CRM WhatsApp Grupo 3 completo + Marco A/B (Asaas) + admin SaaS + refactors polimórficos

Sessão 11+: fechamento do CRM de WhatsApp com dois providers (Evolution/Twilio), sistema de créditos com Asaas/PIX, polimorfismo de telefones/emails, e integração admin SaaS no /saas/addons existente. ═══════════════════════════════════════════════════════════════════════════ GRUPO 3 — WORKFLOW / CRM (completo) ═══════════════════════════════════════════════════════════════════════════ 3.1 Tags · migration conversation_tags + seed de 5 system tags · composable useConversationTags.js · popover + pills no drawer e nos cards do Kanban. 3.2 Atribuição de conversa a terapeuta · migration 20260421000012 com PK (tenant_id, thread_key), UPSERT, RLS que valida assignee como membro ativo do mesmo tenant · view conversation_threads expandida com assigned_to + assigned_at · composable useConversationAssignment.js · drawer com Select filtrável + botão "Assumir" · inbox com filtro aside (Todas/Minhas/Não atribuídas) e chip do responsável em cada card (destaca "Eu" em azul). 3.3 Notas internas · migration conversation_notes · composable + seção colapsável no drawer · apenas o criador pode editar/apagar (RLS). 3.5 Converter desconhecido em paciente · botão + dialog quick-cadastro · "Vincular existente" com Select filter de até 500 pacientes · cria telefone WhatsApp (vinculado) via upsertWhatsappForExisting. 3.6 Histórico de conversa no prontuário · nova aba "Conversas" em PatientProntuario.vue · PatientConversationsTab.vue com stats (total / recebidas / enviadas / primeira / última), SelectButton de filtro, timeline com bolhas por direção, mídia inline (imagem/áudio/vídeo/doc via signed URL), indicadores ✓ ✓✓ de delivery, botão "Abrir no CRM". ═══════════════════════════════════════════════════════════════════════════ MARCO A — UNIFICAÇÃO WHATSAPP (dois providers mutuamente exclusivos) ═══════════════════════════════════════════════════════════════════════════ - Página chooser ConfiguracoesWhatsappChooserPage.vue com 2 cards (Pessoal/ Oficial), deactivate via edge function deactivate-notification-channel - send-whatsapp-message refatorada com roteamento por provider; Twilio deduz 1 crédito antes do envio e refunda em falha - Paridade Twilio (novo): módulo compartilhado supabase/functions/_shared/ whatsapp-hooks.ts com lógica provider-agnóstica (opt-in, opt-out, auto- reply, schedule helpers em TZ São Paulo, makeTwilioCreditedSendFn que envolve envio em dedução atômica + rollback). Consumido por Evolution E Twilio inbound. Evolution refatorado (~290 linhas duplicadas removidas). - Bucket privado whatsapp-media · decrypt via Evolution getBase64From MediaMessage · upload com path tenant/yyyy/mm · signed URLs on-demand ═══════════════════════════════════════════════════════════════════════════ MARCO B — SISTEMA DE CRÉDITOS WHATSAPP + ASAAS ═══════════════════════════════════════════════════════════════════════════ Banco: - Migration 20260421000007_whatsapp_credits (4 tabelas: balance, transactions, packages, purchases) + RPCs add_whatsapp_credits e deduct_whatsapp_credits (atômicas com SELECT FOR UPDATE) - Migration 20260421000013_tenant_cpf_cnpj (coluna em tenants com CHECK de 11 ou 14 dígitos) Edge functions: - create-whatsapp-credit-charge · Asaas v3 (sandbox + prod) · PIX com QR code · getOrCreateAsaasCustomer patcha customer existente com CPF quando está faltando - asaas-webhook · recebe PAYMENT_RECEIVED/CONFIRMED e credita balance Frontend (tenant): - Página /configuracoes/creditos-whatsapp com saldo + loja + histórico - Dialog de confirmação com CPF/CNPJ (validação via isValidCPF/CNPJ de utils/validators, formatação on-blur, pré-fill de tenants.cpf_cnpj, persiste no primeiro uso) · fallback sandbox 24971563792 REMOVIDO - Composable useWhatsappCredits extrai erros amigáveis via error.context.json() Frontend (SaaS admin): - Em /saas/addons (reuso do pattern existente, não criou página paralela): - Aba 4 "Pacotes WhatsApp" — CRUD whatsapp_credit_packages com DataTable, toggle is_active inline, dialog de edição com validação - Aba 5 "Topup WhatsApp" — tenant Select com saldo ao vivo · RPC add_whatsapp_credits com p_admin_id = auth.uid() (auditoria) · histórico das últimas 20 transações topup/adjustment/refund ═══════════════════════════════════════════════════════════════════════════ GRUPO 2 — AUTOMAÇÃO ═══════════════════════════════════════════════════════════════════════════ 2.3 Auto-reply · conversation_autoreply_settings + conversation_autoreply_ log · 3 modos de schedule (agenda das regras semanais, business_hours custom, custom_window) · cooldown por thread · respeita opt-out · agora funciona em Evolution E Twilio (hooks compartilhados) 2.4 Lembretes de sessão · conversation_session_reminders_settings + _logs · edge send-session-reminders (cron) · janelas 24h e 2h antes · Twilio deduz crédito com rollback em falha ═══════════════════════════════════════════════════════════════════════════ GRUPO 5 — COMPLIANCE (LGPD Art. 18 §2) ═══════════════════════════════════════════════════════════════════════════ 5.2 Opt-out · conversation_optouts + conversation_optout_keywords (10 system seed + custom por tenant) · detecção por regex word-boundary e normalização (lowercase + strip acentos + pontuação) · ack automático (deduz crédito em Twilio) · opt-in via "voltar", "retornar", "reativar", "restart" · página /configuracoes/conversas-optouts com CRUD de keywords ═══════════════════════════════════════════════════════════════════════════ REFACTOR POLIMÓRFICO — TELEFONES + EMAILS ═══════════════════════════════════════════════════════════════════════════ - contact_types + contact_phones (entity_type + entity_id) — migration 20260421000008 · contact_email_types + contact_emails — 20260421000011 - Componentes ContactPhonesEditor.vue e ContactEmailsEditor.vue (add/edit/ remove com confirm, primary selector, WhatsApp linked badge) - Composables useContactPhones.js + useContactEmails.js com unsetOtherPrimaries() e validação - Trocado em PatientsCadastroPage.vue e MedicosPage.vue (removidos campos legados telefone/telefone_alternativo e email_principal/email_alternativo) - Migration retroativa v2 (20260421000010) detecta conversation_messages e cria/atualiza phone como WhatsApp vinculado ═══════════════════════════════════════════════════════════════════════════ POLIMENTO VISUAL + INFRA ═══════════════════════════════════════════════════════════════════════════ - Skeletons simplificados no dashboard do terapeuta - Animações fade-up com stagger via [--delay:Xms] (fix specificity sobre .dash-card box-shadow transition) - ConfirmDialog com group="conversation-drawer" (evita montagem duplicada) - Image preview PrimeVue com botão de download injetado via MutationObserver (fetch + blob para funcionar cross-origin) - Áudio/vídeo com preload="metadata" e controles de velocidade do browser - friendlySendError() mapeia códigos do edge pra mensagens pt-BR via error.context.json() - Teleport #cfg-page-actions para ações globais de Configurações - Brotli/Gzip + auto-import Vue/PrimeVue + bundle analyzer - AppLayout consolidado (removidas duplicatas por área) + RouterPassthrough - Removido console.trace debug que estava em watch de router e queries Supabase (degradava perf pra todos) - Realtime em conversation_messages via publication supabase_realtime - Notifier global flutuante com beep + toggle mute (4 camadas: badge + sino + popup + browser notification) ═══════════════════════════════════════════════════════════════════════════ MIGRATIONS NOVAS (13) ═══════════════════════════════════════════════════════════════════════════ 20260420000001_patient_intake_invite_info_rpc 20260420000002_audit_logs_lgpd 20260420000003_audit_logs_unified_view 20260420000004_lgpd_export_patient_rpc 20260420000005_conversation_messages 20260420000005_search_global_rpc 20260420000006_conv_messages_notifications 20260420000007_notif_channels_saas_admin_insert 20260420000008_conv_messages_realtime 20260420000009_conv_messages_delivery_status 20260421000001_whatsapp_media_bucket 20260421000002_conversation_notes 20260421000003_conversation_tags 20260421000004_conversation_autoreply 20260421000005_conversation_optouts 20260421000006_session_reminders 20260421000007_whatsapp_credits 20260421000008_contact_phones 20260421000009_retroactive_whatsapp_link 20260421000010_retroactive_whatsapp_link_v2 20260421000011_contact_emails 20260421000012_conversation_assignments 20260421000013_tenant_cpf_cnpj ═══════════════════════════════════════════════════════════════════════════ EDGE FUNCTIONS NOVAS / MODIFICADAS ═══════════════════════════════════════════════════════════════════════════ Novas: - _shared/whatsapp-hooks.ts (módulo compartilhado) - asaas-webhook - create-whatsapp-credit-charge - deactivate-notification-channel - evolution-webhook-provision - evolution-whatsapp-inbound - get-intake-invite-info - notification-webhook - send-session-reminders - send-whatsapp-message - submit-patient-intake - twilio-whatsapp-inbound ═══════════════════════════════════════════════════════════════════════════ FRONTEND — RESUMO ═══════════════════════════════════════════════════════════════════════════ Composables novos: useAddonExtrato, useAuditoria, useAutoReplySettings, useClinicKPIs, useContactEmails, useContactPhones, useConversationAssignment, useConversationNotes, useConversationOptouts, useConversationTags, useConversations, useLgpdExport, useSessionReminders, useWhatsappCredits Stores: conversationDrawerStore Componentes novos: ConversationDrawer, GlobalInboundNotifier, GlobalSearch, ContactEmailsEditor, ContactPhonesEditor Páginas novas: CRMConversasPage, PatientConversationsTab, AddonsExtratoPage, AuditoriaPage, NotificationsHistoryPage, ConfiguracoesWhatsappChooserPage, ConfiguracoesConversasAutoreplyPage, ConfiguracoesConversasOptoutsPage, ConfiguracoesConversasTagsPage, ConfiguracoesCreditosWhatsappPage, ConfiguracoesLembretesSessaoPage Utils novos: addonExtratoExport, auditoriaExport, excelExport, lgpdExportFormats Páginas existentes alteradas: ClinicDashboard, PatientsCadastroPage, PatientCadastroDialog, PatientsListPage, MedicosPage, PatientProntuario, ConfiguracoesWhatsappPage, SaasWhatsappPage, ConfiguracoesRecursosExtrasPage, ConfiguracoesPage, AgendaTerapeutaPage, AgendaClinicaPage, NotificationItem, NotificationDrawer, AppLayout, AppTopbar, useMenuBadges, patientsRepository, SaasAddonsPage (aba 4 + 5 WhatsApp) Routes: routes.clinic, routes.configs, routes.therapist atualizados Menus: clinic.menu, therapist.menu, saas.menu atualizados ═══════════════════════════════════════════════════════════════════════════ NOTAS - Após subir, rodar supabase functions serve --no-verify-jwt --env-file supabase/functions/.env pra carregar o módulo _shared - WHATSAPP_SETUP.md reescrito (~400 linhas) com setup completo dos 3 providers + troubleshooting + LGPD - HANDOFF.md atualizado com estado atual e próximos passos Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 07:05:24 -03:00
parent 037ba3721f
commit 2644e60bb6
191 changed files with 38629 additions and 3756 deletions
@@ -0,0 +1,371 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Shared hooks: WhatsApp opt-out + auto-reply
+|--------------------------------------------------------------------------
+| Logica provider-agnostica compartilhada entre evolution-whatsapp-inbound
+| e twilio-whatsapp-inbound. Cada provider injeta seu proprio SendFn —
+| Evolution envia direto via API (sem deducao de credito), Twilio envolve
+| o envio em deducao atomica com rollback.
+|--------------------------------------------------------------------------
+*/
+
+import type { SupabaseClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+// Provider deve prover uma funcao de envio de texto puro
+export type SendFn = (phone: string, text: string) => Promise<{ ok: boolean; messageId?: string | null; error?: string }>
+
+export type ProviderLabel = 'evolution' | 'twilio'
+
+export function buildThreadKey(patientId: string | null, phone: string | null): string {
+    if (patientId) return patientId
+    return `anon:${phone ?? 'unknown'}`
+}
+
+export function normalizeForMatch(s: string | null | undefined): string {
+    return String(s ?? '')
+        .toLowerCase()
+        .normalize('NFD')
+        .replace(/[̀-ͯ]/g, '')
+        .replace(/[^\p{L}\p{N}\s]/gu, ' ')
+        .replace(/\s+/g, ' ')
+        .trim()
+}
+
+// ═══════════════════════════════════════════════════════════════════════
+// Opt-out (LGPD)
+// ═══════════════════════════════════════════════════════════════════════
+
+export async function detectOptoutKeyword(
+    supa: SupabaseClient,
+    tenantId: string,
+    body: string | null
+): Promise<string | null> {
+    if (!body) return null
+    const normalized = normalizeForMatch(body)
+    if (!normalized) return null
+
+    const { data } = await supa
+        .from('conversation_optout_keywords')
+        .select('keyword')
+        .or(`tenant_id.is.null,tenant_id.eq.${tenantId}`)
+        .eq('enabled', true)
+
+    if (!data || !data.length) return null
+
+    for (const row of data) {
+        const kw = normalizeForMatch(row.keyword)
+        if (!kw) continue
+        if (normalized === kw) return row.keyword
+        const pattern = new RegExp(`(^|\\s)${kw.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}(\\s|$)`)
+        if (pattern.test(normalized)) return row.keyword
+    }
+    return null
+}
+
+export async function isOptedOut(supa: SupabaseClient, tenantId: string, phone: string): Promise<boolean> {
+    const { data } = await supa
+        .from('conversation_optouts')
+        .select('id')
+        .eq('tenant_id', tenantId)
+        .eq('phone', phone)
+        .is('opted_back_in_at', null)
+        .limit(1)
+        .maybeSingle()
+    return !!data
+}
+
+const OPT_IN_KEYWORDS = ['voltar', 'retornar', 'reativar', 'restart']
+export async function maybeOptIn(
+    supa: SupabaseClient,
+    tenantId: string,
+    phone: string,
+    body: string | null
+): Promise<boolean> {
+    if (!body) return false
+    const normalized = normalizeForMatch(body)
+    if (!normalized) return false
+    for (const kw of OPT_IN_KEYWORDS) {
+        if (normalized === kw || new RegExp(`(^|\\s)${kw}(\\s|$)`).test(normalized)) {
+            const { data } = await supa
+                .from('conversation_optouts')
+                .update({ opted_back_in_at: new Date().toISOString() })
+                .eq('tenant_id', tenantId)
+                .eq('phone', phone)
+                .is('opted_back_in_at', null)
+                .select('id')
+                .maybeSingle()
+            return !!data
+        }
+    }
+    return false
+}
+
+export async function registerOptout(
+    supa: SupabaseClient,
+    tenantId: string,
+    phone: string,
+    patientId: string | null,
+    originalMessage: string | null,
+    keywordMatched: string,
+    provider: ProviderLabel,
+    sendFn: SendFn
+): Promise<void> {
+    const { data: existing } = await supa
+        .from('conversation_optouts')
+        .select('id')
+        .eq('tenant_id', tenantId)
+        .eq('phone', phone)
+        .is('opted_back_in_at', null)
+        .maybeSingle()
+
+    if (existing) return
+
+    await supa.from('conversation_optouts').insert({
+        tenant_id: tenantId,
+        phone,
+        patient_id: patientId,
+        source: 'keyword',
+        keyword_matched: keywordMatched,
+        original_message: (originalMessage || '').slice(0, 500)
+    })
+
+    const ackText = 'OK! Não enviaremos mais mensagens automáticas. Você ainda pode falar com seu terapeuta diretamente quando quiser. Para voltar a receber, envie VOLTAR.'
