION public.dev_set_updated_at();
+
 CREATE TRIGGER trg_documents_timeline_insert AFTER INSERT ON public.documents FOR EACH ROW EXECUTE FUNCTION public.fn_documents_timeline_insert();
 
 CREATE TRIGGER trg_documents_updated_at BEFORE UPDATE ON public.documents FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
@@ -68,10 +118,14 @@ CREATE TRIGGER trg_email_templates_global_updated_at BEFORE UPDATE ON public.ema
 
 CREATE TRIGGER trg_email_templates_tenant_updated_at BEFORE UPDATE ON public.email_templates_tenant FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
 
+CREATE TRIGGER trg_fanout_inbound_to_notifications AFTER INSERT ON public.conversation_messages FOR EACH ROW EXECUTE FUNCTION public.fanout_inbound_message_to_notifications();
+
 CREATE TRIGGER trg_financial_exceptions_updated_at BEFORE UPDATE ON public.financial_exceptions FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
 
 CREATE TRIGGER trg_financial_records_auto_overdue BEFORE UPDATE ON public.financial_records FOR EACH ROW EXECUTE FUNCTION public.trg_fn_financial_records_auto_overdue();
 
+CREATE TRIGGER trg_financial_records_inject_tenant BEFORE INSERT ON public.financial_records FOR EACH ROW EXECUTE FUNCTION public.financial_records_inject_tenant();
+
 CREATE TRIGGER trg_financial_records_updated_at BEFORE UPDATE ON public.financial_records FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
 
 CREATE TRIGGER trg_global_notices_updated_at BEFORE UPDATE ON public.global_notices FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
@@ -138,6 +192,8 @@ CREATE TRIGGER trg_psc_updated_at BEFORE UPDATE ON public.patient_support_contac
 
 CREATE TRIGGER trg_services_updated_at BEFORE UPDATE ON public.services FOR EACH ROW EXECUTE FUNCTION public.set_services_updated_at();
 
+CREATE TRIGGER trg_session_reminder_settings_updated_at BEFORE UPDATE ON public.session_reminder_settings FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
 CREATE TRIGGER trg_subscription_intents_view_insert INSTEAD OF INSERT ON public.subscription_intents FOR EACH ROW EXECUTE FUNCTION public.subscription_intents_view_insert();
 
 CREATE TRIGGER trg_subscriptions_validate_scope BEFORE INSERT OR UPDATE ON public.subscriptions FOR EACH ROW EXECUTE FUNCTION public.subscriptions_validate_scope();
@@ -152,6 +208,12 @@ CREATE TRIGGER trg_therapist_payouts_updated_at BEFORE UPDATE ON public.therapis
 
 CREATE TRIGGER trg_user_settings_updated_at BEFORE UPDATE ON public.user_settings FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
 
+CREATE TRIGGER trg_wa_credit_packages_updated_at BEFORE UPDATE ON public.whatsapp_credit_packages FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+CREATE TRIGGER trg_wa_credit_purchases_updated_at BEFORE UPDATE ON public.whatsapp_credit_purchases FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
+CREATE TRIGGER trg_wa_credits_balance_updated_at BEFORE UPDATE ON public.whatsapp_credits_balance FOR EACH ROW EXECUTE FUNCTION public.set_updated_at();
+
 CREATE TRIGGER tr_check_filters BEFORE INSERT OR UPDATE ON realtime.subscription FOR EACH ROW EXECUTE FUNCTION realtime.subscription_check_filters();
 
 CREATE TRIGGER enforce_bucket_name_length_trigger BEFORE INSERT OR UPDATE OF name ON storage.buckets FOR EACH ROW EXECUTE FUNCTION storage.enforce_bucket_name_length();
diff --git a/database-novo/schema/09_policies/policies.sql b/database-novo/schema/09_policies/policies.sql
index ff69308..2aa3d32 100644
--- a/database-novo/schema/09_policies/policies.sql
+++ b/database-novo/schema/09_policies/policies.sql
@@ -1,7 +1,7 @@
 -- RLS Policies
--- Gerado automaticamente em 2026-04-17T12:23:05.240Z
--- Enable RLS: 88 tabelas
--- Policies: 252
+-- Gerado automaticamente em 2026-04-21T23:16:34.967Z
+-- Enable RLS: 131 tabelas
+-- Policies: 344
 
 -- Enable RLS
 ALTER TABLE public.addon_credits ENABLE ROW LEVEL SECURITY;
@@ -17,13 +17,36 @@ ALTER TABLE public.agenda_slots_bloqueados_semanais ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.agenda_slots_regras ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.agendador_configuracoes ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.agendador_solicitacoes ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.audit_logs ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.billing_contracts ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.commitment_services ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.commitment_time_logs ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.company_profiles ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.contact_email_types ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.contact_emails ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.contact_phones ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.contact_types ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.conversation_autoreply_log ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.conversation_autoreply_settings ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.conversation_messages ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.conversation_notes ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.conversation_optout_keywords ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.conversation_optouts ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.conversation_tags ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.conversation_thread_tags ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.determined_commitment_fields ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.determined_commitments ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.dev_auditoria_items ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.dev_comparison_competitor_status ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.dev_comparison_matrix ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.dev_competitor_features ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.dev_competitors ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.dev_generation_log ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.dev_roadmap_items ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.dev_roadmap_phases ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.dev_test_items ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.dev_user_credentials ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.dev_verificacoes_items ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.document_access_logs ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.document_generated ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.document_share_links ENABLE ROW LEVEL SECURITY;
@@ -43,6 +66,7 @@ ALTER TABLE public.global_notices ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.insurance_plan_services ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.insurance_plans ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.login_carousel_slides ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.math_challenges ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.medicos ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.module_features ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.modules ENABLE ROW LEVEL SECURITY;
@@ -60,6 +84,7 @@ ALTER TABLE public.patient_discounts ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.patient_group_patient ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.patient_groups ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.patient_intake_requests ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.patient_invite_attempts ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.patient_invites ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.patient_patient_tag ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.patient_status_history ENABLE ROW LEVEL SECURITY;
@@ -69,9 +94,13 @@ ALTER TABLE public.patient_timeline ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.patients ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.payment_settings ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.plan_features ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.plan_prices ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.plan_public ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.plan_public_bullets ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.plans ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.professional_pricing ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.profiles ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.public_submission_attempts ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.recurrence_exceptions ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.recurrence_rule_services ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.recurrence_rules ENABLE ROW LEVEL SECURITY;
@@ -80,11 +109,21 @@ ALTER TABLE public.saas_doc_votos ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.saas_docs ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.saas_faq ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.saas_faq_itens ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.saas_security_config ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.saas_twilio_config ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.services ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.session_reminder_logs ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.session_reminder_settings ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.submission_rate_limits ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.subscription_events ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.subscription_intents_legacy ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.subscription_intents_personal ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.subscription_intents_tenant ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.subscriptions ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.support_sessions ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.tenant_feature_exceptions_log ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.tenant_features ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.tenant_invites ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.tenant_members ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.tenant_modules ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.tenants ENABLE ROW LEVEL SECURITY;
@@ -92,6 +131,10 @@ ALTER TABLE public.therapist_payout_records ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.therapist_payouts ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.twilio_subaccount_usage ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.user_settings ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.whatsapp_credit_packages ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.whatsapp_credit_purchases ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.whatsapp_credits_balance ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.whatsapp_credits_transactions ENABLE ROW LEVEL SECURITY;
 
 -- Policies
 CREATE POLICY addon_credits_admin_select ON public.addon_credits FOR SELECT TO authenticated USING ((EXISTS ( SELECT 1
@@ -115,8 +158,8 @@ CREATE POLICY addon_products_admin_all ON public.addon_products TO authenticated
 CREATE POLICY addon_products_select_authenticated ON public.addon_products FOR SELECT TO authenticated USING (((deleted_at IS NULL) AND (is_active = true) AND (is_visible = true)));
 
 CREATE POLICY addon_transactions_admin_insert ON public.addon_transactions FOR INSERT TO authenticated WITH CHECK ((EXISTS ( SELECT 1
-   FROM public.saas_admins
-  WHERE (saas_admins.user_id = auth.uid()))));
+   FROM public.saas_admins sa
+  WHERE (sa.user_id = auth.uid()))));
 
 CREATE POLICY addon_transactions_admin_select ON public.addon_transactions FOR SELECT TO authenticated USING ((EXISTS ( SELECT 1
    FROM public.saas_admins
@@ -180,7 +223,43 @@ CREATE POLICY agendador_sol_patient_read ON public.agendador_solicitacoes FOR SE
 
 CREATE POLICY agendador_sol_public_insert ON public.agendador_solicitacoes FOR INSERT TO anon WITH CHECK (true);
 
-CREATE POLICY "billing_contracts: owner full access" ON public.billing_contracts USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
+CREATE POLICY "audit_logs: no direct delete" ON public.audit_logs FOR DELETE TO authenticated USING (false);
+
+CREATE POLICY "audit_logs: no direct insert" ON public.audit_logs FOR INSERT TO authenticated WITH CHECK (false);
+
+CREATE POLICY "audit_logs: no direct update" ON public.audit_logs FOR UPDATE TO authenticated USING (false) WITH CHECK (false);
+
+CREATE POLICY "audit_logs: select tenant" ON public.audit_logs FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "autoreply_log: select" ON public.conversation_autoreply_log FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_autoreply_log.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "autoreply_settings: insert" ON public.conversation_autoreply_settings FOR INSERT TO authenticated WITH CHECK ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_autoreply_settings.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "autoreply_settings: select" ON public.conversation_autoreply_settings FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_autoreply_settings.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "autoreply_settings: update" ON public.conversation_autoreply_settings FOR UPDATE TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_autoreply_settings.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "billing_contracts: delete" ON public.billing_contracts FOR DELETE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+CREATE POLICY "billing_contracts: insert" ON public.billing_contracts FOR INSERT TO authenticated WITH CHECK (((owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "billing_contracts: select" ON public.billing_contracts FOR SELECT TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "billing_contracts: update" ON public.billing_contracts FOR UPDATE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((owner_id = auth.uid()) OR public.is_saas_admin()));
 
 CREATE POLICY bloqueios_delete ON public.agenda_bloqueios FOR DELETE TO authenticated USING ((owner_id = auth.uid()));
 
@@ -198,11 +277,13 @@ CREATE POLICY clinic_admin_read_all_docs ON public.saas_docs FOR SELECT TO authe
    FROM public.profiles
   WHERE ((profiles.id = auth.uid()) AND (profiles.role = ANY (ARRAY['clinic_admin'::text, 'tenant_admin'::text])))))));
 
-CREATE POLICY "commitment_services: owner full access" ON public.commitment_services USING ((EXISTS ( SELECT 1
+CREATE POLICY "commitment_services: tenant_member" ON public.commitment_services TO authenticated USING ((EXISTS ( SELECT 1
    FROM public.services s
-  WHERE ((s.id = commitment_services.service_id) AND (s.owner_id = auth.uid()))))) WITH CHECK ((EXISTS ( SELECT 1
+  WHERE ((s.id = commitment_services.service_id) AND ((s.owner_id = auth.uid()) OR public.is_saas_admin() OR (s.tenant_id IN ( SELECT tm.tenant_id
+           FROM public.tenant_members tm
+          WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))))))) WITH CHECK ((EXISTS ( SELECT 1
    FROM public.services s
-  WHERE ((s.id = commitment_services.service_id) AND (s.owner_id = auth.uid())))));
+  WHERE ((s.id = commitment_services.service_id) AND ((s.owner_id = auth.uid()) OR public.is_saas_admin())))));
 
 CREATE POLICY company_profiles_delete ON public.company_profiles FOR DELETE USING ((EXISTS ( SELECT 1
    FROM public.tenant_members
@@ -222,13 +303,99 @@ CREATE POLICY company_profiles_update ON public.company_profiles FOR UPDATE USIN
    FROM public.tenant_members
   WHERE ((tenant_members.tenant_id = company_profiles.tenant_id) AND (tenant_members.user_id = auth.uid())))));
 
+CREATE POLICY "contact_email_types: manage custom" ON public.contact_email_types TO authenticated USING (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_email_types.tenant_id) AND (tm.status = 'active'::text))))))) WITH CHECK (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_email_types.tenant_id) AND (tm.status = 'active'::text)))))));
+
+CREATE POLICY "contact_email_types: select" ON public.contact_email_types FOR SELECT TO authenticated USING (((tenant_id IS NULL) OR public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_email_types.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "contact_emails: all tenant" ON public.contact_emails TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_emails.tenant_id) AND (tm.status = 'active'::text)))))) WITH CHECK ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_emails.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "contact_phones: all tenant" ON public.contact_phones TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_phones.tenant_id) AND (tm.status = 'active'::text)))))) WITH CHECK ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_phones.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "contact_types: manage custom" ON public.contact_types TO authenticated USING (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_types.tenant_id) AND (tm.status = 'active'::text))))))) WITH CHECK (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_types.tenant_id) AND (tm.status = 'active'::text)))))));
+
+CREATE POLICY "contact_types: select" ON public.contact_types FOR SELECT TO authenticated USING (((tenant_id IS NULL) OR public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = contact_types.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "conv_msg: no direct delete" ON public.conversation_messages FOR DELETE TO authenticated USING (false);
+
+CREATE POLICY "conv_msg: no direct insert" ON public.conversation_messages FOR INSERT TO authenticated WITH CHECK (false);
+
+CREATE POLICY "conv_msg: select tenant" ON public.conversation_messages FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "conv_msg: update kanban" ON public.conversation_messages FOR UPDATE TO authenticated USING ((tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))) WITH CHECK ((tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
+
+CREATE POLICY "conv_notes: insert tenant members" ON public.conversation_notes FOR INSERT TO authenticated WITH CHECK (((created_by = auth.uid()) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_notes.tenant_id) AND (tm.status = 'active'::text)))))));
+
+CREATE POLICY "conv_notes: select tenant members" ON public.conversation_notes FOR SELECT TO authenticated USING (((deleted_at IS NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_notes.tenant_id) AND (tm.status = 'active'::text)))))));
+
+CREATE POLICY "conv_notes: update creator or saas" ON public.conversation_notes FOR UPDATE TO authenticated USING (((deleted_at IS NULL) AND ((created_by = auth.uid()) OR public.is_saas_admin()))) WITH CHECK ((created_by = ( SELECT conversation_notes_1.created_by
+   FROM public.conversation_notes conversation_notes_1
+  WHERE (conversation_notes_1.id = conversation_notes_1.id))));
+
+CREATE POLICY "conv_tags: delete custom" ON public.conversation_tags FOR DELETE TO authenticated USING (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_tags.tenant_id) AND (tm.status = 'active'::text)))))));
+
+CREATE POLICY "conv_tags: insert custom" ON public.conversation_tags FOR INSERT TO authenticated WITH CHECK (((tenant_id IS NOT NULL) AND (is_system = false) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_tags.tenant_id) AND (tm.status = 'active'::text)))))));
+
+CREATE POLICY "conv_tags: select" ON public.conversation_tags FOR SELECT TO authenticated USING (((tenant_id IS NULL) OR public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_tags.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "conv_tags: update custom" ON public.conversation_tags FOR UPDATE TO authenticated USING (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_tags.tenant_id) AND (tm.status = 'active'::text))))))) WITH CHECK ((is_system = false));
+
+CREATE POLICY "conv_thread_tags: delete" ON public.conversation_thread_tags FOR DELETE TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_thread_tags.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "conv_thread_tags: insert" ON public.conversation_thread_tags FOR INSERT TO authenticated WITH CHECK (((tagged_by = auth.uid()) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_thread_tags.tenant_id) AND (tm.status = 'active'::text)))))));
+
+CREATE POLICY "conv_thread_tags: select" ON public.conversation_thread_tags FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_thread_tags.tenant_id) AND (tm.status = 'active'::text))))));
+
 CREATE POLICY ctl_delete_for_active_member ON public.commitment_time_logs FOR DELETE TO authenticated USING ((EXISTS ( SELECT 1
    FROM public.tenant_members tm
   WHERE ((tm.tenant_id = commitment_time_logs.tenant_id) AND (tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
 
-CREATE POLICY ctl_insert_for_active_member ON public.commitment_time_logs FOR INSERT TO authenticated WITH CHECK ((EXISTS ( SELECT 1
+CREATE POLICY ctl_insert_for_active_member ON public.commitment_time_logs FOR INSERT TO authenticated WITH CHECK ((tenant_id IN ( SELECT tm.tenant_id
    FROM public.tenant_members tm
-  WHERE ((tm.tenant_id = commitment_time_logs.tenant_id) AND (tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
 
 CREATE POLICY ctl_select_for_active_member ON public.commitment_time_logs FOR SELECT TO authenticated USING ((EXISTS ( SELECT 1
    FROM public.tenant_members tm
@@ -240,7 +407,9 @@ CREATE POLICY ctl_update_for_active_member ON public.commitment_time_logs FOR UP
    FROM public.tenant_members tm
   WHERE ((tm.tenant_id = commitment_time_logs.tenant_id) AND (tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
 
-CREATE POLICY "dal: tenant members can insert" ON public.document_access_logs FOR INSERT WITH CHECK (true);
+CREATE POLICY "dal: tenant members can insert" ON public.document_access_logs FOR INSERT TO authenticated WITH CHECK ((tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
 
 CREATE POLICY "dal: tenant members can select" ON public.document_access_logs FOR SELECT USING ((tenant_id IN ( SELECT tm.tenant_id
    FROM public.tenant_members tm
@@ -250,9 +419,9 @@ CREATE POLICY dc_delete_custom_for_active_member ON public.determined_commitment
    FROM public.tenant_members tm
   WHERE ((tm.tenant_id = determined_commitments.tenant_id) AND (tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
 
-CREATE POLICY dc_insert_for_active_member ON public.determined_commitments FOR INSERT TO authenticated WITH CHECK ((EXISTS ( SELECT 1
+CREATE POLICY dc_insert_for_active_member ON public.determined_commitments FOR INSERT TO authenticated WITH CHECK ((tenant_id IN ( SELECT tm.tenant_id
    FROM public.tenant_members tm
-  WHERE ((tm.tenant_id = determined_commitments.tenant_id) AND (tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
 
 CREATE POLICY dc_select_for_active_member ON public.determined_commitments FOR SELECT TO authenticated USING ((EXISTS ( SELECT 1
    FROM public.tenant_members tm
@@ -268,9 +437,9 @@ CREATE POLICY dcf_delete_for_active_member ON public.determined_commitment_field
    FROM public.tenant_members tm
   WHERE ((tm.tenant_id = determined_commitment_fields.tenant_id) AND (tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
 
-CREATE POLICY dcf_insert_for_active_member ON public.determined_commitment_fields FOR INSERT TO authenticated WITH CHECK ((EXISTS ( SELECT 1
+CREATE POLICY dcf_insert_for_active_member ON public.determined_commitment_fields FOR INSERT TO authenticated WITH CHECK ((tenant_id IN ( SELECT tm.tenant_id
    FROM public.tenant_members tm
-  WHERE ((tm.tenant_id = determined_commitment_fields.tenant_id) AND (tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
 
 CREATE POLICY dcf_select_for_active_member ON public.determined_commitment_fields FOR SELECT TO authenticated USING ((EXISTS ( SELECT 1
    FROM public.tenant_members tm
@@ -284,6 +453,16 @@ CREATE POLICY dcf_update_for_active_member ON public.determined_commitment_field
 
 CREATE POLICY "delete own" ON public.agenda_bloqueios FOR DELETE USING ((owner_id = auth.uid()));
 
+CREATE POLICY dev_auditoria_items_saas_admin_all ON public.dev_auditoria_items TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+CREATE POLICY dev_comparison_competitor_status_saas_admin_all ON public.dev_comparison_competitor_status TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+CREATE POLICY dev_comparison_matrix_saas_admin_all ON public.dev_comparison_matrix TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+CREATE POLICY dev_competitor_features_saas_admin_all ON public.dev_competitor_features TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+CREATE POLICY dev_competitors_saas_admin_all ON public.dev_competitors TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
 CREATE POLICY dev_creds_select_saas_admin ON public.dev_user_credentials FOR SELECT TO authenticated USING ((EXISTS ( SELECT 1
    FROM public.profiles p
   WHERE ((p.id = auth.uid()) AND (p.role = 'saas_admin'::text)))));
@@ -294,35 +473,67 @@ CREATE POLICY dev_creds_write_saas_admin ON public.dev_user_credentials TO authe
    FROM public.profiles p
   WHERE ((p.id = auth.uid()) AND (p.role = 'saas_admin'::text)))));
 
+CREATE POLICY dev_generation_log_saas_admin_all ON public.dev_generation_log TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+CREATE POLICY dev_roadmap_items_saas_admin_all ON public.dev_roadmap_items TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+CREATE POLICY dev_roadmap_phases_saas_admin_all ON public.dev_roadmap_phases TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+CREATE POLICY dev_test_items_saas_admin_all ON public.dev_test_items TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+CREATE POLICY dev_verificacoes_items_saas_admin_all ON public.dev_verificacoes_items TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
 CREATE POLICY "dg: generator full access" ON public.document_generated USING ((gerado_por = auth.uid())) WITH CHECK ((gerado_por = auth.uid()));
 
 CREATE POLICY "dg: tenant members can select" ON public.document_generated FOR SELECT USING ((tenant_id IN ( SELECT tm.tenant_id
    FROM public.tenant_members tm
   WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
 
-CREATE POLICY "documents: owner full access" ON public.documents USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
+CREATE POLICY "documents: delete" ON public.documents FOR DELETE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
 
-CREATE POLICY "ds: tenant members access" ON public.document_signatures USING ((tenant_id IN ( SELECT tm.tenant_id
+CREATE POLICY "documents: insert" ON public.documents FOR INSERT TO authenticated WITH CHECK (((owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
    FROM public.tenant_members tm
-  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))) WITH CHECK ((tenant_id IN ( SELECT tm.tenant_id
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "documents: portal patient read" ON public.documents FOR SELECT TO authenticated USING (((compartilhado_portal = true) AND (patient_id IN ( SELECT p.id
+   FROM public.patients p
+  WHERE (p.user_id = auth.uid()))) AND ((expira_compartilhamento IS NULL) OR (expira_compartilhamento > now()))));
+
+CREATE POLICY "documents: select" ON public.documents FOR SELECT TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
    FROM public.tenant_members tm
-  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))));
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
 
-CREATE POLICY "dsl: creator full access" ON public.document_share_links USING ((criado_por = auth.uid())) WITH CHECK ((criado_por = auth.uid()));
+CREATE POLICY "documents: update" ON public.documents FOR UPDATE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((owner_id = auth.uid()) OR public.is_saas_admin()));
 
-CREATE POLICY "dsl: public read by token" ON public.document_share_links FOR SELECT USING (((ativo = true) AND (expira_em > now()) AND (usos < usos_max)));
+CREATE POLICY "ds: delete" ON public.document_signatures FOR DELETE TO authenticated USING (((signatario_id = auth.uid()) OR public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
+
+CREATE POLICY "ds: insert" ON public.document_signatures FOR INSERT TO authenticated WITH CHECK (((tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))) AND ((signatario_id IS NULL) OR (signatario_id = auth.uid()))));
+
+CREATE POLICY "ds: select" ON public.document_signatures FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "ds: update" ON public.document_signatures FOR UPDATE TO authenticated USING (((signatario_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((signatario_id = auth.uid()) OR public.is_saas_admin()));
+
+CREATE POLICY "dsl: creator full access" ON public.document_share_links TO authenticated USING (((criado_por = auth.uid()) OR public.is_saas_admin())) WITH CHECK ((criado_por = auth.uid()));
 
 CREATE POLICY "dt: global templates readable by all" ON public.document_templates FOR SELECT USING ((is_global = true));
 
 CREATE POLICY "dt: owner can delete" ON public.document_templates FOR DELETE USING (((owner_id = auth.uid()) AND (is_global = false)));
 
-CREATE POLICY "dt: owner can insert" ON public.document_templates FOR INSERT WITH CHECK (((owner_id = auth.uid()) AND (is_global = false)));
+CREATE POLICY "dt: owner can insert" ON public.document_templates FOR INSERT TO authenticated WITH CHECK (((is_global = false) AND (owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
 
 CREATE POLICY "dt: owner can update" ON public.document_templates FOR UPDATE USING (((owner_id = auth.uid()) AND (is_global = false))) WITH CHECK (((owner_id = auth.uid()) AND (is_global = false)));
 
 CREATE POLICY "dt: saas admin can delete global" ON public.document_templates FOR DELETE USING (((is_global = true) AND public.is_saas_admin()));
 
-CREATE POLICY "dt: saas admin can insert global" ON public.document_templates FOR INSERT WITH CHECK (((is_global = true) AND public.is_saas_admin()));
+CREATE POLICY "dt: saas admin can insert global" ON public.document_templates FOR INSERT TO authenticated WITH CHECK (((is_global = true) AND public.is_saas_admin()));
 
 CREATE POLICY "dt: saas admin can update global" ON public.document_templates FOR UPDATE USING (((is_global = true) AND public.is_saas_admin())) WITH CHECK (((is_global = true) AND public.is_saas_admin()));
 
@@ -330,47 +541,57 @@ CREATE POLICY "dt: tenant members can select" ON public.document_templates FOR S
    FROM public.tenant_members tm
   WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
 
+CREATE POLICY "email_layout_config: tenant_admin all" ON public.email_layout_config TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text]))))))) WITH CHECK ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
+
+CREATE POLICY "email_templates_tenant: tenant_admin all" ON public.email_templates_tenant TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text]))))))) WITH CHECK ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
+
 CREATE POLICY ent_inv_select_own ON public.entitlements_invalidation FOR SELECT USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
 
 CREATE POLICY ent_inv_update_saas ON public.entitlements_invalidation FOR UPDATE USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
 
 CREATE POLICY ent_inv_write_saas ON public.entitlements_invalidation FOR INSERT WITH CHECK (public.is_saas_admin());
 
-CREATE POLICY faq_admin_write ON public.saas_faq TO authenticated USING ((EXISTS ( SELECT 1
-   FROM public.profiles
-  WHERE ((profiles.id = auth.uid()) AND (profiles.role = ANY (ARRAY['saas_admin'::text, 'tenant_admin'::text, 'clinic_admin'::text]))))));
-
 CREATE POLICY faq_auth_read ON public.saas_faq FOR SELECT TO authenticated USING ((ativo = true));
 
-CREATE POLICY faq_itens_admin_write ON public.saas_faq_itens TO authenticated USING ((EXISTS ( SELECT 1
-   FROM public.profiles
-  WHERE ((profiles.id = auth.uid()) AND (profiles.role = ANY (ARRAY['saas_admin'::text, 'tenant_admin'::text, 'clinic_admin'::text]))))));
-
 CREATE POLICY faq_itens_auth_read ON public.saas_faq_itens FOR SELECT TO authenticated USING (((ativo = true) AND (EXISTS ( SELECT 1
    FROM public.saas_docs d
   WHERE ((d.id = saas_faq_itens.doc_id) AND (d.ativo = true))))));
 
+CREATE POLICY faq_itens_saas_admin_write ON public.saas_faq_itens TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
 CREATE POLICY faq_public_read ON public.saas_faq FOR SELECT USING (((publico = true) AND (ativo = true)));
 
+CREATE POLICY faq_saas_admin_write ON public.saas_faq TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
 CREATE POLICY features_read_authenticated ON public.features FOR SELECT TO authenticated USING (true);
 
 CREATE POLICY features_write_saas_admin ON public.features TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
 
-CREATE POLICY feriados_delete ON public.feriados FOR DELETE USING ((owner_id = auth.uid()));
+CREATE POLICY feriados_delete ON public.feriados FOR DELETE TO authenticated USING (((owner_id = auth.uid()) OR ((tenant_id IS NOT NULL) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text]))))))));
 
 CREATE POLICY feriados_global_select ON public.feriados FOR SELECT USING ((tenant_id IS NULL));
 
-CREATE POLICY feriados_insert ON public.feriados FOR INSERT WITH CHECK ((tenant_id IN ( SELECT tenant_members.tenant_id
-   FROM public.tenant_members
-  WHERE (tenant_members.user_id = auth.uid()))));
+CREATE POLICY feriados_insert ON public.feriados FOR INSERT TO authenticated WITH CHECK (((tenant_id IS NOT NULL) AND (owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
 
 CREATE POLICY feriados_saas_delete ON public.feriados FOR DELETE USING ((EXISTS ( SELECT 1
    FROM public.saas_admins
   WHERE (saas_admins.user_id = auth.uid()))));
 
-CREATE POLICY feriados_saas_insert ON public.feriados FOR INSERT WITH CHECK ((EXISTS ( SELECT 1
-   FROM public.saas_admins
-  WHERE (saas_admins.user_id = auth.uid()))));
+CREATE POLICY feriados_saas_insert ON public.feriados FOR INSERT TO authenticated WITH CHECK (((tenant_id IS NULL) AND (EXISTS ( SELECT 1
+   FROM public.saas_admins sa
+  WHERE (sa.user_id = auth.uid())))));
 
 CREATE POLICY feriados_saas_select ON public.feriados FOR SELECT USING ((EXISTS ( SELECT 1
    FROM public.saas_admins
@@ -406,15 +627,37 @@ CREATE POLICY global_notices_select ON public.global_notices FOR SELECT TO authe
 
 CREATE POLICY "insert own" ON public.agenda_bloqueios FOR INSERT WITH CHECK ((owner_id = auth.uid()));
 
-CREATE POLICY insurance_plan_services_owner ON public.insurance_plan_services USING ((EXISTS ( SELECT 1
+CREATE POLICY "insurance_plan_services: tenant_member" ON public.insurance_plan_services TO authenticated USING ((EXISTS ( SELECT 1
    FROM public.insurance_plans ip
-  WHERE ((ip.id = insurance_plan_services.insurance_plan_id) AND (ip.owner_id = auth.uid()))))) WITH CHECK ((EXISTS ( SELECT 1
+  WHERE ((ip.id = insurance_plan_services.insurance_plan_id) AND ((ip.owner_id = auth.uid()) OR public.is_saas_admin() OR (ip.tenant_id IN ( SELECT tm.tenant_id
+           FROM public.tenant_members tm
+          WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))))))) WITH CHECK ((EXISTS ( SELECT 1
    FROM public.insurance_plans ip
-  WHERE ((ip.id = insurance_plan_services.insurance_plan_id) AND (ip.owner_id = auth.uid())))));
+  WHERE ((ip.id = insurance_plan_services.insurance_plan_id) AND ((ip.owner_id = auth.uid()) OR public.is_saas_admin())))));
 
-CREATE POLICY "insurance_plans: owner full access" ON public.insurance_plans USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
+CREATE POLICY "insurance_plans: delete" ON public.insurance_plans FOR DELETE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
 
-CREATE POLICY "medicos: owner full access" ON public.medicos USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
+CREATE POLICY "insurance_plans: insert" ON public.insurance_plans FOR INSERT TO authenticated WITH CHECK (((owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "insurance_plans: select" ON public.insurance_plans FOR SELECT TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "insurance_plans: update" ON public.insurance_plans FOR UPDATE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+CREATE POLICY "medicos: delete" ON public.medicos FOR DELETE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+CREATE POLICY "medicos: insert" ON public.medicos FOR INSERT TO authenticated WITH CHECK (((owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "medicos: select" ON public.medicos FOR SELECT TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "medicos: update" ON public.medicos FOR UPDATE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((owner_id = auth.uid()) OR public.is_saas_admin()));
 
 CREATE POLICY module_features_read_authenticated ON public.module_features FOR SELECT TO authenticated USING (true);
 
@@ -426,12 +669,32 @@ CREATE POLICY modules_write_saas_admin ON public.modules TO authenticated USING
 
 CREATE POLICY notice_dismissals_own ON public.notice_dismissals TO authenticated USING ((user_id = auth.uid())) WITH CHECK ((user_id = auth.uid()));
 
+CREATE POLICY notif_channels_delete ON public.notification_channels FOR DELETE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+CREATE POLICY notif_channels_insert ON public.notification_channels FOR INSERT TO authenticated WITH CHECK ((public.is_saas_admin() OR ((owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))))));
+
+CREATE POLICY notif_channels_modify ON public.notification_channels FOR UPDATE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+CREATE POLICY notif_channels_select ON public.notification_channels FOR SELECT TO authenticated USING (((deleted_at IS NULL) AND (public.is_saas_admin() OR (owner_id = auth.uid()) OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))))));
+
 CREATE POLICY notif_logs_owner ON public.notification_logs FOR SELECT USING ((owner_id = auth.uid()));
 
+CREATE POLICY notif_logs_tenant_member ON public.notification_logs FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
 CREATE POLICY notif_prefs_owner ON public.notification_preferences USING (((owner_id = auth.uid()) AND (deleted_at IS NULL))) WITH CHECK ((owner_id = auth.uid()));
 
 CREATE POLICY notif_queue_owner ON public.notification_queue FOR SELECT USING ((owner_id = auth.uid()));
 
+CREATE POLICY notif_queue_tenant_member ON public.notification_queue FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
 CREATE POLICY notif_schedules_owner ON public.notification_schedules USING (((owner_id = auth.uid()) AND (deleted_at IS NULL))) WITH CHECK ((owner_id = auth.uid()));
 
 CREATE POLICY notif_templates_admin_all ON public.notification_templates TO authenticated USING ((EXISTS ( SELECT 1
@@ -444,7 +707,33 @@ CREATE POLICY notif_templates_read_global ON public.notification_templates FOR S
 
 CREATE POLICY notif_templates_write_owner ON public.notification_templates TO authenticated USING (((owner_id = auth.uid()) OR public.is_tenant_member(tenant_id))) WITH CHECK (((owner_id = auth.uid()) OR public.is_tenant_member(tenant_id)));
 
-CREATE POLICY notification_channels_owner ON public.notification_channels USING (((owner_id = auth.uid()) AND (deleted_at IS NULL))) WITH CHECK ((owner_id = auth.uid()));
+CREATE POLICY "optout_kw: delete custom" ON public.conversation_optout_keywords FOR DELETE TO authenticated USING (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_optout_keywords.tenant_id) AND (tm.status = 'active'::text)))))));
+
+CREATE POLICY "optout_kw: insert custom" ON public.conversation_optout_keywords FOR INSERT TO authenticated WITH CHECK (((tenant_id IS NOT NULL) AND (is_system = false) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_optout_keywords.tenant_id) AND (tm.status = 'active'::text)))))));
+
+CREATE POLICY "optout_kw: select" ON public.conversation_optout_keywords FOR SELECT TO authenticated USING (((tenant_id IS NULL) OR public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_optout_keywords.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "optout_kw: update/delete custom" ON public.conversation_optout_keywords FOR UPDATE TO authenticated USING (((is_system = false) AND (tenant_id IS NOT NULL) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_optout_keywords.tenant_id) AND (tm.status = 'active'::text)))))));
+
+CREATE POLICY "optouts: insert" ON public.conversation_optouts FOR INSERT TO authenticated WITH CHECK ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_optouts.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "optouts: select" ON public.conversation_optouts FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_optouts.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "optouts: update" ON public.conversation_optouts FOR UPDATE TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = conversation_optouts.tenant_id) AND (tm.status = 'active'::text))))));
 
 CREATE POLICY "owner only" ON public.notifications USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
 
@@ -478,6 +767,8 @@ CREATE POLICY patient_intake_requests_select ON public.patient_intake_requests F
 
 CREATE POLICY patient_intake_requests_write ON public.patient_intake_requests USING ((public.is_clinic_tenant(tenant_id) AND public.is_tenant_member(tenant_id) AND public.tenant_has_feature(tenant_id, 'patients.edit'::text))) WITH CHECK ((public.is_clinic_tenant(tenant_id) AND public.is_tenant_member(tenant_id) AND public.tenant_has_feature(tenant_id, 'patients.edit'::text)));
 
+CREATE POLICY patient_invite_attempts_owner_read ON public.patient_invite_attempts FOR SELECT TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
 CREATE POLICY patient_invites_owner_all ON public.patient_invites TO authenticated USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
 
 CREATE POLICY patient_invites_select ON public.patient_invites FOR SELECT USING ((public.is_clinic_tenant(tenant_id) AND public.is_tenant_member(tenant_id) AND public.tenant_has_feature(tenant_id, 'patients.view'::text)));
@@ -508,17 +799,37 @@ CREATE POLICY patients_update ON public.patients FOR UPDATE USING ((public.is_cl
 
 CREATE POLICY "payment_settings: owner full access" ON public.payment_settings USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
 
+CREATE POLICY "payment_settings: tenant_admin read" ON public.payment_settings FOR SELECT TO authenticated USING (((tenant_id IS NOT NULL) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
+
 CREATE POLICY plan_features_read_authenticated ON public.plan_features FOR SELECT TO authenticated USING (true);
 
 CREATE POLICY plan_features_write_saas_admin ON public.plan_features TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
 
+CREATE POLICY plan_prices_read ON public.plan_prices FOR SELECT TO authenticated USING (true);
+
+CREATE POLICY plan_prices_write ON public.plan_prices TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+CREATE POLICY plan_public_bullets_read_anon ON public.plan_public_bullets FOR SELECT TO authenticated, anon USING (true);
+
+CREATE POLICY plan_public_bullets_write ON public.plan_public_bullets TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+CREATE POLICY plan_public_read_anon ON public.plan_public FOR SELECT TO authenticated, anon USING (true);
+
+CREATE POLICY plan_public_write ON public.plan_public TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
 CREATE POLICY plans_read_authenticated ON public.plans FOR SELECT TO authenticated USING (true);
 
 CREATE POLICY plans_write_saas_admin ON public.plans TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
 
 CREATE POLICY "professional_pricing: owner full access" ON public.professional_pricing USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
 
-CREATE POLICY profiles_insert_own ON public.profiles FOR INSERT WITH CHECK ((id = auth.uid()));
+CREATE POLICY "professional_pricing: tenant_admin read" ON public.professional_pricing FOR SELECT TO authenticated USING ((tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text]))))));
+
+CREATE POLICY profiles_insert_own ON public.profiles FOR INSERT TO authenticated WITH CHECK ((id = auth.uid()));
 
 CREATE POLICY profiles_read_saas_admin ON public.profiles FOR SELECT USING (public.is_saas_admin());
 
@@ -526,6 +837,8 @@ CREATE POLICY profiles_select_own ON public.profiles FOR SELECT USING ((id = aut
 
 CREATE POLICY profiles_update_own ON public.profiles FOR UPDATE USING ((id = auth.uid())) WITH CHECK ((id = auth.uid()));
 
+CREATE POLICY psa_read_saas_admin ON public.public_submission_attempts FOR SELECT TO authenticated USING (public.is_saas_admin());
+
 CREATE POLICY "psc: owner full access" ON public.patient_support_contacts USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
 
 CREATE POLICY psh_insert ON public.patient_status_history FOR INSERT WITH CHECK ((public.is_clinic_tenant(tenant_id) AND public.is_tenant_member(tenant_id) AND public.tenant_has_feature(tenant_id, 'patients.edit'::text)));
@@ -538,12 +851,6 @@ CREATE POLICY pt_select ON public.patient_timeline FOR SELECT USING ((public.is_
 
 CREATE POLICY public_read ON public.login_carousel_slides FOR SELECT USING ((ativo = true));
 
-CREATE POLICY "read features (auth)" ON public.features FOR SELECT TO authenticated USING (true);
-
-CREATE POLICY "read plan_features (auth)" ON public.plan_features FOR SELECT TO authenticated USING (true);
-
-CREATE POLICY "read plans (auth)" ON public.plans FOR SELECT TO authenticated USING (true);
-
 CREATE POLICY recurrence_exceptions_tenant ON public.recurrence_exceptions TO authenticated USING ((tenant_id IN ( SELECT tenant_members.tenant_id
    FROM public.tenant_members
   WHERE (tenant_members.user_id = auth.uid())))) WITH CHECK ((tenant_id IN ( SELECT tenant_members.tenant_id
@@ -572,6 +879,16 @@ CREATE POLICY recurrence_rules_clinic_write ON public.recurrence_rules USING ((p
 
 CREATE POLICY recurrence_rules_owner ON public.recurrence_rules TO authenticated USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
 
+CREATE POLICY "reminder_logs: tenant members select" ON public.session_reminder_logs FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = session_reminder_logs.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "reminder_settings: tenant members all" ON public.session_reminder_settings TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = session_reminder_settings.tenant_id) AND (tm.status = 'active'::text)))))) WITH CHECK ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = session_reminder_settings.tenant_id) AND (tm.status = 'active'::text))))));
+
 CREATE POLICY "saas_admin can read subscription_intents" ON public.subscription_intents_legacy FOR SELECT TO authenticated USING ((EXISTS ( SELECT 1
    FROM public.saas_admins a
   WHERE (a.user_id = auth.uid()))));
@@ -594,11 +911,29 @@ CREATE POLICY saas_admin_full_access ON public.saas_docs TO authenticated USING
 
 CREATE POLICY saas_admins_select_self ON public.saas_admins FOR SELECT TO authenticated USING ((user_id = auth.uid()));
 
+CREATE POLICY saas_security_config_read ON public.saas_security_config FOR SELECT TO authenticated USING (true);
+
+CREATE POLICY saas_security_config_write ON public.saas_security_config FOR UPDATE TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+CREATE POLICY saas_twilio_config_read ON public.saas_twilio_config FOR SELECT TO authenticated USING (public.is_saas_admin());
+
 CREATE POLICY "select own" ON public.agenda_bloqueios FOR SELECT USING ((owner_id = auth.uid()));
 
 CREATE POLICY service_role_manage_usage ON public.twilio_subaccount_usage USING ((auth.role() = 'service_role'::text));
 
-CREATE POLICY "services: owner full access" ON public.services USING ((owner_id = auth.uid())) WITH CHECK ((owner_id = auth.uid()));
+CREATE POLICY "services: delete" ON public.services FOR DELETE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+CREATE POLICY "services: insert" ON public.services FOR INSERT TO authenticated WITH CHECK (((owner_id = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "services: select" ON public.services FOR SELECT TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "services: update" ON public.services FOR UPDATE TO authenticated USING (((owner_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((owner_id = auth.uid()) OR public.is_saas_admin()));
+
+CREATE POLICY srl_read_saas_admin ON public.submission_rate_limits FOR SELECT TO authenticated USING (public.is_saas_admin());
 
 CREATE POLICY subscription_events_read_saas ON public.subscription_events FOR SELECT USING (public.is_saas_admin());
 
@@ -606,9 +941,15 @@ CREATE POLICY subscription_events_write_saas ON public.subscription_events FOR I
 
 CREATE POLICY subscription_intents_insert_own ON public.subscription_intents_legacy FOR INSERT TO authenticated WITH CHECK ((user_id = auth.uid()));
 
+CREATE POLICY subscription_intents_personal_owner ON public.subscription_intents_personal TO authenticated USING (((user_id = auth.uid()) OR public.is_saas_admin())) WITH CHECK (((user_id = auth.uid()) OR public.is_saas_admin()));
+
 CREATE POLICY subscription_intents_select_own ON public.subscription_intents_legacy FOR SELECT TO authenticated USING ((user_id = auth.uid()));
 
-CREATE POLICY "subscriptions read own" ON public.subscriptions FOR SELECT TO authenticated USING ((user_id = auth.uid()));
+CREATE POLICY subscription_intents_tenant_member ON public.subscription_intents_tenant TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text]))))))) WITH CHECK ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text])))))));
 
 CREATE POLICY "subscriptions: read if linked owner_users" ON public.subscriptions FOR SELECT TO authenticated USING ((EXISTS ( SELECT 1
    FROM public.owner_users ou
@@ -616,33 +957,53 @@ CREATE POLICY "subscriptions: read if linked owner_users" ON public.subscription
 
 CREATE POLICY subscriptions_insert_own_personal ON public.subscriptions FOR INSERT TO authenticated WITH CHECK (((user_id = auth.uid()) AND (tenant_id IS NULL)));
 
-CREATE POLICY subscriptions_no_direct_update ON public.subscriptions FOR UPDATE TO authenticated USING (false) WITH CHECK (false);
-
 CREATE POLICY subscriptions_read_own ON public.subscriptions FOR SELECT TO authenticated USING (((user_id = auth.uid()) OR public.is_saas_admin()));
 
 CREATE POLICY subscriptions_select_for_tenant_members ON public.subscriptions FOR SELECT TO authenticated USING (((tenant_id IS NOT NULL) AND (EXISTS ( SELECT 1
    FROM public.tenant_members tm
   WHERE ((tm.tenant_id = subscriptions.tenant_id) AND (tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
 
-CREATE POLICY subscriptions_select_own_personal ON public.subscriptions FOR SELECT TO authenticated USING (((user_id = auth.uid()) AND (tenant_id IS NULL)));
-
 CREATE POLICY subscriptions_update_only_saas_admin ON public.subscriptions FOR UPDATE TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
 
 CREATE POLICY support_sessions_saas_delete ON public.support_sessions FOR DELETE USING (((auth.uid() = admin_id) AND (EXISTS ( SELECT 1
    FROM public.profiles
   WHERE ((profiles.id = auth.uid()) AND (profiles.role = 'saas_admin'::text))))));
 
-CREATE POLICY support_sessions_saas_insert ON public.support_sessions FOR INSERT WITH CHECK (((auth.uid() = admin_id) AND (EXISTS ( SELECT 1
-   FROM public.profiles
-  WHERE ((profiles.id = auth.uid()) AND (profiles.role = 'saas_admin'::text))))));
+CREATE POLICY support_sessions_saas_insert ON public.support_sessions FOR INSERT TO authenticated WITH CHECK (((admin_id = auth.uid()) AND (EXISTS ( SELECT 1
+   FROM public.saas_admins sa
+  WHERE (sa.user_id = auth.uid())))));
 
 CREATE POLICY support_sessions_saas_select ON public.support_sessions FOR SELECT USING (((auth.uid() = admin_id) AND (EXISTS ( SELECT 1
    FROM public.profiles
   WHERE ((profiles.id = auth.uid()) AND (profiles.role = 'saas_admin'::text))))));
 
-CREATE POLICY "tenant manages own overrides" ON public.email_templates_tenant USING ((tenant_id = auth.uid())) WITH CHECK ((tenant_id = auth.uid()));
+CREATE POLICY tenant_feature_exceptions_log_read ON public.tenant_feature_exceptions_log FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
 
-CREATE POLICY "tenant owns email layout config" ON public.email_layout_config USING ((tenant_id = auth.uid())) WITH CHECK ((tenant_id = auth.uid()));
+CREATE POLICY tenant_features_select ON public.tenant_features FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY tenant_features_write_saas_only ON public.tenant_features TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+CREATE POLICY tenant_invites_delete ON public.tenant_invites FOR DELETE TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
+
+CREATE POLICY tenant_invites_insert ON public.tenant_invites FOR INSERT TO authenticated WITH CHECK (((invited_by = auth.uid()) AND (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
+
+CREATE POLICY tenant_invites_select ON public.tenant_invites FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
+
+CREATE POLICY tenant_invites_update ON public.tenant_invites FOR UPDATE TO authenticated USING ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text]))))))) WITH CHECK ((public.is_saas_admin() OR (tenant_id IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND (tm.role = ANY (ARRAY['tenant_admin'::text, 'admin'::text, 'owner'::text])))))));
 
 CREATE POLICY tenant_members_write_saas ON public.tenant_members TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
 
@@ -680,7 +1041,7 @@ CREATE POLICY tm_select_own_membership ON public.tenant_members FOR SELECT TO au
 
 CREATE POLICY "update own" ON public.agenda_bloqueios FOR UPDATE USING ((owner_id = auth.uid()));
 
-CREATE POLICY user_settings_insert_own ON public.user_settings FOR INSERT WITH CHECK ((user_id = auth.uid()));
+CREATE POLICY user_settings_insert_own ON public.user_settings FOR INSERT TO authenticated WITH CHECK ((user_id = auth.uid()));
 
 CREATE POLICY user_settings_select_own ON public.user_settings FOR SELECT USING ((user_id = auth.uid()));
 
@@ -692,6 +1053,28 @@ CREATE POLICY votos_select_own ON public.saas_doc_votos FOR SELECT TO authentica
 
 CREATE POLICY votos_upsert_own ON public.saas_doc_votos TO authenticated USING ((user_id = auth.uid())) WITH CHECK ((user_id = auth.uid()));
 
+CREATE POLICY "wa_credits_balance: select tenant" ON public.whatsapp_credits_balance FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = whatsapp_credits_balance.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "wa_credits_balance: update tenant" ON public.whatsapp_credits_balance FOR UPDATE TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = whatsapp_credits_balance.tenant_id) AND (tm.status = 'active'::text)))))) WITH CHECK ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = whatsapp_credits_balance.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "wa_credits_tx: select tenant" ON public.whatsapp_credits_transactions FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = whatsapp_credits_transactions.tenant_id) AND (tm.status = 'active'::text))))));
+
+CREATE POLICY "wa_packages: manage saas admin" ON public.whatsapp_credit_packages TO authenticated USING (public.is_saas_admin()) WITH CHECK (public.is_saas_admin());
+
+CREATE POLICY "wa_packages: select active" ON public.whatsapp_credit_packages FOR SELECT TO authenticated USING (((is_active = true) OR public.is_saas_admin()));
+
+CREATE POLICY "wa_purchases: select tenant" ON public.whatsapp_credit_purchases FOR SELECT TO authenticated USING ((public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.tenant_id = whatsapp_credit_purchases.tenant_id) AND (tm.status = 'active'::text))))));
+
 CREATE POLICY "Allow authenticated updates" ON storage.objects FOR UPDATE TO authenticated USING ((bucket_id = ANY (ARRAY['avatars'::text, 'logos'::text])));
 
 CREATE POLICY "Allow authenticated uploads" ON storage.objects FOR INSERT TO authenticated WITH CHECK ((bucket_id = ANY (ARRAY['avatars'::text, 'logos'::text])));
@@ -730,25 +1113,31 @@ CREATE POLICY avatars_update_own ON storage.objects FOR UPDATE TO authenticated
 
 CREATE POLICY avatars_update_own_folder ON storage.objects FOR UPDATE USING (((bucket_id = 'avatars'::text) AND (auth.role() = 'authenticated'::text) AND (name ~~ (('owners/'::text || auth.uid()) || '/%'::text)))) WITH CHECK (((bucket_id = 'avatars'::text) AND (auth.role() = 'authenticated'::text) AND (name ~~ (('owners/'::text || auth.uid()) || '/%'::text))));
 
-CREATE POLICY "documents: authenticated delete" ON storage.objects FOR DELETE TO authenticated USING ((bucket_id = 'documents'::text));
+CREATE POLICY "documents: tenant member delete" ON storage.objects FOR DELETE TO authenticated USING (((bucket_id = 'documents'::text) AND (public.is_saas_admin() OR (((storage.foldername(name))[1])::uuid IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))))));
 
-CREATE POLICY "documents: authenticated read" ON storage.objects FOR SELECT TO authenticated USING ((bucket_id = 'documents'::text));
+CREATE POLICY "documents: tenant member read" ON storage.objects FOR SELECT TO authenticated USING (((bucket_id = 'documents'::text) AND (public.is_saas_admin() OR (((storage.foldername(name))[1])::uuid IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))))));
 
-CREATE POLICY "documents: authenticated upload" ON storage.objects FOR INSERT TO authenticated WITH CHECK ((bucket_id = 'documents'::text));
+CREATE POLICY "documents: tenant member upload" ON storage.objects FOR INSERT TO authenticated WITH CHECK (((bucket_id = 'documents'::text) AND (((storage.foldername(name))[1])::uuid IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
 
-CREATE POLICY "generated-docs: authenticated delete" ON storage.objects FOR DELETE TO authenticated USING ((bucket_id = 'generated-docs'::text));
+CREATE POLICY "generated-docs: tenant member delete" ON storage.objects FOR DELETE TO authenticated USING (((bucket_id = 'generated-docs'::text) AND (public.is_saas_admin() OR (((storage.foldername(name))[1])::uuid IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))))));
 
-CREATE POLICY "generated-docs: authenticated read" ON storage.objects FOR SELECT TO authenticated USING ((bucket_id = 'generated-docs'::text));
+CREATE POLICY "generated-docs: tenant member read" ON storage.objects FOR SELECT TO authenticated USING (((bucket_id = 'generated-docs'::text) AND (public.is_saas_admin() OR (((storage.foldername(name))[1])::uuid IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text)))))));
 
-CREATE POLICY "generated-docs: authenticated upload" ON storage.objects FOR INSERT TO authenticated WITH CHECK ((bucket_id = 'generated-docs'::text));
+CREATE POLICY "generated-docs: tenant member upload" ON storage.objects FOR INSERT TO authenticated WITH CHECK (((bucket_id = 'generated-docs'::text) AND (((storage.foldername(name))[1])::uuid IN ( SELECT tm.tenant_id
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text))))));
 
-CREATE POLICY intake_read_anon ON storage.objects FOR SELECT TO anon USING (((bucket_id = 'avatars'::text) AND (name ~~ 'intakes/%'::text)));
-
-CREATE POLICY intake_read_public ON storage.objects FOR SELECT USING (((bucket_id = 'avatars'::text) AND (name ~~ 'intakes/%'::text)));
-
-CREATE POLICY intake_upload_anon ON storage.objects FOR INSERT TO anon WITH CHECK (((bucket_id = 'avatars'::text) AND (name ~~ 'intakes/%'::text)));
-
-CREATE POLICY intake_upload_public ON storage.objects FOR INSERT WITH CHECK (((bucket_id = 'avatars'::text) AND (name ~~ 'intakes/%'::text)));
+CREATE POLICY intake_read_owner_only ON storage.objects FOR SELECT TO authenticated USING (((bucket_id = 'avatars'::text) AND ((storage.foldername(name))[1] = 'intakes'::text)));
 
 CREATE POLICY public_read ON storage.objects FOR SELECT USING ((bucket_id = 'saas-docs'::text));
 
@@ -759,3 +1148,9 @@ CREATE POLICY saas_admin_delete ON storage.objects FOR DELETE TO authenticated U
 CREATE POLICY saas_admin_upload ON storage.objects FOR INSERT TO authenticated WITH CHECK (((bucket_id = 'saas-docs'::text) AND (EXISTS ( SELECT 1
    FROM public.saas_admins
   WHERE (saas_admins.user_id = auth.uid())))));
+
+CREATE POLICY "whatsapp-media: delete saas admin" ON storage.objects FOR DELETE TO authenticated USING (((bucket_id = 'whatsapp-media'::text) AND public.is_saas_admin()));
+
+CREATE POLICY "whatsapp-media: read tenant members" ON storage.objects FOR SELECT TO authenticated USING (((bucket_id = 'whatsapp-media'::text) AND (public.is_saas_admin() OR (EXISTS ( SELECT 1
+   FROM public.tenant_members tm
+  WHERE ((tm.user_id = auth.uid()) AND (tm.status = 'active'::text) AND ((storage.foldername(objects.name))[1] = (tm.tenant_id)::text)))))));
diff --git a/index.html b/index.html
index 2b9450e..c15484e 100644
--- a/index.html
+++ b/index.html
@@ -8,7 +8,8 @@
   <meta name="description" content="Plataforma para gestão clínica e atendimento psicológico." />
   <link rel="icon" href="/favicon.ico" sizes="any" />
   <link rel="preconnect" href="https://fonts.cdnfonts.com" crossorigin />
-  <link href="https://fonts.cdnfonts.com/css/lato?display=swap" rel="stylesheet" />
+  <link rel="preload" as="style" href="https://fonts.cdnfonts.com/css/lato?display=swap" onload="this.onload=null;this.rel='stylesheet'" />
+  <noscript><link href="https://fonts.cdnfonts.com/css/lato?display=swap" rel="stylesheet" /></noscript>
   <link href="/src/main.js" as="script" />
   <meta name="theme-color" content="#fff" />
 </head>
diff --git a/package-lock.json b/package-lock.json
index 4b8f7a8..54307db 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -20,6 +20,7 @@
                 "@supabase/supabase-js": "^2.95.3",
                 "chart.js": "3.3.2",
                 "date-fns": "^4.1.0",
+                "exceljs": "^4.4.0",
                 "html-to-pdfmake": "^2.5.33",
                 "html2canvas-pro": "^2.0.2",
                 "html2pdf.js": "^0.14.0",
@@ -592,6 +593,43 @@
                 "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
             }
         },
+        "node_modules/@fast-csv/format": {
+            "version": "4.3.5",
+            "resolved": "https://registry.npmjs.org/@fast-csv/format/-/format-4.3.5.tgz",
+            "integrity": "sha512-8iRn6QF3I8Ak78lNAa+Gdl5MJJBM5vRHivFtMRUWINdevNo00K7OXxS2PshawLKTejVwieIlPmK5YlLu6w4u8A==",
+            "dependencies": {
+                "@types/node": "^14.0.1",
+                "lodash.escaperegexp": "^4.1.2",
+                "lodash.isboolean": "^3.0.3",
+                "lodash.isequal": "^4.5.0",
+                "lodash.isfunction": "^3.0.9",
+                "lodash.isnil": "^4.0.0"
+            }
+        },
+        "node_modules/@fast-csv/format/node_modules/@types/node": {
+            "version": "14.18.63",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.63.tgz",
+            "integrity": "sha512-fAtCfv4jJg+ExtXhvCkCqUKZ+4ok/JQk01qDKhL5BDDoS3AxKXhV5/MAVUZyQnSEd2GT92fkgZl0pz0Q0AzcIQ=="
+        },
+        "node_modules/@fast-csv/parse": {
+            "version": "4.3.6",
+            "resolved": "https://registry.npmjs.org/@fast-csv/parse/-/parse-4.3.6.tgz",
+            "integrity": "sha512-uRsLYksqpbDmWaSmzvJcuApSEe38+6NQZBUsuAyMZKqHxH0g1wcJgsKUvN3WC8tewaqFjBMMGrkHmC+T7k8LvA==",
+            "dependencies": {
+                "@types/node": "^14.0.1",
+                "lodash.escaperegexp": "^4.1.2",
+                "lodash.groupby": "^4.6.0",
+                "lodash.isfunction": "^3.0.9",
+                "lodash.isnil": "^4.0.0",
+                "lodash.isundefined": "^3.0.1",
+                "lodash.uniq": "^4.5.0"
+            }
+        },
+        "node_modules/@fast-csv/parse/node_modules/@types/node": {
+            "version": "14.18.63",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.63.tgz",
+            "integrity": "sha512-fAtCfv4jJg+ExtXhvCkCqUKZ+4ok/JQk01qDKhL5BDDoS3AxKXhV5/MAVUZyQnSEd2GT92fkgZl0pz0Q0AzcIQ=="
+        },
         "node_modules/@fullcalendar/core": {
             "version": "6.1.20",
             "resolved": "https://registry.npmjs.org/@fullcalendar/core/-/core-6.1.20.tgz",
@@ -2332,6 +2370,70 @@
                 "url": "https://github.com/sponsors/jonschlinkert"
             }
         },
+        "node_modules/archiver": {
+            "version": "5.3.2",
+            "resolved": "https://registry.npmjs.org/archiver/-/archiver-5.3.2.tgz",
+            "integrity": "sha512-+25nxyyznAXF7Nef3y0EbBeqmGZgeN/BxHX29Rs39djAfaFalmQ89SE6CWyDCHzGL0yt/ycBtNOmGTW0FyGWNw==",
+            "dependencies": {
+                "archiver-utils": "^2.1.0",
+                "async": "^3.2.4",
+                "buffer-crc32": "^0.2.1",
+                "readable-stream": "^3.6.0",
+                "readdir-glob": "^1.1.2",
+                "tar-stream": "^2.2.0",
+                "zip-stream": "^4.1.0"
+            },
+            "engines": {
+                "node": ">= 10"
+            }
+        },
+        "node_modules/archiver-utils": {
+            "version": "2.1.0",
+            "resolved": "https://registry.npmjs.org/archiver-utils/-/archiver-utils-2.1.0.tgz",
+            "integrity": "sha512-bEL/yUb/fNNiNTuUz979Z0Yg5L+LzLxGJz8x79lYmR54fmTIb6ob/hNQgkQnIUDWIFjZVQwl9Xs356I6BAMHfw==",
+            "dependencies": {
+                "glob": "^7.1.4",
+                "graceful-fs": "^4.2.0",
+                "lazystream": "^1.0.0",
+                "lodash.defaults": "^4.2.0",
+                "lodash.difference": "^4.5.0",
+                "lodash.flatten": "^4.4.0",
+                "lodash.isplainobject": "^4.0.6",
+                "lodash.union": "^4.6.0",
+                "normalize-path": "^3.0.0",
+                "readable-stream": "^2.0.0"
+            },
+            "engines": {
+                "node": ">= 6"
+            }
+        },
+        "node_modules/archiver-utils/node_modules/readable-stream": {
+            "version": "2.3.8",
+            "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+            "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+            "dependencies": {
+                "core-util-is": "~1.0.0",
+                "inherits": "~2.0.3",
+                "isarray": "~1.0.0",
+                "process-nextick-args": "~2.0.0",
+                "safe-buffer": "~5.1.1",
+                "string_decoder": "~1.1.1",
+                "util-deprecate": "~1.0.1"
+            }
+        },
+        "node_modules/archiver-utils/node_modules/safe-buffer": {
+            "version": "5.1.2",
+            "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+            "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+        },
+        "node_modules/archiver-utils/node_modules/string_decoder": {
+            "version": "1.1.1",
+            "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+            "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+            "dependencies": {
+                "safe-buffer": "~5.1.0"
+            }
+        },
         "node_modules/argparse": {
             "version": "2.0.1",
             "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
@@ -2347,6 +2449,11 @@
                 "node": ">=12"
             }
         },
+        "node_modules/async": {
+            "version": "3.2.6",
+            "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz",
+            "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA=="
+        },
         "node_modules/autoprefixer": {
             "version": "10.4.24",
             "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.24.tgz",
@@ -2386,8 +2493,7 @@
         "node_modules/balanced-match": {
             "version": "1.0.2",
             "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-            "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
-            "dev": true
+            "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
         },
         "node_modules/base64-arraybuffer": {
             "version": "1.0.2",
@@ -2414,6 +2520,26 @@
                 "baseline-browser-mapping": "dist/cli.js"
             }
         },
+        "node_modules/big-integer": {
+            "version": "1.6.52",
+            "resolved": "https://registry.npmjs.org/big-integer/-/big-integer-1.6.52.tgz",
+            "integrity": "sha512-QxD8cf2eVqJOOz63z6JIN9BzvVs/dlySa5HGSBH5xtR8dPteIRQnBxxKqkNTiT6jbDTF6jAfrd4oMcND9RGbQg==",
+            "engines": {
+                "node": ">=0.6"
+            }
+        },
+        "node_modules/binary": {
+            "version": "0.3.0",
+            "resolved": "https://registry.npmjs.org/binary/-/binary-0.3.0.tgz",
+            "integrity": "sha512-D4H1y5KYwpJgK8wk1Cue5LLPgmwHKYSChkbspQg5JtVuR5ulGckxfR62H3AE9UDkdMC8yyXlqYihuz3Aqg2XZg==",
+            "dependencies": {
+                "buffers": "~0.1.1",
+                "chainsaw": "~0.1.0"
+            },
+            "engines": {
+                "node": "*"
+            }
+        },
         "node_modules/binary-extensions": {
             "version": "2.3.0",
             "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz",
@@ -2434,6 +2560,21 @@
                 "url": "https://github.com/sponsors/antfu"
             }
         },
+        "node_modules/bl": {
+            "version": "4.1.0",
+            "resolved": "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz",
+            "integrity": "sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==",
+            "dependencies": {
+                "buffer": "^5.5.0",
+                "inherits": "^2.0.4",
+                "readable-stream": "^3.4.0"
+            }
+        },
+        "node_modules/bluebird": {
+            "version": "3.4.7",
+            "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.4.7.tgz",
+            "integrity": "sha512-iD3898SR7sWVRHbiQv+sHUtHnMvC1o3nW5rAcqnq3uOn07DSAppZYUkIGslDz6gXC7HfunPe7YVBgoEJASPcHA=="
+        },
         "node_modules/boolbase": {
             "version": "1.0.0",
             "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz",
@@ -2444,7 +2585,6 @@
             "version": "1.1.12",
             "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
             "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
-            "dev": true,
             "dependencies": {
                 "balanced-match": "^1.0.0",
                 "concat-map": "0.0.1"
@@ -2522,6 +2662,72 @@
                 "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7"
             }
         },
+        "node_modules/buffer": {
+            "version": "5.7.1",
+            "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz",
+            "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==",
+            "funding": [
+                {
+                    "type": "github",
+                    "url": "https://github.com/sponsors/feross"
+                },
+                {
+                    "type": "patreon",
+                    "url": "https://www.patreon.com/feross"
+                },
+                {
+                    "type": "consulting",
+                    "url": "https://feross.org/support"
+                }
+            ],
+            "dependencies": {
+                "base64-js": "^1.3.1",
+                "ieee754": "^1.1.13"
+            }
+        },
+        "node_modules/buffer-crc32": {
+            "version": "0.2.13",
+            "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz",
+            "integrity": "sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ==",
+            "engines": {
+                "node": "*"
+            }
+        },
+        "node_modules/buffer-indexof-polyfill": {
+            "version": "1.0.2",
+            "resolved": "https://registry.npmjs.org/buffer-indexof-polyfill/-/buffer-indexof-polyfill-1.0.2.tgz",
+            "integrity": "sha512-I7wzHwA3t1/lwXQh+A5PbNvJxgfo5r3xulgpYDB5zckTu/Z9oUK9biouBKQUjEqzaz3HnAT6TYoovmE+GqSf7A==",
+            "engines": {
+                "node": ">=0.10"
+            }
+        },
+        "node_modules/buffer/node_modules/base64-js": {
+            "version": "1.5.1",
+            "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
+            "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==",
+            "funding": [
+                {
+                    "type": "github",
+                    "url": "https://github.com/sponsors/feross"
+                },
+                {
+                    "type": "patreon",
+                    "url": "https://www.patreon.com/feross"
+                },
+                {
+                    "type": "consulting",
+                    "url": "https://feross.org/support"
+                }
+            ]
+        },
+        "node_modules/buffers": {
+            "version": "0.1.1",
+            "resolved": "https://registry.npmjs.org/buffers/-/buffers-0.1.1.tgz",
+            "integrity": "sha512-9q/rDEGSb/Qsvv2qvzIzdluL5k7AaJOTrw23z9reQthrbF7is4CtlT0DXyO1oei2DCp4uojjzQ7igaSHp1kAEQ==",
+            "engines": {
+                "node": ">=0.2.0"
+            }
+        },
         "node_modules/bundle-name": {
             "version": "4.1.0",
             "resolved": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz",
@@ -2594,6 +2800,17 @@
                 "node": ">=18"
             }
         },
+        "node_modules/chainsaw": {
+            "version": "0.1.0",
+            "resolved": "https://registry.npmjs.org/chainsaw/-/chainsaw-0.1.0.tgz",
+            "integrity": "sha512-75kWfWt6MEKNC8xYXIdRpDehRYY/tNSgwKaJq+dbbDcxORuVrrQ+SEHoWsniVn9XPYfP4gmdWIeDk/4YNp1rNQ==",
+            "dependencies": {
+                "traverse": ">=0.3.0 <0.4"
+            },
+            "engines": {
+                "node": "*"
+            }
+        },
         "node_modules/chalk": {
             "version": "4.1.2",
             "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
@@ -2697,11 +2914,24 @@
             "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
             "dev": true
         },
+        "node_modules/compress-commons": {
+            "version": "4.1.2",
+            "resolved": "https://registry.npmjs.org/compress-commons/-/compress-commons-4.1.2.tgz",
+            "integrity": "sha512-D3uMHtGc/fcO1Gt1/L7i1e33VOvD4A9hfQLP+6ewd+BvG/gQ84Yh4oftEhAdjSMgBgwGL+jsppT7JYNpo6MHHg==",
+            "dependencies": {
+                "buffer-crc32": "^0.2.13",
+                "crc32-stream": "^4.0.2",
+                "normalize-path": "^3.0.0",
+                "readable-stream": "^3.6.0"
+            },
+            "engines": {
+                "node": ">= 10"
+            }
+        },
         "node_modules/concat-map": {
             "version": "0.0.1",
             "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
-            "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
-            "dev": true
+            "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg=="
         },
         "node_modules/confbox": {
             "version": "0.1.8",
@@ -2734,6 +2964,34 @@
                 "url": "https://opencollective.com/core-js"
             }
         },
+        "node_modules/core-util-is": {
+            "version": "1.0.3",
+            "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz",
+            "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ=="
+        },
+        "node_modules/crc-32": {
+            "version": "1.2.2",
+            "resolved": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz",
+            "integrity": "sha512-ROmzCKrTnOwybPcJApAA6WBWij23HVfGVNKqqrZpuyZOHqK2CwHSvpGuyt/UNNvaIjEd8X5IFGp4Mh+Ie1IHJQ==",
+            "bin": {
+                "crc32": "bin/crc32.njs"
+            },
+            "engines": {
+                "node": ">=0.8"
+            }
+        },
+        "node_modules/crc32-stream": {
+            "version": "4.0.3",
+            "resolved": "https://registry.npmjs.org/crc32-stream/-/crc32-stream-4.0.3.tgz",
+            "integrity": "sha512-NT7w2JVU7DFroFdYkeq8cywxrgjPHWkdX1wjpRQXPX5Asews3tA+Ght6lddQO5Mkumffp3X7GEqku3epj2toIw==",
+            "dependencies": {
+                "crc-32": "^1.2.0",
+                "readable-stream": "^3.4.0"
+            },
+            "engines": {
+                "node": ">= 10"
+            }
+        },
         "node_modules/cross-spawn": {
             "version": "7.0.6",
             "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
@@ -2782,6 +3040,11 @@
                 "url": "https://github.com/sponsors/kossnocorp"
             }
         },
+        "node_modules/dayjs": {
+            "version": "1.11.20",
+            "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.20.tgz",
+            "integrity": "sha512-YbwwqR/uYpeoP4pu043q+LTDLFBLApUP6VxRihdfNTqu4ubqMlGDLd6ErXhEgsyvY0K6nCs7nggYumAN+9uEuQ=="
+        },
         "node_modules/debug": {
             "version": "4.4.3",
             "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
@@ -2879,6 +3142,41 @@
                 "@types/trusted-types": "^2.0.7"
             }
         },
+        "node_modules/duplexer2": {
+            "version": "0.1.4",
+            "resolved": "https://registry.npmjs.org/duplexer2/-/duplexer2-0.1.4.tgz",
+            "integrity": "sha512-asLFVfWWtJ90ZyOUHMqk7/S2w2guQKxUI2itj3d92ADHhxUSbCMGi1f1cBcJ7xM1To+pE/Khbwo1yuNbMEPKeA==",
+            "dependencies": {
+                "readable-stream": "^2.0.2"
+            }
+        },
+        "node_modules/duplexer2/node_modules/readable-stream": {
+            "version": "2.3.8",
+            "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+            "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+            "dependencies": {
+                "core-util-is": "~1.0.0",
+                "inherits": "~2.0.3",
+                "isarray": "~1.0.0",
+                "process-nextick-args": "~2.0.0",
+                "safe-buffer": "~5.1.1",
+                "string_decoder": "~1.1.1",
+                "util-deprecate": "~1.0.1"
+            }
+        },
+        "node_modules/duplexer2/node_modules/safe-buffer": {
+            "version": "5.1.2",
+            "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+            "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+        },
+        "node_modules/duplexer2/node_modules/string_decoder": {
+            "version": "1.1.1",
+            "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+            "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+            "dependencies": {
+                "safe-buffer": "~5.1.0"
+            }
+        },
         "node_modules/electron-to-chromium": {
             "version": "1.5.286",
             "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.286.tgz",
@@ -2891,6 +3189,14 @@
             "integrity": "sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==",
             "dev": true
         },
+        "node_modules/end-of-stream": {
+            "version": "1.4.5",
+            "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz",
+            "integrity": "sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==",
+            "dependencies": {
+                "once": "^1.4.0"
+            }
+        },
         "node_modules/enhanced-resolve": {
             "version": "5.19.0",
             "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.19.0.tgz",
@@ -3197,6 +3503,25 @@
             "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-5.0.4.tgz",
             "integrity": "sha512-mlsTRyGaPBjPedk6Bvw+aqbsXDtoAyAzm5MO7JgU+yVRyMQ5O8bD4Kcci7BS85f93veegeCPkL8R4GLClnjLFw=="
         },
+        "node_modules/exceljs": {
+            "version": "4.4.0",
+            "resolved": "https://registry.npmjs.org/exceljs/-/exceljs-4.4.0.tgz",
+            "integrity": "sha512-XctvKaEMaj1Ii9oDOqbW/6e1gXknSY4g/aLCDicOXqBE4M0nRWkUu0PTp++UPNzoFY12BNHMfs/VadKIS6llvg==",
+            "dependencies": {
+                "archiver": "^5.0.0",
+                "dayjs": "^1.8.34",
+                "fast-csv": "^4.3.1",
+                "jszip": "^3.10.1",
+                "readable-stream": "^3.6.0",
+                "saxes": "^5.0.1",
+                "tmp": "^0.2.0",
+                "unzipper": "^0.10.11",
+                "uuid": "^8.3.0"
+            },
+            "engines": {
+                "node": ">=8.3.0"
+            }
+        },
         "node_modules/expect-type": {
             "version": "1.3.0",
             "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.3.0.tgz",
@@ -3212,6 +3537,18 @@
             "integrity": "sha512-LmDxfWXwcTArk8fUEnOfSZpHOJ6zOMUJKOtFLFqJLoKJetuQG874Uc7/Kki7zFLzYybmZhp1M7+98pfMqeX8yA==",
             "dev": true
         },
+        "node_modules/fast-csv": {
+            "version": "4.3.6",
+            "resolved": "https://registry.npmjs.org/fast-csv/-/fast-csv-4.3.6.tgz",
+            "integrity": "sha512-2RNSpuwwsJGP0frGsOmTb9oUF+VkFSM4SyLTDgwf2ciHWTarN0lQTC+F2f/t5J9QjW+c65VFIAAu85GsvMIusw==",
+            "dependencies": {
+                "@fast-csv/format": "4.3.5",
+                "@fast-csv/parse": "4.3.6"
+            },
+            "engines": {
+                "node": ">=10.0.0"
+            }
+        },
         "node_modules/fast-deep-equal": {
             "version": "3.1.3",
             "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
@@ -3392,6 +3729,11 @@
                 "url": "https://github.com/sponsors/rawify"
             }
         },
+        "node_modules/fs-constants": {
+            "version": "1.0.0",
+            "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz",
+            "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow=="
+        },
         "node_modules/fs-extra": {
             "version": "10.1.0",
             "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.1.0.tgz",
@@ -3409,8 +3751,7 @@
         "node_modules/fs.realpath": {
             "version": "1.0.0",
             "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
-            "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==",
-            "dev": true
+            "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw=="
         },
         "node_modules/fsevents": {
             "version": "2.3.3",
@@ -3426,6 +3767,33 @@
                 "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
             }
         },
+        "node_modules/fstream": {
+            "version": "1.0.12",
+            "resolved": "https://registry.npmjs.org/fstream/-/fstream-1.0.12.tgz",
+            "integrity": "sha512-WvJ193OHa0GHPEL+AycEJgxvBEwyfRkN1vhjca23OaPVMCaLCXTd5qAu82AjTcgP1UJmytkOKb63Ypde7raDIg==",
+            "deprecated": "This package is no longer supported.",
+            "dependencies": {
+                "graceful-fs": "^4.1.2",
+                "inherits": "~2.0.0",
+                "mkdirp": ">=0.5 0",
+                "rimraf": "2"
+            },
+            "engines": {
+                "node": ">=0.6"
+            }
+        },
+        "node_modules/fstream/node_modules/rimraf": {
+            "version": "2.7.1",
+            "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz",
+            "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==",
+            "deprecated": "Rimraf versions prior to v4 are no longer supported",
+            "dependencies": {
+                "glob": "^7.1.3"
+            },
+            "bin": {
+                "rimraf": "bin.js"
+            }
+        },
         "node_modules/get-caller-file": {
             "version": "2.0.5",
             "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
@@ -3452,7 +3820,6 @@
             "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
             "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
             "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
-            "dev": true,
             "dependencies": {
                 "fs.realpath": "^1.0.0",
                 "inflight": "^1.0.4",
@@ -3498,8 +3865,7 @@
         "node_modules/graceful-fs": {
             "version": "4.2.11",
             "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
-            "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==",
-            "dev": true
+            "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="
         },
         "node_modules/graphemer": {
             "version": "1.4.0",
@@ -3568,6 +3934,25 @@
                 "node": ">=20.0.0"
             }
         },
+        "node_modules/ieee754": {
+            "version": "1.2.1",
+            "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz",
+            "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==",
+            "funding": [
+                {
+                    "type": "github",
+                    "url": "https://github.com/sponsors/feross"
+                },
+                {
+                    "type": "patreon",
+                    "url": "https://www.patreon.com/feross"
+                },
+                {
+                    "type": "consulting",
+                    "url": "https://feross.org/support"
+                }
+            ]
+        },
         "node_modules/ignore": {
             "version": "5.3.2",
             "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
@@ -3577,6 +3962,11 @@
                 "node": ">= 4"
             }
         },
+        "node_modules/immediate": {
+            "version": "3.0.6",
+            "resolved": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz",
+            "integrity": "sha512-XXOFtyqDjNDAQxVfYxuF7g9Il/IbWmmlQg2MYKOH8ExIT1qg6xc4zyS3HaEEATgs1btfzxq15ciUiY7gjSXRGQ=="
+        },
         "node_modules/immutable": {
             "version": "5.1.4",
             "resolved": "https://registry.npmjs.org/immutable/-/immutable-5.1.4.tgz",
@@ -3613,7 +4003,6 @@
             "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
             "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==",
             "deprecated": "This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.",
-            "dev": true,
             "dependencies": {
                 "once": "^1.3.0",
                 "wrappy": "1"
@@ -3622,8 +4011,7 @@
         "node_modules/inherits": {
             "version": "2.0.4",
             "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
-            "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
-            "dev": true
+            "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
         },
         "node_modules/iobuffer": {
             "version": "5.4.0",
@@ -3752,6 +4140,11 @@
                 "url": "https://github.com/sponsors/sindresorhus"
             }
         },
+        "node_modules/isarray": {
+            "version": "1.0.0",
+            "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
+            "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ=="
+        },
         "node_modules/isexe": {
             "version": "2.0.0",
             "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
@@ -3841,6 +4234,49 @@
                 "html2canvas": "^1.0.0-rc.5"
             }
         },
+        "node_modules/jszip": {
+            "version": "3.10.1",
+            "resolved": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz",
+            "integrity": "sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==",
+            "dependencies": {
+                "lie": "~3.3.0",
+                "pako": "~1.0.2",
+                "readable-stream": "~2.3.6",
+                "setimmediate": "^1.0.5"
+            }
+        },
+        "node_modules/jszip/node_modules/pako": {
+            "version": "1.0.11",
+            "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz",
+            "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw=="
+        },
+        "node_modules/jszip/node_modules/readable-stream": {
+            "version": "2.3.8",
+            "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+            "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+            "dependencies": {
+                "core-util-is": "~1.0.0",
+                "inherits": "~2.0.3",
+                "isarray": "~1.0.0",
+                "process-nextick-args": "~2.0.0",
+                "safe-buffer": "~5.1.1",
+                "string_decoder": "~1.1.1",
+                "util-deprecate": "~1.0.1"
+            }
+        },
+        "node_modules/jszip/node_modules/safe-buffer": {
+            "version": "5.1.2",
+            "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+            "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+        },
+        "node_modules/jszip/node_modules/string_decoder": {
+            "version": "1.1.1",
+            "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+            "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+            "dependencies": {
+                "safe-buffer": "~5.1.0"
+            }
+        },
         "node_modules/keyv": {
             "version": "4.5.4",
             "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz",
@@ -3850,6 +4286,44 @@
                 "json-buffer": "3.0.1"
             }
         },
+        "node_modules/lazystream": {
+            "version": "1.0.1",
+            "resolved": "https://registry.npmjs.org/lazystream/-/lazystream-1.0.1.tgz",
+            "integrity": "sha512-b94GiNHQNy6JNTrt5w6zNyffMrNkXZb3KTkCZJb2V1xaEGCk093vkZ2jk3tpaeP33/OiXC+WvK9AxUebnf5nbw==",
+            "dependencies": {
+                "readable-stream": "^2.0.5"
+            },
+            "engines": {
+                "node": ">= 0.6.3"
+            }
+        },
+        "node_modules/lazystream/node_modules/readable-stream": {
+            "version": "2.3.8",
+            "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+            "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+            "dependencies": {
+                "core-util-is": "~1.0.0",
+                "inherits": "~2.0.3",
+                "isarray": "~1.0.0",
+                "process-nextick-args": "~2.0.0",
+                "safe-buffer": "~5.1.1",
+                "string_decoder": "~1.1.1",
+                "util-deprecate": "~1.0.1"
+            }
+        },
+        "node_modules/lazystream/node_modules/safe-buffer": {
+            "version": "5.1.2",
+            "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+            "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+        },
+        "node_modules/lazystream/node_modules/string_decoder": {
+            "version": "1.1.1",
+            "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+            "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+            "dependencies": {
+                "safe-buffer": "~5.1.0"
+            }
+        },
         "node_modules/levn": {
             "version": "0.4.1",
             "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz",
@@ -3863,6 +4337,14 @@
                 "node": ">= 0.8.0"
             }
         },
+        "node_modules/lie": {
+            "version": "3.3.0",
+            "resolved": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz",
+            "integrity": "sha512-UaiMJzeWRlEujzAuw5LokY1L5ecNQYZKfmyZ9L7wDHb/p5etKaxXhohBcrw0EYby+G/NA52vRSN4N39dxHAIwQ==",
+            "dependencies": {
+                "immediate": "~3.0.5"
+            }
+        },
         "node_modules/lightningcss": {
             "version": "1.30.2",
             "resolved": "https://registry.npmjs.org/lightningcss/-/lightningcss-1.30.2.tgz",
@@ -4121,6 +4603,11 @@
                 "unicode-trie": "^2.0.0"
             }
         },
+        "node_modules/listenercount": {
+            "version": "1.0.1",
+            "resolved": "https://registry.npmjs.org/listenercount/-/listenercount-1.0.1.tgz",
+            "integrity": "sha512-3mk/Zag0+IJxeDrxSgaDPy4zZ3w05PRZeJNnlWhzFz5OkX49J4krc+A8X2d2M69vGMBEX0uyl8M+W+8gH+kBqQ=="
+        },
         "node_modules/local-pkg": {
             "version": "0.5.1",
             "resolved": "https://registry.npmjs.org/local-pkg/-/local-pkg-0.5.1.tgz",
@@ -4168,18 +4655,78 @@
             "resolved": "https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz",
             "integrity": "sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ=="
         },
+        "node_modules/lodash.defaults": {
+            "version": "4.2.0",
+            "resolved": "https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz",
+            "integrity": "sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ=="
+        },
+        "node_modules/lodash.difference": {
+            "version": "4.5.0",
+            "resolved": "https://registry.npmjs.org/lodash.difference/-/lodash.difference-4.5.0.tgz",
+            "integrity": "sha512-dS2j+W26TQ7taQBGN8Lbbq04ssV3emRw4NY58WErlTO29pIqS0HmoT5aJ9+TUQ1N3G+JOZSji4eugsWwGp9yPA=="
+        },
+        "node_modules/lodash.escaperegexp": {
+            "version": "4.1.2",
+            "resolved": "https://registry.npmjs.org/lodash.escaperegexp/-/lodash.escaperegexp-4.1.2.tgz",
+            "integrity": "sha512-TM9YBvyC84ZxE3rgfefxUWiQKLilstD6k7PTGt6wfbtXF8ixIJLOL3VYyV/z+ZiPLsVxAsKAFVwWlWeb2Y8Yyw=="
+        },
+        "node_modules/lodash.flatten": {
+            "version": "4.4.0",
+            "resolved": "https://registry.npmjs.org/lodash.flatten/-/lodash.flatten-4.4.0.tgz",
+            "integrity": "sha512-C5N2Z3DgnnKr0LOpv/hKCgKdb7ZZwafIrsesve6lmzvZIRZRGaZ/l6Q8+2W7NaT+ZwO3fFlSCzCzrDCFdJfZ4g=="
+        },
+        "node_modules/lodash.groupby": {
+            "version": "4.6.0",
+            "resolved": "https://registry.npmjs.org/lodash.groupby/-/lodash.groupby-4.6.0.tgz",
+            "integrity": "sha512-5dcWxm23+VAoz+awKmBaiBvzox8+RqMgFhi7UvX9DHZr2HdxHXM/Wrf8cfKpsW37RNrvtPn6hSwNqurSILbmJw=="
+        },
+        "node_modules/lodash.isboolean": {
+            "version": "3.0.3",
+            "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
+            "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg=="
+        },
         "node_modules/lodash.isequal": {
             "version": "4.5.0",
             "resolved": "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz",
             "integrity": "sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ==",
             "deprecated": "This package is deprecated. Use require('node:util').isDeepStrictEqual instead."
         },
+        "node_modules/lodash.isfunction": {
+            "version": "3.0.9",
+            "resolved": "https://registry.npmjs.org/lodash.isfunction/-/lodash.isfunction-3.0.9.tgz",
+            "integrity": "sha512-AirXNj15uRIMMPihnkInB4i3NHeb4iBtNg9WRWuK2o31S+ePwwNmDPaTL3o7dTJ+VXNZim7rFs4rxN4YU1oUJw=="
+        },
+        "node_modules/lodash.isnil": {
+            "version": "4.0.0",
+            "resolved": "https://registry.npmjs.org/lodash.isnil/-/lodash.isnil-4.0.0.tgz",
+            "integrity": "sha512-up2Mzq3545mwVnMhTDMdfoG1OurpA/s5t88JmQX809eH3C8491iu2sfKhTfhQtKY78oPNhiaHJUpT/dUDAAtng=="
+        },
+        "node_modules/lodash.isplainobject": {
+            "version": "4.0.6",
+            "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
+            "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA=="
+        },
+        "node_modules/lodash.isundefined": {
+            "version": "3.0.1",
+            "resolved": "https://registry.npmjs.org/lodash.isundefined/-/lodash.isundefined-3.0.1.tgz",
+            "integrity": "sha512-MXB1is3s899/cD8jheYYE2V9qTHwKvt+npCwpD+1Sxm3Q3cECXCiYHjeHWXNwr6Q0SOBPrYUDxendrO6goVTEA=="
+        },
         "node_modules/lodash.merge": {
             "version": "4.6.2",
             "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz",
             "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==",
             "dev": true
         },
+        "node_modules/lodash.union": {
+            "version": "4.6.0",
+            "resolved": "https://registry.npmjs.org/lodash.union/-/lodash.union-4.6.0.tgz",
+            "integrity": "sha512-c4pB2CdGrGdjMKYLA+XiRDO7Y0PRQbm/Gzg8qMj+QH+pFVAoTp5sBpO0odL3FjoPCGjK96p6qsP+yQoiLoOBcw=="
+        },
+        "node_modules/lodash.uniq": {
+            "version": "4.5.0",
+            "resolved": "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz",
+            "integrity": "sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ=="
+        },
         "node_modules/magic-string": {
             "version": "0.30.21",
             "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz",
@@ -4226,7 +4773,6 @@
             "version": "3.1.2",
             "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
             "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
-            "dev": true,
             "dependencies": {
                 "brace-expansion": "^1.1.7"
             },
@@ -4234,11 +4780,30 @@
                 "node": "*"
             }
         },
+        "node_modules/minimist": {
+            "version": "1.2.8",
+            "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
+            "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
+            "funding": {
+                "url": "https://github.com/sponsors/ljharb"
+            }
+        },
         "node_modules/mitt": {
             "version": "3.0.1",
             "resolved": "https://registry.npmjs.org/mitt/-/mitt-3.0.1.tgz",
             "integrity": "sha512-vKivATfr97l2/QBCYAkXYDbrIWPM2IIKEl7YPhjCvKlG3kE2gm+uBo6nEXK3M5/Ffh/FLpKExzOQ3JJoJGFKBw=="
         },
+        "node_modules/mkdirp": {
+            "version": "0.5.6",
+            "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
+            "integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
+            "dependencies": {
+                "minimist": "^1.2.6"
+            },
+            "bin": {
+                "mkdirp": "bin/cmd.js"
+            }
+        },
         "node_modules/mlly": {
             "version": "1.8.0",
             "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.8.0.tgz",
@@ -4306,7 +4871,6 @@
             "version": "3.0.0",
             "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
             "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
-            "dev": true,
             "engines": {
                 "node": ">=0.10.0"
             }
@@ -4337,7 +4901,6 @@
             "version": "1.4.0",
             "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
             "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
-            "dev": true,
             "dependencies": {
                 "wrappy": "1"
             }
@@ -4444,7 +5007,6 @@
             "version": "1.0.1",
             "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
             "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==",
-            "dev": true,
             "engines": {
                 "node": ">=0.10.0"
             }
@@ -4734,6 +5296,11 @@
                 "node": ">=12.11.0"
             }
         },
+        "node_modules/process-nextick-args": {
+            "version": "2.0.1",
+            "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz",
+            "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag=="
+        },
         "node_modules/punycode": {
             "version": "2.3.1",
             "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
@@ -4815,6 +5382,46 @@
                 "performance-now": "^2.1.0"
             }
         },
+        "node_modules/readable-stream": {
+            "version": "3.6.2",
+            "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz",
+            "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==",
+            "dependencies": {
+                "inherits": "^2.0.3",
+                "string_decoder": "^1.1.1",
+                "util-deprecate": "^1.0.1"
+            },
+            "engines": {
+                "node": ">= 6"
+            }
+        },
+        "node_modules/readdir-glob": {
+            "version": "1.1.3",
+            "resolved": "https://registry.npmjs.org/readdir-glob/-/readdir-glob-1.1.3.tgz",
+            "integrity": "sha512-v05I2k7xN8zXvPD9N+z/uhXPaj0sUFCe2rcWZIpBsqxfP7xXFQ0tipAd/wjj1YxWyWtUS5IDJpOG82JKt2EAVA==",
+            "dependencies": {
+                "minimatch": "^5.1.0"
+            }
+        },
+        "node_modules/readdir-glob/node_modules/brace-expansion": {
+            "version": "2.1.0",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+            "integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
+            "dependencies": {
+                "balanced-match": "^1.0.0"
+            }
+        },
+        "node_modules/readdir-glob/node_modules/minimatch": {
+            "version": "5.1.9",
+            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+            "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
+            "dependencies": {
+                "brace-expansion": "^2.0.1"
+            },
+            "engines": {
+                "node": ">=10"
+            }
+        },
         "node_modules/readdirp": {
             "version": "4.1.2",
             "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.2.tgz",
@@ -4997,6 +5604,25 @@
                 "queue-microtask": "^1.2.2"
             }
         },
+        "node_modules/safe-buffer": {
+            "version": "5.2.1",
+            "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+            "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
+            "funding": [
+                {
+                    "type": "github",
+                    "url": "https://github.com/sponsors/feross"
+                },
+                {
+                    "type": "patreon",
+                    "url": "https://www.patreon.com/feross"
+                },
+                {
+                    "type": "consulting",
+                    "url": "https://feross.org/support"
+                }
+            ]
+        },
         "node_modules/sass": {
             "version": "1.97.3",
             "resolved": "https://registry.npmjs.org/sass/-/sass-1.97.3.tgz",
@@ -5025,6 +5651,17 @@
                 "node": ">=11.0.0"
             }
         },
+        "node_modules/saxes": {
+            "version": "5.0.1",
+            "resolved": "https://registry.npmjs.org/saxes/-/saxes-5.0.1.tgz",
+            "integrity": "sha512-5LBh1Tls8c9xgGjw3QrMwETmTMVk0oFgvrFSvWx62llR2hcEInrKNZ2GZCCuuy2lvWrdl5jhbpeqc5hRYKFOcw==",
+            "dependencies": {
+                "xmlchars": "^2.2.0"
+            },
+            "engines": {
+                "node": ">=10"
+            }
+        },
         "node_modules/scule": {
             "version": "1.3.0",
             "resolved": "https://registry.npmjs.org/scule/-/scule-1.3.0.tgz",
@@ -5043,6 +5680,11 @@
                 "node": ">=10"
             }
         },
+        "node_modules/setimmediate": {
+            "version": "1.0.5",
+            "resolved": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz",
+            "integrity": "sha512-MATJdZp8sLqDl/68LfQmbP8zKPLQNV6BIZoIgrscFDQ+RsvK/BxeDQOgyxKKoh0y/8h3BqVFnCqQ/gd+reiIXA=="
+        },
         "node_modules/shebang-command": {
             "version": "2.0.0",
             "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
@@ -5130,6 +5772,14 @@
             "integrity": "sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==",
             "dev": true
         },
+        "node_modules/string_decoder": {
+            "version": "1.3.0",
+            "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz",
+            "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==",
+            "dependencies": {
+                "safe-buffer": "~5.2.0"
+            }
+        },
         "node_modules/string-width": {
             "version": "7.2.0",
             "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz",
@@ -5283,6 +5933,21 @@
                 "url": "https://opencollective.com/webpack"
             }
         },
+        "node_modules/tar-stream": {
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-2.2.0.tgz",
+            "integrity": "sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==",
+            "dependencies": {
+                "bl": "^4.0.3",
+                "end-of-stream": "^1.4.1",
+                "fs-constants": "^1.0.0",
+                "inherits": "^2.0.3",
+                "readable-stream": "^3.1.1"
+            },
+            "engines": {
+                "node": ">=6"
+            }
+        },
         "node_modules/text-segmentation": {
             "version": "1.0.3",
             "resolved": "https://registry.npmjs.org/text-segmentation/-/text-segmentation-1.0.3.tgz",
@@ -5342,6 +6007,14 @@
                 "node": ">=14.0.0"
             }
         },
+        "node_modules/tmp": {
+            "version": "0.2.5",
+            "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.5.tgz",
+            "integrity": "sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow==",
+            "engines": {
+                "node": ">=14.14"
+            }
+        },
         "node_modules/to-regex-range": {
             "version": "5.0.1",
             "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
@@ -5363,6 +6036,14 @@
                 "node": ">=6"
             }
         },
+        "node_modules/traverse": {
+            "version": "0.3.9",
+            "resolved": "https://registry.npmjs.org/traverse/-/traverse-0.3.9.tgz",
+            "integrity": "sha512-iawgk0hLP3SxGKDfnDJf8wTz4p2qImnyihM5Hh/sGvQ3K37dPi/w8sRhdNIxYA1TwFwc5mDhIJq+O0RsvXBKdQ==",
+            "engines": {
+                "node": "*"
+            }
+        },
         "node_modules/tslib": {
             "version": "2.8.1",
             "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz",
@@ -5723,6 +6404,50 @@
                 "node": ">=8.10.0"
             }
         },
+        "node_modules/unzipper": {
+            "version": "0.10.14",
+            "resolved": "https://registry.npmjs.org/unzipper/-/unzipper-0.10.14.tgz",
+            "integrity": "sha512-ti4wZj+0bQTiX2KmKWuwj7lhV+2n//uXEotUmGuQqrbVZSEGFMbI68+c6JCQ8aAmUWYvtHEz2A8K6wXvueR/6g==",
+            "dependencies": {
+                "big-integer": "^1.6.17",
+                "binary": "~0.3.0",
+                "bluebird": "~3.4.1",
+                "buffer-indexof-polyfill": "~1.0.0",
+                "duplexer2": "~0.1.4",
+                "fstream": "^1.0.12",
+                "graceful-fs": "^4.2.2",
+                "listenercount": "~1.0.1",
+                "readable-stream": "~2.3.6",
+                "setimmediate": "~1.0.4"
+            }
+        },
+        "node_modules/unzipper/node_modules/readable-stream": {
+            "version": "2.3.8",
+            "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+            "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+            "dependencies": {
+                "core-util-is": "~1.0.0",
+                "inherits": "~2.0.3",
+                "isarray": "~1.0.0",
+                "process-nextick-args": "~2.0.0",
+                "safe-buffer": "~5.1.1",
+                "string_decoder": "~1.1.1",
+                "util-deprecate": "~1.0.1"
+            }
+        },
+        "node_modules/unzipper/node_modules/safe-buffer": {
+            "version": "5.1.2",
+            "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+            "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+        },
+        "node_modules/unzipper/node_modules/string_decoder": {
+            "version": "1.1.1",
+            "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+            "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+            "dependencies": {
+                "safe-buffer": "~5.1.0"
+            }
+        },
         "node_modules/update-browserslist-db": {
             "version": "1.2.3",
             "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz",
@@ -5765,8 +6490,7 @@
         "node_modules/util-deprecate": {
             "version": "1.0.2",
             "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
-            "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==",
-            "dev": true
+            "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
         },
         "node_modules/utrie": {
             "version": "1.0.2",
@@ -5776,6 +6500,14 @@
                 "base64-arraybuffer": "^1.0.2"
             }
         },
+        "node_modules/uuid": {
+            "version": "8.3.2",
+            "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
+            "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
+            "bin": {
+                "uuid": "dist/bin/uuid"
+            }
+        },
         "node_modules/v-offline": {
             "version": "3.5.1",
             "resolved": "https://registry.npmjs.org/v-offline/-/v-offline-3.5.1.tgz",
@@ -6619,8 +7351,7 @@
         "node_modules/wrappy": {
             "version": "1.0.2",
             "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
-            "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==",
-            "dev": true
+            "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
         },
         "node_modules/ws": {
             "version": "8.19.0",
@@ -6667,6 +7398,11 @@
                 "node": ">=12"
             }
         },
+        "node_modules/xmlchars": {
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/xmlchars/-/xmlchars-2.2.0.tgz",
+            "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw=="
+        },
         "node_modules/xmldoc": {
             "version": "2.0.3",
             "resolved": "https://registry.npmjs.org/xmldoc/-/xmldoc-2.0.3.tgz",
@@ -6724,6 +7460,39 @@
             "funding": {
                 "url": "https://github.com/sponsors/sindresorhus"
             }
+        },
+        "node_modules/zip-stream": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/zip-stream/-/zip-stream-4.1.1.tgz",
+            "integrity": "sha512-9qv4rlDiopXg4E69k+vMHjNN63YFMe9sZMrdlvKnCjlCRWeCBswPPMPUfx+ipsAWq1LXHe70RcbaHdJJpS6hyQ==",
+            "dependencies": {
+                "archiver-utils": "^3.0.4",
+                "compress-commons": "^4.1.2",
+                "readable-stream": "^3.6.0"
+            },
+            "engines": {
+                "node": ">= 10"
+            }
+        },
+        "node_modules/zip-stream/node_modules/archiver-utils": {
+            "version": "3.0.4",
+            "resolved": "https://registry.npmjs.org/archiver-utils/-/archiver-utils-3.0.4.tgz",
+            "integrity": "sha512-KVgf4XQVrTjhyWmx6cte4RxonPLR9onExufI1jhvw/MQ4BB6IsZD5gT8Lq+u/+pRkWna/6JoHpiQioaqFP5Rzw==",
+            "dependencies": {
+                "glob": "^7.2.3",
+                "graceful-fs": "^4.2.0",
+                "lazystream": "^1.0.0",
+                "lodash.defaults": "^4.2.0",
+                "lodash.difference": "^4.5.0",
+                "lodash.flatten": "^4.4.0",
+                "lodash.isplainobject": "^4.0.6",
+                "lodash.union": "^4.6.0",
+                "normalize-path": "^3.0.0",
+                "readable-stream": "^3.6.0"
+            },
+            "engines": {
+                "node": ">= 10"
+            }
         }
     },
     "dependencies": {
@@ -6985,6 +7754,47 @@
             "integrity": "sha512-d9zaMRSTIKDLhctzH12MtXvJKSSUhaHcjV+2Z+GK+EEY7XKpP5yR4x+N3TAcHTcu963nIr+TMcCb4DBCYX1z6Q==",
             "dev": true
         },
+        "@fast-csv/format": {
+            "version": "4.3.5",
+            "resolved": "https://registry.npmjs.org/@fast-csv/format/-/format-4.3.5.tgz",
+            "integrity": "sha512-8iRn6QF3I8Ak78lNAa+Gdl5MJJBM5vRHivFtMRUWINdevNo00K7OXxS2PshawLKTejVwieIlPmK5YlLu6w4u8A==",
+            "requires": {
+                "@types/node": "^14.0.1",
+                "lodash.escaperegexp": "^4.1.2",
+                "lodash.isboolean": "^3.0.3",
+                "lodash.isequal": "^4.5.0",
+                "lodash.isfunction": "^3.0.9",
+                "lodash.isnil": "^4.0.0"
+            },
+            "dependencies": {
+                "@types/node": {
+                    "version": "14.18.63",
+                    "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.63.tgz",
+                    "integrity": "sha512-fAtCfv4jJg+ExtXhvCkCqUKZ+4ok/JQk01qDKhL5BDDoS3AxKXhV5/MAVUZyQnSEd2GT92fkgZl0pz0Q0AzcIQ=="
+                }
+            }
+        },
+        "@fast-csv/parse": {
+            "version": "4.3.6",
+            "resolved": "https://registry.npmjs.org/@fast-csv/parse/-/parse-4.3.6.tgz",
+            "integrity": "sha512-uRsLYksqpbDmWaSmzvJcuApSEe38+6NQZBUsuAyMZKqHxH0g1wcJgsKUvN3WC8tewaqFjBMMGrkHmC+T7k8LvA==",
+            "requires": {
+                "@types/node": "^14.0.1",
+                "lodash.escaperegexp": "^4.1.2",
+                "lodash.groupby": "^4.6.0",
+                "lodash.isfunction": "^3.0.9",
+                "lodash.isnil": "^4.0.0",
+                "lodash.isundefined": "^3.0.1",
+                "lodash.uniq": "^4.5.0"
+            },
+            "dependencies": {
+                "@types/node": {
+                    "version": "14.18.63",
+                    "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.63.tgz",
+                    "integrity": "sha512-fAtCfv4jJg+ExtXhvCkCqUKZ+4ok/JQk01qDKhL5BDDoS3AxKXhV5/MAVUZyQnSEd2GT92fkgZl0pz0Q0AzcIQ=="
+                }
+            }
+        },
         "@fullcalendar/core": {
             "version": "6.1.20",
             "resolved": "https://registry.npmjs.org/@fullcalendar/core/-/core-6.1.20.tgz",
@@ -8089,6 +8899,66 @@
                 }
             }
         },
+        "archiver": {
+            "version": "5.3.2",
+            "resolved": "https://registry.npmjs.org/archiver/-/archiver-5.3.2.tgz",
+            "integrity": "sha512-+25nxyyznAXF7Nef3y0EbBeqmGZgeN/BxHX29Rs39djAfaFalmQ89SE6CWyDCHzGL0yt/ycBtNOmGTW0FyGWNw==",
+            "requires": {
+                "archiver-utils": "^2.1.0",
+                "async": "^3.2.4",
+                "buffer-crc32": "^0.2.1",
+                "readable-stream": "^3.6.0",
+                "readdir-glob": "^1.1.2",
+                "tar-stream": "^2.2.0",
+                "zip-stream": "^4.1.0"
+            }
+        },
+        "archiver-utils": {
+            "version": "2.1.0",
+            "resolved": "https://registry.npmjs.org/archiver-utils/-/archiver-utils-2.1.0.tgz",
+            "integrity": "sha512-bEL/yUb/fNNiNTuUz979Z0Yg5L+LzLxGJz8x79lYmR54fmTIb6ob/hNQgkQnIUDWIFjZVQwl9Xs356I6BAMHfw==",
+            "requires": {
+                "glob": "^7.1.4",
+                "graceful-fs": "^4.2.0",
+                "lazystream": "^1.0.0",
+                "lodash.defaults": "^4.2.0",
+                "lodash.difference": "^4.5.0",
+                "lodash.flatten": "^4.4.0",
+                "lodash.isplainobject": "^4.0.6",
+                "lodash.union": "^4.6.0",
+                "normalize-path": "^3.0.0",
+                "readable-stream": "^2.0.0"
+            },
+            "dependencies": {
+                "readable-stream": {
+                    "version": "2.3.8",
+                    "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+                    "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+                    "requires": {
+                        "core-util-is": "~1.0.0",
+                        "inherits": "~2.0.3",
+                        "isarray": "~1.0.0",
+                        "process-nextick-args": "~2.0.0",
+                        "safe-buffer": "~5.1.1",
+                        "string_decoder": "~1.1.1",
+                        "util-deprecate": "~1.0.1"
+                    }
+                },
+                "safe-buffer": {
+                    "version": "5.1.2",
+                    "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+                    "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+                },
+                "string_decoder": {
+                    "version": "1.1.1",
+                    "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+                    "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+                    "requires": {
+                        "safe-buffer": "~5.1.0"
+                    }
+                }
+            }
+        },
         "argparse": {
             "version": "2.0.1",
             "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
@@ -8101,6 +8971,11 @@
             "integrity": "sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==",
             "dev": true
         },
+        "async": {
+            "version": "3.2.6",
+            "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz",
+            "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA=="
+        },
         "autoprefixer": {
             "version": "10.4.24",
             "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.24.tgz",
@@ -8117,8 +8992,7 @@
         "balanced-match": {
             "version": "1.0.2",
             "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-            "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
-            "dev": true
+            "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
         },
         "base64-arraybuffer": {
             "version": "1.0.2",
@@ -8136,6 +9010,20 @@
             "integrity": "sha512-ipDqC8FrAl/76p2SSWKSI+H9tFwm7vYqXQrItCuiVPt26Km0jS+NzSsBWAaBusvSbQcfJG+JitdMm+wZAgTYqg==",
             "dev": true
         },
+        "big-integer": {
+            "version": "1.6.52",
+            "resolved": "https://registry.npmjs.org/big-integer/-/big-integer-1.6.52.tgz",
+            "integrity": "sha512-QxD8cf2eVqJOOz63z6JIN9BzvVs/dlySa5HGSBH5xtR8dPteIRQnBxxKqkNTiT6jbDTF6jAfrd4oMcND9RGbQg=="
+        },
+        "binary": {
+            "version": "0.3.0",
+            "resolved": "https://registry.npmjs.org/binary/-/binary-0.3.0.tgz",
+            "integrity": "sha512-D4H1y5KYwpJgK8wk1Cue5LLPgmwHKYSChkbspQg5JtVuR5ulGckxfR62H3AE9UDkdMC8yyXlqYihuz3Aqg2XZg==",
+            "requires": {
+                "buffers": "~0.1.1",
+                "chainsaw": "~0.1.0"
+            }
+        },
         "binary-extensions": {
             "version": "2.3.0",
             "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz",
@@ -8147,6 +9035,21 @@
             "resolved": "https://registry.npmjs.org/birpc/-/birpc-2.9.0.tgz",
             "integrity": "sha512-KrayHS5pBi69Xi9JmvoqrIgYGDkD6mcSe/i6YKi3w5kekCLzrX4+nawcXqrj2tIp50Kw/mT/s3p+GVK0A0sKxw=="
         },
+        "bl": {
+            "version": "4.1.0",
+            "resolved": "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz",
+            "integrity": "sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==",
+            "requires": {
+                "buffer": "^5.5.0",
+                "inherits": "^2.0.4",
+                "readable-stream": "^3.4.0"
+            }
+        },
+        "bluebird": {
+            "version": "3.4.7",
+            "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.4.7.tgz",
+            "integrity": "sha512-iD3898SR7sWVRHbiQv+sHUtHnMvC1o3nW5rAcqnq3uOn07DSAppZYUkIGslDz6gXC7HfunPe7YVBgoEJASPcHA=="
+        },
         "boolbase": {
             "version": "1.0.0",
             "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz",
@@ -8157,7 +9060,6 @@
             "version": "1.1.12",
             "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
             "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
-            "dev": true,
             "requires": {
                 "balanced-match": "^1.0.0",
                 "concat-map": "0.0.1"
@@ -8200,6 +9102,37 @@
                 "update-browserslist-db": "^1.2.0"
             }
         },
+        "buffer": {
+            "version": "5.7.1",
+            "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz",
+            "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==",
+            "requires": {
+                "base64-js": "^1.3.1",
+                "ieee754": "^1.1.13"
+            },
+            "dependencies": {
+                "base64-js": {
+                    "version": "1.5.1",
+                    "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
+                    "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA=="
+                }
+            }
+        },
+        "buffer-crc32": {
+            "version": "0.2.13",
+            "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz",
+            "integrity": "sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ=="
+        },
+        "buffer-indexof-polyfill": {
+            "version": "1.0.2",
+            "resolved": "https://registry.npmjs.org/buffer-indexof-polyfill/-/buffer-indexof-polyfill-1.0.2.tgz",
+            "integrity": "sha512-I7wzHwA3t1/lwXQh+A5PbNvJxgfo5r3xulgpYDB5zckTu/Z9oUK9biouBKQUjEqzaz3HnAT6TYoovmE+GqSf7A=="
+        },
+        "buffers": {
+            "version": "0.1.1",
+            "resolved": "https://registry.npmjs.org/buffers/-/buffers-0.1.1.tgz",
+            "integrity": "sha512-9q/rDEGSb/Qsvv2qvzIzdluL5k7AaJOTrw23z9reQthrbF7is4CtlT0DXyO1oei2DCp4uojjzQ7igaSHp1kAEQ=="
+        },
         "bundle-name": {
             "version": "4.1.0",
             "resolved": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz",
@@ -8243,6 +9176,14 @@
             "integrity": "sha512-NUPRluOfOiTKBKvWPtSD4PhFvWCqOi0BGStNWs57X9js7XGTprSmFoz5F0tWhR4WPjNeR9jXqdC7/UpSJTnlRg==",
             "dev": true
         },
+        "chainsaw": {
+            "version": "0.1.0",
+            "resolved": "https://registry.npmjs.org/chainsaw/-/chainsaw-0.1.0.tgz",
+            "integrity": "sha512-75kWfWt6MEKNC8xYXIdRpDehRYY/tNSgwKaJq+dbbDcxORuVrrQ+SEHoWsniVn9XPYfP4gmdWIeDk/4YNp1rNQ==",
+            "requires": {
+                "traverse": ">=0.3.0 <0.4"
+            }
+        },
         "chalk": {
             "version": "4.1.2",
             "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
@@ -8315,11 +9256,21 @@
             "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
             "dev": true
         },
+        "compress-commons": {
+            "version": "4.1.2",
+            "resolved": "https://registry.npmjs.org/compress-commons/-/compress-commons-4.1.2.tgz",
+            "integrity": "sha512-D3uMHtGc/fcO1Gt1/L7i1e33VOvD4A9hfQLP+6ewd+BvG/gQ84Yh4oftEhAdjSMgBgwGL+jsppT7JYNpo6MHHg==",
+            "requires": {
+                "buffer-crc32": "^0.2.13",
+                "crc32-stream": "^4.0.2",
+                "normalize-path": "^3.0.0",
+                "readable-stream": "^3.6.0"
+            }
+        },
         "concat-map": {
             "version": "0.0.1",
             "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
-            "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
-            "dev": true
+            "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg=="
         },
         "confbox": {
             "version": "0.1.8",
@@ -8341,6 +9292,25 @@
             "integrity": "sha512-es1U2+YTtzpwkxVLwAFdSpaIMyQaq0PBgm3YD1W3Qpsn1NAmO3KSgZfu+oGSWVu6NvLHoHCV/aYcsE5wiB7ALg==",
             "optional": true
         },
+        "core-util-is": {
+            "version": "1.0.3",
+            "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz",
+            "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ=="
+        },
+        "crc-32": {
+            "version": "1.2.2",
+            "resolved": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz",
+            "integrity": "sha512-ROmzCKrTnOwybPcJApAA6WBWij23HVfGVNKqqrZpuyZOHqK2CwHSvpGuyt/UNNvaIjEd8X5IFGp4Mh+Ie1IHJQ=="
+        },
+        "crc32-stream": {
+            "version": "4.0.3",
+            "resolved": "https://registry.npmjs.org/crc32-stream/-/crc32-stream-4.0.3.tgz",
+            "integrity": "sha512-NT7w2JVU7DFroFdYkeq8cywxrgjPHWkdX1wjpRQXPX5Asews3tA+Ght6lddQO5Mkumffp3X7GEqku3epj2toIw==",
+            "requires": {
+                "crc-32": "^1.2.0",
+                "readable-stream": "^3.4.0"
+            }
+        },
         "cross-spawn": {
             "version": "7.0.6",
             "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
@@ -8376,6 +9346,11 @@
             "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-4.1.0.tgz",
             "integrity": "sha512-Ukq0owbQXxa/U3EGtsdVBkR1w7KOQ5gIBqdH2hkvknzZPYvBxb/aa6E8L7tmjFtkwZBu3UXBbjIgPo/Ez4xaNg=="
         },
+        "dayjs": {
+            "version": "1.11.20",
+            "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.20.tgz",
+            "integrity": "sha512-YbwwqR/uYpeoP4pu043q+LTDLFBLApUP6VxRihdfNTqu4ubqMlGDLd6ErXhEgsyvY0K6nCs7nggYumAN+9uEuQ=="
+        },
         "debug": {
             "version": "4.4.3",
             "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
@@ -8441,6 +9416,43 @@
                 "@types/trusted-types": "^2.0.7"
             }
         },
+        "duplexer2": {
+            "version": "0.1.4",
+            "resolved": "https://registry.npmjs.org/duplexer2/-/duplexer2-0.1.4.tgz",
+            "integrity": "sha512-asLFVfWWtJ90ZyOUHMqk7/S2w2guQKxUI2itj3d92ADHhxUSbCMGi1f1cBcJ7xM1To+pE/Khbwo1yuNbMEPKeA==",
+            "requires": {
+                "readable-stream": "^2.0.2"
+            },
+            "dependencies": {
+                "readable-stream": {
+                    "version": "2.3.8",
+                    "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+                    "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+                    "requires": {
+                        "core-util-is": "~1.0.0",
+                        "inherits": "~2.0.3",
+                        "isarray": "~1.0.0",
+                        "process-nextick-args": "~2.0.0",
+                        "safe-buffer": "~5.1.1",
+                        "string_decoder": "~1.1.1",
+                        "util-deprecate": "~1.0.1"
+                    }
+                },
+                "safe-buffer": {
+                    "version": "5.1.2",
+                    "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+                    "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+                },
+                "string_decoder": {
+                    "version": "1.1.1",
+                    "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+                    "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+                    "requires": {
+                        "safe-buffer": "~5.1.0"
+                    }
+                }
+            }
+        },
         "electron-to-chromium": {
             "version": "1.5.286",
             "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.286.tgz",
@@ -8453,6 +9465,14 @@
             "integrity": "sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==",
             "dev": true
         },
+        "end-of-stream": {
+            "version": "1.4.5",
+            "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz",
+            "integrity": "sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==",
+            "requires": {
+                "once": "^1.4.0"
+            }
+        },
         "enhanced-resolve": {
             "version": "5.19.0",
             "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.19.0.tgz",
@@ -8663,6 +9683,22 @@
             "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-5.0.4.tgz",
             "integrity": "sha512-mlsTRyGaPBjPedk6Bvw+aqbsXDtoAyAzm5MO7JgU+yVRyMQ5O8bD4Kcci7BS85f93veegeCPkL8R4GLClnjLFw=="
         },
+        "exceljs": {
+            "version": "4.4.0",
+            "resolved": "https://registry.npmjs.org/exceljs/-/exceljs-4.4.0.tgz",
+            "integrity": "sha512-XctvKaEMaj1Ii9oDOqbW/6e1gXknSY4g/aLCDicOXqBE4M0nRWkUu0PTp++UPNzoFY12BNHMfs/VadKIS6llvg==",
+            "requires": {
+                "archiver": "^5.0.0",
+                "dayjs": "^1.8.34",
+                "fast-csv": "^4.3.1",
+                "jszip": "^3.10.1",
+                "readable-stream": "^3.6.0",
+                "saxes": "^5.0.1",
+                "tmp": "^0.2.0",
+                "unzipper": "^0.10.11",
+                "uuid": "^8.3.0"
+            }
+        },
         "expect-type": {
             "version": "1.3.0",
             "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.3.0.tgz",
@@ -8675,6 +9711,15 @@
             "integrity": "sha512-LmDxfWXwcTArk8fUEnOfSZpHOJ6zOMUJKOtFLFqJLoKJetuQG874Uc7/Kki7zFLzYybmZhp1M7+98pfMqeX8yA==",
             "dev": true
         },
+        "fast-csv": {
+            "version": "4.3.6",
+            "resolved": "https://registry.npmjs.org/fast-csv/-/fast-csv-4.3.6.tgz",
+            "integrity": "sha512-2RNSpuwwsJGP0frGsOmTb9oUF+VkFSM4SyLTDgwf2ciHWTarN0lQTC+F2f/t5J9QjW+c65VFIAAu85GsvMIusw==",
+            "requires": {
+                "@fast-csv/format": "4.3.5",
+                "@fast-csv/parse": "4.3.6"
+            }
+        },
         "fast-deep-equal": {
             "version": "3.1.3",
             "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
@@ -8819,6 +9864,11 @@
             "integrity": "sha512-1X1NTtiJphryn/uLQz3whtY6jK3fTqoE3ohKs0tT+Ujr1W59oopxmoEh7Lu5p6vBaPbgoM0bzveAW4Qi5RyWDQ==",
             "dev": true
         },
+        "fs-constants": {
+            "version": "1.0.0",
+            "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz",
+            "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow=="
+        },
         "fs-extra": {
             "version": "10.1.0",
             "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.1.0.tgz",
@@ -8833,8 +9883,7 @@
         "fs.realpath": {
             "version": "1.0.0",
             "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
-            "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==",
-            "dev": true
+            "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw=="
         },
         "fsevents": {
             "version": "2.3.3",
@@ -8843,6 +9892,27 @@
             "dev": true,
             "optional": true
         },
+        "fstream": {
+            "version": "1.0.12",
+            "resolved": "https://registry.npmjs.org/fstream/-/fstream-1.0.12.tgz",
+            "integrity": "sha512-WvJ193OHa0GHPEL+AycEJgxvBEwyfRkN1vhjca23OaPVMCaLCXTd5qAu82AjTcgP1UJmytkOKb63Ypde7raDIg==",
+            "requires": {
+                "graceful-fs": "^4.1.2",
+                "inherits": "~2.0.0",
+                "mkdirp": ">=0.5 0",
+                "rimraf": "2"
+            },
+            "dependencies": {
+                "rimraf": {
+                    "version": "2.7.1",
+                    "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz",
+                    "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==",
+                    "requires": {
+                        "glob": "^7.1.3"
+                    }
+                }
+            }
+        },
         "get-caller-file": {
             "version": "2.0.5",
             "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
@@ -8859,7 +9929,6 @@
             "version": "7.2.3",
             "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
             "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
-            "dev": true,
             "requires": {
                 "fs.realpath": "^1.0.0",
                 "inflight": "^1.0.4",
@@ -8890,8 +9959,7 @@
         "graceful-fs": {
             "version": "4.2.11",
             "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
-            "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==",
-            "dev": true
+            "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="
         },
         "graphemer": {
             "version": "1.4.0",
@@ -8948,12 +10016,22 @@
             "resolved": "https://registry.npmjs.org/iceberg-js/-/iceberg-js-0.8.1.tgz",
             "integrity": "sha512-1dhVQZXhcHje7798IVM+xoo/1ZdVfzOMIc8/rgVSijRK38EDqOJoGula9N/8ZI5RD8QTxNQtK/Gozpr+qUqRRA=="
         },
+        "ieee754": {
+            "version": "1.2.1",
+            "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz",
+            "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA=="
+        },
         "ignore": {
             "version": "5.3.2",
             "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
             "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
             "dev": true
         },
+        "immediate": {
+            "version": "3.0.6",
+            "resolved": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz",
+            "integrity": "sha512-XXOFtyqDjNDAQxVfYxuF7g9Il/IbWmmlQg2MYKOH8ExIT1qg6xc4zyS3HaEEATgs1btfzxq15ciUiY7gjSXRGQ=="
+        },
         "immutable": {
             "version": "5.1.4",
             "resolved": "https://registry.npmjs.org/immutable/-/immutable-5.1.4.tgz",
@@ -8980,7 +10058,6 @@
             "version": "1.0.6",
             "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
             "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==",
-            "dev": true,
             "requires": {
                 "once": "^1.3.0",
                 "wrappy": "1"
@@ -8989,8 +10066,7 @@
         "inherits": {
             "version": "2.0.4",
             "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
-            "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
-            "dev": true
+            "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
         },
         "iobuffer": {
             "version": "5.4.0",
@@ -9068,6 +10144,11 @@
                 "is-inside-container": "^1.0.0"
             }
         },
+        "isarray": {
+            "version": "1.0.0",
+            "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
+            "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ=="
+        },
         "isexe": {
             "version": "2.0.0",
             "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
@@ -9147,6 +10228,51 @@
                 "html2canvas": "^1.0.0-rc.5"
             }
         },
+        "jszip": {
+            "version": "3.10.1",
+            "resolved": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz",
+            "integrity": "sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==",
+            "requires": {
+                "lie": "~3.3.0",
+                "pako": "~1.0.2",
+                "readable-stream": "~2.3.6",
+                "setimmediate": "^1.0.5"
+            },
+            "dependencies": {
+                "pako": {
+                    "version": "1.0.11",
+                    "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz",
+                    "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw=="
+                },
+                "readable-stream": {
+                    "version": "2.3.8",
+                    "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+                    "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+                    "requires": {
+                        "core-util-is": "~1.0.0",
+                        "inherits": "~2.0.3",
+                        "isarray": "~1.0.0",
+                        "process-nextick-args": "~2.0.0",
+                        "safe-buffer": "~5.1.1",
+                        "string_decoder": "~1.1.1",
+                        "util-deprecate": "~1.0.1"
+                    }
+                },
+                "safe-buffer": {
+                    "version": "5.1.2",
+                    "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+                    "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+                },
+                "string_decoder": {
+                    "version": "1.1.1",
+                    "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+                    "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+                    "requires": {
+                        "safe-buffer": "~5.1.0"
+                    }
+                }
+            }
+        },
         "keyv": {
             "version": "4.5.4",
             "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz",
@@ -9156,6 +10282,43 @@
                 "json-buffer": "3.0.1"
             }
         },
+        "lazystream": {
+            "version": "1.0.1",
+            "resolved": "https://registry.npmjs.org/lazystream/-/lazystream-1.0.1.tgz",
+            "integrity": "sha512-b94GiNHQNy6JNTrt5w6zNyffMrNkXZb3KTkCZJb2V1xaEGCk093vkZ2jk3tpaeP33/OiXC+WvK9AxUebnf5nbw==",
+            "requires": {
+                "readable-stream": "^2.0.5"
+            },
+            "dependencies": {
+                "readable-stream": {
+                    "version": "2.3.8",
+                    "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+                    "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+                    "requires": {
+                        "core-util-is": "~1.0.0",
+                        "inherits": "~2.0.3",
+                        "isarray": "~1.0.0",
+                        "process-nextick-args": "~2.0.0",
+                        "safe-buffer": "~5.1.1",
+                        "string_decoder": "~1.1.1",
+                        "util-deprecate": "~1.0.1"
+                    }
+                },
+                "safe-buffer": {
+                    "version": "5.1.2",
+                    "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+                    "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+                },
+                "string_decoder": {
+                    "version": "1.1.1",
+                    "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+                    "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+                    "requires": {
+                        "safe-buffer": "~5.1.0"
+                    }
+                }
+            }
+        },
         "levn": {
             "version": "0.4.1",
             "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz",
@@ -9166,6 +10329,14 @@
                 "type-check": "~0.4.0"
             }
         },
+        "lie": {
+            "version": "3.3.0",
+            "resolved": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz",
+            "integrity": "sha512-UaiMJzeWRlEujzAuw5LokY1L5ecNQYZKfmyZ9L7wDHb/p5etKaxXhohBcrw0EYby+G/NA52vRSN4N39dxHAIwQ==",
+            "requires": {
+                "immediate": "~3.0.5"
+            }
+        },
         "lightningcss": {
             "version": "1.30.2",
             "resolved": "https://registry.npmjs.org/lightningcss/-/lightningcss-1.30.2.tgz",
@@ -9272,6 +10443,11 @@
                 "unicode-trie": "^2.0.0"
             }
         },
+        "listenercount": {
+            "version": "1.0.1",
+            "resolved": "https://registry.npmjs.org/listenercount/-/listenercount-1.0.1.tgz",
+            "integrity": "sha512-3mk/Zag0+IJxeDrxSgaDPy4zZ3w05PRZeJNnlWhzFz5OkX49J4krc+A8X2d2M69vGMBEX0uyl8M+W+8gH+kBqQ=="
+        },
         "local-pkg": {
             "version": "0.5.1",
             "resolved": "https://registry.npmjs.org/local-pkg/-/local-pkg-0.5.1.tgz",
@@ -9307,17 +10483,77 @@
             "resolved": "https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz",
             "integrity": "sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ=="
         },
+        "lodash.defaults": {
+            "version": "4.2.0",
+            "resolved": "https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz",
+            "integrity": "sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ=="
+        },
+        "lodash.difference": {
+            "version": "4.5.0",
+            "resolved": "https://registry.npmjs.org/lodash.difference/-/lodash.difference-4.5.0.tgz",
+            "integrity": "sha512-dS2j+W26TQ7taQBGN8Lbbq04ssV3emRw4NY58WErlTO29pIqS0HmoT5aJ9+TUQ1N3G+JOZSji4eugsWwGp9yPA=="
+        },
+        "lodash.escaperegexp": {
+            "version": "4.1.2",
+            "resolved": "https://registry.npmjs.org/lodash.escaperegexp/-/lodash.escaperegexp-4.1.2.tgz",
+            "integrity": "sha512-TM9YBvyC84ZxE3rgfefxUWiQKLilstD6k7PTGt6wfbtXF8ixIJLOL3VYyV/z+ZiPLsVxAsKAFVwWlWeb2Y8Yyw=="
+        },
+        "lodash.flatten": {
+            "version": "4.4.0",
+            "resolved": "https://registry.npmjs.org/lodash.flatten/-/lodash.flatten-4.4.0.tgz",
+            "integrity": "sha512-C5N2Z3DgnnKr0LOpv/hKCgKdb7ZZwafIrsesve6lmzvZIRZRGaZ/l6Q8+2W7NaT+ZwO3fFlSCzCzrDCFdJfZ4g=="
+        },
+        "lodash.groupby": {
+            "version": "4.6.0",
+            "resolved": "https://registry.npmjs.org/lodash.groupby/-/lodash.groupby-4.6.0.tgz",
+            "integrity": "sha512-5dcWxm23+VAoz+awKmBaiBvzox8+RqMgFhi7UvX9DHZr2HdxHXM/Wrf8cfKpsW37RNrvtPn6hSwNqurSILbmJw=="
+        },
+        "lodash.isboolean": {
+            "version": "3.0.3",
+            "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
+            "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg=="
+        },
         "lodash.isequal": {
             "version": "4.5.0",
             "resolved": "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz",
             "integrity": "sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ=="
         },
+        "lodash.isfunction": {
+            "version": "3.0.9",
+            "resolved": "https://registry.npmjs.org/lodash.isfunction/-/lodash.isfunction-3.0.9.tgz",
+            "integrity": "sha512-AirXNj15uRIMMPihnkInB4i3NHeb4iBtNg9WRWuK2o31S+ePwwNmDPaTL3o7dTJ+VXNZim7rFs4rxN4YU1oUJw=="
+        },
+        "lodash.isnil": {
+            "version": "4.0.0",
+            "resolved": "https://registry.npmjs.org/lodash.isnil/-/lodash.isnil-4.0.0.tgz",
+            "integrity": "sha512-up2Mzq3545mwVnMhTDMdfoG1OurpA/s5t88JmQX809eH3C8491iu2sfKhTfhQtKY78oPNhiaHJUpT/dUDAAtng=="
+        },
+        "lodash.isplainobject": {
+            "version": "4.0.6",
+            "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
+            "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA=="
+        },
+        "lodash.isundefined": {
+            "version": "3.0.1",
+            "resolved": "https://registry.npmjs.org/lodash.isundefined/-/lodash.isundefined-3.0.1.tgz",
+            "integrity": "sha512-MXB1is3s899/cD8jheYYE2V9qTHwKvt+npCwpD+1Sxm3Q3cECXCiYHjeHWXNwr6Q0SOBPrYUDxendrO6goVTEA=="
+        },
         "lodash.merge": {
             "version": "4.6.2",
             "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz",
             "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==",
             "dev": true
         },
+        "lodash.union": {
+            "version": "4.6.0",
+            "resolved": "https://registry.npmjs.org/lodash.union/-/lodash.union-4.6.0.tgz",
+            "integrity": "sha512-c4pB2CdGrGdjMKYLA+XiRDO7Y0PRQbm/Gzg8qMj+QH+pFVAoTp5sBpO0odL3FjoPCGjK96p6qsP+yQoiLoOBcw=="
+        },
+        "lodash.uniq": {
+            "version": "4.5.0",
+            "resolved": "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz",
+            "integrity": "sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ=="
+        },
         "magic-string": {
             "version": "0.30.21",
             "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz",
@@ -9354,16 +10590,28 @@
             "version": "3.1.2",
             "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
             "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
-            "dev": true,
             "requires": {
                 "brace-expansion": "^1.1.7"
             }
         },
+        "minimist": {
+            "version": "1.2.8",
+            "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
+            "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA=="
+        },
         "mitt": {
             "version": "3.0.1",
             "resolved": "https://registry.npmjs.org/mitt/-/mitt-3.0.1.tgz",
             "integrity": "sha512-vKivATfr97l2/QBCYAkXYDbrIWPM2IIKEl7YPhjCvKlG3kE2gm+uBo6nEXK3M5/Ffh/FLpKExzOQ3JJoJGFKBw=="
         },
+        "mkdirp": {
+            "version": "0.5.6",
+            "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
+            "integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
+            "requires": {
+                "minimist": "^1.2.6"
+            }
+        },
         "mlly": {
             "version": "1.8.0",
             "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.8.0.tgz",
@@ -9415,8 +10663,7 @@
         "normalize-path": {
             "version": "3.0.0",
             "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
-            "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
-            "dev": true
+            "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA=="
         },
         "nth-check": {
             "version": "2.1.1",
@@ -9437,7 +10684,6 @@
             "version": "1.4.0",
             "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
             "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
-            "dev": true,
             "requires": {
                 "wrappy": "1"
             }
@@ -9516,8 +10762,7 @@
         "path-is-absolute": {
             "version": "1.0.1",
             "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
-            "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==",
-            "dev": true
+            "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg=="
         },
         "path-key": {
             "version": "3.1.1",
@@ -9715,6 +10960,11 @@
                 "@primevue/icons": "4.5.4"
             }
         },
+        "process-nextick-args": {
+            "version": "2.0.1",
+            "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz",
+            "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag=="
+        },
         "punycode": {
             "version": "2.3.1",
             "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
@@ -9763,6 +11013,42 @@
                 "performance-now": "^2.1.0"
             }
         },
+        "readable-stream": {
+            "version": "3.6.2",
+            "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz",
+            "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==",
+            "requires": {
+                "inherits": "^2.0.3",
+                "string_decoder": "^1.1.1",
+                "util-deprecate": "^1.0.1"
+            }
+        },
+        "readdir-glob": {
+            "version": "1.1.3",
+            "resolved": "https://registry.npmjs.org/readdir-glob/-/readdir-glob-1.1.3.tgz",
+            "integrity": "sha512-v05I2k7xN8zXvPD9N+z/uhXPaj0sUFCe2rcWZIpBsqxfP7xXFQ0tipAd/wjj1YxWyWtUS5IDJpOG82JKt2EAVA==",
+            "requires": {
+                "minimatch": "^5.1.0"
+            },
+            "dependencies": {
+                "brace-expansion": {
+                    "version": "2.1.0",
+                    "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+                    "integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
+                    "requires": {
+                        "balanced-match": "^1.0.0"
+                    }
+                },
+                "minimatch": {
+                    "version": "5.1.9",
+                    "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+                    "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
+                    "requires": {
+                        "brace-expansion": "^2.0.1"
+                    }
+                }
+            }
+        },
         "readdirp": {
             "version": "4.1.2",
             "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.2.tgz",
@@ -9874,6 +11160,11 @@
                 "queue-microtask": "^1.2.2"
             }
         },
+        "safe-buffer": {
+            "version": "5.2.1",
+            "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+            "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="
+        },
         "sass": {
             "version": "1.97.3",
             "resolved": "https://registry.npmjs.org/sass/-/sass-1.97.3.tgz",
@@ -9891,6 +11182,14 @@
             "resolved": "https://registry.npmjs.org/sax/-/sax-1.6.0.tgz",
             "integrity": "sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA=="
         },
+        "saxes": {
+            "version": "5.0.1",
+            "resolved": "https://registry.npmjs.org/saxes/-/saxes-5.0.1.tgz",
+            "integrity": "sha512-5LBh1Tls8c9xgGjw3QrMwETmTMVk0oFgvrFSvWx62llR2hcEInrKNZ2GZCCuuy2lvWrdl5jhbpeqc5hRYKFOcw==",
+            "requires": {
+                "xmlchars": "^2.2.0"
+            }
+        },
         "scule": {
             "version": "1.3.0",
             "resolved": "https://registry.npmjs.org/scule/-/scule-1.3.0.tgz",
@@ -9903,6 +11202,11 @@
             "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
             "dev": true
         },
+        "setimmediate": {
+            "version": "1.0.5",
+            "resolved": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz",
+            "integrity": "sha512-MATJdZp8sLqDl/68LfQmbP8zKPLQNV6BIZoIgrscFDQ+RsvK/BxeDQOgyxKKoh0y/8h3BqVFnCqQ/gd+reiIXA=="
+        },
         "shebang-command": {
             "version": "2.0.0",
             "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
@@ -9969,6 +11273,14 @@
             "integrity": "sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==",
             "dev": true
         },
+        "string_decoder": {
+            "version": "1.3.0",
+            "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz",
+            "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==",
+            "requires": {
+                "safe-buffer": "~5.2.0"
+            }
+        },
         "string-width": {
             "version": "7.2.0",
             "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz",
@@ -10070,6 +11382,18 @@
             "integrity": "sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg==",
             "dev": true
         },
+        "tar-stream": {
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-2.2.0.tgz",
+            "integrity": "sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==",
+            "requires": {
+                "bl": "^4.0.3",
+                "end-of-stream": "^1.4.1",
+                "fs-constants": "^1.0.0",
+                "inherits": "^2.0.3",
+                "readable-stream": "^3.1.1"
+            }
+        },
         "text-segmentation": {
             "version": "1.0.3",
             "resolved": "https://registry.npmjs.org/text-segmentation/-/text-segmentation-1.0.3.tgz",
@@ -10117,6 +11441,11 @@
             "integrity": "sha512-PSkbLUoxOFRzJYjjxHJt9xro7D+iilgMX/C9lawzVuYiIdcihh9DXmVibBe8lmcFrRi/VzlPjBxbN7rH24q8/Q==",
             "dev": true
         },
+        "tmp": {
+            "version": "0.2.5",
+            "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.5.tgz",
+            "integrity": "sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow=="
+        },
         "to-regex-range": {
             "version": "5.0.1",
             "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
@@ -10132,6 +11461,11 @@
             "integrity": "sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ==",
             "dev": true
         },
+        "traverse": {
+            "version": "0.3.9",
+            "resolved": "https://registry.npmjs.org/traverse/-/traverse-0.3.9.tgz",
+            "integrity": "sha512-iawgk0hLP3SxGKDfnDJf8wTz4p2qImnyihM5Hh/sGvQ3K37dPi/w8sRhdNIxYA1TwFwc5mDhIJq+O0RsvXBKdQ=="
+        },
         "tslib": {
             "version": "2.8.1",
             "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz",
@@ -10394,6 +11728,52 @@
                 }
             }
         },
+        "unzipper": {
+            "version": "0.10.14",
+            "resolved": "https://registry.npmjs.org/unzipper/-/unzipper-0.10.14.tgz",
+            "integrity": "sha512-ti4wZj+0bQTiX2KmKWuwj7lhV+2n//uXEotUmGuQqrbVZSEGFMbI68+c6JCQ8aAmUWYvtHEz2A8K6wXvueR/6g==",
+            "requires": {
+                "big-integer": "^1.6.17",
+                "binary": "~0.3.0",
+                "bluebird": "~3.4.1",
+                "buffer-indexof-polyfill": "~1.0.0",
+                "duplexer2": "~0.1.4",
+                "fstream": "^1.0.12",
+                "graceful-fs": "^4.2.2",
+                "listenercount": "~1.0.1",
+                "readable-stream": "~2.3.6",
+                "setimmediate": "~1.0.4"
+            },
+            "dependencies": {
+                "readable-stream": {
+                    "version": "2.3.8",
+                    "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+                    "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+                    "requires": {
+                        "core-util-is": "~1.0.0",
+                        "inherits": "~2.0.3",
+                        "isarray": "~1.0.0",
+                        "process-nextick-args": "~2.0.0",
+                        "safe-buffer": "~5.1.1",
+                        "string_decoder": "~1.1.1",
+                        "util-deprecate": "~1.0.1"
+                    }
+                },
+                "safe-buffer": {
+                    "version": "5.1.2",
+                    "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+                    "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+                },
+                "string_decoder": {
+                    "version": "1.1.1",
+                    "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+                    "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+                    "requires": {
+                        "safe-buffer": "~5.1.0"
+                    }
+                }
+            }
+        },
         "update-browserslist-db": {
             "version": "1.2.3",
             "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz",
@@ -10416,8 +11796,7 @@
         "util-deprecate": {
             "version": "1.0.2",
             "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
-            "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==",
-            "dev": true
+            "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
         },
         "utrie": {
             "version": "1.0.2",
@@ -10427,6 +11806,11 @@
                 "base64-arraybuffer": "^1.0.2"
             }
         },
+        "uuid": {
+            "version": "8.3.2",
+            "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
+            "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg=="
+        },
         "v-offline": {
             "version": "3.5.1",
             "resolved": "https://registry.npmjs.org/v-offline/-/v-offline-3.5.1.tgz",
@@ -10821,8 +12205,7 @@
         "wrappy": {
             "version": "1.0.2",
             "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
-            "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==",
-            "dev": true
+            "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
         },
         "ws": {
             "version": "8.19.0",
@@ -10846,6 +12229,11 @@
             "integrity": "sha512-ICP2e+jsHvAj2E2lIHxa5tjXRlKDJo4IdvPvCXbXQGdzSfmSpNVyIKMvoZHjDY9DP0zV17iI85o90vRFXNccRw==",
             "dev": true
         },
+        "xmlchars": {
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/xmlchars/-/xmlchars-2.2.0.tgz",
+            "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw=="
+        },
         "xmldoc": {
             "version": "2.0.3",
             "resolved": "https://registry.npmjs.org/xmldoc/-/xmldoc-2.0.3.tgz",
@@ -10885,6 +12273,35 @@
             "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
             "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==",
             "dev": true
+        },
+        "zip-stream": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/zip-stream/-/zip-stream-4.1.1.tgz",
+            "integrity": "sha512-9qv4rlDiopXg4E69k+vMHjNN63YFMe9sZMrdlvKnCjlCRWeCBswPPMPUfx+ipsAWq1LXHe70RcbaHdJJpS6hyQ==",
+            "requires": {
+                "archiver-utils": "^3.0.4",
+                "compress-commons": "^4.1.2",
+                "readable-stream": "^3.6.0"
+            },
+            "dependencies": {
+                "archiver-utils": {
+                    "version": "3.0.4",
+                    "resolved": "https://registry.npmjs.org/archiver-utils/-/archiver-utils-3.0.4.tgz",
+                    "integrity": "sha512-KVgf4XQVrTjhyWmx6cte4RxonPLR9onExufI1jhvw/MQ4BB6IsZD5gT8Lq+u/+pRkWna/6JoHpiQioaqFP5Rzw==",
+                    "requires": {
+                        "glob": "^7.2.3",
+                        "graceful-fs": "^4.2.0",
+                        "lazystream": "^1.0.0",
+                        "lodash.defaults": "^4.2.0",
+                        "lodash.difference": "^4.5.0",
+                        "lodash.flatten": "^4.4.0",
+                        "lodash.isplainobject": "^4.0.6",
+                        "lodash.union": "^4.6.0",
+                        "normalize-path": "^3.0.0",
+                        "readable-stream": "^3.6.0"
+                    }
+                }
+            }
         }
     }
 }
diff --git a/package.json b/package.json
index f125d82..41a31e7 100644
--- a/package.json
+++ b/package.json
@@ -28,6 +28,7 @@
         "@supabase/supabase-js": "^2.95.3",
         "chart.js": "3.3.2",
         "date-fns": "^4.1.0",
+        "exceljs": "^4.4.0",
         "html-to-pdfmake": "^2.5.33",
         "html2canvas-pro": "^2.0.2",
         "html2pdf.js": "^0.14.0",
diff --git a/src/assets/styles.scss b/src/assets/styles.scss
index 178081f..f404423 100644
--- a/src/assets/styles.scss
+++ b/src/assets/styles.scss
@@ -293,3 +293,52 @@
 .fc-timegrid-more-link {
     box-shadow: 0 0 0 1px #000000;
 }
+
+/* ── Subheader padrão (cfg-subheader) ───────────────────────────
+   Header canônico usado nas páginas SaaS e de configurações.
+   Referência: SaasAddonsPage, SaasNotificationTemplatesPage. */
+.cfg-subheader {
+    display: flex;
+    align-items: center;
+    gap: 0.65rem;
+    padding: 0.875rem 1rem;
+    border-radius: 6px;
+    border: 1px solid color-mix(in srgb, var(--primary-color, #6366f1) 30%, transparent);
+    background: linear-gradient(135deg, color-mix(in srgb, var(--primary-color, #6366f1) 12%, var(--surface-card)) 0%, color-mix(in srgb, var(--primary-color, #6366f1) 4%, var(--surface-card)) 60%, var(--surface-card) 100%);
+    position: relative;
+    overflow: hidden;
+}
+.cfg-subheader::before {
+    content: '';
+    position: absolute;
+    top: -20px;
+    right: -20px;
+    width: 80px;
+    height: 80px;
+    border-radius: 50%;
+    background: color-mix(in srgb, var(--primary-color, #6366f1) 15%, transparent);
+    filter: blur(20px);
+    pointer-events: none;
+}
+.cfg-subheader__icon {
+    display: grid;
+    place-items: center;
+    width: 2rem;
+    height: 2rem;
+    border-radius: 6px;
+    flex-shrink: 0;
+    background: color-mix(in srgb, var(--primary-color, #6366f1) 20%, transparent);
+    color: var(--primary-color, #6366f1);
+    font-size: 0.85rem;
+}
+.cfg-subheader__title {
+    font-size: 0.95rem;
+    font-weight: 700;
+    letter-spacing: -0.01em;
+    color: var(--primary-color, #6366f1);
+}
+.cfg-subheader__sub {
+    font-size: 0.75rem;
+    color: var(--text-color-secondary);
+    opacity: 0.85;
+}
diff --git a/src/components/ComponentCadastroRapido.vue b/src/components/ComponentCadastroRapido.vue
index d0dc414..e2d6db5 100644
--- a/src/components/ComponentCadastroRapido.vue
+++ b/src/components/ComponentCadastroRapido.vue
@@ -86,6 +86,9 @@ const props = defineProps({
 
     extraPayload: { type: Object, default: () => ({}) },
 
+    // Pré-preenchimento (usado ao converter número desconhecido em paciente, etc)
+    initialData: { type: Object, default: () => ({}) },
+
     closeOnCreated: { type: Boolean, default: true },
     resetOnOpen: { type: Boolean, default: true }
 });
@@ -120,9 +123,10 @@ watch(
 );
 
 function reset() {
-    form.nome_completo = '';
-    form.email_principal = '';
-    form.telefone = '';
+    const init = props.initialData || {};
+    form.nome_completo = init.nome_completo ?? '';
+    form.email_principal = init.email_principal ?? '';
+    form.telefone = init.telefone ?? '';
 }
 
 function close() {
diff --git a/src/components/agenda/AgendaSlotsPorDiaCard.vue b/src/components/agenda/AgendaSlotsPorDiaCard.vue
index 01c6ba3..763dc50 100644
--- a/src/components/agenda/AgendaSlotsPorDiaCard.vue
+++ b/src/components/agenda/AgendaSlotsPorDiaCard.vue
@@ -20,7 +20,7 @@ import TabView from 'primevue/tabview';
 import TabPanel from 'primevue/tabpanel';
 import Dropdown from 'primevue/dropdown';
 import InputNumber from 'primevue/inputnumber';
-import InputSwitch from 'primevue/inputswitch';
+import ToggleSwitch from 'primevue/toggleswitch';
 import { useToast } from 'primevue/usetoast';
 
