📡 Lana Chat — API

Documentação dos endpoints. público = sem auth · install token = via /api/config-token/{token} · admin = header x-admin-token

🌐 Públicos

GET/api/healthpúblico
Status DB/Claude/Resend/MP + métricas 24h. 200 ok / 503 problema.
GET/statuspúblico
HTML status page com auto-refresh 30s.
GET/api/chat/{slug}/messagepúblico
Cosmetic config do widget (cor, posição). Usado pelo widget.js.
POST/api/chat/{slug}/messagepúblico
Mensagem do widget. Body: {message, sessionId, visitorId, history, page, referrer}. Rate-limited (default 20/min, override em config). Retorna {reply, hotLead, _blocked}. Headers de resposta: X-Request-Id (prefix lr_ — distributed tracing), X-RateLimit-Limit/Remaining/Reset (RFC draft), Retry-After em 429 (RFC 6585). CORS preflight cacheado 1h (Access-Control-Max-Age: 3600).
GET/r/{codigo}público
Redirect tracking pra campanhas/QR codes. Codigo whitelist [a-zA-Z0-9_-]{1,64}. Resposta: 302 → https://wa.me/<numero>?text=Codigo: <codigo>. Tracking best-effort no VPS upstream com X-Request-Id propagado.
GET/api/case-studiespúblico
Lista de cases que index.html exibe. CDN cache 5min com SWR 10min. Fallback gracioso se VPS offline (cases vazios + 502).
GET/api/vagas-disponiveispúblico
Contagem de vagas restantes pra founding members (badge na home). CDN cache 60s + SWR 120s.

💳 Billing (Mercado Pago)

POST/api/billing/mp-webhookpúblico
Receive webhook MP. Idempotente via webhook_processed.
POST/api/billing/checkout/{token}install token
Cria checkout MP. Body: {plano: 'pro'|'enterprise'}.
POST/api/billing/portal/{token}install token
Abre portal MP de gestão da subscription.

👤 Tenant — install token

GET/api/config-token/{token}token
Config completa do tenant.
GET/api/config-token/{token}?op=dashboardtoken
Métricas + agentInsights enriquecidos.
GET/api/config-token/{token}?op=insightstoken
Consolidado de insights gerados pelos agentes.
GET/api/config-token/{token}?op=changelog&days=14token
Timeline de decisões dos agentes.
GET/api/config-token/{token}?op=faqstoken
FAQs gerados + content_ideias + overrides.
GET/api/config-token/{token}?op=hotleadstoken
Hot leads recentes.
GET/api/config-token/{token}?op=export-csv&dias=30token
Export CSV das conversations.
POST/api/config-token/{token}?op=traintoken
Adiciona conhecimento custom. Body: {conteudo}.
POST/api/config-token/{token}?op=faq-addtoken
Adiciona FAQ manual. Body: {pergunta, resposta}.
POST/api/config-token/{token}?op=faq-removetoken
Remove FAQ por índice.
POST/api/config-token/{token}?op=faqs-importtoken
Bulk import. Body: {faqs:[{pergunta,resposta_canonica}]}.
POST/api/config-token/{token}?op=webhook-configtoken
Configura webhookUrl + secret. Auto-detecta Slack/Discord.
POST/api/config-token/{token}?op=widget-configtoken
Cor + posição do widget.
POST/api/config-token/{token}?op=signaltoken
Recebe sinal externo. Verifica HMAC se signalSecret configurado.
POST/api/config-token/{token}?op=signal-secrettoken
Configura HMAC secret pra validar signals.

🛠️ Admin — agentes

GET/api/cron/agents-tick?agent=Xadmin
Roda agente X pra todos tenants.
GET/api/cron/agents-tick?pipeline=daily|daily-fast|daily-claude|weeklyadmin
Roda pipeline.
GET/api/admin/rerun-agent?slug=X&agent=Yadmin
Roda agente Y só pra tenant X.
GET/api/admin/run-pipeline-tenant?slug=X&pipeline=Yadmin
Roda pipeline inteira pra tenant X.
GET/api/admin/agent-list-tenant?slug=Xadmin
Lista agentes + status pause/active.
POST/api/admin/agent-pause?slug=X&agent=Y&action=pause|resumeadmin
Pausa/ativa agente por tenant.
POST/api/admin/bulk-pause-global?agent=X&action=pause|resumeadmin
Pausa/ativa agente globalmente.
GET/api/admin/agent-state?slug=X[&agent=Y]admin
State agentes do tenant.
GET/api/admin/agent-error-rate?days=7admin
Taxa de erro por agente.
GET/api/admin/agent-suggestionsadmin
Cross-tenant: todos proposed_overrides + proposed_faqs.
GET/api/admin/agent-stats?days=7&slug=Xadmin
Reports + tokens IN/OUT por agente.

📋 Admin — tarefas

GET/api/admin/tasks?status=open&slug=&limit=100admin
Lista agent_tasks.
POST/api/admin/task-update?id=N&action=close|cancel|reopen|priorityadmin
Atualiza status/prioridade.
POST/api/admin/tasks-bulk?action=close|canceladmin
Bulk actions com filtros (slug, agent, older_than_days).