+    try {
+        const res = await sendFn(phone, ackText)
+        if (res.ok) {
+            await supa.from('conversation_messages').insert({
+                tenant_id: tenantId,
+                patient_id: patientId,
+                channel: 'whatsapp',
+                direction: 'outbound',
+                from_number: null,
+                to_number: phone,
+                body: ackText,
+                provider,
+                provider_message_id: res.messageId ?? null,
+                provider_raw: { optout_ack: true },
+                kanban_status: 'resolved',
+                responded_at: new Date().toISOString()
+            })
+        } else {
+            console.error('[optout] ack send failed:', res.error)
+        }
+    } catch (err) {
+        console.error('[optout] ack send error:', err)
+    }
+}
+
+// ═══════════════════════════════════════════════════════════════════════
+// Auto-reply (schedule-aware, cooldown, respeita opt-out)
+// ═══════════════════════════════════════════════════════════════════════
+
+export type ScheduleWindow = { dow: number; start: string; end: string }
+
+function hhmmToMinutes(s: string): number {
+    const m = String(s).match(/^(\d{1,2}):(\d{2})/)
+    if (!m) return -1
+    return parseInt(m[1], 10) * 60 + parseInt(m[2], 10)
+}
+
+function nowInSaoPaulo(): { dow: number; minutes: number } {
+    const now = new Date()
+    const fmt = new Intl.DateTimeFormat('en-US', {
+        timeZone: 'America/Sao_Paulo',
+        weekday: 'short',
+        hour: '2-digit',
+        minute: '2-digit',
+        hour12: false
+    })
+    const parts = fmt.formatToParts(now)
+    const weekday = parts.find((p) => p.type === 'weekday')?.value || 'Sun'
+    const hour = parseInt(parts.find((p) => p.type === 'hour')?.value || '0', 10)
+    const minute = parseInt(parts.find((p) => p.type === 'minute')?.value || '0', 10)
+    const dowMap: Record<string, number> = { Sun: 0, Mon: 1, Tue: 2, Wed: 3, Thu: 4, Fri: 5, Sat: 6 }
+    return { dow: dowMap[weekday] ?? 0, minutes: hour * 60 + minute }
+}
+
+function isWithinWindows(windows: ScheduleWindow[]): boolean {
+    if (!Array.isArray(windows) || !windows.length) return false
+    const { dow, minutes } = nowInSaoPaulo()
+    for (const w of windows) {
+        if (w.dow !== dow) continue
+        const start = hhmmToMinutes(w.start)
+        const end = hhmmToMinutes(w.end)
+        if (start < 0 || end < 0) continue
+        if (minutes >= start && minutes < end) return true
+    }
+    return false
+}
+
+async function windowsFromAgenda(supa: SupabaseClient, tenantId: string): Promise<ScheduleWindow[]> {
+    const { data, error } = await supa
+        .from('agenda_regras_semanais')
+        .select('dia_semana, hora_inicio, hora_fim, ativo')
+        .eq('tenant_id', tenantId)
+        .eq('ativo', true)
+    if (error || !data) return []
+    return data.map((r) => ({
+        dow: r.dia_semana,
+        start: String(r.hora_inicio).slice(0, 5),
+        end: String(r.hora_fim).slice(0, 5)
+    }))
+}
+
+export async function maybeSendAutoReply(
+    supa: SupabaseClient,
+    tenantId: string,
+    threadKey: string,
+    fromPhone: string | null,
+    provider: ProviderLabel,
+    sendFn: SendFn
+): Promise<{ sent: boolean; reason?: string }> {
+    if (!fromPhone) return { sent: false, reason: 'no_phone' }
+
+    if (await isOptedOut(supa, tenantId, fromPhone)) {
+        return { sent: false, reason: 'opted_out' }
+    }
+
+    const { data: settings } = await supa
+        .from('conversation_autoreply_settings')
+        .select('enabled, message, cooldown_minutes, schedule_mode, business_hours, custom_window')
+        .eq('tenant_id', tenantId)
+        .maybeSingle()
+
+    if (!settings || !settings.enabled) return { sent: false, reason: 'disabled' }
+
+    let withinHours = false
+    if (settings.schedule_mode === 'agenda') {
+        const windows = await windowsFromAgenda(supa, tenantId)
+        withinHours = isWithinWindows(windows)
+    } else if (settings.schedule_mode === 'business_hours') {
+        withinHours = isWithinWindows((settings.business_hours as ScheduleWindow[]) || [])
+    } else if (settings.schedule_mode === 'custom') {
+        withinHours = isWithinWindows((settings.custom_window as ScheduleWindow[]) || [])
+    }
+
+    if (withinHours) return { sent: false, reason: 'within_hours' }
+
+    if ((settings.cooldown_minutes ?? 0) > 0) {
+        const cutoff = new Date(Date.now() - settings.cooldown_minutes * 60 * 1000).toISOString()
+        const { data: recent } = await supa
+            .from('conversation_autoreply_log')
+            .select('sent_at')
+            .eq('tenant_id', tenantId)
+            .eq('thread_key', threadKey)
+            .gte('sent_at', cutoff)
+            .order('sent_at', { ascending: false })
+            .limit(1)
+            .maybeSingle()
+        if (recent) return { sent: false, reason: 'cooldown' }
+    }
+
+    const sendRes = await sendFn(fromPhone, settings.message)
+    if (!sendRes.ok) {
+        console.error('[auto-reply] send failed:', sendRes.error)
+        return { sent: false, reason: 'send_failed' }
+    }
+
+    await supa.from('conversation_messages').insert({
+        tenant_id: tenantId,
+        channel: 'whatsapp',
+        direction: 'outbound',
+        from_number: null,
+        to_number: fromPhone,
+        body: settings.message,
+        provider,
+        provider_message_id: sendRes.messageId ?? null,
+        provider_raw: { auto_reply: true },
+        kanban_status: 'awaiting_patient',
+        responded_at: new Date().toISOString()
+    })
+
+    await supa.from('conversation_autoreply_log').insert({
+        tenant_id: tenantId,
+        thread_key: threadKey
+    })
+
+    return { sent: true }
+}
+
+// ═══════════════════════════════════════════════════════════════════════
+// Twilio: send wrapper com deducao de credito + rollback
+// ═══════════════════════════════════════════════════════════════════════
+
+export type TwilioChannel = {
+    twilio_subaccount_sid: string
+    twilio_phone_number: string
+    credentials: { subaccount_auth_token?: string }
+}
+
+async function sendViaTwilioRaw(
+    channel: TwilioChannel,
+    toPhone: string,
+    text: string
+): Promise<{ ok: boolean; messageId?: string; error?: string }> {
+    const subSid = channel.twilio_subaccount_sid
+    const authToken = channel.credentials?.subaccount_auth_token
+    const fromNumber = channel.twilio_phone_number
+    if (!subSid || !authToken || !fromNumber) {
+        return { ok: false, error: 'Twilio credenciais incompletas' }
+    }
+    const endpoint = `https://api.twilio.com/2010-04-01/Accounts/${subSid}/Messages.json`
+    const basicAuth = btoa(`${subSid}:${authToken}`)
+    const toE164 = toPhone.startsWith('+') ? toPhone : `+${toPhone}`
+    const params = new URLSearchParams()
+    params.append('From', `whatsapp:${fromNumber}`)
+    params.append('To', `whatsapp:${toE164}`)
+    params.append('Body', text)
+
+    try {
+        const resp = await fetch(endpoint, {
+            method: 'POST',
+            headers: { Authorization: `Basic ${basicAuth}`, 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: params.toString()
+        })
+        const data = await resp.json().catch(() => null) as Record<string, unknown> | null
+        if (!resp.ok) {
+            return { ok: false, error: `Twilio ${resp.status}: ${(data?.message as string) || ''}` }
+        }
+        return { ok: true, messageId: String(data?.sid || '') }
+    } catch (e) {
+        return { ok: false, error: String(e) }
+    }
+}
+
+// Cria SendFn que:
+// 1) deduz 1 credito do tenant via RPC atomica
+// 2) envia via Twilio; se falhar, refunda o credito
+// 3) retorna resultado ao caller
+export function makeTwilioCreditedSendFn(
+    supa: SupabaseClient,
+    tenantId: string,
+    channel: TwilioChannel,
+    noteLabel: string
+): SendFn {
+    return async (phone: string, text: string) => {
+        const { error: dedErr } = await supa.rpc('deduct_whatsapp_credits', {
+            p_tenant_id: tenantId,
+            p_amount: 1,
+            p_conversation_message_id: null,
+            p_note: noteLabel
+        })
+        if (dedErr) {
+            const insufficient = String(dedErr.message || '').includes('insufficient_credits')
+            return { ok: false, error: insufficient ? 'insufficient_credits' : dedErr.message }
+        }
+
+        const sendRes = await sendViaTwilioRaw(channel, phone, text)
+        if (!sendRes.ok) {
+            await supa.rpc('add_whatsapp_credits', {
+                p_tenant_id: tenantId,
+                p_amount: 1,
+                p_kind: 'refund',
+                p_purchase_id: null,
+                p_admin_id: null,
+                p_note: `Refund ${noteLabel}: ${(sendRes.error || '').slice(0, 180)}`
+            })
+            return { ok: false, error: sendRes.error }
+        }
+        return { ok: true, messageId: sendRes.messageId ?? null }
+    }
+}
@@ -0,0 +1,148 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: asaas-webhook
+|--------------------------------------------------------------------------
+| Recebe eventos do Asaas. Atualiza status da purchase e credita saldo
+| quando PAYMENT_RECEIVED / PAYMENT_CONFIRMED.
+|
+| Config no Asaas:
+|   Dashboard → Integrações → Webhooks → URL:
+|     https://<project>.supabase.co/functions/v1/asaas-webhook
+|   Token de autenticação (opcional): setar em ASAAS_WEBHOOK_TOKEN
+|
+| Eventos tratados:
+|   PAYMENT_RECEIVED           → credita saldo (pago)
+|   PAYMENT_CONFIRMED          → idem (garantia adicional)
+|   PAYMENT_OVERDUE            → marca como expired
+|   PAYMENT_DELETED            → marca como cancelled
+|   PAYMENT_REFUNDED           → marca como refunded + estorna (não implementado auto)
+|--------------------------------------------------------------------------
+*/
+
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type, asaas-access-token',
+    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+}
+
+function json(body: unknown, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+    })
+}
+
+Deno.serve(async (req: Request) => {
+    if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
+    if (req.method !== 'POST') return json({ ok: false, error: 'method_not_allowed' }, 405)
+
+    // Valida token (se configurado)
+    const expectedToken = Deno.env.get('ASAAS_WEBHOOK_TOKEN') || ''
+    if (expectedToken) {
+        const gotToken = req.headers.get('asaas-access-token') || ''
+        if (gotToken !== expectedToken) {
+            console.warn('[asaas-webhook] token mismatch')
+            return json({ ok: false, error: 'forbidden' }, 403)
+        }
+    }
+
+    try {
+        const payload = await req.json().catch(() => null) as Record<string, unknown> | null
+        if (!payload) return json({ ok: true, skipped: 'invalid_payload' })
+
+        const event = String(payload.event || '')
+        const payment = (payload.payment as Record<string, unknown>) || {}
+        const paymentId = String(payment.id || '')
+        const externalRef = String(payment.externalReference || '')
+
+        if (!paymentId) return json({ ok: true, skipped: 'no_payment_id' })
+
+        const supa = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        // Localiza purchase (prefere externalReference = purchase.id)
+        let purchase: Record<string, unknown> | null = null
+        if (externalRef) {
+            const { data } = await supa
+                .from('whatsapp_credit_purchases')
+                .select('id, tenant_id, credits, status')
+                .eq('id', externalRef)
+                .maybeSingle()
+            purchase = data
+        }
+        if (!purchase) {
+            const { data } = await supa
+                .from('whatsapp_credit_purchases')
+                .select('id, tenant_id, credits, status')
+                .eq('asaas_payment_id', paymentId)
+                .maybeSingle()
+            purchase = data
+        }
+        if (!purchase) {
+            console.warn('[asaas-webhook] purchase not found for payment:', paymentId)
+            return json({ ok: true, skipped: 'purchase_not_found' })
+        }
+
+        const now = new Date().toISOString()
+
+        switch (event) {
+            case 'PAYMENT_RECEIVED':
+            case 'PAYMENT_CONFIRMED':
+            case 'PAYMENT_RECEIVED_IN_CASH_UNDONE':
+                // Credita saldo apenas se ainda não foi processado
+                if (purchase.status !== 'paid') {
+                    // Atualiza status
+                    await supa
+                        .from('whatsapp_credit_purchases')
+                        .update({ status: 'paid', paid_at: now })
+                        .eq('id', purchase.id as string)
+
+                    // Credita saldo via RPC
+                    const { error: rpcErr } = await supa.rpc('add_whatsapp_credits', {
+                        p_tenant_id: purchase.tenant_id as string,
+                        p_amount: purchase.credits as number,
+                        p_kind: 'purchase',
+                        p_purchase_id: purchase.id as string,
+                        p_note: `Pagamento Asaas confirmado — ${paymentId}`
+                    })
+                    if (rpcErr) {
+                        console.error('[asaas-webhook] add_credits error:', rpcErr.message)
+                    }
+                }
+                break
+
+            case 'PAYMENT_OVERDUE':
+                if (purchase.status === 'pending') {
+                    await supa.from('whatsapp_credit_purchases').update({
+                        status: 'expired'
+                    }).eq('id', purchase.id as string)
+                }
+                break
+
+            case 'PAYMENT_DELETED':
+                await supa.from('whatsapp_credit_purchases').update({
+                    status: 'cancelled'
+                }).eq('id', purchase.id as string)
+                break
+
+            case 'PAYMENT_REFUNDED':
+                await supa.from('whatsapp_credit_purchases').update({
+                    status: 'refunded'
+                }).eq('id', purchase.id as string)
+                // Não estorna saldo automaticamente — admin decide (pode ter consumido)
+                break
+
+            default:
+                console.log('[asaas-webhook] unhandled event:', event)
+        }
+
+        return json({ ok: true, event, purchase_id: purchase.id })
+    } catch (err) {
+        console.error('[asaas-webhook] fatal:', err)
+        return json({ ok: false, error: String(err) }, 500)
+    }
+})
@@ -0,0 +1,303 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: create-whatsapp-credit-charge
+|--------------------------------------------------------------------------
+| Cria cobrança PIX no Asaas pra compra de pacote de créditos WhatsApp.