 import { fetchSlotsRegras, upsertSlotRegra } from '@/services/agendaConfigService';
@@ -142,7 +142,7 @@ onMounted(load);
                 <TabPanel v-for="d in diasSemana" :key="d.value" :header="d.label">
                     <div class="grid grid-cols-12 gap-4">
                         <div class="col-span-12 flex items-center gap-3">
-                            <InputSwitch v-model="model[d.value].ativo" />
+                            <ToggleSwitch v-model="model[d.value].ativo" />
                             <div>
                                 <div class="text-900 font-medium">Ativo</div>
                                 <div class="text-600 text-sm">Se desligado, o online não oferece horários nesse dia.</div>
diff --git a/src/components/conversations/ConversationDrawer.vue b/src/components/conversations/ConversationDrawer.vue
new file mode 100644
index 0000000..33b459e
--- /dev/null
+++ b/src/components/conversations/ConversationDrawer.vue
@@ -0,0 +1,1177 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI — Drawer global de conversa
+|--------------------------------------------------------------------------
+| Uso: <ConversationDrawer /> no AppLayout. Controlado via store:
+|   const store = useConversationDrawerStore();
+|   store.openForPatient(patientId);
+|   store.openForThread(thread);
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, computed, nextTick, watch, onMounted, onBeforeUnmount } from 'vue';
+import { useToast } from 'primevue/usetoast';
+import { useConfirm } from 'primevue/useconfirm';
+import { useConversationDrawerStore } from '@/stores/conversationDrawerStore';
+import { useConversationNotes } from '@/composables/useConversationNotes';
+import { useConversationTags } from '@/composables/useConversationTags';
+import { useConversationAssignment } from '@/composables/useConversationAssignment';
+import { supabase } from '@/lib/supabase/client';
+import ComponentCadastroRapido from '@/components/ComponentCadastroRapido.vue';
+
+const toast = useToast();
+const confirm = useConfirm();
+const store = useConversationDrawerStore();
+const notesApi = useConversationNotes();
+const tagsApi = useConversationTags();
+const assignApi = useConversationAssignment();
+const tagsPopover = ref(null);
+
+// ── Current user (pra saber se pode editar/deletar notas próprias) ────
+const currentUserId = ref(null);
+supabase.auth.getUser().then(({ data }) => { currentUserId.value = data?.user?.id ?? null; });
+
+// ── Notas internas ────────────────────────────────────────────
+const notesOpen = ref(false);
+const newNoteText = ref('');
+const editingNoteId = ref(null);
+const editingText = ref('');
+
+// ── Converter número desconhecido em paciente (CRM 3.5) ────
+const quickPatientDialog = ref(false);
+const linkPatientDialog = ref(false);
+const linkPatientOptions = ref([]);
+const linkPatientLoading = ref(false);
+const linkPatientSelected = ref(null);
+const linkingPatient = ref(false);
+
+// Strip "55" DDI prefix se tiver (InputMask espera 10-11 dígitos BR)
+function phoneForForm(raw) {
+    const d = String(raw || '').replace(/\D/g, '');
+    if (d.length === 13 && d.startsWith('55')) return d.slice(2);
+    if (d.length === 12 && d.startsWith('55')) return d.slice(2);
+    return d;
+}
+
+function openConvertToPatient() {
+    quickPatientDialog.value = true;
+}
+
+function openLinkPatient() {
+    linkPatientSelected.value = null;
+    linkPatientDialog.value = true;
+    loadPatients();
+}
+
+async function loadPatients() {
+    const tenantId = store.thread?.tenant_id;
+    if (!tenantId) return;
+    linkPatientLoading.value = true;
+    try {
+        // Carrega todos os pacientes do tenant (até 500) — filter é client-side
+        const { data, error } = await supabase
+            .from('patients')
+            .select('id, nome_completo, telefone, email_principal, status')
+            .eq('tenant_id', tenantId)
+            .order('nome_completo', { ascending: true })
+            .limit(500);
+        if (error) throw error;
+        // Formata label combinado pra filter achar
+        linkPatientOptions.value = (data || []).map((p) => ({
+            ...p,
+            _label: `${p.nome_completo}${p.telefone ? ' · ' + formatPhoneShort(p.telefone) : ''}${p.email_principal ? ' · ' + p.email_principal : ''}`
+        }));
+    } catch (e) {
+        console.error('[ConversationDrawer] load patients:', e?.message);
+        linkPatientOptions.value = [];
+        toast.add({ severity: 'error', summary: 'Erro', detail: 'Falha ao carregar pacientes: ' + e?.message, life: 4000 });
+    } finally {
+        linkPatientLoading.value = false;
+    }
+}
+
+async function confirmLinkPatient() {
+    const patient = linkPatientSelected.value;
+    if (!patient?.id || !store.thread?.contact_number) return;
+    linkingPatient.value = true;
+    try {
+        const phone = store.thread.contact_number;
+        const tenantId = store.thread.tenant_id;
+
+        // 1) Vincula conversation_messages
+        const { error } = await supabase
+            .from('conversation_messages')
+            .update({ patient_id: patient.id })
+            .or(`from_number.eq.${phone},to_number.eq.${phone}`)
+            .is('patient_id', null);
+        if (error) throw error;
+
+        // 2) Adiciona telefone WhatsApp no contact_phones (se não existir ainda)
+        await upsertWhatsappForExisting(tenantId, patient.id, phone);
+
+        store.thread.patient_id = patient.id;
+        store.thread.patient_name = patient.nome_completo;
+        store.thread.thread_key = patient.id;
+        for (const m of store.messages) {
+            if (!m.patient_id) m.patient_id = patient.id;
+        }
+        linkPatientDialog.value = false;
+        toast.add({
+            severity: 'success',
+            summary: 'Conversa vinculada',
+            detail: `${patient.nome_completo} agora está ligado a essa conversa. Número salvo como WhatsApp (vinculado).`,
+            life: 3500
+        });
+    } catch (e) {
+        toast.add({ severity: 'error', summary: 'Erro ao vincular', detail: e?.message, life: 4000 });
+    } finally {
+        linkingPatient.value = false;
+    }
+}
+
+// Helper: adiciona telefone WhatsApp (vinculado) ao paciente existente.
+// Se já tem um telefone com o mesmo número, só marca como vinculado em vez de duplicar.
+async function upsertWhatsappForExisting(tenantId, patientId, threadPhone) {
+    if (!tenantId || !patientId || !threadPhone) return;
+    try {
+        const phoneDigits = String(threadPhone).replace(/\D/g, '');
+
+        // Busca se já tem esse número cadastrado
+        const { data: existing } = await supabase
+            .from('contact_phones')
+            .select('id, contact_type_id, whatsapp_linked_at')
+            .eq('entity_type', 'patient')
+            .eq('entity_id', patientId)
+            .eq('number', phoneDigits)
+            .limit(1)
+            .maybeSingle();
+
+        if (existing) {
+            // Atualiza vinculado_at se ainda não tinha
+            if (!existing.whatsapp_linked_at) {
+                await supabase
+                    .from('contact_phones')
+                    .update({ whatsapp_linked_at: new Date().toISOString() })
+                    .eq('id', existing.id);
+            }
+            return;
+        }
+
+        // Não tem — cria novo com type='whatsapp'
+        const { data: types } = await supabase
+            .from('contact_types')
+            .select('id, slug')
+            .is('tenant_id', null)
+            .eq('slug', 'whatsapp')
+            .maybeSingle();
+        const whatsappTypeId = types?.id;
+        if (!whatsappTypeId) return;
+
+        await supabase.from('contact_phones').insert({
+            tenant_id: tenantId,
+            entity_type: 'patient',
+            entity_id: patientId,
+            contact_type_id: whatsappTypeId,
+            number: phoneDigits,
+            is_primary: false,
+            whatsapp_linked_at: new Date().toISOString(),
+            position: 100
+        });
+    } catch (e) {
+        console.warn('[ConversationDrawer] upsert whatsapp contact_phones:', e?.message);
+    }
+}
+
+function formatPhoneShort(p) {
+    const s = String(p || '').replace(/\D/g, '');
+    if (s.length === 11) return `(${s.slice(0, 2)}) ${s.slice(2, 7)}-${s.slice(7)}`;
+    if (s.length === 10) return `(${s.slice(0, 2)}) ${s.slice(2, 6)}-${s.slice(6)}`;
+    if (s.length === 13 && s.startsWith('55')) return `(${s.slice(2, 4)}) ${s.slice(4, 9)}-${s.slice(9)}`;
+    return p;
+}
+
+// Após criar paciente: vincula conversation_messages + registra telefone WhatsApp em contact_phones
+async function onPatientCreated(row) {
+    const newPatientId = row?.id;
+    const phone = store.thread?.contact_number;
+    const tenantId = store.thread?.tenant_id;
+    if (!newPatientId || !phone) {
+        toast.add({ severity: 'warn', summary: 'Paciente criado', detail: 'Mas não foi possível vincular a conversa. Recarregue.', life: 4000 });
+        return;
+    }
+    try {
+        // 1) Vincula TODAS as mensagens do thread (anon) a esse patient_id
+        const { error: msgErr } = await supabase
+            .from('conversation_messages')
+            .update({ patient_id: newPatientId })
+            .or(`from_number.eq.${phone},to_number.eq.${phone}`)
+            .is('patient_id', null);
+        if (msgErr) throw msgErr;
+
+        // 2) Insere telefone WhatsApp em contact_phones (se ainda não tem)
+        //    O Celular primary já foi criado pelo trigger quando cadastrou via ComponentCadastroRapido? NÃO.
+        //    ComponentCadastroRapido insere em patients.telefone direto. Vou adicionar contact_phones AGORA.
+        await insertWhatsappContactPhone(tenantId, newPatientId, phone, row.telefone);
+
+        // 3) Atualiza o store localmente (thread_key vai mudar pra UUID)
+        store.thread.patient_id = newPatientId;
+        store.thread.patient_name = row.nome_completo || row.nome || null;
+        store.thread.thread_key = newPatientId;
+        for (const m of store.messages) {
+            if (!m.patient_id) m.patient_id = newPatientId;
+        }
+        toast.add({
+            severity: 'success',
+            summary: 'Paciente criado e vinculado',
+            detail: `${store.thread.patient_name} agora está ligado a essa conversa.`,
+            life: 3500
+        });
+    } catch (e) {
+        toast.add({ severity: 'error', summary: 'Erro ao vincular', detail: e?.message || 'Falha ao atualizar mensagens', life: 4000 });
+    }
+}
+
+// Helper: insere entries em contact_phones pra novo paciente criado via ComponentCadastroRapido.
+// 1) Celular (primary) = telefone do form (se tiver, já diferente do whatsapp)
+// 2) WhatsApp com whatsapp_linked_at = phone da thread (se não for igual ao celular)
+async function insertWhatsappContactPhone(tenantId, patientId, threadPhone, formPhone) {
+    if (!tenantId || !patientId || !threadPhone) return;
+    try {
+        // Busca tipos system
+        const { data: types } = await supabase
+            .from('contact_types')
+            .select('id, slug')
+            .is('tenant_id', null);
+        const celularType = types?.find((t) => t.slug === 'celular');
+        const whatsappType = types?.find((t) => t.slug === 'whatsapp');
+
+        const phoneDigits = String(threadPhone).replace(/\D/g, '');
+        const formDigits = String(formPhone || '').replace(/\D/g, '');
+        // formPhone vem do quick create sem DDI (10-11 dig); threadPhone com DDI (13 dig).
+        // Normaliza: remove DDI 55 pra comparar
+        const formNoDdi = formDigits.length >= 12 && formDigits.startsWith('55') ? formDigits.slice(2) : formDigits;
+        const threadNoDdi = phoneDigits.length >= 12 && phoneDigits.startsWith('55') ? phoneDigits.slice(2) : phoneDigits;
+
+        const rows = [];
+
+        // Celular primary (from form — o que o user digitou no cadastro rápido)
+        if (celularType && formDigits && formDigits.length >= 8) {
+            rows.push({
+                tenant_id: tenantId,
+                entity_type: 'patient',
+                entity_id: patientId,
+                contact_type_id: celularType.id,
+                number: formDigits.length < 12 ? '55' + formDigits : formDigits, // garante DDI
+                is_primary: true,
+                position: 10
+            });
+        }
+
+        // WhatsApp linked (from thread) — só se diferente do celular
+        if (whatsappType && phoneDigits && formNoDdi !== threadNoDdi) {
+            rows.push({
+                tenant_id: tenantId,
+                entity_type: 'patient',
+                entity_id: patientId,
+                contact_type_id: whatsappType.id,
+                number: phoneDigits,
+                is_primary: false,
+                whatsapp_linked_at: new Date().toISOString(),
+                position: 20
+            });
+        } else if (whatsappType && phoneDigits && formNoDdi === threadNoDdi && rows.length > 0) {
+            // Mesmo número → marca o celular como também vinculado WhatsApp
+            rows[0].whatsapp_linked_at = new Date().toISOString();
+        }
+
+        if (rows.length > 0) {
+            await supabase.from('contact_phones').insert(rows);
+        }
+    } catch (e) {
+        console.warn('[ConversationDrawer] insert whatsapp contact_phones:', e?.message);
+        // Não bloqueia o fluxo — paciente já foi criado
+    }
+}
+
+// ── Resolução de URLs de mídia ─────────────────────────────
+// Mensagens de WhatsApp vêm com media_url em dois formatos:
+//  1) URL externa (http/https) — Twilio e outras; usa direto
+//  2) Path interno do bucket privado whatsapp-media — precisa signed URL
+const mediaUrls = ref({}); // { [msgId]: resolvedUrl }
+
+async function ensureMediaUrl(m) {
+    if (!m?.id || !m.media_url) return;
+    if (mediaUrls.value[m.id]) return;
+    const raw = m.media_url;
+    if (/^https?:\/\//i.test(raw)) {
+        mediaUrls.value[m.id] = raw;
+        return;
+    }
+    // Path interno — gera signed URL (expira em 1h, re-resolvido ao reabrir drawer)
+    const { data, error } = await supabase.storage.from('whatsapp-media').createSignedUrl(raw, 3600);
+    if (error) {
+        console.error('[ConversationDrawer] signed URL error:', error.message);
+        mediaUrls.value[m.id] = null;
+        return;
+    }
+    mediaUrls.value[m.id] = data?.signedUrl || null;
+}
+
+const composeText = ref('');
+const composeTextareaRef = ref(null);
+const messagesContainerRef = ref(null);
+const templatesPopover = ref(null);
+const emojiPopover = ref(null);
+
+const isOpen = computed({
+    get: () => store.isOpen,
+    set: (v) => { if (!v) store.close(); }
+});
+
+const KANBAN_COLUMNS = [
+    { key: 'urgent', label: 'Urgente', icon: 'pi pi-exclamation-triangle' },
+    { key: 'awaiting_us', label: 'Aguardando resposta', icon: 'pi pi-inbox' },
+    { key: 'awaiting_patient', label: 'Aguardando paciente', icon: 'pi pi-hourglass' },
+    { key: 'resolved', label: 'Resolvido', icon: 'pi pi-check' }
+];
+
+// ── Formatters ─────────────────────────────────────────────
+function fmtDateTime(iso) {
+    if (!iso) return '';
+    return new Date(iso).toLocaleString('pt-BR', {
+        day: '2-digit', month: '2-digit', year: 'numeric',
+        hour: '2-digit', minute: '2-digit'
+    });
+}
+
+function channelIcon(ch) {
+    const map = { whatsapp: 'pi-whatsapp', sms: 'pi-comment', email: 'pi-envelope' };
+    return map[ch] || 'pi-comment';
+}
+
+function isImage(mime) { return !!mime && mime.startsWith('image/'); }
+function isAudio(mime) { return !!mime && mime.startsWith('audio/'); }
+function isVideo(mime) { return !!mime && mime.startsWith('video/'); }
+
+function contactLabel() {
+    return store.thread?.patient_name || store.thread?.contact_number || 'Desconhecido';
+}
+
+function whatsappLink() {
+    const num = (store.thread?.contact_number || '').replace(/\D/g, '');
+    if (!num) return '';
+    return `https://wa.me/${num}`;
+}
+
+// ── Auto-scroll ────────────────────────────────────────────
+function scrollToBottom() {
+    nextTick(() => {
+        const el = messagesContainerRef.value;
+        if (el) el.scrollTop = el.scrollHeight;
+    });
+}
+
+watch(() => store.messages.length, () => {
+    if (store.isOpen) scrollToBottom();
+    // Resolve URLs de novas mensagens com mídia
+    for (const m of store.messages) {
+        if (m.media_url && !mediaUrls.value[m.id]) ensureMediaUrl(m);
+    }
+});
+watch(() => store.isOpen, (open) => {
+    if (open) {
+        composeText.value = '';
+        scrollToBottom();
+        // Re-resolve URLs ao abrir (signed URLs podem ter expirado)
+        mediaUrls.value = {};
+        for (const m of store.messages) {
+            if (m.media_url) ensureMediaUrl(m);
+        }
+        // Carrega notas, tags e atribuição da thread
+        if (store.thread?.thread_key) {
+            notesApi.load(store.thread.thread_key);
+            tagsApi.loadAllTags();
+            tagsApi.loadForThread(store.thread.thread_key);
+            assignApi.loadMembers().then(() => assignApi.load(store.thread.thread_key));
+        }
+    } else {
+        notesApi.clear();
+        tagsApi.clear();
+        assignApi.clear();
+        notesOpen.value = false;
+        editingNoteId.value = null;
+    }
+});
+
+// Recarrega notas + tags + atribuição ao trocar de thread sem fechar drawer
+watch(() => store.thread?.thread_key, (key) => {
+    if (key && store.isOpen) {
+        notesApi.load(key);
+        tagsApi.loadForThread(key);
+        assignApi.load(key);
+    }
+});
+
+// ── Handlers de atribuição ──────────────────────────────────
+async function onAssignChange(newUserId) {
+    if (!store.thread?.thread_key) return;
+    const res = await assignApi.assign({
+        threadKey: store.thread.thread_key,
+        patientId: store.thread.patient_id || null,
+        contactNumber: store.thread.contact_number || null,
+        assignedTo: newUserId || null
+    });
+    if (res.ok) {
+        toast.add({
+            severity: 'success',
+            summary: newUserId ? 'Conversa atribuída' : 'Atribuição removida',
+            life: 2000
+        });
+    } else {
+        toast.add({ severity: 'error', summary: 'Erro', detail: res.error || 'Falha ao atribuir', life: 3500 });
+    }
+}
+
+async function assignToMe() {
+    const uid = currentUserId.value;
+    if (!uid) return;
+    await onAssignChange(uid);
+}
+
+// ── Handlers de tags ────────────────────────────────────────
+function openTagsPopover(ev) {
+    tagsPopover.value?.toggle(ev);
+}
+
+async function onToggleTag(tagId) {
+    if (!store.thread?.thread_key) return;
+    const res = await tagsApi.toggleOnThread(store.thread.thread_key, tagId);
+    if (!res.ok) {
+        toast.add({ severity: 'error', summary: 'Erro', detail: res.error || 'Falha ao atualizar tag', life: 3500 });
+    }
+}
+
+// ── Handlers de notas ─────────────────────────────────────────
+async function addNote() {
+    const text = newNoteText.value.trim();
+    if (!text || !store.thread) return;
+    const res = await notesApi.create({
+        threadKey: store.thread.thread_key,
+        patientId: store.thread.patient_id || null,
+        contactNumber: store.thread.contact_number || null,
+        body: text
+    });
+    if (res.ok) {
+        newNoteText.value = '';
+        toast.add({ severity: 'success', summary: 'Nota adicionada', life: 1800 });
+    } else {
+        toast.add({ severity: 'error', summary: 'Erro', detail: res.error || 'Falha ao salvar nota', life: 3500 });
+    }
+}
+
+function startEditNote(note) {
+    editingNoteId.value = note.id;
+    editingText.value = note.body;
+}
+
+function cancelEditNote() {
+    editingNoteId.value = null;
+    editingText.value = '';
+}
+
+async function saveEditNote(id) {
+    const res = await notesApi.update(id, editingText.value);
+    if (res.ok) {
+        editingNoteId.value = null;
+        editingText.value = '';
+        toast.add({ severity: 'success', summary: 'Nota atualizada', life: 1800 });
+    } else {
+        toast.add({ severity: 'error', summary: 'Erro', detail: res.error || 'Falha ao atualizar', life: 3500 });
+    }
+}
+
+function confirmDeleteNote(id) {
+    confirm.require({
+        group: 'conversation-drawer',
+        message: 'Remover esta nota? Essa ação não pode ser desfeita.',
+        header: 'Remover nota',
+        icon: 'pi pi-exclamation-triangle',
+        acceptLabel: 'Remover',
+        rejectLabel: 'Cancelar',
+        acceptClass: 'p-button-danger',
+        accept: async () => {
+            const res = await notesApi.remove(id);
+            if (res.ok) {
+                toast.add({ severity: 'success', summary: 'Nota removida', life: 1800 });
+            } else {
+                toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+            }
+        }
+    });
+}
+
+function fmtNoteDate(iso) {
+    if (!iso) return '';
+    const d = new Date(iso);
+    const today = new Date();
+    const isToday = d.toDateString() === today.toDateString();
+    if (isToday) {
+        return 'Hoje, ' + d.toLocaleTimeString('pt-BR', { hour: '2-digit', minute: '2-digit' });
+    }
+    return d.toLocaleString('pt-BR', { day: '2-digit', month: '2-digit', hour: '2-digit', minute: '2-digit' });
+}
+
+// ── Injeta botão de download no toolbar do <Image preview> ────
+// PrimeVue Image não expõe slot pra adicionar buttons no preview,
+// então observamos o DOM: quando o toolbar aparece, inserimos o botão.
+let _toolbarObserver = null;
+
+function triggerImageDownload(src) {
+    if (!src) return;
+    // Fetch + blob pra forçar download (atributo 'download' não funciona cross-origin)
+    fetch(src)
+        .then((r) => r.blob())
+        .then((blob) => {
+            const url = URL.createObjectURL(blob);
+            const a = document.createElement('a');
+            a.href = url;
+            // Extrai nome do arquivo da URL (último segmento antes de ?)
+            const filename = (src.split('?')[0].split('/').pop() || 'imagem').slice(0, 120);
+            a.download = filename;
+            document.body.appendChild(a);
+            a.click();
+            document.body.removeChild(a);
+            URL.revokeObjectURL(url);
+        })
+        .catch((err) => {
+            console.error('[ConversationDrawer] download error:', err);
+            toast.add({ severity: 'error', summary: 'Erro', detail: 'Falha ao baixar imagem.', life: 3500 });
+        });
+}
+
+function injectDownloadButton(toolbar) {
+    if (!toolbar || toolbar.querySelector('[data-download-btn]')) return;
+    const btn = document.createElement('button');
+    btn.type = 'button';
+    btn.setAttribute('aria-label', 'Baixar imagem');
+    btn.setAttribute('data-download-btn', '1');
+    btn.setAttribute('data-pc-group-section', 'action');
+    // Herda a classe p-image-closeButton pra pegar o mesmo styling do toolbar
+    btn.className = 'p-image-close-button';
+    btn.innerHTML = '<span class="pi pi-download" style="font-size: 1rem;"></span>';
+    btn.addEventListener('click', (e) => {
+        e.stopPropagation();
+        // Escopa o lookup ao mask específico deste botão (seguro se houver múltiplos previews)
+        const mask = btn.closest('.p-image-mask');
+        const img = mask?.querySelector('img.p-image-original, img')
+            ?? document.querySelector('.p-image-original');
+        triggerImageDownload(img?.src);
+    });
+    // Insere antes do close (último)
+    const closeBtn = toolbar.querySelector('[aria-label*="lose" i]') || toolbar.lastElementChild;
+    toolbar.insertBefore(btn, closeBtn);
+}
+
+onMounted(() => {
+    _toolbarObserver = new MutationObserver((mutations) => {
+        for (const m of mutations) {
+            for (const node of m.addedNodes) {
+                if (!(node instanceof HTMLElement)) continue;
+                const toolbar = node.matches?.('.p-image-toolbar') ? node : node.querySelector?.('.p-image-toolbar');
+                if (toolbar) injectDownloadButton(toolbar);
+            }
+        }
+    });
+    _toolbarObserver.observe(document.body, { childList: true, subtree: true });
+});
+
+onBeforeUnmount(() => {
+    _toolbarObserver?.disconnect();
+    _toolbarObserver = null;
+});
+
+// ── Compose ────────────────────────────────────────────────
+async function sendMessage() {
+    const text = composeText.value.trim();
+    if (!text) return;
+    const result = await store.sendMessage(text);
+    if (result.ok) {
+        composeText.value = '';
+        toast.add({ severity: 'success', summary: 'Mensagem enviada', life: 2000 });
+    } else {
+        toast.add({ severity: 'error', summary: 'Falha ao enviar', detail: result.error, life: 5000 });
+    }
+}
+
+function onComposeKeydown(e) {
+    if (e.key === 'Enter' && !e.shiftKey) {
+        e.preventDefault();
+        sendMessage();
+    }
+}
+
+async function onMoveTo(newStatus) {
+    try {
+        await store.setKanbanStatus(newStatus);
+        const label = KANBAN_COLUMNS.find(c => c.key === newStatus)?.label;
+        toast.add({ severity: 'success', summary: 'Movido', detail: `Conversa movida para ${label}.`, life: 2000 });
+    } catch (err) {
+        toast.add({ severity: 'error', summary: 'Erro', detail: err?.message || 'Falha ao mover.', life: 4000 });
+    }
+}
+
+// ── Templates ──────────────────────────────────────────────
+function templateFriendlyLabel(key) {
+    const map = {
+        'session.lembrete': 'Lembrete de sessão (24h antes)',
+        'session.lembrete_2h': 'Lembrete de sessão (2h antes)',
+        'session.confirmacao': 'Confirmação de agendamento',
+        'session.cancelamento': 'Sessão cancelada',
+        'session.reagendamento': 'Sessão reagendada',
+        'cobranca.pendente': 'Cobrança pendente',
+        'sistema.boas_vindas': 'Boas-vindas ao paciente'
+    };
+    const stripped = key.replace('.whatsapp', '');
+    const prefix = stripped.split('.').slice(0, 2).join('.');
+    return map[prefix] || stripped;
+}
+
+async function applyTemplate(tpl) {
+    const { text, missing } = await store.resolveTemplate(tpl);
+    composeText.value = composeText.value ? composeText.value + '\n' + text : text;
+    templatesPopover.value?.hide();
+    nextTick(() => {
+        const el = composeTextareaRef.value?.$el?.querySelector('textarea') ?? null;
+        if (el?.focus) el.focus();
+    });
+    if (missing.length) {
+        toast.add({
+            severity: 'warn',
+            summary: 'Variáveis sem valor',
+            detail: `Não consegui preencher: ${missing.join(', ')}. Edita a mensagem antes de enviar.`,
+            life: 5000
+        });
+    }
+}
+
+function openTemplatesPopover(ev) {
+    if (!store.templatesLoaded) store.loadTemplates();
+    templatesPopover.value?.toggle(ev);
+}
+
+// ── Emoji ──────────────────────────────────────────────────
+const emojiList = [
+    '😀','😃','😄','😁','😆','😅','🤣','😂','🙂','🙃','😉','😊',
+    '😍','🥰','😘','😗','😙','😚','😋','😛','😜','🤪','😝','🤗',
+    '🤔','🤨','😐','😑','😶','🙄','😏','😒','😔','😪','🤤','😴',
+    '😎','🤓','🧐','🤯','😳','🥵','🥶','😱','😨','😰','😥','😓',
+    '👍','👎','👌','✌️','🤞','🤟','🤘','👈','👉','👆','🖕','👇',
+    '👋','🙌','👏','🤝','🙏','💪','🫶','❤️','🧡','💛','💚','💙',
+    '💜','🖤','🤍','🤎','💔','❣️','💕','💞','💓','💗','💖','💘',
+    '✨','⭐','🌟','💫','⚡','🔥','💯','✅','❌','⚠️','💬','💭'
+];
+
+function toggleEmojiPopover(ev) {
+    emojiPopover.value?.toggle(ev);
+}
+
+function insertEmoji(emoji) {
+    const el = composeTextareaRef.value?.$el?.querySelector('textarea') ?? null;
+    if (el && typeof el.selectionStart === 'number') {
+        const start = el.selectionStart;
+        const end = el.selectionEnd;
+        const before = composeText.value.slice(0, start);
+        const after = composeText.value.slice(end);
+        composeText.value = before + emoji + after;
+        nextTick(() => {
+            el.focus();
+            const pos = start + emoji.length;
+            el.setSelectionRange(pos, pos);
+        });
+    } else {
+        composeText.value += emoji;
+    }
+}
+</script>
+
+<template>
+    <!-- group="conversation-drawer" isola esse confirm das páginas (evita 2x modal). -->
+    <ConfirmDialog group="conversation-drawer" />
+    <Drawer v-model:visible="isOpen" position="right" class="!w-full md:!w-[520px]">
+        <template #header>
+            <div v-if="store.thread" class="flex items-center gap-2">
+                <i :class="['pi', channelIcon(store.thread.channel)]" />
+                <div class="flex flex-col">
+                    <span class="font-semibold">{{ contactLabel() }}</span>
+                    <span v-if="store.thread.contact_number" class="text-xs text-[var(--text-color-secondary)]">{{ store.thread.contact_number }}</span>
+                </div>
+            </div>
+        </template>
+
+        <div v-if="store.thread" class="flex flex-col gap-3 h-full">
+            <!-- Ações: responder no WhatsApp Web + converter em paciente -->
+            <div class="flex items-center gap-1.5 flex-wrap border-b border-[var(--surface-border)] pb-3">
+                <a v-if="whatsappLink()" :href="whatsappLink()" target="_blank" rel="noopener">
+                    <Button label="Abrir no WhatsApp Web" icon="pi pi-external-link" severity="secondary" outlined size="small" />
+                </a>
+                <template v-if="!store.thread.patient_id && store.thread.contact_number">
+                    <Button
+                        label="Novo paciente"
+                        icon="pi pi-user-plus"
+                        severity="primary"
+                        size="small"
+                        class="rounded-full"
+                        v-tooltip.top="'Cadastra este número como novo paciente e vincula a conversa'"
+                        @click="openConvertToPatient"
+                    />
+                    <Button
+                        label="Vincular existente"
+                        icon="pi pi-link"
+                        severity="secondary"
+                        outlined
+                        size="small"
+                        class="rounded-full"
+                        v-tooltip.top="'Liga essa conversa a um paciente já cadastrado'"
+                        @click="openLinkPatient"
+                    />
+                </template>
+            </div>
+
+            <!-- Cadastro rápido pré-preenchido com telefone da thread -->
+            <ComponentCadastroRapido
+                v-model="quickPatientDialog"
+                title="Cadastrar novo paciente"
+                :initial-data="{
+                    nome_completo: store.thread.patient_name || '',
+                    telefone: phoneForForm(store.thread.contact_number)
+                }"
+                @created="onPatientCreated"
+            />
+
+            <!-- Dialog: vincular a paciente existente -->
+            <Dialog
+                v-model:visible="linkPatientDialog"
+                header="Vincular a paciente existente"
+                modal
+                :style="{ width: 'min(480px, 95vw)' }"
+            >
+                <div class="flex flex-col gap-3">
+                    <div class="text-xs text-[var(--text-color-secondary)]">
+                        Escolha ou busque um paciente pra vincular ao número
+                        <strong class="font-mono">{{ formatPhoneShort(store.thread?.contact_number) }}</strong>.
+                    </div>
+
+                    <Select
+                        v-model="linkPatientSelected"
+                        :options="linkPatientOptions"
+                        optionLabel="_label"
+                        :filter="true"
+                        filterPlaceholder="Buscar por nome, telefone ou email…"
+                        :filterFields="['nome_completo', 'telefone', 'email_principal', '_label']"
+                        placeholder="Selecione um paciente"
+                        :loading="linkPatientLoading"
+                        class="w-full"
+                        :emptyFilterMessage="'Nenhum paciente encontrado'"
+                        :emptyMessage="'Nenhum paciente cadastrado ainda'"
+                        appendTo="body"
+                    >
+                        <template #value="slotProps">
+                            <div v-if="slotProps.value" class="flex items-center gap-2">
+                                <div class="w-7 h-7 rounded-full grid place-items-center bg-indigo-500/10 text-indigo-500 font-bold text-[0.65rem] shrink-0">
+                                    {{ (slotProps.value.nome_completo || '?').slice(0, 2).toUpperCase() }}
+                                </div>
+                                <div class="flex-1 min-w-0 text-sm">
+                                    <div class="font-semibold truncate">{{ slotProps.value.nome_completo }}</div>
+                                    <div v-if="slotProps.value.telefone" class="text-[0.68rem] text-[var(--text-color-secondary)] font-mono">{{ formatPhoneShort(slotProps.value.telefone) }}</div>
+                                </div>
+                            </div>
+                            <span v-else class="text-[var(--text-color-secondary)]">{{ slotProps.placeholder }}</span>
+                        </template>
+
+                        <template #option="slotProps">
+                            <div class="flex items-center gap-2 w-full">
+                                <div class="w-8 h-8 rounded-full grid place-items-center bg-indigo-500/10 text-indigo-500 font-bold text-xs shrink-0">
+                                    {{ (slotProps.option.nome_completo || '?').slice(0, 2).toUpperCase() }}
+                                </div>
+                                <div class="flex-1 min-w-0">
+                                    <div class="text-sm font-semibold truncate">{{ slotProps.option.nome_completo }}</div>
+                                    <div class="text-[0.68rem] text-[var(--text-color-secondary)] flex items-center gap-1.5">
+                                        <span v-if="slotProps.option.telefone" class="font-mono">{{ formatPhoneShort(slotProps.option.telefone) }}</span>
+                                        <span v-if="slotProps.option.email_principal" class="truncate">· {{ slotProps.option.email_principal }}</span>
+                                    </div>
+                                </div>
+                            </div>
+                        </template>
+                    </Select>
+                </div>
+
+                <template #footer>
+                    <Button label="Cancelar" severity="secondary" text :disabled="linkingPatient" @click="linkPatientDialog = false" />
+                    <Button
+                        label="Vincular"
+                        icon="pi pi-link"
+                        :loading="linkingPatient"
+                        :disabled="!linkPatientSelected"
+                        @click="confirmLinkPatient"
+                    />
+                </template>
+            </Dialog>
+
+            <!-- Mover entre colunas Kanban -->
+            <div class="flex items-center gap-1.5 flex-wrap">
+                <span class="text-xs text-[var(--text-color-secondary)]">Mover pra:</span>
+                <Button
+                    v-for="col in KANBAN_COLUMNS"
+                    :key="col.key"
+                    :label="col.label"
+                    :icon="col.icon"
+                    size="small"
+                    :severity="store.thread.kanban_status === col.key ? 'primary' : 'secondary'"
+                    :outlined="store.thread.kanban_status !== col.key"
+                    :disabled="store.thread.kanban_status === col.key"
+                    @click="onMoveTo(col.key)"
+                />
+            </div>
+
+            <!-- Tags da thread -->
+            <div class="flex items-center gap-1.5 flex-wrap">
+                <span class="text-xs text-[var(--text-color-secondary)] shrink-0">Tags:</span>
+                <span
+                    v-for="t in tagsApi.threadTags.value"
+                    :key="t.id"
+                    class="inline-flex items-center gap-1 px-2 py-0.5 rounded-full text-[0.7rem] font-semibold cursor-pointer hover:opacity-80 transition-opacity"
+                    :style="{
+                        background: t.color + '20',
+                        color: t.color,
+                        border: `1px solid ${t.color}40`
+                    }"
+                    @click="onToggleTag(t.id)"
+                    v-tooltip.top="'Clique para remover'"
+                >
+                    <i v-if="t.icon" :class="t.icon" class="text-[0.65rem]" />
+                    {{ t.name }}
+                    <i class="pi pi-times text-[0.6rem] opacity-60" />
+                </span>
+                <Button
+                    icon="pi pi-plus"
+                    severity="secondary"
+                    outlined
+                    size="small"
+                    class="h-6 w-6 rounded-full"
+                    v-tooltip.top="'Adicionar tag'"
+                    :loading="tagsApi.saving.value"
+                    @click="openTagsPopover"
+                />
+            </div>
+
+            <!-- Popover de seleção de tags -->
+            <Popover ref="tagsPopover" class="!w-[260px]">
+                <div class="flex flex-col gap-0.5">
+                    <div class="px-2 pb-1 text-[0.65rem] font-bold uppercase text-[var(--text-color-secondary)] opacity-65">
+                        Selecione tags
+                    </div>
+                    <div v-if="tagsApi.loading.value" class="text-xs text-center py-3 text-[var(--text-color-secondary)]">
+                        <i class="pi pi-spin pi-spinner mr-1" /> Carregando…
+                    </div>
+                    <div v-else-if="!tagsApi.allTags.value.length" class="text-xs text-center py-3 italic text-[var(--text-color-secondary)]">
+                        Nenhuma tag disponível.
+                    </div>
+                    <button
+                        v-else
+                        v-for="t in tagsApi.allTags.value"
+                        :key="t.id"
+                        class="flex items-center gap-2 px-2 py-1.5 rounded-md text-sm text-left bg-transparent border-0 cursor-pointer hover:bg-[var(--surface-hover)] transition-colors"
+                        @click="onToggleTag(t.id)"
+                    >
+                        <span
+                            class="inline-block w-3 h-3 rounded-full shrink-0"
+                            :style="{ background: t.color }"
+                        />
+                        <i v-if="t.icon" :class="t.icon" class="text-xs opacity-70 shrink-0" />
+                        <span class="flex-1 truncate">{{ t.name }}</span>
+                        <i v-if="tagsApi.threadTagIds.value.has(t.id)" class="pi pi-check text-xs text-[var(--primary-color)] shrink-0" />
+                    </button>
+                </div>
+            </Popover>
+
+            <!-- Atribuição da conversa -->
+            <div class="flex items-center gap-1.5 flex-wrap">
+                <span class="text-xs text-[var(--text-color-secondary)] shrink-0">Atribuída a:</span>
+                <Select
+                    :modelValue="assignApi.assignment.value?.assigned_to || null"
+                    :options="assignApi.members.value"
+                    optionLabel="label"
+                    optionValue="user_id"
+                    placeholder="Ninguém"
+                    filter
+                    showClear
+                    size="small"
+                    class="!min-w-[220px]"
+                    :loading="assignApi.loading.value || assignApi.saving.value"
+                    @update:modelValue="onAssignChange"
+                />
+                <Button
+                    v-if="currentUserId && assignApi.assignment.value?.assigned_to !== currentUserId"
+                    label="Assumir"
+                    icon="pi pi-user-plus"
+                    size="small"
+                    severity="secondary"
+                    outlined
+                    class="rounded-full"
+                    :loading="assignApi.saving.value"
+                    v-tooltip.top="'Atribuir essa conversa a mim'"
+                    @click="assignToMe"
+                />
+                <span
+                    v-if="assignApi.assignment.value?.assigned_to"
+                    class="text-[0.68rem] text-[var(--text-color-secondary)] italic"
+                >
+                    desde {{ fmtNoteDate(assignApi.assignment.value.assigned_at) }}
+                </span>
+            </div>
+
+            <!-- Notas internas -->
+            <div class="border border-[var(--surface-border)] rounded-md bg-[var(--surface-ground)]">
+                <button
+                    class="w-full flex items-center gap-2 px-3 py-2 text-left bg-transparent border-0 cursor-pointer hover:bg-[var(--surface-hover)] rounded-md transition-colors"
+                    @click="notesOpen = !notesOpen"
+                >
+                    <i class="pi pi-file-edit text-[var(--primary-color)]" />
+                    <span class="text-sm font-semibold">Notas internas</span>
+                    <Badge v-if="notesApi.count.value" :value="notesApi.count.value" severity="secondary" />
+                    <span v-else class="text-xs text-[var(--text-color-secondary)] italic">(nenhuma)</span>
+                    <i class="pi ml-auto text-xs" :class="notesOpen ? 'pi-chevron-up' : 'pi-chevron-down'" />
+                </button>
+
+                <div v-if="notesOpen" class="px-3 pb-3 flex flex-col gap-2">
+                    <!-- Adicionar nota -->
+                    <div class="flex gap-2 items-start">
+                        <Textarea
+                            v-model="newNoteText"
+                            rows="2"
+                            autoResize
+                            placeholder="Escreva uma nota interna (só a equipe vê)…"
+                            class="flex-1 text-sm"
+                            :maxlength="4000"
+                            :disabled="notesApi.saving.value"
+                            @keydown.ctrl.enter="addNote"
+                            @keydown.meta.enter="addNote"
+                        />
+                        <Button
+                            icon="pi pi-plus"
+                            severity="primary"
+                            v-tooltip.left="'Adicionar (Ctrl+Enter)'"
+                            :loading="notesApi.saving.value"
+                            :disabled="!newNoteText.trim()"
+                            @click="addNote"
+                        />
+                    </div>
+
+                    <!-- Lista -->
+                    <div v-if="notesApi.loading.value" class="text-xs text-[var(--text-color-secondary)] text-center py-2">
+                        <i class="pi pi-spin pi-spinner mr-1" /> Carregando notas…
+                    </div>
+                    <div v-else-if="!notesApi.notes.value.length" class="text-xs text-[var(--text-color-secondary)] text-center py-2 italic">
+                        Nenhuma nota ainda. Use o campo acima pra registrar observações da equipe.
+                    </div>
+                    <div v-else class="flex flex-col gap-1.5 max-h-[40vh] overflow-y-auto pr-1">
+                        <div
+                            v-for="n in notesApi.notes.value"
+                            :key="n.id"
+                            class="rounded-md border border-[var(--surface-border)] p-2 bg-[var(--surface-card)]"
+                        >
+                            <!-- Modo edição -->
+                            <template v-if="editingNoteId === n.id">
+                                <Textarea
+                                    v-model="editingText"
+                                    rows="3"
+                                    autoResize
+                                    class="w-full text-sm mb-1.5"
+                                    :maxlength="4000"
+                                    :disabled="notesApi.saving.value"
+                                />
+                                <div class="flex gap-1 justify-end">
+                                    <Button label="Cancelar" size="small" severity="secondary" text @click="cancelEditNote" />
+                                    <Button label="Salvar" size="small" :loading="notesApi.saving.value" :disabled="!editingText.trim()" @click="saveEditNote(n.id)" />
+                                </div>
+                            </template>
+
+                            <!-- Modo leitura -->
+                            <template v-else>
+                                <div class="text-sm whitespace-pre-wrap break-words text-[var(--text-color)]">{{ n.body }}</div>
+                                <div class="flex items-center justify-between mt-1.5 text-[0.7rem] text-[var(--text-color-secondary)]">
+                                    <span class="truncate">
+                                        <i class="pi pi-user text-[0.6rem] mr-0.5 opacity-60" />
+                                        {{ n._author_name || 'Usuário' }}
+                                        <span class="mx-1 opacity-50">·</span>
+                                        {{ fmtNoteDate(n.created_at) }}
+                                        <span v-if="n.updated_at && n.updated_at !== n.created_at" class="ml-1 italic opacity-70">(editada)</span>
+                                    </span>
+                                    <div v-if="n.created_by === currentUserId" class="flex gap-0.5 shrink-0">
+                                        <button
+                                            class="w-6 h-6 rounded-full border-none bg-transparent text-[var(--text-color-secondary)] grid place-items-center cursor-pointer hover:bg-[var(--surface-hover)]"
+                                            v-tooltip.top="'Editar'"
+                                            @click="startEditNote(n)"
+                                        >
+                                            <i class="pi pi-pencil text-[0.7rem]" />
+                                        </button>
+                                        <button
+                                            class="w-6 h-6 rounded-full border-none bg-transparent text-[var(--text-color-secondary)] grid place-items-center cursor-pointer hover:bg-red-500/10 hover:text-red-500"
+                                            v-tooltip.top="'Remover'"
+                                            @click="confirmDeleteNote(n.id)"
+                                        >
+                                            <i class="pi pi-trash text-[0.7rem]" />
+                                        </button>
+                                    </div>
+                                </div>
+                            </template>
+                        </div>
+                    </div>
+                </div>
+            </div>
+
+            <!-- Mensagens -->
+            <div ref="messagesContainerRef" class="flex-1 overflow-y-auto flex flex-col gap-2 p-1">
+                <div v-if="store.loading" class="text-xs text-[var(--text-color-secondary)] text-center py-6">
+                    <i class="pi pi-spin pi-spinner mr-2" />Carregando mensagens...
+                </div>
+                <div v-else-if="!store.messages.length" class="text-xs text-[var(--text-color-secondary)] text-center py-6 italic">
+                    Nenhuma mensagem ainda. Envie a primeira abaixo.
+                </div>
+
+                <div
+                    v-for="m in store.messages"
+                    :key="m.id"
+                    class="flex flex-col gap-0.5"
+                    :class="m.direction === 'inbound' ? 'items-start' : 'items-end'"
+                >
+                    <div
+                        class="max-w-[85%] px-3 py-2 rounded-lg text-sm whitespace-pre-wrap break-words"
+                        :class="m.direction === 'inbound' ? 'bg-[var(--surface-ground)] rounded-tl-none' : 'bg-emerald-500/10 text-emerald-900 dark:text-emerald-100 rounded-tr-none'"
+                    >
+                        <template v-if="m.media_url">
+                            <!-- Loading enquanto resolve signed URL -->
+                            <div v-if="!mediaUrls[m.id]" class="flex items-center gap-2 text-xs text-[var(--text-color-secondary)] py-2">
+                                <i class="pi pi-spin pi-spinner" /> carregando mídia…
+                            </div>
+                            <template v-else>
+                                <Image
+                                    v-if="isImage(m.media_mime)"
+                                    :src="mediaUrls[m.id]"
+                                    :preview="true"
+                                    alt="imagem"
+                                    imageClass="max-w-full rounded-md cursor-zoom-in"
+                                    class="mb-1 block"
+                                />
+                                <audio
+                                    v-else-if="isAudio(m.media_mime)"
+                                    :src="mediaUrls[m.id]"
+                                    controls
+                                    preload="metadata"
+                                    class="block w-full min-w-[260px] max-w-full mb-1"
+                                />
+                                <video
+                                    v-else-if="isVideo(m.media_mime)"
+                                    :src="mediaUrls[m.id]"
+                                    controls
+                                    class="max-w-full rounded-md mb-1"
+                                />
+                                <a
+                                    v-else
+                                    :href="mediaUrls[m.id]"
+                                    target="_blank"
+                                    rel="noopener"
+                                    class="inline-flex items-center gap-2 text-xs underline text-[var(--primary-color)] mb-1"
+                                >
+                                    <i class="pi pi-paperclip" />
+                                    Baixar anexo ({{ m.media_mime || 'arquivo' }})
+                                </a>
+                            </template>
+                        </template>
+                        <div v-if="m.body">{{ m.body }}</div>
+                    </div>
+                    <div class="text-[0.65rem] text-[var(--text-color-secondary)] opacity-75 px-1 flex items-center gap-1">
+                        <span>{{ fmtDateTime(m.created_at) }}</span>
+                        <span v-if="m.direction === 'outbound'" class="flex items-center">
+                            <i v-if="m.delivery_status === 'read'" class="pi pi-check-double text-sky-500" v-tooltip.top="'Lida'" />
+                            <i v-else-if="m.delivery_status === 'delivered'" class="pi pi-check-double" v-tooltip.top="'Entregue'" />
+                            <i v-else-if="m.delivery_status === 'sent'" class="pi pi-check" v-tooltip.top="'Enviada'" />
+                            <i v-else-if="m.delivery_status === 'failed'" class="pi pi-exclamation-circle text-red-500" v-tooltip.top="'Falhou'" />
+                        </span>
+                        <span v-if="m.direction === 'inbound' && !m.patient_id" class="italic">· número não vinculado</span>
+                    </div>
+                </div>
+            </div>
+
+            <!-- Compose -->
+            <div v-if="store.thread.channel === 'whatsapp' && store.thread.contact_number" class="border-t border-[var(--surface-border)] pt-2 flex flex-col gap-2">
+                <div class="flex items-end gap-2">
+                    <Textarea
+                        ref="composeTextareaRef"
+                        v-model="composeText"
+                        autoResize
+                        rows="1"
+                        placeholder="Digite sua mensagem... (Enter envia, Shift+Enter quebra linha)"
+                        class="flex-1 !text-sm !resize-none"
+                        :disabled="store.sending"
+                        :maxlength="4000"
+                        @keydown="onComposeKeydown"
+                    />
+                    <Button
+                        icon="pi pi-send"
+                        severity="success"
+                        class="!w-10 !h-10 shrink-0"
+                        :loading="store.sending"
+                        :disabled="!composeText.trim() || store.sending"
+                        v-tooltip.top="'Enviar (Enter)'"
+                        @click="sendMessage"
+                    />
+                </div>
+                <div class="flex items-center gap-1 text-[var(--text-color-secondary)]">
+                    <Button icon="pi pi-bookmark" text rounded size="small" class="!w-8 !h-8" v-tooltip.top="'Templates'" @click="openTemplatesPopover" />
+                    <Button icon="pi pi-face-smile" text rounded size="small" class="!w-8 !h-8" v-tooltip.top="'Emoji'" @click="toggleEmojiPopover" />
+                    <span class="ml-auto text-[0.65rem] opacity-60">{{ composeText.length }}/4000</span>
+                </div>
+            </div>
+            <div v-else class="text-[0.7rem] text-[var(--text-color-secondary)] italic text-center py-2 border-t border-[var(--surface-border)]">
+                Envio direto indisponível (canal: {{ store.thread.channel }}).
+            </div>
+        </div>
+
+        <!-- Popover: Templates -->
+        <Popover ref="templatesPopover" :pt="{ content: { class: '!p-0' } }">
+            <div class="w-[320px] max-h-[400px] overflow-y-auto">
+                <div class="px-3 py-2 border-b border-[var(--surface-border)] text-xs font-semibold text-[var(--text-color-secondary)] uppercase tracking-wide">
+                    Templates WhatsApp
+                </div>
+                <div v-if="store.templatesLoading" class="p-4 text-xs text-center text-[var(--text-color-secondary)]">
+                    <i class="pi pi-spin pi-spinner mr-1" /> Carregando...
+                </div>
+                <div v-else-if="!store.templates.length" class="p-4 text-xs text-center text-[var(--text-color-secondary)] italic">
+                    Nenhum template disponível.
+                </div>
+                <button
+                    v-for="tpl in store.templates"
+                    :key="tpl.id"
+                    class="w-full text-left px-3 py-2 border-none bg-transparent cursor-pointer hover:bg-[var(--surface-hover)] border-b border-[var(--surface-border)] last:border-b-0"
+                    @click="applyTemplate(tpl)"
+                >
+                    <div class="text-xs font-semibold text-[var(--text-color)] truncate">{{ templateFriendlyLabel(tpl.key) }}</div>
+                    <div class="text-[0.7rem] text-[var(--text-color-secondary)] line-clamp-2 mt-0.5">{{ tpl.body_text }}</div>
+                </button>
+            </div>
+        </Popover>
+
+        <!-- Popover: Emoji picker -->
+        <Popover ref="emojiPopover" :pt="{ content: { class: '!p-2' } }">
+            <div class="w-[280px] max-h-[280px] overflow-y-auto grid grid-cols-8 gap-1">
+                <button
+                    v-for="e in emojiList"
+                    :key="e"
+                    class="w-8 h-8 rounded hover:bg-[var(--surface-hover)] border-none bg-transparent cursor-pointer text-lg"
+                    @click="insertEmoji(e)"
+                >{{ e }}</button>
+            </div>
+        </Popover>
+    </Drawer>
+</template>
diff --git a/src/components/conversations/GlobalInboundNotifier.vue b/src/components/conversations/GlobalInboundNotifier.vue
new file mode 100644
index 0000000..f6241df
--- /dev/null
+++ b/src/components/conversations/GlobalInboundNotifier.vue
@@ -0,0 +1,372 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI — GlobalInboundNotifier
+|--------------------------------------------------------------------------
+| Componente global que escuta INSERTs de conversation_messages (direction
+| inbound) e mostra card flutuante no canto inferior direito, além de tocar
+| som opcional. Mesmo estando em outra tela, o usuário é avisado da nova
+| mensagem e pode clicar "Abrir" pra ir direto à conversa.
+|
+| Monta uma vez em AppLayout.
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, watch, onMounted, onUnmounted } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+import { useConversationDrawerStore } from '@/stores/conversationDrawerStore';
+import { logEvent, logError } from '@/support/supportLogger';
+
+const LOG_SRC = 'GlobalInboundNotifier';
+
+const tenantStore = useTenantStore();
+const drawerStore = useConversationDrawerStore();
+
+const activeNotifs = ref([]); // array de popups ativos
+let channel = null;
+
+const SOUND_KEY = 'agenciapsi.inbound_sound_enabled';
+const soundEnabled = ref(true);
+
+function loadSoundPref() {
+    try {
+        soundEnabled.value = localStorage.getItem(SOUND_KEY) !== 'false';
+    } catch { soundEnabled.value = true; }
+}
+
+function toggleSound() {
+    soundEnabled.value = !soundEnabled.value;
+    try {
+        localStorage.setItem(SOUND_KEY, soundEnabled.value ? 'true' : 'false');
+    } catch {}
+}
+
+function playBeep() {
+    if (!soundEnabled.value) return;
+    try {
+        // WebAudio API — beep sintético de 2 tons curtos
+        const ctx = new (window.AudioContext || window.webkitAudioContext)();
+        const now = ctx.currentTime;
+        function tone(freq, start, dur, vol = 0.15) {
+            const osc = ctx.createOscillator();
+            const gain = ctx.createGain();
+            osc.type = 'sine';
+            osc.frequency.value = freq;
+            gain.gain.setValueAtTime(0, now + start);
+            gain.gain.linearRampToValueAtTime(vol, now + start + 0.01);
+            gain.gain.exponentialRampToValueAtTime(0.001, now + start + dur);
+            osc.connect(gain).connect(ctx.destination);
+            osc.start(now + start);
+            osc.stop(now + start + dur);
+        }
+        tone(880, 0, 0.12);
+        tone(1320, 0.14, 0.12);
+        // Fecha o context após som
+        setTimeout(() => { try { ctx.close(); } catch {} }, 500);
+    } catch {
+        // se WebAudio falhar (sem interação prévia, etc), apenas ignora
+    }
+}
+
+function truncate(s, n = 80) {
+    if (!s) return '';
+    const str = String(s).replace(/\s+/g, ' ').trim();
+    return str.length > n ? str.slice(0, n - 1) + '…' : str;
+}
+
+async function showNotif(msg) {
+    logEvent(LOG_SRC, 'showNotif chamado', { id: msg.id, from: msg.from_number });
+    // Se o drawer dessa thread já está aberto, não notifica (o user já vê)
+    if (drawerStore.isOpen && drawerStore.messageBelongsToCurrentThread(msg)) {
+        logEvent(LOG_SRC, 'suprimido: drawer aberto na thread', { id: msg.id });
+        return;
+    }
+    // Se está na rota /conversas com aba visível, também não notifica (já tá no Kanban)
+    const onConversasRoute = typeof window !== 'undefined' && String(window.location.pathname).includes('/conversas');
+    if (onConversasRoute && document.visibilityState === 'visible') {
+        logEvent(LOG_SRC, 'suprimido: na rota /conversas visível', { id: msg.id });
+        return;
+    }
+
+    let name = msg.from_number || 'Desconhecido';
+    if (msg.patient_id) {
+        const { data } = await supabase.from('patients').select('nome_completo').eq('id', msg.patient_id).maybeSingle();
+        if (data?.nome_completo) name = data.nome_completo;
+    }
+
+    const notif = {
+        id: msg.id,
+        name,
+        body: msg.body || (msg.media_url ? '[mídia]' : ''),
+        patient_id: msg.patient_id,
+        from_number: msg.from_number,
+        channel: msg.channel
+    };
+
+    activeNotifs.value.push(notif);
+    logEvent(LOG_SRC, 'popup push', { total: activeNotifs.value.length });
+    playBeep();
+
+    setTimeout(() => dismiss(notif.id), 10000);
+}
+
+function dismiss(id) {
+    activeNotifs.value = activeNotifs.value.filter(n => n.id !== id);
+}
+
+async function openNotif(notif) {
+    dismiss(notif.id);
+    if (notif.patient_id) {
+        await drawerStore.openForPatient(notif.patient_id);
+    } else {
+        // thread anônima (número não vinculado a paciente)
+        await drawerStore.openForThread({
+            thread_key: `anon:${notif.from_number}`,
+            tenant_id: tenantStore.activeTenantId,
+            patient_id: null,
+            patient_name: null,
+            contact_number: notif.from_number,
+            channel: notif.channel,
+            message_count: 1,
+            unread_count: 1,
+            kanban_status: 'awaiting_us',
+            last_message_at: new Date().toISOString()
+        });
+    }
+}
+
+function channelIcon(ch) {
+    const map = { whatsapp: 'pi-whatsapp', sms: 'pi-comment', email: 'pi-envelope' };
+    return map[ch] || 'pi-bell';
+}
+
+function subscribe() {
+    const tenantId = tenantStore.activeTenantId;
+    if (!tenantId) {
+        logEvent(LOG_SRC, 'subscribe skipped — sem tenant');
+        return;
+    }
+    if (channel) supabase.removeChannel(channel);
+    logEvent(LOG_SRC, 'subscribing', { tenantId });
+    channel = supabase
+        .channel(`global_inbound_${tenantId}_${Date.now()}`)
+        .on(
+            'postgres_changes',
+            {
+                event: 'INSERT',
+                schema: 'public',
+                table: 'conversation_messages',
+                filter: `tenant_id=eq.${tenantId}`
+            },
+            (payload) => {
+                const m = payload.new;
+                logEvent(LOG_SRC, 'INSERT recebido', {
+                    id: m.id,
+                    direction: m.direction,
+                    from: m.from_number,
+                    preview: m.body?.slice(0, 40)
+                });
+                if (m.direction !== 'inbound') {
+                    logEvent(LOG_SRC, 'ignorando (não é inbound)', { direction: m.direction });
+                    return;
+                }
+                showNotif(m);
+            }
+        )
+        .subscribe((status) => {
+            logEvent(LOG_SRC, 'channel status', { status });
+        });
+}
+
+function unsubscribe() {
+    if (channel) {
+        supabase.removeChannel(channel);
+        channel = null;
+    }
+}
+
+onMounted(() => {
+    loadSoundPref();
+    subscribe();
+});
+
+onUnmounted(() => unsubscribe());
+
+watch(() => tenantStore.activeTenantId, () => subscribe());
+
+// expõe toggle pra quem quiser usar (ex: na aside do CRM)
+defineExpose({ soundEnabled, toggleSound });
+</script>
+
+<template>
+    <div class="global-notif-container" aria-live="polite">
+        <TransitionGroup name="notif-slide" tag="div" class="flex flex-col gap-2">
+            <div
+                v-for="n in activeNotifs"
+                :key="n.id"
+                class="global-notif-card"
+                role="alert"
+            >
+                <div class="notif-icon" :class="n.channel === 'whatsapp' ? 'text-emerald-600 bg-emerald-500/10' : 'text-blue-600 bg-blue-500/10'">
+                    <i :class="['pi', channelIcon(n.channel)]" />
+                </div>
+                <div class="notif-body">
+                    <div class="notif-header">
+                        <span class="notif-name">{{ n.name }}</span>
+                        <span class="notif-channel">{{ n.channel === 'whatsapp' ? 'WhatsApp' : n.channel }}</span>
+                    </div>
+                    <div class="notif-preview">{{ truncate(n.body, 80) }}</div>
+                </div>
+                <div class="notif-actions">
+                    <Button label="Abrir" size="small" severity="success" class="!text-xs" @click="openNotif(n)" />
+                    <button class="notif-close" title="Dispensar" @click="dismiss(n.id)">
+                        <i class="pi pi-times" />
+                    </button>
+                </div>
+            </div>
+        </TransitionGroup>
+
+        <!-- Toggle de som (mini, aparece se tem notificação ou pode ficar sempre visível) -->
+        <button
+            v-if="activeNotifs.length > 0"
+            class="sound-toggle"
+            :title="soundEnabled ? 'Som ativado (clique pra desativar)' : 'Som desativado'"
+            @click="toggleSound"
+        >
+            <i :class="soundEnabled ? 'pi pi-volume-up' : 'pi pi-volume-off'" />
+        </button>
+    </div>
+</template>
+
+<style scoped>
+.global-notif-container {
+    position: fixed;
+    bottom: 1.25rem;
+    right: 1.25rem;
+    z-index: 1000;
+    pointer-events: none;
+    width: min(380px, calc(100vw - 2rem));
+}
+
+.global-notif-card {
+    pointer-events: auto;
+    display: flex;
+    align-items: flex-start;
+    gap: 0.75rem;
+    background: var(--surface-card, #fff);
+    border: 1px solid var(--surface-border, #e5e7eb);
+    border-radius: 10px;
+    padding: 0.75rem;
+    box-shadow: 0 10px 25px rgba(0, 0, 0, 0.15), 0 3px 10px rgba(0, 0, 0, 0.08);
+}
+
+.notif-icon {
+    width: 2.25rem;
+    height: 2.25rem;
+    border-radius: 50%;
+    display: grid;
+    place-items: center;
+    flex-shrink: 0;
+    font-size: 1rem;
+}
+
+.notif-body {
+    flex: 1;
+    min-width: 0;
+}
+
+.notif-header {
+    display: flex;
+    align-items: center;
+    gap: 0.5rem;
+    margin-bottom: 0.25rem;
+}
+
+.notif-name {
+    font-weight: 600;
+    font-size: 0.875rem;
+    color: var(--text-color, #111827);
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+}
+
+.notif-channel {
+    font-size: 0.65rem;
+    padding: 0 0.35rem;
+    background: var(--surface-ground, #f3f4f6);
+    color: var(--text-color-secondary, #6b7280);
+    border-radius: 999px;
+    flex-shrink: 0;
+}
+
+.notif-preview {
+    font-size: 0.8rem;
+    color: var(--text-color-secondary, #6b7280);
+    line-height: 1.3;
+    display: -webkit-box;
+    -webkit-line-clamp: 2;
+    -webkit-box-orient: vertical;
+    overflow: hidden;
+}
+
+.notif-actions {
+    display: flex;
+    flex-direction: column;
+    gap: 0.35rem;
+    align-items: center;
+}
+
+.notif-close {
+    width: 1.75rem;
+    height: 1.75rem;
+    border: none;
+    background: transparent;
+    color: var(--text-color-secondary, #6b7280);
+    border-radius: 50%;
+    cursor: pointer;
+    display: grid;
+    place-items: center;
+    font-size: 0.75rem;
+    transition: background 0.15s;
+}
+.notif-close:hover {
+    background: var(--surface-ground, #f3f4f6);
+}
+
+.sound-toggle {
+    pointer-events: auto;
+    margin-top: 0.5rem;
+    align-self: flex-end;
+    width: 2rem;
+    height: 2rem;
+    border-radius: 50%;
+    border: 1px solid var(--surface-border, #e5e7eb);
+    background: var(--surface-card, #fff);
+    color: var(--text-color-secondary, #6b7280);
+    cursor: pointer;
+    display: grid;
+    place-items: center;
+    font-size: 0.75rem;
+}
+.sound-toggle:hover {
+    background: var(--surface-ground, #f3f4f6);
+    color: var(--text-color, #111827);
+}
+
+/* Animação de entrada/saída */
+.notif-slide-enter-active {
+    transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1);
+}
+.notif-slide-leave-active {
+    transition: all 0.2s ease-in;
+}
+.notif-slide-enter-from {
+    transform: translateX(400px);
+    opacity: 0;
+}
+.notif-slide-leave-to {
+    transform: translateX(400px);
+    opacity: 0;
+}
+</style>
diff --git a/src/components/notifications/NotificationDrawer.vue b/src/components/notifications/NotificationDrawer.vue
index 3667b1d..bf42d45 100644
--- a/src/components/notifications/NotificationDrawer.vue
+++ b/src/components/notifications/NotificationDrawer.vue
@@ -15,15 +15,50 @@
 |--------------------------------------------------------------------------
 -->
 <script setup>
-import { ref, computed } from 'vue';
+import { ref, computed, onMounted } from 'vue';
 import { useRouter } from 'vue-router';
-import { useNotificationStore } from '@/stores/notificationStore';
+import { useToast } from 'primevue/usetoast';
+import {
+    useNotificationStore,
+    requestBrowserNotificationPermission,
+    setBrowserNotificationEnabled,
+    getBrowserNotificationEnabled
+} from '@/stores/notificationStore';
 import NotificationItem from './NotificationItem.vue';
 
 const store = useNotificationStore();
 const router = useRouter();
+const toast = useToast();
 
 const filter = ref('unread'); // 'unread' | 'all'
+const browserNotifOn = ref(false);
+
+onMounted(() => {
+    browserNotifOn.value = getBrowserNotificationEnabled();
+});
+
+async function toggleBrowserNotif() {
+    if (browserNotifOn.value) {
+        // desliga
+        setBrowserNotificationEnabled(false);
+        browserNotifOn.value = false;
+        toast.add({ severity: 'info', summary: 'Notificações do browser desligadas', life: 2500 });
+        return;
+    }
+    const granted = await requestBrowserNotificationPermission();
+    if (granted) {
+        setBrowserNotificationEnabled(true);
+        browserNotifOn.value = true;
+        toast.add({ severity: 'success', summary: 'Notificações do browser ativadas', life: 2500 });
+    } else {
+        toast.add({
+            severity: 'warn',
+            summary: 'Permissão negada',
+            detail: 'Habilite nas configurações do browser se mudar de ideia.',
+            life: 4000
+        });
+    }
+}
 
 const drawerOpen = computed({
     get: () => store.drawerOpen,
@@ -57,6 +92,16 @@ function goToHistory() {
             <div class="notification-drawer__header-content">
                 <span class="notification-drawer__title">Notificações</span>
                 <Badge v-if="store.unreadCount > 0" :value="store.unreadCount > 99 ? '99+' : store.unreadCount" severity="danger" />
+                <Button
+                    :icon="browserNotifOn ? 'pi pi-bell' : 'pi pi-bell-slash'"
+                    severity="secondary"
+                    text
+                    rounded
+                    size="small"
+                    class="ml-auto"
+                    :title="browserNotifOn ? 'Desativar notificações do browser' : 'Ativar notificações do browser'"
+                    @click="toggleBrowserNotif"
+                />
             </div>
         </template>
 
diff --git a/src/components/notifications/NotificationItem.vue b/src/components/notifications/NotificationItem.vue
index 067ca04..8db1014 100644
--- a/src/components/notifications/NotificationItem.vue
+++ b/src/components/notifications/NotificationItem.vue
@@ -20,6 +20,8 @@ import { useRouter } from 'vue-router';
 import { formatDistanceToNow } from 'date-fns';
 import { ptBR } from 'date-fns/locale';
 import { useNotificationStore } from '@/stores/notificationStore';
+import { useConversationDrawerStore } from '@/stores/conversationDrawerStore';
+import { useTenantStore } from '@/stores/tenantStore';
 
 const props = defineProps({
     item: { type: Object, required: true }
@@ -29,12 +31,15 @@ const emit = defineEmits(['read', 'archive']);
 
 const router = useRouter();
 const store = useNotificationStore();
+const conversationDrawer = useConversationDrawerStore();
+const tenantStore = useTenantStore();
 
 const typeMap = {
     new_scheduling: { icon: 'pi-inbox', border: 'border-red-500' },
     new_patient: { icon: 'pi-user-plus', border: 'border-sky-500' },
     recurrence_alert: { icon: 'pi-refresh', border: 'border-amber-500' },
-    session_status: { icon: 'pi-calendar-times', border: 'border-orange-500' }
+    session_status: { icon: 'pi-calendar-times', border: 'border-orange-500' },
+    inbound_message: { icon: 'pi-whatsapp', border: 'border-emerald-500' }
 };
 
 const meta = computed(() => typeMap[props.item.type] || { icon: 'pi-bell', border: 'border-gray-300' });
@@ -45,6 +50,31 @@ const timeAgo = computed(() => formatDistanceToNow(new Date(props.item.created_a
 const initials = computed(() => props.item.payload?.avatar_initials || '?');
 
 function handleRowClick() {
+    // Inbound message → abre drawer global (evita 403 em rota admin/therapist)
+    if (props.item.type === 'inbound_message') {
+        const payload = props.item.payload || {};
+        if (payload.patient_id) {
+            conversationDrawer.openForPatient(payload.patient_id);
+        } else if (payload.from_number) {
+            conversationDrawer.openForThread({
+                thread_key: `anon:${payload.from_number}`,
+                tenant_id: tenantStore.activeTenantId,
+                patient_id: null,
+                patient_name: null,
+                contact_number: payload.from_number,
+                channel: payload.channel || 'whatsapp',
+                message_count: 1,
+                unread_count: 1,
+                kanban_status: 'awaiting_us',
+                last_message_at: new Date().toISOString()
+            });
+        }
+        store.drawerOpen = false;
+        emit('read', props.item.id);
+        return;
+    }
+
+    // Outros tipos: segue o deeplink normal
     const deeplink = props.item.payload?.deeplink;
     if (deeplink) {
         router.push(deeplink);
diff --git a/src/components/search/GlobalSearch.vue b/src/components/search/GlobalSearch.vue
new file mode 100644
index 0000000..e108fbc
--- /dev/null
+++ b/src/components/search/GlobalSearch.vue
@@ -0,0 +1,677 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI — GlobalSearch (topbar)
+|--------------------------------------------------------------------------
+| Busca global com atalho Ctrl+K / ⌘+K. Consulta a RPC `search_global` e
+| mostra resultados agrupados por entidade + ações rápidas client-side.
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, computed, onMounted, onBeforeUnmount, nextTick, watch } from 'vue';
+import { useRouter } from 'vue-router';
+import IconField from 'primevue/iconfield';
+import InputIcon from 'primevue/inputicon';
+import InputText from 'primevue/inputtext';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+import { searchPages } from './pagesIndex';
+
+const router = useRouter();
+const tenantStore = useTenantStore();
+
+// ────────────────────────────────────────────────────────────
+// State
+// ────────────────────────────────────────────────────────────
+const rootEl = ref(null);
+const inputEl = ref(null);
+const query = ref('');
+const results = ref({ patients: [], appointments: [], documents: [], services: [], intakes: [] });
+const loading = ref(false);
+const showPanel = ref(false);
+const activeIndex = ref(-1);
+
+// ────────────────────────────────────────────────────────────
+// Ações estáticas (client-side, respondem na hora)
+// ────────────────────────────────────────────────────────────
+const STATIC_ACTIONS = [
+    { id: 'act_new_patient',   label: 'Novo paciente',  icon: 'pi pi-user-plus', sublabel: 'Cadastrar paciente',      to: '/therapist/patients/cadastro',  keywords: ['novo','paciente','cadastrar','criar','add'] },
+    { id: 'act_agenda',        label: 'Agenda',         icon: 'pi pi-calendar',  sublabel: 'Ver calendário',          to: '/therapist/agenda',             keywords: ['agenda','calendario','sessoes','hoje'] },
+    { id: 'act_patients',      label: 'Pacientes',      icon: 'pi pi-users',     sublabel: 'Lista de pacientes',      to: '/therapist/patients',           keywords: ['pacientes','lista','todos'] },
+    { id: 'act_financial',     label: 'Financeiro',     icon: 'pi pi-dollar',    sublabel: 'Dashboard financeiro',    to: '/therapist/financeiro',         keywords: ['financeiro','cobrancas','pagamentos','dinheiro'] },
+    { id: 'act_documents',     label: 'Documentos',     icon: 'pi pi-file',      sublabel: 'Gestão de documentos',    to: '/therapist/documents',          keywords: ['documentos','arquivos','anexos'] },
+    { id: 'act_services',      label: 'Serviços',       icon: 'pi pi-briefcase', sublabel: 'Precificação de serviços', to: '/configuracoes/precificacao',  keywords: ['servicos','precificacao','precos','modalidade'] },
+    { id: 'act_settings',      label: 'Configurações',  icon: 'pi pi-cog',       sublabel: 'Preferências',            to: '/configuracoes',                keywords: ['configuracoes','settings','preferencias','ajustes'] }
+];
+
+function normalize(s) {
+    return String(s || '').normalize('NFD').replace(/[\u0300-\u036f]/g, '').toLowerCase().trim();
+}
+
+const filteredActions = computed(() => {
+    const q = normalize(query.value);
+    if (!q) return STATIC_ACTIONS.slice(0, 4); // quick defaults quando vazio
+    return STATIC_ACTIONS.filter((a) => {
+        const hay = normalize(a.label + ' ' + (a.keywords || []).join(' '));
+        return hay.includes(q);
+    }).slice(0, 4);
+});
+
+// Páginas do app (client-side, filtrado por papel ativo)
+const filteredPages = computed(() => {
+    const q = query.value.trim();
+    const role = tenantStore?.activeRole || null;
+    if (!q) return []; // só mostra páginas quando o usuário busca algo
+    return searchPages(q, role, 5);
+});
+
+// ────────────────────────────────────────────────────────────
+// Flat list pra navegação por teclado
+// ────────────────────────────────────────────────────────────
+const flatList = computed(() => {
+    const out = [];
+    filteredActions.value.forEach((a, i)         => out.push({ group: 'actions',      item: a, idx: i }));
+    results.value.patients.forEach((p, i)        => out.push({ group: 'patients',     item: p, idx: i }));
+    results.value.intakes.forEach((r, i)         => out.push({ group: 'intakes',      item: r, idx: i }));
+    results.value.appointments.forEach((a, i)    => out.push({ group: 'appointments', item: a, idx: i }));
+    results.value.documents.forEach((d, i)       => out.push({ group: 'documents',    item: d, idx: i }));
+    results.value.services.forEach((s, i)        => out.push({ group: 'services',     item: s, idx: i }));
+    filteredPages.value.forEach((p, i)           => out.push({ group: 'pages',        item: p, idx: i }));
+    return out;
+});
+
+function findFlatIndex(group, idx) {
+    return flatList.value.findIndex((e) => e.group === group && e.idx === idx);
+}
+
+const hasAnyResult = computed(() =>
+    filteredActions.value.length
+    || results.value.patients.length
+    || results.value.intakes.length
+    || results.value.appointments.length
+    || results.value.documents.length
+    || results.value.services.length
+    || filteredPages.value.length
+);
+
+// ────────────────────────────────────────────────────────────
+// Fetch (debounced, com controle de ordem)
+// ────────────────────────────────────────────────────────────
+let debounceT = null;
+let searchSeq = 0;
+
+function resetResults() {
+    results.value = { patients: [], appointments: [], documents: [], services: [], intakes: [] };
+}
+
+watch(query, (v) => {
+    if (debounceT) clearTimeout(debounceT);
+    const q = String(v || '').trim();
+    if (q.length < 2) {
+        resetResults();
+        activeIndex.value = flatList.value.length ? 0 : -1;
+        loading.value = false;
+        return;
+    }
+    loading.value = true;
+    const mySeq = ++searchSeq;
+    debounceT = setTimeout(async () => {
+        try {
+            const { data, error } = await supabase.rpc('search_global', { p_q: q, p_limit: 6 });
+            if (mySeq !== searchSeq) return; // resposta antiga, descarta
+            if (error) {
+                // eslint-disable-next-line no-console
+                console.error('[search_global] erro:', error);
+                resetResults();
+            } else {
+                results.value = {
+                    patients:     Array.isArray(data?.patients)     ? data.patients     : [],
+                    appointments: Array.isArray(data?.appointments) ? data.appointments : [],
+                    documents:    Array.isArray(data?.documents)    ? data.documents    : [],
+                    services:     Array.isArray(data?.services)     ? data.services     : [],
+                    intakes:      Array.isArray(data?.intakes)      ? data.intakes      : []
+                };
+            }
+        } catch (e) {
+            if (mySeq !== searchSeq) return;
+            // eslint-disable-next-line no-console
+            console.error('[search_global] exceção:', e);
+            resetResults();
+        } finally {
+            if (mySeq === searchSeq) loading.value = false;
+        }
+        activeIndex.value = flatList.value.length ? 0 : -1;
+    }, 200);
+});
+
+// ────────────────────────────────────────────────────────────
+// Teclado
+// ────────────────────────────────────────────────────────────
+function focusInput() {
+    nextTick(() => {
+        const inst = inputEl.value;
+        const el = inst?.$el?.tagName === 'INPUT' ? inst.$el : inst?.$el?.querySelector?.('input');
+        el?.focus?.();
+        try { el?.select?.(); } catch { /* ignore */ }
+    });
+}
+
+function onGlobalKeydown(e) {
+    const isK = e.key?.toLowerCase() === 'k';
+    const cmd = e.ctrlKey || e.metaKey;
+    if (cmd && isK) {
+        e.preventDefault();
+        e.stopPropagation();
+        showPanel.value = true;
+        focusInput();
+        return;
+    }
+    if (e.key === 'Escape' && showPanel.value) {
+        showPanel.value = false;
+    }
+}
+
+function onInputKeydown(e) {
+    const n = flatList.value.length;
+    if (e.key === 'ArrowDown') {
+        if (!n) return;
+        e.preventDefault();
+        activeIndex.value = (activeIndex.value + 1 + n) % n;
+    } else if (e.key === 'ArrowUp') {
+        if (!n) return;
+        e.preventDefault();
+        activeIndex.value = (activeIndex.value - 1 + n) % n;
+    } else if (e.key === 'Enter') {
+        const entry = flatList.value[activeIndex.value];
+        if (entry) {
+            e.preventDefault();
+            goTo(entry);
+        }
+    } else if (e.key === 'Escape') {
+        showPanel.value = false;
+        const inst = inputEl.value;
+        const el = inst?.$el?.tagName === 'INPUT' ? inst.$el : inst?.$el?.querySelector?.('input');
+        el?.blur?.();
+    }
+}
+
+async function goTo(entry) {
+    const target = entry?.item?.to || entry?.item?.deeplink || entry?.item?.path;
+    if (!target) return;
+    showPanel.value = false;
+    query.value = '';
+    resetResults();
+    activeIndex.value = -1;
+    await router.push(target);
+}
+
+function onFocus() {
+    showPanel.value = true;
+    if (flatList.value.length && activeIndex.value < 0) activeIndex.value = 0;
+}
+
+function onDocMouseDown(e) {
+    if (!showPanel.value) return;
+    const el = rootEl.value;
+    if (!el) return;
+    if (!el.contains(e.target)) showPanel.value = false;
+}
+
+onMounted(() => {
+    window.addEventListener('keydown', onGlobalKeydown, true);
+    document.addEventListener('mousedown', onDocMouseDown);
+});
+onBeforeUnmount(() => {
+    if (debounceT) clearTimeout(debounceT);
+    window.removeEventListener('keydown', onGlobalKeydown, true);
+    document.removeEventListener('mousedown', onDocMouseDown);
+});
+
+// ────────────────────────────────────────────────────────────
+// UI helpers
+// ────────────────────────────────────────────────────────────
+const kbdIsMac = typeof navigator !== 'undefined' && /Mac|iP(ad|od|hone)/i.test(navigator.platform || '');
+const kbdModifier = kbdIsMac ? '⌘' : 'Ctrl';
+</script>
+
+<template>
+    <div ref="rootEl" class="gs-root">
+        <div class="gs-field">
+            <IconField class="gs-field__wrap">
+                <InputIcon class="pi pi-search gs-field__icon" />
+                <InputText
+                    ref="inputEl"
+                    v-model="query"
+                    type="search"
+                    autocomplete="off"
+                    spellcheck="false"
+                    placeholder="Buscar pacientes, agenda, documentos…"
+                    class="gs-field__input"
+                    @focus="onFocus"
+                    @keydown="onInputKeydown"
+                />
+            </IconField>
+            <span class="gs-field__kbd" aria-hidden="true">
+                <kbd>{{ kbdModifier }}</kbd>
+                <kbd>K</kbd>
+            </span>
+        </div>
+
+        <div v-if="showPanel" class="gs-panel" role="listbox">
+            <div v-if="loading" class="gs-panel__state">
+                <i class="pi pi-spin pi-spinner" /> buscando…
+            </div>
+
+            <div v-else-if="query.trim().length >= 2 && !hasAnyResult" class="gs-panel__state">
+                Nada encontrado pra <b>{{ query }}</b>.
+            </div>
+
+            <template v-else>
+                <!-- Ações -->
+                <div v-if="filteredActions.length" class="gs-group">
+                    <div class="gs-group__title">{{ query.trim() ? 'Ações' : 'Atalhos' }}</div>
+                    <button
+                        v-for="(a, i) in filteredActions"
+                        :key="a.id"
+                        type="button"
+                        class="gs-item"
+                        :class="{ 'is-active': findFlatIndex('actions', i) === activeIndex }"
+                        @mouseenter="activeIndex = findFlatIndex('actions', i)"
+                        @click="goTo({ group: 'actions', item: a, idx: i })"
+                    >
+                        <span class="gs-item__icon"><i :class="a.icon" /></span>
+                        <span class="gs-item__main">
+                            <span class="gs-item__label">{{ a.label }}</span>
+                            <span class="gs-item__sub">{{ a.sublabel }}</span>
+                        </span>
+                        <i class="gs-item__go pi pi-arrow-right" />
+                    </button>
+                </div>
+
+                <!-- Pacientes -->
+                <div v-if="results.patients.length" class="gs-group">
+                    <div class="gs-group__title">Pacientes</div>
+                    <button
+                        v-for="(p, i) in results.patients"
+                        :key="p.id"
+                        type="button"
+                        class="gs-item"
+                        :class="{ 'is-active': findFlatIndex('patients', i) === activeIndex }"
+                        @mouseenter="activeIndex = findFlatIndex('patients', i)"
+                        @click="goTo({ group: 'patients', item: p, idx: i })"
+                    >
+                        <span class="gs-item__avatar">
+                            <img v-if="p.avatar_url" :src="p.avatar_url" :alt="p.label" />
+                            <i v-else class="pi pi-user" />
+                        </span>
+                        <span class="gs-item__main">
+                            <span class="gs-item__label">{{ p.label }}</span>
+                            <span class="gs-item__sub">{{ p.sublabel }}</span>
+                        </span>
+                        <i class="gs-item__go pi pi-arrow-right" />
+                    </button>
+                </div>
+
+                <!-- Cadastros pendentes (intakes) -->
+                <div v-if="results.intakes.length" class="gs-group">
+                    <div class="gs-group__title">Cadastros pendentes</div>
+                    <button
+                        v-for="(r, i) in results.intakes"
+                        :key="r.id"
+                        type="button"
+                        class="gs-item"
+                        :class="{ 'is-active': findFlatIndex('intakes', i) === activeIndex }"
+                        @mouseenter="activeIndex = findFlatIndex('intakes', i)"
+                        @click="goTo({ group: 'intakes', item: r, idx: i })"
+                    >
+                        <span class="gs-item__icon gs-item__icon--amber"><i class="pi pi-inbox" /></span>
+                        <span class="gs-item__main">
+                            <span class="gs-item__label">{{ r.label }}</span>
+                            <span class="gs-item__sub">{{ r.sublabel }}</span>
+                        </span>
+                        <i class="gs-item__go pi pi-arrow-right" />
+                    </button>
+                </div>
+
+                <!-- Agendamentos -->
+                <div v-if="results.appointments.length" class="gs-group">
+                    <div class="gs-group__title">Agendamentos</div>
+                    <button
+                        v-for="(a, i) in results.appointments"
+                        :key="a.id"
+                        type="button"
+                        class="gs-item"
+                        :class="{ 'is-active': findFlatIndex('appointments', i) === activeIndex }"
+                        @mouseenter="activeIndex = findFlatIndex('appointments', i)"
+                        @click="goTo({ group: 'appointments', item: a, idx: i })"
+                    >
+                        <span class="gs-item__icon gs-item__icon--blue"><i class="pi pi-calendar" /></span>
+                        <span class="gs-item__main">
+                            <span class="gs-item__label">{{ a.label }}</span>
+                            <span class="gs-item__sub">{{ a.sublabel }}</span>
+                        </span>
+                        <i class="gs-item__go pi pi-arrow-right" />
+                    </button>
+                </div>
+
+                <!-- Documentos -->
+                <div v-if="results.documents.length" class="gs-group">
+                    <div class="gs-group__title">Documentos</div>
+                    <button
+                        v-for="(d, i) in results.documents"
+                        :key="d.id"
+                        type="button"
+                        class="gs-item"
+                        :class="{ 'is-active': findFlatIndex('documents', i) === activeIndex }"
+                        @mouseenter="activeIndex = findFlatIndex('documents', i)"
+                        @click="goTo({ group: 'documents', item: d, idx: i })"
+                    >
+                        <span class="gs-item__icon gs-item__icon--purple"><i class="pi pi-file" /></span>
+                        <span class="gs-item__main">
+                            <span class="gs-item__label">{{ d.label }}</span>
+                            <span class="gs-item__sub">{{ d.sublabel }}</span>
+                        </span>
+                        <i class="gs-item__go pi pi-arrow-right" />
+                    </button>
+                </div>
+
+                <!-- Serviços -->
+                <div v-if="results.services.length" class="gs-group">
+                    <div class="gs-group__title">Serviços</div>
+                    <button
+                        v-for="(s, i) in results.services"
+                        :key="s.id"
+                        type="button"
+                        class="gs-item"
+                        :class="{ 'is-active': findFlatIndex('services', i) === activeIndex }"
+                        @mouseenter="activeIndex = findFlatIndex('services', i)"
+                        @click="goTo({ group: 'services', item: s, idx: i })"
+                    >
+                        <span class="gs-item__icon gs-item__icon--orange"><i class="pi pi-briefcase" /></span>
+                        <span class="gs-item__main">
+                            <span class="gs-item__label">{{ s.label }}</span>
+                            <span class="gs-item__sub">{{ s.sublabel }}</span>
+                        </span>
+                        <i class="gs-item__go pi pi-arrow-right" />
+                    </button>
+                </div>
+
+                <!-- Páginas do app -->
+                <div v-if="filteredPages.length" class="gs-group">
+                    <div class="gs-group__title">Páginas</div>
+                    <button
+                        v-for="(p, i) in filteredPages"
+                        :key="p.id"
+                        type="button"
+                        class="gs-item"
+                        :class="{ 'is-active': findFlatIndex('pages', i) === activeIndex }"
+                        @mouseenter="activeIndex = findFlatIndex('pages', i)"
+                        @click="goTo({ group: 'pages', item: p, idx: i })"
+                    >
+                        <span class="gs-item__icon gs-item__icon--slate"><i :class="p.icon" /></span>
+                        <span class="gs-item__main">
+                            <span class="gs-item__label">{{ p.label }}</span>
+                            <span class="gs-item__sub">{{ p.sublabel }}</span>
+                        </span>
+                        <i class="gs-item__go pi pi-arrow-right" />
+                    </button>
+                </div>
+
+                <!-- Hint -->
+                <div v-if="!query.trim()" class="gs-panel__hint">
+                    <i class="pi pi-info-circle" />
+                    Digite ao menos 2 caracteres para buscar em pacientes, agenda, documentos e serviços.
+                </div>
+            </template>
+        </div>
+    </div>
+</template>
+
+<style scoped>
+.gs-root {
+    position: relative;
+    width: 100%;
+    max-width: 420px;
+    min-width: 220px;
+    flex: 1 1 320px;
+}
+
+.gs-field { position: relative; display: flex; align-items: center; }
+.gs-field__wrap { flex: 1; min-width: 0; }
+.gs-field__icon { font-size: 0.82rem; opacity: 0.6; }
+
+.gs-field__wrap :deep(.p-inputtext) {
+    width: 100%;
+    padding: 8px 56px 8px 34px;
+    font-size: 0.82rem;
+    height: 36px;
+    border-radius: 10px;
+    background: var(--p-content-background, var(--surface-card));
+    border: 1px solid var(--p-content-border-color, var(--surface-border));
+    transition: border-color 0.15s, box-shadow 0.15s, background 0.15s;
+}
+.gs-field__wrap :deep(.p-inputtext:hover) {
+    border-color: color-mix(in srgb, var(--primary-color) 40%, var(--surface-border));
+}
+.gs-field__wrap :deep(.p-inputtext:focus) {
+    border-color: var(--primary-color);
+    box-shadow: 0 0 0 3px color-mix(in srgb, var(--primary-color) 18%, transparent);
+    outline: none;
+}
+
+.gs-field__kbd {
+    position: absolute;
+    right: 8px;
+    top: 50%;
+    transform: translateY(-50%);
+    display: inline-flex;
+    gap: 3px;
+    pointer-events: none;
+}
+.gs-field__kbd kbd {
+    font-family: inherit;
+    font-size: 0.6rem;
+    font-weight: 600;
+    padding: 2px 5px;
+    border-radius: 4px;
+    background: color-mix(in srgb, var(--text-color) 7%, transparent);
+    border: 1px solid color-mix(in srgb, var(--text-color) 10%, transparent);
+    color: var(--text-color-secondary);
+    line-height: 1;
+    min-width: 16px;
+    text-align: center;
+}
+
+.gs-panel {
+    position: absolute;
+    top: calc(100% + 6px);
+    left: 0;
+    right: 0;
+    z-index: 3100;
+    background: var(--surface-card);
+    border: 1px solid var(--surface-border);
+    border-radius: 12px;
+    box-shadow: 0 16px 40px -14px rgba(0, 0, 0, 0.3);
+    max-height: 70vh;
+    overflow-y: auto;
+    padding: 6px;
+    min-width: 360px;
+}
+
+.gs-panel__state {
+    padding: 18px;
+    text-align: center;
+    font-size: 0.82rem;
+    color: var(--text-color-secondary);
+}
+.gs-panel__hint {
+    padding: 10px 12px;
+    font-size: 0.72rem;
+    color: var(--text-color-secondary);
+    display: flex;
+    align-items: center;
+    gap: 7px;
+    opacity: 0.85;
+}
+
+.gs-group + .gs-group {
+    margin-top: 4px;
+    border-top: 1px solid var(--surface-border);
+    padding-top: 4px;
+}
+.gs-group__title {
+    padding: 8px 10px 4px;
+    font-size: 0.62rem;
+    font-weight: 700;
+    text-transform: uppercase;
+    letter-spacing: 0.14em;
+    color: var(--text-color-secondary);
+    opacity: 0.7;
+}
+
+.gs-item {
+    display: flex;
+    align-items: center;
+    width: 100%;
+    gap: 10px;
+    padding: 8px 10px;
+    background: transparent;
+    border: 1px solid transparent;
+    border-radius: 8px;
+    cursor: pointer;
+    transition: background 0.12s, border-color 0.12s;
+    text-align: left;
+    font-family: inherit;
+    color: var(--text-color);
+}
+.gs-item.is-active {
+    background: color-mix(in srgb, var(--primary-color) 10%, transparent);
+    border-color: color-mix(in srgb, var(--primary-color) 24%, transparent);
+}
+
+.gs-item__icon,
+.gs-item__avatar {
+    width: 28px;
+    height: 28px;
+    display: grid;
+    place-items: center;
+    border-radius: 8px;
+    flex-shrink: 0;
+    font-size: 0.82rem;
+}
+.gs-item__icon {
+    background: color-mix(in srgb, var(--primary-color) 12%, transparent);
+    color: var(--primary-color);
+}
+.gs-item__icon--blue {
+    background: color-mix(in srgb, #60a5fa 14%, transparent);
+    color: #60a5fa;
+}
+.gs-item__icon--purple {
+    background: color-mix(in srgb, #c084fc 14%, transparent);
+    color: #c084fc;
+}
+.gs-item__icon--orange {
+    background: color-mix(in srgb, #fb923c 14%, transparent);
+    color: #fb923c;
+}
+.gs-item__icon--amber {
+    background: color-mix(in srgb, #f59e0b 14%, transparent);
+    color: #f59e0b;
+}
+.gs-item__icon--slate {
+    background: color-mix(in srgb, var(--text-color) 8%, transparent);
+    color: var(--text-color-secondary);
+}
+.gs-item__avatar {
+    border-radius: 50%;
+    overflow: hidden;
+    background: color-mix(in srgb, var(--text-color) 6%, transparent);
+    color: var(--text-color-secondary);
+}
+.gs-item__avatar img { width: 100%; height: 100%; object-fit: cover; }
+
+.gs-item__main {
+    flex: 1;
+    min-width: 0;
+    display: flex;
+    flex-direction: column;
+    gap: 2px;
+}
+.gs-item__label {
+    font-size: 0.82rem;
+    font-weight: 500;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+}
+.gs-item__sub {
+    font-size: 0.7rem;
+    color: var(--text-color-secondary);
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+}
+
+.gs-item__go {
+    font-size: 0.7rem;
+    color: var(--text-color-secondary);
+    opacity: 0;
+    transition: opacity 0.12s;
+}
+.gs-item.is-active .gs-item__go { opacity: 1; color: var(--primary-color); }
+
+/* Responsive */
+@media (max-width: 820px) { .gs-root { max-width: 260px; flex-basis: 220px; } }
+
+/* Compact: ≤ 640px → só ícone + kbd visíveis (input textual colapsado) */
+@media (max-width: 640px) {
+    .gs-root {
+        flex: 0 0 auto;
+        width: auto;
+        min-width: 0;
+        max-width: none;
+    }
+    .gs-field__wrap :deep(.p-inputtext) {
+        width: 92px;
+        padding: 8px 42px 8px 30px;
+        color: transparent;
+        caret-color: transparent;
+        cursor: pointer;
+    }
+    .gs-field__wrap :deep(.p-inputtext::placeholder) {
+        color: transparent;
+    }
+    /* Mantém kbd visível em compact (dica visual do atalho) */
+    .gs-field__kbd {
+        display: inline-flex;
+        right: 6px;
+        pointer-events: none;
+    }
+    .gs-field__kbd kbd {
+        font-size: 0.55rem;
+        padding: 1px 4px;
+    }
+
+    /* Focado: expande como overlay sobre o topbar */
+    .gs-root:focus-within {
+        position: absolute;
+        top: 50%;
+        left: 0.5rem;
+        right: 0.5rem;
+        transform: translateY(-50%);
+        z-index: 110;
+    }
+    .gs-root:focus-within .gs-field__wrap :deep(.p-inputtext) {
+        width: 100%;
+        padding: 8px 56px 8px 34px;
+        color: inherit;
+        caret-color: auto;
+        cursor: text;
+        background: var(--p-content-background, var(--surface-card));
+    }
+    .gs-root:focus-within .gs-field__wrap :deep(.p-inputtext::placeholder) {
+        color: var(--text-color-secondary);
+        opacity: 0.6;
+    }
+}
+</style>
diff --git a/src/components/search/pagesIndex.js b/src/components/search/pagesIndex.js
new file mode 100644
index 0000000..aeab892
--- /dev/null
+++ b/src/components/search/pagesIndex.js
@@ -0,0 +1,115 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — pagesIndex.js
+|--------------------------------------------------------------------------
+| Índice curado das páginas navegáveis do app. Consumido pelo GlobalSearch
+| pra dar "ir pra tal página" como resultado da busca.
+|
+| Regras:
+|   • `roles` vazio ou ausente  → todos logados veem.
+|   • `roles` com valores       → apenas esses papéis veem.
+|   • Roles reconhecidos: 'therapist', 'clinic_admin', 'tenant_admin',
+|     'supervisor', 'saas_admin', 'portal_user'.
+|
+| Não duplique aqui o que já está nas STATIC_ACTIONS do GlobalSearch
+| (Agenda, Pacientes, Financeiro, Documentos, Configurações, etc.).
+| O foco aqui são *sub-páginas* e telas menos frequentes, que o usuário
+| raramente lembra onde ficam.
+|--------------------------------------------------------------------------
+*/
+
+// Helpers opcionais pra keywords mais ricas
+const kw = (...arr) => arr.flat().filter(Boolean);
+
+export const PAGES = [
+    // ═══════════════════ THERAPIST (/therapist/*) ═══════════════════
+    { id: 'p_t_dashboard',        label: 'Dashboard',                     icon: 'pi pi-home',         sublabel: 'Visão geral',                         path: '/therapist',                               roles: ['therapist'],                       keywords: kw('home','inicio','painel','dashboard') },
+    { id: 'p_t_conversas',        label: 'Conversas',                     icon: 'pi pi-comments',     sublabel: 'Mensagens com pacientes',             path: '/therapist/conversas',                     roles: ['therapist'],                       keywords: kw('conversas','chat','mensagens','whatsapp') },
+    { id: 'p_t_agenda_rec',       label: 'Recorrências da agenda',        icon: 'pi pi-refresh',      sublabel: 'Sessões recorrentes',                 path: '/therapist/agenda/recorrencias',           roles: ['therapist'],                       keywords: kw('recorrencia','repeticao','semanal','sessao fixa') },
+    { id: 'p_t_agenda_comp',      label: 'Compromissos determinados',     icon: 'pi pi-bookmark',     sublabel: 'Sessões fixas',                       path: '/therapist/agenda/compromissos',           roles: ['therapist'],                       keywords: kw('compromissos','determinado','fixo') },
+    { id: 'p_t_plano',            label: 'Meu plano',                     icon: 'pi pi-crown',        sublabel: 'Assinatura e billing',                path: '/therapist/meu-plano',                     roles: ['therapist'],                       keywords: kw('plano','assinatura','pagamento','mensalidade','billing') },
+    { id: 'p_t_upgrade',          label: 'Upgrade de plano',              icon: 'pi pi-arrow-up',     sublabel: 'Mudar de plano',                      path: '/therapist/upgrade',                       roles: ['therapist'],                       keywords: kw('upgrade','trocar','mudar plano') },
+    { id: 'p_t_grupos',           label: 'Grupos de pacientes',           icon: 'pi pi-users',        sublabel: 'Organizar pacientes em grupos',       path: '/therapist/patients/grupos',               roles: ['therapist'],                       keywords: kw('grupos','segmentacao','categorias') },
+    { id: 'p_t_tags',             label: 'Tags de pacientes',             icon: 'pi pi-tags',         sublabel: 'Etiquetas',                           path: '/therapist/patients/tags',                 roles: ['therapist'],                       keywords: kw('tags','etiquetas','marcadores','labels') },
+    { id: 'p_t_medicos',          label: 'Médicos referenciadores',       icon: 'pi pi-user-edit',    sublabel: 'Médicos que encaminham pacientes',    path: '/therapist/patients/medicos',              roles: ['therapist'],                       keywords: kw('medicos','encaminhadores','referenciadores','indicacao') },
+    { id: 'p_t_link_externo',     label: 'Link de cadastro externo',      icon: 'pi pi-link',         sublabel: 'Link público pra pacientes',          path: '/therapist/patients/link-externo',         roles: ['therapist'],                       keywords: kw('link','externo','publico','cadastro paciente','convite') },
+    { id: 'p_t_cad_recebidos',    label: 'Cadastros recebidos',           icon: 'pi pi-inbox',        sublabel: 'Pacientes aguardando aceite',         path: '/therapist/patients/cadastro/recebidos',   roles: ['therapist'],                       keywords: kw('recebidos','pendentes','aceitar','intake','novos') },
+    { id: 'p_t_doc_templates',    label: 'Templates de documentos',       icon: 'pi pi-file-edit',    sublabel: 'Modelos reutilizáveis',               path: '/therapist/documents/templates',           roles: ['therapist'],                       keywords: kw('templates','modelos','contratos','documentos') },
+    { id: 'p_t_online_sched',     label: 'Agendamento online',            icon: 'pi pi-globe',        sublabel: 'Página pública de agendamento',       path: '/therapist/online-scheduling',             roles: ['therapist'],                       keywords: kw('online','publico','agendar','landing','pagina','site') },
+    { id: 'p_t_ag_recebidos',     label: 'Agendamentos recebidos',        icon: 'pi pi-calendar-plus',sublabel: 'Solicitações da agenda pública',      path: '/therapist/agendamentos-recebidos',        roles: ['therapist'],                       keywords: kw('solicitacoes','recebidos','publico','pedidos') },
+    { id: 'p_t_fin_lanc',         label: 'Lançamentos financeiros',       icon: 'pi pi-list',         sublabel: 'Entradas e saídas',                   path: '/therapist/financeiro/lancamentos',        roles: ['therapist'],                       keywords: kw('lancamentos','entradas','saidas','fluxo de caixa','receitas','despesas') },
+    { id: 'p_t_relatorios',       label: 'Relatórios',                    icon: 'pi pi-chart-bar',    sublabel: 'Métricas e análises',                 path: '/therapist/relatorios',                    roles: ['therapist'],                       keywords: kw('relatorios','metricas','dashboards','analytics','indicadores') },
+    { id: 'p_t_security',         label: 'Segurança da conta',            icon: 'pi pi-shield',       sublabel: 'Senha, 2FA, sessões',                 path: '/therapist/settings/security',             roles: ['therapist'],                       keywords: kw('seguranca','senha','2fa','autenticacao','mfa') },
+    { id: 'p_t_notificacoes',     label: 'Notificações',                  icon: 'pi pi-bell',         sublabel: 'Histórico completo',                  path: '/therapist/notificacoes',                  roles: ['therapist'],                       keywords: kw('notificacoes','historico','alertas','avisos','inbox') },
+
+    // ═══════════════════ CLINIC ADMIN (/admin/*) ═══════════════════
+    { id: 'p_c_dashboard',        label: 'Dashboard (clínica)',           icon: 'pi pi-home',         sublabel: 'Visão geral da clínica',              path: '/admin',                                   roles: ['clinic_admin','tenant_admin'],     keywords: kw('dashboard','home','clinica') },
+    { id: 'p_c_features',         label: 'Features da clínica',           icon: 'pi pi-th-large',     sublabel: 'Recursos habilitados',                path: '/admin/clinic/features',                   roles: ['clinic_admin','tenant_admin'],     keywords: kw('features','recursos','modulos','addons') },
+    { id: 'p_c_professionals',    label: 'Profissionais',                 icon: 'pi pi-user',         sublabel: 'Terapeutas da clínica',               path: '/admin/clinic/professionals',              roles: ['clinic_admin','tenant_admin'],     keywords: kw('profissionais','terapeutas','equipe','time') },
+    { id: 'p_c_agenda_clinica',   label: 'Agenda da clínica',             icon: 'pi pi-calendar',     sublabel: 'Agenda consolidada',                  path: '/admin/agenda/clinica',                    roles: ['clinic_admin','tenant_admin'],     keywords: kw('agenda','clinica','global','consolidada') },
+    { id: 'p_c_plano',            label: 'Plano da clínica',              icon: 'pi pi-crown',        sublabel: 'Assinatura',                          path: '/admin/meu-plano',                         roles: ['clinic_admin','tenant_admin'],     keywords: kw('plano','assinatura','billing','clinica') },
+
+    // ═══════════════════ CONFIGURAÇÕES (/configuracoes/*) ═══════════════════
+    { id: 'p_cfg_agenda',         label: 'Config: Agenda',                icon: 'pi pi-calendar',     sublabel: 'Horário de atendimento, durações',    path: '/configuracoes/agenda',                                                                keywords: kw('config','agenda','horario','duracao','expediente') },
+    { id: 'p_cfg_bloqueios',      label: 'Config: Bloqueios',             icon: 'pi pi-ban',          sublabel: 'Feriados e indisponibilidades',       path: '/configuracoes/bloqueios',                                                             keywords: kw('bloqueios','feriados','ferias','indisponivel','folga') },
+    { id: 'p_cfg_agendador',      label: 'Config: Agendador público',     icon: 'pi pi-globe',        sublabel: 'Configurações da página pública',     path: '/configuracoes/agendador',                                                             keywords: kw('agendador','publico','online','booking','configurar') },
+    { id: 'p_cfg_pagamento',      label: 'Config: Formas de pagamento',   icon: 'pi pi-wallet',       sublabel: 'Métodos aceitos',                     path: '/configuracoes/pagamento',                                                             keywords: kw('pagamento','metodos','pix','cartao','boleto','dinheiro') },
+    { id: 'p_cfg_descontos',      label: 'Config: Descontos',             icon: 'pi pi-percentage',   sublabel: 'Regras de desconto',                  path: '/configuracoes/descontos',                                                             keywords: kw('descontos','promocao','reducao','abatimento') },
+    { id: 'p_cfg_excecoes',       label: 'Config: Exceções financeiras',  icon: 'pi pi-exclamation-triangle', sublabel: 'Casos especiais',             path: '/configuracoes/excecoes-financeiras',                                                  keywords: kw('excecoes','financeiras','casos especiais','ajustes','manuais') },
+    { id: 'p_cfg_convenios',      label: 'Config: Convênios',             icon: 'pi pi-id-card',      sublabel: 'Planos de saúde',                     path: '/configuracoes/convenios',                                                             keywords: kw('convenios','planos','saude','insurance','seguro') },
+    { id: 'p_cfg_email',          label: 'Config: Templates de e-mail',   icon: 'pi pi-envelope',     sublabel: 'Mensagens automáticas',               path: '/configuracoes/email-templates',                                                       keywords: kw('email','templates','modelos','notificacoes','mensagens') },
+    { id: 'p_cfg_empresa',        label: 'Config: Empresa',               icon: 'pi pi-building',     sublabel: 'Dados da sua empresa',                path: '/configuracoes/empresa',                                                               keywords: kw('empresa','dados','cnpj','razao social','fantasia','endereco') },
+    { id: 'p_cfg_conv_tags',      label: 'Config: Tags de Conversa',      icon: 'pi pi-tag',          sublabel: 'Etiquetas pro CRM de conversas',      path: '/configuracoes/conversas-tags',                                                        keywords: kw('tags','etiquetas','conversas','crm','whatsapp','kanban') },
+    { id: 'p_cfg_conv_autoreply', label: 'Config: Auto-reply WhatsApp',   icon: 'pi pi-reply',        sublabel: 'Resposta fora do horário',            path: '/configuracoes/conversas-autoreply',                                                   keywords: kw('auto-reply','autoresposta','fora do horario','whatsapp','automatico','bot') },
+    { id: 'p_cfg_conv_optouts',   label: 'Config: Opt-outs (LGPD)',       icon: 'pi pi-ban',          sublabel: 'Números bloqueados de envios auto',   path: '/configuracoes/conversas-optouts',                                                     keywords: kw('opt-out','optout','lgpd','parar','bloqueio','cancelar','compliance','anpd') },
+    { id: 'p_cfg_lembretes',      label: 'Config: Lembretes de Sessão',   icon: 'pi pi-bell',         sublabel: 'WhatsApp 24h e 2h antes',              path: '/configuracoes/lembretes-sessao',                                                      keywords: kw('lembretes','sessao','whatsapp','automatico','reduzir faltas','avisar') },
+    { id: 'p_cfg_creditos_wa',    label: 'Config: Créditos WhatsApp',      icon: 'pi pi-credit-card',  sublabel: 'Saldo, pacotes, extrato',              path: '/configuracoes/creditos-whatsapp',                                                     keywords: kw('creditos','whatsapp','saldo','pacote','pagamento','pix','comprar','asaas') },
+    { id: 'p_cfg_canais',         label: 'Config: Canais de notificação', icon: 'pi pi-bell',         sublabel: 'WhatsApp, SMS, e-mail',               path: '/configuracoes/canais',                                                                keywords: kw('canais','notificacoes','lembretes','whatsapp','sms','email') },
+    { id: 'p_cfg_whatsapp',       label: 'Config: WhatsApp',              icon: 'pi pi-whatsapp',     sublabel: 'Canal WhatsApp',                      path: '/configuracoes/whatsapp',                                                              keywords: kw('whatsapp','wa','mensageria') },
+    { id: 'p_cfg_whatsapp_ofc',   label: 'Config: WhatsApp Oficial AgenciaPSI', icon: 'pi pi-verified',  sublabel: 'Número oficial gerenciado',           path: '/configuracoes/whatsapp-oficial',                                                      keywords: kw('whatsapp','oficial','agenciapsi','business','api','meta','creditos') },
+    { id: 'p_cfg_whatsapp_pes',   label: 'Config: WhatsApp Pessoal',      icon: 'pi pi-mobile',       sublabel: 'Conectar via QR code',                path: '/configuracoes/whatsapp-pessoal',                                                      keywords: kw('whatsapp','pessoal','qr','gratis','evolution','baileys') },
+    { id: 'p_cfg_sms',            label: 'Config: SMS',                   icon: 'pi pi-mobile',       sublabel: 'Canal SMS',                           path: '/configuracoes/sms',                                                                   keywords: kw('sms','torpedo','texto') },
+    { id: 'p_cfg_sms_canal',      label: 'Config: Canal SMS',             icon: 'pi pi-mobile',       sublabel: 'Provedor e número',                   path: '/configuracoes/sms-canal',                                                             keywords: kw('sms','canal','provedor') },
+    { id: 'p_cfg_extras',         label: 'Config: Recursos extras',       icon: 'pi pi-plus-circle',  sublabel: 'Addons e créditos',                   path: '/configuracoes/recursos-extras',                                                       keywords: kw('recursos','extras','addons','creditos','saldo') },
+    { id: 'p_cfg_auditoria',      label: 'Config: Auditoria',             icon: 'pi pi-history',      sublabel: 'Log de ações',                        path: '/configuracoes/auditoria',                                                             keywords: kw('auditoria','log','historico','acoes') },
+
+    // ═══════════════════ CONTA (/account/*) ═══════════════════
+    { id: 'p_acc_profile',        label: 'Meu perfil',                    icon: 'pi pi-user',         sublabel: 'Dados pessoais',                      path: '/account/profile',                                                                     keywords: kw('perfil','profile','meus dados','nome','foto','bio') },
+    { id: 'p_acc_negocio',        label: 'Meu negócio',                   icon: 'pi pi-briefcase',    sublabel: 'Dados profissionais',                 path: '/account/negocio',                                                                     keywords: kw('negocio','profissional','crp','atuacao','especialidade') },
+    { id: 'p_acc_security',       label: 'Segurança (conta)',             icon: 'pi pi-shield',       sublabel: 'Senha e autenticação',                path: '/account/security',                                                                    keywords: kw('seguranca','senha','password','2fa') }
+];
+
+/**
+ * Filtra páginas pelo papel ativo do usuário.
+ * @param {string|null} role - 'therapist'|'clinic_admin'|'tenant_admin'|'supervisor'|'saas_admin'|'portal_user'
+ * @returns {Array}
+ */
+export function filterPagesForRole(role) {
+    if (!role) return PAGES.filter((p) => !p.roles || p.roles.length === 0);
+    return PAGES.filter((p) => !p.roles || p.roles.length === 0 || p.roles.includes(role));
+}
+
+/**
+ * Normaliza string pra busca fuzzy simples (remove acento, minúsculo, trim).
+ */
+function _norm(s) {
+    return String(s || '').normalize('NFD').replace(/[\u0300-\u036f]/g, '').toLowerCase().trim();
+}
+
+/**
+ * Busca fuzzy em páginas filtradas pelo papel.
+ * @param {string} q
+ * @param {string|null} role
+ * @param {number} limit
+ */
+export function searchPages(q, role, limit = 6) {
+    const query = _norm(q);
+    const pool = filterPagesForRole(role);
+    if (!query) return pool.slice(0, limit); // top N quando vazio
+    return pool
+        .filter((p) => {
+            const hay = _norm(p.label + ' ' + p.sublabel + ' ' + (p.keywords || []).join(' '));
+            return hay.includes(query);
+        })
+        .slice(0, limit);
+}
diff --git a/src/components/ui/ContactEmailsEditor.vue b/src/components/ui/ContactEmailsEditor.vue
new file mode 100644
index 0000000..18ae694
--- /dev/null
+++ b/src/components/ui/ContactEmailsEditor.vue
@@ -0,0 +1,248 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI — Editor de emails polimórfico
+|--------------------------------------------------------------------------
+| Uso:
+|   <ContactEmailsEditor entity-type="patient" :entity-id="patient.id" />
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, onMounted, watch, reactive } from 'vue';
+import { useToast } from 'primevue/usetoast';
+import { useConfirm } from 'primevue/useconfirm';
+import { useContactEmails } from '@/composables/useContactEmails';
+
+const props = defineProps({
+    entityType: { type: String, required: true },
+    entityId: { type: String, required: false, default: null },
+    readonly: { type: Boolean, default: false },
+    confirmGroup: { type: String, default: '' }
+});
+
+const emit = defineEmits(['change']);
+
+const toast = useToast();
+const confirm = useConfirm();
+const api = useContactEmails();
+
+const showAddForm = ref(false);
+const newForm = reactive({ contact_email_type_id: null, email: '', notes: '' });
+
+function openAddForm() {
+    const defaultType = api.typeBySlug('principal') || api.types.value[0];
+    newForm.contact_email_type_id = defaultType?.id || null;
+    newForm.email = '';
+    newForm.notes = '';
+    showAddForm.value = true;
+}
+
+function cancelAddForm() {
+    showAddForm.value = false;
+}
+
+async function submitAddForm() {
+    if (!newForm.contact_email_type_id || !newForm.email.trim()) return;
+    const res = await api.addEmail(props.entityType, props.entityId, {
+        contact_email_type_id: newForm.contact_email_type_id,
+        email: newForm.email,
+        is_primary: api.emails.value.length === 0,
+        notes: newForm.notes || null
+    });
+    if (res.ok) {
+        showAddForm.value = false;
+        toast.add({ severity: 'success', summary: 'Email adicionado', life: 1800 });
+        emit('change', api.emails.value);
+    } else {
+        toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+    }
+}
+
+const editingId = ref(null);
+const editForm = reactive({ contact_email_type_id: null, email: '', notes: '' });
+
+function startEdit(email) {
+    editingId.value = email.id;
+    editForm.contact_email_type_id = email.contact_email_type_id;
+    editForm.email = email.email;
+    editForm.notes = email.notes || '';
+}
+
+function cancelEdit() {
+    editingId.value = null;
+}
+
+async function saveEdit(email) {
+    const res = await api.updateEmail(props.entityType, props.entityId, email.id, {
+        contact_email_type_id: editForm.contact_email_type_id,
+        email: editForm.email,
+        notes: editForm.notes.trim() || null
+    });
+    if (res.ok) {
+        editingId.value = null;
+        toast.add({ severity: 'success', summary: 'Email atualizado', life: 1800 });
+        emit('change', api.emails.value);
+    } else {
+        toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+    }
+}
+
+async function setPrimary(email) {
+    if (email.is_primary) return;
+    const res = await api.setPrimary(props.entityType, props.entityId, email.id);
+    if (res.ok) {
+        toast.add({ severity: 'success', summary: 'Email principal atualizado', life: 1800 });
+        emit('change', api.emails.value);
+    }
+}
+
+function confirmRemove(email) {
+    const typeName = api.typeById(email.contact_email_type_id)?.name || 'email';
+    confirm.require({
+        group: props.confirmGroup || undefined,
+        message: `Remover este ${typeName}${email.is_primary ? ' (principal)' : ''}?`,
+        header: 'Remover email',
+        icon: 'pi pi-exclamation-triangle',
+        acceptClass: 'p-button-danger',
+        acceptLabel: 'Remover',
+        rejectLabel: 'Cancelar',
+        accept: async () => {
+            const res = await api.removeEmail(props.entityType, props.entityId, email.id);
+            if (res.ok) {
+                toast.add({ severity: 'success', summary: 'Removido', life: 1800 });
+                emit('change', api.emails.value);
+            } else {
+                toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+            }
+        }
+    });
+}
+
+onMounted(async () => {
+    await api.loadTypes();
+    if (props.entityId) await api.loadEmails(props.entityType, props.entityId);
+});
+
+watch(() => props.entityId, async (v) => {
+    if (v) await api.loadEmails(props.entityType, v);
+    else api.emails.value = [];
+});
+</script>
+
+<template>
+    <div class="flex flex-col gap-2">
+        <div class="text-[0.7rem] text-[var(--text-color-secondary)] flex items-start gap-1.5 px-1">
+            <i class="pi pi-info-circle text-sky-500 mt-0.5 shrink-0" />
+            <span>
+                Marque um email como <strong>principal</strong> — ele é usado pra
+                <strong>envio de faturas, templates e notificações por email</strong>.
+            </span>
+        </div>
+
+        <div v-if="api.loading.value" class="text-xs text-center py-3 text-[var(--text-color-secondary)]">
+            <i class="pi pi-spin pi-spinner mr-1" /> Carregando…
+        </div>
+
+        <div v-else-if="!api.emails.value.length && !showAddForm" class="text-xs text-center py-4 italic text-[var(--text-color-secondary)] border border-dashed border-[var(--surface-border)] rounded-md">
+            Nenhum email cadastrado.
+        </div>
+
+        <div v-else class="flex flex-col gap-1.5">
+            <div
+                v-for="email in api.emails.value"
+                :key="email.id"
+                class="flex items-center gap-2 p-2 rounded-md border border-[var(--surface-border)]"
+                :class="email.is_primary ? 'bg-[var(--primary-color)]/5 border-[var(--primary-color)]/30' : 'bg-[var(--surface-card)]'"
+            >
+                <template v-if="editingId !== email.id">
+                    <div class="w-8 h-8 rounded grid place-items-center shrink-0 bg-[var(--surface-ground)]">
+                        <i :class="api.typeById(email.contact_email_type_id)?.icon || 'pi pi-envelope'" class="text-sm text-[var(--text-color-secondary)]" />
+                    </div>
+
+                    <div class="flex-1 min-w-0 flex flex-col gap-0.5">
+                        <div class="flex items-center gap-1.5 flex-wrap">
+                            <span class="text-xs font-semibold text-[var(--text-color-secondary)]">{{ api.typeById(email.contact_email_type_id)?.name || 'Email' }}</span>
+                            <span v-if="email.is_primary" class="inline-flex items-center px-1.5 py-px rounded-full text-[0.6rem] font-bold uppercase tracking-wide bg-[var(--primary-color)] text-white">Principal</span>
+                        </div>
+                        <a :href="`mailto:${email.email}`" class="text-sm font-mono truncate text-[var(--primary-color)] hover:underline" @click.stop>{{ email.email }}</a>
+                        <span v-if="email.notes" class="text-[0.7rem] italic text-[var(--text-color-secondary)]">{{ email.notes }}</span>
+                    </div>
+
+                    <div v-if="!readonly" class="flex items-center gap-0.5 shrink-0">
+                        <Button v-if="!email.is_primary" icon="pi pi-star" text size="small" class="h-7 w-7" v-tooltip.top="'Marcar como principal'" :disabled="api.saving.value" @click="setPrimary(email)" />
+                        <Button icon="pi pi-pencil" text size="small" class="h-7 w-7" v-tooltip.top="'Editar'" :disabled="api.saving.value" @click="startEdit(email)" />
+                        <Button icon="pi pi-trash" text severity="danger" size="small" class="h-7 w-7" v-tooltip.top="'Remover'" :disabled="api.saving.value" @click="confirmRemove(email)" />
+                    </div>
+                </template>
+
+                <template v-else>
+                    <div class="flex flex-col gap-1.5 flex-1 min-w-0">
+                        <div class="flex items-center gap-1.5 flex-wrap">
+                            <Select
+                                v-model="editForm.contact_email_type_id"
+                                :options="api.types.value"
+                                optionLabel="name"
+                                optionValue="id"
+                                class="text-xs"
+                                style="width: 140px"
+                                appendTo="body"
+                            >
+                                <template #option="slotProps">
+                                    <div class="flex items-center gap-1.5">
+                                        <i :class="slotProps.option.icon || 'pi pi-envelope'" class="text-xs" />
+                                        <span>{{ slotProps.option.name }}</span>
+                                    </div>
+                                </template>
+                            </Select>
+                            <InputText v-model="editForm.email" type="email" class="flex-1 text-sm font-mono" style="min-width: 200px" />
+                        </div>
+                        <InputText v-model="editForm.notes" placeholder="Observação (opcional)" class="w-full text-xs" :maxlength="200" />
+                    </div>
+                    <div class="flex items-center gap-0.5 shrink-0">
+                        <Button icon="pi pi-check" severity="primary" size="small" class="h-7 w-7" v-tooltip.top="'Salvar'" :loading="api.saving.value" @click="saveEdit(email)" />
+                        <Button icon="pi pi-times" severity="secondary" text size="small" class="h-7 w-7" v-tooltip.top="'Cancelar'" :disabled="api.saving.value" @click="cancelEdit" />
+                    </div>
+                </template>
+            </div>
+        </div>
+
+        <div v-if="showAddForm" class="flex flex-col gap-2 p-2 rounded-md border border-dashed border-[var(--primary-color)]/50 bg-[var(--primary-color)]/5">
+            <div class="flex items-center gap-1.5 flex-wrap">
+                <Select
+                    v-model="newForm.contact_email_type_id"
+                    :options="api.types.value"
+                    optionLabel="name"
+                    optionValue="id"
+                    class="text-xs"
+                    style="width: 140px"
+                    appendTo="body"
+                >
+                    <template #option="slotProps">
+                        <div class="flex items-center gap-1.5">
+                            <i :class="slotProps.option.icon || 'pi pi-envelope'" class="text-xs" />
+                            <span>{{ slotProps.option.name }}</span>
+                        </div>
+                    </template>
+                </Select>
+                <InputText v-model="newForm.email" type="email" placeholder="nome@exemplo.com" class="flex-1 text-sm font-mono" style="min-width: 200px" autofocus />
+            </div>
+            <InputText v-model="newForm.notes" placeholder="Observação (opcional)" class="w-full text-xs" :maxlength="200" />
+            <div class="flex items-center gap-1 justify-end">
+                <Button label="Cancelar" severity="secondary" text size="small" :disabled="api.saving.value" @click="cancelAddForm" />
+                <Button label="Adicionar" icon="pi pi-check" size="small" :loading="api.saving.value" :disabled="!newForm.contact_email_type_id || !newForm.email.trim()" @click="submitAddForm" />
+            </div>
+        </div>
+
+        <Button
+            v-if="!readonly && !showAddForm"
+            label="Adicionar email"
+            icon="pi pi-plus"
+            severity="secondary"
+            outlined
+            size="small"
+            class="self-start rounded-full"
+            :disabled="!props.entityId"
+            v-tooltip.right="!props.entityId ? 'Salve o cadastro primeiro pra adicionar emails' : null"
+            @click="openAddForm"
+        />
+    </div>
+</template>
diff --git a/src/components/ui/ContactPhonesEditor.vue b/src/components/ui/ContactPhonesEditor.vue
new file mode 100644
index 0000000..438b6ac
--- /dev/null
+++ b/src/components/ui/ContactPhonesEditor.vue
@@ -0,0 +1,342 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI — Editor de telefones polimórfico
+|--------------------------------------------------------------------------
+| Uso:
+|   <ContactPhonesEditor entity-type="patient" :entity-id="patient.id" />
+|
+| Auto-salva mudanças no banco (contact_phones) via useContactPhones.
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, computed, onMounted, watch, reactive } from 'vue';
+import { useToast } from 'primevue/usetoast';
+import { useConfirm } from 'primevue/useconfirm';
+import { useContactPhones } from '@/composables/useContactPhones';
+
+const props = defineProps({
+    entityType: { type: String, required: true },   // 'patient' | 'medico'
+    entityId: { type: String, required: false, default: null },  // null = modo pendente (antes de criar entidade)
+    readonly: { type: Boolean, default: false },
+    confirmGroup: { type: String, default: '' }      // grupo do ConfirmDialog (pra isolar de outros na página)
+});
+
+const emit = defineEmits(['change']);
+
+const toast = useToast();
+const confirm = useConfirm();
+const api = useContactPhones();
+
+// ── Mascaras ─────────────────────────────────────────────────
+const MASK_MOBILE = '(99) 99999-9999';
+const MASK_FIXED = '(99) 9999-9999';
+
+function maskForType(typeId) {
+    const t = api.typeById(typeId);
+    return t?.is_mobile ? MASK_MOBILE : MASK_FIXED;
+}
+
+// ── Formulário de nova linha ─────────────────────────────────
+const showAddForm = ref(false);
+const newForm = reactive({ contact_type_id: null, number: '', notes: '' });
+
+function openAddForm() {
+    // Default: primeiro tipo system (celular)
+    const defaultType = api.typeBySlug('celular') || api.types.value[0];
+    newForm.contact_type_id = defaultType?.id || null;
+    newForm.number = '';
+    newForm.notes = '';
+    showAddForm.value = true;
+}
+
+function cancelAddForm() {
+    showAddForm.value = false;
+}
+
+async function submitAddForm() {
+    if (!newForm.contact_type_id || !newForm.number.trim()) return;
+    const res = await api.addPhone(props.entityType, props.entityId, {
+        contact_type_id: newForm.contact_type_id,
+        number: newForm.number,
+        is_primary: api.phones.value.length === 0, // primeiro vira primary
+        notes: newForm.notes || null
+    });
+    if (res.ok) {
+        showAddForm.value = false;
+        toast.add({ severity: 'success', summary: 'Telefone adicionado', life: 1800 });
+        emit('change', api.phones.value);
+    } else {
+        toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+    }
+}
+
+// ── Edição inline ────────────────────────────────────────────
+const editingId = ref(null);
+const editForm = reactive({ contact_type_id: null, number: '', notes: '' });
+
+function startEdit(phone) {
+    editingId.value = phone.id;
+    editForm.contact_type_id = phone.contact_type_id;
+    editForm.number = phone.number;
+    editForm.notes = phone.notes || '';
+}
+
+function cancelEdit() {
+    editingId.value = null;
+}
+
+async function saveEdit(phone) {
+    const res = await api.updatePhone(props.entityType, props.entityId, phone.id, {
+        contact_type_id: editForm.contact_type_id,
+        number: editForm.number,
+        notes: editForm.notes.trim() || null
+    });
+    if (res.ok) {
+        editingId.value = null;
+        toast.add({ severity: 'success', summary: 'Telefone atualizado', life: 1800 });
+        emit('change', api.phones.value);
+    } else {
+        toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+    }
+}
+
+// ── Principal ────────────────────────────────────────────────
+async function setPrimary(phone) {
+    if (phone.is_primary) return;
+    const res = await api.setPrimary(props.entityType, props.entityId, phone.id);
+    if (res.ok) {
+        toast.add({ severity: 'success', summary: 'Telefone principal atualizado', life: 1800 });
+        emit('change', api.phones.value);
+    }
+}
+
+// ── Remover ──────────────────────────────────────────────────
+function confirmRemove(phone) {
+    const typeName = api.typeById(phone.contact_type_id)?.name || 'telefone';
+    confirm.require({
+        group: props.confirmGroup || undefined,
+        message: `Remover este ${typeName}${phone.is_primary ? ' (principal)' : ''}?`,
+        header: 'Remover telefone',
+        icon: 'pi pi-exclamation-triangle',
+        acceptClass: 'p-button-danger',
+        acceptLabel: 'Remover',
+        rejectLabel: 'Cancelar',
+        accept: async () => {
+            const res = await api.removePhone(props.entityType, props.entityId, phone.id);
+            if (res.ok) {
+                toast.add({ severity: 'success', summary: 'Removido', life: 1800 });
+                emit('change', api.phones.value);
+            } else {
+                toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+            }
+        }
+    });
+}
+
+// ── Helpers ──────────────────────────────────────────────────
+function formatDisplay(number) {
+    const s = String(number || '').replace(/\D/g, '');
+    if (s.length === 11) return `(${s.slice(0, 2)}) ${s.slice(2, 7)}-${s.slice(7)}`;
+    if (s.length === 10) return `(${s.slice(0, 2)}) ${s.slice(2, 6)}-${s.slice(6)}`;
+    if (s.length === 13 && s.startsWith('55')) return `+55 (${s.slice(2, 4)}) ${s.slice(4, 9)}-${s.slice(9)}`;
+    if (s.length === 12 && s.startsWith('55')) return `+55 (${s.slice(2, 4)}) ${s.slice(4, 8)}-${s.slice(8)}`;
+    return number;
+}
+
+// ── Lifecycle ────────────────────────────────────────────────
+onMounted(async () => {
+    await api.loadTypes();
+    if (props.entityId) await api.loadPhones(props.entityType, props.entityId);
+});
+
+watch(() => props.entityId, async (v) => {
+    if (v) await api.loadPhones(props.entityType, v);
+    else api.phones.value = [];
+});
+</script>
+
+<template>
+    <div class="flex flex-col gap-2">
+        <!-- Aviso sobre telefone principal -->
+        <div class="text-[0.7rem] text-[var(--text-color-secondary)] flex items-start gap-1.5 px-1">
+            <i class="pi pi-info-circle text-sky-500 mt-0.5 shrink-0" />
+            <span>
+                Marque um telefone como <strong>principal</strong> — ele é usado pra
+                <strong>cobranças, lembretes automáticos e contato padrão</strong>.
+                Número vindo do CRM WhatsApp recebe a etiqueta <strong>"vinculado"</strong>.
+            </span>
+        </div>
+
+        <!-- Lista de telefones -->
+        <div v-if="api.loading.value" class="text-xs text-center py-3 text-[var(--text-color-secondary)]">
+            <i class="pi pi-spin pi-spinner mr-1" /> Carregando…
+        </div>
+
+        <div v-else-if="!api.phones.value.length && !showAddForm" class="text-xs text-center py-4 italic text-[var(--text-color-secondary)] border border-dashed border-[var(--surface-border)] rounded-md">
+            Nenhum telefone cadastrado.
+        </div>
+
+        <div v-else class="flex flex-col gap-1.5">
+            <div
+                v-for="phone in api.phones.value"
+                :key="phone.id"
+                class="flex items-center gap-2 p-2 rounded-md border border-[var(--surface-border)]"
+                :class="phone.is_primary ? 'bg-[var(--primary-color)]/5 border-[var(--primary-color)]/30' : 'bg-[var(--surface-card)]'"
+            >
+                <!-- Modo leitura -->
+                <template v-if="editingId !== phone.id">
+                    <!-- Ícone do tipo -->
+                    <div class="w-8 h-8 rounded grid place-items-center shrink-0 bg-[var(--surface-ground)]">
+                        <i :class="api.typeById(phone.contact_type_id)?.icon || 'pi pi-phone'" class="text-sm text-[var(--text-color-secondary)]" />
+                    </div>
+
+                    <!-- Tipo + número + badges -->
+                    <div class="flex-1 min-w-0 flex flex-col gap-0.5">
+                        <div class="flex items-center gap-1.5 flex-wrap">
+                            <span class="text-xs font-semibold text-[var(--text-color-secondary)]">{{ api.typeById(phone.contact_type_id)?.name || 'Telefone' }}</span>
+                            <span v-if="phone.is_primary" class="inline-flex items-center px-1.5 py-px rounded-full text-[0.6rem] font-bold uppercase tracking-wide bg-[var(--primary-color)] text-white">Principal</span>
+                            <span v-if="phone.whatsapp_linked_at" class="inline-flex items-center gap-0.5 px-1.5 py-px rounded-full text-[0.6rem] font-bold uppercase tracking-wide bg-emerald-500/15 text-emerald-600">
+                                <i class="pi pi-link text-[0.55rem]" /> Vinculado
+                            </span>
+                        </div>
+                        <span class="text-sm font-mono font-semibold">{{ formatDisplay(phone.number) }}</span>
+                        <span v-if="phone.notes" class="text-[0.7rem] italic text-[var(--text-color-secondary)]">{{ phone.notes }}</span>
+                    </div>
+
+                    <!-- Ações -->
+                    <div v-if="!readonly" class="flex items-center gap-0.5 shrink-0">
+                        <Button
+                            v-if="!phone.is_primary"
+                            icon="pi pi-star"
+                            text
+                            size="small"
+                            class="h-7 w-7"
+                            v-tooltip.top="'Marcar como principal'"
+                            :disabled="api.saving.value"
+                            @click="setPrimary(phone)"
+                        />
+                        <Button
+                            icon="pi pi-pencil"
+                            text
+                            size="small"
+                            class="h-7 w-7"
+                            v-tooltip.top="'Editar'"
+                            :disabled="api.saving.value"
+                            @click="startEdit(phone)"
+                        />
+                        <Button
+                            icon="pi pi-trash"
+                            text
+                            severity="danger"
+                            size="small"
+                            class="h-7 w-7"
+                            v-tooltip.top="'Remover'"
+                            :disabled="api.saving.value"
+                            @click="confirmRemove(phone)"
+                        />
+                    </div>
+                </template>
+
+                <!-- Modo edição -->
+                <template v-else>
+                    <div class="flex flex-col gap-1.5 flex-1 min-w-0">
+                        <div class="flex items-center gap-1.5 flex-wrap">
+                            <Select
+                                v-model="editForm.contact_type_id"
+                                :options="api.types.value"
+                                optionLabel="name"
+                                optionValue="id"
+                                class="text-xs"
+                                style="width: 140px"
+                                appendTo="body"
+                            >
+                                <template #option="slotProps">
+                                    <div class="flex items-center gap-1.5">
+                                        <i :class="slotProps.option.icon || 'pi pi-phone'" class="text-xs" />
+                                        <span>{{ slotProps.option.name }}</span>
+                                    </div>
+                                </template>
+                            </Select>
+                            <InputMask
+                                v-model="editForm.number"
+                                :mask="maskForType(editForm.contact_type_id)"
+                                class="flex-1 text-sm font-mono"
+                                style="min-width: 140px"
+                            />
+                        </div>
+                        <InputText
+                            v-model="editForm.notes"
+                            placeholder="Observação (opcional)"
+                            class="w-full text-xs"
+                            :maxlength="200"
+                        />
+                    </div>
+                    <div class="flex items-center gap-0.5 shrink-0">
+                        <Button icon="pi pi-check" severity="primary" size="small" class="h-7 w-7" v-tooltip.top="'Salvar'" :loading="api.saving.value" @click="saveEdit(phone)" />
+                        <Button icon="pi pi-times" severity="secondary" text size="small" class="h-7 w-7" v-tooltip.top="'Cancelar'" :disabled="api.saving.value" @click="cancelEdit" />
+                    </div>
+                </template>
+            </div>
+        </div>
+
+        <!-- Formulário de nova linha -->
+        <div v-if="showAddForm" class="flex flex-col gap-2 p-2 rounded-md border border-dashed border-[var(--primary-color)]/50 bg-[var(--primary-color)]/5">
+            <div class="flex items-center gap-1.5 flex-wrap">
+                <Select
+                    v-model="newForm.contact_type_id"
+                    :options="api.types.value"
+                    optionLabel="name"
+                    optionValue="id"
+                    class="text-xs"
+                    style="width: 140px"
+                    appendTo="body"
+                >
+                    <template #option="slotProps">
+                        <div class="flex items-center gap-1.5">
+                            <i :class="slotProps.option.icon || 'pi pi-phone'" class="text-xs" />
+                            <span>{{ slotProps.option.name }}</span>
+                        </div>
+                    </template>
+                </Select>
+                <InputMask
+                    v-model="newForm.number"
+                    :mask="maskForType(newForm.contact_type_id)"
+                    class="flex-1 text-sm font-mono"
+                    style="min-width: 140px"
+                    autofocus
+                />
+            </div>
+            <InputText
+                v-model="newForm.notes"
+                placeholder="Observação (opcional)"
+                class="w-full text-xs"
+                :maxlength="200"
+            />
+            <div class="flex items-center gap-1 justify-end">
+                <Button label="Cancelar" severity="secondary" text size="small" :disabled="api.saving.value" @click="cancelAddForm" />
+                <Button
+                    label="Adicionar"
+                    icon="pi pi-check"
+                    size="small"
+                    :loading="api.saving.value"
+                    :disabled="!newForm.contact_type_id || !newForm.number.trim()"
+                    @click="submitAddForm"
+                />
+            </div>
+        </div>
+
+        <!-- Botão + -->
+        <Button
+            v-if="!readonly && !showAddForm"
+            label="Adicionar telefone"
+            icon="pi pi-plus"
+            severity="secondary"
+            outlined
+            size="small"
+            class="self-start rounded-full"
+            :disabled="!props.entityId"
+            v-tooltip.right="!props.entityId ? 'Salve o cadastro primeiro pra adicionar telefones' : null"
+            @click="openAddForm"
+        />
+    </div>
+</template>
diff --git a/src/components/ui/PatientCadastroDialog.vue b/src/components/ui/PatientCadastroDialog.vue
index e6c8905..4a3fec0 100644
--- a/src/components/ui/PatientCadastroDialog.vue
+++ b/src/components/ui/PatientCadastroDialog.vue
@@ -116,6 +116,32 @@ async function onCreated(data) {
                         @click="pageRef?.fillRandomPatient?.()"
                     />
 