🔍 Admin — observability

GET/api/admin/system-overviewadmin
Stats globais.
GET/api/admin/changelog?slug=&days=30admin
Timeline cross-tenant.
GET/api/admin/metricsadmin
Formato OpenMetrics (Prometheus).
GET/api/admin/heatmap?slug=X&days=14admin
Grid hora × dia da semana.
GET/api/admin/latency-stats?slug=&days=7admin
p50/p95/p99 da latência Claude.
GET/api/admin/conversion-by-page?slug=X&days=14admin
Taxa de hot lead por landing page.
GET/api/admin/quick-stats?slug=Xadmin
1-query agregado (lightweight).
GET/api/admin/usage-by-tenantadmin
Consumo do mês vs limite.
GET/api/admin/recent-sessions?slug=X&limit=30admin
Últimas sessões 7d.
GET/api/admin/session-replay?slug=X&session_id=Yadmin
Reconstrói transcript completo.
GET/api/admin/replay-suggest?slug=X&session_id=Yadmin
Claude analisa e sugere respostas melhores.
GET/api/admin/search-conversations?slug=X&q=textoadmin
Full-text search.
GET/api/admin/top-questions?slug=X&days=14admin
Perguntas mais frequentes.
GET/api/admin/events-stream?slug=&type=&limit=100admin
Latest events filtered.
GET/api/admin/onboarding-checklist?slug=Xadmin
10 checks de implantação.

🛡️ Admin — segurança/abuse

GET/api/admin/abuse-list?slug=&blocked=1admin
Lista abuse_signals.
POST/api/admin/abuse-toggle?slug=X&visitor_id=Y&blocked=trueadmin
Bloqueia/desbloqueia visitor.
GET/api/admin/unblock-abuse?slug=X&visitor_id=Yadmin
Atalho pra desbloquear.

⚙️ Admin — config / overrides

POST/api/admin/override-decide?slug=X&key=tone&decision=approve|rejectadmin
Aprova/rejeita proposed_override do healer.
GET/api/admin/overrides-pendingadmin
Lista global de propostas pendentes.
GET/api/admin/snapshots-list?slug=Xadmin
Snapshots disponíveis pro tenant.
GET/api/admin/snapshot-config?slug=Xadmin
Cria snapshot agora.
POST/api/admin/restore-config?slug=Xadmin
Restaura config. Body: {config}.
GET/api/admin/diff-config?slug=X&a=DATE&b=currentadmin
Diff entre snapshots.

👥 Admin — tenant

POST/api/admin/tenant-createadmin
Cria tenant. Body: {slug, nome_empresa, email_owner, url_site, trial_dias}. trial_dias = dias de cortesia até trial_ends_at (legado nome; modelo atual é garantia 7d money-back). Retorna installToken + snippet.
GET/api/admin/extend-grace?slug=X&dias=Nadmin
Estende cortesia (trial_ends_at) em N dias (1-90). Alias extend-trial mantido pra compat.
GET/api/admin/tenant-search?q=textoadmin
Busca por slug/nome/email.
GET/api/admin/tenant-dashboard?slug=Xadmin
Dashboard agregado.
POST/api/admin/cleanup-tenant?slug=X&confirm=yes-i-am-sureadmin
LGPD right-to-erasure. Cascade delete + snapshot final.
GET/api/admin/bulk-export-configsadmin
Backup off-site de tenants + configs.
GET/api/admin/export-csv?slug=X&type=conversations|tasks|hot-leadsadmin
CSV download.
GET/api/admin/lana-self-test?slug=Xadmin
Testa Claude com pergunta padrão.
GET/api/admin/webhook-test?slug=Xadmin
Envia payload sample no webhookUrl.
GET/api/admin/test-email?to=email@x.comadmin
Valida Resend.
GET/api/admin/admin-digest?email=&dry_run=1admin
Top 3 problemas semanais (e-mail).
GET/api/admin/healer-batchadmin
Força healer pra todos tenants.
GET/api/admin/magic-link?slug=X&ttl_h=24admin
URL signed pro owner ver dashboard.

⚙️ Crons (Vercel)

GET/api/cron/cold-huntercron
05:00 UTC — hunt + enrich prospects.
GET/api/cron/outreach-tickcron
13:00 UTC — outreach steps.
GET/api/cron/trial-watchcron
14:00 UTC — cortesia expiring (verifica trial_ends_at < +3d/1d, avisa owner).
GET/api/cron/healercron
06:00 UTC — healer global.
GET/api/cron/daily-digestcron
11:00 UTC — owner digests.
GET/api/cron/agents-tick?pipeline=dailycron
11:30 UTC — pipeline diária 26 agentes.
GET/api/cron/agents-tick?pipeline=daily-claudecron
12:00 UTC — pipeline Claude-heavy.
GET/api/cron/agents-tick?pipeline=weeklycron
22:00 UTC domingo — 19 agentes weekly.
GET/api/cron/compresscron
04:00 dia 1 — compacta events >90d.
GET/api/cron/abuse-cleanupcron
05:00 segunda — limpa abuse_signals antigos.

📞 Voz (Twilio) — Em breve · não disponível em produção

POST/api/voice/incomingpúblico (Twilio)
🔮 Em breve. Twilio webhook pra ligação inbound. Retorna TwiML que conecta áudio bidirecional ao WS no VPS (voice.lanachat.com.br). X-Twilio-Signature validado se TWILIO_AUTH_TOKEN configurado.
POST/api/voice/statuspúblico (Twilio)
🔮 Em breve. Status callbacks do Twilio (ligação iniciada/finalizada). Logs estruturados pra observability.

🔄 Misc

POST/api/demo/messagepúblico
Demo chat público (lanachat-demo). Sem persistência. Rate-limited por IP.
ANY/api/proxy?p=<path>admin
Proxy reverso pra VPS. Path whitelist [a-zA-Z0-9_/-]{1,200}, body cap 1MB, timeout 20s. Propaga security headers + X-RateLimit do upstream.