+|
+| Input: { package_id: UUID }
+| Output: {
+|   ok: true,
+|   purchase: { id, amount_brl, credits, package_name, asaas_pix_qrcode,
+|               asaas_pix_copy_paste, asaas_payment_link, expires_at }
+| }
+|
+| Env vars:
+|   ASAAS_API_KEY      — API key da conta Asaas
+|   ASAAS_API_URL      — https://sandbox.asaas.com/api/v3 ou https://api.asaas.com/v3
+|--------------------------------------------------------------------------
+*/
+
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+}
+
+function json(body: unknown, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+    })
+}
+
+// ── Asaas helpers ─────────────────────────────────────────
+const ASAAS_API_URL = (Deno.env.get('ASAAS_API_URL') || 'https://sandbox.asaas.com/api/v3').replace(/\/+$/, '')
+const ASAAS_API_KEY = Deno.env.get('ASAAS_API_KEY') || ''
+
+async function asaasRequest(path: string, method: string, body?: unknown) {
+    const resp = await fetch(`${ASAAS_API_URL}${path}`, {
+        method,
+        headers: {
+            'Content-Type': 'application/json',
+            'access_token': ASAAS_API_KEY,
+            'User-Agent': 'AgenciaPSI/1.0'
+        },
+        body: body ? JSON.stringify(body) : undefined
+    })
+    const text = await resp.text()
+    let data: unknown = null
+    try { data = JSON.parse(text) } catch { /* noop */ }
+    if (!resp.ok) {
+        return { ok: false, status: resp.status, error: data || text }
+    }
+    return { ok: true, data }
+}
+
+// Cria ou reutiliza cliente Asaas pro tenant. Se existente estiver sem CPF/CNPJ
+// mas nós temos um (ex: sandbox fallback), atualiza antes de retornar.
+async function getOrCreateAsaasCustomer(
+    tenantName: string,
+    tenantEmail: string | null,
+    tenantDoc: string | null,
+    tenantId: string
+): Promise<{ ok: boolean; id?: string; error?: string }> {
+    // Tenta buscar por externalReference (tenant_id)
+    const search = await asaasRequest(`/customers?externalReference=${encodeURIComponent(tenantId)}`, 'GET')
+    if (search.ok) {
+        const list = (search.data as { data?: Array<{ id: string; cpfCnpj?: string; email?: string; name?: string }> })?.data || []
+        const existing = list[0]
+        if (existing?.id) {
+            // Se falta CPF/CNPJ no customer existente e nós temos um, atualiza
+            const needsUpdate = !existing.cpfCnpj && tenantDoc
+            if (needsUpdate) {
+                const patchPayload: Record<string, unknown> = { cpfCnpj: tenantDoc }
+                if (tenantEmail && !existing.email) patchPayload.email = tenantEmail
+                if (tenantName && !existing.name) patchPayload.name = tenantName
+                const upd = await asaasRequest(`/customers/${existing.id}`, 'POST', patchPayload)
+                if (!upd.ok) {
+                    return { ok: false, error: `update_customer: ${JSON.stringify(upd.error).slice(0, 300)}` }
+                }
+            }
+            return { ok: true, id: existing.id }
+        }
+    }
+
+    // Cria
+    const payload: Record<string, unknown> = {
+        name: tenantName || `Tenant ${tenantId.slice(0, 8)}`,
+        externalReference: tenantId
+    }
+    if (tenantEmail) payload.email = tenantEmail
+    if (tenantDoc) payload.cpfCnpj = tenantDoc
+
+    const create = await asaasRequest('/customers', 'POST', payload)
+    if (!create.ok) return { ok: false, error: JSON.stringify(create.error).slice(0, 300) }
+    const id = (create.data as { id?: string })?.id
+    if (!id) return { ok: false, error: 'no_customer_id' }
+    return { ok: true, id }
+}
+
+Deno.serve(async (req: Request) => {
+    console.log('[create-charge] request received, method:', req.method)
+    if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
+    if (req.method !== 'POST') return json({ ok: false, error: 'method_not_allowed' }, 405)
+
+    console.log('[create-charge] ASAAS_API_KEY length:', ASAAS_API_KEY.length, 'URL:', ASAAS_API_URL)
+    if (!ASAAS_API_KEY) {
+        return json({ ok: false, error: 'Asaas não configurado. Contate o suporte.' }, 503)
+    }
+
+    try {
+        console.log('[create-charge] parsing body')
+        const body = await req.json().catch(() => null) as { package_id?: string; cpf_cnpj?: string } | null
+        console.log('[create-charge] body:', JSON.stringify(body))
+        const packageId = body?.package_id
+        if (!packageId) return json({ ok: false, error: 'package_id ausente' }, 400)
+        const providedDoc = (body?.cpf_cnpj || '').replace(/\D/g, '')
+
+        // Auth
+        const authHeader = req.headers.get('Authorization')
+        console.log('[create-charge] authHeader present:', !!authHeader)
+        if (!authHeader) return json({ ok: false, error: 'unauthorized' }, 401)
+
+        console.log('[create-charge] creating supaAuth client')
+        const supaAuth = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_ANON_KEY')!,
+            { global: { headers: { Authorization: authHeader } } }
+        )
+        console.log('[create-charge] calling auth.getUser')
+        const { data: authData, error: authErr } = await supaAuth.auth.getUser()
+        console.log('[create-charge] authErr:', authErr?.message, 'userId:', authData?.user?.id)
+        if (authErr || !authData?.user) return json({ ok: false, error: 'unauthorized' }, 401)
+        const userId = authData.user.id
+
+        const supaSvc = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        // Descobre tenant do usuário (assume ativo — frontend passa via session)
+        console.log('[create-charge] querying tenant membership for user', userId)
+        const { data: membership, error: memErr } = await supaSvc
+            .from('tenant_members')
+            .select('tenant_id')
+            .eq('user_id', userId)
+            .eq('status', 'active')
+            .limit(1)
+            .maybeSingle()
+        console.log('[create-charge] membership:', membership, 'err:', memErr?.message)
+        if (!membership?.tenant_id) return json({ ok: false, error: 'no_active_tenant' }, 403)
+        const tenantId = membership.tenant_id
+
+        // Busca pacote
+        console.log('[create-charge] querying package', packageId)
+        const { data: pkg, error: pkgErr } = await supaSvc
+            .from('whatsapp_credit_packages')
+            .select('*')
+            .eq('id', packageId)
+            .eq('is_active', true)
+            .maybeSingle()
+        console.log('[create-charge] pkg:', pkg?.name, 'err:', pkgErr?.message)
+        if (!pkg) return json({ ok: false, error: 'package_not_found_or_inactive' }, 404)
+
+        // Busca dados do tenant
+        const { data: tenant } = await supaSvc
+            .from('tenants')
+            .select('id, name, kind, cpf_cnpj')
+            .eq('id', tenantId)
+            .maybeSingle()
+        const tenantName = tenant?.name || `Cliente ${tenantId.slice(0, 8)}`
+
+        // Email do tenant: pega do usuário que está comprando (está autenticado)
+        const tenantEmail = authData.user.email || null
+
+        // CPF/CNPJ: prioridade 1) body (user informou agora), 2) coluna tenants.cpf_cnpj
+        // Asaas exige esse campo. Se ainda nao tem, front deve coletar.
+        const storedDoc = (tenant?.cpf_cnpj || '').replace(/\D/g, '')
+        let tenantDoc: string | null = providedDoc || storedDoc || null
+
+        // Valida comprimento (11 CPF, 14 CNPJ) — sem checksum aqui, UI valida.
+        if (tenantDoc && tenantDoc.length !== 11 && tenantDoc.length !== 14) {
+            return json({
+                ok: false,
+                error: 'cpf_cnpj_invalid',
+                message: 'CPF/CNPJ inválido. Informe 11 dígitos (CPF) ou 14 (CNPJ).'
+            }, 400)
+        }
+
+        if (!tenantDoc) {
+            return json({
+                ok: false,
+                error: 'cpf_cnpj_required',
+                message: 'Informe o CPF/CNPJ do titular pra gerar a cobrança.'
+            }, 400)
+        }
+
+        // Persiste no tenant quando usuario informa novo doc (ou corrige um errado)
+        if (providedDoc && providedDoc !== storedDoc) {
+            const { error: upErr } = await supaSvc
+                .from('tenants')
+                .update({ cpf_cnpj: providedDoc })
+                .eq('id', tenantId)
+            if (upErr) console.warn('[create-charge] update tenant cpf_cnpj failed:', upErr.message)
+        }
+
+        // Cria ordem de compra (pending)
+        console.log('[create-charge] creating purchase record')
+        const expiresAt = new Date(Date.now() + 24 * 3600 * 1000).toISOString()  // 24h
+        const { data: purchase, error: purErr } = await supaSvc
+            .from('whatsapp_credit_purchases')
+            .insert({
+                tenant_id: tenantId,
+                package_id: pkg.id,
+                package_name: pkg.name,
+                credits: pkg.credits,
+                amount_brl: pkg.price_brl,
+                status: 'pending',
+                expires_at: expiresAt,
+                created_by: userId
+            })
+            .select('id')
+            .single()
+        console.log('[create-charge] purchase:', purchase?.id, 'err:', purErr?.message)
+        if (purErr || !purchase) return json({ ok: false, error: `db_insert: ${purErr?.message}` }, 500)
+
+        // Cria/reutiliza customer Asaas
+        console.log('[create-charge] calling getOrCreateAsaasCustomer')
+        const custRes = await getOrCreateAsaasCustomer(tenantName, tenantEmail, tenantDoc, tenantId)
+        console.log('[create-charge] customer result:', custRes)
+        if (!custRes.ok) {
+            // Marca purchase como failed
+            await supaSvc.from('whatsapp_credit_purchases').update({
+                status: 'failed', failed_at: new Date().toISOString()
+            }).eq('id', purchase.id)
+            return json({ ok: false, error: `asaas_customer: ${custRes.error}` }, 502)
+        }
+        const customerId = custRes.id!
+
+        // Cria pagamento PIX no Asaas
+        const dueDate = new Date()
+        dueDate.setDate(dueDate.getDate() + 1)
+        const paymentPayload = {
+            customer: customerId,
+            billingType: 'PIX',
+            value: Number(pkg.price_brl),
+            dueDate: dueDate.toISOString().slice(0, 10),
+            description: `Créditos WhatsApp — ${pkg.name} (${pkg.credits} mensagens)`,
+            externalReference: purchase.id
+        }
+        console.log('[create-charge] creating Asaas payment, payload:', JSON.stringify(paymentPayload))
+        const payRes = await asaasRequest('/payments', 'POST', paymentPayload)
+        console.log('[create-charge] payment result ok:', payRes.ok, 'status:', (payRes as any).status, 'data/error:', JSON.stringify(payRes.ok ? payRes.data : payRes.error).slice(0, 500))
+        if (!payRes.ok) {
+            await supaSvc.from('whatsapp_credit_purchases').update({
+                status: 'failed', failed_at: new Date().toISOString()
+            }).eq('id', purchase.id)
+            return json({ ok: false, error: `asaas_payment: ${JSON.stringify(payRes.error).slice(0, 300)}` }, 502)
+        }
+        const payment = payRes.data as { id: string; invoiceUrl?: string }
+        console.log('[create-charge] payment created:', payment.id)
+
+        // Busca QR Code PIX
+        console.log('[create-charge] fetching PIX QR code')
+        const qrRes = await asaasRequest(`/payments/${payment.id}/pixQrCode`, 'GET')
+        console.log('[create-charge] qr result ok:', qrRes.ok, 'has encodedImage:', !!(qrRes.ok && (qrRes.data as any)?.encodedImage))
+        const qr = qrRes.ok ? (qrRes.data as { encodedImage?: string; payload?: string; expirationDate?: string }) : null
+
+        // Atualiza purchase com dados Asaas
+        console.log('[create-charge] updating purchase with Asaas data')
+        const { error: updErr } = await supaSvc
+            .from('whatsapp_credit_purchases')
+            .update({
+                asaas_customer_id: customerId,
+                asaas_payment_id: payment.id,
+                asaas_payment_link: payment.invoiceUrl ?? null,
+                asaas_pix_qrcode: qr?.encodedImage ?? null,
+                asaas_pix_copy_paste: qr?.payload ?? null
+            })
+            .eq('id', purchase.id)
+        console.log('[create-charge] update purchase err:', updErr?.message)
+
+        console.log('[create-charge] returning success')
+        return json({
+            ok: true,
+            purchase: {
+                id: purchase.id,
+                package_name: pkg.name,
+                credits: pkg.credits,
+                amount_brl: pkg.price_brl,
+                asaas_payment_link: payment.invoiceUrl ?? null,
+                asaas_pix_qrcode: qr?.encodedImage ?? null,
+                asaas_pix_copy_paste: qr?.payload ?? null,
+                expires_at: expiresAt
+            }
+        })
+    } catch (err) {
+        const msg = err instanceof Error ? `${err.message}\n${err.stack}` : String(err)
+        console.error('[create-whatsapp-credit-charge] fatal:', msg)
+        return json({ ok: false, error: String(err), stack: msg }, 500)
+    }
+})
@@ -0,0 +1,100 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: deactivate-notification-channel
+|--------------------------------------------------------------------------
+| Desativa um canal de notificação (soft delete) usando service_role pra
+| bypassar RLS. Usado pelo chooser de WhatsApp quando o tenant quer trocar
+| de provedor mas o canal foi criado pelo SaaS admin (owner_id != tenant).