+                    <!-- Conversar no WhatsApp (só em edição) -->
+                    <Button
+                        v-if="patientId"
+                        icon="pi pi-whatsapp"
+                        severity="success"
+                        outlined
+                        size="small"
+                        class="rounded-full"
+                        :disabled="pageRef?.saving?.value || pageRef?.deleting?.value"
+                        title="Conversar no WhatsApp"
+                        @click="pageRef?.goToConversation?.(); isOpen = false;"
+                    />
+
+                    <!-- Exportar LGPD (só em edição) -->
+                    <Button
+                        v-if="patientId"
+                        icon="pi pi-shield"
+                        severity="secondary"
+                        outlined
+                        size="small"
+                        class="rounded-full"
+                        :disabled="pageRef?.saving?.value || pageRef?.deleting?.value"
+                        title="Exportar dados do paciente (LGPD)"
+                        @click="pageRef?.openLgpdDialog?.()"
+                    />
+
                     <!-- Excluir (só em edição) -->
                     <Button
                         v-if="patientId"
diff --git a/src/composables/useAddonExtrato.js b/src/composables/useAddonExtrato.js
new file mode 100644
index 0000000..952e27c
--- /dev/null
+++ b/src/composables/useAddonExtrato.js
@@ -0,0 +1,209 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Tecnologia aplicada à escuta.
+| Estrutura para o cuidado.
+|
+| Arquivo: src/composables/useAddonExtrato.js
+| Data: 2026
+| Local: São Carlos/SP — Brasil
+|--------------------------------------------------------------------------
+| © 2026 — Todos os direitos reservados
+|--------------------------------------------------------------------------
+*/
+
+import { ref, computed } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+// ─── helpers de período ─────────────────────────────────────────────────────
+
+function startOfDay(d) {
+    const x = new Date(d);
+    x.setHours(0, 0, 0, 0);
+    return x;
+}
+
+function endOfDay(d) {
+    const x = new Date(d);
+    x.setHours(23, 59, 59, 999);
+    return x;
+}
+
+function resolveDateRange(preset, customRange) {
+    const now = new Date();
+    if (preset === 'thisMonth') {
+        const start = new Date(now.getFullYear(), now.getMonth(), 1);
+        return { from: startOfDay(start), to: endOfDay(now) };
+    }
+    if (preset === 'lastMonth') {
+        const start = new Date(now.getFullYear(), now.getMonth() - 1, 1);
+        const end = new Date(now.getFullYear(), now.getMonth(), 0);
+        return { from: startOfDay(start), to: endOfDay(end) };
+    }
+    if (preset === 'last90') {
+        const start = new Date(now);
+        start.setDate(start.getDate() - 90);
+        return { from: startOfDay(start), to: endOfDay(now) };
+    }
+    if (preset === 'custom' && Array.isArray(customRange) && customRange[0] && customRange[1]) {
+        return { from: startOfDay(customRange[0]), to: endOfDay(customRange[1]) };
+    }
+    // fallback: thisMonth
+    const start = new Date(now.getFullYear(), now.getMonth(), 1);
+    return { from: startOfDay(start), to: endOfDay(now) };
+}
+
+// ─── sanitização de busca ───────────────────────────────────────────────────
+
+function sanitizeSearch(raw) {
+    if (typeof raw !== 'string') return '';
+    const trimmed = raw.trim();
+    if (!trimmed) return '';
+    // limite defensivo para não enviar termos absurdos pro client-side filter
+    return trimmed.slice(0, 120).toLowerCase();
+}
+
+// ─── composable ─────────────────────────────────────────────────────────────
+
+export function useAddonExtrato() {
+    const tenantStore = useTenantStore();
+
+    const transactions = ref([]);
+    const balances = ref({}); // { sms: {balance, total_purchased, total_consumed}, ... }
+    const loading = ref(false);
+    const error = ref(null);
+
+    const filters = ref({
+        periodPreset: 'thisMonth',
+        customRange: null, // [Date, Date]
+        addonTypes: [], // [] = todos
+        movementTypes: [], // [] = todos
+        search: ''
+    });
+
+    const dateRange = computed(() => resolveDateRange(filters.value.periodPreset, filters.value.customRange));
+
+    async function load() {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) {
+            transactions.value = [];
+            error.value = new Error('Tenant ativo inválido.');
+            return;
+        }
+
+        loading.value = true;
+        error.value = null;
+
+        try {
+            const { from, to } = dateRange.value;
+
+            let query = supabase
+                .from('addon_transactions')
+                .select('id, created_at, addon_type, type, amount, balance_before, balance_after, description, payment_method, payment_reference, price_cents, currency, queue_id')
+                .eq('tenant_id', tenantId)
+                .gte('created_at', from.toISOString())
+                .lte('created_at', to.toISOString())
+                .order('created_at', { ascending: false })
+                .limit(5000);
+
+            if (filters.value.addonTypes.length > 0) {
+                query = query.in('addon_type', filters.value.addonTypes);
+            }
+            if (filters.value.movementTypes.length > 0) {
+                query = query.in('type', filters.value.movementTypes);
+            }
+
+            const { data, error: qErr } = await query;
+            if (qErr) throw qErr;
+            transactions.value = data ?? [];
+        } catch (err) {
+            error.value = err;
+            transactions.value = [];
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    async function loadBalances() {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) {
+            balances.value = {};
+            return;
+        }
+        const { data } = await supabase
+            .from('addon_credits')
+            .select('addon_type, balance, total_purchased, total_consumed, low_balance_threshold, expires_at')
+            .eq('tenant_id', tenantId)
+            .eq('is_active', true);
+        const map = {};
+        for (const c of data ?? []) map[c.addon_type] = c;
+        balances.value = map;
+    }
+
+    // filtro client-side de busca textual (sobre server-side result)
+    const rows = computed(() => {
+        const q = sanitizeSearch(filters.value.search);
+        if (!q) return transactions.value;
+        return transactions.value.filter((r) => {
+            const ref = (r.payment_reference || '').toLowerCase();
+            const desc = (r.description || '').toLowerCase();
+            const method = (r.payment_method || '').toLowerCase();
+            return ref.includes(q) || desc.includes(q) || method.includes(q);
+        });
+    });
+
+    const summary = computed(() => {
+        let purchasedCredits = 0;
+        let purchasedCents = 0;
+        let consumedCredits = 0;
+        let adjustedCredits = 0;
+        let refundedCredits = 0;
+
+        for (const r of rows.value) {
+            const amt = Number(r.amount) || 0;
+            switch (r.type) {
+                case 'purchase':
+                    purchasedCredits += Math.abs(amt);
+                    purchasedCents += Number(r.price_cents) || 0;
+                    break;
+                case 'consumption':
+                    consumedCredits += Math.abs(amt);
+                    break;
+                case 'adjustment':
+                    adjustedCredits += amt; // mantém sinal
+                    break;
+                case 'refund':
+                    refundedCredits += Math.abs(amt);
+                    break;
+                default:
+                    break;
+            }
+        }
+
+        return {
+            purchasedCredits,
+            purchasedCents,
+            consumedCredits,
+            adjustedCredits,
+            refundedCredits,
+            totalRows: rows.value.length
+        };
+    });
+
+    return {
+        transactions,
+        rows,
+        balances,
+        filters,
+        dateRange,
+        loading,
+        error,
+        summary,
+        load,
+        loadBalances
+    };
+}
diff --git a/src/composables/useAuditoria.js b/src/composables/useAuditoria.js
new file mode 100644
index 0000000..966cf57
--- /dev/null
+++ b/src/composables/useAuditoria.js
@@ -0,0 +1,206 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Tecnologia aplicada à escuta.
+| Estrutura para o cuidado.
+|
+| Arquivo: src/composables/useAuditoria.js
+| Data: 2026
+| Local: São Carlos/SP — Brasil
+|--------------------------------------------------------------------------
+| © 2026 — Todos os direitos reservados
+|--------------------------------------------------------------------------
+*/
+
+import { ref, computed } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+// ─── helpers ────────────────────────────────────────────────────────────────
+
+function startOfDay(d) {
+    const x = new Date(d);
+    x.setHours(0, 0, 0, 0);
+    return x;
+}
+
+function endOfDay(d) {
+    const x = new Date(d);
+    x.setHours(23, 59, 59, 999);
+    return x;
+}
+
+function resolveDateRange(preset, customRange) {
+    const now = new Date();
+    if (preset === 'today') {
+        return { from: startOfDay(now), to: endOfDay(now) };
+    }
+    if (preset === 'last7') {
+        const start = new Date(now);
+        start.setDate(start.getDate() - 6);
+        return { from: startOfDay(start), to: endOfDay(now) };
+    }
+    if (preset === 'last30') {
+        const start = new Date(now);
+        start.setDate(start.getDate() - 29);
+        return { from: startOfDay(start), to: endOfDay(now) };
+    }
+    if (preset === 'last90') {
+        const start = new Date(now);
+        start.setDate(start.getDate() - 89);
+        return { from: startOfDay(start), to: endOfDay(now) };
+    }
+    if (preset === 'custom' && Array.isArray(customRange) && customRange[0] && customRange[1]) {
+        return { from: startOfDay(customRange[0]), to: endOfDay(customRange[1]) };
+    }
+    const start = new Date(now);
+    start.setDate(start.getDate() - 6);
+    return { from: startOfDay(start), to: endOfDay(now) };
+}
+
+function sanitizeSearch(raw) {
+    if (typeof raw !== 'string') return '';
+    return raw.trim().slice(0, 120).toLowerCase();
+}
+
+// ─── composable ─────────────────────────────────────────────────────────────
+
+export function useAuditoria() {
+    const tenantStore = useTenantStore();
+
+    const events = ref([]);
+    const usersMap = ref({}); // { uid: { email, display_name } }
+    const loading = ref(false);
+    const error = ref(null);
+
+    const filters = ref({
+        periodPreset: 'last7',
+        customRange: null,
+        sources: [], // [] = todas
+        entityTypes: [], // [] = todos
+        actions: [], // [] = todas
+        userId: null,
+        search: ''
+    });
+
+    const dateRange = computed(() => resolveDateRange(filters.value.periodPreset, filters.value.customRange));
+
+    async function load() {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) {
+            events.value = [];
+            error.value = new Error('Tenant ativo inválido.');
+            return;
+        }
+
+        loading.value = true;
+        error.value = null;
+
+        try {
+            const { from, to } = dateRange.value;
+
+            let query = supabase
+                .from('audit_log_unified')
+                .select('uid, tenant_id, user_id, entity_type, entity_id, action, description, occurred_at, source, details')
+                .eq('tenant_id', tenantId)
+                .gte('occurred_at', from.toISOString())
+                .lte('occurred_at', to.toISOString())
+                .order('occurred_at', { ascending: false })
+                .limit(5000);
+
+            if (filters.value.sources.length > 0) {
+                query = query.in('source', filters.value.sources);
+            }
+            if (filters.value.entityTypes.length > 0) {
+                query = query.in('entity_type', filters.value.entityTypes);
+            }
+            if (filters.value.actions.length > 0) {
+                query = query.in('action', filters.value.actions);
+            }
+            if (filters.value.userId) {
+                query = query.eq('user_id', filters.value.userId);
+            }
+
+            const { data, error: qErr } = await query;
+            if (qErr) throw qErr;
+            events.value = data ?? [];
+
+            await resolveUserNames();
+        } catch (err) {
+            error.value = err;
+            events.value = [];
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    async function resolveUserNames() {
+        const uids = [...new Set(events.value.map((e) => e.user_id).filter(Boolean))];
+        const unknown = uids.filter((u) => !usersMap.value[u]);
+        if (!unknown.length) return;
+
+        const { data } = await supabase.from('profiles').select('id, full_name, nickname').in('id', unknown);
+
+        const next = { ...usersMap.value };
+        for (const u of unknown) next[u] = { email: '', display_name: '' };
+        for (const p of data ?? []) {
+            next[p.id] = { email: '', display_name: p.full_name || p.nickname || '' };
+        }
+        usersMap.value = next;
+    }
+
+    function userDisplay(userId) {
+        if (!userId) return 'Sistema';
+        const u = usersMap.value[userId];
+        if (!u) return 'Usuário desconhecido';
+        return u.display_name || u.email || userId.slice(0, 8);
+    }
+
+    // filtro client-side: busca textual
+    const rows = computed(() => {
+        const q = sanitizeSearch(filters.value.search);
+        if (!q) return events.value;
+        return events.value.filter((e) => {
+            const desc = (e.description || '').toLowerCase();
+            const entity = (e.entity_type || '').toLowerCase();
+            const action = (e.action || '').toLowerCase();
+            const src = (e.source || '').toLowerCase();
+            const user = userDisplay(e.user_id).toLowerCase();
+            return desc.includes(q) || entity.includes(q) || action.includes(q) || src.includes(q) || user.includes(q);
+        });
+    });
+
+    const summary = computed(() => {
+        const bySource = {};
+        const byAction = {};
+        const byUser = new Set();
+
+        for (const e of rows.value) {
+            bySource[e.source] = (bySource[e.source] || 0) + 1;
+            byAction[e.action] = (byAction[e.action] || 0) + 1;
+            if (e.user_id) byUser.add(e.user_id);
+        }
+
+        return {
+            totalRows: rows.value.length,
+            bySource,
+            byAction,
+            distinctUsers: byUser.size
+        };
+    });
+
+    return {
+        events,
+        rows,
+        filters,
+        dateRange,
+        loading,
+        error,
+        summary,
+        userDisplay,
+        load
+    };
+}
diff --git a/src/composables/useAutoReplySettings.js b/src/composables/useAutoReplySettings.js
new file mode 100644
index 0000000..8b6d5e1
--- /dev/null
+++ b/src/composables/useAutoReplySettings.js
@@ -0,0 +1,127 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Arquivo: src/composables/useAutoReplySettings.js
+| Data: 2026-04-21
+|
+| Settings de auto-reply fora do horário (CRM Grupo 2.3).
+|--------------------------------------------------------------------------
+*/
+
+import { ref } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+const DEFAULT_SETTINGS = {
+    enabled: false,
+    message: 'Olá! Nosso horário de atendimento acabou. Retornaremos sua mensagem assim que possível. Obrigado!',
+    cooldown_minutes: 180,
+    schedule_mode: 'agenda',
+    business_hours: [],
+    custom_window: []
+};
+
+export function useAutoReplySettings() {
+    const tenantStore = useTenantStore();
+
+    const settings = ref({ ...DEFAULT_SETTINGS });
+    const loading = ref(false);
+    const saving = ref(false);
+    const error = ref(null);
+    const lastLoadedAt = ref(null);
+
+    async function load() {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) return;
+        loading.value = true;
+        error.value = null;
+        try {
+            const { data, error: err } = await supabase
+                .from('conversation_autoreply_settings')
+                .select('enabled, message, cooldown_minutes, schedule_mode, business_hours, custom_window')
+                .eq('tenant_id', tenantId)
+                .maybeSingle();
+            if (err) throw err;
+            if (data) {
+                settings.value = {
+                    enabled: !!data.enabled,
+                    message: data.message ?? DEFAULT_SETTINGS.message,
+                    cooldown_minutes: Number(data.cooldown_minutes ?? DEFAULT_SETTINGS.cooldown_minutes),
+                    schedule_mode: data.schedule_mode ?? 'agenda',
+                    business_hours: Array.isArray(data.business_hours) ? data.business_hours : [],
+                    custom_window: Array.isArray(data.custom_window) ? data.custom_window : []
+                };
+            } else {
+                settings.value = { ...DEFAULT_SETTINGS, business_hours: [], custom_window: [] };
+            }
+            lastLoadedAt.value = new Date().toISOString();
+        } catch (e) {
+            error.value = e?.message || 'Falha ao carregar settings';
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    async function save(partial = null) {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) return { ok: false, error: 'no_tenant' };
+        const payload = partial ? { ...settings.value, ...partial } : { ...settings.value };
+
+        // Sanitização básica
+        payload.message = String(payload.message || '').trim().slice(0, 2000);
+        if (!payload.message) return { ok: false, error: 'mensagem vazia' };
+        payload.cooldown_minutes = Math.max(0, Math.min(43200, Number(payload.cooldown_minutes) || 0));
+        if (!['agenda', 'business_hours', 'custom'].includes(payload.schedule_mode)) {
+            payload.schedule_mode = 'agenda';
+        }
+        payload.business_hours = Array.isArray(payload.business_hours) ? payload.business_hours : [];
+        payload.custom_window = Array.isArray(payload.custom_window) ? payload.custom_window : [];
+
+        saving.value = true;
+        try {
+            const { error: err } = await supabase
+                .from('conversation_autoreply_settings')
+                .upsert({ tenant_id: tenantId, ...payload }, { onConflict: 'tenant_id' });
+            if (err) throw err;
+            settings.value = payload;
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'Falha ao salvar' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    // Busca a agenda_regras_semanais do tenant — pra mostrar preview "seguindo agenda"
+    async function loadAgendaWindows() {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) return [];
+        try {
+            const { data } = await supabase
+                .from('agenda_regras_semanais')
+                .select('dia_semana, hora_inicio, hora_fim, ativo')
+                .eq('tenant_id', tenantId)
+                .eq('ativo', true)
+                .order('dia_semana');
+            return (data || []).map((r) => ({
+                dow: r.dia_semana,
+                start: String(r.hora_inicio).slice(0, 5),
+                end: String(r.hora_fim).slice(0, 5)
+            }));
+        } catch {
+            return [];
+        }
+    }
+
+    return {
+        settings,
+        loading,
+        saving,
+        error,
+        lastLoadedAt,
+        load,
+        save,
+        loadAgendaWindows
+    };
+}
diff --git a/src/composables/useClinicKPIs.js b/src/composables/useClinicKPIs.js
new file mode 100644
index 0000000..5ae0ae6
--- /dev/null
+++ b/src/composables/useClinicKPIs.js
@@ -0,0 +1,239 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Tecnologia aplicada à escuta.
+| Estrutura para o cuidado.
+|
+| Arquivo: src/composables/useClinicKPIs.js
+| Data: 2026
+| Local: São Carlos/SP — Brasil
+|--------------------------------------------------------------------------
+| © 2026 — Todos os direitos reservados
+|--------------------------------------------------------------------------
+*/
+
+import { ref, computed } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+function startOfMonth(d = new Date()) {
+    return new Date(d.getFullYear(), d.getMonth(), 1, 0, 0, 0, 0);
+}
+
+function endOfMonth(d = new Date()) {
+    return new Date(d.getFullYear(), d.getMonth() + 1, 0, 23, 59, 59, 999);
+}
+
+function addMonths(d, n) {
+    return new Date(d.getFullYear(), d.getMonth() + n, 1);
+}
+
+function monthLabel(d) {
+    return d.toLocaleDateString('pt-BR', { month: 'short', year: '2-digit' });
+}
+
+export function useClinicKPIs() {
+    const tenantStore = useTenantStore();
+
+    const loading = ref(false);
+    const error = ref(null);
+
+    // totais do mês corrente
+    const mrrCurrentCents = ref(0); // receita recebida no mês
+    const overdueCents = ref(0);
+    const overdueCount = ref(0);
+    const pendingCents = ref(0);
+
+    // pacientes
+    const activePatients = ref(0);
+    const inactivePatients = ref(0);
+    const totalPatients = ref(0);
+
+    // sessões
+    const sessionsDone = ref(0);
+    const sessionsCancelled = ref(0);
+    const sessionsNoShow = ref(0);
+    const sessionsScheduled = ref(0);
+
+    // receita últimos 6 meses
+    const revenueSeries = ref([]); // [{ label, received, due }]
+
+    // top 5 pacientes (por valor recebido últimos 6 meses)
+    const topPatients = ref([]); // [{ patient_id, nome_completo, total }]
+
+    async function load() {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) {
+            error.value = new Error('Tenant ativo inválido');
+            return;
+        }
+
+        loading.value = true;
+        error.value = null;
+
+        const now = new Date();
+        const monthStart = startOfMonth(now).toISOString();
+        const monthEnd = endOfMonth(now).toISOString();
+        const sixMonthsAgo = startOfMonth(addMonths(now, -5)).toISOString();
+
+        try {
+            const [finRes, pendRes, patRes, eventRes, finSeriesRes] = await Promise.all([
+                // 1) financial_records PAGO no mês (para MRR)
+                supabase
+                    .from('financial_records')
+                    .select('final_amount, patient_id')
+                    .eq('tenant_id', tenantId)
+                    .eq('status', 'paid')
+                    .gte('paid_at', monthStart)
+                    .lte('paid_at', monthEnd),
+
+                // 2) financial_records pending/overdue (qualquer data)
+                supabase
+                    .from('financial_records')
+                    .select('status, final_amount')
+                    .eq('tenant_id', tenantId)
+                    .in('status', ['pending', 'overdue']),
+
+                // 3) patients por status
+                supabase
+                    .from('patients')
+                    .select('status')
+                    .eq('tenant_id', tenantId),
+
+                // 4) eventos de agenda no mês (para realizado/cancelado/faltou)
+                supabase
+                    .from('agenda_eventos')
+                    .select('status, tipo')
+                    .eq('tenant_id', tenantId)
+                    .gte('inicio_em', monthStart)
+                    .lte('inicio_em', monthEnd)
+                    .neq('tipo', 'bloqueio'),
+
+                // 5) financial_records pagos últimos 6 meses (série + top pacientes)
+                supabase
+                    .from('financial_records')
+                    .select('final_amount, paid_at, patient_id, patients!patient_id(nome_completo)')
+                    .eq('tenant_id', tenantId)
+                    .eq('status', 'paid')
+                    .gte('paid_at', sixMonthsAgo)
+                    .lte('paid_at', monthEnd)
+            ]);
+
+            if (finRes.error) throw finRes.error;
+            if (pendRes.error) throw pendRes.error;
+            if (patRes.error) throw patRes.error;
+            if (eventRes.error) throw eventRes.error;
+            if (finSeriesRes.error) throw finSeriesRes.error;
+
+            // MRR do mês (em centavos ou reais? seguindo financial_records.amount está em number/int; tratar como BRL)
+            mrrCurrentCents.value = 0;
+            for (const r of finRes.data ?? []) {
+                mrrCurrentCents.value += Number(r.final_amount) || 0;
+            }
+
+            // pending / overdue
+            overdueCents.value = 0;
+            overdueCount.value = 0;
+            pendingCents.value = 0;
+            for (const r of pendRes.data ?? []) {
+                const v = Number(r.final_amount) || 0;
+                if (r.status === 'overdue') {
+                    overdueCents.value += v;
+                    overdueCount.value += 1;
+                } else if (r.status === 'pending') {
+                    pendingCents.value += v;
+                }
+            }
+
+            // pacientes
+            totalPatients.value = (patRes.data ?? []).length;
+            activePatients.value = 0;
+            inactivePatients.value = 0;
+            for (const p of patRes.data ?? []) {
+                if (p.status === 'Ativo') activePatients.value += 1;
+                else if (p.status === 'Inativo' || p.status === 'Arquivado') inactivePatients.value += 1;
+            }
+
+            // sessões
+            sessionsDone.value = 0;
+            sessionsCancelled.value = 0;
+            sessionsNoShow.value = 0;
+            sessionsScheduled.value = 0;
+            for (const ev of eventRes.data ?? []) {
+                sessionsScheduled.value += 1;
+                if (ev.status === 'realizado') sessionsDone.value += 1;
+                else if (ev.status === 'cancelado') sessionsCancelled.value += 1;
+                else if (ev.status === 'faltou') sessionsNoShow.value += 1;
+            }
+
+            // série 6 meses + top 5 pacientes
+            const monthBuckets = {};
+            for (let i = 5; i >= 0; i--) {
+                const d = startOfMonth(addMonths(now, -i));
+                const key = `${d.getFullYear()}-${String(d.getMonth() + 1).padStart(2, '0')}`;
+                monthBuckets[key] = { label: monthLabel(d), received: 0 };
+            }
+            const patientTotals = new Map();
+
+            for (const r of finSeriesRes.data ?? []) {
+                if (!r.paid_at) continue;
+                const d = new Date(r.paid_at);
+                const key = `${d.getFullYear()}-${String(d.getMonth() + 1).padStart(2, '0')}`;
+                const v = Number(r.final_amount) || 0;
+                if (monthBuckets[key]) {
+                    monthBuckets[key].received += v;
+                }
+                if (r.patient_id) {
+                    const prev = patientTotals.get(r.patient_id) || { nome: r.patients?.nome_completo || '—', total: 0 };
+                    patientTotals.set(r.patient_id, { nome: prev.nome, total: prev.total + v });
+                }
+            }
+
+            revenueSeries.value = Object.values(monthBuckets);
+
+            topPatients.value = [...patientTotals.entries()]
+                .map(([patient_id, v]) => ({ patient_id, nome_completo: v.nome, total: v.total }))
+                .sort((a, b) => b.total - a.total)
+                .slice(0, 5);
+        } catch (err) {
+            error.value = err;
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    const avgTicket = computed(() => {
+        if (sessionsDone.value === 0) return 0;
+        return mrrCurrentCents.value / sessionsDone.value;
+    });
+
+    const noShowRate = computed(() => {
+        const closed = sessionsDone.value + sessionsCancelled.value + sessionsNoShow.value;
+        if (closed === 0) return null;
+        return Math.round((sessionsNoShow.value / closed) * 100);
+    });
+
+    return {
+        loading,
+        error,
+        mrrCurrentCents,
+        overdueCents,
+        overdueCount,
+        pendingCents,
+        activePatients,
+        inactivePatients,
+        totalPatients,
+        sessionsDone,
+        sessionsCancelled,
+        sessionsNoShow,
+        sessionsScheduled,
+        avgTicket,
+        noShowRate,
+        revenueSeries,
+        topPatients,
+        load
+    };
+}
diff --git a/src/composables/useContactEmails.js b/src/composables/useContactEmails.js
new file mode 100644
index 0000000..1e41693
--- /dev/null
+++ b/src/composables/useContactEmails.js
@@ -0,0 +1,185 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Arquivo: src/composables/useContactEmails.js
+| Data: 2026-04-21
+|
+| Gerenciamento polimórfico de emails (patients, medicos, etc).
+|--------------------------------------------------------------------------
+*/
+
+import { ref } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+const EMAIL_RE = /^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}$/i;
+
+function normalizeEmail(raw) {
+    return String(raw || '').trim().toLowerCase();
+}
+
+export function useContactEmails() {
+    const tenantStore = useTenantStore();
+
+    const types = ref([]);
+    const emails = ref([]);
+    const loading = ref(false);
+    const saving = ref(false);
+
+    async function loadTypes() {
+        try {
+            const { data } = await supabase
+                .from('contact_email_types')
+                .select('id, tenant_id, name, slug, icon, is_system, position')
+                .order('position', { ascending: true })
+                .order('name', { ascending: true });
+            types.value = data || [];
+        } catch (e) {
+            console.error('[useContactEmails] loadTypes:', e?.message);
+            types.value = [];
+        }
+    }
+
+    async function loadEmails(entityType, entityId) {
+        if (!entityType || !entityId) {
+            emails.value = [];
+            return;
+        }
+        loading.value = true;
+        try {
+            const { data, error } = await supabase
+                .from('contact_emails')
+                .select('id, contact_email_type_id, email, is_primary, notes, position, created_at')
+                .eq('entity_type', entityType)
+                .eq('entity_id', entityId)
+                .order('is_primary', { ascending: false })
+                .order('position', { ascending: true });
+            if (error) throw error;
+            emails.value = data || [];
+        } catch (e) {
+            console.error('[useContactEmails] loadEmails:', e?.message);
+            emails.value = [];
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    async function unsetOtherPrimaries(entityType, entityId, exceptId = null) {
+        const q = supabase
+            .from('contact_emails')
+            .update({ is_primary: false })
+            .eq('entity_type', entityType)
+            .eq('entity_id', entityId)
+            .eq('is_primary', true);
+        if (exceptId) q.neq('id', exceptId);
+        await q;
+    }
+
+    async function addEmail(entityType, entityId, { contact_email_type_id, email, is_primary = false, notes = null }) {
+        const tenantId = tenantStore.activeTenantId;
+        const clean = normalizeEmail(email);
+        if (!tenantId || !entityType || !entityId) return { ok: false, error: 'invalid_context' };
+        if (!contact_email_type_id) return { ok: false, error: 'Tipo obrigatório' };
+        if (!clean || !EMAIL_RE.test(clean)) return { ok: false, error: 'Email inválido' };
+
+        saving.value = true;
+        try {
+            if (is_primary) {
+                await unsetOtherPrimaries(entityType, entityId);
+            } else if (emails.value.length === 0) {
+                is_primary = true;
+            }
+
+            const maxPos = emails.value.reduce((m, e) => Math.max(m, e.position || 0), 0);
+            const { data, error } = await supabase
+                .from('contact_emails')
+                .insert({
+                    tenant_id: tenantId,
+                    entity_type: entityType,
+                    entity_id: entityId,
+                    contact_email_type_id,
+                    email: clean,
+                    is_primary,
+                    notes,
+                    position: maxPos + 10
+                })
+                .select()
+                .single();
+            if (error) throw error;
+            await loadEmails(entityType, entityId);
+            return { ok: true, email: data };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'add_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    async function updateEmail(entityType, entityId, id, patch) {
+        saving.value = true;
+        try {
+            const sanitized = { ...patch };
+            if (sanitized.email !== undefined) {
+                sanitized.email = normalizeEmail(sanitized.email);
+                if (!sanitized.email || !EMAIL_RE.test(sanitized.email)) {
+                    return { ok: false, error: 'Email inválido' };
+                }
+            }
+            if (sanitized.is_primary === true) {
+                await unsetOtherPrimaries(entityType, entityId, id);
+            }
+            const { error } = await supabase.from('contact_emails').update(sanitized).eq('id', id);
+            if (error) throw error;
+            await loadEmails(entityType, entityId);
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'update_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    async function removeEmail(entityType, entityId, id) {
+        saving.value = true;
+        try {
+            const wasPrimary = emails.value.find((e) => e.id === id)?.is_primary;
+            const { error } = await supabase.from('contact_emails').delete().eq('id', id);
+            if (error) throw error;
+            if (wasPrimary) {
+                const remaining = emails.value.filter((e) => e.id !== id).sort((a, b) => (a.position || 0) - (b.position || 0));
+                if (remaining.length > 0) {
+                    await supabase.from('contact_emails').update({ is_primary: true }).eq('id', remaining[0].id);
+                }
+            }
+            await loadEmails(entityType, entityId);
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'remove_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    async function setPrimary(entityType, entityId, id) {
+        return updateEmail(entityType, entityId, id, { is_primary: true });
+    }
+
+    function typeBySlug(slug) { return types.value.find((t) => t.slug === slug); }
+    function typeById(id) { return types.value.find((t) => t.id === id); }
+
+    return {
+        types,
+        emails,
+        loading,
+        saving,
+        loadTypes,
+        loadEmails,
+        addEmail,
+        updateEmail,
+        removeEmail,
+        setPrimary,
+        typeBySlug,
+        typeById
+    };
+}
diff --git a/src/composables/useContactPhones.js b/src/composables/useContactPhones.js
new file mode 100644
index 0000000..b2727f5
--- /dev/null
+++ b/src/composables/useContactPhones.js
@@ -0,0 +1,199 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Arquivo: src/composables/useContactPhones.js
+| Data: 2026-04-21
+|
+| Gerenciamento polimórfico de telefones (patients, medicos, etc).
+|--------------------------------------------------------------------------
+*/
+
+import { ref } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+function normalizeDigits(raw) {
+    return String(raw || '').replace(/\D/g, '');
+}
+
+export function useContactPhones() {
+    const tenantStore = useTenantStore();
+
+    const types = ref([]);        // contact_types (system + custom do tenant)
+    const phones = ref([]);       // contact_phones da entidade atual
+    const loading = ref(false);
+    const saving = ref(false);
+
+    async function loadTypes() {
+        try {
+            const { data } = await supabase
+                .from('contact_types')
+                .select('id, tenant_id, name, slug, icon, is_mobile, is_system, position')
+                .order('position', { ascending: true })
+                .order('name', { ascending: true });
+            types.value = data || [];
+        } catch (e) {
+            console.error('[useContactPhones] loadTypes:', e?.message);
+            types.value = [];
+        }
+    }
+
+    async function loadPhones(entityType, entityId) {
+        if (!entityType || !entityId) {
+            phones.value = [];
+            return;
+        }
+        loading.value = true;
+        try {
+            const { data, error } = await supabase
+                .from('contact_phones')
+                .select('id, contact_type_id, number, is_primary, whatsapp_linked_at, notes, position, created_at')
+                .eq('entity_type', entityType)
+                .eq('entity_id', entityId)
+                .order('is_primary', { ascending: false })
+                .order('position', { ascending: true });
+            if (error) throw error;
+            phones.value = data || [];
+        } catch (e) {
+            console.error('[useContactPhones] loadPhones:', e?.message);
+            phones.value = [];
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    // Ensure só 1 primary por entidade — seta outros pra false antes de inserir/atualizar
+    async function unsetOtherPrimaries(entityType, entityId, exceptId = null) {
+        const q = supabase
+            .from('contact_phones')
+            .update({ is_primary: false })
+            .eq('entity_type', entityType)
+            .eq('entity_id', entityId)
+            .eq('is_primary', true);
+        if (exceptId) q.neq('id', exceptId);
+        await q;
+    }
+
+    async function addPhone(entityType, entityId, { contact_type_id, number, is_primary = false, whatsapp_linked_at = null, notes = null }) {
+        const tenantId = tenantStore.activeTenantId;
+        const digits = normalizeDigits(number);
+        if (!tenantId || !entityType || !entityId) return { ok: false, error: 'invalid_context' };
+        if (!contact_type_id) return { ok: false, error: 'Tipo de contato obrigatório' };
+        if (!digits || digits.length < 8 || digits.length > 15) return { ok: false, error: 'Telefone inválido' };
+
+        saving.value = true;
+        try {
+            // Se marcou como primary, desmarca outros
+            if (is_primary) {
+                await unsetOtherPrimaries(entityType, entityId);
+            } else if (phones.value.length === 0) {
+                // Primeiro telefone → vira primary automaticamente
+                is_primary = true;
+            }
+
+            const maxPos = phones.value.reduce((m, p) => Math.max(m, p.position || 0), 0);
+            const { data, error } = await supabase
+                .from('contact_phones')
+                .insert({
+                    tenant_id: tenantId,
+                    entity_type: entityType,
+                    entity_id: entityId,
+                    contact_type_id,
+                    number: digits,
+                    is_primary,
+                    whatsapp_linked_at,
+                    notes,
+                    position: maxPos + 10
+                })
+                .select()
+                .single();
+            if (error) throw error;
+            await loadPhones(entityType, entityId);
+            return { ok: true, phone: data };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'add_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    async function updatePhone(entityType, entityId, id, patch) {
+        saving.value = true;
+        try {
+            const sanitized = { ...patch };
+            if (sanitized.number !== undefined) sanitized.number = normalizeDigits(sanitized.number);
+            if (sanitized.number && (sanitized.number.length < 8 || sanitized.number.length > 15)) {
+                return { ok: false, error: 'Telefone inválido' };
+            }
+
+            if (sanitized.is_primary === true) {
+                await unsetOtherPrimaries(entityType, entityId, id);
+            }
+
+            const { error } = await supabase
+                .from('contact_phones')
+                .update(sanitized)
+                .eq('id', id);
+            if (error) throw error;
+            await loadPhones(entityType, entityId);
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'update_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    async function removePhone(entityType, entityId, id) {
+        saving.value = true;
+        try {
+            const wasPrimary = phones.value.find((p) => p.id === id)?.is_primary;
+            const { error } = await supabase.from('contact_phones').delete().eq('id', id);
+            if (error) throw error;
+
+            // Se removeu o primary, promove o próximo pra primary
+            if (wasPrimary) {
+                const remaining = phones.value.filter((p) => p.id !== id).sort((a, b) => (a.position || 0) - (b.position || 0));
+                if (remaining.length > 0) {
+                    await supabase
+                        .from('contact_phones')
+                        .update({ is_primary: true })
+                        .eq('id', remaining[0].id);
+                }
+            }
+            await loadPhones(entityType, entityId);
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'remove_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    async function setPrimary(entityType, entityId, id) {
+        return updatePhone(entityType, entityId, id, { is_primary: true });
+    }
+
+    function typeBySlug(slug) {
+        return types.value.find((t) => t.slug === slug);
+    }
+    function typeById(id) {
+        return types.value.find((t) => t.id === id);
+    }
+
+    return {
+        types,
+        phones,
+        loading,
+        saving,
+        loadTypes,
+        loadPhones,
+        addPhone,
+        updatePhone,
+        removePhone,
+        setPrimary,
+        typeBySlug,
+        typeById
+    };
+}
diff --git a/src/composables/useConversationAssignment.js b/src/composables/useConversationAssignment.js
new file mode 100644
index 0000000..23fb251
--- /dev/null
+++ b/src/composables/useConversationAssignment.js
@@ -0,0 +1,154 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Arquivo: src/composables/useConversationAssignment.js
+| Data: 2026-04-21
+|
+| Atribuicao de thread de conversa a um terapeuta/membro do tenant.
+| Uma linha por (tenant_id, thread_key). Reatribuir = UPSERT.
+|--------------------------------------------------------------------------
+*/
+
+import { ref } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+export function useConversationAssignment() {
+    const tenantStore = useTenantStore();
+
+    const assignment = ref(null); // { assigned_to, assigned_by, assigned_at, _assignee_name }
+    const members = ref([]);      // lista de membros do tenant (pra Select)
+    const loading = ref(false);
+    const saving = ref(false);
+    const error = ref(null);
+
+    async function loadMembers() {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) { members.value = []; return; }
+        try {
+            const { data, error: err } = await supabase
+                .from('v_tenant_members_with_profiles')
+                .select('user_id, full_name, email, role')
+                .eq('tenant_id', tenantId)
+                .in('role', ['tenant_admin', 'therapist', 'secretary'])
+                .eq('status', 'active')
+                .order('full_name', { ascending: true });
+            if (err) throw err;
+            members.value = (data || []).map((m) => ({
+                user_id: m.user_id,
+                label: m.full_name || m.email || m.user_id,
+                email: m.email,
+                role: m.role
+            }));
+        } catch (e) {
+            error.value = e?.message || 'Falha ao carregar membros';
+            members.value = [];
+        }
+    }
+
+    async function load(threadKey) {
+        if (!threadKey) { assignment.value = null; return; }
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) { assignment.value = null; return; }
+
+        loading.value = true;
+        error.value = null;
+        try {
+            const { data, error: err } = await supabase
+                .from('conversation_assignments')
+                .select('tenant_id, thread_key, patient_id, contact_number, assigned_to, assigned_by, assigned_at')
+                .eq('tenant_id', tenantId)
+                .eq('thread_key', threadKey)
+                .maybeSingle();
+            if (err) throw err;
+
+            if (!data || !data.assigned_to) {
+                assignment.value = data || null;
+                return;
+            }
+
+            // Resolve nome do assignee via membros (se carregado) ou profiles
+            let assigneeName = null;
+            const hit = members.value.find((m) => m.user_id === data.assigned_to);
+            if (hit) assigneeName = hit.label;
+            if (!assigneeName) {
+                const { data: u } = await supabase.from('profiles').select('full_name').eq('id', data.assigned_to).maybeSingle();
+                assigneeName = u?.full_name || null;
+            }
+            assignment.value = { ...data, _assignee_name: assigneeName };
+        } catch (e) {
+            error.value = e?.message || 'Falha ao carregar atribuicao';
+            assignment.value = null;
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    async function assign({ threadKey, patientId = null, contactNumber = null, assignedTo }) {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId || !threadKey) return { ok: false, error: 'invalid_params' };
+
+        saving.value = true;
+        try {
+            const { data: authData } = await supabase.auth.getUser();
+            const userId = authData?.user?.id;
+            if (!userId) return { ok: false, error: 'not_authenticated' };
+
+            const payload = {
+                tenant_id: tenantId,
+                thread_key: threadKey,
+                patient_id: patientId || null,
+                contact_number: contactNumber || null,
+                assigned_to: assignedTo || null,
+                assigned_by: userId,
+                assigned_at: new Date().toISOString()
+            };
+
+            const { data, error: err } = await supabase
+                .from('conversation_assignments')
+                .upsert(payload, { onConflict: 'tenant_id,thread_key' })
+                .select('tenant_id, thread_key, patient_id, contact_number, assigned_to, assigned_by, assigned_at')
+                .single();
+            if (err) throw err;
+
+            let assigneeName = null;
+            if (data.assigned_to) {
+                const hit = members.value.find((m) => m.user_id === data.assigned_to);
+                assigneeName = hit?.label || null;
+                if (!assigneeName) {
+                    const { data: u } = await supabase.from('profiles').select('full_name').eq('id', data.assigned_to).maybeSingle();
+                    assigneeName = u?.full_name || null;
+                }
+            }
+            assignment.value = { ...data, _assignee_name: assigneeName };
+            return { ok: true, assignment: assignment.value };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'assign_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    async function unassign({ threadKey, patientId = null, contactNumber = null }) {
+        return assign({ threadKey, patientId, contactNumber, assignedTo: null });
+    }
+
+    function clear() {
+        assignment.value = null;
+        error.value = null;
+    }
+
+    return {
+        assignment,
+        members,
+        loading,
+        saving,
+        error,
+        loadMembers,
+        load,
+        assign,
+        unassign,
+        clear
+    };
+}
diff --git a/src/composables/useConversationNotes.js b/src/composables/useConversationNotes.js
new file mode 100644
index 0000000..8814598
--- /dev/null
+++ b/src/composables/useConversationNotes.js
@@ -0,0 +1,178 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Arquivo: src/composables/useConversationNotes.js
+| Data: 2026-04-21
+|
+| Notas internas por thread de conversa. Carregadas sob demanda quando o
+| drawer da conversa abre.
+|--------------------------------------------------------------------------
+*/
+
+import { ref, computed } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+function sanitizeBody(raw) {
+    if (typeof raw !== 'string') return '';
+    return raw.trim().slice(0, 4000);
+}
+
+export function useConversationNotes() {
+    const tenantStore = useTenantStore();
+
+    const notes = ref([]);
+    const loading = ref(false);
+    const saving = ref(false);
+    const error = ref(null);
+
+    const count = computed(() => notes.value.length);
+
+    async function load(threadKey) {
+        if (!threadKey) {
+            notes.value = [];
+            return;
+        }
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) {
+            notes.value = [];
+            return;
+        }
+        loading.value = true;
+        error.value = null;
+        try {
+            const { data, error: err } = await supabase
+                .from('conversation_notes')
+                .select('id, thread_key, patient_id, contact_number, body, created_by, created_at, updated_at')
+                .eq('tenant_id', tenantId)
+                .eq('thread_key', threadKey)
+                .is('deleted_at', null)
+                .order('created_at', { ascending: false });
+            if (err) throw err;
+
+            // Busca nomes dos criadores (1 query só)
+            const rows = data || [];
+            const userIds = [...new Set(rows.map((r) => r.created_by).filter(Boolean))];
+            let nameMap = {};
+            if (userIds.length) {
+                const { data: users } = await supabase
+                    .from('profiles')
+                    .select('id, full_name')
+                    .in('id', userIds);
+                nameMap = Object.fromEntries((users || []).map((u) => [u.id, u.full_name || '']));
+            }
+            notes.value = rows.map((r) => ({ ...r, _author_name: nameMap[r.created_by] || null }));
+        } catch (e) {
+            error.value = e?.message || 'Falha ao carregar notas';
+            notes.value = [];
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    async function create({ threadKey, patientId = null, contactNumber = null, body }) {
+        const tenantId = tenantStore.activeTenantId;
+        const clean = sanitizeBody(body);
+        if (!tenantId || !threadKey || !clean) return { ok: false, error: 'invalid_params' };
+
+        saving.value = true;
+        try {
+            const { data: authData } = await supabase.auth.getUser();
+            const userId = authData?.user?.id;
+            if (!userId) return { ok: false, error: 'not_authenticated' };
+
+            const { data, error: err } = await supabase
+                .from('conversation_notes')
+                .insert({
+                    tenant_id: tenantId,
+                    thread_key: threadKey,
+                    patient_id: patientId,
+                    contact_number: contactNumber,
+                    body: clean,
+                    created_by: userId
+                })
+                .select('id, thread_key, patient_id, contact_number, body, created_by, created_at, updated_at')
+                .single();
+
+            if (err) throw err;
+
+            // Prepend (mais recente primeiro)
+            notes.value = [{ ...data, _author_name: null }, ...notes.value];
+            // Recarrega o display_name do autor novo
+            const { data: u } = await supabase
+                .from('profiles')
+                .select('full_name')
+                .eq('id', data.created_by)
+                .maybeSingle();
+            if (u?.full_name) {
+                const item = notes.value.find((n) => n.id === data.id);
+                if (item) item._author_name = u.full_name;
+            }
+            return { ok: true, note: data };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'insert_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    async function update(id, body) {
+        const clean = sanitizeBody(body);
+        if (!id || !clean) return { ok: false, error: 'invalid_params' };
+        saving.value = true;
+        try {
+            const { error: err } = await supabase
+                .from('conversation_notes')
+                .update({ body: clean })
+                .eq('id', id);
+            if (err) throw err;
+            const item = notes.value.find((n) => n.id === id);
+            if (item) {
+                item.body = clean;
+                item.updated_at = new Date().toISOString();
+            }
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'update_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    async function remove(id) {
+        if (!id) return { ok: false, error: 'invalid_id' };
+        saving.value = true;
+        try {
+            const { error: err } = await supabase
+                .from('conversation_notes')
+                .update({ deleted_at: new Date().toISOString() })
+                .eq('id', id);
+            if (err) throw err;
+            notes.value = notes.value.filter((n) => n.id !== id);
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'delete_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    function clear() {
+        notes.value = [];
+        error.value = null;
+    }
+
+    return {
+        notes,
+        count,
+        loading,
+        saving,
+        error,
+        load,
+        create,
+        update,
+        remove,
+        clear
+    };
+}
diff --git a/src/composables/useConversationOptouts.js b/src/composables/useConversationOptouts.js
new file mode 100644
index 0000000..7d661d6
--- /dev/null
+++ b/src/composables/useConversationOptouts.js
@@ -0,0 +1,203 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Arquivo: src/composables/useConversationOptouts.js
+| Data: 2026-04-21
+|
+| Gerencia opt-outs do CRM WhatsApp (LGPD Art. 18 Sec.2).
+|--------------------------------------------------------------------------
+*/
+
+import { ref, computed } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+function normalizePhoneBR(raw) {
+    if (!raw) return '';
+    const digits = String(raw).replace(/\D/g, '');
+    // Sem DDI 55 → agrega
+    if (digits.length === 10 || digits.length === 11) return '55' + digits;
+    return digits;
+}
+
+export function useConversationOptouts() {
+    const tenantStore = useTenantStore();
+
+    const optouts = ref([]);
+    const keywords = ref([]);
+    const loading = ref(false);
+    const saving = ref(false);
+
+    const activeOptouts = computed(() => optouts.value.filter((o) => !o.opted_back_in_at));
+    const historyOptouts = computed(() => optouts.value.filter((o) => o.opted_back_in_at));
+
+    async function load() {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) return;
+        loading.value = true;
+        try {
+            const [optsRes, kwsRes] = await Promise.all([
+                supabase
+                    .from('conversation_optouts')
+                    .select('id, phone, patient_id, source, keyword_matched, original_message, notes, opted_out_at, opted_back_in_at, blocked_by')
+                    .eq('tenant_id', tenantId)
+                    .order('opted_out_at', { ascending: false }),
+                supabase
+                    .from('conversation_optout_keywords')
+                    .select('id, tenant_id, keyword, enabled, is_system')
+                    .or(`tenant_id.is.null,tenant_id.eq.${tenantId}`)
+                    .order('is_system', { ascending: false })
+                    .order('keyword', { ascending: true })
+            ]);
+            optouts.value = optsRes.data || [];
+            keywords.value = kwsRes.data || [];
+
+            // Enriquece com nome do paciente
+            const patIds = [...new Set(optouts.value.map((o) => o.patient_id).filter(Boolean))];
+            if (patIds.length) {
+                const { data: pats } = await supabase.from('patients').select('id, nome_completo').in('id', patIds);
+                const patMap = Object.fromEntries((pats || []).map((p) => [p.id, p.nome_completo]));
+                optouts.value = optouts.value.map((o) => ({ ...o, _patient_name: patMap[o.patient_id] || null }));
+            }
+        } catch (e) {
+            console.error('[useConversationOptouts] load:', e?.message);
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    async function addManual({ phone, patientId = null, notes = null }) {
+        const tenantId = tenantStore.activeTenantId;
+        const cleanPhone = normalizePhoneBR(phone);
+        if (!tenantId || !cleanPhone) return { ok: false, error: 'invalid_params' };
+        if (!/^\d{6,15}$/.test(cleanPhone)) return { ok: false, error: 'invalid_phone_format' };
+
+        saving.value = true;
+        try {
+            const { data: authData } = await supabase.auth.getUser();
+            const userId = authData?.user?.id;
+
+            // Verifica se já existe ativo
+            const { data: existing } = await supabase
+                .from('conversation_optouts')
+                .select('id')
+                .eq('tenant_id', tenantId)
+                .eq('phone', cleanPhone)
+                .is('opted_back_in_at', null)
+                .maybeSingle();
+            if (existing) return { ok: false, error: 'already_opted_out' };
+
+            const { data, error } = await supabase
+                .from('conversation_optouts')
+                .insert({
+                    tenant_id: tenantId,
+                    phone: cleanPhone,
+                    patient_id: patientId,
+                    source: 'manual',
+                    notes,
+                    blocked_by: userId
+                })
+                .select('id, phone, patient_id, source, notes, opted_out_at, blocked_by')
+                .single();
+            if (error) throw error;
+            optouts.value = [{ ...data, _patient_name: null }, ...optouts.value];
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'add_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    async function restore(id) {
+        if (!id) return { ok: false, error: 'invalid_id' };
+        saving.value = true;
+        try {
+            const now = new Date().toISOString();
+            const { error } = await supabase
+                .from('conversation_optouts')
+                .update({ opted_back_in_at: now })
+                .eq('id', id);
+            if (error) throw error;
+            const item = optouts.value.find((o) => o.id === id);
+            if (item) item.opted_back_in_at = now;
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'restore_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    async function addKeyword(keyword) {
+        const tenantId = tenantStore.activeTenantId;
+        const clean = String(keyword || '').trim().slice(0, 100);
+        if (!tenantId || !clean) return { ok: false, error: 'invalid_params' };
+        saving.value = true;
+        try {
+            const { data, error } = await supabase
+                .from('conversation_optout_keywords')
+                .insert({ tenant_id: tenantId, keyword: clean, is_system: false, enabled: true })
+                .select('id, tenant_id, keyword, enabled, is_system')
+                .single();
+            if (error) throw error;
+            keywords.value = [...keywords.value, data];
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'add_keyword_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    async function toggleKeyword(id, enabled) {
+        saving.value = true;
+        try {
+            const { error } = await supabase
+                .from('conversation_optout_keywords')
+                .update({ enabled })
+                .eq('id', id);
+            if (error) throw error;
+            const item = keywords.value.find((k) => k.id === id);
+            if (item) item.enabled = enabled;
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'toggle_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    async function deleteKeyword(id) {
+        saving.value = true;
+        try {
+            const { error } = await supabase
+                .from('conversation_optout_keywords')
+                .delete()
+                .eq('id', id);
+            if (error) throw error;
+            keywords.value = keywords.value.filter((k) => k.id !== id);
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'delete_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    return {
+        optouts,
+        keywords,
+        activeOptouts,
+        historyOptouts,
+        loading,
+        saving,
+        load,
+        addManual,
+        restore,
+        addKeyword,
+        toggleKeyword,
+        deleteKeyword
+    };
+}
diff --git a/src/composables/useConversationTags.js b/src/composables/useConversationTags.js
new file mode 100644
index 0000000..b5ae391
--- /dev/null
+++ b/src/composables/useConversationTags.js
@@ -0,0 +1,260 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Arquivo: src/composables/useConversationTags.js
+| Data: 2026-04-21
+|
+| Tags aplicáveis a threads de conversa (urgente, primeira consulta, etc).
+| Combina tags do sistema (tenant_id NULL) com custom do tenant.
+|--------------------------------------------------------------------------
+*/
+
+import { ref, computed } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+function sanitizeName(raw) {
+    if (typeof raw !== 'string') return '';
+    return raw.trim().slice(0, 40);
+}
+
+function toSlug(name) {
+    return sanitizeName(name)
+        .normalize('NFD').replace(/[̀-ͯ]/g, '')
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, '-')
+        .replace(/^-+|-+$/g, '')
+        .slice(0, 40);
+}
+
+export function useConversationTags() {
+    const tenantStore = useTenantStore();
+
+    const allTags = ref([]);           // todas as tags disponíveis (system + custom)
+    const threadTagIds = ref(new Set()); // tag_ids aplicados na thread atual
+    const loading = ref(false);
+    const saving = ref(false);
+
+    const threadTags = computed(() =>
+        allTags.value.filter((t) => threadTagIds.value.has(t.id))
+    );
+
+    // ── Carrega todas as tags visíveis (system + custom do tenant) ────
+    async function loadAllTags() {
+        const tenantId = tenantStore.activeTenantId;
+        loading.value = true;
+        try {
+            // RLS filtra automaticamente: system (tenant_id IS NULL) + custom do tenant ativo
+            const { data, error } = await supabase
+                .from('conversation_tags')
+                .select('id, tenant_id, name, slug, color, icon, position, is_system')
+                .order('position', { ascending: true })
+                .order('name', { ascending: true });
+            if (error) throw error;
+            allTags.value = data || [];
+        } catch (e) {
+            console.error('[useConversationTags] loadAllTags:', e?.message);
+            allTags.value = [];
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    // ── Carrega tags aplicadas em MÚLTIPLAS threads (batch) ────
+    // Retorna Map<thread_key, tag_id[]> pra renderização em Kanban
+    async function loadForThreads(threadKeys) {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId || !Array.isArray(threadKeys) || !threadKeys.length) return new Map();
+        try {
+            const { data, error } = await supabase
+                .from('conversation_thread_tags')
+                .select('thread_key, tag_id')
+                .eq('tenant_id', tenantId)
+                .in('thread_key', threadKeys);
+            if (error) throw error;
+            const map = new Map();
+            for (const row of data || []) {
+                if (!map.has(row.thread_key)) map.set(row.thread_key, []);
+                map.get(row.thread_key).push(row.tag_id);
+            }
+            return map;
+        } catch (e) {
+            console.error('[useConversationTags] loadForThreads:', e?.message);
+            return new Map();
+        }
+    }
+
+    // ── Carrega tags aplicadas em uma thread ────
+    async function loadForThread(threadKey) {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId || !threadKey) {
+            threadTagIds.value = new Set();
+            return;
+        }
+        try {
+            const { data, error } = await supabase
+                .from('conversation_thread_tags')
+                .select('tag_id')
+                .eq('tenant_id', tenantId)
+                .eq('thread_key', threadKey);
+            if (error) throw error;
+            threadTagIds.value = new Set((data || []).map((r) => r.tag_id));
+        } catch (e) {
+            console.error('[useConversationTags] loadForThread:', e?.message);
+            threadTagIds.value = new Set();
+        }
+    }
+
+    // ── Toggle: adiciona ou remove tag da thread ────
+    async function toggleOnThread(threadKey, tagId) {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId || !threadKey || !tagId) return { ok: false, error: 'invalid_params' };
+
+        saving.value = true;
+        const hasTag = threadTagIds.value.has(tagId);
+
+        try {
+            if (hasTag) {
+                const { error } = await supabase
+                    .from('conversation_thread_tags')
+                    .delete()
+                    .eq('tenant_id', tenantId)
+                    .eq('thread_key', threadKey)
+                    .eq('tag_id', tagId);
+                if (error) throw error;
+                const next = new Set(threadTagIds.value);
+                next.delete(tagId);
+                threadTagIds.value = next;
+            } else {
+                const { data: authData } = await supabase.auth.getUser();
+                const userId = authData?.user?.id;
+                if (!userId) return { ok: false, error: 'not_authenticated' };
+                const { error } = await supabase
+                    .from('conversation_thread_tags')
+                    .insert({
+                        tenant_id: tenantId,
+                        thread_key: threadKey,
+                        tag_id: tagId,
+                        tagged_by: userId
+                    });
+                if (error) throw error;
+                const next = new Set(threadTagIds.value);
+                next.add(tagId);
+                threadTagIds.value = next;
+            }
+            return { ok: true, added: !hasTag };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'toggle_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    // ── Cria tag custom ────
+    async function createCustomTag({ name, color = '#6366f1', icon = null }) {
+        const tenantId = tenantStore.activeTenantId;
+        const cleanName = sanitizeName(name);
+        if (!tenantId || !cleanName) return { ok: false, error: 'invalid_params' };
+
+        const slug = toSlug(cleanName);
+        if (!slug) return { ok: false, error: 'invalid_slug' };
+
+        saving.value = true;
+        try {
+            const { data, error } = await supabase
+                .from('conversation_tags')
+                .insert({
+                    tenant_id: tenantId,
+                    name: cleanName,
+                    slug,
+                    color,
+                    icon,
+                    is_system: false
+                })
+                .select('id, tenant_id, name, slug, color, icon, position, is_system')
+                .single();
+            if (error) throw error;
+            allTags.value = [...allTags.value, data].sort((a, b) => (a.position - b.position) || a.name.localeCompare(b.name));
+            return { ok: true, tag: data };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'create_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    // ── Atualiza tag custom ────
+    async function updateCustomTag(id, { name, color, icon }) {
+        if (!id) return { ok: false, error: 'invalid_id' };
+        const patch = {};
+        if (name !== undefined) {
+            const clean = sanitizeName(name);
+            if (!clean) return { ok: false, error: 'invalid_name' };
+            patch.name = clean;
+            patch.slug = toSlug(clean);
+            if (!patch.slug) return { ok: false, error: 'invalid_slug' };
+        }
+        if (color !== undefined) patch.color = color;
+        if (icon !== undefined) patch.icon = icon;
+        if (!Object.keys(patch).length) return { ok: false, error: 'nothing_to_update' };
+
+        saving.value = true;
+        try {
+            const { data, error } = await supabase
+                .from('conversation_tags')
+                .update(patch)
+                .eq('id', id)
+                .select('id, tenant_id, name, slug, color, icon, position, is_system')
+                .single();
+            if (error) throw error;
+            allTags.value = allTags.value
+                .map((t) => (t.id === id ? data : t))
+                .sort((a, b) => (a.position - b.position) || a.name.localeCompare(b.name));
+            return { ok: true, tag: data };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'update_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    // ── Remove tag custom (system bloqueada por RLS) ────
+    async function deleteCustomTag(id) {
+        if (!id) return { ok: false, error: 'invalid_id' };
+        saving.value = true;
+        try {
+            const { error } = await supabase.from('conversation_tags').delete().eq('id', id);
+            if (error) throw error;
+            allTags.value = allTags.value.filter((t) => t.id !== id);
+            const next = new Set(threadTagIds.value);
+            next.delete(id);
+            threadTagIds.value = next;
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'delete_failed' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    function clear() {
+        threadTagIds.value = new Set();
+    }
+
+    return {
+        allTags,
+        threadTags,
+        threadTagIds,
+        loading,
+        saving,
+        loadAllTags,
+        loadForThread,
+        loadForThreads,
+        toggleOnThread,
+        createCustomTag,
+        updateCustomTag,
+        deleteCustomTag,
+        clear
+    };
+}
diff --git a/src/composables/useConversations.js b/src/composables/useConversations.js
new file mode 100644
index 0000000..aa1fc16
--- /dev/null
+++ b/src/composables/useConversations.js
@@ -0,0 +1,268 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Tecnologia aplicada à escuta.
+| Estrutura para o cuidado.
+|
+| Arquivo: src/composables/useConversations.js
+| Data: 2026
+| Local: São Carlos/SP — Brasil
+|--------------------------------------------------------------------------
+| © 2026 — Todos os direitos reservados
+|--------------------------------------------------------------------------
+*/
+
+import { ref, computed, onUnmounted } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+const KANBAN_ORDER = ['urgent', 'awaiting_us', 'awaiting_patient', 'resolved'];
+
+function sanitizeSearch(raw) {
+    if (typeof raw !== 'string') return '';
+    return raw.trim().slice(0, 120).toLowerCase();
+}
+
+export function useConversations() {
+    const tenantStore = useTenantStore();
+
+    const threads = ref([]);
+    const loading = ref(false);
+    const error = ref(null);
+
+    const filters = ref({
+        search: '',
+        channel: null, // null = todos
+        unreadOnly: false,
+        assigned: null // null = todas | 'me' | 'unassigned' | <uuid>
+    });
+
+    const currentUserId = ref(null);
+    supabase.auth.getUser().then(({ data }) => { currentUserId.value = data?.user?.id ?? null; });
+
+    let realtimeChannel = null;
+
+    async function load() {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) {
+            threads.value = [];
+            error.value = new Error('Tenant ativo inválido');
+            return;
+        }
+
+        loading.value = true;
+        error.value = null;
+
+        try {
+            const { data, error: qErr } = await supabase
+                .from('conversation_threads')
+                .select('*')
+                .eq('tenant_id', tenantId)
+                .order('last_message_at', { ascending: false })
+                .limit(500);
+            if (qErr) throw qErr;
+            threads.value = data ?? [];
+        } catch (err) {
+            error.value = err;
+            threads.value = [];
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    function subscribeRealtime() {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) return;
+        if (realtimeChannel) {
+            supabase.removeChannel(realtimeChannel);
+        }
+        realtimeChannel = supabase
+            .channel(`conv_msg_tenant_${tenantId}`)
+            .on(
+                'postgres_changes',
+                {
+                    event: 'INSERT',
+                    schema: 'public',
+                    table: 'conversation_messages',
+                    filter: `tenant_id=eq.${tenantId}`
+                },
+                (payload) => {
+                    // refetch da lista (view agrega tudo)
+                    load();
+                    // se o drawer esta aberto numa thread desta msg, appenda
+                    const newMsg = payload.new;
+                    if (currentThread.value && messageBelongsToThread(newMsg, currentThread.value)) {
+                        const alreadyThere = threadMessages.value.some((m) => m.id === newMsg.id);
+                        if (!alreadyThere) threadMessages.value.push(newMsg);
+                    }
+                }
+            )
+            .on(
+                'postgres_changes',
+                {
+                    event: 'UPDATE',
+                    schema: 'public',
+                    table: 'conversation_messages',
+                    filter: `tenant_id=eq.${tenantId}`
+                },
+                (payload) => {
+                    load();
+                    const updated = payload.new;
+                    if (currentThread.value && messageBelongsToThread(updated, currentThread.value)) {
+                        const idx = threadMessages.value.findIndex((m) => m.id === updated.id);
+                        if (idx >= 0) threadMessages.value[idx] = updated;
+                    }
+                }
+            )
+            .subscribe();
+    }
+
+    function unsubscribeRealtime() {
+        if (realtimeChannel) {
+            supabase.removeChannel(realtimeChannel);
+            realtimeChannel = null;
+        }
+    }
+
+    onUnmounted(() => unsubscribeRealtime());
+
+    const filteredThreads = computed(() => {
+        const q = sanitizeSearch(filters.value.search);
+        const assignFilter = filters.value.assigned;
+        const uid = currentUserId.value;
+        return threads.value.filter((t) => {
+            if (filters.value.channel && t.channel !== filters.value.channel) return false;
+            if (filters.value.unreadOnly && (t.unread_count || 0) === 0) return false;
+            if (assignFilter === 'me') {
+                if (!uid || t.assigned_to !== uid) return false;
+            } else if (assignFilter === 'unassigned') {
+                if (t.assigned_to) return false;
+            } else if (assignFilter && typeof assignFilter === 'string') {
+                if (t.assigned_to !== assignFilter) return false;
+            }
+            if (q) {
+                const name = (t.patient_name || '').toLowerCase();
+                const num = (t.contact_number || '').toLowerCase();
+                const body = (t.last_message_body || '').toLowerCase();
+                if (!name.includes(q) && !num.includes(q) && !body.includes(q)) return false;
+            }
+            return true;
+        });
+    });
+
+    const byKanban = computed(() => {
+        const map = { urgent: [], awaiting_us: [], awaiting_patient: [], resolved: [] };
+        for (const t of filteredThreads.value) {
+            const k = KANBAN_ORDER.includes(t.kanban_status) ? t.kanban_status : 'awaiting_us';
+            map[k].push(t);
+        }
+        return map;
+    });
+
+    const summary = computed(() => ({
+        total: threads.value.length,
+        urgent: byKanban.value.urgent.length,
+        awaiting_us: byKanban.value.awaiting_us.length,
+        awaiting_patient: byKanban.value.awaiting_patient.length,
+        resolved: byKanban.value.resolved.length,
+        unreadTotal: threads.value.reduce((s, t) => s + (t.unread_count || 0), 0)
+    }));
+
+    // Mensagens de uma thread especifica (drawer)
+    const threadMessages = ref([]);
+    const threadLoading = ref(false);
+    const currentThread = ref(null);
+
+    function messageBelongsToThread(msg, thread) {
+        if (!thread || !msg) return false;
+        if (thread.patient_id) return msg.patient_id === thread.patient_id;
+        // thread anônima
+        if (msg.patient_id) return false;
+        return (
+            msg.from_number === thread.contact_number ||
+            msg.to_number === thread.contact_number
+        );
+    }
+
+    async function loadThreadMessages(thread) {
+        currentThread.value = thread;
+        if (!thread) {
+            threadMessages.value = [];
+            return;
+        }
+        threadLoading.value = true;
+        try {
+            let q = supabase
+                .from('conversation_messages')
+                .select('*')
+                .eq('tenant_id', tenantStore.activeTenantId)
+                .order('created_at', { ascending: true })
+                .limit(500);
+
+            if (thread.patient_id) {
+                q = q.eq('patient_id', thread.patient_id);
+            } else {
+                // anônimo — filtra por from_number ou to_number
+                q = q.or(`from_number.eq.${thread.contact_number},to_number.eq.${thread.contact_number}`).is('patient_id', null);
+            }
+
+            const { data, error: qErr } = await q;
+            if (qErr) throw qErr;
+            threadMessages.value = data ?? [];
+        } finally {
+            threadLoading.value = false;
+        }
+    }
+
+    async function markThreadRead(thread) {
+        if (!thread) return;
+        // Marca unread do inbound como lido
+        const nowIso = new Date().toISOString();
+        const tenantId = tenantStore.activeTenantId;
+        let q = supabase
+            .from('conversation_messages')
+            .update({ read_at: nowIso })
+            .eq('tenant_id', tenantId)
+            .eq('direction', 'inbound')
+            .is('read_at', null);
+        if (thread.patient_id) q = q.eq('patient_id', thread.patient_id);
+        else q = q.eq('from_number', thread.contact_number).is('patient_id', null);
+        await q;
+        load();
+    }
+
+    async function setKanbanStatus(thread, newStatus) {
+        if (!['urgent', 'awaiting_us', 'awaiting_patient', 'resolved'].includes(newStatus)) return;
+        const tenantId = tenantStore.activeTenantId;
+        const patch = { kanban_status: newStatus };
+        if (newStatus === 'resolved') patch.resolved_at = new Date().toISOString();
+
+        let q = supabase.from('conversation_messages').update(patch).eq('tenant_id', tenantId);
+        if (thread.patient_id) q = q.eq('patient_id', thread.patient_id);
+        else q = q.eq('from_number', thread.contact_number).is('patient_id', null);
+
+        await q;
+        load();
+    }
+
+    return {
+        threads,
+        filteredThreads,
+        byKanban,
+        summary,
+        filters,
+        loading,
+        error,
+        load,
+        subscribeRealtime,
+        unsubscribeRealtime,
+        threadMessages,
+        threadLoading,
+        loadThreadMessages,
+        markThreadRead,
+        setKanbanStatus
+    };
+}
diff --git a/src/composables/useLgpdExport.js b/src/composables/useLgpdExport.js
new file mode 100644
index 0000000..17a1c46
--- /dev/null
+++ b/src/composables/useLgpdExport.js
@@ -0,0 +1,108 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Tecnologia aplicada à escuta.
+| Estrutura para o cuidado.
+|
+| Arquivo: src/composables/useLgpdExport.js
+| Data: 2026
+| Local: São Carlos/SP — Brasil
+|--------------------------------------------------------------------------
+| © 2026 — Todos os direitos reservados
+|--------------------------------------------------------------------------
+*/
+
+import { ref } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { downloadLgpdPDF } from '@/utils/lgpdExportFormats';
+
+function slugify(s) {
+    if (!s) return 'paciente';
+    return (
+        String(s)
+            .toLowerCase()
+            .normalize('NFD')
+            .replace(/[\u0300-\u036f]/g, '')
+            .replace(/[^a-z0-9]+/g, '-')
+            .replace(/(^-|-$)/g, '')
+            .slice(0, 40) || 'paciente'
+    );
+}
+
+function downloadBlob(blob, filename) {
+    const url = URL.createObjectURL(blob);
+    const a = document.createElement('a');
+    a.href = url;
+    a.download = filename;
+    document.body.appendChild(a);
+    a.click();
+    document.body.removeChild(a);
+    URL.revokeObjectURL(url);
+}
+
+export function useLgpdExport() {
+    const loading = ref(false);
+    const error = ref(null);
+    const lastPayload = ref(null);
+
+    async function fetchExport(patientId) {
+        if (!patientId) {
+            throw new Error('patientId obrigatório');
+        }
+
+        const { data, error: rpcErr } = await supabase.rpc('export_patient_data', { p_patient_id: patientId });
+        if (rpcErr) throw rpcErr;
+        return data;
+    }
+
+    async function exportJSON(patientId, patientName) {
+        loading.value = true;
+        error.value = null;
+        try {
+            const payload = await fetchExport(patientId);
+            lastPayload.value = payload;
+
+            const ts = new Date().toISOString().slice(0, 10);
+            const filename = `lgpd-export-${slugify(patientName)}-${ts}.json`;
+            const blob = new Blob([JSON.stringify(payload, null, 2)], { type: 'application/json;charset=utf-8' });
+            downloadBlob(blob, filename);
+            return payload;
+        } catch (err) {
+            error.value = err;
+            throw err;
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    async function exportPDF(patientId, patientName, tenantName) {
+        loading.value = true;
+        error.value = null;
+        try {
+            const payload = await fetchExport(patientId);
+            lastPayload.value = payload;
+
+            const ts = new Date().toISOString().slice(0, 10);
+            const filename = `lgpd-export-${slugify(patientName)}-${ts}.pdf`;
+            await downloadLgpdPDF(payload, tenantName, filename);
+            return payload;
+        } catch (err) {
+            error.value = err;
+            throw err;
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    return {
+        loading,
+        error,
+        lastPayload,
+        fetchExport,
+        exportJSON,
+        exportPDF
+    };
+}
diff --git a/src/composables/useMenuBadges.js b/src/composables/useMenuBadges.js
index a7f69f0..791279d 100644
--- a/src/composables/useMenuBadges.js
+++ b/src/composables/useMenuBadges.js
@@ -23,9 +23,11 @@ import { useTenantStore } from '@/stores/tenantStore';
 const agendaHoje = ref(0);
 const cadastrosRecebidos = ref(0);
 const agendamentosRecebidos = ref(0);
+const conversasUnread = ref(0);
 
 let _timer = null;
 let _started = false;
+let _realtimeChannel = null;
 
 async function _refresh() {
     try {
@@ -69,23 +71,63 @@ async function _refresh() {
             const { count } = await q;
             agendamentosRecebidos.value = count || 0;
         }
+
+        // 4. Conversas não lidas (mensagens inbound sem read_at)
+        if (tenantId) {
+            const { count } = await supabase
+                .from('conversation_messages')
+                .select('id', { count: 'exact', head: true })
+                .eq('tenant_id', tenantId)
+                .eq('direction', 'inbound')
+                .is('read_at', null);
+            conversasUnread.value = count || 0;
+        }
     } catch {
         // badge falhar não deve quebrar a navegação
     }
 }
 
+// Subscribe Realtime pra atualizar badge ao vivo
+function _subscribeRealtime() {
+    try {
+        const tenantStore = useTenantStore();
+        const tenantId = tenantStore.activeTenantId || tenantStore.tenantId || null;
+        if (!tenantId) return;
+        if (_realtimeChannel) {
+            supabase.removeChannel(_realtimeChannel);
+        }
+        _realtimeChannel = supabase
+            .channel(`menu_badges_conv_${tenantId}`)
+            .on(
+                'postgres_changes',
+                { event: 'INSERT', schema: 'public', table: 'conversation_messages', filter: `tenant_id=eq.${tenantId}` },
+                () => _refresh()
+            )
+            .on(
+                'postgres_changes',
+                { event: 'UPDATE', schema: 'public', table: 'conversation_messages', filter: `tenant_id=eq.${tenantId}` },
+                () => _refresh()
+            )
+            .subscribe();
+    } catch {
+        // Realtime falhar não deve quebrar
+    }
+}
+
 // ─── API pública ───────────────────────────────────────────
 export function useMenuBadges() {
     if (!_started) {
         _started = true;
         _refresh();
-        _timer = setInterval(_refresh, 5 * 60 * 1000); // atualiza a cada 5 min
+        _subscribeRealtime();
+        _timer = setInterval(_refresh, 5 * 60 * 1000); // atualiza a cada 5 min (fallback)
     }
 
     return {
         agendaHoje,
         cadastrosRecebidos,
         agendamentosRecebidos,
+        conversasUnread,
         refresh: _refresh
     };
 }
diff --git a/src/composables/useSessionReminders.js b/src/composables/useSessionReminders.js
new file mode 100644
index 0000000..7bc32c1
--- /dev/null
+++ b/src/composables/useSessionReminders.js
@@ -0,0 +1,123 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Arquivo: src/composables/useSessionReminders.js
+| Data: 2026-04-21
+|
+| Lembretes automáticos de sessão (CRM Grupo 2.4).
+|--------------------------------------------------------------------------
+*/
+
+import { ref } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+const DEFAULTS = {
+    enabled: false,
+    send_24h: true,
+    send_2h: true,
+    template_24h: 'Oi {{nome_paciente}}! 👋 Lembrando da sua sessão amanhã, {{data_sessao}} às {{hora_sessao}}. Até lá!',
+    template_2h: 'Oi {{nome_paciente}}! Sua sessão começa em 2 horas, às {{hora_sessao}}. Te espero! 😊',
+    quiet_hours_enabled: true,
+    quiet_hours_start: '22:00',
+    quiet_hours_end: '08:00',
+    respect_opt_out: true
+};
+
+export function useSessionReminders() {
+    const tenantStore = useTenantStore();
+    const settings = ref({ ...DEFAULTS });
+    const recentLogs = ref([]);
+    const loading = ref(false);
+    const saving = ref(false);
+
+    async function load() {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) return;
+        loading.value = true;
+        try {
+            const [settingsRes, logsRes] = await Promise.all([
+                supabase
+                    .from('session_reminder_settings')
+                    .select('*')
+                    .eq('tenant_id', tenantId)
+                    .maybeSingle(),
+                supabase
+                    .from('session_reminder_logs')
+                    .select('id, event_id, reminder_type, sent_at, provider, skip_reason, to_phone')
+                    .eq('tenant_id', tenantId)
+                    .order('sent_at', { ascending: false })
+                    .limit(30)
+            ]);
+
+            if (settingsRes.data) {
+                settings.value = {
+                    enabled: !!settingsRes.data.enabled,
+                    send_24h: !!settingsRes.data.send_24h,
+                    send_2h: !!settingsRes.data.send_2h,
+                    template_24h: settingsRes.data.template_24h || DEFAULTS.template_24h,
+                    template_2h: settingsRes.data.template_2h || DEFAULTS.template_2h,
+                    quiet_hours_enabled: !!settingsRes.data.quiet_hours_enabled,
+                    quiet_hours_start: String(settingsRes.data.quiet_hours_start || DEFAULTS.quiet_hours_start).slice(0, 5),
+                    quiet_hours_end: String(settingsRes.data.quiet_hours_end || DEFAULTS.quiet_hours_end).slice(0, 5),
+                    respect_opt_out: !!settingsRes.data.respect_opt_out
+                };
+            } else {
+                settings.value = { ...DEFAULTS };
+            }
+
+            recentLogs.value = logsRes.data || [];
+        } catch (e) {
+            console.error('[useSessionReminders] load:', e?.message);
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    async function save() {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) return { ok: false, error: 'no_tenant' };
+
+        const payload = { ...settings.value };
+        payload.template_24h = String(payload.template_24h || '').trim().slice(0, 2000);
+        payload.template_2h = String(payload.template_2h || '').trim().slice(0, 2000);
+        if (!payload.template_24h || !payload.template_2h) {
+            return { ok: false, error: 'Templates não podem ficar vazios' };
+        }
+
+        saving.value = true;
+        try {
+            const { error } = await supabase
+                .from('session_reminder_settings')
+                .upsert({ tenant_id: tenantId, ...payload }, { onConflict: 'tenant_id' });
+            if (error) throw error;
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'Falha ao salvar' };
+        } finally {
+            saving.value = false;
+        }
+    }
+
+    // Dispara manualmente (pra teste ou pra catch-up de eventos perdidos)
+    async function runNow() {
+        try {
+            const { data, error } = await supabase.functions.invoke('send-session-reminders', { body: {} });
+            if (error) throw error;
+            return { ok: true, stats: data?.stats || null };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'Falha ao executar' };
+        }
+    }
+
+    return {
+        settings,
+        recentLogs,
+        loading,
+        saving,
+        load,
+        save,
+        runNow
+    };
+}
diff --git a/src/composables/useWhatsappCredits.js b/src/composables/useWhatsappCredits.js
new file mode 100644
index 0000000..748c9b9
--- /dev/null
+++ b/src/composables/useWhatsappCredits.js
@@ -0,0 +1,144 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Arquivo: src/composables/useWhatsappCredits.js
+| Data: 2026-04-21
+|
+| Sistema de créditos WhatsApp (Marco B).
+|--------------------------------------------------------------------------
+*/
+
+import { ref, computed } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+export function useWhatsappCredits() {
+    const tenantStore = useTenantStore();
+
+    const balance = ref(null);           // { balance, lifetime_purchased, lifetime_used, low_balance_threshold }
+    const transactions = ref([]);        // últimos extratos
+    const packages = ref([]);            // pacotes ativos (loja)
+    const purchases = ref([]);           // minhas ordens de compra
+    const tenantCpfCnpj = ref('');       // CPF/CNPJ armazenado no tenant (pra prefill)
+    const loading = ref(false);
+    const creating = ref(false);
+
+    const currentBalance = computed(() => balance.value?.balance ?? 0);
+    const isLow = computed(() => {
+        if (!balance.value) return false;
+        return balance.value.balance <= balance.value.low_balance_threshold;
+    });
+
+    async function loadAll() {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) return;
+        loading.value = true;
+        try {
+            const [balRes, txRes, pkgRes, purRes, tenRes] = await Promise.all([
+                supabase
+                    .from('whatsapp_credits_balance')
+                    .select('*')
+                    .eq('tenant_id', tenantId)
+                    .maybeSingle(),
+                supabase
+                    .from('whatsapp_credits_transactions')
+                    .select('id, kind, amount, balance_after, note, created_at, purchase_id, admin_id')
+                    .eq('tenant_id', tenantId)
+                    .order('created_at', { ascending: false })
+                    .limit(50),
+                supabase
+                    .from('whatsapp_credit_packages')
+                    .select('*')
+                    .eq('is_active', true)
+                    .order('position', { ascending: true })
+                    .order('price_brl', { ascending: true }),
+                supabase
+                    .from('whatsapp_credit_purchases')
+                    .select('id, package_name, credits, amount_brl, status, paid_at, expires_at, created_at, asaas_pix_qrcode, asaas_pix_copy_paste, asaas_payment_link')
+                    .eq('tenant_id', tenantId)
+                    .order('created_at', { ascending: false })
+                    .limit(20),
+                supabase
+                    .from('tenants')
+                    .select('cpf_cnpj')
+                    .eq('id', tenantId)
+                    .maybeSingle()
+            ]);
+
+            balance.value = balRes.data || { balance: 0, lifetime_purchased: 0, lifetime_used: 0, low_balance_threshold: 20 };
+            transactions.value = txRes.data || [];
+            packages.value = pkgRes.data || [];
+            purchases.value = purRes.data || [];
+            tenantCpfCnpj.value = tenRes.data?.cpf_cnpj || '';
+        } catch (e) {
+            console.error('[useWhatsappCredits] loadAll:', e?.message);
+        } finally {
+            loading.value = false;
+        }
+    }
+
+    async function createPurchase(packageId, cpfCnpj = null) {
+        if (!packageId) return { ok: false, error: 'package_missing' };
+        creating.value = true;
+        try {
+            const cleanDoc = (cpfCnpj || '').replace(/\D/g, '') || null;
+            const body = cleanDoc ? { package_id: packageId, cpf_cnpj: cleanDoc } : { package_id: packageId };
+            const { data, error } = await supabase.functions.invoke('create-whatsapp-credit-charge', { body });
+            if (error) {
+                // Edge function errors (non-2xx) vêm em error.context.json() no SDK novo
+                let parsed = null;
+                try {
+                    parsed = typeof error.context?.json === 'function'
+                        ? await error.context.json()
+                        : null;
+                } catch (_) { /* swallow */ }
+                return {
+                    ok: false,
+                    error: parsed?.error || error.message || 'invoke_failed',
+                    message: parsed?.message || null
+                };
+            }
+            if (!data?.ok) return { ok: false, error: data?.error || 'unknown', message: data?.message || null };
+            // Atualiza CPF armazenado se a compra foi com um novo
+            if (cleanDoc) tenantCpfCnpj.value = cleanDoc;
+            await loadAll();
+            return { ok: true, purchase: data.purchase };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'create_failed' };
+        } finally {
+            creating.value = false;
+        }
+    }
+
+    async function updateLowBalanceThreshold(newThreshold) {
+        const tenantId = tenantStore.activeTenantId;
+        if (!tenantId) return { ok: false, error: 'no_tenant' };
+        const v = Math.max(0, Math.min(10000, Number(newThreshold) || 0));
+        try {
+            const { error } = await supabase
+                .from('whatsapp_credits_balance')
+                .upsert({ tenant_id: tenantId, low_balance_threshold: v }, { onConflict: 'tenant_id' });
+            if (error) throw error;
+            if (balance.value) balance.value.low_balance_threshold = v;
+            return { ok: true };
+        } catch (e) {
+            return { ok: false, error: e?.message || 'update_failed' };
+        }
+    }
+
+    return {
+        balance,
+        transactions,
+        packages,
+        purchases,
+        tenantCpfCnpj,
+        currentBalance,
+        isLow,
+        loading,
+        creating,
+        loadAll,
+        createPurchase,
+        updateLowBalanceThreshold
+    };
+}
diff --git a/src/features/agenda/components/ProximosFeriadosCard.vue b/src/features/agenda/components/ProximosFeriadosCard.vue
index 1f55356..ad13e6c 100644
--- a/src/features/agenda/components/ProximosFeriadosCard.vue
+++ b/src/features/agenda/components/ProximosFeriadosCard.vue
@@ -95,8 +95,9 @@ const loadingBloqueios = ref(false);
 async function loadBloqueiosMes() {
     if (!_ownerId.value) return;
     const ano = new Date().getFullYear();
+    const lastDay = new Date(ano, mesAtual, 0).getDate();
     const start = `${ano}-${String(mesAtual).padStart(2, '0')}-01`;
-    const end = `${ano}-${String(mesAtual).padStart(2, '0')}-31`;
+    const end = `${ano}-${String(mesAtual).padStart(2, '0')}-${String(lastDay).padStart(2, '0')}`;
     loadingBloqueios.value = true;
     try {
         const { data } = await supabase.from('agenda_bloqueios').select('data_inicio').eq('owner_id', _ownerId.value).in('origem', ['agenda_feriado', 'agenda_dia']).gte('data_inicio', start).lte('data_inicio', end);
diff --git a/src/features/agenda/pages/AgendaClinicaPage.vue b/src/features/agenda/pages/AgendaClinicaPage.vue
index e0efd4a..43b4144 100644
--- a/src/features/agenda/pages/AgendaClinicaPage.vue
+++ b/src/features/agenda/pages/AgendaClinicaPage.vue
@@ -2075,7 +2075,7 @@ function goRecorrencias() {
     <div ref="headerSentinelRef" class="ag-sentinel" />
 
     <!-- Topbar compacta sticky -->
-    <div ref="headerEl" class="ag-topbar mx-3 md:mx-4 mb-3" :class="{ 'ag-topbar--stuck': headerStuck }">
+    <div ref="headerEl" class="ag-topbar my-3 md:mx-4" :class="{ 'ag-topbar--stuck': headerStuck }">
         <div class="ag-topbar__blobs" aria-hidden="true">
             <div class="ag-topbar__blob ag-topbar__blob--1" />
             <div class="ag-topbar__blob ag-topbar__blob--2" />
@@ -2141,9 +2141,9 @@ function goRecorrencias() {
                 <div class="hidden xl:flex items-center gap-1">
                     <Button label="Bloquear" icon="pi pi-lock" size="small" class="rounded-full" severity="danger" outlined @click="(e) => blockMenuRef.toggle(e)" />
                     <Menu ref="blockMenuRef" :model="blockMenuItems" :popup="true" />
-                    <Button icon="pi pi-refresh" severity="secondary" outlined class="h-9 w-9 rounded-full" @click="refetch" />
-                    <Button icon="pi pi-sync" severity="secondary" outlined class="h-9 w-9 rounded-full" title="Recorrências" @click="goRecorrencias" />
-                    <Button icon="pi pi-cog" severity="secondary" outlined class="h-9 w-9 rounded-full" @click="goSettings" />
+                    <Button icon="pi pi-refresh" severity="secondary" outlined class="h-9 w-9 rounded-full" v-tooltip.bottom="'Recarregar'" @click="refetch" />
+                    <Button icon="pi pi-sync" severity="secondary" outlined class="h-9 w-9 rounded-full" v-tooltip.bottom="'Recorrências'" @click="goRecorrencias" />
+                    <Button icon="pi pi-cog" severity="secondary" outlined class="h-9 w-9 rounded-full" v-tooltip.bottom="'Configurações'" @click="goSettings" />
                 </div>
             </div>
         </div>
@@ -2152,7 +2152,7 @@ function goRecorrencias() {
     <!-- Aviso: fora da jornada -->
     <div
         v-if="hasEventsOutsideWorkHours"
-        class="mx-3 md:mx-4 mb-3 rounded-[6px] p-3"
+        class="my-3 md:mx-4 rounded-[6px] p-3"
         style="background: color-mix(in srgb, var(--yellow-400, #facc15) 10%, var(--surface-card)); border: 1px solid color-mix(in srgb, var(--yellow-400, #facc15) 35%, transparent)"
     >
         <div class="flex items-center gap-3">
diff --git a/src/features/agenda/pages/AgendaRecorrenciasPage.vue b/src/features/agenda/pages/AgendaRecorrenciasPage.vue
index d1deb25..1bbfddb 100644
--- a/src/features/agenda/pages/AgendaRecorrenciasPage.vue
+++ b/src/features/agenda/pages/AgendaRecorrenciasPage.vue
@@ -15,7 +15,7 @@
 |--------------------------------------------------------------------------
 -->
 <script setup>
-import { ref, computed, onMounted } from 'vue';
+import { ref, computed, onMounted, onBeforeUnmount } from 'vue';
 import { useRouter, useRoute } from 'vue-router';
 import { supabase } from '@/lib/supabase/client';
 import { useTenantStore } from '@/stores/tenantStore';
@@ -31,6 +31,15 @@ const mode = computed(() => route.meta?.mode || 'therapist');
 const isClinic = computed(() => mode.value === 'clinic');
 const tenantId = computed(() => tenantStore.activeTenantId || tenantStore.tenantId);
 
+// ── Hero sticky ───────────────────────────────────────────
+const headerEl = ref(null);
+const headerSentinelRef = ref(null);
+const headerStuck = ref(false);
+let _observer = null;
+
+// ── Mobile ────────────────────────────────────────────────
+const filtersDlgOpen = ref(false);
+
 // ── state ──────────────────────────────────────────────────────────────────────
 const loading = ref(false);
 const userId = ref(null);
@@ -306,25 +315,59 @@ function goBack() {
     else router.push({ name: 'therapist-agenda' });
 }
 
-onMounted(init);
+onMounted(async () => {
+    const rootMargin = `${document.querySelector('.l2-main') ? '0px' : '-56px'} 0px 0px 0px`;
+    _observer = new IntersectionObserver(
+        ([entry]) => {
+            headerStuck.value = !entry.isIntersecting;
+        },
+        { threshold: 0, rootMargin }
+    );
+    if (headerSentinelRef.value) _observer.observe(headerSentinelRef.value);
+    await init();
+});
+
+onBeforeUnmount(() => {
+    _observer?.disconnect();
+});
 </script>
 
 <template>
-    <!-- ─── Header ─────────────────────────────────────────────────── -->
-    <div class="rr-page mx-3 md:mx-5">
-        <div class="rr-header">
-            <div class="flex items-center gap-3">
+    <!-- Sentinel -->
+    <div ref="headerSentinelRef" class="h-px" />
+
+    <!-- ══════════════════════════════════════
+       Hero sticky
+  ═══════════════════════════════════════ -->
+    <div
+        ref="headerEl"
+        class="sticky my-3 mx-3 md:mx-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
+        :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
+        :style="{ top: 'var(--layout-sticky-top, 56px)' }"
+    >
+        <!-- Blobs decorativos -->
+        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
+            <div class="absolute w-64 h-64 -top-16 -right-8 rounded-full blur-[60px] bg-indigo-500/10" />
+            <div class="absolute w-72 h-72 top-0 -left-16 rounded-full blur-[60px] bg-emerald-400/9" />
+        </div>
+
+        <div class="relative z-1 flex items-center gap-3">
+            <!-- Voltar + Brand -->
+            <div class="flex items-center gap-2 shrink-0">
                 <Button icon="pi pi-arrow-left" text severity="secondary" class="h-9 w-9 rounded-full shrink-0" v-tooltip.bottom="'Voltar à agenda'" @click="goBack" />
-                <div>
-                    <div class="text-xl font-bold leading-tight">Recorrências</div>
-                    <div class="text-sm opacity-55">
+                <div class="grid place-items-center w-9 h-9 rounded-md shrink-0 bg-indigo-500/10 text-indigo-500">
+                    <i class="pi pi-refresh text-base" />
+                </div>
+                <div class="min-w-0 hidden lg:block">
+                    <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Recorrências</div>
+                    <div class="text-[0.75rem] text-[var(--text-color-secondary)]">
                         {{ isClinic ? 'Todas as séries da clínica' : 'Suas séries de sessões recorrentes' }}
                     </div>
                 </div>
             </div>
 
-            <div class="flex items-center gap-2 flex-wrap">
-                <!-- Status filter -->
+            <!-- Filtros desktop -->
+            <div class="hidden xl:flex items-center gap-2 flex-1 min-w-0 mx-2">
                 <SelectButton
                     v-model="filterStatus"
                     :options="[
@@ -335,10 +378,9 @@ onMounted(init);
                     optionLabel="label"
                     optionValue="value"
                     :allowEmpty="false"
+                    size="small"
                     @change="load"
                 />
-
-                <!-- Therapist filter (clinic only) -->
                 <Select
                     v-if="isClinic && staffOptions.length"
                     v-model="filterOwner"
@@ -349,28 +391,75 @@ onMounted(init);
                     class="w-[220px]"
                     @change="load"
                 />
+            </div>
 
+            <!-- Ações -->
+            <div class="flex items-center gap-1 shrink-0 ml-auto">
+                <Button icon="pi pi-filter" severity="secondary" outlined class="xl:hidden h-9 w-9 rounded-full" v-tooltip.bottom="'Filtros'" @click="filtersDlgOpen = true" />
                 <Button icon="pi pi-refresh" severity="secondary" outlined class="h-9 w-9 rounded-full" :loading="loading" v-tooltip.bottom="'Recarregar'" @click="load" />
             </div>
         </div>
+    </div>
 
+    <!-- Dialog filtros mobile -->
+    <Dialog v-model:visible="filtersDlgOpen" modal :draggable="false" pt:mask:class="backdrop-blur-xs" header="Filtros" class="w-[94vw] max-w-sm">
+        <div class="flex flex-col gap-3 pt-1">
+            <div>
+                <label class="block text-xs font-semibold text-[var(--text-color-secondary)] mb-1.5">Status</label>
+                <SelectButton
+                    v-model="filterStatus"
+                    :options="[
+                        { label: 'Ativas', value: 'ativo' },
+                        { label: 'Encerradas', value: 'cancelado' },
+                        { label: 'Todas', value: 'all' }
+                    ]"
+                    optionLabel="label"
+                    optionValue="value"
+                    :allowEmpty="false"
+                    class="w-full"
+                    @change="load"
+                />
+            </div>
+            <div v-if="isClinic && staffOptions.length">
+                <label class="block text-xs font-semibold text-[var(--text-color-secondary)] mb-1.5">Terapeuta</label>
+                <Select v-model="filterOwner" :options="[{ label: 'Todos os terapeutas', value: null }, ...staffOptions]" optionLabel="label" optionValue="value" placeholder="Todos os terapeutas" class="w-full" @change="load" />
+            </div>
+        </div>
+        <template #footer>
+            <Button label="Fechar" severity="secondary" outlined class="rounded-full" @click="filtersDlgOpen = false" />
+        </template>
+    </Dialog>
+
+    <!-- ══════════════════════════════════════
+       Conteúdo principal
+  ═══════════════════════════════════════ -->
+    <div class="px-3 md:px-4 pb-8">
         <!-- ─── Loading ──────────────────────────────────────────────── -->
-        <div v-if="loading" class="flex flex-col gap-3 mt-4">
+        <div v-if="loading" class="flex flex-col gap-3">
             <Skeleton v-for="i in 4" :key="i" height="130px" class="rounded-2xl" />
         </div>
 
         <!-- ─── Empty ────────────────────────────────────────────────── -->
-        <div v-else-if="!rules.length" class="rr-empty">
-            <i class="pi pi-calendar-times text-5xl opacity-25" />
-            <div class="text-lg font-semibold opacity-50">Nenhuma série encontrada</div>
-            <div class="text-sm opacity-35">
-                {{ filterStatus === 'ativo' ? 'Crie sessões recorrentes na agenda para vê-las aqui.' : 'Altere o filtro de status.' }}
+        <div v-else-if="!rules.length" class="rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] overflow-hidden">
+            <div class="flex items-center justify-between px-4 py-3 border-b border-[var(--surface-border,#e2e8f0)]">
+                <div class="flex items-center gap-2 min-w-0">
+                    <i class="pi pi-list text-[var(--text-color-secondary)] opacity-60" />
+                    <span class="font-semibold text-sm">Séries cadastradas</span>
+                </div>
+                <span class="inline-flex items-center justify-center min-w-[22px] h-[22px] px-1.5 rounded-full bg-[var(--surface-200,#e5e7eb)] text-[var(--text-color-secondary)] text-[0.72rem] font-bold">0</span>
+            </div>
+            <div class="py-10 px-6 text-center">
+                <i class="pi pi-calendar-times text-2xl opacity-20 mb-2 block" />
+                <div class="font-semibold text-sm">Nenhuma série encontrada</div>
+                <div class="text-xs opacity-60 mt-1">
+                    {{ filterStatus === 'ativo' ? 'Crie sessões recorrentes na agenda para vê-las aqui.' : 'Altere o filtro de status.' }}
+                </div>
+                <Button label="Voltar à agenda" icon="pi pi-calendar" outlined severity="secondary" size="small" class="rounded-full mt-3" @click="goBack" />
             </div>
-            <Button label="Voltar à agenda" icon="pi pi-calendar" outlined severity="secondary" class="rounded-full mt-2" @click="goBack" />
         </div>
 
         <!-- ─── Rule cards ───────────────────────────────────────────── -->
-        <div v-else class="flex flex-col gap-4 mt-4 pb-8">
+        <div v-else class="flex flex-col gap-4">
             <div v-for="rule in rules" :key="rule.id" class="rr-card">
                 <!-- Card head: patient info + status badge -->
                 <div class="rr-card__head">
@@ -434,33 +523,6 @@ onMounted(init);
 </template>
 
 <style scoped>
-/* ── Page ─────────────────────────────────────────────────────────── */
-.rr-page {
-    padding-bottom: 2rem;
-}
-
-/* ── Header ───────────────────────────────────────────────────────── */
-.rr-header {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    flex-wrap: wrap;
-    gap: 12px;
-    padding: 20px 0 16px;
-    border-bottom: 1px solid var(--surface-border);
-    margin-bottom: 4px;
-}
-
-/* ── Empty ────────────────────────────────────────────────────────── */
-.rr-empty {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    gap: 8px;
-    padding: 64px 24px;
-    text-align: center;
-}
-
 /* ── Card ─────────────────────────────────────────────────────────── */
 .rr-card {
     border-radius: 1.25rem;
diff --git a/src/features/agenda/pages/AgendaTerapeutaPage.vue b/src/features/agenda/pages/AgendaTerapeutaPage.vue
index 13dddf4..e34919d 100644
--- a/src/features/agenda/pages/AgendaTerapeutaPage.vue
+++ b/src/features/agenda/pages/AgendaTerapeutaPage.vue
@@ -15,7 +15,7 @@
 |--------------------------------------------------------------------------
 -->
 <script setup>
-import { computed, nextTick, onMounted, ref, watch } from 'vue';
+import { computed, nextTick, onBeforeUnmount, onMounted, ref, watch } from 'vue';
 import { useRouter, useRoute } from 'vue-router';
 import { useTenantStore } from '@/stores/tenantStore';
 import { supabase } from '@/lib/supabase/client';
@@ -223,6 +223,12 @@ const headerMenuRef = ref(null);
 const agPanelOpen = ref(false);
 const blockMenuRef = ref(null);
 
+// Fecha o drawer mobile ao cruzar para desktop (≥ xl / 1280px)
+const mqDesktop = typeof window !== 'undefined' ? window.matchMedia('(min-width: 1280px)') : null;
+const onMqDesktopChange = (e) => {
+    if (e.matches) agPanelOpen.value = false;
+};
+
 // ── Prontuário ────────────────────────────────────────────────
 const prontuarioOpen = ref(false);
 const selectedPatient = ref(null);
@@ -2305,6 +2311,12 @@ onMounted(async () => {
         );
         io.observe(headerSentinelRef.value);
     }
+
+    mqDesktop?.addEventListener('change', onMqDesktopChange);
+});
+
+onBeforeUnmount(() => {
+    mqDesktop?.removeEventListener('change', onMqDesktopChange);
 });
 </script>
 
@@ -2319,7 +2331,7 @@ onMounted(async () => {
     <!-- Hero compacto — padrão Compromissos -->
     <div
         ref="headerEl"
-        class="relative overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] px-3 py-2.5 mx-3 md:mx-4 mb-3 sticky top-[var(--layout-sticky-top,56px)] z-20"
+        class="relative overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] px-3 py-2.5 my-3 mx-3 md:mx-4 sticky top-[var(--layout-sticky-top,56px)] z-20"
         :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
     >
         <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
@@ -2337,7 +2349,7 @@ onMounted(async () => {
             </div>
 
             <!-- Nav + filtros (desktop) -->
-            <div class="hidden xl:flex items-center gap-2 flex-1 min-w-0 mx-2">
+            <div class="hidden min-[1500px]:flex items-center gap-2 flex-1 min-w-0 mx-2">
                 <!-- Navegação
           <div class="flex items-center gap-1 shrink-0">
             <Button label="Hoje" severity="secondary" outlined size="small" class="rounded-full" @click="goToday" />
@@ -2357,7 +2369,7 @@ onMounted(async () => {
             </div>
 
             <!-- Ações desktop -->
-            <div class="hidden xl:flex items-center gap-1 shrink-0">
+            <div class="hidden min-[1500px]:flex items-center gap-1 shrink-0">
                 <div class="w-44">
                     <FloatLabel variant="on">
                         <IconField>
@@ -2376,23 +2388,13 @@ onMounted(async () => {
                 <Button icon="pi pi-plus" class="h-9 w-9 rounded-full" @click="onCreateFromButton" />
                 <Button label="Bloquear" icon="pi pi-lock" size="small" class="rounded-full" severity="danger" outlined @click="(e) => blockMenuRef.toggle(e)" />
                 <Menu ref="blockMenuRef" :model="blockMenuItems" :popup="true" />
-                <Button icon="pi pi-refresh" severity="secondary" outlined class="h-9 w-9 rounded-full" @click="refetch" />
-                <Button icon="pi pi-sync" severity="secondary" outlined class="h-9 w-9 rounded-full" @click="goRecorrencias" />
-                <Button icon="pi pi-cog" severity="secondary" outlined class="h-9 w-9 rounded-full" @click="goSettings" />
+                <Button icon="pi pi-refresh" severity="secondary" outlined class="h-9 w-9 rounded-full" v-tooltip.bottom="'Recarregar'" @click="refetch" />
+                <Button icon="pi pi-sync" severity="secondary" outlined class="h-9 w-9 rounded-full" v-tooltip.bottom="'Recorrências'" @click="goRecorrencias" />
+                <Button icon="pi pi-cog" severity="secondary" outlined class="h-9 w-9 rounded-full" v-tooltip.bottom="'Configurações'" @click="goSettings" />
             </div>
 
             <!-- Mobile -->
-            <div class="flex xl:hidden items-center gap-1 shrink-0 ml-auto">
-                <!-- Nav mobile -->
-                <Button icon="pi pi-chevron-left" severity="secondary" outlined class="h-8 w-8 rounded-full" @click="goPrev" />
-                <span
-                    class="inline-flex items-center gap-1.5 px-3 py-1 rounded-full border border-[var(--surface-border)] bg-[var(--surface-ground)] text-sm font-semibold text-[var(--text-color)] cursor-pointer whitespace-nowrap transition-colors duration-150 hover:border-[var(--p-primary-400)]"
-                    @click="toggleMonthPicker"
-                >
-                    <i class="pi pi-calendar text-xs opacity-60" />
-                    {{ subtitleText }}
-                </span>
-                <Button icon="pi pi-chevron-right" severity="secondary" outlined class="h-8 w-8 rounded-full" @click="goNext" />
+            <div class="flex min-[1500px]:hidden items-center gap-1 shrink-0 ml-auto">
                 <div v-if="feriadosTodosProximos.length" class="relative">
                     <Button icon="pi pi-bell" :severity="feriadosSemBloqueio.length ? 'danger' : 'secondary'" outlined class="h-9 w-9 rounded-full" @click="feriadosAlertaOpen = true" />
                     <span v-if="feriadosSemBloqueio.length" class="absolute -top-1 -right-1 min-w-[16px] h-4 px-1 rounded-full bg-red-500 text-white text-[0.65rem] font-bold flex items-center justify-center pointer-events-none">{{
@@ -2411,7 +2413,7 @@ onMounted(async () => {
     <div
         ref="foraJornadaBannerRef"
         v-if="hasEventsOutsideWorkHours"
-        class="mx-3 md:mx-4 mb-3 rounded-[6px] p-3"
+        class="my-3 mx-3 md:mx-4 rounded-[6px] p-3"
         style="background: color-mix(in srgb, var(--yellow-400, #facc15) 10%, var(--surface-card)); border: 1px solid color-mix(in srgb, var(--yellow-400, #facc15) 35%, transparent)"
     >
         <div class="flex items-center gap-3">
@@ -2423,11 +2425,15 @@ onMounted(async () => {
 
     <!-- ════ GRID 3 COLUNAS ════ -->
     <!-- Overlay mobile -->
-    <div v-if="agPanelOpen" class="fixed inset-0 bg-black/40 backdrop-blur-sm z-[39] xl:hidden" @click="agPanelOpen = false" />
+    <div
+        v-if="agPanelOpen"
+        class="fixed left-0 right-0 bottom-0 top-[calc(var(--notice-banner-height,0px)+56px)] bg-black/40 backdrop-blur-sm z-[39] xl:hidden"
+        @click="agPanelOpen = false"
+    />
 
     <!-- Drawer mobile: col esquerda + col direita empilhadas -->
     <aside
-        class="panel-drawer fixed top-0 left-0 h-[100dvh] w-[min(340px,88vw)] z-40 bg-[var(--surface-card)] border-r border-[var(--surface-border)] shadow-[4px_0_24px_rgba(0,0,0,0.12)] transition-[transform,visibility] duration-[250ms] ease-[cubic-bezier(0.4,0,0.2,1)]"
+        class="panel-drawer fixed top-[calc(var(--notice-banner-height,0px)+56px)] left-0 h-[calc(100dvh-var(--notice-banner-height,0px)-56px)] w-[min(340px,88vw)] z-40 bg-[var(--surface-card)] border-r border-[var(--surface-border)] shadow-[4px_0_24px_rgba(0,0,0,0.12)] transition-[transform,visibility] duration-[250ms] ease-[cubic-bezier(0.4,0,0.2,1)]"
         :class="agPanelOpen ? 'translate-x-0 visible' : '-translate-x-full invisible'"
     >
         <div class="flex flex-col gap-3 p-4 h-full overflow-y-auto">
@@ -2668,22 +2674,23 @@ onMounted(async () => {
         <!-- COL 1: Mini calendário + Jornada + Feriados -->
         <div class="hidden xl:flex flex-col gap-3 w-full xl:w-[25%] shrink-0">
             <div class="border border-[var(--surface-border)] rounded-md bg-[var(--surface-card)] p-3">
-                <div class="flex items-center justify-between">
+                <div class="flex items-center justify-between min-w-0">
                     <!--<span class="flex items-center gap-1.5 text-[1rem] font-bold uppercase tracking-[0.06em] text-[var(--text-color-secondary)] opacity-65"><i class="pi pi-calendar" />{{ visibleTitle }}</span>-->
-                    <div class="flex items-center gap-2 mb-2">
+                    <div class="flex items-center gap-2 mb-2 min-w-0 flex-1">
                         <!--<Button icon="pi pi-home" severity="secondary" text class="h-7 w-7 rounded-full" v-tooltip.top="'Hoje'" @click="miniGoToday" />
               <Button icon="pi pi-chevron-left" severity="secondary" text class="h-7 w-7 rounded-full" @click="miniPrevMonth" />
               <Button icon="pi pi-chevron-right" severity="secondary" text class="h-7 w-7 rounded-full" @click="miniNextMonth" />-->
-                        <Button label="Hoje" severity="secondary" outlined size="small" class="rounded-full" @click="goToday" />
-                        <Button icon="pi pi-chevron-left" severity="secondary" outlined class="h-8 w-8 rounded-full" @click="goPrev" />
+                        <Button label="Hoje" severity="secondary" outlined size="small" class="rounded-full shrink-0" @click="goToday" />
+                        <Button icon="pi pi-chevron-left" severity="secondary" outlined class="h-8 w-8 rounded-full shrink-0" @click="goPrev" />
                         <span
-                            class="inline-flex items-center gap-1.5 px-3 py-1 rounded-full border border-[var(--surface-border)] bg-[var(--surface-ground)] text-sm font-semibold text-[var(--text-color)] cursor-pointer whitespace-nowrap transition-colors duration-150 hover:border-[var(--p-primary-400)]"
+                            v-tooltip.top="subtitleText"
+                            class="inline-flex flex-1 min-w-0 items-center gap-1.5 px-3 py-1 rounded-full border border-[var(--surface-border)] bg-[var(--surface-ground)] text-sm font-semibold text-[var(--text-color)] cursor-pointer transition-colors duration-150 hover:border-[var(--p-primary-400)]"
                             @click="toggleMonthPicker"
                         >
-                            <i class="pi pi-calendar text-xs opacity-60" />
-                            {{ subtitleText }}
+                            <i class="pi pi-calendar text-xs opacity-60 shrink-0" />
+                            <span class="truncate">{{ subtitleText }}</span>
                         </span>
-                        <Button icon="pi pi-chevron-right" severity="secondary" outlined class="h-8 w-8 rounded-full" @click="goNext" />
+                        <Button icon="pi pi-chevron-right" severity="secondary" outlined class="h-8 w-8 rounded-full shrink-0" @click="goNext" />
                     </div>
                 </div>
                 <DatePicker v-model="miniDate" inline class="w-full" @update:modelValue="onMiniPick" :pt="{ day: ({ context }) => ({ class: miniDayClass(context.date) }) }">
diff --git a/src/features/agenda/pages/AgendamentosRecebidosPage.vue b/src/features/agenda/pages/AgendamentosRecebidosPage.vue
index a6eea0b..baccc69 100644
--- a/src/features/agenda/pages/AgendamentosRecebidosPage.vue
+++ b/src/features/agenda/pages/AgendamentosRecebidosPage.vue
@@ -350,7 +350,7 @@ const emptySub = computed(() => {
        HERO sticky
   ═══════════════════════════════════════════════════════ -->
     <section
-        class="sticky mx-3 md:mx-4 mb-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
+        class="sticky my-3 md:mx-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
         :style="{ top: 'var(--layout-sticky-top, 56px)' }"
     >
         <!-- Blobs -->
@@ -421,7 +421,7 @@ const emptySub = computed(() => {
     <Transition name="ar-banner">
         <div
             v-if="totalAutorizados > 0 && filtroStatus !== 'autorizado' && !loading"
-            class="mx-3 md:mx-4 mb-3 flex items-center gap-3 px-4 py-3 rounded-md border border-amber-300/60 bg-amber-50 cursor-pointer hover:bg-amber-100/70 transition-colors duration-150"
+            class="my-3 md:mx-4 flex items-center gap-3 px-4 py-3 rounded-md border border-amber-300/60 bg-amber-50 cursor-pointer hover:bg-amber-100/70 transition-colors duration-150"
             @click="filtroStatus = 'autorizado'"
         >
             <!-- Ícone pulsante -->
diff --git a/src/features/agenda/pages/CompromissosDeterminados.vue b/src/features/agenda/pages/CompromissosDeterminados.vue
index 8048a8b..c18cde3 100644
--- a/src/features/agenda/pages/CompromissosDeterminados.vue
+++ b/src/features/agenda/pages/CompromissosDeterminados.vue
@@ -16,10 +16,11 @@
 -->
 <script setup>
 import { computed, onBeforeUnmount, onMounted, reactive, ref } from 'vue';
+import { useRoute, useRouter } from 'vue-router';
 
 import { useToast } from 'primevue/usetoast';
 
-import InputSwitch from 'primevue/inputswitch';
+import ToggleSwitch from 'primevue/toggleswitch';
 import Menu from 'primevue/menu';
 
 import DeterminedCommitmentDialog from '@/features/agenda/components/DeterminedCommitmentDialog.vue';
@@ -29,6 +30,14 @@ import { useTenantStore } from '@/stores/tenantStore';
 
 const toast = useToast();
 const tenantStore = useTenantStore();
+const route = useRoute();
+const router = useRouter();
+
+function goBack() {
+    const isClinic = (route.name || '').toString().startsWith('admin-');
+    if (isClinic) router.push({ name: 'admin-agenda-clinica' });
+    else router.push({ name: 'therapist-agenda' });
+}
 
 // ── Hero sticky ───────────────────────────────────────────
 const headerEl = ref(null);
@@ -382,7 +391,7 @@ function isRecent(row) {
   ═══════════════════════════════════════ -->
     <div
         ref="headerEl"
-        class="sticky mx-3 md:mx-4 mb-3 z-20 overflow-hidden rounded-md border border-(--surface-border,#e2e8f0) bg-(--surface-card,#fff) px-3 py-2.5 transition-[border-radius] duration-200"
+        class="sticky my-3 mx-3 md:mx-4 z-20 overflow-hidden rounded-md border border-(--surface-border,#e2e8f0) bg-(--surface-card,#fff) px-3 py-2.5 transition-[border-radius] duration-200"
         :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
         :style="{ top: 'var(--layout-sticky-top, 56px)' }"
     >
@@ -393,8 +402,9 @@ function isRecent(row) {
         </div>
 
         <div class="relative z-1 flex items-center gap-3">
-            <!-- Brand -->
+            <!-- Voltar + Brand -->
             <div class="flex items-center gap-2 shrink-0">
+                <Button icon="pi pi-arrow-left" text severity="secondary" class="h-9 w-9 rounded-full shrink-0" v-tooltip.bottom="'Voltar à agenda'" @click="goBack" />
                 <div class="grid place-items-center w-9 h-9 rounded-md shrink-0 bg-indigo-500/10 text-indigo-500">
                     <i class="pi pi-list text-base" />
                 </div>
@@ -453,7 +463,7 @@ function isRecent(row) {
   ═══════════════════════════════════════ -->
     <div class="px-3 md:px-4 pb-5 flex flex-col xl:flex-row gap-3 xl:gap-4 items-start">
         <!-- ── Coluna principal ── -->
-        <div class="w-full xl:flex-1 xl:min-w-0">
+        <div class="w-full xl:flex-1 xl:min-w-0 flex flex-col gap-3 xl:gap-4">
             <!-- Stats row -->
             <div class="grid grid-cols-2 md:grid-cols-3 xl:grid-cols-6 gap-2">
                 <template v-if="loading">
@@ -471,7 +481,7 @@ function isRecent(row) {
                         >
                             {{ s.value }}
                         </div>
-                        <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">{{ s.label }}</div>
+                        <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">{{ s.label }}</div>
                     </div>
                 </template>
             </div>
@@ -533,7 +543,7 @@ function isRecent(row) {
 
                     <Column field="active" header="Ativo" style="width: 7rem">
                         <template #body="{ data }">
-                            <InputSwitch v-model="data.active" :disabled="isActiveLocked(data) || saving" @change="onToggleActive(data)" />
+                            <ToggleSwitch v-model="data.active" :disabled="isActiveLocked(data) || saving" @change="onToggleActive(data)" />
                         </template>
                     </Column>
 
diff --git a/src/features/conversations/CRMConversasPage.vue b/src/features/conversations/CRMConversasPage.vue
new file mode 100644
index 0000000..fb0cb17
--- /dev/null
+++ b/src/features/conversations/CRMConversasPage.vue
@@ -0,0 +1,531 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Tecnologia aplicada à escuta.
+| Estrutura para o cuidado.
+|
+| Arquivo: src/features/conversations/CRMConversasPage.vue
+| Data: 2026
+| Local: São Carlos/SP — Brasil
+|--------------------------------------------------------------------------
+| © 2026 — Todos os direitos reservados
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, computed, onMounted, watch } from 'vue';
+import { useRoute, useRouter } from 'vue-router';
+import { supabase } from '@/lib/supabase/client';
+import { useConversations } from '@/composables/useConversations';
+import { useConversationTags } from '@/composables/useConversationTags';
+import { useTenantStore } from '@/stores/tenantStore';
+import { useLayout } from '@/layout/composables/layout';
+import { useConversationDrawerStore } from '@/stores/conversationDrawerStore';
+
+const route = useRoute();
+const router = useRouter();
+const tenantStore = useTenantStore();
+const drawerStore = useConversationDrawerStore();
+
+function goSettings() {
+    router.push('/configuracoes/whatsapp');
+}
+
+const { threads, filteredThreads, byKanban, summary, filters, loading, load, subscribeRealtime, unsubscribeRealtime } = useConversations();
+
+// Tags — pra renderizar pills nos cards
+const tagsApi = useConversationTags();
+const threadTagsMap = ref(new Map()); // Map<thread_key, tag_id[]>
+const tagById = computed(() => {
+    const m = {};
+    for (const t of tagsApi.allTags.value) m[t.id] = t;
+    return m;
+});
+
+function tagsForThread(threadKey) {
+    const ids = threadTagsMap.value.get(threadKey) || [];
+    return ids.map((id) => tagById.value[id]).filter(Boolean);
+}
+
+async function reloadThreadTags() {
+    const keys = filteredThreads.value.map((t) => t.thread_key);
+    threadTagsMap.value = await tagsApi.loadForThreads(keys);
+}
+
+// Layout
+const { effectiveVariant, layoutState, layoutConfig, isMobile, railPanelPushesLayout } = useLayout();
+const isMobileLayout = computed(() => isMobile.value);
+const asideLeft = computed(() => {
+    if (isMobileLayout.value) return undefined;
+    if (effectiveVariant.value !== 'rail') {
+        const isStaticActive = layoutConfig.menuMode === 'static' && !layoutState.staticMenuInactive;
+        return isStaticActive ? '20rem' : '0';
+    }
+    return railPanelPushesLayout.value ? 'calc(60px + 260px)' : '60px';
+});
+const asideOpen = ref(false);
+
+const KANBAN_COLUMNS = [
+    { key: 'urgent', label: 'Urgente', icon: 'pi pi-exclamation-triangle', color: 'red' },
+    { key: 'awaiting_us', label: 'Aguardando resposta', icon: 'pi pi-inbox', color: 'amber' },
+    { key: 'awaiting_patient', label: 'Aguardando paciente', icon: 'pi pi-hourglass', color: 'blue' },
+    { key: 'resolved', label: 'Resolvido', icon: 'pi pi-check', color: 'emerald' }
+];
+
+const CHANNEL_OPTIONS = [
+    { label: 'Todos', value: null },
+    { label: 'WhatsApp', value: 'whatsapp' },
+    { label: 'SMS', value: 'sms' },
+    { label: 'E-mail', value: 'email' }
+];
+
+function fmtRelative(iso) {
+    if (!iso) return '';
+    const d = new Date(iso);
+    const now = new Date();
+    const diff = Math.floor((now - d) / 1000);
+    if (diff < 60) return 'agora';
+    if (diff < 3600) return `${Math.floor(diff / 60)}m`;
+    if (diff < 86400) return `${Math.floor(diff / 3600)}h`;
+    if (diff < 604800) return `${Math.floor(diff / 86400)}d`;
+    return d.toLocaleDateString('pt-BR');
+}
+
+function channelIcon(ch) {
+    const map = { whatsapp: 'pi-whatsapp', sms: 'pi-comment', email: 'pi-envelope' };
+    return map[ch] || 'pi-comment';
+}
+
+function truncate(s, n = 80) {
+    if (!s) return '';
+    const str = String(s).replace(/\s+/g, ' ').trim();
+    return str.length > n ? str.slice(0, n - 1) + '…' : str;
+}
+
+function contactLabel(thread) {
+    return thread.patient_name || thread.contact_number || 'Desconhecido';
+}
+
+function onCardClick(thread) {
+    drawerStore.openForThread(thread);
+    if (isMobileLayout.value) asideOpen.value = false;
+}
+
+// Top 10 pacientes com atividade recente — aside
+const recentPatients = computed(() => {
+    return filteredThreads.value
+        .filter((t) => t.patient_id)
+        .slice(0, 10);
+});
+
+const unlinkedCount = computed(() => filteredThreads.value.filter((t) => !t.patient_id).length);
+
+// Atribuição — contadores sobre threads (antes do filtro de atribuição)
+const currentUserId = ref(null);
+supabase.auth.getUser().then(({ data }) => { currentUserId.value = data?.user?.id ?? null; });
+const mineCount = computed(() => {
+    const uid = currentUserId.value;
+    if (!uid) return 0;
+    return threads.value.filter((t) => t.assigned_to === uid).length;
+});
+const unassignedCount = computed(() => threads.value.filter((t) => !t.assigned_to).length);
+
+// Map user_id → nome curto pra chip no card
+const memberNameMap = ref({});
+async function loadMemberNames() {
+    const tenantId = tenantStore.activeTenantId;
+    if (!tenantId) return;
+    const { data } = await supabase
+        .from('v_tenant_members_with_profiles')
+        .select('user_id, full_name, email')
+        .eq('tenant_id', tenantId)
+        .eq('status', 'active');
+    const map = {};
+    for (const m of (data || [])) {
+        const full = m.full_name || m.email || '';
+        map[m.user_id] = full;
+    }
+    memberNameMap.value = map;
+}
+function assigneeLabel(userId) {
+    if (!userId) return '';
+    const full = memberNameMap.value[userId];
+    if (!full) return 'Atribuída';
+    const parts = full.trim().split(/\s+/);
+    if (parts.length === 1) return parts[0].slice(0, 14);
+    return `${parts[0]} ${parts[parts.length - 1][0]}.`;
+}
+
+// Abre drawer automaticamente se query ?patient=<uuid>
+async function openThreadByPatientId(patientId) {
+    if (!patientId) return;
+    await drawerStore.openForPatient(patientId);
+}
+
+onMounted(async () => {
+    await load();
+    subscribeRealtime();
+
+    // Carrega definições de tags e tags por thread (em paralelo) + nomes de membros
+    await Promise.all([tagsApi.loadAllTags(), reloadThreadTags(), loadMemberNames()]);
+
+    // Se vier com query ?patient=<uuid>, abre o drawer direto
+    const patientFromQuery = route.query?.patient;
+    if (patientFromQuery) {
+        await openThreadByPatientId(String(patientFromQuery));
+    }
+});
+
+// Recarrega tags + threads quando o drawer fecha (tags/atribuição podem ter mudado)
+watch(() => drawerStore.isOpen, (isOpen) => {
+    if (!isOpen) {
+        reloadThreadTags();
+        load();
+    }
+});
+
+// Recarrega tags quando a lista de threads muda (nova mensagem cria nova thread)
+watch(() => filteredThreads.value.length, () => { reloadThreadTags(); });
+
+// Reage a mudanças de rota (ex: clicou outro paciente)
+watch(
+    () => route.query?.patient,
+    async (pid) => { if (pid) await openThreadByPatientId(String(pid)); }
+);
+
+watch(() => tenantStore.activeTenantId, async () => {
+    unsubscribeRealtime();
+    await load();
+    subscribeRealtime();
+});
+</script>
+
+<template>
+    <div class="flex min-h-[calc(100vh-4.5rem)] bg-[var(--surface-ground,#f5f7fa)]">
+        <!-- Overlay mobile -->
+        <div v-if="asideOpen" class="fixed inset-0 bg-black/40 backdrop-blur-sm z-[39] xl:hidden" @click="asideOpen = false" />
+
+        <!-- ═══════════════════════════════════════
+             ASIDE — filtros rápidos + pacientes ativos
+            ══════════════════════════════════════════ -->
+        <aside
+            class="aside-drawer flex flex-col overflow-y-auto shrink-0 bg-[var(--surface-card,#fff)] border-r border-[var(--surface-border,#e2e8f0)]"
+            :class="asideOpen ? 'translate-x-0 visible' : 'max-xl:-translate-x-full max-xl:invisible'"
+            :style="{ left: asideLeft }"
+        >
+            <!-- Cabeçalho -->
+            <div class="p-3.5 pb-2.5 border-b border-[var(--surface-border,#e2e8f0)]">
+                <div class="flex items-center gap-1.5 text-xs font-bold uppercase tracking-widest text-[var(--text-color-secondary,#64748b)] mb-2.5">
+                    <i class="pi pi-filter" /><span>Filtros rápidos</span>
+                </div>
+
+                <div class="flex flex-col gap-1.5">
+                    <button
+                        class="flex items-center justify-between gap-2 px-3 py-2 rounded-md text-sm transition-colors border border-[var(--surface-border)] bg-transparent cursor-pointer hover:bg-[var(--surface-hover)]"
+                        :class="{ 'ring-2 ring-blue-500/40': !filters.unreadOnly && !filters.channel }"
+                        @click="filters.unreadOnly = false; filters.channel = null; filters.search = ''"
+                    >
+                        <span class="flex items-center gap-2"><i class="pi pi-list text-xs" /> Todas</span>
+                        <Badge :value="summary.total" severity="secondary" />
+                    </button>
+
+                    <button
+                        class="flex items-center justify-between gap-2 px-3 py-2 rounded-md text-sm transition-colors border border-[var(--surface-border)] bg-transparent cursor-pointer hover:bg-red-500/5"
+                        :class="{ 'ring-2 ring-red-500/40 bg-red-500/5': filters.unreadOnly }"
+                        @click="filters.unreadOnly = !filters.unreadOnly"
+                    >
+                        <span class="flex items-center gap-2"><i class="pi pi-bell text-xs text-red-500" /> Não lidas</span>
+                        <Badge :value="summary.unreadTotal" :severity="summary.unreadTotal > 0 ? 'danger' : 'secondary'" />
+                    </button>
+                </div>
+            </div>
+
+            <!-- Atribuição -->
+            <div class="p-3.5 pb-2.5 border-b border-[var(--surface-border,#e2e8f0)]">
+                <div class="flex items-center gap-1.5 text-xs font-bold uppercase tracking-widest text-[var(--text-color-secondary,#64748b)] mb-2.5">
+                    <i class="pi pi-user" /><span>Atribuição</span>
+                </div>
+                <div class="flex flex-col gap-1.5">
+                    <button
+                        class="flex items-center justify-between gap-2 px-3 py-1.5 rounded-md text-sm transition-colors border border-[var(--surface-border)] bg-transparent cursor-pointer hover:bg-[var(--surface-hover)]"
+                        :class="{ 'ring-2 ring-blue-500/40 bg-blue-500/5': !filters.assigned }"
+                        @click="filters.assigned = null"
+                    >
+                        <span class="flex items-center gap-2 text-xs"><i class="pi pi-list text-xs" /> Todas</span>
+                    </button>
+                    <button
+                        class="flex items-center justify-between gap-2 px-3 py-1.5 rounded-md text-sm transition-colors border border-[var(--surface-border)] bg-transparent cursor-pointer hover:bg-[var(--surface-hover)]"
+                        :class="{ 'ring-2 ring-blue-500/40 bg-blue-500/5': filters.assigned === 'me' }"
+                        @click="filters.assigned = 'me'"
+                    >
+                        <span class="flex items-center gap-2 text-xs"><i class="pi pi-user text-xs text-blue-500" /> Minhas</span>
+                        <Badge :value="mineCount" severity="secondary" />
+                    </button>
+                    <button
+                        class="flex items-center justify-between gap-2 px-3 py-1.5 rounded-md text-sm transition-colors border border-[var(--surface-border)] bg-transparent cursor-pointer hover:bg-[var(--surface-hover)]"
+                        :class="{ 'ring-2 ring-amber-500/40 bg-amber-500/5': filters.assigned === 'unassigned' }"
+                        @click="filters.assigned = 'unassigned'"
+                    >
+                        <span class="flex items-center gap-2 text-xs"><i class="pi pi-user-minus text-xs text-amber-500" /> Não atribuídas</span>
+                        <Badge :value="unassignedCount" :severity="unassignedCount > 0 ? 'warn' : 'secondary'" />
+                    </button>
+                </div>
+            </div>
+
+            <!-- Status Kanban (resumo) -->
+            <div class="p-3.5 pb-2.5 border-b border-[var(--surface-border,#e2e8f0)]">
+                <div class="flex items-center gap-1.5 text-xs font-bold uppercase tracking-widest text-[var(--text-color-secondary,#64748b)] mb-2.5">
+                    <i class="pi pi-chart-bar" /><span>Por status</span>
+                </div>
+
+                <div class="flex flex-col gap-1.5">
+                    <div
+                        v-for="col in KANBAN_COLUMNS"
+                        :key="col.key"
+                        class="flex items-center justify-between gap-2 px-3 py-1.5 rounded-md text-sm border border-[var(--surface-border)]"
+                        :class="{
+                            'border-red-500/30 bg-red-500/5': col.color === 'red' && summary[col.key] > 0,
+                            'border-amber-500/30 bg-amber-500/5': col.color === 'amber' && summary[col.key] > 0,
+                            'border-blue-500/30 bg-blue-500/5': col.color === 'blue' && summary[col.key] > 0,
+                            'border-emerald-500/30 bg-emerald-500/5': col.color === 'emerald' && summary[col.key] > 0
+                        }"
+                    >
+                        <span class="flex items-center gap-2 text-xs">
+                            <i :class="col.icon" />
+                            {{ col.label }}
+                        </span>
+                        <Badge :value="summary[col.key] || 0" severity="secondary" />
+                    </div>
+                </div>
+            </div>
+
+            <!-- Canais -->
+            <div class="p-3.5 pb-2.5 border-b border-[var(--surface-border,#e2e8f0)]">
+                <div class="flex items-center gap-1.5 text-xs font-bold uppercase tracking-widest text-[var(--text-color-secondary,#64748b)] mb-2.5">
+                    <i class="pi pi-send" /><span>Canais</span>
+                </div>
+                <div class="flex flex-col gap-1.5">
+                    <button
+                        v-for="opt in CHANNEL_OPTIONS"
+                        :key="String(opt.value)"
+                        class="flex items-center gap-2 px-3 py-1.5 rounded-md text-sm transition-colors border border-[var(--surface-border)] bg-transparent cursor-pointer hover:bg-[var(--surface-hover)]"
+                        :class="{ 'ring-2 ring-blue-500/40 bg-blue-500/5': filters.channel === opt.value }"
+                        @click="filters.channel = opt.value"
+                    >
+                        <i v-if="opt.value" :class="['pi text-xs', channelIcon(opt.value)]" />
+                        <i v-else class="pi pi-list text-xs" />
+                        {{ opt.label }}
+                    </button>
+                </div>
+            </div>
+
+            <!-- Pacientes com atividade recente -->
+            <div v-if="recentPatients.length" class="p-3.5 pb-3 border-b border-[var(--surface-border,#e2e8f0)]">
+                <div class="flex items-center gap-1.5 text-xs font-bold uppercase tracking-widest text-[var(--text-color-secondary,#64748b)] mb-2.5">
+                    <i class="pi pi-users" /><span>Recentes</span>
+                </div>
+                <div class="flex flex-col gap-1">
+                    <button
+                        v-for="t in recentPatients"
+                        :key="t.thread_key"
+                        class="flex items-center justify-between gap-2 px-2 py-1.5 rounded-md text-xs border-none bg-transparent cursor-pointer text-left hover:bg-[var(--surface-hover)] transition-colors"
+                        @click="onCardClick(t)"
+                    >
+                        <span class="flex items-center gap-2 min-w-0 flex-1">
+                            <i :class="['pi', channelIcon(t.channel), 'text-[0.65rem] opacity-60']" />
+                            <span class="truncate text-[var(--text-color)]">{{ contactLabel(t) }}</span>
+                        </span>
+                        <span class="flex items-center gap-1 shrink-0">
+                            <Badge v-if="t.unread_count > 0" :value="t.unread_count" severity="danger" />
+                            <span class="text-[0.65rem] text-[var(--text-color-secondary)] opacity-75">{{ fmtRelative(t.last_message_at) }}</span>
+                        </span>
+                    </button>
+                </div>
+            </div>
+
+            <!-- Alerta: não vinculados -->
+            <div v-if="unlinkedCount > 0" class="p-3.5">
+                <div class="flex items-start gap-2 p-2.5 rounded-md border border-amber-500/30 bg-amber-500/5 text-xs">
+                    <i class="pi pi-exclamation-circle text-amber-600 mt-0.5" />
+                    <div>
+                        <div class="font-semibold text-amber-700">{{ unlinkedCount }} conversa(s) sem paciente vinculado</div>
+                        <div class="opacity-75">Números de telefone que não batem com pacientes cadastrados.</div>
+                    </div>
+                </div>
+            </div>
+        </aside>
+
+        <!-- ═══════════════════════════════════════
+             ÁREA PRINCIPAL
+            ══════════════════════════════════════════ -->
+        <main class="flex-1 min-w-0 p-4 xl:p-[1.125rem_1.375rem] flex flex-col gap-4 overflow-y-auto" :style="{ marginLeft: isMobileLayout ? undefined : '272px' }">
+            <!-- Header -->
+            <section class="relative overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-3">
+                <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
+                    <div class="absolute w-72 h-72 -top-16 -right-12 rounded-full blur-[70px] bg-blue-500/10" />
+                    <div class="absolute w-80 h-80 top-2 -left-20 rounded-full blur-[70px] bg-emerald-400/[0.08]" />
+                </div>
+
+                <div class="relative z-1 flex items-center gap-3 flex-wrap">
+                    <div class="flex items-center gap-3 flex-1 min-w-0">
+                        <div class="grid place-items-center w-10 h-10 rounded-md shrink-0 bg-blue-500/10 text-blue-600">
+                            <i class="pi pi-comments text-lg" />
+                        </div>
+                        <div class="min-w-0">
+                            <div class="text-[1.1rem] font-bold tracking-tight text-[var(--text-color)]">Conversas</div>
+                            <div class="text-[0.78rem] text-[var(--text-color-secondary)] mt-0.5">
+                                CRM de WhatsApp · {{ summary.total }} conversa(s)
+                                <span v-if="summary.unreadTotal > 0" class="ml-2 text-red-500 font-semibold">· {{ summary.unreadTotal }} não lida(s)</span>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="flex items-center gap-2 shrink-0">
+                        <IconField>
+                            <InputIcon class="pi pi-search" />
+                            <InputText v-model="filters.search" placeholder="Buscar paciente, número ou mensagem" class="w-64" maxlength="120" />
+                        </IconField>
+                        <Button icon="pi pi-refresh" severity="secondary" outlined class="h-9 w-9 rounded-full" :loading="loading" v-tooltip.bottom="'Recarregar'" @click="load" />
+                        <Button icon="pi pi-cog" severity="secondary" outlined class="h-9 w-9 rounded-full" v-tooltip.bottom="'Configurações'" @click="goSettings" />
+                    </div>
+                </div>
+            </section>
+
+            <!-- Toggle aside — mobile -->
+            <button
+                class="xl:hidden flex w-full items-center justify-between gap-3 px-4 py-3 bg-[var(--surface-card,#fff)] border border-[var(--surface-border,#e2e8f0)] rounded-md text-sm font-semibold text-[var(--text-color)] cursor-pointer"
+                @click="asideOpen = !asideOpen"
+            >
+                <div class="flex items-center gap-2">
+                    <i class="pi pi-filter text-[var(--primary-color,#6366f1)]" />
+                    <span>Filtros & recentes</span>
+                </div>
+                <i class="pi transition-transform duration-200" :class="asideOpen ? 'pi-chevron-up' : 'pi-chevron-down'" />
+            </button>
+
+            <!-- Kanban -->
+            <div class="grid grid-cols-1 md:grid-cols-2 xl:grid-cols-4 gap-3">
+                <div
+                    v-for="col in KANBAN_COLUMNS"
+                    :key="col.key"
+                    class="flex flex-col rounded-lg border bg-[var(--surface-card)] min-h-[400px]"
+                    :class="{
+                        'border-red-500/40': col.color === 'red',
+                        'border-amber-500/40': col.color === 'amber',
+                        'border-blue-500/40': col.color === 'blue',
+                        'border-emerald-500/40': col.color === 'emerald'
+                    }"
+                >
+                    <!-- Column header -->
+                    <div
+                        class="flex items-center justify-between gap-2 px-3 py-2 border-b"
+                        :class="{
+                            'border-red-500/30 bg-red-500/5': col.color === 'red',
+                            'border-amber-500/30 bg-amber-500/5': col.color === 'amber',
+                            'border-blue-500/30 bg-blue-500/5': col.color === 'blue',
+                            'border-emerald-500/30 bg-emerald-500/5': col.color === 'emerald'
+                        }"
+                    >
+                        <div class="flex items-center gap-2 text-sm font-semibold">
+                            <i :class="col.icon" />
+                            {{ col.label }}
+                        </div>
+                        <Badge :value="byKanban[col.key].length" severity="secondary" />
+                    </div>
+
+                    <!-- Cards -->
+                    <div class="flex flex-col gap-2 p-2 overflow-y-auto max-h-[calc(100vh-320px)]">
+                        <div v-if="loading && !byKanban[col.key].length" class="text-xs text-[var(--text-color-secondary)] p-3 text-center">
+                            <i class="pi pi-spin pi-spinner mr-2" />Carregando...
+                        </div>
+                        <div v-else-if="!byKanban[col.key].length" class="text-xs text-[var(--text-color-secondary)] p-6 text-center italic">
+                            Nenhuma conversa.
+                        </div>
+
+                        <div
+                            v-for="t in byKanban[col.key]"
+                            :key="t.thread_key"
+                            class="flex flex-col gap-1.5 p-3 rounded-md border border-[var(--surface-border)] bg-[var(--surface-ground)] cursor-pointer hover:shadow-sm hover:border-blue-500/40 transition-all"
+                            @click="onCardClick(t)"
+                        >
+                            <div class="flex items-center justify-between gap-2 min-w-0">
+                                <div class="flex items-center gap-2 min-w-0 flex-1">
+                                    <i :class="['pi', channelIcon(t.channel), 'text-[var(--text-color-secondary)]']" />
+                                    <span class="text-sm font-semibold truncate text-[var(--text-color)]">{{ contactLabel(t) }}</span>
+                                </div>
+                                <Badge v-if="t.unread_count > 0" :value="t.unread_count" severity="danger" />
+                            </div>
+
+                            <div class="text-xs text-[var(--text-color-secondary)] truncate">
+                                <i v-if="t.last_message_direction === 'outbound'" class="pi pi-arrow-right text-[0.6rem] mr-1 opacity-60" />
+                                {{ truncate(t.last_message_body) }}
+                            </div>
+
+                            <!-- Tags pills -->
+                            <div v-if="tagsForThread(t.thread_key).length" class="flex items-center gap-1 flex-wrap">
+                                <span
+                                    v-for="tag in tagsForThread(t.thread_key)"
+                                    :key="tag.id"
+                                    class="inline-flex items-center gap-1 px-1.5 py-px rounded-full text-[0.62rem] font-semibold leading-tight"
+                                    :style="{
+                                        background: tag.color + '20',
+                                        color: tag.color,
+                                        border: `1px solid ${tag.color}40`
+                                    }"
+                                >
+                                    <i v-if="tag.icon" :class="tag.icon" class="text-[0.55rem]" />
+                                    {{ tag.name }}
+                                </span>
+                            </div>
+
+                            <div class="flex items-center justify-between gap-2 text-[0.68rem] text-[var(--text-color-secondary)] opacity-75">
+                                <span>{{ fmtRelative(t.last_message_at) }}</span>
+                                <span
+                                    v-if="t.assigned_to"
+                                    class="inline-flex items-center gap-1 px-1.5 py-px rounded-full text-[0.62rem] font-semibold"
+                                    :class="t.assigned_to === currentUserId
+                                        ? 'bg-blue-500/15 text-blue-600 border border-blue-500/30'
+                                        : 'bg-[var(--surface-hover)] text-[var(--text-color)] border border-[var(--surface-border)]'"
+                                    v-tooltip.top="t.assigned_to === currentUserId ? 'Atribuída a mim' : 'Atribuída a ' + (memberNameMap[t.assigned_to] || '')"
+                                >
+                                    <i class="pi pi-user text-[0.55rem]" />
+                                    {{ t.assigned_to === currentUserId ? 'Eu' : assigneeLabel(t.assigned_to) }}
+                                </span>
+                                <span v-else-if="!t.patient_name" class="italic">não vinculado</span>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </main>
+    </div>
+</template>
+
+<style scoped>
+.aside-drawer {
+    position: fixed;
+    top: calc(56px + var(--notice-banner-height, 0px));
+    left: 0;
+    height: calc(100dvh - 56px - var(--notice-banner-height, 0px));
+    width: min(300px, 85vw);
+    z-index: 40;
+    overflow-y: auto;
+    transition:
+        transform 0.25s cubic-bezier(0.4, 0, 0.2, 1),
+        visibility 0.25s;
+    box-shadow: 4px 0 24px rgba(0, 0, 0, 0.15);
+}
+@media (min-width: 1280px) {
+    .aside-drawer {
+        position: fixed;
+        top: calc(56px + var(--notice-banner-height, 0px));
+        height: calc(100vh - 56px - var(--notice-banner-height, 0px));
+        width: 272px;
+        transform: none;
+        visibility: visible;
+        box-shadow: none;
+        z-index: auto;
+    }
+}
+</style>
diff --git a/src/features/documents/DocumentTemplatesPage.vue b/src/features/documents/DocumentTemplatesPage.vue
index f7a9688..5af2a1e 100644
--- a/src/features/documents/DocumentTemplatesPage.vue
+++ b/src/features/documents/DocumentTemplatesPage.vue
@@ -15,7 +15,7 @@
 |--------------------------------------------------------------------------
 -->
 <script setup>
-import { ref, computed, onMounted } from 'vue'
+import { ref, computed, onMounted, onBeforeUnmount } from 'vue'
 import { useToast } from 'primevue/usetoast'
 import { useConfirm } from 'primevue/useconfirm'
 import Menu from 'primevue/menu'
@@ -39,6 +39,13 @@ const view = ref('list')  // list | create | edit
 const editingTemplate = ref({})
 const editingId = ref(null)
 
+// ── Hero sticky ─────────────────────────────────────────────
+
+const headerEl = ref(null)
+const headerSentinelRef = ref(null)
+const headerStuck = ref(false)
+let _observer = null
+
 // ── Mobile menu ─────────────────────────────────────────────
 
 const mobileMenuRef = ref(null)
@@ -50,7 +57,19 @@ const mobileMenuItems = [
 
 // ── Lifecycle ───────────────────────────────────────────────
 
-onMounted(() => fetchTemplates(true))
+onMounted(() => {
+    const rootMargin = `${document.querySelector('.l2-main') ? '0px' : '-56px'} 0px 0px 0px`
+    _observer = new IntersectionObserver(
+        ([entry]) => { headerStuck.value = !entry.isIntersecting },
+        { threshold: 0, rootMargin }
+    )
+    if (headerSentinelRef.value) _observer.observe(headerSentinelRef.value)
+    fetchTemplates(true)
+})
+
+onBeforeUnmount(() => {
+    _observer?.disconnect()
+})
 
 // ── Acoes ───────────────────────────────────────────────────
 
@@ -148,111 +167,155 @@ function getCardMenuItems(tpl) {
 </script>
 
 <template>
-    <div class="px-4 py-6 max-w-[1200px] mx-auto">
+    <!-- Sentinel -->
+    <div ref="headerSentinelRef" class="h-px" />
 
-        <!-- Header -->
-        <div class="flex flex-col sm:flex-row sm:items-center sm:justify-between gap-3 mb-6">
-            <div>
-                <div class="flex items-center gap-2">
-                    <Button
-                        v-if="view !== 'list'"
-                        icon="pi pi-arrow-left"
-                        text
-                        rounded
-                        size="small"
-                        @click="view = 'list'"
-                    />
-                    <h1 class="text-xl font-bold">
+    <!-- Hero sticky -->
+    <div
+        ref="headerEl"
+        class="sticky my-3 md:mx-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
+        :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
+        :style="{ top: 'var(--layout-sticky-top, 56px)' }"
+    >
+        <!-- Blobs decorativos -->
+        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
+            <div class="absolute w-64 h-64 -top-16 -right-8 rounded-full blur-[60px] bg-indigo-500/10" />
+            <div class="absolute w-72 h-72 top-0 -left-16 rounded-full blur-[60px] bg-emerald-400/9" />
+        </div>
+
+        <div class="relative z-1 flex items-center gap-3">
+            <!-- Voltar (create/edit) + Brand -->
+            <div class="flex items-center gap-2 shrink-0">
+                <Button v-if="view !== 'list'" icon="pi pi-arrow-left" text severity="secondary" class="h-9 w-9 rounded-full shrink-0" v-tooltip.bottom="'Voltar à lista'" @click="view = 'list'" />
+                <div class="grid place-items-center w-9 h-9 rounded-md shrink-0 bg-indigo-500/10 text-indigo-500">
+                    <i class="pi pi-file-edit text-base" />
+                </div>
+                <div class="min-w-0 hidden lg:block">
+                    <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">
                         <template v-if="view === 'list'">Templates de documentos</template>
                         <template v-else-if="view === 'create'">Novo template</template>
                         <template v-else>Editar template</template>
-                    </h1>
+                    </div>
+                    <div class="text-[0.75rem] text-[var(--text-color-secondary)]">Modelos para declarações, atestados, recibos e outros documentos</div>
                 </div>
-                <p v-if="view === 'list'" class="text-sm text-[var(--text-color-secondary)]">
-                    Modelos para declarações, atestados, recibos e outros documentos
-                </p>
             </div>
 
-            <div v-if="view === 'list'" class="hidden sm:flex items-center gap-2">
-                <Button label="Novo template" icon="pi pi-plus" size="small" @click="openCreate" />
+            <!-- Ações LIST (desktop) -->
+            <div v-if="view === 'list'" class="hidden xl:flex items-center gap-1 shrink-0 ml-auto">
+                <Button icon="pi pi-refresh" severity="secondary" outlined class="h-9 w-9 rounded-full" :loading="loading" v-tooltip.bottom="'Atualizar'" @click="fetchTemplates(true)" />
+                <Button label="Novo template" icon="pi pi-plus" size="small" class="rounded-full" @click="openCreate" />
             </div>
-            <div v-if="view === 'list'" class="sm:hidden">
-                <Button icon="pi pi-ellipsis-v" text rounded @click="mobileMenuRef.toggle($event)" />
+
+            <!-- Ações LIST (mobile) -->
+            <div v-if="view === 'list'" class="flex xl:hidden items-center gap-1 shrink-0 ml-auto">
+                <Button icon="pi pi-plus" class="h-9 w-9 rounded-full" @click="openCreate" />
+                <Button label="Ações" icon="pi pi-ellipsis-v" severity="secondary" size="small" class="rounded-full" @click="(e) => mobileMenuRef.toggle(e)" />
                 <Menu ref="mobileMenuRef" :model="mobileMenuItems" :popup="true" />
             </div>
-        </div>
 
-        <!-- List view -->
+            <!-- Ações CREATE/EDIT (desktop) -->
+            <div v-if="view !== 'list'" class="hidden sm:flex items-center gap-1 shrink-0 ml-auto">
+                <Button label="Cancelar" severity="secondary" outlined size="small" class="rounded-full" @click="view = 'list'" />
+                <Button :label="view === 'create' ? 'Criar template' : 'Salvar'" icon="pi pi-check" size="small" class="rounded-full" @click="onSave(editingTemplate)" />
+            </div>
+
+            <!-- Ações CREATE/EDIT (mobile — só ícones) -->
+            <div v-if="view !== 'list'" class="flex sm:hidden items-center gap-1 shrink-0 ml-auto">
+                <Button icon="pi pi-times" severity="secondary" outlined class="h-9 w-9 rounded-full" v-tooltip.bottom="'Cancelar'" @click="view = 'list'" />
+                <Button icon="pi pi-check" class="h-9 w-9 rounded-full" v-tooltip.bottom="view === 'create' ? 'Criar template' : 'Salvar'" @click="onSave(editingTemplate)" />
+            </div>
+        </div>
+    </div>
+
+    <!-- Conteúdo -->
+    <div class="px-3 md:px-4 pb-8 flex flex-col gap-3 xl:gap-4">
+        <!-- ══ LIST VIEW ══════════════════════════════════════════ -->
         <template v-if="view === 'list'">
             <!-- Loading -->
-            <div v-if="loading" class="flex items-center justify-center py-16">
+            <div v-if="loading" class="rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] flex items-center justify-center py-16">
                 <i class="pi pi-spinner pi-spin text-2xl text-[var(--text-color-secondary)]" />
             </div>
 
-            <!-- Empty -->
-            <div v-else-if="!templates.length" class="flex flex-col items-center justify-center py-16 text-[var(--text-color-secondary)]">
-                <i class="pi pi-file-edit text-4xl opacity-30 mb-3" />
-                <div class="text-sm mb-1">Nenhum template encontrado.</div>
-                <Button label="Criar primeiro template" icon="pi pi-plus" text size="small" class="mt-2" @click="openCreate" />
+            <!-- Empty (nenhum template) -->
+            <div v-else-if="!templates.length" class="rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] overflow-hidden">
+                <div class="flex items-center justify-between px-4 py-3 border-b border-[var(--surface-border,#e2e8f0)]">
+                    <div class="flex items-center gap-2 min-w-0">
+                        <i class="pi pi-file-edit text-[var(--text-color-secondary)] opacity-60" />
+                        <span class="font-semibold text-sm">Templates cadastrados</span>
+                    </div>
+                    <span class="inline-flex items-center justify-center min-w-[22px] h-[22px] px-1.5 rounded-full bg-[var(--surface-200,#e5e7eb)] text-[var(--text-color-secondary)] text-[0.72rem] font-bold">0</span>
+                </div>
+                <div class="py-10 px-6 text-center">
+                    <i class="pi pi-file-edit text-2xl opacity-20 mb-2 block" />
+                    <div class="font-semibold text-sm">Nenhum template encontrado</div>
+                    <div class="text-xs opacity-60 mt-1">Crie seu primeiro template personalizado</div>
+                    <Button label="Criar primeiro template" icon="pi pi-plus" severity="secondary" outlined size="small" class="rounded-full mt-3" @click="openCreate" />
+                </div>
             </div>
 
             <template v-else>
-                <!-- Templates globais (padrao) -->
-                <div v-if="globalTemplates.length" class="mb-6">
-                    <div class="text-xs font-semibold uppercase tracking-wider text-[var(--text-color-secondary)] mb-3">
-                        Templates padrão do sistema
+                <!-- Templates globais (padrão) -->
+                <div v-if="globalTemplates.length" class="rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] overflow-hidden">
+                    <div class="flex items-center justify-between px-4 py-3 border-b border-[var(--surface-border,#e2e8f0)]">
+                        <div class="flex items-center gap-2 min-w-0">
+                            <i class="pi pi-shield text-[var(--text-color-secondary)] opacity-60" />
+                            <span class="font-semibold text-sm">Templates padrão do sistema</span>
+                        </div>
+                        <span class="inline-flex items-center justify-center min-w-[22px] h-[22px] px-1.5 rounded-full bg-blue-500/10 text-blue-600 text-[0.72rem] font-bold">{{ globalTemplates.length }}</span>
                     </div>
-                    <div class="grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 gap-3">
+                    <div class="grid grid-cols-1 sm:grid-cols-2 xl:grid-cols-3 gap-3 p-3">
                         <div
                             v-for="tpl in globalTemplates"
                             :key="tpl.id"
-                            class="group relative flex flex-col p-4 rounded-lg border border-[var(--surface-border)] hover:border-[var(--surface-400)] hover:bg-[var(--surface-hover)] transition-all cursor-pointer"
+                            class="group relative flex flex-col p-4 rounded-md border border-[var(--surface-border,#e2e8f0)] hover:border-[var(--primary-color,#6366f1)] hover:bg-[var(--surface-hover,#f1f5f9)] transition-all duration-150 cursor-pointer"
                             @click="onDuplicate(tpl)"
                         >
                             <div class="flex items-start gap-3">
-                                <span class="flex-shrink-0 w-9 h-9 rounded-lg bg-blue-500/10 flex items-center justify-center">
+                                <span class="shrink-0 w-9 h-9 rounded-md bg-blue-500/10 grid place-items-center">
                                     <i class="pi pi-file text-blue-500" />
                                 </span>
                                 <div class="min-w-0 flex-1">
-                                    <div class="text-sm font-medium">{{ tpl.nome_template }}</div>
+                                    <div class="text-sm font-semibold text-[var(--text-color)] line-clamp-1">{{ tpl.nome_template }}</div>
                                     <div class="text-xs text-[var(--text-color-secondary)] mt-0.5">{{ tipoLabel(tpl.tipo) }}</div>
-                                    <div v-if="tpl.descricao" class="text-xs text-[var(--text-color-secondary)] mt-1 line-clamp-2">{{ tpl.descricao }}</div>
+                                    <div v-if="tpl.descricao" class="text-xs text-[var(--text-color-secondary)] mt-1 line-clamp-2 opacity-75">{{ tpl.descricao }}</div>
                                 </div>
                             </div>
-                            <span class="absolute top-2 right-2 text-[0.6rem] px-1.5 py-0.5 rounded-full bg-blue-500/10 text-blue-600">
-                                padrão
-                            </span>
-                            <div class="mt-2 text-[0.65rem] text-[var(--text-color-secondary)] opacity-0 group-hover:opacity-100 transition-opacity">
-                                Clique para duplicar e personalizar
+                            <span class="absolute top-2 right-2 text-[0.6rem] font-semibold px-1.5 py-0.5 rounded-full bg-blue-500/10 text-blue-600">padrão</span>
+                            <div class="mt-2 text-[0.7rem] text-[var(--text-color-secondary)] opacity-0 group-hover:opacity-100 transition-opacity">
+                                <i class="pi pi-copy text-[0.7rem] mr-1" />Clique para duplicar e personalizar
                             </div>
                         </div>
                     </div>
                 </div>
 
                 <!-- Templates do tenant -->
-                <div v-if="tenantTemplates.length">
-                    <div class="text-xs font-semibold uppercase tracking-wider text-[var(--text-color-secondary)] mb-3">
-                        Meus templates
+                <div v-if="tenantTemplates.length" class="rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] overflow-hidden">
+                    <div class="flex items-center justify-between px-4 py-3 border-b border-[var(--surface-border,#e2e8f0)]">
+                        <div class="flex items-center gap-2 min-w-0">
+                            <i class="pi pi-user-edit text-[var(--text-color-secondary)] opacity-60" />
+                            <span class="font-semibold text-sm">Meus templates</span>
+                        </div>
+                        <span class="inline-flex items-center justify-center min-w-[22px] h-[22px] px-1.5 rounded-full bg-[var(--primary-color,#6366f1)] text-white text-[0.72rem] font-bold">{{ tenantTemplates.length }}</span>
                     </div>
-                    <div class="grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 gap-3">
+                    <div class="grid grid-cols-1 sm:grid-cols-2 xl:grid-cols-3 gap-3 p-3">
                         <div
                             v-for="tpl in tenantTemplates"
                             :key="tpl.id"
-                            class="group relative flex flex-col p-4 rounded-lg border border-[var(--surface-border)] hover:border-primary hover:bg-primary/5 transition-all cursor-pointer"
+                            class="group relative flex flex-col p-4 rounded-md border border-[var(--surface-border,#e2e8f0)] hover:border-[var(--primary-color,#6366f1)] hover:bg-[var(--primary-color,#6366f1)]/5 transition-all duration-150 cursor-pointer"
                             @click="openEdit(tpl)"
                         >
                             <div class="flex items-start gap-3">
-                                <span class="flex-shrink-0 w-9 h-9 rounded-lg bg-primary/10 flex items-center justify-center">
-                                    <i class="pi pi-file-edit text-primary" />
+                                <span class="shrink-0 w-9 h-9 rounded-md bg-indigo-500/10 grid place-items-center">
+                                    <i class="pi pi-file-edit text-indigo-500" />
                                 </span>
                                 <div class="min-w-0 flex-1">
-                                    <div class="text-sm font-medium">{{ tpl.nome_template }}</div>
+                                    <div class="text-sm font-semibold text-[var(--text-color)] line-clamp-1">{{ tpl.nome_template }}</div>
                                     <div class="text-xs text-[var(--text-color-secondary)] mt-0.5">{{ tipoLabel(tpl.tipo) }}</div>
-                                    <div v-if="tpl.descricao" class="text-xs text-[var(--text-color-secondary)] mt-1 line-clamp-2">{{ tpl.descricao }}</div>
+                                    <div v-if="tpl.descricao" class="text-xs text-[var(--text-color-secondary)] mt-1 line-clamp-2 opacity-75">{{ tpl.descricao }}</div>
                                 </div>
                             </div>
 
-                            <!-- Menu de acoes -->
+                            <!-- Menu de ações -->
                             <div class="absolute top-2 right-2 opacity-0 group-hover:opacity-100 transition-opacity">
                                 <Button
                                     icon="pi pi-ellipsis-v"
@@ -266,14 +329,9 @@ function getCardMenuItems(tpl) {
                             </div>
 
                             <div class="flex items-center gap-2 mt-2">
-                                <span
-                                    v-if="!tpl.ativo"
-                                    class="text-[0.6rem] px-1.5 py-0.5 rounded-full bg-red-500/10 text-red-500"
-                                >
-                                    inativo
-                                </span>
-                                <span class="text-[0.6rem] text-[var(--text-color-secondary)]">
-                                    {{ tpl.variaveis?.length || 0 }} variáveis
+                                <span v-if="!tpl.ativo" class="text-[0.6rem] font-semibold px-1.5 py-0.5 rounded-full bg-red-500/10 text-red-500">inativo</span>
+                                <span class="text-[0.65rem] text-[var(--text-color-secondary)]">
+                                    <i class="pi pi-code text-[0.6rem] mr-0.5" />{{ tpl.variaveis?.length || 0 }} variáveis
                                 </span>
                             </div>
                         </div>
@@ -282,7 +340,7 @@ function getCardMenuItems(tpl) {
             </template>
         </template>
 
-        <!-- Create / Edit view -->
+        <!-- ══ CREATE / EDIT VIEW ═════════════════════════════════ -->
         <template v-if="view === 'create' || view === 'edit'">
             <DocumentTemplateEditor
                 v-model="editingTemplate"
@@ -291,7 +349,7 @@ function getCardMenuItems(tpl) {
                 @cancel="onCancel"
             />
         </template>
-
-        <ConfirmDialog />
     </div>
+
+    <ConfirmDialog />
 </template>
diff --git a/src/features/documents/DocumentsListPage.vue b/src/features/documents/DocumentsListPage.vue
index 7f687ca..e208c94 100644
--- a/src/features/documents/DocumentsListPage.vue
+++ b/src/features/documents/DocumentsListPage.vue
@@ -15,7 +15,7 @@
 |--------------------------------------------------------------------------
 -->
 <script setup>
-import { ref, computed, onMounted, watch } from 'vue'
+import { ref, computed, onMounted, onBeforeUnmount, watch } from 'vue'
 import { useRoute, useRouter } from 'vue-router'
 import { useToast } from 'primevue/usetoast'
 import { useConfirm } from 'primevue/useconfirm'
@@ -75,14 +75,32 @@ const mobileMenuItems = computed(() => [
 // ── Hero sticky ─────────────────────────────────────────────
 
 const headerEl = ref(null)
+const headerSentinelRef = ref(null)
 const headerStuck = ref(false)
+let _observer = null
+
+// ── Mobile dialogs ──────────────────────────────────────────
+
+const filtersDlgOpen = ref(false)
 
 // ── Lifecycle ───────────────────────────────────────────────
 
 onMounted(async () => {
+    if (!props.embedded) {
+        const rootMargin = `${document.querySelector('.l2-main') ? '0px' : '-56px'} 0px 0px 0px`
+        _observer = new IntersectionObserver(
+            ([entry]) => { headerStuck.value = !entry.isIntersecting },
+            { threshold: 0, rootMargin }
+        )
+        if (headerSentinelRef.value) _observer.observe(headerSentinelRef.value)
+    }
     await Promise.all([fetchDocuments(), fetchUsedTags()])
 })
 
+onBeforeUnmount(() => {
+    _observer?.disconnect()
+})
+
 // ── Acoes ───────────────────────────────────────────────────
 
 async function onUploaded({ file, meta }) {
@@ -158,220 +176,204 @@ watch(filters, () => fetchDocuments(), { deep: true })
 </script>
 
 <template>
-    <div :class="embedded ? '' : 'px-4 py-6 max-w-[1200px] mx-auto'">
-
-        <!-- Hero header -->
-        <div
-            v-if="!embedded"
-            ref="headerEl"
-            class="flex flex-col sm:flex-row sm:items-center sm:justify-between gap-3 mb-6"
-        >
-            <div>
-                <h1 class="text-xl font-bold">Documentos</h1>
-                <p class="text-sm text-[var(--text-color-secondary)]">
-                    {{ resolvedPatientId ? patientName || 'Paciente' : 'Todos os pacientes' }}
-                </p>
-            </div>
-
-            <!-- Desktop actions -->
-            <div class="hidden sm:flex items-center gap-2">
-                <Button
-                    label="Gerar documento"
-                    icon="pi pi-file-pdf"
-                    outlined
-                    size="small"
-                    @click="generateDlg = true"
-                    :disabled="!resolvedPatientId"
-                />
-                <Button
-                    label="Upload"
-                    icon="pi pi-upload"
-                    size="small"
-                    @click="uploadDlg = true"
-                    :disabled="!resolvedPatientId"
-                />
-            </div>
-
-            <!-- Mobile menu -->
-            <div class="sm:hidden">
-                <Button icon="pi pi-ellipsis-v" text rounded @click="mobileMenuRef.toggle($event)" />
-                <Menu ref="mobileMenuRef" :model="mobileMenuItems" :popup="true" />
-            </div>
-        </div>
-
-        <!-- Embedded header (dentro do prontuario) -->
-        <div v-else class="flex items-center justify-between gap-2 mb-4">
+    <!-- ══════════════════════════════════════════════════════════════
+         EMBEDDED MODE — dentro do prontuário (sem hero, layout compacto)
+       ══════════════════════════════════════════════════════════════ -->
+    <div v-if="embedded">
+        <!-- Header compacto -->
+        <div class="flex items-center justify-between gap-2 mb-4">
             <span class="text-sm font-semibold text-[var(--text-color-secondary)] uppercase tracking-wider">Documentos</span>
             <div class="flex gap-1.5">
-                <Button
-                    icon="pi pi-file-pdf"
-                    text
-                    rounded
-                    size="small"
-                    v-tooltip.top="'Gerar documento'"
-                    @click="generateDlg = true"
-                />
-                <Button
-                    icon="pi pi-upload"
-                    text
-                    rounded
-                    size="small"
-                    v-tooltip.top="'Upload'"
-                    @click="uploadDlg = true"
-                />
+                <Button icon="pi pi-file-pdf" text rounded size="small" v-tooltip.top="'Gerar documento'" @click="generateDlg = true" />
+                <Button icon="pi pi-upload" text rounded size="small" v-tooltip.top="'Upload'" @click="uploadDlg = true" />
             </div>
         </div>
 
-        <!-- Quick stats -->
-        <div v-if="!embedded && documents.length" class="grid grid-cols-2 sm:grid-cols-4 gap-3 mb-5">
-            <div class="flex flex-col items-center p-3 rounded-lg bg-[var(--surface-ground)] border border-[var(--surface-border)]">
-                <span class="text-lg font-bold">{{ stats.total }}</span>
-                <span class="text-[0.65rem] text-[var(--text-color-secondary)] uppercase tracking-wider">Total</span>
-            </div>
-            <div class="flex flex-col items-center p-3 rounded-lg bg-[var(--surface-ground)] border border-[var(--surface-border)]">
-                <span class="text-lg font-bold">{{ formatSize(stats.tamanhoTotal) }}</span>
-                <span class="text-[0.65rem] text-[var(--text-color-secondary)] uppercase tracking-wider">Tamanho</span>
-            </div>
-            <div class="flex flex-col items-center p-3 rounded-lg bg-[var(--surface-ground)] border border-[var(--surface-border)]">
-                <span class="text-lg font-bold">{{ Object.keys(stats.porTipo).length }}</span>
-                <span class="text-[0.65rem] text-[var(--text-color-secondary)] uppercase tracking-wider">Tipos</span>
-            </div>
-            <div v-if="stats.pendentesRevisao" class="flex flex-col items-center p-3 rounded-lg bg-amber-500/5 border border-amber-500/20">
-                <span class="text-lg font-bold text-amber-600">{{ stats.pendentesRevisao }}</span>
-                <span class="text-[0.65rem] text-amber-600 uppercase tracking-wider">Pendentes</span>
-            </div>
-        </div>
-
-        <!-- Filtros -->
-        <div class="flex flex-wrap items-center gap-2 mb-4">
-            <IconField>
-                <InputIcon class="pi pi-search" />
-                <InputText
-                    v-model="filters.search"
-                    placeholder="Buscar..."
-                    class="!w-[200px]"
-                    size="small"
-                />
-            </IconField>
-
-            <Select
-                v-model="filters.tipo_documento"
-                :options="TIPOS_DOCUMENTO"
-                optionLabel="label"
-                optionValue="value"
-                placeholder="Tipo"
-                showClear
-                class="!w-[160px]"
-                size="small"
-            />
-
-            <Select
-                v-if="usedTags.length"
-                v-model="filters.tag"
-                :options="usedTags.map(t => ({ label: t, value: t }))"
-                optionLabel="label"
-                optionValue="value"
-                placeholder="Tag"
-                showClear
-                class="!w-[140px]"
-                size="small"
-            />
-
-            <Button
-                v-if="hasActiveFilter"
-                icon="pi pi-filter-slash"
-                text
-                rounded
-                size="small"
-                v-tooltip.top="'Limpar filtros'"
-                @click="clearFilters(); fetchDocuments()"
-            />
-        </div>
-
         <!-- Loading -->
-        <div v-if="loading" class="flex items-center justify-center py-16">
+        <div v-if="loading" class="flex items-center justify-center py-12">
             <i class="pi pi-spinner pi-spin text-2xl text-[var(--text-color-secondary)]" />
         </div>
 
         <!-- Empty -->
-        <div v-else-if="!documents.length" class="flex flex-col items-center justify-center py-16 text-[var(--text-color-secondary)]">
-            <i class="pi pi-inbox text-4xl opacity-30 mb-3" />
-            <div class="text-sm mb-1">
-                {{ hasActiveFilter ? 'Nenhum documento encontrado com esses filtros.' : 'Nenhum documento ainda.' }}
-            </div>
-            <Button
-                v-if="resolvedPatientId && !hasActiveFilter"
-                label="Enviar primeiro documento"
-                icon="pi pi-upload"
-                text
-                size="small"
-                class="mt-2"
-                @click="uploadDlg = true"
-            />
+        <div v-else-if="!documents.length" class="py-10 px-6 text-center">
+            <i class="pi pi-inbox text-2xl opacity-20 mb-2 block" />
+            <div class="font-semibold text-sm">Nenhum documento ainda</div>
+            <div class="text-xs opacity-60 mt-1">Faça upload do primeiro documento deste paciente</div>
+            <Button v-if="resolvedPatientId" label="Enviar documento" icon="pi pi-upload" severity="secondary" outlined size="small" class="rounded-full mt-3" @click="uploadDlg = true" />
         </div>
 
-        <!-- Lista de documentos -->
+        <!-- Lista -->
         <div v-else class="flex flex-col gap-2">
-            <DocumentCard
-                v-for="doc in documents"
-                :key="doc.id"
-                :doc="doc"
-                @preview="onPreview"
-                @download="onDownload"
-                @edit="onEdit"
-                @delete="onDelete"
-                @share="onShare"
-                @sign="onSign"
-            />
+            <DocumentCard v-for="doc in documents" :key="doc.id" :doc="doc" @preview="onPreview" @download="onDownload" @edit="onEdit" @delete="onDelete" @share="onShare" @sign="onSign" />
         </div>
 
