.forgejo/workflows/README.md

@@ -1,63 +0,0 @@
-# Forgejo Actions — CI/CD do Shivao
-
-## Como ativar (uma vez)
-
-### 1. Configure um runner Forgejo no Coolify
-
-```bash
-# Sub-domínio sugerido: actions.pontualtech.work (DNS A → Hetzner)
-# Sobe via Coolify usando docker-compose:
-```
-
-```yaml
-# Cole no Coolify → Pontualtech → New Resource → Docker Compose Empty
-services:
-  forgejo-runner:
-    image: code.forgejo.org/forgejo/runner:6
-    restart: unless-stopped
-    environment:
-      FORGEJO_INSTANCE_URL: https://git.pontualtech.work
-      FORGEJO_RUNNER_REGISTRATION_TOKEN: ${RUNNER_TOKEN}  # pega em git.pontualtech.work/admin/runners
-    volumes:
-      - runner_data:/data
-      - /var/run/docker.sock:/var/run/docker.sock
-volumes:
-  runner_data:
-```
-
-### 2. Configure secrets no Forgejo
-
-`git.pontualtech.work/karlao/shivao-projeto/settings/actions/secrets`
-
-| Secret | Como obter |
-|---|---|
-| `SHIVAO_KEYSTORE_BASE64` | `base64 -w0 ~/Downloads/Shivao-keystore-backup/shivao-release-CAPACITOR.keystore` |
-| `SHIVAO_KEYSTORE_PWD` | `ShivaoKeystore2026!` (a senha que você definiu) |
-| `FORGEJO_TOKEN` | Settings → Applications → Generate New Token (permissions: write:repository) |
-
-### 3. Triggers do workflow
-
-- **Auto:** push em `master` que toque em `app/`, `mobile/` ou `scripts/sync-html.mjs`
-- **Manual:** botão "Run workflow" no painel Forgejo Actions
-
-## Output
-
-Cada build gera:
-- APK assinado: `Shivao-v{X.Y.Z}.apk`
-- AAB assinado: `Shivao-v{X.Y.Z}.aab`
-- Anexados como artifact (download via UI Forgejo)
-- Se trigger for manual: cria release `v{X.Y.Z}-ci` no repo
-
-## Vantagens vs build local
-
-- ✅ Zero setup local — Karlão pode editar HTML do iPad e o build roda no servidor
-- ✅ Imutável e reproduzível
-- ✅ Self-hosted (alinhado com `feedback_self_hosted.md`)
-- ✅ Logs centralizados
-- ⚠️ Custo: 1 container Coolify rodando (low-resource, ~50MB RAM idle)
-
-## Alternativas se runner não funcionar
-
-- **Codemagic:** 500min grátis/mês, conecta ao Forgejo via webhook
-- **GitHub Actions (free tier):** mirror do repo no GitHub → workflow padrão
-- **Build local:** `cd mobile && npm run android:build:aab` (já documentado em mobile/README.md)

.forgejo/workflows/build-android.yml

@@ -1,97 +0,0 @@
-name: Build Android (APK + AAB)
-
-on:
-  push:
-    branches: [master]
-    paths:
-      - 'app/**'
-      - 'mobile/**'
-      - 'scripts/sync-html.mjs'
-      - '.forgejo/workflows/build-android.yml'
-  workflow_dispatch: {}  # botão manual no painel Forgejo
-
-jobs:
-  build-android:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write  # pra upload de release
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup Node 20
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-
-      - name: Setup JDK 17
-        uses: actions/setup-java@v4
-        with:
-          distribution: 'temurin'
-          java-version: '17'
-
-      - name: Setup Android SDK
-        uses: android-actions/setup-android@v3
-        with:
-          packages: 'platforms;android-34 build-tools;34.0.0 platform-tools'
-
-      - name: Install root deps (sync script)
-        run: |
-          cd "${{ github.workspace }}"
-          # Sem package.json no root, script é puro Node ESM
-          node --version
-
-      - name: Sync HTML (1 fonte → server + mobile)
-        run: node scripts/sync-html.mjs
-
-      - name: Install Capacitor deps
-        working-directory: mobile
-        run: npm ci --ignore-scripts
-
-      - name: Capacitor sync
-        working-directory: mobile
-        run: npx cap sync android
-
-      - name: Decode keystore from secrets
-        run: |
-          echo "${{ secrets.SHIVAO_KEYSTORE_BASE64 }}" | base64 --decode > mobile/android/app/shivao-release.keystore
-          ls -lh mobile/android/app/shivao-release.keystore
-
-      - name: Build APK + AAB (release, signed)
-        working-directory: mobile/android
-        env:
-          SHIVAO_KEYSTORE_PWD: ${{ secrets.SHIVAO_KEYSTORE_PWD }}
-        run: |
-          chmod +x ./gradlew
-          ./gradlew bundleRelease assembleRelease --no-daemon --stacktrace
-
-      - name: Rename artifacts with version
-        run: |
-          VERSION=$(grep "versionName" mobile/android/app/build.gradle | head -1 | grep -oE '"[^"]+"' | tr -d '"')
-          echo "Version: $VERSION"
-          cp mobile/android/app/build/outputs/apk/release/app-release.apk Shivao-v${VERSION}.apk
-          cp mobile/android/app/build/outputs/bundle/release/app-release.aab Shivao-v${VERSION}.aab
-          echo "VERSION=$VERSION" >> $GITHUB_ENV
-
-      - name: Upload APK + AAB as artifacts (CI)
-        uses: actions/upload-artifact@v3
-        with:
-          name: shivao-android-${{ env.VERSION }}
-          path: |
-            Shivao-v${{ env.VERSION }}.apk
-            Shivao-v${{ env.VERSION }}.aab
-
-      - name: Create Forgejo release
-        if: github.event_name == 'workflow_dispatch'
-        uses: actions/forgejo-release@v2
-        with:
-          direction: upload
-          tag: v${{ env.VERSION }}-ci
-          title: "Shivao v${{ env.VERSION }} (CI build)"
-          files: |
-            Shivao-v${{ env.VERSION }}.apk
-            Shivao-v${{ env.VERSION }}.aab
-          token: ${{ secrets.FORGEJO_TOKEN }}
-          url: https://git.pontualtech.work
-          repo: karlao/shivao-projeto

app/diario-bordo.html

@@ -774,435 +774,6 @@ header{
   body{background:#fff;background-image:none}
   .entry{break-inside:avoid;border:1px solid #999}
 }
-
-/* ═══════════════════════════════════════════════════════
-   MODERN PROFESSIONAL OVERLAY · v2 — Apr 2026
-   Mantém identidade marítima (cores Fraunces + Manrope + JetBrains Mono),
-   mas moderniza profundamente: depth, microinterações, polish premium.
-   ═══════════════════════════════════════════════════════ */
-:root{
-  /* spacing scale (8pt base) */
-  --s1:4px; --s2:8px; --s3:12px; --s4:16px; --s5:24px; --s6:32px; --s7:48px; --s8:64px;
-  /* radius scale (sutis — alinhados ao tom marítimo) */
-  --r-sm:4px; --r-md:8px; --r-lg:12px; --r-xl:16px; --r-pill:9999px;
-  /* shadow scale (depth profissional) */
-  --sh-1:0 1px 2px rgba(14,42,61,.06), 0 1px 1px rgba(14,42,61,.04);
-  --sh-2:0 2px 4px rgba(14,42,61,.06), 0 4px 8px rgba(14,42,61,.05);
-  --sh-3:0 4px 8px rgba(14,42,61,.07), 0 8px 16px rgba(14,42,61,.06);
-  --sh-4:0 8px 16px rgba(14,42,61,.08), 0 16px 32px rgba(14,42,61,.08);
-  --sh-5:0 16px 32px rgba(14,42,61,.10), 0 32px 64px rgba(14,42,61,.10);
-  --sh-glow:0 0 0 4px rgba(160,120,50,.12);
-  --sh-glow-blue:0 0 0 4px rgba(31,91,118,.18);
-  /* transitions */
-  --t-fast:120ms cubic-bezier(.4,0,.2,1);
-  --t-base:200ms cubic-bezier(.4,0,.2,1);
-  --t-slow:320ms cubic-bezier(.4,0,.2,1);
-  /* superfícies elevadas premium */
-  --surface-1:#fbf5e2;
-  --surface-2:#ffffff;
-  --surface-elevated:rgba(255,255,255,.78);
-  --border-subtle:rgba(184,156,108,.22);
-  --border-strong:rgba(184,156,108,.55);
-}
-
-/* ── BACKGROUND limpo elegante (sem ruído) ── */
-body{
-  background:
-    radial-gradient(ellipse 1200px 800px at 50% -200px, #f8eed5 0%, transparent 60%),
-    linear-gradient(180deg, #efe5cd 0%, #e7d9b6 100%);
-  background-attachment:fixed;
-  background-image:
-    radial-gradient(ellipse 1200px 800px at 50% -200px, #f8eed5 0%, transparent 60%),
-    linear-gradient(180deg, #efe5cd 0%, #e7d9b6 100%);
-}
-
-/* ── HEADER premium com glow sutil + gradient ── */
-header{
-  background:linear-gradient(180deg, #0e2a3d 0%, #143447 100%);
-  box-shadow:
-    inset 0 1px 0 rgba(200,159,84,.30),
-    inset 0 -1px 0 rgba(160,120,50,.55),
-    0 4px 24px rgba(14,42,61,.18),
-    0 12px 48px rgba(14,42,61,.10);
-  border-bottom:none;
-}
-.header-row{padding:2px 0}
-.boat-name{
-  text-shadow:0 1px 2px rgba(0,0,0,.25);
-  letter-spacing:-.015em;
-}
-.compass-mark{
-  filter:drop-shadow(0 2px 8px rgba(200,159,84,.35));
-  transition:transform var(--t-base);
-}
-.compass-mark:hover{transform:rotate(15deg)}
-
-/* ── TABS modernas: pill nav com indicador animado ── */
-.tabs{
-  background:rgba(239,229,205,.92);
-  backdrop-filter:blur(12px) saturate(1.2);
-  -webkit-backdrop-filter:blur(12px) saturate(1.2);
-  border-bottom:1px solid var(--border-subtle);
-  padding:8px 4px 0;
-  gap:2px;
-  box-shadow:0 1px 0 rgba(255,255,255,.5) inset;
-}
-.tab{
-  border-radius:var(--r-md) var(--r-md) 0 0;
-  padding:13px 18px 14px;
-  transition:color var(--t-base), background var(--t-base);
-  position:relative;
-}
-.tab:hover{
-  color:var(--ink-mid);
-  background:rgba(255,255,255,.4);
-}
-.tab.active{
-  color:var(--ink-deep);
-  background:linear-gradient(180deg, rgba(255,255,255,.85), rgba(255,255,255,.5));
-}
-.tab.active::after{
-  height:3px;left:14px;right:14px;bottom:0;
-  background:linear-gradient(90deg, var(--brass), var(--brass-bright));
-  border-radius:2px 2px 0 0;
-  box-shadow:0 0 8px rgba(160,120,50,.4);
-}
-
-/* ── CARDS com depth real (sombra multi-layer) ── */
-.gps-card,.anchor-card,.export-card,.empty,.entry,.contact-card{
-  border-radius:var(--r-lg);
-  box-shadow:var(--sh-2);
-  transition:box-shadow var(--t-base), transform var(--t-base);
-  overflow:hidden;
-}
-.entry{
-  border-radius:var(--r-md);
-  box-shadow:var(--sh-1);
-  border-color:var(--border-subtle);
-}
-.entry:hover{box-shadow:var(--sh-2)}
-
-.gps-card,.anchor-card{
-  border-radius:var(--r-lg);
-  background:linear-gradient(165deg, #0e2a3d 0%, #1a3d54 100%);
-  border:1px solid rgba(200,159,84,.4);
-  box-shadow:
-    inset 0 1px 0 rgba(200,159,84,.2),
-    var(--sh-3),
-    0 0 32px rgba(31,91,118,.15);
-}
-.gps-card::before,.anchor-card::before{display:none}
-.gps-card.idle{
-  background:linear-gradient(165deg, #fbf5e2 0%, #f3e7c4 100%);
-  border:1px solid var(--border-subtle);
-  box-shadow:var(--sh-2);
-}
-.gps-stats,.anchor-stats-bar{
-  background:rgba(0,0,0,.15);
-  padding:14px;
-  border-radius:var(--r-md);
-  margin:12px 0 14px;
-}
-.gps-card.idle .gps-stats{background:rgba(184,156,108,.08)}
-
-.export-card,.empty{
-  background:var(--surface-elevated);
-  backdrop-filter:blur(8px);
-  -webkit-backdrop-filter:blur(8px);
-  border-radius:var(--r-lg);
-  border:1px solid var(--border-subtle);
-  box-shadow:var(--sh-2);
-}
-.export-card:hover{box-shadow:var(--sh-3)}
-
-/* ── BUTTONS premium com lift e ripple ── */
-.btn{
-  border-radius:var(--r-md);
-  transition:all var(--t-base);
-  font-weight:600;
-  letter-spacing:.12em;
-  position:relative;
-  overflow:hidden;
-}
-.btn:hover{
-  transform:translateY(-1px);
-  box-shadow:var(--sh-2);
-}
-.btn:active{transform:translateY(0); box-shadow:var(--sh-1)}
-.btn:focus-visible{
-  outline:none;
-  box-shadow:var(--sh-glow);
-}
-.btn-primary{
-  background:linear-gradient(180deg, #143a52 0%, #0e2a3d 100%);
-  border-color:rgba(0,0,0,.4);
-  box-shadow:
-    inset 0 1px 0 rgba(255,255,255,.10),
-    var(--sh-1);
-}
-.btn-primary:hover{
-  background:linear-gradient(180deg, #1a4a66 0%, #143a52 100%);
-  box-shadow:
-    inset 0 1px 0 rgba(255,255,255,.15),
-    var(--sh-3);
-}
-.btn-brass{
-  background:linear-gradient(180deg, #b88a3c 0%, #8d6826 100%);
-  border-color:rgba(0,0,0,.25);
-  box-shadow:
-    inset 0 1px 0 rgba(255,255,255,.18),
-    var(--sh-1);
-}
-.btn-brass:hover{
-  background:linear-gradient(180deg, #c89954 0%, #a07832 100%);
-  box-shadow:
-    inset 0 1px 0 rgba(255,255,255,.25),
-    var(--sh-3);
-}
-.btn-danger{
-  background:transparent;
-  border:1px solid var(--storm);
-  color:var(--storm);
-}
-.btn-danger:hover{
-  background:linear-gradient(180deg, #a04545 0%, #8c3434 100%);
-  color:#fff;
-  border-color:transparent;
-}
-
-/* ── FIELDS modernos com focus ring ── */
-.field input,.field textarea,.field select{
-  border-radius:var(--r-md);
-  background:var(--surface-2);
-  border:1px solid var(--border-subtle);
-  padding:12px 14px;
-  font-size:15px;
-  transition:border-color var(--t-base), box-shadow var(--t-base), background var(--t-base);
-}
-.field input:hover,.field textarea:hover,.field select:hover{
-  border-color:var(--border-strong);
-}
-.field input:focus,.field textarea:focus,.field select:focus{
-  border-color:var(--brass);
-  background:#fff;
-  box-shadow:var(--sh-glow);
-}
-.field-label{font-size:11px; font-weight:600; color:var(--ink-mid); margin-bottom:6px}
-
-/* ── MODAL com depth maior + entrance polida ── */
-.modal-backdrop{
-  background:rgba(14,42,61,.65);
-  backdrop-filter:blur(8px) saturate(1.1);
-  -webkit-backdrop-filter:blur(8px) saturate(1.1);
-}
-.modal{
-  border-radius:var(--r-xl) var(--r-xl) 0 0;
-  border-top:none;
-  box-shadow:
-    0 -4px 12px rgba(0,0,0,.05),
-    0 -16px 48px rgba(14,42,61,.25);
-  background-image:none;
-  background:linear-gradient(180deg, #fcf6e4 0%, #f8f0d4 100%);
-}
-@media(min-width:600px){
-  .modal{
-    border-radius:var(--r-xl);
-    box-shadow:0 24px 64px rgba(14,42,61,.30), 0 8px 16px rgba(14,42,61,.10);
-  }
-}
-.modal-head{
-  background:transparent;
-  padding:18px 22px;
-  border-bottom:1px solid var(--border-subtle);
-}
-.modal-body{padding:22px}
-.modal-foot{
-  background:rgba(0,0,0,.02);
-  padding:16px 22px;
-}
-
-/* ── FAB redesenhado: floating elegante ── */
-.fab{
-  border-radius:var(--r-pill) !important;
-  background:linear-gradient(135deg, #b88a3c 0%, #8d6826 100%) !important;
-  box-shadow:
-    0 4px 12px rgba(160,120,50,.4),
-    0 12px 32px rgba(14,42,61,.15),
-    inset 0 1px 0 rgba(255,255,255,.25) !important;
-  transition:transform var(--t-base), box-shadow var(--t-base);
-}
-.fab:hover{
-  transform:translateY(-2px) scale(1.05);
-  box-shadow:
-    0 8px 20px rgba(160,120,50,.5),
-    0 16px 40px rgba(14,42,61,.20),
-    inset 0 1px 0 rgba(255,255,255,.30);
-}
-.fab:active{transform:translateY(0) scale(1)}
-
-/* ── STATS GRID polido ── */
-.stats{
-  border-radius:var(--r-lg);
-  background:transparent;
-  border:none;
-  gap:10px;
-  box-shadow:none;
-  display:grid;
-}
-.stat{
-  border-radius:var(--r-md);
-  background:var(--surface-elevated);
-  backdrop-filter:blur(8px);
-  -webkit-backdrop-filter:blur(8px);
-  border:1px solid var(--border-subtle);
-  box-shadow:var(--sh-1);
-  padding:16px 16px 14px;
-  transition:transform var(--t-base), box-shadow var(--t-base);
-}
-.stat:hover{transform:translateY(-2px); box-shadow:var(--sh-2)}
-.stat::before{
-  height:3px; border-radius:2px;
-  background:linear-gradient(90deg, var(--brass), var(--brass-bright));
-  transform:scaleX(.5);
-  transition:transform var(--t-base);
-}
-.stat:hover::before{transform:scaleX(1)}
-
-/* ── EMPTY STATE elegante ── */
-.empty{padding:56px 28px; border-radius:var(--r-lg)}
-.empty::before,.empty::after{display:none}
-.empty-rose{
-  width:64px; height:64px;
-  filter:drop-shadow(0 4px 12px rgba(160,120,50,.25));
-  margin-bottom:18px;
-}
-.empty-title{font-size:21px}
-.empty-text{font-size:14px; line-height:1.65; opacity:.85}
-
-/* ── STATUS PILLS arredondados ── */
-.status-pill{
-  border-radius:var(--r-pill);
-  padding:3px 10px;
-  font-size:9.5px;
-  letter-spacing:.16em;
-}
-
-/* ── ALERTS com sombra sutil ── */
-.alert{
-  border-radius:var(--r-md);
-  border:1px solid var(--border-subtle);
-  border-left-width:4px;
-  box-shadow:var(--sh-1);
-  padding:14px 16px;
-  transition:transform var(--t-base);
-}
-.alert:hover{transform:translateX(2px)}
-
-/* ── PASSENGER PILLS modernos ── */
-.pax-pill,.pax-tag,.channel-pill{
-  border-radius:var(--r-pill);
-  padding:4px 12px;
-}
-
-/* ── ICON BUTTONS polidos ── */
-.icon-btn{
-  border-radius:var(--r-md);
-  transition:all var(--t-base);
-}
-.icon-btn:hover{
-  background:rgba(184,156,108,.15);
-  transform:scale(1.08);
-}
-
-/* ── MEDIA THUMBS ── */
-.media-thumb,.media-item{
-  border-radius:var(--r-md);
-  transition:transform var(--t-base), box-shadow var(--t-base);
-}
-.media-thumb:hover,.media-item:hover{
-  transform:scale(1.04);
-  box-shadow:var(--sh-2);
-  z-index:2;
-}
-
-/* ── SENSOR WIDGET premium (top-right) ── */
-#sensors-widget{
-  border-radius:var(--r-lg) !important;
-  background:linear-gradient(165deg, rgba(14,42,61,.92), rgba(20,58,82,.92)) !important;
-  backdrop-filter:blur(20px) saturate(1.4);
-  -webkit-backdrop-filter:blur(20px) saturate(1.4);
-  box-shadow:
-    0 4px 12px rgba(0,0,0,.15),
-    0 8px 24px rgba(14,42,61,.18),
-    inset 0 1px 0 rgba(200,159,84,.2) !important;
-  border:1px solid rgba(200,159,84,.18);
-  transition:transform var(--t-base), box-shadow var(--t-base);
-}
-#sensors-widget:hover{
-  transform:translateY(-1px);
-  box-shadow:
-    0 8px 16px rgba(0,0,0,.20),
-    0 16px 32px rgba(14,42,61,.22);
-}
-
-/* ── AUTH BOX polido ── */
-#auth-box{
-  background:linear-gradient(165deg, rgba(255,255,255,.5), rgba(255,255,255,.2));
-  backdrop-filter:blur(8px);
-  -webkit-backdrop-filter:blur(8px);
-  border-radius:var(--r-md);
-  padding:14px;
-  margin-top:14px !important;
-  border:1px solid var(--border-subtle);
-  border-top:1px solid var(--border-subtle) !important;
-}
-
-/* ── CURSOR pointer em interativos críticos ── */
-.tab,.btn,.fab,.icon-btn,.media-btn,.media-thumb,.media-item,.alert,
-.entry-actions button,.modal-head button,.pax-tag button{
-  cursor:pointer;
-}
-
-/* ── FOCUS visible global ── */
-*:focus-visible{
-  outline:2px solid var(--brass);
-  outline-offset:2px;
-  border-radius:var(--r-sm);
-}
-
-/* ── REDUCED MOTION (accessibility) ── */
-@media (prefers-reduced-motion:reduce){
-  *,*::before,*::after{
-    animation-duration:.01ms !important;
-    animation-iteration-count:1 !important;
-    transition-duration:.01ms !important;
-  }
-}
-
-/* ── LARGE SCREENS: mais respiro ── */
-@media(min-width:780px){
-  .container{padding:32px 24px 96px}
-  .stats{grid-template-columns:repeat(4,1fr)}
-}
-
-/* ── SCROLLBAR sutil (Firefox + WebKit) ── */
-*{scrollbar-width:thin; scrollbar-color:var(--brass) transparent}
-::-webkit-scrollbar{width:8px; height:8px}
-::-webkit-scrollbar-track{background:transparent}
-::-webkit-scrollbar-thumb{background:rgba(160,120,50,.35); border-radius:var(--r-pill)}
-::-webkit-scrollbar-thumb:hover{background:rgba(160,120,50,.55)}
-
-/* ── TYPOGRAPHY refinement ── */
-.boat-name{font-size:26px}
-.entry-title{font-size:20px; line-height:1.25}
-.modal-head h3{font-size:20px}
-.empty-title{margin-bottom:6px}
-
-/* ── SECTION HEADER sutilmente refinado ── */
-.section-header h2{font-size:11px; font-weight:600; color:var(--ink-mid)}
-
-/* ── TOOLBAR refinada ── */
-.toolbar{gap:10px; margin-bottom:18px}
 </style>
 </head>
 <body>
@@ -1328,7 +899,6 @@ Marque zonas de proibição (alarme alto) ou atenção (aviso suave). Detecção
 <button class="btn btn-block btn-danger" onclick="cloudDisconnect()">Desconectar</button>
 </div>
 <div id="cloud-info" style="font-family:var(--f-mono);font-size:10.5px;color:var(--sepia);margin-top:10px;letter-spacing:.04em;line-height:1.6"></div>
-<div id="auth-box" style="margin-top:14px;padding-top:14px;border-top:1px dashed var(--rule)"></div>
 </div>
 <div class="export-card" style="border-color:var(--algae);background:linear-gradient(180deg,var(--bg-paper),var(--algae-soft))">
 <div class="export-card-title">📡 Compartilhar posição em tempo real</div>
@@ -1719,7 +1289,7 @@ Hora: {HORA}</textarea>
 <div class="zone-toast" id="zone-toast"></div>
 