+|
+| Autoriza: apenas membros ativos do tenant dono do canal.
+|--------------------------------------------------------------------------
+*/
+
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+}
+
+function json(body: unknown, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+    })
+}
+
+Deno.serve(async (req: Request) => {
+    if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
+    if (req.method !== 'POST') return json({ ok: false, error: 'method_not_allowed' }, 405)
+
+    try {
+        const body = await req.json().catch(() => null) as { channel_id?: string } | null
+        const channelId = body?.channel_id
+        if (!channelId) return json({ ok: false, error: 'channel_id ausente' }, 400)
+
+        // Auth: valida user via JWT
+        const authHeader = req.headers.get('Authorization')
+        if (!authHeader) return json({ ok: false, error: 'unauthorized' }, 401)
+
+        const supaAuth = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_ANON_KEY')!,
+            { global: { headers: { Authorization: authHeader } } }
+        )
+        const { data: authData, error: authErr } = await supaAuth.auth.getUser()
+        if (authErr || !authData?.user) return json({ ok: false, error: 'unauthorized' }, 401)
+        const userId = authData.user.id
+
+        // Service role pra bypass RLS
+        const supaSvc = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        // Busca o canal
+        const { data: channel, error: chErr } = await supaSvc
+            .from('notification_channels')
+            .select('id, tenant_id')
+            .eq('id', channelId)
+            .is('deleted_at', null)
+            .maybeSingle()
+
+        if (chErr || !channel) return json({ ok: false, error: 'channel_not_found' }, 404)
+
+        // Autoriza: user deve ser saas_admin OU membro ativo do tenant dono do canal
+        const { data: isAdmin } = await supaSvc.rpc('is_saas_admin')
+        let authorized = !!isAdmin
+        if (!authorized) {
+            const { data: membership } = await supaSvc
+                .from('tenant_members')
+                .select('id')
+                .eq('tenant_id', channel.tenant_id)
+                .eq('user_id', userId)
+                .eq('status', 'active')
+                .maybeSingle()
+            authorized = !!membership
+        }
+        if (!authorized) return json({ ok: false, error: 'forbidden' }, 403)
+
+        // Desativa (soft-delete)
+        const { error: updErr } = await supaSvc
+            .from('notification_channels')
+            .update({
+                is_active: false,
+                deleted_at: new Date().toISOString()
+            })
+            .eq('id', channelId)
+
+        if (updErr) {
+            console.error('[deactivate-notification-channel] update error:', updErr.message)
+            return json({ ok: false, error: updErr.message }, 500)
+        }
+
+        return json({ ok: true, channel_id: channelId })
+    } catch (err) {
+        console.error('[deactivate-notification-channel] fatal:', err)
+        return json({ ok: false, error: String(err) }, 500)
+    }
+})
@@ -0,0 +1,166 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: evolution-webhook-provision
+|--------------------------------------------------------------------------
+| Configura automaticamente o webhook MESSAGES_UPSERT numa instância da
+| Evolution API pra apontar pra edge function `evolution-whatsapp-inbound`.
+|
+| Body JSON:
+|   {
+|     "tenant_id":     "<uuid>",
+|     "api_url":       "http://localhost:8080",
+|     "api_key":       "<apikey global da evolution>",
+|     "instance_name": "<nome da instance>",
+|     "public_url":    "https://seu-projeto.supabase.co"  (opcional)
+|   }
+|
+| Usa SUPABASE_URL como fallback do public_url.
+|--------------------------------------------------------------------------
+*/
+
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+}
+
+function json(body: unknown, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+    })
+}
+
+// Edge function roda em container — localhost aponta pra ele mesmo, não pro host.
+// Substitui localhost/127.0.0.1 por host.docker.internal pra alcançar o host.
+function rewriteForContainer(apiUrl: string): string {
+    try {
+        const u = new URL(apiUrl)
+        if (u.hostname === 'localhost' || u.hostname === '127.0.0.1') {
+            u.hostname = 'host.docker.internal'
+            return u.toString().replace(/\/+$/, '')
+        }
+        return apiUrl.replace(/\/+$/, '')
+    } catch {
+        return apiUrl
+    }
+}
+
+Deno.serve(async (req: Request) => {
+    if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
+    if (req.method !== 'POST') return json({ ok: false, error: 'method' }, 405)
+
+    try {
+        const body = await req.json().catch(() => null)
+        if (!body || typeof body !== 'object') return json({ ok: false, error: 'body invalido' }, 400)
+
+        const { tenant_id, api_url, api_key, instance_name, public_url } = body as Record<string, string>
+
+        if (!tenant_id || !api_url || !api_key || !instance_name) {
+            return json({ ok: false, error: 'faltam campos obrigatorios (tenant_id, api_url, api_key, instance_name)' }, 400)
+        }
+
+        // Verifica caller: precisa ser member do tenant ou saas_admin
+        const auth = req.headers.get('Authorization') ?? ''
+        const supaAuthed = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_ANON_KEY')!,
+            { global: { headers: { Authorization: auth } } }
+        )
+        const { data: authData, error: authErr } = await supaAuthed.auth.getUser()
+        if (authErr || !authData?.user) return json({ ok: false, error: 'auth' }, 401)
+
+        const supaSvc = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        const userId = authData.user.id
+        // check membro ativo ou saas_admin
+        const { data: isAdmin } = await supaSvc.rpc('is_saas_admin')
+        if (!isAdmin) {
+            const { data: membership } = await supaSvc
+                .from('tenant_members')
+                .select('id')
+                .eq('tenant_id', tenant_id)
+                .eq('user_id', userId)
+                .eq('status', 'active')
+                .maybeSingle()
+            if (!membership) return json({ ok: false, error: 'forbidden' }, 403)
+        }
+
+        // Monta a URL publica do webhook
+        const basePublic = public_url || Deno.env.get('SUPABASE_URL')
+        if (!basePublic) return json({ ok: false, error: 'public_url nao definido' }, 400)
+        const webhookUrl = `${basePublic.replace(/\/+$/, '')}/functions/v1/evolution-whatsapp-inbound?tenant_id=${encodeURIComponent(tenant_id)}`
+
+        // Configura via Evolution API (rewrite localhost → host.docker.internal pra container)
+        const evoEndpoint = `${rewriteForContainer(api_url)}/webhook/set/${encodeURIComponent(instance_name)}`
+
+        // Evolution v2 payload (wrapped em "webhook")
+        const evoBodyV2 = {
+            webhook: {
+                enabled: true,
+                url: webhookUrl,
+                byEvents: false,
+                base64: false,
+                events: ['MESSAGES_UPSERT', 'MESSAGES_UPDATE']
+            }
+        }
+
+        // Evolution v1 payload (flat)
+        const evoBodyV1 = {
+            enabled: true,
+            url: webhookUrl,
+            webhook_by_events: false,
+            events: ['MESSAGES_UPSERT', 'MESSAGES_UPDATE']
+        }
+
+        async function tryPost(bodyObj: Record<string, unknown>) {
+            const r = await fetch(evoEndpoint, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json', 'apikey': api_key },
+                body: JSON.stringify(bodyObj)
+            })
+            const t = await r.text()
+            let j: unknown = t
+            try { j = JSON.parse(t) } catch { /* keep text */ }
+            return { resp: r, json: j }
+        }
+
+        // Tenta v2 primeiro (user tem Evolution v2 pela resposta do state)
+        let attempt = await tryPost(evoBodyV2)
+        let payloadFormatUsed = 'v2'
+        if (!attempt.resp.ok) {
+            // Fallback v1
+            const v1Attempt = await tryPost(evoBodyV1)
+            if (v1Attempt.resp.ok) {
+                attempt = v1Attempt
+                payloadFormatUsed = 'v1'
+            } else {
+                // Retorna o erro da segunda tentativa
+                return json({
+                    ok: false,
+                    error: `Evolution retornou ${attempt.resp.status} (v2) e ${v1Attempt.resp.status} (v1)`,
+                    evolution_response_v2: attempt.json,
+                    evolution_response_v1: v1Attempt.json,
+                    webhook_url: webhookUrl,
+                    evolution_endpoint: evoEndpoint
+                }, 502)
+            }
+        }
+
+        const respJson = attempt.json
+
+        return json({
+            ok: true,
+            webhook_url: webhookUrl,
+            payload_format: payloadFormatUsed,
+            evolution_response: respJson
+        })
+    } catch (err) {
+        return json({ ok: false, error: String(err) }, 500)
+    }
+})
@@ -0,0 +1,485 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: evolution-whatsapp-inbound
+|--------------------------------------------------------------------------
+| Recebe webhooks da Evolution API (self-hosted WhatsApp Baileys-based) para
+| mensagens recebidas pelos tenants.
+|
+| Midia (audio/imagem/video/doc):
+|   A Evolution envia a URL criptografada da Meta (mmg.whatsapp.net/...)
+|   que NAO e diretamente tocavel. Chamamos o endpoint
+|   POST /chat/getBase64FromMediaMessage/{instance} pra Evolution decriptar,
+|   decodamos o base64 e subimos pro bucket privado `whatsapp-media` do
+|   Supabase Storage. Salvamos apenas o PATH em media_url; o frontend gera
+|   signed URL on-demand.
+|
+| URL do webhook:
+|   https://<project>.supabase.co/functions/v1/evolution-whatsapp-inbound?tenant_id=<uuid>
+|--------------------------------------------------------------------------
+*/
+
+import { createClient, SupabaseClient } from 'https://esm.sh/@supabase/supabase-js@2'
+import {
+    buildThreadKey,
+    detectOptoutKeyword,
+    maybeOptIn,
+    maybeSendAutoReply,
+    registerOptout,
+    type SendFn
+} from '../_shared/whatsapp-hooks.ts'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+    'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
+}
+
+const BUCKET = 'whatsapp-media'
+
+// Edge function roda em container — localhost aponta pra ele mesmo, nao pro host.