         <!-- Error -->
-        <div v-if="error" class="mt-4 p-3 rounded-lg bg-red-500/5 border border-red-500/20 text-sm text-red-500">
+        <div v-if="error" class="mt-4 p-3 rounded-md bg-red-500/5 border border-red-500/20 text-sm text-red-500">
             <i class="pi pi-exclamation-circle mr-1" /> {{ error }}
         </div>
-
-        <!-- Dialogs -->
-        <DocumentUploadDialog
-            :visible="uploadDlg"
-            @update:visible="uploadDlg = $event"
-            :patientId="resolvedPatientId"
-            :patientName="patientName"
-            :usedTags="usedTags"
-            @uploaded="onUploaded"
-        />
-
-        <DocumentPreviewDialog
-            :visible="previewDlg"
-            @update:visible="previewDlg = $event"
-            :doc="selectedDoc"
-            :previewUrl="previewUrl"
-            @download="onDownload"
-            @edit="onEdit"
-            @delete="d => { previewDlg = false; onDelete(d) }"
-            @share="d => { previewDlg = false; onShare(d) }"
-            @sign="d => { previewDlg = false; onSign(d) }"
-        />
-
-        <DocumentGenerateDialog
-            :visible="generateDlg"
-            @update:visible="generateDlg = $event"
-            :patientId="resolvedPatientId"
-            :patientName="patientName"
-            @generated="onGenerated"
-        />
-
-        <DocumentSignatureDialog
-            :visible="signatureDlg"
-            @update:visible="signatureDlg = $event"
-            :doc="selectedDoc"
-        />
-
-        <DocumentShareDialog
-            :visible="shareDlg"
-            @update:visible="shareDlg = $event"
-            :doc="selectedDoc"
-        />
-
-        <ConfirmDialog />
     </div>
+
+    <!-- ══════════════════════════════════════════════════════════════
+         PÁGINA FULL — hero sticky + stats + lista em card
+       ══════════════════════════════════════════════════════════════ -->
+    <template v-else>
+        <!-- Sentinel -->
+        <div ref="headerSentinelRef" class="h-px" />
+
+        <!-- Hero sticky -->
+        <div
+            ref="headerEl"
+            class="sticky my-3 md:mx-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
+            :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
+            :style="{ top: 'var(--layout-sticky-top, 56px)' }"
+        >
+            <!-- Blobs decorativos -->
+            <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
+                <div class="absolute w-64 h-64 -top-16 -right-8 rounded-full blur-[60px] bg-indigo-500/10" />
+                <div class="absolute w-72 h-72 top-0 -left-16 rounded-full blur-[60px] bg-emerald-400/9" />
+            </div>
+
+            <div class="relative z-1 flex items-center gap-3">
+                <!-- Voltar + Brand -->
+                <div class="flex items-center gap-2 shrink-0">
+                    <Button v-if="resolvedPatientId" icon="pi pi-arrow-left" text severity="secondary" class="h-9 w-9 rounded-full shrink-0" v-tooltip.bottom="'Voltar'" @click="router.back()" />
+                    <div class="grid place-items-center w-9 h-9 rounded-md shrink-0 bg-indigo-500/10 text-indigo-500">
+                        <i class="pi pi-file text-base" />
+                    </div>
+                    <div class="min-w-0 hidden lg:block">
+                        <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Documentos</div>
+                        <div class="text-[0.75rem] text-[var(--text-color-secondary)] truncate">
+                            {{ resolvedPatientId ? (patientName || 'Paciente') : 'Todos os pacientes' }}
+                        </div>
+                    </div>
+                </div>
+
+                <!-- Ações desktop -->
+                <div class="hidden xl:flex items-center gap-1 shrink-0 ml-auto">
+                    <Button icon="pi pi-refresh" severity="secondary" outlined class="h-9 w-9 rounded-full" :loading="loading" v-tooltip.bottom="'Atualizar'" @click="fetchDocuments" />
+                    <Button label="Gerar" icon="pi pi-file-pdf" severity="secondary" outlined size="small" class="rounded-full" :disabled="!resolvedPatientId" @click="generateDlg = true" />
+                    <Button label="Upload" icon="pi pi-upload" size="small" class="rounded-full" :disabled="!resolvedPatientId" @click="uploadDlg = true" />
+                </div>
+
+                <!-- Mobile -->
+                <div class="flex xl:hidden items-center gap-1 shrink-0 ml-auto">
+                    <Button icon="pi pi-filter" severity="secondary" outlined class="h-9 w-9 rounded-full" v-tooltip.bottom="'Filtros'" @click="filtersDlgOpen = true" />
+                    <Button icon="pi pi-upload" class="h-9 w-9 rounded-full" :disabled="!resolvedPatientId" @click="uploadDlg = true" />
+                    <Button label="Ações" icon="pi pi-ellipsis-v" severity="secondary" size="small" class="rounded-full" @click="(e) => mobileMenuRef.toggle(e)" />
+                    <Menu ref="mobileMenuRef" :model="mobileMenuItems" :popup="true" />
+                </div>
+            </div>
+        </div>
+
+        <!-- Dialog filtros mobile -->
+        <Dialog v-model:visible="filtersDlgOpen" modal :draggable="false" pt:mask:class="backdrop-blur-xs" header="Filtros" class="w-[94vw] max-w-sm">
+            <div class="flex flex-col gap-3 pt-1">
+                <IconField>
+                    <InputIcon class="pi pi-search" />
+                    <InputText v-model="filters.search" placeholder="Buscar..." class="w-full" />
+                </IconField>
+                <Select v-model="filters.tipo_documento" :options="TIPOS_DOCUMENTO" optionLabel="label" optionValue="value" placeholder="Tipo" showClear class="w-full" />
+                <Select v-if="usedTags.length" v-model="filters.tag" :options="usedTags.map(t => ({ label: t, value: t }))" optionLabel="label" optionValue="value" placeholder="Tag" showClear class="w-full" />
+            </div>
+            <template #footer>
+                <Button v-if="hasActiveFilter" label="Limpar" icon="pi pi-filter-slash" severity="danger" outlined class="rounded-full mr-2" @click="clearFilters(); fetchDocuments()" />
+                <Button label="Fechar" severity="secondary" outlined class="rounded-full" @click="filtersDlgOpen = false" />
+            </template>
+        </Dialog>
+
+        <!-- Conteúdo -->
+        <div class="px-3 md:px-4 pb-8 flex flex-col gap-3 xl:gap-4">
+            <!-- Stats -->
+            <div v-if="documents.length" class="grid grid-cols-2 md:grid-cols-4 gap-2">
+                <div class="flex flex-col gap-0.5 px-4 py-2.5 rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)]">
+                    <div class="text-[1.35rem] font-bold leading-none text-[var(--text-color)]">{{ stats.total }}</div>
+                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">Total</div>
+                </div>
+                <div class="flex flex-col gap-0.5 px-4 py-2.5 rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)]">
+                    <div class="text-[1.35rem] font-bold leading-none text-[var(--text-color)]">{{ formatSize(stats.tamanhoTotal) }}</div>
+                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">Tamanho</div>
+                </div>
+                <div class="flex flex-col gap-0.5 px-4 py-2.5 rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)]">
+                    <div class="text-[1.35rem] font-bold leading-none text-[var(--text-color)]">{{ Object.keys(stats.porTipo).length }}</div>
+                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">Tipos</div>
+                </div>
+                <div class="flex flex-col gap-0.5 px-4 py-2.5 rounded-md border" :class="stats.pendentesRevisao ? 'border-amber-500/30 bg-amber-500/5' : 'border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)]'">
+                    <div class="text-[1.35rem] font-bold leading-none" :class="stats.pendentesRevisao ? 'text-amber-600' : 'text-[var(--text-color)]'">{{ stats.pendentesRevisao || 0 }}</div>
+                    <div class="text-[1rem] opacity-75 truncate" :class="stats.pendentesRevisao ? 'text-amber-600' : 'text-[var(--text-color-secondary)]'">Pendentes</div>
+                </div>
+            </div>
+
+            <!-- Tabela (card) -->
+            <div class="rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] overflow-hidden">
+                <!-- Header da tabela -->
+                <div class="flex items-center justify-between gap-2 px-4 py-3 border-b border-[var(--surface-border,#e2e8f0)]">
+                    <div class="flex items-center gap-2 min-w-0">
+                        <i class="pi pi-list text-[var(--text-color-secondary)] opacity-60" />
+                        <span class="font-semibold text-sm">Documentos</span>
+                    </div>
+                    <span class="inline-flex items-center justify-center min-w-[22px] h-[22px] px-1.5 rounded-full bg-[var(--primary-color,#6366f1)] text-white text-[0.72rem] font-bold">{{ documents.length }}</span>
+                </div>
+
+                <!-- Filtros desktop -->
+                <div class="hidden md:flex flex-wrap items-center gap-2 px-4 py-3 border-b border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-ground,#f8fafc)]/50">
+                    <IconField>
+                        <InputIcon class="pi pi-search" />
+                        <InputText v-model="filters.search" placeholder="Buscar..." class="!w-[200px]" size="small" />
+                    </IconField>
+                    <Select v-model="filters.tipo_documento" :options="TIPOS_DOCUMENTO" optionLabel="label" optionValue="value" placeholder="Tipo" showClear class="!w-[160px]" size="small" />
+                    <Select v-if="usedTags.length" v-model="filters.tag" :options="usedTags.map(t => ({ label: t, value: t }))" optionLabel="label" optionValue="value" placeholder="Tag" showClear class="!w-[140px]" size="small" />
+                    <Button v-if="hasActiveFilter" icon="pi pi-filter-slash" severity="danger" text rounded size="small" v-tooltip.top="'Limpar filtros'" @click="clearFilters(); fetchDocuments()" />
+                </div>
+
+                <!-- Loading -->
+                <div v-if="loading" class="flex items-center justify-center py-16">
+                    <i class="pi pi-spinner pi-spin text-2xl text-[var(--text-color-secondary)]" />
+                </div>
+
+                <!-- Empty -->
+                <div v-else-if="!documents.length" class="py-10 px-6 text-center">
+                    <i class="pi pi-inbox text-2xl opacity-20 mb-2 block" />
+                    <div class="font-semibold text-sm">
+                        {{ hasActiveFilter ? 'Nenhum documento encontrado' : 'Nenhum documento ainda' }}
+                    </div>
+                    <div class="text-xs opacity-60 mt-1">
+                        {{ hasActiveFilter ? 'Limpe os filtros ou ajuste a busca' : resolvedPatientId ? 'Faça upload do primeiro documento' : 'Selecione um paciente para adicionar documentos' }}
+                    </div>
+                    <Button v-if="resolvedPatientId && !hasActiveFilter" label="Enviar primeiro documento" icon="pi pi-upload" severity="secondary" outlined size="small" class="rounded-full mt-3" @click="uploadDlg = true" />
+                </div>
+
+                <!-- Lista -->
+                <div v-else class="flex flex-col gap-2 p-3">
+                    <DocumentCard v-for="doc in documents" :key="doc.id" :doc="doc" @preview="onPreview" @download="onDownload" @edit="onEdit" @delete="onDelete" @share="onShare" @sign="onSign" />
+                </div>
+            </div>
+
+            <!-- Error -->
+            <div v-if="error" class="p-3 rounded-md bg-red-500/5 border border-red-500/20 text-sm text-red-500">
+                <i class="pi pi-exclamation-circle mr-1" /> {{ error }}
+            </div>
+        </div>
+    </template>
+
+    <!-- ══════════════════════════════════════════════════════════════
+         Dialogs comuns (usados em ambos os modos)
+       ══════════════════════════════════════════════════════════════ -->
+    <DocumentUploadDialog :visible="uploadDlg" @update:visible="uploadDlg = $event" :patientId="resolvedPatientId" :patientName="patientName" :usedTags="usedTags" @uploaded="onUploaded" />
+
+    <DocumentPreviewDialog
+        :visible="previewDlg"
+        @update:visible="previewDlg = $event"
+        :doc="selectedDoc"
+        :previewUrl="previewUrl"
+        @download="onDownload"
+        @edit="onEdit"
+        @delete="d => { previewDlg = false; onDelete(d) }"
+        @share="d => { previewDlg = false; onShare(d) }"
+        @sign="d => { previewDlg = false; onSign(d) }"
+    />
+
+    <DocumentGenerateDialog :visible="generateDlg" @update:visible="generateDlg = $event" :patientId="resolvedPatientId" :patientName="patientName" @generated="onGenerated" />
+    <DocumentSignatureDialog :visible="signatureDlg" @update:visible="signatureDlg = $event" :doc="selectedDoc" />
+    <DocumentShareDialog :visible="shareDlg" @update:visible="shareDlg = $event" :doc="selectedDoc" />
+    <ConfirmDialog />
 </template>
diff --git a/src/features/documents/components/DocumentTemplateEditor.vue b/src/features/documents/components/DocumentTemplateEditor.vue
index 7b079a4..6490b1e 100644
--- a/src/features/documents/components/DocumentTemplateEditor.vue
+++ b/src/features/documents/components/DocumentTemplateEditor.vue
@@ -90,118 +90,126 @@ function onSave() {
 </script>
 
 <template>
-    <div class="flex flex-col gap-4">
-        <!-- Header: nome e tipo -->
-        <div class="grid grid-cols-1 sm:grid-cols-[1fr_200px] gap-3">
-            <div class="flex flex-col gap-1">
-                <label class="text-xs font-medium text-[var(--text-color-secondary)]">Nome do template</label>
-                <InputText v-model="form.nome_template" placeholder="Ex: Declaração de comparecimento" class="w-full" />
+    <div class="flex flex-col gap-3 xl:gap-4">
+        <!-- ══ Card: Identificação ══════════════════════════════ -->
+        <div class="rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] overflow-hidden">
+            <div class="flex items-center gap-2 px-4 py-3 border-b border-[var(--surface-border,#e2e8f0)]">
+                <i class="pi pi-tag text-[var(--text-color-secondary)] opacity-60" />
+                <span class="font-semibold text-sm">Identificação</span>
             </div>
-            <div class="flex flex-col gap-1">
-                <label class="text-xs font-medium text-[var(--text-color-secondary)]">Tipo</label>
-                <Select
-                    v-model="form.tipo"
-                    :options="TIPOS_TEMPLATE"
-                    optionLabel="label"
-                    optionValue="value"
-                    class="w-full"
-                />
-            </div>
-        </div>
-
-        <div class="flex flex-col gap-1">
-            <label class="text-xs font-medium text-[var(--text-color-secondary)]">Descrição</label>
-            <InputText v-model="form.descricao" placeholder="Breve descrição do template" class="w-full" />
-        </div>
-
-        <!-- Tabs: Editor / Preview -->
-        <div class="flex items-center gap-1 border-b border-[var(--surface-border)]">
-            <button
-                class="px-3 py-2 text-sm font-medium border-b-2 transition-colors"
-                :class="activeTab === 'editor' ? 'border-primary text-primary' : 'border-transparent text-[var(--text-color-secondary)] hover:text-[var(--text-color)]'"
-                @click="activeTab = 'editor'"
-            >
-                Editor
-            </button>
-            <button
-                class="px-3 py-2 text-sm font-medium border-b-2 transition-colors"
-                :class="activeTab === 'preview' ? 'border-primary text-primary' : 'border-transparent text-[var(--text-color-secondary)] hover:text-[var(--text-color)]'"
-                @click="activeTab = 'preview'"
-            >
-                Preview
-            </button>
-        </div>
-
-        <!-- Editor -->
-        <div v-show="activeTab === 'editor'" class="flex flex-col lg:flex-row gap-4">
-            <!-- Campos HTML -->
-            <div class="flex-1 flex flex-col gap-3">
-                <div class="flex flex-col gap-1" @focusin="cursorField = 'cabecalho_html'">
-                    <label class="text-xs font-medium text-[var(--text-color-secondary)]">Cabeçalho</label>
-                    <JoditEmailEditor ref="editorCabecalho" v-model="form.cabecalho_html" :minHeight="120" layoutButtons :logoUrl="form.logo_url" />
+            <div class="p-4 flex flex-col gap-3">
+                <div class="grid grid-cols-1 sm:grid-cols-[1fr_220px] gap-3">
+                    <div class="flex flex-col gap-1">
+                        <label class="text-xs font-semibold text-[var(--text-color-secondary)]">Nome do template</label>
+                        <InputText v-model="form.nome_template" placeholder="Ex: Declaração de comparecimento" class="w-full" />
+                    </div>
+                    <div class="flex flex-col gap-1">
+                        <label class="text-xs font-semibold text-[var(--text-color-secondary)]">Tipo</label>
+                        <Select v-model="form.tipo" :options="TIPOS_TEMPLATE" optionLabel="label" optionValue="value" class="w-full" />
+                    </div>
                 </div>
-
-                <div class="flex flex-col gap-1" @focusin="cursorField = 'corpo_html'">
-                    <label class="text-xs font-medium text-[var(--text-color-secondary)]">Corpo do documento</label>
-                    <JoditEmailEditor ref="editorCorpo" v-model="form.corpo_html" :minHeight="350" />
-                </div>
-
-                <div class="flex flex-col gap-1" @focusin="cursorField = 'rodape_html'">
-                    <label class="text-xs font-medium text-[var(--text-color-secondary)]">Rodapé</label>
-                    <JoditEmailEditor ref="editorRodape" v-model="form.rodape_html" :minHeight="120" layoutButtons :logoUrl="form.logo_url" />
-                </div>
-
                 <div class="flex flex-col gap-1">
-                    <label class="text-xs font-medium text-[var(--text-color-secondary)]">URL do logo (opcional)</label>
+                    <label class="text-xs font-semibold text-[var(--text-color-secondary)]">Descrição</label>
+                    <InputText v-model="form.descricao" placeholder="Breve descrição do template" class="w-full" />
+                </div>
+                <div class="flex flex-col gap-1">
+                    <label class="text-xs font-semibold text-[var(--text-color-secondary)]">URL do logo (opcional)</label>
                     <InputText v-model="form.logo_url" placeholder="https://..." class="w-full" />
                 </div>
             </div>
+        </div>
 
-            <!-- Painel de variaveis -->
-            <div class="w-full lg:w-[220px] flex-shrink-0">
-                <div class="sticky top-0">
-                    <div class="text-xs font-semibold uppercase tracking-wider text-[var(--text-color-secondary)] mb-2">
-                        Variáveis
-                    </div>
-                    <div class="text-[0.65rem] text-[var(--text-color-secondary)] mb-3">
-                        Clique para inserir no campo ativo
+        <!-- ══ Card: Conteúdo ═══════════════════════════════════ -->
+        <div class="rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] overflow-hidden">
+            <div class="flex items-center justify-between gap-2 px-4 py-3 border-b border-[var(--surface-border,#e2e8f0)]">
+                <div class="flex items-center gap-2 min-w-0">
+                    <i class="pi pi-file-edit text-[var(--text-color-secondary)] opacity-60" />
+                    <span class="font-semibold text-sm">Conteúdo do documento</span>
+                </div>
+                <!-- Tabs: Editor / Preview -->
+                <div class="flex items-center gap-1">
+                    <Button
+                        :label="'Editor'"
+                        icon="pi pi-pencil"
+                        :severity="activeTab === 'editor' ? undefined : 'secondary'"
+                        :outlined="activeTab !== 'editor'"
+                        size="small"
+                        class="rounded-full"
+                        @click="activeTab = 'editor'"
+                    />
+                    <Button
+                        :label="'Preview'"
+                        icon="pi pi-eye"
+                        :severity="activeTab === 'preview' ? undefined : 'secondary'"
+                        :outlined="activeTab !== 'preview'"
+                        size="small"
+                        class="rounded-full"
+                        @click="activeTab = 'preview'"
+                    />
+                </div>
+            </div>
+
+            <!-- Editor -->
+            <div v-show="activeTab === 'editor'" class="p-4 flex flex-col lg:flex-row gap-4">
+                <!-- Campos HTML -->
+                <div class="flex-1 min-w-0 flex flex-col gap-3">
+                    <div class="flex flex-col gap-1" @focusin="cursorField = 'cabecalho_html'">
+                        <label class="text-xs font-semibold text-[var(--text-color-secondary)]">Cabeçalho</label>
+                        <JoditEmailEditor ref="editorCabecalho" v-model="form.cabecalho_html" :minHeight="120" layoutButtons :logoUrl="form.logo_url" />
                     </div>
 
-                    <div class="flex flex-col gap-3 max-h-[500px] overflow-y-auto pr-1">
-                        <div v-for="(vars, grupo) in variablesGrouped" :key="grupo">
-                            <div class="text-[0.65rem] font-semibold uppercase tracking-wider text-[var(--text-color-secondary)] mb-1">{{ grupo }}</div>
-                            <div class="flex flex-col gap-0.5">
-                                <button
-                                    v-for="v in vars"
-                                    :key="v.key"
-                                    class="text-left text-xs px-2 py-1 rounded hover:bg-primary/10 hover:text-primary transition-colors truncate"
-                                    :title="v.key"
-                                    @click="insertVariable(v.key)"
-                                >
-                                    <span class="font-mono text-[0.65rem] opacity-60">&lbrace;&lbrace;</span>
-                                    {{ v.label }}
-                                    <span class="font-mono text-[0.65rem] opacity-60">&rbrace;&rbrace;</span>
-                                </button>
+                    <div class="flex flex-col gap-1" @focusin="cursorField = 'corpo_html'">
+                        <label class="text-xs font-semibold text-[var(--text-color-secondary)]">Corpo do documento</label>
+                        <JoditEmailEditor ref="editorCorpo" v-model="form.corpo_html" :minHeight="350" />
+                    </div>
+
+                    <div class="flex flex-col gap-1" @focusin="cursorField = 'rodape_html'">
+                        <label class="text-xs font-semibold text-[var(--text-color-secondary)]">Rodapé</label>
+                        <JoditEmailEditor ref="editorRodape" v-model="form.rodape_html" :minHeight="120" layoutButtons :logoUrl="form.logo_url" />
+                    </div>
+                </div>
+
+                <!-- Painel de variáveis -->
+                <div class="w-full lg:w-[240px] shrink-0">
+                    <div class="lg:sticky lg:top-3 rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-ground,#f8fafc)]/50 overflow-hidden">
+                        <div class="flex items-center gap-2 px-3 py-2 border-b border-[var(--surface-border,#e2e8f0)]">
+                            <i class="pi pi-code text-[var(--text-color-secondary)] opacity-60 text-xs" />
+                            <span class="font-semibold text-xs">Variáveis</span>
+                        </div>
+                        <div class="px-3 pt-2 text-[0.68rem] text-[var(--text-color-secondary)] opacity-75 italic">Clique para inserir no campo ativo</div>
+                        <div class="flex flex-col gap-3 p-3 max-h-[500px] overflow-y-auto">
+                            <div v-for="(vars, grupo) in variablesGrouped" :key="grupo">
+                                <div class="text-[0.62rem] font-semibold uppercase tracking-wider text-[var(--text-color-secondary)] mb-1">{{ grupo }}</div>
+                                <div class="flex flex-col gap-0.5">
+                                    <button
+                                        v-for="v in vars"
+                                        :key="v.key"
+                                        class="text-left text-xs px-2 py-1 rounded-md bg-transparent border-none hover:bg-[var(--primary-color,#6366f1)]/10 hover:text-[var(--primary-color,#6366f1)] transition-colors truncate cursor-pointer"
+                                        :title="v.key"
+                                        @click="insertVariable(v.key)"
+                                    >
+                                        <span class="font-mono text-[0.62rem] opacity-60">&lbrace;&lbrace;</span>
+                                        {{ v.label }}
+                                        <span class="font-mono text-[0.62rem] opacity-60">&rbrace;&rbrace;</span>
+                                    </button>
+                                </div>
                             </div>
                         </div>
                     </div>
                 </div>
             </div>
-        </div>
 
-        <!-- Preview -->
-        <div v-show="activeTab === 'preview'" class="border border-[var(--surface-border)] rounded-lg bg-white overflow-hidden">
-            <div class="p-6 text-black" style="font-family: 'Segoe UI', Arial, sans-serif; font-size: 12pt; line-height: 1.6;">
-                <div v-if="form.cabecalho_html" class="text-center mb-4 pb-3 border-b border-gray-300" v-html="renderedCabecalho" />
-                <div class="min-h-[300px]" v-html="renderedPreview" />
-                <div v-if="form.rodape_html" class="mt-8 pt-3 border-t border-gray-300 text-center text-[10pt] text-gray-500" v-html="renderedRodape" />
+            <!-- Preview -->
+            <div v-show="activeTab === 'preview'" class="p-4">
+                <div class="rounded-md border border-[var(--surface-border,#e2e8f0)] bg-white overflow-hidden">
+                    <div class="p-6 text-black" style="font-family: 'Segoe UI', Arial, sans-serif; font-size: 12pt; line-height: 1.6;">
+                        <div v-if="form.cabecalho_html" class="text-center mb-4 pb-3 border-b border-gray-300" v-html="renderedCabecalho" />
+                        <div class="min-h-[300px]" v-html="renderedPreview" />
+                        <div v-if="form.rodape_html" class="mt-8 pt-3 border-t border-gray-300 text-center text-[10pt] text-gray-500" v-html="renderedRodape" />
+                    </div>
+                </div>
             </div>
         </div>
 
-        <!-- Acoes -->
-        <div class="flex items-center justify-end gap-2 pt-2">
-            <Button label="Cancelar" text @click="emit('cancel')" />
-            <Button :label="mode === 'create' ? 'Criar template' : 'Salvar'" icon="pi pi-check" @click="onSave" />
-        </div>
     </div>
 </template>
diff --git a/src/features/financeiro/pages/FinanceiroDashboardPage.vue b/src/features/financeiro/pages/FinanceiroDashboardPage.vue
index 15e878f..33d9f2d 100644
--- a/src/features/financeiro/pages/FinanceiroDashboardPage.vue
+++ b/src/features/financeiro/pages/FinanceiroDashboardPage.vue
@@ -200,7 +200,10 @@ onMounted(async () => {
             <!-- ══════════════════════════════════════
          Hero
     ═══════════════════════════════════════ -->
-            <section class="relative overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] p-2.5">
+            <section
+                class="sticky mt-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] p-5"
+                :style="{ top: 'var(--layout-sticky-top, 56px)' }"
+            >
                 <!-- Blobs decorativos -->
                 <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
                     <div class="absolute w-72 h-72 -top-16 -right-12 rounded-full blur-[70px] bg-indigo-500/10" />
diff --git a/src/features/patients/PatientsListPage.vue b/src/features/patients/PatientsListPage.vue
index 24deb3e..2a8ff52 100644
--- a/src/features/patients/PatientsListPage.vue
+++ b/src/features/patients/PatientsListPage.vue
@@ -37,6 +37,7 @@ import PatientActionMenu from '@/components/patients/PatientActionMenu.vue';
 import PatientCadastroDialog from '@/components/ui/PatientCadastroDialog.vue';
 import PatientCreatePopover from '@/components/ui/PatientCreatePopover.vue';
 import PatientProntuario from '@/features/patients/prontuario/PatientProntuario.vue';
+import { useConversationDrawerStore } from '@/stores/conversationDrawerStore';
 import { useTenantStore } from '@/stores/tenantStore';
 import { logError } from '@/support/supportLogger';
 import { getSysGroupColor, getSystemGroupDefaultColor } from '@/utils/systemGroupColors.js';
@@ -99,6 +100,7 @@ function fmtRecorrencia(r) {
 }
 
 const router = useRouter();
+const conversationDrawerStore = useConversationDrawerStore();
 const route = useRoute();
 const toast = useToast();
 const confirm = useConfirm();
@@ -132,7 +134,6 @@ const quickDialog = ref(false);
 const cadastroFullDialog = ref(false);
 const editPatientId = ref(null);
 const dialogSaved = ref(false);
-const searchMobileDlg = ref(false);
 const createPopoverRef = ref(null);
 
 const prontuarioOpen = ref(false);
@@ -346,6 +347,11 @@ function goEdit(row) {
     cadastroFullDialog.value = true;
 }
 
+function goConversation(row) {
+    if (!row?.id) return;
+    conversationDrawerStore.openForPatient(String(row.id));
+}
+
 // ── Filters & Sort ────────────────────────────────────────
 let searchTimer = null;
 function onFilterChangedDebounced() {
@@ -739,7 +745,7 @@ function isRecent(row) {
   ═══════════════════════════════════════ -->
     <div
         ref="headerEl"
-        class="sticky mx-3 md:mx-4 mb-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
+        class="sticky mx-3 md:mx-4 my-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
         :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
         :style="{ top: 'var(--layout-sticky-top, 56px)' }"
     >
@@ -761,21 +767,8 @@ function isRecent(row) {
                 </div>
             </div>
 
-            <!-- Busca (desktop) — só o campo de busca, sem "Mais filtros" e sem "Colunas" -->
-            <div class="hidden xl:flex flex-1 min-w-0 mx-2 items-center gap-2">
-                <div class="flex-1 max-w-xs">
-                    <FloatLabel variant="on">
-                        <IconField class="w-full">
-                            <InputIcon class="pi pi-search" />
-                            <InputText id="patSearch" v-model="filters.search" class="w-full" variant="filled" @input="onFilterChangedDebounced" />
-                        </IconField>
-                        <label for="patSearch">Buscar por nome, e-mail ou telefone...</label>
-                    </FloatLabel>
-                </div>
-            </div>
-
             <!-- Ações desktop -->
-            <div class="hidden xl:flex items-center gap-1 shrink-0">
+            <div class="hidden xl:flex items-center gap-1 shrink-0 ml-auto">
                 <Button icon="pi pi-refresh" severity="secondary" outlined class="h-9 w-9 rounded-full" :loading="loading" @click="fetchAll" />
                 <Button icon="pi pi-percentage" severity="secondary" outlined class="h-9 w-9 rounded-full" v-tooltip.top="'Descontos'" @click="router.push('/configuracoes/descontos')" />
                 <Button label="Novo" icon="pi pi-user-plus" class="rounded-full" @click="(e) => createPopoverRef?.toggle(e)" />
@@ -785,7 +778,6 @@ function isRecent(row) {
 
             <!-- Mobile -->
             <div class="flex xl:hidden items-center gap-1 shrink-0 ml-auto">
-                <Button icon="pi pi-search" severity="secondary" outlined class="h-9 w-9 rounded-full" @click="searchMobileDlg = true" />
                 <Button icon="pi pi-user-plus" class="h-9 w-9 rounded-full" @click="(e) => createPopoverRef?.toggle(e)" />
                 <Button label="Ações" icon="pi pi-ellipsis-v" severity="secondary" size="small" class="rounded-full" @click="(e) => patMobileMenuRef.toggle(e)" />
                 <Menu ref="patMobileMenuRef" :model="patMobileMenuItems" :popup="true" />
@@ -812,7 +804,7 @@ function isRecent(row) {
                     <i class="pi pi-calendar-clock text-[var(--primary-color,#6366f1)]" />
                     <span class="text-[1.1rem] font-bold leading-none text-[var(--primary-color,#6366f1)]">Agenda</span>
                 </div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">Ver meus compromissos</div>
+                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">Ver meus compromissos</div>
             </div>
 
             <!-- Descontos -->
@@ -824,7 +816,7 @@ function isRecent(row) {
                     <i class="pi pi-percentage text-amber-500" />
                     <span class="text-[1.1rem] font-bold leading-none text-amber-500">Descontos</span>
                 </div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">Ver descontos aplicados</div>
+                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">Ver descontos aplicados</div>
             </div>
         </div>
 
@@ -842,7 +834,7 @@ function isRecent(row) {
                     @click="setStatus('Todos')"
                 >
                     <div class="text-[1.35rem] font-bold leading-none text-[var(--text-color)]">{{ kpis.total }}</div>
-                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">Total</div>
+                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">Total</div>
                 </div>
 
                 <!-- Ativos -->
@@ -852,7 +844,7 @@ function isRecent(row) {
                     @click="setStatus('Ativo')"
                 >
                     <div class="text-[1.35rem] font-bold leading-none text-green-500">{{ kpis.active }}</div>
-                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">Ativos</div>
+                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">Ativos</div>
                 </div>
 
                 <!-- Inativos -->
@@ -862,7 +854,7 @@ function isRecent(row) {
                     @click="setStatus('Inativo')"
                 >
                     <div class="text-[1.35rem] font-bold leading-none text-red-500">{{ kpis.inactive }}</div>
-                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">Inativos</div>
+                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">Inativos</div>
                 </div>
 
                 <!-- Arquivados -->
@@ -872,13 +864,13 @@ function isRecent(row) {
                     @click="setStatus('Arquivado')"
                 >
                     <div class="text-[1.35rem] font-bold leading-none text-slate-500">{{ kpis.archived }}</div>
-                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">Arquivados</div>
+                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">Arquivados</div>
                 </div>
 
                 <!-- Último atendimento — não clicável -->
                 <div class="flex flex-col gap-1 px-4 py-2.5 rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] min-w-[72px] flex-1">
                     <div class="text-[1.1rem] font-bold leading-none text-[var(--text-color)]">{{ prettyDate(kpis.latestLastAttended) || '—' }}</div>
-                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">Último atend.</div>
+                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">Último atend.</div>
                 </div>
             </template>
         </div>
@@ -895,19 +887,6 @@ function isRecent(row) {
         <Button label="Limpar" icon="pi pi-filter-slash" severity="danger" outlined size="small" class="!rounded-full" @click="clearAllFilters" />
     </div>
 
-    <!-- Dialog busca mobile -->
-    <Dialog v-model:visible="searchMobileDlg" modal :draggable="false" pt:mask:class="backdrop-blur-xs" header="Buscar paciente" class="w-[94vw] max-w-sm">
-        <div class="pt-1">
-            <IconField class="w-full">
-                <InputIcon class="pi pi-search" />
-                <InputText v-model="filters.search" class="w-full" placeholder="Nome, telefone..." autofocus @input="onFilterChangedDebounced" />
-            </IconField>
-        </div>
-        <template #footer>
-            <Button label="Fechar" severity="secondary" outlined class="rounded-full" @click="searchMobileDlg = false" />
-        </template>
-    </Dialog>
-
     <!-- TABS -->
     <Tabs value="pacientes" class="px-3 md:px-4 mb-5">
         <TabList>
@@ -919,7 +898,7 @@ function isRecent(row) {
         <TabPanels>
             <TabPanel value="pacientes">
                 <!-- Filters -->
-                <div class="flex flex-col gap-3">
+                <div class="flex flex-col gap-3 mb-4">
                     <div class="flex flex-col md:flex-row md:items-end md:flex-wrap gap-3">
                         <div class="w-full lg:flex-1">
                             <FloatLabel variant="on">
@@ -1098,6 +1077,7 @@ function isRecent(row) {
                                 <div class="flex gap-2 justify-end">
                                     <Button v-if="historySet.has(data.id)" :label="`Sessões × ${sessionCountMap.get(data.id) || 0}`" icon="pi pi-calendar" size="small" severity="info" outlined @click="abrirSessoes(data)" />
                                     <Button label="Prontuário" icon="pi pi-file" size="small" @click="openProntuario(data)" />
+                                    <Button icon="pi pi-whatsapp" severity="success" outlined size="small" v-tooltip.top="'Conversar no WhatsApp'" @click="goConversation(data)" />
                                     <Button icon="pi pi-pencil" severity="secondary" outlined size="small" v-tooltip.top="'Editar'" @click="goEdit(data)" />
                                     <PatientActionMenu :patient="data" :hasHistory="historySet.has(data.id)" @updated="fetchAll" />
                                 </div>
@@ -1164,6 +1144,7 @@ function isRecent(row) {
                             <div class="mt-3 flex gap-2 justify-end flex-wrap">
                                 <Button v-if="historySet.has(pat.id)" :label="`Sessões × ${sessionCountMap.get(pat.id) || 0}`" icon="pi pi-calendar" size="small" severity="info" outlined @click="abrirSessoes(pat)" />
                                 <Button label="Prontuário" icon="pi pi-file" size="small" @click="openProntuario(pat)" />
+                                <Button icon="pi pi-whatsapp" severity="success" outlined size="small" v-tooltip.top="'Conversar'" @click="goConversation(pat)" />
                                 <Button icon="pi pi-pencil" severity="secondary" outlined size="small" @click="goEdit(pat)" />
                                 <PatientActionMenu :patient="pat" :hasHistory="historySet.has(pat.id)" @updated="fetchAll" />
                             </div>
diff --git a/src/features/patients/cadastro/PatientsCadastroPage.vue b/src/features/patients/cadastro/PatientsCadastroPage.vue
index 0c73bfb..8a2181a 100644
--- a/src/features/patients/cadastro/PatientsCadastroPage.vue
+++ b/src/features/patients/cadastro/PatientsCadastroPage.vue
@@ -69,10 +69,16 @@ import { logError }             from '@/support/supportLogger'
 import { digitsOnly, fmtCPF, fmtRG, fmtPhone, toISODate, generateCPF } from '@/utils/validators'
 import CadastroRapidoConvenio from '@/components/CadastroRapidoConvenio.vue'
 import CadastroRapidoMedico   from '@/components/CadastroRapidoMedico.vue'
+import ContactPhonesEditor    from '@/components/ui/ContactPhonesEditor.vue'
+import ContactEmailsEditor    from '@/components/ui/ContactEmailsEditor.vue'
 
 // V#9 — composables/repo da feature pacientes (extração da página gigante)
 import { useCep } from '@/features/patients/composables/useCep'
 import { usePatientSupportContacts } from '@/features/patients/composables/usePatientSupportContacts'
+// Fase 2b — LGPD export (Art. 18, II)
+import { useLgpdExport } from '@/composables/useLgpdExport'
+// Fase 5b-7 — drawer global de conversa
+import { useConversationDrawerStore } from '@/stores/conversationDrawerStore'
 import {
     listGroups as repoListGroups,
     listTags as repoListTags,
@@ -148,6 +154,37 @@ const patientId = computed(() =>
 )
 const isEdit = computed(() => !!patientId.value)
 
+// ─────────────────────────────────────────────────────────
+// LGPD export (Art. 18, II - portabilidade)
+// ─────────────────────────────────────────────────────────
+const lgpdDialog = ref(false)
+const { loading: lgpdExporting, exportJSON: lgpdExportJSON, exportPDF: lgpdExportPDF } = useLgpdExport()
+
+async function onLgpdExport(format) {
+  if (!isEdit.value || !patientId.value) return
+  const name = form.nome_completo || 'paciente'
+  try {
+    if (format === 'json') {
+      await lgpdExportJSON(patientId.value, name)
+    } else {
+      await lgpdExportPDF(patientId.value, name, '')
+    }
+    toast.add({ severity: 'success', summary: 'Export LGPD gerado', detail: `Arquivo ${format.toUpperCase()} baixado. O evento foi registrado na auditoria.`, life: 5000 })
+    lgpdDialog.value = false
+  } catch (err) {
+    const msg = err?.message || String(err)
+    toast.add({ severity: 'error', summary: 'Falha no export LGPD', detail: msg, life: 6000 })
+    logError('PatientsCadastroPage.onLgpdExport', msg, err)
+  }
+}
+
+// Fase 5b-7 — Abre drawer global (não navega)
+const conversationDrawer = useConversationDrawerStore()
+function goToConversation() {
+  if (!isEdit.value || !patientId.value) return
+  conversationDrawer.openForPatient(patientId.value)
+}
+
 function getAreaKey () {
   const seg = String(route.path || '').split('/').filter(Boolean)[0] || 'admin'
   return seg === 'therapist' ? 'therapist' : 'admin'
@@ -424,7 +461,9 @@ const ALLOWED = new Set([
   'nome_completo','nome_social','pronomes',
   'data_nascimento','genero','estado_civil','cpf','rg','naturalidade','etnia',
   'profissao','escolaridade',
-  'telefone','email_principal','email_alternativo','telefone_alternativo',
+  // telefone, telefone_alternativo, email_principal, email_alternativo agora são
+  // gerenciados pelos editors polimórficos (contact_phones / contact_emails);
+  // triggers sincronizam de volta pra essas colunas legadas.
   'canal_preferido','horario_contato',
   'cep','pais','cidade','estado','endereco','numero','bairro','complemento',
   'status','convenio','convenio_id','patient_scope',
@@ -876,7 +915,8 @@ function fillRandomPatient () {
   toast.add({ severity:'info', summary:'Preenchido', detail:'Dados fictícios aplicados.', life:2500 })
 }
 
-defineExpose({ fillRandomPatient, onSubmit, confirmDelete, saving, deleting, canSee, isEdit })
+function openLgpdDialog() { lgpdDialog.value = true }
+defineExpose({ fillRandomPatient, onSubmit, confirmDelete, saving, deleting, canSee, isEdit, openLgpdDialog, lgpdExporting, goToConversation })
 </script>
 
 <template>
@@ -888,7 +928,7 @@ defineExpose({ fillRandomPatient, onSubmit, confirmDelete, saving, deleting, can
   ═══════════════════════════════════════════════════════ -->
   <section
     v-if="!dialogMode"
-    class="sticky mx-3 md:mx-4 mb-3 z-20 overflow-hidden rounded-xl border border-[var(--surface-border)] bg-[var(--surface-card)] px-4 py-2.5 shadow-sm"
+    class="sticky mx-3 md:mx-4 my-3 z-20 overflow-hidden rounded-xl border border-[var(--surface-border)] bg-[var(--surface-card)] px-4 py-2.5 shadow-sm"
     :style="{ top: 'var(--layout-sticky-top, 56px)' }"
   >
     <!-- Blobs decorativos -->
@@ -957,6 +997,8 @@ defineExpose({ fillRandomPatient, onSubmit, confirmDelete, saving, deleting, can
           @click="fillRandomPatient"
         />
         <Button icon="pi pi-arrow-left" severity="secondary" outlined class="h-9 w-9 rounded-full" title="Voltar" @click="goBack" />
+        <Button v-if="isEdit" icon="pi pi-whatsapp" severity="success" outlined class="h-9 w-9 rounded-full" title="Conversar no WhatsApp" @click="goToConversation" />
+        <Button v-if="isEdit" icon="pi pi-shield" severity="secondary" outlined class="h-9 w-9 rounded-full" title="Exportar dados do paciente (LGPD)" @click="lgpdDialog = true" />
         <Button v-if="isEdit" icon="pi pi-trash" severity="danger" outlined class="h-9 w-9 rounded-full" :loading="deleting" @click="confirmDelete" />
         <Button label="Salvar" icon="pi pi-check" class="rounded-full" :loading="saving" @click="onSubmit" />
       </div>
@@ -1255,42 +1297,32 @@ defineExpose({ fillRandomPatient, onSubmit, confirmDelete, saving, deleting, can
                   <div class="flex-1 h-px" :class="pal.indigo.divLine"/>
                   <span class="text-[0.6rem]" :class="pal.indigo.hint">Card "Contato" no detalhe</span>
                 </div>
+                <!-- Telefones (polimórfico — tipo/número/principal/vinculado) -->
+                <div class="col-span-full">
+                  <div class="text-xs font-semibold text-[var(--text-color-secondary)] mb-1.5 flex items-center gap-1.5">
+                    <i class="pi pi-phone text-[var(--primary-color)]" />
+                    Telefones
+                  </div>
+                  <ContactPhonesEditor
+                    entity-type="patient"
+                    :entity-id="patientId || null"
+                  />
+                </div>
+
+                <!-- Emails (polimórfico — tipo/endereço/principal) -->
+                <div class="col-span-full">
+                  <div class="text-xs font-semibold text-[var(--text-color-secondary)] mb-1.5 flex items-center gap-1.5">
+                    <i class="pi pi-envelope text-[var(--primary-color)]" />
+                    Emails
+                  </div>
+                  <ContactEmailsEditor
+                    entity-type="patient"
+                    :entity-id="patientId || null"
+                  />
+                </div>
+
                 <div class="grid grid-cols-1 gap-3.5 xl:grid-cols-2">
 
-                  <!-- Telefone -->
-                  <div>
-                    <FloatLabel variant="on">
-                      <IconField><InputIcon class="pi pi-phone"/><InputMask id="f_tel" v-model="form.telefone" mask="(99) 99999-9999" :unmask="false" class="w-full" variant="filled"/></IconField>
-                      <label for="f_tel">Telefone / celular *</label>
-                    </FloatLabel>
-                    <div class="mt-1 text-[0.63rem]" :class="pal.indigo.hint">Exibido como "WhatsApp" clicável no perfil.</div>
-                  </div>
-
-                  <!-- Telefone alternativo -->
-                  <div>
-                    <FloatLabel variant="on">
-                      <IconField><InputIcon class="pi pi-phone"/><InputMask id="f_tel2" v-model="form.telefone_alternativo" mask="(99) 99999-9999" :unmask="false" class="w-full" variant="filled"/></IconField>
-                      <label for="f_tel2">Telefone alternativo</label>
-                    </FloatLabel>
-                  </div>
-
-                  <!-- E-mail principal -->
-                  <div>
-                    <FloatLabel variant="on">
-                      <IconField><InputIcon class="pi pi-envelope"/><InputText id="f_email" v-model="form.email_principal" class="w-full" variant="filled"/></IconField>
-                      <label for="f_email">E-mail principal *</label>
-                    </FloatLabel>
-                    <div class="mt-1 text-[0.63rem]" :class="pal.indigo.hint">Link mailto: no card Contato.</div>
-                  </div>
-
-                  <!-- E-mail alternativo -->
-                  <div>
-                    <FloatLabel variant="on">
-                      <IconField><InputIcon class="pi pi-envelope"/><InputText id="f_email2" v-model="form.email_alternativo" class="w-full" variant="filled"/></IconField>
-                      <label for="f_email2">E-mail alternativo</label>
-                    </FloatLabel>
-                  </div>
-
                   <!-- Canal preferido -->
                   <div>
                     <FloatLabel variant="on">
@@ -1948,4 +1980,38 @@ defineExpose({ fillRandomPatient, onSubmit, confirmDelete, saving, deleting, can
     @selected="onMedicoSelected"
     @created="onMedicoSelected"
   />
+
+  <!-- ══ Dialog: Export LGPD (Art. 18, II) ═════════════ -->
+  <Dialog
+    v-model:visible="lgpdDialog"
+    modal
+    :draggable="false"
+    :closable="!lgpdExporting"
+    :dismissableMask="!lgpdExporting"
+    class="w-[34rem]"
+    :breakpoints="{ '768px': '94vw' }"
+    header="Exportar dados do paciente (LGPD)"
+  >
+    <div class="flex flex-col gap-3 text-sm">
+      <Message severity="info" :closable="false" class="text-xs">
+        Atendendo ao <strong>art. 18, II da LGPD</strong> — direito de portabilidade do titular.
+        O evento será registrado na auditoria da clínica.
+      </Message>
+
+      <p>Serão exportados: cadastro, contatos, histórico de status, eventos de agenda, registros financeiros, documentos (metadados), notificações enviadas e auditoria de alterações.</p>
+
+      <p class="text-xs text-surface-500">Escolha o formato:</p>
+
+      <div class="grid grid-cols-2 gap-2">
+        <Button label="JSON (completo)" icon="pi pi-code" severity="secondary" outlined :loading="lgpdExporting" @click="onLgpdExport('json')" />
+        <Button label="PDF (relatório)" icon="pi pi-file-pdf" :loading="lgpdExporting" @click="onLgpdExport('pdf')" />
+      </div>
+
+      <p class="text-[0.7rem] text-surface-400 mt-2">JSON é o formato canônico portável. PDF é legível e adequado pra entregar ao titular.</p>
+    </div>
+
+    <template #footer>
+      <Button label="Fechar" text :disabled="lgpdExporting" @click="lgpdDialog = false" />
+    </template>
+  </Dialog>
 </template>
diff --git a/src/features/patients/cadastro/PatientsExternalLinkPage.vue b/src/features/patients/cadastro/PatientsExternalLinkPage.vue
index e584367..2b58b99 100644
--- a/src/features/patients/cadastro/PatientsExternalLinkPage.vue
+++ b/src/features/patients/cadastro/PatientsExternalLinkPage.vue
@@ -148,7 +148,7 @@ onBeforeUnmount(() => {
   ═══════════════════════════════════════════════════════ -->
     <section
         ref="headerEl"
-        class="sticky mx-3 md:mx-4 mb-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
+        class="sticky mx-3 md:mx-4 my-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
         :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
         :style="{ top: 'var(--layout-sticky-top, 56px)' }"
     >
diff --git a/src/features/patients/cadastro/recebidos/CadastrosRecebidosPage.vue b/src/features/patients/cadastro/recebidos/CadastrosRecebidosPage.vue
index 8c13ed6..b50700e 100644
--- a/src/features/patients/cadastro/recebidos/CadastrosRecebidosPage.vue
+++ b/src/features/patients/cadastro/recebidos/CadastrosRecebidosPage.vue
@@ -486,7 +486,7 @@ onBeforeUnmount(() => {
   ═══════════════════════════════════════════════════════ -->
     <section
         ref="headerEl"
-        class="sticky mx-3 md:mx-4 mb-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
+        class="sticky mx-3 md:mx-4 my-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
         :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
         :style="{ top: 'var(--layout-sticky-top, 56px)' }"
     >
@@ -568,9 +568,9 @@ onBeforeUnmount(() => {
     <!-- ══════════════════════════════════════════════════════
        QUICK-STATS
   ═══════════════════════════════════════════════════════ -->
-    <div class="flex flex-wrap gap-2 px-3 md:px-4 mb-3">
+    <div class="grid grid-cols-2 md:grid-cols-4 gap-2 px-3 md:px-4 mb-3">
         <template v-if="loading">
-            <Skeleton v-for="n in 4" :key="n" height="3.5rem" class="flex-1 min-w-[72px] rounded-md" />
+            <Skeleton v-for="n in 4" :key="n" height="3.5rem" class="rounded-md" />
         </template>
         <template v-else>
             <div
@@ -579,7 +579,7 @@ onBeforeUnmount(() => {
                 @click="toggleStatusFilter('')"
             >
                 <div class="text-[1.35rem] font-bold leading-none text-[var(--text-color)]">{{ totals.total }}</div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">Total</div>
+                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">Total</div>
             </div>
 
             <div
@@ -588,7 +588,7 @@ onBeforeUnmount(() => {
                 @click="toggleStatusFilter('new')"
             >
                 <div class="text-[1.35rem] font-bold leading-none text-sky-500">{{ totals.nNew }}</div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">Novos</div>
+                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">Novos</div>
             </div>
 
             <div
@@ -597,7 +597,7 @@ onBeforeUnmount(() => {
                 @click="toggleStatusFilter('converted')"
             >
                 <div class="text-[1.35rem] font-bold leading-none text-green-500">{{ totals.nConv }}</div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">Convertidos</div>
+                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">Convertidos</div>
             </div>
 
             <div
@@ -606,7 +606,7 @@ onBeforeUnmount(() => {
                 @click="toggleStatusFilter('rejected')"
             >
                 <div class="text-[1.35rem] font-bold leading-none text-red-500">{{ totals.nRej }}</div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">Rejeitados</div>
+                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">Rejeitados</div>
             </div>
         </template>
     </div>
diff --git a/src/features/patients/grupos/GruposPacientesPage.vue b/src/features/patients/grupos/GruposPacientesPage.vue
index 6967fc1..7889e85 100644
--- a/src/features/patients/grupos/GruposPacientesPage.vue
+++ b/src/features/patients/grupos/GruposPacientesPage.vue
@@ -421,7 +421,7 @@ function isRecent(row) {
   ═══════════════════════════════════════════════════════ -->
     <section
         ref="headerEl"
-        class="sticky mx-3 md:mx-4 mb-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
+        class="sticky mx-3 md:mx-4 my-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
         :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
         :style="{ top: 'var(--layout-sticky-top, 56px)' }"
     >
@@ -490,9 +490,9 @@ function isRecent(row) {
     <!-- ══════════════════════════════════════════════════════
        QUICK-STATS
   ═══════════════════════════════════════════════════════ -->
-    <div class="flex flex-wrap gap-2 px-3 md:px-4 mb-3">
+    <div class="grid grid-cols-2 md:grid-cols-4 gap-2 px-3 md:px-4 mb-3">
         <template v-if="loading">
-            <Skeleton v-for="n in 4" :key="n" height="3.5rem" class="flex-1 min-w-[80px] rounded-md" />
+            <Skeleton v-for="n in 4" :key="n" height="3.5rem" class="rounded-md" />
         </template>
         <template v-else>
             <div
@@ -513,7 +513,7 @@ function isRecent(row) {
                 >
                     {{ s.value }}
                 </div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">{{ s.label }}</div>
+                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">{{ s.label }}</div>
             </div>
         </template>
     </div>
diff --git a/src/features/patients/medicos/MedicosPage.vue b/src/features/patients/medicos/MedicosPage.vue
index fdbd3ec..79feeec 100644
--- a/src/features/patients/medicos/MedicosPage.vue
+++ b/src/features/patients/medicos/MedicosPage.vue
@@ -32,6 +32,8 @@ import {
 } from '@/services/Medicos.service.js';
 
 import PatientCadastroDialog from '@/components/ui/PatientCadastroDialog.vue';
+import ContactPhonesEditor from '@/components/ui/ContactPhonesEditor.vue';
+import ContactEmailsEditor from '@/components/ui/ContactEmailsEditor.vue';
 
 const router = useRouter();
 const toast = useToast();
@@ -388,7 +390,7 @@ function isRecent(row) {
     ═══════════════════════════════════════════════════════ -->
     <section
         ref="headerEl"
-        class="sticky mx-3 md:mx-4 mb-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
+        class="sticky mx-3 md:mx-4 my-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
         :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
         :style="{ top: 'var(--layout-sticky-top, 56px)' }"
     >
@@ -457,9 +459,9 @@ function isRecent(row) {
     <!-- ══════════════════════════════════════════════════════
        QUICK-STATS
     ═══════════════════════════════════════════════════════ -->
-    <div class="flex flex-wrap gap-2 px-3 md:px-4 mb-3">
+    <div class="grid grid-cols-2 md:grid-cols-4 gap-2 px-3 md:px-4 mb-3">
         <template v-if="loading">
-            <Skeleton v-for="n in 4" :key="n" height="3.5rem" class="flex-1 min-w-[80px] rounded-md" />
+            <Skeleton v-for="n in 4" :key="n" height="3.5rem" class="rounded-md" />
         </template>
         <template v-else>
             <div
@@ -480,7 +482,7 @@ function isRecent(row) {
                 >
                     {{ s.value }}
                 </div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">{{ s.label }}</div>
+                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">{{ s.label }}</div>
             </div>
         </template>
     </div>
@@ -772,33 +774,32 @@ function isRecent(row) {
                 <div class="flex-1 h-px bg-teal-200/50" />
             </div>
 
-            <!-- Telefone profissional -->
-            <div>
-                <FloatLabel variant="on">
-                    <InputMask id="dlg_tel_prof" v-model="dlg.telefone_profissional" mask="(99) 99999-9999" :unmask="false" class="w-full" variant="filled" placeholder="(00) 00000-0000" :disabled="dlg.saving" />
-                    <label for="dlg_tel_prof">Telefone profissional</label>
-                </FloatLabel>
-                <div class="mt-1 text-[0.63rem] text-[var(--text-color-secondary)] opacity-60">Consultório ou clínica.</div>
+            <!-- Telefones (polimórfico) -->
+            <div v-if="dlg.id">
+                <div class="text-[0.63rem] font-bold uppercase tracking-wider text-[var(--text-color-secondary)] opacity-70 mb-1">Telefones</div>
+                <ContactPhonesEditor
+                    entity-type="medico"
+                    :entity-id="dlg.id"
+                    confirm-group="medicos-dlg"
+                />
+            </div>
+            <div v-else class="text-xs italic text-[var(--text-color-secondary)] py-2 px-3 rounded-md bg-[var(--surface-ground)] border border-dashed border-[var(--surface-border)]">
+                <i class="pi pi-info-circle text-sky-500 mr-1" />
+                Salve o médico primeiro pra adicionar telefones.
             </div>
 
-            <!-- Telefone pessoal -->
-            <div>
-                <FloatLabel variant="on">
-                    <InputMask id="dlg_tel_pes" v-model="dlg.telefone_pessoal" mask="(99) 99999-9999" :unmask="false" class="w-full" variant="filled" placeholder="(00) 00000-0000" :disabled="dlg.saving" />
-                    <label for="dlg_tel_pes">Telefone pessoal / WhatsApp</label>
-                </FloatLabel>
-                <div class="mt-1 text-[0.63rem] text-[var(--text-color-secondary)] opacity-60">Pessoal / WhatsApp.</div>
+            <!-- Emails (polimórfico) -->
+            <div v-if="dlg.id">
+                <div class="text-[0.63rem] font-bold uppercase tracking-wider text-[var(--text-color-secondary)] opacity-70 mb-1">Emails</div>
+                <ContactEmailsEditor
+                    entity-type="medico"
+                    :entity-id="dlg.id"
+                    confirm-group="medicos-dlg"
+                />
             </div>
-
-            <!-- Email -->
-            <div>
-                <FloatLabel variant="on">
-                    <IconField>
-                        <InputIcon class="pi pi-envelope" />
-                        <InputText id="dlg_email" v-model="dlg.email" class="w-full" variant="filled" :disabled="dlg.saving" />
-                    </IconField>
-                    <label for="dlg_email">E-mail profissional</label>
-                </FloatLabel>
+            <div v-else class="text-xs italic text-[var(--text-color-secondary)] py-2 px-3 rounded-md bg-[var(--surface-ground)] border border-dashed border-[var(--surface-border)]">
+                <i class="pi pi-info-circle text-sky-500 mr-1" />
+                Salve o médico primeiro pra adicionar emails.
             </div>
 
             <!-- Divider localização -->
diff --git a/src/features/patients/prontuario/PatientConversationsTab.vue b/src/features/patients/prontuario/PatientConversationsTab.vue
new file mode 100644
index 0000000..fccc6fc
--- /dev/null
+++ b/src/features/patients/prontuario/PatientConversationsTab.vue
@@ -0,0 +1,221 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI — Histórico de conversas na ficha do paciente (CRM 3.6)
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, computed, onMounted, watch } from 'vue';
+import { supabase } from '@/lib/supabase/client';
+import { useConversationDrawerStore } from '@/stores/conversationDrawerStore';
+import { formatDistanceToNow, format } from 'date-fns';
+import { ptBR } from 'date-fns/locale';
+
+const props = defineProps({
+    patientId: { type: String, required: true },
+    patientName: { type: String, default: '' }
+});
+
+const drawerStore = useConversationDrawerStore();
+const loading = ref(false);
+const messages = ref([]);
+const mediaUrls = ref({});
+const filter = ref('all'); // all | inbound | outbound
+
+const CHANNEL_ICON = {
+    whatsapp: 'pi pi-whatsapp',
+    sms: 'pi pi-comment',
+    email: 'pi pi-envelope'
+};
+
+async function load() {
+    if (!props.patientId) return;
+    loading.value = true;
+    try {
+        const { data, error } = await supabase
+            .from('conversation_messages')
+            .select('id, channel, direction, from_number, to_number, body, media_url, media_mime, provider, kanban_status, received_at, created_at, responded_at, delivery_status')
+            .eq('patient_id', props.patientId)
+            .order('created_at', { ascending: true })
+            .limit(500);
+        if (error) throw error;
+        messages.value = data || [];
+        // Resolve signed URLs pra mídia do bucket
+        for (const m of messages.value) {
+            if (m.media_url && !/^https?:\/\//i.test(m.media_url)) {
+                const { data: signed } = await supabase.storage.from('whatsapp-media').createSignedUrl(m.media_url, 3600);
+                if (signed?.signedUrl) mediaUrls.value[m.id] = signed.signedUrl;
+            } else if (m.media_url) {
+                mediaUrls.value[m.id] = m.media_url;
+            }
+        }
+    } catch (e) {
+        console.error('[PatientConversationsTab] load:', e?.message);
+        messages.value = [];
+    } finally {
+        loading.value = false;
+    }
+}
+
+const stats = computed(() => {
+    const total = messages.value.length;
+    const inbound = messages.value.filter((m) => m.direction === 'inbound').length;
+    const outbound = messages.value.filter((m) => m.direction === 'outbound').length;
+    const first = messages.value[0]?.created_at || null;
+    const last = messages.value[messages.value.length - 1]?.created_at || null;
+    const channels = new Set(messages.value.map((m) => m.channel));
+    return { total, inbound, outbound, first, last, channels: [...channels] };
+});
+
+const filtered = computed(() => {
+    if (filter.value === 'all') return messages.value;
+    return messages.value.filter((m) => m.direction === filter.value);
+});
+
+function fmtTime(iso) {
+    if (!iso) return '';
+    try {
+        return format(new Date(iso), "dd 'de' MMM HH:mm", { locale: ptBR });
+    } catch { return ''; }
+}
+function fmtRelative(iso) {
+    if (!iso) return '';
+    try {
+        return formatDistanceToNow(new Date(iso), { addSuffix: true, locale: ptBR });
+    } catch { return ''; }
+}
+
+function isImage(mime) { return !!mime && mime.startsWith('image/'); }
+function isAudio(mime) { return !!mime && mime.startsWith('audio/'); }
+function isVideo(mime) { return !!mime && mime.startsWith('video/'); }
+
+function openInDrawer() {
+    drawerStore.openForPatient(props.patientId);
+}
+
+onMounted(() => { load(); });
+watch(() => props.patientId, () => { load(); });
+</script>
+
+<template>
+    <div class="flex flex-col gap-3 p-2">
+        <!-- Header com stats + ação -->
+        <div class="flex items-start justify-between gap-3 flex-wrap">
+            <div class="flex items-center gap-4 flex-wrap">
+                <div class="flex flex-col">
+                    <span class="text-[0.7rem] uppercase tracking-wider font-semibold text-[var(--text-color-secondary)]">Mensagens</span>
+                    <span class="text-xl font-bold leading-none">{{ stats.total }}</span>
+                </div>
+                <div class="h-8 w-px bg-[var(--surface-border)]" />
+                <div class="flex flex-col">
+                    <span class="text-[0.7rem] uppercase tracking-wider font-semibold text-[var(--text-color-secondary)]">Recebidas</span>
+                    <span class="text-base font-bold text-green-600 leading-none">{{ stats.inbound }}</span>
+                </div>
+                <div class="flex flex-col">
+                    <span class="text-[0.7rem] uppercase tracking-wider font-semibold text-[var(--text-color-secondary)]">Enviadas</span>
+                    <span class="text-base font-bold text-sky-600 leading-none">{{ stats.outbound }}</span>
+                </div>
+                <div v-if="stats.first" class="flex flex-col">
+                    <span class="text-[0.7rem] uppercase tracking-wider font-semibold text-[var(--text-color-secondary)]">Primeira</span>
+                    <span class="text-xs leading-tight">{{ fmtTime(stats.first) }}</span>
+                </div>
+                <div v-if="stats.last" class="flex flex-col">
+                    <span class="text-[0.7rem] uppercase tracking-wider font-semibold text-[var(--text-color-secondary)]">Última</span>
+                    <span class="text-xs leading-tight">{{ fmtRelative(stats.last) }}</span>
+                </div>
+            </div>
+
+            <div class="flex items-center gap-2">
+                <SelectButton
+                    v-model="filter"
+                    :options="[
+                        { label: 'Todas', value: 'all' },
+                        { label: 'Recebidas', value: 'inbound' },
+                        { label: 'Enviadas', value: 'outbound' }
+                    ]"
+                    optionLabel="label"
+                    optionValue="value"
+                    :allowEmpty="false"
+                    size="small"
+                />
+                <Button
+                    label="Abrir no CRM"
+                    icon="pi pi-external-link"
+                    severity="primary"
+                    size="small"
+                    class="rounded-full"
+                    :disabled="!messages.length"
+                    v-tooltip.top="'Abre o drawer de conversa com histórico completo + compose'"
+                    @click="openInDrawer"
+                />
+            </div>
+        </div>
+
+        <!-- Loading -->
+        <div v-if="loading" class="flex flex-col gap-2">
+            <Skeleton v-for="n in 5" :key="n" height="4rem" class="rounded-md" />
+        </div>
+
+        <!-- Empty -->
+        <div v-else-if="!messages.length" class="flex flex-col items-center justify-center gap-2 py-12 text-center text-[var(--text-color-secondary)]">
+            <i class="pi pi-comments text-4xl opacity-30" />
+            <div class="text-sm">Nenhuma conversa registrada com este paciente ainda.</div>
+            <div class="text-xs opacity-70">
+                Quando {{ props.patientName || 'o paciente' }} enviar uma mensagem pelo WhatsApp (ou você enviar uma), vai aparecer aqui.
+            </div>
+        </div>
+
+        <!-- Timeline -->
+        <div v-else class="flex flex-col gap-1.5">
+            <div
+                v-for="m in filtered"
+                :key="m.id"
+                class="flex gap-2 items-start p-2 rounded-md border"
+                :class="m.direction === 'inbound'
+                    ? 'bg-[var(--surface-ground)] border-[var(--surface-border)]'
+                    : 'bg-emerald-500/5 border-emerald-500/20'"
+            >
+                <div class="w-7 h-7 rounded-full grid place-items-center shrink-0"
+                    :class="m.direction === 'inbound' ? 'bg-sky-500/15 text-sky-500' : 'bg-emerald-500/15 text-emerald-600'">
+                    <i :class="m.direction === 'inbound' ? 'pi pi-arrow-down' : 'pi pi-arrow-up'" class="text-[0.7rem]" />
+                </div>
+
+                <div class="flex-1 min-w-0">
+                    <div class="flex items-center gap-1.5 text-[0.68rem] text-[var(--text-color-secondary)] mb-0.5 flex-wrap">
+                        <i :class="CHANNEL_ICON[m.channel] || 'pi pi-comment'" class="text-[0.65rem]" />
+                        <span class="font-semibold">{{ m.direction === 'inbound' ? 'Paciente' : 'Clínica' }}</span>
+                        <span class="opacity-50">·</span>
+                        <span>{{ fmtTime(m.created_at) }}</span>
+                        <span v-if="m.direction === 'outbound' && m.delivery_status === 'read'" class="text-sky-500" v-tooltip.top="'Lida'">
+                            <i class="pi pi-check-double text-[0.6rem]" />
+                        </span>
+                        <span v-else-if="m.direction === 'outbound' && m.delivery_status === 'delivered'" v-tooltip.top="'Entregue'">
+                            <i class="pi pi-check-double text-[0.6rem] opacity-60" />
+                        </span>
+                    </div>
+
+                    <!-- Mídia -->
+                    <template v-if="m.media_url">
+                        <div v-if="!mediaUrls[m.id]" class="text-xs italic text-[var(--text-color-secondary)]">
+                            <i class="pi pi-spin pi-spinner mr-1" /> carregando mídia…
+                        </div>
+                        <template v-else>
+                            <img v-if="isImage(m.media_mime)" :src="mediaUrls[m.id]" class="max-w-[200px] rounded-md mt-0.5" />
+                            <audio v-else-if="isAudio(m.media_mime)" :src="mediaUrls[m.id]" controls preload="metadata" class="block max-w-full mt-0.5" />
+                            <video v-else-if="isVideo(m.media_mime)" :src="mediaUrls[m.id]" controls class="max-w-[260px] rounded-md mt-0.5" />
+                            <a v-else :href="mediaUrls[m.id]" target="_blank" rel="noopener" class="text-xs underline text-[var(--primary-color)]">
+                                <i class="pi pi-paperclip text-[0.6rem] mr-1" />Baixar anexo
+                            </a>
+                        </template>
+                    </template>
+
+                    <div v-if="m.body" class="text-sm whitespace-pre-wrap break-words">{{ m.body }}</div>
+                </div>
+            </div>
+        </div>
+
+        <!-- Footer info -->
+        <div v-if="messages.length && messages.length >= 500" class="text-[0.7rem] text-center italic text-[var(--text-color-secondary)] py-2">
+            Exibindo as últimas 500 mensagens. Abra no CRM pra navegar na conversa completa.
+        </div>
+    </div>
+</template>
diff --git a/src/features/patients/prontuario/PatientProntuario.vue b/src/features/patients/prontuario/PatientProntuario.vue
index 525aecb..f3fa115 100644
--- a/src/features/patients/prontuario/PatientProntuario.vue
+++ b/src/features/patients/prontuario/PatientProntuario.vue
@@ -28,6 +28,7 @@ import { useToast } from 'primevue/usetoast';
 import { supabase } from '@/lib/supabase/client';
 
 import DocumentsListPage from '@/features/documents/DocumentsListPage.vue';
+import PatientConversationsTab from './PatientConversationsTab.vue';
 
 // ── PROPS / EMITS ──────────────────────────────────────────────
 const props = defineProps({
@@ -68,6 +69,7 @@ const mainTabs = [
     { label: 'Agenda',     icon: 'pi pi-calendar' },
     { label: 'Financeiro', icon: 'pi pi-wallet' },
     { label: 'Documentos', icon: 'pi pi-folder' },
+    { label: 'Conversas',  icon: 'pi pi-whatsapp' },
 ];
 
 // ── ACCORDION DA ABA PERFIL ────────────────────────────────────
@@ -1109,6 +1111,12 @@ Tags: ${(tags.value || []).map(t => t.name).filter(Boolean).join(', ') || '—'}
                             embedded
                         />
                     </div>
+                    <div v-show="activeTab === 5" class="p-2">
+                        <PatientConversationsTab
+                            :patient-id="patient?.id"
+                            :patient-name="patient?.nome_completo || patient?.nome_social || ''"
+                        />
+                    </div>
 
                 </main>
             </div>
diff --git a/src/features/patients/services/patientsRepository.js b/src/features/patients/services/patientsRepository.js
index ecbfef2..b62f205 100644
--- a/src/features/patients/services/patientsRepository.js
+++ b/src/features/patients/services/patientsRepository.js
@@ -15,8 +15,8 @@ import { assertTenantId, getUid } from '@/features/agenda/services/_tenantGuards
 const PATIENTS_SELECT_BASE = `
     id, tenant_id, owner_id, user_id, responsible_member_id, therapist_member_id,
     nome_completo, email_principal, email_alternativo, telefone, telefone_alternativo,
-    cpf, rg, data_nascimento, naturalidade, nacionalidade, genero, estado_civil,
-    profissao, escolaridade, status, status_pagamento,
+    cpf, rg, data_nascimento, naturalidade, genero, estado_civil,
+    profissao, escolaridade, status,
     cep, endereco, numero, bairro, complemento, cidade, estado, pais,
     nome_responsavel, telefone_responsavel, cpf_responsavel, observacao_responsavel,
     cobranca_no_responsavel,
@@ -36,7 +36,7 @@ const PATIENTS_SELECT_BASE = `
 export async function listPatients({ tenantId, ownerId = null, includeInactive = true, limit = null } = {}) {
     assertTenantId(tenantId);
 
-    let q = supabase.from('patients').select(PATIENTS_SELECT_BASE).eq('tenant_id', tenantId).is('deleted_at', null);
+    let q = supabase.from('patients').select(PATIENTS_SELECT_BASE).eq('tenant_id', tenantId);
     if (ownerId) q = q.eq('owner_id', ownerId);
     if (!includeInactive) q = q.neq('status', 'Inativo');
     if (limit) q = q.limit(limit);
@@ -55,7 +55,6 @@ export async function getPatientById(id, { tenantId } = {}) {
         .select(PATIENTS_SELECT_BASE)
         .eq('id', id)
         .eq('tenant_id', tenantId)
-        .is('deleted_at', null)
         .maybeSingle();
     if (error) throw error;
     return data;
@@ -90,7 +89,7 @@ export async function softDeletePatient(id, { tenantId } = {}) {
     assertTenantId(tenantId);
     const { error } = await supabase
         .from('patients')
-        .update({ deleted_at: new Date().toISOString(), status: 'Arquivado' })
+        .update({ status: 'Arquivado' })
         .eq('id', id)
         .eq('tenant_id', tenantId);
     if (error) throw error;
diff --git a/src/features/patients/tags/TagsPage.vue b/src/features/patients/tags/TagsPage.vue
index 1c5a98e..e6dda26 100644
--- a/src/features/patients/tags/TagsPage.vue
+++ b/src/features/patients/tags/TagsPage.vue
@@ -417,7 +417,7 @@ function isRecent(row) {
   ═══════════════════════════════════════════════════════ -->
     <section
         ref="headerEl"
-        class="sticky mx-3 md:mx-4 mb-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
+        class="sticky mx-3 md:mx-4 my-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
         :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
         :style="{ top: 'var(--layout-sticky-top, 56px)' }"
     >
@@ -486,9 +486,9 @@ function isRecent(row) {
     <!-- ══════════════════════════════════════════════════════
        QUICK-STATS
   ═══════════════════════════════════════════════════════ -->
-    <div class="flex flex-wrap gap-2 px-3 md:px-4 mb-3">
+    <div class="grid grid-cols-2 md:grid-cols-4 gap-2 px-3 md:px-4 mb-3">
         <template v-if="carregando">
-            <Skeleton v-for="n in 4" :key="n" height="3.5rem" class="flex-1 min-w-[80px] rounded-md" />
+            <Skeleton v-for="n in 4" :key="n" height="3.5rem" class="rounded-md" />
         </template>
         <template v-else>
             <div
@@ -501,7 +501,7 @@ function isRecent(row) {
                 }"
             >
                 <div class="text-[1.35rem] font-bold leading-none" :class="s.cls === 'qs-ok' ? 'text-green-500' : 'text-[var(--text-color)]'">{{ s.value }}</div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">{{ s.label }}</div>
+                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">{{ s.label }}</div>
             </div>
         </template>
     </div>
diff --git a/src/layout/AppLayout.vue b/src/layout/AppLayout.vue
index d6d8410..914c7a3 100644
--- a/src/layout/AppLayout.vue
+++ b/src/layout/AppLayout.vue
@@ -29,6 +29,8 @@ import AjudaDrawer from '@/components/AjudaDrawer.vue';
 import SupportDebugBanner from '@/support/components/SupportDebugBanner.vue';
 import GlobalNoticeBanner from '@/features/notices/GlobalNoticeBanner.vue';
 import AppThemeBar from './AppThemeBar.vue';
+import ConversationDrawer from '@/components/conversations/ConversationDrawer.vue';
+import GlobalInboundNotifier from '@/components/conversations/GlobalInboundNotifier.vue';
 import { useConfiguratorBar } from './composables/useConfiguratorBar';
 
 const { open: themeBarOpen } = useConfiguratorBar();
@@ -171,6 +173,8 @@ onBeforeUnmount(() => {
     <!-- ══ Global — fora de todos os branches, persiste em qualquer layout/rota ══ -->
     <SupportDebugBanner />
     <GlobalNoticeBanner />
+    <ConversationDrawer />
+    <GlobalInboundNotifier />
 </template>
 
 <style>
diff --git a/src/layout/AppMenu.vue b/src/layout/AppMenu.vue
index c1eec63..04df0ac 100644
--- a/src/layout/AppMenu.vue
+++ b/src/layout/AppMenu.vue
@@ -357,9 +357,9 @@ function onSearchFocus() {
 
 <template>
     <div class="flex flex-col h-full">
-        <!-- 🔎 TOPO FIXO -->
-        <div ref="searchWrapEl" class="px-3 pt-3 pb-2 border-b border-[var(--surface-border)] bg-[var(--surface-card)]">
-            <div class="relative">
+        <!-- 🔎 TOPO FIXO (56px, alinhado com topbar) -->
+        <div ref="searchWrapEl" class="sticky top-0 z-20 bg-[var(--surface-card)] border-b border-[var(--surface-border)]">
+            <div class="relative h-14 px-3 flex items-center">
                 <div aria-hidden="true" style="position: absolute; left: -9999px; top: -9999px; width: 1px; height: 1px; overflow: hidden">
                     <input type="email" name="email" autocomplete="username" tabindex="-1" disabled />
                     <input type="password" name="password" autocomplete="current-password" tabindex="-1" disabled />
@@ -390,12 +390,12 @@ function onSearchFocus() {
                     <label for="menu_search">Encontrar menu...</label>
                 </FloatLabel>
 
-                <button v-if="query.trim()" type="button" class="absolute right-2 top-1/2 -translate-y-1/2 opacity-70 hover:opacity-100" @mousedown.prevent="clearSearch" aria-label="Limpar busca">
+                <button v-if="query.trim()" type="button" class="absolute right-5 top-1/2 -translate-y-1/2 opacity-70 hover:opacity-100" @mousedown.prevent="clearSearch" aria-label="Limpar busca">
                     <i class="pi pi-times" />
                 </button>
             </div>
 
-            <div v-if="showResults && !query.trim() && recent.length" class="mt-2 border border-[var(--surface-border)] rounded-xl bg-[var(--surface-card)] shadow-sm overflow-hidden">
+            <div v-if="showResults && !query.trim() && recent.length" class="mx-3 mb-2 border border-[var(--surface-border)] rounded-xl bg-[var(--surface-card)] shadow-sm overflow-hidden">
                 <div class="px-3 py-2 text-xs opacity-70 flex items-center justify-content-between">
                     <span>Recentes</span>
                     <button type="button" class="opacity-70 hover:opacity-100" @mousedown.prevent="clearRecent" aria-label="Limpar recentes">
@@ -409,7 +409,7 @@ function onSearchFocus() {
                 </button>
             </div>
 
-            <div v-else-if="showResults && results.length" class="mt-2 border border-[var(--surface-border)] rounded-xl bg-[var(--surface-card)] shadow-sm overflow-hidden">
+            <div v-else-if="showResults && results.length" class="mx-3 mb-2 border border-[var(--surface-border)] rounded-xl bg-[var(--surface-card)] shadow-sm overflow-hidden">
                 <button
                     v-for="(r, i) in results"
                     :key="String(r.to)"
@@ -427,7 +427,7 @@ function onSearchFocus() {
                 </button>
             </div>
 
-            <div v-else-if="showResults && query && !results.length" class="mt-2 px-3 py-2 text-sm opacity-70">Nenhum item encontrado.</div>
+            <div v-else-if="showResults && query && !results.length" class="mx-3 mb-2 px-3 py-2 text-sm opacity-70">Nenhum item encontrado.</div>
         </div>
 
         <div class="flex-1 overflow-y-auto">
diff --git a/src/layout/AppTopbar.vue b/src/layout/AppTopbar.vue
index 83103da..abd3d4d 100644
--- a/src/layout/AppTopbar.vue
+++ b/src/layout/AppTopbar.vue
@@ -32,6 +32,7 @@ import { useAjuda } from '@/composables/useAjuda';
 const { openDrawer: openAjudaDrawer, closeDrawer: closeAjudaDrawer, drawerOpen: ajudaDrawerOpen } = useAjuda();
 
 import NotificationDrawer from '@/components/notifications/NotificationDrawer.vue';
+import GlobalSearch from '@/components/search/GlobalSearch.vue';
 import { useNotifications } from '@/composables/useNotifications';
 import { useNotificationStore } from '@/stores/notificationStore';
 const notificationStore = useNotificationStore();
@@ -585,6 +586,11 @@ onMounted(async () => {
             <Menu ref="ctxMenu" :model="ctxMenuModel" popup appendTo="body" :baseZIndex="3000" />
         </div>
 
+        <!-- Busca global (Ctrl+K) -->
+        <div class="rail-topbar__search">
+            <GlobalSearch />
+        </div>
+
         <!-- Ações -->
         <div class="rail-topbar__actions">
             <!-- Plan Dev Button -->
@@ -659,6 +665,29 @@ onMounted(async () => {
     gap: 0.25rem;
 }
 
+/* Busca global — centralizada entre left e actions */
+.rail-topbar__search {
+    display: flex;
+    align-items: center;
+    flex: 1 1 auto;
+    justify-content: center;
+    min-width: 0;
+    padding: 0 1rem;
+    max-width: 520px;
+    margin: 0 auto;
+}
+@media (max-width: 640px) {
+    .rail-topbar__search {
+        padding: 0 0.5rem;
+    }
+}
+@media (max-width: 480px) {
+    .rail-topbar__search {
+        padding: 0 0.25rem;
+        flex: 0 0 auto;
+    }
+}
+
 .rail-topbar__btn {
     width: 2.25rem;
     height: 2.25rem;
diff --git a/src/layout/ConfiguracoesPage.vue b/src/layout/ConfiguracoesPage.vue
index e118ee8..f1e022d 100644
--- a/src/layout/ConfiguracoesPage.vue
+++ b/src/layout/ConfiguracoesPage.vue
@@ -15,7 +15,7 @@
 |--------------------------------------------------------------------------
 -->
 <script setup>
-import { computed, ref, onMounted, onBeforeUnmount } from 'vue';
+import { computed, ref, watch, onMounted, onBeforeUnmount } from 'vue';
 import { useRoute, useRouter } from 'vue-router';
 import { useLayout } from '@/layout/composables/layout';
 
@@ -43,128 +43,215 @@ const headerSentinelRef = ref(null);
 const headerStuck = ref(false);
 let _observer = null;
 
-const secoes = [
+const grupos = [
     {
         key: 'agenda',
         label: 'Agenda',
-        desc: 'Horários semanais, exceções, duração e intervalo padrão.',
+        desc: 'Horários, bloqueios e agendador público para pacientes.',
         icon: 'pi pi-calendar',
-        to: '/configuracoes/agenda',
-        tags: ['Horários', 'Exceções', 'Duração']
+        items: [
+            {
+                key: 'agenda',
+                label: 'Agenda',
+                desc: 'Horários semanais, exceções, duração e intervalo padrão.',
+                icon: 'pi pi-calendar',
+                to: '/configuracoes/agenda'
+            },
+            {
+                key: 'bloqueios',
+                label: 'Bloqueios',
+                desc: 'Feriados nacionais, municipais e períodos bloqueados.',
+                icon: 'pi pi-ban',
+                to: '/configuracoes/bloqueios'
+            },
+            {
+                key: 'agendador',
+                label: 'Agendador Online',
+                desc: 'Link público para pacientes solicitarem horários.',
+                icon: 'pi pi-calendar-clock',
+                to: '/configuracoes/agendador'
+            }
+        ]
     },
     {
-        key: 'bloqueios',
-        label: 'Bloqueios',
-        desc: 'Feriados nacionais, municipais e períodos bloqueados.',
-        icon: 'pi pi-ban',
-        to: '/configuracoes/bloqueios',
-        tags: ['Feriados', 'Períodos', 'Recorrentes']
-    },
-    {
-        key: 'agendador',
-        label: 'Agendador Online',
-        desc: 'Link público para pacientes solicitarem horários.',
-        icon: 'pi pi-calendar-clock',
-        to: '/configuracoes/agendador',
-        tags: ['PRO', 'Link', 'Pix', 'LGPD']
-    },
-    {
-        key: 'pagamento',
-        label: 'Pagamento',
-        desc: 'Formas de pagamento: Pix, depósito, dinheiro, cartão, convênio.',
+        key: 'financeiro',
+        label: 'Financeiro',
+        desc: 'Formas de pagamento, valores, descontos e convênios.',
         icon: 'pi pi-wallet',
-        to: '/configuracoes/pagamento',
-        tags: ['Pix', 'TED', 'Cartão', 'Convênio']
-    },
-    {
-        key: 'precificacao',
-        label: 'Precificação',
-        desc: 'Valor padrão da sessão e preços por tipo de compromisso.',
-        icon: 'pi pi-tag',
-        to: '/configuracoes/precificacao',
-        tags: ['Valores', 'Sessão', 'Compromisso']
-    },
-    {
-        key: 'descontos',
-        label: 'Descontos por Paciente',
-        desc: 'Descontos recorrentes aplicados automaticamente.',
-        icon: 'pi pi-percentage',
-        to: '/configuracoes/descontos',
-        tags: ['Desconto', 'Paciente', 'Automático']
-    },
-    {
-        key: 'excecoes-financeiras',
-        label: 'Exceções Financeiras',
-        desc: 'O que cobrar em faltas, cancelamentos e situações excepcionais.',
-        icon: 'pi pi-exclamation-triangle',
-        to: '/configuracoes/excecoes-financeiras',
-        tags: ['Falta', 'Cancelamento', 'Cobrança']
-    },
-    {
-        key: 'convenios',
-        label: 'Convênios',
-        desc: 'Cadastre os convênios que você atende e seus valores.',
-        icon: 'pi pi-id-card',
-        to: '/configuracoes/convenios',
-        tags: ['Convênio', 'Plano de Saúde', 'Tabela']
-    },
-    {
-        key: 'empresa',
-        label: 'Minha Empresa',
-        desc: 'CNPJ, endereço, logomarca e redes sociais.',
-        icon: 'pi pi-building',
-        to: '/configuracoes/empresa',
-        tags: ['CNPJ', 'Endereço', 'Logo']
-    },
-    {
-        key: 'email-templates',
-        label: 'Templates de E-mail',
-        desc: 'Personalize os e-mails enviados aos pacientes.',
-        icon: 'pi pi-envelope',
-        to: '/configuracoes/email-templates',
-        tags: ['E-mail', 'Notificações', 'Personalizar']
+        items: [
+            {
+                key: 'pagamento',
+                label: 'Pagamento',
+                desc: 'Formas de pagamento: Pix, depósito, dinheiro, cartão, convênio.',
+                icon: 'pi pi-wallet',
+                to: '/configuracoes/pagamento'
+            },
+            {
+                key: 'precificacao',
+                label: 'Precificação',
+                desc: 'Valor padrão da sessão e preços por tipo de compromisso.',
+                icon: 'pi pi-tag',
+                to: '/configuracoes/precificacao'
+            },
+            {
+                key: 'descontos',
+                label: 'Descontos por Paciente',
+                desc: 'Descontos recorrentes aplicados automaticamente.',
+                icon: 'pi pi-percentage',
+                to: '/configuracoes/descontos'
+            },
+            {
+                key: 'excecoes-financeiras',
+                label: 'Exceções Financeiras',
+                desc: 'O que cobrar em faltas, cancelamentos e situações excepcionais.',
+                icon: 'pi pi-exclamation-triangle',
+                to: '/configuracoes/excecoes-financeiras'
+            },
+            {
+                key: 'convenios',
+                label: 'Convênios',
+                desc: 'Cadastre os convênios que você atende e seus valores.',
+                icon: 'pi pi-id-card',
+                to: '/configuracoes/convenios'
+            }
+        ]
     },
     {
         key: 'whatsapp',
-        label: 'WhatsApp',
-        desc: 'Configure a integração WhatsApp e personalize as mensagens.',
+        label: 'WhatsApp & Conversas',
+        desc: 'Canal, tags, auto-reply, lembretes e créditos de mensagens.',
         icon: 'pi pi-whatsapp',
-        to: '/configuracoes/whatsapp',
-        tags: ['WhatsApp', 'Mensagens', 'Notificações']
+        items: [
+            {
+                key: 'whatsapp',
+                label: 'Canal WhatsApp',
+                desc: 'Escolha o canal (oficial AgenciaPSI ou pessoal) e configure a integração.',
+                icon: 'pi pi-whatsapp',
+                to: '/configuracoes/whatsapp',
+                aliases: ['/configuracoes/whatsapp-pessoal', '/configuracoes/whatsapp-oficial']
+            },
+            {
+                key: 'whatsapp-templates',
+                label: 'Templates WhatsApp',
+                desc: 'Personalize os textos enviados por WhatsApp ou volte ao padrão da plataforma.',
+                icon: 'pi pi-file-edit',
+                to: '/configuracoes/whatsapp-templates'
+            },
+            {
+                key: 'conversas-tags',
+                label: 'Tags de Conversa',
+                desc: 'Etiquetas custom pra classificar threads no CRM (urgente, remarcação, etc).',
+                icon: 'pi pi-tag',
+                to: '/configuracoes/conversas-tags'
+            },
+            {
+                key: 'conversas-autoreply',
+                label: 'Auto-reply WhatsApp',
+                desc: 'Resposta automática quando paciente escreve fora do horário de atendimento.',
+                icon: 'pi pi-reply',
+                to: '/configuracoes/conversas-autoreply'
+            },
+            {
+                key: 'conversas-optouts',
+                label: 'Opt-outs (LGPD)',
+                desc: 'Números que pediram pra não receber mensagens automáticas. Direito de oposição LGPD.',
+                icon: 'pi pi-ban',
+                to: '/configuracoes/conversas-optouts'
+            },
+            {
+                key: 'lembretes-sessao',
+                label: 'Lembretes de Sessão',
+                desc: 'WhatsApp automático 24h e 2h antes das sessões agendadas.',
+                icon: 'pi pi-bell',
+                to: '/configuracoes/lembretes-sessao'
+            },
+            {
+                key: 'creditos-whatsapp',
+                label: 'Créditos WhatsApp',
+                desc: 'Compre pacotes de mensagens, veja saldo e extrato.',
+                icon: 'pi pi-credit-card',
+                to: '/configuracoes/creditos-whatsapp'
+            }
+        ]
     },
     {
-        key: 'whatsapp-twilio',
-        label: 'WhatsApp Oficial',
-        desc: 'Número WhatsApp Business exclusivo via Twilio.',
-        icon: 'pi pi-whatsapp',
-        to: '/configuracoes/whatsapp-twilio',
-        tags: ['WhatsApp', 'Twilio', 'Número Exclusivo']
+        key: 'comunicacao',
+        label: 'Comunicação',
+        desc: 'SMS e templates de e-mail enviados aos pacientes.',
+        icon: 'pi pi-send',
+        items: [
+            {
+                key: 'sms',
+                label: 'SMS',
+                desc: 'Gerencie créditos SMS e personalize as mensagens enviadas.',
+                icon: 'pi pi-comment',
+                to: '/configuracoes/sms'
+            },
+            {
+                key: 'email-templates',
+                label: 'Templates de E-mail',
+                desc: 'Personalize os e-mails enviados aos pacientes.',
+                icon: 'pi pi-envelope',
+                to: '/configuracoes/email-templates'
+            }
+        ]
     },
     {
-        key: 'sms',
-        label: 'SMS',
-        desc: 'Gerencie créditos SMS e personalize as mensagens enviadas.',
-        icon: 'pi pi-comment',
-        to: '/configuracoes/sms',
-        tags: ['SMS', 'Créditos', 'Mensagens']
-    },
-    {
-        key: 'recursos-extras',
-        label: 'Recursos Extras',
-        desc: 'Amplíe as funcionalidades com recursos adicionais e créditos.',
-        icon: 'pi pi-box',
-        to: '/configuracoes/recursos-extras',
-        tags: ['Add-ons', 'Créditos', 'Extra']
+        key: 'plataforma',
+        label: 'Empresa & Plataforma',
+        desc: 'Dados da empresa, recursos extras e registro de auditoria.',
+        icon: 'pi pi-building',
+        items: [
+            {
+                key: 'empresa',
+                label: 'Minha Empresa',
+                desc: 'CNPJ, endereço, logomarca e redes sociais.',
+                icon: 'pi pi-building',
+                to: '/configuracoes/empresa'
+            },
+            {
+                key: 'recursos-extras',
+                label: 'Recursos Extras',
+                desc: 'Amplíe as funcionalidades com recursos adicionais e créditos.',
+                icon: 'pi pi-box',
+                to: '/configuracoes/recursos-extras'
+            },
+            {
+                key: 'auditoria',
+                label: 'Auditoria',
+                desc: 'Registro imutável de operações (LGPD Art. 37).',
+                icon: 'pi pi-shield',
+                to: '/configuracoes/auditoria'
+            }
+        ]
     }
 ];
 
+// Flatten pra cálculos de item ativo (mesma lógica de antes)
+const secoesFlat = computed(() => grupos.flatMap((g) => g.items));
+
 const activeTo = computed(() => {
     const p = route.path || '';
-    const hit = [...secoes].sort((a, b) => b.to.length - a.to.length).find((s) => p === s.to || p.startsWith(s.to + '/'));
+    const hit = [...secoesFlat.value]
+        .sort((a, b) => b.to.length - a.to.length)
+        .find((s) => p === s.to || p.startsWith(s.to + '/') || (s.aliases || []).includes(p));
     return hit?.to || '/configuracoes/agenda';
 });
 
-const activeSecao = computed(() => secoes.find((s) => s.to === activeTo.value));
+const activeSecao = computed(() => secoesFlat.value.find((s) => s.to === activeTo.value));
+
+// Grupo que contém a seção ativa (pra auto-expandir no accordion)
+const activeGrupoKey = computed(() => grupos.find((g) => g.items.some((i) => i.to === activeTo.value))?.key || grupos[0].key);
+
+// Accordion multi-open: começa com o grupo ativo aberto
+const openGroups = ref([activeGrupoKey.value]);
+
+// Quando a rota mudar e o grupo ativo não estiver aberto, abre ele (sem fechar os outros)
+watch(activeGrupoKey, (k) => {
+    if (k && !openGroups.value.includes(k)) {
+        openGroups.value = [...openGroups.value, k];
+    }
+});
 
 function ir(to) {
     if (!to) return;
@@ -203,8 +290,8 @@ onBeforeUnmount(() => {
             :class="asideOpen ? 'translate-x-0 visible' : 'max-xl:-translate-x-full max-xl:invisible'"
             :style="{ left: asideLeft }"
         >
-            <!-- Cabeçalho da aside -->
-            <div class="flex items-center gap-2 px-4 py-3.5 border-b border-[var(--surface-border)] shrink-0">
+            <!-- Cabeçalho da aside (sticky — igual à sidebar principal) -->
+            <div class="cfg-aside-header sticky top-0 z-10 flex items-center gap-2 px-4 h-[50px] border-b border-[var(--surface-border)] shrink-0 bg-[var(--surface-card)]">
                 <div class="grid place-items-center w-8 h-8 rounded-md bg-indigo-500/[0.12] text-[var(--p-primary-500,#6366f1)] shrink-0">
                     <i class="pi pi-cog text-sm" />
                 </div>
@@ -217,38 +304,64 @@ onBeforeUnmount(() => {
                 <span>Seções</span>
             </div>
 
-            <!-- Itens de navegação -->
-            <TransitionGroup name="menu" tag="div" class="flex flex-col gap-0 px-2 pb-3">
-                <button
-                    v-for="(s, i) in showMenu ? secoes : []"
-                    :key="s.key"
-                    :style="{ transitionDelay: `${i * 40}ms` }"
-                    class="flex items-center gap-2.5 px-3 py-2.5 rounded-md cursor-pointer w-full text-left transition-colors duration-[120ms] hover:bg-[var(--surface-hover)]"
-                    :class="activeTo === s.to ? 'cfg-nav-item--active' : ''"
-                    @click="ir(s.to)"
-                >
-                    <i
-                        :class="[s.icon, activeTo === s.to ? 'text-[var(--primary-color,#6366f1)] opacity-100' : 'text-[var(--text-color-secondary)] opacity-60']"
-                        class="text-[0.85rem] shrink-0 w-4 text-center"
-                    />
-                    <div class="flex-1 min-w-0 flex flex-col gap-px">
-                        <span class="text-[0.88rem] font-semibold truncate" :class="activeTo === s.to ? 'text-[var(--primary-color,#6366f1)]' : 'text-[var(--text-color)]'">{{ s.label }}</span>
-                        <span class="text-[0.75rem] text-[var(--text-color-secondary)] opacity-70 truncate">{{ s.desc }}</span>
-                    </div>
-                    <i class="pi pi-chevron-right text-[0.6rem] shrink-0" :class="activeTo === s.to ? 'text-[var(--primary-color,#6366f1)] opacity-60' : 'text-[var(--text-color-secondary)] opacity-30'" />
-                </button>
-            </TransitionGroup>
+            <!-- Accordion de grupos -->
+            <div v-if="showMenu" class="cfg-menu-accordion px-2 pb-3">
+                <Accordion v-model:value="openGroups" multiple>
+                    <AccordionPanel v-for="g in grupos" :key="g.key" :value="g.key">
+                        <AccordionHeader class="cfg-group-header">
+                            <div class="flex items-center gap-2.5 w-full min-w-0">
+                                <div class="cfg-group-icon grid place-items-center w-9 h-9 rounded-md shrink-0 bg-[color-mix(in_srgb,var(--primary-color)_12%,transparent)] text-[var(--primary-color,#6366f1)]">
+                                    <i :class="g.icon" class="text-[0.95rem]" />
+                                </div>
+                                <div class="flex-1 min-w-0 flex flex-col gap-0.5">
+                                    <span class="text-[0.9rem] font-bold leading-5 text-[var(--text-color)] truncate">{{ g.label }}</span>
+                                    <span class="text-[0.8rem] leading-[1.15rem] text-[var(--text-color-secondary)] opacity-75 whitespace-normal break-words">{{ g.desc }}</span>
+                                </div>
+                                <Badge :value="g.items.length" severity="contrast" class="cfg-group-badge shrink-0" />
+                            </div>
+                        </AccordionHeader>
+                        <AccordionContent>
+                            <div class="cfg-nav-list flex flex-col gap-2 py-1">
+                                <button
+                                    v-for="s in g.items"
+                                    :key="s.key"
+                                    class="cfg-nav-item flex items-center gap-3 p-3 cursor-pointer w-full text-left rounded-[6px] border bg-[var(--surface-card)] transition-colors duration-[120ms]"
+                                    :class="activeTo === s.to ? 'cfg-nav-item--active' : 'border-[var(--surface-border)]'"
+                                    @click="ir(s.to)"
+                                >
+                                    <div
+                                        class="w-10 h-10 rounded-[6px] flex items-center justify-center shrink-0 transition-colors duration-[120ms]"
+                                        :class="activeTo === s.to
+                                            ? 'bg-[color-mix(in_srgb,var(--primary-color)_15%,transparent)] text-[var(--primary-color,#6366f1)]'
+                                            : 'bg-[var(--surface-ground)] text-[var(--text-color-secondary)]'"
+                                    >
+                                        <i :class="s.icon" class="text-lg" />
+                                    </div>
+
+                                    <div class="flex-1 min-w-0 flex flex-col gap-0.5">
+                                        <span
+                                            class="font-semibold leading-5 truncate"
+                                            :class="activeTo === s.to ? 'text-[var(--primary-color,#6366f1)]' : 'text-[var(--text-color)]'"
+                                        >{{ s.label }}</span>
+                                        <span class="text-sm leading-[1.15rem] text-[var(--text-color-secondary)] whitespace-normal break-words">{{ s.desc }}</span>
+                                    </div>
+                                </button>
+                            </div>
+                        </AccordionContent>
+                    </AccordionPanel>
+                </Accordion>
+            </div>
         </aside>
 
         <!-- Área principal -->
-        <div class="flex-1 min-w-0 xl:pl-[272px]">
+        <div class="flex-1 min-w-0 xl:pl-[320px]">
             <!-- Sentinel -->
             <div ref="headerSentinelRef" class="h-px" />
 
             <!-- Hero compacto -->
             <div
                 ref="headerEl"
-                class="sticky top-[var(--layout-sticky-top,56px)] z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] px-3 py-2.5 mx-3 md:mx-4 mb-3"
+                class="sticky top-[var(--layout-sticky-top,56px)] z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] px-3 py-2.5 mx-3 md:mx-4 my-3"
                 :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
             >
                 <!-- Blobs decorativos -->
@@ -285,6 +398,9 @@ onBeforeUnmount(() => {
 
                     <!-- Ações -->
                     <div class="flex items-center gap-2 ml-auto shrink-0">
+                        <!-- Slot de ações específicas da sub-página (via Teleport) -->
+                        <div id="cfg-page-actions" class="flex items-center gap-1.5"></div>
+
                         <!-- Toggle aside — mobile/tablet apenas -->
                         <button
                             class="xl:hidden inline-flex items-center gap-1.5 h-9 px-3 rounded-full border border-[var(--surface-border)] bg-transparent text-xs font-semibold text-[var(--text-color)] cursor-pointer hover:bg-[var(--surface-hover)] transition-colors duration-150"
@@ -313,7 +429,7 @@ onBeforeUnmount(() => {
     top: calc(56px + var(--notice-banner-height, 0px));
     left: 0;
     height: calc(100dvh - 56px - var(--notice-banner-height, 0px));
-    width: min(272px, 85vw);
+    width: min(320px, 90vw);
     z-index: 40;
     overflow-y: auto;
     transition:
@@ -326,7 +442,7 @@ onBeforeUnmount(() => {
         position: fixed;
         top: calc(56px + var(--notice-banner-height, 0px));
         height: calc(100vh - 56px - var(--notice-banner-height, 0px));
-        width: 272px;
+        width: 320px;
         transform: none;
         visibility: visible;
         box-shadow: none;
@@ -335,18 +451,91 @@ onBeforeUnmount(() => {
     }
 }
 
-.cfg-nav-item--active {
-    background: color-mix(in srgb, var(--primary-color) 8%, var(--surface-card));
+/* ── Lista de subitens (cards) ──────────────────────────────── */
+.cfg-nav-list {
+    margin: 0.15rem 0.25rem 0.35rem 1.5rem;
 }
 
-/* TransitionGroup menu */
-.menu-enter-active {
+/* ── Hover e estado ativo dos cards ─────────────────────────── */
+.cfg-nav-item {
     transition:
-        opacity 0.2s ease,
-        transform 0.2s ease;
+        background-color 150ms ease,
+        border-color 150ms ease;
 }
-.menu-enter-from {
-    opacity: 0;
-    transform: translateX(-6px);
+.cfg-nav-item:hover {
+    background: var(--surface-hover) !important;
+    border-color: color-mix(in srgb, var(--primary-color) 30%, var(--surface-border)) !important;
+}
+.cfg-nav-item--active {
+    background: color-mix(in srgb, var(--primary-color) 6%, var(--surface-card));
+    border-color: var(--primary-color, #6366f1) !important;
+}
+
+/* ── Accordion do menu — compacto, sem bordas grossas ───────────── */
+.cfg-menu-accordion :deep(.p-accordion) {
+    display: flex;
+    flex-direction: column;
+    gap: 2px;
+}
+.cfg-menu-accordion :deep(.p-accordionpanel) {
+    border: none;
+    background: transparent;
+}
+.cfg-menu-accordion :deep(.p-accordionheader) {
+    padding: 0.5rem 0.5rem;
+    border-radius: 8px;
+    background: transparent;
+    border: none;
+    color: var(--text-color);
+    transition: background-color 120ms ease;
+    min-height: 52px;
+}
+.cfg-menu-accordion :deep(.p-accordionheader:hover) {
+    background: color-mix(in srgb, var(--primary-color) 8%, var(--surface-card)) !important;
+    color: var(--text-color) !important;
+}
+.cfg-menu-accordion :deep(.p-accordionheader:focus-visible) {
+    box-shadow: inset 0 0 0 2px color-mix(in srgb, var(--primary-color) 30%, transparent);
+}
+.cfg-menu-accordion :deep(.p-accordionheader-toggle-icon) {
+    color: var(--text-color-secondary);
+    opacity: 0.55;
+    font-size: 0.7rem;
+    margin-left: 0.25rem;
+    transition: color 150ms ease, opacity 150ms ease, transform 150ms ease;
+}
+.cfg-menu-accordion :deep(.p-accordionheader:hover) .p-accordionheader-toggle-icon {
+    color: var(--primary-color, #6366f1);
+    opacity: 0.8;
+}
+
+/* Ícone do grupo ganha anel primary no hover (igual aos subitens) */
+.cfg-group-icon {
+    transition: box-shadow 150ms ease, background-color 150ms ease;
+}
+.cfg-menu-accordion :deep(.p-accordionheader:hover) .cfg-group-icon {
+    box-shadow: 0 0 0 2px color-mix(in srgb, var(--primary-color) 25%, transparent);
+    background: color-mix(in srgb, var(--primary-color) 18%, transparent);
+}
+
+/* Badge circular do contador de itens (igual ao p-badge-circle do pasteds.txt) */
+.cfg-group-badge :deep(.p-badge),
+.cfg-group-badge.p-badge {
+    min-width: 1.25rem;
+    height: 1.25rem;
+    padding: 0 0.35rem;
+    font-size: 0.68rem;
+    font-weight: 700;
+    border-radius: 9999px;
+    line-height: 1.25rem;
+}
+.cfg-menu-accordion :deep(.p-accordioncontent) {
+    border: none;
+    background: transparent;
+}
+.cfg-menu-accordion :deep(.p-accordioncontent-content) {
+    padding: 0.15rem 0.2rem 0.35rem;
+    background: transparent;
+    border: none;
 }
 </style>
diff --git a/src/layout/configuracoes/AddonsExtratoPage.vue b/src/layout/configuracoes/AddonsExtratoPage.vue
new file mode 100644
index 0000000..b336f51
--- /dev/null
+++ b/src/layout/configuracoes/AddonsExtratoPage.vue
@@ -0,0 +1,345 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Tecnologia aplicada à escuta.
+| Estrutura para o cuidado.
+|
+| Arquivo: src/layout/configuracoes/AddonsExtratoPage.vue
+| Data: 2026
+| Local: São Carlos/SP — Brasil
+|--------------------------------------------------------------------------
+| © 2026 — Todos os direitos reservados
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, computed, onMounted, watch } from 'vue';
+import { useRouter } from 'vue-router';
+import { useToast } from 'primevue/usetoast';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+import { useAddonExtrato } from '@/composables/useAddonExtrato';
+import { downloadExtratoCSV, downloadExtratoPDF, formatters } from '@/utils/addonExtratoExport';
+import { downloadExcel } from '@/utils/excelExport';
+
+const router = useRouter();
+const toast = useToast();
+const tenantStore = useTenantStore();
+
+const { rows, balances, filters, dateRange, loading, summary, load, loadBalances } = useAddonExtrato();
+
+const tenantName = ref('');
+const exportingPdf = ref(false);
+
+// ── opções dos filtros ──────────────────────────────────────────────────
+
+const periodOptions = [
+    { label: 'Este mês', value: 'thisMonth' },
+    { label: 'Mês anterior', value: 'lastMonth' },
+    { label: 'Últimos 90 dias', value: 'last90' },
+    { label: 'Personalizado', value: 'custom' }
+];
+
+const addonTypeOptions = [
+    { label: 'SMS', value: 'sms' },
+    { label: 'E-mail', value: 'email' },
+    { label: 'Servidor', value: 'server' },
+    { label: 'Domínio', value: 'domain' }
+];
+
+const movementOptions = [
+    { label: 'Compra', value: 'purchase' },
+    { label: 'Consumo', value: 'consumption' },
+    { label: 'Ajuste', value: 'adjustment' },
+    { label: 'Reembolso', value: 'refund' },
+    { label: 'Bônus', value: 'bonus' },
+    { label: 'Expiração', value: 'expiration' }
+];
+
+// ── labels ──────────────────────────────────────────────────────────────
+
+const periodLabel = computed(() => {
+    const preset = periodOptions.find((p) => p.value === filters.value.periodPreset)?.label ?? '';
+    const { from, to } = dateRange.value;
+    const fmt = (d) => new Date(d).toLocaleDateString('pt-BR');
+    return `${preset} (${fmt(from)} → ${fmt(to)})`;
+});
+
+function movementSeverity(type) {
+    const map = { purchase: 'success', consumption: 'warning', adjustment: 'info', refund: 'secondary', bonus: 'success', expiration: 'danger' };
+    return map[type] || 'secondary';
+}
+
+function amountClass(r) {
+    if (r.type === 'consumption' || r.type === 'expiration') return 'text-red-500 font-semibold';
+    if (r.type === 'purchase' || r.type === 'bonus' || r.type === 'refund') return 'text-emerald-500 font-semibold';
+    return '';
+}
+
+// ── ações ───────────────────────────────────────────────────────────────
+
+async function reload() {
+    await Promise.all([load(), loadBalances()]);
+}
+
+function onFilterChange() {
+    // recarrega apenas quando muda filtro server-side (período/addon/movimento)
+    reload();
+}
+
+function slugify(s) {
+    if (!s) return 'clinica';
+    return String(s)
+        .toLowerCase()
+        .normalize('NFD')
+        .replace(/[\u0300-\u036f]/g, '')
+        .replace(/[^a-z0-9]+/g, '-')
+        .replace(/(^-|-$)/g, '')
+        .slice(0, 40) || 'clinica';
+}
+
+function filenameBase() {
+    const now = new Date();
+    const ym = `${now.getFullYear()}-${String(now.getMonth() + 1).padStart(2, '0')}`;
+    return `extrato-addons-${slugify(tenantName.value)}-${ym}`;
+}
+
+function onExportCSV() {
+    try {
+        downloadExtratoCSV(rows.value, summary.value, periodLabel.value, `${filenameBase()}.csv`);
+        toast.add({ severity: 'success', summary: 'CSV gerado', detail: `${summary.value.totalRows} registro(s) exportado(s).`, life: 3000 });
+    } catch (err) {
+        toast.add({ severity: 'error', summary: 'Falha ao gerar CSV', detail: err?.message || 'Erro inesperado', life: 5000 });
+    }
+}
+
+async function onExportPDF() {
+    if (exportingPdf.value) return;
+    exportingPdf.value = true;
+    try {
+        await downloadExtratoPDF(rows.value, summary.value, periodLabel.value, tenantName.value, `${filenameBase()}.pdf`);
+        toast.add({ severity: 'success', summary: 'PDF gerado', detail: `${summary.value.totalRows} registro(s) exportado(s).`, life: 3000 });
+    } catch (err) {
+        toast.add({ severity: 'error', summary: 'Falha ao gerar PDF', detail: err?.message || 'Erro inesperado', life: 5000 });
+    } finally {
+        exportingPdf.value = false;
+    }
+}
+
+async function onExportExcel() {
+    try {
+        await downloadExcel({
+            filename: `${filenameBase()}.xlsx`,
+            sheetName: 'Extrato de addons',
+            headers: [
+                { key: 'created_at', label: 'Data/Hora', type: 'date', width: 20 },
+                { key: 'addon_label', label: 'Recurso', type: 'text', width: 14 },
+                { key: 'movement_label', label: 'Tipo', type: 'text', width: 14 },
+                { key: 'amount', label: 'Quantidade', type: 'number', width: 14 },
+                { key: 'balance_after', label: 'Saldo após', type: 'number', width: 14 },
+                { key: 'description', label: 'Descrição', type: 'text', width: 40 },
+                { key: 'price_cents', label: 'Valor', type: 'money', width: 14 },
+                { key: 'payment_method', label: 'Método', type: 'text', width: 14 },
+                { key: 'payment_reference', label: 'Referência', type: 'text', width: 28 }
+            ],
+            rows: rows.value.map((r) => ({
+                ...r,
+                addon_label: formatters.addonLabel(r.addon_type),
+                movement_label: formatters.movementLabel(r.type)
+            })),
+            footerRows: [
+                ['Período', periodLabel.value],
+                ['Total de registros', summary.value.totalRows],
+                ['Total comprado (créditos)', summary.value.purchasedCredits],
+                ['Total comprado (R$)', summary.value.purchasedCents / 100],
+                ['Total consumido (créditos)', summary.value.consumedCredits]
+            ]
+        });
+        toast.add({ severity: 'success', summary: 'Excel gerado', detail: `${summary.value.totalRows} registro(s) exportado(s).`, life: 3000 });
+    } catch (err) {
+        toast.add({ severity: 'error', summary: 'Falha ao gerar Excel', detail: err?.message || 'Erro inesperado', life: 5000 });
+    }
+}
+
+async function loadTenantName() {
+    const tenantId = tenantStore.activeTenantId;
+    if (!tenantId) return;
+    const { data } = await supabase.from('tenants').select('name').eq('id', tenantId).maybeSingle();
+    tenantName.value = data?.name || '';
+}
+
+// ── init ────────────────────────────────────────────────────────────────
+
+onMounted(async () => {
+    await loadTenantName();
+    await reload();
+});
+
+// recarrega quando muda tenant ativo
+watch(
+    () => tenantStore.activeTenantId,
+    async () => {
+        await loadTenantName();
+        await reload();
+    }
+);
+</script>
+
+<template>
+    <div class="flex flex-col gap-5">
+        <!-- Header -->
+        <Card>
+            <template #title>
+                <div class="flex items-center gap-2">
+                    <Button icon="pi pi-arrow-left" text rounded severity="secondary" class="!w-8 !h-8" @click="router.push({ name: 'ConfiguracoesRecursosExtras' })" v-tooltip.bottom="'Voltar'" />
+                    <i class="pi pi-list text-xl" />
+                    Extrato de Recursos Extras
+                </div>
+            </template>
+            <template #subtitle> Histórico de compras, consumos e ajustes. Use para disputar cobranças ou planejar renovações. </template>
+        </Card>
+
+        <!-- Filtros -->
+        <Card>
+            <template #content>
+                <div class="grid grid-cols-1 md:grid-cols-12 gap-3">
+                    <div class="md:col-span-3">
+                        <label class="text-xs font-medium text-surface-500 mb-1 block">Período</label>
+                        <Select v-model="filters.periodPreset" :options="periodOptions" optionLabel="label" optionValue="value" class="w-full" @change="onFilterChange" />
+                    </div>
+
+                    <div v-if="filters.periodPreset === 'custom'" class="md:col-span-4">
+                        <label class="text-xs font-medium text-surface-500 mb-1 block">Intervalo personalizado</label>
+                        <DatePicker v-model="filters.customRange" selectionMode="range" dateFormat="dd/mm/yy" :manualInput="false" showIcon class="w-full" @update:model-value="onFilterChange" />
+                    </div>
+
+                    <div class="md:col-span-3">
+                        <label class="text-xs font-medium text-surface-500 mb-1 block">Tipo de recurso</label>
+                        <MultiSelect v-model="filters.addonTypes" :options="addonTypeOptions" optionLabel="label" optionValue="value" placeholder="Todos" class="w-full" display="chip" :maxSelectedLabels="2" @change="onFilterChange" />
+                    </div>
+
+                    <div class="md:col-span-3">
+                        <label class="text-xs font-medium text-surface-500 mb-1 block">Tipo de movimento</label>
+                        <MultiSelect v-model="filters.movementTypes" :options="movementOptions" optionLabel="label" optionValue="value" placeholder="Todos" class="w-full" display="chip" :maxSelectedLabels="2" @change="onFilterChange" />
+                    </div>
+
+                    <div class="md:col-span-6">
+                        <label class="text-xs font-medium text-surface-500 mb-1 block">Buscar por referência / descrição / método</label>
+                        <IconField>
+                            <InputIcon class="pi pi-search" />
+                            <InputText v-model="filters.search" placeholder="ex: ID de pagamento, descrição..." class="w-full" maxlength="120" />
+                        </IconField>
+                    </div>
+
+                    <div class="md:col-span-6 flex items-end gap-2">
+                        <Button label="Atualizar" icon="pi pi-refresh" severity="secondary" outlined @click="reload" :loading="loading" />
+                        <Button label="Exportar CSV" icon="pi pi-file" severity="secondary" @click="onExportCSV" :disabled="!rows.length" />
+                        <Button label="Exportar Excel" icon="pi pi-file-excel" severity="secondary" @click="onExportExcel" :disabled="!rows.length" />
+                        <Button label="Exportar PDF" icon="pi pi-file-pdf" severity="secondary" @click="onExportPDF" :disabled="!rows.length" :loading="exportingPdf" />
+                    </div>
+                </div>
+            </template>
+        </Card>
+
+        <!-- Resumo -->
+        <div class="grid grid-cols-2 md:grid-cols-4 gap-3">
+            <Card>
+                <template #content>
+                    <div class="flex flex-col">
+                        <span class="text-xs text-surface-500 uppercase tracking-wide">Registros no período</span>
+                        <span class="text-2xl font-bold mt-1">{{ summary.totalRows }}</span>
+                    </div>
+                </template>
+            </Card>
+            <Card>
+                <template #content>
+                    <div class="flex flex-col">
+                        <span class="text-xs text-surface-500 uppercase tracking-wide">Comprado (créditos)</span>
+                        <span class="text-2xl font-bold mt-1 text-emerald-500">+{{ summary.purchasedCredits }}</span>
+                    </div>
+                </template>
+            </Card>
+            <Card>
+                <template #content>
+                    <div class="flex flex-col">
+                        <span class="text-xs text-surface-500 uppercase tracking-wide">Comprado (R$)</span>
+                        <span class="text-2xl font-bold mt-1">{{ formatters.fmtBRL(summary.purchasedCents) || 'R$ 0,00' }}</span>
+                    </div>
+                </template>
+            </Card>
+            <Card>
+                <template #content>
+                    <div class="flex flex-col">
+                        <span class="text-xs text-surface-500 uppercase tracking-wide">Consumido (créditos)</span>
+                        <span class="text-2xl font-bold mt-1 text-red-500">-{{ summary.consumedCredits }}</span>
+                    </div>
+                </template>
+            </Card>
+        </div>
+
+        <!-- Tabela -->
+        <Card>
+            <template #content>
+                <DataTable
+                    :value="rows"
+                    :loading="loading"
+                    size="small"
+                    stripedRows
+                    paginator
+                    :rows="20"
+                    :rowsPerPageOptions="[10, 20, 50, 100]"
+                    sortField="created_at"
+                    :sortOrder="-1"
+                    emptyMessage="Nenhuma transação encontrada no período. Ajuste os filtros ou selecione um intervalo mais amplo."
+                >
+                    <Column field="created_at" header="Data" style="min-width: 150px" sortable>
+                        <template #body="{ data }">{{ formatters.fmtDate(data.created_at) }}</template>
+                    </Column>
+
+                    <Column field="addon_type" header="Recurso" style="width: 110px" sortable>
+                        <template #body="{ data }">
+                            <Tag :value="formatters.addonLabel(data.addon_type)" severity="info" />
+                        </template>
+                    </Column>
+
+                    <Column field="type" header="Tipo" style="width: 130px" sortable>
+                        <template #body="{ data }">
+                            <Tag :value="formatters.movementLabel(data.type)" :severity="movementSeverity(data.type)" />
+                        </template>
+                    </Column>
+
+                    <Column field="amount" header="Qtd." style="width: 90px" sortable>
+                        <template #body="{ data }">
+                            <span :class="amountClass(data)">{{ formatters.fmtAmount(data) }}</span>
+                        </template>
+                    </Column>
+
+                    <Column field="balance_after" header="Saldo após" style="width: 100px">
+                        <template #body="{ data }">{{ data.balance_after }}</template>
+                    </Column>
+
+                    <Column field="description" header="Descrição">
+                        <template #body="{ data }">
+                            <span class="text-sm">{{ data.description || '—' }}</span>
+                        </template>
+                    </Column>
+
+                    <Column field="price_cents" header="Valor" style="width: 110px">
+                        <template #body="{ data }">
+                            <span v-if="data.price_cents">{{ formatters.fmtBRL(data.price_cents) }}</span>
+                            <span v-else class="text-surface-400">—</span>
+                        </template>
+                    </Column>
+
+                    <Column field="payment_reference" header="Referência" style="max-width: 180px">
+                        <template #body="{ data }">
+                            <span class="text-xs text-surface-500 font-mono">{{ data.payment_reference || '—' }}</span>
+                        </template>
+                    </Column>
+                </DataTable>
+            </template>
+        </Card>
+    </div>
+</template>
diff --git a/src/layout/configuracoes/AuditoriaPage.vue b/src/layout/configuracoes/AuditoriaPage.vue
new file mode 100644
index 0000000..cd83a16
--- /dev/null
+++ b/src/layout/configuracoes/AuditoriaPage.vue
@@ -0,0 +1,434 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Tecnologia aplicada à escuta.
+| Estrutura para o cuidado.
+|
+| Arquivo: src/layout/configuracoes/AuditoriaPage.vue
+| Data: 2026
+| Local: São Carlos/SP — Brasil
+|--------------------------------------------------------------------------
+| © 2026 — Todos os direitos reservados
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, computed, onMounted, watch } from 'vue';
+import { useToast } from 'primevue/usetoast';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+import { useAuditoria } from '@/composables/useAuditoria';
+import { downloadAuditCSV, downloadAuditPDF, auditFormatters, sourceLabel, entityLabel } from '@/utils/auditoriaExport';
+import { downloadExcel } from '@/utils/excelExport';
+
+const toast = useToast();
+const tenantStore = useTenantStore();
+
+const { rows, filters, dateRange, loading, summary, userDisplay, load } = useAuditoria();
+
+const tenantName = ref('');
+const exportingPdf = ref(false);
+
+// detalhes do evento clicado
+const detailDialog = ref(false);
+const selectedEvent = ref(null);
+
+// ── opções dos filtros ──────────────────────────────────────────────────
+
+const periodOptions = [
+    { label: 'Hoje', value: 'today' },
+    { label: 'Últimos 7 dias', value: 'last7' },
+    { label: 'Últimos 30 dias', value: 'last30' },
+    { label: 'Últimos 90 dias', value: 'last90' },
+    { label: 'Personalizado', value: 'custom' }
+];
+
+const sourceOptions = [
+    { label: 'Auditoria (CRUD)', value: 'audit_logs' },
+    { label: 'Acesso a documentos', value: 'document_access_logs' },
+    { label: 'Status de paciente', value: 'patient_status_history' },
+    { label: 'Notificações', value: 'notification_logs' },
+    { label: 'Recursos extras', value: 'addon_transactions' }
+];
+
+const entityOptions = [
+    { label: 'Paciente', value: 'patients' },
+    { label: 'Evento de agenda', value: 'agenda_eventos' },
+    { label: 'Registro financeiro', value: 'financial_records' },
+    { label: 'Documento', value: 'documents' },
+    { label: 'Membro do tenant', value: 'tenant_members' },
+    { label: 'Documento (acesso)', value: 'document' },
+    { label: 'Notificação', value: 'notification' },
+    { label: 'Status de paciente', value: 'patient_status' },
+    { label: 'Transação de recurso', value: 'addon_transaction' }
+];
+
+const actionOptions = [
+    { label: 'Criou', value: 'insert' },
+    { label: 'Alterou', value: 'update' },
+    { label: 'Excluiu', value: 'delete' },
+    { label: 'Visualizou', value: 'visualizou' },
+    { label: 'Baixou', value: 'baixou' },
+    { label: 'Imprimiu', value: 'imprimiu' },
+    { label: 'Compartilhou', value: 'compartilhou' },
+    { label: 'Assinou', value: 'assinou' },
+    { label: 'Status alterado', value: 'status_change' },
+    { label: 'Compra', value: 'purchase' },
+    { label: 'Consumo', value: 'consumption' }
+];
+
+// ── labels ─────────────────────────────────────────────────────────────
+
+const periodLabel = computed(() => {
+    const preset = periodOptions.find((p) => p.value === filters.value.periodPreset)?.label ?? '';
+    const { from, to } = dateRange.value;
+    const fmt = (d) => new Date(d).toLocaleDateString('pt-BR');
+    return `${preset} (${fmt(from)} → ${fmt(to)})`;
+});
+
+function sourceSeverity(src) {
+    const map = {
+        audit_logs: 'info',
+        document_access_logs: 'secondary',
+        patient_status_history: 'warning',
+        notification_logs: 'success',
+        addon_transactions: 'help'
+    };
+    return map[src] || 'secondary';
+}
+
+function actionSeverity(action) {
+    if (['delete', 'failed', 'bounced'].includes(action)) return 'danger';
+    if (['insert', 'sent', 'delivered', 'purchase'].includes(action)) return 'success';
+    if (['update', 'status_change'].includes(action)) return 'warning';
+    return 'info';
+}
+
+// ── ações ──────────────────────────────────────────────────────────────
+
+async function reload() {
+    await load();
+}
+
+function openDetails(ev) {
+    selectedEvent.value = ev;
+    detailDialog.value = true;
+}
+
+function prettyJson(obj) {
+    if (!obj) return '';
+    try {
+        return JSON.stringify(obj, null, 2);
+    } catch {
+        return String(obj);
+    }
+}
+
+function slugify(s) {
+    if (!s) return 'clinica';
+    return (
+        String(s)
+            .toLowerCase()
+            .normalize('NFD')
+            .replace(/[\u0300-\u036f]/g, '')
+            .replace(/[^a-z0-9]+/g, '-')
+            .replace(/(^-|-$)/g, '')
+            .slice(0, 40) || 'clinica'
+    );
+}
+
+function filenameBase() {
+    const now = new Date();
+    const ym = `${now.getFullYear()}-${String(now.getMonth() + 1).padStart(2, '0')}`;
+    return `auditoria-${slugify(tenantName.value)}-${ym}`;
+}
+
+function onExportCSV() {
+    try {
+        downloadAuditCSV(rows.value, summary.value, periodLabel.value, userDisplay, `${filenameBase()}.csv`);
+        toast.add({ severity: 'success', summary: 'CSV gerado', detail: `${summary.value.totalRows} evento(s) exportado(s).`, life: 3000 });
+    } catch (err) {
+        toast.add({ severity: 'error', summary: 'Falha ao gerar CSV', detail: err?.message || 'Erro inesperado', life: 5000 });
+    }
+}
+
+async function onExportPDF() {
+    if (exportingPdf.value) return;
+    exportingPdf.value = true;
+    try {
+        await downloadAuditPDF(rows.value, summary.value, periodLabel.value, tenantName.value, userDisplay, `${filenameBase()}.pdf`);
+        toast.add({ severity: 'success', summary: 'PDF gerado', detail: `${summary.value.totalRows} evento(s) exportado(s).`, life: 3000 });
+    } catch (err) {
+        toast.add({ severity: 'error', summary: 'Falha ao gerar PDF', detail: err?.message || 'Erro inesperado', life: 5000 });
+    } finally {
+        exportingPdf.value = false;
+    }
+}
+
+async function onExportExcel() {
+    try {
+        await downloadExcel({
+            filename: `${filenameBase()}.xlsx`,
+            sheetName: 'Auditoria',
+            headers: [
+                { key: 'occurred_at', label: 'Data/Hora', type: 'date', width: 20 },
+                { key: 'source_label', label: 'Origem', type: 'text', width: 18 },
+                { key: 'entity_label', label: 'Entidade', type: 'text', width: 18 },
+                { key: 'entity_id', label: 'ID entidade', type: 'text', width: 38 },
+                { key: 'action', label: 'Ação', type: 'text', width: 14 },
+                { key: 'description', label: 'Descrição', type: 'text', width: 60 },
+                { key: 'user_display', label: 'Usuário', type: 'text', width: 24 }
+            ],
+            rows: rows.value.map((r) => ({
+                ...r,
+                source_label: sourceLabel(r.source),
+                entity_label: entityLabel(r.entity_type),
+                user_display: userDisplay(r.user_id)
+            })),
+            footerRows: [
+                ['Período', periodLabel.value],
+                ['Total de registros', summary.value.totalRows],
+                ['Usuários distintos', summary.value.distinctUsers]
+            ]
+        });
+        toast.add({ severity: 'success', summary: 'Excel gerado', detail: `${summary.value.totalRows} evento(s) exportado(s).`, life: 3000 });
+    } catch (err) {
+        toast.add({ severity: 'error', summary: 'Falha ao gerar Excel', detail: err?.message || 'Erro inesperado', life: 5000 });
+    }
+}
+
+async function loadTenantName() {
+    const tenantId = tenantStore.activeTenantId;
+    if (!tenantId) return;
+    const { data } = await supabase.from('tenants').select('name').eq('id', tenantId).maybeSingle();
+    tenantName.value = data?.name || '';
+}
+
+onMounted(async () => {
+    await loadTenantName();
+    await reload();
+});
+
+watch(
+    () => tenantStore.activeTenantId,
+    async () => {
+        await loadTenantName();
+        await reload();
+    }
+);
+</script>
+
+<template>
+    <div class="flex flex-col gap-5">
+        <!-- Header -->
+        <Card>
+            <template #title>
+                <div class="flex items-center gap-2">
+                    <i class="pi pi-shield text-xl" />
+                    Auditoria da Clínica
+                </div>
+            </template>
+            <template #subtitle>
+                Registro imutável de operações de tratamento. Exigido pela <strong>LGPD Art. 37</strong>. Use para responder solicitações do titular ou investigar inconsistências.
+            </template>
+        </Card>
+
+        <!-- Filtros -->
+        <Card>
+            <template #content>
+                <div class="grid grid-cols-1 md:grid-cols-12 gap-3">
+                    <div class="md:col-span-3">
+                        <label class="text-xs font-medium text-surface-500 mb-1 block">Período</label>
+                        <Select v-model="filters.periodPreset" :options="periodOptions" optionLabel="label" optionValue="value" class="w-full" @change="reload" />
+                    </div>
+
+                    <div v-if="filters.periodPreset === 'custom'" class="md:col-span-4">
+                        <label class="text-xs font-medium text-surface-500 mb-1 block">Intervalo personalizado</label>
+                        <DatePicker v-model="filters.customRange" selectionMode="range" dateFormat="dd/mm/yy" :manualInput="false" showIcon class="w-full" @update:model-value="reload" />
+                    </div>
+
+                    <div class="md:col-span-3">
+                        <label class="text-xs font-medium text-surface-500 mb-1 block">Origem</label>
+                        <MultiSelect v-model="filters.sources" :options="sourceOptions" optionLabel="label" optionValue="value" placeholder="Todas" class="w-full" display="chip" :maxSelectedLabels="2" @change="reload" />
+                    </div>
+
+                    <div class="md:col-span-3">
+                        <label class="text-xs font-medium text-surface-500 mb-1 block">Tipo de entidade</label>
+                        <MultiSelect v-model="filters.entityTypes" :options="entityOptions" optionLabel="label" optionValue="value" placeholder="Todas" class="w-full" display="chip" :maxSelectedLabels="2" @change="reload" />
+                    </div>
+
+                    <div class="md:col-span-3">
+                        <label class="text-xs font-medium text-surface-500 mb-1 block">Ação</label>
+                        <MultiSelect v-model="filters.actions" :options="actionOptions" optionLabel="label" optionValue="value" placeholder="Todas" class="w-full" display="chip" :maxSelectedLabels="2" @change="reload" />
+                    </div>
+
+                    <div class="md:col-span-6">
+                        <label class="text-xs font-medium text-surface-500 mb-1 block">Buscar (descrição, entidade, ação, usuário)</label>
+                        <IconField>
+                            <InputIcon class="pi pi-search" />
+                            <InputText v-model="filters.search" placeholder="ex: paciente, login, email..." class="w-full" maxlength="120" />
+                        </IconField>
+                    </div>
+
+                    <div class="md:col-span-6 flex items-end gap-2">
+                        <Button label="Atualizar" icon="pi pi-refresh" severity="secondary" outlined @click="reload" :loading="loading" />
+                        <Button label="Exportar CSV" icon="pi pi-file" severity="secondary" @click="onExportCSV" :disabled="!rows.length" />
+                        <Button label="Exportar Excel" icon="pi pi-file-excel" severity="secondary" @click="onExportExcel" :disabled="!rows.length" />
+                        <Button label="Exportar PDF" icon="pi pi-file-pdf" severity="secondary" @click="onExportPDF" :disabled="!rows.length" :loading="exportingPdf" />
+                    </div>
+                </div>
+            </template>
+        </Card>
+
+        <!-- Resumo -->
+        <div class="grid grid-cols-2 md:grid-cols-4 gap-3">
+            <Card>
+                <template #content>
+                    <div class="flex flex-col">
+                        <span class="text-xs text-surface-500 uppercase tracking-wide">Eventos no período</span>
+                        <span class="text-2xl font-bold mt-1">{{ summary.totalRows }}</span>
+                    </div>
+                </template>
+            </Card>
+            <Card>
+                <template #content>
+                    <div class="flex flex-col">
+                        <span class="text-xs text-surface-500 uppercase tracking-wide">Usuários distintos</span>
+                        <span class="text-2xl font-bold mt-1">{{ summary.distinctUsers }}</span>
+                    </div>
+                </template>
+            </Card>
+            <Card>
+                <template #content>
+                    <div class="flex flex-col">
+                        <span class="text-xs text-surface-500 uppercase tracking-wide">CRUD (criar/alterar/excluir)</span>
+                        <span class="text-2xl font-bold mt-1">
+                            {{ (summary.byAction.insert || 0) + (summary.byAction.update || 0) + (summary.byAction.delete || 0) }}
+                        </span>
+                    </div>
+                </template>
+            </Card>
+            <Card>
+                <template #content>
+                    <div class="flex flex-col">
+                        <span class="text-xs text-surface-500 uppercase tracking-wide">Acessos a documento</span>
+                        <span class="text-2xl font-bold mt-1">{{ summary.bySource.document_access_logs || 0 }}</span>
+                    </div>
+                </template>
+            </Card>
+        </div>
+
+        <!-- Tabela -->
+        <Card>
+            <template #content>
+                <DataTable
+                    :value="rows"
+                    :loading="loading"
+                    size="small"
+                    stripedRows
+                    paginator
+                    :rows="25"
+                    :rowsPerPageOptions="[10, 25, 50, 100, 200]"
+                    sortField="occurred_at"
+                    :sortOrder="-1"
+                    emptyMessage="Nenhum evento auditado no período. Ajuste os filtros."
+                    :pt="{
+                        bodyRow: ({ context }) => ({ class: 'cursor-pointer hover:bg-primary/5' })
+                    }"
+                    @row-click="(ev) => openDetails(ev.data)"
+                >
+                    <Column field="occurred_at" header="Data/Hora" style="min-width: 160px" sortable>
+                        <template #body="{ data }">{{ auditFormatters.fmtDate(data.occurred_at) }}</template>
+                    </Column>
+
+                    <Column field="source" header="Origem" style="width: 140px" sortable>
+                        <template #body="{ data }">
+                            <Tag :value="auditFormatters.sourceLabel(data.source)" :severity="sourceSeverity(data.source)" />
+                        </template>
+                    </Column>
+
+                    <Column field="entity_type" header="Entidade" style="width: 130px" sortable>
+                        <template #body="{ data }">{{ auditFormatters.entityLabel(data.entity_type) }}</template>
+                    </Column>
+
+                    <Column field="action" header="Ação" style="width: 120px" sortable>
+                        <template #body="{ data }">
+                            <Tag :value="data.action" :severity="actionSeverity(data.action)" />
+                        </template>
+                    </Column>
+
+                    <Column field="description" header="Descrição">
+                        <template #body="{ data }">
+                            <span class="text-sm">{{ data.description || '—' }}</span>
+                        </template>
+                    </Column>
+
+                    <Column field="user_id" header="Usuário" style="width: 180px">
+                        <template #body="{ data }">
+                            <span class="text-xs">{{ userDisplay(data.user_id) }}</span>
+                        </template>
+                    </Column>
+                </DataTable>
+            </template>
+        </Card>
+
+        <!-- Dialog de detalhes -->
+        <Dialog
+            v-model:visible="detailDialog"
+            modal
+            :draggable="false"
+            :closable="true"
+            :dismissableMask="true"
+            maximizable
+            class="dc-dialog w-[60rem]"
+            :breakpoints="{ '1199px': '92vw', '768px': '96vw' }"
+            header="Detalhes do evento"
+        >
+            <div v-if="selectedEvent" class="flex flex-col gap-3">
+                <div class="grid grid-cols-1 md:grid-cols-2 gap-2 text-sm">
+                    <div><strong>Data/Hora:</strong> {{ auditFormatters.fmtDate(selectedEvent.occurred_at) }}</div>
+                    <div><strong>Origem:</strong> {{ auditFormatters.sourceLabel(selectedEvent.source) }}</div>
+                    <div><strong>Entidade:</strong> {{ auditFormatters.entityLabel(selectedEvent.entity_type) }}</div>
+                    <div><strong>Ação:</strong> {{ selectedEvent.action }}</div>
+                    <div><strong>ID da entidade:</strong> <span class="font-mono text-xs">{{ selectedEvent.entity_id || '—' }}</span></div>
+                    <div><strong>Usuário:</strong> {{ userDisplay(selectedEvent.user_id) }}</div>
+                </div>
+
+                <Divider />
+
+                <div>
+                    <strong class="text-sm">Descrição:</strong>
+                    <p class="text-sm mt-1">{{ selectedEvent.description }}</p>
+                </div>
+
+                <div v-if="selectedEvent.details && selectedEvent.details.changed_fields?.length">
+                    <strong class="text-sm">Campos alterados:</strong>
+                    <div class="flex flex-wrap gap-1 mt-1">
+                        <Tag v-for="f in selectedEvent.details.changed_fields" :key="f" :value="f" severity="warning" />
+                    </div>
+                </div>
+
+                <div v-if="selectedEvent.details?.old_values">
+                    <strong class="text-sm">Estado anterior:</strong>
+                    <pre class="text-xs bg-surface-50 p-2 rounded border border-surface-200 overflow-auto max-h-64 mt-1">{{ prettyJson(selectedEvent.details.old_values) }}</pre>
+                </div>
+
+                <div v-if="selectedEvent.details?.new_values">
+                    <strong class="text-sm">Estado novo:</strong>
+                    <pre class="text-xs bg-surface-50 p-2 rounded border border-surface-200 overflow-auto max-h-64 mt-1">{{ prettyJson(selectedEvent.details.new_values) }}</pre>
+                </div>
+
+                <div v-if="selectedEvent.details && !selectedEvent.details.old_values && !selectedEvent.details.new_values">
+                    <strong class="text-sm">Metadados:</strong>
+                    <pre class="text-xs bg-surface-50 p-2 rounded border border-surface-200 overflow-auto max-h-64 mt-1">{{ prettyJson(selectedEvent.details) }}</pre>
+                </div>
+            </div>
+
+            <template #footer>
+                <Button label="Fechar" icon="pi pi-times" text @click="detailDialog = false" />
+            </template>
+        </Dialog>
+    </div>
+</template>
diff --git a/src/layout/configuracoes/ConfiguracoesAgendadorPage.vue b/src/layout/configuracoes/ConfiguracoesAgendadorPage.vue
index ee977a6..b07c3dc 100644
--- a/src/layout/configuracoes/ConfiguracoesAgendadorPage.vue
+++ b/src/layout/configuracoes/ConfiguracoesAgendadorPage.vue
@@ -574,11 +574,11 @@ onMounted(load);
                                         <span class="text-sm font-medium" :class="cfg.ativo ? 'text-green-600' : 'text-surface-400'">
                                             {{ cfg.ativo ? 'Ativo' : 'Inativo' }}
                                         </span>
-                                        <InputSwitch :modelValue="cfg.ativo" @update:modelValue="toggleAtivo" />
+                                        <ToggleSwitch :modelValue="cfg.ativo" @update:modelValue="toggleAtivo" />
                                     </template>
                                     <template v-else>
                                         <Tag value="Plano não inclui" severity="warn" class="text-xs" />
-                                        <InputSwitch :modelValue="false" disabled v-tooltip.left="'Seu plano não inclui o Agendador Online'" />
+                                        <ToggleSwitch :modelValue="false" disabled v-tooltip.left="'Seu plano não inclui o Agendador Online'" />
                                     </template>
                                 </div>
                             </div>
@@ -752,7 +752,7 @@ onMounted(load);
                                         <div class="font-semibold">Botão "Como chegar"</div>
                                         <div class="text-surface-400 mt-0.5">Exibe um botão que abre o mapa para o paciente.</div>
                                     </div>
-                                    <InputSwitch v-model="cfg.botao_como_chegar_ativo" />
+                                    <ToggleSwitch v-model="cfg.botao_como_chegar_ativo" />
                                 </div>
                                 <div v-if="cfg.botao_como_chegar_ativo" class="flex flex-col gap-1">
                                     <label class="cfg-label">URL do Google Maps <span class="font-normal opacity-60">(opcional)</span></label>
@@ -986,14 +986,14 @@ onMounted(load);
                                         <div class="font-semibold">Motivo da consulta</div>
                                         <div class="text-surface-400 mt-0.5">Campo de texto livre opcional para o paciente informar o motivo.</div>
                                     </div>
-                                    <InputSwitch v-model="cfg.triagem_motivo" />
+                                    <ToggleSwitch v-model="cfg.triagem_motivo" />
                                 </div>
                                 <div class="flex items-center justify-between p-3 bg-surface-50 dark:bg-surface-800 rounded-[6px]">
                                     <div>
                                         <div class="font-semibold">Como nos conheceu?</div>
                                         <div class="text-surface-400 mt-0.5">Pergunta de origem (indicação, redes sociais, busca…).</div>
                                     </div>
-                                    <InputSwitch v-model="cfg.triagem_como_conheceu" />
+                                    <ToggleSwitch v-model="cfg.triagem_como_conheceu" />
                                 </div>
                             </div>
 