 <script>
-const state={boat:{name:'Shivao',model:''},trips:[],maint:[],pending:[],passengers:[],contacts:[],alarmTemplate:'🚨 ALERTA: Shivao saiu da posição de fundeio.\nEstou em {LAT}, {LNG}\nMapa: https://maps.google.com/?q={LAT},{LNG}\nHora: {HORA}',cloud:{url:'',token:'',lastSync:0},auth:null,license:null,webhooks:{telegram:{token:'',chatIds:''},discord:{url:''},generic:{url:''}},anchorHistory:[],zones:[],checklists:[],weatherCfg:{windyKey:'',model:'gfs'}};
+const state={boat:{name:'Shivao',model:''},trips:[],maint:[],pending:[],passengers:[],contacts:[],alarmTemplate:'🚨 ALERTA: Shivao saiu da posição de fundeio.\nEstou em {LAT}, {LNG}\nMapa: https://maps.google.com/?q={LAT},{LNG}\nHora: {HORA}',cloud:{url:'',token:'',lastSync:0},webhooks:{telegram:{token:'',chatIds:''},discord:{url:''},generic:{url:''}},anchorHistory:[],zones:[],checklists:[],weatherCfg:{windyKey:'',model:'gfs'}};
 const STORAGE_KEY='diario_bordo_v3';
 const TRACKING_KEY='diario_tracking_v3';
 const ANCHOR_KEY='diario_anchor_v3';
@@ -1867,7 +1437,7 @@ function renderGPSBanner(){
 
 function bindHeader(){const n=document.getElementById('boat-name'),m=document.getElementById('boat-model');n.value=state.boat.name||'Shivao';m.value=state.boat.model||'';n.addEventListener('input',e=>{state.boat.name=e.target.value;saveState()});m.addEventListener('input',e=>{state.boat.model=e.target.value;saveState()})}
 
-document.querySelectorAll('.tab').forEach(t=>{t.addEventListener('click',()=>{document.querySelectorAll('.tab').forEach(x=>x.classList.remove('active'));document.querySelectorAll('.panel').forEach(x=>x.classList.remove('active'));t.classList.add('active');document.getElementById('panel-'+t.dataset.panel).classList.add('active');document.getElementById('fab').style.display=['trips','maintenance','pending','zones'].includes(t.dataset.panel)?'flex':'none';if(t.dataset.panel==='export'){updateStorageInfo();bindCloudInputs();renderCloudStatus();renderShareList();bindWeatherInputs();renderAuthBox()}if(t.dataset.panel==='zones')renderZones();window.scrollTo(0,0)})});
+document.querySelectorAll('.tab').forEach(t=>{t.addEventListener('click',()=>{document.querySelectorAll('.tab').forEach(x=>x.classList.remove('active'));document.querySelectorAll('.panel').forEach(x=>x.classList.remove('active'));t.classList.add('active');document.getElementById('panel-'+t.dataset.panel).classList.add('active');document.getElementById('fab').style.display=['trips','maintenance','pending','zones'].includes(t.dataset.panel)?'flex':'none';if(t.dataset.panel==='export'){updateStorageInfo();bindCloudInputs();renderCloudStatus();renderShareList();bindWeatherInputs()}if(t.dataset.panel==='zones')renderZones();window.scrollTo(0,0)})});
 function quickAdd(){const a=document.querySelector('.tab.active').dataset.panel;if(a==='maintenance')openMaintModal();else if(a==='pending')openPendingModal();else if(a==='zones')openZoneEditor();else openTripModal()}
 function openModal(id){document.getElementById(id).classList.add('show')}
 function closeModal(id){document.getElementById(id).classList.remove('show')}
@@ -2788,198 +2358,11 @@ function cloudUrl(path){return state.cloud.url.replace(/\/$/,'')+path}
 
 async function cloudFetch(path,opts={}){
   if(!cloudConfigured())throw new Error('Nuvem não configurada');
-  // Usa JWT se logado (multi-tenant SaaS), senão BOAT_TOKEN legado (single-tenant pessoal)
-  const auth=(state.auth&&state.auth.accessToken)?state.auth.accessToken:state.cloud.token;
-  const doFetch=()=>fetch(cloudUrl(path),{...opts,headers:{'Authorization':`Bearer ${auth}`,'Content-Type':'application/json',...(opts.headers||{})}});
-  let r=await doFetch();
-  // 401 com JWT? Tenta refresh + retry 1×
-  if(r.status===401&&state.auth&&state.auth.refreshToken){
-    const ok=await authRefresh();
-    if(ok){const auth2=state.auth.accessToken;r=await fetch(cloudUrl(path),{...opts,headers:{'Authorization':`Bearer ${auth2}`,'Content-Type':'application/json',...(opts.headers||{})}})}
-  }
-  if(!r.ok){let detail='';try{const j=await r.clone().json();detail=j.error||JSON.stringify(j.issues||{})}catch{}throw new Error(`HTTP ${r.status}${detail?' · '+detail:''}`)}
+  const r=await fetch(cloudUrl(path),{...opts,headers:{'Authorization':`Bearer ${state.cloud.token}`,'Content-Type':'application/json',...(opts.headers||{})}});
+  if(!r.ok)throw new Error(`HTTP ${r.status}`);
   return r;
 }
 
-// ===== Auth (multi-tenant SaaS — Login/Signup) =====
-async function authSignup(email,password,name){
-  if(!cloudConfigured())throw new Error('Configure URL do servidor primeiro');
-  const r=await fetch(cloudUrl('/api/auth/signup'),{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({email,password,name})});
-  const j=await r.json();
-  if(!r.ok)throw new Error(j.error||`HTTP ${r.status}`);
-  state.auth={accessToken:j.accessToken,refreshToken:j.refreshToken,user:j.user};
-  saveState();
-  await refreshLicense();
-  renderAuthBox();
-}
-
-async function authLogin(email,password){
-  if(!cloudConfigured())throw new Error('Configure URL do servidor primeiro');
-  const r=await fetch(cloudUrl('/api/auth/login'),{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({email,password})});
-  const j=await r.json();
-  if(!r.ok)throw new Error(j.error||`HTTP ${r.status}`);
-  state.auth={accessToken:j.accessToken,refreshToken:j.refreshToken,user:j.user};
-  saveState();
-  await refreshLicense();
-  renderAuthBox();
-}
-
-async function authRefresh(){
-  if(!state.auth||!state.auth.refreshToken)return false;
-  try{
-    const r=await fetch(cloudUrl('/api/auth/refresh'),{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({refreshToken:state.auth.refreshToken})});
-    if(!r.ok){state.auth=null;saveState();return false}
-    const j=await r.json();
-    state.auth.accessToken=j.accessToken;
-    saveState();
-    return true;
-  }catch{return false}
-}
-
-function authLogout(){
-  state.auth=null;
-  state.license=null;
-  saveState();
-  renderAuthBox();
-  toast('Sessão encerrada');
-}
-
-async function refreshLicense(){
-  try{
-    const r=await cloudFetch('/api/license');
-    state.license=await r.json();
-    saveState();
-  }catch(e){console.warn('license fetch:',e.message)}
-}
-
-function renderAuthBox(){
-  const box=document.getElementById('auth-box');
-  if(!box)return;
-  if(state.auth&&state.auth.user){
-    const u=state.auth.user;
-    const lic=state.license||{plan:'free',features:[]};
-    const planLabel={free:'Free (Âncora)',pro:'Pro',captain:'Captain'}[lic.plan]||lic.plan;
-    box.innerHTML=`<div style="font-family:var(--f-mono);font-size:11px;line-height:1.7"><div><strong>${escapeHtml(u.email)}</strong> ${u.name?'· '+escapeHtml(u.name):''}</div><div>Plano: <strong style="color:var(--brass)">${planLabel}</strong> ${lic.expires_at?'· expira '+new Date(lic.expires_at).toLocaleDateString('pt-BR'):''}</div></div><button class="btn btn-block" style="margin-top:10px" onclick="authLogout()">Sair</button>${lic.plan==='free'?'<button class="btn btn-block btn-brass" style="margin-top:6px" onclick="openUpgradeModal()">⚡ Fazer upgrade pra Pro</button>':''}`;
-  }else{
-    box.innerHTML=`
-<div style="font-family:var(--f-mono);font-size:11px;color:var(--sepia);margin-bottom:10px;letter-spacing:.04em">CONTA · multi-usuário SaaS</div>
-<div style="display:flex;gap:6px;margin-bottom:10px">
-  <button class="btn btn-sm" id="auth-tab-login" onclick="document.getElementById('auth-form-login').style.display='block';document.getElementById('auth-form-signup').style.display='none';this.classList.add('btn-brass');document.getElementById('auth-tab-signup').classList.remove('btn-brass')" style="flex:1">Entrar</button>
-  <button class="btn btn-sm" id="auth-tab-signup" onclick="document.getElementById('auth-form-signup').style.display='block';document.getElementById('auth-form-login').style.display='none';this.classList.add('btn-brass');document.getElementById('auth-tab-login').classList.remove('btn-brass')" style="flex:1">Cadastrar</button>
-</div>
-<div id="auth-form-login">
-  <div class="field"><label class="field-label">Email</label><input type="email" id="login-email" placeholder="seu@email.com"></div>
-  <div class="field"><label class="field-label">Senha</label><input type="password" id="login-pwd" placeholder="••••••••"></div>
-  <button class="btn btn-block btn-primary" onclick="onAuthLoginClick()">Entrar</button>
-</div>
-<div id="auth-form-signup" style="display:none">
-  <div class="field"><label class="field-label">Email</label><input type="email" id="signup-email" placeholder="seu@email.com"></div>
-  <div class="field"><label class="field-label">Nome (opcional)</label><input type="text" id="signup-name" placeholder="Seu nome"></div>
-  <div class="field"><label class="field-label">Senha (mín 8 chars)</label><input type="password" id="signup-pwd" placeholder="••••••••"></div>
-  <button class="btn btn-block btn-primary" onclick="onAuthSignupClick()">Criar conta</button>
-</div>
-<div id="auth-msg" style="margin-top:8px;font-size:11px;color:var(--storm)"></div>`;
-    document.getElementById('auth-tab-login').classList.add('btn-brass');
-  }
-}
-
-async function onAuthLoginClick(){
-  const e=document.getElementById('login-email').value.trim();
-  const p=document.getElementById('login-pwd').value;
-  const msg=document.getElementById('auth-msg');
-  msg.style.color='var(--storm)';msg.textContent='';
-  try{await authLogin(e,p);msg.style.color='var(--algae)';msg.textContent='Logado!';toast('Bem-vindo')}catch(err){msg.textContent=err.message}
-}
-
-// ===== Upgrade modal (Asaas billing) =====
-let _upgradeChosen={plan:'pro',cycle:'yearly',billingType:'PIX'};
-
-async function openUpgradeModal(){
-  if(!state.auth){toast('Faça login primeiro');return}
-  // Cria modal dinamicamente (não precisa adicionar HTML no body)
-  const existing=document.getElementById('upgrade-modal');
-  if(existing)existing.remove();
-  const m=document.createElement('div');
-  m.id='upgrade-modal';
-  m.className='modal-backdrop';
-  m.style.cssText='align-items:center;justify-content:center;display:flex;z-index:9999';
-  m.innerHTML=`<div class="modal" style="max-width:420px;padding:24px"><h3 style="margin:0 0 12px;font-family:var(--f-display),Georgia,serif;font-style:italic;color:var(--brass)">Upgrade · escolha seu plano</h3>
-  <div style="display:grid;grid-template-columns:1fr 1fr;gap:8px;margin:12px 0">
-    <button id="up-pro" class="btn" onclick="_upgradeChoose('pro')" style="padding:10px;text-align:left"><strong>Pro</strong><br><small style="opacity:.8">R\$19/mês ou R\$149/ano</small></button>
-    <button id="up-captain" class="btn" onclick="_upgradeChoose('captain')" style="padding:10px;text-align:left"><strong>Captain</strong><br><small style="opacity:.8">R\$39/mês ou R\$299/ano</small></button>
-  </div>
-  <div style="display:flex;gap:6px;margin-bottom:10px">
-    <button id="up-monthly" class="btn btn-sm" onclick="_upgradeCycle('monthly')" style="flex:1">Mensal</button>
-    <button id="up-yearly" class="btn btn-sm" onclick="_upgradeCycle('yearly')" style="flex:1">Anual (-35%)</button>
-  </div>
-  <div style="display:flex;gap:6px;margin-bottom:14px">
-    <button id="up-pix" class="btn btn-sm" onclick="_upgradeType('PIX')" style="flex:1">PIX (instantâneo)</button>
-    <button id="up-cc" class="btn btn-sm" onclick="_upgradeType('CREDIT_CARD')" style="flex:1">Cartão</button>
-    <button id="up-bol" class="btn btn-sm" onclick="_upgradeType('BOLETO')" style="flex:1">Boleto</button>
-  </div>
-  <div id="up-summary" style="font-family:var(--f-mono);font-size:12px;color:var(--ink);background:var(--bg-aged);padding:10px;border-radius:4px;margin-bottom:12px"></div>
-  <button class="btn btn-block btn-primary" onclick="_doCheckout()">Continuar pra pagamento</button>
-  <button class="btn btn-block" onclick="document.getElementById('upgrade-modal').remove()" style="margin-top:6px">Cancelar</button>
-  <div id="up-result" style="margin-top:14px"></div>
-  </div>`;
-  document.body.appendChild(m);
-  _upgradeRefresh();
-}
-function _upgradeChoose(p){_upgradeChosen.plan=p;_upgradeRefresh()}
-function _upgradeCycle(c){_upgradeChosen.cycle=c;_upgradeRefresh()}
-function _upgradeType(t){_upgradeChosen.billingType=t;_upgradeRefresh()}
-function _upgradeRefresh(){
-  const c=_upgradeChosen;
-  ['up-pro','up-captain'].forEach(i=>document.getElementById(i)?.classList.remove('btn-brass'));
-  ['up-monthly','up-yearly'].forEach(i=>document.getElementById(i)?.classList.remove('btn-brass'));
-  ['up-pix','up-cc','up-bol'].forEach(i=>document.getElementById(i)?.classList.remove('btn-brass'));
-  document.getElementById('up-'+c.plan)?.classList.add('btn-brass');
-  document.getElementById('up-'+c.cycle)?.classList.add('btn-brass');
-  document.getElementById('up-'+(c.billingType==='PIX'?'pix':c.billingType==='CREDIT_CARD'?'cc':'bol'))?.classList.add('btn-brass');
-  const prices={pro:{monthly:19,yearly:149},captain:{monthly:39,yearly:299}};
-  const v=prices[c.plan][c.cycle];
-  document.getElementById('up-summary').textContent=`Plano ${c.plan==='pro'?'Pro':'Captain'} · ${c.cycle==='monthly'?'mensal':'anual'} · R$ ${v.toFixed(2)} via ${c.billingType==='PIX'?'PIX':c.billingType==='CREDIT_CARD'?'Cartão':'Boleto'}`;
-}
-async function _doCheckout(){
-  const out=document.getElementById('up-result');out.innerHTML='<em>Criando cobrança…</em>';
-  try{
-    const r=await cloudFetch('/api/billing/checkout',{method:'POST',body:JSON.stringify(_upgradeChosen)});
-    const data=await r.json();
-    let html='';
-    if(data.pix&&data.pix.qrCode){
-      html=`<div style="text-align:center"><strong>Escaneie o QR Code PIX:</strong><br><img src="data:image/png;base64,${data.pix.qrCode}" style="max-width:240px;margin:10px auto;border:4px solid #fff;border-radius:8px"><br><div style="font-family:var(--f-mono);font-size:10px;word-break:break-all;background:var(--bg-aged);padding:6px;border-radius:4px;margin:6px 0"><strong>Copia e cola:</strong><br>${data.pix.payload||''}</div><button class="btn btn-sm" onclick="navigator.clipboard.writeText('${data.pix.payload||''}').then(()=>toast('PIX copiado!'))">Copiar PIX</button></div>`;
-    }else if(data.invoiceUrl){
-      html=`<a href="${data.invoiceUrl}" target="_blank" class="btn btn-block btn-primary">Abrir página de pagamento ↗</a>`;
-    }
-    html+=`<div style="margin-top:10px;font-size:11px;opacity:.8">Após pagar, sua licença ativa em segundos. Pode fechar esta tela e voltar quando quiser.</div>`;
-    html+=`<button class="btn btn-block" style="margin-top:10px" onclick="checkPaymentStatus('${data.paymentId}')">Verificar pagamento</button>`;
-    out.innerHTML=html;
-  }catch(e){out.innerHTML='<span style="color:var(--storm)">Erro: '+e.message+'</span>'}
-}
-async function checkPaymentStatus(paymentId){
-  try{
-    const r=await cloudFetch('/api/billing/payment/'+paymentId);
-    const p=await r.json();
-    if(['RECEIVED','CONFIRMED','RECEIVED_IN_CASH'].includes(p.status)){
-      toast('Pago! Licença ativada 🎉');
-      await refreshLicense();renderAuthBox();
-      document.getElementById('upgrade-modal')?.remove();
-    }else{
-      toast('Status: '+p.status);
-    }
-  }catch(e){toast('Erro: '+e.message)}
-}
-
-async function onAuthSignupClick(){
-  const e=document.getElementById('signup-email').value.trim();
-  const n=document.getElementById('signup-name').value.trim();
-  const p=document.getElementById('signup-pwd').value;
-  const msg=document.getElementById('auth-msg');
-  msg.style.color='var(--storm)';msg.textContent='';
-  if(p.length<8){msg.textContent='Senha precisa de no mínimo 8 caracteres';return}
-  try{await authSignup(e,p,n);msg.style.color='var(--algae)';msg.textContent='Conta criada e logado!';toast('Conta criada')}catch(err){msg.textContent=err.message}
-}
-
 function bindCloudInputs(){
   const u=document.getElementById('cloud-url'),t=document.getElementById('cloud-token');
   if(!u||!t)return;
@@ -3570,51 +2953,8 @@ async function testWindyKey(){
   }
 }
 