+function rewriteForContainer(apiUrl: string): string {
+    try {
+        const u = new URL(apiUrl)
+        if (u.hostname === 'localhost' || u.hostname === '127.0.0.1') {
+            u.hostname = 'host.docker.internal'
+            return u.toString().replace(/\/+$/, '')
+        }
+        return apiUrl.replace(/\/+$/, '')
+    } catch {
+        return apiUrl
+    }
+}
+
+function jidToPhone(jid: string | undefined | null): string | null {
+    if (!jid) return null
+    const m = String(jid).match(/^(\d+)@/)
+    return m ? m[1] : null
+}
+
+// Mapeia mime → extensao pra nome do arquivo
+function extFromMime(mime: string | null | undefined): string {
+    if (!mime) return 'bin'
+    const m = mime.toLowerCase().split(';')[0].trim()
+    const map: Record<string, string> = {
+        'audio/ogg': 'ogg',
+        'audio/mpeg': 'mp3',
+        'audio/mp4': 'm4a',
+        'audio/aac': 'aac',
+        'audio/wav': 'wav',
+        'audio/webm': 'webm',
+        'image/jpeg': 'jpg',
+        'image/png': 'png',
+        'image/webp': 'webp',
+        'image/gif': 'gif',
+        'video/mp4': 'mp4',
+        'video/3gpp': '3gp',
+        'video/quicktime': 'mov',
+        'video/webm': 'webm',
+        'application/pdf': 'pdf',
+        'application/msword': 'doc',
+        'application/vnd.openxmlformats-officedocument.wordprocessingml.document': 'docx',
+        'application/vnd.ms-excel': 'xls',
+        'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet': 'xlsx',
+        'text/plain': 'txt',
+        'application/zip': 'zip'
+    }
+    return map[m] ?? 'bin'
+}
+
+// Extrai body + indicador de tipo de midia do payload
+type MessageParts = {
+    body: string | null
+    mediaUrl: string | null
+    mediaMime: string | null
+    hasEncryptedMedia: boolean   // true se precisa chamar getBase64 pra decriptar
+}
+
+function extractMessageBody(message: Record<string, unknown> | null | undefined): MessageParts {
+    if (!message) return { body: null, mediaUrl: null, mediaMime: null, hasEncryptedMedia: false }
+
+    if (typeof (message as { conversation?: unknown }).conversation === 'string') {
+        return { body: (message as { conversation: string }).conversation, mediaUrl: null, mediaMime: null, hasEncryptedMedia: false }
+    }
+    const ext = (message as { extendedTextMessage?: { text?: string } }).extendedTextMessage
+    if (ext?.text) {
+        return { body: ext.text, mediaUrl: null, mediaMime: null, hasEncryptedMedia: false }
+    }
+    const img = (message as { imageMessage?: { caption?: string; url?: string; mimetype?: string } }).imageMessage
+    if (img) {
+        return { body: img.caption ?? '[imagem]', mediaUrl: img.url ?? null, mediaMime: img.mimetype ?? 'image/jpeg', hasEncryptedMedia: true }
+    }
+    const aud = (message as { audioMessage?: { url?: string; mimetype?: string } }).audioMessage
+    if (aud) {
+        return { body: '[áudio]', mediaUrl: aud.url ?? null, mediaMime: aud.mimetype ?? 'audio/ogg', hasEncryptedMedia: true }
+    }
+    const vid = (message as { videoMessage?: { caption?: string; url?: string; mimetype?: string } }).videoMessage
+    if (vid) {
+        return { body: vid.caption ?? '[vídeo]', mediaUrl: vid.url ?? null, mediaMime: vid.mimetype ?? 'video/mp4', hasEncryptedMedia: true }
+    }
+    const doc = (message as { documentMessage?: { title?: string; fileName?: string; url?: string; mimetype?: string } }).documentMessage
+    if (doc) {
+        return { body: `[doc] ${doc.title ?? doc.fileName ?? ''}`.trim(), mediaUrl: doc.url ?? null, mediaMime: doc.mimetype ?? 'application/octet-stream', hasEncryptedMedia: true }
+    }
+
+    return { body: '[mensagem não textual]', mediaUrl: null, mediaMime: null, hasEncryptedMedia: false }
+}
+
+// Decodifica base64 (com ou sem prefixo data: URI) para Uint8Array
+function base64ToBytes(b64: string): Uint8Array {
+    const clean = b64.replace(/^data:[^;]+;base64,/, '')
+    const bin = atob(clean)
+    const out = new Uint8Array(bin.length)
+    for (let i = 0; i < bin.length; i++) out[i] = bin.charCodeAt(i)
+    return out
+}
+
+type EvolutionCreds = { apiUrl: string; apiKey: string; instance: string }
+
+// Busca credenciais Evolution do tenant em notification_channels
+async function getTenantEvolutionCreds(supa: SupabaseClient, tenantId: string): Promise<EvolutionCreds | null> {
+    const { data: channel, error } = await supa
+        .from('notification_channels')
+        .select('credentials')
+        .eq('tenant_id', tenantId)
+        .eq('channel', 'whatsapp')
+        .is('deleted_at', null)
+        .maybeSingle()
+
+    if (error || !channel) return null
+    const c = (channel.credentials ?? {}) as Record<string, string>
+    if (!c.api_url || !c.api_key || !c.instance_name) return null
+    return { apiUrl: c.api_url, apiKey: c.api_key, instance: c.instance_name }
+}
+
+// Chama Evolution pra decriptar a midia; retorna base64 string
+async function fetchMediaBase64FromEvolution(creds: EvolutionCreds, messageNode: Record<string, unknown>): Promise<string | null> {
+    const endpoint = `${rewriteForContainer(creds.apiUrl)}/chat/getBase64FromMediaMessage/${encodeURIComponent(creds.instance)}`
+    try {
+        const resp = await fetch(endpoint, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json', apikey: creds.apiKey },
+            // Evolution v2 aceita o proprio data.message (node com key + message) ou so a key
+            body: JSON.stringify({ message: messageNode, convertToMp4: false })
+        })
+        const text = await resp.text()
+        if (!resp.ok) {
+            console.error('[evolution-whatsapp-inbound] getBase64 HTTP error', resp.status, text.slice(0, 300))
+            return null
+        }
+        let j: Record<string, unknown> | null = null
+        try { j = JSON.parse(text) } catch { /* fica null */ }
+        if (!j) return null
+        // Resposta pode vir como { base64: "..." } ou { data: { base64: "..." } }
+        const b64 = (j as { base64?: string }).base64
+            ?? (j as { data?: { base64?: string } }).data?.base64
+            ?? null
+        return typeof b64 === 'string' && b64.length > 0 ? b64 : null
+    } catch (err) {
+        console.error('[evolution-whatsapp-inbound] getBase64 fetch error:', err)
+        return null
+    }
+}
+
+// Envia texto via Evolution (usado como SendFn injetado nos hooks compartilhados)
+async function sendViaEvolution(
+    creds: EvolutionCreds,
+    phone: string,
+    text: string
+): Promise<{ ok: boolean; messageId?: string | null; error?: string }> {
+    try {
+        const endpoint = `${rewriteForContainer(creds.apiUrl)}/message/sendText/${encodeURIComponent(creds.instance)}`
+        const resp = await fetch(endpoint, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json', apikey: creds.apiKey },
+            body: JSON.stringify({ number: phone, text })
+        })
+        if (!resp.ok) {
+            const t = await resp.text()
+            return { ok: false, error: `HTTP ${resp.status}: ${t.slice(0, 200)}` }
+        }
+        const j = await resp.json().catch(() => null) as Record<string, unknown> | null
+        const msgId = (j?.key as { id?: string })?.id ?? null
+        return { ok: true, messageId: msgId }
+    } catch (err) {
+        return { ok: false, error: String(err) }
+    }
+}
+
+// Sobe os bytes decodificados pro bucket, retorna path relativo (sem bucket prefix)
+async function uploadToBucket(
+    supa: SupabaseClient,
+    tenantId: string,
+    bytes: Uint8Array,
+    mime: string,
+    messageId: string | null
+): Promise<string | null> {
+    const now = new Date()
+    const yyyy = now.getFullYear()
+    const mm = String(now.getMonth() + 1).padStart(2, '0')
+    const safeId = (messageId ?? crypto.randomUUID()).replace(/[^A-Za-z0-9_-]/g, '_').slice(0, 64)
+    const ext = extFromMime(mime)
+    const path = `${tenantId}/${yyyy}/${mm}/${safeId}_${Date.now()}.${ext}`
+
+    // Strip codec params (ex: "audio/ogg; codecs=opus" → "audio/ogg")
+    // Supabase Storage allowed_mime_types faz match exato contra o contentType
+    const cleanMime = (mime || '').split(';')[0].trim() || 'application/octet-stream'
+
+    const { error } = await supa.storage.from(BUCKET).upload(path, bytes, {
+        contentType: cleanMime,
+        upsert: false,
+        cacheControl: '3600'
+    })
+    if (error) {
+        console.error('[evolution-whatsapp-inbound] upload error:', error.message, 'mime:', cleanMime, 'path:', path)
+        return null
+    }
+    return path
+}
+
+Deno.serve(async (req: Request) => {
+    if (req.method === 'OPTIONS') {
+        return new Response('ok', { headers: corsHeaders })
+    }
+    if (req.method !== 'POST') {
+        return new Response(JSON.stringify({ ok: true }), { status: 200, headers: { ...corsHeaders, 'Content-Type': 'application/json' } })
+    }
+
+    try {
+        const url = new URL(req.url)
+        const tenantId = url.searchParams.get('tenant_id')
+        if (!tenantId) {
+            return new Response(JSON.stringify({ ok: false, error: 'tenant_id ausente' }), {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+            })
+        }
+
+        const supabase = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        const payload = await req.json().catch(() => null)
+        if (!payload || typeof payload !== 'object') {
+            return new Response(JSON.stringify({ ok: true, skipped: 'payload invalido' }), {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+            })
+        }
+
+        const eventName = (payload as { event?: string }).event
+
+        // messages.update → atualiza delivery_status da outbound
+        if (eventName === 'messages.update') {
+            const updates = ((payload as { data?: unknown }).data ?? []) as Array<Record<string, unknown>>
+            const arr = Array.isArray(updates) ? updates : [updates]
+            for (const u of arr) {
+                const k = (u as { key?: Record<string, unknown> }).key ?? {}
+                const msgId = (k as { id?: string }).id
+                const rawStatus = String((u as { status?: string }).status ?? '').toUpperCase()
+                if (!msgId || !rawStatus) continue
+                const delivery =
+                    rawStatus === 'READ' ? 'read' :
+                    rawStatus === 'DELIVERY_ACK' || rawStatus === 'DELIVERED' ? 'delivered' :
+                    rawStatus === 'SERVER_ACK' || rawStatus === 'SENT' ? 'sent' :
+                    rawStatus === 'ERROR' || rawStatus === 'FAILED' ? 'failed' :
+                    null
+                if (!delivery) continue
+                const patch: Record<string, unknown> = { delivery_status: delivery }
+                if (delivery === 'delivered') patch.delivered_at = new Date().toISOString()
+                if (delivery === 'read') {
+                    patch.read_by_recipient_at = new Date().toISOString()
+                    patch.delivered_at = patch.delivered_at ?? new Date().toISOString()
+                }
+                await supabase
+                    .from('conversation_messages')
+                    .update(patch)
+                    .eq('tenant_id', tenantId)
+                    .eq('provider_message_id', msgId)
+                    .eq('direction', 'outbound')
+            }
+            return new Response(JSON.stringify({ ok: true, event: eventName, processed: arr.length }), {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+            })
+        }
+
+        if (eventName !== 'messages.upsert') {
+            return new Response(JSON.stringify({ ok: true, skipped: eventName }), {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+            })
+        }
+
+        const data = (payload as { data?: Record<string, unknown> }).data ?? {}
+        const key = (data as { key?: Record<string, unknown> }).key ?? {}
+        const fromMe = (key as { fromMe?: boolean }).fromMe === true
+        const messageId = (key as { id?: string }).id ?? null
+
+        const remoteJid = (key as { remoteJid?: string }).remoteJid
+        if (!remoteJid || remoteJid.endsWith('@g.us')) {
+            return new Response(JSON.stringify({ ok: true, skipped: 'grupo/sem jid' }), {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+            })
+        }
+
+        const fromPhone = jidToPhone(remoteJid)
+        const messageObj = (data as { message?: Record<string, unknown> }).message
+        const pushName = (data as { pushName?: string }).pushName ?? null
+        const ts = (data as { messageTimestamp?: number | string }).messageTimestamp
+
+        const parts = extractMessageBody(messageObj)
+
+        const cleanBody = parts.body
+            ? String(parts.body).replace(/[\x00-\x08\x0B\x0C\x0E-\x1F]/g, '').slice(0, 4000)
+            : null
+
+        // Decripta + sobe midia pro bucket se necessario
+        let storedMediaUrl: string | null = parts.mediaUrl
+        let mediaError: string | null = null
+        if (parts.hasEncryptedMedia && messageObj && parts.mediaMime) {
+            const creds = await getTenantEvolutionCreds(supabase, tenantId)
+            if (!creds) {
+                mediaError = 'creds_not_found'
+                storedMediaUrl = null
+            } else {
+                // Evolution v2 espera o node completo {key, message}
+                const messageNode = { key, message: messageObj }
+                const b64 = await fetchMediaBase64FromEvolution(creds, messageNode)
+                if (!b64) {
+                    mediaError = 'decrypt_failed'
+                    storedMediaUrl = null
+                } else {
+                    try {
+                        const bytes = base64ToBytes(b64)
+                        // Sanity check: nao aceita arquivo vazio ou gigante
+                        if (bytes.length === 0) {
+                            mediaError = 'empty_media'
+                            storedMediaUrl = null
+                        } else if (bytes.length > 26214400) {
+                            mediaError = 'too_large'
+                            storedMediaUrl = null
+                        } else {
+                            const path = await uploadToBucket(supabase, tenantId, bytes, parts.mediaMime, messageId)
+                            if (path) {
+                                storedMediaUrl = path  // salva apenas o PATH (frontend gera signed URL)
+                            } else {
+                                mediaError = 'upload_failed'
+                                storedMediaUrl = null
+                            }
+                        }
+                    } catch (err) {
+                        console.error('[evolution-whatsapp-inbound] decode error:', err)
+                        mediaError = 'decode_error'
+                        storedMediaUrl = null
+                    }
+                }
+            }
+        }
+
+        const { data: matchData } = await supabase.rpc('match_patient_by_phone', {
+            p_tenant_id: tenantId,
+            p_phone: fromPhone
+        })
+        const patientId = matchData as string | null
+
+        const receivedAt = ts
+            ? new Date(Number(ts) * (String(ts).length === 10 ? 1000 : 1)).toISOString()
+            : new Date().toISOString()
+
+        // Dedup outbound echo
+        if (fromMe && messageId) {
+            const { data: existing } = await supabase
+                .from('conversation_messages')
+                .select('id')
+                .eq('tenant_id', tenantId)
+                .eq('provider_message_id', messageId)
+                .eq('direction', 'outbound')
+                .maybeSingle()
+
+            if (existing?.id) {
+                return new Response(JSON.stringify({ ok: true, echo_dedup: true }), {
+                    status: 200,
+                    headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+                })
+            }
+        }
+
+        const direction = fromMe ? 'outbound' : 'inbound'
+        const kanbanStatus = fromMe ? 'awaiting_patient' : 'awaiting_us'
+
+        const { error: insErr } = await supabase.from('conversation_messages').insert({
+            tenant_id: tenantId,
+            patient_id: patientId,
+            channel: 'whatsapp',
+            direction,
+            from_number: fromMe ? null : fromPhone,
+            to_number: fromMe ? fromPhone : null,
+            body: cleanBody,
+            media_url: storedMediaUrl,
+            media_mime: parts.mediaMime,
+            provider: 'evolution',
+            provider_message_id: messageId ?? null,
+            provider_raw: { event: eventName, pushName, remoteJid, fromMe, mediaError },
+            kanban_status: kanbanStatus,
+            received_at: fromMe ? null : receivedAt,
+            responded_at: fromMe ? receivedAt : null
+        })
+
+        if (insErr) {
+            console.error('[evolution-whatsapp-inbound] insert error:', insErr)
+        }
+
+        // Opt-out / Opt-in detection (apenas pra inbound)
+        let optoutAction: 'out' | 'in' | null = null
+        let autoReplyResult: { sent: boolean; reason?: string } | null = null
+
+        if (!fromMe && !insErr && fromPhone) {
+            // SendFn injetado: Evolution nao deduz creditos (provider gratis/self-hosted)
+            const creds = await getTenantEvolutionCreds(supabase, tenantId)
+            const sendFn: SendFn = creds
+                ? (phone, text) => sendViaEvolution(creds, phone, text)
+                : async () => ({ ok: false, error: 'creds_missing' })
+
+            try {
+                const optedBackIn = await maybeOptIn(supabase, tenantId, fromPhone, cleanBody)
+                if (optedBackIn) optoutAction = 'in'
+            } catch (err) {
+                console.error('[optout] opt-in check error:', err)
+            }
+
+            if (!optoutAction) {
+                try {
+                    const keyword = await detectOptoutKeyword(supabase, tenantId, cleanBody)
+                    if (keyword) {
+                        await registerOptout(supabase, tenantId, fromPhone, patientId, cleanBody, keyword, 'evolution', sendFn)
+                        optoutAction = 'out'
+                    }
+                } catch (err) {
+                    console.error('[optout] detect error:', err)
+                }
+            }
+
+            if (optoutAction !== 'out') {
+                const threadKey = buildThreadKey(patientId, fromPhone)
+                try {
+                    autoReplyResult = await maybeSendAutoReply(supabase, tenantId, threadKey, fromPhone, 'evolution', sendFn)
+                } catch (err) {
+                    console.error('[auto-reply] unexpected error:', err)
+                }
+            }
+        }
+
+        return new Response(JSON.stringify({ ok: true, mediaError, optoutAction, autoReply: autoReplyResult }), {
+            status: 200,
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+        })
+    } catch (err) {
+        console.error('[evolution-whatsapp-inbound] fatal:', err)
+        return new Response(JSON.stringify({ ok: false, error: String(err) }), {
+            status: 200,
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+        })
+    }
+})
@@ -0,0 +1,145 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: get-intake-invite-info (A#31)
+|--------------------------------------------------------------------------
+| Lookup read-only dos dados de apresentação do terapeuta/clínica a partir
+| do token do patient_invite. Alimenta o "hero header" da página pública
+| /cadastro/paciente.