@@ -1007,14 +1007,14 @@ onMounted(load);
                                         <div class="font-semibold">Verificação de e-mail</div>
                                         <div class="text-surface-400 mt-0.5">Paciente confirma o e-mail antes de concluir o agendamento.</div>
                                     </div>
-                                    <InputSwitch v-model="cfg.verificacao_email" />
+                                    <ToggleSwitch v-model="cfg.verificacao_email" />
                                 </div>
                                 <div class="flex items-center justify-between p-3 bg-surface-50 dark:bg-surface-800 rounded-[6px]">
                                     <div>
                                         <div class="font-semibold">Aceite obrigatório de termos (LGPD)</div>
                                         <div class="text-surface-400 mt-0.5">Exige que o paciente marque o aceite da política de privacidade antes de finalizar.</div>
                                     </div>
-                                    <InputSwitch v-model="cfg.exigir_aceite_lgpd" />
+                                    <ToggleSwitch v-model="cfg.exigir_aceite_lgpd" />
                                 </div>
                             </div>
 
diff --git a/src/layout/configuracoes/ConfiguracoesConversasAutoreplyPage.vue b/src/layout/configuracoes/ConfiguracoesConversasAutoreplyPage.vue
new file mode 100644
index 0000000..61998a8
--- /dev/null
+++ b/src/layout/configuracoes/ConfiguracoesConversasAutoreplyPage.vue
@@ -0,0 +1,400 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI — Auto-reply fora do horário (CRM Grupo 2.3)
+|--------------------------------------------------------------------------
+| Configurações de resposta automática quando paciente manda mensagem fora
+| do horário de atendimento.
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, computed, onMounted, watch } from 'vue';
+import { useToast } from 'primevue/usetoast';
+import { useTenantStore } from '@/stores/tenantStore';
+import { useAutoReplySettings } from '@/composables/useAutoReplySettings';
+
+const toast = useToast();
+const tenantStore = useTenantStore();
+const api = useAutoReplySettings();
+
+const DIAS = [
+    { dow: 0, label: 'Dom' },
+    { dow: 1, label: 'Seg' },
+    { dow: 2, label: 'Ter' },
+    { dow: 3, label: 'Qua' },
+    { dow: 4, label: 'Qui' },
+    { dow: 5, label: 'Sex' },
+    { dow: 6, label: 'Sáb' }
+];
+
+const agendaWindows = ref([]);
+
+// ── Preview do status atual ─────────────────────────────────
+const now = ref(new Date());
+let _tick = null;
+
+const currentWindows = computed(() => {
+    if (api.settings.value.schedule_mode === 'agenda') return agendaWindows.value;
+    if (api.settings.value.schedule_mode === 'business_hours') return api.settings.value.business_hours || [];
+    if (api.settings.value.schedule_mode === 'custom') return api.settings.value.custom_window || [];
+    return [];
+});
+
+function hhmmToMin(s) {
+    const m = String(s || '').match(/^(\d{1,2}):(\d{2})/);
+    return m ? parseInt(m[1], 10) * 60 + parseInt(m[2], 10) : -1;
+}
+
+const isWithinHoursNow = computed(() => {
+    const d = now.value;
+    // Hora de São Paulo
+    const fmt = new Intl.DateTimeFormat('en-US', {
+        timeZone: 'America/Sao_Paulo',
+        weekday: 'short',
+        hour: '2-digit',
+        minute: '2-digit',
+        hour12: false
+    });
+    const parts = fmt.formatToParts(d);
+    const weekday = parts.find((p) => p.type === 'weekday')?.value || 'Sun';
+    const h = parseInt(parts.find((p) => p.type === 'hour')?.value || '0', 10);
+    const mm = parseInt(parts.find((p) => p.type === 'minute')?.value || '0', 10);
+    const dowMap = { Sun: 0, Mon: 1, Tue: 2, Wed: 3, Thu: 4, Fri: 5, Sat: 6 };
+    const dow = dowMap[weekday] ?? 0;
+    const mins = h * 60 + mm;
+    for (const w of currentWindows.value) {
+        if (w.dow !== dow) continue;
+        const s = hhmmToMin(w.start);
+        const e = hhmmToMin(w.end);
+        if (s < 0 || e < 0) continue;
+        if (mins >= s && mins < e) return true;
+    }
+    return false;
+});
+
+const nowLabel = computed(() => {
+    return new Intl.DateTimeFormat('pt-BR', {
+        timeZone: 'America/Sao_Paulo',
+        weekday: 'long',
+        hour: '2-digit',
+        minute: '2-digit'
+    }).format(now.value);
+});
+
+// ── Editor de janelas (business_hours / custom_window) ──────
+function targetArrayKey() {
+    if (api.settings.value.schedule_mode === 'business_hours') return 'business_hours';
+    if (api.settings.value.schedule_mode === 'custom') return 'custom_window';
+    return null;
+}
+
+function addWindow(dow) {
+    const key = targetArrayKey();
+    if (!key) return;
+    const arr = [...(api.settings.value[key] || [])];
+    arr.push({ dow, start: '08:00', end: '18:00' });
+    arr.sort((a, b) => a.dow - b.dow || hhmmToMin(a.start) - hhmmToMin(b.start));
+    api.settings.value = { ...api.settings.value, [key]: arr };
+}
+
+function updateWindow(idx, patch) {
+    const key = targetArrayKey();
+    if (!key) return;
+    const arr = [...(api.settings.value[key] || [])];
+    arr[idx] = { ...arr[idx], ...patch };
+    api.settings.value = { ...api.settings.value, [key]: arr };
+}
+
+function removeWindow(idx) {
+    const key = targetArrayKey();
+    if (!key) return;
+    const arr = [...(api.settings.value[key] || [])];
+    arr.splice(idx, 1);
+    api.settings.value = { ...api.settings.value, [key]: arr };
+}
+
+function applyDefaultWindow() {
+    const key = targetArrayKey();
+    if (!key) return;
+    // Seg-Sex 09h-18h
+    const arr = [1, 2, 3, 4, 5].map((dow) => ({ dow, start: '09:00', end: '18:00' }));
+    api.settings.value = { ...api.settings.value, [key]: arr };
+}
+
+function clearWindows() {
+    const key = targetArrayKey();
+    if (!key) return;
+    api.settings.value = { ...api.settings.value, [key]: [] };
+}
+
+const editableWindows = computed(() => {
+    const key = targetArrayKey();
+    if (!key) return [];
+    return api.settings.value[key] || [];
+});
+
+// ── Ações ───────────────────────────────────────────────────
+async function onSave() {
+    const res = await api.save();
+    if (res.ok) {
+        toast.add({ severity: 'success', summary: 'Salvo', life: 2000 });
+    } else {
+        toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+    }
+}
+
+async function refreshAgenda() {
+    agendaWindows.value = await api.loadAgendaWindows();
+}
+
+// ── Lifecycle ───────────────────────────────────────────────
+onMounted(async () => {
+    await Promise.all([api.load(), refreshAgenda()]);
+    _tick = setInterval(() => { now.value = new Date(); }, 30000);
+});
+
+watch(() => tenantStore.activeTenantId, async () => {
+    await Promise.all([api.load(), refreshAgenda()]);
+});
+
+import { onBeforeUnmount } from 'vue';
+onBeforeUnmount(() => { if (_tick) clearInterval(_tick); });
+</script>
+
+<template>
+    <!-- Ações no header do parent -->
+    <Teleport to="#cfg-page-actions" defer>
+        <Button
+            label="Salvar"
+            icon="pi pi-check"
+            size="small"
+            class="rounded-full"
+            :loading="api.saving.value"
+            :disabled="api.loading.value"
+            @click="onSave"
+        />
+        <Button
+            icon="pi pi-refresh"
+            severity="secondary"
+            outlined
+            class="h-9 w-9 rounded-full"
+            :loading="api.loading.value"
+            v-tooltip.bottom="'Recarregar'"
+            @click="api.load()"
+        />
+    </Teleport>
+
+    <div class="flex flex-col gap-4">
+        <!-- Preview de status atual -->
+        <div
+            class="rounded-md border p-3 flex items-center gap-3"
+            :class="api.settings.value.enabled
+                ? (isWithinHoursNow
+                    ? 'border-green-500/30 bg-green-500/5'
+                    : 'border-amber-500/30 bg-amber-500/5')
+                : 'border-[var(--surface-border)] bg-[var(--surface-card)] opacity-80'"
+        >
+            <i
+                class="pi text-lg shrink-0"
+                :class="!api.settings.value.enabled
+                    ? 'pi-pause-circle text-[var(--text-color-secondary)]'
+                    : isWithinHoursNow
+                        ? 'pi-check-circle text-green-500'
+                        : 'pi-bolt text-amber-500'"
+            />
+            <div class="flex-1 min-w-0">
+                <div class="text-sm font-semibold text-[var(--text-color)]">
+                    <template v-if="!api.settings.value.enabled">Auto-reply desabilitado</template>
+                    <template v-else-if="isWithinHoursNow">Dentro do horário — auto-reply NÃO disparará</template>
+                    <template v-else>Fora do horário — auto-reply disparará para novas mensagens</template>
+                </div>
+                <div class="text-xs text-[var(--text-color-secondary)] mt-0.5 capitalize">
+                    {{ nowLabel }} · fuso São Paulo
+                </div>
+            </div>
+        </div>
+
+        <!-- Toggle + mensagem -->
+        <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-4 flex flex-col gap-3">
+            <div class="flex items-center gap-3 flex-wrap">
+                <label class="flex items-center gap-2 cursor-pointer">
+                    <ToggleSwitch v-model="api.settings.value.enabled" />
+                    <span class="text-sm font-semibold">
+                        {{ api.settings.value.enabled ? 'Auto-reply ativado' : 'Auto-reply desativado' }}
+                    </span>
+                </label>
+                <span class="text-xs text-[var(--text-color-secondary)]">
+                    Envia resposta automática quando mensagem chega fora do horário configurado.
+                </span>
+            </div>
+
+            <div>
+                <label class="block text-xs font-semibold text-[var(--text-color-secondary)] mb-1">Mensagem automática</label>
+                <Textarea
+                    v-model="api.settings.value.message"
+                    rows="3"
+                    autoResize
+                    :maxlength="2000"
+                    class="w-full"
+                    :disabled="!api.settings.value.enabled"
+                />
+                <div class="text-[0.7rem] text-[var(--text-color-secondary)] mt-1">
+                    {{ (api.settings.value.message || '').length }} / 2000
+                </div>
+            </div>
+
+            <div>
+                <label class="block text-xs font-semibold text-[var(--text-color-secondary)] mb-1">
+                    Cooldown por paciente: <span class="text-[var(--text-color)]">{{ api.settings.value.cooldown_minutes }} min</span>
+                </label>
+                <div class="flex flex-col sm:flex-row sm:items-center gap-2">
+                    <InputNumber
+                        v-model="api.settings.value.cooldown_minutes"
+                        :min="0"
+                        :max="43200"
+                        suffix=" min"
+                        inputClass="!w-28"
+                        class="shrink-0"
+                        :disabled="!api.settings.value.enabled"
+                    />
+                    <span class="text-xs text-[var(--text-color-secondary)] flex-1 min-w-0 leading-snug">
+                        Tempo mínimo entre auto-replies para a mesma conversa (evita spam). Sugestão: 180 min (3h).
+                    </span>
+                </div>
+            </div>
+        </div>
+
+        <!-- Modo de horário -->
+        <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-4 flex flex-col gap-3">
+            <div class="flex items-center gap-2">
+                <i class="pi pi-clock text-[var(--primary-color)]" />
+                <span class="text-sm font-bold uppercase tracking-wide">Quando disparar</span>
+            </div>
+
+            <SelectButton
+                v-model="api.settings.value.schedule_mode"
+                :options="[
+                    { label: 'Seguir minha agenda', value: 'agenda' },
+                    { label: 'Horário de funcionamento', value: 'business_hours' },
+                    { label: 'Personalizado', value: 'custom' }
+                ]"
+                optionLabel="label"
+                optionValue="value"
+                :allowEmpty="false"
+                :disabled="!api.settings.value.enabled"
+            />
+
+            <div class="text-xs text-[var(--text-color-secondary)]">
+                <template v-if="api.settings.value.schedule_mode === 'agenda'">
+                    Usa automaticamente os horários da <strong>Agenda</strong> (agenda_regras_semanais) de todos os profissionais ativos do tenant. Se alguém está trabalhando agora, é considerado "dentro do horário".
+                </template>
+                <template v-else-if="api.settings.value.schedule_mode === 'business_hours'">
+                    Define um horário geral da clínica, reutilizável por outras automações. Independe das agendas individuais.
+                </template>
+                <template v-else>
+                    Define um horário exclusivo para este auto-reply. Útil se você quer que responda antes/depois do expediente normal.
+                </template>
+            </div>
+
+            <!-- Preview das janelas do modo 'agenda' (read-only) -->
+            <div v-if="api.settings.value.schedule_mode === 'agenda'" class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-ground)] p-3">
+                <div v-if="!agendaWindows.length" class="text-xs text-[var(--text-color-secondary)] italic">
+                    Nenhuma regra semanal ativa encontrada na agenda. Configure em <a href="/configuracoes/agenda" class="text-[var(--primary-color)] underline">Configurações → Agenda</a>.
+                </div>
+                <div v-else class="grid grid-cols-7 gap-1">
+                    <div v-for="d in DIAS" :key="d.dow" class="flex flex-col items-center gap-1">
+                        <div class="text-[0.7rem] font-semibold text-[var(--text-color-secondary)] uppercase">{{ d.label }}</div>
+                        <div class="flex flex-col gap-0.5 w-full">
+                            <div
+                                v-for="(w, i) in agendaWindows.filter(x => x.dow === d.dow)"
+                                :key="i"
+                                class="text-[0.65rem] text-center font-mono rounded bg-[var(--primary-color)]/10 text-[var(--primary-color)] px-1 py-0.5"
+                            >
+                                {{ w.start }}–{{ w.end }}
+                            </div>
+                            <div v-if="!agendaWindows.some(x => x.dow === d.dow)" class="text-[0.65rem] text-center text-[var(--text-color-secondary)] opacity-40">—</div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+
+            <!-- Editor de janelas (business_hours / custom) -->
+            <div v-else class="flex flex-col gap-2">
+                <div class="flex items-center gap-2 flex-wrap">
+                    <Button
+                        label="Aplicar padrão Seg-Sex 09h-18h"
+                        icon="pi pi-calendar"
+                        size="small"
+                        severity="secondary"
+                        outlined
+                        class="rounded-full"
+                        :disabled="!api.settings.value.enabled"
+                        @click="applyDefaultWindow"
+                    />
+                    <Button
+                        label="Limpar"
+                        icon="pi pi-times"
+                        size="small"
+                        severity="danger"
+                        text
+                        :disabled="!api.settings.value.enabled || !editableWindows.length"
+                        @click="clearWindows"
+                    />
+                </div>
+
+                <div class="grid grid-cols-7 gap-1.5 border border-[var(--surface-border)] rounded-md bg-[var(--surface-ground)] p-2">
+                    <div v-for="d in DIAS" :key="d.dow" class="flex flex-col gap-1 min-h-[80px]">
+                        <div class="text-[0.7rem] font-bold text-[var(--text-color-secondary)] uppercase text-center">{{ d.label }}</div>
+                        <div class="flex flex-col gap-1">
+                            <div
+                                v-for="(w, idx) in editableWindows.map((x, i) => ({ ...x, _idx: i })).filter(x => x.dow === d.dow)"
+                                :key="w._idx"
+                                class="flex flex-col gap-0.5 bg-[var(--surface-card)] rounded p-1"
+                            >
+                                <input
+                                    type="time"
+                                    :value="w.start"
+                                    class="text-[0.68rem] px-1 py-0.5 rounded border border-[var(--surface-border)] bg-[var(--surface-card)] w-full"
+                                    :disabled="!api.settings.value.enabled"
+                                    @change="(e) => updateWindow(w._idx, { start: e.target.value })"
+                                />
+                                <input
+                                    type="time"
+                                    :value="w.end"
+                                    class="text-[0.68rem] px-1 py-0.5 rounded border border-[var(--surface-border)] bg-[var(--surface-card)] w-full"
+                                    :disabled="!api.settings.value.enabled"
+                                    @change="(e) => updateWindow(w._idx, { end: e.target.value })"
+                                />
+                                <button
+                                    class="text-[0.6rem] text-red-500 hover:text-red-700 bg-transparent border-0 cursor-pointer p-0 leading-tight"
+                                    :disabled="!api.settings.value.enabled"
+                                    @click="removeWindow(w._idx)"
+                                >
+                                    <i class="pi pi-times text-[0.55rem]" /> remover
+                                </button>
+                            </div>
+                            <button
+                                class="text-[0.65rem] text-[var(--text-color-secondary)] hover:text-[var(--primary-color)] bg-transparent border border-dashed border-[var(--surface-border)] rounded py-0.5 cursor-pointer"
+                                :disabled="!api.settings.value.enabled"
+                                @click="addWindow(d.dow)"
+                            >
+                                + adicionar
+                            </button>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+
+        <!-- Info sobre dependências -->
+        <div class="rounded-md border border-sky-500/25 bg-sky-500/5 p-3 flex items-start gap-2 text-xs text-[var(--text-color)]">
+            <i class="pi pi-info-circle text-sky-500 mt-0.5" />
+            <div>
+                <strong>Pré-requisito:</strong> o WhatsApp do tenant precisa estar conectado em
+                <a href="/configuracoes/whatsapp" class="text-[var(--primary-color)] underline">Configurações → WhatsApp</a>.
+                O auto-reply é enviado via o mesmo canal.
+                <br/>
+                Todas as datas/horas são tratadas no fuso <strong>America/Sao_Paulo</strong>.
+            </div>
+        </div>
+    </div>
+</template>
diff --git a/src/layout/configuracoes/ConfiguracoesConversasOptoutsPage.vue b/src/layout/configuracoes/ConfiguracoesConversasOptoutsPage.vue
new file mode 100644
index 0000000..f8b8a30
--- /dev/null
+++ b/src/layout/configuracoes/ConfiguracoesConversasOptoutsPage.vue
@@ -0,0 +1,374 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI — Opt-outs do CRM WhatsApp (LGPD Art. 18 Sec.2)
+|--------------------------------------------------------------------------
+| Lista de números que pediram pra não receber mensagens automáticas.
+| Configuração das palavras-chave de opt-out.
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, computed, onMounted, watch, reactive } from 'vue';
+import { useToast } from 'primevue/usetoast';
+import { useConfirm } from 'primevue/useconfirm';
+import { useTenantStore } from '@/stores/tenantStore';
+import { useConversationOptouts } from '@/composables/useConversationOptouts';
+
+const toast = useToast();
+const confirm = useConfirm();
+const tenantStore = useTenantStore();
+const api = useConversationOptouts();
+
+const activeTab = ref(0);
+
+// Dialog de adicionar manual
+const dlg = reactive({ open: false, phone: '', notes: '' });
+
+function openAddManual() {
+    dlg.open = true;
+    dlg.phone = '';
+    dlg.notes = '';
+}
+
+async function saveManual() {
+    const res = await api.addManual({ phone: dlg.phone, notes: dlg.notes.trim() || null });
+    if (res.ok) {
+        toast.add({ severity: 'success', summary: 'Opt-out adicionado', life: 2200 });
+        dlg.open = false;
+    } else if (res.error === 'already_opted_out') {
+        toast.add({ severity: 'warn', summary: 'Já existe', detail: 'Este número já está opted-out ativo.', life: 3500 });
+    } else if (res.error === 'invalid_phone_format') {
+        toast.add({ severity: 'error', summary: 'Telefone inválido', detail: 'Use formato DDD + número (11 dígitos).', life: 3500 });
+    } else {
+        toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+    }
+}
+
+function confirmRestore(optout) {
+    const label = optout._patient_name || optout.phone;
+    confirm.require({
+        message: `Restaurar ${label}? A pessoa voltará a receber mensagens automáticas.`,
+        header: 'Restaurar opt-out',
+        icon: 'pi pi-undo',
+        acceptLabel: 'Restaurar',
+        rejectLabel: 'Cancelar',
+        accept: async () => {
+            const res = await api.restore(optout.id);
+            if (res.ok) {
+                toast.add({ severity: 'success', summary: 'Restaurado', life: 2000 });
+            } else {
+                toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+            }
+        }
+    });
+}
+
+// Keywords
+const newKeyword = ref('');
+async function addKw() {
+    const res = await api.addKeyword(newKeyword.value);
+    if (res.ok) {
+        newKeyword.value = '';
+        toast.add({ severity: 'success', summary: 'Keyword adicionada', life: 1800 });
+    } else {
+        toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+    }
+}
+
+async function onToggleKw(kw, enabled) {
+    const res = await api.toggleKeyword(kw.id, enabled);
+    if (!res.ok) toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+}
+
+function confirmDeleteKw(kw) {
+    confirm.require({
+        message: `Remover keyword "${kw.keyword}"?`,
+        header: 'Remover',
+        icon: 'pi pi-exclamation-triangle',
+        acceptClass: 'p-button-danger',
+        acceptLabel: 'Remover',
+        rejectLabel: 'Cancelar',
+        accept: async () => {
+            const res = await api.deleteKeyword(kw.id);
+            if (res.ok) toast.add({ severity: 'success', summary: 'Removida', life: 1800 });
+            else toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+        }
+    });
+}
+
+// Helpers
+function formatPhoneDisplay(phone) {
+    const s = String(phone || '').replace(/\D/g, '');
+    // 55 11 98765-4321
+    if (s.length === 13 && s.startsWith('55')) {
+        return `+55 (${s.slice(2, 4)}) ${s.slice(4, 9)}-${s.slice(9)}`;
+    }
+    if (s.length === 12 && s.startsWith('55')) {
+        return `+55 (${s.slice(2, 4)}) ${s.slice(4, 8)}-${s.slice(8)}`;
+    }
+    return `+${s}`;
+}
+
+function formatDate(iso) {
+    if (!iso) return '';
+    return new Date(iso).toLocaleString('pt-BR', {
+        day: '2-digit', month: '2-digit', year: 'numeric',
+        hour: '2-digit', minute: '2-digit'
+    });
+}
+
+const quickStats = computed(() => [
+    { label: 'Ativos', value: api.activeOptouts.value.length, cls: api.activeOptouts.value.length > 0 ? 'qs-warn' : '' },
+    { label: 'Por keyword', value: api.activeOptouts.value.filter((o) => o.source === 'keyword').length, cls: '' },
+    { label: 'Adicionados manual', value: api.activeOptouts.value.filter((o) => o.source === 'manual').length, cls: '' },
+    { label: 'Histórico (restaurados)', value: api.historyOptouts.value.length, cls: '' }
+]);
+
+onMounted(() => { api.load(); });
+watch(() => tenantStore.activeTenantId, () => { api.load(); });
+</script>
+
+<template>
+    <ConfirmDialog />
+
+    <Teleport to="#cfg-page-actions" defer>
+        <Button
+            v-if="activeTab === 0"
+            label="Adicionar manualmente"
+            icon="pi pi-plus"
+            size="small"
+            class="rounded-full"
+            @click="openAddManual"
+        />
+        <Button
+            icon="pi pi-refresh"
+            severity="secondary"
+            outlined
+            class="h-9 w-9 rounded-full"
+            :loading="api.loading.value"
+            v-tooltip.bottom="'Recarregar'"
+            @click="api.load()"
+        />
+    </Teleport>
+
+    <div class="flex flex-col gap-4">
+        <!-- Info LGPD -->
+        <div class="rounded-md border border-amber-500/25 bg-amber-500/5 p-3 flex items-start gap-2 text-xs text-[var(--text-color)]">
+            <i class="pi pi-shield text-amber-500 mt-0.5 text-base" />
+            <div>
+                <strong>LGPD — Direito de oposição (Art. 18, §2):</strong>
+                quando o paciente envia "PARAR" (ou similar), o sistema bloqueia automaticamente envios de auto-reply, lembretes e outras mensagens automáticas.
+                O terapeuta ainda pode escrever manualmente — a relação terapêutica existe.
+                Pra voltar a receber, o paciente envia "VOLTAR".
+            </div>
+        </div>
+
+        <!-- Quick stats -->
+        <div class="grid grid-cols-2 md:grid-cols-4 gap-2">
+            <div
+                v-for="s in quickStats"
+                :key="s.label"
+                class="flex flex-col gap-0.5 px-4 py-2.5 rounded-md border transition-colors"
+                :class="s.cls === 'qs-warn' ? 'border-amber-500/25 bg-amber-500/5' : 'border-[var(--surface-border)] bg-[var(--surface-card)]'"
+            >
+                <div class="text-[1.35rem] font-bold leading-none" :class="s.cls === 'qs-warn' ? 'text-amber-500' : 'text-[var(--text-color)]'">{{ s.value }}</div>
+                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">{{ s.label }}</div>
+            </div>
+        </div>
+
+        <!-- Tabs -->
+        <Tabs :value="activeTab" @update:value="activeTab = $event">
+            <TabList>
+                <Tab :value="0"><i class="pi pi-ban mr-2" />Opt-outs</Tab>
+                <Tab :value="1"><i class="pi pi-key mr-2" />Palavras-chave</Tab>
+            </TabList>
+
+            <TabPanels>
+                <!-- Tab 0: Lista de opt-outs -->
+                <TabPanel :value="0">
+                    <div v-if="api.loading.value" class="flex flex-col gap-2 pt-3">
+                        <Skeleton v-for="n in 5" :key="n" height="3.5rem" class="rounded-md" />
+                    </div>
+
+                    <div v-else-if="!api.optouts.value.length" class="flex flex-col items-center justify-center gap-2 py-12 text-center">
+                        <i class="pi pi-check-circle text-4xl text-green-500 opacity-40" />
+                        <div class="text-[1rem] font-semibold">Nenhum opt-out ainda</div>
+                        <div class="text-sm text-[var(--text-color-secondary)]">Quando um paciente enviar "PARAR" ou similar, aparece aqui.</div>
+                    </div>
+
+                    <div v-else class="flex flex-col gap-2 pt-3">
+                        <div
+                            v-for="o in api.optouts.value"
+                            :key="o.id"
+                            class="flex items-center gap-3 p-3 rounded-md border transition-all"
+                            :class="o.opted_back_in_at
+                                ? 'border-[var(--surface-border)] bg-[var(--surface-ground)] opacity-70'
+                                : 'border-amber-500/30 bg-amber-500/5'"
+                        >
+                            <i
+                                class="pi text-lg shrink-0"
+                                :class="o.opted_back_in_at ? 'pi-check-circle text-green-500' : 'pi-ban text-amber-500'"
+                            />
+
+                            <div class="flex-1 min-w-0">
+                                <div class="flex items-center gap-2 flex-wrap">
+                                    <span class="font-semibold text-[var(--text-color)] truncate">
+                                        {{ o._patient_name || formatPhoneDisplay(o.phone) }}
+                                    </span>
+                                    <span
+                                        class="inline-flex items-center px-1.5 py-px rounded text-[0.62rem] font-bold uppercase"
+                                        :class="o.source === 'keyword'
+                                            ? 'bg-indigo-500/10 text-indigo-500'
+                                            : 'bg-slate-500/10 text-slate-500'"
+                                    >
+                                        {{ o.source === 'keyword' ? `Keyword: ${o.keyword_matched}` : 'Manual' }}
+                                    </span>
+                                    <span v-if="o.opted_back_in_at" class="inline-flex items-center px-1.5 py-px rounded text-[0.62rem] font-bold uppercase bg-green-500/10 text-green-500">
+                                        Restaurado
+                                    </span>
+                                </div>
+                                <div class="text-xs text-[var(--text-color-secondary)] mt-0.5 flex items-center gap-2 flex-wrap">
+                                    <span v-if="o._patient_name">{{ formatPhoneDisplay(o.phone) }}</span>
+                                    <span>·</span>
+                                    <span>{{ formatDate(o.opted_out_at) }}</span>
+                                    <span v-if="o.opted_back_in_at">· restaurado em {{ formatDate(o.opted_back_in_at) }}</span>
+                                </div>
+                                <div v-if="o.original_message" class="text-xs text-[var(--text-color-secondary)] italic mt-1 truncate" :title="o.original_message">
+                                    "{{ o.original_message }}"
+                                </div>
+                                <div v-if="o.notes" class="text-xs text-[var(--text-color)] mt-1">{{ o.notes }}</div>
+                            </div>
+
+                            <div class="shrink-0">
+                                <Button
+                                    v-if="!o.opted_back_in_at"
+                                    label="Restaurar"
+                                    icon="pi pi-undo"
+                                    size="small"
+                                    severity="secondary"
+                                    outlined
+                                    class="rounded-full"
+                                    :loading="api.saving.value"
+                                    @click="confirmRestore(o)"
+                                />
+                            </div>
+                        </div>
+                    </div>
+                </TabPanel>
+
+                <!-- Tab 1: Keywords -->
+                <TabPanel :value="1">
+                    <div class="flex flex-col gap-3 pt-3">
+                        <!-- Add -->
+                        <div class="flex gap-2 items-center">
+                            <InputText
+                                v-model="newKeyword"
+                                placeholder="Adicionar palavra-chave (ex: não quero receber)"
+                                class="flex-1"
+                                :maxlength="100"
+                                @keyup.enter="addKw"
+                            />
+                            <Button
+                                label="Adicionar"
+                                icon="pi pi-plus"
+                                :loading="api.saving.value"
+                                :disabled="!newKeyword.trim()"
+                                @click="addKw"
+                            />
+                        </div>
+
+                        <!-- Lista -->
+                        <div v-if="api.loading.value" class="flex flex-col gap-2">
+                            <Skeleton v-for="n in 5" :key="n" height="3rem" class="rounded-md" />
+                        </div>
+
+                        <div v-else-if="!api.keywords.value.length" class="text-sm text-[var(--text-color-secondary)] italic text-center py-6">
+                            Nenhuma palavra-chave ainda.
+                        </div>
+
+                        <div v-else class="flex flex-col gap-1.5">
+                            <div
+                                v-for="kw in api.keywords.value"
+                                :key="kw.id"
+                                class="flex items-center gap-3 p-2.5 rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)]"
+                            >
+                                <i class="pi pi-key text-sm shrink-0" :class="kw.enabled ? 'text-[var(--primary-color)]' : 'text-[var(--text-color-secondary)] opacity-40'" />
+
+                                <span class="font-mono text-sm flex-1" :class="!kw.enabled ? 'opacity-50 line-through' : ''">{{ kw.keyword }}</span>
+
+                                <span
+                                    class="inline-flex items-center px-1.5 py-px rounded text-[0.6rem] font-bold uppercase shrink-0"
+                                    :class="kw.is_system ? 'bg-slate-500/10 text-slate-500' : 'bg-indigo-500/10 text-indigo-500'"
+                                >
+                                    {{ kw.is_system ? 'Sistema' : 'Custom' }}
+                                </span>
+
+                                <ToggleSwitch
+                                    :modelValue="kw.enabled"
+                                    @update:modelValue="(v) => onToggleKw(kw, v)"
+                                    :disabled="api.saving.value"
+                                />
+
+                                <Button
+                                    v-if="!kw.is_system"
+                                    icon="pi pi-trash"
+                                    severity="danger"
+                                    text
+                                    class="h-8 w-8"
+                                    v-tooltip.top="'Remover'"
+                                    :disabled="api.saving.value"
+                                    @click="confirmDeleteKw(kw)"
+                                />
+                            </div>
+                        </div>
+
+                        <div class="text-xs text-[var(--text-color-secondary)] italic">
+                            Palavras-chave do sistema não podem ser removidas, mas podem ser desabilitadas.
+                            Match é case-insensitive e ignora acentos. Exemplo: "PARAR", "parar", "PARÁR" todos funcionam.
+                        </div>
+                    </div>
+                </TabPanel>
+            </TabPanels>
+        </Tabs>
+    </div>
+
+    <!-- Dialog adicionar manual -->
+    <Dialog
+        v-model:visible="dlg.open"
+        header="Adicionar opt-out manualmente"
+        modal
+        :style="{ width: 'min(440px, 95vw)' }"
+        :closable="!api.saving.value"
+    >
+        <div class="flex flex-col gap-3">
+            <div>
+                <label class="block text-xs font-semibold text-[var(--text-color-secondary)] mb-1">Telefone (com DDD)</label>
+                <InputText
+                    v-model="dlg.phone"
+                    placeholder="11987654321"
+                    class="w-full"
+                    @keydown.enter="saveManual"
+                />
+                <div class="text-[0.7rem] text-[var(--text-color-secondary)] mt-1">
+                    Só dígitos. DDI 55 é adicionado automaticamente se faltar.
+                </div>
+            </div>
+
+            <div>
+                <label class="block text-xs font-semibold text-[var(--text-color-secondary)] mb-1">Motivo (opcional)</label>
+                <Textarea
+                    v-model="dlg.notes"
+                    rows="2"
+                    autoResize
+                    class="w-full"
+                    :maxlength="500"
+                    placeholder="Ex: paciente pediu por telefone pra parar de receber"
+                />
+            </div>
+        </div>
+
+        <template #footer>
+            <Button label="Cancelar" severity="secondary" text :disabled="api.saving.value" @click="dlg.open = false" />
+            <Button label="Adicionar" :loading="api.saving.value" :disabled="!dlg.phone.trim()" @click="saveManual" />
+        </template>
+    </Dialog>
+</template>
diff --git a/src/layout/configuracoes/ConfiguracoesConversasTagsPage.vue b/src/layout/configuracoes/ConfiguracoesConversasTagsPage.vue
new file mode 100644
index 0000000..3f8305c
--- /dev/null
+++ b/src/layout/configuracoes/ConfiguracoesConversasTagsPage.vue
@@ -0,0 +1,391 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI — Tags de Conversa (configurações)
+|--------------------------------------------------------------------------
+| CRUD de tags custom. Tags do sistema aparecem em modo leitura.
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, computed, onMounted, reactive, watch } from 'vue';
+import { useToast } from 'primevue/usetoast';
+import { useConfirm } from 'primevue/useconfirm';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+import { useConversationTags } from '@/composables/useConversationTags';
+
+const toast = useToast();
+const confirm = useConfirm();
+const tenantStore = useTenantStore();
+const tagsApi = useConversationTags();
+
+// ── Usage count (quantas threads usam cada tag) ──────────────
+const usageByTag = ref({}); // { [tagId]: count }
+
+async function loadUsage() {
+    const tenantId = tenantStore.activeTenantId;
+    if (!tenantId) {
+        usageByTag.value = {};
+        return;
+    }
+    try {
+        const { data, error } = await supabase
+            .from('conversation_thread_tags')
+            .select('tag_id')
+            .eq('tenant_id', tenantId);
+        if (error) throw error;
+        const counts = {};
+        for (const row of data || []) {
+            counts[row.tag_id] = (counts[row.tag_id] || 0) + 1;
+        }
+        usageByTag.value = counts;
+    } catch (e) {
+        console.error('[ConfiguracoesConversasTags] loadUsage:', e?.message);
+        usageByTag.value = {};
+    }
+}
+
+async function refresh() {
+    await Promise.all([tagsApi.loadAllTags(), loadUsage()]);
+}
+
+// ── Quick stats ─────────────────────────────────────────────
+const quickStats = computed(() => {
+    const all = tagsApi.allTags.value || [];
+    const system = all.filter((t) => t.is_system).length;
+    const custom = all.filter((t) => !t.is_system).length;
+    const emUso = Object.keys(usageByTag.value).length;
+    return [
+        { label: 'Total de tags', value: all.length, cls: '' },
+        { label: 'Sistema', value: system, cls: '' },
+        { label: 'Minhas tags', value: custom, cls: custom > 0 ? 'qs-ok' : '' },
+        { label: 'Em uso', value: emUso, cls: emUso > 0 ? 'qs-ok' : '' }
+    ];
+});
+
+// ── Dialog create/edit ──────────────────────────────────────
+const presetColors = [
+    '#ef4444', '#f97316', '#f59e0b', '#eab308',
+    '#84cc16', '#22c55e', '#14b8a6', '#06b6d4',
+    '#0ea5e9', '#6366f1', '#8b5cf6', '#a855f7',
+    '#ec4899', '#64748b', '#292524'
+];
+
+const presetIcons = [
+    { icon: 'pi pi-tag', label: 'Tag' },
+    { icon: 'pi pi-exclamation-triangle', label: 'Alerta' },
+    { icon: 'pi pi-exclamation-circle', label: 'Exclamação' },
+    { icon: 'pi pi-info-circle', label: 'Info' },
+    { icon: 'pi pi-check-circle', label: 'Check' },
+    { icon: 'pi pi-star', label: 'Estrela' },
+    { icon: 'pi pi-heart', label: 'Coração' },
+    { icon: 'pi pi-flag', label: 'Bandeira' },
+    { icon: 'pi pi-bookmark', label: 'Marcador' },
+    { icon: 'pi pi-user', label: 'Usuário' },
+    { icon: 'pi pi-user-plus', label: 'Novo usuário' },
+    { icon: 'pi pi-users', label: 'Grupo' },
+    { icon: 'pi pi-calendar', label: 'Calendário' },
+    { icon: 'pi pi-calendar-times', label: 'Calendário cancelado' },
+    { icon: 'pi pi-clock', label: 'Relógio' },
+    { icon: 'pi pi-phone', label: 'Telefone' },
+    { icon: 'pi pi-comment', label: 'Balão' },
+    { icon: 'pi pi-whatsapp', label: 'WhatsApp' },
+    { icon: 'pi pi-envelope', label: 'Envelope' },
+    { icon: 'pi pi-send', label: 'Enviar' },
+    { icon: 'pi pi-reply', label: 'Responder' },
+    { icon: 'pi pi-bolt', label: 'Raio' },
+    { icon: 'pi pi-dollar', label: 'Dinheiro' },
+    { icon: 'pi pi-shield', label: 'Escudo' }
+];
+
+const dlg = reactive({
+    open: false,
+    mode: 'create',
+    id: '',
+    name: '',
+    color: '#6366f1',
+    icon: 'pi pi-tag'
+});
+
+function openCreate() {
+    Object.assign(dlg, {
+        open: true,
+        mode: 'create',
+        id: '',
+        name: '',
+        color: '#6366f1',
+        icon: 'pi pi-tag'
+    });
+}
+
+function openEdit(tag) {
+    Object.assign(dlg, {
+        open: true,
+        mode: 'edit',
+        id: tag.id,
+        name: tag.name,
+        color: tag.color,
+        icon: tag.icon || 'pi pi-tag'
+    });
+}
+
+async function saveTag() {
+    const clean = (dlg.name || '').trim();
+    if (!clean) {
+        toast.add({ severity: 'warn', summary: 'Nome obrigatório', life: 2500 });
+        return;
+    }
+    let res;
+    if (dlg.mode === 'create') {
+        res = await tagsApi.createCustomTag({ name: clean, color: dlg.color, icon: dlg.icon });
+    } else {
+        res = await tagsApi.updateCustomTag(dlg.id, { name: clean, color: dlg.color, icon: dlg.icon });
+    }
+    if (res.ok) {
+        toast.add({ severity: 'success', summary: dlg.mode === 'create' ? 'Tag criada' : 'Tag atualizada', life: 2000 });
+        dlg.open = false;
+    } else {
+        toast.add({ severity: 'error', summary: 'Erro', detail: res.error || 'Falha ao salvar', life: 3500 });
+    }
+}
+
+function confirmDelete(tag) {
+    const usage = usageByTag.value[tag.id] || 0;
+    const msg = usage > 0
+        ? `A tag "${tag.name}" está aplicada em ${usage} conversa${usage > 1 ? 's' : ''}. Ao remover, ela sai de todas. Continuar?`
+        : `Remover a tag "${tag.name}"?`;
+    confirm.require({
+        message: msg,
+        header: 'Remover tag',
+        icon: 'pi pi-exclamation-triangle',
+        acceptLabel: 'Remover',
+        rejectLabel: 'Cancelar',
+        acceptClass: 'p-button-danger',
+        accept: async () => {
+            const res = await tagsApi.deleteCustomTag(tag.id);
+            if (res.ok) {
+                await loadUsage();
+                toast.add({ severity: 'success', summary: 'Tag removida', life: 2000 });
+            } else {
+                toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+            }
+        }
+    });
+}
+
+// ── Lifecycle ────────────────────────────────────────────────
+onMounted(() => { refresh(); });
+
+watch(() => tenantStore.activeTenantId, () => { refresh(); });
+</script>
+
+<template>
+    <ConfirmDialog />
+
+    <!-- Botões teleportados pro header do ConfiguracoesPage -->
+    <Teleport to="#cfg-page-actions" defer>
+        <Button
+            label="Nova tag"
+            icon="pi pi-plus"
+            size="small"
+            class="rounded-full"
+            @click="openCreate"
+        />
+        <Button
+            icon="pi pi-refresh"
+            severity="secondary"
+            outlined
+            class="h-9 w-9 rounded-full"
+            :loading="tagsApi.loading.value"
+            v-tooltip.bottom="'Recarregar'"
+            @click="refresh"
+        />
+    </Teleport>
+
+    <div class="flex flex-col gap-3">
+
+    <!-- Quick stats -->
+    <div class="grid grid-cols-2 md:grid-cols-4 gap-2">
+        <template v-if="tagsApi.loading.value">
+            <Skeleton v-for="n in 4" :key="n" height="3.5rem" class="rounded-md" />
+        </template>
+        <template v-else>
+            <div
+                v-for="s in quickStats"
+                :key="s.label"
+                class="flex flex-col gap-0.5 px-4 py-2.5 rounded-md border transition-colors"
+                :class="[
+                    s.cls === 'qs-ok'
+                        ? 'border-green-500/25 bg-green-500/5'
+                        : 'border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)]'
+                ]"
+            >
+                <div class="text-[1.35rem] font-bold leading-none" :class="s.cls === 'qs-ok' ? 'text-green-500' : 'text-[var(--text-color)]'">{{ s.value }}</div>
+                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">{{ s.label }}</div>
+            </div>
+        </template>
+    </div>
+
+    <!-- Lista de tags -->
+    <div>
+        <div v-if="tagsApi.loading.value" class="flex flex-col gap-2">
+            <Skeleton v-for="n in 6" :key="n" height="4rem" class="rounded-md" />
+        </div>
+
+        <div v-else-if="!tagsApi.allTags.value.length" class="flex flex-col items-center justify-center gap-2 py-12 text-center">
+            <i class="pi pi-tag text-4xl text-[var(--text-color-secondary)] opacity-40" />
+            <div class="text-[1rem] font-semibold">Nenhuma tag ainda</div>
+            <Button label="Criar primeira tag" icon="pi pi-plus" size="small" @click="openCreate" />
+        </div>
+
+        <div v-else class="flex flex-col gap-2">
+            <div
+                v-for="tag in tagsApi.allTags.value"
+                :key="tag.id"
+                class="flex items-center gap-3 p-3 rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] hover:border-indigo-300/50 hover:shadow-[0_2px_8px_rgba(0,0,0,0.04)] transition-all"
+            >
+                <!-- Preview da pill -->
+                <span
+                    class="inline-flex items-center gap-1.5 px-2.5 py-1 rounded-full text-[0.78rem] font-semibold shrink-0"
+                    :style="{
+                        background: tag.color + '20',
+                        color: tag.color,
+                        border: `1px solid ${tag.color}40`
+                    }"
+                >
+                    <i v-if="tag.icon" :class="tag.icon" class="text-[0.7rem]" />
+                    {{ tag.name }}
+                </span>
+
+                <div class="flex-1 min-w-0 flex flex-col">
+                    <div class="flex items-center gap-2 flex-wrap">
+                        <span class="text-xs font-mono text-[var(--text-color-secondary)]">{{ tag.slug }}</span>
+                        <span
+                            v-if="tag.is_system"
+                            class="inline-flex items-center px-1.5 py-px rounded text-[0.65rem] font-bold uppercase tracking-wide bg-slate-500/10 text-slate-500"
+                        >
+                            Sistema
+                        </span>
+                        <span
+                            v-else
+                            class="inline-flex items-center px-1.5 py-px rounded text-[0.65rem] font-bold uppercase tracking-wide bg-indigo-500/10 text-indigo-500"
+                        >
+                            Custom
+                        </span>
+                    </div>
+                    <div class="text-xs text-[var(--text-color-secondary)] mt-0.5">
+                        <span v-if="usageByTag[tag.id]">
+                            Em {{ usageByTag[tag.id] }} conversa{{ usageByTag[tag.id] > 1 ? 's' : '' }}
+                        </span>
+                        <span v-else class="italic opacity-60">Não utilizada</span>
+                    </div>
+                </div>
+
+                <div class="flex items-center gap-1 shrink-0">
+                    <Button
+                        v-if="!tag.is_system"
+                        icon="pi pi-pencil"
+                        severity="secondary"
+                        outlined
+                        class="h-8 w-8 rounded-full"
+                        v-tooltip.top="'Editar'"
+                        :disabled="tagsApi.saving.value"
+                        @click="openEdit(tag)"
+                    />
+                    <Button
+                        v-if="!tag.is_system"
+                        icon="pi pi-trash"
+                        severity="danger"
+                        outlined
+                        class="h-8 w-8 rounded-full"
+                        v-tooltip.top="'Remover'"
+                        :disabled="tagsApi.saving.value"
+                        @click="confirmDelete(tag)"
+                    />
+                    <span v-if="tag.is_system" class="text-[0.7rem] text-[var(--text-color-secondary)] italic opacity-60 px-2">
+                        bloqueada
+                    </span>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    </div><!-- /flex flex-col gap-3 wrapper -->
+
+    <!-- Dialog create/edit -->
+    <Dialog
+        v-model:visible="dlg.open"
+        :header="dlg.mode === 'create' ? 'Nova tag' : 'Editar tag'"
+        modal
+        :style="{ width: 'min(460px, 95vw)' }"
+        :closable="!tagsApi.saving.value"
+    >
+        <div class="flex flex-col gap-3">
+            <!-- Preview -->
+            <div class="flex items-center justify-center py-3 bg-[var(--surface-ground)] rounded-md">
+                <span
+                    class="inline-flex items-center gap-1.5 px-3 py-1 rounded-full text-sm font-semibold"
+                    :style="{
+                        background: dlg.color + '20',
+                        color: dlg.color,
+                        border: `1px solid ${dlg.color}40`
+                    }"
+                >
+                    <i v-if="dlg.icon" :class="dlg.icon" class="text-xs" />
+                    {{ dlg.name.trim() || 'Preview' }}
+                </span>
+            </div>
+
+            <!-- Nome -->
+            <div>
+                <label class="block text-xs font-semibold text-[var(--text-color-secondary)] mb-1">Nome</label>
+                <InputText v-model="dlg.name" placeholder="Ex: Aguardando confirmação" :maxlength="40" class="w-full" @keydown.enter="saveTag" />
+            </div>
+
+            <!-- Cor -->
+            <div>
+                <label class="block text-xs font-semibold text-[var(--text-color-secondary)] mb-1">Cor</label>
+                <div class="flex items-center flex-wrap gap-1.5">
+                    <button
+                        v-for="c in presetColors"
+                        :key="c"
+                        type="button"
+                        class="w-7 h-7 rounded-full border-2 transition-transform cursor-pointer"
+                        :class="dlg.color === c ? 'border-[var(--text-color)] scale-110' : 'border-transparent hover:scale-105'"
+                        :style="{ background: c }"
+                        :aria-label="c"
+                        @click="dlg.color = c"
+                    />
+                    <input
+                        type="color"
+                        v-model="dlg.color"
+                        class="w-7 h-7 rounded-full border-0 cursor-pointer"
+                        aria-label="Cor personalizada"
+                    />
+                </div>
+            </div>
+
+            <!-- Ícone -->
+            <div>
+                <label class="block text-xs font-semibold text-[var(--text-color-secondary)] mb-1">Ícone</label>
+                <div class="grid grid-cols-8 gap-1 max-h-[180px] overflow-y-auto pr-1 border border-[var(--surface-border)] rounded-md p-2 bg-[var(--surface-ground)]">
+                    <button
+                        v-for="p in presetIcons"
+                        :key="p.icon"
+                        type="button"
+                        class="w-9 h-9 rounded-md flex items-center justify-center bg-transparent border cursor-pointer transition-all hover:scale-105"
+                        :class="dlg.icon === p.icon ? 'border-[var(--primary-color)] bg-[var(--primary-color)]/10 text-[var(--primary-color)]' : 'border-[var(--surface-border)] text-[var(--text-color-secondary)]'"
+                        v-tooltip.top="p.label"
+                        @click="dlg.icon = p.icon"
+                    >
+                        <i :class="p.icon" class="text-sm" />
+                    </button>
+                </div>
+            </div>
+        </div>
+
+        <template #footer>
+            <Button label="Cancelar" severity="secondary" text :disabled="tagsApi.saving.value" @click="dlg.open = false" />
+            <Button :label="dlg.mode === 'create' ? 'Criar' : 'Salvar'" :loading="tagsApi.saving.value" :disabled="!dlg.name.trim()" @click="saveTag" />
+        </template>
+    </Dialog>
+</template>
diff --git a/src/layout/configuracoes/ConfiguracoesCreditosWhatsappPage.vue b/src/layout/configuracoes/ConfiguracoesCreditosWhatsappPage.vue
new file mode 100644
index 0000000..ece6187
--- /dev/null
+++ b/src/layout/configuracoes/ConfiguracoesCreditosWhatsappPage.vue
@@ -0,0 +1,425 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI — Créditos WhatsApp (Marco B)
+|--------------------------------------------------------------------------
+| Saldo + loja de pacotes + histórico de compras e uso.
+| Créditos são consumidos apenas no canal Oficial AgenciaPSI (Twilio);
+| WhatsApp Pessoal (Evolution) é gratuito.
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, computed, onMounted, watch, reactive } from 'vue';
+import { useToast } from 'primevue/usetoast';
+import { useTenantStore } from '@/stores/tenantStore';
+import { useWhatsappCredits } from '@/composables/useWhatsappCredits';
+import { isValidCPF, fmtCPF, isValidCNPJ, fmtCNPJ } from '@/utils/validators';
+
+const toast = useToast();
+const tenantStore = useTenantStore();
+const api = useWhatsappCredits();
+
+// Dialog de confirmação (coleta CPF/CNPJ antes de criar a cobrança)
+const confirmDlg = reactive({
+    open: false,
+    pkg: null,
+    docInput: '',
+    error: ''
+});
+
+// Dialog de pagamento PIX
+const pixDlg = reactive({
+    open: false,
+    purchase: null,
+});
+
+function formatDoc(digits) {
+    const d = String(digits || '').replace(/\D/g, '');
+    if (d.length === 11) return fmtCPF(d);
+    if (d.length === 14) return fmtCNPJ(d);
+    return d;
+}
+
+function validateDoc(raw) {
+    const d = String(raw || '').replace(/\D/g, '');
+    if (!d) return { ok: false, error: 'Informe o CPF ou CNPJ do titular.' };
+    if (d.length === 11) {
+        if (!isValidCPF(d)) return { ok: false, error: 'CPF inválido. Confira os dígitos.' };
+        return { ok: true, digits: d };
+    }
+    if (d.length === 14) {
+        if (!isValidCNPJ(d)) return { ok: false, error: 'CNPJ inválido. Confira os dígitos.' };
+        return { ok: true, digits: d };
+    }
+    return { ok: false, error: 'Informe 11 dígitos (CPF) ou 14 (CNPJ).' };
+}
+
+function openConfirm(pkg) {
+    confirmDlg.pkg = pkg;
+    confirmDlg.docInput = formatDoc(api.tenantCpfCnpj.value);
+    confirmDlg.error = '';
+    confirmDlg.open = true;
+}
+
+async function onConfirmBuy() {
+    const v = validateDoc(confirmDlg.docInput);
+    if (!v.ok) { confirmDlg.error = v.error; return; }
+    confirmDlg.error = '';
+
+    const res = await api.createPurchase(confirmDlg.pkg.id, v.digits);
+    if (!res.ok) {
+        const msg = res.message
+            || (res.error?.includes('não configurado')
+                ? 'Sistema de pagamento não está configurado. Contate o suporte.'
+                : res.error || 'Falha ao criar cobrança');
+        toast.add({ severity: 'error', summary: 'Erro', detail: msg, life: 5000 });
+        return;
+    }
+    confirmDlg.open = false;
+    pixDlg.purchase = res.purchase;
+    pixDlg.open = true;
+}
+
+function copyPix() {
+    const code = pixDlg.purchase?.asaas_pix_copy_paste;
+    if (!code) return;
+    navigator.clipboard.writeText(code).then(
+        () => toast.add({ severity: 'success', summary: 'Código copiado', life: 1800 }),
+        () => toast.add({ severity: 'error', summary: 'Falha ao copiar', life: 2500 })
+    );
+}
+
+// Threshold edit
+const editingThreshold = ref(false);
+const thresholdInput = ref(20);
+
+function startEditThreshold() {
+    thresholdInput.value = api.balance.value?.low_balance_threshold ?? 20;
+    editingThreshold.value = true;
+}
+
+async function saveThreshold() {
+    const res = await api.updateLowBalanceThreshold(thresholdInput.value);
+    if (res.ok) {
+        toast.add({ severity: 'success', summary: 'Alerta atualizado', life: 2000 });
+        editingThreshold.value = false;
+    } else {
+        toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+    }
+}
+
+// Formatters
+function brl(v) {
+    return new Intl.NumberFormat('pt-BR', { style: 'currency', currency: 'BRL' }).format(Number(v) || 0);
+}
+function fmtDate(iso) {
+    if (!iso) return '';
+    return new Date(iso).toLocaleString('pt-BR', { day: '2-digit', month: '2-digit', hour: '2-digit', minute: '2-digit' });
+}
+
+const kindLabel = {
+    purchase: { label: 'Compra', icon: 'pi pi-shopping-cart', cls: 'text-green-500' },
+    topup_manual: { label: 'Topup manual', icon: 'pi pi-plus-circle', cls: 'text-sky-500' },
+    usage: { label: 'Uso', icon: 'pi pi-send', cls: 'text-orange-500' },
+    refund: { label: 'Estorno', icon: 'pi pi-replay', cls: 'text-amber-500' },
+    adjustment: { label: 'Ajuste', icon: 'pi pi-pencil', cls: 'text-slate-500' }
+};
+
+const statusLabel = {
+    pending: { label: 'Aguardando pagamento', cls: 'bg-amber-500/10 text-amber-600' },
+    paid: { label: 'Pago', cls: 'bg-green-500/10 text-green-600' },
+    failed: { label: 'Falhou', cls: 'bg-red-500/10 text-red-600' },
+    expired: { label: 'Expirado', cls: 'bg-slate-500/10 text-slate-600' },
+    cancelled: { label: 'Cancelado', cls: 'bg-slate-500/10 text-slate-600' },
+    refunded: { label: 'Estornado', cls: 'bg-orange-500/10 text-orange-600' }
+};
+
+const pendingPurchases = computed(() => api.purchases.value.filter((p) => p.status === 'pending'));
+
+function reopenPixDialog(purchase) {
+    pixDlg.purchase = purchase;
+    pixDlg.open = true;
+}
+
+onMounted(() => { api.loadAll(); });
+watch(() => tenantStore.activeTenantId, () => { api.loadAll(); });
+</script>
+
+<template>
+    <Teleport to="#cfg-page-actions" defer>
+        <Button
+            icon="pi pi-refresh"
+            severity="secondary"
+            outlined
+            class="h-9 w-9 rounded-full"
+            :loading="api.loading.value"
+            v-tooltip.bottom="'Recarregar'"
+            @click="api.loadAll()"
+        />
+    </Teleport>
+
+    <div class="flex flex-col gap-4">
+        <!-- Saldo atual -->
+        <div
+            class="rounded-md border p-4 flex items-center gap-4 flex-wrap"
+            :class="api.isLow.value && api.currentBalance.value > 0
+                ? 'border-amber-500/30 bg-amber-500/5'
+                : api.currentBalance.value === 0
+                    ? 'border-red-500/30 bg-red-500/5'
+                    : 'border-emerald-500/25 bg-emerald-500/5'"
+        >
+            <div class="grid place-items-center w-14 h-14 rounded-md shrink-0" :class="api.currentBalance.value === 0 ? 'bg-red-500/10 text-red-500' : api.isLow.value ? 'bg-amber-500/10 text-amber-500' : 'bg-emerald-500/10 text-emerald-500'">
+                <i class="pi pi-credit-card text-2xl" />
+            </div>
+            <div class="flex-1 min-w-0">
+                <div class="text-xs uppercase tracking-wider font-semibold text-[var(--text-color-secondary)]">Saldo atual</div>
+                <div class="text-3xl font-bold leading-tight">
+                    <template v-if="api.loading.value && !api.balance.value">
+                        <Skeleton width="8rem" height="2rem" />
+                    </template>
+                    <template v-else>
+                        {{ api.currentBalance.value }} <span class="text-base font-normal text-[var(--text-color-secondary)]">créditos</span>
+                    </template>
+                </div>
+                <div class="text-xs text-[var(--text-color-secondary)] mt-1">
+                    <span v-if="api.balance.value">
+                        Comprados: <strong>{{ api.balance.value.lifetime_purchased || 0 }}</strong>
+                        · Usados: <strong>{{ api.balance.value.lifetime_used || 0 }}</strong>
+                    </span>
+                </div>
+            </div>
+            <div class="flex items-center gap-2">
+                <template v-if="!editingThreshold">
+                    <span class="text-xs text-[var(--text-color-secondary)]">
+                        Alerta abaixo de <strong>{{ api.balance.value?.low_balance_threshold ?? 20 }}</strong>
+                    </span>
+                    <Button icon="pi pi-pencil" severity="secondary" text size="small" class="h-7 w-7" v-tooltip.top="'Editar'" @click="startEditThreshold" />
+                </template>
+                <template v-else>
+                    <InputNumber v-model="thresholdInput" :min="0" :max="10000" inputClass="!w-20 text-xs" />
+                    <Button icon="pi pi-check" size="small" severity="primary" class="h-7 w-7" @click="saveThreshold" />
+                    <Button icon="pi pi-times" severity="secondary" text size="small" class="h-7 w-7" @click="editingThreshold = false" />
+                </template>
+            </div>
+        </div>
+
+        <!-- Info: só Oficial consome -->
+        <div class="rounded-md border border-sky-500/25 bg-sky-500/5 p-3 flex items-start gap-2 text-xs text-[var(--text-color)]">
+            <i class="pi pi-info-circle text-sky-500 mt-0.5" />
+            <div>
+                Créditos são consumidos apenas no canal <strong>WhatsApp Oficial AgenciaPSI</strong>. O <strong>WhatsApp Pessoal</strong> (via QR code) é gratuito mas tem limitações (celular precisa estar ligado, sem SLA, risco de ban).
+                <br/>
+                <strong>1 crédito = 1 mensagem enviada.</strong> Mensagens recebidas não consomem. Saldo não expira.
+            </div>
+        </div>
+
+        <!-- Ordens pendentes (CTA pra pagar) -->
+        <div v-if="pendingPurchases.length" class="rounded-md border border-amber-500/30 bg-amber-500/5 p-4">
+            <div class="flex items-center gap-2 mb-2">
+                <i class="pi pi-clock text-amber-500" />
+                <span class="text-sm font-bold">{{ pendingPurchases.length }} cobrança{{ pendingPurchases.length > 1 ? 's' : '' }} aguardando pagamento</span>
+            </div>
+            <div class="flex flex-col gap-1.5">
+                <div v-for="p in pendingPurchases" :key="p.id" class="flex items-center justify-between gap-2 p-2 rounded bg-[var(--surface-card)] text-sm">
+                    <span class="truncate">{{ p.package_name }} — {{ p.credits }} créditos · {{ brl(p.amount_brl) }}</span>
+                    <Button label="Pagar" icon="pi pi-qrcode" size="small" class="rounded-full" @click="reopenPixDialog(p)" />
+                </div>
+            </div>
+        </div>
+
+        <!-- Loja de pacotes -->
+        <div class="flex flex-col gap-3">
+            <div class="flex items-center gap-2">
+                <i class="pi pi-shopping-cart text-[var(--primary-color)]" />
+                <span class="text-sm font-bold uppercase tracking-wide">Comprar créditos</span>
+            </div>
+
+            <div v-if="api.loading.value && !api.packages.value.length" class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-3">
+                <Skeleton v-for="n in 4" :key="n" height="12rem" class="rounded-md" />
+            </div>
+
+            <div v-else-if="!api.packages.value.length" class="text-center py-8 text-sm text-[var(--text-color-secondary)] italic">
+                Nenhum pacote disponível no momento. Contate o suporte.
+            </div>
+
+            <div v-else class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-3">
+                <div
+                    v-for="pkg in api.packages.value"
+                    :key="pkg.id"
+                    class="relative flex flex-col gap-3 p-4 rounded-md border-2 bg-[var(--surface-card)] transition-all hover:shadow-md"
+                    :class="pkg.is_featured ? 'border-emerald-500 shadow-[0_0_0_3px_rgba(34,197,94,0.1)]' : 'border-[var(--surface-border)] hover:border-indigo-300'"
+                >
+                    <span v-if="pkg.is_featured" class="absolute -top-2 left-1/2 -translate-x-1/2 px-2 py-0.5 rounded-full text-[0.6rem] font-bold uppercase tracking-wide bg-emerald-500 text-white">
+                        ⭐ Mais vendido
+                    </span>
+                    <div class="text-sm font-bold text-[var(--text-color)]">{{ pkg.name }}</div>
+                    <div v-if="pkg.description" class="text-xs text-[var(--text-color-secondary)]">{{ pkg.description }}</div>
+
+                    <div class="flex flex-col gap-0.5">
+                        <div class="text-[1.6rem] font-bold leading-none text-[var(--primary-color)]">{{ pkg.credits }}</div>
+                        <div class="text-xs text-[var(--text-color-secondary)]">mensagens</div>
+                    </div>
+
+                    <div class="flex flex-col gap-0.5 mt-auto">
+                        <div class="text-2xl font-bold">{{ brl(pkg.price_brl) }}</div>
+                        <div class="text-[0.7rem] text-[var(--text-color-secondary)]">{{ brl(pkg.price_brl / pkg.credits) }} / mensagem</div>
+                    </div>
+
+                    <Button
+                        label="Comprar"
+                        icon="pi pi-shopping-cart"
+                        :severity="pkg.is_featured ? 'primary' : 'secondary'"
+                        :outlined="!pkg.is_featured"
+                        class="rounded-full"
+                        :loading="api.creating.value"
+                        @click="openConfirm(pkg)"
+                    />
+                </div>
+            </div>
+        </div>
+
+        <!-- Histórico de compras -->
+        <div v-if="api.purchases.value.length" class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-4 flex flex-col gap-2">
+            <div class="flex items-center gap-2 mb-1">
+                <i class="pi pi-receipt text-[var(--primary-color)]" />
+                <span class="text-sm font-bold uppercase tracking-wide">Histórico de compras</span>
+            </div>
+            <div class="flex flex-col gap-1.5 max-h-[360px] overflow-y-auto">
+                <div
+                    v-for="p in api.purchases.value"
+                    :key="p.id"
+                    class="flex items-center gap-2 p-2 rounded-md border border-[var(--surface-border)] text-sm"
+                >
+                    <span class="inline-flex items-center px-1.5 py-px rounded text-[0.65rem] font-bold uppercase shrink-0" :class="statusLabel[p.status]?.cls">
+                        {{ statusLabel[p.status]?.label || p.status }}
+                    </span>
+                    <span class="flex-1 truncate">{{ p.package_name }} — {{ p.credits }} créditos</span>
+                    <span class="font-semibold">{{ brl(p.amount_brl) }}</span>
+                    <span class="text-xs text-[var(--text-color-secondary)] shrink-0">{{ fmtDate(p.paid_at || p.created_at) }}</span>
+                </div>
+            </div>
+        </div>
+
+        <!-- Extrato -->
+        <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-4 flex flex-col gap-2">
+            <div class="flex items-center gap-2 mb-1">
+                <i class="pi pi-list text-[var(--primary-color)]" />
+                <span class="text-sm font-bold uppercase tracking-wide">Extrato (50 últimos)</span>
+            </div>
+            <div v-if="!api.transactions.value.length" class="text-xs text-[var(--text-color-secondary)] italic text-center py-4">
+                Nenhuma transação ainda.
+            </div>
+            <div v-else class="flex flex-col gap-0.5 max-h-[300px] overflow-y-auto text-xs">
+                <div
+                    v-for="tx in api.transactions.value"
+                    :key="tx.id"
+                    class="grid grid-cols-[auto_1fr_auto_auto] items-center gap-2 py-1.5 px-2 rounded hover:bg-[var(--surface-hover)]"
+                >
+                    <i :class="[kindLabel[tx.kind]?.icon || 'pi pi-circle', kindLabel[tx.kind]?.cls || '']" />
+                    <span>{{ kindLabel[tx.kind]?.label || tx.kind }}<span v-if="tx.note" class="ml-1 text-[var(--text-color-secondary)]">— {{ tx.note }}</span></span>
+                    <span class="font-bold font-mono" :class="tx.amount > 0 ? 'text-green-600' : 'text-orange-600'">
+                        {{ tx.amount > 0 ? '+' : '' }}{{ tx.amount }}
+                    </span>
+                    <span class="text-[var(--text-color-secondary)]">{{ fmtDate(tx.created_at) }}</span>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <!-- Dialog de confirmação (CPF/CNPJ + resumo) -->
+    <Dialog
+        v-model:visible="confirmDlg.open"
+        :header="`Comprar ${confirmDlg.pkg?.name || 'pacote'}`"
+        modal
+        :style="{ width: 'min(440px, 95vw)' }"
+        @hide="confirmDlg.error = ''"
+    >
+        <div v-if="confirmDlg.pkg" class="flex flex-col gap-3">
+            <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-ground)] p-3 flex items-center justify-between">
+                <div class="flex flex-col">
+                    <span class="text-xs uppercase tracking-wide text-[var(--text-color-secondary)] font-semibold">{{ confirmDlg.pkg.name }}</span>
+                    <span class="text-sm">{{ confirmDlg.pkg.credits }} créditos (mensagens WhatsApp)</span>
+                </div>
+                <span class="text-xl font-bold text-[var(--primary-color)]">{{ brl(confirmDlg.pkg.price_brl) }}</span>
+            </div>
+
+            <div class="flex flex-col gap-1">
+                <label class="text-xs font-semibold uppercase tracking-wide text-[var(--text-color-secondary)]">
+                    CPF ou CNPJ do titular <span class="text-red-500">*</span>
+                </label>
+                <InputText
+                    v-model="confirmDlg.docInput"
+                    placeholder="000.000.000-00"
+                    :invalid="!!confirmDlg.error"
+                    @input="confirmDlg.error = ''"
+                    @blur="confirmDlg.docInput = formatDoc(confirmDlg.docInput)"
+                    @keydown.enter="onConfirmBuy"
+                    maxlength="20"
+                />
+                <small v-if="confirmDlg.error" class="text-red-500">{{ confirmDlg.error }}</small>
+                <small v-else class="text-[var(--text-color-secondary)]">
+                    Exigido pelo gateway (Asaas). Fica salvo no seu tenant pras próximas compras.
+                </small>
+            </div>
+
+            <div class="rounded-md bg-[var(--surface-ground)] p-2 text-xs text-[var(--text-color-secondary)]">
+                <i class="pi pi-info-circle mr-1 text-sky-500" />
+                Ao confirmar, geramos um QR Code PIX. Os créditos aparecem automaticamente após o pagamento (poucos segundos).
+            </div>
+        </div>
+
+        <template #footer>
+            <Button label="Cancelar" severity="secondary" text @click="confirmDlg.open = false" />
+            <Button
+                label="Gerar cobrança PIX"
+                icon="pi pi-qrcode"
+                :loading="api.creating.value"
+                @click="onConfirmBuy"
+            />
+        </template>
+    </Dialog>
+
+    <!-- Dialog PIX -->
+    <Dialog
+        v-model:visible="pixDlg.open"
+        header="Pagamento PIX"
+        modal
+        :style="{ width: 'min(420px, 95vw)' }"
+    >
+        <div v-if="pixDlg.purchase" class="flex flex-col gap-3">
+            <div class="text-center">
+                <div class="text-xs uppercase text-[var(--text-color-secondary)] font-semibold tracking-wide mb-1">Valor total</div>
+                <div class="text-3xl font-bold text-[var(--primary-color)]">{{ brl(pixDlg.purchase.amount_brl) }}</div>
+                <div class="text-sm text-[var(--text-color-secondary)]">{{ pixDlg.purchase.package_name }} · {{ pixDlg.purchase.credits }} créditos</div>
+            </div>
+
+            <div v-if="pixDlg.purchase.asaas_pix_qrcode" class="flex flex-col items-center gap-2">
+                <img :src="`data:image/png;base64,${pixDlg.purchase.asaas_pix_qrcode}`" alt="QR Code PIX" class="w-48 h-48 rounded-md border border-[var(--surface-border)]" />
+                <span class="text-xs text-[var(--text-color-secondary)]">Aponte a câmera do banco pro QR Code</span>
+            </div>
+
+            <div v-if="pixDlg.purchase.asaas_pix_copy_paste" class="flex flex-col gap-1">
+                <span class="text-xs font-semibold uppercase tracking-wide text-[var(--text-color-secondary)]">Ou copie o código PIX</span>
+                <div class="flex gap-1">
+                    <InputText :modelValue="pixDlg.purchase.asaas_pix_copy_paste" readonly class="flex-1 text-xs font-mono" />
+                    <Button icon="pi pi-copy" severity="secondary" outlined v-tooltip.top="'Copiar'" @click="copyPix" />
+                </div>
+            </div>
+
+            <div v-if="pixDlg.purchase.asaas_payment_link" class="text-center">
+                <a :href="pixDlg.purchase.asaas_payment_link" target="_blank" rel="noopener" class="text-xs text-[var(--primary-color)] underline">
+                    Ou pague com cartão (link externo)
+                </a>
+            </div>
+
+            <div class="rounded-md bg-[var(--surface-ground)] p-2 text-xs text-[var(--text-color-secondary)]">
+                <i class="pi pi-info-circle mr-1 text-sky-500" />
+                Assim que o pagamento for confirmado (PIX é instantâneo), seu saldo é atualizado automaticamente. Pode fechar essa janela — a confirmação aparece aqui quando concluída.
+            </div>
+        </div>
+
+        <template #footer>
+            <Button label="Fechar" severity="secondary" text @click="pixDlg.open = false" />
+            <Button label="Já paguei, atualizar" icon="pi pi-refresh" @click="api.loadAll(); pixDlg.open = false;" />
+        </template>
+    </Dialog>
+</template>
diff --git a/src/layout/configuracoes/ConfiguracoesLembretesSessaoPage.vue b/src/layout/configuracoes/ConfiguracoesLembretesSessaoPage.vue
new file mode 100644
index 0000000..38e5629
--- /dev/null
+++ b/src/layout/configuracoes/ConfiguracoesLembretesSessaoPage.vue
@@ -0,0 +1,348 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI — Lembretes automáticos de sessão (CRM Grupo 2.4)
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, computed, onMounted, watch } from 'vue';
+import { useToast } from 'primevue/usetoast';
+import { useTenantStore } from '@/stores/tenantStore';
+import { useSessionReminders } from '@/composables/useSessionReminders';
+
+const toast = useToast();
+const tenantStore = useTenantStore();
+const api = useSessionReminders();
+
+const VARIABLES = [
+    { key: '{{nome_paciente}}', label: 'Nome do paciente' },
+    { key: '{{data_sessao}}', label: 'Data (ex: 22 de abril)' },
+    { key: '{{hora_sessao}}', label: 'Hora (ex: 14:30)' },
+    { key: '{{modalidade}}', label: 'Online / presencial' },
+    { key: '{{nome_clinica}}', label: 'Nome da clínica' }
+];
+
+const template24Ref = ref(null);
+const template2Ref = ref(null);
+
+function insertVariable(field, variable) {
+    const el = field === '24h' ? template24Ref.value?.$el?.querySelector('textarea') : template2Ref.value?.$el?.querySelector('textarea');
+    if (!el) return;
+    const start = el.selectionStart ?? 0;
+    const end = el.selectionEnd ?? 0;
+    const key = field === '24h' ? 'template_24h' : 'template_2h';
+    const before = api.settings.value[key].slice(0, start);
+    const after = api.settings.value[key].slice(end);
+    api.settings.value[key] = before + variable + after;
+    setTimeout(() => {
+        el.focus();
+        const pos = start + variable.length;
+        el.setSelectionRange(pos, pos);
+    }, 10);
+}
+
+async function onSave() {
+    const res = await api.save();
+    if (res.ok) toast.add({ severity: 'success', summary: 'Salvo', life: 2000 });
+    else toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+}
+
+async function onRunNow() {
+    const res = await api.runNow();
+    if (res.ok) {
+        const s = res.stats || {};
+        const sent = s.sent || 0;
+        const considered = s.considered || 0;
+        const skippedTotal = Object.values(s.skipped || {}).reduce((a, b) => a + b, 0);
+        toast.add({
+            severity: sent > 0 ? 'success' : 'info',
+            summary: `Execução concluída`,
+            detail: `Considerados: ${considered} · Enviados: ${sent} · Pulados: ${skippedTotal}`,
+            life: 5000
+        });
+        await api.load();
+    } else {
+        toast.add({ severity: 'error', summary: 'Erro', detail: res.error, life: 3500 });
+    }
+}
+
+// Preview renderizado
+const previewVars = {
+    nome_paciente: 'Maria Silva',
+    data_sessao: '22 de abril',
+    hora_sessao: '14:30',
+    modalidade: 'presencial',
+    nome_clinica: 'Clínica Exemplo'
+};
+
+function renderPreview(tpl) {
+    return String(tpl || '')
+        .replaceAll('{{nome_paciente}}', previewVars.nome_paciente)
+        .replaceAll('{{data_sessao}}', previewVars.data_sessao)
+        .replaceAll('{{hora_sessao}}', previewVars.hora_sessao)
+        .replaceAll('{{modalidade}}', previewVars.modalidade)
+        .replaceAll('{{nome_clinica}}', previewVars.nome_clinica);
+}
+
+const preview24 = computed(() => renderPreview(api.settings.value.template_24h));
+const preview2h = computed(() => renderPreview(api.settings.value.template_2h));
+
+// Stats
+const recentSent = computed(() => api.recentLogs.value.filter((l) => l.provider !== 'skipped').length);
+const recentSkipped = computed(() => api.recentLogs.value.filter((l) => l.provider === 'skipped').length);
+
+function fmtDate(iso) {
+    if (!iso) return '';
+    return new Date(iso).toLocaleString('pt-BR', {
+        day: '2-digit', month: '2-digit', hour: '2-digit', minute: '2-digit'
+    });
+}
+
+function formatPhone(p) {
+    const s = String(p || '').replace(/\D/g, '');
+    if (s.length === 13 && s.startsWith('55')) return `(${s.slice(2, 4)}) ${s.slice(4, 9)}-${s.slice(9)}`;
+    return p;
+}
+
+onMounted(() => { api.load(); });
+watch(() => tenantStore.activeTenantId, () => { api.load(); });
+</script>
+
+<template>
+    <Teleport to="#cfg-page-actions" defer>
+        <Button
+            label="Testar agora"
+            icon="pi pi-bolt"
+            severity="secondary"
+            outlined
+            size="small"
+            class="rounded-full"
+            :loading="api.saving.value"
+            v-tooltip.bottom="'Roda o processo manualmente (útil pra testar ou fazer catch-up)'"
+            @click="onRunNow"
+        />
+        <Button
+            label="Salvar"
+            icon="pi pi-check"
+            size="small"
+            class="rounded-full"
+            :loading="api.saving.value"
+            :disabled="api.loading.value"
+            @click="onSave"
+        />
+        <Button
+            icon="pi pi-refresh"
+            severity="secondary"
+            outlined
+            class="h-9 w-9 rounded-full"
+            :loading="api.loading.value"
+            v-tooltip.bottom="'Recarregar'"
+            @click="api.load()"
+        />
+    </Teleport>
+
+    <div class="flex flex-col gap-4">
+        <!-- Info -->
+        <div class="rounded-md border border-sky-500/25 bg-sky-500/5 p-3 flex items-start gap-2 text-xs text-[var(--text-color)]">
+            <i class="pi pi-info-circle text-sky-500 mt-0.5" />
+            <div>
+                <strong>Como funciona:</strong> a cada 15 minutos o sistema verifica sessões agendadas que estão chegando em
+                <strong>24h ± 15min</strong> ou <strong>2h ± 15min</strong>, e envia WhatsApp pro paciente usando o canal ativo.
+                Respeita opt-out (LGPD), quiet hours, e só envia uma vez por sessão+tipo.
+                <br/>
+                <strong>Pré-requisito:</strong> WhatsApp ativo (Oficial AgenciaPSI ou Pessoal) + paciente com telefone cadastrado.
+            </div>
+        </div>
+
+        <!-- Toggle principal + stats -->
+        <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-4 flex flex-col gap-3">
+            <div class="flex items-center gap-3 flex-wrap">
+                <label class="flex items-center gap-2 cursor-pointer">
+                    <ToggleSwitch v-model="api.settings.value.enabled" />
+                    <span class="text-sm font-semibold">
+                        {{ api.settings.value.enabled ? 'Lembretes ativados' : 'Lembretes desativados' }}
+                    </span>
+                </label>
+            </div>
+
+            <div class="grid grid-cols-2 gap-3">
+                <div class="flex flex-col gap-0.5 px-4 py-2.5 rounded-md border border-[var(--surface-border)] bg-[var(--surface-ground)]">
+                    <div class="text-[1.35rem] font-bold leading-none text-green-500">{{ recentSent }}</div>
+                    <div class="text-xs text-[var(--text-color-secondary)]">Enviados (últimos 30)</div>
+                </div>
+                <div class="flex flex-col gap-0.5 px-4 py-2.5 rounded-md border border-[var(--surface-border)] bg-[var(--surface-ground)]">
+                    <div class="text-[1.35rem] font-bold leading-none text-slate-500">{{ recentSkipped }}</div>
+                    <div class="text-xs text-[var(--text-color-secondary)]">Pulados (opt-out, duplicata, etc)</div>
+                </div>
+            </div>
+        </div>
+
+        <!-- Lead times + templates -->
+        <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-4 flex flex-col gap-4">
+            <div class="flex items-center gap-2">
+                <i class="pi pi-clock text-[var(--primary-color)]" />
+                <span class="text-sm font-bold uppercase tracking-wide">Lembretes a enviar</span>
+            </div>
+
+            <!-- 24h -->
+            <div class="flex flex-col gap-2">
+                <div class="flex items-center gap-2">
+                    <ToggleSwitch v-model="api.settings.value.send_24h" :disabled="!api.settings.value.enabled" />
+                    <span class="text-sm font-semibold">24h antes da sessão</span>
+                </div>
+                <div v-if="api.settings.value.send_24h" class="flex flex-col gap-2 pl-10">
+                    <div class="flex flex-wrap gap-1">
+                        <Button
+                            v-for="v in VARIABLES"
+                            :key="v.key"
+                            :label="v.key"
+                            size="small"
+                            severity="secondary"
+                            outlined
+                            class="!text-[0.7rem] !py-0.5 !px-1.5 font-mono"
+                            :disabled="!api.settings.value.enabled"
+                            v-tooltip.top="v.label"
+                            @click="insertVariable('24h', v.key)"
+                        />
+                    </div>
+                    <Textarea
+                        ref="template24Ref"
+                        v-model="api.settings.value.template_24h"
+                        rows="3"
+                        autoResize
+                        class="w-full text-sm"
+                        :maxlength="2000"
+                        :disabled="!api.settings.value.enabled"
+                    />
+                    <div class="text-xs text-[var(--text-color-secondary)] p-2 rounded bg-[var(--surface-ground)] italic">
+                        <strong class="not-italic">Preview:</strong> {{ preview24 }}
+                    </div>
+                </div>
+            </div>
+
+            <!-- 2h -->
+            <div class="flex flex-col gap-2">
+                <div class="flex items-center gap-2">
+                    <ToggleSwitch v-model="api.settings.value.send_2h" :disabled="!api.settings.value.enabled" />
+                    <span class="text-sm font-semibold">2h antes da sessão</span>
+                </div>
+                <div v-if="api.settings.value.send_2h" class="flex flex-col gap-2 pl-10">
+                    <div class="flex flex-wrap gap-1">
+                        <Button
+                            v-for="v in VARIABLES"
+                            :key="v.key"
+                            :label="v.key"
+                            size="small"
+                            severity="secondary"
+                            outlined
+                            class="!text-[0.7rem] !py-0.5 !px-1.5 font-mono"
+                            :disabled="!api.settings.value.enabled"
+                            v-tooltip.top="v.label"
+                            @click="insertVariable('2h', v.key)"
+                        />
+                    </div>
+                    <Textarea
+                        ref="template2Ref"
+                        v-model="api.settings.value.template_2h"
+                        rows="3"
+                        autoResize
+                        class="w-full text-sm"
+                        :maxlength="2000"
+                        :disabled="!api.settings.value.enabled"
+                    />
+                    <div class="text-xs text-[var(--text-color-secondary)] p-2 rounded bg-[var(--surface-ground)] italic">
+                        <strong class="not-italic">Preview:</strong> {{ preview2h }}
+                    </div>
+                </div>
+            </div>
+        </div>
+
+        <!-- Quiet hours + LGPD -->
+        <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-4 flex flex-col gap-4">
+            <div class="flex items-center gap-2">
+                <i class="pi pi-moon text-[var(--primary-color)]" />
+                <span class="text-sm font-bold uppercase tracking-wide">Horário silencioso & compliance</span>
+            </div>
+
+            <!-- Quiet hours -->
+            <div class="flex flex-col gap-2">
+                <div class="flex items-center gap-2">
+                    <ToggleSwitch v-model="api.settings.value.quiet_hours_enabled" :disabled="!api.settings.value.enabled" />
+                    <span class="text-sm font-semibold">Não enviar em horário silencioso</span>
+                </div>
+                <div v-if="api.settings.value.quiet_hours_enabled" class="flex items-center gap-2 pl-10 flex-wrap">
+                    <span class="text-xs text-[var(--text-color-secondary)]">Das</span>
+                    <input
+                        type="time"
+                        v-model="api.settings.value.quiet_hours_start"
+                        class="text-sm px-2 py-1 rounded border border-[var(--surface-border)] bg-[var(--surface-card)]"
+                        :disabled="!api.settings.value.enabled"
+                    />
+                    <span class="text-xs text-[var(--text-color-secondary)]">até</span>
+                    <input
+                        type="time"
+                        v-model="api.settings.value.quiet_hours_end"
+                        class="text-sm px-2 py-1 rounded border border-[var(--surface-border)] bg-[var(--surface-card)]"
+                        :disabled="!api.settings.value.enabled"
+                    />
+                    <span class="text-xs text-[var(--text-color-secondary)] italic">(fuso São Paulo)</span>
+                </div>
+                <div class="text-xs text-[var(--text-color-secondary)] pl-10">
+                    Sessões que caem dentro do horário silencioso não disparam o lembrete — mesmo que "24h/2h antes" batam nessa janela.
+                </div>
+            </div>
+
+            <!-- Opt-out -->
+            <div class="flex flex-col gap-2 pt-2 border-t border-[var(--surface-border)]">
+                <div class="flex items-center gap-2">
+                    <ToggleSwitch v-model="api.settings.value.respect_opt_out" :disabled="!api.settings.value.enabled" />
+                    <span class="text-sm font-semibold">Respeitar opt-out (LGPD)</span>
+                </div>
+                <div class="text-xs text-[var(--text-color-secondary)] pl-10">
+                    Pacientes que enviaram "PARAR" não recebem lembretes. <strong>Recomendado manter ativado</strong>
+                    — LGPD Art. 18 §2 (direito de oposição). Desligar só com base legal específica.
+                </div>
+            </div>
+        </div>
+
+        <!-- Log recente -->
+        <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-4 flex flex-col gap-3">
+            <div class="flex items-center gap-2">
+                <i class="pi pi-history text-[var(--primary-color)]" />
+                <span class="text-sm font-bold uppercase tracking-wide">Histórico recente (30 últimos)</span>
+            </div>
+
+            <div v-if="api.loading.value" class="flex flex-col gap-1.5">
+                <Skeleton v-for="n in 4" :key="n" height="2.5rem" class="rounded-md" />
+            </div>
+
+            <div v-else-if="!api.recentLogs.value.length" class="text-xs text-[var(--text-color-secondary)] italic text-center py-4">
+                Nenhum lembrete processado ainda. Clique em "Testar agora" pra executar manualmente.
+            </div>
+
+            <div v-else class="flex flex-col gap-1 max-h-[360px] overflow-y-auto">
+                <div
+                    v-for="log in api.recentLogs.value"
+                    :key="log.id"
+                    class="flex items-center gap-2 p-2 rounded-md border text-xs"
+                    :class="log.provider === 'skipped'
+                        ? 'border-[var(--surface-border)] bg-[var(--surface-ground)] opacity-80'
+                        : 'border-green-500/25 bg-green-500/5'"
+                >
+                    <i
+                        class="pi shrink-0"
+                        :class="log.provider === 'skipped' ? 'pi-forward text-[var(--text-color-secondary)]' : 'pi-send text-green-500'"
+                    />
+                    <span class="font-semibold text-[0.7rem] uppercase px-1.5 py-px rounded shrink-0" :class="log.reminder_type === '24h' ? 'bg-indigo-500/10 text-indigo-500' : 'bg-amber-500/10 text-amber-500'">
+                        {{ log.reminder_type }}
+                    </span>
+                    <span v-if="log.to_phone" class="font-mono">{{ formatPhone(log.to_phone) }}</span>
+                    <span v-if="log.provider === 'skipped'" class="italic text-[var(--text-color-secondary)]">
+                        {{ log.skip_reason }}
+                    </span>
+                    <span v-else class="text-green-600">enviado</span>
+                    <span class="ml-auto text-[var(--text-color-secondary)]">{{ fmtDate(log.sent_at) }}</span>
+                </div>
+            </div>
+        </div>
+    </div>
+</template>
diff --git a/src/layout/configuracoes/ConfiguracoesRecursosExtrasPage.vue b/src/layout/configuracoes/ConfiguracoesRecursosExtrasPage.vue
index dbf0b2e..3ae3910 100644
--- a/src/layout/configuracoes/ConfiguracoesRecursosExtrasPage.vue
+++ b/src/layout/configuracoes/ConfiguracoesRecursosExtrasPage.vue
@@ -16,12 +16,14 @@
 -->
 <script setup>
 import { ref, computed, onMounted } from 'vue';
+import { useRouter } from 'vue-router';
 import { useToast } from 'primevue/usetoast';
 import { supabase } from '@/lib/supabase/client';
 import { useTenantStore } from '@/stores/tenantStore';
 
 const toast = useToast();
 const tenantStore = useTenantStore();
+const router = useRouter();
 
 // ── Contexto ──────────────────────────────────────────────────
 const userId = ref(null);
@@ -138,9 +140,12 @@ onMounted(async () => {
         <!-- Header -->
         <Card>
             <template #title>
-                <div class="flex items-center gap-2">
-                    <i class="pi pi-box text-xl" />
-                    Recursos Extras
+                <div class="flex items-center justify-between gap-2">
+                    <div class="flex items-center gap-2">
+                        <i class="pi pi-box text-xl" />
+                        Recursos Extras
+                    </div>
+                    <Button label="Ver extrato" icon="pi pi-list" severity="secondary" outlined size="small" @click="router.push({ name: 'ConfiguracoesRecursosExtrasExtrato' })" />
                 </div>
             </template>
             <template #subtitle>Amplie as funcionalidades da sua clínica com recursos adicionais.</template>
diff --git a/src/layout/configuracoes/ConfiguracoesTwilioWhatsappPage.vue b/src/layout/configuracoes/ConfiguracoesTwilioWhatsappPage.vue
index 39c618a..5893e45 100644
--- a/src/layout/configuracoes/ConfiguracoesTwilioWhatsappPage.vue
+++ b/src/layout/configuracoes/ConfiguracoesTwilioWhatsappPage.vue
@@ -170,7 +170,13 @@ onMounted(async () => {
 </script>
 
 <template>
-    <div class="flex flex-col gap-4 p-4">
+    <Teleport to="#cfg-page-actions" defer>
+        <router-link to="/configuracoes/whatsapp">
+            <Button label="Trocar canal" icon="pi pi-arrow-left" severity="secondary" outlined size="small" class="rounded-full" />
+        </router-link>
+    </Teleport>
+
+    <div class="flex flex-col gap-4">
         <!-- Loading inicial ───────────────────────────────────────────── -->
         <div v-if="store.loadingMyChannel" class="flex justify-center py-12">
             <ProgressSpinner style="width: 40px; height: 40px" />
@@ -253,13 +259,7 @@ onMounted(async () => {
                                         </div>
                                         <div class="info-row">
                                             <span class="info-label">Provedor</span>
-                                            <span>Twilio WhatsApp Business</span>
-                                        </div>
-                                        <div class="info-row">
-                                            <span class="info-label">Subconta ID</span>
-                                            <span class="font-mono text-xs text-(--text-color-secondary)">
-                                                {{ store.myChannel?.twilio_subaccount_sid?.slice(0, 20) ?? '—' }}…
-                                            </span>
+                                            <span>WhatsApp Business Oficial — AgenciaPSI</span>
                                         </div>
                                         <div class="info-row">
                                             <span class="info-label">Ativado em</span>
diff --git a/src/layout/configuracoes/ConfiguracoesWhatsappChooserPage.vue b/src/layout/configuracoes/ConfiguracoesWhatsappChooserPage.vue
new file mode 100644
index 0000000..1a398b1
--- /dev/null
+++ b/src/layout/configuracoes/ConfiguracoesWhatsappChooserPage.vue
@@ -0,0 +1,340 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI — WhatsApp Chooser (landing)
+|--------------------------------------------------------------------------
+| Apresenta os 2 canais WhatsApp disponíveis e gerencia exclusividade.
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, computed, onMounted, watch } from 'vue';
+import { useRouter } from 'vue-router';
+import { useToast } from 'primevue/usetoast';
+import { useConfirm } from 'primevue/useconfirm';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+const router = useRouter();
+const toast = useToast();
+const confirm = useConfirm();
+const tenantStore = useTenantStore();
+
+const loading = ref(true);
+const switching = ref(false);
+const activeChannel = ref(null); // row de notification_channels (provider, is_active, etc) ou null
+
+const activeProvider = computed(() => {
+    if (!activeChannel.value) return null;
+    return activeChannel.value.provider; // 'twilio' | 'evolution'
+});
+
+async function loadChannel() {
+    const tenantId = tenantStore.activeTenantId;
+    if (!tenantId) {
+        activeChannel.value = null;
+        loading.value = false;
+        return;
+    }
+    loading.value = true;
+    try {
+        const { data } = await supabase
+            .from('notification_channels')
+            .select('id, provider, is_active, connection_status, twilio_phone_number, credentials, updated_at')
+            .eq('tenant_id', tenantId)
+            .eq('channel', 'whatsapp')
+            .is('deleted_at', null)
+            .maybeSingle();
+        activeChannel.value = data || null;
+    } catch (e) {
+        console.error('[whatsapp-chooser] load:', e?.message);
+        activeChannel.value = null;
+    } finally {
+        loading.value = false;
+    }
+}
+
+function goSetup(provider) {
+    if (provider === 'evolution') router.push('/configuracoes/whatsapp-pessoal');
+    else if (provider === 'twilio') router.push('/configuracoes/whatsapp-oficial');
+}
+
+async function handleChoose(provider) {
+    // Se nao tem canal ativo, segue direto pro setup
+    if (!activeProvider.value) {
+        goSetup(provider);
+        return;
+    }
+    // Mesmo provider → so navega
+    if (activeProvider.value === provider) {
+        goSetup(provider);
+        return;
+    }
+    // Provider diferente → confirmar troca
+    const from = activeProvider.value === 'twilio' ? 'Oficial AgenciaPSI' : 'Pessoal';
+    const to = provider === 'twilio' ? 'Oficial AgenciaPSI' : 'Pessoal';
+    confirm.require({
+        message: `Você está usando o WhatsApp ${from}. Trocar pro ${to} vai desativar o canal atual e você vai precisar reconfigurar. Continuar?`,
+        header: 'Trocar canal WhatsApp',
+        icon: 'pi pi-exclamation-triangle',
+        acceptLabel: 'Trocar',
+        rejectLabel: 'Cancelar',
+        acceptClass: 'p-button-warning',
+        accept: async () => {
+            await deactivateCurrent();
+            goSetup(provider);
+        }
+    });
+}
+
+async function deactivateCurrent() {
+    if (!activeChannel.value) return;
+    switching.value = true;
+    try {
+        // 1ª tentativa: UPDATE direto (funciona se owner_id = user atual)
+        const { error } = await supabase
+            .from('notification_channels')
+            .update({ is_active: false, deleted_at: new Date().toISOString() })
+            .eq('id', activeChannel.value.id);
+
+        if (error) {
+            // Fallback: canal criado pelo SaaS admin (RLS bloqueia update do tenant).
+            // Usa edge function com service_role pra deativar.
+            const { data: fnData, error: fnErr } = await supabase.functions.invoke('deactivate-notification-channel', {
+                body: { channel_id: activeChannel.value.id }
+            });
+            if (fnErr || !fnData?.ok) {
+                // Nem via edge function. Segue em frente — o setup do novo provider cuida.
+                console.warn('[chooser] deactivate failed:', error.message, fnErr?.message);
+                toast.add({
+                    severity: 'warn',
+                    summary: 'Canal anterior não foi desativado',
+                    detail: 'Prossiga com o novo canal. Se o envio ainda usar o antigo, contate o suporte.',
+                    life: 4500
+                });
+                activeChannel.value = null;
+                return;
+            }
+        }
+        activeChannel.value = null;
+        toast.add({ severity: 'info', summary: 'Canal anterior desativado', life: 2500 });
+    } catch (e) {
+        console.warn('[chooser] deactivate unexpected error:', e?.message);
+        activeChannel.value = null;  // limpa pra UI não ficar travada
+    } finally {
+        switching.value = false;
+    }
+}
+
+const providerLabel = computed(() => {
+    if (!activeProvider.value) return null;
+    return activeProvider.value === 'twilio' ? 'WhatsApp Oficial AgenciaPSI' : 'WhatsApp Pessoal';
+});
+
+const providerIcon = computed(() => activeProvider.value === 'twilio' ? 'pi-verified' : 'pi-mobile');
+
+const connectionDot = computed(() => {
+    const s = activeChannel.value?.connection_status;
+    const active = activeChannel.value?.is_active;
+    if (!active) return { cls: 'bg-slate-400', label: 'Inativo' };
+    if (s === 'open' || s === 'connected') return { cls: 'bg-green-500', label: 'Conectado' };
+    if (s === 'close' || s === 'disconnected') return { cls: 'bg-red-500', label: 'Desconectado' };
+    return { cls: 'bg-amber-400', label: 'Aguardando' };
+});
+
+onMounted(() => { loadChannel(); });
+watch(() => tenantStore.activeTenantId, () => { loadChannel(); });
+</script>
+
+<template>
+    <ConfirmDialog />
+
+    <Teleport to="#cfg-page-actions" defer>
+        <Button
+            icon="pi pi-refresh"
+            severity="secondary"
+            outlined
+            class="h-9 w-9 rounded-full"
+            :loading="loading"
+            v-tooltip.bottom="'Recarregar'"
+            @click="loadChannel"
+        />
+    </Teleport>
+
+    <div class="flex flex-col gap-4">
+        <!-- Skeleton inicial -->
+        <div v-if="loading" class="flex flex-col gap-3">
+            <Skeleton height="5rem" class="rounded-md" />
+            <Skeleton height="14rem" class="rounded-md" />
+            <Skeleton height="14rem" class="rounded-md" />
+        </div>
+
+        <template v-else>
+            <!-- Canal atual ativo -->
+            <div
+                v-if="activeProvider"
+                class="rounded-md border p-4 flex items-center gap-3"
+                :class="activeProvider === 'twilio' ? 'border-emerald-500/25 bg-emerald-500/5' : 'border-indigo-500/25 bg-indigo-500/5'"
+            >
+                <div
+                    class="grid place-items-center w-11 h-11 rounded-md shrink-0"
+                    :class="activeProvider === 'twilio' ? 'bg-emerald-500/15 text-emerald-500' : 'bg-indigo-500/15 text-indigo-500'"
+                >
+                    <i :class="['pi', providerIcon, 'text-xl']" />
+                </div>
+                <div class="flex-1 min-w-0">
+                    <div class="flex items-center gap-2 flex-wrap">
+                        <span class="text-sm font-bold text-[var(--text-color)]">Canal ativo: {{ providerLabel }}</span>
+                        <span class="inline-flex items-center gap-1 text-[0.7rem] font-semibold">
+                            <span class="w-1.5 h-1.5 rounded-full" :class="connectionDot.cls" />
+                            {{ connectionDot.label }}
+                        </span>
+                    </div>
+                    <div v-if="activeProvider === 'twilio' && activeChannel?.twilio_phone_number" class="text-xs text-[var(--text-color-secondary)] mt-0.5 font-mono">
+                        {{ activeChannel.twilio_phone_number }}
+                    </div>
+                    <div class="text-xs text-[var(--text-color-secondary)] mt-0.5">
+                        Escolha outro canal abaixo pra trocar, ou clique em "Gerenciar" pra configurar o atual.
+                    </div>
+                </div>
+                <router-link :to="activeProvider === 'twilio' ? '/configuracoes/whatsapp-oficial' : '/configuracoes/whatsapp-pessoal'">
+                    <Button
+                        label="Gerenciar"
+                        icon="pi pi-cog"
+                        size="small"
+                        class="rounded-full"
+                    />
+                </router-link>
+            </div>
+
+            <!-- Título -->
+            <div class="text-xs font-bold uppercase tracking-wide text-[var(--text-color-secondary)] opacity-65 mt-1">
+                {{ activeProvider ? 'Outros canais disponíveis' : 'Escolha como conectar seu WhatsApp' }}
+            </div>
+
+            <div class="grid grid-cols-1 lg:grid-cols-2 gap-3">
+                <!-- Cartão: WhatsApp Oficial AgenciaPSI (Twilio) -->
+                <button
+                    class="flex flex-col text-left gap-3 p-5 rounded-md border-2 bg-[var(--surface-card)] cursor-pointer transition-all hover:shadow-md"
+                    :class="activeProvider === 'twilio'
+                        ? 'border-emerald-500 shadow-[0_0_0_4px_rgba(34,197,94,0.12)]'
+                        : 'border-[var(--surface-border)] hover:border-emerald-400/50'"
+                    :disabled="switching"
+                    @click="handleChoose('twilio')"
+                >
+                    <div class="flex items-start gap-3">
+                        <div class="grid place-items-center w-12 h-12 rounded-md shrink-0 bg-emerald-500/10 text-emerald-500">
+                            <i class="pi pi-verified text-2xl" />
+                        </div>
+                        <div class="flex-1 min-w-0">
+                            <div class="flex items-center gap-2 flex-wrap">
+                                <span class="text-[1rem] font-bold text-[var(--text-color)]">WhatsApp Oficial AgenciaPSI</span>
+                                <span class="inline-flex items-center px-2 py-0.5 rounded-full text-[0.65rem] font-bold bg-emerald-500 text-white">⭐ Recomendado</span>
+                            </div>
+                            <div class="text-xs text-[var(--text-color-secondary)] mt-0.5">
+                                Canal oficial gerenciado pela AgenciaPSI. Máxima confiabilidade e compliance.
+                            </div>
+                        </div>
+                    </div>
+
+                    <ul class="flex flex-col gap-1.5 text-xs">
+                        <li class="flex items-start gap-2">
+                            <i class="pi pi-check-circle text-emerald-500 mt-0.5" />
+                            <span><strong>Zero risco de banimento</strong> — aprovado pela Meta, API oficial</span>
+                        </li>
+                        <li class="flex items-start gap-2">
+                            <i class="pi pi-check-circle text-emerald-500 mt-0.5" />
+                            <span><strong>Número exclusivo</strong> da clínica, sem celular intermediário</span>
+                        </li>
+                        <li class="flex items-start gap-2">
+                            <i class="pi pi-check-circle text-emerald-500 mt-0.5" />
+                            <span><strong>Conexão gerenciada</strong> — 99,9% uptime, zero manutenção</span>
+                        </li>
+                        <li class="flex items-start gap-2">
+                            <i class="pi pi-check-circle text-emerald-500 mt-0.5" />
+                            <span><strong>Compliance LGPD + auditoria</strong> completa</span>
+                        </li>
+                        <li class="flex items-start gap-2">
+                            <i class="pi pi-dollar text-emerald-500 mt-0.5" />
+                            <span>Consome <strong>créditos por mensagem</strong> enviada</span>
+                        </li>
+                    </ul>
+
+                    <div class="mt-auto pt-2 border-t border-[var(--surface-border)] flex items-center justify-between">
+                        <span class="text-[0.7rem] text-[var(--text-color-secondary)]">
+                            Ideal pra <strong>clínicas</strong> e alto volume
+                        </span>
+                        <span class="text-[0.72rem] font-bold text-emerald-500 flex items-center gap-1">
+                            {{ activeProvider === 'twilio' ? 'Ativo' : 'Ativar' }} <i class="pi pi-arrow-right text-[0.6rem]" />
+                        </span>
+                    </div>
+                </button>
+
+                <!-- Cartão: WhatsApp Pessoal (Evolution) -->
+                <button
+                    class="flex flex-col text-left gap-3 p-5 rounded-md border-2 bg-[var(--surface-card)] cursor-pointer transition-all hover:shadow-md"
+                    :class="activeProvider === 'evolution'
+                        ? 'border-indigo-500 shadow-[0_0_0_4px_rgba(99,102,241,0.12)]'
+                        : 'border-[var(--surface-border)] hover:border-indigo-400/50'"
+                    :disabled="switching"
+                    @click="handleChoose('evolution')"
+                >
+                    <div class="flex items-start gap-3">
+                        <div class="grid place-items-center w-12 h-12 rounded-md shrink-0 bg-indigo-500/10 text-indigo-500">
+                            <i class="pi pi-mobile text-2xl" />
+                        </div>
+                        <div class="flex-1 min-w-0">
+                            <div class="flex items-center gap-2 flex-wrap">
+                                <span class="text-[1rem] font-bold text-[var(--text-color)]">WhatsApp Pessoal</span>
+                                <span class="inline-flex items-center px-2 py-0.5 rounded-full text-[0.65rem] font-bold bg-slate-500/10 text-slate-600">Gratuito</span>
+                            </div>
+                            <div class="text-xs text-[var(--text-color-secondary)] mt-0.5">
+                                Conecta seu WhatsApp pessoal via QR code. Sem custo por mensagem.
+                            </div>
+                        </div>
+                    </div>
+
+                    <ul class="flex flex-col gap-1.5 text-xs">
+                        <li class="flex items-start gap-2">
+                            <i class="pi pi-check-circle text-indigo-500 mt-0.5" />
+                            <span><strong>Gratuito</strong> — sem custo por mensagem</span>
+                        </li>
+                        <li class="flex items-start gap-2">
+                            <i class="pi pi-check-circle text-indigo-500 mt-0.5" />
+                            <span>Setup rápido via <strong>QR code</strong></span>
+                        </li>
+                        <li class="flex items-start gap-2">
+                            <i class="pi pi-exclamation-triangle text-amber-500 mt-0.5" />
+                            <span><strong>Uso informal</strong> — Meta pode restringir/banir o número</span>
+                        </li>
+                        <li class="flex items-start gap-2">
+                            <i class="pi pi-exclamation-triangle text-amber-500 mt-0.5" />
+                            <span>Depende do <strong>celular ligado e com internet</strong></span>
+                        </li>
+                        <li class="flex items-start gap-2">
+                            <i class="pi pi-info-circle text-amber-500 mt-0.5" />
+                            <span>Sem SLA, sem garantia de uptime</span>
+                        </li>
+                    </ul>
+
+                    <div class="mt-auto pt-2 border-t border-[var(--surface-border)] flex items-center justify-between">
+                        <span class="text-[0.7rem] text-[var(--text-color-secondary)]">
+                            Ideal pra <strong>uso pessoal</strong> e baixo volume
+                        </span>
+                        <span class="text-[0.72rem] font-bold text-indigo-500 flex items-center gap-1">
+                            {{ activeProvider === 'evolution' ? 'Ativo' : 'Ativar' }} <i class="pi pi-arrow-right text-[0.6rem]" />
+                        </span>
+                    </div>
+                </button>
+            </div>
+
+            <!-- Info geral -->
+            <div class="rounded-md border border-sky-500/25 bg-sky-500/5 p-3 flex items-start gap-2 text-xs text-[var(--text-color)]">
+                <i class="pi pi-info-circle text-sky-500 mt-0.5" />
+                <div>
+                    <strong>Só um canal ativo por vez.</strong>
+                    Trocar de canal desativa o outro — você vai precisar reconfigurar (conectar QR novamente no Pessoal, ou ativar o número no Oficial).
+                    Histórico de conversas é <strong>preservado</strong> em ambos os casos.
+                </div>
+            </div>
+        </template>
+    </div>
+</template>
diff --git a/src/layout/configuracoes/ConfiguracoesWhatsappPage.vue b/src/layout/configuracoes/ConfiguracoesWhatsappPage.vue
index db6193c..4af3bcb 100644
--- a/src/layout/configuracoes/ConfiguracoesWhatsappPage.vue
+++ b/src/layout/configuracoes/ConfiguracoesWhatsappPage.vue
@@ -16,15 +16,24 @@
 -->
 <script setup>
 import { ref, computed, onMounted, onBeforeUnmount, nextTick } from 'vue';
+import { useRouter } from 'vue-router';
 import { useToast } from 'primevue/usetoast';
 import { useConfirm } from 'primevue/useconfirm';
 import { supabase } from '@/lib/supabase/client';
 import { useTenantStore } from '@/stores/tenantStore';
 
+const router = useRouter();
 const toast = useToast();
 const confirm = useConfirm();
 const tenantStore = useTenantStore();
 
+// Detecta area (admin clinica vs therapist) pra direcionar corretamente
+function goConversas() {
+    const role = tenantStore.activeRole || tenantStore.role || '';
+    const isTherapistArea = role === 'therapist';
+    router.push(isTherapistArea ? '/therapist/conversas' : '/admin/conversas');
+}
+
 // ── Contexto ──────────────────────────────────────────────────
 const userId = ref(null);
 const tenantId = ref(null); // tenant_id real (da tabela tenants)
@@ -46,6 +55,7 @@ async function loadUser() {
 
 const credentials = ref({ api_url: '', api_key: '', instance_name: '' });
 const hasCredentials = ref(false);
+const channelRecord = ref(null); // row de notification_channels pra sincronizar connection_status
 const connectionStatus = ref(null); // 'open' | 'close' | 'connecting' | null
 const connectionLoading = ref(false);
 
@@ -95,6 +105,7 @@ async function loadCredentials() {
             instance_name: data.credentials.instance_name || ''
         };
         hasCredentials.value = true;
+        channelRecord.value = data;
     }
 }
 
@@ -108,8 +119,26 @@ async function checkConnectionStatus() {
         });
         if (!res.ok) throw new Error(`HTTP ${res.status}`);
         const instances = await res.json();
-        const inst = Array.isArray(instances) ? instances.find((i) => i.instance?.instanceName === credentials.value.instance_name) : null;
-        connectionStatus.value = inst?.instance?.status || 'close';
+        // Evolution v1 retorna [{ instance: { instanceName, status } }], v2 retorna [{ instanceName, connectionStatus/state }]
+        const arr = Array.isArray(instances) ? instances : [];
+        const inst = arr.find((i) => {
+            const name = i?.instance?.instanceName ?? i?.instanceName ?? i?.name;
+            return name === credentials.value.instance_name;
+        });
+        const rawState = inst?.instance?.status ?? inst?.instance?.state ?? inst?.connectionStatus ?? inst?.state ?? inst?.status;
+        connectionStatus.value = rawState || 'close';
+
+        // Persiste no DB pra SaaS admin ver status atualizado na listagem
+        if (channelRecord.value?.id) {
+            const dbStatus = rawState === 'open' ? 'connected' : rawState === 'connecting' ? 'connecting' : 'disconnected';
+            if (channelRecord.value.connection_status !== dbStatus) {
+                await supabase
+                    .from('notification_channels')
+                    .update({ connection_status: dbStatus, last_health_check: new Date().toISOString() })
+                    .eq('id', channelRecord.value.id);
+                channelRecord.value.connection_status = dbStatus;
+            }
+        }
     } catch (e) {
         connectionStatus.value = 'close';
         toast.add({
@@ -133,16 +162,29 @@ async function fetchQrCode() {
         const res = await fetch(`${credentials.value.api_url}/instance/connect/${credentials.value.instance_name}`, { headers: { apikey: credentials.value.api_key } });
         if (!res.ok) throw new Error(`HTTP ${res.status}`);
         const data = await res.json();
-        const base64 = data?.base64;
+        // Evolution v1: data.qrcode.base64 · v2: data.base64 · variantes: data.code/qr/qrCode
+        const base64 =
+            data?.base64 ||
+            data?.qrcode?.base64 ||
+            data?.qrCode?.base64 ||
+            data?.qr?.base64 ||
+            data?.qr ||
+            data?.code ||
+            null;
         if (!base64) {
-            // Instância pode já estar conectada
-            if (data?.instance?.status === 'open') {
+            const openState =
+                data?.instance?.status === 'open' ||
+                data?.instance?.state === 'open' ||
+                data?.state === 'open' ||
+                data?.status === 'open';
+            if (openState) {
                 connectionStatus.value = 'open';
                 toast.add({ severity: 'success', summary: 'WhatsApp já está conectado!', life: 3000 });
                 qrDialog.value = false;
                 return;
             }
-            throw new Error('QR Code não retornado pela API.');
+            console.error('[QR] Resposta inesperada da Evolution:', data);
+            throw new Error('QR Code não retornado pela API. Veja o console (F12) pra debug.');
         }
         qrCodeBase64.value = base64.startsWith('data:') ? base64 : `data:image/png;base64,${base64}`;
         startQrCountdown();
@@ -177,6 +219,58 @@ function openQrDialog() {
     fetchQrCode();
 }
 
+// ══════════════════════════════════════════════════════════════
+// Inbox (Fase 5a) — configurar webhook MESSAGES_UPSERT na Evolution
+// ══════════════════════════════════════════════════════════════
+const inboxProvisioning = ref(false);
+const inboxWebhookUrl = ref('');
+
+// Resolve URL pública do Supabase pra Evolution conseguir alcançar a edge function.
+// Em dev local, localhost de dentro do container Evolution não funciona — precisa host.docker.internal.
+function resolveSupabasePublicUrl() {
+    const envUrl = import.meta.env.VITE_SUPABASE_URL || '';
+    try {
+        const u = new URL(envUrl);
+        if (u.hostname === 'localhost' || u.hostname === '127.0.0.1') {
+            u.hostname = 'host.docker.internal';
+            return u.toString().replace(/\/+$/, '');
+        }
+    } catch {}
+    return envUrl.replace(/\/+$/, '');
+}
+
+async function provisionInbox() {
+    if (!tenantId.value) {
+        toast.add({ severity: 'warn', summary: 'Tenant inválido', life: 3000 });
+        return;
+    }
+    if (!credentials.value?.api_url || !credentials.value?.api_key || !credentials.value?.instance_name) {
+        toast.add({ severity: 'warn', summary: 'Salve as credenciais antes', detail: 'URL, API key e nome da instância são obrigatórios.', life: 4000 });
+        return;
+    }
+    inboxProvisioning.value = true;
+    try {
+        const publicUrl = resolveSupabasePublicUrl();
+        const { data, error } = await supabase.functions.invoke('evolution-webhook-provision', {
+            body: {
+                tenant_id: tenantId.value,
+                api_url: credentials.value.api_url,
+                api_key: credentials.value.api_key,
+                instance_name: credentials.value.instance_name,
+                public_url: publicUrl
+            }
+        });
+        if (error) throw error;
+        if (!data?.ok) throw new Error(data?.error || 'Falha no provisionamento');
+        inboxWebhookUrl.value = data.webhook_url;
+        toast.add({ severity: 'success', summary: 'Inbox conectada!', detail: 'Mensagens recebidas agora vão aparecer em /admin/conversas.', life: 5000 });
+    } catch (err) {
+        toast.add({ severity: 'error', summary: 'Falha ao configurar inbox', detail: err?.message || String(err), life: 6000 });
+    } finally {
+        inboxProvisioning.value = false;
+    }
+}
+
 function closeQrDialog() {
     qrDialog.value = false;
     clearQrTimer();
@@ -509,6 +603,12 @@ onBeforeUnmount(() => {
 </script>
 
 <template>
+    <Teleport to="#cfg-page-actions" defer>
+        <router-link to="/configuracoes/whatsapp">
+            <Button label="Trocar canal" icon="pi pi-arrow-left" severity="secondary" outlined size="small" class="rounded-full" />
+        </router-link>
+    </Teleport>
+
     <div class="flex flex-col gap-4">
         <!-- Abas -->
         <Tabs :value="activeTab" @update:value="activeTab = $event">
@@ -563,6 +663,28 @@ onBeforeUnmount(() => {
                                     e escaneie o QR Code que aparecerá na tela.
                                 </div>
                             </div>
+
+                            <!-- Inbox / CRM de conversas (Fase 5a) -->
+                            <div v-if="connectionStatus === 'open'" class="flex flex-col gap-3 px-4 py-3 rounded-lg border border-[var(--surface-border)] bg-[var(--surface-ground)]">
+                                <div class="flex items-center justify-between gap-3 flex-wrap">
+                                    <div class="flex items-center gap-3">
+                                        <div class="grid place-items-center w-10 h-10 rounded-full bg-blue-100 text-blue-600">
+                                            <i class="pi pi-inbox text-lg" />
+                                        </div>
+                                        <div>
+                                            <div class="font-semibold text-sm">Inbox de conversas</div>
+                                            <div class="text-xs text-[var(--text-color-secondary)]">Receba respostas dos pacientes direto no sistema.</div>
+                                        </div>
+                                    </div>
+                                    <div class="flex gap-2">
+                                        <Button label="Conectar inbox" icon="pi pi-link" size="small" :loading="inboxProvisioning" @click="provisionInbox" />
+                                        <Button icon="pi pi-external-link" severity="secondary" outlined size="small" v-tooltip.bottom="'Abrir Conversas'" @click="goConversas" />
+                                    </div>
+                                </div>
+                                <div v-if="inboxWebhookUrl" class="text-[0.7rem] text-[var(--text-color-secondary)] bg-[var(--surface-card)] border border-[var(--surface-border)] rounded px-2 py-1.5 font-mono break-all">
+                                    Webhook configurado: {{ inboxWebhookUrl }}
+                                </div>
+                            </div>
                         </template>
                     </div>
                 </TabPanel>
diff --git a/src/layout/configuracoes/ConfiguracoesWhatsappTemplatesPage.vue b/src/layout/configuracoes/ConfiguracoesWhatsappTemplatesPage.vue
new file mode 100644
index 0000000..e4ace79
--- /dev/null
+++ b/src/layout/configuracoes/ConfiguracoesWhatsappTemplatesPage.vue
@@ -0,0 +1,376 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Tecnologia aplicada à escuta.
+| Estrutura para o cuidado.
+|
+| Arquivo: src/layout/configuracoes/ConfiguracoesWhatsappTemplatesPage.vue
+| Data: 2026
+| Local: São Carlos/SP — Brasil
+|--------------------------------------------------------------------------
+| © 2026 — Todos os direitos reservados
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { ref, onMounted, nextTick } from 'vue';
+import { useToast } from 'primevue/usetoast';
+import { useConfirm } from 'primevue/useconfirm';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+import { useConversationDrawerStore } from '@/stores/conversationDrawerStore';
+
+const toast = useToast();
+const confirm = useConfirm();
+const tenantStore = useTenantStore();
+const drawerStore = useConversationDrawerStore();
+
+const userId = ref(null);
+const tenantId = ref(null);
+
+const templates = ref([]);
+const loading = ref(true);
+const saving = ref({});
+const reverting = ref({});
+
+const EVENT_TYPE_LABELS = {
+    lembrete_sessao: 'Lembrete de sessão',
+    confirmacao_sessao: 'Confirmação de sessão',
+    cancelamento_sessao: 'Cancelamento de sessão',
+    reagendamento: 'Reagendamento',
+    cobranca_pendente: 'Cobrança pendente',
+    boas_vindas_paciente: 'Boas-vindas ao paciente',
+    intake_recebido: 'Triagem recebida',
+    intake_aprovado: 'Triagem aprovada',
+    intake_rejeitado: 'Triagem rejeitada'
+};
+const EVENT_SEVERITY = {
+    lembrete_sessao: 'info',
+    confirmacao_sessao: 'success',
+    cancelamento_sessao: 'danger',
+    reagendamento: 'warn',
+    cobranca_pendente: 'warn',
+    boas_vindas_paciente: 'success',
+    intake_recebido: 'info',
+    intake_aprovado: 'success',
+    intake_rejeitado: 'danger'
+};
+const DOMAIN_LABEL = { session: 'Sessão', intake: 'Triagem', billing: 'Financeiro', system: 'Sistema' };
+
+const textareaRefs = ref({});
+function setTextareaRef(key, el) {
+    if (el) textareaRefs.value[key] = el;
+}
+
+async function loadUser() {
+    const {
+        data: { user }
+    } = await supabase.auth.getUser();
+    if (!user) return;
+    userId.value = user.id;
+    tenantId.value = tenantStore.activeTenantId || user.id;
+}
+
+async function loadTemplates() {
+    if (!tenantId.value) return;
+    loading.value = true;
+    try {
+        const { data: globals, error: gErr } = await supabase
+            .from('notification_templates')
+            .select('*')
+            .is('tenant_id', null)
+            .eq('channel', 'whatsapp')
+            .eq('is_default', true)
+            .eq('is_active', true)
+            .is('deleted_at', null)
+            .order('domain')
+            .order('event_type');
+        if (gErr) throw gErr;
+
+        const { data: customs, error: cErr } = await supabase
+            .from('notification_templates')
+            .select('*')
+            .eq('tenant_id', tenantId.value)
+            .eq('channel', 'whatsapp')
+            .is('deleted_at', null);
+        if (cErr) throw cErr;
+
+        const customMap = {};
+        for (const c of customs || []) customMap[c.key] = c;
+
+        templates.value = (globals || []).map((g) => {
+            const custom = customMap[g.key];
+            const current = custom?.body_text ?? g.body_text;
+            return {
+                key: g.key,
+                domain: g.domain,
+                event_type: g.event_type,
+                label: EVENT_TYPE_LABELS[g.event_type] || g.event_type,
+                type_severity: EVENT_SEVERITY[g.event_type] || 'secondary',
+                domain_label: DOMAIN_LABEL[g.domain] || g.domain,
+                variables: Array.isArray(g.variables) ? g.variables : [],
+                default_body: g.body_text,
+                id: custom?.id || null,
+                body_text: current,
+                saved_body: current,
+                is_custom: !!custom
+            };
+        });
+    } catch (e) {
+        toast.add({ severity: 'error', summary: 'Erro ao carregar templates', detail: e.message, life: 4000 });
+    } finally {
+        loading.value = false;
+    }
+}
+
+function insertVariable(key, variable) {
+    const snippet = `{{${variable}}}`;
+    const tpl = templates.value.find((t) => t.key === key);
+    if (!tpl) return;
+
+    const taWrapper = textareaRefs.value[key];
+    const ta = taWrapper?.$el?.querySelector('textarea') ?? taWrapper;
+    if (ta?.setSelectionRange) {
+        const start = ta.selectionStart ?? ta.value.length;
+        const end = ta.selectionEnd ?? start;
+        tpl.body_text = (tpl.body_text || '').slice(0, start) + snippet + (tpl.body_text || '').slice(end);
+        nextTick(() => {
+            const pos = start + snippet.length;
+            ta.focus();
+            ta.setSelectionRange(pos, pos);
+        });
+    } else {
+        tpl.body_text = (tpl.body_text || '') + snippet;
+    }
+}
+
+async function saveTemplate(tpl) {
+    if (!tenantId.value || saving.value[tpl.key]) return;
+    const body = (tpl.body_text || '').trim();
+    if (!body) {
+        toast.add({ severity: 'warn', summary: 'Mensagem não pode ficar vazia', life: 3000 });
+        return;
+    }
+    if (body.length > 4096) {
+        toast.add({ severity: 'warn', summary: 'Mensagem muito longa (máx. 4096 caracteres)', life: 3000 });
+        return;
+    }
+
+    saving.value[tpl.key] = true;
+    try {
+        if (tpl.id) {
+            const { error } = await supabase.from('notification_templates').update({ body_text: body }).eq('id', tpl.id);
+            if (error) throw error;
+        } else {
+            const { data: existing } = await supabase.from('notification_templates').select('id').eq('tenant_id', tenantId.value).eq('key', tpl.key).is('deleted_at', null).maybeSingle();
+
+            if (existing?.id) {
+                const { error } = await supabase.from('notification_templates').update({ body_text: body, is_active: true }).eq('id', existing.id);
+                if (error) throw error;
+                tpl.id = existing.id;
+            } else {
+                const { data, error } = await supabase
+                    .from('notification_templates')
+                    .insert({
+                        owner_id: userId.value,
+                        tenant_id: tenantId.value,
+                        channel: 'whatsapp',
+                        key: tpl.key,
+                        domain: tpl.domain,
+                        event_type: tpl.event_type,
+                        body_text: body,
+                        variables: tpl.variables,
+                        is_active: true,
+                        is_default: false
+                    })
+                    .select('id')
+                    .single();
+                if (error) throw error;
+                tpl.id = data.id;
+            }
+            tpl.is_custom = true;
+        }
+        tpl.saved_body = body;
+        tpl.body_text = body;
+        drawerStore.invalidateTemplates();
+        toast.add({ severity: 'success', summary: 'Template salvo', life: 3000 });
+    } catch (e) {
+        toast.add({ severity: 'error', summary: 'Erro ao salvar', detail: e.message, life: 5000 });
+    } finally {
+        saving.value[tpl.key] = false;
+    }
+}
+
+function confirmRevert(tpl) {
+    if (!tpl.is_custom || !tpl.id) return;
+    confirm.require({
+        group: 'headless',
+        message: `Reverter "${tpl.label}" para o texto padrão? Sua personalização será removida.`,
+        header: 'Reverter ao padrão',
+        icon: 'pi-undo',
+        color: '#f59e0b',
+        accept: async () => {
+            if (reverting.value[tpl.key]) return;
+            reverting.value[tpl.key] = true;
+            try {
+                const { error } = await supabase.from('notification_templates').update({ deleted_at: new Date().toISOString() }).eq('id', tpl.id);
+                if (error) throw error;
+                tpl.id = null;
+                tpl.is_custom = false;
+                tpl.body_text = tpl.default_body;
+                tpl.saved_body = tpl.default_body;
+                drawerStore.invalidateTemplates();
+                toast.add({ severity: 'success', summary: 'Revertido ao padrão', life: 3000 });
+            } catch (e) {
+                toast.add({ severity: 'error', summary: 'Erro ao reverter', detail: e.message, life: 5000 });
+            } finally {
+                reverting.value[tpl.key] = false;
+            }
+        }
+    });
+}
+
+function isDirty(tpl) {
+    return (tpl.body_text || '') !== (tpl.saved_body || '');
+}
+
+onMounted(async () => {
+    await loadUser();
+    await loadTemplates();
+});
+</script>
+
+<template>
+    <div class="flex flex-col gap-4">
+        <ConfirmDialog group="headless">
+            <template #container="{ message, acceptCallback, rejectCallback }">
+                <div class="flex flex-col items-center p-8 bg-surface-0 dark:bg-surface-900 rounded-xl shadow-xl">
+                    <div class="rounded-full inline-flex justify-center items-center h-24 w-24 -mt-20" :style="{ background: message.color || 'var(--p-primary-color)', color: '#fff' }">
+                        <i :class="`pi ${message.icon || 'pi-question'} !text-4xl`"></i>
+                    </div>
+                    <span class="font-bold text-2xl block mb-2 mt-6">{{ message.header }}</span>
+                    <p class="mb-0 text-center text-[var(--text-color-secondary)]">{{ message.message }}</p>
+                    <div class="flex items-center gap-2 mt-6">
+                        <Button label="Confirmar" class="rounded-full" :style="{ background: message.color || 'var(--p-primary-color)', borderColor: message.color || 'var(--p-primary-color)' }" @click="acceptCallback" />
+                        <Button label="Cancelar" variant="outlined" class="rounded-full" @click="rejectCallback" />
+                    </div>
+                </div>
+            </template>
+        </ConfirmDialog>
+
+        <Message severity="info" :closable="false">
+            Os textos padrão já funcionam — edite apenas se quiser personalizar. A qualquer momento você pode <strong>reverter ao padrão</strong> definido pelo administrador.
+        </Message>
+
+        <template v-if="loading">
+            <div v-for="n in 4" :key="n" class="rounded-[6px] border border-[var(--surface-border)] bg-[var(--surface-card)] p-4">
+                <div class="flex items-center gap-3 mb-3">
+                    <Skeleton width="2.5rem" height="2.5rem" borderRadius="6px" />
+                    <div class="flex-1 flex flex-col gap-2">
+                        <Skeleton width="10rem" height="1rem" />
+                        <Skeleton width="6rem" height="0.75rem" />
+                    </div>
+                    <Skeleton width="5rem" height="1.4rem" borderRadius="999px" />
+                </div>
+                <Skeleton width="100%" height="5rem" class="mb-2" />
+                <div class="flex gap-1">
+                    <Skeleton v-for="i in 3" :key="i" width="6rem" height="1.6rem" borderRadius="999px" />
+                </div>
+            </div>
+        </template>
+
+        <template v-else>
+            <div
+                v-if="!templates.length"
+                class="rounded-[6px] border border-[var(--surface-border)] bg-[var(--surface-card)] p-6 text-center text-[var(--text-color-secondary)]"
+            >
+                <i class="pi pi-whatsapp text-3xl opacity-30 block mb-2" />
+                Nenhum template WhatsApp disponível no momento.
+            </div>
+
+            <div
+                v-for="tpl in templates"
+                :key="tpl.key"
+                class="rounded-[6px] border bg-[var(--surface-card)] p-4 flex flex-col gap-3 overflow-hidden"
+                :class="tpl.is_custom ? 'border-green-300' : 'border-[var(--surface-border)]'"
+            >
+                <div class="flex items-center gap-3 flex-wrap">
+                    <div
+                        class="w-10 h-10 rounded-[6px] flex items-center justify-center shrink-0"
+                        :class="tpl.is_custom ? 'bg-green-100 text-green-700' : 'bg-[var(--surface-ground)] text-[var(--text-color-secondary)]'"
+                    >
+                        <i class="pi pi-whatsapp text-lg" />
+                    </div>
+                    <div class="flex-1 min-w-0">
+                        <div class="font-semibold text-[var(--text-color)]">{{ tpl.label }}</div>
+                        <div class="text-xs text-[var(--text-color-secondary)] flex items-center gap-1.5 mt-0.5">
+                            <Tag :value="tpl.domain_label" :severity="tpl.type_severity" class="text-[0.6rem]" />
+                            <code class="font-mono opacity-70">{{ tpl.key }}</code>
+                        </div>
+                    </div>
+                    <Tag v-if="tpl.is_custom" value="Personalizado" severity="success" class="text-[0.65rem]" />
+                    <Tag v-else value="Padrão" severity="secondary" class="text-[0.65rem]" />
+                </div>
+
+                <Textarea
+                    :ref="(el) => setTextareaRef(tpl.key, el)"
+                    v-model="tpl.body_text"
+                    rows="4"
+                    auto-resize
+                    class="w-full text-sm"
+                    :maxlength="4096"
+                    placeholder="Digite o texto do template..."
+                />
+
+                <div class="flex items-center justify-between flex-wrap gap-2">
+                    <span class="text-[0.68rem] text-[var(--text-color-secondary)]">{{ (tpl.body_text || '').length }} / 4096 caracteres</span>
+                    <span v-if="isDirty(tpl)" class="text-[0.68rem] text-amber-600 font-medium flex items-center gap-1">
+                        <i class="pi pi-circle-fill text-[0.4rem]" />
+                        Alterações não salvas
+                    </span>
+                </div>
+
+                <div v-if="tpl.variables.length" class="flex flex-col gap-1.5">
+                    <span class="text-xs text-[var(--text-color-secondary)]">Inserir variável:</span>
+                    <div class="flex flex-wrap gap-1.5">
+                        <Button
+                            v-for="v in tpl.variables"
+                            :key="v"
+                            size="small"
+                            severity="secondary"
+                            outlined
+                            class="font-mono !text-[0.68rem] !py-1 !px-2"
+                            @click="insertVariable(tpl.key, v)"
+                        >
+                            <span v-text="'{{' + v + '}}'"></span>
+                        </Button>
+                    </div>
+                </div>
+
+                <div class="flex items-center gap-2 justify-end flex-wrap">
+                    <Button
+                        v-if="tpl.is_custom"
+                        label="Reverter ao padrão"
+                        icon="pi pi-undo"
+                        size="small"
+                        severity="secondary"
+                        outlined
+                        :loading="reverting[tpl.key]"
+                        :disabled="reverting[tpl.key]"
+                        @click="confirmRevert(tpl)"
+                    />
+                    <Button
+                        label="Salvar"
+                        icon="pi pi-check"
+                        size="small"
+                        :loading="saving[tpl.key]"
+                        :disabled="saving[tpl.key] || !isDirty(tpl)"
+                        @click="saveTemplate(tpl)"
+                    />
+                </div>
+            </div>
+        </template>
+    </div>
+</template>
diff --git a/src/navigation/menus/clinic.menu.js b/src/navigation/menus/clinic.menu.js
index 9de2d1d..7c5c46a 100644
--- a/src/navigation/menus/clinic.menu.js
+++ b/src/navigation/menus/clinic.menu.js
@@ -47,6 +47,14 @@ export default function adminMenu(ctx = {}) {
             ]
         },
 
+        // CRM de conversas / WhatsApp
+        {
+            label: 'Conversas',
+            icon: 'pi pi-fw pi-comments',
+            to: { name: 'admin-conversas' },
+            badgeKey: 'conversasUnread'
+        },
+
         // ✅ SEM IF: sempre existe, só fica visível quando a feature estiver ligada
         {
             label: 'Pacientes',
diff --git a/src/navigation/menus/therapist.menu.js b/src/navigation/menus/therapist.menu.js
index 62e72a4..d1d5371 100644
--- a/src/navigation/menus/therapist.menu.js
+++ b/src/navigation/menus/therapist.menu.js
@@ -30,6 +30,13 @@ export default [
         ]
     },
 
+    {
+        label: 'Conversas',
+        items: [
+            { label: 'CRM de WhatsApp', icon: 'pi pi-fw pi-comments', to: '/therapist/conversas', badgeKey: 'conversasUnread' }
+        ]
+    },
+
     {
         label: 'Pacientes',
         items: [
diff --git a/src/router/routes.clinic.js b/src/router/routes.clinic.js
index ff8598c..36002bc 100644
--- a/src/router/routes.clinic.js
+++ b/src/router/routes.clinic.js
@@ -41,6 +41,16 @@ export default {
         // ======================================================
         { path: '', name: 'admin.dashboard', component: () => import('@/views/pages/clinic/ClinicDashboard.vue') },
 
+        // ======================================================
+        // 💬 CONVERSAS (CRM de WhatsApp)
+        // ======================================================
+        {
+            path: 'conversas',
+            name: 'admin-conversas',
+            component: () => import('@/features/conversations/CRMConversasPage.vue'),
+            meta: { roles: ['clinic_admin', 'tenant_admin'] }
+        },
+
         // ======================================================
         // 🧩 CLÍNICA — MÓDULOS (tenant_features)
         // ======================================================
diff --git a/src/router/routes.configs.js b/src/router/routes.configs.js
index ec02665..ae355bd 100644
--- a/src/router/routes.configs.js
+++ b/src/router/routes.configs.js
@@ -86,13 +86,28 @@ export default {
         {
             path: 'whatsapp',
             name: 'ConfiguracoesWhatsapp',
+            component: () => import('@/layout/configuracoes/ConfiguracoesWhatsappChooserPage.vue')
+        },
+        {
+            path: 'whatsapp-pessoal',
+            name: 'ConfiguracoesWhatsappPessoal',
             component: () => import('@/layout/configuracoes/ConfiguracoesWhatsappPage.vue')
         },
         {
-            path: 'whatsapp-twilio',
-            name: 'ConfiguracoesWhatsappTwilio',
+            path: 'whatsapp-oficial',
+            name: 'ConfiguracoesWhatsappOficial',
             component: () => import('@/layout/configuracoes/ConfiguracoesTwilioWhatsappPage.vue')
         },
+        {
+            path: 'whatsapp-templates',
+            name: 'ConfiguracoesWhatsappTemplates',
+            component: () => import('@/layout/configuracoes/ConfiguracoesWhatsappTemplatesPage.vue')
+        },
+        // Backcompat: old /whatsapp-twilio → redirect
+        {
+            path: 'whatsapp-twilio',
+            redirect: { name: 'ConfiguracoesWhatsappOficial' }
+        },
         {
             path: 'sms',
             name: 'ConfiguracoesSms',
@@ -107,6 +122,41 @@ export default {
             path: 'recursos-extras',
             name: 'ConfiguracoesRecursosExtras',
             component: () => import('@/layout/configuracoes/ConfiguracoesRecursosExtrasPage.vue')
+        },
+        {
+            path: 'recursos-extras/extrato',
+            name: 'ConfiguracoesRecursosExtrasExtrato',
+            component: () => import('@/layout/configuracoes/AddonsExtratoPage.vue')
+        },
+        {
+            path: 'auditoria',
+            name: 'ConfiguracoesAuditoria',
+            component: () => import('@/layout/configuracoes/AuditoriaPage.vue')
+        },
+        {
+            path: 'conversas-tags',
+            name: 'ConfiguracoesConversasTags',
+            component: () => import('@/layout/configuracoes/ConfiguracoesConversasTagsPage.vue')
+        },
+        {
+            path: 'conversas-autoreply',
+            name: 'ConfiguracoesConversasAutoreply',
+            component: () => import('@/layout/configuracoes/ConfiguracoesConversasAutoreplyPage.vue')
+        },
+        {
+            path: 'conversas-optouts',
+            name: 'ConfiguracoesConversasOptouts',
+            component: () => import('@/layout/configuracoes/ConfiguracoesConversasOptoutsPage.vue')
+        },
+        {
+            path: 'lembretes-sessao',
+            name: 'ConfiguracoesLembretesSessao',
+            component: () => import('@/layout/configuracoes/ConfiguracoesLembretesSessaoPage.vue')
+        },
+        {
+            path: 'creditos-whatsapp',
+            name: 'ConfiguracoesCreditosWhatsapp',
+            component: () => import('@/layout/configuracoes/ConfiguracoesCreditosWhatsappPage.vue')
         }
     ]
 };
diff --git a/src/router/routes.therapist.js b/src/router/routes.therapist.js
index a5b05ae..e760f8a 100644
--- a/src/router/routes.therapist.js
+++ b/src/router/routes.therapist.js
@@ -38,6 +38,15 @@ export default {
         // ======================================================
         { path: '', name: 'therapist.dashboard', component: () => import('@/views/pages/therapist/TherapistDashboard.vue') },
 
+        // ======================================================
+        // 💬 CONVERSAS (CRM de WhatsApp)
+        // ======================================================
+        {
+            path: 'conversas',
+            name: 'therapist-conversas',
+            component: () => import('@/features/conversations/CRMConversasPage.vue')
+        },
+
         // ======================================================
         // 📅 AGENDA
         // ======================================================
@@ -193,6 +202,15 @@ export default {
             meta: { feature: 'agenda.view' }
         },
 
+        // ======================================================
+        // 🔔 NOTIFICAÇÕES
+        // ======================================================
+        {
+            path: 'notificacoes',
+            name: 'therapist-notificacoes',
+            component: () => import('@/views/pages/therapist/NotificationsHistoryPage.vue')
+        },
+
         // ======================================================
         // 🔐 SECURITY
         // ======================================================
diff --git a/src/stores/conversationDrawerStore.js b/src/stores/conversationDrawerStore.js
new file mode 100644
index 0000000..7252fc0
--- /dev/null
+++ b/src/stores/conversationDrawerStore.js
@@ -0,0 +1,407 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Arquivo: src/stores/conversationDrawerStore.js
+|
+| Store global do drawer de conversa. Permite abrir de qualquer página
+| (ficha de paciente, lista, agenda, dashboard) sem navegar.
+|--------------------------------------------------------------------------
+*/
+import { defineStore } from 'pinia';
+import { supabase } from '@/lib/supabase/client';
+import { useTenantStore } from '@/stores/tenantStore';
+
+// Mapeia códigos de erro do edge function pra mensagens amigáveis ao usuário.
+// O edge function retorna { ok: false, error: '<code>', message: '<human>' } — priorizamos message.
+function friendlySendError(code, providedMessage) {
+    if (providedMessage) return providedMessage;
+    const c = String(code || '').toLowerCase();
+    if (c === 'insufficient_credits') return 'Saldo de créditos insuficiente. Compre um pacote em Configurações → Créditos WhatsApp.';
+    if (c.startsWith('twilio_send_failed')) return 'Não conseguimos enviar pelo WhatsApp oficial. Verifique se o canal está conectado em Configurações → WhatsApp.';
+    if (c.includes('canal whatsapp nao configurado') || c.includes('canal whatsapp inativo')) return 'Nenhum canal WhatsApp ativo. Configure em Configurações → WhatsApp.';
+    if (c.includes('credenciais evolution incompletas')) return 'As credenciais do WhatsApp Pessoal estão incompletas. Acesse Configurações → WhatsApp.';
+    if (c.includes('twilio credenciais incompletas')) return 'As credenciais do WhatsApp Oficial estão incompletas. Contate o suporte.';
+    if (c.startsWith('evolution retornou')) return 'O servidor do WhatsApp Pessoal não respondeu. Verifique se o celular está conectado.';
+    if (c === 'auth') return 'Sua sessão expirou. Faça login novamente.';
+    if (c === 'forbidden') return 'Você não tem permissão pra enviar por este canal.';
+    if (c === 'edge function returned a non-2xx status code') return 'O servidor recusou o envio. Tente novamente ou contate o suporte.';
+    // Fallback: retorna o código original se nada bateu
+    return code || 'Falha ao enviar. Tente novamente.';
+}
+
+export const useConversationDrawerStore = defineStore('conversationDrawer', {
+    state: () => ({
+        isOpen: false,
+        thread: null, // { patient_id, patient_name, contact_number, channel, kanban_status, ... }
+        messages: [],
+        loading: false,
+        sending: false,
+        error: null,
+        _realtimeChannel: null,
+        // cache compartilhado
+        templates: [],
+        templatesLoaded: false,
+        templatesLoading: false,
+        tenantName: ''
+    }),
+
+    getters: {
+        threadKey(state) {
+            if (!state.thread) return null;
+            return state.thread.patient_id || `anon:${state.thread.contact_number || 'unknown'}`;
+        }
+    },
+
+    actions: {
+        // ── Abertura ───────────────────────────────────────────────
+        async openForThread(thread) {
+            if (!thread) return;
+            this.thread = { ...thread };
+            this.isOpen = true;
+            await this.loadMessages();
+            this._ensureTenantName();
+            this._subscribeRealtime();
+            // Marca inbound como lidas
+            if ((thread.unread_count || 0) > 0) {
+                await this.markRead();
+            }
+        },
+
+        async openForPatient(patientId) {
+            if (!patientId) return;
+            const tenantStore = useTenantStore();
+            const tenantId = tenantStore.activeTenantId;
+
+            // Procura thread existente pelo paciente
+            const { data: existing } = await supabase
+                .from('conversation_threads')
+                .select('*')
+                .eq('tenant_id', tenantId)
+                .eq('patient_id', patientId)
+                .limit(1)
+                .maybeSingle();
+
+            if (existing) {
+                return this.openForThread(existing);
+            }
+
+            // Não tem thread — cria stub com dados do paciente
+            const { data: pat } = await supabase
+                .from('patients')
+                .select('id, nome_completo, telefone')
+                .eq('id', patientId)
+                .maybeSingle();
+
+            if (!pat) {
+                this.error = new Error('Paciente não encontrado');
+                return;
+            }
+            if (!pat.telefone) {
+                this.error = new Error('Paciente sem telefone cadastrado');
+                return;
+            }
+
+            const stub = {
+                thread_key: pat.id,
+                tenant_id: tenantId,
+                patient_id: pat.id,
+                patient_name: pat.nome_completo,
+                contact_number: String(pat.telefone).replace(/\D/g, ''),
+                channel: 'whatsapp',
+                message_count: 0,
+                unread_count: 0,
+                kanban_status: 'awaiting_us',
+                last_message_at: null,
+                last_message_body: null,
+                last_message_direction: null
+            };
+            return this.openForThread(stub);
+        },
+
+        close() {
+            this.isOpen = false;
+            this._unsubscribeRealtime();
+            // preserva thread por um momento pra transição, mas limpa messages
+            setTimeout(() => {
+                if (!this.isOpen) {
+                    this.thread = null;
+                    this.messages = [];
+                }
+            }, 300);
+        },
+
+        // ── Mensagens da thread ────────────────────────────────────
+        async loadMessages() {
+            if (!this.thread) return;
+            const tenantStore = useTenantStore();
+            this.loading = true;
+            try {
+                let q = supabase
+                    .from('conversation_messages')
+                    .select('*')
+                    .eq('tenant_id', tenantStore.activeTenantId)
+                    .order('created_at', { ascending: true })
+                    .limit(500);
+
+                if (this.thread.patient_id) {
+                    q = q.eq('patient_id', this.thread.patient_id);
+                } else {
+                    q = q.or(`from_number.eq.${this.thread.contact_number},to_number.eq.${this.thread.contact_number}`).is('patient_id', null);
+                }
+
+                const { data, error: qErr } = await q;
+                if (qErr) throw qErr;
+                this.messages = data ?? [];
+            } catch (err) {
+                this.error = err;
+            } finally {
+                this.loading = false;
+            }
+        },
+
+        messageBelongsToCurrentThread(msg) {
+            if (!msg || !this.thread) return false;
+            if (this.thread.patient_id) return msg.patient_id === this.thread.patient_id;
+            if (msg.patient_id) return false;
+            return (
+                msg.from_number === this.thread.contact_number ||
+                msg.to_number === this.thread.contact_number
+            );
+        },
+
+        _subscribeRealtime() {
+            const tenantStore = useTenantStore();
+            const tenantId = tenantStore.activeTenantId;
+            if (!tenantId) return;
+            this._unsubscribeRealtime();
+
+            this._realtimeChannel = supabase
+                .channel(`conv_drawer_${tenantId}_${Date.now()}`)
+                .on(
+                    'postgres_changes',
+                    { event: 'INSERT', schema: 'public', table: 'conversation_messages', filter: `tenant_id=eq.${tenantId}` },
+                    (payload) => {
+                        const msg = payload.new;
+                        if (this.messageBelongsToCurrentThread(msg)) {
+                            const exists = this.messages.some((m) => m.id === msg.id);
+                            if (!exists) this.messages.push(msg);
+                        }
+                    }
+                )
+                .on(
+                    'postgres_changes',
+                    { event: 'UPDATE', schema: 'public', table: 'conversation_messages', filter: `tenant_id=eq.${tenantId}` },
+                    (payload) => {
+                        const msg = payload.new;
+                        if (this.messageBelongsToCurrentThread(msg)) {
+                            const idx = this.messages.findIndex((m) => m.id === msg.id);
+                            if (idx >= 0) this.messages[idx] = msg;
+                        }
+                    }
+                )
+                .subscribe();
+        },
+
+        _unsubscribeRealtime() {
+            if (this._realtimeChannel) {
+                supabase.removeChannel(this._realtimeChannel);
+                this._realtimeChannel = null;
+            }
+        },
+
+        // ── Ações ──────────────────────────────────────────────────
+        async sendMessage(text) {
+            const cleanText = String(text || '').trim();
+            if (!cleanText || this.sending) return { ok: false, error: 'Mensagem vazia' };
+            if (!this.thread?.contact_number) return { ok: false, error: 'Conversa sem número de contato' };
+
+            const tenantStore = useTenantStore();
+            this.sending = true;
+            try {
+                const { data, error } = await supabase.functions.invoke('send-whatsapp-message', {
+                    body: {
+                        tenant_id: tenantStore.activeTenantId,
+                        to_number: this.thread.contact_number,
+                        body: cleanText,
+                        patient_id: this.thread.patient_id || null
+                    }
+                });
+
+                // Erro HTTP (não-2xx) — extrai body da resposta pra mostrar msg amigável
+                if (error) {
+                    let body = null;
+                    try {
+                        body = await error.context?.json?.();
+                    } catch { /* noop */ }
+                    return { ok: false, error: friendlySendError(body?.error, body?.message) };
+                }
+                if (!data?.ok) {
+                    return { ok: false, error: friendlySendError(data?.error, data?.message) };
+                }
+
+                this.thread.kanban_status = 'awaiting_patient';
+                return { ok: true, data };
+            } catch (err) {
+                return { ok: false, error: friendlySendError(err?.message || String(err)) };
+            } finally {
+                this.sending = false;
+            }
+        },
+
+        async setKanbanStatus(status) {
+            if (!['urgent', 'awaiting_us', 'awaiting_patient', 'resolved'].includes(status)) return;
+            if (!this.thread) return;
+            const tenantStore = useTenantStore();
+            const patch = { kanban_status: status };
+            if (status === 'resolved') patch.resolved_at = new Date().toISOString();
+
+            let q = supabase.from('conversation_messages').update(patch).eq('tenant_id', tenantStore.activeTenantId);
+            if (this.thread.patient_id) q = q.eq('patient_id', this.thread.patient_id);
+            else q = q.eq('from_number', this.thread.contact_number).is('patient_id', null);
+
+            await q;
+            this.thread.kanban_status = status;
+        },
+
+        async markRead() {
+            if (!this.thread) return;
+            const tenantStore = useTenantStore();
+            const nowIso = new Date().toISOString();
+            let q = supabase
+                .from('conversation_messages')
+                .update({ read_at: nowIso })
+                .eq('tenant_id', tenantStore.activeTenantId)
+                .eq('direction', 'inbound')
+                .is('read_at', null);
+            if (this.thread.patient_id) q = q.eq('patient_id', this.thread.patient_id);
+            else q = q.eq('from_number', this.thread.contact_number).is('patient_id', null);
+            await q;
+        },
+
+        // ── Templates (cache global) ───────────────────────────────
+        async loadTemplates({ force = false } = {}) {
+            if ((this.templatesLoaded || this.templatesLoading) && !force) return;
+            const tenantStore = useTenantStore();
+            const tenantId = tenantStore.activeTenantId;
+            if (!tenantId) return;
+
+            this.templatesLoading = true;
+            try {
+                const { data: globals } = await supabase
+                    .from('notification_templates')
+                    .select('id, key, body_text, variables, event_type')
+                    .eq('channel', 'whatsapp')
+                    .is('tenant_id', null)
+                    .eq('is_default', true)
+                    .eq('is_active', true)
+                    .is('deleted_at', null);
+
+                const { data: customs } = await supabase
+                    .from('notification_templates')
+                    .select('id, key, body_text, variables, event_type')
+                    .eq('channel', 'whatsapp')
+                    .eq('tenant_id', tenantId)
+                    .eq('is_active', true)
+                    .is('deleted_at', null);
+
+                const customMap = new Map((customs || []).map((c) => [c.key, c]));
+                const merged = (globals || []).map((g) => customMap.get(g.key) || g);
+                for (const c of customs || []) {
+                    if (!merged.find((m) => m.key === c.key)) merged.push(c);
+                }
+                this.templates = merged;
+                this.templatesLoaded = true;
+            } finally {
+                this.templatesLoading = false;
+            }
+        },
+
+        invalidateTemplates() {
+            this.templatesLoaded = false;
+        },
+
+        async _ensureTenantName() {
+            if (this.tenantName) return;
+            const tenantStore = useTenantStore();
+            const tenantId = tenantStore.activeTenantId;
+            if (!tenantId) return;
+            const { data } = await supabase.from('tenants').select('name').eq('id', tenantId).maybeSingle();
+            this.tenantName = data?.name || '';
+        },
+
+        // ── Resolução de variáveis de template ─────────────────────
+        // Retorna: { text, missing } — missing é lista de variáveis não resolvidas
+        async resolveTemplate(tpl) {
+            if (!tpl?.body_text) return { text: '', missing: [] };
+
+            const tenantStore = useTenantStore();
+            const tenantId = tenantStore.activeTenantId;
+
+            // Contexto base (sempre disponível)
+            const now = new Date();
+            const ctx = {
+                data: now.toLocaleDateString('pt-BR'),
+                hora: now.toLocaleTimeString('pt-BR', { hour: '2-digit', minute: '2-digit' }),
+                nome_paciente: this.thread?.patient_name || '',
+                nome_clinica: this.tenantName || '',
+                clinica: this.tenantName || '',
+                // aliases curtos
+                paciente: this.thread?.patient_name || '',
+                nome: (this.thread?.patient_name || '').split(' ')[0] || '',
+                primeiro_nome: (this.thread?.patient_name || '').split(' ')[0] || ''
+            };
+
+            // Enriquece com dados do DB (terapeuta + próxima sessão)
+            try {
+                const { data: authData } = await supabase.auth.getUser();
+                const uid = authData?.user?.id;
+                if (uid) {
+                    const { data: profile } = await supabase.from('profiles').select('full_name, nickname').eq('id', uid).maybeSingle();
+                    const name = profile?.full_name || profile?.nickname || '';
+                    ctx.nome_terapeuta = name;
+                    ctx.terapeuta = name;
+                }
+
+                if (this.thread?.patient_id && tenantId) {
+                    const { data: sess } = await supabase
+                        .from('agenda_eventos')
+                        .select('inicio_em, modalidade, price')
+                        .eq('tenant_id', tenantId)
+                        .eq('patient_id', this.thread.patient_id)
+                        .gte('inicio_em', new Date().toISOString())
+                        .neq('tipo', 'bloqueio')
+                        .order('inicio_em', { ascending: true })
+                        .limit(1)
+                        .maybeSingle();
+                    if (sess?.inicio_em) {
+                        const d = new Date(sess.inicio_em);
+                        ctx.data_sessao = d.toLocaleDateString('pt-BR', { day: '2-digit', month: 'long', year: 'numeric' });
+                        ctx.hora_sessao = d.toLocaleTimeString('pt-BR', { hour: '2-digit', minute: '2-digit' });
+                        ctx.modalidade = sess.modalidade === 'online' ? 'Online' : 'Presencial';
+                        if (sess.price) {
+                            ctx.valor_sessao = Number(sess.price).toLocaleString('pt-BR', { style: 'currency', currency: 'BRL' });
+                        }
+                    }
+                }
+            } catch (err) {
+                // contexto opcional — segue sem
+            }
+
+            // Substitui {{var}} (Mustache) e também {var} (legado) case-insensitive
+            const missing = [];
+            const text = String(tpl.body_text).replace(/\{\{?\s*([a-zA-Z_][a-zA-Z0-9_]*)\s*\}?\}/g, (match, varName) => {
+                const key = varName.toLowerCase();
+                if (key in ctx && ctx[key] != null && ctx[key] !== '') {
+                    return ctx[key];
+                }
+                if (!missing.includes(varName)) missing.push(varName);
+                return match; // preserva placeholder pro user editar manualmente
+            });
+
+            return { text, missing };
+        }
+    }
+});
diff --git a/src/stores/notificationStore.js b/src/stores/notificationStore.js
index 859d5c7..0aa8668 100644
--- a/src/stores/notificationStore.js
+++ b/src/stores/notificationStore.js
@@ -17,6 +17,76 @@
 import { defineStore } from 'pinia';
 import { supabase } from '@/lib/supabase/client';
 