-// ===== Capacitor adapter (detecta nativo + usa APIs nativas com fallback Web) =====
-const isNative=()=>!!(window.Capacitor&&window.Capacitor.isNativePlatform&&window.Capacitor.isNativePlatform());
-const nativePlatform=()=>(window.Capacitor&&window.Capacitor.getPlatform)?window.Capacitor.getPlatform():'web';
-
-// Geolocation: Capacitor.Geolocation (background-capable) > navigator.geolocation
-async function nativeWatchPosition(onUpdate,onError,opts){
-  if(isNative()&&window.Capacitor.Plugins.Geolocation){
-    try{
-      const{Geolocation}=window.Capacitor.Plugins;
-      // Pede permission upfront
-      const perm=await Geolocation.requestPermissions({permissions:['location']}).catch(()=>({location:'denied'}));
-      if(perm.location==='denied'){onError({code:1,PERMISSION_DENIED:1,message:'Permissão negada'});return null}
-      const id=await Geolocation.watchPosition({enableHighAccuracy:!!opts?.enableHighAccuracy,timeout:opts?.timeout||15000,maximumAge:opts?.maximumAge||0},(pos,err)=>{
-        if(err){onError({code:err.code||3,message:err.message||'GPS erro',PERMISSION_DENIED:1,POSITION_UNAVAILABLE:2,TIMEOUT:3});return}
-        onUpdate({coords:{latitude:pos.coords.latitude,longitude:pos.coords.longitude,accuracy:pos.coords.accuracy,speed:pos.coords.speed},timestamp:pos.timestamp});
-      });
-      return{native:true,id};
-    }catch(e){console.warn('[native gps] fallback to web:',e.message)}
-  }
-  // Fallback web
-  const id=navigator.geolocation.watchPosition(onUpdate,onError,opts);
-  return{native:false,id};
-}
-async function nativeClearWatch(handle){
-  if(!handle)return;
-  if(handle.native&&isNative()){try{await window.Capacitor.Plugins.Geolocation.clearWatch({id:handle.id})}catch(e){}}
-  else if(handle.id!=null)navigator.geolocation.clearWatch(handle.id);
-}
-
-// Local notifications: nativo no Android, fallback toast no web
-async function nativeNotify(title,body,id){
-  if(isNative()&&window.Capacitor.Plugins.LocalNotifications){
-    try{
-      const{LocalNotifications}=window.Capacitor.Plugins;
-      await LocalNotifications.requestPermissions().catch(()=>{});
-      await LocalNotifications.schedule({notifications:[{id:id||Date.now()%2147483647,title,body,sound:null,smallIcon:'ic_stat_icon_config_sample'}]});
-      return;
-    }catch(e){console.warn('[native notify]',e.message)}
-  }
-  toast(title+(body?': '+body:''));
-}
-
-// ===== Service Worker (offline real — só registra no Web, no Capacitor o WebView usa cache nativo) =====
+// ===== Service Worker (offline real) =====
 function initServiceWorker(){
-  if(isNative())return; // Capacitor não usa SW (tem cache próprio + APIs nativas)
   if(!('serviceWorker' in navigator))return;
   navigator.serviceWorker.register('/sw.js').then(reg=>{
     console.log('[SW] registered:',reg.scope);

mobile/.gitignore

@@ -1,19 +0,0 @@
-# Capacitor
-node_modules/
-www/
-android/.gradle/
-android/local.properties
-android/app/release/
-android/app/build/
-android/build/
-android/.idea/
-android/captures/
-android/*.iml
-ios/App/build/
-ios/App/Pods/
-ios/App/output/
-
-# Keystore (CRÍTICO — nunca commitar chaves privadas)
-*.keystore
-*.jks
-keystore-passwords.txt

mobile/README.md

@@ -1,213 +0,0 @@
-# Shivao Mobile · Capacitor Android (e iOS futuro)
-
-Wrapper Capacitor pra empacotar o Shivao web como app nativo Android (.apk pra sideload, .aab pra Play Store) e iOS no futuro.
-
-**Arquitetura:** o frontend HTML mora em `app/diario-bordo.html` (1 fonte de verdade). Um script (`scripts/sync-html.mjs`) copia pra `server/public/index.html` (Express serve) e `mobile/www/index.html` (Capacitor empacota).
-
----
-
-## 🛠️ Pré-requisitos (instalar 1 vez)
-
-### Windows (recomendado pra você)
-
-1. **JDK 17+** — Adoptium Temurin é a melhor escolha:
-   ```
-   winget install EclipseAdoptium.Temurin.17.JDK
-   ```
-   Verificar: `java -version` deve mostrar `17.x`
-
-2. **Android Studio** — instala SDK + emulador + tudo:
-   ```
-   winget install Google.AndroidStudio
-   ```
-   Após abrir, ir em **Tools → SDK Manager** e instalar:
-   - Android SDK Platform 34 (Android 14)
-   - Android SDK Build-Tools 34.0.0
-   - Android SDK Command-line Tools (latest)
-   - Android SDK Platform-Tools
-
-3. **Variáveis de ambiente** (Painel de Controle → Sistema → Variáveis de Ambiente):
-   - `JAVA_HOME=C:\Program Files\Eclipse Adoptium\jdk-17.0.x` (ajuste path)
-   - `ANDROID_HOME=C:\Users\pontu\AppData\Local\Android\Sdk`
-   - Adicionar ao PATH: `%JAVA_HOME%\bin`, `%ANDROID_HOME%\platform-tools`
-
-4. Reiniciar terminal. Verificar:
-   ```bash
-   java -version
-   adb --version
-   ```
-
-**Tempo total de instalação:** ~30-45 min (download de ~3GB).
-
----
-
-## 🚀 Build inicial (faz 1 vez)
-
-```bash
-cd mobile
-
-# Instala deps Capacitor + plugins
-npm install
-
-# Sincroniza HTML do app/ pra mobile/www/
-node ../scripts/sync-html.mjs
-
-# Adiciona projeto Android (gera mobile/android/)
-npx cap add android
-
-# Sincroniza plugins nativos no projeto Android
-npx cap sync android
-```
-
-### Permissões Android (editar manualmente após `cap add android`)
-
-Abra `mobile/android/app/src/main/AndroidManifest.xml` e adicione DENTRO do `<manifest>`:
-
-```xml
-<uses-permission android:name="android.permission.INTERNET" />
-<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
-<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
-<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
-<uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" />
-<uses-permission android:name="android.permission.VIBRATE" />
-<uses-permission android:name="android.permission.WAKE_LOCK" />
-<uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
-<uses-permission android:name="android.permission.FOREGROUND_SERVICE_LOCATION" />
-<uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
-
-<uses-feature android:name="android.hardware.location.gps" android:required="false" />
-<uses-feature android:name="android.hardware.sensor.barometer" android:required="false" />
-<uses-feature android:name="android.hardware.sensor.compass" android:required="false" />
-```
-
----
-
-## 🔐 Keystore PERMANENTE (CRÍTICO — gera 1 vez, guarda pra sempre)
-
-```bash
-cd mobile/android/app
-keytool -genkey -v -keystore shivao-release.keystore -alias shivao -keyalg RSA -keysize 2048 -validity 10000 \
-  -dname "CN=Karlao, O=PontualTech, L=Sao Paulo, ST=SP, C=BR"
-# Senha forte (mínimo 8 chars). ANOTE em local seguro — perda = perda permanente do app na Play Store.
-```
-
-**BACKUP IMEDIATO:**
-```bash
-cp shivao-release.keystore C:/Users/pontu/Downloads/Shivao-keystore-backup/shivao-release.keystore
-echo "Senha keystore: SUA_SENHA_AQUI" >> C:/Users/pontu/Downloads/Shivao-keystore-backup/keystore-passwords.txt
-echo "Alias: shivao" >> C:/Users/pontu/Downloads/Shivao-keystore-backup/keystore-passwords.txt
-```
-
-E também faça upload em Drive privado, HD externo etc — perdeu = não publica update na Play Store nunca mais.
-
-### Configurar signing no Gradle
-
-Edite `mobile/android/app/build.gradle`, dentro de `android { ... }`:
-
-```gradle
-signingConfigs {
-    release {
-        storeFile file('shivao-release.keystore')
-        storePassword System.getenv('SHIVAO_KEYSTORE_PWD') ?: 'SUA_SENHA_AQUI'
-        keyAlias 'shivao'
-        keyPassword System.getenv('SHIVAO_KEY_PWD') ?: 'SUA_SENHA_AQUI'
-    }
-}
-buildTypes {
-    release {
-        signingConfig signingConfigs.release
-        minifyEnabled false
-    }
-}
-```
-
----
-
-## 📦 Build do APK (sideload) e AAB (Play Store)
-
-```bash
-cd mobile
-
-# Sincroniza última versão do HTML antes de build
-npm run sync
-
-# APK assinado pra sideload (~3-5 min primeira vez, ~1 min em rebuilds)
-npm run android:build:apk
-# Output: mobile/android/app/build/outputs/apk/release/app-release.apk
-
-# AAB pra Play Store (formato preferido)
-npm run android:build:aab
-# Output: mobile/android/app/build/outputs/bundle/release/app-release.aab
-```
-
----
-
-## 🌐 Alternativa: Build na nuvem (sem instalar nada local)
-
-Se não quiser instalar 3GB de Android Studio:
-
-### Opção A: Codemagic (mais simples)
-- 500min grátis/mês, suficiente pra ~10 builds
-- Conecta ao Forgejo, push detecta e roda
-- Configura assinatura no painel
-
-### Opção B: Container Docker no Coolify (mais self-hosted)
-- Subir imagem `mingc/android-build-box` no Coolify
-- Cron job ou webhook do Forgejo dispara build
-- APK/AAB salvo em volume persistente
-
-Ambas opções: vamos preparar quando você decidir.
-
----
-
-## 🎮 Submeter Play Store
-
-1. **Conta Google Play Developer:** $25 1× em https://play.google.com/console
-2. Após aprovado (~24h), criar novo app:
-   - Nome: "Shivao - Diário de Bordo"
-   - Categoria: "Maps & Navigation"
-   - Idioma: pt-BR
-3. **Subir AAB:** Production → Releases → Create new release → upload `app-release.aab`
-4. **Conteúdo obrigatório:**
-   - Política de privacidade (URL pública — vou criar uma rota `/politica-privacidade` no servidor)
-   - Screenshots: mínimo 2 (vou gerar via Playwright se quiser)
-   - Ícone 512×512 (vou gerar do icon.svg)
-   - Descrição curta (80 chars) e completa
-5. **Content rating:** preencher questionário (~5min)
-6. **Pricing:** Free (cobrança vai por dentro do app via Asaas, não Google IAP — economia de 30%)
-7. **Submit pra review:** Google revisa em 1-7 dias
-
----
-
-## 📱 iOS (FASE 4 futura)
-
-Requer:
-- Mac (mini M4 ~R$5k mais barato)
-- Apple Developer Program $99/ano
-- Xcode
-
-```bash
-npx cap add ios
-npx cap sync ios
-npx cap open ios  # abre Xcode
-# Build Archive → Distribute → App Store Connect
-```
-
----
-
-## 🐛 Troubleshooting
-
-**`adb: command not found`** — adicione `%ANDROID_HOME%\platform-tools` ao PATH
-
-**`SDK location not found`** — crie `mobile/android/local.properties`:
-```
-sdk.dir=C:\\Users\\pontu\\AppData\\Local\\Android\\Sdk
-```
-
-**Build muito lento** — primeiro build baixa Gradle + dependências (~500MB). Próximos builds usam cache.
-
-**APK muito grande** — habilitar minify em `build.gradle`:
-```gradle
-buildTypes.release.minifyEnabled true
-buildTypes.release.shrinkResources true
-```

mobile/android/.gitignore

@@ -1,101 +0,0 @@
-# Using Android gitignore template: https://github.com/github/gitignore/blob/HEAD/Android.gitignore
-
-# Built application files
-*.apk
-*.aar
-*.ap_
-*.aab
-
-# Files for the ART/Dalvik VM
-*.dex
-
-# Java class files
-*.class
-
-# Generated files
-bin/
-gen/
-out/
-#  Uncomment the following line in case you need and you don't have the release build type files in your app
-# release/
-
-# Gradle files
-.gradle/
-build/
-
-# Local configuration file (sdk path, etc)
-local.properties
-
-# Proguard folder generated by Eclipse
-proguard/
-
-# Log Files
-*.log
-
-# Android Studio Navigation editor temp files
-.navigation/
-
-# Android Studio captures folder
-captures/
-
-# IntelliJ
-*.iml
-.idea/workspace.xml
-.idea/tasks.xml
-.idea/gradle.xml
-.idea/assetWizardSettings.xml
-.idea/dictionaries
-.idea/libraries
-# Android Studio 3 in .gitignore file.
-.idea/caches
-.idea/modules.xml
-# Comment next line if keeping position of elements in Navigation Editor is relevant for you
-.idea/navEditor.xml
-
-# Keystore files
-# Uncomment the following lines if you do not want to check your keystore files in.
-#*.jks
-#*.keystore
-
-# External native build folder generated in Android Studio 2.2 and later
-.externalNativeBuild
-.cxx/
-
-# Google Services (e.g. APIs or Firebase)
-# google-services.json
-
-# Freeline
-freeline.py
-freeline/
-freeline_project_description.json
-
-# fastlane
-fastlane/report.xml
-fastlane/Preview.html
-fastlane/screenshots
-fastlane/test_output
-fastlane/readme.md
-
-# Version control
-vcs.xml
-
-# lint
-lint/intermediates/
-lint/generated/
-lint/outputs/
-lint/tmp/
-# lint/reports/
-
-# Android Profiling
-*.hprof
-
-# Cordova plugins for Capacitor
-capacitor-cordova-android-plugins
-
-# Copied web assets
-app/src/main/assets/public
-
-# Generated Config files
-app/src/main/assets/capacitor.config.json
-app/src/main/assets/capacitor.plugins.json
-app/src/main/res/xml/config.xml

mobile/android/app/.gitignore

@@ -1,2 +0,0 @@
-/build/*
-!/build/.npmkeep

mobile/android/app/build.gradle

@@ -1,63 +0,0 @@
-apply plugin: 'com.android.application'
-
-android {
-    namespace "br.com.pontualtech.shivao"
-    compileSdk rootProject.ext.compileSdkVersion
-    defaultConfig {
-        applicationId "br.com.pontualtech.shivao"
-        minSdkVersion rootProject.ext.minSdkVersion
-        targetSdkVersion rootProject.ext.targetSdkVersion
-        versionCode 2
-        versionName "1.2.0"
-        testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
-        aaptOptions {
-             // Files and dirs to omit from the packaged assets dir, modified to accommodate modern web apps.
-             // Default: https://android.googlesource.com/platform/frameworks/base/+/282e181b58cf72b6ca770dc7ca5f91f135444502/tools/aapt/AaptAssets.cpp#61
-            ignoreAssetsPattern '!.svn:!.git:!.ds_store:!*.scc:.*:!CVS:!thumbs.db:!picasa.ini:!*~'
-        }
-    }
-    signingConfigs {
-        release {
-            storeFile file('shivao-release.keystore')
-            storePassword 'ShivaoKeystore2026!'
-            keyAlias 'shivao'
-            keyPassword 'ShivaoKeystore2026!'
-        }
-    }
-    buildTypes {
-        release {
-            minifyEnabled false
-            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
-            signingConfig signingConfigs.release
-        }
-    }
-}
-
-repositories {
-    flatDir{
-        dirs '../capacitor-cordova-android-plugins/src/main/libs', 'libs'
-    }
-}
-
-dependencies {
-    implementation fileTree(include: ['*.jar'], dir: 'libs')
-    implementation "androidx.appcompat:appcompat:$androidxAppCompatVersion"
-    implementation "androidx.coordinatorlayout:coordinatorlayout:$androidxCoordinatorLayoutVersion"
-    implementation "androidx.core:core-splashscreen:$coreSplashScreenVersion"
-    implementation project(':capacitor-android')
-    testImplementation "junit:junit:$junitVersion"
-    androidTestImplementation "androidx.test.ext:junit:$androidxJunitVersion"
-    androidTestImplementation "androidx.test.espresso:espresso-core:$androidxEspressoCoreVersion"
-    implementation project(':capacitor-cordova-android-plugins')
-}
-
-apply from: 'capacitor.build.gradle'
-
-try {
-    def servicesJSON = file('google-services.json')
-    if (servicesJSON.text) {
-        apply plugin: 'com.google.gms.google-services'
-    }
-} catch(Exception e) {
-    logger.info("google-services.json not found, google-services plugin not applied. Push Notifications won't work")
-}

mobile/android/app/capacitor.build.gradle

@@ -1,24 +0,0 @@
-// DO NOT EDIT THIS FILE! IT IS GENERATED EACH TIME "capacitor update" IS RUN
-
-android {
-  compileOptions {
-      sourceCompatibility JavaVersion.VERSION_17
-      targetCompatibility JavaVersion.VERSION_17
-  }
-}
-
-apply from: "../capacitor-cordova-android-plugins/cordova.variables.gradle"
-dependencies {
-    implementation project(':capacitor-app')
-    implementation project(':capacitor-geolocation')
-    implementation project(':capacitor-local-notifications')
-    implementation project(':capacitor-network')
-    implementation project(':capacitor-preferences')
-    implementation project(':capacitor-status-bar')
-
-}
-
-
-if (hasProperty('postBuildExtras')) {
-  postBuildExtras()
-}

mobile/android/app/proguard-rules.pro

@@ -1,21 +0,0 @@
-# Add project specific ProGuard rules here.
-# You can control the set of applied configuration files using the
-# proguardFiles setting in build.gradle.
-#
-# For more details, see
-#   http://developer.android.com/guide/developing/tools/proguard.html
-
-# If your project uses WebView with JS, uncomment the following
-# and specify the fully qualified class name to the JavaScript interface
-# class:
-#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
-#   public *;
-#}
-
-# Uncomment this to preserve the line number information for
-# debugging stack traces.
-#-keepattributes SourceFile,LineNumberTable
-
-# If you keep the line number information, uncomment this to
-# hide the original source file name.
-#-renamesourcefileattribute SourceFile

mobile/android/app/src/androidTest/java/com/getcapacitor/myapp/ExampleInstrumentedTest.java