+|
+| Defesa em camadas (reusa o mesmo padrão do submit-patient-intake):
+|   1. Rate limit por IP     → check_rate_limit RPC (endpoint=invite_info_lookup)
+|   2. Logging               → record_submission_attempt RPC
+|
+| Não usa honeypot nem captcha porque:
+|   • Não há input humano (só o token da URL).
+|   • Payload devolvido é intencionalmente limitado a campos não-sensíveis.
+|   • Token é UUID (128 bits) — enumeração brute-force inviável na prática.
+|--------------------------------------------------------------------------
+*/
+
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+const SUPABASE_URL         = Deno.env.get('SUPABASE_URL')
+const SUPABASE_SERVICE_KEY = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')
+const ENDPOINT_NAME        = 'invite_info_lookup'
+
+const supabase = createClient(SUPABASE_URL, SUPABASE_SERVICE_KEY)
+
+const CORS_HEADERS = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type'
+}
+
+function jsonResponse(body, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { 'content-type': 'application/json', ...CORS_HEADERS }
+    })
+}
+
+async function hashIp(ip) {
+    if (!ip) return null
+    const buf = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(`agenciapsi:${ip}`))
+    return Array.from(new Uint8Array(buf)).map((b) => b.toString(16).padStart(2, '0')).join('').slice(0, 32)
+}
+
+function getClientIp(req) {
+    const xff = req.headers.get('x-forwarded-for')
+    if (xff) return xff.split(',')[0].trim()
+    return req.headers.get('cf-connecting-ip') || req.headers.get('x-real-ip') || null
+}
+
+Deno.serve(async (req) => {
+    if (req.method === 'OPTIONS') return new Response(null, { status: 204, headers: CORS_HEADERS })
+    if (req.method !== 'POST')    return jsonResponse({ error: 'method-not-allowed' }, 405)
+
+    let body
+    try {
+        body = await req.json()
+    } catch {
+        return jsonResponse({ error: 'invalid-json' }, 400)
+    }
+
+    const token     = String(body?.token || '').trim()
+    const ip        = getClientIp(req)
+    const ipHash    = await hashIp(ip)
+    const userAgent = String(req.headers.get('user-agent') || '').slice(0, 500)
+
+    if (!token) {
+        return jsonResponse({ error: 'missing-token' }, 400)
+    }
+
+    // ── Rate limit ──
+    const { data: rl, error: rlErr } = await supabase.rpc('check_rate_limit', {
+        p_ip_hash:  ipHash,
+        p_endpoint: ENDPOINT_NAME
+    })
+    if (rlErr) {
+        console.error('[get-intake-invite-info] check_rate_limit failed:', rlErr.message)
+    }
+    if (rl && rl.allowed === false) {
+        await supabase.rpc('record_submission_attempt', {
+            p_endpoint:   ENDPOINT_NAME,
+            p_ip_hash:    ipHash,
+            p_success:    false,
+            p_blocked_by: 'rate_limit',
+            p_error_code: rl.reason || 'blocked',
+            p_error_msg:  null,
+            p_user_agent: userAgent,
+            p_metadata:   null
+        })
+        return jsonResponse({
+            error: 'rate-limited',
+            retry_after_seconds: rl.retry_after_seconds || null
+        }, 429)
+    }
+
+    // ── RPC de lookup ──
+    const { data, error } = await supabase.rpc('get_patient_intake_invite_info', {
+        p_token: token
+    })
+
+    if (error) {
+        await supabase.rpc('record_submission_attempt', {
+            p_endpoint:   ENDPOINT_NAME,
+            p_ip_hash:    ipHash,
+            p_success:    false,
+            p_blocked_by: 'rpc',
+            p_error_code: error.code || 'rpc_err',
+            p_error_msg:  error.message,
+            p_user_agent: userAgent,
+            p_metadata:   null
+        })
+        return jsonResponse({ error: 'rpc-failed' }, 400)
+    }
+
+    // RPC devolve { error: 'invalid-token' | 'missing-token' } para ruim e
+    // { ok: true, info: {...} } para sucesso.
+    if (data && data.error) {
+        await supabase.rpc('record_submission_attempt', {
+            p_endpoint:   ENDPOINT_NAME,
+            p_ip_hash:    ipHash,
+            p_success:    false,
+            p_blocked_by: 'validation',
+            p_error_code: data.error,
+            p_error_msg:  null,
+            p_user_agent: userAgent,
+            p_metadata:   null
+        })
+        return jsonResponse({ error: data.error }, 404)
+    }
+
+    await supabase.rpc('record_submission_attempt', {
+        p_endpoint:   ENDPOINT_NAME,
+        p_ip_hash:    ipHash,
+        p_success:    true,
+        p_blocked_by: null,
+        p_error_code: null,
+        p_error_msg:  null,
+        p_user_agent: userAgent,
+        p_metadata:   null
+    })
+
+    return jsonResponse({ ok: true, info: data?.info || null }, 200)
+})
@@ -0,0 +1,475 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: send-session-reminders
+|--------------------------------------------------------------------------
+| Dispara lembretes WhatsApp pra sessões futuras. Chamado por pg_cron a cada
+| 15 minutos.
+|
+| Busca eventos com inicio_em dentro das janelas:
+|   - 24h ± 15min  (envio do lembrete de 24h)
+|   - 2h  ± 15min  (envio do lembrete de 2h)
+|
+| Checa per-evento:
+|   - settings.enabled do tenant
+|   - quiet_hours (agora está dentro da janela silenciosa?)
+|   - opt-out do paciente
+|   - canal ativo (Evolution/Twilio)
+|   - log unique: nao duplica
+|
+| Suporta apenas Evolution no momento (Twilio virá com Marco B - créditos).
+|--------------------------------------------------------------------------
+*/
+
+import { createClient, SupabaseClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+    'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
+}
+
+function json(body: unknown, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+    })
+}
+
+function rewriteForContainer(apiUrl: string): string {
+    try {
+        const u = new URL(apiUrl)
+        if (u.hostname === 'localhost' || u.hostname === '127.0.0.1') {
+            u.hostname = 'host.docker.internal'
+            return u.toString().replace(/\/+$/, '')
+        }
+        return apiUrl.replace(/\/+$/, '')
+    } catch {
+        return apiUrl
+    }
+}
+
+function normalizePhoneBR(raw: string | null | undefined): string {
+    const digits = String(raw || '').replace(/\D/g, '')
+    if (digits.length === 10 || digits.length === 11) return '55' + digits
+    return digits
+}
+
+// Verifica se o momento atual (em São Paulo) está dentro da janela quiet_hours
+function isQuietHoursNow(startHHMM: string, endHHMM: string): boolean {
+    const now = new Date()
+    const fmt = new Intl.DateTimeFormat('en-US', {
+        timeZone: 'America/Sao_Paulo',
+        hour: '2-digit', minute: '2-digit', hour12: false
+    })
+    const parts = fmt.formatToParts(now)
+    const h = parseInt(parts.find((p) => p.type === 'hour')?.value || '0', 10)
+    const m = parseInt(parts.find((p) => p.type === 'minute')?.value || '0', 10)
+    const mins = h * 60 + m
+    const [sh, sm] = startHHMM.split(':').map(Number)
+    const [eh, em] = endHHMM.split(':').map(Number)
+    const startMin = (sh || 0) * 60 + (sm || 0)
+    const endMin = (eh || 0) * 60 + (em || 0)
+    if (startMin === endMin) return false
+    if (startMin < endMin) {
+        // janela normal (ex: 08:00-12:00)
+        return mins >= startMin && mins < endMin
+    }
+    // janela atravessando meia-noite (ex: 22:00-08:00)
+    return mins >= startMin || mins < endMin
+}
+
+// Formata data/hora do evento pra texto pt-BR
+function fmtDateDayMonth(iso: string): string {
+    try {
+        const d = new Date(iso)
+        return new Intl.DateTimeFormat('pt-BR', {
+            timeZone: 'America/Sao_Paulo',
+            day: '2-digit', month: 'long'
+        }).format(d)
+    } catch { return iso }
+}
+
+function fmtTime(iso: string): string {
+    try {
+        const d = new Date(iso)
+        return new Intl.DateTimeFormat('pt-BR', {
+            timeZone: 'America/Sao_Paulo',
+            hour: '2-digit', minute: '2-digit', hour12: false
+        }).format(d)
+    } catch { return '' }
+}
+
+// Substitui variáveis no template
+function renderTemplate(
+    tpl: string,
+    vars: { nome_paciente: string; data_sessao: string; hora_sessao: string; modalidade: string; nome_clinica: string }
+): string {
+    return tpl
+        .replaceAll('{{nome_paciente}}', vars.nome_paciente)
+        .replaceAll('{{data_sessao}}', vars.data_sessao)
+        .replaceAll('{{hora_sessao}}', vars.hora_sessao)
+        .replaceAll('{{modalidade}}', vars.modalidade)
+        .replaceAll('{{nome_clinica}}', vars.nome_clinica)
+}
+
+// Envia via Evolution. Retorna messageId ou null se falhar.
+async function sendViaEvolution(
+    apiUrl: string, apiKey: string, instance: string, phone: string, text: string
+): Promise<{ ok: boolean; messageId?: string; error?: string }> {
+    try {
+        const endpoint = `${rewriteForContainer(apiUrl)}/message/sendText/${encodeURIComponent(instance)}`
+        const resp = await fetch(endpoint, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json', apikey: apiKey },
+            body: JSON.stringify({ number: phone, text })
+        })
+        if (!resp.ok) {
+            const t = await resp.text()
+            return { ok: false, error: `HTTP ${resp.status}: ${t.slice(0, 200)}` }
+        }
+        const j = await resp.json().catch(() => null) as Record<string, unknown> | null
+        const msgId = (j?.key as { id?: string })?.id ?? null
+        return { ok: true, messageId: msgId ?? undefined }
+    } catch (err) {
+        return { ok: false, error: String(err) }
+    }
+}
+
+// Envia via Twilio. Retorna messageId + status ou erro.
+async function sendViaTwilio(
+    subSid: string, authToken: string, fromNumber: string, toPhone: string, text: string
+): Promise<{ ok: boolean; messageId?: string; status?: string; error?: string }> {
+    if (!subSid || !authToken || !fromNumber) {
+        return { ok: false, error: 'Twilio credenciais incompletas' }
+    }
+    const toE164 = toPhone.startsWith('+') ? toPhone : `+${toPhone}`
+    const endpoint = `https://api.twilio.com/2010-04-01/Accounts/${subSid}/Messages.json`
+    const basicAuth = btoa(`${subSid}:${authToken}`)
+    const params = new URLSearchParams()
+    params.append('From', `whatsapp:${fromNumber}`)
+    params.append('To', `whatsapp:${toE164}`)
+    params.append('Body', text)
+    try {
+        const resp = await fetch(endpoint, {
+            method: 'POST',
+            headers: { 'Authorization': `Basic ${basicAuth}`, 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: params.toString()
+        })
+        const data = await resp.json().catch(() => null) as Record<string, unknown> | null
+        if (!resp.ok) {
+            return { ok: false, error: `Twilio ${resp.status}: ${(data?.message as string) || JSON.stringify(data).slice(0, 200)}` }
+        }
+        return { ok: true, messageId: String(data?.sid || ''), status: String(data?.status || 'queued') }
+    } catch (e) {
+        return { ok: false, error: String(e) }
+    }
+}
+
+// Verifica se paciente está opted-out
+async function isOptedOut(supa: SupabaseClient, tenantId: string, phone: string): Promise<boolean> {
+    const { data } = await supa
+        .from('conversation_optouts')
+        .select('id')
+        .eq('tenant_id', tenantId)
+        .eq('phone', phone)
+        .is('opted_back_in_at', null)
+        .limit(1)
+        .maybeSingle()
+    return !!data
+}
+
+type ProcessStats = {
+    considered: number
+    sent: number
+    skipped: Record<string, number>
+    errors: number
+}
+
+// Processa eventos em uma janela especifica
+async function processWindow(
+    supa: SupabaseClient,
+    type: '24h' | '2h',
+    minutesAhead: number,
+    stats: ProcessStats
+): Promise<void> {
+    const windowMin = 15 // ±15min
+    const start = new Date(Date.now() + (minutesAhead - windowMin) * 60 * 1000).toISOString()
+    const end = new Date(Date.now() + (minutesAhead + windowMin) * 60 * 1000).toISOString()
+
+    // Busca eventos na janela com patient + tenant (nome da clinica via company_profiles/tenants)
+    const { data: events, error } = await supa
+        .from('agenda_eventos')
+        .select(`
+            id, tenant_id, inicio_em, modalidade, patient_id, status,
+            patients:patient_id (id, nome_completo, telefone)
+        `)
+        .eq('status', 'agendado')
+        .gte('inicio_em', start)
+        .lte('inicio_em', end)
+
+    if (error) {
+        console.error('[reminders] events query error:', error.message)
+        return
+    }
+
+    stats.considered += (events || []).length
+
+    for (const ev of events || []) {
+        try {
+            const eventId = ev.id as string
+            const tenantId = ev.tenant_id as string
+            const pat = Array.isArray(ev.patients) ? ev.patients[0] : ev.patients
+            if (!pat || !pat.telefone) {
+                // Sem telefone — loga e pula
+                await logSkip(supa, eventId, tenantId, type, 'no_phone')
+                stats.skipped.no_phone = (stats.skipped.no_phone || 0) + 1
+                continue
+            }
+            const phone = normalizePhoneBR(pat.telefone)
+            if (!/^\d{10,15}$/.test(phone)) {
+                await logSkip(supa, eventId, tenantId, type, 'invalid_phone')
+                stats.skipped.invalid_phone = (stats.skipped.invalid_phone || 0) + 1
+                continue
+            }
+
+            // Ja enviado? (UNIQUE constraint previne dup mas checamos pra economizar)
+            const { data: existing } = await supa
+                .from('session_reminder_logs')
+                .select('id')
+                .eq('event_id', eventId)
+                .eq('reminder_type', type)
+                .maybeSingle()
+            if (existing) {
+                stats.skipped.already_sent = (stats.skipped.already_sent || 0) + 1
+                continue
+            }
+
+            // Settings do tenant
+            const { data: settings } = await supa
+                .from('session_reminder_settings')
+                .select('*')
+                .eq('tenant_id', tenantId)