+// ─── Browser Notification helpers ────────────────────────────
+const BROWSER_NOTIF_PREF_KEY = 'agenciapsi.browser_notifications_enabled';
+
+function browserNotifSupported() {
+    return typeof window !== 'undefined' && 'Notification' in window;
+}
+
+function browserNotifAllowed() {
+    return browserNotifSupported() && Notification.permission === 'granted';
+}
+
+function browserNotifEnabled() {
+    if (!browserNotifAllowed()) return false;
+    try {
+        const v = localStorage.getItem(BROWSER_NOTIF_PREF_KEY);
+        return v !== 'false'; // default: on quando permitido
+    } catch {
+        return true;
+    }
+}
+
+function fireBrowserNotification(item) {
+    if (!browserNotifEnabled()) return;
+    if (document.hasFocus() && document.visibilityState === 'visible') return; // não notifica se tab ativa
+    try {
+        const title = item?.payload?.title || 'Nova notificação';
+        const body = item?.payload?.detail || '';
+        const n = new Notification(title, {
+            body,
+            icon: '/favicon.ico',
+            tag: `agenciapsi:${item.id}`,
+            requireInteraction: false
+        });
+        n.onclick = () => {
+            window.focus();
+            if (item?.payload?.deeplink) {
+                window.location.hash = '';
+                window.location.pathname = item.payload.deeplink;
+            }
+            n.close();
+        };
+    } catch {
+        // browser sem suporte ou permissão revogada
+    }
+}
+
+export async function requestBrowserNotificationPermission() {
+    if (!browserNotifSupported()) return false;
+    if (Notification.permission === 'granted') return true;
+    if (Notification.permission === 'denied') return false;
+    try {
+        const res = await Notification.requestPermission();
+        return res === 'granted';
+    } catch {
+        return false;
+    }
+}
+
+export function setBrowserNotificationEnabled(enabled) {
+    try {
+        localStorage.setItem(BROWSER_NOTIF_PREF_KEY, enabled ? 'true' : 'false');
+    } catch {
+        // ignore
+    }
+}
+
+export function getBrowserNotificationEnabled() {
+    return browserNotifEnabled();
+}
+
 export const useNotificationStore = defineStore('notifications', {
     state: () => ({
         items: [],
@@ -59,6 +129,7 @@ export const useNotificationStore = defineStore('notifications', {
                     },
                     (payload) => {
                         this.items.unshift(payload.new);
+                        fireBrowserNotification(payload.new);
                     }
                 )
                 .subscribe();
diff --git a/src/utils/addonExtratoExport.js b/src/utils/addonExtratoExport.js
new file mode 100644
index 0000000..3929168
--- /dev/null
+++ b/src/utils/addonExtratoExport.js
@@ -0,0 +1,243 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Tecnologia aplicada à escuta.
+| Estrutura para o cuidado.
+|
+| Arquivo: src/utils/addonExtratoExport.js
+| Data: 2026
+| Local: São Carlos/SP — Brasil
+|--------------------------------------------------------------------------
+| © 2026 — Todos os direitos reservados
+|--------------------------------------------------------------------------
+*/
+
+import { htmlToPdfDownload } from '@/services/pdf.service';
+
+// ─── labels ─────────────────────────────────────────────────────────────────
+
+const MOVEMENT_LABELS = {
+    purchase: 'Compra',
+    consumption: 'Consumo',
+    adjustment: 'Ajuste',
+    refund: 'Reembolso',
+    bonus: 'Bônus',
+    expiration: 'Expiração'
+};
+
+const ADDON_LABELS = {
+    sms: 'SMS',
+    email: 'E-mail',
+    server: 'Servidor',
+    domain: 'Domínio'
+};
+
+// ─── formatadores ───────────────────────────────────────────────────────────
+
+function fmtDate(iso) {
+    if (!iso) return '';
+    try {
+        return new Date(iso).toLocaleString('pt-BR', {
+            day: '2-digit',
+            month: '2-digit',
+            year: 'numeric',
+            hour: '2-digit',
+            minute: '2-digit'
+        });
+    } catch {
+        return '';
+    }
+}
+
+function fmtAmount(row) {
+    const amt = Number(row.amount) || 0;
+    if (row.type === 'purchase' || row.type === 'bonus' || row.type === 'refund') {
+        return `+${amt}`;
+    }
+    if (row.type === 'consumption') {
+        return `-${Math.abs(amt)}`;
+    }
+    return amt >= 0 ? `+${amt}` : `${amt}`;
+}
+
+function fmtBRL(cents) {
+    if (!cents) return '';
+    return (cents / 100).toLocaleString('pt-BR', { style: 'currency', currency: 'BRL' });
+}
+
+function addonLabel(type) {
+    return ADDON_LABELS[type] || type || '';
+}
+
+function movementLabel(type) {
+    return MOVEMENT_LABELS[type] || type || '';
+}
+
+// ─── sanitização para CSV ───────────────────────────────────────────────────
+
+function csvCell(value) {
+    if (value === null || value === undefined) return '';
+    const s = String(value)
+        .replace(/[\r\n]+/g, ' ')
+        .replace(/"/g, '""')
+        .trim();
+    // Previne CSV injection: prefixa com espaço se começar com =, +, -, @
+    const safe = /^[=+\-@]/.test(s) ? ' ' + s : s;
+    return `"${safe}"`;
+}
+
+function csvLine(cells) {
+    return cells.map(csvCell).join(';');
+}
+
+// ─── export CSV ─────────────────────────────────────────────────────────────
+
+export function buildExtratoCSV(rows, summary, periodLabel) {
+    const header = ['Data', 'Addon', 'Tipo', 'Quantidade', 'Saldo após', 'Descrição', 'Valor (R$)', 'Método', 'Referência'];
+
+    const lines = [csvLine(header)];
+    for (const r of rows) {
+        lines.push(
+            csvLine([
+                fmtDate(r.created_at),
+                addonLabel(r.addon_type),
+                movementLabel(r.type),
+                fmtAmount(r),
+                r.balance_after ?? '',
+                r.description ?? '',
+                r.price_cents ? fmtBRL(r.price_cents) : '',
+                r.payment_method ?? '',
+                r.payment_reference ?? ''
+            ])
+        );
+    }
+
+    // Rodapé com resumo
+    lines.push('');
+    lines.push(csvLine(['Período', periodLabel, '', '', '', '', '', '', '']));
+    lines.push(csvLine(['Registros', summary.totalRows, '', '', '', '', '', '', '']));
+    lines.push(csvLine(['Total comprado (créditos)', summary.purchasedCredits, '', '', '', '', '', '', '']));
+    lines.push(csvLine(['Total comprado (R$)', fmtBRL(summary.purchasedCents), '', '', '', '', '', '', '']));
+    lines.push(csvLine(['Total consumido (créditos)', summary.consumedCredits, '', '', '', '', '', '', '']));
+
+    return '\uFEFF' + lines.join('\r\n');
+}
+
+export function downloadExtratoCSV(rows, summary, periodLabel, filename) {
+    const csv = buildExtratoCSV(rows, summary, periodLabel);
+    const blob = new Blob([csv], { type: 'text/csv;charset=utf-8' });
+    const url = URL.createObjectURL(blob);
+    const a = document.createElement('a');
+    a.href = url;
+    a.download = filename || `extrato-addons-${Date.now()}.csv`;
+    document.body.appendChild(a);
+    a.click();
+    document.body.removeChild(a);
+    URL.revokeObjectURL(url);
+}
+
+// ─── export PDF ─────────────────────────────────────────────────────────────
+
+function htmlEscape(s) {
+    if (s === null || s === undefined) return '';
+    return String(s)
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;');
+}
+
+function buildExtratoHTML(rows, summary, periodLabel, tenantName) {
+    const tbody = rows
+        .map(
+            (r) => `
+        <tr>
+            <td>${htmlEscape(fmtDate(r.created_at))}</td>
+            <td>${htmlEscape(addonLabel(r.addon_type))}</td>
+            <td>${htmlEscape(movementLabel(r.type))}</td>
+            <td class="num">${htmlEscape(fmtAmount(r))}</td>
+            <td class="num">${htmlEscape(r.balance_after ?? '')}</td>
+            <td>${htmlEscape(r.description ?? '')}</td>
+            <td class="num">${htmlEscape(r.price_cents ? fmtBRL(r.price_cents) : '')}</td>
+            <td>${htmlEscape(r.payment_reference ?? '')}</td>
+        </tr>
+    `
+        )
+        .join('');
+
+    return `<!doctype html>
+<html lang="pt-BR">
+<head>
+<meta charset="utf-8" />
+<title>Extrato de Recursos Extras</title>
+<style>
+    * { box-sizing: border-box; }
+    body { font-family: 'Segoe UI', Arial, sans-serif; color: #1a1a1a; margin: 0; padding: 24px; font-size: 11px; }
+    h1 { font-size: 18px; margin: 0 0 4px 0; color: #2e3440; }
+    .subtitle { color: #6b7280; font-size: 11px; margin-bottom: 16px; }
+    .summary { display: flex; flex-wrap: wrap; gap: 12px; margin-bottom: 16px; }
+    .card { flex: 1 1 150px; border: 1px solid #e5e7eb; border-radius: 6px; padding: 8px 12px; background: #f9fafb; }
+    .card .label { font-size: 9px; color: #6b7280; text-transform: uppercase; letter-spacing: 0.5px; }
+    .card .value { font-size: 14px; font-weight: 600; color: #111827; margin-top: 2px; }
+    table { width: 100%; border-collapse: collapse; font-size: 10px; }
+    th { background: #374151; color: #fff; padding: 6px 8px; text-align: left; font-weight: 600; }
+    td { padding: 5px 8px; border-bottom: 1px solid #e5e7eb; }
+    td.num { text-align: right; font-variant-numeric: tabular-nums; }
+    tr:nth-child(even) td { background: #f9fafb; }
+    .footer { margin-top: 16px; font-size: 9px; color: #9ca3af; text-align: center; }
+</style>
+</head>
+<body>
+    <h1>Extrato de Recursos Extras</h1>
+    <div class="subtitle">
+        ${htmlEscape(tenantName || '')} &middot; Período: <strong>${htmlEscape(periodLabel)}</strong> &middot;
+        Gerado em ${htmlEscape(fmtDate(new Date().toISOString()))}
+    </div>
+
+    <div class="summary">
+        <div class="card"><div class="label">Registros</div><div class="value">${summary.totalRows}</div></div>
+        <div class="card"><div class="label">Comprado (créditos)</div><div class="value">${summary.purchasedCredits}</div></div>
+        <div class="card"><div class="label">Comprado (R$)</div><div class="value">${htmlEscape(fmtBRL(summary.purchasedCents) || 'R$ 0,00')}</div></div>
+        <div class="card"><div class="label">Consumido (créditos)</div><div class="value">${summary.consumedCredits}</div></div>
+    </div>
+
+    <table>
+        <thead>
+            <tr>
+                <th>Data</th>
+                <th>Addon</th>
+                <th>Tipo</th>
+                <th class="num">Qtd.</th>
+                <th class="num">Saldo após</th>
+                <th>Descrição</th>
+                <th class="num">Valor</th>
+                <th>Referência</th>
+            </tr>
+        </thead>
+        <tbody>
+            ${tbody || '<tr><td colspan="8" style="text-align:center;color:#9ca3af;padding:16px;">Sem transações no período</td></tr>'}
+        </tbody>
+    </table>
+
+    <div class="footer">AgênciaPSI &middot; Extrato de débitos e créditos de recursos extras</div>
+</body>
+</html>`;
+}
+
+export async function downloadExtratoPDF(rows, summary, periodLabel, tenantName, filename) {
+    const html = buildExtratoHTML(rows, summary, periodLabel, tenantName);
+    await htmlToPdfDownload(html, filename || `extrato-addons-${Date.now()}.pdf`);
+}
+
+// ─── util exposto pra página ────────────────────────────────────────────────
+
+export const formatters = {
+    fmtDate,
+    fmtAmount,
+    fmtBRL,
+    addonLabel,
+    movementLabel
+};
diff --git a/src/utils/auditoriaExport.js b/src/utils/auditoriaExport.js
new file mode 100644
index 0000000..6aac629
--- /dev/null
+++ b/src/utils/auditoriaExport.js
@@ -0,0 +1,206 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Tecnologia aplicada à escuta.
+| Estrutura para o cuidado.
+|
+| Arquivo: src/utils/auditoriaExport.js
+| Data: 2026
+| Local: São Carlos/SP — Brasil
+|--------------------------------------------------------------------------
+| © 2026 — Todos os direitos reservados
+|--------------------------------------------------------------------------
+*/
+
+import { htmlToPdfDownload } from '@/services/pdf.service';
+
+const SOURCE_LABELS = {
+    audit_logs: 'Auditoria',
+    document_access_logs: 'Acesso a documento',
+    patient_status_history: 'Status paciente',
+    notification_logs: 'Notificação',
+    addon_transactions: 'Recurso extra'
+};
+
+const ENTITY_LABELS = {
+    patients: 'Paciente',
+    agenda_eventos: 'Evento de agenda',
+    financial_records: 'Registro financeiro',
+    documents: 'Documento',
+    tenant_members: 'Membro do tenant',
+    document: 'Documento',
+    notification: 'Notificação',
+    patient_status: 'Status do paciente',
+    addon_transaction: 'Transação de recurso'
+};
+
+function fmtDate(iso) {
+    if (!iso) return '';
+    try {
+        return new Date(iso).toLocaleString('pt-BR', {
+            day: '2-digit',
+            month: '2-digit',
+            year: 'numeric',
+            hour: '2-digit',
+            minute: '2-digit',
+            second: '2-digit'
+        });
+    } catch {
+        return '';
+    }
+}
+
+export function sourceLabel(src) {
+    return SOURCE_LABELS[src] || src || '';
+}
+
+export function entityLabel(ent) {
+    return ENTITY_LABELS[ent] || ent || '';
+}
+
+// ─── sanitização CSV (anti-injection) ────────────────────────────────────────
+
+function csvCell(value) {
+    if (value === null || value === undefined) return '';
+    const s = String(value)
+        .replace(/[\r\n]+/g, ' ')
+        .replace(/"/g, '""')
+        .trim();
+    const safe = /^[=+\-@]/.test(s) ? ' ' + s : s;
+    return `"${safe}"`;
+}
+
+function csvLine(cells) {
+    return cells.map(csvCell).join(';');
+}
+
+export function buildAuditCSV(rows, summary, periodLabel, userDisplay) {
+    const header = ['Data/Hora', 'Origem', 'Entidade', 'ID entidade', 'Ação', 'Descrição', 'Usuário'];
+    const lines = [csvLine(header)];
+
+    for (const r of rows) {
+        lines.push(
+            csvLine([
+                fmtDate(r.occurred_at),
+                sourceLabel(r.source),
+                entityLabel(r.entity_type),
+                r.entity_id ?? '',
+                r.action ?? '',
+                r.description ?? '',
+                userDisplay(r.user_id)
+            ])
+        );
+    }
+
+    lines.push('');
+    lines.push(csvLine(['Período', periodLabel]));
+    lines.push(csvLine(['Total de registros', summary.totalRows]));
+    lines.push(csvLine(['Usuários distintos', summary.distinctUsers]));
+
+    return '\uFEFF' + lines.join('\r\n');
+}
+
+export function downloadAuditCSV(rows, summary, periodLabel, userDisplay, filename) {
+    const csv = buildAuditCSV(rows, summary, periodLabel, userDisplay);
+    const blob = new Blob([csv], { type: 'text/csv;charset=utf-8' });
+    const url = URL.createObjectURL(blob);
+    const a = document.createElement('a');
+    a.href = url;
+    a.download = filename || `auditoria-${Date.now()}.csv`;
+    document.body.appendChild(a);
+    a.click();
+    document.body.removeChild(a);
+    URL.revokeObjectURL(url);
+}
+
+// ─── PDF ─────────────────────────────────────────────────────────────────────
+
+function htmlEscape(s) {
+    if (s === null || s === undefined) return '';
+    return String(s)
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;');
+}
+
+function buildAuditHTML(rows, summary, periodLabel, tenantName, userDisplay) {
+    const tbody = rows
+        .map(
+            (r) => `
+        <tr>
+            <td>${htmlEscape(fmtDate(r.occurred_at))}</td>
+            <td>${htmlEscape(sourceLabel(r.source))}</td>
+            <td>${htmlEscape(entityLabel(r.entity_type))}</td>
+            <td>${htmlEscape(r.description ?? '')}</td>
+            <td>${htmlEscape(userDisplay(r.user_id))}</td>
+        </tr>`
+        )
+        .join('');
+
+    return `<!doctype html>
+<html lang="pt-BR">
+<head>
+<meta charset="utf-8" />
+<title>Relatório de Auditoria</title>
+<style>
+    * { box-sizing: border-box; }
+    body { font-family: 'Segoe UI', Arial, sans-serif; color: #1a1a1a; margin: 0; padding: 24px; font-size: 10px; }
+    h1 { font-size: 18px; margin: 0 0 4px 0; color: #2e3440; }
+    .subtitle { color: #6b7280; font-size: 10px; margin-bottom: 16px; }
+    .summary { display: flex; flex-wrap: wrap; gap: 10px; margin-bottom: 14px; }
+    .card { flex: 1 1 120px; border: 1px solid #e5e7eb; border-radius: 6px; padding: 6px 10px; background: #f9fafb; }
+    .card .label { font-size: 8px; color: #6b7280; text-transform: uppercase; letter-spacing: 0.5px; }
+    .card .value { font-size: 13px; font-weight: 600; color: #111827; margin-top: 2px; }
+    table { width: 100%; border-collapse: collapse; font-size: 9px; }
+    th { background: #374151; color: #fff; padding: 5px 7px; text-align: left; font-weight: 600; }
+    td { padding: 4px 7px; border-bottom: 1px solid #e5e7eb; vertical-align: top; }
+    tr:nth-child(even) td { background: #f9fafb; }
+    .footer { margin-top: 14px; font-size: 8px; color: #9ca3af; text-align: center; }
+</style>
+</head>
+<body>
+    <h1>Relatório de Auditoria</h1>
+    <div class="subtitle">
+        ${htmlEscape(tenantName || '')} &middot; Período: <strong>${htmlEscape(periodLabel)}</strong>
+        &middot; Gerado em ${htmlEscape(fmtDate(new Date().toISOString()))}
+    </div>
+
+    <div class="summary">
+        <div class="card"><div class="label">Registros</div><div class="value">${summary.totalRows}</div></div>
+        <div class="card"><div class="label">Usuários distintos</div><div class="value">${summary.distinctUsers}</div></div>
+    </div>
+
+    <table>
+        <thead>
+            <tr>
+                <th>Data/Hora</th>
+                <th>Origem</th>
+                <th>Entidade</th>
+                <th>Descrição</th>
+                <th>Usuário</th>
+            </tr>
+        </thead>
+        <tbody>
+            ${tbody || '<tr><td colspan="5" style="text-align:center;color:#9ca3af;padding:16px;">Nenhum evento no período</td></tr>'}
+        </tbody>
+    </table>
+
+    <div class="footer">AgênciaPSI &middot; Registro imutável de operações de tratamento (LGPD Art. 37)</div>
+</body>
+</html>`;
+}
+
+export async function downloadAuditPDF(rows, summary, periodLabel, tenantName, userDisplay, filename) {
+    const html = buildAuditHTML(rows, summary, periodLabel, tenantName, userDisplay);
+    await htmlToPdfDownload(html, filename || `auditoria-${Date.now()}.pdf`);
+}
+
+export const auditFormatters = {
+    fmtDate,
+    sourceLabel,
+    entityLabel
+};
diff --git a/src/utils/excelExport.js b/src/utils/excelExport.js
new file mode 100644
index 0000000..90c73af
--- /dev/null
+++ b/src/utils/excelExport.js
@@ -0,0 +1,153 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Tecnologia aplicada à escuta.
+| Estrutura para o cuidado.
+|
+| Arquivo: src/utils/excelExport.js
+| Data: 2026
+| Local: São Carlos/SP — Brasil
+|--------------------------------------------------------------------------
+| © 2026 — Todos os direitos reservados
+|--------------------------------------------------------------------------
+*/
+
+import ExcelJS from 'exceljs';
+
+/**
+ * Tipos de coluna suportados:
+ *   text   — string (default)
+ *   money  — cents (divide por 100 + formata BRL)
+ *   date   — ISO/Date (formata dd/mm/yyyy hh:mm)
+ *   number — inteiro/decimal
+ */
+
+function fmtDateCell(value) {
+    if (!value) return null;
+    const d = value instanceof Date ? value : new Date(value);
+    if (isNaN(d.getTime())) return String(value);
+    return d;
+}
+
+function sanitizeText(value) {
+    if (value === null || value === undefined) return '';
+    const s = String(value).replace(/[\r\n]+/g, ' ').trim();
+    // Previne fórmula Excel: prefixa com espaço se começar com =, +, -, @
+    return /^[=+\-@]/.test(s) ? ' ' + s : s;
+}
+
+/**
+ * Gera workbook Excel a partir de headers e rows.
+ * headers: [{ key, label, type: 'text'|'money'|'date'|'number', width?: number }]
+ * rows: array de objetos
+ */
+export async function buildExcelBlob({ sheetName = 'Dados', headers, rows, footerRows = [] }) {
+    const wb = new ExcelJS.Workbook();
+    wb.creator = 'AgenciaPSI';
+    wb.created = new Date();
+
+    const ws = wb.addWorksheet(sheetName, {
+        views: [{ state: 'frozen', ySplit: 1 }]
+    });
+
+    // ── Cabeçalho ──────────────────────────────────────────────
+    ws.columns = headers.map((h) => ({
+        header: h.label,
+        key: h.key,
+        width: h.width || 18
+    }));
+
+    const headerRow = ws.getRow(1);
+    headerRow.font = { bold: true, color: { argb: 'FFFFFFFF' } };
+    headerRow.fill = {
+        type: 'pattern',
+        pattern: 'solid',
+        fgColor: { argb: 'FF374151' }
+    };
+    headerRow.alignment = { vertical: 'middle', horizontal: 'left' };
+    headerRow.height = 20;
+
+    // ── Rows ───────────────────────────────────────────────────
+    for (const row of rows) {
+        const cells = {};
+        for (const h of headers) {
+            const raw = row[h.key];
+            switch (h.type) {
+                case 'money': {
+                    const cents = Number(raw) || 0;
+                    cells[h.key] = cents / 100;
+                    break;
+                }
+                case 'date':
+                    cells[h.key] = fmtDateCell(raw);
+                    break;
+                case 'number':
+                    cells[h.key] = Number(raw) || 0;
+                    break;
+                default:
+                    cells[h.key] = sanitizeText(raw);
+            }
+        }
+        const r = ws.addRow(cells);
+
+        // Formatação por tipo
+        headers.forEach((h, idx) => {
+            const cell = r.getCell(idx + 1);
+            if (h.type === 'money') {
+                cell.numFmt = '"R$" #,##0.00;[Red]-"R$" #,##0.00';
+            } else if (h.type === 'date') {
+                cell.numFmt = 'dd/mm/yyyy hh:mm';
+            } else if (h.type === 'number') {
+                cell.numFmt = '#,##0';
+            }
+        });
+    }
+
+    // ── Zebra (linhas pares) ───────────────────────────────────
+    for (let i = 2; i <= ws.rowCount; i++) {
+        if (i % 2 === 0) {
+            ws.getRow(i).fill = {
+                type: 'pattern',
+                pattern: 'solid',
+                fgColor: { argb: 'FFF9FAFB' }
+            };
+        }
+    }
+
+    // ── Footer com resumo ──────────────────────────────────────
+    if (footerRows.length) {
+        ws.addRow([]);
+        for (const fr of footerRows) {
+            const r = ws.addRow(fr);
+            r.font = { bold: true };
+        }
+    }
+
+    // ── Borders ────────────────────────────────────────────────
+    const borderStyle = { style: 'thin', color: { argb: 'FFE5E7EB' } };
+    ws.eachRow((row) => {
+        row.eachCell((cell) => {
+            cell.border = { top: borderStyle, left: borderStyle, bottom: borderStyle, right: borderStyle };
+        });
+    });
+
+    const buf = await wb.xlsx.writeBuffer();
+    return new Blob([buf], {
+        type: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
+    });
+}
+
+export async function downloadExcel({ filename, ...opts }) {
+    const blob = await buildExcelBlob(opts);
+    const url = URL.createObjectURL(blob);
+    const a = document.createElement('a');
+    a.href = url;
+    a.download = filename || `export-${Date.now()}.xlsx`;
+    document.body.appendChild(a);
+    a.click();
+    document.body.removeChild(a);
+    URL.revokeObjectURL(url);
+}
diff --git a/src/utils/lgpdExportFormats.js b/src/utils/lgpdExportFormats.js
new file mode 100644
index 0000000..7d90fa0
--- /dev/null
+++ b/src/utils/lgpdExportFormats.js
@@ -0,0 +1,298 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Tecnologia aplicada à escuta.
+| Estrutura para o cuidado.
+|
+| Arquivo: src/utils/lgpdExportFormats.js
+| Data: 2026
+| Local: São Carlos/SP — Brasil
+|--------------------------------------------------------------------------
+| © 2026 — Todos os direitos reservados
+|--------------------------------------------------------------------------
+*/
+
+import { htmlToPdfDownload } from '@/services/pdf.service';
+
+function htmlEscape(s) {
+    if (s === null || s === undefined) return '';
+    return String(s).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+}
+
+function fmtDate(iso) {
+    if (!iso) return '';
+    try {
+        return new Date(iso).toLocaleString('pt-BR', {
+            day: '2-digit',
+            month: '2-digit',
+            year: 'numeric',
+            hour: '2-digit',
+            minute: '2-digit'
+        });
+    } catch {
+        return String(iso);
+    }
+}
+
+function fmtBRL(cents) {
+    if (cents === null || cents === undefined) return '';
+    const n = typeof cents === 'number' ? cents / 100 : Number(cents) / 100;
+    if (!isFinite(n)) return '';
+    return n.toLocaleString('pt-BR', { style: 'currency', currency: 'BRL' });
+}
+
+function renderKV(label, value) {
+    if (value === null || value === undefined || value === '') return '';
+    return `<div class="kv"><span class="k">${htmlEscape(label)}:</span> <span class="v">${htmlEscape(value)}</span></div>`;
+}
+
+function renderSectionHeader(title, count) {
+    const badge = count != null ? `<span class="count">${count}</span>` : '';
+    return `<h2>${htmlEscape(title)} ${badge}</h2>`;
+}
+
+function renderTable(headers, rows) {
+    if (!rows || !rows.length) {
+        return '<p class="empty">Sem registros.</p>';
+    }
+    const th = headers.map((h) => `<th>${htmlEscape(h.label)}</th>`).join('');
+    const body = rows
+        .map(
+            (r) =>
+                '<tr>' +
+                headers
+                    .map((h) => {
+                        const raw = h.get ? h.get(r) : r[h.key];
+                        return `<td>${htmlEscape(raw ?? '')}</td>`;
+                    })
+                    .join('') +
+                '</tr>'
+        )
+        .join('');
+    return `<table><thead><tr>${th}</tr></thead><tbody>${body}</tbody></table>`;
+}
+
+export function buildLgpdHTML(payload, tenantName) {
+    if (!payload) return '';
+
+    const meta = payload.export_metadata || {};
+    const p = payload.paciente || {};
+
+    const sections = [];
+
+    // ── Cabeçalho LGPD ─────────────────────────────────────────────────────
+    sections.push(`
+        <div class="cover">
+            <h1>Relatório de Dados Pessoais</h1>
+            <p class="lead">
+                Documento gerado em atendimento ao <strong>art. 18, II da LGPD</strong>
+                (portabilidade de dados do titular).
+            </p>
+            <div class="meta">
+                ${renderKV('Controlador', tenantName || 'AgênciaPSI')}
+                ${renderKV('Gerado em', fmtDate(meta.generated_at))}
+                ${renderKV('Fundamento', meta.lgpd_basis)}
+                ${renderKV('Versão do formato', meta.format_version)}
+            </div>
+        </div>
+    `);
+
+    // ── Dados pessoais ─────────────────────────────────────────────────────
+    sections.push(renderSectionHeader('1. Dados pessoais do titular'));
+    sections.push(`
+        <div class="grid">
+            ${renderKV('Nome completo', p.nome_completo)}
+            ${renderKV('Nome social', p.nome_social)}
+            ${renderKV('Apelido', p.apelido)}
+            ${renderKV('CPF', p.cpf)}
+            ${renderKV('RG', p.rg)}
+            ${renderKV('Data de nascimento', p.data_nascimento)}
+            ${renderKV('Gênero', p.genero)}
+            ${renderKV('Estado civil', p.estado_civil)}
+            ${renderKV('Profissão', p.profissao)}
+            ${renderKV('Escolaridade', p.escolaridade)}
+            ${renderKV('Telefone', p.telefone)}
+            ${renderKV('E-mail', p.email)}
+            ${renderKV('Endereço', [p.endereco_logradouro, p.endereco_numero, p.endereco_bairro, p.endereco_cidade, p.endereco_uf, p.endereco_cep].filter(Boolean).join(', '))}
+            ${renderKV('Status atual', p.status)}
+            ${renderKV('Data de criação do cadastro', fmtDate(p.created_at))}
+        </div>
+    `);
+
+    // ── Contatos ───────────────────────────────────────────────────────────
+    const contatos = payload.contatos || [];
+    sections.push(renderSectionHeader('2. Contatos', contatos.length));
+    sections.push(
+        renderTable(
+            [
+                { label: 'Nome', key: 'nome' },
+                { label: 'Tipo', key: 'tipo' },
+                { label: 'Relação', key: 'relacao' },
+                { label: 'Telefone', key: 'telefone' },
+                { label: 'E-mail', key: 'email' }
+            ],
+            contatos
+        )
+    );
+
+    // ── Contatos de apoio ──────────────────────────────────────────────────
+    const apoio = payload.contatos_apoio || [];
+    sections.push(renderSectionHeader('3. Contatos de apoio', apoio.length));
+    sections.push(
+        renderTable(
+            [
+                { label: 'Nome', key: 'nome' },
+                { label: 'Vínculo', key: 'vinculo' },
+                { label: 'Telefone', key: 'telefone' }
+            ],
+            apoio
+        )
+    );
+
+    // ── Histórico de status ────────────────────────────────────────────────
+    const status = payload.historico_status || [];
+    sections.push(renderSectionHeader('4. Histórico de status', status.length));
+    sections.push(
+        renderTable(
+            [
+                { label: 'Data', key: 'alterado_em', get: (r) => fmtDate(r.alterado_em) },
+                { label: 'Anterior', key: 'status_anterior' },
+                { label: 'Novo', key: 'status_novo' },
+                { label: 'Motivo', key: 'motivo' }
+            ],
+            status
+        )
+    );
+
+    // ── Eventos de agenda ──────────────────────────────────────────────────
+    const agenda = payload.eventos_agenda || [];
+    sections.push(renderSectionHeader('5. Eventos de agenda', agenda.length));
+    sections.push(
+        renderTable(
+            [
+                { label: 'Início', key: 'inicio_em', get: (r) => fmtDate(r.inicio_em) },
+                { label: 'Tipo', key: 'tipo' },
+                { label: 'Status', key: 'status' },
+                { label: 'Observações', key: 'observacoes' }
+            ],
+            agenda
+        )
+    );
+
+    // ── Registros financeiros ──────────────────────────────────────────────
+    const financeiro = payload.registros_financeiros || [];
+    sections.push(renderSectionHeader('6. Registros financeiros', financeiro.length));
+    sections.push(
+        renderTable(
+            [
+                { label: 'Criado em', key: 'created_at', get: (r) => fmtDate(r.created_at) },
+                { label: 'Vencimento', key: 'due_date' },
+                { label: 'Valor', key: 'amount', get: (r) => fmtBRL(r.amount) },
+                { label: 'Valor final', key: 'final_amount', get: (r) => fmtBRL(r.final_amount) },
+                { label: 'Status', key: 'status' },
+                { label: 'Método', key: 'payment_method' }
+            ],
+            financeiro
+        )
+    );
+
+    // ── Documentos ─────────────────────────────────────────────────────────
+    const docs = payload.documentos || [];
+    sections.push(renderSectionHeader('7. Documentos', docs.length));
+    sections.push(
+        renderTable(
+            [
+                { label: 'Nome', key: 'nome_original' },
+                { label: 'Tipo', key: 'tipo_documento' },
+                { label: 'Categoria', key: 'categoria' },
+                { label: 'Tamanho (bytes)', key: 'tamanho_bytes' },
+                { label: 'Upload em', key: 'uploaded_at', get: (r) => fmtDate(r.uploaded_at) }
+            ],
+            docs
+        )
+    );
+
+    // ── Notificações ───────────────────────────────────────────────────────
+    const notifs = payload.notificacoes_enviadas || [];
+    sections.push(renderSectionHeader('8. Notificações enviadas', notifs.length));
+    sections.push(
+        renderTable(
+            [
+                { label: 'Data', key: 'created_at', get: (r) => fmtDate(r.created_at) },
+                { label: 'Canal', key: 'channel' },
+                { label: 'Destinatário', key: 'recipient_address' },
+                { label: 'Status', key: 'status' }
+            ],
+            notifs
+        )
+    );
+
+    // ── Audit trail ────────────────────────────────────────────────────────
+    const audit = payload.audit_trail || [];
+    sections.push(renderSectionHeader('9. Auditoria de alterações', audit.length));
+    sections.push(
+        renderTable(
+            [
+                { label: 'Data', key: 'created_at', get: (r) => fmtDate(r.created_at) },
+                { label: 'Ação', key: 'action' },
+                { label: 'Campos alterados', key: 'changed_fields', get: (r) => (r.changed_fields || []).join(', ') }
+            ],
+            audit
+        )
+    );
+
+    // ── Acessos a documentos ───────────────────────────────────────────────
+    const acessos = payload.acessos_a_documentos || [];
+    sections.push(renderSectionHeader('10. Acessos a documentos', acessos.length));
+    sections.push(
+        renderTable(
+            [
+                { label: 'Data', key: 'acessado_em', get: (r) => fmtDate(r.acessado_em) },
+                { label: 'Ação', key: 'acao' }
+            ],
+            acessos
+        )
+    );
+
+    return `<!doctype html>
+<html lang="pt-BR">
+<head>
+<meta charset="utf-8" />
+<title>Relatório LGPD - ${htmlEscape(p.nome_completo || 'paciente')}</title>
+<style>
+    * { box-sizing: border-box; }
+    body { font-family: 'Segoe UI', Arial, sans-serif; color: #1a1a1a; margin: 0; padding: 20px; font-size: 10px; }
+    h1 { font-size: 20px; margin: 0 0 8px; color: #1e3a8a; }
+    h2 { font-size: 13px; margin: 18px 0 6px; color: #1f2937; border-bottom: 1px solid #e5e7eb; padding-bottom: 3px; }
+    h2 .count { display: inline-block; background: #3b82f6; color: #fff; border-radius: 999px; padding: 0 6px; font-size: 9px; margin-left: 6px; vertical-align: middle; }
+    .cover { margin-bottom: 16px; padding: 12px; background: #f3f4f6; border-left: 4px solid #1e3a8a; border-radius: 4px; }
+    .lead { font-size: 10px; color: #4b5563; margin: 0 0 8px; }
+    .meta .kv, .grid .kv { font-size: 9px; }
+    .kv .k { font-weight: 600; color: #6b7280; }
+    .kv .v { color: #111827; }
+    .grid { display: grid; grid-template-columns: repeat(2, 1fr); gap: 2px 12px; }
+    table { width: 100%; border-collapse: collapse; font-size: 9px; margin-top: 4px; }
+    th { background: #374151; color: #fff; padding: 4px 6px; text-align: left; font-weight: 600; }
+    td { padding: 3px 6px; border-bottom: 1px solid #e5e7eb; }
+    tr:nth-child(even) td { background: #f9fafb; }
+    .empty { font-style: italic; color: #9ca3af; font-size: 9px; margin: 4px 0 8px; }
+    .footer { margin-top: 24px; font-size: 8px; color: #9ca3af; text-align: center; border-top: 1px solid #e5e7eb; padding-top: 8px; }
+</style>
+</head>
+<body>
+    ${sections.join('\n')}
+    <div class="footer">
+        AgênciaPSI &middot; Relatório LGPD &middot; Gerado em ${htmlEscape(fmtDate(meta.generated_at))}
+        &middot; O titular tem direito a requerer a correção de dados incompletos, inexatos ou desatualizados (Art. 18, III).
+    </div>
+</body>
+</html>`;
+}
+
+export async function downloadLgpdPDF(payload, tenantName, filename) {
+    const html = buildLgpdHTML(payload, tenantName);
+    await htmlToPdfDownload(html, filename || `lgpd-export-${Date.now()}.pdf`);
+}
diff --git a/src/views/pages/account/ProfilePage.vue b/src/views/pages/account/ProfilePage.vue
index dcd930c..0e34815 100644
--- a/src/views/pages/account/ProfilePage.vue
+++ b/src/views/pages/account/ProfilePage.vue
@@ -754,42 +754,28 @@ onBeforeUnmount(() => {
 </script>
 
 <template>
-    <!-- ── HERO ────────────────────────────────────────────── -->
-    <div ref="heroSentinelRef" class="p-2" />
-    <div
-        ref="heroEl"
-        class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-2"
-        :style="{ top: 'var(--layout-sticky-top, 55px)' }"
-        :class="{ 'rounded-tl-none rounded-tr-none': heroStuck }"
-    >
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 -top-20 -right-16 bg-indigo-500/[0.14]" />
-            <div class="absolute rounded-full blur-[70px] w-[22rem] h-[22rem] top-4 -left-20 bg-emerald-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-64 h-64 -bottom-12 right-20 bg-fuchsia-500/[0.09]" />
-        </div>
-
-        <div class="relative z-10 flex items-center gap-5 flex-wrap">
-            <div class="flex items-center gap-4 flex-1 min-w-0">
-                <div class="relative shrink-0">
-                    <img v-if="ui.avatarPreview" :src="ui.avatarPreview" class="w-16 h-16 rounded-[1.125rem] border-2 border-[var(--surface-border)] block object-cover" alt="avatar" />
-                    <div v-else class="w-16 h-16 rounded-[1.125rem] border-2 border-[var(--surface-border)] grid place-items-center bg-[var(--surface-ground)] text-[1.3rem] font-extrabold text-[var(--text-color)]">{{ initials }}</div>
-                    <span class="absolute bottom-[-3px] right-[-3px] w-[0.9rem] h-[0.9rem] rounded-full bg-emerald-400 border-[2.5px] border-[var(--surface-card)]" />
-                </div>
-                <div class="min-w-0">
-                    <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)] leading-snug truncate">{{ form.full_name || 'Meu Perfil' }}</div>
-                    <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5 truncate">{{ userEmail || 'Gerencie suas informações pessoais e segurança' }}</div>
-                </div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="relative shrink-0">
+                <img v-if="ui.avatarPreview" :src="ui.avatarPreview" class="w-10 h-10 rounded-md border border-[var(--surface-border)] block object-cover" alt="avatar" />
+                <div v-else class="w-10 h-10 rounded-md border border-[var(--surface-border)] grid place-items-center bg-[var(--surface-ground)] text-[0.85rem] font-bold text-[var(--text-color)]">{{ initials }}</div>
+                <span class="absolute bottom-[-2px] right-[-2px] w-[0.6rem] h-[0.6rem] rounded-full bg-emerald-400 border-2 border-[var(--surface-card)]" />
+            </div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title truncate">{{ form.full_name || 'Meu Perfil' }}</div>
+                <div class="cfg-subheader__sub truncate">{{ userEmail || 'Gerencie suas informações pessoais e segurança' }}</div>
             </div>
 
             <!-- Desktop (≥1200px) -->
             <div class="hidden xl:flex items-center gap-2 shrink-0">
-                <Button label="Voltar" icon="pi pi-arrow-left" severity="secondary" outlined class="rounded-full" @click="router.back()" />
-                <Button label="Salvar" icon="pi pi-check" class="rounded-full" :loading="saving" :disabled="!dirty" @click="saveAll" />
+                <Button label="Voltar" icon="pi pi-arrow-left" severity="secondary" outlined size="small" @click="router.back()" />
+                <Button label="Salvar" icon="pi pi-check" size="small" :loading="saving" :disabled="!dirty" @click="saveAll" />
             </div>
 
             <!-- Mobile (<1200px) -->
             <div class="flex xl:hidden items-center gap-2 shrink-0">
-                <Button label="Ações" icon="pi pi-ellipsis-v" severity="secondary" size="small" class="rounded-full" @click="(e) => heroMenuRef.toggle(e)" />
+                <Button label="Ações" icon="pi pi-ellipsis-v" severity="secondary" size="small" @click="(e) => heroMenuRef.toggle(e)" />
                 <Menu ref="heroMenuRef" :model="heroMenuItems" :popup="true" />
             </div>
         </div>
diff --git a/src/views/pages/auth/SecurityPage.vue b/src/views/pages/auth/SecurityPage.vue
index 740ef79..052b7c8 100644
--- a/src/views/pages/auth/SecurityPage.vue
+++ b/src/views/pages/auth/SecurityPage.vue
@@ -170,41 +170,21 @@ async function sendResetEmail() {
 </script>
 
 <template>
-    <!-- Sentinel -->
-    <div ref="headerSentinelRef" class="h-px" />
-
-    <!-- Hero sticky -->
-    <div
-        ref="headerEl"
-        class="sticky mx-auto max-w-2xl px-3 md:px-5 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5"
-        :style="{ top: 'var(--layout-sticky-top, 56px)' }"
-        :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
-    >
-        <!-- Blobs -->
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-12 bg-indigo-500/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-2 -left-20 bg-emerald-500/[0.08]" />
-        </div>
-
-        <div class="relative z-10 flex items-center gap-4">
-            <div class="flex items-center gap-3 flex-1 min-w-0">
-                <div class="grid place-items-center w-10 h-10 rounded-[0.875rem] shrink-0" style="background: color-mix(in srgb, var(--p-primary-500, #6366f1) 12%, transparent); color: var(--p-primary-500, #6366f1)">
-                    <i class="pi pi-shield text-lg" />
-                </div>
-                <div class="min-w-0">
-                    <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Segurança</div>
-                    <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Gerencie o acesso e a senha da sua conta</div>
-                </div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader max-w-2xl mx-auto w-full">
+            <div class="cfg-subheader__icon"><i class="pi pi-shield" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Segurança</div>
+                <div class="cfg-subheader__sub">Gerencie o acesso e a senha da sua conta.</div>
             </div>
-
-            <span class="hidden xl:inline-flex items-center gap-2 text-[1rem] px-3 py-1.5 rounded-full border border-emerald-200 text-emerald-700 bg-emerald-50 shrink-0">
-                <span class="h-2 w-2 rounded-full bg-emerald-500 animate-pulse" />
+            <span class="hidden xl:inline-flex items-center gap-2 text-[0.7rem] px-2.5 py-1 rounded-full border border-emerald-200 text-emerald-700 bg-emerald-50 shrink-0">
+                <span class="h-1.5 w-1.5 rounded-full bg-emerald-500 animate-pulse" />
                 Sessão ativa
             </span>
         </div>
-    </div>
 
-    <div class="px-3 md:px-5 pb-8 flex justify-center">
+        <div class="flex justify-center">
         <div class="w-full max-w-2xl space-y-4">
             <!-- Card principal -->
             <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] overflow-hidden">
@@ -311,8 +291,9 @@ async function sendResetEmail() {
         </div>
     </div>
 
-    <div class="px-3 md:px-4 pb-3">
-        <LoadedPhraseBlock v-if="mounted" />
+        <div class="flex justify-center pb-3">
+            <LoadedPhraseBlock v-if="mounted" />
+        </div>
     </div>
 </template>
 
diff --git a/src/views/pages/billing/ClinicMeuPlanoPage.vue b/src/views/pages/billing/ClinicMeuPlanoPage.vue
index c64d644..11dffb7 100644
--- a/src/views/pages/billing/ClinicMeuPlanoPage.vue
+++ b/src/views/pages/billing/ClinicMeuPlanoPage.vue
@@ -415,7 +415,7 @@ onMounted(fetchMeuPlanoClinic);
     <!-- ══════════════════════════════════════════════════════
        HERO sticky
   ═══════════════════════════════════════════════════════ -->
-    <section class="sticky mx-3 md:mx-4 mb-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
+    <section class="sticky mx-3 md:mx-4 my-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
         <!-- Blobs -->
         <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
             <div class="absolute w-64 h-64 -top-16 -right-8 rounded-full blur-[60px] bg-indigo-500/10" />
diff --git a/src/views/pages/billing/TherapistMeuPlanoPage.vue b/src/views/pages/billing/TherapistMeuPlanoPage.vue
index 37cdeff..e313d5f 100644
--- a/src/views/pages/billing/TherapistMeuPlanoPage.vue
+++ b/src/views/pages/billing/TherapistMeuPlanoPage.vue
@@ -328,7 +328,7 @@ onBeforeUnmount(() => {
   ═══════════════════════════════════════════════════════ -->
     <section
         ref="headerEl"
-        class="sticky mx-3 md:mx-4 mb-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
+        class="sticky mx-3 md:mx-4 my-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
         :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
         :style="{ top: 'var(--layout-sticky-top, 56px)' }"
     >
diff --git a/src/views/pages/billing/TherapistUpgradePage.vue b/src/views/pages/billing/TherapistUpgradePage.vue
index 64c29e5..5b55bd4 100644
--- a/src/views/pages/billing/TherapistUpgradePage.vue
+++ b/src/views/pages/billing/TherapistUpgradePage.vue
@@ -268,7 +268,7 @@ onMounted(loadData);
     <!-- ══════════════════════════════════════════════════════
        HERO sticky
   ═══════════════════════════════════════════════════════ -->
-    <section class="sticky mx-3 md:mx-4 mb-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
+    <section class="sticky mx-3 md:mx-4 my-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
         <!-- Blobs -->
         <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
             <div class="absolute w-64 h-64 -top-16 -right-8 rounded-full blur-[60px] bg-indigo-500/10" />
diff --git a/src/views/pages/billing/UpgradePage.vue b/src/views/pages/billing/UpgradePage.vue
index b5bb18d..e90518c 100644
--- a/src/views/pages/billing/UpgradePage.vue
+++ b/src/views/pages/billing/UpgradePage.vue
@@ -352,7 +352,7 @@ watch(
     <!-- ══════════════════════════════════════════════════════
        HERO sticky
   ═══════════════════════════════════════════════════════ -->
-    <section class="sticky mx-3 md:mx-4 mb-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
+    <section class="sticky mx-3 md:mx-4 my-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
         <!-- Blobs -->
         <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
             <div class="absolute w-64 h-64 -top-16 -right-8 rounded-full blur-[60px] bg-indigo-500/10" />
diff --git a/src/views/pages/clinic/ClinicDashboard.vue b/src/views/pages/clinic/ClinicDashboard.vue
index eb8586e..6a63c01 100644
--- a/src/views/pages/clinic/ClinicDashboard.vue
+++ b/src/views/pages/clinic/ClinicDashboard.vue
@@ -21,6 +21,16 @@ import { useLayout } from '@/layout/composables/layout';
 import Menu from 'primevue/menu';
 import { supabase } from '@/lib/supabase/client';
 import { useTenantStore } from '@/stores/tenantStore';
+import { useClinicKPIs } from '@/composables/useClinicKPIs';
+
+// Fase 3a — KPIs financeiros/operacionais da clínica
+const kpis = useClinicKPIs();
+const brl = new Intl.NumberFormat('pt-BR', { style: 'currency', currency: 'BRL' });
+function fmtBRL(v) { return brl.format(Number(v) || 0); }
+const revenueMax = computed(() => {
+    const arr = kpis.revenueSeries.value || [];
+    return arr.reduce((m, r) => Math.max(m, r.received || 0), 0) || 1;
+});
 
 const dashHeroSentinelRef = ref(null);
 const heroStuck = ref(false);
@@ -441,6 +451,9 @@ async function load() {
         _terapeutasBruto.value = membrosRes.data || [];
         _solicitacoesBruto.value = solRes.data || [];
         _cadastrosBruto.value = cadRes.data || [];
+
+        // KPIs financeiros em paralelo (não bloqueante)
+        kpis.load();
     } catch (e) {
         console.error('[ClinicDashboard] load:', e);
     } finally {
@@ -612,9 +625,9 @@ onMounted(async () => {
         <main class="flex-1 min-w-0 p-4 xl:p-[1.125rem_1.375rem] flex flex-col gap-4 overflow-y-auto" :style="{ marginLeft: isMobileLayout ? undefined : '272px' }">
 
             <!-- Hero Header — Skeleton -->
-            <section v-if="loading" class="relative overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-2.5">
-                <div class="flex items-center gap-3 mb-3">
-                    <Skeleton width="40px" height="40px" border-radius="8px" />
+            <section v-if="loading" class="relative overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5 mx-3 md:mx-4 mt-4">
+                <div class="flex items-center gap-3">
+                    <Skeleton width="40px" height="40px" border-radius="6px" />
                     <div class="flex flex-col gap-1.5 flex-1">
                         <Skeleton width="12rem" height="14px" />
                         <Skeleton width="18rem" height="11px" />
@@ -622,32 +635,35 @@ onMounted(async () => {
                     <Skeleton width="36px" height="36px" border-radius="999px" />
                     <Skeleton width="36px" height="36px" border-radius="999px" />
                 </div>
-                <div class="flex flex-wrap gap-2.5">
-                    <div v-for="n in 4" :key="n" class="flex flex-col gap-1.5 px-4 py-2.5 rounded-md border border-[var(--surface-border)] flex-1 min-w-[90px]">
-                        <Skeleton width="2rem" height="20px" />
-                        <Skeleton width="4rem" height="10px" />
-                    </div>
+            </section>
+
+            <!-- Quick stats — Skeleton -->
+            <section v-if="loading" class="grid grid-cols-2 md:grid-cols-4 gap-2.5 mx-3 md:mx-4 mb-4">
+                <div v-for="n in 4" :key="n" class="flex flex-col gap-1.5 px-4 py-2.5 rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)]">
+                    <Skeleton width="2rem" height="20px" />
+                    <Skeleton width="4rem" height="10px" />
                 </div>
             </section>
 
             <!-- Hero Header -->
             <section
                 v-if="!loading"
-                class="relative overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-2.5"
+                class="sticky mx-3 md:mx-4 mt-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5"
+                :style="{ top: 'var(--layout-sticky-top, 56px)' }"
                 :class="{ 'rounded-tl-none rounded-tr-none': heroStuck }"
             >
                 <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-                    <div class="absolute w-72 h-72 -top-16 -right-12 rounded-full blur-[70px] bg-teal-500/10" />
-                    <div class="absolute w-80 h-80 top-2 -left-20 rounded-full blur-[70px] bg-indigo-400/[0.08]" />
+                    <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-indigo-400/10" />
+                    <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-emerald-400/10" />
+                    <div class="absolute rounded-full blur-[70px] w-72 h-72 -bottom-20 right-24 bg-fuchsia-400/10" />
                 </div>
-
-                <div class="relative z-1 flex items-center gap-4">
+                <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
                     <div class="flex items-center gap-3 flex-1 min-w-0">
-                        <div class="grid place-items-center w-10 h-10 rounded-md shrink-0 bg-teal-500/10 text-teal-600">
+                        <div class="grid place-items-center w-10 h-10 rounded-md shrink-0 bg-indigo-500/10 text-indigo-600 dark:text-indigo-400">
                             <i class="pi pi-building text-lg" />
                         </div>
                         <div class="min-w-0">
-                            <div class="text-[1.1rem] font-bold tracking-tight text-[var(--text-color-secondary)]">{{ saudacao }} <span class="text-[var(--primary-color,#6366f1)]">👋</span></div>
+                            <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">{{ saudacao }} <span class="text-[var(--primary-color,#6366f1)]">👋</span></div>
                             <div class="text-[0.78rem] text-[var(--text-color-secondary)] mt-0.5">{{ resumoHoje }}</div>
                         </div>
                     </div>
@@ -656,35 +672,150 @@ onMounted(async () => {
                         <Button icon="pi pi-cog" severity="secondary" outlined class="h-9 w-9 rounded-full" title="Configurações" @click="$router.push('/configuracoes')" />
                     </div>
                 </div>
+            </section>
 
-                <Divider class="hidden xl:block my-2" />
+            <!-- Quick stats (separados do hero) -->
+            <section v-if="!loading" class="grid grid-cols-2 md:grid-cols-4 gap-2.5 mx-3 md:mx-4 mb-4">
+                <div
+                    v-for="s in quickStats"
+                    :key="s.label"
+                    class="flex flex-col gap-0.5 px-4 py-3 rounded-md border transition-colors duration-150"
+                    :class="{
+                        'border-red-500/25 bg-red-500/5': s.cls === 'qs-urgente',
+                        'border-green-500/25 bg-green-500/5': s.cls === 'qs-ok',
+                        'border-[var(--surface-border)] bg-[var(--surface-card)]': !s.cls
+                    }"
+                >
+                    <div
+                        class="text-[1.35rem] font-bold leading-none"
+                        :class="{
+                            'text-red-500': s.cls === 'qs-urgente',
+                            'text-green-500': s.cls === 'qs-ok',
+                            'text-[var(--text-color)]': !s.cls
+                        }"
+                    >
+                        {{ s.value }}
+                    </div>
+                    <div class="text-[0.7rem] text-[var(--text-color-secondary)] opacity-75 truncate">{{ s.label }}</div>
+                </div>
+            </section>
 
-                <!-- Quick stats -->
-                <div class="relative z-1 mt-2">
-                    <div class="flex flex-wrap gap-2.5">
-                        <div
-                            v-for="s in quickStats"
-                            :key="s.label"
-                            class="flex flex-col gap-0.5 px-4 py-2.5 rounded-md border flex-1 min-w-[90px] text-center xl:text-left transition-colors duration-150"
-                            :class="{
-                                'border-red-500/25 bg-red-500/5': s.cls === 'qs-urgente',
-                                'border-green-500/25 bg-green-500/5': s.cls === 'qs-ok',
-                                'border-[var(--surface-border)] bg-[var(--surface-ground)]': !s.cls
-                            }"
-                        >
-                            <div
-                                class="text-[1.35rem] font-bold leading-none"
-                                :class="{
-                                    'text-red-500': s.cls === 'qs-urgente',
-                                    'text-green-500': s.cls === 'qs-ok',
-                                    'text-[var(--text-color)]': !s.cls
-                                }"
-                            >
-                                {{ s.value }}
-                            </div>
-                            <div class="text-[0.7rem] text-[var(--text-color-secondary)] opacity-75">{{ s.label }}</div>
+            <!-- ═══════════════════════════════════════
+                 KPIs financeiros/operacionais (Fase 3a)
+                ══════════════════════════════════════════ -->
+            <section v-if="!loading" class="flex flex-col gap-3">
+                <!-- Cards KPI -->
+                <div class="grid grid-cols-2 md:grid-cols-3 xl:grid-cols-6 gap-2.5">
+                    <div class="flex flex-col gap-0.5 px-4 py-3 rounded-md border border-emerald-500/25 bg-emerald-500/5">
+                        <div class="text-[0.7rem] text-[var(--text-color-secondary)] uppercase tracking-wide">Recebido no mês</div>
+                        <div class="text-[1.25rem] font-bold text-emerald-600 leading-tight">{{ fmtBRL(kpis.mrrCurrentCents.value) }}</div>
+                        <div class="text-[0.68rem] text-[var(--text-color-secondary)] opacity-75">
+                            Ticket médio: {{ fmtBRL(kpis.avgTicket.value) }}
                         </div>
                     </div>
+
+                    <div
+                        class="flex flex-col gap-0.5 px-4 py-3 rounded-md border"
+                        :class="kpis.overdueCount.value > 0 ? 'border-red-500/25 bg-red-500/5' : 'border-[var(--surface-border)] bg-[var(--surface-ground)]'"
+                    >
+                        <div class="text-[0.7rem] text-[var(--text-color-secondary)] uppercase tracking-wide">Inadimplência</div>
+                        <div class="text-[1.25rem] font-bold leading-tight" :class="kpis.overdueCount.value > 0 ? 'text-red-500' : 'text-[var(--text-color)]'">
+                            {{ fmtBRL(kpis.overdueCents.value) }}
+                        </div>
+                        <div class="text-[0.68rem] text-[var(--text-color-secondary)] opacity-75">
+                            {{ kpis.overdueCount.value }} recebível(is) em atraso
+                        </div>
+                    </div>
+
+                    <div class="flex flex-col gap-0.5 px-4 py-3 rounded-md border border-[var(--surface-border)] bg-[var(--surface-ground)]">
+                        <div class="text-[0.7rem] text-[var(--text-color-secondary)] uppercase tracking-wide">A receber</div>
+                        <div class="text-[1.25rem] font-bold text-[var(--text-color)] leading-tight">{{ fmtBRL(kpis.pendingCents.value) }}</div>
+                        <div class="text-[0.68rem] text-[var(--text-color-secondary)] opacity-75">Pendentes no mês</div>
+                    </div>
+
+                    <div class="flex flex-col gap-0.5 px-4 py-3 rounded-md border border-[var(--surface-border)] bg-[var(--surface-ground)]">
+                        <div class="text-[0.7rem] text-[var(--text-color-secondary)] uppercase tracking-wide">Pacientes</div>
+                        <div class="text-[1.25rem] font-bold text-[var(--text-color)] leading-tight">
+                            {{ kpis.activePatients.value }}
+                            <span class="text-[0.75rem] text-[var(--text-color-secondary)] font-normal">/ {{ kpis.totalPatients.value }}</span>
+                        </div>
+                        <div class="text-[0.68rem] text-[var(--text-color-secondary)] opacity-75">Ativos · {{ kpis.inactivePatients.value }} inativos</div>
+                    </div>
+
+                    <div class="flex flex-col gap-0.5 px-4 py-3 rounded-md border border-[var(--surface-border)] bg-[var(--surface-ground)]">
+                        <div class="text-[0.7rem] text-[var(--text-color-secondary)] uppercase tracking-wide">Sessões no mês</div>
+                        <div class="text-[1.25rem] font-bold text-[var(--text-color)] leading-tight">{{ kpis.sessionsDone.value }}</div>
+                        <div class="text-[0.68rem] text-[var(--text-color-secondary)] opacity-75">
+                            de {{ kpis.sessionsScheduled.value }} agendadas
+                        </div>
+                    </div>
+
+                    <div
+                        class="flex flex-col gap-0.5 px-4 py-3 rounded-md border"
+                        :class="(kpis.noShowRate.value ?? 0) > 15 ? 'border-amber-500/25 bg-amber-500/5' : 'border-[var(--surface-border)] bg-[var(--surface-ground)]'"
+                    >
+                        <div class="text-[0.7rem] text-[var(--text-color-secondary)] uppercase tracking-wide">Taxa de falta</div>
+                        <div class="text-[1.25rem] font-bold leading-tight" :class="(kpis.noShowRate.value ?? 0) > 15 ? 'text-amber-600' : 'text-[var(--text-color)]'">
+                            {{ kpis.noShowRate.value !== null ? kpis.noShowRate.value + '%' : '—' }}
+                        </div>
+                        <div class="text-[0.68rem] text-[var(--text-color-secondary)] opacity-75">
+                            {{ kpis.sessionsNoShow.value }} faltas · {{ kpis.sessionsCancelled.value }} cancel.
+                        </div>
+                    </div>
+                </div>
+
+                <!-- Grid: gráfico 6 meses + top pacientes -->
+                <div class="grid grid-cols-1 xl:grid-cols-[1fr_320px] gap-3">
+                    <!-- Gráfico de receita (barras SVG simples) -->
+                    <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-4">
+                        <div class="flex items-center justify-between mb-3">
+                            <div class="text-sm font-semibold text-[var(--text-color)]">Receita recebida · últimos 6 meses</div>
+                            <i class="pi pi-chart-bar text-[var(--text-color-secondary)]" />
+                        </div>
+                        <div v-if="!kpis.revenueSeries.value.length" class="text-xs text-[var(--text-color-secondary)] py-6 text-center">
+                            Sem dados no período.
+                        </div>
+                        <div v-else class="flex items-end gap-2 h-40">
+                            <div
+                                v-for="(m, i) in kpis.revenueSeries.value"
+                                :key="i"
+                                class="flex-1 flex flex-col items-center gap-1 min-w-0"
+                            >
+                                <div class="text-[0.65rem] text-[var(--text-color-secondary)] truncate w-full text-center">
+                                    {{ fmtBRL(m.received) }}
+                                </div>
+                                <div
+                                    class="w-full bg-emerald-500/70 rounded-t-md transition-all duration-300 min-h-[2px]"
+                                    :style="{ height: `${Math.max(2, (m.received / revenueMax) * 130)}px` }"
+                                />
+                                <div class="text-[0.68rem] text-[var(--text-color-secondary)] uppercase">{{ m.label }}</div>
+                            </div>
+                        </div>
+                    </div>
+
+                    <!-- Top 5 pacientes -->
+                    <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-4">
+                        <div class="flex items-center justify-between mb-3">
+                            <div class="text-sm font-semibold text-[var(--text-color)]">Top pacientes · 6 meses</div>
+                            <i class="pi pi-users text-[var(--text-color-secondary)]" />
+                        </div>
+                        <div v-if="!kpis.topPatients.value.length" class="text-xs text-[var(--text-color-secondary)] py-6 text-center">
+                            Sem dados.
+                        </div>
+                        <ol v-else class="flex flex-col gap-1.5">
+                            <li
+                                v-for="(p, i) in kpis.topPatients.value"
+                                :key="p.patient_id"
+                                class="flex items-center justify-between gap-2 text-xs"
+                            >
+                                <div class="flex items-center gap-2 min-w-0 flex-1">
+                                    <span class="w-5 h-5 rounded-full bg-[var(--surface-ground)] grid place-items-center text-[0.65rem] font-bold shrink-0">{{ i + 1 }}</span>
+                                    <span class="truncate text-[var(--text-color)]">{{ p.nome_completo }}</span>
+                                </div>
+                                <span class="font-semibold text-emerald-600 shrink-0">{{ fmtBRL(p.total) }}</span>
+                            </li>
+                        </ol>
+                    </div>
                 </div>
             </section>
 
diff --git a/src/views/pages/editor/EditorDashboard.vue b/src/views/pages/editor/EditorDashboard.vue
index 85ef948..1a12ffb 100644
--- a/src/views/pages/editor/EditorDashboard.vue
+++ b/src/views/pages/editor/EditorDashboard.vue
@@ -19,17 +19,25 @@ import NotificationsWidget from '@/components/dashboard/NotificationsWidget.vue'
 </script>
 
 <template>
-    <div class="card mb-0">
-        <div class="flex justify-between mb-4">
-            <div>
-                <span class="text-primary font-medium">Área</span>
-                <span class="text-muted-color"> do Editor</span>
-            </div>
-            <div class="flex items-center justify-center bg-orange-100 dark:bg-orange-400/10 rounded-border" style="width: 2.5rem; height: 2.5rem">
-                <i class="pi pi-pencil text-orange-500 text-xl!"></i>
+    <div
+        class="sticky mx-3 md:mx-4 mt-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5"
+        :style="{ top: 'var(--layout-sticky-top, 56px)' }"
+    >
+        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
+            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-orange-400/10" />
+            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-amber-400/10" />
+        </div>
+        <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
+            <div class="flex items-center gap-3 flex-1 min-w-0">
+                <div class="grid place-items-center w-10 h-10 rounded-md shrink-0 bg-orange-500/10 text-orange-600 dark:text-orange-400">
+                    <i class="pi pi-pencil text-lg" />
+                </div>
+                <div class="min-w-0">
+                    <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Área do Editor</div>
+                    <div class="text-[0.78rem] text-[var(--text-color-secondary)] mt-0.5">Crie e gerencie cursos, módulos e conteúdos da plataforma de microlearning.</div>
+                </div>
             </div>
         </div>
-        <p class="text-muted-color text-sm mt-0">Crie e gerencie cursos, módulos e conteúdos da plataforma de microlearning.</p>
     </div>
 
     <div class="grid grid-cols-12 gap-8">
diff --git a/src/views/pages/portal/PortalDashboard.vue b/src/views/pages/portal/PortalDashboard.vue
index b70687b..cd02e88 100644
--- a/src/views/pages/portal/PortalDashboard.vue
+++ b/src/views/pages/portal/PortalDashboard.vue
@@ -23,14 +23,23 @@ import StatsWidget from '@/components/dashboard/StatsWidget.vue';
 </script>
 
 <template>
-    <div class="card mb-0">
-        <div class="flex justify-between mb-4">
-            <div>
-                <span class="text-primary font-medium">Portal</span>
-                <span class="text-muted-color"> = Área do Paciente</span>
-            </div>
-            <div class="flex items-center justify-center bg-blue-100 dark:bg-blue-400/10 rounded-border" style="width: 2.5rem; height: 2.5rem">
-                <i class="pi pi-user text-blue-500 text-xl!"></i>
+    <div
+        class="sticky mx-3 md:mx-4 mt-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5"
+        :style="{ top: 'var(--layout-sticky-top, 56px)' }"
+    >
+        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
+            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-blue-400/10" />
+            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-cyan-400/10" />
+        </div>
+        <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
+            <div class="flex items-center gap-3 flex-1 min-w-0">
+                <div class="grid place-items-center w-10 h-10 rounded-md shrink-0 bg-blue-500/10 text-blue-600 dark:text-blue-400">
+                    <i class="pi pi-user text-lg" />
+                </div>
+                <div class="min-w-0">
+                    <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Portal</div>
+                    <div class="text-[0.78rem] text-[var(--text-color-secondary)] mt-0.5">Área do paciente — sessões, documentos e pagamentos.</div>
+                </div>
             </div>
         </div>
     </div>
diff --git a/src/views/pages/public/CadastroPacienteExterno.backup.vue b/src/views/pages/public/CadastroPacienteExterno.backup.vue
new file mode 100644
index 0000000..b544030
--- /dev/null
+++ b/src/views/pages/public/CadastroPacienteExterno.backup.vue
@@ -0,0 +1,1445 @@
+<!--
+|--------------------------------------------------------------------------
+| Agência PSI
+|--------------------------------------------------------------------------
+| Criado e desenvolvido por Leonardo Nohama
+|
+| Tecnologia aplicada à escuta.
+| Estrutura para o cuidado.
+|
+| Arquivo: src/views/pages/public/CadastroPacienteExterno.vue
+| Data: 2026
+| Local: São Carlos/SP — Brasil
+|--------------------------------------------------------------------------
+| © 2026 — Todos os direitos reservados
+|--------------------------------------------------------------------------
+-->
+<script setup>
+import { computed, reactive, ref, onMounted, onBeforeUnmount, nextTick, watch } from 'vue';
+import { useRoute } from 'vue-router';
+
+import InputMask from 'primevue/inputmask';
+import Textarea from 'primevue/textarea';
+import Checkbox from 'primevue/checkbox';
+import Message from 'primevue/message';
+import Popover from 'primevue/popover';
+import Dialog from 'primevue/dialog';
+import Accordion from 'primevue/accordion';
+import AccordionPanel from 'primevue/accordionpanel';
+import AccordionHeader from 'primevue/accordionheader';
+import AccordionContent from 'primevue/accordioncontent';
+import Select from 'primevue/select';
+
+import { useToast } from 'primevue/usetoast';
+import { supabase } from '@/lib/supabase/client';
+import { digitsOnly, isValidEmail, toISODate, generateCPF, fmtCPF } from '@/utils/validators';
+import MathCaptchaChallenge from '@/components/security/MathCaptchaChallenge.vue';
+
+const route = useRoute();
+const toast = useToast();
+
+const isDev = import.meta.env.DEV;
+
+// A#20 rev2 — defesa em camadas self-hosted
+// Honeypot: campo invisível que humano nunca preenche
+const honeypot = ref('');
+// Math captcha: ativado sob demanda quando edge function devolve 403 captcha-required
+const captchaRequired = ref(false);
+const captchaId = ref('');
+const captchaAnswer = ref(null);
+
+const salvando = ref(false);
+const sucesso = ref(false);
+
+// A#25: dialog de política de privacidade (LGPD)
+const policyOpen = ref(false);
+
+const token = computed(() => String(route.query.t || '').trim());
+// A#21: validação mais estrita — aceita UUID (com ou sem hífen, 32 hex chars).
+// Ainda é cosmético (servidor valida de verdade), mas reduz falsos "verificado".
+const TOKEN_RX = /^[0-9a-f]{32}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+const tokenOk = computed(() => TOKEN_RX.test(token.value));
+
+// ------------------------------------------------------
+// A#31 — Hero header: lookup público do terapeuta/clínica
+// ------------------------------------------------------
+const inviteInfo = ref(null);
+const loadingInfo = ref(false);
+const heroAvatarFailed = ref(false);
+const heroLogoFailed = ref(false);
+
+const WORK_DESCRIPTION_LABEL = {
+    psicologo_clinico: 'Psicólogo(a) Clínico(a)',
+    psicanalista: 'Psicanalista',
+    psiquiatra: 'Psiquiatra',
+    psicoterapeuta: 'Psicoterapeuta',
+    neuropsicologo: 'Neuropsicólogo(a)',
+    psicologo_organizacional: 'Psicólogo(a) Organizacional',
+    psicologo_escolar: 'Psicólogo(a) Escolar',
+    psicologo_hospitalar: 'Psicólogo(a) Hospitalar',
+    coach_mentor: 'Coach / Mentor(a)',
+    terapeuta_holistico: 'Terapeuta Holístico(a)',
+    outro: 'Profissional da saúde mental'
+};
+
+const heroTherapist = computed(() => inviteInfo.value?.therapist || null);
+const heroClinic = computed(() => inviteInfo.value?.clinic || null);
+
+const heroDisplayName = computed(() => heroTherapist.value?.display_name || 'Profissional');
+const heroFirstName = computed(() => String(heroDisplayName.value || '').trim().split(/\s+/)[0] || '');
+const heroAvatar = computed(() => (!heroAvatarFailed.value ? heroTherapist.value?.avatar_url || '' : ''));
+const heroClinicLogo = computed(() => (!heroLogoFailed.value ? heroClinic.value?.logo_url || '' : ''));
+const heroWorkLabel = computed(() => {
+    const key = heroTherapist.value?.work_description;
+    if (!key) return '';
+    return WORK_DESCRIPTION_LABEL[key] || 'Profissional da saúde mental';
+});
+const heroInitials = computed(() => {
+    const parts = String(heroDisplayName.value || '').trim().split(/\s+/).filter(Boolean);
+    if (!parts.length) return '·';
+    if (parts.length === 1) return parts[0].slice(0, 2).toUpperCase();
+    return (parts[0][0] + parts[parts.length - 1][0]).toUpperCase();
+});
+const hasBothLogos = computed(() => !!(heroAvatar.value && heroClinicLogo.value));
+
+function _normalizeUrl(u) {
+    const s = String(u || '').trim();
+    if (!s) return '';
+    if (/^https?:\/\//i.test(s)) return s;
+    return `https://${s}`;
+}
+function _instagramUrl(handle) {
+    const s = String(handle || '').trim().replace(/^@/, '');
+    if (!s) return '';
+    if (/^https?:\/\//i.test(s)) return s;
+    return `https://instagram.com/${s}`;
+}
+function _firstSocialFromClinic(socials) {
+    if (!Array.isArray(socials)) return null;
+    for (const item of socials) {
+        if (!item) continue;
+        if (typeof item === 'string' && item.trim()) return { label: 'Rede social', href: _normalizeUrl(item), icon: 'pi pi-globe', external: true };
+        if (typeof item === 'object') {
+            const url = item.url || item.link || item.handle;
+            const kind = String(item.platform || item.type || item.network || '').toLowerCase();
+            if (!url) continue;
+            const href = kind.includes('instagram') ? _instagramUrl(url) : _normalizeUrl(url);
+            const icon = kind.includes('instagram') ? 'pi pi-instagram'
+                       : kind.includes('facebook')  ? 'pi pi-facebook'
+                       : kind.includes('youtube')   ? 'pi pi-youtube'
+                       : kind.includes('linkedin')  ? 'pi pi-linkedin'
+                       : 'pi pi-globe';
+            return { label: item.platform || 'Rede social', href, icon, external: true };
+        }
+    }
+    return null;
+}
+
+const heroContactChips = computed(() => {
+    const chips = [];
+    const t = heroTherapist.value || {};
+    const c = heroClinic.value || {};
+
+    // Endereço (clínica)
+    const parts = [c.street, c.number].filter(Boolean).join(', ');
+    const cityUf = [c.city, c.state].filter(Boolean).join(' · ');
+    const addr = [parts, c.neighborhood, cityUf].filter(Boolean).join(' — ');
+    if (addr) chips.push({ label: addr, href: `https://www.google.com/maps/search/?api=1&query=${encodeURIComponent(addr)}`, icon: 'pi pi-map-marker', external: true });
+
+    // Telefone (prioriza clínica, cai pro pessoal)
+    const phone = c.phone || t.phone;
+    if (phone) {
+        const digits = String(phone).replace(/\D/g, '');
+        chips.push({ label: phone, href: digits ? `tel:+${digits.startsWith('55') ? digits : '55' + digits}` : `tel:${phone}`, icon: 'pi pi-phone', external: false });
+    }
+
+    // E-mail (clínica)
+    if (c.email) chips.push({ label: c.email, href: `mailto:${c.email}`, icon: 'pi pi-envelope', external: false });
+
+    // Site (prioriza clínica)
+    const site = c.site || t.site_url;
+    if (site) chips.push({ label: 'Site', href: _normalizeUrl(site), icon: 'pi pi-globe', external: true });
+
+    // Instagram do terapeuta
+    if (t.instagram) chips.push({ label: `@${String(t.instagram).replace(/^@/, '').replace(/^https?:\/\/(www\.)?instagram\.com\//i, '').replace(/\/$/, '')}`, href: _instagramUrl(t.instagram), icon: 'pi pi-instagram', external: true });
+
+    // Rede social da clínica (primeira disponível, se ainda não houver instagram do terapeuta)
+    if (!t.instagram) {
+        const social = _firstSocialFromClinic(c.social);
+        if (social) chips.push(social);
+    }
+
+    return chips;
+});
+
+async function fetchInviteInfo() {
+    if (!tokenOk.value) return;
+    loadingInfo.value = true;
+    try {
+        const { data, error } = await supabase.functions.invoke('get-intake-invite-info', {
+            body: { token: token.value }
+        });
+        if (error) return;
+        if (data?.ok && data.info) {
+            inviteInfo.value = data.info;
+        }
+    } catch {
+        // silencioso — sem hero é ok, form continua funcional
+    } finally {
+        loadingInfo.value = false;
+    }
+}
+
+// ------------------------------------------------------
+// Helpers (✅ ficam ANTES do enviar())
+// ------------------------------------------------------
+function cleanStr(v) {
+    const s = String(v ?? '').trim();
+    return s ? s : null;
+}
+
+// ------------------------------------------------------
+// Mock fill (Preencher tudo)
+// ------------------------------------------------------
+function randInt(min, max) {
+    return Math.floor(Math.random() * (max - min + 1)) + min;
+}
+function pick(arr) {
+    return arr[randInt(0, arr.length - 1)];
+}
+function maybe(p = 0.5) {
+    return Math.random() < p;
+}
+function pad2(n) {
+    return String(n).padStart(2, '0');
+}
+
+function randomDateDDMMYYYY(minAge = 18, maxAge = 65) {
+    const now = new Date();
+    const age = randInt(minAge, maxAge);
+    const year = now.getFullYear() - age;
+    const month = randInt(1, 12);
+    const day = randInt(1, 28);
+    return `${pad2(day)}-${pad2(month)}-${year}`;
+}
+
+function randomPhoneBR() {
+    const ddd = randInt(11, 99);
+    const p1 = randInt(90000, 99999);
+    const p2 = randInt(1000, 9999);
+    return `(${ddd}) ${p1}-${p2}`;
+}
+
+function generateCPFFormatted() {
+    return fmtCPF(generateCPF());
+}
+
+function generateRG() {
+    const base = Array.from({ length: 8 }, () => randInt(0, 9));
+    let sum = 0;
+    for (let i = 0; i < 8; i++) sum += base[i] * (9 - i);
+    const mod = sum % 11;
+    let dv = 11 - mod;
+    if (dv === 10) dv = 'X';
+    else if (dv === 11) dv = 0;
+    const rg = [...base, dv].join('');
+    return rg.replace(/^(\d{2})(\d{3})(\d{3})([\dX])$/, '$1.$2.$3-$4');
+}
+
+function randomEmailFromName(name) {
+    const slug = String(name || 'paciente')
+        .normalize('NFD')
+        .replace(/[\u0300-\u036f]/g, '')
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, '.')
+        .replace(/(^\.)|(\.$)/g, '');
+    return `${slug}.${randInt(10, 999)}@email.com`;
+}
+
+function preencherMock() {
+    const first = ['Ana', 'Bruno', 'Carla', 'Daniel', 'Eduarda', 'Felipe', 'Giovana', 'Henrique', 'Isabela', 'João', 'Larissa', 'Marcos', 'Nathalia', 'Otávio', 'Paula', 'Rafael', 'Sabrina', 'Thiago', 'Vanessa', 'Yasmin'];
+    const last = ['Silva', 'Santos', 'Oliveira', 'Souza', 'Pereira', 'Lima', 'Ferreira', 'Almeida', 'Costa', 'Gomes', 'Ribeiro', 'Carvalho', 'Martins', 'Araújo', 'Barbosa'];
+    const cities = ['São Carlos', 'Ribeirão Preto', 'Campinas', 'São Paulo', 'Araraquara', 'Bauru', 'Sorocaba', 'Santos'];
+    const neighborhoods = ['Centro', 'Jardim Paulista', 'Vila Prado', 'Santa Felícia', 'Cidade Jardim'];
+    const streets = ['Rua das Flores', 'Av. Brasil', 'Rua XV de Novembro', 'Av. São Carlos', 'Rua das Acácias'];
+
+    const nome = `${pick(first)} ${pick(last)} ${pick(last)}`;
+    const cidade = pick(cities);
+
+    form.nome_completo = nome;
+    form.data_nascimento = randomDateDDMMYYYY(18, 70);
+    form.naturalidade = cidade;
+    form.genero = pick(GENDER_OPTIONS).value;
+    form.estado_civil = pick(MARITAL_OPTIONS).value;
+
+    form.email_principal = randomEmailFromName(nome);
+    form.email_alternativo = maybe(0.35) ? `alt.${randInt(10, 999)}@gmail.com` : `alt.${randInt(10, 999)}@hotmail.com`;
+
+    form.telefone = randomPhoneBR();
+    form.telefone_alternativo = maybe(0.35) ? randomPhoneBR() : '';
+
+    form.cpf = generateCPFFormatted();
+    form.rg = generateRG();
+
+    form.observacoes = maybe(0.5) ? 'Cadastro realizado via link externo.' : 'Tenho disponibilidade no período da noite.';
+
+    form.onde_nos_conheceu = pick(['Instagram', 'Google', 'Indicação', 'Site', 'Threads', 'Outro']);
+    form.encaminhado_por = maybe(0.45) ? `${pick(first)} ${pick(last)}` : '';
+
+    form.pais = 'Brasil';
+    form.cep = '13561-260';
+    form.cidade = cidade;
+    form.estado = 'SP';
+    form.endereco = pick(streets);
+    form.numero = String(randInt(10, 9999));
+    form.bairro = pick(neighborhoods);
+    form.complemento = maybe(0.3) ? `Apto ${randInt(10, 999)}` : '';
+
+    form.escolaridade = pick(['Ensino Fundamental', 'Ensino Médio', 'Superior incompleto', 'Superior completo', 'Pós-graduação']);
+    form.profissao = pick(['Estudante', 'Professora', 'Desenvolvedor', 'Vendedor', 'Enfermeira', 'Autônomo', 'Servidor público']);
+
+    const temParente = maybe(0.6);
+    form.nome_parente = temParente ? `${pick(first)} ${pick(last)}` : '';
+    form.grau_parentesco = temParente ? pick(['Mãe', 'Pai', 'Irmã', 'Irmão', 'Cônjuge', 'Tia', 'Avó', 'Amigo(a)']) : '';
+    form.telefone_parente = temParente ? randomPhoneBR() : '';
+
+    const temResponsavel = maybe(0.35);
+    form.nome_responsavel = temResponsavel ? `${pick(first)} ${pick(last)} ${pick(last)}` : '';
+    form.telefone_responsavel = temResponsavel ? randomPhoneBR() : '';
+    form.cpf_responsavel = temResponsavel ? generateCPFFormatted() : '';
+    form.observacao_responsavel = temResponsavel ? 'Responsável ciente e de acordo com o cadastro.' : '';
+    form.cobranca_no_responsavel = temResponsavel ? maybe(0.5) : false;
+
+    consent.value = true;
+    toast.add({ severity: 'info', summary: 'Exemplo', detail: 'Campos preenchidos com dados simulados.', life: 1800 });
+}
+
+// Upload de foto removido da página pública (A#15):
+// O bucket não aceita mais upload anônimo. O terapeuta pode pedir a foto
+// depois, por outro canal, se for necessário.
+
+// ------------------------------------------------------
+// CEP (ViaCEP)
+// ------------------------------------------------------
+const cepLoading = ref(false);
+const addressLocked = computed(() => salvando.value || cepLoading.value);
+
+async function fetchCep(cepRaw) {
+    const cep = String(cepRaw || '').replace(/\D/g, '');
+    if (cep.length !== 8) return null;
+
+    const res = await fetch(`https://viacep.com.br/ws/${cep}/json/`, {
+        method: 'GET',
+        headers: { Accept: 'application/json' }
+    });
+    if (!res.ok) return null;
+
+    const data = await res.json();
+    if (!data || data.erro) return null;
+    return data;
+}
+
+async function onCepBlur() {
+    if (cepLoading.value) return;
+
+    const cepDigits = String(form.cep || '').replace(/\D/g, '');
+    if (cepDigits.length !== 8) return;
+
+    cepLoading.value = true;
+    try {
+        const d = await fetchCep(form.cep);
+        if (!d) {
+            toast.add({ severity: 'warn', summary: 'CEP', detail: 'CEP não encontrado.', life: 2500 });
+            return;
+        }
+
+        form.cidade = d.localidade || form.cidade;
+        form.estado = d.uf || form.estado;
+        form.bairro = d.bairro || form.bairro;
+        form.endereco = d.logradouro || form.endereco;
+        if (!form.complemento) form.complemento = d.complemento || '';
+
+        toast.add({ severity: 'success', summary: 'CEP', detail: 'Endereço preenchido automaticamente.', life: 1800 });
+    } catch {
+        toast.add({ severity: 'error', summary: 'CEP', detail: 'Falha ao consultar o ViaCEP.', life: 2500 });
+    } finally {
+        cepLoading.value = false;
+    }
+}
+
+// ------------------------------------------------------
+// Accordion + menu
+// ------------------------------------------------------
+const activeValue = ref('0');
+const panelHeaderRefs = ref([]);
+
+function setPanelHeaderRef(el, idx) {
+    if (!el) return;
+    panelHeaderRefs.value[idx] = el;
+}
+
+async function openPanel(i) {
+    activeValue.value = String(i);
+    await nextTick();
+    const headerRef = panelHeaderRefs.value?.[i];
+    const el = headerRef?.$el ?? headerRef;
+    if (el && typeof el.scrollIntoView === 'function') {
+        el.scrollIntoView({ behavior: 'smooth', block: 'start' });
+    }
+}
+
+const navItems = [
+    { value: '0', label: 'Informações pessoais', icon: 'pi pi-user' },
+    { value: '1', label: 'Endereço', icon: 'pi pi-map-marker' },
+    { value: '2', label: 'Dados adicionais', icon: 'pi pi-tags' },
+    { value: '3', label: 'Responsável', icon: 'pi pi-users' }
+];
+
+const navPopover = ref(null);
+function toggleNav(event) {
+    navPopover.value?.toggle(event);
+}
+function selectNav(item) {
+    openPanel(Number(item.value));
+    navPopover.value?.hide();
+}
+const selectedNav = computed(() => navItems.find((i) => i.value === activeValue.value) || null);
+
+const isCompact = ref(false);
+let mql = null;
+let mqlHandler = null;
+function syncCompact() {
+    isCompact.value = !!mql?.matches;
+}
+
+onMounted(() => {
+    mql = window.matchMedia('(max-width: 1199px)');
+    syncCompact();
+    mqlHandler = () => syncCompact();
+    if (mql.addEventListener) mql.addEventListener('change', mqlHandler);
+    else mql.addListener(mqlHandler);
+
+    fetchInviteInfo();
+});
+
+onBeforeUnmount(() => {
+    if (mql && mqlHandler) {
+        if (mql.removeEventListener) mql.removeEventListener('change', mqlHandler);
+        else mql.removeListener(mqlHandler);
+    }
+});
+
+// ------------------------------------------------------
+// Options
+// ------------------------------------------------------
+const GENDER_OPTIONS = [
+    { label: 'Masculino', value: 'male' },
+    { label: 'Feminino', value: 'female' },
+    { label: 'Não-binário', value: 'non_binary' },
+    { label: 'Outro', value: 'other' },
+    { label: 'Prefiro não informar', value: 'na' }
+];
+
+const MARITAL_OPTIONS = [
+    { label: 'Solteiro(a)', value: 'single' },
+    { label: 'Casado(a)', value: 'married' },
+    { label: 'Divorciado(a)', value: 'divorced' },
+    { label: 'Viúvo(a)', value: 'widowed' },
+    { label: 'Prefiro não informar', value: 'na' }
+];
+
+// ------------------------------------------------------
+// Form
+// ------------------------------------------------------
+function resetForm() {
+    return {
+        nome_completo: '',
+        email_principal: '',
+        telefone: '',
+        cep: '',
+        pais: 'Brasil',
+        cidade: '',
+        estado: 'SP',
+        endereco: '',
+        numero: '',
+        bairro: '',
+        complemento: '',
+        data_nascimento: '', // DD-MM-YYYY
+        naturalidade: '',
+        genero: '',
+        estado_civil: '',
+        onde_nos_conheceu: '',
+        encaminhado_por: '',
+        observacoes: '',
+        nacionalidade: '',
+
+        email_alternativo: '',
+        telefone_alternativo: '',
+        cpf: '',
+        rg: '',
+
+        escolaridade: '',
+        profissao: '',
+        nome_parente: '',
+        grau_parentesco: '',
+        telefone_parente: '',
+
+        nome_responsavel: '',
+        telefone_responsavel: '',
+        cpf_responsavel: '',
+        observacao_responsavel: '',
+        cobranca_no_responsavel: false
+    };
+}
+
+const form = reactive(resetForm());
+const consent = ref(false);
+
+const errors = reactive({
+    nome_completo: '',
+    email_principal: '',
+    email_alternativo: '',
+    telefone: '',
+    consentimento: ''
+});
+
+function validate() {
+    errors.nome_completo = '';
+    errors.email_principal = '';
+    errors.email_alternativo = '';
+    errors.telefone = '';
+    errors.consentimento = '';
+
+    const nome = String(form.nome_completo || '').trim();
+    if (!nome) errors.nome_completo = 'Informe seu nome completo';
+    if (!isValidEmail(form.email_principal)) errors.email_principal = 'Informe um e-mail válido';
+    if (cleanStr(form.email_alternativo) && !isValidEmail(form.email_alternativo)) errors.email_alternativo = 'E-mail alternativo inválido';
+    if (!digitsOnly(form.telefone)) errors.telefone = 'Informe um telefone para contato';
+    if (!consent.value) errors.consentimento = 'É necessário marcar o consentimento.';
+
+    return !errors.nome_completo && !errors.email_principal && !errors.email_alternativo && !errors.telefone && !errors.consentimento;
+}
+
+// ------------------------------------------------------
+// Progress (conceitual e útil)
+// ------------------------------------------------------
+const progressPct = computed(() => {
+    // contagem simples e honesta: dá sensação de avanço sem "gamificar demais"
+    const checks = [!!cleanStr(form.nome_completo), !!digitsOnly(form.telefone), isValidEmail(form.email_principal), !!cleanStr(form.data_nascimento), !!cleanStr(form.cep), !!cleanStr(form.endereco), !!cleanStr(form.cidade), !!consent.value];
+    const done = checks.filter(Boolean).length;
+    return Math.round((done / checks.length) * 100);
+});
+
+// ------------------------------------------------------
+// enviar (✅ corrigido: sem redeclarar helpers)
+// ------------------------------------------------------
+async function enviar() {
+    if (!tokenOk.value) return;
+    if (sucesso.value) return;
+
+    const ok = validate();
+    if (!ok) {
+        toast.add({ severity: 'warn', summary: 'Atenção', detail: 'Revise os campos obrigatórios.', life: 2200 });
+        openPanel(0);
+        return;
+    }
+
+    const isoBirth = toISODate(form.data_nascimento);
+    if (cleanStr(form.data_nascimento) && !isoBirth) {
+        toast.add({ severity: 'warn', summary: 'Atenção', detail: 'Data de nascimento inválida (use DD-MM-AAAA).', life: 2500 });
+        openPanel(0);
+        return;
+    }
+
+    salvando.value = true;
+    try {
+        // A#17: notas_internas NÃO é enviado (campo interno do terapeuta, não
+        // deve vir do paciente). A#15: avatar_url removido (upload não é mais
+        // possível anonimamente). Todos os campos texto são recortados em
+        // length máximo client-side (defesa em camadas — o RPC também valida).
+        const truncate = (v, n) => {
+            const s = cleanStr(v);
+            return s ? String(s).slice(0, n) : null;
+        };
+
+        const payload = {
+            // essenciais
+            nome_completo: truncate(form.nome_completo, 200),
+            email_principal: cleanStr(form.email_principal)?.toLowerCase().slice(0, 120) || null,
+            telefone: digitsOnly(form.telefone),
+
+            // alternativos
+            email_alternativo: cleanStr(form.email_alternativo)?.toLowerCase().slice(0, 120) || null,
+            telefone_alternativo: digitsOnly(form.telefone_alternativo) || null,
+
+            // docs / endereço
+            cpf: digitsOnly(form.cpf),
+            rg: truncate(form.rg, 20),
+            cep: digitsOnly(form.cep),
+
+            pais: truncate(form.pais, 60) || 'Brasil',
+            cidade: truncate(form.cidade, 120),
+            estado: truncate(form.estado, 2) || 'SP',
+            endereco: truncate(form.endereco, 200),
+            numero: truncate(form.numero, 20),
+            bairro: truncate(form.bairro, 120),
+            complemento: truncate(form.complemento, 120),
+
+            // pessoais
+            data_nascimento: isoBirth || null,
+            naturalidade: truncate(form.naturalidade, 120),
+            genero: cleanStr(form.genero),
+            estado_civil: cleanStr(form.estado_civil),
+
+            // adicionais
+            profissao: truncate(form.profissao, 120),
+            escolaridade: truncate(form.escolaridade, 120),
+            nacionalidade: truncate(form.nacionalidade, 80),
+
+            // origem + observações
+            onde_nos_conheceu: truncate(form.onde_nos_conheceu, 80),
+            encaminhado_por: truncate(form.encaminhado_por, 120),
+            observacoes: truncate(form.observacoes, 2000),
+
+            // consent
+            consent: !!consent.value
+        };
+
+        Object.keys(payload).forEach((k) => {
+            if (payload[k] === undefined) delete payload[k];
+        });
+
+        // A#24: envia user_agent pra log de tentativas (sem PII).
+        const clientInfo = (typeof navigator !== 'undefined' && navigator.userAgent)
+            ? String(navigator.userAgent).slice(0, 500)
+            : null;
+
+        // A#20 rev2: se já está exigindo captcha mas usuário não respondeu, bloqueia local
+        if (captchaRequired.value && (!captchaId.value || captchaAnswer.value == null)) {
+            toast.add({ severity: 'warn', summary: 'Verificação', detail: 'Responda a pergunta de verificação antes de enviar.', life: 3000 });
+            salvando.value = false;
+            return;
+        }
+
+        const { data, error } = await supabase.functions.invoke('submit-patient-intake', {
+            body: {
+                token: token.value,
+                payload,
+                website: honeypot.value,                          // honeypot field
+                captcha_id: captchaId.value || null,
+                captcha_answer: captchaAnswer.value,
+                client_info: clientInfo
+            }
+        });
+
+        // Quando edge devolve 4xx/5xx, supabase-js coloca a Response em error.context.
+        // O body com {error: 'captcha-required' | 'rate-limited' | ...} continua acessível.
+        let errBody = null;
+        if (error?.context?.json) {
+            try { errBody = await error.context.json(); } catch { /* sem body */ }
+        }
+        const errMsg = String(errBody?.error || data?.error || error?.message || '');
+        if (/captcha-required/i.test(errMsg)) {
+            captchaRequired.value = true;
+            captchaId.value = '';
+            captchaAnswer.value = null;
+            toast.add({ severity: 'warn', summary: 'Verificação extra', detail: 'Por segurança, responda a pergunta abaixo.', life: 3500 });
+            salvando.value = false;
+            return;
+        }
+
+        if (/captcha-wrong/i.test(errMsg)) {
+            captchaId.value = '';
+            captchaAnswer.value = null;
+            toast.add({ severity: 'warn', summary: 'Verificação', detail: 'Resposta incorreta. Tente novamente.', life: 3500 });
+            salvando.value = false;
+            return;
+        }
+
+        if (/rate-limited/i.test(errMsg)) {
+            const retryAfter = errBody?.retry_after_seconds || data?.retry_after_seconds;
+            const after = retryAfter ? Math.ceil(retryAfter / 60) : null;
+            toast.add({
+                severity: 'warn',
+                summary: 'Muitas tentativas',
+                detail: after ? `Tente novamente em ${after} min.` : 'Tente novamente mais tarde.',
+                life: 6000
+            });
+            salvando.value = false;
+            return;
+        }
+
+        if (error) throw new Error(data?.message || error.message || 'Falha ao enviar');
+        if (data?.error) throw new Error(data?.message || data.error);
+
+        sucesso.value = true;
+        toast.add({ severity: 'success', summary: 'Enviado', detail: 'Cadastro enviado com sucesso.', life: 2500 });
+    } catch (err) {
+        toast.add({
+            severity: 'error',
+            summary: 'Falha ao enviar',
+            detail: err?.message || 'Não foi possível enviar. Verifique o link e tente novamente.',
+            life: 4500
+        });
+    } finally {
+        salvando.value = false;
+    }
+}
+
+// auto-cep
+watch(
+    () => form.cep,
+    (newVal, oldVal) => {
+        const d = String(newVal || '').replace(/\D/g, '');
+        const prev = String(oldVal || '').replace(/\D/g, '');
+        if (d.length === 8 && d !== prev) onCepBlur();
+    }
+);
+</script>
+
+<template>
+    <Toast />
+    <div class="min-h-screen bg-gradient-to-b from-slate-950 via-slate-900 to-slate-950 text-slate-100">
+        <!-- "Backdrop" conceitual -->
+        <div class="pointer-events-none fixed inset-0 opacity-30">
+            <div class="absolute -top-24 left-1/2 h-72 w-72 -translate-x-1/2 rounded-full bg-emerald-400 blur-3xl" />
+            <div class="absolute top-40 left-16 h-56 w-56 rounded-full bg-indigo-400 blur-3xl" />
+            <div class="absolute bottom-24 right-16 h-64 w-64 rounded-full bg-fuchsia-400 blur-3xl" />
+        </div>
+
+        <div class="relative mx-auto flex min-h-screen max-w-6xl flex-col gap-6 px-4 py-10">
+            <!-- A#31 — Hero header (NEW): quem te convidou -->
+            <section v-if="tokenOk && !sucesso" class="mx-auto w-full max-w-[1100px]">
+                <!-- Skeleton durante o fetch -->
+                <div v-if="loadingInfo && !inviteInfo" class="rounded-3xl border border-white/10 bg-white/5 p-6 shadow-xl backdrop-blur-xl md:p-8">
+                    <div class="flex animate-pulse flex-col gap-4 md:flex-row md:items-center md:gap-6">
+                        <div class="h-24 w-24 shrink-0 rounded-2xl bg-white/10 md:h-28 md:w-28" />
+                        <div class="flex-1 space-y-3">
+                            <div class="h-5 w-40 rounded bg-white/10" />
+                            <div class="h-4 w-56 rounded bg-white/10" />
+                            <div class="h-3 w-72 rounded bg-white/10" />
+                        </div>
+                    </div>
+                </div>
+
+                <!-- Card carregado -->
+                <div
+                    v-else-if="inviteInfo"
+                    class="relative overflow-hidden rounded-3xl border border-white/10 bg-gradient-to-br from-emerald-500/10 via-white/5 to-indigo-500/10 p-6 shadow-2xl backdrop-blur-xl md:p-8"
+                >
+                    <!-- Ornamento sutil -->
+                    <div class="pointer-events-none absolute -top-20 -right-20 h-52 w-52 rounded-full bg-emerald-400/20 blur-3xl" aria-hidden="true" />
+                    <div class="pointer-events-none absolute -bottom-20 -left-16 h-48 w-48 rounded-full bg-indigo-400/15 blur-3xl" aria-hidden="true" />
+
+                    <div class="relative flex flex-col gap-6 md:flex-row md:items-center">
+                        <!-- Avatar / Logo -->
+                        <div class="relative shrink-0 self-center md:self-auto">
+                            <img
+                                v-if="heroAvatar"
+                                :src="heroAvatar"
+                                :alt="heroDisplayName"
+                                class="h-24 w-24 rounded-2xl border border-white/20 object-cover shadow-lg md:h-28 md:w-28"
+                                @error="heroAvatarFailed = true"
+                            />
+                            <div
+                                v-else
+                                class="grid h-24 w-24 place-items-center rounded-2xl border border-white/20 bg-gradient-to-br from-emerald-400/30 to-indigo-400/30 text-2xl font-semibold text-slate-50 shadow-lg md:h-28 md:w-28 md:text-3xl"
+                            >
+                                {{ heroInitials }}
+                            </div>
+                            <!-- Logo da clínica como badge quando ambos existem -->
+                            <div
+                                v-if="hasBothLogos"
+                                class="absolute -bottom-2 -right-2 h-11 w-11 overflow-hidden rounded-xl border-2 border-slate-900 bg-white shadow-lg"
+                                :title="heroClinic?.name || ''"
+                            >
+                                <img :src="heroClinicLogo" alt="" class="h-full w-full object-contain p-1" @error="heroLogoFailed = true" />
+                            </div>
+                        </div>
+
+                        <!-- Identidade -->
+                        <div class="min-w-0 flex-1 text-center md:text-left">
+                            <div v-if="heroClinic?.name" class="text-[11px] font-semibold uppercase tracking-[0.14em] text-emerald-200/90">
+                                {{ heroClinic.name }}
+                            </div>
+                            <h1 class="mt-1 text-2xl font-semibold tracking-tight text-slate-50 md:text-3xl">
+                                {{ heroDisplayName }}
+                            </h1>
+                            <div v-if="heroWorkLabel" class="mt-1 text-sm text-slate-300">
+                                {{ heroWorkLabel }}
+                            </div>
+                            <p
+                                v-if="heroTherapist?.bio"
+                                class="mx-auto mt-3 max-w-2xl text-sm leading-relaxed text-slate-200/90 md:mx-0"
+                                style="display: -webkit-box; -webkit-line-clamp: 3; -webkit-box-orient: vertical; overflow: hidden;"
+                            >
+                                {{ heroTherapist.bio }}
+                            </p>
+
+                            <!-- Contatos -->
+                            <div v-if="heroContactChips.length" class="mt-4 flex flex-wrap items-center justify-center gap-2 md:justify-start">
+                                <a
+                                    v-for="chip in heroContactChips"
+                                    :key="chip.icon + chip.label"
+                                    :href="chip.href"
+                                    :target="chip.external ? '_blank' : '_self'"
+                                    :rel="chip.external ? 'noopener noreferrer' : undefined"
+                                    class="inline-flex max-w-full items-center gap-2 rounded-full border border-white/15 bg-white/5 px-3 py-1.5 text-xs text-slate-100 transition hover:border-white/30 hover:bg-white/10"
+                                >
+                                    <i :class="chip.icon" />
+                                    <span class="truncate">{{ chip.label }}</span>
+                                </a>
+                            </div>
+                        </div>
+                    </div>
+
+                    <!-- Boas-vindas -->
+                    <div class="relative mt-6 rounded-2xl border border-emerald-400/20 bg-emerald-400/5 px-4 py-3 text-sm text-slate-100/95">
+                        <div class="flex items-start gap-3">
+                            <i class="pi pi-heart-fill mt-0.5 text-emerald-300" />
+                            <div>
+                                <span v-if="heroFirstName">Olá! Aqui é {{ heroFirstName }}. </span>
+                                <span v-else>Olá! </span>
+                                Que bom ter você por aqui. Para organizarmos nosso primeiro contato, preencha o formulário abaixo com calma —
+                                leva poucos minutos e os campos opcionais podem ficar em branco.
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </section>
+
+            <!-- Modal container -->
+            <div class="mx-auto w-full max-w-[1100px]">
+                <div class="rounded-3xl border border-white/10 bg-white/5 shadow-2xl backdrop-blur-xl">
+                    <!-- Header -->
+                    <div class="flex flex-col gap-4 border-b border-white/10 px-6 py-6 md:flex-row md:items-center md:justify-between">
+                        <div class="min-w-0">
+                            <div class="flex items-center gap-3">
+                                <div class="grid h-11 w-11 place-items-center rounded-2xl bg-white/10">
+                                    <i class="pi pi-user text-lg opacity-90" />
+                                </div>
+                                <div class="min-w-0">
+                                    <div class="text-xl font-semibold tracking-tight">Pré-cadastro do paciente</div>
+                                    <div class="mt-0.5 text-sm text-slate-300">Preencha no seu tempo. O que for opcional pode ficar em branco.</div>
+                                </div>
+                            </div>
+
+                            <!-- status strip -->
+                            <div class="mt-4 flex flex-wrap items-center gap-2">
+                                <span class="inline-flex items-center gap-2 rounded-full border px-3 py-1 text-xs" :class="tokenOk ? 'border-emerald-400/30 bg-emerald-400/10 text-emerald-100' : 'border-rose-400/30 bg-rose-400/10 text-rose-100'">
+                                    <i :class="tokenOk ? 'pi pi-check' : 'pi pi-times'" />
+                                    {{ tokenOk ? 'Link verificado' : 'Link inválido' }}
+                                </span>
+
+                                <span class="inline-flex items-center gap-2 rounded-full border border-white/10 bg-white/5 px-3 py-1 text-xs text-slate-200">
+                                    <i class="pi pi-lock" />
+                                    Privacidade: uso apenas para contato e organização do atendimento
+                                </span>
+
+                                <span v-if="tokenOk && !sucesso" class="inline-flex items-center gap-2 rounded-full border border-white/10 bg-white/5 px-3 py-1 text-xs text-slate-200">
+                                    <i class="pi pi-chart-line" />
+                                    Progresso: <b class="font-semibold">{{ progressPct }}%</b>
+                                </span>
+                            </div>
+
+                            <!-- progress bar -->
+                            <div v-if="tokenOk && !sucesso" class="mt-3 h-2 w-full overflow-hidden rounded-full bg-white/10">
+                                <div class="h-full rounded-full bg-emerald-400/70 transition-all" :style="{ width: progressPct + '%' }" />
+                            </div>
+                        </div>
+
+                        <!-- actions -->
+                        <div class="flex shrink-0 flex-wrap items-center gap-2">
+                            <!-- A#26: Botão de preencher mock apenas em DEV -->
+                            <Button v-if="isDev" label="Preencher exemplo" icon="pi pi-bolt" severity="secondary" outlined class="!border-white/20 !text-slate-100" :disabled="salvando || sucesso || !tokenOk" @click="preencherMock" />
+                            <Button label="Enviar" icon="pi pi-send" class="!bg-emerald-400/90 !border-emerald-400/50 !text-slate-950" :loading="salvando" :disabled="salvando || sucesso || !tokenOk" @click="enviar" />
+                        </div>
+                    </div>
+
+                    <!-- Body states -->
+                    <div class="px-6 py-6">
+                        <Message v-if="!tokenOk" severity="error" :closable="false" class="mb-4"> Link inválido ou ausente. Verifique se você recebeu a URL completa. </Message>
+
+                        <Message v-else-if="sucesso" severity="success" :closable="false" class="mb-4"> Enviado com sucesso. Você pode fechar esta página. </Message>
+
+                        <div v-else class="grid grid-cols-12 gap-4">
+                            <!-- Left panel (inside modal) -->
+                            <aside class="col-span-12 md:col-span-4">
+                                <div class="rounded-2xl border border-white/10 bg-white/5 p-4">
+                                    <!-- Section chips -->
+                                    <div>
+                                        <div class="text-xs font-semibold text-slate-200">Seções</div>
+                                        <div class="mt-2 flex flex-wrap gap-2">
+                                            <button
+                                                v-for="item in navItems"
+                                                :key="item.value"
+                                                type="button"
+                                                class="inline-flex items-center gap-2 rounded-full border px-3 py-1 text-xs transition"
+                                                :class="activeValue === item.value ? 'border-emerald-400/30 bg-emerald-400/10 text-emerald-100' : 'border-white/10 bg-white/5 text-slate-200 hover:bg-white/10'"
+                                                @click="openPanel(Number(item.value))"
+                                            >
+                                                <i :class="item.icon" />
+                                                <span class="max-w-[160px] truncate">{{ item.label }}</span>
+                                            </button>
+                                        </div>
+                                    </div>
+
+                                    <!-- Privacy note -->
+                                    <div class="mt-5 rounded-2xl border border-white/10 bg-white/5 p-4">
+                                        <div class="flex items-center gap-2 text-sm font-semibold">
+                                            <i class="pi pi-shield text-slate-200" />
+                                            Privacidade
+                                        </div>
+                                        <div class="mt-2 text-xs text-slate-300">Seus dados serão usados apenas para contato e organização do atendimento. Se algo falhar, peça um novo link ao terapeuta.</div>
+                                    </div>
+                                </div>
+                            </aside>
+
+                            <!-- Main form -->
+                            <main class="col-span-12 md:col-span-8">
+                                <div class="rounded-2xl border border-white/10 bg-white/5 p-4">
+                                    <!-- Compact dropdown nav -->
+                                    <div v-if="isCompact" class="mb-3">
+                                        <Button
+                                            type="button"
+                                            class="w-full !border-white/20 !text-slate-100"
+                                            icon="pi pi-chevron-down"
+                                            iconPos="right"
+                                            :label="selectedNav ? selectedNav.label : 'Selecionar seção'"
+                                            outlined
+                                            @click="toggleNav($event)"
+                                        />
+
+                                        <Popover ref="navPopover">
+                                            <div class="flex flex-col gap-2 p-1" style="min-width: 260px">
+                                                <div class="px-2 pt-2 text-xs font-semibold">Seções</div>
+                                                <ul class="m-0 list-none p-2">
+                                                    <li v-for="item in navItems" :key="item.value" class="flex cursor-pointer items-center gap-2 rounded-xl px-2 py-2 text-sm hover:bg-black/5" @click="selectNav(item)">
+                                                        <i :class="item.icon" style="opacity: 0.85" />
+                                                        <span class="font-medium">{{ item.label }}</span>
+                                                    </li>
+                                                </ul>
+                                            </div>
+                                        </Popover>
+                                    </div>
+
+                                    <Accordion :multiple="false" v-model:value="activeValue">
+                                        <!-- 0 -->
+                                        <AccordionPanel value="0">
+                                            <AccordionHeader :ref="(el) => setPanelHeaderRef(el, 0)"> 1. Informações pessoais </AccordionHeader>
+                                            <AccordionContent>
+                                                <div class="grid grid-cols-1 gap-4 lg:grid-cols-2">
+                                                    <div class="lg:col-span-2">
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-user" />
+                                                                <InputText id="f_nome" v-model="form.nome_completo" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_nome">Nome completo *</label>
+                                                        </FloatLabel>
+                                                        <div v-if="errors.nome_completo" class="mt-2 rounded-xl border border-rose-400/30 bg-rose-400/10 px-3 py-2 text-xs text-rose-100">
+                                                            {{ errors.nome_completo }}
+                                                        </div>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-mobile" />
+                                                                <InputMask id="f_telefone" v-model="form.telefone" class="w-full" variant="filled" mask="(99) 99999-9999" placeholder="(00) 00000-0000" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_telefone">Telefone / WhatsApp *</label>
+                                                        </FloatLabel>
+                                                        <div v-if="errors.telefone" class="mt-2 rounded-xl border border-rose-400/30 bg-rose-400/10 px-3 py-2 text-xs text-rose-100">
+                                                            {{ errors.telefone }}
+                                                        </div>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-envelope" />
+                                                                <InputText id="f_email_principal" v-model="form.email_principal" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_email_principal">E-mail principal *</label>
+                                                        </FloatLabel>
+                                                        <div v-if="errors.email_principal" class="mt-2 rounded-xl border border-rose-400/30 bg-rose-400/10 px-3 py-2 text-xs text-rose-100">
+                                                            {{ errors.email_principal }}
+                                                        </div>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-envelope" />
+                                                                <InputText id="f_email_alt" v-model="form.email_alternativo" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_email_alt">E-mail alternativo</label>
+                                                        </FloatLabel>
+                                                        <div v-if="errors.email_alternativo" class="mt-2 rounded-xl border border-rose-400/30 bg-rose-400/10 px-3 py-2 text-xs text-rose-100">
+                                                            {{ errors.email_alternativo }}
+                                                        </div>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-phone" />
+                                                                <InputMask id="f_tel_alt" v-model="form.telefone_alternativo" class="w-full" variant="filled" mask="(99) 99999?-9999" placeholder="(00) 00000-0000" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_tel_alt">Telefone alternativo</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-calendar" />
+                                                                <InputMask id="f_nasc" v-model="form.data_nascimento" mask="99-99-9999" class="w-full" variant="filled" placeholder="DD-MM-AAAA" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_nasc">Data de nascimento</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-venus" />
+                                                                <Select id="f_genero" v-model="form.genero" :options="GENDER_OPTIONS" optionLabel="label" optionValue="value" class="w-full pl-[25px]" showClear variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_genero">Gênero</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-heart" />
+                                                                <Select
+                                                                    id="f_estado_civil"
+                                                                    v-model="form.estado_civil"
+                                                                    :options="MARITAL_OPTIONS"
+                                                                    optionLabel="label"
+                                                                    optionValue="value"
+                                                                    class="w-full pl-[25px]"
+                                                                    showClear
+                                                                    variant="filled"
+                                                                    :disabled="salvando"
+                                                                />
+                                                            </IconField>
+                                                            <label for="f_estado_civil">Estado civil</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-id-card" />
+                                                                <InputMask id="f_cpf" v-model="form.cpf" class="w-full" variant="filled" mask="999.999.999-99" placeholder="000.000.000-00" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_cpf">CPF</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-credit-card" />
+                                                                <InputMask id="f_rg" v-model="form.rg" class="w-full" variant="filled" mask="99.999.999-9" placeholder="00.000.000-0" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_rg">RG</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-flag" />
+                                                                <InputText id="f_nacionalidade" v-model="form.nacionalidade" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_nacionalidade">Nacionalidade</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div class="lg:col-span-2">
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-globe" />
+                                                                <InputText id="f_naturalidade" v-model="form.naturalidade" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_naturalidade">Naturalidade</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div class="lg:col-span-2">
+                                                        <FloatLabel variant="on">
+                                                            <IconField iconPosition="left">
+                                                                <InputIcon class="pi pi-comment" />
+                                                                <Textarea id="f_observacoes" v-model="form.observacoes" class="w-full" autoResize rows="3" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_observacoes">Observações</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-megaphone" />
+                                                                <InputText id="f_onde" v-model="form.onde_nos_conheceu" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_onde">Onde nos conheceu?</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-share-alt" />
+                                                                <InputText id="f_encaminhado" v-model="form.encaminhado_por" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_encaminhado">Encaminhado por</label>
+                                                        </FloatLabel>
+                                                    </div>
+                                                </div>
+                                            </AccordionContent>
+                                        </AccordionPanel>
+
+                                        <!-- 1 -->
+                                        <AccordionPanel value="1">
+                                            <AccordionHeader :ref="(el) => setPanelHeaderRef(el, 1)"> 2. Endereço </AccordionHeader>
+                                            <AccordionContent>
+                                                <div class="grid grid-cols-1 gap-4 lg:grid-cols-2">
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-map-marker" />
+                                                                <InputMask id="f_cep" v-model="form.cep" class="w-full" variant="filled" mask="99999-999" placeholder="00000-000" :disabled="salvando" @blur="onCepBlur" @keyup.enter="onCepBlur" />
+                                                            </IconField>
+                                                            <label for="f_cep">CEP</label>
+                                                        </FloatLabel>
+                                                        <div v-if="cepLoading" class="mt-2 text-xs text-slate-300">Consultando CEP…</div>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-map-marker" />
+                                                                <InputText id="f_pais" v-model="form.pais" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_pais">País</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-map-marker" />
+                                                                <InputText id="f_cidade" v-model="form.cidade" class="w-full" variant="filled" :disabled="addressLocked" />
+                                                            </IconField>
+                                                            <label for="f_cidade">Cidade</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-map-marker" />
+                                                                <InputText id="f_estado" v-model="form.estado" class="w-full" variant="filled" :disabled="addressLocked" />
+                                                            </IconField>
+                                                            <label for="f_estado">Estado</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-map-marker" />
+                                                                <InputText id="f_endereco" v-model="form.endereco" class="w-full" variant="filled" :disabled="addressLocked" />
+                                                            </IconField>
+                                                            <label for="f_endereco">Endereço</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-map-marker" />
+                                                                <InputText id="f_numero" v-model="form.numero" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_numero">Número</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-map-marker" />
+                                                                <InputText id="f_bairro" v-model="form.bairro" class="w-full" variant="filled" :disabled="addressLocked" />
+                                                            </IconField>
+                                                            <label for="f_bairro">Bairro</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-map-marker" />
+                                                                <InputText id="f_complemento" v-model="form.complemento" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_complemento">Complemento</label>
+                                                        </FloatLabel>
+                                                    </div>
+                                                </div>
+                                            </AccordionContent>
+                                        </AccordionPanel>
+
+                                        <!-- 2 -->
+                                        <AccordionPanel value="2">
+                                            <AccordionHeader :ref="(el) => setPanelHeaderRef(el, 2)"> 3. Dados adicionais </AccordionHeader>
+                                            <AccordionContent>
+                                                <div class="grid grid-cols-1 gap-4 lg:grid-cols-2">
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-book" />
+                                                                <InputText id="f_escolaridade" v-model="form.escolaridade" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_escolaridade">Escolaridade</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-briefcase" />
+                                                                <InputText id="f_profissao" v-model="form.profissao" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_profissao">Profissão</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div class="lg:col-span-2">
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-user" />
+                                                                <InputText id="f_nome_parente" v-model="form.nome_parente" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_nome_parente">Nome de um parente (opcional)</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-users" />
+                                                                <InputText id="f_parentesco" v-model="form.grau_parentesco" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_parentesco">Parentesco</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-phone" />
+                                                                <InputMask id="f_tel_parente" v-model="form.telefone_parente" class="w-full" variant="filled" mask="(99) 99999?-9999" placeholder="(00) 00000-0000" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_tel_parente">Telefone do parente</label>
+                                                        </FloatLabel>
+                                                    </div>
+                                                </div>
+                                            </AccordionContent>
+                                        </AccordionPanel>
+
+                                        <!-- 3 -->
+                                        <AccordionPanel value="3">
+                                            <AccordionHeader :ref="(el) => setPanelHeaderRef(el, 3)"> 4. Responsável </AccordionHeader>
+                                            <AccordionContent>
+                                                <div class="grid grid-cols-1 gap-4 lg:grid-cols-2">
+                                                    <div class="lg:col-span-2">
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-user" />
+                                                                <InputText id="f_nome_responsavel" v-model="form.nome_responsavel" class="w-full" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_nome_responsavel">Nome do responsável</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-id-card" />
+                                                                <InputMask id="f_cpf_responsavel" v-model="form.cpf_responsavel" class="w-full" variant="filled" mask="999.999.999-99" placeholder="000.000.000-00" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_cpf_responsavel">CPF do responsável</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div>
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-phone" />
+                                                                <InputMask id="f_tel_responsavel" v-model="form.telefone_responsavel" class="w-full" variant="filled" mask="(99) 99999-9999" placeholder="(00) 00000-0000" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_tel_responsavel">Telefone do responsável</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div class="lg:col-span-2">
+                                                        <FloatLabel variant="on">
+                                                            <IconField>
+                                                                <InputIcon class="pi pi-comment" />
+                                                                <Textarea id="f_obs_responsavel" v-model="form.observacao_responsavel" class="w-full" autoResize rows="4" variant="filled" :disabled="salvando" />
+                                                            </IconField>
+                                                            <label for="f_obs_responsavel">Observação do responsável</label>
+                                                        </FloatLabel>
+                                                    </div>
+
+                                                    <div class="lg:col-span-2">
+                                                        <div class="rounded-2xl border border-white/10 bg-white/5 p-4">
+                                                            <div class="flex items-start gap-3">
+                                                                <Checkbox v-model="form.cobranca_no_responsavel" :binary="true" inputId="f_cobranca_no_responsavel" :disabled="salvando" />
+                                                                <label for="f_cobranca_no_responsavel" class="text-sm text-slate-200">
+                                                                    Permitir o envio de cobranças no nome do responsável?
+                                                                    <span class="block pt-1 text-xs text-slate-300"> O sistema poderá usar nome e CPF do responsável nas cobranças. </span>
+                                                                </label>
+                                                            </div>
+                                                        </div>
+                                                    </div>
+                                                </div>
+                                            </AccordionContent>
+                                        </AccordionPanel>
+
+                                    </Accordion>
+
+                                    <!-- Footer / Consent + CTA -->
+                                    <div class="mt-5 flex flex-col gap-3">
+                                        <div class="rounded-2xl border border-white/10 bg-white/5 p-4">
+                                            <div class="flex items-start gap-3">
+                                                <Checkbox v-model="consent" :binary="true" :disabled="salvando" inputId="ext_consent" />
+                                                <div class="min-w-0">
+                                                    <label for="ext_consent" class="block text-sm font-semibold text-slate-100"> Concordo em enviar meus dados para o terapeuta. </label>
+                                                    <div class="mt-1 text-xs text-slate-300">
+                                                        Seus dados serão usados apenas para contato e organização do atendimento.
+                                                        <button type="button" class="ml-1 underline text-emerald-300 hover:text-emerald-200 focus:outline-none" @click="policyOpen = true">
+                                                            Ver política de privacidade
+                                                        </button>
+                                                    </div>
+
+                                                    <div v-if="errors.consentimento" class="mt-2 rounded-xl border border-rose-400/30 bg-rose-400/10 px-3 py-2 text-xs text-rose-100">
+                                                        {{ errors.consentimento }}
+                                                    </div>
+                                                </div>
+                                            </div>
+                                        </div>
+
+                                        <!-- A#20 rev2: HONEYPOT invisível — bot preenche tudo, humano nunca vê -->
+                                        <div class="absolute -left-[9999px]" aria-hidden="true">
+                                            <label for="ext_website">Não preencha este campo</label>
+                                            <input
+                                                id="ext_website"
+                                                v-model="honeypot"
+                                                type="text"
+                                                tabindex="-1"
+                                                autocomplete="off"
+                                            />
+                                        </div>
+
+                                        <!-- A#20 rev2: math captcha CONDICIONAL — só aparece quando edge pedir -->
+                                        <MathCaptchaChallenge
+                                            v-if="captchaRequired"
+                                            v-model:id="captchaId"
+                                            v-model:answer="captchaAnswer"
+                                        />
+
+                                        <div class="flex flex-col gap-2 md:flex-row md:items-center md:justify-between">
+                                            <div class="text-xs text-slate-300">Se algo falhar, peça um novo link ao terapeuta.</div>
+
+                                            <Button
+                                                label="Enviar cadastro"
+                                                icon="pi pi-send"
+                                                class="!bg-emerald-400/90 !border-emerald-400/50 !text-slate-950 md:!min-w-[240px]"
+                                                :loading="salvando"
+                                                :disabled="salvando || sucesso || !tokenOk || (captchaRequired && (!captchaId || captchaAnswer == null))"
+                                                @click="enviar"
+                                            />
+                                        </div>
+                                    </div>
+                                </div>
+                            </main>
+                        </div>
+                    </div>
+                </div>
+
+                <!-- subtle footer -->
+                <div class="mt-4 text-center text-xs text-slate-400">Ao enviar, você confirma que está fornecendo informações verdadeiras e que autoriza o contato.</div>
+            </div>
+        </div>
+
+        <!-- A#25: Política de privacidade (dialog inline) -->
+        <Dialog
+            v-model:visible="policyOpen"
+            modal
+            header="Política de privacidade"
+            :style="{ width: '92vw', maxWidth: '720px' }"
+            :breakpoints="{ '640px': '96vw' }"
+            :draggable="false"
+            :dismissableMask="true"
+        >
+            <div class="text-sm leading-relaxed text-[var(--text-color)] space-y-4">
+                <section>
+                    <h3 class="text-base font-semibold">Finalidade do tratamento</h3>
+                    <p>Seus dados pessoais são coletados exclusivamente para viabilizar o contato do terapeuta com você e organizar o atendimento clínico. Não são usados para marketing, compartilhamento com terceiros ou perfilamento.</p>
+                </section>
+
+                <section>
+                    <h3 class="text-base font-semibold">Dados coletados</h3>
+                    <ul class="list-disc pl-5 space-y-1">
+                        <li>Identificação: nome completo, CPF, RG (opcional), data de nascimento, gênero, estado civil, nacionalidade, naturalidade.</li>
+                        <li>Contato: telefone(s), e-mail(s), endereço.</li>
+                        <li>Contexto: profissão, escolaridade, parente/responsável, origem do contato, observações que você optar por fornecer.</li>
+                    </ul>
+                </section>
+
+                <section>
+                    <h3 class="text-base font-semibold">Base legal (LGPD)</h3>
+                    <p>Tratamos seus dados com base no <b>consentimento</b> que você fornece ao marcar a caixa correspondente (Art. 7º, I da Lei 13.709/2018), e quando aplicável, também com base na execução de contrato de prestação de serviço terapêutico (Art. 7º, V).</p>
+                </section>
+
+                <section>
+                    <h3 class="text-base font-semibold">Retenção</h3>
+                    <p>Dados de pré-cadastro são mantidos pelo tempo necessário para a conversão em paciente (ou descarte, se não houver andamento). Após início do vínculo terapêutico, seguem as regras aplicáveis ao prontuário clínico (Resolução CFP 001/2009: no mínimo 5 anos após último atendimento).</p>
+                </section>
+
+                <section>
+                    <h3 class="text-base font-semibold">Seus direitos</h3>
+                    <p>A qualquer momento você pode solicitar, sem custo:</p>
+                    <ul class="list-disc pl-5 space-y-1">
+                        <li>Confirmação da existência de tratamento;</li>
+                        <li>Acesso aos seus dados;</li>
+                        <li>Correção de dados incompletos, inexatos ou desatualizados;</li>
+                        <li>Anonimização, bloqueio ou eliminação de dados desnecessários;</li>
+                        <li>Portabilidade dos dados;</li>
+                        <li>Eliminação dos dados pessoais tratados com base no consentimento;</li>
+                        <li>Revogação do consentimento.</li>
+                    </ul>
+                    <p class="mt-2">Para exercer qualquer desses direitos, entre em contato diretamente com o profissional que enviou este link.</p>
+                </section>
+
+                <section>
+                    <h3 class="text-base font-semibold">Segurança</h3>
+                    <p>Adotamos medidas técnicas (criptografia em trânsito, controle de acesso, registros de auditoria) e administrativas para proteger seus dados. Ainda assim, nenhum sistema é 100% seguro — comprometa apenas o estritamente necessário.</p>
+                </section>
+
+                <section class="text-xs text-[var(--text-color-secondary)]">
+                    <p>Esta política pode ser atualizada. Data da última revisão: 18/04/2026.</p>
+                </section>
+            </div>
+
+            <template #footer>
+                <Button label="Entendi" icon="pi pi-check" @click="policyOpen = false" />
+            </template>
+        </Dialog>
+    </div>
+</template>
diff --git a/src/views/pages/public/CadastroPacienteExterno.vue b/src/views/pages/public/CadastroPacienteExterno.vue
index ed47ed3..5735a40 100644
--- a/src/views/pages/public/CadastroPacienteExterno.vue
+++ b/src/views/pages/public/CadastroPacienteExterno.vue
@@ -1,234 +1,243 @@
 <!--
 |--------------------------------------------------------------------------
-| Agência PSI
+| Agência PSI — Cadastro externo de paciente (v2 · HomeCards DNA)
 |--------------------------------------------------------------------------
-| Criado e desenvolvido por Leonardo Nohama
-|
-| Tecnologia aplicada à escuta.
-| Estrutura para o cuidado.
-|
-| Arquivo: src/views/pages/public/CadastroPacienteExterno.vue
-| Data: 2026
-| Local: São Carlos/SP — Brasil
-|--------------------------------------------------------------------------
-| © 2026 — Todos os direitos reservados
+| Redesenho disruptivo: multi-step flow (4 etapas), título com gradiente,
+| números decorativos gigantes, DM Sans, fundo vivo (noise + lines + spots).
+| Toda a lógica original foi preservada: fetch de invite info, ViaCEP,
+| honeypot, captcha condicional, validação, submit, LGPD, mock DEV.
 |--------------------------------------------------------------------------
 -->
 <script setup>
-import { computed, reactive, ref, onMounted, onBeforeUnmount, nextTick, watch } from 'vue';
+import { computed, reactive, ref, onMounted, onBeforeUnmount, watch } from 'vue';
 import { useRoute } from 'vue-router';
 
 import InputMask from 'primevue/inputmask';
 import Textarea from 'primevue/textarea';
 import Checkbox from 'primevue/checkbox';
-import Message from 'primevue/message';
-import Popover from 'primevue/popover';
 import Dialog from 'primevue/dialog';
-import Accordion from 'primevue/accordion';
-import AccordionPanel from 'primevue/accordionpanel';
-import AccordionHeader from 'primevue/accordionheader';
-import AccordionContent from 'primevue/accordioncontent';
 import Select from 'primevue/select';
 
 import { useToast } from 'primevue/usetoast';
 import { supabase } from '@/lib/supabase/client';
 import { digitsOnly, isValidEmail, toISODate, generateCPF, fmtCPF } from '@/utils/validators';
 import MathCaptchaChallenge from '@/components/security/MathCaptchaChallenge.vue';
+import { useLayout } from '@/layout/composables/layout';
 
 const route = useRoute();
 const toast = useToast();
-
 const isDev = import.meta.env.DEV;
 
-// A#20 rev2 — defesa em camadas self-hosted
-// Honeypot: campo invisível que humano nunca preenche
-const honeypot = ref('');
-// Math captcha: ativado sob demanda quando edge function devolve 403 captcha-required
-const captchaRequired = ref(false);
-const captchaId = ref('');
-const captchaAnswer = ref(null);
+// Tema claro/escuro (sem persistência — só no tempo-de-vida desta página)
+const { layoutConfig, isDarkTheme, toggleDarkMode } = useLayout();
+const _initialDark = ref(false);
 
-const salvando = ref(false);
-const sucesso = ref(false);
-
-// A#25: dialog de política de privacidade (LGPD)
-const policyOpen = ref(false);
+function forceLightSilent() {
+    if (isDarkTheme.value) {
+        document.documentElement.classList.remove('app-dark');
+        layoutConfig.darkTheme = false;
+    }
+}
+function restoreThemeSilent() {
+    const want = _initialDark.value;
+    if (isDarkTheme.value !== want) {
+        document.documentElement.classList.toggle('app-dark', want);
+        layoutConfig.darkTheme = want;
+    }
+}
 
+// ----------------------------------------------------------------
+// Token
+// ----------------------------------------------------------------
 const token = computed(() => String(route.query.t || '').trim());
-// A#21: validação mais estrita — aceita UUID (com ou sem hífen, 32 hex chars).
-// Ainda é cosmético (servidor valida de verdade), mas reduz falsos "verificado".
 const TOKEN_RX = /^[0-9a-f]{32}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 const tokenOk = computed(() => TOKEN_RX.test(token.value));
 
-// ------------------------------------------------------
-// Helpers (✅ ficam ANTES do enviar())
-// ------------------------------------------------------
-function cleanStr(v) {
-    const s = String(v ?? '').trim();
-    return s ? s : null;
+// ----------------------------------------------------------------
+// Flags
+// ----------------------------------------------------------------
+const honeypot = ref('');
+const captchaRequired = ref(false);
+const captchaId = ref('');
+const captchaAnswer = ref(null);
+const salvando = ref(false);
+const sucesso = ref(false);
+const policyOpen = ref(false);
+
+// ----------------------------------------------------------------
+// Hero / Invite info
+// ----------------------------------------------------------------
+const inviteInfo = ref(null);
+const loadingInfo = ref(false);
+const heroAvatarFailed = ref(false);
+const heroLogoFailed = ref(false);
+
+const WORK_DESCRIPTION_LABEL = {
+    psicologo_clinico: 'Psicólogo(a) Clínico(a)',
+    psicanalista: 'Psicanalista',
+    psiquiatra: 'Psiquiatra',
+    psicoterapeuta: 'Psicoterapeuta',
+    neuropsicologo: 'Neuropsicólogo(a)',
+    psicologo_organizacional: 'Psicólogo(a) Organizacional',
+    psicologo_escolar: 'Psicólogo(a) Escolar',
+    psicologo_hospitalar: 'Psicólogo(a) Hospitalar',
+    coach_mentor: 'Coach / Mentor(a)',
+    terapeuta_holistico: 'Terapeuta Holístico(a)',
+    outro: 'Profissional da saúde mental'
+};
+
+const heroTherapist = computed(() => inviteInfo.value?.therapist || null);
+const heroClinic = computed(() => inviteInfo.value?.clinic || null);
+const heroDisplayName = computed(() => heroTherapist.value?.display_name || 'Profissional');
+const heroFirstName = computed(() => String(heroDisplayName.value || '').trim().split(/\s+/)[0] || '');
+const heroLastName = computed(() => String(heroDisplayName.value || '').trim().split(/\s+/).slice(1).join(' '));
+const heroAvatar = computed(() => (!heroAvatarFailed.value ? heroTherapist.value?.avatar_url || '' : ''));
+const heroClinicLogo = computed(() => (!heroLogoFailed.value ? heroClinic.value?.logo_url || '' : ''));
+const heroWorkLabel = computed(() => {
+    const key = heroTherapist.value?.work_description;
+    if (!key) return '';
+    return WORK_DESCRIPTION_LABEL[key] || 'Profissional da saúde mental';
+});
+const heroInitials = computed(() => {
+    const parts = String(heroDisplayName.value || '').trim().split(/\s+/).filter(Boolean);
+    if (!parts.length) return '·';
+    if (parts.length === 1) return parts[0].slice(0, 2).toUpperCase();
+    return (parts[0][0] + parts[parts.length - 1][0]).toUpperCase();
+});
+const hasBothLogos = computed(() => !!(heroAvatar.value && heroClinicLogo.value));
+
+function _normalizeUrl(u) {
+    const s = String(u || '').trim();
+    if (!s) return '';
+    if (/^https?:\/\//i.test(s)) return s;
+    return `https://${s}`;
+}
+function _instagramUrl(handle) {
+    const s = String(handle || '').trim().replace(/^@/, '');
+    if (!s) return '';
+    if (/^https?:\/\//i.test(s)) return s;
+    return `https://instagram.com/${s}`;
+}
+function _firstSocialFromClinic(socials) {
+    if (!Array.isArray(socials)) return null;
+    for (const item of socials) {
+        if (!item) continue;
+        if (typeof item === 'string' && item.trim()) return { label: 'Rede social', href: _normalizeUrl(item), icon: 'pi pi-globe', external: true };
+        if (typeof item === 'object') {
+            const url = item.url || item.link || item.handle;
+            const kind = String(item.platform || item.type || item.network || '').toLowerCase();
+            if (!url) continue;
+            const href = kind.includes('instagram') ? _instagramUrl(url) : _normalizeUrl(url);
+            const icon = kind.includes('instagram') ? 'pi pi-instagram'
+                       : kind.includes('facebook')  ? 'pi pi-facebook'
+                       : kind.includes('youtube')   ? 'pi pi-youtube'
+                       : kind.includes('linkedin')  ? 'pi pi-linkedin'
+                       : 'pi pi-globe';
+            return { label: item.platform || 'Rede social', href, icon, external: true };
+        }
+    }
+    return null;
 }
 
-// ------------------------------------------------------
-// Mock fill (Preencher tudo)
-// ------------------------------------------------------
-function randInt(min, max) {
-    return Math.floor(Math.random() * (max - min + 1)) + min;
-}
-function pick(arr) {
-    return arr[randInt(0, arr.length - 1)];
-}
-function maybe(p = 0.5) {
-    return Math.random() < p;
-}
-function pad2(n) {
-    return String(n).padStart(2, '0');
+const heroContactChips = computed(() => {
+    const chips = [];
+    const t = heroTherapist.value || {};
+    const c = heroClinic.value || {};
+    const parts = [c.street, c.number].filter(Boolean).join(', ');
+    const cityUf = [c.city, c.state].filter(Boolean).join(' · ');
+    const addr = [parts, c.neighborhood, cityUf].filter(Boolean).join(' — ');
+    if (addr) chips.push({ label: addr, href: `https://www.google.com/maps/search/?api=1&query=${encodeURIComponent(addr)}`, icon: 'pi pi-map-marker', external: true });
+    const phone = c.phone || t.phone;
+    if (phone) {
+        const d = String(phone).replace(/\D/g, '');
+        chips.push({ label: phone, href: d ? `tel:+${d.startsWith('55') ? d : '55' + d}` : `tel:${phone}`, icon: 'pi pi-phone', external: false });
+    }
+    if (c.email) chips.push({ label: c.email, href: `mailto:${c.email}`, icon: 'pi pi-envelope', external: false });
+    const site = c.site || t.site_url;
+    if (site) chips.push({ label: 'Site', href: _normalizeUrl(site), icon: 'pi pi-globe', external: true });
+    if (t.instagram) {
+        const handle = String(t.instagram).replace(/^@/, '').replace(/^https?:\/\/(www\.)?instagram\.com\//i, '').replace(/\/$/, '');
+        chips.push({ label: `@${handle}`, href: _instagramUrl(t.instagram), icon: 'pi pi-instagram', external: true });
+    } else {
+        const social = _firstSocialFromClinic(c.social);
+        if (social) chips.push(social);
+    }
+    return chips;
+});
+
+async function fetchInviteInfo() {
+    if (!tokenOk.value) return;
+    loadingInfo.value = true;
+    try {
+        const { data, error } = await supabase.functions.invoke('get-intake-invite-info', { body: { token: token.value } });
+        if (error) return;
+        if (data?.ok && data.info) inviteInfo.value = data.info;
+    } catch { /* silencioso */ } finally {
+        loadingInfo.value = false;
+    }
 }
 
+// ----------------------------------------------------------------
+// Helpers
+// ----------------------------------------------------------------
+function cleanStr(v) { const s = String(v ?? '').trim(); return s ? s : null; }
+function randInt(min, max) { return Math.floor(Math.random() * (max - min + 1)) + min; }
+function pick(arr) { return arr[randInt(0, arr.length - 1)]; }
+function maybe(p = 0.5) { return Math.random() < p; }
+function pad2(n) { return String(n).padStart(2, '0'); }
+
 function randomDateDDMMYYYY(minAge = 18, maxAge = 65) {
     const now = new Date();
     const age = randInt(minAge, maxAge);
     const year = now.getFullYear() - age;
-    const month = randInt(1, 12);
-    const day = randInt(1, 28);
-    return `${pad2(day)}-${pad2(month)}-${year}`;
+    return `${pad2(randInt(1, 28))}-${pad2(randInt(1, 12))}-${year}`;
 }
-
 function randomPhoneBR() {
-    const ddd = randInt(11, 99);
-    const p1 = randInt(90000, 99999);
-    const p2 = randInt(1000, 9999);
-    return `(${ddd}) ${p1}-${p2}`;
+    return `(${randInt(11, 99)}) ${randInt(90000, 99999)}-${randInt(1000, 9999)}`;
 }
-
-function generateCPFFormatted() {
-    return fmtCPF(generateCPF());
-}
-
+function generateCPFFormatted() { return fmtCPF(generateCPF()); }
 function generateRG() {
     const base = Array.from({ length: 8 }, () => randInt(0, 9));
     let sum = 0;
     for (let i = 0; i < 8; i++) sum += base[i] * (9 - i);
     const mod = sum % 11;
     let dv = 11 - mod;
-    if (dv === 10) dv = 'X';
-    else if (dv === 11) dv = 0;
-    const rg = [...base, dv].join('');
-    return rg.replace(/^(\d{2})(\d{3})(\d{3})([\dX])$/, '$1.$2.$3-$4');
+    if (dv === 10) dv = 'X'; else if (dv === 11) dv = 0;
+    return [...base, dv].join('').replace(/^(\d{2})(\d{3})(\d{3})([\dX])$/, '$1.$2.$3-$4');
 }
-
 function randomEmailFromName(name) {
-    const slug = String(name || 'paciente')
-        .normalize('NFD')
-        .replace(/[\u0300-\u036f]/g, '')
-        .toLowerCase()
-        .replace(/[^a-z0-9]+/g, '.')
-        .replace(/(^\.)|(\.$)/g, '');
+    const slug = String(name || 'paciente').normalize('NFD').replace(/[\u0300-\u036f]/g, '').toLowerCase().replace(/[^a-z0-9]+/g, '.').replace(/(^\.)|(\.$)/g, '');
     return `${slug}.${randInt(10, 999)}@email.com`;
 }
 
-function preencherMock() {
-    const first = ['Ana', 'Bruno', 'Carla', 'Daniel', 'Eduarda', 'Felipe', 'Giovana', 'Henrique', 'Isabela', 'João', 'Larissa', 'Marcos', 'Nathalia', 'Otávio', 'Paula', 'Rafael', 'Sabrina', 'Thiago', 'Vanessa', 'Yasmin'];
-    const last = ['Silva', 'Santos', 'Oliveira', 'Souza', 'Pereira', 'Lima', 'Ferreira', 'Almeida', 'Costa', 'Gomes', 'Ribeiro', 'Carvalho', 'Martins', 'Araújo', 'Barbosa'];
-    const cities = ['São Carlos', 'Ribeirão Preto', 'Campinas', 'São Paulo', 'Araraquara', 'Bauru', 'Sorocaba', 'Santos'];
-    const neighborhoods = ['Centro', 'Jardim Paulista', 'Vila Prado', 'Santa Felícia', 'Cidade Jardim'];
-    const streets = ['Rua das Flores', 'Av. Brasil', 'Rua XV de Novembro', 'Av. São Carlos', 'Rua das Acácias'];
-
-    const nome = `${pick(first)} ${pick(last)} ${pick(last)}`;
-    const cidade = pick(cities);
-
-    form.nome_completo = nome;
-    form.data_nascimento = randomDateDDMMYYYY(18, 70);
-    form.naturalidade = cidade;
-    form.genero = pick(GENDER_OPTIONS).value;
-    form.estado_civil = pick(MARITAL_OPTIONS).value;
-
-    form.email_principal = randomEmailFromName(nome);
-    form.email_alternativo = maybe(0.35) ? `alt.${randInt(10, 999)}@gmail.com` : `alt.${randInt(10, 999)}@hotmail.com`;
-
-    form.telefone = randomPhoneBR();
-    form.telefone_alternativo = maybe(0.35) ? randomPhoneBR() : '';
-
-    form.cpf = generateCPFFormatted();
-    form.rg = generateRG();
-
-    form.observacoes = maybe(0.5) ? 'Cadastro realizado via link externo.' : 'Tenho disponibilidade no período da noite.';
-
-    form.onde_nos_conheceu = pick(['Instagram', 'Google', 'Indicação', 'Site', 'Threads', 'Outro']);
-    form.encaminhado_por = maybe(0.45) ? `${pick(first)} ${pick(last)}` : '';
-
-    form.pais = 'Brasil';
-    form.cep = '13561-260';
-    form.cidade = cidade;
-    form.estado = 'SP';
-    form.endereco = pick(streets);
-    form.numero = String(randInt(10, 9999));
-    form.bairro = pick(neighborhoods);
-    form.complemento = maybe(0.3) ? `Apto ${randInt(10, 999)}` : '';
-
-    form.escolaridade = pick(['Ensino Fundamental', 'Ensino Médio', 'Superior incompleto', 'Superior completo', 'Pós-graduação']);
-    form.profissao = pick(['Estudante', 'Professora', 'Desenvolvedor', 'Vendedor', 'Enfermeira', 'Autônomo', 'Servidor público']);
-
-    const temParente = maybe(0.6);
-    form.nome_parente = temParente ? `${pick(first)} ${pick(last)}` : '';
-    form.grau_parentesco = temParente ? pick(['Mãe', 'Pai', 'Irmã', 'Irmão', 'Cônjuge', 'Tia', 'Avó', 'Amigo(a)']) : '';
-    form.telefone_parente = temParente ? randomPhoneBR() : '';
-
-    const temResponsavel = maybe(0.35);
-    form.nome_responsavel = temResponsavel ? `${pick(first)} ${pick(last)} ${pick(last)}` : '';
-    form.telefone_responsavel = temResponsavel ? randomPhoneBR() : '';
-    form.cpf_responsavel = temResponsavel ? generateCPFFormatted() : '';
-    form.observacao_responsavel = temResponsavel ? 'Responsável ciente e de acordo com o cadastro.' : '';
-    form.cobranca_no_responsavel = temResponsavel ? maybe(0.5) : false;
-
-    consent.value = true;
-    toast.add({ severity: 'info', summary: 'Exemplo', detail: 'Campos preenchidos com dados simulados.', life: 1800 });
-}
-
-// Upload de foto removido da página pública (A#15):
-// O bucket não aceita mais upload anônimo. O terapeuta pode pedir a foto
-// depois, por outro canal, se for necessário.
-
-// ------------------------------------------------------
-// CEP (ViaCEP)
-// ------------------------------------------------------
+// ----------------------------------------------------------------
+// CEP
+// ----------------------------------------------------------------
 const cepLoading = ref(false);
 const addressLocked = computed(() => salvando.value || cepLoading.value);
 
 async function fetchCep(cepRaw) {
     const cep = String(cepRaw || '').replace(/\D/g, '');
     if (cep.length !== 8) return null;
-
-    const res = await fetch(`https://viacep.com.br/ws/${cep}/json/`, {
-        method: 'GET',
-        headers: { Accept: 'application/json' }
-    });
+    const res = await fetch(`https://viacep.com.br/ws/${cep}/json/`, { headers: { Accept: 'application/json' } });
     if (!res.ok) return null;
-
     const data = await res.json();
     if (!data || data.erro) return null;
     return data;
 }
-
 async function onCepBlur() {
     if (cepLoading.value) return;
-
     const cepDigits = String(form.cep || '').replace(/\D/g, '');
     if (cepDigits.length !== 8) return;
-
     cepLoading.value = true;
     try {
         const d = await fetchCep(form.cep);
-        if (!d) {
-            toast.add({ severity: 'warn', summary: 'CEP', detail: 'CEP não encontrado.', life: 2500 });
-            return;
-        }
-
+        if (!d) { toast.add({ severity: 'warn', summary: 'CEP', detail: 'CEP não encontrado.', life: 2500 }); return; }
         form.cidade = d.localidade || form.cidade;
         form.estado = d.uf || form.estado;
         form.bairro = d.bairro || form.bairro;
         form.endereco = d.logradouro || form.endereco;
         if (!form.complemento) form.complemento = d.complemento || '';
-
         toast.add({ severity: 'success', summary: 'CEP', detail: 'Endereço preenchido automaticamente.', life: 1800 });
     } catch {
         toast.add({ severity: 'error', summary: 'CEP', detail: 'Falha ao consultar o ViaCEP.', life: 2500 });
@@ -237,69 +246,9 @@ async function onCepBlur() {
     }
 }
 
-// ------------------------------------------------------
-// Accordion + menu
-// ------------------------------------------------------
-const activeValue = ref('0');
-const panelHeaderRefs = ref([]);
-
-function setPanelHeaderRef(el, idx) {
-    if (!el) return;
-    panelHeaderRefs.value[idx] = el;
-}
-
-async function openPanel(i) {
-    activeValue.value = String(i);
-    await nextTick();
-    const headerRef = panelHeaderRefs.value?.[i];
-    const el = headerRef?.$el ?? headerRef;
-    if (el && typeof el.scrollIntoView === 'function') {
-        el.scrollIntoView({ behavior: 'smooth', block: 'start' });
-    }
-}
-
-const navItems = [
-    { value: '0', label: 'Informações pessoais', icon: 'pi pi-user' },
-    { value: '1', label: 'Endereço', icon: 'pi pi-map-marker' },
-    { value: '2', label: 'Dados adicionais', icon: 'pi pi-tags' },
-    { value: '3', label: 'Responsável', icon: 'pi pi-users' }
-];
-
-const navPopover = ref(null);
-function toggleNav(event) {
-    navPopover.value?.toggle(event);
-}
-function selectNav(item) {
-    openPanel(Number(item.value));
-    navPopover.value?.hide();
-}
-const selectedNav = computed(() => navItems.find((i) => i.value === activeValue.value) || null);
-
-const isCompact = ref(false);
-let mql = null;
-let mqlHandler = null;
-function syncCompact() {
-    isCompact.value = !!mql?.matches;
-}
-
-onMounted(() => {
-    mql = window.matchMedia('(max-width: 1199px)');
-    syncCompact();
-    mqlHandler = () => syncCompact();
-    if (mql.addEventListener) mql.addEventListener('change', mqlHandler);
-    else mql.addListener(mqlHandler);
-});
-
-onBeforeUnmount(() => {
-    if (mql && mqlHandler) {
-        if (mql.removeEventListener) mql.removeEventListener('change', mqlHandler);
-        else mql.removeListener(mqlHandler);
-    }
-});
-
-// ------------------------------------------------------
+// ----------------------------------------------------------------
 // Options
-// ------------------------------------------------------
+// ----------------------------------------------------------------
 const GENDER_OPTIONS = [
     { label: 'Masculino', value: 'male' },
     { label: 'Feminino', value: 'female' },
@@ -307,7 +256,6 @@ const GENDER_OPTIONS = [
     { label: 'Outro', value: 'other' },
     { label: 'Prefiro não informar', value: 'na' }
 ];
-
 const MARITAL_OPTIONS = [
     { label: 'Solteiro(a)', value: 'single' },
     { label: 'Casado(a)', value: 'married' },
@@ -316,59 +264,28 @@ const MARITAL_OPTIONS = [
     { label: 'Prefiro não informar', value: 'na' }
 ];
 
-// ------------------------------------------------------
+// ----------------------------------------------------------------
 // Form
-// ------------------------------------------------------
+// ----------------------------------------------------------------
 function resetForm() {
     return {
-        nome_completo: '',
-        email_principal: '',
-        telefone: '',
-        cep: '',
-        pais: 'Brasil',
-        cidade: '',
-        estado: 'SP',
-        endereco: '',
-        numero: '',
-        bairro: '',
-        complemento: '',
-        data_nascimento: '', // DD-MM-YYYY
-        naturalidade: '',
-        genero: '',
-        estado_civil: '',
-        onde_nos_conheceu: '',
-        encaminhado_por: '',
-        observacoes: '',
-        nacionalidade: '',
-
-        email_alternativo: '',
-        telefone_alternativo: '',
-        cpf: '',
-        rg: '',
-
-        escolaridade: '',
-        profissao: '',
-        nome_parente: '',
-        grau_parentesco: '',
-        telefone_parente: '',
-
-        nome_responsavel: '',
-        telefone_responsavel: '',
-        cpf_responsavel: '',
-        observacao_responsavel: '',
-        cobranca_no_responsavel: false
+        nome_completo: '', email_principal: '', telefone: '',
+        cep: '', pais: 'Brasil', cidade: '', estado: 'SP',
+        endereco: '', numero: '', bairro: '', complemento: '',
+        data_nascimento: '', naturalidade: '', genero: '', estado_civil: '',
+        onde_nos_conheceu: '', encaminhado_por: '', observacoes: '',
+        nacionalidade: '', email_alternativo: '', telefone_alternativo: '',
+        cpf: '', rg: '', escolaridade: '', profissao: '',
+        nome_parente: '', grau_parentesco: '', telefone_parente: '',
+        nome_responsavel: '', telefone_responsavel: '', cpf_responsavel: '',
+        observacao_responsavel: '', cobranca_no_responsavel: false
     };
 }
-
 const form = reactive(resetForm());
 const consent = ref(false);
 
 const errors = reactive({
-    nome_completo: '',
-    email_principal: '',
-    email_alternativo: '',
-    telefone: '',
-    consentimento: ''
+    nome_completo: '', email_principal: '', email_alternativo: '', telefone: '', consentimento: ''
 });
 
 function validate() {
@@ -377,74 +294,146 @@ function validate() {
     errors.email_alternativo = '';
     errors.telefone = '';
     errors.consentimento = '';
-
-    const nome = String(form.nome_completo || '').trim();
-    if (!nome) errors.nome_completo = 'Informe seu nome completo';
+    if (!String(form.nome_completo || '').trim()) errors.nome_completo = 'Informe seu nome completo';
     if (!isValidEmail(form.email_principal)) errors.email_principal = 'Informe um e-mail válido';
     if (cleanStr(form.email_alternativo) && !isValidEmail(form.email_alternativo)) errors.email_alternativo = 'E-mail alternativo inválido';
     if (!digitsOnly(form.telefone)) errors.telefone = 'Informe um telefone para contato';
     if (!consent.value) errors.consentimento = 'É necessário marcar o consentimento.';
-
     return !errors.nome_completo && !errors.email_principal && !errors.email_alternativo && !errors.telefone && !errors.consentimento;
 }
 
-// ------------------------------------------------------
-// Progress (conceitual e útil)
-// ------------------------------------------------------
+// ----------------------------------------------------------------
+// Progress
+// ----------------------------------------------------------------
 const progressPct = computed(() => {
-    // contagem simples e honesta: dá sensação de avanço sem "gamificar demais"
     const checks = [!!cleanStr(form.nome_completo), !!digitsOnly(form.telefone), isValidEmail(form.email_principal), !!cleanStr(form.data_nascimento), !!cleanStr(form.cep), !!cleanStr(form.endereco), !!cleanStr(form.cidade), !!consent.value];
     const done = checks.filter(Boolean).length;
     return Math.round((done / checks.length) * 100);
 });
 
-// ------------------------------------------------------
-// enviar (✅ corrigido: sem redeclarar helpers)
-// ------------------------------------------------------
+// ----------------------------------------------------------------
+// Steps (disruptive flow)
+// ----------------------------------------------------------------
+const STEPS = [
+    { key: 'identity', short: 'Você',       titleA: 'Quem é',  titleB: 'você?',      desc: 'Começando com o essencial — nome, contato e como te chamar.',                      color: '#4ADE80', colorDim: 'rgba(74,222,128,0.1)',  colorBorder: 'rgba(74,222,128,0.28)' },
+    { key: 'personal', short: 'Sobre você', titleA: 'Mais',    titleB: 'sobre você', desc: 'Dados pessoais e profissionais. Todos são opcionais — compartilhe o que quiser.',  color: '#60A5FA', colorDim: 'rgba(96,165,250,0.1)',  colorBorder: 'rgba(96,165,250,0.28)' },
+    { key: 'address',  short: 'Endereço',   titleA: 'Onde te', titleB: 'encontrar',  desc: 'Digite o CEP e o resto preenche sozinho. Tudo aqui é opcional.',                    color: '#C084FC', colorDim: 'rgba(192,132,252,0.1)', colorBorder: 'rgba(192,132,252,0.28)' },
+    { key: 'finalize', short: 'Finalizar',  titleA: 'Pra',     titleB: 'finalizar',  desc: 'Contatos de apoio, observações e seu consentimento. Depois é só enviar.',          color: '#A78BFA', colorDim: 'rgba(167,139,250,0.1)', colorBorder: 'rgba(167,139,250,0.28)' }
+];
+
+const currentStep = ref(0);
+const farthestStep = ref(0);
+const currentStepData = computed(() => STEPS[currentStep.value]);
+
+function validateStep(idx) {
+    if (idx === 0) {
+        return !!String(form.nome_completo || '').trim()
+            && isValidEmail(form.email_principal)
+            && !!digitsOnly(form.telefone);
+    }
+    if (idx === 3) return consent.value === true;
+    return true;
+}
+const canAdvance = computed(() => validateStep(currentStep.value));
+const canSubmit = computed(() => validateStep(0) && validateStep(3));
+
+function scrollTop() { window.scrollTo({ top: 0, behavior: 'smooth' }); }
+function goNextStep() {
+    if (!canAdvance.value) {
+        if (currentStep.value === 0) validate();
+        toast.add({ severity: 'warn', summary: 'Atenção', detail: 'Preencha os campos obrigatórios.', life: 2000 });
+        return;
+    }
+    if (currentStep.value < STEPS.length - 1) {
+        currentStep.value += 1;
+        if (currentStep.value > farthestStep.value) farthestStep.value = currentStep.value;
+        scrollTop();
+    }
+}
+function goPrevStep() {
+    if (currentStep.value > 0) { currentStep.value -= 1; scrollTop(); }
+}
+function goToStep(i) {
+    if (i > farthestStep.value) return;
+    currentStep.value = i;
+    scrollTop();
+}
+
+function preencherMock() {
+    const firsts = ['Ana', 'Bruno', 'Carla', 'Daniel', 'Eduarda', 'Felipe', 'Giovana', 'Henrique', 'Isabela', 'João'];
+    const lasts = ['Silva', 'Santos', 'Oliveira', 'Souza', 'Pereira', 'Lima', 'Ferreira', 'Almeida', 'Costa'];
+    const cities = ['São Carlos', 'Ribeirão Preto', 'Campinas', 'São Paulo'];
+    const neighborhoods = ['Centro', 'Jardim Paulista', 'Vila Prado', 'Santa Felícia'];
+    const streets = ['Rua das Flores', 'Av. Brasil', 'Rua XV de Novembro', 'Av. São Carlos'];
+
+    const nome = `${pick(firsts)} ${pick(lasts)} ${pick(lasts)}`;
+    const cidade = pick(cities);
+
+    form.nome_completo = nome;
+    form.data_nascimento = randomDateDDMMYYYY(18, 70);
+    form.naturalidade = cidade;
+    form.genero = pick(GENDER_OPTIONS).value;
+    form.estado_civil = pick(MARITAL_OPTIONS).value;
+    form.email_principal = randomEmailFromName(nome);
+    form.email_alternativo = maybe(0.35) ? `alt.${randInt(10, 999)}@gmail.com` : '';
+    form.telefone = randomPhoneBR();
+    form.telefone_alternativo = maybe(0.35) ? randomPhoneBR() : '';
+    form.cpf = generateCPFFormatted();
+    form.rg = generateRG();
+    form.observacoes = 'Cadastro via link externo.';
+    form.onde_nos_conheceu = pick(['Instagram', 'Google', 'Indicação', 'Site']);
+    form.encaminhado_por = maybe(0.45) ? `${pick(firsts)} ${pick(lasts)}` : '';
+    form.pais = 'Brasil';
+    form.cep = '13561-260';
+    form.cidade = cidade;
+    form.estado = 'SP';
+    form.endereco = pick(streets);
+    form.numero = String(randInt(10, 9999));
+    form.bairro = pick(neighborhoods);
+    form.complemento = maybe(0.3) ? `Apto ${randInt(10, 999)}` : '';
+    form.escolaridade = pick(['Ensino Médio', 'Superior completo', 'Pós-graduação']);
+    form.profissao = pick(['Estudante', 'Professora', 'Desenvolvedor', 'Enfermeira']);
+    form.nacionalidade = 'Brasileira';
+
+    consent.value = true;
+    farthestStep.value = STEPS.length - 1;
+    currentStep.value = STEPS.length - 1;
+    toast.add({ severity: 'info', summary: 'Exemplo', detail: 'Campos preenchidos.', life: 1800 });
+}
+
+// ----------------------------------------------------------------
+// Enviar
+// ----------------------------------------------------------------
 async function enviar() {
-    if (!tokenOk.value) return;
-    if (sucesso.value) return;
+    if (!tokenOk.value || sucesso.value) return;
 
     const ok = validate();
     if (!ok) {
         toast.add({ severity: 'warn', summary: 'Atenção', detail: 'Revise os campos obrigatórios.', life: 2200 });
-        openPanel(0);
+        if (errors.nome_completo || errors.email_principal || errors.telefone) currentStep.value = 0;
+        else if (errors.consentimento) currentStep.value = STEPS.length - 1;
         return;
     }
 
     const isoBirth = toISODate(form.data_nascimento);
     if (cleanStr(form.data_nascimento) && !isoBirth) {
         toast.add({ severity: 'warn', summary: 'Atenção', detail: 'Data de nascimento inválida (use DD-MM-AAAA).', life: 2500 });
-        openPanel(0);
+        currentStep.value = 0;
         return;
     }
 
     salvando.value = true;
     try {
-        // A#17: notas_internas NÃO é enviado (campo interno do terapeuta, não
-        // deve vir do paciente). A#15: avatar_url removido (upload não é mais
-        // possível anonimamente). Todos os campos texto são recortados em
-        // length máximo client-side (defesa em camadas — o RPC também valida).
-        const truncate = (v, n) => {
-            const s = cleanStr(v);
-            return s ? String(s).slice(0, n) : null;
-        };
-
+        const truncate = (v, n) => { const s = cleanStr(v); return s ? String(s).slice(0, n) : null; };
         const payload = {
-            // essenciais
             nome_completo: truncate(form.nome_completo, 200),
             email_principal: cleanStr(form.email_principal)?.toLowerCase().slice(0, 120) || null,
             telefone: digitsOnly(form.telefone),
-
-            // alternativos
             email_alternativo: cleanStr(form.email_alternativo)?.toLowerCase().slice(0, 120) || null,
             telefone_alternativo: digitsOnly(form.telefone_alternativo) || null,
-
-            // docs / endereço
             cpf: digitsOnly(form.cpf),
             rg: truncate(form.rg, 20),
             cep: digitsOnly(form.cep),
-
             pais: truncate(form.pais, 60) || 'Brasil',
             cidade: truncate(form.cidade, 120),
             estado: truncate(form.estado, 2) || 'SP',
@@ -452,37 +441,23 @@ async function enviar() {
             numero: truncate(form.numero, 20),
             bairro: truncate(form.bairro, 120),
             complemento: truncate(form.complemento, 120),
-
-            // pessoais
             data_nascimento: isoBirth || null,
             naturalidade: truncate(form.naturalidade, 120),
             genero: cleanStr(form.genero),
             estado_civil: cleanStr(form.estado_civil),
-
-            // adicionais
             profissao: truncate(form.profissao, 120),
             escolaridade: truncate(form.escolaridade, 120),
             nacionalidade: truncate(form.nacionalidade, 80),
-
-            // origem + observações
             onde_nos_conheceu: truncate(form.onde_nos_conheceu, 80),
             encaminhado_por: truncate(form.encaminhado_por, 120),
             observacoes: truncate(form.observacoes, 2000),
-
-            // consent
             consent: !!consent.value
         };
+        Object.keys(payload).forEach((k) => { if (payload[k] === undefined) delete payload[k]; });
 
-        Object.keys(payload).forEach((k) => {
-            if (payload[k] === undefined) delete payload[k];
-        });
+        const clientInfo = typeof navigator !== 'undefined' && navigator.userAgent
+            ? String(navigator.userAgent).slice(0, 500) : null;
 
-        // A#24: envia user_agent pra log de tentativas (sem PII).
-        const clientInfo = (typeof navigator !== 'undefined' && navigator.userAgent)
-            ? String(navigator.userAgent).slice(0, 500)
-            : null;
-
-        // A#20 rev2: se já está exigindo captcha mas usuário não respondeu, bloqueia local
         if (captchaRequired.value && (!captchaId.value || captchaAnswer.value == null)) {
             toast.add({ severity: 'warn', summary: 'Verificação', detail: 'Responda a pergunta de verificação antes de enviar.', life: 3000 });
             salvando.value = false;
@@ -493,674 +468,498 @@ async function enviar() {
             body: {
                 token: token.value,
                 payload,
-                website: honeypot.value,                          // honeypot field
+                website: honeypot.value,
                 captcha_id: captchaId.value || null,
                 captcha_answer: captchaAnswer.value,
                 client_info: clientInfo
             }
         });
 
-        // Quando edge devolve 4xx/5xx, supabase-js coloca a Response em error.context.
-        // O body com {error: 'captcha-required' | 'rate-limited' | ...} continua acessível.
         let errBody = null;
-        if (error?.context?.json) {
-            try { errBody = await error.context.json(); } catch { /* sem body */ }
+        if (error?.context?.json) { try { errBody = await error.context.json(); } catch { /* sem body */ } }
+        else if (error?.context && typeof error.context.text === 'function') {
+            try { const t = await error.context.text(); if (t) { try { errBody = JSON.parse(t); } catch { errBody = { message: t }; } } } catch { /* sem body */ }
         }
-        const errMsg = String(errBody?.error || data?.error || error?.message || '');
-        if (/captcha-required/i.test(errMsg)) {
-            captchaRequired.value = true;
-            captchaId.value = '';
-            captchaAnswer.value = null;
+        const errCode = String(errBody?.error || data?.error || '');
+
+        if (/captcha-required/i.test(errCode)) {
+            captchaRequired.value = true; captchaId.value = ''; captchaAnswer.value = null;
             toast.add({ severity: 'warn', summary: 'Verificação extra', detail: 'Por segurança, responda a pergunta abaixo.', life: 3500 });
+            currentStep.value = STEPS.length - 1;
             salvando.value = false;
             return;
         }
-
-        if (/captcha-wrong/i.test(errMsg)) {
-            captchaId.value = '';
-            captchaAnswer.value = null;
+        if (/captcha-wrong/i.test(errCode)) {
+            captchaId.value = ''; captchaAnswer.value = null;
             toast.add({ severity: 'warn', summary: 'Verificação', detail: 'Resposta incorreta. Tente novamente.', life: 3500 });
             salvando.value = false;
             return;
         }
-
-        if (/rate-limited/i.test(errMsg)) {
+        if (/rate-limited/i.test(errCode)) {
             const retryAfter = errBody?.retry_after_seconds || data?.retry_after_seconds;
             const after = retryAfter ? Math.ceil(retryAfter / 60) : null;
-            toast.add({
-                severity: 'warn',
-                summary: 'Muitas tentativas',
-                detail: after ? `Tente novamente em ${after} min.` : 'Tente novamente mais tarde.',
-                life: 6000
-            });
+            toast.add({ severity: 'warn', summary: 'Muitas tentativas', detail: after ? `Tente novamente em ${after} min.` : 'Tente novamente mais tarde.', life: 6000 });
             salvando.value = false;
             return;
         }
 
-        if (error) throw new Error(data?.message || error.message || 'Falha ao enviar');
-        if (data?.error) throw new Error(data?.message || data.error);
+        // A partir daqui: sem código conhecido → loga e surfa detalhe real no toast.
+        if (error || data?.error) {
+            // eslint-disable-next-line no-console
+            console.error('[submit-patient-intake] falhou', { errCode, errBody, rawError: error, data });
+            const srvMsg = errBody?.message || data?.message;
+            const detail = srvMsg
+                ? srvMsg
+                : (errCode ? `Erro do servidor: ${errCode}` : (error?.message || 'Falha ao enviar.'));
+            throw new Error(detail);
+        }
 
         sucesso.value = true;
         toast.add({ severity: 'success', summary: 'Enviado', detail: 'Cadastro enviado com sucesso.', life: 2500 });
     } catch (err) {
-        toast.add({
-            severity: 'error',
-            summary: 'Falha ao enviar',
-            detail: err?.message || 'Não foi possível enviar. Verifique o link e tente novamente.',
-            life: 4500
-        });
+        toast.add({ severity: 'error', summary: 'Falha ao enviar', detail: err?.message || 'Não foi possível enviar. Verifique o link e tente novamente.', life: 4500 });
     } finally {
         salvando.value = false;
     }
 }
 
-// auto-cep
-watch(
-    () => form.cep,
-    (newVal, oldVal) => {
-        const d = String(newVal || '').replace(/\D/g, '');
-        const prev = String(oldVal || '').replace(/\D/g, '');
-        if (d.length === 8 && d !== prev) onCepBlur();
-    }
-);
+watch(() => form.cep, (newVal, oldVal) => {
+    const d = String(newVal || '').replace(/\D/g, '');
+    const prev = String(oldVal || '').replace(/\D/g, '');
+    if (d.length === 8 && d !== prev) onCepBlur();
+});
+
+onMounted(() => {
+    _initialDark.value = isDarkTheme.value;
+    forceLightSilent();
+    fetchInviteInfo();
+});
+
+onBeforeUnmount(() => { restoreThemeSilent(); });
 </script>
 
 <template>
     <Toast />
-    <div class="min-h-screen bg-gradient-to-b from-slate-950 via-slate-900 to-slate-950 text-slate-100">
-        <!-- "Backdrop" conceitual -->
-        <div class="pointer-events-none fixed inset-0 opacity-30">
-            <div class="absolute -top-24 left-1/2 h-72 w-72 -translate-x-1/2 rounded-full bg-emerald-400 blur-3xl" />
-            <div class="absolute top-40 left-16 h-56 w-56 rounded-full bg-indigo-400 blur-3xl" />
-            <div class="absolute bottom-24 right-16 h-64 w-64 rounded-full bg-fuchsia-400 blur-3xl" />
+    <div class="cpe-root" :class="{ 'is-dark': isDarkTheme }">
+        <!-- BG -->
+        <div class="cpe-bg" aria-hidden="true">
+            <div class="cpe-bg__noise" />
+            <div class="cpe-bg__line cpe-bg__line--1" />
+            <div class="cpe-bg__line cpe-bg__line--2" />
+            <div class="cpe-bg__line cpe-bg__line--3" />
+            <div class="cpe-bg__spot cpe-bg__spot--a" />
+            <div class="cpe-bg__spot cpe-bg__spot--b" />
         </div>
 
-        <div class="relative mx-auto flex min-h-screen max-w-6xl items-center justify-center px-4 py-10">
-            <!-- Modal container -->
-            <div class="w-full max-w-[1100px]">
-                <div class="rounded-3xl border border-white/10 bg-white/5 shadow-2xl backdrop-blur-xl">
-                    <!-- Header -->
-                    <div class="flex flex-col gap-4 border-b border-white/10 px-6 py-6 md:flex-row md:items-center md:justify-between">
-                        <div class="min-w-0">
-                            <div class="flex items-center gap-3">
-                                <div class="grid h-11 w-11 place-items-center rounded-2xl bg-white/10">
-                                    <i class="pi pi-user text-lg opacity-90" />
-                                </div>
-                                <div class="min-w-0">
-                                    <div class="text-xl font-semibold tracking-tight">Pré-cadastro do paciente</div>
-                                    <div class="mt-0.5 text-sm text-slate-300">Preencha no seu tempo. O que for opcional pode ficar em branco.</div>
-                                </div>
-                            </div>
+        <div class="cpe-wrap">
+            <!-- NAV -->
+            <nav class="cpe-nav">
+                <div class="cpe-nav__brand">
+                    <span class="cpe-nav__logo">Ψ</span>
+                    <span class="cpe-nav__name">Agência PSI</span>
+                </div>
+                <div class="cpe-nav__right">
+                    <span class="cpe-nav__chip" :class="tokenOk ? 'cpe-nav__chip--ok' : 'cpe-nav__chip--err'">
+                        <i :class="tokenOk ? 'pi pi-check' : 'pi pi-times'" />
+                        {{ tokenOk ? 'Link verificado' : 'Link inválido' }}
+                    </span>
+                    <button
+                        type="button"
+                        class="cpe-nav__theme"
+                        :aria-label="isDarkTheme ? 'Mudar para modo claro' : 'Mudar para modo escuro'"
+                        :title="isDarkTheme ? 'Modo claro' : 'Modo escuro'"
+                        @click="toggleDarkMode"
+                    >
+                        <i :class="['pi', isDarkTheme ? 'pi-sun' : 'pi-moon']" />
+                    </button>
+                </div>
+            </nav>
 