@@ -1,26 +0,0 @@
-package com.getcapacitor.myapp;
-
-import static org.junit.Assert.*;
-
-import android.content.Context;
-import androidx.test.ext.junit.runners.AndroidJUnit4;
-import androidx.test.platform.app.InstrumentationRegistry;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-/**
- * Instrumented test, which will execute on an Android device.
- *
- * @see <a href="http://d.android.com/tools/testing">Testing documentation</a>
- */
-@RunWith(AndroidJUnit4.class)
-public class ExampleInstrumentedTest {
-
-    @Test
-    public void useAppContext() throws Exception {
-        // Context of the app under test.
-        Context appContext = InstrumentationRegistry.getInstrumentation().getTargetContext();
-
-        assertEquals("com.getcapacitor.app", appContext.getPackageName());
-    }
-}

mobile/android/app/src/main/AndroidManifest.xml

@@ -1,54 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<manifest xmlns:android="http://schemas.android.com/apk/res/android">
-
-    <application
-        android:allowBackup="true"
-        android:icon="@mipmap/ic_launcher"
-        android:label="@string/app_name"
-        android:roundIcon="@mipmap/ic_launcher_round"
-        android:supportsRtl="true"
-        android:theme="@style/AppTheme">
-
-        <activity
-            android:configChanges="orientation|keyboardHidden|keyboard|screenSize|locale|smallestScreenSize|screenLayout|uiMode"
-            android:name=".MainActivity"
-            android:label="@string/title_activity_main"
-            android:theme="@style/AppTheme.NoActionBarLaunch"
-            android:launchMode="singleTask"
-            android:exported="true">
-
-            <intent-filter>
-                <action android:name="android.intent.action.MAIN" />
-                <category android:name="android.intent.category.LAUNCHER" />
-            </intent-filter>
-
-        </activity>
-
-        <provider
-            android:name="androidx.core.content.FileProvider"
-            android:authorities="${applicationId}.fileprovider"
-            android:exported="false"
-            android:grantUriPermissions="true">
-            <meta-data
-                android:name="android.support.FILE_PROVIDER_PATHS"
-                android:resource="@xml/file_paths"></meta-data>
-        </provider>
-    </application>
-
-    <!-- Permissions -->
-
-    <uses-permission android:name="android.permission.INTERNET" />
-    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
-    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
-    <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
-    <uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" />
-    <uses-permission android:name="android.permission.VIBRATE" />
-    <uses-permission android:name="android.permission.WAKE_LOCK" />
-    <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
-    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_LOCATION" />
-    <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
-
-    <uses-feature android:name="android.hardware.location.gps" android:required="false" />
-    <uses-feature android:name="android.hardware.sensor.barometer" android:required="false" />
-    <uses-feature android:name="android.hardware.sensor.compass" android:required="false" />
-</manifest>

mobile/android/app/src/main/java/br/com/pontualtech/shivao/MainActivity.java

@@ -1,5 +0,0 @@
-package br.com.pontualtech.shivao;
-
-import com.getcapacitor.BridgeActivity;
-
-public class MainActivity extends BridgeActivity {}

mobile/android/app/src/main/res/drawable-v24/ic_launcher_foreground.xml

@@ -1,34 +0,0 @@
-<vector xmlns:android="http://schemas.android.com/apk/res/android"
-    xmlns:aapt="http://schemas.android.com/aapt"
-    android:width="108dp"
-    android:height="108dp"
-    android:viewportHeight="108"
-    android:viewportWidth="108">
-    <path
-        android:fillType="evenOdd"
-        android:pathData="M32,64C32,64 38.39,52.99 44.13,50.95C51.37,48.37 70.14,49.57 70.14,49.57L108.26,87.69L108,109.01L75.97,107.97L32,64Z"
-        android:strokeColor="#00000000"
-        android:strokeWidth="1">
-        <aapt:attr name="android:fillColor">
-            <gradient
-                android:endX="78.5885"
-                android:endY="90.9159"
-                android:startX="48.7653"
-                android:startY="61.0927"
-                android:type="linear">
-                <item
-                    android:color="#44000000"
-                    android:offset="0.0" />
-                <item
-                    android:color="#00000000"
-                    android:offset="1.0" />
-            </gradient>
-        </aapt:attr>
-    </path>
-    <path
-        android:fillColor="#FFFFFF"
-        android:fillType="nonZero"
-        android:pathData="M66.94,46.02L66.94,46.02C72.44,50.07 76,56.61 76,64L32,64C32,56.61 35.56,50.11 40.98,46.06L36.18,41.19C35.45,40.45 35.45,39.3 36.18,38.56C36.91,37.81 38.05,37.81 38.78,38.56L44.25,44.05C47.18,42.57 50.48,41.71 54,41.71C57.48,41.71 60.78,42.57 63.68,44.05L69.11,38.56C69.84,37.81 70.98,37.81 71.71,38.56C72.44,39.3 72.44,40.45 71.71,41.19L66.94,46.02ZM62.94,56.92C64.08,56.92 65,56.01 65,54.88C65,53.76 64.08,52.85 62.94,52.85C61.8,52.85 60.88,53.76 60.88,54.88C60.88,56.01 61.8,56.92 62.94,56.92ZM45.06,56.92C46.2,56.92 47.13,56.01 47.13,54.88C47.13,53.76 46.2,52.85 45.06,52.85C43.92,52.85 43,53.76 43,54.88C43,56.01 43.92,56.92 45.06,56.92Z"
-        android:strokeColor="#00000000"
-        android:strokeWidth="1" />
-</vector>

mobile/android/app/src/main/res/drawable/ic_launcher_background.xml

@@ -1,170 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<vector xmlns:android="http://schemas.android.com/apk/res/android"
-    android:width="108dp"
-    android:height="108dp"
-    android:viewportHeight="108"
-    android:viewportWidth="108">
-    <path
-        android:fillColor="#26A69A"
-        android:pathData="M0,0h108v108h-108z" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M9,0L9,108"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M19,0L19,108"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M29,0L29,108"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M39,0L39,108"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M49,0L49,108"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M59,0L59,108"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M69,0L69,108"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M79,0L79,108"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M89,0L89,108"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M99,0L99,108"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M0,9L108,9"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M0,19L108,19"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M0,29L108,29"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M0,39L108,39"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M0,49L108,49"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M0,59L108,59"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M0,69L108,69"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M0,79L108,79"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M0,89L108,89"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M0,99L108,99"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M19,29L89,29"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M19,39L89,39"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M19,49L89,49"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M19,59L89,59"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M19,69L89,69"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M19,79L89,79"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M29,19L29,89"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M39,19L39,89"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M49,19L49,89"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M59,19L59,89"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M69,19L69,89"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-    <path
-        android:fillColor="#00000000"
-        android:pathData="M79,19L79,89"
-        android:strokeColor="#33FFFFFF"
-        android:strokeWidth="0.8" />
-</vector>

mobile/android/app/src/main/res/layout/activity_main.xml

@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<androidx.coordinatorlayout.widget.CoordinatorLayout xmlns:android="http://schemas.android.com/apk/res/android"
-    xmlns:app="http://schemas.android.com/apk/res-auto"
-    xmlns:tools="http://schemas.android.com/tools"
-    android:layout_width="match_parent"
-    android:layout_height="match_parent"
-    tools:context=".MainActivity">
-
-    <WebView
-        android:layout_width="match_parent"
-        android:layout_height="match_parent" />
-</androidx.coordinatorlayout.widget.CoordinatorLayout>

mobile/android/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml

@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
-    <background android:drawable="@color/ic_launcher_background"/>
-    <foreground android:drawable="@mipmap/ic_launcher_foreground"/>
-</adaptive-icon>

mobile/android/app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml

@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
-    <background android:drawable="@color/ic_launcher_background"/>
-    <foreground android:drawable="@mipmap/ic_launcher_foreground"/>
-</adaptive-icon>

mobile/android/app/src/main/res/values/ic_launcher_background.xml

@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<resources>
-    <color name="ic_launcher_background">#FFFFFF</color>
-</resources>

mobile/android/app/src/main/res/values/strings.xml

@@ -1,7 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<resources>
-    <string name="app_name">Shivao</string>
-    <string name="title_activity_main">Shivao</string>
-    <string name="package_name">br.com.pontualtech.shivao</string>
-    <string name="custom_url_scheme">br.com.pontualtech.shivao</string>
-</resources>

mobile/android/app/src/main/res/values/styles.xml

@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<resources>
-
-    <!-- Base application theme. -->
-    <style name="AppTheme" parent="Theme.AppCompat.Light.DarkActionBar">
-        <!-- Customize your theme here. -->
-        <item name="colorPrimary">@color/colorPrimary</item>
-        <item name="colorPrimaryDark">@color/colorPrimaryDark</item>
-        <item name="colorAccent">@color/colorAccent</item>
-    </style>
-
-    <style name="AppTheme.NoActionBar" parent="Theme.AppCompat.DayNight.NoActionBar">
-        <item name="windowActionBar">false</item>
-        <item name="windowNoTitle">true</item>
-        <item name="android:background">@null</item>
-    </style>
-
-
-    <style name="AppTheme.NoActionBarLaunch" parent="Theme.SplashScreen">
-        <item name="android:background">@drawable/splash</item>
-    </style>
-</resources>

mobile/android/app/src/main/res/xml/file_paths.xml

@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<paths xmlns:android="http://schemas.android.com/apk/res/android">
-    <external-path name="my_images" path="." />
-    <cache-path name="my_cache_images" path="." />
-</paths>

mobile/android/app/src/test/java/com/getcapacitor/myapp/ExampleUnitTest.java

@@ -1,18 +0,0 @@
-package com.getcapacitor.myapp;
-
-import static org.junit.Assert.*;
-
-import org.junit.Test;
-
-/**
- * Example local unit test, which will execute on the development machine (host).
- *
- * @see <a href="http://d.android.com/tools/testing">Testing documentation</a>
- */
-public class ExampleUnitTest {
-
-    @Test
-    public void addition_isCorrect() throws Exception {
-        assertEquals(4, 2 + 2);
-    }
-}

mobile/android/build.gradle

@@ -1,29 +0,0 @@
-// Top-level build file where you can add configuration options common to all sub-projects/modules.
-
-buildscript {
-    
-    repositories {
-        google()
-        mavenCentral()
-    }
-    dependencies {
-        classpath 'com.android.tools.build:gradle:8.2.1'
-        classpath 'com.google.gms:google-services:4.4.0'
-
-        // NOTE: Do not place your application dependencies here; they belong
-        // in the individual module build.gradle files
-    }
-}
-
-apply from: "variables.gradle"
-
-allprojects {
-    repositories {
-        google()
-        mavenCentral()
-    }
-}
-
-task clean(type: Delete) {
-    delete rootProject.buildDir
-}

mobile/android/capacitor.settings.gradle

@@ -1,21 +0,0 @@
-// DO NOT EDIT THIS FILE! IT IS GENERATED EACH TIME "capacitor update" IS RUN
-include ':capacitor-android'
-project(':capacitor-android').projectDir = new File('../node_modules/@capacitor/android/capacitor')
-
-include ':capacitor-app'
-project(':capacitor-app').projectDir = new File('../node_modules/@capacitor/app/android')
-
-include ':capacitor-geolocation'
-project(':capacitor-geolocation').projectDir = new File('../node_modules/@capacitor/geolocation/android')
-
-include ':capacitor-local-notifications'
-project(':capacitor-local-notifications').projectDir = new File('../node_modules/@capacitor/local-notifications/android')
-
-include ':capacitor-network'
-project(':capacitor-network').projectDir = new File('../node_modules/@capacitor/network/android')
-
-include ':capacitor-preferences'
-project(':capacitor-preferences').projectDir = new File('../node_modules/@capacitor/preferences/android')
-
-include ':capacitor-status-bar'
-project(':capacitor-status-bar').projectDir = new File('../node_modules/@capacitor/status-bar/android')

mobile/android/gradle.properties

@@ -1,22 +0,0 @@
-# Project-wide Gradle settings.
-
-# IDE (e.g. Android Studio) users:
-# Gradle settings configured through the IDE *will override*
-# any settings specified in this file.
-
-# For more details on how to configure your build environment visit
-# http://www.gradle.org/docs/current/userguide/build_environment.html
-
-# Specifies the JVM arguments used for the daemon process.
-# The setting is particularly useful for tweaking memory settings.
-org.gradle.jvmargs=-Xmx1536m
-
-# When configured, Gradle will run in incubating parallel mode.
-# This option should only be used with decoupled projects. More details, visit
-# http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
-# org.gradle.parallel=true
-
-# AndroidX package structure to make it clearer which packages are bundled with the
-# Android operating system, and which are packaged with your app's APK
-# https://developer.android.com/topic/libraries/support-library/androidx-rn
-android.useAndroidX=true

mobile/android/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +0,0 @@
-distributionBase=GRADLE_USER_HOME
-distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.2.1-all.zip
-networkTimeout=10000
-validateDistributionUrl=true
-zipStoreBase=GRADLE_USER_HOME
-zipStorePath=wrapper/dists

mobile/android/gradlew

@@ -1,248 +0,0 @@
-#!/bin/sh
-
-#
-# Copyright © 2015-2021 the original authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-##############################################################################
-#
-#   Gradle start up script for POSIX generated by Gradle.
-#
-#   Important for running:
-#
-#   (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
-#       noncompliant, but you have some other compliant shell such as ksh or
-#       bash, then to run this script, type that shell name before the whole
-#       command line, like:
-#
-#           ksh Gradle
-#
-#       Busybox and similar reduced shells will NOT work, because this script
-#       requires all of these POSIX shell features:
-#         * functions;
-#         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
-#           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
-#         * compound commands having a testable exit status, especially «case»;
-#         * various built-in commands including «command», «set», and «ulimit».
-#
-#   Important for patching:
-#
-#   (2) This script targets any POSIX shell, so it avoids extensions provided
-#       by Bash, Ksh, etc; in particular arrays are avoided.
-#
-#       The "traditional" practice of packing multiple parameters into a
-#       space-separated string is a well documented source of bugs and security
-#       problems, so this is (mostly) avoided, by progressively accumulating
-#       options in "$@", and eventually passing that to Java.
-#
-#       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
-#       and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
-#       see the in-line comments for details.
-#
-#       There are tweaks for specific operating systems such as AIX, CygWin,
-#       Darwin, MinGW, and NonStop.
-#
-#   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
-#       within the Gradle project.
-#
-#       You can find Gradle at https://github.com/gradle/gradle/.
-#
-##############################################################################
-
-# Attempt to set APP_HOME
-
-# Resolve links: $0 may be a link
-app_path=$0
-
-# Need this for daisy-chained symlinks.
-while
-    APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
-    [ -h "$app_path" ]
-do
-    ls=$( ls -ld "$app_path" )
-    link=${ls#*' -> '}
-    case $link in             #(
-      /*)   app_path=$link ;; #(
-      *)    app_path=$APP_HOME$link ;;
-    esac
-done
-
-# This is normally unused
-# shellcheck disable=SC2034
-APP_BASE_NAME=${0##*/}
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
-
-# Use the maximum available, or set MAX_FD != -1 to use that value.
-MAX_FD=maximum
-
-warn () {
-    echo "$*"
-} >&2
-
-die () {
-    echo
-    echo "$*"
-    echo
-    exit 1
-} >&2
-
-# OS specific support (must be 'true' or 'false').
-cygwin=false
-msys=false
-darwin=false
-nonstop=false
-case "$( uname )" in                #(
-  CYGWIN* )         cygwin=true  ;; #(
-  Darwin* )         darwin=true  ;; #(
-  MSYS* | MINGW* )  msys=true    ;; #(
-  NONSTOP* )        nonstop=true ;;
-esac
-
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
-
-
-# Determine the Java command to use to start the JVM.
-if [ -n "$JAVA_HOME" ] ; then
-    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
-        # IBM's JDK on AIX uses strange locations for the executables
-        JAVACMD=$JAVA_HOME/jre/sh/java
-    else
-        JAVACMD=$JAVA_HOME/bin/java
-    fi
-    if [ ! -x "$JAVACMD" ] ; then
-        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
-
-Please set the JAVA_HOME variable in your environment to match the
-location of your Java installation."
-    fi
-else
-    JAVACMD=java
-    if ! command -v java >/dev/null 2>&1
-    then
-        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-
-Please set the JAVA_HOME variable in your environment to match the
-location of your Java installation."
-    fi
-fi
-
-# Increase the maximum file descriptors if we can.
-if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
-    case $MAX_FD in #(
-      max*)
-        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
-        MAX_FD=$( ulimit -H -n ) ||
-            warn "Could not query maximum file descriptor limit"
-    esac
-    case $MAX_FD in  #(
-      '' | soft) :;; #(
-      *)
-        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
-        ulimit -n "$MAX_FD" ||
-            warn "Could not set maximum file descriptor limit to $MAX_FD"
-    esac
-fi
-
-# Collect all arguments for the java command, stacking in reverse order:
-#   * args from the command line
-#   * the main class name
-#   * -classpath
-#   * -D...appname settings
-#   * --module-path (only if needed)
-#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
-
-# For Cygwin or MSYS, switch paths to Windows format before running java
-if "$cygwin" || "$msys" ; then
-    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
-    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
-
-    JAVACMD=$( cygpath --unix "$JAVACMD" )
-
-    # Now convert the arguments - kludge to limit ourselves to /bin/sh
-    for arg do
-        if
-            case $arg in                                #(
-              -*)   false ;;                            # don't mess with options #(
-              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
-                    [ -e "$t" ] ;;                      #(
-              *)    false ;;
-            esac
-        then
-            arg=$( cygpath --path --ignore --mixed "$arg" )
-        fi
-        # Roll the args list around exactly as many times as the number of
-        # args, so each arg winds up back in the position where it started, but
-        # possibly modified.
-        #
-        # NB: a `for` loop captures its iteration list before it begins, so
-        # changing the positional parameters here affects neither the number of
-        # iterations, nor the values presented in `arg`.
-        shift                   # remove old arg
-        set -- "$@" "$arg"      # push replacement arg
-    done
-fi
-
-
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
-
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
-
-set -- \
-        "-Dorg.gradle.appname=$APP_BASE_NAME" \
-        -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
-        "$@"
-
-# Stop when "xargs" is not available.
-if ! command -v xargs >/dev/null 2>&1
-then
-    die "xargs is not available"
-fi
-
-# Use "xargs" to parse quoted args.
-#
-# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
-#
-# In Bash we could simply go:
-#
-#   readarray ARGS < <( xargs -n1 <<<"$var" ) &&
-#   set -- "${ARGS[@]}" "$@"
-#
-# but POSIX shell has neither arrays nor command substitution, so instead we
-# post-process each arg (as a line of input to sed) to backslash-escape any
-# character that might be a shell metacharacter, then use eval to reverse
-# that process (while maintaining the separation between arguments), and wrap
-# the whole thing up as a single "set" statement.
-#
-# This will of course break if any of these variables contains a newline or
-# an unmatched quote.
-#
-
-eval "set -- $(
-        printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
-        xargs -n1 |
-        sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
-        tr '\n' ' '
-    )" '"$@"'
-
-exec "$JAVACMD" "$@"