+                .maybeSingle()
+
+            if (!settings || !settings.enabled) {
+                stats.skipped.disabled = (stats.skipped.disabled || 0) + 1
+                continue
+            }
+            if (type === '24h' && !settings.send_24h) {
+                stats.skipped.type_disabled = (stats.skipped.type_disabled || 0) + 1
+                continue
+            }
+            if (type === '2h' && !settings.send_2h) {
+                stats.skipped.type_disabled = (stats.skipped.type_disabled || 0) + 1
+                continue
+            }
+
+            // Quiet hours
+            if (settings.quiet_hours_enabled) {
+                const startHHMM = String(settings.quiet_hours_start || '22:00').slice(0, 5)
+                const endHHMM = String(settings.quiet_hours_end || '08:00').slice(0, 5)
+                if (isQuietHoursNow(startHHMM, endHHMM)) {
+                    await logSkip(supa, eventId, tenantId, type, 'quiet_hours')
+                    stats.skipped.quiet_hours = (stats.skipped.quiet_hours || 0) + 1
+                    continue
+                }
+            }
+
+            // Opt-out
+            if (settings.respect_opt_out && await isOptedOut(supa, tenantId, phone)) {
+                await logSkip(supa, eventId, tenantId, type, 'opted_out')
+                stats.skipped.opted_out = (stats.skipped.opted_out || 0) + 1
+                continue
+            }
+
+            // Canal ativo
+            const { data: channel } = await supa
+                .from('notification_channels')
+                .select('provider, credentials, twilio_phone_number, is_active')
+                .eq('tenant_id', tenantId)
+                .eq('channel', 'whatsapp')
+                .is('deleted_at', null)
+                .maybeSingle()
+            if (!channel || !channel.is_active) {
+                await logSkip(supa, eventId, tenantId, type, 'no_channel')
+                stats.skipped.no_channel = (stats.skipped.no_channel || 0) + 1
+                continue
+            }
+
+            // Nome da clinica (tenants.name)
+            const { data: tenant } = await supa
+                .from('tenants')
+                .select('name')
+                .eq('id', tenantId)
+                .maybeSingle()
+
+            // Monta mensagem
+            const tpl = type === '24h' ? settings.template_24h : settings.template_2h
+            const text = renderTemplate(tpl, {
+                nome_paciente: pat.nome_completo || 'Paciente',
+                data_sessao: fmtDateDayMonth(ev.inicio_em),
+                hora_sessao: fmtTime(ev.inicio_em),
+                modalidade: ev.modalidade === 'online' ? 'online' : 'presencial',
+                nome_clinica: tenant?.name || ''
+            })
+
+            // Envia (Evolution only por enquanto)
+            if (channel.provider === 'evolution') {
+                const creds = (channel.credentials ?? {}) as Record<string, string>
+                if (!creds.api_url || !creds.api_key || !creds.instance_name) {
+                    await logSkip(supa, eventId, tenantId, type, 'creds_missing')
+                    stats.skipped.creds_missing = (stats.skipped.creds_missing || 0) + 1
+                    continue
+                }
+                const sendRes = await sendViaEvolution(creds.api_url, creds.api_key, creds.instance_name, phone, text)
+                if (!sendRes.ok) {
+                    console.error('[reminders] send failed for event', eventId, sendRes.error)
+                    await supa.from('session_reminder_logs').insert({
+                        event_id: eventId, tenant_id: tenantId, reminder_type: type,
+                        provider: 'evolution', skip_reason: `send_failed: ${sendRes.error}`, to_phone: phone
+                    })
+                    stats.errors++
+                    continue
+                }
+                // Registra outbound message + log
+                const { data: msg } = await supa.from('conversation_messages').insert({
+                    tenant_id: tenantId,
+                    patient_id: pat.id,
+                    channel: 'whatsapp',
+                    direction: 'outbound',
+                    from_number: null,
+                    to_number: phone,
+                    body: text,
+                    provider: 'evolution',
+                    provider_message_id: sendRes.messageId ?? null,
+                    provider_raw: { reminder_type: type, event_id: eventId },
+                    kanban_status: 'awaiting_patient',
+                    responded_at: new Date().toISOString()
+                }).select('id').single()
+
+                await supa.from('session_reminder_logs').insert({
+                    event_id: eventId, tenant_id: tenantId, reminder_type: type,
+                    provider: 'evolution', to_phone: phone,
+                    provider_message_id: sendRes.messageId ?? null,
+                    conversation_message_id: msg?.id ?? null
+                })
+                stats.sent++
+            } else if (channel.provider === 'twilio') {
+                // Busca creds twilio (colunas dedicadas + credentials JSONB com auth_token)
+                const { data: fullChannel } = await supa
+                    .from('notification_channels')
+                    .select('twilio_subaccount_sid, twilio_phone_number, credentials')
+                    .eq('tenant_id', tenantId)
+                    .eq('channel', 'whatsapp')
+                    .is('deleted_at', null)
+                    .maybeSingle()
+                const twCreds = (fullChannel?.credentials ?? {}) as Record<string, string>
+                const subSid = fullChannel?.twilio_subaccount_sid as string
+                const subToken = twCreds.subaccount_auth_token
+                const twFrom = fullChannel?.twilio_phone_number as string
+
+                if (!subSid || !subToken || !twFrom) {
+                    await logSkip(supa, eventId, tenantId, type, 'twilio_creds_missing')
+                    stats.skipped.twilio_creds_missing = (stats.skipped.twilio_creds_missing || 0) + 1
+                    continue
+                }
+
+                // Deduz 1 crédito ANTES (atômico via RPC)
+                const { error: dedErr } = await supa.rpc('deduct_whatsapp_credits', {
+                    p_tenant_id: tenantId,
+                    p_amount: 1,
+                    p_conversation_message_id: null,
+                    p_note: `Lembrete sessão ${type}`
+                })
+                if (dedErr) {
+                    const reason = String(dedErr.message || '').includes('insufficient_credits') ? 'insufficient_credits' : 'deduct_error'
+                    await logSkip(supa, eventId, tenantId, type, reason)
+                    stats.skipped[reason] = (stats.skipped[reason] || 0) + 1
+                    continue
+                }
+
+                const sendRes = await sendViaTwilio(subSid, subToken, twFrom, phone, text)
+                if (!sendRes.ok) {
+                    // Refund
+                    await supa.rpc('add_whatsapp_credits', {
+                        p_tenant_id: tenantId,
+                        p_amount: 1,
+                        p_kind: 'refund',
+                        p_purchase_id: null,
+                        p_admin_id: null,
+                        p_note: `Refund lembrete falhou: ${sendRes.error?.slice(0, 200)}`
+                    })
+                    console.error('[reminders] twilio send failed:', sendRes.error)
+                    await supa.from('session_reminder_logs').insert({
+                        event_id: eventId, tenant_id: tenantId, reminder_type: type,
+                        provider: 'twilio', skip_reason: `send_failed: ${sendRes.error}`, to_phone: phone
+                    })
+                    stats.errors++
+                    continue
+                }
+
+                const { data: msg } = await supa.from('conversation_messages').insert({
+                    tenant_id: tenantId,
+                    patient_id: pat.id,
+                    channel: 'whatsapp',
+                    direction: 'outbound',
+                    from_number: null,
+                    to_number: phone,
+                    body: text,
+                    provider: 'twilio',
+                    provider_message_id: sendRes.messageId ?? null,
+                    provider_raw: { reminder_type: type, event_id: eventId, status: sendRes.status },
+                    kanban_status: 'awaiting_patient',
+                    responded_at: new Date().toISOString(),
+                    delivery_status: sendRes.status === 'delivered' ? 'delivered' : 'sent'
+                }).select('id').single()
+
+                await supa.from('session_reminder_logs').insert({
+                    event_id: eventId, tenant_id: tenantId, reminder_type: type,
+                    provider: 'twilio', to_phone: phone,
+                    provider_message_id: sendRes.messageId ?? null,
+                    conversation_message_id: msg?.id ?? null
+                })
+                stats.sent++
+            } else {
+                await logSkip(supa, eventId, tenantId, type, 'unknown_provider')
+                stats.skipped.unknown_provider = (stats.skipped.unknown_provider || 0) + 1
+            }
+        } catch (err) {
+            console.error('[reminders] event process error:', err)
+            stats.errors++
+        }
+    }
+}
+
+async function logSkip(
+    supa: SupabaseClient, eventId: string, tenantId: string, type: '24h' | '2h', reason: string
+) {
+    await supa.from('session_reminder_logs').insert({
+        event_id: eventId, tenant_id: tenantId, reminder_type: type,
+        provider: 'skipped', skip_reason: reason
+    })
+}
+
+Deno.serve(async (req: Request) => {
+    if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
+
+    try {
+        const supabase = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        const stats: ProcessStats = { considered: 0, sent: 0, skipped: {}, errors: 0 }
+
+        // 24h antes
+        await processWindow(supabase, '24h', 24 * 60, stats)
+        // 2h antes
+        await processWindow(supabase, '2h', 2 * 60, stats)
+
+        return json({ ok: true, stats })
+    } catch (err) {
+        console.error('[reminders] fatal:', err)
+        return json({ ok: false, error: String(err) }, 500)
+    }
+})
@@ -0,0 +1,329 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: send-whatsapp-message
+|--------------------------------------------------------------------------
+| Envia mensagem WhatsApp via Evolution API da clínica. Registra a mensagem
+| imediatamente em conversation_messages (direction=outbound) para feedback
+| instantâneo no UI (via Realtime). Quando a Evolution ecoar a mensagem de
+| volta pelo webhook com fromMe=true, o evolution-whatsapp-inbound faz UPDATE
+| (não duplica) pelo provider_message_id.
+|
+| Body JSON:
+|   {
+|     "tenant_id":  "<uuid>",
+|     "to_number":  "5516912345678",      // sem + nem @s.whatsapp.net
+|     "body":       "Texto da mensagem",
+|     "patient_id": "<uuid>" (opcional)   // se já vinculado
+|   }
+|--------------------------------------------------------------------------
+*/
+
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+}
+
+function json(body: unknown, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+    })
+}
+
+function sanitizeBody(raw: string): string {
+    return String(raw ?? '')
+        .replace(/[\x00-\x08\x0B\x0C\x0E-\x1F]/g, '')
+        .trim()
+        .slice(0, 4000)
+}
+
+function normalizePhone(raw: string): string {
+    const digits = String(raw ?? '').replace(/\D/g, '')
+    if (digits.length >= 12 && digits.startsWith('55')) return digits
+    if (digits.length === 11 || digits.length === 10) return '55' + digits
+    return digits
+}
+
+// ═══════════════════════════════════════════════════════════════════
+// Twilio send helper (com dedução de crédito)
+// ═══════════════════════════════════════════════════════════════════
+type TwilioChannel = {
+    twilio_subaccount_sid: string
+    twilio_phone_number: string
+    credentials: { subaccount_auth_token?: string }
+}
+
+async function sendViaTwilio(
+    channel: TwilioChannel,
+    toPhone: string,
+    text: string
+): Promise<{ ok: boolean; messageId?: string; status?: string; error?: string }> {
+    const subSid = channel.twilio_subaccount_sid
+    const authToken = channel.credentials?.subaccount_auth_token
+    const fromNumber = channel.twilio_phone_number  // E.164: +5511999990000
+
+    if (!subSid || !authToken || !fromNumber) {
+        return { ok: false, error: 'Twilio credenciais incompletas' }
+    }
+
+    const endpoint = `https://api.twilio.com/2010-04-01/Accounts/${subSid}/Messages.json`
+    const basicAuth = btoa(`${subSid}:${authToken}`)
+
+    const toE164 = toPhone.startsWith('+') ? toPhone : `+${toPhone}`
+    const params = new URLSearchParams()
+    params.append('From', `whatsapp:${fromNumber}`)
+    params.append('To', `whatsapp:${toE164}`)
+    params.append('Body', text)
+
+    try {
+        const resp = await fetch(endpoint, {
+            method: 'POST',
+            headers: {
+                'Authorization': `Basic ${basicAuth}`,
+                'Content-Type': 'application/x-www-form-urlencoded'
+            },
+            body: params.toString()
+        })
+        const data = await resp.json().catch(() => null) as Record<string, unknown> | null
+        if (!resp.ok) {
+            return { ok: false, error: `Twilio ${resp.status}: ${(data?.message as string) || JSON.stringify(data).slice(0, 200)}` }
+        }
+        return {
+            ok: true,
+            messageId: String(data?.sid || ''),
+            status: String(data?.status || 'queued')
+        }
+    } catch (e) {
+        return { ok: false, error: String(e) }
+    }
+}
+
+// Edge function roda em container — localhost aponta pra ele mesmo, não pro host.
+// Substitui localhost/127.0.0.1 por host.docker.internal pra alcançar o host.