-                            <!-- status strip -->
-                            <div class="mt-4 flex flex-wrap items-center gap-2">
-                                <span class="inline-flex items-center gap-2 rounded-full border px-3 py-1 text-xs" :class="tokenOk ? 'border-emerald-400/30 bg-emerald-400/10 text-emerald-100' : 'border-rose-400/30 bg-rose-400/10 text-rose-100'">
-                                    <i :class="tokenOk ? 'pi pi-check' : 'pi pi-times'" />
-                                    {{ tokenOk ? 'Link verificado' : 'Link inválido' }}
-                                </span>
+            <!-- ERROR -->
+            <section v-if="!tokenOk" class="cpe-state cpe-state--error">
+                <div class="cpe-state__eyebrow">Atenção</div>
+                <h1 class="cpe-state__title">
+                    <span>Este link</span>
+                    <span class="cpe-accent">não é válido</span>
+                </h1>
+                <p class="cpe-state__sub">Verifique se você copiou a URL completa. Se o problema persistir, peça um novo link ao seu terapeuta.</p>
+            </section>
 
-                                <span class="inline-flex items-center gap-2 rounded-full border border-white/10 bg-white/5 px-3 py-1 text-xs text-slate-200">
-                                    <i class="pi pi-lock" />
-                                    Privacidade: uso apenas para contato e organização do atendimento
-                                </span>
+            <!-- SUCCESS -->
+            <section v-else-if="sucesso" class="cpe-state cpe-state--success">
+                <div class="cpe-state__icon"><i class="pi pi-check" /></div>
+                <div class="cpe-state__eyebrow">Tudo certo</div>
+                <h1 class="cpe-state__title">
+                    <span>Cadastro</span>
+                    <span class="cpe-accent">enviado</span>
+                </h1>
+                <p class="cpe-state__sub">
+                    {{ heroFirstName ? heroFirstName + ' recebeu suas informações e entrará em contato em breve.' : 'Seus dados foram enviados com sucesso.' }}
+                    Você pode fechar esta página.
+                </p>
+            </section>
 
-                                <span v-if="tokenOk && !sucesso" class="inline-flex items-center gap-2 rounded-full border border-white/10 bg-white/5 px-3 py-1 text-xs text-slate-200">
-                                    <i class="pi pi-chart-line" />
-                                    Progresso: <b class="font-semibold">{{ progressPct }}%</b>
-                                </span>
-                            </div>
-
-                            <!-- progress bar -->
-                            <div v-if="tokenOk && !sucesso" class="mt-3 h-2 w-full overflow-hidden rounded-full bg-white/10">
-                                <div class="h-full rounded-full bg-emerald-400/70 transition-all" :style="{ width: progressPct + '%' }" />
-                            </div>
-                        </div>
-
-                        <!-- actions -->
-                        <div class="flex shrink-0 flex-wrap items-center gap-2">
-                            <!-- A#26: Botão de preencher mock apenas em DEV -->
-                            <Button v-if="isDev" label="Preencher exemplo" icon="pi pi-bolt" severity="secondary" outlined class="!border-white/20 !text-slate-100" :disabled="salvando || sucesso || !tokenOk" @click="preencherMock" />
-                            <Button label="Enviar" icon="pi pi-send" class="!bg-emerald-400/90 !border-emerald-400/50 !text-slate-950" :loading="salvando" :disabled="salvando || sucesso || !tokenOk" @click="enviar" />
+            <!-- FLOW -->
+            <template v-else>
+                <!-- Hero: loading -->
+                <header v-if="loadingInfo && !inviteInfo" class="cpe-hero cpe-hero--loading">
+                    <div class="cpe-hero__skel">
+                        <div class="cpe-hero__skel-avatar" />
+                        <div class="cpe-hero__skel-lines">
+                            <div class="cpe-hero__skel-line" style="width: 32%" />
+                            <div class="cpe-hero__skel-line" style="width: 68%" />
+                            <div class="cpe-hero__skel-line" style="width: 50%" />
                         </div>
                     </div>
+                </header>
 
-                    <!-- Body states -->
-                    <div class="px-6 py-6">
-                        <Message v-if="!tokenOk" severity="error" :closable="false" class="mb-4"> Link inválido ou ausente. Verifique se você recebeu a URL completa. </Message>
-
-                        <Message v-else-if="sucesso" severity="success" :closable="false" class="mb-4"> Enviado com sucesso. Você pode fechar esta página. </Message>
-
-                        <div v-else class="grid grid-cols-12 gap-4">
-                            <!-- Left panel (inside modal) -->
-                            <aside class="col-span-12 md:col-span-4">
-                                <div class="rounded-2xl border border-white/10 bg-white/5 p-4">
-                                    <!-- Section chips -->
-                                    <div>
-                                        <div class="text-xs font-semibold text-slate-200">Seções</div>
-                                        <div class="mt-2 flex flex-wrap gap-2">
-                                            <button
-                                                v-for="item in navItems"
-                                                :key="item.value"
-                                                type="button"
-                                                class="inline-flex items-center gap-2 rounded-full border px-3 py-1 text-xs transition"
-                                                :class="activeValue === item.value ? 'border-emerald-400/30 bg-emerald-400/10 text-emerald-100' : 'border-white/10 bg-white/5 text-slate-200 hover:bg-white/10'"
-                                                @click="openPanel(Number(item.value))"
-                                            >
-                                                <i :class="item.icon" />
-                                                <span class="max-w-[160px] truncate">{{ item.label }}</span>
-                                            </button>
-                                        </div>
-                                    </div>
-
-                                    <!-- Privacy note -->
-                                    <div class="mt-5 rounded-2xl border border-white/10 bg-white/5 p-4">
-                                        <div class="flex items-center gap-2 text-sm font-semibold">
-                                            <i class="pi pi-shield text-slate-200" />
-                                            Privacidade
-                                        </div>
-                                        <div class="mt-2 text-xs text-slate-300">Seus dados serão usados apenas para contato e organização do atendimento. Se algo falhar, peça um novo link ao terapeuta.</div>
-                                    </div>
-                                </div>
-                            </aside>
-
-                            <!-- Main form -->
-                            <main class="col-span-12 md:col-span-8">
-                                <div class="rounded-2xl border border-white/10 bg-white/5 p-4">
-                                    <!-- Compact dropdown nav -->
-                                    <div v-if="isCompact" class="mb-3">
-                                        <Button
-                                            type="button"
-                                            class="w-full !border-white/20 !text-slate-100"
-                                            icon="pi pi-chevron-down"
-                                            iconPos="right"
-                                            :label="selectedNav ? selectedNav.label : 'Selecionar seção'"
-                                            outlined
-                                            @click="toggleNav($event)"
-                                        />
-
-                                        <Popover ref="navPopover">
-                                            <div class="flex flex-col gap-2 p-1" style="min-width: 260px">
-                                                <div class="px-2 pt-2 text-xs font-semibold">Seções</div>
-                                                <ul class="m-0 list-none p-2">
-                                                    <li v-for="item in navItems" :key="item.value" class="flex cursor-pointer items-center gap-2 rounded-xl px-2 py-2 text-sm hover:bg-black/5" @click="selectNav(item)">
-                                                        <i :class="item.icon" style="opacity: 0.85" />
-                                                        <span class="font-medium">{{ item.label }}</span>
-                                                    </li>
-                                                </ul>
-                                            </div>
-                                        </Popover>
-                                    </div>
-
-                                    <Accordion :multiple="false" v-model:value="activeValue">
-                                        <!-- 0 -->
-                                        <AccordionPanel value="0">
-                                            <AccordionHeader :ref="(el) => setPanelHeaderRef(el, 0)"> 1. Informações pessoais </AccordionHeader>
-                                            <AccordionContent>
-                                                <div class="grid grid-cols-1 gap-4 lg:grid-cols-2">
-                                                    <div class="lg:col-span-2">
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-user" />
-                                                                <InputText id="f_nome" v-model="form.nome_completo" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_nome">Nome completo *</label>
-                                                        </FloatLabel>
-                                                        <div v-if="errors.nome_completo" class="mt-2 rounded-xl border border-rose-400/30 bg-rose-400/10 px-3 py-2 text-xs text-rose-100">
-                                                            {{ errors.nome_completo }}
-                                                        </div>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-mobile" />
-                                                                <InputMask id="f_telefone" v-model="form.telefone" class="w-full" variant="filled" mask="(99) 99999-9999" placeholder="(00) 00000-0000" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_telefone">Telefone / WhatsApp *</label>
-                                                        </FloatLabel>
-                                                        <div v-if="errors.telefone" class="mt-2 rounded-xl border border-rose-400/30 bg-rose-400/10 px-3 py-2 text-xs text-rose-100">
-                                                            {{ errors.telefone }}
-                                                        </div>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-envelope" />
-                                                                <InputText id="f_email_principal" v-model="form.email_principal" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_email_principal">E-mail principal *</label>
-                                                        </FloatLabel>
-                                                        <div v-if="errors.email_principal" class="mt-2 rounded-xl border border-rose-400/30 bg-rose-400/10 px-3 py-2 text-xs text-rose-100">
-                                                            {{ errors.email_principal }}
-                                                        </div>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-envelope" />
-                                                                <InputText id="f_email_alt" v-model="form.email_alternativo" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_email_alt">E-mail alternativo</label>
-                                                        </FloatLabel>
-                                                        <div v-if="errors.email_alternativo" class="mt-2 rounded-xl border border-rose-400/30 bg-rose-400/10 px-3 py-2 text-xs text-rose-100">
-                                                            {{ errors.email_alternativo }}
-                                                        </div>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-phone" />
-                                                                <InputMask id="f_tel_alt" v-model="form.telefone_alternativo" class="w-full" variant="filled" mask="(99) 99999?-9999" placeholder="(00) 00000-0000" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_tel_alt">Telefone alternativo</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-calendar" />
-                                                                <InputMask id="f_nasc" v-model="form.data_nascimento" mask="99-99-9999" class="w-full" variant="filled" placeholder="DD-MM-AAAA" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_nasc">Data de nascimento</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-venus" />
-                                                                <Select id="f_genero" v-model="form.genero" :options="GENDER_OPTIONS" optionLabel="label" optionValue="value" class="w-full pl-[25px]" showClear variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_genero">Gênero</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-heart" />
-                                                                <Select
-                                                                    id="f_estado_civil"
-                                                                    v-model="form.estado_civil"
-                                                                    :options="MARITAL_OPTIONS"
-                                                                    optionLabel="label"
-                                                                    optionValue="value"
-                                                                    class="w-full pl-[25px]"
-                                                                    showClear
-                                                                    variant="filled"
-                                                                    :disabled="salvando"
-                                                                />
-                                                            </IconField>
-                                                            <label for="f_estado_civil">Estado civil</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-id-card" />
-                                                                <InputMask id="f_cpf" v-model="form.cpf" class="w-full" variant="filled" mask="999.999.999-99" placeholder="000.000.000-00" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_cpf">CPF</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-credit-card" />
-                                                                <InputMask id="f_rg" v-model="form.rg" class="w-full" variant="filled" mask="99.999.999-9" placeholder="00.000.000-0" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_rg">RG</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-flag" />
-                                                                <InputText id="f_nacionalidade" v-model="form.nacionalidade" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_nacionalidade">Nacionalidade</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div class="lg:col-span-2">
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-globe" />
-                                                                <InputText id="f_naturalidade" v-model="form.naturalidade" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_naturalidade">Naturalidade</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div class="lg:col-span-2">
-                                                        <FloatLabel variant="on">
-                                                            <IconField iconPosition="left">
-                                                                <InputIcon class="pi pi-comment" />
-                                                                <Textarea id="f_observacoes" v-model="form.observacoes" class="w-full" autoResize rows="3" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_observacoes">Observações</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-megaphone" />
-                                                                <InputText id="f_onde" v-model="form.onde_nos_conheceu" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_onde">Onde nos conheceu?</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-share-alt" />
-                                                                <InputText id="f_encaminhado" v-model="form.encaminhado_por" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_encaminhado">Encaminhado por</label>
-                                                        </FloatLabel>
-                                                    </div>
-                                                </div>
-                                            </AccordionContent>
-                                        </AccordionPanel>
-
-                                        <!-- 1 -->
-                                        <AccordionPanel value="1">
-                                            <AccordionHeader :ref="(el) => setPanelHeaderRef(el, 1)"> 2. Endereço </AccordionHeader>
-                                            <AccordionContent>
-                                                <div class="grid grid-cols-1 gap-4 lg:grid-cols-2">
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-map-marker" />
-                                                                <InputMask id="f_cep" v-model="form.cep" class="w-full" variant="filled" mask="99999-999" placeholder="00000-000" :disabled="salvando" @blur="onCepBlur" @keyup.enter="onCepBlur" />
-                                                            </IconField>
-                                                            <label for="f_cep">CEP</label>
-                                                        </FloatLabel>
-                                                        <div v-if="cepLoading" class="mt-2 text-xs text-slate-300">Consultando CEP…</div>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-map-marker" />
-                                                                <InputText id="f_pais" v-model="form.pais" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_pais">País</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-map-marker" />
-                                                                <InputText id="f_cidade" v-model="form.cidade" class="w-full" variant="filled" :disabled="addressLocked" />
-                                                            </IconField>
-                                                            <label for="f_cidade">Cidade</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-map-marker" />
-                                                                <InputText id="f_estado" v-model="form.estado" class="w-full" variant="filled" :disabled="addressLocked" />
-                                                            </IconField>
-                                                            <label for="f_estado">Estado</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-map-marker" />
-                                                                <InputText id="f_endereco" v-model="form.endereco" class="w-full" variant="filled" :disabled="addressLocked" />
-                                                            </IconField>
-                                                            <label for="f_endereco">Endereço</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-map-marker" />
-                                                                <InputText id="f_numero" v-model="form.numero" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_numero">Número</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-map-marker" />
-                                                                <InputText id="f_bairro" v-model="form.bairro" class="w-full" variant="filled" :disabled="addressLocked" />
-                                                            </IconField>
-                                                            <label for="f_bairro">Bairro</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-map-marker" />
-                                                                <InputText id="f_complemento" v-model="form.complemento" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_complemento">Complemento</label>
-                                                        </FloatLabel>
-                                                    </div>
-                                                </div>
-                                            </AccordionContent>
-                                        </AccordionPanel>
-
-                                        <!-- 2 -->
-                                        <AccordionPanel value="2">
-                                            <AccordionHeader :ref="(el) => setPanelHeaderRef(el, 2)"> 3. Dados adicionais </AccordionHeader>
-                                            <AccordionContent>
-                                                <div class="grid grid-cols-1 gap-4 lg:grid-cols-2">
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-book" />
-                                                                <InputText id="f_escolaridade" v-model="form.escolaridade" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_escolaridade">Escolaridade</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-briefcase" />
-                                                                <InputText id="f_profissao" v-model="form.profissao" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_profissao">Profissão</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div class="lg:col-span-2">
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-user" />
-                                                                <InputText id="f_nome_parente" v-model="form.nome_parente" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_nome_parente">Nome de um parente (opcional)</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-users" />
-                                                                <InputText id="f_parentesco" v-model="form.grau_parentesco" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_parentesco">Parentesco</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-phone" />
-                                                                <InputMask id="f_tel_parente" v-model="form.telefone_parente" class="w-full" variant="filled" mask="(99) 99999?-9999" placeholder="(00) 00000-0000" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_tel_parente">Telefone do parente</label>
-                                                        </FloatLabel>
-                                                    </div>
-                                                </div>
-                                            </AccordionContent>
-                                        </AccordionPanel>
-
-                                        <!-- 3 -->
-                                        <AccordionPanel value="3">
-                                            <AccordionHeader :ref="(el) => setPanelHeaderRef(el, 3)"> 4. Responsável </AccordionHeader>
-                                            <AccordionContent>
-                                                <div class="grid grid-cols-1 gap-4 lg:grid-cols-2">
-                                                    <div class="lg:col-span-2">
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-user" />
-                                                                <InputText id="f_nome_responsavel" v-model="form.nome_responsavel" class="w-full" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_nome_responsavel">Nome do responsável</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-id-card" />
-                                                                <InputMask id="f_cpf_responsavel" v-model="form.cpf_responsavel" class="w-full" variant="filled" mask="999.999.999-99" placeholder="000.000.000-00" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_cpf_responsavel">CPF do responsável</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div>
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-phone" />
-                                                                <InputMask id="f_tel_responsavel" v-model="form.telefone_responsavel" class="w-full" variant="filled" mask="(99) 99999-9999" placeholder="(00) 00000-0000" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_tel_responsavel">Telefone do responsável</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div class="lg:col-span-2">
-                                                        <FloatLabel variant="on">
-                                                            <IconField>
-                                                                <InputIcon class="pi pi-comment" />
-                                                                <Textarea id="f_obs_responsavel" v-model="form.observacao_responsavel" class="w-full" autoResize rows="4" variant="filled" :disabled="salvando" />
-                                                            </IconField>
-                                                            <label for="f_obs_responsavel">Observação do responsável</label>
-                                                        </FloatLabel>
-                                                    </div>
-
-                                                    <div class="lg:col-span-2">
-                                                        <div class="rounded-2xl border border-white/10 bg-white/5 p-4">
-                                                            <div class="flex items-start gap-3">
-                                                                <Checkbox v-model="form.cobranca_no_responsavel" :binary="true" inputId="f_cobranca_no_responsavel" :disabled="salvando" />
-                                                                <label for="f_cobranca_no_responsavel" class="text-sm text-slate-200">
-                                                                    Permitir o envio de cobranças no nome do responsável?
-                                                                    <span class="block pt-1 text-xs text-slate-300"> O sistema poderá usar nome e CPF do responsável nas cobranças. </span>
-                                                                </label>
-                                                            </div>
-                                                        </div>
-                                                    </div>
-                                                </div>
-                                            </AccordionContent>
-                                        </AccordionPanel>
-
-                                    </Accordion>
-
-                                    <!-- Footer / Consent + CTA -->
-                                    <div class="mt-5 flex flex-col gap-3">
-                                        <div class="rounded-2xl border border-white/10 bg-white/5 p-4">
-                                            <div class="flex items-start gap-3">
-                                                <Checkbox v-model="consent" :binary="true" :disabled="salvando" inputId="ext_consent" />
-                                                <div class="min-w-0">
-                                                    <label for="ext_consent" class="block text-sm font-semibold text-slate-100"> Concordo em enviar meus dados para o terapeuta. </label>
-                                                    <div class="mt-1 text-xs text-slate-300">
-                                                        Seus dados serão usados apenas para contato e organização do atendimento.
-                                                        <button type="button" class="ml-1 underline text-emerald-300 hover:text-emerald-200 focus:outline-none" @click="policyOpen = true">
-                                                            Ver política de privacidade
-                                                        </button>
-                                                    </div>
-
-                                                    <div v-if="errors.consentimento" class="mt-2 rounded-xl border border-rose-400/30 bg-rose-400/10 px-3 py-2 text-xs text-rose-100">
-                                                        {{ errors.consentimento }}
-                                                    </div>
-                                                </div>
-                                            </div>
-                                        </div>
-
-                                        <!-- A#20 rev2: HONEYPOT invisível — bot preenche tudo, humano nunca vê -->
-                                        <div class="absolute -left-[9999px]" aria-hidden="true">
-                                            <label for="ext_website">Não preencha este campo</label>
-                                            <input
-                                                id="ext_website"
-                                                v-model="honeypot"
-                                                type="text"
-                                                tabindex="-1"
-                                                autocomplete="off"
-                                            />
-                                        </div>
-
-                                        <!-- A#20 rev2: math captcha CONDICIONAL — só aparece quando edge pedir -->
-                                        <MathCaptchaChallenge
-                                            v-if="captchaRequired"
-                                            v-model:id="captchaId"
-                                            v-model:answer="captchaAnswer"
-                                        />
-
-                                        <div class="flex flex-col gap-2 md:flex-row md:items-center md:justify-between">
-                                            <div class="text-xs text-slate-300">Se algo falhar, peça um novo link ao terapeuta.</div>
-
-                                            <Button
-                                                label="Enviar cadastro"
-                                                icon="pi pi-send"
-                                                class="!bg-emerald-400/90 !border-emerald-400/50 !text-slate-950 md:!min-w-[240px]"
-                                                :loading="salvando"
-                                                :disabled="salvando || sucesso || !tokenOk || (captchaRequired && (!captchaId || captchaAnswer == null))"
-                                                @click="enviar"
-                                            />
-                                        </div>
-                                    </div>
-                                </div>
-                            </main>
+                <!-- Hero: loaded -->
+                <header v-else-if="inviteInfo" class="cpe-hero">
+                    <div class="cpe-hero__eyebrow">Você foi convidado(a) por</div>
+                    <div class="cpe-hero__identity">
+                        <div class="cpe-hero__avatar-wrap">
+                            <img
+                                v-if="heroAvatar"
+                                :src="heroAvatar"
+                                :alt="heroDisplayName"
+                                class="cpe-hero__avatar"
+                                @error="heroAvatarFailed = true"
+                            />
+                            <div v-else class="cpe-hero__avatar cpe-hero__avatar--initials">{{ heroInitials }}</div>
+                            <div v-if="hasBothLogos" class="cpe-hero__logo-badge" :title="heroClinic?.name || ''">
+                                <img :src="heroClinicLogo" alt="" @error="heroLogoFailed = true" />
+                            </div>
+                        </div>
+                        <div class="cpe-hero__content">
+                            <div v-if="heroClinic?.name" class="cpe-hero__clinic">{{ heroClinic.name }}</div>
+                            <h1 class="cpe-hero__title">
+                                <span>{{ heroFirstName }}</span>
+                                <span v-if="heroLastName" class="cpe-accent">{{ heroLastName }}</span>
+                            </h1>
+                            <div v-if="heroWorkLabel" class="cpe-hero__work">{{ heroWorkLabel }}</div>
+                            <p v-if="heroTherapist?.bio" class="cpe-hero__bio">{{ heroTherapist.bio }}</p>
+                            <div v-if="heroContactChips.length" class="cpe-hero__contacts">
+                                <a
+                                    v-for="chip in heroContactChips"
+                                    :key="chip.icon + chip.label"
+                                    :href="chip.href"
+                                    :target="chip.external ? '_blank' : '_self'"
+                                    :rel="chip.external ? 'noopener noreferrer' : undefined"
+                                    class="cpe-hero__contact"
+                                >
+                                    <i :class="chip.icon" />
+                                    <span>{{ chip.label }}</span>
+                                </a>
+                            </div>
                         </div>
                     </div>
+                </header>
+
+                <!-- Hero: fallback -->
+                <header v-else class="cpe-hero cpe-hero--bare">
+                    <div class="cpe-hero__eyebrow">Pré-cadastro</div>
+                    <h1 class="cpe-hero__title">
+                        <span>Vamos nos</span>
+                        <span class="cpe-accent">conhecer</span>
+                    </h1>
+                    <p class="cpe-hero__bio cpe-hero__bio--standalone">Preencha seus dados no seu tempo. Leva poucos minutos.</p>
+                </header>
+
+                <!-- STEPPER -->
+                <div class="cpe-stepper">
+                    <template v-for="(step, i) in STEPS" :key="step.key">
+                        <button
+                            type="button"
+                            class="cpe-stepper__item"
+                            :class="{
+                                'is-active': currentStep === i,
+                                'is-done': currentStep > i,
+                                'is-locked': i > farthestStep
+                            }"
+                            :disabled="i > farthestStep"
+                            :style="{ '--c': step.color, '--c-dim': step.colorDim, '--c-border': step.colorBorder }"
+                            @click="goToStep(i)"
+                        >
+                            <span class="cpe-stepper__num">{{ pad2(i + 1) }}</span>
+                            <span class="cpe-stepper__label">{{ step.short }}</span>
+                            <i v-if="currentStep > i" class="cpe-stepper__check pi pi-check" />
+                        </button>
+                        <span v-if="i < STEPS.length - 1" class="cpe-stepper__line" :class="{ 'is-done': currentStep > i }" />
+                    </template>
                 </div>
 
-                <!-- subtle footer -->
-                <div class="mt-4 text-center text-xs text-slate-400">Ao enviar, você confirma que está fornecendo informações verdadeiras e que autoriza o contato.</div>
-            </div>
+                <!-- STEP CARD -->
+                <article
+                    class="cpe-card"
+                    :style="{
+                        '--c': currentStepData.color,
+                        '--c-dim': currentStepData.colorDim,
+                        '--c-border': currentStepData.colorBorder
+                    }"
+                >
+                    <div class="cpe-card__num" aria-hidden="true">{{ pad2(currentStep + 1) }}</div>
+                    <div class="cpe-card__shine" aria-hidden="true" />
+
+                    <div class="cpe-card__head">
+                        <span class="cpe-card__tag">Etapa {{ currentStep + 1 }} de {{ STEPS.length }}</span>
+                        <span class="cpe-card__progress-txt">{{ progressPct }}%</span>
+                    </div>
+
+                    <div class="cpe-card__body">
+                        <h2 class="cpe-card__title">
+                            <span>{{ currentStepData.titleA }}</span>
+                            <span class="cpe-accent">{{ currentStepData.titleB }}</span>
+                        </h2>
+                        <p class="cpe-card__desc">{{ currentStepData.desc }}</p>
+
+                        <!-- STEP 0 -->
+                        <div v-if="currentStep === 0" class="cpe-fields">
+                            <div class="cpe-field cpe-field--full">
+                                <label class="cpe-field__label" for="f_nome">Nome completo <span class="cpe-req">*</span></label>
+                                <InputText id="f_nome" v-model="form.nome_completo" placeholder="Como você se chama?" class="cpe-input" :disabled="salvando" />
+                                <span v-if="errors.nome_completo" class="cpe-field__err">{{ errors.nome_completo }}</span>
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_email">E-mail principal <span class="cpe-req">*</span></label>
+                                <InputText id="f_email" v-model="form.email_principal" placeholder="seu@email.com" class="cpe-input" :disabled="salvando" />
+                                <span v-if="errors.email_principal" class="cpe-field__err">{{ errors.email_principal }}</span>
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_tel">Telefone / WhatsApp <span class="cpe-req">*</span></label>
+                                <InputMask id="f_tel" v-model="form.telefone" mask="(99) 99999-9999" placeholder="(00) 00000-0000" class="cpe-input" :disabled="salvando" />
+                                <span v-if="errors.telefone" class="cpe-field__err">{{ errors.telefone }}</span>
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_nasc">Data de nascimento</label>
+                                <InputMask id="f_nasc" v-model="form.data_nascimento" mask="99-99-9999" placeholder="DD-MM-AAAA" class="cpe-input" :disabled="salvando" />
+                            </div>
+                        </div>
+
+                        <!-- STEP 1 -->
+                        <div v-else-if="currentStep === 1" class="cpe-fields">
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_cpf">CPF</label>
+                                <InputMask id="f_cpf" v-model="form.cpf" mask="999.999.999-99" placeholder="000.000.000-00" class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_rg">RG</label>
+                                <InputMask id="f_rg" v-model="form.rg" mask="99.999.999-9" placeholder="00.000.000-0" class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_genero">Gênero</label>
+                                <Select id="f_genero" v-model="form.genero" :options="GENDER_OPTIONS" optionLabel="label" optionValue="value" placeholder="Selecione" showClear class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_civil">Estado civil</label>
+                                <Select id="f_civil" v-model="form.estado_civil" :options="MARITAL_OPTIONS" optionLabel="label" optionValue="value" placeholder="Selecione" showClear class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_nacional">Nacionalidade</label>
+                                <InputText id="f_nacional" v-model="form.nacionalidade" placeholder="Brasileira" class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_natural">Naturalidade (onde nasceu)</label>
+                                <InputText id="f_natural" v-model="form.naturalidade" placeholder="Cidade de nascimento" class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_escola">Escolaridade</label>
+                                <InputText id="f_escola" v-model="form.escolaridade" placeholder="Ex: Superior completo" class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_profi">Profissão</label>
+                                <InputText id="f_profi" v-model="form.profissao" placeholder="Sua profissão" class="cpe-input" :disabled="salvando" />
+                            </div>
+                        </div>
+
+                        <!-- STEP 2 -->
+                        <div v-else-if="currentStep === 2" class="cpe-fields">
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_cep">CEP</label>
+                                <InputMask id="f_cep" v-model="form.cep" mask="99999-999" placeholder="00000-000" class="cpe-input" :disabled="salvando" @blur="onCepBlur" @keyup.enter="onCepBlur" />
+                                <span v-if="cepLoading" class="cpe-field__hint">Consultando…</span>
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_pais">País</label>
+                                <InputText id="f_pais" v-model="form.pais" class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_cidade">Cidade</label>
+                                <InputText id="f_cidade" v-model="form.cidade" class="cpe-input" :disabled="addressLocked" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_estado">Estado</label>
+                                <InputText id="f_estado" v-model="form.estado" class="cpe-input" :disabled="addressLocked" />
+                            </div>
+                            <div class="cpe-field cpe-field--full">
+                                <label class="cpe-field__label" for="f_end">Endereço</label>
+                                <InputText id="f_end" v-model="form.endereco" placeholder="Rua, avenida…" class="cpe-input" :disabled="addressLocked" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_num">Número</label>
+                                <InputText id="f_num" v-model="form.numero" class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_bairro">Bairro</label>
+                                <InputText id="f_bairro" v-model="form.bairro" class="cpe-input" :disabled="addressLocked" />
+                            </div>
+                            <div class="cpe-field cpe-field--full">
+                                <label class="cpe-field__label" for="f_compl">Complemento</label>
+                                <InputText id="f_compl" v-model="form.complemento" placeholder="Apto, bloco…" class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_mailalt">E-mail alternativo</label>
+                                <InputText id="f_mailalt" v-model="form.email_alternativo" placeholder="alternativo@email.com" class="cpe-input" :disabled="salvando" />
+                                <span v-if="errors.email_alternativo" class="cpe-field__err">{{ errors.email_alternativo }}</span>
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_telalt">Telefone alternativo</label>
+                                <InputMask id="f_telalt" v-model="form.telefone_alternativo" mask="(99) 99999?-9999" placeholder="(00) 00000-0000" class="cpe-input" :disabled="salvando" />
+                            </div>
+                        </div>
+
+                        <!-- STEP 3 -->
+                        <div v-else-if="currentStep === 3" class="cpe-fields">
+                            <div class="cpe-fields__section">Contatos & origem</div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_onde">Como nos conheceu?</label>
+                                <InputText id="f_onde" v-model="form.onde_nos_conheceu" placeholder="Instagram, Google, indicação…" class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_encam">Encaminhado por</label>
+                                <InputText id="f_encam" v-model="form.encaminhado_por" placeholder="Nome de quem te indicou" class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field cpe-field--full">
+                                <label class="cpe-field__label" for="f_obs">Observações</label>
+                                <Textarea id="f_obs" v-model="form.observacoes" rows="3" autoResize placeholder="Algo que queira compartilhar" class="cpe-input" :disabled="salvando" />
+                            </div>
+
+                            <div class="cpe-fields__section">Contato de apoio (opcional)</div>
+                            <div class="cpe-field cpe-field--full">
+                                <label class="cpe-field__label" for="f_par">Nome de um parente</label>
+                                <InputText id="f_par" v-model="form.nome_parente" placeholder="Alguém próximo" class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_gpar">Parentesco</label>
+                                <InputText id="f_gpar" v-model="form.grau_parentesco" placeholder="Mãe, irmã, etc." class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_tpar">Telefone do parente</label>
+                                <InputMask id="f_tpar" v-model="form.telefone_parente" mask="(99) 99999?-9999" placeholder="(00) 00000-0000" class="cpe-input" :disabled="salvando" />
+                            </div>
+
+                            <div class="cpe-fields__section">Responsável (se menor de idade)</div>
+                            <div class="cpe-field cpe-field--full">
+                                <label class="cpe-field__label" for="f_resp">Nome do responsável</label>
+                                <InputText id="f_resp" v-model="form.nome_responsavel" class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_cpfresp">CPF do responsável</label>
+                                <InputMask id="f_cpfresp" v-model="form.cpf_responsavel" mask="999.999.999-99" class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field">
+                                <label class="cpe-field__label" for="f_telresp">Telefone do responsável</label>
+                                <InputMask id="f_telresp" v-model="form.telefone_responsavel" mask="(99) 99999-9999" class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-field cpe-field--full">
+                                <label class="cpe-field__label" for="f_obsresp">Observação do responsável</label>
+                                <Textarea id="f_obsresp" v-model="form.observacao_responsavel" rows="2" autoResize class="cpe-input" :disabled="salvando" />
+                            </div>
+                            <div class="cpe-check cpe-check--alt cpe-field--full">
+                                <Checkbox v-model="form.cobranca_no_responsavel" :binary="true" inputId="cobranca_responsavel" :disabled="salvando" />
+                                <label for="cobranca_responsavel" class="cpe-check__label">
+                                    <span class="cpe-check__title">Permitir cobranças no nome do responsável?</span>
+                                    <span class="cpe-check__sub">O sistema poderá usar nome e CPF do responsável nas cobranças.</span>
+                                </label>
+                            </div>
+
+                            <div class="cpe-fields__section cpe-fields__section--accent">Consentimento <span class="cpe-req">*</span></div>
+                            <div class="cpe-check cpe-field--full">
+                                <Checkbox v-model="consent" :binary="true" inputId="ext_consent" :disabled="salvando" />
+                                <label for="ext_consent" class="cpe-check__label">
+                                    <span class="cpe-check__title">Concordo em enviar meus dados para o terapeuta.</span>
+                                    <span class="cpe-check__sub">
+                                        Usados apenas para contato e organização do atendimento.
+                                        <button type="button" class="cpe-link" @click="policyOpen = true">Ver política de privacidade</button>
+                                    </span>
+                                </label>
+                            </div>
+                            <div v-if="errors.consentimento" class="cpe-field__err cpe-field--full">
+                                {{ errors.consentimento }}
+                            </div>
+
+                            <div v-if="captchaRequired" class="cpe-field--full">
+                                <MathCaptchaChallenge v-model:id="captchaId" v-model:answer="captchaAnswer" />
+                            </div>
+                        </div>
+                    </div>
+
+                    <!-- Foot -->
+                    <div class="cpe-card__foot">
+                        <div class="cpe-card__progress">
+                            <div class="cpe-card__progress-bar" :style="{ width: progressPct + '%' }" />
+                        </div>
+                        <div class="cpe-card__actions">
+                            <button v-if="currentStep > 0" type="button" class="cpe-btn cpe-btn--ghost" :disabled="salvando" @click="goPrevStep">
+                                <i class="pi pi-arrow-left" /> Voltar
+                            </button>
+                            <span class="cpe-card__actions-space" />
+                            <button
+                                v-if="currentStep < STEPS.length - 1"
+                                type="button"
+                                class="cpe-btn cpe-btn--primary"
+                                :disabled="!canAdvance || salvando"
+                                @click="goNextStep"
+                            >
+                                Continuar <i class="pi pi-arrow-right" />
+                            </button>
+                            <button
+                                v-else
+                                type="button"
+                                class="cpe-btn cpe-btn--send"
+                                :disabled="!canSubmit || salvando || (captchaRequired && (!captchaId || captchaAnswer == null))"
+                                @click="enviar"
+                            >
+                                <i v-if="salvando" class="pi pi-spin pi-spinner" />
+                                <i v-else class="pi pi-send" />
+                                {{ salvando ? 'Enviando…' : 'Enviar cadastro' }}
+                            </button>
+                        </div>
+                    </div>
+                </article>
+
+                <!-- Meta + DEV -->
+                <div class="cpe-meta">
+                    <span class="cpe-meta__item"><i class="pi pi-lock" /> Seus dados são usados apenas para contato.</span>
+                    <button type="button" class="cpe-meta__link" @click="policyOpen = true">Política de privacidade</button>
+                </div>
+
+                <div v-if="isDev" class="cpe-dev">
+                    <button type="button" class="cpe-btn cpe-btn--xs" @click="preencherMock">
+                        <i class="pi pi-bolt" /> [DEV] Preencher exemplo
+                    </button>
+                </div>
+            </template>
+
+            <!-- FOOTER -->
+            <footer class="cpe-footer">
+                <span class="cpe-footer__psi">Ψ</span>
+                Agência PSI · Tecnologia aplicada à escuta
+            </footer>
         </div>
 
-        <!-- A#25: Política de privacidade (dialog inline) -->
-        <Dialog
-            v-model:visible="policyOpen"
-            modal
-            header="Política de privacidade"
-            :style="{ width: '92vw', maxWidth: '720px' }"
-            :breakpoints="{ '640px': '96vw' }"
-            :draggable="false"
-            :dismissableMask="true"
-        >
+        <!-- Honeypot global (sempre no DOM, fora do step) -->
+        <div class="cpe-hp" aria-hidden="true">
+            <label for="ext_website">Não preencha este campo</label>
+            <input id="ext_website" v-model="honeypot" type="text" tabindex="-1" autocomplete="off" />
+        </div>
+
+        <!-- LGPD Dialog -->
+        <Dialog v-model:visible="policyOpen" modal header="Política de privacidade" :style="{ width: '92vw', maxWidth: '720px' }" :breakpoints="{ '640px': '96vw' }" :draggable="false" :dismissableMask="true">
             <div class="text-sm leading-relaxed text-[var(--text-color)] space-y-4">
                 <section>
                     <h3 class="text-base font-semibold">Finalidade do tratamento</h3>
                     <p>Seus dados pessoais são coletados exclusivamente para viabilizar o contato do terapeuta com você e organizar o atendimento clínico. Não são usados para marketing, compartilhamento com terceiros ou perfilamento.</p>
                 </section>
-
                 <section>
                     <h3 class="text-base font-semibold">Dados coletados</h3>
                     <ul class="list-disc pl-5 space-y-1">
@@ -1169,20 +968,16 @@ watch(
                         <li>Contexto: profissão, escolaridade, parente/responsável, origem do contato, observações que você optar por fornecer.</li>
                     </ul>
                 </section>
-
                 <section>
                     <h3 class="text-base font-semibold">Base legal (LGPD)</h3>
-                    <p>Tratamos seus dados com base no <b>consentimento</b> que você fornece ao marcar a caixa correspondente (Art. 7º, I da Lei 13.709/2018), e quando aplicável, também com base na execução de contrato de prestação de serviço terapêutico (Art. 7º, V).</p>
+                    <p>Tratamos seus dados com base no <b>consentimento</b> (Art. 7º, I da Lei 13.709/2018), e quando aplicável, execução de contrato de prestação de serviço terapêutico (Art. 7º, V).</p>
                 </section>
-
                 <section>
                     <h3 class="text-base font-semibold">Retenção</h3>
-                    <p>Dados de pré-cadastro são mantidos pelo tempo necessário para a conversão em paciente (ou descarte, se não houver andamento). Após início do vínculo terapêutico, seguem as regras aplicáveis ao prontuário clínico (Resolução CFP 001/2009: no mínimo 5 anos após último atendimento).</p>
+                    <p>Dados de pré-cadastro são mantidos pelo tempo necessário para a conversão em paciente (ou descarte, se não houver andamento). Após início do vínculo terapêutico, seguem as regras do prontuário clínico (Resolução CFP 001/2009: mín. 5 anos após último atendimento).</p>
                 </section>
-
                 <section>
                     <h3 class="text-base font-semibold">Seus direitos</h3>
-                    <p>A qualquer momento você pode solicitar, sem custo:</p>
                     <ul class="list-disc pl-5 space-y-1">
                         <li>Confirmação da existência de tratamento;</li>
                         <li>Acesso aos seus dados;</li>
@@ -1194,20 +989,456 @@ watch(
                     </ul>
                     <p class="mt-2">Para exercer qualquer desses direitos, entre em contato diretamente com o profissional que enviou este link.</p>
                 </section>
-
                 <section>
                     <h3 class="text-base font-semibold">Segurança</h3>
-                    <p>Adotamos medidas técnicas (criptografia em trânsito, controle de acesso, registros de auditoria) e administrativas para proteger seus dados. Ainda assim, nenhum sistema é 100% seguro — comprometa apenas o estritamente necessário.</p>
+                    <p>Adotamos medidas técnicas (criptografia em trânsito, controle de acesso, registros de auditoria) e administrativas para proteger seus dados.</p>
                 </section>
-
                 <section class="text-xs text-[var(--text-color-secondary)]">
-                    <p>Esta política pode ser atualizada. Data da última revisão: 18/04/2026.</p>
+                    <p>Data da última revisão: 18/04/2026.</p>
                 </section>
             </div>
-
             <template #footer>
                 <Button label="Entendi" icon="pi pi-check" @click="policyOpen = false" />
             </template>
         </Dialog>
     </div>
 </template>
+
+<style scoped>
+/* ══════════════════════════════════════════════════ */
+/*  TOKENS (HomeCards DNA — claro default, escuro opt-in) */
+/* ══════════════════════════════════════════════════ */
+.cpe-root {
+    /* CORES BASE — modo CLARO (padrão) */
+    --bg: #fafafb;
+    --surface: #ffffff;
+    --surface-2: #f4f4f8;
+    --border: rgba(10, 10, 20, 0.09);
+    --border-2: rgba(10, 10, 20, 0.16);
+    --text: #1a1a22;
+    --muted: rgba(26, 26, 34, 0.62);
+    --dim: rgba(26, 26, 34, 0.38);
+    --overlay: rgba(10, 10, 20, 0.04);
+    --overlay-2: rgba(10, 10, 20, 0.08);
+    --line: rgba(10, 10, 20, 0.06);
+    --btn-text: #0a0a0d;
+    --noise-opacity: 0.35;
+    --spot-a: rgba(124, 106, 247, 0.1);
+    --spot-b: rgba(74, 222, 128, 0.08);
+    --clinic-accent: #16a34a;
+    --err-text: #b91c1c;
+    --err-bg: rgba(244, 63, 94, 0.08);
+    --err-border: rgba(244, 63, 94, 0.28);
+    --num-opacity: 0.11;
+    --scrim: rgba(255, 255, 255, 0.4);
+
+    /* CORES FIXAS (iguais em ambos) */
+    --primary: #7c6af7;
+    --r: 14px;
+    --r-lg: 24px;
+    --r-xl: 32px;
+
+    font-family: 'DM Sans', system-ui, -apple-system, sans-serif;
+    background: var(--bg);
+    color: var(--text);
+    min-height: 100vh;
+    position: relative;
+    overflow-x: hidden;
+    transition: background 0.3s ease, color 0.3s ease;
+}
+
+/* Modo ESCURO (opt-in via classe) */
+.cpe-root.is-dark {
+    --bg: #0d0d10;
+    --surface: #131317;
+    --surface-2: #191920;
+    --border: rgba(255, 255, 255, 0.07);
+    --border-2: rgba(255, 255, 255, 0.12);
+    --text: #eeeef2;
+    --muted: rgba(238, 238, 242, 0.55);
+    --dim: rgba(238, 238, 242, 0.25);
+    --overlay: rgba(255, 255, 255, 0.04);
+    --overlay-2: rgba(255, 255, 255, 0.08);
+    --line: rgba(255, 255, 255, 0.06);
+    --btn-text: #0a0a0d;
+    --noise-opacity: 0.6;
+    --spot-a: rgba(124, 106, 247, 0.14);
+    --spot-b: rgba(74, 222, 128, 0.09);
+    --clinic-accent: #4ade80;
+    --err-text: #fda4af;
+    --err-bg: rgba(244, 63, 94, 0.08);
+    --err-border: rgba(244, 63, 94, 0.2);
+    --num-opacity: 0.06;
+    --scrim: rgba(0, 0, 0, 0.2);
+}
+
+/* BG */
+.cpe-bg { position: fixed; inset: 0; pointer-events: none; z-index: 0; overflow: hidden; }
+.cpe-bg__noise {
+    position: absolute; inset: 0; opacity: var(--noise-opacity);
+    background-image: url("data:image/svg+xml,%3Csvg viewBox='0 0 256 256' xmlns='http://www.w3.org/2000/svg'%3E%3Cfilter id='n'%3E%3CfeTurbulence type='fractalNoise' baseFrequency='0.9' numOctaves='4' stitchTiles='stitch'/%3E%3C/filter%3E%3Crect width='100%25' height='100%25' filter='url(%23n)' opacity='0.04'/%3E%3C/svg%3E");
+    background-size: 256px 256px;
+}
+.cpe-bg__line { position: absolute; left: 0; right: 0; height: 1px; background: linear-gradient(90deg, transparent, var(--line), transparent); }
+.cpe-bg__line--1 { top: 220px; }
+.cpe-bg__line--2 { top: 52%; }
+.cpe-bg__line--3 { bottom: 200px; }
+.cpe-bg__spot { position: absolute; border-radius: 50%; filter: blur(110px); }
+.cpe-bg__spot--a { width: 720px; height: 720px; top: -220px; right: -220px; background: radial-gradient(circle, var(--spot-a), transparent 65%); animation: cpe-flt 22s ease-in-out infinite alternate; }
+.cpe-bg__spot--b { width: 640px; height: 640px; bottom: -160px; left: -180px; background: radial-gradient(circle, var(--spot-b), transparent 65%); animation: cpe-flt 28s ease-in-out infinite alternate-reverse; }
+@keyframes cpe-flt { from { transform: translate(0,0) scale(1); } to { transform: translate(40px,30px) scale(1.08); } }
+
+/* LAYOUT */
+.cpe-wrap {
+    position: relative; z-index: 1;
+    max-width: 960px; margin: 0 auto;
+    padding: 24px 20px 60px;
+    display: flex; flex-direction: column; gap: 32px;
+}
+
+/* NAV */
+.cpe-nav { display: flex; align-items: center; justify-content: space-between; animation: cpe-fadeUp 0.4s ease both; }
+.cpe-nav__brand { display: flex; align-items: center; gap: 10px; }
+.cpe-nav__logo { font-size: 1.5rem; font-weight: 700; color: var(--primary); line-height: 1; text-shadow: 0 0 20px rgba(124,106,247,0.5); }
+.cpe-nav__name { font-size: 0.9rem; font-weight: 600; letter-spacing: -0.01em; opacity: 0.85; }
+.cpe-nav__right { display: flex; align-items: center; gap: 10px; }
+.cpe-nav__chip {
+    display: inline-flex; align-items: center; gap: 6px;
+    font-size: 0.7rem; font-weight: 600;
+    padding: 5px 12px; border-radius: 100px;
+    border: 1px solid var(--border); background: var(--overlay);
+}
+.cpe-nav__chip--ok { color: #16a34a; border-color: rgba(22,163,74,0.28); background: rgba(22,163,74,0.08); }
+.cpe-root.is-dark .cpe-nav__chip--ok { color: #4ade80; border-color: rgba(74,222,128,0.25); background: rgba(74,222,128,0.08); }
+.cpe-nav__chip--err { color: #dc2626; border-color: rgba(220,38,38,0.28); background: rgba(220,38,38,0.08); }
+.cpe-root.is-dark .cpe-nav__chip--err { color: #f43f5e; border-color: rgba(244,63,94,0.25); background: rgba(244,63,94,0.08); }
+.cpe-nav__chip i { font-size: 0.68rem; }
+
+.cpe-nav__theme {
+    display: inline-grid; place-items: center;
+    width: 34px; height: 34px; border-radius: 10px;
+    background: var(--overlay); border: 1px solid var(--border);
+    color: var(--muted); cursor: pointer; font-size: 0.85rem;
+    transition: all 0.18s cubic-bezier(0.22, 1, 0.36, 1);
+}
+.cpe-nav__theme:hover { background: var(--overlay-2); color: var(--text); border-color: var(--border-2); transform: translateY(-1px); }
+.cpe-nav__theme:active { transform: translateY(0); }
+
+/* ACCENT gradient */
+.cpe-accent {
+    color: transparent;
+    background: linear-gradient(135deg, #a78bfa, #60a5fa 50%, #4ade80);
+    -webkit-background-clip: text;
+    background-clip: text;
+}
+
+/* HERO */
+.cpe-hero { animation: cpe-fadeUp 0.5s ease both; }
+.cpe-hero__eyebrow { font-size: 0.68rem; font-weight: 700; text-transform: uppercase; letter-spacing: 0.16em; color: var(--primary); opacity: 0.75; margin-bottom: 14px; }
+.cpe-hero__identity { display: flex; gap: 22px; align-items: flex-start; }
+.cpe-hero__avatar-wrap { position: relative; flex: 0 0 auto; }
+.cpe-hero__avatar { width: 96px; height: 96px; border-radius: 24px; object-fit: cover; border: 1px solid rgba(255,255,255,0.15); box-shadow: 0 12px 40px -12px rgba(124,106,247,0.4); display: grid; place-items: center; }
+.cpe-hero__avatar--initials {
+    font-size: 2rem; font-weight: 700; letter-spacing: -0.02em;
+    background: linear-gradient(135deg, rgba(167,139,250,0.3), rgba(96,165,250,0.3), rgba(74,222,128,0.3));
+    color: var(--text);
+}
+.cpe-hero__logo-badge { position: absolute; bottom: -6px; right: -6px; width: 36px; height: 36px; border-radius: 12px; border: 2px solid var(--bg); background: #fff; overflow: hidden; box-shadow: 0 6px 20px -6px rgba(0,0,0,0.5); }
+.cpe-hero__logo-badge img { width: 100%; height: 100%; object-fit: contain; padding: 3px; }
+.cpe-hero__content { min-width: 0; flex: 1; }
+.cpe-hero__clinic { font-size: 0.68rem; font-weight: 700; text-transform: uppercase; letter-spacing: 0.14em; color: var(--clinic-accent); opacity: 0.92; margin-bottom: 6px; }
+.cpe-hero__title { display: flex; flex-wrap: wrap; gap: 0 14px; margin: 0; font-size: clamp(2rem, 4.5vw, 2.8rem); font-weight: 700; letter-spacing: -0.04em; line-height: 1.05; }
+.cpe-hero__work { margin-top: 8px; font-size: 0.85rem; color: var(--muted); }
+.cpe-hero__bio {
+    margin: 12px 0 0; font-size: 0.88rem; line-height: 1.65; color: var(--muted); max-width: 560px;
+    display: -webkit-box; -webkit-line-clamp: 3; -webkit-box-orient: vertical; overflow: hidden;
+}
+.cpe-hero__bio--standalone { max-width: 480px; }
+.cpe-hero__contacts { margin-top: 14px; display: flex; flex-wrap: wrap; gap: 8px; }
+.cpe-hero__contact {
+    display: inline-flex; align-items: center; gap: 7px;
+    padding: 6px 12px; border-radius: 100px;
+    background: var(--overlay); border: 1px solid var(--border);
+    color: var(--muted); font-size: 0.72rem; text-decoration: none;
+    transition: all 0.15s; max-width: 320px;
+}
+.cpe-hero__contact:hover { background: var(--overlay-2); color: var(--text); border-color: var(--border-2); }
+.cpe-hero__contact span { overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
+.cpe-hero__contact i { font-size: 0.7rem; }
+.cpe-hero__skel { display: flex; gap: 22px; align-items: flex-start; animation: cpe-pulse 1.4s ease-in-out infinite; }
+.cpe-hero__skel-avatar { width: 96px; height: 96px; border-radius: 24px; background: var(--overlay-2); }
+.cpe-hero__skel-lines { flex: 1; display: flex; flex-direction: column; gap: 10px; padding-top: 8px; }
+.cpe-hero__skel-line { height: 14px; background: var(--overlay-2); border-radius: 6px; }
+@keyframes cpe-pulse { 0%,100%{opacity:.5;} 50%{opacity:1;} }
+
+@media (max-width: 600px) {
+    .cpe-hero__identity { flex-direction: column; gap: 16px; }
+    .cpe-hero__avatar, .cpe-hero__skel-avatar { width: 80px; height: 80px; border-radius: 20px; }
+}
+
+/* STATE (error / success) */
+.cpe-state {
+    border: 1px solid var(--border); border-radius: var(--r-xl);
+    background: var(--surface); padding: 48px 32px;
+    text-align: center; animation: cpe-fadeUp 0.5s ease both;
+}
+.cpe-state__icon {
+    width: 56px; height: 56px; border-radius: 16px; margin: 0 auto 16px;
+    display: grid; place-items: center; font-size: 1.3rem;
+    background: linear-gradient(135deg, rgba(74,222,128,0.2), rgba(96,165,250,0.2));
+    border: 1px solid rgba(74,222,128,0.3); color: #4ade80;
+}
+.cpe-state__eyebrow { font-size: 0.68rem; font-weight: 700; text-transform: uppercase; letter-spacing: 0.16em; margin-bottom: 12px; opacity: 0.7; }
+.cpe-state--error .cpe-state__eyebrow { color: #f43f5e; }
+.cpe-state--success .cpe-state__eyebrow { color: #4ade80; }
+.cpe-state__title { display: flex; flex-wrap: wrap; justify-content: center; gap: 0 14px; margin: 0 0 14px; font-size: clamp(2rem, 4.5vw, 2.8rem); font-weight: 700; letter-spacing: -0.04em; line-height: 1.1; }
+.cpe-state__sub { margin: 0 auto; max-width: 480px; font-size: 0.92rem; line-height: 1.6; color: var(--muted); }
+
+/* STEPPER */
+.cpe-stepper { display: flex; align-items: center; gap: 4px; animation: cpe-fadeUp 0.5s ease both; }
+.cpe-stepper__item {
+    display: inline-flex; align-items: center; gap: 10px;
+    padding: 8px 16px; border-radius: 100px;
+    background: var(--overlay); border: 1px solid var(--border);
+    color: var(--muted); cursor: pointer;
+    font-family: inherit; font-size: 0.78rem; font-weight: 500;
+    transition: all 0.18s cubic-bezier(0.22, 1, 0.36, 1);
+    flex-shrink: 0;
+}
+.cpe-stepper__item:hover:not(.is-locked):not(.is-active) { background: var(--overlay-2); color: var(--text); }
+.cpe-stepper__item.is-active { background: var(--c-dim); border-color: var(--c-border); color: var(--c); }
+.cpe-stepper__item.is-done { color: var(--c); border-color: var(--c-border); background: var(--overlay); }
+.cpe-stepper__item.is-locked { opacity: 0.4; cursor: not-allowed; }
+.cpe-stepper__num { font-size: 0.72rem; font-weight: 700; opacity: 0.75; }
+.cpe-stepper__label { font-weight: 600; letter-spacing: -0.01em; }
+.cpe-stepper__check { font-size: 0.72rem; }
+.cpe-stepper__line { flex: 1; min-width: 10px; height: 1px; background: var(--border); transition: background 0.2s; }
+.cpe-stepper__line.is-done { background: rgba(167,139,250,0.4); }
+@media (max-width: 640px) {
+    .cpe-stepper__label { display: none; }
+    .cpe-stepper__item { padding: 6px 12px; }
+    .cpe-stepper__line { flex: 1; min-width: 6px; }
+}
+
+/* STEP CARD */
+.cpe-card {
+    position: relative; overflow: hidden;
+    border: 1px solid var(--border); border-radius: var(--r-xl);
+    background: var(--surface);
+    transition: border-color 0.22s ease;
+    animation: cpe-fadeUp 0.45s ease both;
+}
+.cpe-card:hover { border-color: var(--c-border); }
+.cpe-card__num {
+    position: absolute; top: 24px; right: 32px;
+    font-size: 7rem; font-weight: 900; letter-spacing: -0.08em; line-height: 0.85;
+    color: var(--c); opacity: var(--num-opacity); pointer-events: none; user-select: none;
+}
+.cpe-card__shine {
+    position: absolute; inset: 0; border-radius: inherit; pointer-events: none; opacity: 0.5;
+    background: radial-gradient(ellipse at 15% 0%, var(--c-dim), transparent 60%);
+}
+.cpe-card__head { position: relative; display: flex; align-items: center; justify-content: space-between; padding: 24px 28px 0; }
+.cpe-card__tag {
+    display: inline-flex; align-items: center; padding: 4px 11px; border-radius: 100px;
+    background: var(--c-dim); border: 1px solid var(--c-border);
+    color: var(--c); font-size: 0.65rem; font-weight: 700;
+    text-transform: uppercase; letter-spacing: 0.12em;
+}
+.cpe-card__progress-txt { font-size: 0.72rem; font-weight: 600; color: var(--muted); font-variant-numeric: tabular-nums; }
+.cpe-card__body { position: relative; padding: 24px 28px 28px; }
+.cpe-card__title {
+    display: flex; flex-wrap: wrap; gap: 0 14px; margin: 0 0 10px;
+    font-size: clamp(1.6rem, 3.8vw, 2.4rem);
+    font-weight: 700; letter-spacing: -0.04em; line-height: 1.05;
+}
+.cpe-card__desc { margin: 0 0 28px; font-size: 0.92rem; line-height: 1.6; color: var(--muted); max-width: 540px; }
+
+/* FIELDS */
+.cpe-fields { display: grid; grid-template-columns: 1fr 1fr; gap: 18px; }
+@media (max-width: 640px) { .cpe-fields { grid-template-columns: 1fr; gap: 14px; } }
+.cpe-field { display: flex; flex-direction: column; gap: 6px; min-width: 0; }
+.cpe-field--full { grid-column: 1 / -1; }
+.cpe-field__label { font-size: 0.72rem; font-weight: 600; color: var(--muted); letter-spacing: 0.01em; }
+.cpe-req { color: var(--c, var(--primary)); font-weight: 700; }
+.cpe-field__err {
+    font-size: 0.72rem; color: var(--err-text);
+    padding: 6px 10px; border-radius: 8px;
+    background: var(--err-bg); border: 1px solid var(--err-border);
+}
+.cpe-field__hint { font-size: 0.7rem; color: var(--muted); }
+
+.cpe-fields__section {
+    grid-column: 1 / -1;
+    font-size: 0.66rem; font-weight: 700;
+    text-transform: uppercase; letter-spacing: 0.16em;
+    color: var(--dim); padding-top: 10px;
+    border-top: 1px dashed var(--border);
+    margin-top: 6px;
+}
+.cpe-fields__section:first-child { border-top: none; padding-top: 0; margin-top: 0; }
+.cpe-fields__section--accent { color: var(--c); }
+
+/* PrimeVue tweaks (escopo .cpe-input) */
+.cpe-input {
+    width: 100% !important;
+    background: var(--surface-2) !important;
+    border: 1px solid var(--border) !important;
+    color: var(--text) !important;
+    border-radius: var(--r) !important;
+    padding: 12px 14px !important;
+    font-size: 0.88rem !important;
+    font-family: inherit !important;
+    transition: all 0.18s !important;
+}
+.cpe-input:hover:not(:disabled) { border-color: var(--border-2) !important; }
+.cpe-input:focus, .cpe-input:focus-visible, .cpe-input:focus-within {
+    border-color: var(--c, var(--primary)) !important;
+    outline: none !important;
+    box-shadow: 0 0 0 3px var(--c-dim, rgba(124,106,247,0.18)) !important;
+}
+.cpe-input:disabled { opacity: 0.55; }
+/* Select (wrapper div) */
+.cpe-input:is(.p-select) {
+    display: flex; align-items: center;
+    padding: 0 !important; min-height: 46px;
+}
+.cpe-input :deep(.p-select-label) { padding: 12px 14px !important; font-size: 0.88rem !important; color: var(--text) !important; }
+.cpe-input :deep(.p-select-dropdown) { color: var(--muted) !important; }
+.cpe-input :deep(.p-select-clear-icon) { color: var(--muted) !important; }
+/* Textarea */
+.cpe-input:is(textarea) { min-height: 72px; resize: vertical; line-height: 1.55; }
+
+/* Select overlay */
+.cpe-root :deep(.p-select-overlay) {
+    background: var(--surface) !important;
+    border: 1px solid var(--border) !important;
+    border-radius: var(--r) !important;
+    color: var(--text) !important;
+    box-shadow: 0 12px 40px -12px rgba(0, 0, 0, 0.2) !important;
+}
+.cpe-root :deep(.p-select-list) { padding: 6px !important; }
+.cpe-root :deep(.p-select-option) {
+    color: var(--text) !important;
+    border-radius: 10px !important;
+    padding: 10px 12px !important;
+}
+.cpe-root :deep(.p-select-option.p-focus),
+.cpe-root :deep(.p-select-option:hover) { background: var(--overlay-2) !important; }
+
+/* Checkbox */
+.cpe-check {
+    display: flex; align-items: flex-start; gap: 12px;
+    padding: 14px; border-radius: var(--r);
+    background: var(--overlay); border: 1px solid var(--border);
+    grid-column: 1 / -1;
+}
+.cpe-check--alt { background: transparent; border: 1px dashed var(--border); }
+.cpe-check__label { cursor: pointer; font-size: 0.82rem; color: var(--text); line-height: 1.5; flex: 1; }
+.cpe-check__title { display: block; font-weight: 600; }
+.cpe-check__sub { display: block; margin-top: 4px; font-size: 0.76rem; color: var(--muted); }
+.cpe-root :deep(.p-checkbox) { margin-top: 2px; }
+.cpe-root :deep(.p-checkbox .p-checkbox-box) {
+    background: var(--surface-2) !important;
+    border-color: var(--border-2) !important;
+    border-radius: 6px !important;
+    width: 20px; height: 20px;
+}
+.cpe-root :deep(.p-checkbox.p-highlight .p-checkbox-box) {
+    background: var(--c, var(--primary)) !important;
+    border-color: var(--c, var(--primary)) !important;
+}
+
+.cpe-link {
+    background: none; border: none; padding: 0;
+    color: var(--c, var(--primary)); font-size: 0.76rem;
+    cursor: pointer; text-decoration: underline; font-family: inherit;
+}
+.cpe-link:hover { filter: brightness(1.2); }
+
+/* Honeypot */
+.cpe-hp { position: absolute; left: -9999px; top: -9999px; }
+
+/* CARD FOOT */
+.cpe-card__foot {
+    position: relative; border-top: 1px solid var(--border);
+    padding: 18px 28px; display: flex; flex-direction: column; gap: 14px;
+    background: var(--overlay);
+}
+.cpe-card__progress { position: relative; height: 3px; width: 100%; background: var(--overlay-2); border-radius: 100px; overflow: hidden; }
+.cpe-card__progress-bar { height: 100%; border-radius: inherit; background: var(--c); transition: width 0.35s ease; }
+.cpe-card__actions { display: flex; align-items: center; gap: 10px; }
+.cpe-card__actions-space { flex: 1; }
+
+/* BUTTONS */
+.cpe-btn {
+    display: inline-flex; align-items: center; gap: 8px;
+    padding: 11px 20px; border-radius: 12px;
+    font-size: 0.85rem; font-weight: 600;
+    cursor: pointer; border: none; white-space: nowrap;
+    transition: all 0.18s cubic-bezier(0.22, 1, 0.36, 1);
+    font-family: inherit;
+}
+.cpe-btn:disabled { opacity: 0.4; cursor: not-allowed; }
+.cpe-btn--primary {
+    background: var(--c, var(--primary)); color: var(--btn-text);
+    box-shadow: 0 10px 36px -14px var(--c, var(--primary));
+}
+.cpe-btn--primary:hover:not(:disabled) { transform: translateY(-1px); filter: brightness(1.12); }
+.cpe-btn--send {
+    background: linear-gradient(135deg, #a78bfa, #60a5fa 50%, #4ade80);
+    color: var(--btn-text);
+    box-shadow: 0 14px 48px -14px rgba(124,106,247,0.6);
+    padding: 11px 24px;
+}
+.cpe-btn--send:hover:not(:disabled) { transform: translateY(-1px); filter: brightness(1.08); }
+.cpe-btn--ghost {
+    background: transparent; color: var(--muted);
+    border: 1px solid var(--border);
+}
+.cpe-btn--ghost:hover:not(:disabled) { background: var(--overlay); color: var(--text); border-color: var(--border-2); }
+.cpe-btn--xs {
+    padding: 6px 12px; font-size: 0.72rem; border-radius: 8px;
+    background: var(--overlay); color: var(--muted);
+    border: 1px solid var(--border);
+}
+.cpe-btn--xs:hover:not(:disabled) { background: var(--overlay-2); color: var(--text); }
+
+/* META / DEV / FOOTER */
+.cpe-meta {
+    display: flex; align-items: center; justify-content: space-between; flex-wrap: wrap; gap: 10px;
+    font-size: 0.76rem; color: var(--muted);
+}
+.cpe-meta__item { display: inline-flex; align-items: center; gap: 7px; }
+.cpe-meta__item i { opacity: 0.7; }
+.cpe-meta__link {
+    background: none; border: none; padding: 0; cursor: pointer;
+    color: var(--primary); font-size: 0.76rem; text-decoration: underline;
+    font-family: inherit;
+}
+.cpe-meta__link:hover { filter: brightness(1.2); }
+
+.cpe-dev { display: flex; justify-content: flex-end; padding-top: 4px; }
+
+.cpe-footer {
+    display: flex; align-items: center; justify-content: center;
+    gap: 8px; padding-top: 16px;
+    font-size: 0.72rem; color: var(--dim);
+}
+.cpe-footer__psi { font-weight: 700; color: var(--primary); opacity: 0.5; }
+
+/* ANIMS */
+@keyframes cpe-fadeUp {
+    from { opacity: 0; transform: translateY(14px); }
+    to { opacity: 1; transform: translateY(0); }
+}
+
+/* Mobile specifics for card */
+@media (max-width: 540px) {
+    .cpe-card__head, .cpe-card__body, .cpe-card__foot { padding-left: 20px; padding-right: 20px; }
+    .cpe-card__num { font-size: 5rem; top: 16px; right: 20px; }
+    .cpe-card__actions { flex-direction: column-reverse; align-items: stretch; }
+    .cpe-card__actions-space { display: none; }
+    .cpe-btn { width: 100%; justify-content: center; }
+}
+</style>
diff --git a/src/views/pages/saas/SaasAddonsPage.vue b/src/views/pages/saas/SaasAddonsPage.vue
index c978cb0..a31a7bf 100644
--- a/src/views/pages/saas/SaasAddonsPage.vue
+++ b/src/views/pages/saas/SaasAddonsPage.vue
@@ -275,6 +275,212 @@ async function loadTransactions() {
     if (data) transactions.value = data;
 }
 
+// ══════════════════════════════════════════════════════════════
+// ABA 4 — WhatsApp: Pacotes (CRUD whatsapp_credit_packages)
+// ══════════════════════════════════════════════════════════════
+const waPackages = ref([]);
+const waPackagesLoading = ref(false);
+const waPkgDialog = ref(false);
+const waEditingPkgId = ref(null);
+
+const emptyWaPkg = () => ({
+    name: '',
+    description: '',
+    credits: 100,
+    price_brl: 0,
+    is_active: true,
+    is_featured: false,
+    position: 100
+});
+
+const waPkgForm = ref(emptyWaPkg());
+
+async function loadWaPackages() {
+    waPackagesLoading.value = true;
+    try {
+        const { data, error } = await supabase
+            .from('whatsapp_credit_packages')
+            .select('*')
+            .order('position', { ascending: true })
+            .order('price_brl', { ascending: true });
+        if (error) throw error;
+        waPackages.value = data || [];
+    } catch (e) {
+        toast.add({ severity: 'error', summary: 'Erro', detail: e?.message, life: 4000 });
+    } finally {
+        waPackagesLoading.value = false;
+    }
+}
+
+function openNewWaPkg() {
+    waEditingPkgId.value = null;
+    waPkgForm.value = emptyWaPkg();
+    waPkgDialog.value = true;
+}
+
+function openEditWaPkg(row) {
+    waEditingPkgId.value = row.id;
+    waPkgForm.value = {
+        name: row.name || '',
+        description: row.description || '',
+        credits: row.credits,
+        price_brl: Number(row.price_brl) || 0,
+        is_active: row.is_active,
+        is_featured: row.is_featured,
+        position: row.position ?? 100
+    };
+    waPkgDialog.value = true;
+}
+
+function sanitizeWaPkg(f) {
+    return {
+        name: String(f.name || '').trim().slice(0, 100),
+        description: f.description ? String(f.description).trim().slice(0, 500) : null,
+        credits: Math.max(1, Math.round(Number(f.credits) || 0)),
+        price_brl: Math.max(0.01, Number(f.price_brl) || 0),
+        is_active: !!f.is_active,
+        is_featured: !!f.is_featured,
+        position: Math.max(0, Math.round(Number(f.position) || 100))
+    };
+}
+
+async function saveWaPkg() {
+    const clean = sanitizeWaPkg(waPkgForm.value);
+    if (!clean.name) { toast.add({ severity: 'warn', summary: 'Nome é obrigatório', life: 2500 }); return; }
+    if (clean.credits < 1) { toast.add({ severity: 'warn', summary: 'Créditos deve ser > 0', life: 2500 }); return; }
+    if (clean.price_brl <= 0) { toast.add({ severity: 'warn', summary: 'Preço deve ser > 0', life: 2500 }); return; }
+    try {
+        if (waEditingPkgId.value) {
+            const { error } = await supabase.from('whatsapp_credit_packages').update(clean).eq('id', waEditingPkgId.value);
+            if (error) throw error;
+            toast.add({ severity: 'success', summary: 'Pacote atualizado', life: 2000 });
+        } else {
+            const { error } = await supabase.from('whatsapp_credit_packages').insert(clean);
+            if (error) throw error;
+            toast.add({ severity: 'success', summary: 'Pacote criado', life: 2000 });
+        }
+        waPkgDialog.value = false;
+        await loadWaPackages();
+    } catch (e) {
+        toast.add({ severity: 'error', summary: 'Erro', detail: e?.message, life: 4000 });
+    }
+}
+
+function deleteWaPkg(row) {
+    confirm.require({
+        group: 'headless',
+        header: 'Remover pacote',
+        message: `Remover "${row.name}"? Compras existentes continuam válidas (FK SET NULL).`,
+        icon: 'pi-trash',
+        color: '#ef4444',
+        accept: async () => {
+            try {
+                const { error } = await supabase.from('whatsapp_credit_packages').delete().eq('id', row.id);
+                if (error) throw error;
+                toast.add({ severity: 'success', summary: 'Pacote removido', life: 2000 });
+                await loadWaPackages();
+            } catch (e) {
+                toast.add({ severity: 'error', summary: 'Erro', detail: e?.message, life: 4000 });
+            }
+        }
+    });
+}
+
+async function toggleWaPkgActive(row) {
+    try {
+        const { error } = await supabase.from('whatsapp_credit_packages').update({ is_active: !row.is_active }).eq('id', row.id);
+        if (error) throw error;
+        row.is_active = !row.is_active;
+    } catch (e) {
+        toast.add({ severity: 'error', summary: 'Erro', detail: e?.message, life: 4000 });
+    }
+}
+
+function formatBrl(v) {
+    return new Intl.NumberFormat('pt-BR', { style: 'currency', currency: 'BRL' }).format(Number(v) || 0);
+}
+
+// ══════════════════════════════════════════════════════════════
+// ABA 5 — WhatsApp: Topup manual (add_whatsapp_credits RPC)
+// ══════════════════════════════════════════════════════════════
+const waTopup = ref({
+    tenantId: null,
+    amount: 100,
+    kind: 'topup_manual',
+    note: ''
+});
+
+const waTopupKinds = [
+    { label: 'Topup manual (cortesia)', value: 'topup_manual' },
+    { label: 'Ajuste', value: 'adjustment' },
+    { label: 'Estorno / Refund', value: 'refund' }
+];
+
+const waTenantBalance = ref(null);
+const waRecentTopups = ref([]);
+const waTopupSaving = ref(false);
+
+async function loadWaBalance(tenantId) {
+    if (!tenantId) { waTenantBalance.value = null; waRecentTopups.value = []; return; }
+    const [{ data: bal }, { data: txs }] = await Promise.all([
+        supabase
+            .from('whatsapp_credits_balance')
+            .select('balance, lifetime_purchased, lifetime_used, low_balance_threshold')
+            .eq('tenant_id', tenantId)
+            .maybeSingle(),
+        supabase
+            .from('whatsapp_credits_transactions')
+            .select('id, kind, amount, balance_after, note, created_at, admin_id')
+            .eq('tenant_id', tenantId)
+            .in('kind', ['topup_manual', 'adjustment', 'refund'])
+            .order('created_at', { ascending: false })
+            .limit(20)
+    ]);
+    waTenantBalance.value = bal || { balance: 0, lifetime_purchased: 0, lifetime_used: 0, low_balance_threshold: 20 };
+    waRecentTopups.value = txs || [];
+}
+
+async function onWaTenantChange() {
+    await loadWaBalance(waTopup.value.tenantId);
+}
+
+async function submitWaTopup() {
+    const t = waTopup.value;
+    if (!t.tenantId) { toast.add({ severity: 'warn', summary: 'Selecione o tenant', life: 2500 }); return; }
+    const amt = Math.round(Number(t.amount) || 0);
+    if (amt < 1) { toast.add({ severity: 'warn', summary: 'Créditos deve ser >= 1', life: 2500 }); return; }
+    const note = String(t.note || '').trim().slice(0, 500) || null;
+
+    waTopupSaving.value = true;
+    try {
+        const { data: authData } = await supabase.auth.getUser();
+        const adminId = authData?.user?.id || null;
+        const { error } = await supabase.rpc('add_whatsapp_credits', {
+            p_tenant_id: t.tenantId,
+            p_amount: amt,
+            p_kind: t.kind,
+            p_purchase_id: null,
+            p_admin_id: adminId,
+            p_note: note
+        });
+        if (error) throw error;
+        toast.add({ severity: 'success', summary: `+${amt} créditos`, detail: tenantName(t.tenantId), life: 3000 });
+        waTopup.value.note = '';
+        waTopup.value.amount = 100;
+        await loadWaBalance(t.tenantId);
+    } catch (e) {
+        toast.add({ severity: 'error', summary: 'Erro', detail: e?.message, life: 4000 });
+    } finally {
+        waTopupSaving.value = false;
+    }
+}
+
+const waKindBadge = {
+    topup_manual: { label: 'Topup', cls: 'bg-sky-500/10 text-sky-600' },
+    adjustment:   { label: 'Ajuste', cls: 'bg-slate-500/10 text-slate-600' },
+    refund:       { label: 'Refund', cls: 'bg-orange-500/10 text-orange-600' }
+};
+
 function txTypeLabel(type) {
     const map = { purchase: 'Compra', consume: 'Consumo', adjustment: 'Ajuste', refund: 'Reembolso', expiration: 'Expiração' };
     return map[type] || type;
@@ -298,11 +504,12 @@ onMounted(() => {
     loadProducts();
     loadCredits();
     loadTransactions();
+    loadWaPackages();
 });
 </script>
 
 <template>
-    <div class="flex flex-col gap-4">
+    <div class="flex flex-col gap-4 p-4">
         <ConfirmDialog group="headless">
             <template #container="{ message, acceptCallback, rejectCallback }">
                 <div class="flex flex-col items-center p-8 bg-surface-0 dark:bg-surface-900 rounded-xl shadow-xl">
@@ -319,43 +526,46 @@ onMounted(() => {
             </template>
         </ConfirmDialog>
 
-        <div class="flex items-center justify-between">
-            <h2 class="text-2xl font-bold m-0">Recursos Extras (Add-ons)</h2>
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-box" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Recursos Extras (Add-ons)</div>
+                <div class="cfg-subheader__sub">Produtos, créditos WhatsApp/SMS e transações consumidas por tenants.</div>
+            </div>
         </div>
 
         <!-- Próximos passos -->
         <div class="grid grid-cols-1 md:grid-cols-2 gap-3">
-            <Card class="border-l-4" style="border-left-color: var(--p-yellow-500)">
-                <template #content>
-                    <div class="flex items-start gap-3">
-                        <i class="pi pi-bell text-2xl" style="color: var(--p-yellow-500)" />
-                        <div>
-                            <h4 class="font-semibold m-0 mb-1">Alerta de saldo baixo</h4>
-                            <p class="text-sm text-surface-500 m-0">
-                                Próximo passo: Notificar tenants automaticamente quando o saldo de créditos estiver abaixo do limite configurado. O campo <code>low_balance_threshold</code> já existe no banco — falta a Edge Function de verificação
-                                periódica.
-                            </p>
-                            <Tag value="Planejado" severity="warn" class="mt-2" />
-                        </div>
+            <div class="rounded-[6px] border border-[var(--surface-border)] bg-[var(--surface-card)] p-4 border-l-4" style="border-left-color: var(--p-yellow-500)">
+                <div class="flex items-start gap-3">
+                    <div class="w-10 h-10 rounded-[6px] flex items-center justify-center shrink-0 bg-yellow-100 text-yellow-700">
+                        <i class="pi pi-bell text-lg" />
                     </div>
-                </template>
-            </Card>
+                    <div class="flex-1 min-w-0">
+                        <div class="font-semibold text-[var(--text-color)] mb-1">Alerta de saldo baixo</div>
+                        <p class="text-sm text-[var(--text-color-secondary)] m-0">
+                            Próximo passo: notificar tenants automaticamente quando o saldo de créditos estiver abaixo do limite configurado. O campo <code class="font-mono text-xs">low_balance_threshold</code> já existe no banco — falta a Edge Function de verificação periódica.
+                        </p>
+                        <Tag value="Planejado" severity="warn" class="mt-2 text-[0.65rem]" />
+                    </div>
+                </div>
+            </div>
 
-            <Card class="border-l-4" style="border-left-color: var(--p-blue-500)">
-                <template #content>
-                    <div class="flex items-start gap-3">
-                        <i class="pi pi-credit-card text-2xl" style="color: var(--p-blue-500)" />
-                        <div>
-                            <h4 class="font-semibold m-0 mb-1">Compra online (Gateway)</h4>
-                            <p class="text-sm text-surface-500 m-0">
-                                Próximo passo: Integrar gateway de pagamento (PIX, cartão) para que tenants comprem créditos diretamente pela plataforma. Os campos <code>payment_method</code> e <code>payment_reference</code> já estão prontos no
-                                banco.
-                            </p>
-                            <Tag value="Planejado" severity="info" class="mt-2" />
-                        </div>
+            <div class="rounded-[6px] border border-[var(--surface-border)] bg-[var(--surface-card)] p-4 border-l-4" style="border-left-color: var(--p-blue-500)">
+                <div class="flex items-start gap-3">
+                    <div class="w-10 h-10 rounded-[6px] flex items-center justify-center shrink-0 bg-blue-100 text-blue-700">
+                        <i class="pi pi-credit-card text-lg" />
                     </div>
-                </template>
-            </Card>
+                    <div class="flex-1 min-w-0">
+                        <div class="font-semibold text-[var(--text-color)] mb-1">Compra online (Gateway)</div>
+                        <p class="text-sm text-[var(--text-color-secondary)] m-0">
+                            Próximo passo: integrar gateway de pagamento (PIX, cartão) para que tenants comprem créditos diretamente pela plataforma. Os campos <code class="font-mono text-xs">payment_method</code> e <code class="font-mono text-xs">payment_reference</code> já estão prontos no banco.
+                        </p>
+                        <Tag value="Planejado" severity="info" class="mt-2 text-[0.65rem]" />
+                    </div>
+                </div>
+            </div>
         </div>
 
         <Tabs v-model:value="activeTab">
@@ -363,6 +573,8 @@ onMounted(() => {
                 <Tab :value="0">Produtos</Tab>
                 <Tab :value="1">Recursos Extras por Tenant</Tab>
                 <Tab :value="2">Transações</Tab>
+                <Tab :value="3"><i class="pi pi-whatsapp mr-1 text-emerald-500" />Pacotes WhatsApp</Tab>
+                <Tab :value="4"><i class="pi pi-whatsapp mr-1 text-emerald-500" />Topup WhatsApp</Tab>
             </TabList>
 
             <TabPanels>
@@ -580,6 +792,139 @@ onMounted(() => {
                         </Column>
                     </DataTable>
                 </TabPanel>
+
+                <!-- ── ABA 4: Pacotes WhatsApp (loja Twilio/Asaas) ────── -->
+                <TabPanel :value="3">
+                    <div class="flex items-start justify-between gap-3 mb-3 flex-wrap">
+                        <div class="text-xs text-[var(--text-color-secondary)] max-w-[660px]">
+                            Pacotes que os tenants veem em <code>/configuracoes/creditos-whatsapp</code>. Consumidos só no canal
+                            <strong>AgenciaPSI Oficial (Twilio)</strong> — WhatsApp Pessoal (Evolution) é gratuito.
+                            <strong>Destaque</strong> aparece com estrela; <strong>posição</strong> ordena (menor primeiro).
+                        </div>
+                        <div class="flex gap-2">
+                            <Button icon="pi pi-refresh" severity="secondary" outlined size="small" :loading="waPackagesLoading" @click="loadWaPackages" />
+                            <Button label="Novo pacote" icon="pi pi-plus" size="small" @click="openNewWaPkg" />
+                        </div>
+                    </div>
+
+                    <DataTable :value="waPackages" :loading="waPackagesLoading" size="small" stripedRows
+                               emptyMessage="Nenhum pacote cadastrado.">
+                        <Column field="position" header="#" style="width: 60px" />
+                        <Column header="Nome">
+                            <template #body="{ data }">
+                                <div class="flex items-center gap-1.5">
+                                    <span class="font-semibold">{{ data.name }}</span>
+                                    <i v-if="data.is_featured" class="pi pi-star-fill text-amber-500 text-xs" v-tooltip.top="'Destaque'" />
+                                </div>
+                                <div v-if="data.description" class="text-xs text-[var(--text-color-secondary)] truncate max-w-[360px]">
+                                    {{ data.description }}
+                                </div>
+                            </template>
+                        </Column>
+                        <Column field="credits" header="Créditos" style="width: 100px" />
+                        <Column header="Preço" style="width: 130px">
+                            <template #body="{ data }">
+                                <span class="font-mono">{{ formatBrl(data.price_brl) }}</span>
+                                <div class="text-[0.68rem] text-[var(--text-color-secondary)]">{{ formatBrl(data.price_brl / data.credits) }} / msg</div>
+                            </template>
+                        </Column>
+                        <Column header="Ativo" style="width: 80px">
+                            <template #body="{ data }">
+                                <ToggleSwitch :modelValue="data.is_active" @update:modelValue="() => toggleWaPkgActive(data)" />
+                            </template>
+                        </Column>
+                        <Column header="Ações" style="width: 100px">
+                            <template #body="{ data }">
+                                <div class="flex gap-1">
+                                    <Button icon="pi pi-pencil" text rounded size="small" @click="openEditWaPkg(data)" />
+                                    <Button icon="pi pi-trash" text rounded size="small" severity="danger" @click="deleteWaPkg(data)" />
+                                </div>
+                            </template>
+                        </Column>
+                    </DataTable>
+                </TabPanel>
+
+                <!-- ── ABA 5: Topup manual WhatsApp ───────────────────── -->
+                <TabPanel :value="4">
+                    <div class="grid grid-cols-1 md:grid-cols-[1fr_1fr] gap-4">
+                        <!-- Form -->
+                        <div class="flex flex-col gap-3 rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-4">
+                            <div class="flex items-center gap-2">
+                                <i class="pi pi-plus-circle text-sky-500" />
+                                <h3 class="text-sm font-bold uppercase tracking-wide m-0">Adicionar créditos WhatsApp a um tenant</h3>
+                            </div>
+                            <p class="text-xs text-[var(--text-color-secondary)] m-0">
+                                Ações: cortesia onboarding, reembolso fora do Asaas, correção de falha técnica. Fica no extrato do tenant
+                                com <code>admin_id = você</code> pra auditoria.
+                            </p>
+
+                            <div class="flex flex-col gap-1">
+                                <label class="text-xs font-semibold uppercase tracking-wide text-[var(--text-color-secondary)]">Tenant</label>
+                                <Select v-model="waTopup.tenantId" :options="tenants" optionLabel="label" optionValue="value"
+                                        filter placeholder="Selecionar tenant" class="w-full"
+                                        :loading="loadingTenants"
+                                        @update:modelValue="onWaTenantChange" />
+                            </div>
+
+                            <div v-if="waTenantBalance" class="grid grid-cols-3 gap-2 rounded-md bg-[var(--surface-ground)] p-2 text-xs">
+                                <div><span class="text-[var(--text-color-secondary)]">Saldo:</span> <strong>{{ waTenantBalance.balance }}</strong></div>
+                                <div><span class="text-[var(--text-color-secondary)]">Comprados:</span> <strong>{{ waTenantBalance.lifetime_purchased }}</strong></div>
+                                <div><span class="text-[var(--text-color-secondary)]">Usados:</span> <strong>{{ waTenantBalance.lifetime_used }}</strong></div>
+                            </div>
+
+                            <div class="flex gap-2">
+                                <div class="flex flex-col gap-1 flex-1">
+                                    <label class="text-xs font-semibold uppercase tracking-wide text-[var(--text-color-secondary)]">Quantidade</label>
+                                    <InputNumber v-model="waTopup.amount" :min="1" :max="100000" class="w-full" fluid />
+                                </div>
+                                <div class="flex flex-col gap-1 flex-1">
+                                    <label class="text-xs font-semibold uppercase tracking-wide text-[var(--text-color-secondary)]">Tipo</label>
+                                    <Select v-model="waTopup.kind" :options="waTopupKinds" optionLabel="label" optionValue="value" class="w-full" />
+                                </div>
+                            </div>
+
+                            <div class="flex flex-col gap-1">
+                                <label class="text-xs font-semibold uppercase tracking-wide text-[var(--text-color-secondary)]">Nota / motivo</label>
+                                <Textarea v-model="waTopup.note" rows="2" autoResize
+                                          placeholder="Ex: Cortesia onboarding, ressarcimento #T123…"
+                                          maxlength="500" />
+                                <small class="text-[var(--text-color-secondary)]">Visível pro tenant no extrato. Max 500 chars.</small>
+                            </div>
+
+                            <Button label="Adicionar créditos" icon="pi pi-check"
+                                    class="rounded-full self-start"
+                                    :loading="waTopupSaving"
+                                    :disabled="!waTopup.tenantId || !waTopup.amount"
+                                    @click="submitWaTopup" />
+                        </div>
+
+                        <!-- Histórico -->
+                        <div class="flex flex-col gap-2 rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-4">
+                            <div class="flex items-center gap-2">
+                                <i class="pi pi-history text-[var(--primary-color)]" />
+                                <h3 class="text-sm font-bold uppercase tracking-wide m-0">Topups / ajustes recentes</h3>
+                            </div>
+                            <div v-if="!waTopup.tenantId" class="text-xs text-[var(--text-color-secondary)] italic py-4 text-center">
+                                Selecione um tenant pra ver o histórico.
+                            </div>
+                            <div v-else-if="!waRecentTopups.length" class="text-xs text-[var(--text-color-secondary)] italic py-4 text-center">
+                                Nenhum topup/ajuste ainda pra esse tenant.
+                            </div>
+                            <div v-else class="flex flex-col gap-1 max-h-[340px] overflow-y-auto text-xs">
+                                <div v-for="tx in waRecentTopups" :key="tx.id"
+                                     class="grid grid-cols-[auto_1fr_auto_auto] items-center gap-2 p-2 rounded hover:bg-[var(--surface-hover)]">
+                                    <span class="inline-flex items-center px-1.5 py-px rounded text-[0.62rem] font-bold uppercase"
+                                          :class="waKindBadge[tx.kind]?.cls">{{ waKindBadge[tx.kind]?.label || tx.kind }}</span>
+                                    <span class="truncate">{{ tx.note || '—' }}</span>
+                                    <span class="font-bold font-mono" :class="tx.amount > 0 ? 'text-green-600' : 'text-orange-600'">
+                                        {{ tx.amount > 0 ? '+' : '' }}{{ tx.amount }}
+                                    </span>
+                                    <span class="text-[var(--text-color-secondary)]">{{ formatDate(tx.created_at) }}</span>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </TabPanel>
             </TabPanels>
         </Tabs>
 
@@ -741,5 +1086,72 @@ onMounted(() => {
                 </div>
             </template>
         </Dialog>
+
+        <!-- Dialog: Novo/Editar pacote WhatsApp -->
+        <Dialog
+            v-model:visible="waPkgDialog"
+            modal
+            :draggable="false"
+            :closable="true"
+            :dismissableMask="true"
+            class="dc-dialog w-[32rem]"
+            :breakpoints="{ '1199px': '90vw', '768px': '94vw' }"
+            :pt="{
+                header: { class: '!p-3 !rounded-t-[12px] border-b border-[var(--surface-border)] shadow-[0_1px_0_0_rgba(255,255,255,0.06)] bg-gray-100' },
+                content: { class: '!p-3' },
+                footer: { class: '!p-0 !rounded-b-[12px] border-t border-[var(--surface-border)] shadow-[0_1px_0_0_rgba(255,255,255,0.06)] bg-gray-100' }
+            }"
+            pt:mask:class="backdrop-blur-xs"
+        >
+            <template #header>
+                <div class="flex w-full items-center gap-3 px-1">
+                    <i class="pi pi-whatsapp text-emerald-500 text-xl" />
+                    <div class="min-w-0">
+                        <div class="text-base font-semibold truncate">{{ waEditingPkgId ? 'Editar pacote' : 'Novo pacote WhatsApp' }}</div>
+                        <div class="text-xs opacity-50">Créditos consumidos no canal AgenciaPSI Oficial (Twilio)</div>
+                    </div>
+                </div>
+            </template>
+            <div class="flex flex-col gap-3">
+                <div class="flex flex-col gap-1">
+                    <label class="font-medium text-sm">Nome *</label>
+                    <InputText v-model="waPkgForm.name" maxlength="100" placeholder="Ex: Pacote Mensal 500" class="w-full" />
+                </div>
+                <div class="flex flex-col gap-1">
+                    <label class="font-medium text-sm">Descrição</label>
+                    <InputText v-model="waPkgForm.description" maxlength="500" placeholder="Ex: Ideal pra clínicas pequenas" class="w-full" />
+                </div>
+                <div class="grid grid-cols-2 gap-3">
+                    <div class="flex flex-col gap-1">
+                        <label class="font-medium text-sm">Créditos *</label>
+                        <InputNumber v-model="waPkgForm.credits" :min="1" :max="100000" fluid />
+                    </div>
+                    <div class="flex flex-col gap-1">
+                        <label class="font-medium text-sm">Preço *</label>
+                        <InputNumber v-model="waPkgForm.price_brl" mode="currency" currency="BRL" locale="pt-BR" :min="0.01" :maxFractionDigits="2" fluid />
+                    </div>
+                </div>
+                <div class="grid grid-cols-3 gap-3 items-end">
+                    <div class="flex items-center gap-2">
+                        <ToggleSwitch v-model="waPkgForm.is_active" />
+                        <label class="text-sm">Ativo</label>
+                    </div>
+                    <div class="flex items-center gap-2">
+                        <ToggleSwitch v-model="waPkgForm.is_featured" />
+                        <label class="text-sm">Destaque</label>
+                    </div>
+                    <div class="flex flex-col gap-1">
+                        <label class="text-xs font-medium">Posição</label>
+                        <InputNumber v-model="waPkgForm.position" :min="0" :max="9999" fluid />
+                    </div>
+                </div>
+            </div>
+            <template #footer>
+                <div class="flex items-center justify-end gap-2 px-3 py-3">
+                    <Button label="Cancelar" severity="secondary" text class="rounded-full hover:!text-red-500" @click="waPkgDialog = false" />
+                    <Button :label="waEditingPkgId ? 'Salvar' : 'Criar'" icon="pi pi-check" class="rounded-full" @click="saveWaPkg" />
+                </div>
+            </template>
+        </Dialog>
     </div>
-</template>
+</template>
\ No newline at end of file
diff --git a/src/views/pages/saas/SaasDashboard.vue b/src/views/pages/saas/SaasDashboard.vue
index af19cbe..90eceb9 100644
--- a/src/views/pages/saas/SaasDashboard.vue
+++ b/src/views/pages/saas/SaasDashboard.vue
@@ -425,7 +425,7 @@ onBeforeUnmount(() => {
     <div ref="sentinelRef" class="h-px" />
 
     <!-- Hero sticky -->
-    <div ref="heroRef" class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
+    <div ref="heroRef" class="sticky mx-3 md:mx-4 mt-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
         <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
             <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-indigo-400/10" />
             <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-emerald-400/10" />
diff --git a/src/views/pages/saas/SaasDocsPage.vue b/src/views/pages/saas/SaasDocsPage.vue
index d4c13c3..19bd815 100644
--- a/src/views/pages/saas/SaasDocsPage.vue
+++ b/src/views/pages/saas/SaasDocsPage.vue
@@ -494,43 +494,29 @@ function mediasCount(doc) {
     <!-- Input oculto para importação de JSON -->
     <input ref="jsonFileInputRef" type="file" accept=".json,application/json" style="display: none" @change="onJsonFileChange" />
 
-    <!-- Sentinel -->
-    <div class="h-px" />
-
-    <!-- Hero sticky -->
-    <div class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-blue-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-indigo-400/10" />
-        </div>
-        <div class="relative z-10 flex flex-wrap items-center justify-between gap-3">
-            <div class="flex items-center gap-3">
-                <div class="w-12 h-12 rounded-md border border-[var(--surface-border)] bg-[var(--surface-ground)] flex items-center justify-center shrink-0">
-                    <i class="pi pi-question-circle text-xl text-blue-500" />
-                </div>
-                <div>
-                    <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Documentação do Sistema</div>
-                    <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Artigos de ajuda exibidos dinamicamente nas páginas.</div>
-                </div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-book" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Documentação do Sistema</div>
+                <div class="cfg-subheader__sub">Artigos de ajuda exibidos dinamicamente nas páginas.</div>
             </div>
             <!-- Desktop actions -->
-            <div class="hidden xl:flex items-center gap-2">
-                <Button icon="pi pi-refresh" severity="secondary" outlined rounded :loading="loading" @click="load" />
-                <Button icon="pi pi-upload" label="Importar JSON" severity="secondary" outlined class="rounded-full" v-tooltip.bottom="'Carrega um arquivo .json gerado pelo assistente'" @click="triggerJsonImport" />
-                <Button icon="pi pi-comment" label="Prompt" severity="secondary" outlined class="rounded-full" v-tooltip.bottom="'Ver instruções para gerar documentação com IA'" @click="promptDlgOpen = true" />
-                <Button icon="pi pi-plus" label="Novo documento" class="rounded-full" @click="abrirDialog()" />
+            <div class="hidden xl:flex items-center gap-2 shrink-0">
+                <Button icon="pi pi-refresh" severity="secondary" outlined rounded size="small" :loading="loading" @click="load" />
+                <Button icon="pi pi-upload" label="Importar JSON" severity="secondary" outlined size="small" v-tooltip.bottom="'Carrega um arquivo .json gerado pelo assistente'" @click="triggerJsonImport" />
+                <Button icon="pi pi-comment" label="Prompt" severity="secondary" outlined size="small" v-tooltip.bottom="'Ver instruções para gerar documentação com IA'" @click="promptDlgOpen = true" />
+                <Button icon="pi pi-plus" label="Novo documento" size="small" @click="abrirDialog()" />
             </div>
             <!-- Mobile actions -->
-            <div class="flex xl:hidden items-center gap-2">
-                <Button icon="pi pi-refresh" severity="secondary" outlined rounded :loading="loading" @click="load" />
-                <Button icon="pi pi-upload" severity="secondary" outlined rounded v-tooltip.bottom="'Importar JSON'" @click="triggerJsonImport" />
-                <Button icon="pi pi-comment" severity="secondary" outlined rounded v-tooltip.bottom="'Prompt IA'" @click="promptDlgOpen = true" />
-                <Button icon="pi pi-plus" rounded @click="abrirDialog()" />
+            <div class="flex xl:hidden items-center gap-2 shrink-0">
+                <Button icon="pi pi-refresh" severity="secondary" outlined rounded size="small" :loading="loading" @click="load" />
+                <Button icon="pi pi-upload" severity="secondary" outlined rounded size="small" v-tooltip.bottom="'Importar JSON'" @click="triggerJsonImport" />
+                <Button icon="pi pi-comment" severity="secondary" outlined rounded size="small" v-tooltip.bottom="'Prompt IA'" @click="promptDlgOpen = true" />
+                <Button icon="pi pi-plus" rounded size="small" @click="abrirDialog()" />
             </div>
         </div>
-    </div>
-
-    <div class="px-3 md:px-4 pb-8 flex flex-col gap-4">
         <!-- ── Cards de saúde ──────────────────────────────────── -->
         <div class="flex flex-wrap gap-2.5">
             <!-- Total -->
diff --git a/src/views/pages/saas/SaasDocumentTemplatesPage.vue b/src/views/pages/saas/SaasDocumentTemplatesPage.vue
index 2fa2613..50d9682 100644
--- a/src/views/pages/saas/SaasDocumentTemplatesPage.vue
+++ b/src/views/pages/saas/SaasDocumentTemplatesPage.vue
@@ -304,19 +304,17 @@ function insertVariable(key) {
 </script>
 
 <template>
-    <div class="px-4 py-6 max-w-[1200px] mx-auto">
-
+    <div class="flex flex-col gap-4 p-4">
         <!-- Header -->
-        <div class="flex flex-col sm:flex-row sm:items-center sm:justify-between gap-3 mb-6">
-            <div>
-                <h1 class="text-xl font-bold">Templates de Documentos</h1>
-                <p class="text-sm text-[var(--text-color-secondary)]">
-                    Templates globais disponíveis para todos os tenants (is_global = true)
-                </p>
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-file-edit" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Templates de Documentos</div>
+                <div class="cfg-subheader__sub">Templates globais disponíveis para todos os tenants (is_global = true).</div>
             </div>
-            <div class="flex items-center gap-2">
+            <div class="flex items-center gap-2 shrink-0">
                 <Button label="Novo template" icon="pi pi-plus" size="small" @click="openCreate" />
-                <Button icon="pi pi-refresh" text rounded size="small" @click="fetchAll" :loading="loading" />
+                <Button icon="pi pi-refresh" severity="secondary" text :loading="loading" v-tooltip.bottom="'Recarregar'" @click="fetchAll" />
             </div>
         </div>
 
diff --git a/src/views/pages/saas/SaasEmailTemplatesPage.vue b/src/views/pages/saas/SaasEmailTemplatesPage.vue
index b6ce452..fe740c2 100644
--- a/src/views/pages/saas/SaasEmailTemplatesPage.vue
+++ b/src/views/pages/saas/SaasEmailTemplatesPage.vue
@@ -256,16 +256,17 @@ onMounted(() => {
 </script>
 
 <template>
-    <div class="p-4 md:p-6 max-w-[1100px] mx-auto">
+    <div class="flex flex-col gap-4 p-4">
         <!-- Header -->
-        <div class="flex items-center justify-between mb-6 gap-4 flex-wrap">
-            <div>
-                <h1 class="text-xl font-bold m-0">Templates de E-mail Globais</h1>
-                <p class="text-sm text-[var(--text-color-secondary)] mt-1 mb-0">Templates base do sistema. Tenants podem criar overrides sem alterar estes.</p>
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-envelope" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Templates de E-mail Globais</div>
+                <div class="cfg-subheader__sub">Templates base do sistema. Tenants podem criar overrides sem alterar estes.</div>
             </div>
-            <div class="flex gap-2">
-                <Button icon="pi pi-refresh" severity="secondary" text :loading="loading" @click="load" />
-                <Button label="Novo template" icon="pi pi-plus" @click="openNew" />
+            <div class="flex gap-2 shrink-0">
+                <Button icon="pi pi-refresh" severity="secondary" text :loading="loading" v-tooltip.bottom="'Recarregar'" @click="load" />
+                <Button label="Novo template" icon="pi pi-plus" size="small" @click="openNew" />
             </div>
         </div>
 
diff --git a/src/views/pages/saas/SaasFaqPage.vue b/src/views/pages/saas/SaasFaqPage.vue
index 04de613..447097d 100644
--- a/src/views/pages/saas/SaasFaqPage.vue
+++ b/src/views/pages/saas/SaasFaqPage.vue
@@ -125,42 +125,27 @@ function selecionarCat(cat) {
 </script>
 
 <template>
-    <!-- Sentinel -->
-    <div class="h-px" />
-
-    <!-- Hero sticky -->
-    <div class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-indigo-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-emerald-400/10" />
-        </div>
-        <div class="relative z-10 flex flex-col gap-3">
-            <div class="flex items-center gap-3">
-                <div class="w-12 h-12 rounded-md border border-[var(--surface-border)] bg-[var(--surface-ground)] flex items-center justify-center shrink-0">
-                    <i class="pi pi-comments text-xl text-[var(--text-color)]" />
-                </div>
-                <div>
-                    <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Central de Ajuda</div>
-                    <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Encontre respostas para as dúvidas mais comuns</div>
-                </div>
-            </div>
-
-            <!-- Busca -->
-            <div>
-                <IconField class="w-full">
-                    <InputIcon class="pi pi-search" />
-                    <InputText v-model="busca" placeholder="Buscar pergunta…" class="w-full" />
-                    <InputIcon v-if="busca" class="pi pi-times cursor-pointer" @click="busca = ''" />
-                </IconField>
-                <div v-if="totalResultados !== null" class="text-[1rem] text-[var(--text-color-secondary)] opacity-70 mt-1 ml-1">
-                    {{ totalResultados }} resultado{{ totalResultados !== 1 ? 's' : '' }} encontrado{{ totalResultados !== 1 ? 's' : '' }}
-                </div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-comments" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Central de Ajuda</div>
+                <div class="cfg-subheader__sub">Encontre respostas para as dúvidas mais comuns.</div>
             </div>
         </div>
-    </div>
 
-    <!-- content -->
-    <div class="px-3 md:px-4 pb-8 flex flex-col gap-4">
+        <!-- Busca -->
+        <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-4">
+            <IconField class="w-full">
+                <InputIcon class="pi pi-search" />
+                <InputText v-model="busca" placeholder="Buscar pergunta…" class="w-full" />
+                <InputIcon v-if="busca" class="pi pi-times cursor-pointer" @click="busca = ''" />
+            </IconField>
+            <div v-if="totalResultados !== null" class="text-[0.85rem] text-[var(--text-color-secondary)] opacity-70 mt-1.5 ml-1">
+                {{ totalResultados }} resultado{{ totalResultados !== 1 ? 's' : '' }} encontrado{{ totalResultados !== 1 ? 's' : '' }}
+            </div>
+        </div>
         <!-- Loading -->
         <div v-if="loading" class="flex justify-center py-16">
             <i class="pi pi-spinner pi-spin text-2xl opacity-30" />
diff --git a/src/views/pages/saas/SaasFeaturesPage.vue b/src/views/pages/saas/SaasFeaturesPage.vue
index 96420c3..d387ea4 100644
--- a/src/views/pages/saas/SaasFeaturesPage.vue
+++ b/src/views/pages/saas/SaasFeaturesPage.vue
@@ -272,38 +272,23 @@ onBeforeUnmount(() => {
 <template>
     <ConfirmDialog />
 
-    <!-- Sentinel -->
-    <div ref="heroSentinelRef" class="p-2" />
-
-    <!-- Hero sticky -->
-    <div ref="heroEl" class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-fuchsia-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-indigo-400/10" />
-        </div>
-
-        <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
-            <div class="min-w-0">
-                <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Recursos do Sistema</div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Cadastre os recursos (features) que os planos podem habilitar.</div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-sparkles" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Recursos do Sistema</div>
+                <div class="cfg-subheader__sub">Cadastre os recursos (features) que os planos podem habilitar.</div>
             </div>
-
-            <!-- Ações desktop (≥ 1200px) -->
-            <div class="hidden xl:flex items-center gap-2 flex-wrap">
+            <div class="hidden xl:flex items-center gap-2 shrink-0">
                 <Button label="Atualizar" icon="pi pi-refresh" severity="secondary" outlined size="small" :loading="loading" :disabled="saving" @click="fetchAll" />
                 <Button label="Adicionar recurso" icon="pi pi-plus" size="small" :disabled="saving" @click="openCreate" />
             </div>
-
-            <!-- Ações mobile (< 1200px) -->
-            <div class="flex xl:hidden">
+            <div class="flex xl:hidden shrink-0">
                 <Button label="Ações" icon="pi pi-ellipsis-v" severity="warn" size="small" aria-haspopup="true" aria-controls="features_hero_menu" @click="(e) => heroMenuRef.toggle(e)" />
                 <Menu ref="heroMenuRef" id="features_hero_menu" :model="heroMenuItems" :popup="true" />
             </div>
         </div>
-    </div>
-
-    <!-- content -->
-    <div class="px-3 md:px-4 pb-8 flex flex-col gap-4">
         <!-- Search -->
         <div class="flex items-center gap-3 flex-wrap">
             <FloatLabel variant="on" class="w-full md:w-[380px]">
@@ -410,4 +395,4 @@ onBeforeUnmount(() => {
             <Button :label="isEdit ? 'Salvar' : 'Criar'" icon="pi pi-check" :loading="saving" @click="save" />
         </template>
     </Dialog>
-</template>
+</template>
\ No newline at end of file
diff --git a/src/views/pages/saas/SaasFeriadosPage.vue b/src/views/pages/saas/SaasFeriadosPage.vue
index 84d5b5e..44961d6 100644
--- a/src/views/pages/saas/SaasFeriadosPage.vue
+++ b/src/views/pages/saas/SaasFeriadosPage.vue
@@ -410,35 +410,24 @@ async function excluir(id) {
 </script>
 
 <template>
-    <!-- Sentinel -->
-    <div class="h-px" />
-
-    <!-- Hero sticky -->
-    <div class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-amber-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-emerald-400/10" />
-        </div>
-        <div class="relative z-10 flex flex-wrap items-center justify-between gap-3">
-            <div>
-                <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)] flex items-center gap-2">
-                    <i class="pi pi-star text-amber-500" />
-                    Feriados Municipais
-                </div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Feriados cadastrados pelos tenants — alimentam o banco central de feriados do SAAS.</div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-calendar" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Feriados Municipais</div>
+                <div class="cfg-subheader__sub">Feriados cadastrados pelos tenants — alimentam o banco central de feriados do SaaS.</div>
             </div>
-            <div class="flex items-center gap-2">
+            <div class="flex items-center gap-2 shrink-0">
                 <Button icon="pi pi-chevron-left" text rounded severity="secondary" @click="anoAnterior" />
                 <span class="font-bold text-[1rem] w-14 text-center">{{ ano }}</span>
                 <Button icon="pi pi-chevron-right" text rounded severity="secondary" @click="anoProximo" />
                 <Button icon="pi pi-refresh" severity="secondary" outlined rounded :loading="loading" @click="load" />
-                <Button icon="pi pi-plus" label="Cadastrar feriado" @click="abrirDialog" />
+                <Button icon="pi pi-plus" label="Cadastrar" size="small" @click="abrirDialog" />
             </div>
         </div>
-    </div>
 
-    <!-- content -->
-    <div class="px-3 md:px-4 pb-8 flex flex-col gap-6">
+        <div class="flex flex-col gap-6">
         <!-- ══ Feriados Nacionais ══════════════════════════════════ -->
         <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] overflow-hidden">
             <div class="flex items-center gap-2 px-5 py-3 border-b border-[var(--surface-border)] bg-[var(--surface-ground)]">
@@ -589,6 +578,7 @@ async function excluir(id) {
             </template>
         </div>
         <!-- /municipais -->
+        </div>
     </div>
     <!-- /content -->
 
diff --git a/src/views/pages/saas/SaasGlobalNoticesPage.vue b/src/views/pages/saas/SaasGlobalNoticesPage.vue
index 88ccbbd..857c2fb 100644
--- a/src/views/pages/saas/SaasGlobalNoticesPage.vue
+++ b/src/views/pages/saas/SaasGlobalNoticesPage.vue
@@ -230,16 +230,17 @@ onMounted(load);
 </script>
 
 <template>
-    <div class="p-4 md:p-6 max-w-[1200px] mx-auto">
+    <div class="flex flex-col gap-4 p-4">
         <!-- Header -->
-        <div class="flex items-center justify-between mb-6 gap-4 flex-wrap">
-            <div>
-                <h1 class="text-xl font-bold m-0">Avisos Globais</h1>
-                <p class="text-sm text-[var(--text-color-secondary)] mt-1 mb-0">Banners no topo da aplicação segmentados por role e contexto.</p>
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-megaphone" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Avisos Globais</div>
+                <div class="cfg-subheader__sub">Banners no topo da aplicação segmentados por role e contexto.</div>
             </div>
-            <div class="flex gap-2">
-                <Button label="Ajuda" icon="pi pi-question-circle" severity="secondary" text @click="showHelp = true" />
-                <Button label="Novo aviso" icon="pi pi-plus" @click="openCreate" />
+            <div class="flex gap-2 shrink-0">
+                <Button label="Ajuda" icon="pi pi-question-circle" severity="secondary" text size="small" @click="showHelp = true" />
+                <Button label="Novo aviso" icon="pi pi-plus" size="small" @click="openCreate" />
             </div>
         </div>
 
diff --git a/src/views/pages/saas/SaasLoginCarousel.vue b/src/views/pages/saas/SaasLoginCarousel.vue
index 8e0f2b6..88ebd3d 100644
--- a/src/views/pages/saas/SaasLoginCarousel.vue
+++ b/src/views/pages/saas/SaasLoginCarousel.vue
@@ -185,32 +185,19 @@ onMounted(load);
 <template>
     <ConfirmDialog />
 
-    <!-- Sentinel -->
-    <div class="h-px" />
-
-    <!-- Hero sticky -->
-    <div class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-indigo-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-emerald-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -bottom-20 right-24 bg-fuchsia-400/10" />
-        </div>
-        <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
-            <div class="min-w-0">
-                <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)] flex items-center gap-2">
-                    <i class="pi pi-images text-indigo-500" />
-                    Carrossel do Login
-                </div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Gerencie os slides exibidos na tela de login do sistema</div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-images" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Carrossel do Login</div>
+                <div class="cfg-subheader__sub">Gerencie os slides exibidos na tela de login do sistema.</div>
             </div>
             <div class="flex items-center gap-2 shrink-0">
-                <Button icon="pi pi-refresh" severity="secondary" outlined title="Recarregar" :loading="loading" @click="load" />
-                <Button icon="pi pi-plus" label="Novo slide" @click="openNew" />
+                <Button icon="pi pi-refresh" severity="secondary" outlined size="small" v-tooltip.bottom="'Recarregar'" :loading="loading" @click="load" />
+                <Button icon="pi pi-plus" label="Novo slide" size="small" @click="openNew" />
             </div>
         </div>
-    </div>
-
-    <div class="px-3 md:px-4 pb-8 flex flex-col gap-4">
         <div class="grid grid-cols-1 xl:grid-cols-[1fr_340px] gap-6 items-start">
             <!-- ── Tabela de slides ──────────────────────────────────────────────── -->
             <div class="bg-[var(--surface-card,#fff)] rounded-md border border-[var(--surface-border)] overflow-hidden">
@@ -265,7 +252,7 @@ onMounted(load);
 
                         <!-- Toggle ativo -->
                         <div class="flex justify-center w-[60px]">
-                            <InputSwitch :modelValue="slide.ativo" @update:modelValue="() => toggleAtivo(slide)" />
+                            <ToggleSwitch :modelValue="slide.ativo" @update:modelValue="() => toggleAtivo(slide)" />
                         </div>
 
                         <!-- Ações -->
@@ -463,7 +450,7 @@ create policy "public_read" on public.login_carousel_slides
 
             <!-- Ativo -->
             <div class="flex items-center gap-3">
-                <InputSwitch v-model="form.ativo" inputId="slide-ativo" />
+                <ToggleSwitch v-model="form.ativo" inputId="slide-ativo" />
                 <label for="slide-ativo" class="text-[1rem] text-[var(--text-color)] cursor-pointer select-none"> Slide ativo (visível no carrossel) </label>
             </div>
 
diff --git a/src/views/pages/saas/SaasNotificationTemplatesPage.vue b/src/views/pages/saas/SaasNotificationTemplatesPage.vue
index db69ef6..627fca8 100644
--- a/src/views/pages/saas/SaasNotificationTemplatesPage.vue
+++ b/src/views/pages/saas/SaasNotificationTemplatesPage.vue
@@ -211,16 +211,81 @@ async function save() {
 }
 
 // ── Toggle ativo ────────────────────────────────────────────────
-async function toggleActive(t) {
+const togglingId = ref(null);
+
+async function countAffectedTenants(t) {
+    const [{ data: schedules }, { data: overrides }] = await Promise.all([
+        supabase.from('notification_schedules').select('tenant_id').eq('event_type', t.event_type).eq('channel', t.channel).eq('is_active', true).is('deleted_at', null),
+        supabase.from('notification_templates').select('tenant_id').eq('key', t.key).eq('is_active', true).is('deleted_at', null).not('tenant_id', 'is', null)
+    ]);
+
+    const overrideIds = new Set((overrides || []).map((o) => o.tenant_id).filter(Boolean));
+    const affected = new Set((schedules || []).map((s) => s.tenant_id).filter((id) => id && !overrideIds.has(id)));
+    return affected.size;
+}
+
+async function doToggleActive(t) {
+    togglingId.value = t.id;
     try {
-        const { error } = await supabase.from('notification_templates').update({ is_active: !t.is_active }).eq('id', t.id);
+        const next = !t.is_active;
+        const { error } = await supabase.from('notification_templates').update({ is_active: next }).eq('id', t.id);
         if (error) throw error;
-        t.is_active = !t.is_active;
+        t.is_active = next;
+        toast.add({
+            severity: next ? 'success' : 'warn',
+            summary: next ? 'Template reativado' : 'Template desativado',
+            detail: next ? 'Tenants voltam a usar este template padrão.' : 'Tenants sem personalização ficarão sem este template.',
+            life: 3500
+        });
     } catch (e) {
         toast.add({ severity: 'error', summary: 'Erro', detail: e.message, life: 4000 });
+    } finally {
+        togglingId.value = null;
     }
 }
 
+async function requestToggleActive(t) {
+    if (togglingId.value) return;
+
+    if (!t.is_active) {
+        await doToggleActive(t);
+        return;
+    }
+
+    togglingId.value = t.id;
+    let affectedCount = 0;
+    try {
+        affectedCount = await countAffectedTenants(t);
+    } catch {
+        // silenciosamente ignora — mostramos aviso genérico
+    } finally {
+        togglingId.value = null;
+    }
+
+    const channelLabel = t.channel === 'whatsapp' ? 'WhatsApp' : 'SMS';
+    const eventLabel = EVENT_TYPE_LABELS[t.event_type] || t.event_type;
+
+    const impactLine =
+        affectedCount > 0
+            ? `<strong>${affectedCount} ${affectedCount === 1 ? 'tenant está' : 'tenants estão'}</strong> agendando este evento sem template personalizado — ${affectedCount === 1 ? 'ficará' : 'ficarão'} sem mensagem.`
+            : 'Atualmente nenhum tenant depende deste template, mas futuros eventos não terão mensagem padrão.';
+
+    const msg = [
+        `Você vai desativar o template padrão de <strong>${channelLabel}</strong> para o evento "<strong>${eventLabel}</strong>".`,
+        impactLine,
+        'Tenants com template personalizado <strong>NÃO</strong> são afetados.'
+    ].join('<br><br>');
+
+    confirm.require({
+        group: 'headless',
+        header: `Desativar "${eventLabel}"?`,
+        message: msg,
+        icon: 'pi-exclamation-triangle',
+        color: '#f59e0b',
+        accept: () => doToggleActive(t)
+    });
+}
+
 // ── Soft delete ─────────────────────────────────────────────────
 function deleteTemplate(t) {
     confirm.require({
@@ -259,7 +324,7 @@ onMounted(load);
                     <i :class="`pi ${message.icon || 'pi-question'} !text-4xl`"></i>
                 </div>
                 <span class="font-bold text-2xl block mb-2 mt-6">{{ message.header }}</span>
-                <p class="mb-0 text-center text-[var(--text-color-secondary)]">{{ message.message }}</p>
+                <p class="mb-0 text-center text-[var(--text-color-secondary)]" v-html="message.message"></p>
                 <div class="flex items-center gap-2 mt-6">
                     <Button label="Confirmar" class="rounded-full" :style="{ background: message.color || 'var(--p-primary-color)', borderColor: message.color || 'var(--p-primary-color)' }" @click="acceptCallback" />
                     <Button label="Cancelar" variant="outlined" class="rounded-full" @click="rejectCallback" />
@@ -268,21 +333,22 @@ onMounted(load);
         </template>
     </ConfirmDialog>
 
-    <div class="p-4 md:p-6 max-w-[1200px] mx-auto">
+    <div class="flex flex-col gap-4 p-4">
         <!-- Header -->
-        <div class="flex items-center justify-between mb-6 gap-4 flex-wrap">
-            <div>
-                <h1 class="text-xl font-bold m-0">Templates de Notificação</h1>
-                <p class="text-sm text-[var(--text-color-secondary)] mt-1 mb-0">Templates globais de WhatsApp e SMS. Tenants herdam automaticamente.</p>
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-comment" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Templates de Notificação</div>
+                <div class="cfg-subheader__sub">Templates globais de WhatsApp e SMS. Tenants herdam automaticamente.</div>
             </div>
-            <div class="flex gap-2">
+            <div class="flex gap-2 shrink-0">
                 <Button label="Novo template" icon="pi pi-plus" size="small" @click="openNew" />
-                <Button icon="pi pi-refresh" severity="secondary" text :loading="loading" @click="load" />
+                <Button icon="pi pi-refresh" severity="secondary" text :loading="loading" v-tooltip.bottom="'Recarregar'" @click="load" />
             </div>
         </div>
 
         <!-- Tabs canal -->
-        <div class="flex gap-2 mb-5">
+        <div class="flex gap-2 flex-wrap">
             <Button v-for="ch in CHANNELS" :key="ch.value" :label="ch.label" :icon="ch.icon" size="small" :severity="activeChannel === ch.value ? 'primary' : 'secondary'" :outlined="activeChannel !== ch.value" @click="activeChannel = ch.value" />
         </div>
 
@@ -291,8 +357,9 @@ onMounted(load);
             <ProgressSpinner />
         </div>
 
-        <!-- DataTable -->
-        <DataTable v-else :value="filtered" stripedRows size="small" class="text-sm" :rowClass="(data) => (!data.is_active ? 'opacity-50' : '')">
+        <!-- DataTable encapsulada em card -->
+        <div v-else class="rounded-[6px] border border-[var(--surface-border)] bg-[var(--surface-card)] overflow-hidden">
+        <DataTable :value="filtered" stripedRows size="small" class="text-sm" :rowClass="(data) => (!data.is_active ? 'opacity-50' : '')">
             <Column field="key" header="Key" sortable style="min-width: 200px">
                 <template #body="{ data }">
                     <code class="font-mono text-xs">{{ data.key }}</code>
@@ -325,7 +392,7 @@ onMounted(load);
 
             <Column header="Ativo" style="width: 70px" class="text-center">
                 <template #body="{ data }">
-                    <ToggleSwitch :modelValue="data.is_active" @update:modelValue="() => toggleActive(data)" />
+                    <ToggleSwitch :modelValue="data.is_active" :disabled="togglingId === data.id" @update:modelValue="() => requestToggleActive(data)" />
                 </template>
             </Column>
 
@@ -345,6 +412,7 @@ onMounted(load);
                 </div>
             </template>
         </DataTable>
+        </div>
 
         <!-- ── Dialog Cadastro / Edição ──────────────────────────────── -->
         <Dialog
@@ -440,4 +508,4 @@ onMounted(load);
             </template>
         </Dialog>
     </div>
-</template>
+</template>
\ No newline at end of file
diff --git a/src/views/pages/saas/SaasPlanFeaturesMatrixPage.vue b/src/views/pages/saas/SaasPlanFeaturesMatrixPage.vue
index 29606fb..2217782 100644
--- a/src/views/pages/saas/SaasPlanFeaturesMatrixPage.vue
+++ b/src/views/pages/saas/SaasPlanFeaturesMatrixPage.vue
@@ -416,24 +416,15 @@ onBeforeUnmount(() => {
 <template>
     <ConfirmDialog />
 
-    <!-- Sentinel -->
-    <div ref="heroSentinelRef" class="p-2" />
-
-    <!-- Hero sticky -->
-    <div ref="heroEl" class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-emerald-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-indigo-400/10" />
-        </div>
-
-        <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
-            <div class="min-w-0">
-                <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Controle de Recursos</div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Defina quais recursos cada plano habilita. Mudanças ficam pendentes até salvar.</div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-th-large" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Controle de Recursos</div>
+                <div class="cfg-subheader__sub">Defina quais recursos cada plano habilita. Mudanças ficam pendentes até salvar.</div>
             </div>
-
-            <!-- Ações desktop (≥ 1200px) -->
-            <div class="hidden xl:flex items-center gap-2 flex-wrap">
+            <div class="hidden xl:flex items-center gap-2 shrink-0">
                 <SelectButton v-model="targetFilter" :options="targetOptions" optionLabel="label" optionValue="value" size="small" :disabled="loading || saving" />
                 <Button
                     label="Recarregar"
@@ -449,17 +440,11 @@ onBeforeUnmount(() => {
                 <Button label="Descartar" icon="pi pi-undo" severity="secondary" outlined size="small" :disabled="loading || saving || !hasPending" @click="confirmReset" />
                 <Button label="Salvar alterações" icon="pi pi-save" size="small" :loading="saving" :disabled="loading || !hasPending" @click="saveChanges" />
             </div>
-
-            <!-- Ações mobile (< 1200px) -->
-            <div class="flex xl:hidden">
+            <div class="flex xl:hidden shrink-0">
                 <Button label="Ações" icon="pi pi-ellipsis-v" severity="warn" size="small" aria-haspopup="true" aria-controls="matrix_hero_menu" @click="(e) => heroMenuRef.toggle(e)" />
                 <Menu ref="heroMenuRef" id="matrix_hero_menu" :model="heroMenuItems" :popup="true" />
             </div>
         </div>
-    </div>
-
-    <!-- content -->
-    <div class="px-3 md:px-4 pb-8 flex flex-col gap-4">
         <!-- Search -->
         <div>
             <FloatLabel variant="on" class="w-full md:w-[340px]">
@@ -536,4 +521,4 @@ onBeforeUnmount(() => {
             </Column>
         </DataTable>
     </div>
-</template>
+</template>
\ No newline at end of file
diff --git a/src/views/pages/saas/SaasPlanLimitsPage.vue b/src/views/pages/saas/SaasPlanLimitsPage.vue
index 496edda..fb585d5 100644
--- a/src/views/pages/saas/SaasPlanLimitsPage.vue
+++ b/src/views/pages/saas/SaasPlanLimitsPage.vue
@@ -349,38 +349,23 @@ onBeforeUnmount(() => {
 <template>
     <ConfirmDialog />
 
-    <!-- Sentinel -->
-    <div ref="heroSentinelRef" class="p-2" />
-
-    <!-- Hero sticky -->
-    <div ref="heroEl" class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-orange-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-indigo-400/10" />
-        </div>
-
-        <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
-            <div class="min-w-0">
-                <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Limites por Plano</div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Configure os limites reais de cada feature por plano.</div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-sliders-h" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Limites por Plano</div>
+                <div class="cfg-subheader__sub">Configure os limites reais de cada feature por plano.</div>
             </div>
-
-            <!-- Ações desktop (≥ 1200px) -->
-            <div class="hidden xl:flex items-center gap-2 flex-wrap">
+            <div class="hidden xl:flex items-center gap-2 shrink-0">
                 <SelectButton v-model="targetFilter" :options="targetOptions" optionLabel="label" optionValue="value" size="small" :disabled="loading || saving" />
                 <Button label="Recarregar" icon="pi pi-refresh" severity="secondary" outlined size="small" :loading="loading" :disabled="saving" @click="fetchAll" />
             </div>
-
-            <!-- Ações mobile (< 1200px) -->
-            <div class="flex xl:hidden">
+            <div class="flex xl:hidden shrink-0">
                 <Button label="Ações" icon="pi pi-ellipsis-v" severity="warn" size="small" aria-haspopup="true" aria-controls="limits_hero_menu" @click="(e) => heroMenuRef.toggle(e)" />
                 <Menu ref="heroMenuRef" id="limits_hero_menu" :model="heroMenuItems" :popup="true" />
             </div>
         </div>
-    </div>
-
-    <!-- content -->
-    <div class="px-3 md:px-4 pb-8 flex flex-col gap-4">
         <!-- Search -->
         <div>
             <FloatLabel variant="on" class="w-full md:w-80">
@@ -594,4 +579,4 @@ onBeforeUnmount(() => {
             <Button label="Salvar limites" icon="pi pi-check" :loading="saving" @click="saveLimits" />
         </template>
     </Dialog>
-</template>
+</template>
\ No newline at end of file
diff --git a/src/views/pages/saas/SaasPlansPage.vue b/src/views/pages/saas/SaasPlansPage.vue
index 680c2df..e06c3bb 100644
--- a/src/views/pages/saas/SaasPlansPage.vue
+++ b/src/views/pages/saas/SaasPlansPage.vue
@@ -426,39 +426,24 @@ onBeforeUnmount(() => {
 <template>
     <ConfirmDialog />
 
-    <!-- Sentinel -->
-    <div ref="heroSentinelRef" class="p-2" />
-
-    <!-- Hero sticky -->
-    <div ref="heroEl" class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-indigo-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-emerald-400/10" />
-        </div>
-
-        <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
-            <div class="min-w-0">
-                <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Planos e preços</div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Catálogo de planos do SaaS.</div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-tag" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Planos e preços</div>
+                <div class="cfg-subheader__sub">Catálogo de planos do SaaS.</div>
             </div>
-
-            <!-- Ações desktop (≥ 1200px) -->
-            <div class="hidden xl:flex items-center gap-2 flex-wrap">
+            <div class="hidden xl:flex items-center gap-2 shrink-0">
                 <SelectButton v-model="targetFilter" :options="targetFilterOptions" optionLabel="label" optionValue="value" size="small" />
                 <Button label="Atualizar" icon="pi pi-refresh" severity="secondary" outlined size="small" :loading="loading" :disabled="saving" @click="fetchAll" />
                 <Button label="Adicionar plano" icon="pi pi-plus" size="small" :disabled="saving" @click="openCreate" />
             </div>
-
-            <!-- Ações mobile (< 1200px) -->
-            <div class="flex xl:hidden">
+            <div class="flex xl:hidden shrink-0">
                 <Button label="Ações" icon="pi pi-ellipsis-v" severity="warn" size="small" aria-haspopup="true" aria-controls="plans_hero_menu" @click="(e) => heroMenuRef.toggle(e)" />
                 <Menu ref="heroMenuRef" id="plans_hero_menu" :model="heroMenuItems" :popup="true" />
             </div>
         </div>
-    </div>
-
-    <!-- content -->
-    <div class="px-3 md:px-4 pb-8 flex flex-col gap-4">
         <DataTable :value="filteredRows" dataKey="id" :loading="loading" stripedRows responsiveLayout="scroll">
             <Column field="name" header="Nome" sortable style="min-width: 14rem" />
             <Column field="key" header="Key" sortable />
@@ -584,4 +569,4 @@ onBeforeUnmount(() => {
             <Button :label="isEdit ? 'Salvar' : 'Criar'" icon="pi pi-check" :loading="saving" @click="save" />
         </template>
     </Dialog>
-</template>
+</template>
\ No newline at end of file
diff --git a/src/views/pages/saas/SaasPlansPublicPage.vue b/src/views/pages/saas/SaasPlansPublicPage.vue
index 1943d34..61ae573 100644
--- a/src/views/pages/saas/SaasPlansPublicPage.vue
+++ b/src/views/pages/saas/SaasPlansPublicPage.vue
@@ -450,38 +450,23 @@ onBeforeUnmount(() => {
 <template>
     <ConfirmDialog />
 
-    <!-- Sentinel -->
-    <div ref="heroSentinelRef" class="p-2" />
-
-    <!-- Hero sticky -->
-    <div ref="heroEl" class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-emerald-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-indigo-400/10" />
-        </div>
-
-        <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
-            <div class="min-w-0">
-                <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Vitrine de Planos</div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Configure como os planos aparecem na página pública.</div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-shop" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Vitrine de Planos</div>
+                <div class="cfg-subheader__sub">Configure como os planos aparecem na página pública.</div>
             </div>
-
-            <!-- Ações desktop (≥ 1200px) -->
-            <div class="hidden xl:flex items-center gap-2 flex-wrap">
+            <div class="hidden xl:flex items-center gap-2 shrink-0">
                 <SelectButton v-model="targetFilter" :options="targetOptions" optionLabel="label" optionValue="value" size="small" :disabled="loading || saving || bulletSaving" />
                 <Button label="Recarregar" icon="pi pi-refresh" severity="secondary" outlined size="small" :loading="loading" :disabled="saving || bulletSaving" @click="fetchAll" />
             </div>
-
-            <!-- Ações mobile (< 1200px) -->
-            <div class="flex xl:hidden">
+            <div class="flex xl:hidden shrink-0">
                 <Button label="Ações" icon="pi pi-ellipsis-v" severity="warn" size="small" aria-haspopup="true" aria-controls="showcase_hero_menu" @click="(e) => heroMenuRef.toggle(e)" />
                 <Menu ref="heroMenuRef" id="showcase_hero_menu" :model="heroMenuItems" :popup="true" />
             </div>
         </div>
-    </div>
-
-    <!-- content -->
-    <div class="px-3 md:px-4 pb-8 flex flex-col gap-4">
         <!-- Search -->
         <div>
             <FloatLabel variant="on" class="w-full md:w-80">
@@ -807,4 +792,4 @@ onBeforeUnmount(() => {
             <Button :label="bulletIsEdit ? 'Salvar' : 'Criar'" icon="pi pi-check" :loading="bulletSaving" @click="saveBullet" />
         </template>
     </Dialog>
-</template>
+</template>
\ No newline at end of file
diff --git a/src/views/pages/saas/SaasSecurityPage.vue b/src/views/pages/saas/SaasSecurityPage.vue
index 389621c..2951c2e 100644
--- a/src/views/pages/saas/SaasSecurityPage.vue
+++ b/src/views/pages/saas/SaasSecurityPage.vue
@@ -168,10 +168,14 @@ onMounted(async () => {
 </script>
 
 <template>
-    <div class="px-3 md:px-4 py-4 flex flex-col gap-4">
-        <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5">
-            <div class="text-[1.1rem] font-bold tracking-tight">Segurança — defesa contra bots</div>
-            <div class="text-[0.95rem] text-[var(--text-color-secondary)] mt-1">Configuração da defesa em camadas para endpoints públicos (cadastro de paciente, signup, agendador).</div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-shield" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Segurança — defesa contra bots</div>
+                <div class="cfg-subheader__sub">Configuração da defesa em camadas para endpoints públicos (cadastro de paciente, signup, agendador).</div>
+            </div>
         </div>
 
         <!-- Card explicativo (colapsável) -->
diff --git a/src/views/pages/saas/SaasSubscriptionEventsPage.vue b/src/views/pages/saas/SaasSubscriptionEventsPage.vue
index 5095061..2d2d6be 100644
--- a/src/views/pages/saas/SaasSubscriptionEventsPage.vue
+++ b/src/views/pages/saas/SaasSubscriptionEventsPage.vue
@@ -333,39 +333,24 @@ onBeforeUnmount(() => {
 </script>
 
 <template>
-    <!-- Sentinel -->
-    <div ref="sentinelRef" class="h-px" />
-
-    <!-- Hero sticky -->
-    <div ref="heroRef" class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-amber-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-orange-400/10" />
-        </div>
-
-        <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
-            <div class="min-w-0">
-                <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Histórico de assinaturas</div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Auditoria read-only das mudanças de plano e status.</div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-history" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Histórico de assinaturas</div>
+                <div class="cfg-subheader__sub">Auditoria read-only das mudanças de plano e status.</div>
             </div>
-
-            <!-- Ações desktop (≥ 1200px) -->
-            <div class="hidden xl:flex items-center gap-2 flex-wrap">
+            <div class="hidden xl:flex items-center gap-2 shrink-0">
                 <Button label="Voltar para assinaturas" icon="pi pi-arrow-left" severity="secondary" outlined size="small" :disabled="loading" @click="router.push('/saas/subscriptions')" />
                 <SelectButton v-model="ownerType" :options="ownerTypeOptions" optionLabel="label" optionValue="value" size="small" :disabled="loading" />
                 <Button label="Recarregar" icon="pi pi-refresh" severity="secondary" outlined size="small" :loading="loading" @click="fetchAll" />
             </div>
-
-            <!-- Ações mobile (< 1200px) -->
-            <div class="flex xl:hidden">
+            <div class="flex xl:hidden shrink-0">
                 <Button label="Ações" icon="pi pi-ellipsis-v" severity="warn" size="small" @click="(e) => mobileMenuRef.toggle(e)" />
                 <Menu ref="mobileMenuRef" :model="heroMenuItems" popup />
             </div>
         </div>
-    </div>
-
-    <!-- content -->
-    <div class="px-3 md:px-4 pb-8 flex flex-col gap-4">
         <!-- Card foco -->
         <div v-if="isFocused" class="overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)]">
             <div class="flex flex-wrap items-center justify-between gap-3 p-5">
@@ -473,4 +458,4 @@ onBeforeUnmount(() => {
 
         <div class="text-[1rem] text-[var(--text-color-secondary)]">Mostrando até 500 eventos mais recentes.</div>
     </div>
-</template>
+</template>
\ No newline at end of file
diff --git a/src/views/pages/saas/SaasSubscriptionHealthPage.vue b/src/views/pages/saas/SaasSubscriptionHealthPage.vue
index b48ea24..19b40d8 100644
--- a/src/views/pages/saas/SaasSubscriptionHealthPage.vue
+++ b/src/views/pages/saas/SaasSubscriptionHealthPage.vue
@@ -431,39 +431,24 @@ onBeforeUnmount(() => {
 <template>
     <ConfirmDialog />
 
-    <!-- Sentinel -->
-    <div ref="sentinelRef" class="h-px" />
-
-    <!-- Hero sticky -->
-    <div ref="heroRef" class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-indigo-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-emerald-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -bottom-20 right-24 bg-fuchsia-400/10" />
-        </div>
-        <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
-            <div class="min-w-0">
-                <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Saúde das Assinaturas</div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Terapeutas: divergências entre plano (esperado) e entitlements (atual). Clínicas: exceções comerciais (features liberadas manualmente fora do plano).</div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-heart" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Saúde das Assinaturas</div>
+                <div class="cfg-subheader__sub">Terapeutas: divergências entre plano e entitlements. Clínicas: exceções comerciais.</div>
             </div>
-
-            <!-- Ações desktop (≥ 1200px) -->
             <div class="hidden xl:flex items-center gap-2 shrink-0">
                 <Button label="Recarregar" icon="pi pi-refresh" severity="secondary" outlined size="small" :loading="loading" :disabled="fixing" @click="reloadActiveTab" />
                 <Button label="Recarregar tudo" icon="pi pi-sync" severity="secondary" outlined size="small" :loading="loading" :disabled="fixing" @click="fetchAll" />
                 <Button v-if="activeTab === 0 && totalPersonal > 0" label="Corrigir tudo (terapeutas)" icon="pi pi-wrench" severity="danger" size="small" :loading="fixing" :disabled="loading" @click="askFixAll" />
             </div>
-
-            <!-- Ações mobile (< 1200px) -->
             <div class="flex xl:hidden shrink-0">
                 <Button label="Ações" icon="pi pi-ellipsis-v" severity="warn" size="small" @click="(e) => mobileMenuRef.toggle(e)" />
                 <Menu ref="mobileMenuRef" :model="heroMenuItems" popup />
             </div>
         </div>
-    </div>
-
-    <!-- content -->
-    <div class="px-3 md:px-4 pb-8 flex flex-col gap-4">
         <!-- busca -->
         <div>
             <FloatLabel variant="on" class="w-full">
@@ -654,4 +639,4 @@ onBeforeUnmount(() => {
             </TabPanel>
         </TabView>
     </div>
-</template>
+</template>
\ No newline at end of file
diff --git a/src/views/pages/saas/SaasSubscriptionsPage.vue b/src/views/pages/saas/SaasSubscriptionsPage.vue
index 6dbbc8f..be555cb 100644
--- a/src/views/pages/saas/SaasSubscriptionsPage.vue
+++ b/src/views/pages/saas/SaasSubscriptionsPage.vue
@@ -425,38 +425,23 @@ onBeforeUnmount(() => {
 <template>
     <ConfirmDialog />
 
-    <!-- Sentinel -->
-    <div ref="sentinelRef" class="h-px" />
-
-    <!-- Hero sticky -->
-    <div ref="heroRef" class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-indigo-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-emerald-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -bottom-20 right-24 bg-fuchsia-400/10" />
-        </div>
-        <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
-            <div class="min-w-0">
-                <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Assinaturas</div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Painel operacional do SaaS: revise plano, status e período (Clínica x Terapeuta) com segurança.</div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-credit-card" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Assinaturas</div>
+                <div class="cfg-subheader__sub">Painel operacional do SaaS: revise plano, status e período (Clínica x Terapeuta) com segurança.</div>
             </div>
-
-            <!-- Ações desktop (≥ 1200px) -->
             <div class="hidden xl:flex items-center gap-2 shrink-0">
                 <SelectButton v-model="typeFilter" :options="typeOptions" optionLabel="label" optionValue="value" size="small" :disabled="loading || savingId !== null" />
                 <Button label="Recarregar" icon="pi pi-refresh" severity="secondary" outlined size="small" :loading="loading" :disabled="savingId !== null" @click="fetchAll" />
             </div>
-
-            <!-- Ações mobile (< 1200px) -->
             <div class="flex xl:hidden shrink-0">
                 <Button label="Ações" icon="pi pi-ellipsis-v" severity="warn" size="small" @click="(e) => mobileMenuRef.toggle(e)" />
                 <Menu ref="mobileMenuRef" :model="heroMenuItems" popup />
             </div>
         </div>
-    </div>
-
-    <!-- content -->
-    <div class="px-3 md:px-4 pb-8 flex flex-col gap-4">
         <!-- Header foco -->
         <div v-if="isFocused" class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-4">
             <div class="flex align-items-center justify-content-between gap-3 flex-wrap">
@@ -585,4 +570,4 @@ onBeforeUnmount(() => {
             </template>
         </DataTable>
     </div>
-</template>
+</template>
\ No newline at end of file
diff --git a/src/views/pages/saas/SaasSupportPage.vue b/src/views/pages/saas/SaasSupportPage.vue
index 8980ab5..29c9d59 100644
--- a/src/views/pages/saas/SaasSupportPage.vue
+++ b/src/views/pages/saas/SaasSupportPage.vue
@@ -246,31 +246,16 @@ function sessionStatusLabel(session) {
 </script>
 
 <template>
-    <!-- Sentinel -->
-    <div class="h-px" />
-
-    <!-- Hero sticky -->
-    <div class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-orange-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-fuchsia-400/10" />
-        </div>
-        <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
-            <div class="flex items-center gap-3 min-w-0">
-                <div class="flex items-center justify-center w-10 h-10 rounded-md border border-[var(--surface-border)] bg-[var(--surface-ground)] shrink-0">
-                    <i class="pi pi-headphones text-[var(--text-color)]" />
-                </div>
-                <div class="min-w-0">
-                    <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Suporte Técnico</div>
-                    <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Gere e gerencie links seguros de acesso em modo debug</div>
-                </div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-headphones" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Suporte Técnico</div>
+                <div class="cfg-subheader__sub">Gere e gerencie links seguros de acesso em modo debug.</div>
             </div>
-            <Tag v-if="activeSessionCount > 0" :value="`${activeSessionCount} sessão${activeSessionCount > 1 ? 'ões' : ''} ativa${activeSessionCount > 1 ? 's' : ''}`" severity="warning" />
+            <Tag v-if="activeSessionCount > 0" :value="`${activeSessionCount} ativa${activeSessionCount > 1 ? 's' : ''}`" severity="warn" class="shrink-0" />
         </div>
-    </div>
-
-    <!-- content -->
-    <div class="px-3 md:px-4 pb-8 flex flex-col gap-4">
         <!-- Tabs -->
         <TabView @tab-change="onTabChange">
             <!-- ── Tab 0: Nova Sessão ─────────────────────────────────── -->
diff --git a/src/views/pages/saas/SaasTenantFeaturesPage.vue b/src/views/pages/saas/SaasTenantFeaturesPage.vue
index 2f2c5db..f6926d1 100644
--- a/src/views/pages/saas/SaasTenantFeaturesPage.vue
+++ b/src/views/pages/saas/SaasTenantFeaturesPage.vue
@@ -215,16 +215,18 @@ onMounted(async () => {
 </script>
 
 <template>
-    <div class="px-3 md:px-4 py-4 flex flex-col gap-4">
-        <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5">
-            <div class="flex items-start justify-between gap-3 flex-wrap">
-                <div class="min-w-0">
-                    <div class="text-[1.1rem] font-bold tracking-tight text-[var(--text-color)]">Recursos por Clínica</div>
-                    <div class="text-[0.95rem] text-[var(--text-color-secondary)] mt-1">Gerencia overrides de features por tenant. Exceções comerciais (ativar feature fora do plano) exigem motivo e ficam logadas.</div>
-                </div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-sitemap" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Recursos por Clínica</div>
+                <div class="cfg-subheader__sub">Overrides de features por tenant. Exceções comerciais exigem motivo e ficam logadas.</div>
             </div>
+        </div>
 
-            <div class="mt-4 grid grid-cols-1 md:grid-cols-3 gap-3">
+        <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5">
+            <div class="grid grid-cols-1 md:grid-cols-3 gap-3">
                 <div>
                     <label class="text-[0.85rem] text-[var(--text-color-secondary)]">Clínica</label>
                     <Select v-model="selectedTenantId" :options="tenants" optionLabel="name" optionValue="id" placeholder="Selecione…" class="w-full mt-1" filter showClear />
@@ -319,4 +321,4 @@ onMounted(async () => {
             </template>
         </Dialog>
     </div>
-</template>
+</template>
\ No newline at end of file
diff --git a/src/views/pages/saas/SaasTwilioConfigPage.vue b/src/views/pages/saas/SaasTwilioConfigPage.vue
index 4af0893..d83de05 100644
--- a/src/views/pages/saas/SaasTwilioConfigPage.vue
+++ b/src/views/pages/saas/SaasTwilioConfigPage.vue
@@ -150,17 +150,22 @@ onMounted(async () => {
 </script>
 
 <template>
-    <div class="px-3 md:px-4 py-4 flex flex-col gap-4">
-        <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5">
-            <div class="text-[1.1rem] font-bold tracking-tight">Configuração Twilio</div>
-            <div class="text-[0.95rem] text-[var(--text-color-secondary)] mt-1">
-                Edite a config operacional sem redeploy. O <b>Auth Token</b> (secret) continua em variável de ambiente da Edge Function por segurança.
-            </div>
-            <div v-if="meta.updated_at" class="text-xs text-[var(--text-color-secondary)] mt-2">
-                Última atualização: {{ new Date(meta.updated_at).toLocaleString('pt-BR') }}
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-phone" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Configuração Twilio</div>
+                <div class="cfg-subheader__sub">
+                    Edite a config operacional sem redeploy. O Auth Token (secret) continua em variável de ambiente da Edge Function por segurança.
+                </div>
             </div>
         </div>
 
+        <div v-if="meta.updated_at" class="text-xs text-[var(--text-color-secondary)] px-1">
+            Última atualização: {{ new Date(meta.updated_at).toLocaleString('pt-BR') }}
+        </div>
+
         <!-- Card explicativo -->
         <div class="rounded-md border border-indigo-400/30 bg-indigo-400/5">
             <Accordion :value="helpOpen ? '0' : null" @update:value="(v) => helpOpen = (v === '0')">
diff --git a/src/views/pages/saas/SaasWhatsappPage.vue b/src/views/pages/saas/SaasWhatsappPage.vue
index 3761b0f..58a302c 100644
--- a/src/views/pages/saas/SaasWhatsappPage.vue
+++ b/src/views/pages/saas/SaasWhatsappPage.vue
@@ -240,8 +240,28 @@ async function checkConnectionStatus() {
         });
         if (!res.ok) throw new Error(`HTTP ${res.status}`);
         const instances = await res.json();
-        const inst = Array.isArray(instances) ? instances.find((i) => i.instance?.instanceName === credentials.value.instance_name) : null;
-        connectionStatus.value = inst?.instance?.status || 'close';
+        // Evolution v1: [{ instance: { instanceName, status } }] · v2: [{ instanceName, connectionStatus/state }]
+        const arr = Array.isArray(instances) ? instances : [];
+        const inst = arr.find((i) => {
+            const name = i?.instance?.instanceName ?? i?.instanceName ?? i?.name;
+            return name === credentials.value.instance_name;
+        });
+        const rawState = inst?.instance?.status ?? inst?.instance?.state ?? inst?.connectionStatus ?? inst?.state ?? inst?.status;
+        connectionStatus.value = rawState || 'close';
+
+        // Persiste no DB pra a tabela ficar em sync (mapeia pra valores que channelStatusTag entende)
+        if (channel.value?.id) {
+            const dbStatus = rawState === 'open' ? 'connected' : rawState === 'connecting' ? 'connecting' : 'disconnected';
+            if (channel.value.connection_status !== dbStatus) {
+                await supabase
+                    .from('notification_channels')
+                    .update({ connection_status: dbStatus, last_health_check: new Date().toISOString() })
+                    .eq('id', channel.value.id);
+                channel.value.connection_status = dbStatus;
+                // Atualiza lista da tabela (sem bloquear)
+                loadAllChannels();
+            }
+        }
     } catch (e) {
         connectionStatus.value = 'close';
         toast.add({
@@ -265,15 +285,29 @@ async function fetchQrCode() {
         const res = await fetch(`${credentials.value.api_url}/instance/connect/${credentials.value.instance_name}`, { headers: { apikey: credentials.value.api_key } });
         if (!res.ok) throw new Error(`HTTP ${res.status}`);
         const data = await res.json();
-        const base64 = data?.base64;
+        // Evolution v1: data.qrcode.base64 · v2: data.base64 · variantes: data.code/qr/qrCode
+        const base64 =
+            data?.base64 ||
+            data?.qrcode?.base64 ||
+            data?.qrCode?.base64 ||
+            data?.qr?.base64 ||
+            data?.qr ||
+            data?.code ||
+            null;
         if (!base64) {
-            if (data?.instance?.status === 'open') {
+            const openState =
+                data?.instance?.status === 'open' ||
+                data?.instance?.state === 'open' ||
+                data?.state === 'open' ||
+                data?.status === 'open';
+            if (openState) {
                 connectionStatus.value = 'open';
                 toast.add({ severity: 'success', summary: 'WhatsApp já está conectado!', life: 3000 });
                 qrDialog.value = false;
                 return;
             }
-            throw new Error('QR Code não retornado pela API.');
+            console.error('[QR] Resposta inesperada da Evolution:', data);
+            throw new Error('QR Code não retornado pela API. Veja o console (F12) pra debug.');
         }
         qrCodeBase64.value = base64.startsWith('data:') ? base64 : `data:image/png;base64,${base64}`;
         startQrCountdown();
diff --git a/src/views/pages/saas/SubscriptionIntentsPage.vue b/src/views/pages/saas/SubscriptionIntentsPage.vue
index 4eb5f7a..87161c9 100644
--- a/src/views/pages/saas/SubscriptionIntentsPage.vue
+++ b/src/views/pages/saas/SubscriptionIntentsPage.vue
@@ -614,38 +614,23 @@ onBeforeUnmount(() => {
 <template>
     <ConfirmDialog />
 
-    <!-- Sentinel -->
-    <div ref="heroSentinelRef" class="p-2" />
-
-    <!-- Hero sticky -->
-    <div ref="heroEl" class="sticky mx-3 md:mx-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5" :style="{ top: 'var(--layout-sticky-top, 56px)' }">
-        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-indigo-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-emerald-400/10" />
-            <div class="absolute rounded-full blur-[70px] w-72 h-72 -bottom-20 right-24 bg-fuchsia-400/10" />
-        </div>
-        <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
-            <div class="min-w-0">
-                <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Intenções de assinatura</div>
-                <div class="text-[1rem] text-[var(--text-color-secondary)] mt-0.5">Caixa de entrada de pagamento manual (PIX/boleto). Marque como <b>pago</b> para ativar a assinatura ou <b>cancele</b> quando o pagamento não será concluído.</div>
+    <div class="flex flex-col gap-4 p-4">
+        <!-- Header -->
+        <div class="cfg-subheader">
+            <div class="cfg-subheader__icon"><i class="pi pi-inbox" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Intenções de assinatura</div>
+                <div class="cfg-subheader__sub">Caixa de entrada de pagamento manual (PIX/boleto). Marque como pago para ativar ou cancele quando não for concluído.</div>
             </div>
-
-            <!-- Ações desktop (≥ 1200px) -->
             <div class="hidden xl:flex items-center gap-2 shrink-0">
                 <Button label="Atualizar" icon="pi pi-refresh" severity="secondary" outlined size="small" :loading="loading" :disabled="acting" @click="refresh" />
                 <Button v-if="hasAnyFilter" label="Limpar filtros" icon="pi pi-times" severity="secondary" outlined size="small" :disabled="acting" @click="clearFilters" />
             </div>
-
-            <!-- Ações mobile (< 1200px) -->
             <div class="flex xl:hidden shrink-0">
                 <Button label="Ações" icon="pi pi-ellipsis-v" severity="warn" size="small" @click="(e) => heroMenuRef.toggle(e)" />
                 <Menu ref="heroMenuRef" :model="heroMenuItems" popup />
             </div>
         </div>
-    </div>
-
-    <!-- content -->
-    <div class="px-3 md:px-4 pb-8 flex flex-col gap-4">
         <!-- Card: Resumo + Filtros -->
         <div class="rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5">
             <div class="flex items-center justify-between gap-3 flex-wrap mb-4">
@@ -818,4 +803,4 @@ onBeforeUnmount(() => {
             </div>
         </div>
     </Dialog>
-</template>
+</template>
\ No newline at end of file
diff --git a/src/views/pages/saas/development/SaasDevelopmentPage.vue b/src/views/pages/saas/development/SaasDevelopmentPage.vue
index 79f770d..784c008 100644
--- a/src/views/pages/saas/development/SaasDevelopmentPage.vue
+++ b/src/views/pages/saas/development/SaasDevelopmentPage.vue
@@ -46,19 +46,13 @@ const activeComponent = computed(() => tabs[activeTab.value]?.component);
 <template>
     <div class="dev-page">
         <!-- Header -->
-        <section class="dev-header">
-            <div class="flex items-center gap-3 mb-1">
-                <div class="grid place-items-center w-10 h-10 rounded-md shrink-0 bg-indigo-500/10 text-indigo-500">
-                    <i class="pi pi-code text-lg" />
-                </div>
-                <div>
-                    <h1 class="font-bold text-xl tracking-tight text-[var(--text-color)]">Desenvolvimento</h1>
-                    <p class="text-xs text-[var(--text-color-secondary)]">
-                        Área interna de trabalho — roadmap, auditoria, concorrentes, banco
-                    </p>
-                </div>
+        <div class="cfg-subheader mb-3.5">
+            <div class="cfg-subheader__icon"><i class="pi pi-code" /></div>
+            <div class="min-w-0 flex-1">
+                <div class="cfg-subheader__title">Desenvolvimento</div>
+                <div class="cfg-subheader__sub">Área interna de trabalho — roadmap, auditoria, concorrentes, banco.</div>
             </div>
-        </section>
+        </div>
 