mobile/android/gradlew.bat

@@ -1,92 +0,0 @@
-@rem
-@rem Copyright 2015 the original author or authors.
-@rem
-@rem Licensed under the Apache License, Version 2.0 (the "License");
-@rem you may not use this file except in compliance with the License.
-@rem You may obtain a copy of the License at
-@rem
-@rem      https://www.apache.org/licenses/LICENSE-2.0
-@rem
-@rem Unless required by applicable law or agreed to in writing, software
-@rem distributed under the License is distributed on an "AS IS" BASIS,
-@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-@rem See the License for the specific language governing permissions and
-@rem limitations under the License.
-@rem
-
-@if "%DEBUG%"=="" @echo off
-@rem ##########################################################################
-@rem
-@rem  Gradle startup script for Windows
-@rem
-@rem ##########################################################################
-
-@rem Set local scope for the variables with windows NT shell
-if "%OS%"=="Windows_NT" setlocal
-
-set DIRNAME=%~dp0
-if "%DIRNAME%"=="" set DIRNAME=.
-@rem This is normally unused
-set APP_BASE_NAME=%~n0
-set APP_HOME=%DIRNAME%
-
-@rem Resolve any "." and ".." in APP_HOME to make it shorter.
-for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
-
-@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
-
-@rem Find java.exe
-if defined JAVA_HOME goto findJavaFromJavaHome
-
-set JAVA_EXE=java.exe
-%JAVA_EXE% -version >NUL 2>&1
-if %ERRORLEVEL% equ 0 goto execute
-
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
-
-goto fail
-
-:findJavaFromJavaHome
-set JAVA_HOME=%JAVA_HOME:"=%
-set JAVA_EXE=%JAVA_HOME%/bin/java.exe
-
-if exist "%JAVA_EXE%" goto execute
-
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
-
-goto fail
-
-:execute
-@rem Setup the command line
-
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
-
-
-@rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
-
-:end
-@rem End local scope for the variables with windows NT shell
-if %ERRORLEVEL% equ 0 goto mainEnd
-
-:fail
-rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
-rem the _cmd.exe /c_ return code!
-set EXIT_CODE=%ERRORLEVEL%
-if %EXIT_CODE% equ 0 set EXIT_CODE=1
-if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
-exit /b %EXIT_CODE%
-
-:mainEnd
-if "%OS%"=="Windows_NT" endlocal
-
-:omega

mobile/android/settings.gradle

@@ -1,5 +0,0 @@
-include ':app'
-include ':capacitor-cordova-android-plugins'
-project(':capacitor-cordova-android-plugins').projectDir = new File('./capacitor-cordova-android-plugins/')
-
-apply from: 'capacitor.settings.gradle'

mobile/android/variables.gradle

@@ -1,16 +0,0 @@
-ext {
-    minSdkVersion = 22
-    compileSdkVersion = 34
-    targetSdkVersion = 34
-    androidxActivityVersion = '1.8.0'
-    androidxAppCompatVersion = '1.6.1'
-    androidxCoordinatorLayoutVersion = '1.2.0'
-    androidxCoreVersion = '1.12.0'
-    androidxFragmentVersion = '1.6.2'
-    coreSplashScreenVersion = '1.0.1'
-    androidxWebkitVersion = '1.9.0'
-    junitVersion = '4.13.2'
-    androidxJunitVersion = '1.1.5'
-    androidxEspressoCoreVersion = '3.5.1'
-    cordovaAndroidVersion = '10.1.1'
-}

mobile/capacitor.config.json

@@ -1,44 +0,0 @@
-{
-  "appId": "br.com.pontualtech.shivao",
-  "appName": "Shivao",
-  "webDir": "www",
-  "bundledWebRuntime": false,
-  "android": {
-    "allowMixedContent": false,
-    "captureInput": true,
-    "webContentsDebuggingEnabled": false,
-    "backgroundColor": "#0e2a3dFF"
-  },
-  "ios": {
-    "contentInset": "automatic",
-    "scrollEnabled": true,
-    "backgroundColor": "#0e2a3dFF"
-  },
-  "server": {
-    "androidScheme": "https",
-    "iosScheme": "capacitor",
-    "cleartext": false,
-    "url": "https://shivao.pontualtech.work",
-    "allowNavigation": [
-      "shivao.pontualtech.work",
-      "tile.openstreetmap.org",
-      "*.tile.openstreetmap.org",
-      "api.windy.com",
-      "api.open-meteo.com",
-      "marine-api.open-meteo.com",
-      "fonts.googleapis.com",
-      "fonts.gstatic.com",
-      "cdnjs.cloudflare.com"
-    ]
-  },
-  "plugins": {
-    "Geolocation": {
-      "permissions": ["location"]
-    },
-    "LocalNotifications": {
-      "smallIcon": "ic_stat_icon_config_sample",
-      "iconColor": "#a07832",
-      "sound": "alarme.wav"
-    }
-  }
-}

mobile/package.json

@@ -1,27 +0,0 @@
-{
-  "name": "shivao-mobile",
-  "version": "1.2.0",
-  "description": "Shivao app nativo (Capacitor wrapper Android/iOS)",
-  "main": "index.js",
-  "type": "module",
-  "scripts": {
-    "sync": "node ../scripts/sync-html.mjs && npx cap sync",
-    "android:open": "npx cap open android",
-    "android:build:apk": "cd android && ./gradlew assembleRelease",
-    "android:build:aab": "cd android && ./gradlew bundleRelease",
-    "ios:open": "npx cap open ios"
-  },
-  "dependencies": {
-    "@capacitor/android": "^6.1.2",
-    "@capacitor/app": "^6.0.1",
-    "@capacitor/core": "^6.1.2",
-    "@capacitor/geolocation": "^6.0.1",
-    "@capacitor/local-notifications": "^6.1.0",
-    "@capacitor/network": "^6.0.2",
-    "@capacitor/preferences": "^6.0.2",
-    "@capacitor/status-bar": "^6.0.1"
-  },
-  "devDependencies": {
-    "@capacitor/cli": "^6.1.2"
-  }
-}

mobile/play-store-listing.md

@@ -1,134 +0,0 @@
-# Listing Google Play — Shivao
-
-Tudo pronto pra copiar/colar no Google Play Console.
-
----
-
-## Nome do app (max 30 chars)
-```
-Shivao - Diário de Bordo
-```
-
-## Descrição curta (max 80 chars — aparece nos resultados de busca)
-```
-Diário de bordo náutico: GPS, vigia de fundeio com alarme, tempo Windy.
-```
-
-## Descrição completa (max 4000 chars — aparece na página do app)
-```
-⛵ SHIVAO — Diário de bordo digital pro seu veleiro
-
-O companheiro completo de quem navega: registro de viagens, manutenções, GPS em tempo real, vigia de fundeio com alarme remoto, geofencing e previsão meteorológica Windy.
-
-🛰 NAVEGAÇÃO E SEGURANÇA
-• Registro de travessias com tripulação, datas, horímetro, vento, distância em milhas náuticas e velocidade em nós
-• Rastreio GPS em tempo real com mapa Leaflet (offline pra alto-mar quando pré-cacheia a área)
-• Bússola com indicação cardeal (Android com sensor) e barômetro com tendência de pressão
-• Vigia de fundeio com âncora + centro de giro independente, raio editável, auto-recentro
-• Alarme local de drift: som forte (Web Audio com tons alternados), vibração, tela vermelha
-• Alarme remoto (com plano Pro): ao detectar deriva, dispara mensagem em todos seus canais (Telegram, ntfy, e-mail, WhatsApp via Twilio) — você sabe mesmo se o celular tá desligado
-• Dead-man switch no servidor: se o app parar de mandar heartbeat enquanto fundeado, o servidor dispara alarme sozinho
-• Geofencing com zonas de proibição e atenção
-• Compartilhamento público: link temporário pra tripulação ver sua posição em tempo real
-
-🔧 MANUTENÇÃO
-• Registro de reparos com horímetro, custo, prestador, fotos e notas fiscais
-• Lista de pendências com data prevista OU horímetro alvo
-• Alertas automáticos quando manutenção está próxima
-• Checklists customizáveis (segurança, motor, vela, fundeio, travessia longa)
-
-📷 MÍDIA
-• Fotos da câmera com 1 toque
-• Áudio gravado direto no app
-• Vídeo da câmera ou galeria
-• Tudo armazenado localmente (IndexedDB) e sincronizado com sua nuvem privada
-
-🌬 METEOROLOGIA
-• Windy Point Forecast API (premium — sua chave pessoal): vento u/v, ondas, modelos GFS/ECMWF
-• Open-Meteo grátis como fallback
-• Modo economia de energia que ajusta GPS conforme nível de bateria
-
-📥 IMPORT/EXPORT
-• GPX (chartplotter, Navionics, Garmin, OpenCPN)
-• CSV de viagens, manutenções e pendências
-• Backup/restore JSON completo (com mídia em base64)
-• Imprimir/PDF
-
-☁️ NUVEM PRIVADA (com plano Pro/Captain)
-• Sync entre dispositivos (celular, tablet, desktop)
-• Backup automático
-• Webhooks diretos: Telegram, Discord, qualquer URL custom
-• Compartilhamento de posição em tempo real
-
-🔐 PRIVACIDADE PRIMEIRO
-✗ Zero analytics, zero tracking, zero ads
-✗ Não vendemos seus dados
-✗ Servidor próprio na Alemanha (Hetzner)
-✓ LGPD/GDPR compliant
-✓ Senha hash bcrypt
-✓ JWT com refresh
-✓ Audit log de ações sensíveis (Captain)
-
-💰 PLANOS
-• FREE — Vigia de âncora local + diário básico (10 últimos registros)
-• PRO — R$19/mês ou R$149/ano: tudo offline + sync nuvem + GPS + mídia + geofencing + alarme remoto
-• CAPTAIN — R$39/mês ou R$299/ano: Pro + Windy premium + multi-barco + relatórios PDF + audit log
-
-Pagamento via PIX, cartão ou boleto (Asaas, parceiro brasileiro).
-
-⚓ FEITO POR QUEM NAVEGA
-Shivao começou como projeto pessoal pro veleiro Shivao. Hoje é a ferramenta diária de quem leva navegação a sério.
-
-📧 Suporte: contato@pontualtech.com.br
-🌐 Site: shivao.pontualtech.work
-📜 Política de privacidade: shivao.pontualtech.work/politica
-```
-
----
-
-## Categoria
-```
-Maps & Navigation
-```
-
-## Tags (palavras-chave pra ASO — Google Play)
-```
-veleiro, navegação, náutico, gps náutico, vigia fundeio, anchor watch, diário de bordo, marítimo, sailor, marina, vento, meteorologia náutica, windy, leaflet
-```
-
-## Email de contato
-```
-contato@pontualtech.com.br
-```
-
-## Site
-```
-https://shivao.pontualtech.work
-```
-
-## URL política de privacidade
-```
-https://shivao.pontualtech.work/politica
-```
-
-## Classificação de conteúdo
-- **IARC age rating:** todos
-- **Sem violência, sexo, drogas, jogos de azar, conteúdo gerado por usuário público (compartilhamento é privado por link, não público listado)**
-
-## Permissões a justificar (Play Store pede explicação pra cada)
-| Permissão | Justificativa |
-|---|---|
-| `ACCESS_BACKGROUND_LOCATION` | Vigia de fundeio precisa monitorar posição do barco mesmo quando o app não está em foreground — alarme remoto se detectar drift fora do raio de fundeio. |
-| `POST_NOTIFICATIONS` | Notificar usuário sobre drift de fundeio, alarmes locais e confirmações de pagamento. |
-| `FOREGROUND_SERVICE_LOCATION` | Heartbeat de GPS pra dead-man switch durante vigia ativa. |
-| `WAKE_LOCK` | Manter tela acesa durante vigia/alarme pra mostrar status (mãos molhadas no convés). |
-| `VIBRATE` | Componente do alarme de fundeio (junto com som). |
-
-## Screenshots (mínimo 2, recomendado 4-8)
-Ver pasta `mobile/play-store-assets/screenshots/`
-
-## Ícone (512×512 PNG)
-Ver `mobile/play-store-assets/icon-512.png`
-
-## Feature graphic (1024×500 PNG, opcional mas recomendado)
-Ver `mobile/play-store-assets/feature-graphic.png`

scripts/sync-html.mjs

@@ -1,25 +0,0 @@
-// Sync único do HTML do Shivão pra todos os destinos.
-// Fonte de verdade: app/diario-bordo.html
-// Destinos: server/public/index.html (Express) + mobile/www/index.html (Capacitor)
-import { copyFile, mkdir } from 'node:fs/promises';
-import { dirname, resolve } from 'node:path';
-import { fileURLToPath } from 'node:url';
-
-const __dirname = dirname(fileURLToPath(import.meta.url));
-const root = resolve(__dirname, '..');
-
-const src = resolve(root, 'app/diario-bordo.html');
-const targets = [
-  resolve(root, 'server/public/index.html'),
-  resolve(root, 'mobile/www/index.html'),
-];
-
-async function sync() {
-  for (const t of targets) {
-    await mkdir(dirname(t), { recursive: true });
-    await copyFile(src, t);
-    console.log(`✓ ${src} → ${t}`);
-  }
-}
-
-sync().catch(e => { console.error(e); process.exit(1); });

server/package-lock.json

@@ -9,11 +9,9 @@
       "version": "1.0.0",
       "license": "MIT",
       "dependencies": {
-        "bcryptjs": "^3.0.3",
         "better-sqlite3": "^11.3.0",
         "express": "^4.21.0",
         "express-rate-limit": "^8.4.1",
-        "jsonwebtoken": "^9.0.3",
         "multer": "^1.4.5-lts.1",
         "nodemailer": "^6.9.15",
         "zod": "^4.3.6"
@@ -67,15 +65,6 @@
       ],
       "license": "MIT"
     },
-    "node_modules/bcryptjs": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-3.0.3.tgz",
-      "integrity": "sha512-GlF5wPWnSa/X5LKM1o0wz0suXIINz1iHRLvTS+sLyi7XPbe5ycmYI3DlZqVGZZtDgl4DmasFg7gOB3JYbphV5g==",
-      "license": "BSD-3-Clause",
-      "bin": {
-        "bcrypt": "bin/bcrypt"
-      }
-    },
     "node_modules/better-sqlite3": {
       "version": "11.10.0",
       "resolved": "https://registry.npmjs.org/better-sqlite3/-/better-sqlite3-11.10.0.tgz",
@@ -184,12 +173,6 @@
         "ieee754": "^1.1.13"
       }
     },
-    "node_modules/buffer-equal-constant-time": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
-      "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==",
-      "license": "BSD-3-Clause"
-    },
     "node_modules/buffer-from": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
@@ -383,15 +366,6 @@
         "node": ">= 0.4"
       }
     },
-    "node_modules/ecdsa-sig-formatter": {
-      "version": "1.0.11",
-      "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
-      "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
-      "license": "Apache-2.0",
-      "dependencies": {
-        "safe-buffer": "^5.0.1"
-      }
-    },
     "node_modules/ee-first": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
@@ -758,97 +732,6 @@
       "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==",
       "license": "MIT"
     },
-    "node_modules/jsonwebtoken": {
-      "version": "9.0.3",
-      "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz",
-      "integrity": "sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==",
-      "license": "MIT",
-      "dependencies": {
-        "jws": "^4.0.1",
-        "lodash.includes": "^4.3.0",
-        "lodash.isboolean": "^3.0.3",
-        "lodash.isinteger": "^4.0.4",
-        "lodash.isnumber": "^3.0.3",
-        "lodash.isplainobject": "^4.0.6",
-        "lodash.isstring": "^4.0.1",
-        "lodash.once": "^4.0.0",
-        "ms": "^2.1.1",
-        "semver": "^7.5.4"
-      },
-      "engines": {
-        "node": ">=12",
-        "npm": ">=6"
-      }
-    },
-    "node_modules/jsonwebtoken/node_modules/ms": {
-      "version": "2.1.3",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
-      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
-      "license": "MIT"
-    },
-    "node_modules/jwa": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/jwa/-/jwa-2.0.1.tgz",
-      "integrity": "sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==",
-      "license": "MIT",
-      "dependencies": {
-        "buffer-equal-constant-time": "^1.0.1",
-        "ecdsa-sig-formatter": "1.0.11",
-        "safe-buffer": "^5.0.1"
-      }
-    },
-    "node_modules/jws": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/jws/-/jws-4.0.1.tgz",
-      "integrity": "sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==",
-      "license": "MIT",
-      "dependencies": {
-        "jwa": "^2.0.1",
-        "safe-buffer": "^5.0.1"
-      }
-    },
-    "node_modules/lodash.includes": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz",
-      "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==",
-      "license": "MIT"
-    },
-    "node_modules/lodash.isboolean": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
-      "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==",
-      "license": "MIT"
-    },
-    "node_modules/lodash.isinteger": {
-      "version": "4.0.4",
-      "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz",
-      "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==",
-      "license": "MIT"
-    },
-    "node_modules/lodash.isnumber": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz",
-      "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==",
-      "license": "MIT"
-    },
-    "node_modules/lodash.isplainobject": {
-      "version": "4.0.6",
-      "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
-      "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==",
-      "license": "MIT"
-    },
-    "node_modules/lodash.isstring": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz",
-      "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==",
-      "license": "MIT"
-    },
-    "node_modules/lodash.once": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
-      "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==",
-      "license": "MIT"
-    },
     "node_modules/math-intrinsics": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",