+function rewriteForContainer(apiUrl: string): string {
+    try {
+        const u = new URL(apiUrl)
+        if (u.hostname === 'localhost' || u.hostname === '127.0.0.1') {
+            u.hostname = 'host.docker.internal'
+            return u.toString().replace(/\/+$/, '')
+        }
+        return apiUrl.replace(/\/+$/, '')
+    } catch {
+        return apiUrl
+    }
+}
+
+Deno.serve(async (req: Request) => {
+    if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
+    if (req.method !== 'POST') return json({ ok: false, error: 'method' }, 405)
+
+    try {
+        const body = await req.json().catch(() => null)
+        if (!body || typeof body !== 'object') return json({ ok: false, error: 'body invalido' }, 400)
+
+        const { tenant_id, to_number, body: text, patient_id } = body as Record<string, string>
+        const cleanText = sanitizeBody(text)
+        const cleanPhone = normalizePhone(to_number)
+
+        if (!tenant_id || !cleanPhone || !cleanText) {
+            return json({ ok: false, error: 'faltam campos (tenant_id, to_number, body)' }, 400)
+        }
+        if (cleanText.length < 1) return json({ ok: false, error: 'mensagem vazia' }, 400)
+
+        // Autenticação
+        const auth = req.headers.get('Authorization') ?? ''
+        const supaAuthed = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_ANON_KEY')!,
+            { global: { headers: { Authorization: auth } } }
+        )
+        const { data: authData, error: authErr } = await supaAuthed.auth.getUser()
+        if (authErr || !authData?.user) return json({ ok: false, error: 'auth' }, 401)
+
+        const supaSvc = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        const userId = authData.user.id
+        // Valida membership
+        const { data: isAdmin } = await supaSvc.rpc('is_saas_admin')
+        if (!isAdmin) {
+            const { data: membership } = await supaSvc
+                .from('tenant_members')
+                .select('id')
+                .eq('tenant_id', tenant_id)
+                .eq('user_id', userId)
+                .eq('status', 'active')
+                .maybeSingle()
+            if (!membership) return json({ ok: false, error: 'forbidden' }, 403)
+        }
+
+        // Busca canal (Evolution ou Twilio)
+        const { data: channel, error: chErr } = await supaSvc
+            .from('notification_channels')
+            .select('credentials, provider, twilio_subaccount_sid, twilio_phone_number, is_active')
+            .eq('tenant_id', tenant_id)
+            .eq('channel', 'whatsapp')
+            .is('deleted_at', null)
+            .maybeSingle()
+
+        if (chErr || !channel) {
+            return json({ ok: false, error: 'Canal WhatsApp nao configurado pra este tenant' }, 400)
+        }
+        if (!channel.is_active) {
+            return json({ ok: false, error: 'Canal WhatsApp inativo. Verifique /configuracoes/whatsapp.' }, 400)
+        }
+
+        const provider = channel.provider  // 'evolution' ou 'twilio'
+
+        // Resolve patient_id se não veio (match por telefone)
+        let resolvedPatientId = patient_id ?? null
+        if (!resolvedPatientId) {
+            const { data: matchData } = await supaSvc.rpc('match_patient_by_phone', {
+                p_tenant_id: tenant_id,
+                p_phone: cleanPhone
+            })
+            resolvedPatientId = (matchData as string | null) ?? null
+        }
+
+        // ─────────────────────────────────────────────────────
+        // TWILIO: deduz crédito ANTES, envia, refunda se falhar
+        // ─────────────────────────────────────────────────────
+        if (provider === 'twilio') {
+            // Deduz 1 crédito de forma atômica (RPC lança 'insufficient_credits' se zerado)
+            const { error: dedErr } = await supaSvc.rpc('deduct_whatsapp_credits', {
+                p_tenant_id: tenant_id,
+                p_amount: 1,
+                p_conversation_message_id: null,
+                p_note: 'Envio manual WhatsApp'
+            })
+            if (dedErr) {
+                const insufficient = String(dedErr.message || '').includes('insufficient_credits')
+                return json({
+                    ok: false,
+                    error: insufficient ? 'insufficient_credits' : dedErr.message,
+                    message: insufficient
+                        ? 'Saldo insuficiente. Compre créditos em /configuracoes/creditos-whatsapp.'
+                        : 'Erro ao deduzir créditos'
+                }, insufficient ? 402 : 500)
+            }
+
+            // Envia via Twilio
+            const sendRes = await sendViaTwilio(channel as unknown as TwilioChannel, cleanPhone, cleanText)
+
+            if (!sendRes.ok) {
+                // Refunda o crédito deduzido
+                await supaSvc.rpc('add_whatsapp_credits', {
+                    p_tenant_id: tenant_id,
+                    p_amount: 1,
+                    p_kind: 'refund',
+                    p_purchase_id: null,
+                    p_admin_id: null,
+                    p_note: `Refund envio falhou: ${sendRes.error?.slice(0, 200)}`
+                })
+                return json({ ok: false, error: `twilio_send_failed: ${sendRes.error}` }, 502)
+            }
+
+            // Registra mensagem + vincula a dedução (se possível — já foi feita sem msg_id)
+            const { data: inserted, error: insErr } = await supaSvc.from('conversation_messages').insert({
+                tenant_id,
+                patient_id: resolvedPatientId,
+                channel: 'whatsapp',
+                direction: 'outbound',
+                from_number: null,
+                to_number: cleanPhone,
+                body: cleanText,
+                provider: 'twilio',
+                provider_message_id: sendRes.messageId ?? null,
+                provider_raw: { status: sendRes.status },
+                kanban_status: 'awaiting_patient',
+                received_at: null,
+                responded_at: new Date().toISOString(),
+                delivery_status: sendRes.status === 'delivered' ? 'delivered' : sendRes.status === 'sent' ? 'sent' : 'queued'
+            }).select('id').single()
+
+            if (insErr) {
+                console.error('[send-whatsapp-message] insert error (twilio):', insErr)
+                return json({ ok: false, error: 'Enviado + creditado mas falhou ao registrar: ' + insErr.message }, 500)
+            }
+
+            return json({
+                ok: true,
+                provider: 'twilio',
+                message_id: inserted.id,
+                provider_message_id: sendRes.messageId
+            })
+        }
+
+        // ─────────────────────────────────────────────────────
+        // EVOLUTION: sem dedução (tier gratuito)
+        // ─────────────────────────────────────────────────────
+        const creds = (channel.credentials ?? {}) as Record<string, string>
+        const apiUrl = creds.api_url
+        const apiKey = creds.api_key
+        const instance = creds.instance_name
+
+        if (!apiUrl || !apiKey || !instance) {
+            return json({ ok: false, error: 'Credenciais Evolution incompletas' }, 400)
+        }
+
+        const evoEndpoint = `${rewriteForContainer(apiUrl)}/message/sendText/${encodeURIComponent(instance)}`
+        const evoBody = { number: cleanPhone, text: cleanText }
+
+        const evoResp = await fetch(evoEndpoint, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json', 'apikey': apiKey },
+            body: JSON.stringify(evoBody)
+        })
+
+        const evoText = await evoResp.text()
+        let evoJson: Record<string, unknown> | null = null
+        try { evoJson = JSON.parse(evoText) } catch { /* fica null */ }
+
+        if (!evoResp.ok) {
+            return json({
+                ok: false,
+                error: `Evolution retornou ${evoResp.status}`,
+                evolution_response: evoJson ?? evoText
+            }, 502)
+        }
+
+        const providerMessageId = (evoJson as { key?: { id?: string } } | null)?.key?.id ?? null
+
+        const { data: inserted, error: insErr } = await supaSvc.from('conversation_messages').insert({
+            tenant_id,
+            patient_id: resolvedPatientId,
+            channel: 'whatsapp',
+            direction: 'outbound',
+            from_number: null,
+            to_number: cleanPhone,
+            body: cleanText,
+            provider: 'evolution',
+            provider_message_id: providerMessageId,
+            provider_raw: evoJson ?? null,
+            kanban_status: 'awaiting_patient',
+            received_at: null,
+            responded_at: new Date().toISOString(),
+            delivery_status: 'sent'
+        }).select('id').single()
+
+        if (insErr) {
+            console.error('[send-whatsapp-message] insert error (evolution):', insErr)
+            return json({ ok: false, error: 'Enviado mas falhou ao registrar: ' + insErr.message }, 500)
+        }
+
+        return json({
+            ok: true,
+            provider: 'evolution',
+            message_id: inserted.id,
+            provider_message_id: providerMessageId,
+            evolution_response: evoJson
+        })
+    } catch (err) {
+        return json({ ok: false, error: String(err) }, 500)
+    }
+})
@@ -0,0 +1,221 @@
+/*
+|--------------------------------------------------------------------------
+| Agência PSI — Edge Function: twilio-whatsapp-inbound
+|--------------------------------------------------------------------------
+| Recebe mensagens WhatsApp RECEBIDAS pelos tenants via Twilio.
+| Diferente do twilio-whatsapp-webhook (que trata apenas status de mensagens
+| enviadas), este recebe o conteudo de respostas dos pacientes.
+|
+| URL configurada no numero da subconta de cada tenant, campo "WHEN A
+| MESSAGE COMES IN":
+|   https://<project>.supabase.co/functions/v1/twilio-whatsapp-inbound?tenant_id=<uuid>
+|
+| Hooks aplicados (provider-agnostico via _shared/whatsapp-hooks):
+|   1) Opt-IN detection (keywords "voltar", "retornar", ...)
+|   2) Opt-OUT detection (keywords do tenant + system) com ack automatico
+|   3) Auto-reply fora do horario (se nao houve opt-out) com credit deduction
+|
+| Custos: cada envio (ack de opt-out + auto-reply) DEDUZ 1 credito do tenant.
+| Se o saldo estiver zerado, o hook falha silenciosamente (nao envia).
+|--------------------------------------------------------------------------
+*/
+
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
+import {
+    buildThreadKey,
+    detectOptoutKeyword,
+    maybeOptIn,
+    maybeSendAutoReply,
+    makeTwilioCreditedSendFn,
+    registerOptout,
+    type TwilioChannel
+} from '../_shared/whatsapp-hooks.ts'
+
+const corsHeaders = {
+    'Access-Control-Allow-Origin':  '*',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+    'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
+}
+
+const EMPTY_TWIML = '<?xml version="1.0" encoding="UTF-8"?><Response></Response>'
+
+function stripWhatsappPrefix(raw: string | null | undefined): string | null {
+    if (!raw) return null
+    return raw.replace(/^whatsapp:/i, '').trim()
+}
+
+Deno.serve(async (req: Request) => {
+    if (req.method === 'OPTIONS') {
+        return new Response('ok', { headers: corsHeaders })
+    }
+
+    if (req.method !== 'POST') {
+        return new Response(EMPTY_TWIML, {
+            status: 200,
+            headers: { ...corsHeaders, 'Content-Type': 'text/xml' }
+        })
+    }
+
+    try {
+        const url = new URL(req.url)
+        const tenantId = url.searchParams.get('tenant_id')
+
+        if (!tenantId) {
+            console.error('[twilio-whatsapp-inbound] tenant_id ausente na URL')
+            return new Response(EMPTY_TWIML, {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'text/xml' }
+            })
+        }
+
+        const supabase = createClient(
+            Deno.env.get('SUPABASE_URL')!,
+            Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+        )
+
+        const formData = await req.formData()
+        const from        = stripWhatsappPrefix(formData.get('From') as string)
+        const to          = stripWhatsappPrefix(formData.get('To') as string)
+        const body        = (formData.get('Body') as string) ?? null
+        const messageSid  = formData.get('MessageSid') as string
+        const numMedia    = parseInt((formData.get('NumMedia') as string) ?? '0', 10)
+        const mediaUrl    = numMedia > 0 ? (formData.get('MediaUrl0') as string) : null
+        const mediaMime   = numMedia > 0 ? (formData.get('MediaContentType0') as string) : null
+
+        if (!from || !messageSid) {
+            console.warn('[twilio-whatsapp-inbound] payload incompleto')
+            return new Response(EMPTY_TWIML, {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'text/xml' }
+            })
+        }
+
+        const cleanBody = body
+            ? String(body).replace(/[\x00-\x08\x0B\x0C\x0E-\x1F]/g, '').slice(0, 4000)
+            : null
+
+        const { data: matchData } = await supabase.rpc('match_patient_by_phone', {
+            p_tenant_id: tenantId,
+            p_phone: from
+        })
+        const patientId = matchData as string | null
+
+        const raw: Record<string, unknown> = {
+            MessageSid: messageSid,
+            AccountSid: formData.get('AccountSid') ?? null,
+            From: from,
+            To: to,
+            NumMedia: numMedia,
+            ProfileName: formData.get('ProfileName') ?? null,
+            WaId: formData.get('WaId') ?? null,
+        }
+
+        const { error: insErr } = await supabase.from('conversation_messages').insert({
+            tenant_id: tenantId,
+            patient_id: patientId,
+            channel: 'whatsapp',
+            direction: 'inbound',
+            from_number: from,
+            to_number: to,
+            body: cleanBody,
+            media_url: mediaUrl,
+            media_mime: mediaMime,
+            provider: 'twilio',
+            provider_message_id: messageSid,
+            provider_raw: raw,
+            kanban_status: 'awaiting_us',
+            received_at: new Date().toISOString()
+        })
+
+        if (insErr) {
+            console.error('[twilio-whatsapp-inbound] insert error:', insErr)
+            return new Response(EMPTY_TWIML, {
+                status: 200,
+                headers: { ...corsHeaders, 'Content-Type': 'text/xml' }
+            })
+        }
+
+        // ─────────────────────────────────────────────────────
+        // Hooks: opt-in, opt-out, auto-reply
+        // ─────────────────────────────────────────────────────
+        let optoutAction: 'in' | 'out' | null = null
+        let autoReplyResult: { sent: boolean; reason?: string } | null = null
+
+        try {
+            // Busca canal Twilio (uma vez) — reutilizado por registerOptout/autoReply
+            const { data: channel } = await supabase
+                .from('notification_channels')
+                .select('credentials, provider, twilio_subaccount_sid, twilio_phone_number, is_active')
+                .eq('tenant_id', tenantId)
+                .eq('channel', 'whatsapp')
+                .is('deleted_at', null)
+                .maybeSingle()
+
+            if (channel && channel.is_active && channel.provider === 'twilio') {
+                // 1) Opt-IN (voltar) tem prioridade
+                if (await maybeOptIn(supabase, tenantId, from, cleanBody)) {
+                    optoutAction = 'in'
+                }
+
+                // 2) Opt-OUT por keyword — envia ack via Twilio (deduz 1 credito)
+                if (!optoutAction) {
+                    const keyword = await detectOptoutKeyword(supabase, tenantId, cleanBody)
+                    if (keyword) {
+                        const optoutSendFn = makeTwilioCreditedSendFn(
+                            supabase,
+                            tenantId,
+                            channel as unknown as TwilioChannel,
+                            'Opt-out ack WhatsApp'
+                        )
+                        await registerOptout(
+                            supabase,
+                            tenantId,
+                            from,
+                            patientId,
+                            cleanBody,
+                            keyword,
+                            'twilio',
+                            optoutSendFn
+                        )
+                        optoutAction = 'out'
+                    }
+                }
+
+                // 3) Auto-reply fora do horario (so se nao foi opt-out)
+                if (optoutAction !== 'out') {
+                    const threadKey = buildThreadKey(patientId, from)
+                    const arSendFn = makeTwilioCreditedSendFn(
+                        supabase,
+                        tenantId,
+                        channel as unknown as TwilioChannel,
+                        'Auto-reply WhatsApp'
+                    )
+                    autoReplyResult = await maybeSendAutoReply(
+                        supabase,
+                        tenantId,
+                        threadKey,
+                        from,
+                        'twilio',
+                        arSendFn
+                    )
+                }
+            }
+        } catch (err) {
+            console.error('[twilio-whatsapp-inbound] hooks error:', err)
+        }
+
+        // Twilio espera TwiML vazio (nao reenvia); logs no console
+        console.log('[twilio-whatsapp-inbound] processed', { tenantId, from, optoutAction, autoReplyResult })
+
+        return new Response(EMPTY_TWIML, {
+            status: 200,
+            headers: { ...corsHeaders, 'Content-Type': 'text/xml' }
+        })
+    } catch (err) {
+        console.error('[twilio-whatsapp-inbound] fatal:', err)
+        return new Response(EMPTY_TWIML, {
+            status: 200,
+            headers: { ...corsHeaders, 'Content-Type': 'text/xml' }
+        })
+    }
+})