         <!-- Tabs -->
         <nav class="dev-tabs">
@@ -87,14 +81,6 @@ const activeComponent = computed(() => tabs[activeTab.value]?.component);
     margin: 0 auto;
 }
 
-.dev-header {
-    padding: 10px 14px 14px;
-    background: var(--surface-card, #fff);
-    border: 1px solid var(--surface-border, #e2e8f0);
-    border-radius: 10px;
-    margin-bottom: 14px;
-}
-
 .dev-tabs {
     display: flex;
     gap: 6px;
diff --git a/src/views/pages/supervisor/SupervisorDashboard.vue b/src/views/pages/supervisor/SupervisorDashboard.vue
index 7817a80..9486cd9 100644
--- a/src/views/pages/supervisor/SupervisorDashboard.vue
+++ b/src/views/pages/supervisor/SupervisorDashboard.vue
@@ -21,17 +21,25 @@ import RevenueStreamWidget from '@/components/dashboard/RevenueStreamWidget.vue'
 </script>
 
 <template>
-    <div class="card mb-0">
-        <div class="flex justify-between mb-4">
-            <div>
-                <span class="text-primary font-medium">Área</span>
-                <span class="text-muted-color"> do Supervisor</span>
-            </div>
-            <div class="flex items-center justify-center bg-purple-100 dark:bg-purple-400/10 rounded-border" style="width: 2.5rem; height: 2.5rem">
-                <i class="pi pi-eye text-purple-500 text-xl!"></i>
+    <div
+        class="sticky mx-3 md:mx-4 mt-4 mb-4 z-20 overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-5"
+        :style="{ top: 'var(--layout-sticky-top, 56px)' }"
+    >
+        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
+            <div class="absolute rounded-full blur-[70px] w-72 h-72 -top-16 -right-20 bg-purple-400/10" />
+            <div class="absolute rounded-full blur-[70px] w-80 h-80 top-10 -left-24 bg-indigo-400/10" />
+        </div>
+        <div class="relative z-10 flex items-center justify-between gap-3 flex-wrap">
+            <div class="flex items-center gap-3 flex-1 min-w-0">
+                <div class="grid place-items-center w-10 h-10 rounded-md shrink-0 bg-purple-500/10 text-purple-600 dark:text-purple-400">
+                    <i class="pi pi-eye text-lg" />
+                </div>
+                <div class="min-w-0">
+                    <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Área do Supervisor</div>
+                    <div class="text-[0.78rem] text-[var(--text-color-secondary)] mt-0.5">Supervisione sessões, evolução dos pacientes e indicadores da clínica.</div>
+                </div>
             </div>
         </div>
-        <p class="text-muted-color text-sm mt-0">Supervisione sessões, evolução dos pacientes e indicadores da clínica.</p>
     </div>
 
     <div class="grid grid-cols-12 gap-8">
diff --git a/src/views/pages/therapist/NotificationsHistoryPage.vue b/src/views/pages/therapist/NotificationsHistoryPage.vue
new file mode 100644
index 0000000..b893afa
--- /dev/null
+++ b/src/views/pages/therapist/NotificationsHistoryPage.vue
@@ -0,0 +1,569 @@
+<script setup>
+import { ref, computed, onMounted, onBeforeUnmount } from 'vue';
+import { useRouter } from 'vue-router';
+import { useToast } from 'primevue/usetoast';
+import { useConfirm } from 'primevue/useconfirm';
+import { formatDistanceToNow, format } from 'date-fns';
+import { ptBR } from 'date-fns/locale';
+import { supabase } from '@/lib/supabase/client';
+import { useNotificationStore } from '@/stores/notificationStore';
+import { useConversationDrawerStore } from '@/stores/conversationDrawerStore';
+import { useTenantStore } from '@/stores/tenantStore';
+
+const router = useRouter();
+const toast = useToast();
+const confirm = useConfirm();
+const notifStore = useNotificationStore();
+const conversationDrawer = useConversationDrawerStore();
+const tenantStore = useTenantStore();
+
+// ─── State ───────────────────────────────────────────
+const ownerId = ref(null);
+const items = ref([]);
+const loading = ref(true);
+const search = ref('');
+const filter = ref('all'); // all | unread | read | archived
+const typeFilter = ref(null);
+
+const headerEl = ref(null);
+const headerSentinelRef = ref(null);
+const headerStuck = ref(false);
+let _headerObserver = null;
+
+// ─── Type map ────────────────────────────────────────
+const typeMap = {
+    new_scheduling: { icon: 'pi-inbox', color: 'text-red-500', border: 'border-red-500', label: 'Agendamento' },
+    new_patient: { icon: 'pi-user-plus', color: 'text-sky-500', border: 'border-sky-500', label: 'Novo paciente' },
+    recurrence_alert: { icon: 'pi-refresh', color: 'text-amber-500', border: 'border-amber-500', label: 'Recorrência' },
+    session_status: { icon: 'pi-calendar-times', color: 'text-orange-500', border: 'border-orange-500', label: 'Sessão' },
+    inbound_message: { icon: 'pi-whatsapp', color: 'text-emerald-500', border: 'border-emerald-500', label: 'Mensagem' }
+};
+
+function metaFor(item) {
+    return typeMap[item.type] || { icon: 'pi-bell', color: 'text-gray-400', border: 'border-gray-300', label: item.type };
+}
+
+// ─── Filters + search ────────────────────────────────
+const quickStats = computed(() => {
+    const total = items.value.length;
+    const unread = items.value.filter((n) => !n.read_at && !n.archived).length;
+    const read = items.value.filter((n) => n.read_at && !n.archived).length;
+    const archived = items.value.filter((n) => n.archived).length;
+    return [
+        { label: 'Total', value: total, key: 'all', cls: '' },
+        { label: 'Não lidas', value: unread, key: 'unread', cls: unread > 0 ? 'qs-warn' : '' },
+        { label: 'Lidas', value: read, key: 'read', cls: '' },
+        { label: 'Arquivadas', value: archived, key: 'archived', cls: '' }
+    ];
+});
+
+const filteredItems = computed(() => {
+    const q = search.value.trim().toLowerCase();
+    return items.value.filter((n) => {
+        if (filter.value === 'unread' && (n.read_at || n.archived)) return false;
+        if (filter.value === 'read' && (!n.read_at || n.archived)) return false;
+        if (filter.value === 'archived' && !n.archived) return false;
+        if (filter.value === 'all' && n.archived) return false;
+        if (typeFilter.value && n.type !== typeFilter.value) return false;
+        if (q) {
+            const title = (n.payload?.title || '').toLowerCase();
+            const detail = (n.payload?.detail || '').toLowerCase();
+            if (!title.includes(q) && !detail.includes(q)) return false;
+        }
+        return true;
+    });
+});
+
+const hasActiveFilters = computed(() => filter.value !== 'all' || !!typeFilter.value || !!search.value.trim());
+
+function clearFilters() {
+    filter.value = 'all';
+    typeFilter.value = null;
+    search.value = '';
+}
+
+// ─── Data loading ────────────────────────────────────
+async function load() {
+    loading.value = true;
+    try {
+        const { data: authData } = await supabase.auth.getUser();
+        ownerId.value = authData?.user?.id || null;
+        if (!ownerId.value) {
+            loading.value = false;
+            return;
+        }
+        const { data, error } = await supabase.from('notifications').select('*').eq('owner_id', ownerId.value).order('created_at', { ascending: false }).limit(500);
+        if (error) throw error;
+        items.value = data || [];
+    } catch (e) {
+        toast.add({ severity: 'error', summary: 'Erro', detail: e?.message || 'Falha ao carregar notificações.', life: 4500 });
+    } finally {
+        loading.value = false;
+    }
+}
+
+// ─── Actions ─────────────────────────────────────────
+async function markRead(id) {
+    const now = new Date().toISOString();
+    const { error } = await supabase.from('notifications').update({ read_at: now }).eq('id', id);
+    if (error) {
+        toast.add({ severity: 'error', summary: 'Erro', detail: error.message, life: 3500 });
+        return;
+    }
+    const item = items.value.find((n) => n.id === id);
+    if (item) item.read_at = now;
+    // Sync no store (drawer)
+    const storeItem = notifStore.items.find((n) => n.id === id);
+    if (storeItem) storeItem.read_at = now;
+}
+
+async function markUnread(id) {
+    const { error } = await supabase.from('notifications').update({ read_at: null }).eq('id', id);
+    if (error) {
+        toast.add({ severity: 'error', summary: 'Erro', detail: error.message, life: 3500 });
+        return;
+    }
+    const item = items.value.find((n) => n.id === id);
+    if (item) item.read_at = null;
+    const storeItem = notifStore.items.find((n) => n.id === id);
+    if (storeItem) storeItem.read_at = null;
+}
+
+async function archive(id) {
+    const { error } = await supabase.from('notifications').update({ archived: true }).eq('id', id);
+    if (error) {
+        toast.add({ severity: 'error', summary: 'Erro', detail: error.message, life: 3500 });
+        return;
+    }
+    const item = items.value.find((n) => n.id === id);
+    if (item) item.archived = true;
+    // Remove do store do drawer (que só lista não-arquivadas)
+    notifStore.items = notifStore.items.filter((n) => n.id !== id);
+}
+
+async function unarchive(id) {
+    const { error } = await supabase.from('notifications').update({ archived: false }).eq('id', id);
+    if (error) {
+        toast.add({ severity: 'error', summary: 'Erro', detail: error.message, life: 3500 });
+        return;
+    }
+    const item = items.value.find((n) => n.id === id);
+    if (item) item.archived = false;
+    // Readiciona no store do drawer
+    if (item && !notifStore.items.find((n) => n.id === id)) {
+        notifStore.items.unshift({ ...item });
+    }
+}
+
+function confirmRemove(id) {
+    confirm.require({
+        message: 'Remover esta notificação permanentemente? Essa ação não pode ser desfeita.',
+        header: 'Remover notificação',
+        icon: 'pi pi-exclamation-triangle',
+        acceptLabel: 'Remover',
+        rejectLabel: 'Cancelar',
+        acceptClass: 'p-button-danger',
+        accept: () => remove(id)
+    });
+}
+
+async function remove(id) {
+    const { error } = await supabase.from('notifications').delete().eq('id', id);
+    if (error) {
+        toast.add({ severity: 'error', summary: 'Erro', detail: error.message, life: 3500 });
+        return;
+    }
+    items.value = items.value.filter((n) => n.id !== id);
+    notifStore.items = notifStore.items.filter((n) => n.id !== id);
+    toast.add({ severity: 'success', summary: 'Removida', life: 2500 });
+}
+
+async function markAllRead() {
+    const unreadIds = items.value.filter((n) => !n.read_at && !n.archived).map((n) => n.id);
+    if (!unreadIds.length) return;
+    const now = new Date().toISOString();
+    const { error } = await supabase.from('notifications').update({ read_at: now }).in('id', unreadIds);
+    if (error) {
+        toast.add({ severity: 'error', summary: 'Erro', detail: error.message, life: 3500 });
+        return;
+    }
+    items.value.forEach((n) => {
+        if (unreadIds.includes(n.id)) n.read_at = now;
+    });
+    notifStore.items.forEach((n) => {
+        if (unreadIds.includes(n.id)) n.read_at = now;
+    });
+    toast.add({ severity: 'success', summary: `${unreadIds.length} marcada${unreadIds.length > 1 ? 's' : ''} como lida${unreadIds.length > 1 ? 's' : ''}`, life: 2500 });
+}
+
+// ─── Row actions ─────────────────────────────────────
+function handleRowClick(n) {
+    if (n.type === 'inbound_message') {
+        const payload = n.payload || {};
+        if (payload.patient_id) {
+            conversationDrawer.openForPatient(payload.patient_id);
+        } else if (payload.from_number) {
+            conversationDrawer.openForThread({
+                thread_key: `anon:${payload.from_number}`,
+                tenant_id: tenantStore.activeTenantId,
+                patient_id: null,
+                patient_name: null,
+                contact_number: payload.from_number,
+                channel: payload.channel || 'whatsapp',
+                message_count: 1,
+                unread_count: 1,
+                kanban_status: 'awaiting_us',
+                last_message_at: new Date().toISOString()
+            });
+        }
+        if (!n.read_at) markRead(n.id);
+        return;
+    }
+    const deeplink = n.payload?.deeplink;
+    if (deeplink) {
+        if (!n.read_at) markRead(n.id);
+        router.push(deeplink);
+    } else if (!n.read_at) {
+        markRead(n.id);
+    }
+}
+
+// ─── Helpers ─────────────────────────────────────────
+function timeAgo(iso) {
+    try {
+        return formatDistanceToNow(new Date(iso), { addSuffix: true, locale: ptBR });
+    } catch {
+        return '—';
+    }
+}
+
+function fullDate(iso) {
+    try {
+        return format(new Date(iso), "dd 'de' MMMM 'às' HH:mm", { locale: ptBR });
+    } catch {
+        return '';
+    }
+}
+
+function initials(item) {
+    return item.payload?.avatar_initials || '?';
+}
+
+// ─── Lifecycle ───────────────────────────────────────
+onMounted(() => {
+    load();
+    if (headerSentinelRef.value) {
+        _headerObserver = new IntersectionObserver(
+            ([entry]) => {
+                headerStuck.value = !entry.isIntersecting;
+            },
+            { threshold: 0 }
+        );
+        _headerObserver.observe(headerSentinelRef.value);
+    }
+});
+
+onBeforeUnmount(() => {
+    _headerObserver?.disconnect();
+});
+</script>
+
+<template>
+    <ConfirmDialog />
+
+    <!-- Sentinel -->
+    <div ref="headerSentinelRef" class="h-px" />
+
+    <!-- Hero sticky -->
+    <section
+        ref="headerEl"
+        class="sticky mx-3 md:mx-4 my-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
+        :class="{ 'rounded-tl-none rounded-tr-none': headerStuck }"
+        :style="{ top: 'var(--layout-sticky-top, 56px)' }"
+    >
+        <!-- Blobs decorativos -->
+        <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
+            <div class="absolute w-64 h-64 -top-16 -right-8 rounded-full blur-[60px] bg-indigo-500/10" />
+            <div class="absolute w-72 h-72 top-0 -left-16 rounded-full blur-[60px] bg-emerald-400/[0.07]" />
+        </div>
+
+        <div class="relative z-1 flex items-center gap-3">
+            <div class="flex items-center gap-2 shrink-0">
+                <div class="grid place-items-center w-9 h-9 rounded-md shrink-0 bg-indigo-500/10 text-indigo-500">
+                    <i class="pi pi-bell text-base" />
+                </div>
+                <div class="min-w-0 hidden lg:block">
+                    <div class="text-[1rem] font-bold tracking-tight text-[var(--text-color)]">Notificações</div>
+                    <div class="text-[1rem] text-[var(--text-color-secondary)]">Histórico completo — leia, arquive ou remova</div>
+                </div>
+            </div>
+
+            <div class="flex items-center gap-1 shrink-0 ml-auto">
+                <Button
+                    v-if="quickStats[1].value > 0"
+                    label="Marcar todas lidas"
+                    icon="pi pi-check-circle"
+                    severity="secondary"
+                    outlined
+                    size="small"
+                    class="rounded-full"
+                    :disabled="loading"
+                    @click="markAllRead"
+                />
+                <Button icon="pi pi-refresh" severity="secondary" outlined class="h-9 w-9 rounded-full" :loading="loading" v-tooltip.bottom="'Recarregar'" @click="load" />
+            </div>
+        </div>
+    </section>
+
+    <!-- Quick-stats -->
+    <div class="grid grid-cols-2 md:grid-cols-4 gap-2 px-3 md:px-4 mb-3">
+        <template v-if="loading">
+            <Skeleton v-for="n in 4" :key="n" height="3.5rem" class="rounded-md" />
+        </template>
+        <template v-else>
+            <div
+                v-for="s in quickStats"
+                :key="s.key"
+                class="flex flex-col gap-0.5 px-4 py-2.5 rounded-md border cursor-pointer select-none transition-[border-color,box-shadow,background] duration-150 hover:shadow-[0_2px_8px_rgba(0,0,0,0.06)]"
+                :class="[
+                    filter === s.key
+                        ? 'border-[var(--primary-color,#6366f1)] shadow-[0_0_0_3px_rgba(99,102,241,0.15)] bg-[var(--surface-card,#fff)]'
+                        : s.cls === 'qs-warn'
+                          ? 'border-amber-500/25 bg-amber-500/5 hover:border-amber-500/40'
+                          : 'border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] hover:border-indigo-300/50'
+                ]"
+                @click="filter = s.key"
+            >
+                <div class="text-[1.35rem] font-bold leading-none" :class="s.cls === 'qs-warn' ? 'text-amber-500' : 'text-[var(--text-color)]'">{{ s.value }}</div>
+                <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">{{ s.label }}</div>
+            </div>
+        </template>
+    </div>
+
+    <!-- Toolbar: busca + type filter + clear -->
+    <div class="px-3 md:px-4 mb-3 flex flex-col md:flex-row items-stretch md:items-center gap-2">
+        <IconField class="flex-1">
+            <InputIcon class="pi pi-search" />
+            <InputText v-model="search" placeholder="Buscar por título ou descrição…" class="w-full" />
+        </IconField>
+
+        <Select
+            v-model="typeFilter"
+            :options="[
+                { label: 'Todos os tipos', value: null },
+                { label: 'Agendamento', value: 'new_scheduling' },
+                { label: 'Novo paciente', value: 'new_patient' },
+                { label: 'Recorrência', value: 'recurrence_alert' },
+                { label: 'Sessão', value: 'session_status' },
+                { label: 'Mensagem', value: 'inbound_message' }
+            ]"
+            optionLabel="label"
+            optionValue="value"
+            placeholder="Tipo"
+            class="md:w-[200px]"
+        />
+
+        <Button v-if="hasActiveFilters" label="Limpar filtros" icon="pi pi-filter-slash" severity="secondary" outlined size="small" class="rounded-full" @click="clearFilters" />
+    </div>
+
+    <!-- Lista -->
+    <div class="px-3 md:px-4 pb-5">
+        <!-- Skeleton list -->
+        <div v-if="loading" class="flex flex-col gap-2">
+            <Skeleton v-for="n in 8" :key="n" height="5rem" class="rounded-md" />
+        </div>
+
+        <!-- Empty -->
+        <div v-else-if="!filteredItems.length" class="flex flex-col items-center justify-center gap-2 py-12 text-center">
+            <i class="pi pi-bell-slash text-4xl text-[var(--text-color-secondary)] opacity-40" />
+            <div class="text-[1rem] font-semibold text-[var(--text-color)]">{{ hasActiveFilters ? 'Nada encontrado' : 'Nenhuma notificação ainda' }}</div>
+            <div class="text-sm text-[var(--text-color-secondary)]">{{ hasActiveFilters ? 'Ajuste os filtros ou limpe-os para ver tudo.' : 'Quando algo acontecer, você será avisado aqui.' }}</div>
+        </div>
+
+        <!-- Items -->
+        <div v-else class="flex flex-col gap-2">
+            <div
+                v-for="n in filteredItems"
+                :key="n.id"
+                class="notif-row"
+                :class="[metaFor(n).border, !n.read_at && !n.archived ? 'notif-row--unread' : '', n.archived ? 'notif-row--archived' : '']"
+                role="button"
+                tabindex="0"
+                @click="handleRowClick(n)"
+                @keydown.enter="handleRowClick(n)"
+            >
+                <div class="notif-row__icon" :class="metaFor(n).color">
+                    <i :class="['pi', metaFor(n).icon]" />
+                </div>
+
+                <div class="notif-row__avatar">{{ initials(n) }}</div>
+
+                <div class="notif-row__body">
+                    <div class="flex items-center gap-2 flex-wrap">
+                        <span class="notif-row__title">{{ n.payload?.title || '(sem título)' }}</span>
+                        <span class="notif-row__type-pill">{{ metaFor(n).label }}</span>
+                        <span v-if="n.archived" class="notif-row__type-pill notif-row__type-pill--muted">Arquivada</span>
+                    </div>
+                    <div class="notif-row__detail">{{ n.payload?.detail || '—' }}</div>
+                    <div class="notif-row__time" :title="fullDate(n.created_at)">{{ timeAgo(n.created_at) }}</div>
+                </div>
+
+                <div class="notif-row__actions" @click.stop>
+                    <button v-if="!n.read_at && !n.archived" class="notif-row__btn" v-tooltip.top="'Marcar como lida'" @click="markRead(n.id)">
+                        <i class="pi pi-check" />
+                    </button>
+                    <button v-else-if="n.read_at && !n.archived" class="notif-row__btn" v-tooltip.top="'Marcar como não lida'" @click="markUnread(n.id)">
+                        <i class="pi pi-envelope" />
+                    </button>
+                    <button v-if="!n.archived" class="notif-row__btn" v-tooltip.top="'Arquivar'" @click="archive(n.id)">
+                        <i class="pi pi-inbox" />
+                    </button>
+                    <button v-else class="notif-row__btn" v-tooltip.top="'Desarquivar'" @click="unarchive(n.id)">
+                        <i class="pi pi-undo" />
+                    </button>
+                    <button class="notif-row__btn notif-row__btn--danger" v-tooltip.top="'Remover'" @click="confirmRemove(n.id)">
+                        <i class="pi pi-trash" />
+                    </button>
+                </div>
+            </div>
+        </div>
+    </div>
+</template>
+
+<style scoped>
+.notif-row {
+    display: flex;
+    align-items: flex-start;
+    gap: 0.75rem;
+    padding: 0.875rem 1rem;
+    border-left-width: 3px;
+    border-left-style: solid;
+    border-top: 1px solid var(--surface-border);
+    border-right: 1px solid var(--surface-border);
+    border-bottom: 1px solid var(--surface-border);
+    border-radius: 6px;
+    background: var(--surface-card);
+    cursor: pointer;
+    transition:
+        background 0.15s,
+        box-shadow 0.15s,
+        border-color 0.15s;
+}
+.notif-row:hover {
+    background: var(--surface-hover);
+    box-shadow: 0 2px 8px rgba(0, 0, 0, 0.05);
+}
+.notif-row--unread {
+    background: color-mix(in srgb, var(--primary-color) 5%, var(--surface-card));
+}
+.notif-row--unread:hover {
+    background: color-mix(in srgb, var(--primary-color) 8%, var(--surface-card));
+}
+.notif-row--archived {
+    opacity: 0.7;
+}
+
+.notif-row__icon {
+    flex-shrink: 0;
+    padding-top: 0.2rem;
+    font-size: 1rem;
+}
+
+.notif-row__avatar {
+    flex-shrink: 0;
+    width: 2.25rem;
+    height: 2.25rem;
+    border-radius: 50%;
+    background: linear-gradient(135deg, #6366f1, #38bdf8);
+    color: #fff;
+    font-size: 0.75rem;
+    font-weight: 700;
+    letter-spacing: 0.04em;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+}
+
+.notif-row__body {
+    flex: 1;
+    min-width: 0;
+    display: flex;
+    flex-direction: column;
+    gap: 0.2rem;
+}
+.notif-row__title {
+    font-weight: 600;
+    font-size: 0.9rem;
+    color: var(--text-color);
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    max-width: 100%;
+}
+.notif-row__type-pill {
+    display: inline-flex;
+    align-items: center;
+    padding: 1px 8px;
+    border-radius: 999px;
+    background: color-mix(in srgb, var(--text-color) 6%, transparent);
+    color: var(--text-color-secondary);
+    font-size: 0.65rem;
+    font-weight: 600;
+    white-space: nowrap;
+}
+.notif-row__type-pill--muted {
+    background: color-mix(in srgb, var(--text-color-secondary) 12%, transparent);
+}
+.notif-row__detail {
+    font-size: 0.82rem;
+    color: var(--text-color-secondary);
+    overflow: hidden;
+    text-overflow: ellipsis;
+    display: -webkit-box;
+    -webkit-line-clamp: 2;
+    -webkit-box-orient: vertical;
+    max-width: 100%;
+}
+.notif-row__time {
+    font-size: 0.72rem;
+    color: var(--text-color-secondary);
+    opacity: 0.7;
+}
+
+.notif-row__actions {
+    display: flex;
+    align-items: center;
+    gap: 0.25rem;
+    flex-shrink: 0;
+    opacity: 0.4;
+    transition: opacity 0.15s;
+}
+.notif-row:hover .notif-row__actions,
+.notif-row:focus-within .notif-row__actions {
+    opacity: 1;
+}
+
+.notif-row__btn {
+    width: 2rem;
+    height: 2rem;
+    border-radius: 50%;
+    border: none;
+    background: transparent;
+    color: var(--text-color-secondary);
+    display: grid;
+    place-items: center;
+    cursor: pointer;
+    font-size: 0.82rem;
+    transition:
+        background 0.15s,
+        color 0.15s;
+}
+.notif-row__btn:hover {
+    background: var(--surface-border);
+    color: var(--text-color);
+}
+.notif-row__btn--danger:hover {
+    background: color-mix(in srgb, #ef4444 12%, transparent);
+    color: #ef4444;
+}
+</style>
diff --git a/src/views/pages/therapist/RelatoriosPage.vue b/src/views/pages/therapist/RelatoriosPage.vue
index 3ff832b..2fa7214 100644
--- a/src/views/pages/therapist/RelatoriosPage.vue
+++ b/src/views/pages/therapist/RelatoriosPage.vue
@@ -244,7 +244,7 @@ onMounted(loadSessions);
        HERO sticky
   ═══════════════════════════════════════════════════════ -->
     <section
-        class="sticky mx-3 md:mx-4 mb-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
+        class="sticky mx-3 md:mx-4 my-3 z-20 overflow-hidden rounded-md border border-[var(--surface-border,#e2e8f0)] bg-[var(--surface-card,#fff)] px-3 py-2.5 transition-[border-radius] duration-200"
         :style="{ top: 'var(--layout-sticky-top, 56px)' }"
     >
         <!-- Blobs -->
@@ -313,7 +313,7 @@ onMounted(loadSessions);
 
         <template v-else>
             <!-- ── QUICK-STATS clicáveis ────────────────────── -->
-            <div class="flex flex-wrap gap-2">
+            <div class="grid grid-cols-2 md:grid-cols-3 xl:grid-cols-6 gap-2">
                 <div
                     v-for="s in quickStats"
                     :key="s.label"
@@ -335,7 +335,7 @@ onMounted(loadSessions);
                     @click="s.filter !== null ? toggleFiltroTabela(s.filter) : null"
                 >
                     <div class="text-[1.35rem] font-bold leading-none" :class="s.valCls">{{ s.value }}</div>
-                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 whitespace-nowrap">{{ s.label }}</div>
+                    <div class="text-[1rem] text-[var(--text-color-secondary)] opacity-75 truncate">{{ s.label }}</div>
                 </div>
             </div>
 
diff --git a/src/views/pages/therapist/TherapistDashboard.vue b/src/views/pages/therapist/TherapistDashboard.vue
index 2d435ff..3db6791 100644
--- a/src/views/pages/therapist/TherapistDashboard.vue
+++ b/src/views/pages/therapist/TherapistDashboard.vue
@@ -790,45 +790,40 @@ onMounted(async () => {
                 </div>
 
                 <!-- Skeleton -->
-                <template v-if="loading">
-                    <div class="grid grid-cols-7 mb-0.5">
-                        <Skeleton v-for="n in 7" :key="n" height="14px" class="mx-0.5" />
-                    </div>
-                    <div class="grid grid-cols-7 gap-px mt-1">
-                        <Skeleton v-for="n in 35" :key="n" height="22px" class="rounded" />
-                    </div>
-                </template>
+                <Skeleton v-if="loading" width="100%" height="180px" border-radius="6px" />
 
-                <template v-else>
-                    <div class="grid grid-cols-7 mb-0.5">
-                        <span v-for="d in diasSemana" :key="d" class="text-center text-xs font-bold text-[var(--text-color-secondary,#94a3b8)] py-0.5">{{ d }}</span>
-                    </div>
-                    <div class="grid grid-cols-7 gap-px">
-                        <button
-                            v-for="cell in calCells"
-                            :key="cell.key"
-                            class="relative aspect-square flex items-center justify-center text-xs font-medium rounded border-none cursor-pointer transition-colors duration-100"
-                            :class="{
-                                'bg-[var(--primary-color,#6366f1)] text-white font-bold rounded-md': cell.isToday,
-                                'text-[var(--text-color-secondary,#cbd5e1)] cursor-default': cell.isOther,
-                                'bg-indigo-500/10 text-[var(--primary-color,#6366f1)] font-bold': cell.day === selectedDay && !cell.isToday,
-                                'text-[var(--text-color,#1e293b)] hover:bg-[var(--surface-hover,#f1f5f9)]': !cell.isToday && !cell.isOther
-                            }"
-                            @click="cell.day && onCalDayClick($event, cell.day)"
-                        >
-                            <span>{{ cell.day }}</span>
-                            <span
-                                v-if="cell.count"
-                                class="absolute bottom-px right-0.5 w-1 h-1 rounded-full"
+                <Transition name="fade-up" appear>
+                    <div v-if="!loading">
+                        <div class="grid grid-cols-7 mb-0.5">
+                            <span v-for="d in diasSemana" :key="d" class="text-center text-xs font-bold text-[var(--text-color-secondary,#94a3b8)] py-0.5">{{ d }}</span>
+                        </div>
+                        <div class="grid grid-cols-7 gap-px">
+                            <button
+                                v-for="cell in calCells"
+                                :key="cell.key"
+                                class="relative aspect-square flex items-center justify-center text-xs font-medium rounded border-none cursor-pointer transition-colors duration-100"
                                 :class="{
-                                    'bg-red-500': cell.urgency === 'urg-alta',
-                                    'bg-amber-500': cell.urgency === 'urg-media',
-                                    'bg-green-500': cell.urgency === 'urg-baixa'
+                                    'bg-[var(--primary-color,#6366f1)] text-white font-bold rounded-md': cell.isToday,
+                                    'text-[var(--text-color-secondary,#cbd5e1)] cursor-default': cell.isOther,
+                                    'bg-indigo-500/10 text-[var(--primary-color,#6366f1)] font-bold': cell.day === selectedDay && !cell.isToday,
+                                    'text-[var(--text-color,#1e293b)] hover:bg-[var(--surface-hover,#f1f5f9)]': !cell.isToday && !cell.isOther
                                 }"
-                            />
-                        </button>
+                                @click="cell.day && onCalDayClick($event, cell.day)"
+                            >
+                                <span>{{ cell.day }}</span>
+                                <span
+                                    v-if="cell.count"
+                                    class="absolute bottom-px right-0.5 w-1 h-1 rounded-full"
+                                    :class="{
+                                        'bg-red-500': cell.urgency === 'urg-alta',
+                                        'bg-amber-500': cell.urgency === 'urg-media',
+                                        'bg-green-500': cell.urgency === 'urg-baixa'
+                                    }"
+                                />
+                            </button>
+                        </div>
                     </div>
-                </template>
+                </Transition>
             </div>
 
             <!-- Eventos do dia -->
@@ -838,23 +833,10 @@ onMounted(async () => {
                 </div>
 
                 <!-- Skeleton -->
-                <template v-if="loading">
-                    <div class="flex flex-col gap-2">
-                        <div v-for="n in 3" :key="n" class="aside-ev aside-ev--skeleton">
-                            <div class="flex flex-col gap-1 min-w-[36px] items-end">
-                                <Skeleton width="32px" height="10px" />
-                                <Skeleton width="24px" height="8px" />
-                            </div>
-                            <Skeleton shape="square" size="28px" border-radius="4px" />
-                            <div class="flex flex-col gap-1.5 flex-1">
-                                <Skeleton :width="n === 1 ? '75%' : n === 2 ? '60%' : '70%'" height="10px" />
-                                <Skeleton width="40%" height="8px" />
-                            </div>
-                        </div>
-                    </div>
-                </template>
+                <Skeleton v-if="loading" width="100%" height="160px" border-radius="6px" />
 
-                <div v-else class="flex flex-col gap-2 max-h-[260px] overflow-y-auto pr-0.5">
+                <Transition name="fade-up" appear>
+                <div v-if="!loading" class="flex flex-col gap-2 max-h-[260px] overflow-y-auto pr-0.5">
                     <div
                         v-for="ev in eventosDoDia"
                         :key="ev.id"
@@ -883,6 +865,7 @@ onMounted(async () => {
                     </div>
                     <div v-if="!eventosDoDia.length" class="flex items-center gap-2 py-3 text-[var(--text-color-secondary)] text-sm"><i class="pi pi-sun" /><span>Sem compromissos</span></div>
                 </div>
+                </Transition>
             </div>
 
             <!-- Recorrências ativas -->
@@ -893,20 +876,10 @@ onMounted(async () => {
                 </div>
 
                 <!-- Skeleton -->
-                <template v-if="loading">
-                    <div class="flex flex-col gap-2">
-                        <div v-for="n in 4" :key="n" class="aside-rec aside-rec--skeleton">
-                            <Skeleton shape="square" size="30px" border-radius="4px" />
-                            <div class="flex flex-col gap-1.5 flex-1">
-                                <Skeleton :width="n % 2 === 0 ? '65%' : '50%'" height="10px" />
-                                <Skeleton width="75%" height="8px" />
-                            </div>
-                            <Skeleton width="28px" height="10px" />
-                        </div>
-                    </div>
-                </template>
+                <Skeleton v-if="loading" width="100%" height="180px" border-radius="6px" />
 
-                <div v-else class="flex flex-col gap-1.5 max-h-[210px] overflow-y-auto pr-0.5">
+                <Transition name="fade-up" appear>
+                <div v-if="!loading" class="flex flex-col gap-1.5 max-h-[210px] overflow-y-auto pr-0.5">
                     <div v-for="r in recorrencias" :key="r.id" class="aside-rec" @click="openRecMenu($event, r)">
                         <Avatar :label="r.initials" shape="square" size="normal" class="shrink-0" />
                         <div class="flex-1 min-w-0">
@@ -917,6 +890,7 @@ onMounted(async () => {
                     </div>
                     <div v-if="!recorrencias.length" class="flex items-center gap-2 py-3 text-[var(--text-color-secondary)] text-sm"><i class="pi pi-info-circle" /><span>Nenhuma recorrência ativa</span></div>
                 </div>
+                </Transition>
             </div>
         </aside>
 
@@ -925,27 +899,12 @@ onMounted(async () => {
     ══════════════════════════════════════════ -->
         <div ref="dashHeroSentinelRef" class="h-px" />
 
-        <main class="flex-1 min-w-0 p-4 xl:p-[1.125rem_1.375rem] flex flex-col gap-4 overflow-y-auto" :style="{ marginLeft: isMobileLayout ? undefined : '272px' }">
+        <main class="flex-1 min-w-0 py-4 xl:py-[1.125rem] px-3 md:px-4 flex flex-col gap-4 overflow-y-auto" :style="{ marginLeft: isMobileLayout ? undefined : '272px' }">
             <!-- Hero Header -->
             <!-- Skeleton hero -->
-            <section v-if="loading" class="relative overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-2.5">
-                <div class="flex items-center gap-3 mb-3">
-                    <Skeleton width="40px" height="40px" border-radius="8px" />
-                    <div class="flex flex-col gap-1.5 flex-1">
-                        <Skeleton width="12rem" height="14px" />
-                        <Skeleton width="18rem" height="11px" />
-                    </div>
-                    <Skeleton width="36px" height="36px" border-radius="999px" />
-                    <Skeleton width="36px" height="36px" border-radius="999px" />
-                </div>
-                <div class="flex flex-wrap gap-2.5">
-                    <div v-for="n in 4" :key="n" class="flex flex-col gap-1.5 px-4 py-2.5 rounded-md border border-[var(--surface-border)] flex-1 min-w-[90px]">
-                        <Skeleton width="2rem" height="20px" />
-                        <Skeleton width="4rem" height="10px" />
-                    </div>
-                </div>
-            </section>
+            <Skeleton v-if="loading" width="100%" height="140px" border-radius="6px" />
 
+            <Transition name="fade-up" appear>
             <section v-if="!loading" class="relative overflow-hidden rounded-md border border-[var(--surface-border)] bg-[var(--surface-card)] p-2.5" :class="{ 'rounded-tl-none rounded-tr-none': heroStuck }">
                 <div class="absolute inset-0 pointer-events-none overflow-hidden" aria-hidden="true">
                     <div class="absolute w-72 h-72 -top-16 -right-12 rounded-full blur-[70px] bg-indigo-500/10" />
@@ -974,7 +933,7 @@ onMounted(async () => {
 
                 <!-- Quick stats -->
                 <div class="relative z-1 mt-2">
-                    <div class="flex flex-wrap gap-2.5">
+                    <div class="grid grid-cols-2 md:grid-cols-4 gap-2.5">
                         <div
                             v-for="s in quickStats"
                             :key="s.label"
@@ -995,11 +954,12 @@ onMounted(async () => {
                             >
                                 {{ s.value }}
                             </div>
-                            <div class="text-[0.7rem] text-[var(--text-color-secondary)] opacity-75">{{ s.label }}</div>
+                            <div class="text-[0.7rem] text-[var(--text-color-secondary)] opacity-75 truncate">{{ s.label }}</div>
                         </div>
                     </div>
                 </div>
             </section>
+            </Transition>
 
             <!-- Toggle aside — só mobile -->
             <button
@@ -1015,14 +975,9 @@ onMounted(async () => {
             </button>
 
             <!-- Linha do tempo -->
-            <section v-if="loading" class="bg-[var(--surface-card)] rounded-md border border-[var(--surface-border)] p-2.5">
-                <div class="flex items-center justify-between mb-2.5">
-                    <Skeleton width="12rem" height="12px" />
-                    <Skeleton width="6rem" height="12px" />
-                </div>
-                <Skeleton width="100%" height="40px" border-radius="6px" class="mt-2.5" />
-            </section>
+            <Skeleton v-if="loading" width="100%" height="110px" border-radius="6px" />
 
+            <Transition name="fade-up" appear>
             <section v-if="!loading" class="bg-[var(--surface-card,#fff)] rounded-md border border-[var(--surface-border,#e2e8f0)] p-2.5 shadow-[0_0_0_3px_color-mix(in_srgb,var(--primary-color)_7%,transparent)]">
                 <div class="flex items-center justify-between mb-2.5">
                     <div class="flex items-center gap-2.5">
@@ -1073,43 +1028,25 @@ onMounted(async () => {
                     </div>
                 </div>
             </section>
+            </Transition>
 
             <!-- Cards de notificação -->
             <section class="grid grid-cols-1 lg:grid-cols-2 gap-3.5">
                 <!-- ══ SKELETON dos cards ══════════════════════════════ -->
                 <template v-if="loading">
-                    <div v-for="n in 4" :key="n" class="flex flex-col bg-[var(--surface-card,#fff)] rounded-md border border-[var(--surface-border,#e2e8f0)]">
-                        <!-- header -->
-                        <div class="flex items-center gap-2.5 px-3.5 pt-3 pb-2 border-b border-[var(--surface-border,#f1f5f9)] bg-[var(--surface-ground,#f8fafc)]">
-                            <Skeleton width="32px" height="32px" border-radius="6px" />
-                            <div class="flex flex-col gap-1.5 flex-1">
-                                <Skeleton :width="n % 2 === 0 ? '9rem' : '7rem'" height="12px" />
-                                <Skeleton :width="n % 3 === 0 ? '13rem' : '10rem'" height="10px" />
-                            </div>
-                        </div>
-                        <!-- body -->
-                        <div class="flex-1 flex flex-col gap-2 px-3.5 py-3 min-h-[72px]">
-                            <div v-for="i in 2" :key="i" class="flex items-center gap-2">
-                                <Skeleton shape="circle" size="26px" />
-                                <div class="flex flex-col gap-1 flex-1">
-                                    <Skeleton :width="i === 1 ? '65%' : '50%'" height="10px" />
-                                    <Skeleton width="75%" height="9px" />
-                                </div>
-                            </div>
-                        </div>
-                        <!-- footer -->
-                        <div class="px-3.5 py-2 border-t border-[var(--surface-border,#f1f5f9)]">
-                            <Skeleton width="5rem" height="10px" />
-                        </div>
-                    </div>
+                    <Skeleton v-for="n in 4" :key="n" width="100%" height="180px" border-radius="6px" />
                     <!-- frase durante carregamento -->
                     <div class="lg:col-span-2">
                         <AppLoadingPhrases action="Carregando seu dashboard..." containerClass="py-8" />
                     </div>
                 </template>
 
+                <!-- Wrapper único para stagger via anim-child (duration cobre o delay do último card) -->
+                <Transition name="fade-up" appear :duration="700">
+                <div v-if="!loading" class="contents">
+
                 <!-- Agendador Online -->
-                <div v-if="!loading" id="card-agendador" class="dash-card rounded-md" :class="{ '': solicitacoesPendentes > 0 }">
+                <div id="card-agendador" class="anim-child [--delay:0ms] dash-card rounded-md" :class="{ '': solicitacoesPendentes > 0 }">
                     <div class="dash-card__head gap-2.5 p-2.5">
                         <div class="grid place-items-center w-10 h-10 rounded-md shrink-0 bg-indigo-500/10 text-indigo-500">
                             <i class="pi pi-inbox text-lg" />
@@ -1146,7 +1083,7 @@ onMounted(async () => {
                 </div>
 
                 <!-- Cadastros externos -->
-                <div v-if="!loading" id="card-cadastros" class="dash-card">
+                <div id="card-cadastros" class="anim-child [--delay:80ms] dash-card">
                     <div class="dash-card__head gap-2.5 p-2.5">
                         <div class="grid place-items-center w-10 h-10 rounded-md shrink-0" style="background: color-mix(in srgb, #0ea5e9 15%, transparent); color: #0ea5e9">
                             <i class="pi pi-user-plus text-lg" />
@@ -1181,7 +1118,7 @@ onMounted(async () => {
                 </div>
 
                 <!-- Recorrências com alerta -->
-                <div v-if="!loading" id="card-recorrencias" class="dash-card">
+                <div id="card-recorrencias" class="anim-child [--delay:160ms] dash-card">
                     <div class="dash-card__head gap-2.5 p-2.5">
                         <div class="grid place-items-center w-10 h-10 rounded-md shrink-0" style="background: color-mix(in srgb, #f59e0b 15%, transparent); color: #f59e0b">
                             <i class="pi pi-refresh text-lg" />
@@ -1217,7 +1154,7 @@ onMounted(async () => {
                 </div>
 
                 <!-- Radar da semana -->
-                <div v-if="!loading" id="card-radar" class="dash-card">
+                <div id="card-radar" class="anim-child [--delay:240ms] dash-card">
                     <div class="dash-card__head gap-2.5 p-2.5">
                         <div class="grid place-items-center w-10 h-10 rounded-md shrink-0" style="background: color-mix(in srgb, #6366f1 15%, transparent); color: #6366f1">
                             <i class="pi pi-chart-pie text-lg" />
@@ -1255,29 +1192,15 @@ onMounted(async () => {
                         </div>
                     </div>
                 </div>
+
+                </div><!-- /contents wrapper -->
+                </Transition>
             </section>
 
             <!-- Compromissos especiais -->
-            <section v-if="loading" class="bg-[var(--surface-card)] rounded-md border border-[var(--surface-border)] px-[1.125rem] py-3.5">
-                <div class="flex items-center justify-between mb-2.5">
-                    <Skeleton width="10rem" height="12px" />
-                    <Skeleton width="5rem" height="12px" />
-                </div>
-                <div class="flex flex-col gap-1.5">
-                    <div v-for="n in 3" :key="n" class="flex items-center gap-2.5 px-2.5 py-2 rounded-md bg-[var(--surface-ground)]">
-                        <Skeleton width="3px" height="28px" border-radius="4px" />
-                        <div class="flex flex-col gap-1 flex-1">
-                            <Skeleton :width="n === 1 ? '12rem' : n === 2 ? '9rem' : '11rem'" height="11px" />
-                            <Skeleton width="6rem" height="10px" />
-                        </div>
-                        <div class="flex flex-col items-end gap-1">
-                            <Skeleton width="4rem" height="11px" />
-                            <Skeleton width="5rem" height="10px" />
-                        </div>
-                    </div>
-                </div>
-            </section>
+            <Skeleton v-if="loading" width="100%" height="180px" border-radius="6px" />
 
+            <Transition name="fade-up" appear>
             <section v-if="!loading" class="bg-[var(--surface-card,#fff)] rounded-md border border-[var(--surface-border,#e2e8f0)] p-2.5">
                 <div class="flex items-center justify-between">
                     <div class="flex items-center gap-1.5 text-xs font-bold uppercase tracking-[0.06em] text-[var(--text-color-secondary)]"><i class="pi pi-briefcase" /> Compromissos especiais (Em breve)</div>
@@ -1322,8 +1245,11 @@ onMounted(async () => {
                     </div>
                 </div>
             </section>
+            </Transition>
 
-            <LoadedPhraseBlock v-if="!loading" />
+            <Transition name="fade-up" appear>
+                <LoadedPhraseBlock v-if="!loading" />
+            </Transition>
         </main>
 
         <!-- Menus de contexto (fora do aside para evitar visibility:hidden) -->
diff --git a/supabase/functions/_shared/whatsapp-hooks.ts b/supabase/functions/_shared/whatsapp-hooks.ts
new file mode 100644
index 0000000..b018a96
--- /dev/null
+++ b/supabase/functions/_shared/whatsapp-hooks.ts
@@ -0,0 +1,371 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Shared hooks: WhatsApp opt-out + auto-reply
+|--------------------------------------------------------------------------
+| Logica provider-agnostica compartilhada entre evolution-whatsapp-inbound
+| e twilio-whatsapp-inbound. Cada provider injeta seu proprio SendFn —
+| Evolution envia direto via API (sem deducao de credito), Twilio envolve
+| o envio em deducao atomica com rollback.
+|--------------------------------------------------------------------------
+*/
+
+import type { SupabaseClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+// Provider deve prover uma funcao de envio de texto puro
+export type SendFn = (phone: string, text: string) => Promise<{ ok: boolean; messageId?: string | null; error?: string }>
+
+export type ProviderLabel = 'evolution' | 'twilio'
+
+export function buildThreadKey(patientId: string | null, phone: string | null): string {
+    if (patientId) return patientId
+    return `anon:${phone ?? 'unknown'}`
+}
+
+export function normalizeForMatch(s: string | null | undefined): string {
+    return String(s ?? '')
+        .toLowerCase()
+        .normalize('NFD')
+        .replace(/[̀-ͯ]/g, '')
+        .replace(/[^\p{L}\p{N}\s]/gu, ' ')
+        .replace(/\s+/g, ' ')
+        .trim()
+}
+
+// ═══════════════════════════════════════════════════════════════════════
+// Opt-out (LGPD)
+// ═══════════════════════════════════════════════════════════════════════
+
+export async function detectOptoutKeyword(
+    supa: SupabaseClient,
+    tenantId: string,
+    body: string | null
+): Promise<string | null> {
+    if (!body) return null
+    const normalized = normalizeForMatch(body)
+    if (!normalized) return null
+
+    const { data } = await supa
+        .from('conversation_optout_keywords')
+        .select('keyword')
+        .or(`tenant_id.is.null,tenant_id.eq.${tenantId}`)
+        .eq('enabled', true)
+
+    if (!data || !data.length) return null
+
+    for (const row of data) {
+        const kw = normalizeForMatch(row.keyword)
+        if (!kw) continue
+        if (normalized === kw) return row.keyword
+        const pattern = new RegExp(`(^|\\s)${kw.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}(\\s|$)`)
+        if (pattern.test(normalized)) return row.keyword
+    }
+    return null
+}
+
+export async function isOptedOut(supa: SupabaseClient, tenantId: string, phone: string): Promise<boolean> {
+    const { data } = await supa
+        .from('conversation_optouts')
+        .select('id')
+        .eq('tenant_id', tenantId)
+        .eq('phone', phone)
+        .is('opted_back_in_at', null)
+        .limit(1)
+        .maybeSingle()
+    return !!data
+}
+
+const OPT_IN_KEYWORDS = ['voltar', 'retornar', 'reativar', 'restart']
+export async function maybeOptIn(
+    supa: SupabaseClient,
+    tenantId: string,
+    phone: string,
+    body: string | null
+): Promise<boolean> {
+    if (!body) return false
+    const normalized = normalizeForMatch(body)
+    if (!normalized) return false
+    for (const kw of OPT_IN_KEYWORDS) {
+        if (normalized === kw || new RegExp(`(^|\\s)${kw}(\\s|$)`).test(normalized)) {
+            const { data } = await supa
+                .from('conversation_optouts')
+                .update({ opted_back_in_at: new Date().toISOString() })
+                .eq('tenant_id', tenantId)
+                .eq('phone', phone)
+                .is('opted_back_in_at', null)
+                .select('id')
+                .maybeSingle()
+            return !!data
+        }
+    }
+    return false
+}
+
+export async function registerOptout(
+    supa: SupabaseClient,
+    tenantId: string,
+    phone: string,
+    patientId: string | null,
+    originalMessage: string | null,
+    keywordMatched: string,
+    provider: ProviderLabel,
+    sendFn: SendFn
+): Promise<void> {
+    const { data: existing } = await supa
+        .from('conversation_optouts')
+        .select('id')
+        .eq('tenant_id', tenantId)
+        .eq('phone', phone)
+        .is('opted_back_in_at', null)
+        .maybeSingle()
+
+    if (existing) return
+
+    await supa.from('conversation_optouts').insert({
+        tenant_id: tenantId,
+        phone,
+        patient_id: patientId,
+        source: 'keyword',
+        keyword_matched: keywordMatched,
+        original_message: (originalMessage || '').slice(0, 500)
+    })
+
+    const ackText = 'OK! Não enviaremos mais mensagens automáticas. Você ainda pode falar com seu terapeuta diretamente quando quiser. Para voltar a receber, envie VOLTAR.'
+    try {
+        const res = await sendFn(phone, ackText)
+        if (res.ok) {
+            await supa.from('conversation_messages').insert({
+                tenant_id: tenantId,
+                patient_id: patientId,
+                channel: 'whatsapp',
+                direction: 'outbound',
+                from_number: null,
+                to_number: phone,
+                body: ackText,
+                provider,
+                provider_message_id: res.messageId ?? null,
+                provider_raw: { optout_ack: true },
+                kanban_status: 'resolved',
+                responded_at: new Date().toISOString()
+            })
+        } else {
+            console.error('[optout] ack send failed:', res.error)
+        }
+    } catch (err) {
+        console.error('[optout] ack send error:', err)
+    }
+}
+
+// ═══════════════════════════════════════════════════════════════════════
+// Auto-reply (schedule-aware, cooldown, respeita opt-out)
+// ═══════════════════════════════════════════════════════════════════════
+
+export type ScheduleWindow = { dow: number; start: string; end: string }
+
+function hhmmToMinutes(s: string): number {
+    const m = String(s).match(/^(\d{1,2}):(\d{2})/)
+    if (!m) return -1
+    return parseInt(m[1], 10) * 60 + parseInt(m[2], 10)
+}
+
+function nowInSaoPaulo(): { dow: number; minutes: number } {
+    const now = new Date()
+    const fmt = new Intl.DateTimeFormat('en-US', {
+        timeZone: 'America/Sao_Paulo',
+        weekday: 'short',
+        hour: '2-digit',
+        minute: '2-digit',
+        hour12: false
+    })
+    const parts = fmt.formatToParts(now)
+    const weekday = parts.find((p) => p.type === 'weekday')?.value || 'Sun'
+    const hour = parseInt(parts.find((p) => p.type === 'hour')?.value || '0', 10)
+    const minute = parseInt(parts.find((p) => p.type === 'minute')?.value || '0', 10)
+    const dowMap: Record<string, number> = { Sun: 0, Mon: 1, Tue: 2, Wed: 3, Thu: 4, Fri: 5, Sat: 6 }
+    return { dow: dowMap[weekday] ?? 0, minutes: hour * 60 + minute }
+}
+
+function isWithinWindows(windows: ScheduleWindow[]): boolean {
+    if (!Array.isArray(windows) || !windows.length) return false
+    const { dow, minutes } = nowInSaoPaulo()
+    for (const w of windows) {
+        if (w.dow !== dow) continue
+        const start = hhmmToMinutes(w.start)
+        const end = hhmmToMinutes(w.end)
+        if (start < 0 || end < 0) continue
+        if (minutes >= start && minutes < end) return true
+    }
+    return false
+}
+
+async function windowsFromAgenda(supa: SupabaseClient, tenantId: string): Promise<ScheduleWindow[]> {
+    const { data, error } = await supa
+        .from('agenda_regras_semanais')
+        .select('dia_semana, hora_inicio, hora_fim, ativo')
+        .eq('tenant_id', tenantId)
+        .eq('ativo', true)
+    if (error || !data) return []
+    return data.map((r) => ({
+        dow: r.dia_semana,
+        start: String(r.hora_inicio).slice(0, 5),
+        end: String(r.hora_fim).slice(0, 5)
+    }))
+}
+
+export async function maybeSendAutoReply(
+    supa: SupabaseClient,
+    tenantId: string,
+    threadKey: string,
+    fromPhone: string | null,
+    provider: ProviderLabel,
+    sendFn: SendFn
+): Promise<{ sent: boolean; reason?: string }> {
+    if (!fromPhone) return { sent: false, reason: 'no_phone' }
+
+    if (await isOptedOut(supa, tenantId, fromPhone)) {
+        return { sent: false, reason: 'opted_out' }
+    }
+
+    const { data: settings } = await supa
+        .from('conversation_autoreply_settings')
+        .select('enabled, message, cooldown_minutes, schedule_mode, business_hours, custom_window')
+        .eq('tenant_id', tenantId)
+        .maybeSingle()
+
+    if (!settings || !settings.enabled) return { sent: false, reason: 'disabled' }
+
+    let withinHours = false
+    if (settings.schedule_mode === 'agenda') {
+        const windows = await windowsFromAgenda(supa, tenantId)
+        withinHours = isWithinWindows(windows)
+    } else if (settings.schedule_mode === 'business_hours') {
+        withinHours = isWithinWindows((settings.business_hours as ScheduleWindow[]) || [])
+    } else if (settings.schedule_mode === 'custom') {
+        withinHours = isWithinWindows((settings.custom_window as ScheduleWindow[]) || [])
+    }
+
+    if (withinHours) return { sent: false, reason: 'within_hours' }
+
+    if ((settings.cooldown_minutes ?? 0) > 0) {
+        const cutoff = new Date(Date.now() - settings.cooldown_minutes * 60 * 1000).toISOString()
+        const { data: recent } = await supa
+            .from('conversation_autoreply_log')
+            .select('sent_at')
+            .eq('tenant_id', tenantId)
+            .eq('thread_key', threadKey)
+            .gte('sent_at', cutoff)
+            .order('sent_at', { ascending: false })
+            .limit(1)
+            .maybeSingle()
+        if (recent) return { sent: false, reason: 'cooldown' }
+    }
+
+    const sendRes = await sendFn(fromPhone, settings.message)
+    if (!sendRes.ok) {
+        console.error('[auto-reply] send failed:', sendRes.error)
+        return { sent: false, reason: 'send_failed' }
+    }
+
+    await supa.from('conversation_messages').insert({
+        tenant_id: tenantId,
+        channel: 'whatsapp',
+        direction: 'outbound',
+        from_number: null,
+        to_number: fromPhone,
+        body: settings.message,
+        provider,
+        provider_message_id: sendRes.messageId ?? null,
+        provider_raw: { auto_reply: true },
+        kanban_status: 'awaiting_patient',
+        responded_at: new Date().toISOString()
+    })
+
+    await supa.from('conversation_autoreply_log').insert({
+        tenant_id: tenantId,
+        thread_key: threadKey
+    })
+
+    return { sent: true }
+}
+
+// ═══════════════════════════════════════════════════════════════════════
+// Twilio: send wrapper com deducao de credito + rollback
+// ═══════════════════════════════════════════════════════════════════════
+
+export type TwilioChannel = {
+    twilio_subaccount_sid: string
+    twilio_phone_number: string
+    credentials: { subaccount_auth_token?: string }
+}
+
+async function sendViaTwilioRaw(
+    channel: TwilioChannel,
+    toPhone: string,
+    text: string
+): Promise<{ ok: boolean; messageId?: string; error?: string }> {
+    const subSid = channel.twilio_subaccount_sid
+    const authToken = channel.credentials?.subaccount_auth_token
+    const fromNumber = channel.twilio_phone_number
+    if (!subSid || !authToken || !fromNumber) {
+        return { ok: false, error: 'Twilio credenciais incompletas' }
+    }
+    const endpoint = `https://api.twilio.com/2010-04-01/Accounts/${subSid}/Messages.json`
+    const basicAuth = btoa(`${subSid}:${authToken}`)
+    const toE164 = toPhone.startsWith('+') ? toPhone : `+${toPhone}`
+    const params = new URLSearchParams()
+    params.append('From', `whatsapp:${fromNumber}`)
+    params.append('To', `whatsapp:${toE164}`)
+    params.append('Body', text)
+
+    try {
+        const resp = await fetch(endpoint, {
+            method: 'POST',
+            headers: { Authorization: `Basic ${basicAuth}`, 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: params.toString()
+        })
+        const data = await resp.json().catch(() => null) as Record<string, unknown> | null
+        if (!resp.ok) {
+            return { ok: false, error: `Twilio ${resp.status}: ${(data?.message as string) || ''}` }
+        }
+        return { ok: true, messageId: String(data?.sid || '') }
+    } catch (e) {
+        return { ok: false, error: String(e) }
+    }
+}
+
+// Cria SendFn que:
+// 1) deduz 1 credito do tenant via RPC atomica
+// 2) envia via Twilio; se falhar, refunda o credito
+// 3) retorna resultado ao caller
+export function makeTwilioCreditedSendFn(
+    supa: SupabaseClient,
+    tenantId: string,
+    channel: TwilioChannel,
+    noteLabel: string
+): SendFn {
+    return async (phone: string, text: string) => {
+        const { error: dedErr } = await supa.rpc('deduct_whatsapp_credits', {
+            p_tenant_id: tenantId,
+            p_amount: 1,
+            p_conversation_message_id: null,
+            p_note: noteLabel
+        })
+        if (dedErr) {
+            const insufficient = String(dedErr.message || '').includes('insufficient_credits')
+            return { ok: false, error: insufficient ? 'insufficient_credits' : dedErr.message }
+        }
+
+        const sendRes = await sendViaTwilioRaw(channel, phone, text)
+        if (!sendRes.ok) {
+            await supa.rpc('add_whatsapp_credits', {
+                p_tenant_id: tenantId,
+                p_amount: 1,
+                p_kind: 'refund',
+                p_purchase_id: null,
+                p_admin_id: null,
+                p_note: `Refund ${noteLabel}: ${(sendRes.error || '').slice(0, 180)}`
+            })
+            return { ok: false, error: sendRes.error }
+        }
+        return { ok: true, messageId: sendRes.messageId ?? null }
+    }
+}
diff --git a/supabase/functions/asaas-webhook/index.ts b/supabase/functions/asaas-webhook/index.ts
new file mode 100644
index 0000000..7d664ba
--- /dev/null
+++ b/supabase/functions/asaas-webhook/index.ts
@@ -0,0 +1,148 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: asaas-webhook
+|--------------------------------------------------------------------------
+| Recebe eventos do Asaas. Atualiza status da purchase e credita saldo
+| quando PAYMENT_RECEIVED / PAYMENT_CONFIRMED.
+|
+| Config no Asaas:
+|   Dashboard → Integrações → Webhooks → URL:
+|     https://<project>.supabase.co/functions/v1/asaas-webhook
+|   Token de autenticação (opcional): setar em ASAAS_WEBHOOK_TOKEN
+|
+| Eventos tratados:
+|   PAYMENT_RECEIVED           → credita saldo (pago)
+|   PAYMENT_CONFIRMED          → idem (garantia adicional)
+|   PAYMENT_OVERDUE            → marca como expired
+|   PAYMENT_DELETED            → marca como cancelled
+|   PAYMENT_REFUNDED           → marca como refunded + estorna (não implementado auto)
+|--------------------------------------------------------------------------
+*/
+
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type, asaas-access-token',
+    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+}
+
+function json(body: unknown, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+    })
+}
+
+Deno.serve(async (req: Request) => {
+    if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
+    if (req.method !== 'POST') return json({ ok: false, error: 'method_not_allowed' }, 405)
+
+    // Valida token (se configurado)
+    const expectedToken = Deno.env.get('ASAAS_WEBHOOK_TOKEN') || ''
+    if (expectedToken) {
+        const gotToken = req.headers.get('asaas-access-token') || ''
+        if (gotToken !== expectedToken) {
+            console.warn('[asaas-webhook] token mismatch')
+            return json({ ok: false, error: 'forbidden' }, 403)
+        }
+    }
+
+    try {
+        const payload = await req.json().catch(() => null) as Record<string, unknown> | null
+        if (!payload) return json({ ok: true, skipped: 'invalid_payload' })
+
+        const event = String(payload.event || '')
+        const payment = (payload.payment as Record<string, unknown>) || {}
+        const paymentId = String(payment.id || '')
+        const externalRef = String(payment.externalReference || '')
+
+        if (!paymentId) return json({ ok: true, skipped: 'no_payment_id' })
+
+        const supa = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        // Localiza purchase (prefere externalReference = purchase.id)
+        let purchase: Record<string, unknown> | null = null
+        if (externalRef) {
+            const { data } = await supa
+                .from('whatsapp_credit_purchases')
+                .select('id, tenant_id, credits, status')
+                .eq('id', externalRef)
+                .maybeSingle()
+            purchase = data
+        }
+        if (!purchase) {
+            const { data } = await supa
+                .from('whatsapp_credit_purchases')
+                .select('id, tenant_id, credits, status')
+                .eq('asaas_payment_id', paymentId)
+                .maybeSingle()
+            purchase = data
+        }
+        if (!purchase) {
+            console.warn('[asaas-webhook] purchase not found for payment:', paymentId)
+            return json({ ok: true, skipped: 'purchase_not_found' })
+        }
+
+        const now = new Date().toISOString()
+
+        switch (event) {
+            case 'PAYMENT_RECEIVED':
+            case 'PAYMENT_CONFIRMED':
+            case 'PAYMENT_RECEIVED_IN_CASH_UNDONE':
+                // Credita saldo apenas se ainda não foi processado
+                if (purchase.status !== 'paid') {
+                    // Atualiza status
+                    await supa
+                        .from('whatsapp_credit_purchases')
+                        .update({ status: 'paid', paid_at: now })
+                        .eq('id', purchase.id as string)
+
+                    // Credita saldo via RPC
+                    const { error: rpcErr } = await supa.rpc('add_whatsapp_credits', {
+                        p_tenant_id: purchase.tenant_id as string,
+                        p_amount: purchase.credits as number,
+                        p_kind: 'purchase',
+                        p_purchase_id: purchase.id as string,
+                        p_note: `Pagamento Asaas confirmado — ${paymentId}`
+                    })
+                    if (rpcErr) {
+                        console.error('[asaas-webhook] add_credits error:', rpcErr.message)
+                    }
+                }
+                break
+
+            case 'PAYMENT_OVERDUE':
+                if (purchase.status === 'pending') {
+                    await supa.from('whatsapp_credit_purchases').update({
+                        status: 'expired'
+                    }).eq('id', purchase.id as string)
+                }
+                break
+
+            case 'PAYMENT_DELETED':
+                await supa.from('whatsapp_credit_purchases').update({
+                    status: 'cancelled'
+                }).eq('id', purchase.id as string)
+                break
+
+            case 'PAYMENT_REFUNDED':
+                await supa.from('whatsapp_credit_purchases').update({
+                    status: 'refunded'
+                }).eq('id', purchase.id as string)
+                // Não estorna saldo automaticamente — admin decide (pode ter consumido)
+                break
+
+            default:
+                console.log('[asaas-webhook] unhandled event:', event)
+        }
+
+        return json({ ok: true, event, purchase_id: purchase.id })
+    } catch (err) {
+        console.error('[asaas-webhook] fatal:', err)
+        return json({ ok: false, error: String(err) }, 500)
+    }
+})
diff --git a/supabase/functions/create-whatsapp-credit-charge/index.ts b/supabase/functions/create-whatsapp-credit-charge/index.ts
new file mode 100644
index 0000000..d14dcdd
--- /dev/null
+++ b/supabase/functions/create-whatsapp-credit-charge/index.ts
@@ -0,0 +1,303 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: create-whatsapp-credit-charge
+|--------------------------------------------------------------------------
+| Cria cobrança PIX no Asaas pra compra de pacote de créditos WhatsApp.
+|
+| Input: { package_id: UUID }
+| Output: {
+|   ok: true,
+|   purchase: { id, amount_brl, credits, package_name, asaas_pix_qrcode,
+|               asaas_pix_copy_paste, asaas_payment_link, expires_at }
+| }
+|
+| Env vars:
+|   ASAAS_API_KEY      — API key da conta Asaas
+|   ASAAS_API_URL      — https://sandbox.asaas.com/api/v3 ou https://api.asaas.com/v3
+|--------------------------------------------------------------------------
+*/
+
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+}
+
+function json(body: unknown, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+    })
+}
+
+// ── Asaas helpers ─────────────────────────────────────────
+const ASAAS_API_URL = (Deno.env.get('ASAAS_API_URL') || 'https://sandbox.asaas.com/api/v3').replace(/\/+$/, '')
+const ASAAS_API_KEY = Deno.env.get('ASAAS_API_KEY') || ''
+
+async function asaasRequest(path: string, method: string, body?: unknown) {
+    const resp = await fetch(`${ASAAS_API_URL}${path}`, {
+        method,
+        headers: {
+            'Content-Type': 'application/json',
+            'access_token': ASAAS_API_KEY,
+            'User-Agent': 'AgenciaPSI/1.0'
+        },
+        body: body ? JSON.stringify(body) : undefined
+    })
+    const text = await resp.text()
+    let data: unknown = null
+    try { data = JSON.parse(text) } catch { /* noop */ }
+    if (!resp.ok) {
+        return { ok: false, status: resp.status, error: data || text }
+    }
+    return { ok: true, data }
+}
+
+// Cria ou reutiliza cliente Asaas pro tenant. Se existente estiver sem CPF/CNPJ
+// mas nós temos um (ex: sandbox fallback), atualiza antes de retornar.
+async function getOrCreateAsaasCustomer(
+    tenantName: string,
+    tenantEmail: string | null,
+    tenantDoc: string | null,
+    tenantId: string
+): Promise<{ ok: boolean; id?: string; error?: string }> {
+    // Tenta buscar por externalReference (tenant_id)
+    const search = await asaasRequest(`/customers?externalReference=${encodeURIComponent(tenantId)}`, 'GET')
+    if (search.ok) {
+        const list = (search.data as { data?: Array<{ id: string; cpfCnpj?: string; email?: string; name?: string }> })?.data || []
+        const existing = list[0]
+        if (existing?.id) {
+            // Se falta CPF/CNPJ no customer existente e nós temos um, atualiza
+            const needsUpdate = !existing.cpfCnpj && tenantDoc
+            if (needsUpdate) {
+                const patchPayload: Record<string, unknown> = { cpfCnpj: tenantDoc }
+                if (tenantEmail && !existing.email) patchPayload.email = tenantEmail
+                if (tenantName && !existing.name) patchPayload.name = tenantName
+                const upd = await asaasRequest(`/customers/${existing.id}`, 'POST', patchPayload)
+                if (!upd.ok) {
+                    return { ok: false, error: `update_customer: ${JSON.stringify(upd.error).slice(0, 300)}` }
+                }
+            }
+            return { ok: true, id: existing.id }
+        }
+    }
+
+    // Cria
+    const payload: Record<string, unknown> = {
+        name: tenantName || `Tenant ${tenantId.slice(0, 8)}`,
+        externalReference: tenantId
+    }
+    if (tenantEmail) payload.email = tenantEmail
+    if (tenantDoc) payload.cpfCnpj = tenantDoc
+
+    const create = await asaasRequest('/customers', 'POST', payload)
+    if (!create.ok) return { ok: false, error: JSON.stringify(create.error).slice(0, 300) }
+    const id = (create.data as { id?: string })?.id
+    if (!id) return { ok: false, error: 'no_customer_id' }
+    return { ok: true, id }
+}
+
+Deno.serve(async (req: Request) => {
+    console.log('[create-charge] request received, method:', req.method)
+    if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
+    if (req.method !== 'POST') return json({ ok: false, error: 'method_not_allowed' }, 405)
+
+    console.log('[create-charge] ASAAS_API_KEY length:', ASAAS_API_KEY.length, 'URL:', ASAAS_API_URL)
+    if (!ASAAS_API_KEY) {
+        return json({ ok: false, error: 'Asaas não configurado. Contate o suporte.' }, 503)
+    }
+
+    try {
+        console.log('[create-charge] parsing body')
+        const body = await req.json().catch(() => null) as { package_id?: string; cpf_cnpj?: string } | null
+        console.log('[create-charge] body:', JSON.stringify(body))
+        const packageId = body?.package_id
+        if (!packageId) return json({ ok: false, error: 'package_id ausente' }, 400)
+        const providedDoc = (body?.cpf_cnpj || '').replace(/\D/g, '')
+
+        // Auth
+        const authHeader = req.headers.get('Authorization')
+        console.log('[create-charge] authHeader present:', !!authHeader)
+        if (!authHeader) return json({ ok: false, error: 'unauthorized' }, 401)
+
+        console.log('[create-charge] creating supaAuth client')
+        const supaAuth = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_ANON_KEY')!,
+            { global: { headers: { Authorization: authHeader } } }
+        )
+        console.log('[create-charge] calling auth.getUser')
+        const { data: authData, error: authErr } = await supaAuth.auth.getUser()
+        console.log('[create-charge] authErr:', authErr?.message, 'userId:', authData?.user?.id)
+        if (authErr || !authData?.user) return json({ ok: false, error: 'unauthorized' }, 401)
+        const userId = authData.user.id
+
+        const supaSvc = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        // Descobre tenant do usuário (assume ativo — frontend passa via session)
+        console.log('[create-charge] querying tenant membership for user', userId)
+        const { data: membership, error: memErr } = await supaSvc
+            .from('tenant_members')
+            .select('tenant_id')
+            .eq('user_id', userId)
+            .eq('status', 'active')
+            .limit(1)
+            .maybeSingle()
+        console.log('[create-charge] membership:', membership, 'err:', memErr?.message)
+        if (!membership?.tenant_id) return json({ ok: false, error: 'no_active_tenant' }, 403)
+        const tenantId = membership.tenant_id
+
+        // Busca pacote
+        console.log('[create-charge] querying package', packageId)
+        const { data: pkg, error: pkgErr } = await supaSvc
+            .from('whatsapp_credit_packages')
+            .select('*')
+            .eq('id', packageId)
+            .eq('is_active', true)
+            .maybeSingle()
+        console.log('[create-charge] pkg:', pkg?.name, 'err:', pkgErr?.message)
+        if (!pkg) return json({ ok: false, error: 'package_not_found_or_inactive' }, 404)
+
+        // Busca dados do tenant
+        const { data: tenant } = await supaSvc
+            .from('tenants')
+            .select('id, name, kind, cpf_cnpj')
+            .eq('id', tenantId)
+            .maybeSingle()
+        const tenantName = tenant?.name || `Cliente ${tenantId.slice(0, 8)}`
+
+        // Email do tenant: pega do usuário que está comprando (está autenticado)
+        const tenantEmail = authData.user.email || null
+
+        // CPF/CNPJ: prioridade 1) body (user informou agora), 2) coluna tenants.cpf_cnpj
+        // Asaas exige esse campo. Se ainda nao tem, front deve coletar.
+        const storedDoc = (tenant?.cpf_cnpj || '').replace(/\D/g, '')
+        let tenantDoc: string | null = providedDoc || storedDoc || null
+
+        // Valida comprimento (11 CPF, 14 CNPJ) — sem checksum aqui, UI valida.
+        if (tenantDoc && tenantDoc.length !== 11 && tenantDoc.length !== 14) {
+            return json({
+                ok: false,
+                error: 'cpf_cnpj_invalid',
+                message: 'CPF/CNPJ inválido. Informe 11 dígitos (CPF) ou 14 (CNPJ).'
+            }, 400)
+        }
+
+        if (!tenantDoc) {
+            return json({
+                ok: false,
+                error: 'cpf_cnpj_required',
+                message: 'Informe o CPF/CNPJ do titular pra gerar a cobrança.'
+            }, 400)
+        }
+
+        // Persiste no tenant quando usuario informa novo doc (ou corrige um errado)
+        if (providedDoc && providedDoc !== storedDoc) {
+            const { error: upErr } = await supaSvc
+                .from('tenants')
+                .update({ cpf_cnpj: providedDoc })
+                .eq('id', tenantId)
+            if (upErr) console.warn('[create-charge] update tenant cpf_cnpj failed:', upErr.message)
+        }
+
+        // Cria ordem de compra (pending)
+        console.log('[create-charge] creating purchase record')
+        const expiresAt = new Date(Date.now() + 24 * 3600 * 1000).toISOString()  // 24h
+        const { data: purchase, error: purErr } = await supaSvc
+            .from('whatsapp_credit_purchases')
+            .insert({
+                tenant_id: tenantId,
+                package_id: pkg.id,
+                package_name: pkg.name,
+                credits: pkg.credits,
+                amount_brl: pkg.price_brl,
+                status: 'pending',
+                expires_at: expiresAt,
+                created_by: userId
+            })
+            .select('id')
+            .single()
+        console.log('[create-charge] purchase:', purchase?.id, 'err:', purErr?.message)
+        if (purErr || !purchase) return json({ ok: false, error: `db_insert: ${purErr?.message}` }, 500)
+
+        // Cria/reutiliza customer Asaas
+        console.log('[create-charge] calling getOrCreateAsaasCustomer')
+        const custRes = await getOrCreateAsaasCustomer(tenantName, tenantEmail, tenantDoc, tenantId)
+        console.log('[create-charge] customer result:', custRes)
+        if (!custRes.ok) {
+            // Marca purchase como failed
+            await supaSvc.from('whatsapp_credit_purchases').update({
+                status: 'failed', failed_at: new Date().toISOString()
+            }).eq('id', purchase.id)
+            return json({ ok: false, error: `asaas_customer: ${custRes.error}` }, 502)
+        }
+        const customerId = custRes.id!
+
+        // Cria pagamento PIX no Asaas
+        const dueDate = new Date()
+        dueDate.setDate(dueDate.getDate() + 1)
+        const paymentPayload = {
+            customer: customerId,
+            billingType: 'PIX',
+            value: Number(pkg.price_brl),
+            dueDate: dueDate.toISOString().slice(0, 10),
+            description: `Créditos WhatsApp — ${pkg.name} (${pkg.credits} mensagens)`,
+            externalReference: purchase.id
+        }
+        console.log('[create-charge] creating Asaas payment, payload:', JSON.stringify(paymentPayload))
+        const payRes = await asaasRequest('/payments', 'POST', paymentPayload)
+        console.log('[create-charge] payment result ok:', payRes.ok, 'status:', (payRes as any).status, 'data/error:', JSON.stringify(payRes.ok ? payRes.data : payRes.error).slice(0, 500))
+        if (!payRes.ok) {
+            await supaSvc.from('whatsapp_credit_purchases').update({
+                status: 'failed', failed_at: new Date().toISOString()
+            }).eq('id', purchase.id)
+            return json({ ok: false, error: `asaas_payment: ${JSON.stringify(payRes.error).slice(0, 300)}` }, 502)
+        }
+        const payment = payRes.data as { id: string; invoiceUrl?: string }
+        console.log('[create-charge] payment created:', payment.id)
+
+        // Busca QR Code PIX
+        console.log('[create-charge] fetching PIX QR code')
+        const qrRes = await asaasRequest(`/payments/${payment.id}/pixQrCode`, 'GET')
+        console.log('[create-charge] qr result ok:', qrRes.ok, 'has encodedImage:', !!(qrRes.ok && (qrRes.data as any)?.encodedImage))
+        const qr = qrRes.ok ? (qrRes.data as { encodedImage?: string; payload?: string; expirationDate?: string }) : null
+
+        // Atualiza purchase com dados Asaas
+        console.log('[create-charge] updating purchase with Asaas data')
+        const { error: updErr } = await supaSvc
+            .from('whatsapp_credit_purchases')
+            .update({
+                asaas_customer_id: customerId,
+                asaas_payment_id: payment.id,
+                asaas_payment_link: payment.invoiceUrl ?? null,
+                asaas_pix_qrcode: qr?.encodedImage ?? null,
+                asaas_pix_copy_paste: qr?.payload ?? null
+            })
+            .eq('id', purchase.id)
+        console.log('[create-charge] update purchase err:', updErr?.message)
+
+        console.log('[create-charge] returning success')
+        return json({
+            ok: true,
+            purchase: {
+                id: purchase.id,
+                package_name: pkg.name,
+                credits: pkg.credits,
+                amount_brl: pkg.price_brl,
+                asaas_payment_link: payment.invoiceUrl ?? null,
+                asaas_pix_qrcode: qr?.encodedImage ?? null,
+                asaas_pix_copy_paste: qr?.payload ?? null,
+                expires_at: expiresAt
+            }
+        })
+    } catch (err) {
+        const msg = err instanceof Error ? `${err.message}\n${err.stack}` : String(err)
+        console.error('[create-whatsapp-credit-charge] fatal:', msg)
+        return json({ ok: false, error: String(err), stack: msg }, 500)
+    }
+})
diff --git a/supabase/functions/deactivate-notification-channel/index.ts b/supabase/functions/deactivate-notification-channel/index.ts
new file mode 100644
index 0000000..5e37f50
--- /dev/null
+++ b/supabase/functions/deactivate-notification-channel/index.ts
@@ -0,0 +1,100 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: deactivate-notification-channel
+|--------------------------------------------------------------------------
+| Desativa um canal de notificação (soft delete) usando service_role pra
+| bypassar RLS. Usado pelo chooser de WhatsApp quando o tenant quer trocar
+| de provedor mas o canal foi criado pelo SaaS admin (owner_id != tenant).
+|
+| Autoriza: apenas membros ativos do tenant dono do canal.
+|--------------------------------------------------------------------------
+*/
+
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+}
+
+function json(body: unknown, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+    })
+}
+
+Deno.serve(async (req: Request) => {
+    if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
+    if (req.method !== 'POST') return json({ ok: false, error: 'method_not_allowed' }, 405)
+
+    try {
+        const body = await req.json().catch(() => null) as { channel_id?: string } | null
+        const channelId = body?.channel_id
+        if (!channelId) return json({ ok: false, error: 'channel_id ausente' }, 400)
+
+        // Auth: valida user via JWT
+        const authHeader = req.headers.get('Authorization')
+        if (!authHeader) return json({ ok: false, error: 'unauthorized' }, 401)
+
+        const supaAuth = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_ANON_KEY')!,
+            { global: { headers: { Authorization: authHeader } } }
+        )
+        const { data: authData, error: authErr } = await supaAuth.auth.getUser()
+        if (authErr || !authData?.user) return json({ ok: false, error: 'unauthorized' }, 401)
+        const userId = authData.user.id
+
+        // Service role pra bypass RLS
+        const supaSvc = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        // Busca o canal
+        const { data: channel, error: chErr } = await supaSvc
+            .from('notification_channels')
+            .select('id, tenant_id')
+            .eq('id', channelId)
+            .is('deleted_at', null)
+            .maybeSingle()
+
+        if (chErr || !channel) return json({ ok: false, error: 'channel_not_found' }, 404)
+
+        // Autoriza: user deve ser saas_admin OU membro ativo do tenant dono do canal
+        const { data: isAdmin } = await supaSvc.rpc('is_saas_admin')
+        let authorized = !!isAdmin
+        if (!authorized) {
+            const { data: membership } = await supaSvc
+                .from('tenant_members')
+                .select('id')
+                .eq('tenant_id', channel.tenant_id)
+                .eq('user_id', userId)
+                .eq('status', 'active')
+                .maybeSingle()
+            authorized = !!membership
+        }
+        if (!authorized) return json({ ok: false, error: 'forbidden' }, 403)
+
+        // Desativa (soft-delete)
+        const { error: updErr } = await supaSvc
+            .from('notification_channels')
+            .update({
+                is_active: false,
+                deleted_at: new Date().toISOString()
+            })
+            .eq('id', channelId)
+
+        if (updErr) {
+            console.error('[deactivate-notification-channel] update error:', updErr.message)
+            return json({ ok: false, error: updErr.message }, 500)
+        }
+
+        return json({ ok: true, channel_id: channelId })
+    } catch (err) {
+        console.error('[deactivate-notification-channel] fatal:', err)
+        return json({ ok: false, error: String(err) }, 500)
+    }
+})
diff --git a/supabase/functions/evolution-webhook-provision/index.ts b/supabase/functions/evolution-webhook-provision/index.ts
new file mode 100644
index 0000000..4062a66
--- /dev/null
+++ b/supabase/functions/evolution-webhook-provision/index.ts
@@ -0,0 +1,166 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: evolution-webhook-provision
+|--------------------------------------------------------------------------
+| Configura automaticamente o webhook MESSAGES_UPSERT numa instância da
+| Evolution API pra apontar pra edge function `evolution-whatsapp-inbound`.
+|
+| Body JSON:
+|   {
+|     "tenant_id":     "<uuid>",
+|     "api_url":       "http://localhost:8080",
+|     "api_key":       "<apikey global da evolution>",
+|     "instance_name": "<nome da instance>",
+|     "public_url":    "https://seu-projeto.supabase.co"  (opcional)
+|   }
+|
+| Usa SUPABASE_URL como fallback do public_url.
+|--------------------------------------------------------------------------
+*/
+
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+}
+
+function json(body: unknown, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+    })
+}
+
+// Edge function roda em container — localhost aponta pra ele mesmo, não pro host.
+// Substitui localhost/127.0.0.1 por host.docker.internal pra alcançar o host.
+function rewriteForContainer(apiUrl: string): string {
+    try {
+        const u = new URL(apiUrl)
+        if (u.hostname === 'localhost' || u.hostname === '127.0.0.1') {
+            u.hostname = 'host.docker.internal'
+            return u.toString().replace(/\/+$/, '')
+        }
+        return apiUrl.replace(/\/+$/, '')
+    } catch {
+        return apiUrl
+    }
+}
+
+Deno.serve(async (req: Request) => {
+    if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
+    if (req.method !== 'POST') return json({ ok: false, error: 'method' }, 405)
+
+    try {
+        const body = await req.json().catch(() => null)
+        if (!body || typeof body !== 'object') return json({ ok: false, error: 'body invalido' }, 400)
+
+        const { tenant_id, api_url, api_key, instance_name, public_url } = body as Record<string, string>
+
+        if (!tenant_id || !api_url || !api_key || !instance_name) {
+            return json({ ok: false, error: 'faltam campos obrigatorios (tenant_id, api_url, api_key, instance_name)' }, 400)
+        }
+
+        // Verifica caller: precisa ser member do tenant ou saas_admin
+        const auth = req.headers.get('Authorization') ?? ''
+        const supaAuthed = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_ANON_KEY')!,
+            { global: { headers: { Authorization: auth } } }
+        )
+        const { data: authData, error: authErr } = await supaAuthed.auth.getUser()
+        if (authErr || !authData?.user) return json({ ok: false, error: 'auth' }, 401)
+
+        const supaSvc = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        const userId = authData.user.id
+        // check membro ativo ou saas_admin
+        const { data: isAdmin } = await supaSvc.rpc('is_saas_admin')
+        if (!isAdmin) {
+            const { data: membership } = await supaSvc
+                .from('tenant_members')
+                .select('id')
+                .eq('tenant_id', tenant_id)
+                .eq('user_id', userId)
+                .eq('status', 'active')
+                .maybeSingle()
+            if (!membership) return json({ ok: false, error: 'forbidden' }, 403)
+        }
+
+        // Monta a URL publica do webhook
+        const basePublic = public_url || Deno.env.get('SUPABASE_URL')
+        if (!basePublic) return json({ ok: false, error: 'public_url nao definido' }, 400)
+        const webhookUrl = `${basePublic.replace(/\/+$/, '')}/functions/v1/evolution-whatsapp-inbound?tenant_id=${encodeURIComponent(tenant_id)}`
+
+        // Configura via Evolution API (rewrite localhost → host.docker.internal pra container)
+        const evoEndpoint = `${rewriteForContainer(api_url)}/webhook/set/${encodeURIComponent(instance_name)}`
+
+        // Evolution v2 payload (wrapped em "webhook")
+        const evoBodyV2 = {
+            webhook: {
+                enabled: true,
+                url: webhookUrl,
+                byEvents: false,
+                base64: false,
+                events: ['MESSAGES_UPSERT', 'MESSAGES_UPDATE']
+            }
+        }
+
+        // Evolution v1 payload (flat)
+        const evoBodyV1 = {
+            enabled: true,
+            url: webhookUrl,
+            webhook_by_events: false,
+            events: ['MESSAGES_UPSERT', 'MESSAGES_UPDATE']
+        }
+
+        async function tryPost(bodyObj: Record<string, unknown>) {
+            const r = await fetch(evoEndpoint, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json', 'apikey': api_key },
+                body: JSON.stringify(bodyObj)
+            })
+            const t = await r.text()
+            let j: unknown = t
+            try { j = JSON.parse(t) } catch { /* keep text */ }
+            return { resp: r, json: j }
+        }
+
+        // Tenta v2 primeiro (user tem Evolution v2 pela resposta do state)
+        let attempt = await tryPost(evoBodyV2)
+        let payloadFormatUsed = 'v2'
+        if (!attempt.resp.ok) {
+            // Fallback v1
+            const v1Attempt = await tryPost(evoBodyV1)
+            if (v1Attempt.resp.ok) {
+                attempt = v1Attempt
+                payloadFormatUsed = 'v1'
+            } else {
+                // Retorna o erro da segunda tentativa
+                return json({
+                    ok: false,
+                    error: `Evolution retornou ${attempt.resp.status} (v2) e ${v1Attempt.resp.status} (v1)`,
+                    evolution_response_v2: attempt.json,
+                    evolution_response_v1: v1Attempt.json,
+                    webhook_url: webhookUrl,
+                    evolution_endpoint: evoEndpoint
+                }, 502)
+            }
+        }
+
+        const respJson = attempt.json
+
+        return json({
+            ok: true,
+            webhook_url: webhookUrl,
+            payload_format: payloadFormatUsed,
+            evolution_response: respJson
+        })
+    } catch (err) {
+        return json({ ok: false, error: String(err) }, 500)
+    }
+})
diff --git a/supabase/functions/evolution-whatsapp-inbound/index.ts b/supabase/functions/evolution-whatsapp-inbound/index.ts
new file mode 100644
index 0000000..0290ec8
--- /dev/null
+++ b/supabase/functions/evolution-whatsapp-inbound/index.ts
@@ -0,0 +1,485 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: evolution-whatsapp-inbound
+|--------------------------------------------------------------------------
+| Recebe webhooks da Evolution API (self-hosted WhatsApp Baileys-based) para
+| mensagens recebidas pelos tenants.
+|
+| Midia (audio/imagem/video/doc):
+|   A Evolution envia a URL criptografada da Meta (mmg.whatsapp.net/...)
+|   que NAO e diretamente tocavel. Chamamos o endpoint
+|   POST /chat/getBase64FromMediaMessage/{instance} pra Evolution decriptar,
+|   decodamos o base64 e subimos pro bucket privado `whatsapp-media` do
+|   Supabase Storage. Salvamos apenas o PATH em media_url; o frontend gera
+|   signed URL on-demand.
+|
+| URL do webhook:
+|   https://<project>.supabase.co/functions/v1/evolution-whatsapp-inbound?tenant_id=<uuid>
+|--------------------------------------------------------------------------
+*/
+
+import { createClient, SupabaseClient } from 'https://esm.sh/@supabase/supabase-js@2'
+import {
+    buildThreadKey,
+    detectOptoutKeyword,
+    maybeOptIn,
+    maybeSendAutoReply,
+    registerOptout,
+    type SendFn
+} from '../_shared/whatsapp-hooks.ts'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+    'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
+}
+
+const BUCKET = 'whatsapp-media'
+
+// Edge function roda em container — localhost aponta pra ele mesmo, nao pro host.
+function rewriteForContainer(apiUrl: string): string {
+    try {
+        const u = new URL(apiUrl)
+        if (u.hostname === 'localhost' || u.hostname === '127.0.0.1') {
+            u.hostname = 'host.docker.internal'
+            return u.toString().replace(/\/+$/, '')
+        }
+        return apiUrl.replace(/\/+$/, '')
+    } catch {
+        return apiUrl
+    }
+}
+
+function jidToPhone(jid: string | undefined | null): string | null {
+    if (!jid) return null
+    const m = String(jid).match(/^(\d+)@/)
+    return m ? m[1] : null
+}
+
+// Mapeia mime → extensao pra nome do arquivo
+function extFromMime(mime: string | null | undefined): string {
+    if (!mime) return 'bin'
+    const m = mime.toLowerCase().split(';')[0].trim()
+    const map: Record<string, string> = {
+        'audio/ogg': 'ogg',
+        'audio/mpeg': 'mp3',
+        'audio/mp4': 'm4a',
+        'audio/aac': 'aac',
+        'audio/wav': 'wav',
+        'audio/webm': 'webm',
+        'image/jpeg': 'jpg',
+        'image/png': 'png',
+        'image/webp': 'webp',
+        'image/gif': 'gif',
+        'video/mp4': 'mp4',
+        'video/3gpp': '3gp',
+        'video/quicktime': 'mov',
+        'video/webm': 'webm',
+        'application/pdf': 'pdf',
+        'application/msword': 'doc',
+        'application/vnd.openxmlformats-officedocument.wordprocessingml.document': 'docx',
+        'application/vnd.ms-excel': 'xls',
+        'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet': 'xlsx',
+        'text/plain': 'txt',
+        'application/zip': 'zip'
+    }
+    return map[m] ?? 'bin'
+}
+
+// Extrai body + indicador de tipo de midia do payload
+type MessageParts = {
+    body: string | null
+    mediaUrl: string | null
+    mediaMime: string | null
+    hasEncryptedMedia: boolean   // true se precisa chamar getBase64 pra decriptar
+}
+
+function extractMessageBody(message: Record<string, unknown> | null | undefined): MessageParts {
+    if (!message) return { body: null, mediaUrl: null, mediaMime: null, hasEncryptedMedia: false }
+
+    if (typeof (message as { conversation?: unknown }).conversation === 'string') {
+        return { body: (message as { conversation: string }).conversation, mediaUrl: null, mediaMime: null, hasEncryptedMedia: false }
+    }
+    const ext = (message as { extendedTextMessage?: { text?: string } }).extendedTextMessage
+    if (ext?.text) {
+        return { body: ext.text, mediaUrl: null, mediaMime: null, hasEncryptedMedia: false }
+    }
+    const img = (message as { imageMessage?: { caption?: string; url?: string; mimetype?: string } }).imageMessage
+    if (img) {
+        return { body: img.caption ?? '[imagem]', mediaUrl: img.url ?? null, mediaMime: img.mimetype ?? 'image/jpeg', hasEncryptedMedia: true }
+    }
+    const aud = (message as { audioMessage?: { url?: string; mimetype?: string } }).audioMessage
+    if (aud) {
+        return { body: '[áudio]', mediaUrl: aud.url ?? null, mediaMime: aud.mimetype ?? 'audio/ogg', hasEncryptedMedia: true }
+    }
+    const vid = (message as { videoMessage?: { caption?: string; url?: string; mimetype?: string } }).videoMessage
+    if (vid) {
+        return { body: vid.caption ?? '[vídeo]', mediaUrl: vid.url ?? null, mediaMime: vid.mimetype ?? 'video/mp4', hasEncryptedMedia: true }
+    }
+    const doc = (message as { documentMessage?: { title?: string; fileName?: string; url?: string; mimetype?: string } }).documentMessage
+    if (doc) {
+        return { body: `[doc] ${doc.title ?? doc.fileName ?? ''}`.trim(), mediaUrl: doc.url ?? null, mediaMime: doc.mimetype ?? 'application/octet-stream', hasEncryptedMedia: true }
+    }
+
+    return { body: '[mensagem não textual]', mediaUrl: null, mediaMime: null, hasEncryptedMedia: false }
+}
+
+// Decodifica base64 (com ou sem prefixo data: URI) para Uint8Array
+function base64ToBytes(b64: string): Uint8Array {
+    const clean = b64.replace(/^data:[^;]+;base64,/, '')
+    const bin = atob(clean)
+    const out = new Uint8Array(bin.length)
+    for (let i = 0; i < bin.length; i++) out[i] = bin.charCodeAt(i)
+    return out
+}
+
+type EvolutionCreds = { apiUrl: string; apiKey: string; instance: string }
+
+// Busca credenciais Evolution do tenant em notification_channels
+async function getTenantEvolutionCreds(supa: SupabaseClient, tenantId: string): Promise<EvolutionCreds | null> {
+    const { data: channel, error } = await supa
+        .from('notification_channels')
+        .select('credentials')
+        .eq('tenant_id', tenantId)
+        .eq('channel', 'whatsapp')
+        .is('deleted_at', null)
+        .maybeSingle()
+
+    if (error || !channel) return null
+    const c = (channel.credentials ?? {}) as Record<string, string>
+    if (!c.api_url || !c.api_key || !c.instance_name) return null
+    return { apiUrl: c.api_url, apiKey: c.api_key, instance: c.instance_name }
+}
+
+// Chama Evolution pra decriptar a midia; retorna base64 string
+async function fetchMediaBase64FromEvolution(creds: EvolutionCreds, messageNode: Record<string, unknown>): Promise<string | null> {
+    const endpoint = `${rewriteForContainer(creds.apiUrl)}/chat/getBase64FromMediaMessage/${encodeURIComponent(creds.instance)}`
+    try {
+        const resp = await fetch(endpoint, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json', apikey: creds.apiKey },
+            // Evolution v2 aceita o proprio data.message (node com key + message) ou so a key
+            body: JSON.stringify({ message: messageNode, convertToMp4: false })
+        })
+        const text = await resp.text()
+        if (!resp.ok) {
+            console.error('[evolution-whatsapp-inbound] getBase64 HTTP error', resp.status, text.slice(0, 300))
+            return null
+        }
+        let j: Record<string, unknown> | null = null
+        try { j = JSON.parse(text) } catch { /* fica null */ }
+        if (!j) return null
+        // Resposta pode vir como { base64: "..." } ou { data: { base64: "..." } }
+        const b64 = (j as { base64?: string }).base64
+            ?? (j as { data?: { base64?: string } }).data?.base64
+            ?? null
+        return typeof b64 === 'string' && b64.length > 0 ? b64 : null
+    } catch (err) {
+        console.error('[evolution-whatsapp-inbound] getBase64 fetch error:', err)
+        return null
+    }
+}
+
+// Envia texto via Evolution (usado como SendFn injetado nos hooks compartilhados)
+async function sendViaEvolution(
+    creds: EvolutionCreds,
+    phone: string,
+    text: string
+): Promise<{ ok: boolean; messageId?: string | null; error?: string }> {
+    try {
+        const endpoint = `${rewriteForContainer(creds.apiUrl)}/message/sendText/${encodeURIComponent(creds.instance)}`
+        const resp = await fetch(endpoint, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json', apikey: creds.apiKey },
+            body: JSON.stringify({ number: phone, text })
+        })
+        if (!resp.ok) {
+            const t = await resp.text()
+            return { ok: false, error: `HTTP ${resp.status}: ${t.slice(0, 200)}` }
+        }
+        const j = await resp.json().catch(() => null) as Record<string, unknown> | null
+        const msgId = (j?.key as { id?: string })?.id ?? null
+        return { ok: true, messageId: msgId }
+    } catch (err) {
+        return { ok: false, error: String(err) }
+    }
+}
+
+// Sobe os bytes decodificados pro bucket, retorna path relativo (sem bucket prefix)
+async function uploadToBucket(
+    supa: SupabaseClient,
+    tenantId: string,
+    bytes: Uint8Array,
+    mime: string,
+    messageId: string | null
+): Promise<string | null> {
+    const now = new Date()
+    const yyyy = now.getFullYear()
+    const mm = String(now.getMonth() + 1).padStart(2, '0')
+    const safeId = (messageId ?? crypto.randomUUID()).replace(/[^A-Za-z0-9_-]/g, '_').slice(0, 64)
+    const ext = extFromMime(mime)
+    const path = `${tenantId}/${yyyy}/${mm}/${safeId}_${Date.now()}.${ext}`
+
+    // Strip codec params (ex: "audio/ogg; codecs=opus" → "audio/ogg")
+    // Supabase Storage allowed_mime_types faz match exato contra o contentType
+    const cleanMime = (mime || '').split(';')[0].trim() || 'application/octet-stream'
+
+    const { error } = await supa.storage.from(BUCKET).upload(path, bytes, {
+        contentType: cleanMime,
+        upsert: false,
+        cacheControl: '3600'
+    })
+    if (error) {
+        console.error('[evolution-whatsapp-inbound] upload error:', error.message, 'mime:', cleanMime, 'path:', path)
+        return null
+    }
+    return path
+}
+
+Deno.serve(async (req: Request) => {
+    if (req.method === 'OPTIONS') {
+        return new Response('ok', { headers: corsHeaders })
+    }
+    if (req.method !== 'POST') {
+        return new Response(JSON.stringify({ ok: true }), { status: 200, headers: { ...corsHeaders, 'Content-Type': 'application/json' } })
+    }
+
+    try {
+        const url = new URL(req.url)
+        const tenantId = url.searchParams.get('tenant_id')
+        if (!tenantId) {
+            return new Response(JSON.stringify({ ok: false, error: 'tenant_id ausente' }), {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+            })
+        }
+
+        const supabase = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        const payload = await req.json().catch(() => null)
+        if (!payload || typeof payload !== 'object') {
+            return new Response(JSON.stringify({ ok: true, skipped: 'payload invalido' }), {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+            })
+        }
+
+        const eventName = (payload as { event?: string }).event
+
+        // messages.update → atualiza delivery_status da outbound
+        if (eventName === 'messages.update') {
+            const updates = ((payload as { data?: unknown }).data ?? []) as Array<Record<string, unknown>>
+            const arr = Array.isArray(updates) ? updates : [updates]
+            for (const u of arr) {
+                const k = (u as { key?: Record<string, unknown> }).key ?? {}
+                const msgId = (k as { id?: string }).id
+                const rawStatus = String((u as { status?: string }).status ?? '').toUpperCase()
+                if (!msgId || !rawStatus) continue
+                const delivery =
+                    rawStatus === 'READ' ? 'read' :
+                    rawStatus === 'DELIVERY_ACK' || rawStatus === 'DELIVERED' ? 'delivered' :
+                    rawStatus === 'SERVER_ACK' || rawStatus === 'SENT' ? 'sent' :
+                    rawStatus === 'ERROR' || rawStatus === 'FAILED' ? 'failed' :
+                    null
+                if (!delivery) continue
+                const patch: Record<string, unknown> = { delivery_status: delivery }
+                if (delivery === 'delivered') patch.delivered_at = new Date().toISOString()
+                if (delivery === 'read') {
+                    patch.read_by_recipient_at = new Date().toISOString()
+                    patch.delivered_at = patch.delivered_at ?? new Date().toISOString()
+                }
+                await supabase
+                    .from('conversation_messages')
+                    .update(patch)
+                    .eq('tenant_id', tenantId)
+                    .eq('provider_message_id', msgId)
+                    .eq('direction', 'outbound')
+            }
+            return new Response(JSON.stringify({ ok: true, event: eventName, processed: arr.length }), {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+            })
+        }
+
+        if (eventName !== 'messages.upsert') {
+            return new Response(JSON.stringify({ ok: true, skipped: eventName }), {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+            })
+        }
+
+        const data = (payload as { data?: Record<string, unknown> }).data ?? {}
+        const key = (data as { key?: Record<string, unknown> }).key ?? {}
+        const fromMe = (key as { fromMe?: boolean }).fromMe === true
+        const messageId = (key as { id?: string }).id ?? null
+
+        const remoteJid = (key as { remoteJid?: string }).remoteJid
+        if (!remoteJid || remoteJid.endsWith('@g.us')) {
+            return new Response(JSON.stringify({ ok: true, skipped: 'grupo/sem jid' }), {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+            })
+        }
+
+        const fromPhone = jidToPhone(remoteJid)
+        const messageObj = (data as { message?: Record<string, unknown> }).message
+        const pushName = (data as { pushName?: string }).pushName ?? null
+        const ts = (data as { messageTimestamp?: number | string }).messageTimestamp
+
+        const parts = extractMessageBody(messageObj)
+
+        const cleanBody = parts.body
+            ? String(parts.body).replace(/[\x00-\x08\x0B\x0C\x0E-\x1F]/g, '').slice(0, 4000)
+            : null
+
+        // Decripta + sobe midia pro bucket se necessario
+        let storedMediaUrl: string | null = parts.mediaUrl
+        let mediaError: string | null = null
+        if (parts.hasEncryptedMedia && messageObj && parts.mediaMime) {
+            const creds = await getTenantEvolutionCreds(supabase, tenantId)
+            if (!creds) {
+                mediaError = 'creds_not_found'
+                storedMediaUrl = null
+            } else {
+                // Evolution v2 espera o node completo {key, message}
+                const messageNode = { key, message: messageObj }
+                const b64 = await fetchMediaBase64FromEvolution(creds, messageNode)
+                if (!b64) {
+                    mediaError = 'decrypt_failed'
+                    storedMediaUrl = null
+                } else {
+                    try {
+                        const bytes = base64ToBytes(b64)
+                        // Sanity check: nao aceita arquivo vazio ou gigante
+                        if (bytes.length === 0) {
+                            mediaError = 'empty_media'
+                            storedMediaUrl = null
+                        } else if (bytes.length > 26214400) {
+                            mediaError = 'too_large'
+                            storedMediaUrl = null
+                        } else {
+                            const path = await uploadToBucket(supabase, tenantId, bytes, parts.mediaMime, messageId)
+                            if (path) {
+                                storedMediaUrl = path  // salva apenas o PATH (frontend gera signed URL)
+                            } else {
+                                mediaError = 'upload_failed'
+                                storedMediaUrl = null
+                            }
+                        }
+                    } catch (err) {
+                        console.error('[evolution-whatsapp-inbound] decode error:', err)
+                        mediaError = 'decode_error'
+                        storedMediaUrl = null
+                    }
+                }
+            }
+        }
+
+        const { data: matchData } = await supabase.rpc('match_patient_by_phone', {
+            p_tenant_id: tenantId,
+            p_phone: fromPhone
+        })
+        const patientId = matchData as string | null
+
+        const receivedAt = ts
+            ? new Date(Number(ts) * (String(ts).length === 10 ? 1000 : 1)).toISOString()
+            : new Date().toISOString()
+
+        // Dedup outbound echo
+        if (fromMe && messageId) {
+            const { data: existing } = await supabase
+                .from('conversation_messages')
+                .select('id')
+                .eq('tenant_id', tenantId)
+                .eq('provider_message_id', messageId)
+                .eq('direction', 'outbound')
+                .maybeSingle()
+
+            if (existing?.id) {
+                return new Response(JSON.stringify({ ok: true, echo_dedup: true }), {
+                    status: 200,
+                    headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+                })
+            }
+        }
+
+        const direction = fromMe ? 'outbound' : 'inbound'
+        const kanbanStatus = fromMe ? 'awaiting_patient' : 'awaiting_us'
+
+        const { error: insErr } = await supabase.from('conversation_messages').insert({
+            tenant_id: tenantId,
+            patient_id: patientId,
+            channel: 'whatsapp',
+            direction,
+            from_number: fromMe ? null : fromPhone,
+            to_number: fromMe ? fromPhone : null,
+            body: cleanBody,
+            media_url: storedMediaUrl,
+            media_mime: parts.mediaMime,
+            provider: 'evolution',
+            provider_message_id: messageId ?? null,
+            provider_raw: { event: eventName, pushName, remoteJid, fromMe, mediaError },
+            kanban_status: kanbanStatus,
+            received_at: fromMe ? null : receivedAt,
+            responded_at: fromMe ? receivedAt : null
+        })
+
+        if (insErr) {
+            console.error('[evolution-whatsapp-inbound] insert error:', insErr)
+        }
+
+        // Opt-out / Opt-in detection (apenas pra inbound)
+        let optoutAction: 'out' | 'in' | null = null
+        let autoReplyResult: { sent: boolean; reason?: string } | null = null
+
+        if (!fromMe && !insErr && fromPhone) {
+            // SendFn injetado: Evolution nao deduz creditos (provider gratis/self-hosted)
+            const creds = await getTenantEvolutionCreds(supabase, tenantId)
+            const sendFn: SendFn = creds
+                ? (phone, text) => sendViaEvolution(creds, phone, text)
+                : async () => ({ ok: false, error: 'creds_missing' })
+
+            try {
+                const optedBackIn = await maybeOptIn(supabase, tenantId, fromPhone, cleanBody)
+                if (optedBackIn) optoutAction = 'in'
+            } catch (err) {
+                console.error('[optout] opt-in check error:', err)
+            }
+
+            if (!optoutAction) {
+                try {
+                    const keyword = await detectOptoutKeyword(supabase, tenantId, cleanBody)
+                    if (keyword) {
+                        await registerOptout(supabase, tenantId, fromPhone, patientId, cleanBody, keyword, 'evolution', sendFn)
+                        optoutAction = 'out'
+                    }
+                } catch (err) {
+                    console.error('[optout] detect error:', err)
+                }
+            }
+
+            if (optoutAction !== 'out') {
+                const threadKey = buildThreadKey(patientId, fromPhone)
+                try {
+                    autoReplyResult = await maybeSendAutoReply(supabase, tenantId, threadKey, fromPhone, 'evolution', sendFn)
+                } catch (err) {
+                    console.error('[auto-reply] unexpected error:', err)
+                }
+            }
+        }
+
+        return new Response(JSON.stringify({ ok: true, mediaError, optoutAction, autoReply: autoReplyResult }), {
+            status: 200,
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+        })
+    } catch (err) {
+        console.error('[evolution-whatsapp-inbound] fatal:', err)
+        return new Response(JSON.stringify({ ok: false, error: String(err) }), {
+            status: 200,
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+        })
+    }
+})
diff --git a/supabase/functions/get-intake-invite-info/index.ts b/supabase/functions/get-intake-invite-info/index.ts
new file mode 100644
index 0000000..510c6d8
--- /dev/null
+++ b/supabase/functions/get-intake-invite-info/index.ts
@@ -0,0 +1,145 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: get-intake-invite-info (A#31)
+|--------------------------------------------------------------------------
+| Lookup read-only dos dados de apresentação do terapeuta/clínica a partir
+| do token do patient_invite. Alimenta o "hero header" da página pública
+| /cadastro/paciente.
+|
+| Defesa em camadas (reusa o mesmo padrão do submit-patient-intake):
+|   1. Rate limit por IP     → check_rate_limit RPC (endpoint=invite_info_lookup)
+|   2. Logging               → record_submission_attempt RPC
+|
+| Não usa honeypot nem captcha porque:
+|   • Não há input humano (só o token da URL).
+|   • Payload devolvido é intencionalmente limitado a campos não-sensíveis.
+|   • Token é UUID (128 bits) — enumeração brute-force inviável na prática.
+|--------------------------------------------------------------------------
+*/
+
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+const SUPABASE_URL         = Deno.env.get('SUPABASE_URL')
+const SUPABASE_SERVICE_KEY = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')
+const ENDPOINT_NAME        = 'invite_info_lookup'
+
+const supabase = createClient(SUPABASE_URL, SUPABASE_SERVICE_KEY)
+
+const CORS_HEADERS = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type'
+}
+
+function jsonResponse(body, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { 'content-type': 'application/json', ...CORS_HEADERS }
+    })
+}
+
+async function hashIp(ip) {
+    if (!ip) return null
+    const buf = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(`agenciapsi:${ip}`))
+    return Array.from(new Uint8Array(buf)).map((b) => b.toString(16).padStart(2, '0')).join('').slice(0, 32)
+}
+
+function getClientIp(req) {
+    const xff = req.headers.get('x-forwarded-for')
+    if (xff) return xff.split(',')[0].trim()
+    return req.headers.get('cf-connecting-ip') || req.headers.get('x-real-ip') || null
+}
+
+Deno.serve(async (req) => {
+    if (req.method === 'OPTIONS') return new Response(null, { status: 204, headers: CORS_HEADERS })
+    if (req.method !== 'POST')    return jsonResponse({ error: 'method-not-allowed' }, 405)
+
+    let body
+    try {
+        body = await req.json()
+    } catch {
+        return jsonResponse({ error: 'invalid-json' }, 400)
+    }
+
+    const token     = String(body?.token || '').trim()
+    const ip        = getClientIp(req)
+    const ipHash    = await hashIp(ip)
+    const userAgent = String(req.headers.get('user-agent') || '').slice(0, 500)
+
+    if (!token) {
+        return jsonResponse({ error: 'missing-token' }, 400)
+    }
+
+    // ── Rate limit ──
+    const { data: rl, error: rlErr } = await supabase.rpc('check_rate_limit', {
+        p_ip_hash:  ipHash,
+        p_endpoint: ENDPOINT_NAME
+    })
+    if (rlErr) {
+        console.error('[get-intake-invite-info] check_rate_limit failed:', rlErr.message)
+    }
+    if (rl && rl.allowed === false) {
+        await supabase.rpc('record_submission_attempt', {
+            p_endpoint:   ENDPOINT_NAME,
+            p_ip_hash:    ipHash,
+            p_success:    false,
+            p_blocked_by: 'rate_limit',
+            p_error_code: rl.reason || 'blocked',
+            p_error_msg:  null,
+            p_user_agent: userAgent,
+            p_metadata:   null
+        })
+        return jsonResponse({
+            error: 'rate-limited',
+            retry_after_seconds: rl.retry_after_seconds || null
+        }, 429)
+    }
+
+    // ── RPC de lookup ──
+    const { data, error } = await supabase.rpc('get_patient_intake_invite_info', {
+        p_token: token
+    })
+
+    if (error) {
+        await supabase.rpc('record_submission_attempt', {
+            p_endpoint:   ENDPOINT_NAME,
+            p_ip_hash:    ipHash,
+            p_success:    false,
+            p_blocked_by: 'rpc',
+            p_error_code: error.code || 'rpc_err',
+            p_error_msg:  error.message,
+            p_user_agent: userAgent,
+            p_metadata:   null
+        })
+        return jsonResponse({ error: 'rpc-failed' }, 400)
+    }
+
+    // RPC devolve { error: 'invalid-token' | 'missing-token' } para ruim e
+    // { ok: true, info: {...} } para sucesso.
+    if (data && data.error) {
+        await supabase.rpc('record_submission_attempt', {
+            p_endpoint:   ENDPOINT_NAME,
+            p_ip_hash:    ipHash,
+            p_success:    false,
+            p_blocked_by: 'validation',
+            p_error_code: data.error,
+            p_error_msg:  null,
+            p_user_agent: userAgent,
+            p_metadata:   null
+        })
+        return jsonResponse({ error: data.error }, 404)
+    }
+
+    await supabase.rpc('record_submission_attempt', {
+        p_endpoint:   ENDPOINT_NAME,
+        p_ip_hash:    ipHash,
+        p_success:    true,
+        p_blocked_by: null,
+        p_error_code: null,
+        p_error_msg:  null,
+        p_user_agent: userAgent,
+        p_metadata:   null
+    })
+
+    return jsonResponse({ ok: true, info: data?.info || null }, 200)
+})
diff --git a/supabase/functions/notification-webhook/index.js b/supabase/functions/notification-webhook/index.ts
similarity index 100%
rename from supabase/functions/notification-webhook/index.js
rename to supabase/functions/notification-webhook/index.ts
diff --git a/supabase/functions/send-session-reminders/index.ts b/supabase/functions/send-session-reminders/index.ts
new file mode 100644
index 0000000..e6338cf
--- /dev/null
+++ b/supabase/functions/send-session-reminders/index.ts
@@ -0,0 +1,475 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: send-session-reminders
+|--------------------------------------------------------------------------
+| Dispara lembretes WhatsApp pra sessões futuras. Chamado por pg_cron a cada
+| 15 minutos.
+|
+| Busca eventos com inicio_em dentro das janelas:
+|   - 24h ± 15min  (envio do lembrete de 24h)
+|   - 2h  ± 15min  (envio do lembrete de 2h)
+|
+| Checa per-evento:
+|   - settings.enabled do tenant
+|   - quiet_hours (agora está dentro da janela silenciosa?)
+|   - opt-out do paciente
+|   - canal ativo (Evolution/Twilio)
+|   - log unique: nao duplica
+|
+| Suporta apenas Evolution no momento (Twilio virá com Marco B - créditos).
+|--------------------------------------------------------------------------
+*/
+
+import { createClient, SupabaseClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+    'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
+}
+
+function json(body: unknown, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+    })
+}
+
+function rewriteForContainer(apiUrl: string): string {
+    try {
+        const u = new URL(apiUrl)
+        if (u.hostname === 'localhost' || u.hostname === '127.0.0.1') {
+            u.hostname = 'host.docker.internal'
+            return u.toString().replace(/\/+$/, '')
+        }
+        return apiUrl.replace(/\/+$/, '')
+    } catch {
+        return apiUrl
+    }
+}
+
+function normalizePhoneBR(raw: string | null | undefined): string {
+    const digits = String(raw || '').replace(/\D/g, '')
+    if (digits.length === 10 || digits.length === 11) return '55' + digits
+    return digits
+}
+
+// Verifica se o momento atual (em São Paulo) está dentro da janela quiet_hours
+function isQuietHoursNow(startHHMM: string, endHHMM: string): boolean {
+    const now = new Date()
+    const fmt = new Intl.DateTimeFormat('en-US', {
+        timeZone: 'America/Sao_Paulo',
+        hour: '2-digit', minute: '2-digit', hour12: false
+    })
+    const parts = fmt.formatToParts(now)
+    const h = parseInt(parts.find((p) => p.type === 'hour')?.value || '0', 10)
+    const m = parseInt(parts.find((p) => p.type === 'minute')?.value || '0', 10)
+    const mins = h * 60 + m
+    const [sh, sm] = startHHMM.split(':').map(Number)
+    const [eh, em] = endHHMM.split(':').map(Number)
+    const startMin = (sh || 0) * 60 + (sm || 0)
+    const endMin = (eh || 0) * 60 + (em || 0)
+    if (startMin === endMin) return false
+    if (startMin < endMin) {
+        // janela normal (ex: 08:00-12:00)
+        return mins >= startMin && mins < endMin
+    }
+    // janela atravessando meia-noite (ex: 22:00-08:00)
+    return mins >= startMin || mins < endMin
+}
+
+// Formata data/hora do evento pra texto pt-BR
+function fmtDateDayMonth(iso: string): string {
+    try {
+        const d = new Date(iso)
+        return new Intl.DateTimeFormat('pt-BR', {
+            timeZone: 'America/Sao_Paulo',
+            day: '2-digit', month: 'long'
+        }).format(d)
+    } catch { return iso }
+}
+
+function fmtTime(iso: string): string {
+    try {
+        const d = new Date(iso)
+        return new Intl.DateTimeFormat('pt-BR', {
+            timeZone: 'America/Sao_Paulo',
+            hour: '2-digit', minute: '2-digit', hour12: false
+        }).format(d)
+    } catch { return '' }
+}
+
+// Substitui variáveis no template
+function renderTemplate(
+    tpl: string,
+    vars: { nome_paciente: string; data_sessao: string; hora_sessao: string; modalidade: string; nome_clinica: string }
+): string {
+    return tpl
+        .replaceAll('{{nome_paciente}}', vars.nome_paciente)
+        .replaceAll('{{data_sessao}}', vars.data_sessao)
+        .replaceAll('{{hora_sessao}}', vars.hora_sessao)
+        .replaceAll('{{modalidade}}', vars.modalidade)
+        .replaceAll('{{nome_clinica}}', vars.nome_clinica)
+}
+
+// Envia via Evolution. Retorna messageId ou null se falhar.
+async function sendViaEvolution(
+    apiUrl: string, apiKey: string, instance: string, phone: string, text: string
+): Promise<{ ok: boolean; messageId?: string; error?: string }> {
+    try {
+        const endpoint = `${rewriteForContainer(apiUrl)}/message/sendText/${encodeURIComponent(instance)}`
+        const resp = await fetch(endpoint, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json', apikey: apiKey },
+            body: JSON.stringify({ number: phone, text })
+        })
+        if (!resp.ok) {
+            const t = await resp.text()
+            return { ok: false, error: `HTTP ${resp.status}: ${t.slice(0, 200)}` }
+        }
+        const j = await resp.json().catch(() => null) as Record<string, unknown> | null
+        const msgId = (j?.key as { id?: string })?.id ?? null
+        return { ok: true, messageId: msgId ?? undefined }
+    } catch (err) {
+        return { ok: false, error: String(err) }
+    }
+}
+
+// Envia via Twilio. Retorna messageId + status ou erro.
+async function sendViaTwilio(
+    subSid: string, authToken: string, fromNumber: string, toPhone: string, text: string
+): Promise<{ ok: boolean; messageId?: string; status?: string; error?: string }> {
+    if (!subSid || !authToken || !fromNumber) {
+        return { ok: false, error: 'Twilio credenciais incompletas' }
+    }
+    const toE164 = toPhone.startsWith('+') ? toPhone : `+${toPhone}`
+    const endpoint = `https://api.twilio.com/2010-04-01/Accounts/${subSid}/Messages.json`
+    const basicAuth = btoa(`${subSid}:${authToken}`)
+    const params = new URLSearchParams()
+    params.append('From', `whatsapp:${fromNumber}`)
+    params.append('To', `whatsapp:${toE164}`)
+    params.append('Body', text)
+    try {
+        const resp = await fetch(endpoint, {
+            method: 'POST',
+            headers: { 'Authorization': `Basic ${basicAuth}`, 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: params.toString()
+        })
+        const data = await resp.json().catch(() => null) as Record<string, unknown> | null
+        if (!resp.ok) {
+            return { ok: false, error: `Twilio ${resp.status}: ${(data?.message as string) || JSON.stringify(data).slice(0, 200)}` }
+        }
+        return { ok: true, messageId: String(data?.sid || ''), status: String(data?.status || 'queued') }
+    } catch (e) {
+        return { ok: false, error: String(e) }
+    }
+}
+
+// Verifica se paciente está opted-out
+async function isOptedOut(supa: SupabaseClient, tenantId: string, phone: string): Promise<boolean> {
+    const { data } = await supa
+        .from('conversation_optouts')
+        .select('id')
+        .eq('tenant_id', tenantId)
+        .eq('phone', phone)
+        .is('opted_back_in_at', null)
+        .limit(1)
+        .maybeSingle()
+    return !!data
+}
+
+type ProcessStats = {
+    considered: number
+    sent: number
+    skipped: Record<string, number>
+    errors: number
+}
+
+// Processa eventos em uma janela especifica
+async function processWindow(
+    supa: SupabaseClient,
+    type: '24h' | '2h',
+    minutesAhead: number,
+    stats: ProcessStats
+): Promise<void> {
+    const windowMin = 15 // ±15min
+    const start = new Date(Date.now() + (minutesAhead - windowMin) * 60 * 1000).toISOString()
+    const end = new Date(Date.now() + (minutesAhead + windowMin) * 60 * 1000).toISOString()
+
+    // Busca eventos na janela com patient + tenant (nome da clinica via company_profiles/tenants)
+    const { data: events, error } = await supa
+        .from('agenda_eventos')
+        .select(`
+            id, tenant_id, inicio_em, modalidade, patient_id, status,
+            patients:patient_id (id, nome_completo, telefone)
+        `)
+        .eq('status', 'agendado')
+        .gte('inicio_em', start)
+        .lte('inicio_em', end)
+
+    if (error) {
+        console.error('[reminders] events query error:', error.message)
+        return
+    }
+
+    stats.considered += (events || []).length
+
+    for (const ev of events || []) {
+        try {
+            const eventId = ev.id as string
+            const tenantId = ev.tenant_id as string
+            const pat = Array.isArray(ev.patients) ? ev.patients[0] : ev.patients
+            if (!pat || !pat.telefone) {
+                // Sem telefone — loga e pula
+                await logSkip(supa, eventId, tenantId, type, 'no_phone')
+                stats.skipped.no_phone = (stats.skipped.no_phone || 0) + 1
+                continue
+            }
+            const phone = normalizePhoneBR(pat.telefone)
+            if (!/^\d{10,15}$/.test(phone)) {
+                await logSkip(supa, eventId, tenantId, type, 'invalid_phone')
+                stats.skipped.invalid_phone = (stats.skipped.invalid_phone || 0) + 1
+                continue
+            }
+
+            // Ja enviado? (UNIQUE constraint previne dup mas checamos pra economizar)
+            const { data: existing } = await supa
+                .from('session_reminder_logs')
+                .select('id')
+                .eq('event_id', eventId)
+                .eq('reminder_type', type)
+                .maybeSingle()
+            if (existing) {
+                stats.skipped.already_sent = (stats.skipped.already_sent || 0) + 1
+                continue
+            }
+
+            // Settings do tenant
+            const { data: settings } = await supa
+                .from('session_reminder_settings')
+                .select('*')
+                .eq('tenant_id', tenantId)
+                .maybeSingle()
+
+            if (!settings || !settings.enabled) {
+                stats.skipped.disabled = (stats.skipped.disabled || 0) + 1
+                continue
+            }
+            if (type === '24h' && !settings.send_24h) {
+                stats.skipped.type_disabled = (stats.skipped.type_disabled || 0) + 1
+                continue
+            }
+            if (type === '2h' && !settings.send_2h) {
+                stats.skipped.type_disabled = (stats.skipped.type_disabled || 0) + 1
+                continue
+            }
+
+            // Quiet hours
+            if (settings.quiet_hours_enabled) {
+                const startHHMM = String(settings.quiet_hours_start || '22:00').slice(0, 5)
+                const endHHMM = String(settings.quiet_hours_end || '08:00').slice(0, 5)
+                if (isQuietHoursNow(startHHMM, endHHMM)) {
+                    await logSkip(supa, eventId, tenantId, type, 'quiet_hours')
+                    stats.skipped.quiet_hours = (stats.skipped.quiet_hours || 0) + 1
+                    continue
+                }
+            }
+
+            // Opt-out
+            if (settings.respect_opt_out && await isOptedOut(supa, tenantId, phone)) {
+                await logSkip(supa, eventId, tenantId, type, 'opted_out')
+                stats.skipped.opted_out = (stats.skipped.opted_out || 0) + 1
+                continue
+            }
+
+            // Canal ativo
+            const { data: channel } = await supa
+                .from('notification_channels')
+                .select('provider, credentials, twilio_phone_number, is_active')
+                .eq('tenant_id', tenantId)
+                .eq('channel', 'whatsapp')
+                .is('deleted_at', null)
+                .maybeSingle()
+            if (!channel || !channel.is_active) {
+                await logSkip(supa, eventId, tenantId, type, 'no_channel')
+                stats.skipped.no_channel = (stats.skipped.no_channel || 0) + 1
+                continue
+            }
+
+            // Nome da clinica (tenants.name)
+            const { data: tenant } = await supa
+                .from('tenants')
+                .select('name')
+                .eq('id', tenantId)
+                .maybeSingle()
+
+            // Monta mensagem
+            const tpl = type === '24h' ? settings.template_24h : settings.template_2h
+            const text = renderTemplate(tpl, {
+                nome_paciente: pat.nome_completo || 'Paciente',
+                data_sessao: fmtDateDayMonth(ev.inicio_em),
+                hora_sessao: fmtTime(ev.inicio_em),
+                modalidade: ev.modalidade === 'online' ? 'online' : 'presencial',
+                nome_clinica: tenant?.name || ''
+            })
+
+            // Envia (Evolution only por enquanto)
+            if (channel.provider === 'evolution') {
+                const creds = (channel.credentials ?? {}) as Record<string, string>
+                if (!creds.api_url || !creds.api_key || !creds.instance_name) {
+                    await logSkip(supa, eventId, tenantId, type, 'creds_missing')
+                    stats.skipped.creds_missing = (stats.skipped.creds_missing || 0) + 1
+                    continue
+                }
+                const sendRes = await sendViaEvolution(creds.api_url, creds.api_key, creds.instance_name, phone, text)
+                if (!sendRes.ok) {
+                    console.error('[reminders] send failed for event', eventId, sendRes.error)
+                    await supa.from('session_reminder_logs').insert({
+                        event_id: eventId, tenant_id: tenantId, reminder_type: type,
+                        provider: 'evolution', skip_reason: `send_failed: ${sendRes.error}`, to_phone: phone
+                    })
+                    stats.errors++
+                    continue
+                }
+                // Registra outbound message + log
+                const { data: msg } = await supa.from('conversation_messages').insert({
+                    tenant_id: tenantId,
+                    patient_id: pat.id,
+                    channel: 'whatsapp',
+                    direction: 'outbound',
+                    from_number: null,
+                    to_number: phone,
+                    body: text,
+                    provider: 'evolution',
+                    provider_message_id: sendRes.messageId ?? null,
+                    provider_raw: { reminder_type: type, event_id: eventId },
+                    kanban_status: 'awaiting_patient',
+                    responded_at: new Date().toISOString()
+                }).select('id').single()
+
+                await supa.from('session_reminder_logs').insert({
+                    event_id: eventId, tenant_id: tenantId, reminder_type: type,
+                    provider: 'evolution', to_phone: phone,
+                    provider_message_id: sendRes.messageId ?? null,
+                    conversation_message_id: msg?.id ?? null
+                })
+                stats.sent++
+            } else if (channel.provider === 'twilio') {
+                // Busca creds twilio (colunas dedicadas + credentials JSONB com auth_token)
+                const { data: fullChannel } = await supa
+                    .from('notification_channels')
+                    .select('twilio_subaccount_sid, twilio_phone_number, credentials')
+                    .eq('tenant_id', tenantId)
+                    .eq('channel', 'whatsapp')
+                    .is('deleted_at', null)
+                    .maybeSingle()
+                const twCreds = (fullChannel?.credentials ?? {}) as Record<string, string>
+                const subSid = fullChannel?.twilio_subaccount_sid as string
+                const subToken = twCreds.subaccount_auth_token
+                const twFrom = fullChannel?.twilio_phone_number as string
+
+                if (!subSid || !subToken || !twFrom) {
+                    await logSkip(supa, eventId, tenantId, type, 'twilio_creds_missing')
+                    stats.skipped.twilio_creds_missing = (stats.skipped.twilio_creds_missing || 0) + 1
+                    continue
+                }
+
+                // Deduz 1 crédito ANTES (atômico via RPC)
+                const { error: dedErr } = await supa.rpc('deduct_whatsapp_credits', {
+                    p_tenant_id: tenantId,
+                    p_amount: 1,
+                    p_conversation_message_id: null,
+                    p_note: `Lembrete sessão ${type}`
+                })
+                if (dedErr) {
+                    const reason = String(dedErr.message || '').includes('insufficient_credits') ? 'insufficient_credits' : 'deduct_error'
+                    await logSkip(supa, eventId, tenantId, type, reason)
+                    stats.skipped[reason] = (stats.skipped[reason] || 0) + 1
+                    continue
+                }
+
+                const sendRes = await sendViaTwilio(subSid, subToken, twFrom, phone, text)
+                if (!sendRes.ok) {
+                    // Refund
+                    await supa.rpc('add_whatsapp_credits', {
+                        p_tenant_id: tenantId,
+                        p_amount: 1,
+                        p_kind: 'refund',
+                        p_purchase_id: null,
+                        p_admin_id: null,
+                        p_note: `Refund lembrete falhou: ${sendRes.error?.slice(0, 200)}`
+                    })
+                    console.error('[reminders] twilio send failed:', sendRes.error)
+                    await supa.from('session_reminder_logs').insert({
+                        event_id: eventId, tenant_id: tenantId, reminder_type: type,
+                        provider: 'twilio', skip_reason: `send_failed: ${sendRes.error}`, to_phone: phone
+                    })
+                    stats.errors++
+                    continue
+                }
+
+                const { data: msg } = await supa.from('conversation_messages').insert({
+                    tenant_id: tenantId,
+                    patient_id: pat.id,
+                    channel: 'whatsapp',
+                    direction: 'outbound',
+                    from_number: null,
+                    to_number: phone,
+                    body: text,
+                    provider: 'twilio',
+                    provider_message_id: sendRes.messageId ?? null,
+                    provider_raw: { reminder_type: type, event_id: eventId, status: sendRes.status },
+                    kanban_status: 'awaiting_patient',
+                    responded_at: new Date().toISOString(),
+                    delivery_status: sendRes.status === 'delivered' ? 'delivered' : 'sent'
+                }).select('id').single()
+
+                await supa.from('session_reminder_logs').insert({
+                    event_id: eventId, tenant_id: tenantId, reminder_type: type,
+                    provider: 'twilio', to_phone: phone,
+                    provider_message_id: sendRes.messageId ?? null,
+                    conversation_message_id: msg?.id ?? null
+                })
+                stats.sent++
+            } else {
+                await logSkip(supa, eventId, tenantId, type, 'unknown_provider')
+                stats.skipped.unknown_provider = (stats.skipped.unknown_provider || 0) + 1
+            }
+        } catch (err) {
+            console.error('[reminders] event process error:', err)
+            stats.errors++
+        }
+    }
+}
+
+async function logSkip(
+    supa: SupabaseClient, eventId: string, tenantId: string, type: '24h' | '2h', reason: string
+) {
+    await supa.from('session_reminder_logs').insert({
+        event_id: eventId, tenant_id: tenantId, reminder_type: type,
+        provider: 'skipped', skip_reason: reason
+    })
+}
+
+Deno.serve(async (req: Request) => {
+    if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
+
+    try {
+        const supabase = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        const stats: ProcessStats = { considered: 0, sent: 0, skipped: {}, errors: 0 }
+
+        // 24h antes
+        await processWindow(supabase, '24h', 24 * 60, stats)
+        // 2h antes
+        await processWindow(supabase, '2h', 2 * 60, stats)
+
+        return json({ ok: true, stats })
+    } catch (err) {
+        console.error('[reminders] fatal:', err)
+        return json({ ok: false, error: String(err) }, 500)
+    }
+})
diff --git a/supabase/functions/send-whatsapp-message/index.ts b/supabase/functions/send-whatsapp-message/index.ts
new file mode 100644
index 0000000..bd7f3a7
--- /dev/null
+++ b/supabase/functions/send-whatsapp-message/index.ts
@@ -0,0 +1,329 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: send-whatsapp-message
+|--------------------------------------------------------------------------
+| Envia mensagem WhatsApp via Evolution API da clínica. Registra a mensagem
+| imediatamente em conversation_messages (direction=outbound) para feedback
+| instantâneo no UI (via Realtime). Quando a Evolution ecoar a mensagem de
+| volta pelo webhook com fromMe=true, o evolution-whatsapp-inbound faz UPDATE
+| (não duplica) pelo provider_message_id.
+|
+| Body JSON:
+|   {
+|     "tenant_id":  "<uuid>",
+|     "to_number":  "5516912345678",      // sem + nem @s.whatsapp.net
+|     "body":       "Texto da mensagem",
+|     "patient_id": "<uuid>" (opcional)   // se já vinculado
+|   }
+|--------------------------------------------------------------------------
+*/
+
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+}
+
+function json(body: unknown, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+    })
+}
+
+function sanitizeBody(raw: string): string {
+    return String(raw ?? '')
+        .replace(/[\x00-\x08\x0B\x0C\x0E-\x1F]/g, '')
+        .trim()
+        .slice(0, 4000)
+}
+
+function normalizePhone(raw: string): string {
+    const digits = String(raw ?? '').replace(/\D/g, '')
+    if (digits.length >= 12 && digits.startsWith('55')) return digits
+    if (digits.length === 11 || digits.length === 10) return '55' + digits
+    return digits
+}
+
+// ═══════════════════════════════════════════════════════════════════
+// Twilio send helper (com dedução de crédito)
+// ═══════════════════════════════════════════════════════════════════
+type TwilioChannel = {
+    twilio_subaccount_sid: string
+    twilio_phone_number: string
+    credentials: { subaccount_auth_token?: string }
+}
+
+async function sendViaTwilio(
+    channel: TwilioChannel,
+    toPhone: string,
+    text: string
+): Promise<{ ok: boolean; messageId?: string; status?: string; error?: string }> {
+    const subSid = channel.twilio_subaccount_sid
+    const authToken = channel.credentials?.subaccount_auth_token
+    const fromNumber = channel.twilio_phone_number  // E.164: +5511999990000
+
+    if (!subSid || !authToken || !fromNumber) {
+        return { ok: false, error: 'Twilio credenciais incompletas' }
+    }
+
+    const endpoint = `https://api.twilio.com/2010-04-01/Accounts/${subSid}/Messages.json`
+    const basicAuth = btoa(`${subSid}:${authToken}`)
+
+    const toE164 = toPhone.startsWith('+') ? toPhone : `+${toPhone}`
+    const params = new URLSearchParams()
+    params.append('From', `whatsapp:${fromNumber}`)
+    params.append('To', `whatsapp:${toE164}`)
+    params.append('Body', text)
+
+    try {
+        const resp = await fetch(endpoint, {
+            method: 'POST',
+            headers: {
+                'Authorization': `Basic ${basicAuth}`,
+                'Content-Type': 'application/x-www-form-urlencoded'
+            },
+            body: params.toString()
+        })
+        const data = await resp.json().catch(() => null) as Record<string, unknown> | null
+        if (!resp.ok) {
+            return { ok: false, error: `Twilio ${resp.status}: ${(data?.message as string) || JSON.stringify(data).slice(0, 200)}` }
+        }
+        return {
+            ok: true,
+            messageId: String(data?.sid || ''),
+            status: String(data?.status || 'queued')
+        }
+    } catch (e) {
+        return { ok: false, error: String(e) }
+    }
+}
+
+// Edge function roda em container — localhost aponta pra ele mesmo, não pro host.
+// Substitui localhost/127.0.0.1 por host.docker.internal pra alcançar o host.
+function rewriteForContainer(apiUrl: string): string {
+    try {
+        const u = new URL(apiUrl)
+        if (u.hostname === 'localhost' || u.hostname === '127.0.0.1') {
+            u.hostname = 'host.docker.internal'
+            return u.toString().replace(/\/+$/, '')
+        }
+        return apiUrl.replace(/\/+$/, '')
+    } catch {
+        return apiUrl
+    }
+}
+
+Deno.serve(async (req: Request) => {
+    if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
+    if (req.method !== 'POST') return json({ ok: false, error: 'method' }, 405)
+
+    try {
+        const body = await req.json().catch(() => null)
+        if (!body || typeof body !== 'object') return json({ ok: false, error: 'body invalido' }, 400)
+
+        const { tenant_id, to_number, body: text, patient_id } = body as Record<string, string>
+        const cleanText = sanitizeBody(text)
+        const cleanPhone = normalizePhone(to_number)
+
+        if (!tenant_id || !cleanPhone || !cleanText) {
+            return json({ ok: false, error: 'faltam campos (tenant_id, to_number, body)' }, 400)
+        }
+        if (cleanText.length < 1) return json({ ok: false, error: 'mensagem vazia' }, 400)
+
+        // Autenticação
+        const auth = req.headers.get('Authorization') ?? ''
+        const supaAuthed = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_ANON_KEY')!,
+            { global: { headers: { Authorization: auth } } }
+        )
+        const { data: authData, error: authErr } = await supaAuthed.auth.getUser()
+        if (authErr || !authData?.user) return json({ ok: false, error: 'auth' }, 401)
+
+        const supaSvc = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        const userId = authData.user.id
+        // Valida membership
+        const { data: isAdmin } = await supaSvc.rpc('is_saas_admin')
+        if (!isAdmin) {
+            const { data: membership } = await supaSvc
+                .from('tenant_members')
+                .select('id')
+                .eq('tenant_id', tenant_id)
+                .eq('user_id', userId)
+                .eq('status', 'active')
+                .maybeSingle()
+            if (!membership) return json({ ok: false, error: 'forbidden' }, 403)
+        }
+
+        // Busca canal (Evolution ou Twilio)
+        const { data: channel, error: chErr } = await supaSvc
+            .from('notification_channels')
+            .select('credentials, provider, twilio_subaccount_sid, twilio_phone_number, is_active')
+            .eq('tenant_id', tenant_id)
+            .eq('channel', 'whatsapp')
+            .is('deleted_at', null)
+            .maybeSingle()
+
+        if (chErr || !channel) {
+            return json({ ok: false, error: 'Canal WhatsApp nao configurado pra este tenant' }, 400)
+        }
+        if (!channel.is_active) {
+            return json({ ok: false, error: 'Canal WhatsApp inativo. Verifique /configuracoes/whatsapp.' }, 400)
+        }
+
+        const provider = channel.provider  // 'evolution' ou 'twilio'
+
+        // Resolve patient_id se não veio (match por telefone)
+        let resolvedPatientId = patient_id ?? null
+        if (!resolvedPatientId) {
+            const { data: matchData } = await supaSvc.rpc('match_patient_by_phone', {
+                p_tenant_id: tenant_id,
+                p_phone: cleanPhone
+            })
+            resolvedPatientId = (matchData as string | null) ?? null
+        }
+
+        // ─────────────────────────────────────────────────────
+        // TWILIO: deduz crédito ANTES, envia, refunda se falhar
+        // ─────────────────────────────────────────────────────
+        if (provider === 'twilio') {
+            // Deduz 1 crédito de forma atômica (RPC lança 'insufficient_credits' se zerado)
+            const { error: dedErr } = await supaSvc.rpc('deduct_whatsapp_credits', {
+                p_tenant_id: tenant_id,
+                p_amount: 1,
+                p_conversation_message_id: null,
+                p_note: 'Envio manual WhatsApp'
+            })
+            if (dedErr) {
+                const insufficient = String(dedErr.message || '').includes('insufficient_credits')
+                return json({
+                    ok: false,
+                    error: insufficient ? 'insufficient_credits' : dedErr.message,
+                    message: insufficient
+                        ? 'Saldo insuficiente. Compre créditos em /configuracoes/creditos-whatsapp.'
+                        : 'Erro ao deduzir créditos'
+                }, insufficient ? 402 : 500)
+            }
+
+            // Envia via Twilio
+            const sendRes = await sendViaTwilio(channel as unknown as TwilioChannel, cleanPhone, cleanText)
+
+            if (!sendRes.ok) {
+                // Refunda o crédito deduzido
+                await supaSvc.rpc('add_whatsapp_credits', {
+                    p_tenant_id: tenant_id,
+                    p_amount: 1,
+                    p_kind: 'refund',
+                    p_purchase_id: null,
+                    p_admin_id: null,
+                    p_note: `Refund envio falhou: ${sendRes.error?.slice(0, 200)}`
+                })
+                return json({ ok: false, error: `twilio_send_failed: ${sendRes.error}` }, 502)
+            }
+
+            // Registra mensagem + vincula a dedução (se possível — já foi feita sem msg_id)
+            const { data: inserted, error: insErr } = await supaSvc.from('conversation_messages').insert({
+                tenant_id,
+                patient_id: resolvedPatientId,
+                channel: 'whatsapp',
+                direction: 'outbound',
+                from_number: null,
+                to_number: cleanPhone,
+                body: cleanText,
+                provider: 'twilio',
+                provider_message_id: sendRes.messageId ?? null,
+                provider_raw: { status: sendRes.status },
+                kanban_status: 'awaiting_patient',
+                received_at: null,
+                responded_at: new Date().toISOString(),
+                delivery_status: sendRes.status === 'delivered' ? 'delivered' : sendRes.status === 'sent' ? 'sent' : 'queued'
+            }).select('id').single()
+
+            if (insErr) {
+                console.error('[send-whatsapp-message] insert error (twilio):', insErr)
+                return json({ ok: false, error: 'Enviado + creditado mas falhou ao registrar: ' + insErr.message }, 500)
+            }
+
+            return json({
+                ok: true,
+                provider: 'twilio',
+                message_id: inserted.id,
+                provider_message_id: sendRes.messageId
+            })
+        }
+
+        // ─────────────────────────────────────────────────────
+        // EVOLUTION: sem dedução (tier gratuito)
+        // ─────────────────────────────────────────────────────
+        const creds = (channel.credentials ?? {}) as Record<string, string>
+        const apiUrl = creds.api_url
+        const apiKey = creds.api_key
+        const instance = creds.instance_name
+
+        if (!apiUrl || !apiKey || !instance) {
+            return json({ ok: false, error: 'Credenciais Evolution incompletas' }, 400)
+        }
+
+        const evoEndpoint = `${rewriteForContainer(apiUrl)}/message/sendText/${encodeURIComponent(instance)}`
+        const evoBody = { number: cleanPhone, text: cleanText }
+
+        const evoResp = await fetch(evoEndpoint, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json', 'apikey': apiKey },
+            body: JSON.stringify(evoBody)
+        })
+
+        const evoText = await evoResp.text()
+        let evoJson: Record<string, unknown> | null = null
+        try { evoJson = JSON.parse(evoText) } catch { /* fica null */ }
+
+        if (!evoResp.ok) {
+            return json({
+                ok: false,
+                error: `Evolution retornou ${evoResp.status}`,
+                evolution_response: evoJson ?? evoText
+            }, 502)
+        }
+
+        const providerMessageId = (evoJson as { key?: { id?: string } } | null)?.key?.id ?? null
+
+        const { data: inserted, error: insErr } = await supaSvc.from('conversation_messages').insert({
+            tenant_id,
+            patient_id: resolvedPatientId,
+            channel: 'whatsapp',
+            direction: 'outbound',
+            from_number: null,
+            to_number: cleanPhone,
+            body: cleanText,
+            provider: 'evolution',
+            provider_message_id: providerMessageId,
+            provider_raw: evoJson ?? null,
+            kanban_status: 'awaiting_patient',
+            received_at: null,
+            responded_at: new Date().toISOString(),
+            delivery_status: 'sent'
+        }).select('id').single()
+
+        if (insErr) {
+            console.error('[send-whatsapp-message] insert error (evolution):', insErr)
+            return json({ ok: false, error: 'Enviado mas falhou ao registrar: ' + insErr.message }, 500)
+        }
+
+        return json({
+            ok: true,
+            provider: 'evolution',
+            message_id: inserted.id,
+            provider_message_id: providerMessageId,
+            evolution_response: evoJson
+        })
+    } catch (err) {
+        return json({ ok: false, error: String(err) }, 500)
+    }
+})
diff --git a/supabase/functions/submit-patient-intake/index.js b/supabase/functions/submit-patient-intake/index.ts
similarity index 100%
rename from supabase/functions/submit-patient-intake/index.js
rename to supabase/functions/submit-patient-intake/index.ts
diff --git a/supabase/functions/twilio-whatsapp-inbound/index.ts b/supabase/functions/twilio-whatsapp-inbound/index.ts
new file mode 100644
index 0000000..e465083
--- /dev/null
+++ b/supabase/functions/twilio-whatsapp-inbound/index.ts
@@ -0,0 +1,221 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: twilio-whatsapp-inbound
+|--------------------------------------------------------------------------
+| Recebe mensagens WhatsApp RECEBIDAS pelos tenants via Twilio.
+| Diferente do twilio-whatsapp-webhook (que trata apenas status de mensagens
+| enviadas), este recebe o conteudo de respostas dos pacientes.
+|
+| URL configurada no numero da subconta de cada tenant, campo "WHEN A
+| MESSAGE COMES IN":
+|   https://<project>.supabase.co/functions/v1/twilio-whatsapp-inbound?tenant_id=<uuid>
+|
+| Hooks aplicados (provider-agnostico via _shared/whatsapp-hooks):
+|   1) Opt-IN detection (keywords "voltar", "retornar", ...)
+|   2) Opt-OUT detection (keywords do tenant + system) com ack automatico
+|   3) Auto-reply fora do horario (se nao houve opt-out) com credit deduction
+|
+| Custos: cada envio (ack de opt-out + auto-reply) DEDUZ 1 credito do tenant.
+| Se o saldo estiver zerado, o hook falha silenciosamente (nao envia).
+|--------------------------------------------------------------------------
+*/
+
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
+import {
+    buildThreadKey,
+    detectOptoutKeyword,
+    maybeOptIn,
+    maybeSendAutoReply,
+    makeTwilioCreditedSendFn,
+    registerOptout,
+    type TwilioChannel
+} from '../_shared/whatsapp-hooks.ts'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+    'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
+}
+
+const EMPTY_TWIML = '<?xml version="1.0" encoding="UTF-8"?><Response></Response>'
+
+function stripWhatsappPrefix(raw: string | null | undefined): string | null {
+    if (!raw) return null
+    return raw.replace(/^whatsapp:/i, '').trim()
+}
+
+Deno.serve(async (req: Request) => {
+    if (req.method === 'OPTIONS') {
+        return new Response('ok', { headers: corsHeaders })
+    }
+
+    if (req.method !== 'POST') {
+        return new Response(EMPTY_TWIML, {
+            status: 200,
+            headers: { ...corsHeaders, 'Content-Type': 'text/xml' }
+        })
+    }
+
+    try {
+        const url = new URL(req.url)
+        const tenantId = url.searchParams.get('tenant_id')
+
+        if (!tenantId) {
+            console.error('[twilio-whatsapp-inbound] tenant_id ausente na URL')
+            return new Response(EMPTY_TWIML, {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'text/xml' }
+            })
+        }
+
+        const supabase = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        const formData = await req.formData()
+        const from        = stripWhatsappPrefix(formData.get('From') as string)
+        const to          = stripWhatsappPrefix(formData.get('To') as string)
+        const body        = (formData.get('Body') as string) ?? null
+        const messageSid  = formData.get('MessageSid') as string
+        const numMedia    = parseInt((formData.get('NumMedia') as string) ?? '0', 10)
+        const mediaUrl    = numMedia > 0 ? (formData.get('MediaUrl0') as string) : null
+        const mediaMime   = numMedia > 0 ? (formData.get('MediaContentType0') as string) : null
+
+        if (!from || !messageSid) {
+            console.warn('[twilio-whatsapp-inbound] payload incompleto')
+            return new Response(EMPTY_TWIML, {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'text/xml' }
+            })
+        }
+
+        const cleanBody = body
+            ? String(body).replace(/[\x00-\x08\x0B\x0C\x0E-\x1F]/g, '').slice(0, 4000)
+            : null
+
+        const { data: matchData } = await supabase.rpc('match_patient_by_phone', {
+            p_tenant_id: tenantId,
+            p_phone: from
+        })
+        const patientId = matchData as string | null
+
+        const raw: Record<string, unknown> = {
+            MessageSid: messageSid,
+            AccountSid: formData.get('AccountSid') ?? null,
+            From: from,
+            To: to,
+            NumMedia: numMedia,
+            ProfileName: formData.get('ProfileName') ?? null,
+            WaId: formData.get('WaId') ?? null,
+        }
+
+        const { error: insErr } = await supabase.from('conversation_messages').insert({
+            tenant_id: tenantId,
+            patient_id: patientId,
+            channel: 'whatsapp',
+            direction: 'inbound',
+            from_number: from,
+            to_number: to,
+            body: cleanBody,
+            media_url: mediaUrl,
+            media_mime: mediaMime,
+            provider: 'twilio',
+            provider_message_id: messageSid,
+            provider_raw: raw,
+            kanban_status: 'awaiting_us',
+            received_at: new Date().toISOString()
+        })
+
+        if (insErr) {
+            console.error('[twilio-whatsapp-inbound] insert error:', insErr)
+            return new Response(EMPTY_TWIML, {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'text/xml' }
+            })
+        }
+
+        // ─────────────────────────────────────────────────────
+        // Hooks: opt-in, opt-out, auto-reply
+        // ─────────────────────────────────────────────────────
+        let optoutAction: 'in' | 'out' | null = null
+        let autoReplyResult: { sent: boolean; reason?: string } | null = null
+
+        try {
+            // Busca canal Twilio (uma vez) — reutilizado por registerOptout/autoReply
+            const { data: channel } = await supabase
+                .from('notification_channels')
+                .select('credentials, provider, twilio_subaccount_sid, twilio_phone_number, is_active')
+                .eq('tenant_id', tenantId)
+                .eq('channel', 'whatsapp')
+                .is('deleted_at', null)
+                .maybeSingle()
+
+            if (channel && channel.is_active && channel.provider === 'twilio') {
+                // 1) Opt-IN (voltar) tem prioridade
+                if (await maybeOptIn(supabase, tenantId, from, cleanBody)) {
+                    optoutAction = 'in'
+                }
+
+                // 2) Opt-OUT por keyword — envia ack via Twilio (deduz 1 credito)
+                if (!optoutAction) {
+                    const keyword = await detectOptoutKeyword(supabase, tenantId, cleanBody)
+                    if (keyword) {
+                        const optoutSendFn = makeTwilioCreditedSendFn(
+                            supabase,
+                            tenantId,
+                            channel as unknown as TwilioChannel,
+                            'Opt-out ack WhatsApp'
+                        )
+                        await registerOptout(
+                            supabase,
+                            tenantId,
+                            from,
+                            patientId,
+                            cleanBody,
+                            keyword,
+                            'twilio',
+                            optoutSendFn
+                        )
+                        optoutAction = 'out'
+                    }
+                }
+
+                // 3) Auto-reply fora do horario (so se nao foi opt-out)
+                if (optoutAction !== 'out') {
+                    const threadKey = buildThreadKey(patientId, from)
+                    const arSendFn = makeTwilioCreditedSendFn(
+                        supabase,
+                        tenantId,
+                        channel as unknown as TwilioChannel,
+                        'Auto-reply WhatsApp'
+                    )
+                    autoReplyResult = await maybeSendAutoReply(
+                        supabase,
+                        tenantId,
+                        threadKey,
+                        from,
+                        'twilio',
+                        arSendFn
+                    )
+                }
+            }
+        } catch (err) {
+            console.error('[twilio-whatsapp-inbound] hooks error:', err)
+        }
+
+        // Twilio espera TwiML vazio (nao reenvia); logs no console
+        console.log('[twilio-whatsapp-inbound] processed', { tenantId, from, optoutAction, autoReplyResult })
+
+        return new Response(EMPTY_TWIML, {
+            status: 200,
+            headers: { ...corsHeaders, 'Content-Type': 'text/xml' }
+        })
+    } catch (err) {
+        console.error('[twilio-whatsapp-inbound] fatal:', err)
+        return new Response(EMPTY_TWIML, {
+            status: 200,
+            headers: { ...corsHeaders, 'Content-Type': 'text/xml' }
+        })
+    }
+})