server/package.json

@@ -12,11 +12,9 @@
     "node": ">=20.0.0"
   },
   "dependencies": {
-    "bcryptjs": "^3.0.3",
     "better-sqlite3": "^11.3.0",
     "express": "^4.21.0",
     "express-rate-limit": "^8.4.1",
-    "jsonwebtoken": "^9.0.3",
     "multer": "^1.4.5-lts.1",
     "nodemailer": "^6.9.15",
     "zod": "^4.3.6"

server/public/index.html

@@ -774,435 +774,6 @@ header{
   body{background:#fff;background-image:none}
   .entry{break-inside:avoid;border:1px solid #999}
 }
-
-/* ═══════════════════════════════════════════════════════
-   MODERN PROFESSIONAL OVERLAY · v2 — Apr 2026
-   Mantém identidade marítima (cores Fraunces + Manrope + JetBrains Mono),
-   mas moderniza profundamente: depth, microinterações, polish premium.
-   ═══════════════════════════════════════════════════════ */
-:root{
-  /* spacing scale (8pt base) */
-  --s1:4px; --s2:8px; --s3:12px; --s4:16px; --s5:24px; --s6:32px; --s7:48px; --s8:64px;
-  /* radius scale (sutis — alinhados ao tom marítimo) */
-  --r-sm:4px; --r-md:8px; --r-lg:12px; --r-xl:16px; --r-pill:9999px;
-  /* shadow scale (depth profissional) */
-  --sh-1:0 1px 2px rgba(14,42,61,.06), 0 1px 1px rgba(14,42,61,.04);
-  --sh-2:0 2px 4px rgba(14,42,61,.06), 0 4px 8px rgba(14,42,61,.05);
-  --sh-3:0 4px 8px rgba(14,42,61,.07), 0 8px 16px rgba(14,42,61,.06);
-  --sh-4:0 8px 16px rgba(14,42,61,.08), 0 16px 32px rgba(14,42,61,.08);
-  --sh-5:0 16px 32px rgba(14,42,61,.10), 0 32px 64px rgba(14,42,61,.10);
-  --sh-glow:0 0 0 4px rgba(160,120,50,.12);
-  --sh-glow-blue:0 0 0 4px rgba(31,91,118,.18);
-  /* transitions */
-  --t-fast:120ms cubic-bezier(.4,0,.2,1);
-  --t-base:200ms cubic-bezier(.4,0,.2,1);
-  --t-slow:320ms cubic-bezier(.4,0,.2,1);
-  /* superfícies elevadas premium */
-  --surface-1:#fbf5e2;
-  --surface-2:#ffffff;
-  --surface-elevated:rgba(255,255,255,.78);
-  --border-subtle:rgba(184,156,108,.22);
-  --border-strong:rgba(184,156,108,.55);
-}
-
-/* ── BACKGROUND limpo elegante (sem ruído) ── */
-body{
-  background:
-    radial-gradient(ellipse 1200px 800px at 50% -200px, #f8eed5 0%, transparent 60%),
-    linear-gradient(180deg, #efe5cd 0%, #e7d9b6 100%);
-  background-attachment:fixed;
-  background-image:
-    radial-gradient(ellipse 1200px 800px at 50% -200px, #f8eed5 0%, transparent 60%),
-    linear-gradient(180deg, #efe5cd 0%, #e7d9b6 100%);
-}
-
-/* ── HEADER premium com glow sutil + gradient ── */
-header{
-  background:linear-gradient(180deg, #0e2a3d 0%, #143447 100%);
-  box-shadow:
-    inset 0 1px 0 rgba(200,159,84,.30),
-    inset 0 -1px 0 rgba(160,120,50,.55),
-    0 4px 24px rgba(14,42,61,.18),
-    0 12px 48px rgba(14,42,61,.10);
-  border-bottom:none;
-}
-.header-row{padding:2px 0}
-.boat-name{
-  text-shadow:0 1px 2px rgba(0,0,0,.25);
-  letter-spacing:-.015em;
-}
-.compass-mark{
-  filter:drop-shadow(0 2px 8px rgba(200,159,84,.35));
-  transition:transform var(--t-base);
-}
-.compass-mark:hover{transform:rotate(15deg)}
-
-/* ── TABS modernas: pill nav com indicador animado ── */
-.tabs{
-  background:rgba(239,229,205,.92);
-  backdrop-filter:blur(12px) saturate(1.2);
-  -webkit-backdrop-filter:blur(12px) saturate(1.2);
-  border-bottom:1px solid var(--border-subtle);
-  padding:8px 4px 0;
-  gap:2px;
-  box-shadow:0 1px 0 rgba(255,255,255,.5) inset;
-}
-.tab{
-  border-radius:var(--r-md) var(--r-md) 0 0;
-  padding:13px 18px 14px;
-  transition:color var(--t-base), background var(--t-base);
-  position:relative;
-}
-.tab:hover{
-  color:var(--ink-mid);
-  background:rgba(255,255,255,.4);
-}
-.tab.active{
-  color:var(--ink-deep);
-  background:linear-gradient(180deg, rgba(255,255,255,.85), rgba(255,255,255,.5));
-}
-.tab.active::after{
-  height:3px;left:14px;right:14px;bottom:0;
-  background:linear-gradient(90deg, var(--brass), var(--brass-bright));
-  border-radius:2px 2px 0 0;
-  box-shadow:0 0 8px rgba(160,120,50,.4);
-}
-
-/* ── CARDS com depth real (sombra multi-layer) ── */
-.gps-card,.anchor-card,.export-card,.empty,.entry,.contact-card{
-  border-radius:var(--r-lg);
-  box-shadow:var(--sh-2);
-  transition:box-shadow var(--t-base), transform var(--t-base);
-  overflow:hidden;
-}
-.entry{
-  border-radius:var(--r-md);
-  box-shadow:var(--sh-1);
-  border-color:var(--border-subtle);
-}
-.entry:hover{box-shadow:var(--sh-2)}
-
-.gps-card,.anchor-card{
-  border-radius:var(--r-lg);
-  background:linear-gradient(165deg, #0e2a3d 0%, #1a3d54 100%);
-  border:1px solid rgba(200,159,84,.4);
-  box-shadow:
-    inset 0 1px 0 rgba(200,159,84,.2),
-    var(--sh-3),
-    0 0 32px rgba(31,91,118,.15);
-}
-.gps-card::before,.anchor-card::before{display:none}
-.gps-card.idle{
-  background:linear-gradient(165deg, #fbf5e2 0%, #f3e7c4 100%);
-  border:1px solid var(--border-subtle);
-  box-shadow:var(--sh-2);
-}
-.gps-stats,.anchor-stats-bar{
-  background:rgba(0,0,0,.15);
-  padding:14px;
-  border-radius:var(--r-md);
-  margin:12px 0 14px;
-}
-.gps-card.idle .gps-stats{background:rgba(184,156,108,.08)}
-
-.export-card,.empty{
-  background:var(--surface-elevated);
-  backdrop-filter:blur(8px);
-  -webkit-backdrop-filter:blur(8px);
-  border-radius:var(--r-lg);
-  border:1px solid var(--border-subtle);
-  box-shadow:var(--sh-2);
-}
-.export-card:hover{box-shadow:var(--sh-3)}
-
-/* ── BUTTONS premium com lift e ripple ── */
-.btn{
-  border-radius:var(--r-md);
-  transition:all var(--t-base);
-  font-weight:600;
-  letter-spacing:.12em;
-  position:relative;
-  overflow:hidden;
-}
-.btn:hover{
-  transform:translateY(-1px);
-  box-shadow:var(--sh-2);
-}
-.btn:active{transform:translateY(0); box-shadow:var(--sh-1)}
-.btn:focus-visible{
-  outline:none;
-  box-shadow:var(--sh-glow);
-}
-.btn-primary{
-  background:linear-gradient(180deg, #143a52 0%, #0e2a3d 100%);
-  border-color:rgba(0,0,0,.4);
-  box-shadow:
-    inset 0 1px 0 rgba(255,255,255,.10),
-    var(--sh-1);
-}
-.btn-primary:hover{
-  background:linear-gradient(180deg, #1a4a66 0%, #143a52 100%);
-  box-shadow:
-    inset 0 1px 0 rgba(255,255,255,.15),
-    var(--sh-3);
-}
-.btn-brass{
-  background:linear-gradient(180deg, #b88a3c 0%, #8d6826 100%);
-  border-color:rgba(0,0,0,.25);
-  box-shadow:
-    inset 0 1px 0 rgba(255,255,255,.18),
-    var(--sh-1);
-}
-.btn-brass:hover{
-  background:linear-gradient(180deg, #c89954 0%, #a07832 100%);
-  box-shadow:
-    inset 0 1px 0 rgba(255,255,255,.25),
-    var(--sh-3);
-}
-.btn-danger{
-  background:transparent;
-  border:1px solid var(--storm);
-  color:var(--storm);
-}
-.btn-danger:hover{
-  background:linear-gradient(180deg, #a04545 0%, #8c3434 100%);
-  color:#fff;
-  border-color:transparent;
-}
-
-/* ── FIELDS modernos com focus ring ── */
-.field input,.field textarea,.field select{
-  border-radius:var(--r-md);
-  background:var(--surface-2);
-  border:1px solid var(--border-subtle);
-  padding:12px 14px;
-  font-size:15px;
-  transition:border-color var(--t-base), box-shadow var(--t-base), background var(--t-base);
-}
-.field input:hover,.field textarea:hover,.field select:hover{
-  border-color:var(--border-strong);
-}
-.field input:focus,.field textarea:focus,.field select:focus{
-  border-color:var(--brass);
-  background:#fff;
-  box-shadow:var(--sh-glow);
-}
-.field-label{font-size:11px; font-weight:600; color:var(--ink-mid); margin-bottom:6px}
-
-/* ── MODAL com depth maior + entrance polida ── */
-.modal-backdrop{
-  background:rgba(14,42,61,.65);
-  backdrop-filter:blur(8px) saturate(1.1);
-  -webkit-backdrop-filter:blur(8px) saturate(1.1);
-}
-.modal{
-  border-radius:var(--r-xl) var(--r-xl) 0 0;
-  border-top:none;
-  box-shadow:
-    0 -4px 12px rgba(0,0,0,.05),
-    0 -16px 48px rgba(14,42,61,.25);
-  background-image:none;
-  background:linear-gradient(180deg, #fcf6e4 0%, #f8f0d4 100%);
-}
-@media(min-width:600px){
-  .modal{
-    border-radius:var(--r-xl);
-    box-shadow:0 24px 64px rgba(14,42,61,.30), 0 8px 16px rgba(14,42,61,.10);
-  }
-}
-.modal-head{
-  background:transparent;
-  padding:18px 22px;
-  border-bottom:1px solid var(--border-subtle);
-}
-.modal-body{padding:22px}
-.modal-foot{
-  background:rgba(0,0,0,.02);
-  padding:16px 22px;
-}
-
-/* ── FAB redesenhado: floating elegante ── */
-.fab{
-  border-radius:var(--r-pill) !important;
-  background:linear-gradient(135deg, #b88a3c 0%, #8d6826 100%) !important;
-  box-shadow:
-    0 4px 12px rgba(160,120,50,.4),
-    0 12px 32px rgba(14,42,61,.15),
-    inset 0 1px 0 rgba(255,255,255,.25) !important;
-  transition:transform var(--t-base), box-shadow var(--t-base);
-}
-.fab:hover{
-  transform:translateY(-2px) scale(1.05);
-  box-shadow:
-    0 8px 20px rgba(160,120,50,.5),
-    0 16px 40px rgba(14,42,61,.20),
-    inset 0 1px 0 rgba(255,255,255,.30);
-}
-.fab:active{transform:translateY(0) scale(1)}
-
-/* ── STATS GRID polido ── */
-.stats{
-  border-radius:var(--r-lg);
-  background:transparent;
-  border:none;
-  gap:10px;
-  box-shadow:none;
-  display:grid;
-}
-.stat{
-  border-radius:var(--r-md);
-  background:var(--surface-elevated);
-  backdrop-filter:blur(8px);
-  -webkit-backdrop-filter:blur(8px);
-  border:1px solid var(--border-subtle);
-  box-shadow:var(--sh-1);
-  padding:16px 16px 14px;
-  transition:transform var(--t-base), box-shadow var(--t-base);
-}
-.stat:hover{transform:translateY(-2px); box-shadow:var(--sh-2)}
-.stat::before{
-  height:3px; border-radius:2px;
-  background:linear-gradient(90deg, var(--brass), var(--brass-bright));
-  transform:scaleX(.5);
-  transition:transform var(--t-base);
-}
-.stat:hover::before{transform:scaleX(1)}
-
-/* ── EMPTY STATE elegante ── */
-.empty{padding:56px 28px; border-radius:var(--r-lg)}
-.empty::before,.empty::after{display:none}
-.empty-rose{
-  width:64px; height:64px;
-  filter:drop-shadow(0 4px 12px rgba(160,120,50,.25));
-  margin-bottom:18px;
-}
-.empty-title{font-size:21px}
-.empty-text{font-size:14px; line-height:1.65; opacity:.85}
-
-/* ── STATUS PILLS arredondados ── */
-.status-pill{
-  border-radius:var(--r-pill);
-  padding:3px 10px;
-  font-size:9.5px;
-  letter-spacing:.16em;
-}
-
-/* ── ALERTS com sombra sutil ── */
-.alert{
-  border-radius:var(--r-md);
-  border:1px solid var(--border-subtle);
-  border-left-width:4px;
-  box-shadow:var(--sh-1);
-  padding:14px 16px;
-  transition:transform var(--t-base);
-}
-.alert:hover{transform:translateX(2px)}
-
-/* ── PASSENGER PILLS modernos ── */
-.pax-pill,.pax-tag,.channel-pill{
-  border-radius:var(--r-pill);
-  padding:4px 12px;
-}
-
-/* ── ICON BUTTONS polidos ── */
-.icon-btn{
-  border-radius:var(--r-md);
-  transition:all var(--t-base);
-}
-.icon-btn:hover{
-  background:rgba(184,156,108,.15);
-  transform:scale(1.08);
-}
-
-/* ── MEDIA THUMBS ── */
-.media-thumb,.media-item{
-  border-radius:var(--r-md);
-  transition:transform var(--t-base), box-shadow var(--t-base);
-}
-.media-thumb:hover,.media-item:hover{
-  transform:scale(1.04);
-  box-shadow:var(--sh-2);
-  z-index:2;
-}
-
-/* ── SENSOR WIDGET premium (top-right) ── */
-#sensors-widget{
-  border-radius:var(--r-lg) !important;
-  background:linear-gradient(165deg, rgba(14,42,61,.92), rgba(20,58,82,.92)) !important;
-  backdrop-filter:blur(20px) saturate(1.4);
-  -webkit-backdrop-filter:blur(20px) saturate(1.4);
-  box-shadow:
-    0 4px 12px rgba(0,0,0,.15),
-    0 8px 24px rgba(14,42,61,.18),
-    inset 0 1px 0 rgba(200,159,84,.2) !important;
-  border:1px solid rgba(200,159,84,.18);
-  transition:transform var(--t-base), box-shadow var(--t-base);
-}
-#sensors-widget:hover{
-  transform:translateY(-1px);
-  box-shadow:
-    0 8px 16px rgba(0,0,0,.20),
-    0 16px 32px rgba(14,42,61,.22);
-}
-
-/* ── AUTH BOX polido ── */
-#auth-box{
-  background:linear-gradient(165deg, rgba(255,255,255,.5), rgba(255,255,255,.2));
-  backdrop-filter:blur(8px);
-  -webkit-backdrop-filter:blur(8px);
-  border-radius:var(--r-md);
-  padding:14px;
-  margin-top:14px !important;
-  border:1px solid var(--border-subtle);
-  border-top:1px solid var(--border-subtle) !important;
-}
-
-/* ── CURSOR pointer em interativos críticos ── */
-.tab,.btn,.fab,.icon-btn,.media-btn,.media-thumb,.media-item,.alert,
-.entry-actions button,.modal-head button,.pax-tag button{
-  cursor:pointer;
-}
-
-/* ── FOCUS visible global ── */
-*:focus-visible{
-  outline:2px solid var(--brass);
-  outline-offset:2px;
-  border-radius:var(--r-sm);
-}
-
-/* ── REDUCED MOTION (accessibility) ── */
-@media (prefers-reduced-motion:reduce){
-  *,*::before,*::after{
-    animation-duration:.01ms !important;
-    animation-iteration-count:1 !important;
-    transition-duration:.01ms !important;
-  }
-}
-
-/* ── LARGE SCREENS: mais respiro ── */
-@media(min-width:780px){
-  .container{padding:32px 24px 96px}
-  .stats{grid-template-columns:repeat(4,1fr)}
-}
-
-/* ── SCROLLBAR sutil (Firefox + WebKit) ── */
-*{scrollbar-width:thin; scrollbar-color:var(--brass) transparent}
-::-webkit-scrollbar{width:8px; height:8px}
-::-webkit-scrollbar-track{background:transparent}
-::-webkit-scrollbar-thumb{background:rgba(160,120,50,.35); border-radius:var(--r-pill)}
-::-webkit-scrollbar-thumb:hover{background:rgba(160,120,50,.55)}
-
-/* ── TYPOGRAPHY refinement ── */
-.boat-name{font-size:26px}
-.entry-title{font-size:20px; line-height:1.25}
-.modal-head h3{font-size:20px}
-.empty-title{margin-bottom:6px}
-
-/* ── SECTION HEADER sutilmente refinado ── */
-.section-header h2{font-size:11px; font-weight:600; color:var(--ink-mid)}
-
-/* ── TOOLBAR refinada ── */
-.toolbar{gap:10px; margin-bottom:18px}
 </style>
 </head>
 <body>
@@ -1328,7 +899,6 @@ Marque zonas de proibição (alarme alto) ou atenção (aviso suave). Detecção
 <button class="btn btn-block btn-danger" onclick="cloudDisconnect()">Desconectar</button>
 </div>
 <div id="cloud-info" style="font-family:var(--f-mono);font-size:10.5px;color:var(--sepia);margin-top:10px;letter-spacing:.04em;line-height:1.6"></div>
-<div id="auth-box" style="margin-top:14px;padding-top:14px;border-top:1px dashed var(--rule)"></div>
 </div>
 <div class="export-card" style="border-color:var(--algae);background:linear-gradient(180deg,var(--bg-paper),var(--algae-soft))">
 <div class="export-card-title">📡 Compartilhar posição em tempo real</div>
@@ -1719,7 +1289,7 @@ Hora: {HORA}</textarea>
 <div class="zone-toast" id="zone-toast"></div>
 
 <script>
-const state={boat:{name:'Shivao',model:''},trips:[],maint:[],pending:[],passengers:[],contacts:[],alarmTemplate:'🚨 ALERTA: Shivao saiu da posição de fundeio.\nEstou em {LAT}, {LNG}\nMapa: https://maps.google.com/?q={LAT},{LNG}\nHora: {HORA}',cloud:{url:'',token:'',lastSync:0},auth:null,license:null,webhooks:{telegram:{token:'',chatIds:''},discord:{url:''},generic:{url:''}},anchorHistory:[],zones:[],checklists:[],weatherCfg:{windyKey:'',model:'gfs'}};
+const state={boat:{name:'Shivao',model:''},trips:[],maint:[],pending:[],passengers:[],contacts:[],alarmTemplate:'🚨 ALERTA: Shivao saiu da posição de fundeio.\nEstou em {LAT}, {LNG}\nMapa: https://maps.google.com/?q={LAT},{LNG}\nHora: {HORA}',cloud:{url:'',token:'',lastSync:0},webhooks:{telegram:{token:'',chatIds:''},discord:{url:''},generic:{url:''}},anchorHistory:[],zones:[],checklists:[],weatherCfg:{windyKey:'',model:'gfs'}};
 const STORAGE_KEY='diario_bordo_v3';
 const TRACKING_KEY='diario_tracking_v3';
 const ANCHOR_KEY='diario_anchor_v3';
@@ -1867,7 +1437,7 @@ function renderGPSBanner(){
 
 function bindHeader(){const n=document.getElementById('boat-name'),m=document.getElementById('boat-model');n.value=state.boat.name||'Shivao';m.value=state.boat.model||'';n.addEventListener('input',e=>{state.boat.name=e.target.value;saveState()});m.addEventListener('input',e=>{state.boat.model=e.target.value;saveState()})}
 
-document.querySelectorAll('.tab').forEach(t=>{t.addEventListener('click',()=>{document.querySelectorAll('.tab').forEach(x=>x.classList.remove('active'));document.querySelectorAll('.panel').forEach(x=>x.classList.remove('active'));t.classList.add('active');document.getElementById('panel-'+t.dataset.panel).classList.add('active');document.getElementById('fab').style.display=['trips','maintenance','pending','zones'].includes(t.dataset.panel)?'flex':'none';if(t.dataset.panel==='export'){updateStorageInfo();bindCloudInputs();renderCloudStatus();renderShareList();bindWeatherInputs();renderAuthBox()}if(t.dataset.panel==='zones')renderZones();window.scrollTo(0,0)})});
+document.querySelectorAll('.tab').forEach(t=>{t.addEventListener('click',()=>{document.querySelectorAll('.tab').forEach(x=>x.classList.remove('active'));document.querySelectorAll('.panel').forEach(x=>x.classList.remove('active'));t.classList.add('active');document.getElementById('panel-'+t.dataset.panel).classList.add('active');document.getElementById('fab').style.display=['trips','maintenance','pending','zones'].includes(t.dataset.panel)?'flex':'none';if(t.dataset.panel==='export'){updateStorageInfo();bindCloudInputs();renderCloudStatus();renderShareList();bindWeatherInputs()}if(t.dataset.panel==='zones')renderZones();window.scrollTo(0,0)})});
 function quickAdd(){const a=document.querySelector('.tab.active').dataset.panel;if(a==='maintenance')openMaintModal();else if(a==='pending')openPendingModal();else if(a==='zones')openZoneEditor();else openTripModal()}
 function openModal(id){document.getElementById(id).classList.add('show')}
 function closeModal(id){document.getElementById(id).classList.remove('show')}
@@ -2788,198 +2358,11 @@ function cloudUrl(path){return state.cloud.url.replace(/\/$/,'')+path}
 
 async function cloudFetch(path,opts={}){
   if(!cloudConfigured())throw new Error('Nuvem não configurada');
-  // Usa JWT se logado (multi-tenant SaaS), senão BOAT_TOKEN legado (single-tenant pessoal)
-  const auth=(state.auth&&state.auth.accessToken)?state.auth.accessToken:state.cloud.token;
-  const doFetch=()=>fetch(cloudUrl(path),{...opts,headers:{'Authorization':`Bearer ${auth}`,'Content-Type':'application/json',...(opts.headers||{})}});
-  let r=await doFetch();
-  // 401 com JWT? Tenta refresh + retry 1×
-  if(r.status===401&&state.auth&&state.auth.refreshToken){
-    const ok=await authRefresh();
-    if(ok){const auth2=state.auth.accessToken;r=await fetch(cloudUrl(path),{...opts,headers:{'Authorization':`Bearer ${auth2}`,'Content-Type':'application/json',...(opts.headers||{})}})}
-  }
-  if(!r.ok){let detail='';try{const j=await r.clone().json();detail=j.error||JSON.stringify(j.issues||{})}catch{}throw new Error(`HTTP ${r.status}${detail?' · '+detail:''}`)}
+  const r=await fetch(cloudUrl(path),{...opts,headers:{'Authorization':`Bearer ${state.cloud.token}`,'Content-Type':'application/json',...(opts.headers||{})}});
+  if(!r.ok)throw new Error(`HTTP ${r.status}`);
   return r;
 }
 
-// ===== Auth (multi-tenant SaaS — Login/Signup) =====
-async function authSignup(email,password,name){
-  if(!cloudConfigured())throw new Error('Configure URL do servidor primeiro');
-  const r=await fetch(cloudUrl('/api/auth/signup'),{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({email,password,name})});
-  const j=await r.json();
-  if(!r.ok)throw new Error(j.error||`HTTP ${r.status}`);
-  state.auth={accessToken:j.accessToken,refreshToken:j.refreshToken,user:j.user};
-  saveState();
-  await refreshLicense();
-  renderAuthBox();
-}
-
-async function authLogin(email,password){
-  if(!cloudConfigured())throw new Error('Configure URL do servidor primeiro');
-  const r=await fetch(cloudUrl('/api/auth/login'),{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({email,password})});
-  const j=await r.json();
-  if(!r.ok)throw new Error(j.error||`HTTP ${r.status}`);
-  state.auth={accessToken:j.accessToken,refreshToken:j.refreshToken,user:j.user};
-  saveState();
-  await refreshLicense();
-  renderAuthBox();
-}
-
-async function authRefresh(){
-  if(!state.auth||!state.auth.refreshToken)return false;
-  try{
-    const r=await fetch(cloudUrl('/api/auth/refresh'),{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({refreshToken:state.auth.refreshToken})});
-    if(!r.ok){state.auth=null;saveState();return false}
-    const j=await r.json();
-    state.auth.accessToken=j.accessToken;
-    saveState();
-    return true;
-  }catch{return false}
-}
-
-function authLogout(){
-  state.auth=null;
-  state.license=null;
-  saveState();
-  renderAuthBox();
-  toast('Sessão encerrada');
-}
-
-async function refreshLicense(){
-  try{
-    const r=await cloudFetch('/api/license');
-    state.license=await r.json();
-    saveState();
-  }catch(e){console.warn('license fetch:',e.message)}
-}
-
-function renderAuthBox(){
-  const box=document.getElementById('auth-box');
-  if(!box)return;
-  if(state.auth&&state.auth.user){
-    const u=state.auth.user;
-    const lic=state.license||{plan:'free',features:[]};
-    const planLabel={free:'Free (Âncora)',pro:'Pro',captain:'Captain'}[lic.plan]||lic.plan;
-    box.innerHTML=`<div style="font-family:var(--f-mono);font-size:11px;line-height:1.7"><div><strong>${escapeHtml(u.email)}</strong> ${u.name?'· '+escapeHtml(u.name):''}</div><div>Plano: <strong style="color:var(--brass)">${planLabel}</strong> ${lic.expires_at?'· expira '+new Date(lic.expires_at).toLocaleDateString('pt-BR'):''}</div></div><button class="btn btn-block" style="margin-top:10px" onclick="authLogout()">Sair</button>${lic.plan==='free'?'<button class="btn btn-block btn-brass" style="margin-top:6px" onclick="openUpgradeModal()">⚡ Fazer upgrade pra Pro</button>':''}`;
-  }else{
-    box.innerHTML=`
-<div style="font-family:var(--f-mono);font-size:11px;color:var(--sepia);margin-bottom:10px;letter-spacing:.04em">CONTA · multi-usuário SaaS</div>
-<div style="display:flex;gap:6px;margin-bottom:10px">
-  <button class="btn btn-sm" id="auth-tab-login" onclick="document.getElementById('auth-form-login').style.display='block';document.getElementById('auth-form-signup').style.display='none';this.classList.add('btn-brass');document.getElementById('auth-tab-signup').classList.remove('btn-brass')" style="flex:1">Entrar</button>
-  <button class="btn btn-sm" id="auth-tab-signup" onclick="document.getElementById('auth-form-signup').style.display='block';document.getElementById('auth-form-login').style.display='none';this.classList.add('btn-brass');document.getElementById('auth-tab-login').classList.remove('btn-brass')" style="flex:1">Cadastrar</button>
-</div>
-<div id="auth-form-login">
-  <div class="field"><label class="field-label">Email</label><input type="email" id="login-email" placeholder="seu@email.com"></div>
-  <div class="field"><label class="field-label">Senha</label><input type="password" id="login-pwd" placeholder="••••••••"></div>
-  <button class="btn btn-block btn-primary" onclick="onAuthLoginClick()">Entrar</button>
-</div>
-<div id="auth-form-signup" style="display:none">
-  <div class="field"><label class="field-label">Email</label><input type="email" id="signup-email" placeholder="seu@email.com"></div>
-  <div class="field"><label class="field-label">Nome (opcional)</label><input type="text" id="signup-name" placeholder="Seu nome"></div>
-  <div class="field"><label class="field-label">Senha (mín 8 chars)</label><input type="password" id="signup-pwd" placeholder="••••••••"></div>
-  <button class="btn btn-block btn-primary" onclick="onAuthSignupClick()">Criar conta</button>
-</div>
-<div id="auth-msg" style="margin-top:8px;font-size:11px;color:var(--storm)"></div>`;
-    document.getElementById('auth-tab-login').classList.add('btn-brass');
-  }
-}
-
-async function onAuthLoginClick(){
-  const e=document.getElementById('login-email').value.trim();
-  const p=document.getElementById('login-pwd').value;
-  const msg=document.getElementById('auth-msg');
-  msg.style.color='var(--storm)';msg.textContent='';
-  try{await authLogin(e,p);msg.style.color='var(--algae)';msg.textContent='Logado!';toast('Bem-vindo')}catch(err){msg.textContent=err.message}
-}
-
-// ===== Upgrade modal (Asaas billing) =====
-let _upgradeChosen={plan:'pro',cycle:'yearly',billingType:'PIX'};
-
-async function openUpgradeModal(){
-  if(!state.auth){toast('Faça login primeiro');return}
-  // Cria modal dinamicamente (não precisa adicionar HTML no body)
-  const existing=document.getElementById('upgrade-modal');
-  if(existing)existing.remove();
-  const m=document.createElement('div');
-  m.id='upgrade-modal';
-  m.className='modal-backdrop';
-  m.style.cssText='align-items:center;justify-content:center;display:flex;z-index:9999';
-  m.innerHTML=`<div class="modal" style="max-width:420px;padding:24px"><h3 style="margin:0 0 12px;font-family:var(--f-display),Georgia,serif;font-style:italic;color:var(--brass)">Upgrade · escolha seu plano</h3>
-  <div style="display:grid;grid-template-columns:1fr 1fr;gap:8px;margin:12px 0">
-    <button id="up-pro" class="btn" onclick="_upgradeChoose('pro')" style="padding:10px;text-align:left"><strong>Pro</strong><br><small style="opacity:.8">R\$19/mês ou R\$149/ano</small></button>
-    <button id="up-captain" class="btn" onclick="_upgradeChoose('captain')" style="padding:10px;text-align:left"><strong>Captain</strong><br><small style="opacity:.8">R\$39/mês ou R\$299/ano</small></button>
-  </div>
-  <div style="display:flex;gap:6px;margin-bottom:10px">
-    <button id="up-monthly" class="btn btn-sm" onclick="_upgradeCycle('monthly')" style="flex:1">Mensal</button>
-    <button id="up-yearly" class="btn btn-sm" onclick="_upgradeCycle('yearly')" style="flex:1">Anual (-35%)</button>
-  </div>
-  <div style="display:flex;gap:6px;margin-bottom:14px">
-    <button id="up-pix" class="btn btn-sm" onclick="_upgradeType('PIX')" style="flex:1">PIX (instantâneo)</button>
-    <button id="up-cc" class="btn btn-sm" onclick="_upgradeType('CREDIT_CARD')" style="flex:1">Cartão</button>
-    <button id="up-bol" class="btn btn-sm" onclick="_upgradeType('BOLETO')" style="flex:1">Boleto</button>
-  </div>
-  <div id="up-summary" style="font-family:var(--f-mono);font-size:12px;color:var(--ink);background:var(--bg-aged);padding:10px;border-radius:4px;margin-bottom:12px"></div>
-  <button class="btn btn-block btn-primary" onclick="_doCheckout()">Continuar pra pagamento</button>
-  <button class="btn btn-block" onclick="document.getElementById('upgrade-modal').remove()" style="margin-top:6px">Cancelar</button>
-  <div id="up-result" style="margin-top:14px"></div>
-  </div>`;
-  document.body.appendChild(m);
-  _upgradeRefresh();
-}
-function _upgradeChoose(p){_upgradeChosen.plan=p;_upgradeRefresh()}
-function _upgradeCycle(c){_upgradeChosen.cycle=c;_upgradeRefresh()}
-function _upgradeType(t){_upgradeChosen.billingType=t;_upgradeRefresh()}
-function _upgradeRefresh(){
-  const c=_upgradeChosen;
-  ['up-pro','up-captain'].forEach(i=>document.getElementById(i)?.classList.remove('btn-brass'));
-  ['up-monthly','up-yearly'].forEach(i=>document.getElementById(i)?.classList.remove('btn-brass'));
-  ['up-pix','up-cc','up-bol'].forEach(i=>document.getElementById(i)?.classList.remove('btn-brass'));
-  document.getElementById('up-'+c.plan)?.classList.add('btn-brass');
-  document.getElementById('up-'+c.cycle)?.classList.add('btn-brass');
-  document.getElementById('up-'+(c.billingType==='PIX'?'pix':c.billingType==='CREDIT_CARD'?'cc':'bol'))?.classList.add('btn-brass');
-  const prices={pro:{monthly:19,yearly:149},captain:{monthly:39,yearly:299}};
-  const v=prices[c.plan][c.cycle];
-  document.getElementById('up-summary').textContent=`Plano ${c.plan==='pro'?'Pro':'Captain'} · ${c.cycle==='monthly'?'mensal':'anual'} · R$ ${v.toFixed(2)} via ${c.billingType==='PIX'?'PIX':c.billingType==='CREDIT_CARD'?'Cartão':'Boleto'}`;
-}
-async function _doCheckout(){
-  const out=document.getElementById('up-result');out.innerHTML='<em>Criando cobrança…</em>';
-  try{
-    const r=await cloudFetch('/api/billing/checkout',{method:'POST',body:JSON.stringify(_upgradeChosen)});
-    const data=await r.json();
-    let html='';
-    if(data.pix&&data.pix.qrCode){
-      html=`<div style="text-align:center"><strong>Escaneie o QR Code PIX:</strong><br><img src="data:image/png;base64,${data.pix.qrCode}" style="max-width:240px;margin:10px auto;border:4px solid #fff;border-radius:8px"><br><div style="font-family:var(--f-mono);font-size:10px;word-break:break-all;background:var(--bg-aged);padding:6px;border-radius:4px;margin:6px 0"><strong>Copia e cola:</strong><br>${data.pix.payload||''}</div><button class="btn btn-sm" onclick="navigator.clipboard.writeText('${data.pix.payload||''}').then(()=>toast('PIX copiado!'))">Copiar PIX</button></div>`;
-    }else if(data.invoiceUrl){
-      html=`<a href="${data.invoiceUrl}" target="_blank" class="btn btn-block btn-primary">Abrir página de pagamento ↗</a>`;
-    }
-    html+=`<div style="margin-top:10px;font-size:11px;opacity:.8">Após pagar, sua licença ativa em segundos. Pode fechar esta tela e voltar quando quiser.</div>`;
-    html+=`<button class="btn btn-block" style="margin-top:10px" onclick="checkPaymentStatus('${data.paymentId}')">Verificar pagamento</button>`;
-    out.innerHTML=html;
-  }catch(e){out.innerHTML='<span style="color:var(--storm)">Erro: '+e.message+'</span>'}
-}
-async function checkPaymentStatus(paymentId){
-  try{
-    const r=await cloudFetch('/api/billing/payment/'+paymentId);
-    const p=await r.json();
-    if(['RECEIVED','CONFIRMED','RECEIVED_IN_CASH'].includes(p.status)){
-      toast('Pago! Licença ativada 🎉');
-      await refreshLicense();renderAuthBox();
-      document.getElementById('upgrade-modal')?.remove();
-    }else{
-      toast('Status: '+p.status);
-    }
-  }catch(e){toast('Erro: '+e.message)}
-}
-
-async function onAuthSignupClick(){
-  const e=document.getElementById('signup-email').value.trim();
-  const n=document.getElementById('signup-name').value.trim();
-  const p=document.getElementById('signup-pwd').value;
-  const msg=document.getElementById('auth-msg');
-  msg.style.color='var(--storm)';msg.textContent='';
-  if(p.length<8){msg.textContent='Senha precisa de no mínimo 8 caracteres';return}
-  try{await authSignup(e,p,n);msg.style.color='var(--algae)';msg.textContent='Conta criada e logado!';toast('Conta criada')}catch(err){msg.textContent=err.message}
-}
-
 function bindCloudInputs(){
   const u=document.getElementById('cloud-url'),t=document.getElementById('cloud-token');
   if(!u||!t)return;
@@ -3570,51 +2953,8 @@ async function testWindyKey(){
   }
 }
 
-// ===== Capacitor adapter (detecta nativo + usa APIs nativas com fallback Web) =====
-const isNative=()=>!!(window.Capacitor&&window.Capacitor.isNativePlatform&&window.Capacitor.isNativePlatform());
-const nativePlatform=()=>(window.Capacitor&&window.Capacitor.getPlatform)?window.Capacitor.getPlatform():'web';
-
-// Geolocation: Capacitor.Geolocation (background-capable) > navigator.geolocation
-async function nativeWatchPosition(onUpdate,onError,opts){
-  if(isNative()&&window.Capacitor.Plugins.Geolocation){
-    try{
-      const{Geolocation}=window.Capacitor.Plugins;
-      // Pede permission upfront
-      const perm=await Geolocation.requestPermissions({permissions:['location']}).catch(()=>({location:'denied'}));
-      if(perm.location==='denied'){onError({code:1,PERMISSION_DENIED:1,message:'Permissão negada'});return null}
-      const id=await Geolocation.watchPosition({enableHighAccuracy:!!opts?.enableHighAccuracy,timeout:opts?.timeout||15000,maximumAge:opts?.maximumAge||0},(pos,err)=>{
-        if(err){onError({code:err.code||3,message:err.message||'GPS erro',PERMISSION_DENIED:1,POSITION_UNAVAILABLE:2,TIMEOUT:3});return}
-        onUpdate({coords:{latitude:pos.coords.latitude,longitude:pos.coords.longitude,accuracy:pos.coords.accuracy,speed:pos.coords.speed},timestamp:pos.timestamp});
-      });
-      return{native:true,id};
-    }catch(e){console.warn('[native gps] fallback to web:',e.message)}
-  }
-  // Fallback web
-  const id=navigator.geolocation.watchPosition(onUpdate,onError,opts);
-  return{native:false,id};
-}
-async function nativeClearWatch(handle){
-  if(!handle)return;
-  if(handle.native&&isNative()){try{await window.Capacitor.Plugins.Geolocation.clearWatch({id:handle.id})}catch(e){}}
-  else if(handle.id!=null)navigator.geolocation.clearWatch(handle.id);
-}
-
-// Local notifications: nativo no Android, fallback toast no web
-async function nativeNotify(title,body,id){
-  if(isNative()&&window.Capacitor.Plugins.LocalNotifications){
-    try{
-      const{LocalNotifications}=window.Capacitor.Plugins;
-      await LocalNotifications.requestPermissions().catch(()=>{});
-      await LocalNotifications.schedule({notifications:[{id:id||Date.now()%2147483647,title,body,sound:null,smallIcon:'ic_stat_icon_config_sample'}]});
-      return;
-    }catch(e){console.warn('[native notify]',e.message)}
-  }
-  toast(title+(body?': '+body:''));
-}
-
-// ===== Service Worker (offline real — só registra no Web, no Capacitor o WebView usa cache nativo) =====
+// ===== Service Worker (offline real) =====
 function initServiceWorker(){
-  if(isNative())return; // Capacitor não usa SW (tem cache próprio + APIs nativas)
   if(!('serviceWorker' in navigator))return;
   navigator.serviceWorker.register('/sw.js').then(reg=>{
     console.log('[SW] registered:',reg.scope);
@@ -3679,14 +3019,8 @@ function headingToCardinal(deg){
 }
 
 function tryStartCompass(){
-  // iOS Safari requer permission via gesture do usuário (DeviceOrientationEvent.requestPermission)
-  // Android Chrome: funciona direto sem permission
   if(typeof DeviceOrientationEvent==='undefined')return;
-  if(typeof DeviceOrientationEvent.requestPermission==='function'){
-    // iOS — aguarda usuário clicar "Ativar bússola"
-    return;
-  }
-  // Android: pode iniciar direto
+  if(typeof DeviceOrientationEvent.requestPermission==='function')return; // iOS espera tap
   attachCompassListener();
 }
 
@@ -3710,8 +3044,6 @@ function attachCompassListener(){
 }
 
 function onCompass(e){
-  // iOS: e.webkitCompassHeading (0-360 azimuth real)
-  // Android: e.alpha (0-360, mas relativo — pra absoluto, use deviceorientationabsolute)
   let h=null;
   if(typeof e.webkitCompassHeading==='number')h=e.webkitCompassHeading;
   else if(typeof e.alpha==='number')h=360-e.alpha;
@@ -3729,7 +3061,6 @@ function tryStartBarometer(){
       sensors.pressure=bar.pressure;
       sensors._pressHistory.push({ts:Date.now(),p:bar.pressure});
       if(sensors._pressHistory.length>30)sensors._pressHistory.shift();
-      // tendência: diferença entre média recente e antiga
       if(sensors._pressHistory.length>=10){
         const half=Math.floor(sensors._pressHistory.length/2);
         const old=sensors._pressHistory.slice(0,half).reduce((s,x)=>s+x.p,0)/half;
@@ -3747,12 +3078,11 @@ function tryStartBarometer(){
 
 async function precacheCurrentMapArea(){
   if(!navigator.serviceWorker||!navigator.serviceWorker.controller){toast('SW não ativo ainda — recarregue');return}
-  // Pede ao usuário um centro/raio se não há mapa visível
   if(!confirm('Pré-cachear mapa de uma área de ~50km no entorno da posição atual?\nVai baixar ~200 tiles (uns 5-10 MB).'))return;
   if(!navigator.geolocation){toast('Sem GPS pra centro do cache');return}
   navigator.geolocation.getCurrentPosition(pos=>{
     const lat=pos.coords.latitude,lng=pos.coords.longitude;
-    const d=0.5; // ~50km de lat/lng buffer
+    const d=0.5;
     const bounds={north:lat+d,south:lat-d,east:lng+d,west:lng-d};
     toast('Baixando tiles…');
     const channel=new MessageChannel();

server/src/auth.js

@@ -1,65 +0,0 @@
-// Auth — JWT + bcrypt pra Shivao SaaS multi-tenant.
-import bcrypt from 'bcryptjs';
-import jwt from 'jsonwebtoken';
-
-const JWT_SECRET = process.env.JWT_SECRET || (process.env.BOAT_TOKEN + '-jwt-derive-key');
-const JWT_ACCESS_TTL = '7d';   // access token expira em 7 dias (menos fricção pra usuário móvel)
-const JWT_REFRESH_TTL = '90d'; // refresh em 90 dias
-
-if (!process.env.JWT_SECRET && !process.env.BOAT_TOKEN) {
-  console.warn('[auth] AVISO: JWT_SECRET não configurado. Use env JWT_SECRET em produção.');
-}
-
-export async function hashPassword(plain) {
-  if (!plain || plain.length < 8) throw new Error('Senha precisa ter no mínimo 8 caracteres');
-  return bcrypt.hash(plain, 10);
-}
-
-export async function verifyPassword(plain, hash) {
-  if (!plain || !hash) return false;
-  try { return await bcrypt.compare(plain, hash); } catch { return false; }
-}
-
-export function signAccessToken(user) {
-  return jwt.sign({ uid: user.id, email: user.email, type: 'access' }, JWT_SECRET, { expiresIn: JWT_ACCESS_TTL });
-}
-
-export function signRefreshToken(user) {
-  return jwt.sign({ uid: user.id, type: 'refresh' }, JWT_SECRET, { expiresIn: JWT_REFRESH_TTL });
-}
-
-export function verifyToken(token) {
-  try { return jwt.verify(token, JWT_SECRET); } catch { return null; }
-}
-
-// Plans → features matrix
-// free: âncora local + diário básico (até 10 viagens)
-// pro: tudo do free + sync nuvem ilimitada + GPS tracking + mídia + geofencing
-// captain: tudo do pro + Windy premium + multi-barco + relatórios PDF + audit log
-export const PLANS = {
-  free: {
-    name: 'Free (Âncora)',
-    price_brl: 0,
-    features: ['anchor_local', 'diary_limited_10', 'export_gpx_basic']
-  },
-  pro: {
-    name: 'Pro',
-    price_brl_monthly: 19,
-    price_brl_yearly: 149,
-    features: ['anchor_local', 'anchor_remote', 'diary_unlimited', 'cloud_sync', 'gps_tracking', 'media_cloud', 'geofencing', 'webhooks', 'export_all']
-  },
-  captain: {
-    name: 'Captain',
-    price_brl_monthly: 39,
-    price_brl_yearly: 299,
-    features: ['anchor_local', 'anchor_remote', 'diary_unlimited', 'cloud_sync', 'gps_tracking', 'media_cloud', 'geofencing', 'webhooks', 'export_all', 'windy_premium', 'multi_boat', 'pdf_reports', 'audit_log']
-  }
-};
-
-export function planFeatures(plan) {
-  return (PLANS[plan] || PLANS.free).features;
-}
-
-export function planHasFeature(plan, feature) {
-  return planFeatures(plan).includes(feature);
-}

server/src/billing.js

@@ -1,119 +0,0 @@
-// Billing — Asaas (PIX/Boleto/Cartão) pra licenciar Pro/Captain
-// Docs: https://docs.asaas.com/reference/
-
-const ASAAS_URL = process.env.ASAAS_API_URL || 'https://api.asaas.com/v3';
-const ASAAS_KEY = process.env.ASAAS_API_KEY;
-const ASAAS_WEBHOOK_TOKEN = process.env.ASAAS_WEBHOOK_TOKEN; // shared secret pro webhook
-
-export function isAsaasConfigured() {
-  return !!ASAAS_KEY;
-}
-
-async function asaasRequest(path, method = 'GET', body = null) {
-  if (!ASAAS_KEY) throw new Error('Asaas não configurado (env ASAAS_API_KEY ausente)');
-  const url = ASAAS_URL.replace(/\/$/, '') + path;
-  const r = await fetch(url, {
-    method,
-    headers: {
-      'access_token': ASAAS_KEY,
-      'Content-Type': 'application/json',
-      'User-Agent': 'Shivao-SaaS/1.0',
-    },
-    body: body ? JSON.stringify(body) : undefined,
-  });
-  const text = await r.text();
-  let json;
-  try { json = JSON.parse(text); } catch { json = { raw: text }; }
-  if (!r.ok) {
-    const msg = json.errors?.[0]?.description || json.message || `HTTP ${r.status}`;
-    throw new Error(`Asaas: ${msg}`);
-  }
-  return json;
-}
-
-// Cria customer (idempotente — Asaas dedup por externalReference)
-export async function getOrCreateCustomer(user) {
-  // Busca por externalReference primeiro
-  try {
-    const search = await asaasRequest(`/customers?externalReference=user_${user.id}`);
-    if (search.data && search.data.length > 0) return search.data[0].id;
-  } catch (e) { /* ignore search errors, fallback create */ }
-
-  const created = await asaasRequest('/customers', 'POST', {
-    name: user.name || user.email.split('@')[0],
-    email: user.email,
-    externalReference: `user_${user.id}`,
-    notificationDisabled: false,
-  });
-  return created.id;
-}
-
-// Cria cobrança avulsa (1 pagamento). PIX/CREDIT_CARD/BOLETO.
-// dueDays: até quantos dias da hoje vence (PIX padrão 3 dias, boleto 7)
-export async function createPayment({ customerId, plan, cycle, value, billingType, description, dueDays = 3 }) {
-  const due = new Date();
-  due.setDate(due.getDate() + dueDays);
-  const dueStr = due.toISOString().slice(0, 10); // YYYY-MM-DD
-
-  const body = {
-    customer: customerId,
-    billingType, // 'PIX' | 'CREDIT_CARD' | 'BOLETO' | 'UNDEFINED' (deixa cliente escolher)
-    value,
-    dueDate: dueStr,
-    description: description || `Shivao ${plan} (${cycle})`,
-    externalReference: `plan_${plan}_${cycle}_${Date.now()}`,
-  };
-  return asaasRequest('/payments', 'POST', body);
-}
-
-// Pega QR Code PIX do payment (se billingType=PIX)
-export async function getPixQrCode(paymentId) {
-  return asaasRequest(`/payments/${paymentId}/pixQrCode`);
-}
-
-// Verifica status atual do payment (pra reconciliação se webhook falhar)
-export async function getPaymentStatus(paymentId) {
-  return asaasRequest(`/payments/${paymentId}`);
-}
-
-// Mapeia status Asaas → ações na licença
-// PENDING/AWAITING_RISK_ANALYSIS: aguardar
-// CONFIRMED: pré-confirmado (cartão capturado, ainda não creditado)
-// RECEIVED: dinheiro caiu, ATIVAR licença
-// OVERDUE/REFUNDED/RECEIVED_IN_CASH/CHARGEBACK_REQUESTED/REFUND_REQUESTED: handle apropriado
-export function isPaidStatus(status) {
-  return ['RECEIVED', 'CONFIRMED', 'RECEIVED_IN_CASH'].includes(status);
-}
-
-export function isFailedStatus(status) {
-  return ['REFUNDED', 'CHARGEBACK_REQUESTED', 'CHARGEBACK_DISPUTE', 'AWAITING_CHARGEBACK_REVERSAL'].includes(status);
-}
-
-// Validação básica de webhook: se ASAAS_WEBHOOK_TOKEN setado, verifica header.
-// Asaas v3 envia o token no header `asaas-access-token`.
-export function verifyWebhookToken(headerToken) {
-  if (!ASAAS_WEBHOOK_TOKEN) {
-    console.warn('[billing] ASAAS_WEBHOOK_TOKEN não configurado — webhook aceita sem verificação');
-    return true;
-  }
-  return headerToken === ASAAS_WEBHOOK_TOKEN;
-}
-
-// Calcula expiração baseada em ciclo + plano
-export function computeExpiresAt(cycle) {
-  const now = Date.now();
-  const oneDay = 24 * 3600 * 1000;
-  if (cycle === 'monthly') return now + 30 * oneDay;
-  if (cycle === 'yearly') return now + 365 * oneDay;
-  return now + 30 * oneDay; // default mensal
-}
-
-// Preço por plano + ciclo
-import { PLANS } from './auth.js';
-export function priceFor(plan, cycle) {
-  const p = PLANS[plan];
-  if (!p) throw new Error('Plano inválido');
-  if (cycle === 'monthly') return p.price_brl_monthly;
-  if (cycle === 'yearly') return p.price_brl_yearly;
-  throw new Error('Ciclo inválido');
-}

server/src/db.js

@@ -11,58 +11,26 @@ db.pragma('journal_mode = WAL');
 db.pragma('synchronous = NORMAL');
 
 db.exec(`
-  -- ===== Users + Licenses (multi-tenant SaaS) =====
-  CREATE TABLE IF NOT EXISTS users (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    email TEXT UNIQUE NOT NULL,
-    password_hash TEXT NOT NULL,
-    name TEXT,
-    created_at INTEGER NOT NULL,
-    updated_at INTEGER NOT NULL,
-    last_login INTEGER
-  );
-  CREATE INDEX IF NOT EXISTS idx_users_email ON users(email);
-
-  CREATE TABLE IF NOT EXISTS licenses (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    user_id INTEGER NOT NULL,
-    plan TEXT NOT NULL DEFAULT 'free',
-    status TEXT NOT NULL DEFAULT 'active',
-    started_at INTEGER NOT NULL,
-    expires_at INTEGER,
-    asaas_subscription_id TEXT,
-    updated_at INTEGER NOT NULL,
-    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
-  );
-  CREATE INDEX IF NOT EXISTS idx_licenses_user ON licenses(user_id);
-
-  -- ===== Tabelas de dados (originalmente single-tenant, agora com user_id) =====
   CREATE TABLE IF NOT EXISTS state (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    user_id INTEGER NOT NULL DEFAULT 1,
+    id INTEGER PRIMARY KEY CHECK (id = 1),
     data TEXT NOT NULL,
-    updated_at INTEGER NOT NULL,
-    UNIQUE(user_id),
-    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+    updated_at INTEGER NOT NULL
   );
 
   CREATE TABLE IF NOT EXISTS media (
     id TEXT PRIMARY KEY,
-    user_id INTEGER NOT NULL DEFAULT 1,
     parent_id TEXT,
     parent_type TEXT,
     kind TEXT NOT NULL,
     mime TEXT NOT NULL,
     size INTEGER NOT NULL,
     filename TEXT NOT NULL,
-    created_at INTEGER NOT NULL,
-    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+    created_at INTEGER NOT NULL
   );
   CREATE INDEX IF NOT EXISTS idx_media_parent ON media(parent_id);
 
   CREATE TABLE IF NOT EXISTS anchor_session (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    user_id INTEGER NOT NULL DEFAULT 1,
+    id INTEGER PRIMARY KEY CHECK (id = 1),
     active INTEGER NOT NULL DEFAULT 0,
     boat_name TEXT,
     anchor_lat REAL,
@@ -73,31 +41,25 @@ db.exec(`
     last_lat REAL,
     last_lng REAL,
     last_distance REAL,
-    alarm_fired INTEGER DEFAULT 0,
-    UNIQUE(user_id),
-    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+    alarm_fired INTEGER DEFAULT 0
   );
 
   CREATE TABLE IF NOT EXISTS alarm_log (
     id INTEGER PRIMARY KEY AUTOINCREMENT,
-    user_id INTEGER NOT NULL DEFAULT 1,
     ts INTEGER NOT NULL,
     type TEXT NOT NULL,
     payload TEXT,
     sent TEXT,
-    failed TEXT,
-    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+    failed TEXT
   );
 
   CREATE TABLE IF NOT EXISTS shares (
     token TEXT PRIMARY KEY,
-    user_id INTEGER NOT NULL DEFAULT 1,
     boat_name TEXT,
     created_at INTEGER NOT NULL,
     expires_at INTEGER NOT NULL,
     revoked INTEGER DEFAULT 0,
-    zones TEXT,
-    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+    zones TEXT
   );
   CREATE INDEX IF NOT EXISTS idx_shares_expires ON shares(expires_at);
 
@@ -111,26 +73,6 @@ db.exec(`
   );
   CREATE INDEX IF NOT EXISTS idx_sp_token_ts ON share_positions(token, ts DESC);
 
-  CREATE TABLE IF NOT EXISTS payments (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    user_id INTEGER NOT NULL,
-    asaas_payment_id TEXT UNIQUE,
-    asaas_customer_id TEXT,
-    plan TEXT NOT NULL,
-    cycle TEXT NOT NULL,
-    value REAL NOT NULL,
-    billing_type TEXT NOT NULL,
-    status TEXT NOT NULL DEFAULT 'PENDING',
-    invoice_url TEXT,
-    due_date INTEGER NOT NULL,
-    paid_at INTEGER,
-    created_at INTEGER NOT NULL,
-    updated_at INTEGER NOT NULL,
-    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
-  );
-  CREATE INDEX IF NOT EXISTS idx_payments_user ON payments(user_id);
-  CREATE INDEX IF NOT EXISTS idx_payments_asaas ON payments(asaas_payment_id);
-
   CREATE TABLE IF NOT EXISTS audit_log (
     id INTEGER PRIMARY KEY AUTOINCREMENT,
     ts INTEGER NOT NULL,
@@ -151,219 +93,96 @@ try {
   }
 } catch (e) { /* ignore */ }
 
-// ===== Migração multi-tenant =====
-// 1) Tabelas que mudaram PRIMARY KEY (state, anchor_session): se schema antigo detectado,
-//    recriar limpo. Sem perda de dados crítica neste momento (deploy inicial).
-function recreateIfLegacy(table, newSchema) {
-  try {
-    const cols = db.prepare(`PRAGMA table_info(${table})`).all();
-    if (cols.length === 0) return; // tabela ainda não existe (CREATE TABLE pegou o schema novo)
-    const hasUserId = cols.some(c => c.name === 'user_id');
-    const idCol = cols.find(c => c.name === 'id');
-    // Schema antigo: id é PRIMARY KEY mas NÃO é AUTOINCREMENT (rowid alias com CHECK constraint)
-    const isLegacyPK = idCol && idCol.pk === 1 && !cols.some(c => c.type === 'INTEGER' && c.pk && c.name === 'id' && (c.dflt_value || '').toString().includes('AUTO'));
-    if (!hasUserId || isLegacyPK) {
-      console.log(`[migration] recreating ${table} (legacy schema detected)`);
-      db.exec(`DROP TABLE IF EXISTS ${table}; ${newSchema}`);
-    }
-  } catch (e) { console.warn(`[migration] recreate ${table}:`, e.message); }
-}
-
-recreateIfLegacy('state', `
-  CREATE TABLE state (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    user_id INTEGER NOT NULL DEFAULT 1,
-    data TEXT NOT NULL,
-    updated_at INTEGER NOT NULL,
-    UNIQUE(user_id),
-    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
-  );
-`);
-recreateIfLegacy('anchor_session', `
-  CREATE TABLE anchor_session (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    user_id INTEGER NOT NULL DEFAULT 1,
-    active INTEGER NOT NULL DEFAULT 0,
-    boat_name TEXT,
-    anchor_lat REAL,
-    anchor_lng REAL,
-    radius INTEGER,
-    started_at INTEGER,
-    last_heartbeat INTEGER,
-    last_lat REAL,
-    last_lng REAL,
-    last_distance REAL,
-    alarm_fired INTEGER DEFAULT 0,
-    UNIQUE(user_id),
-    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
-  );
-`);
-
-// 2) Tabelas que só ganharam coluna user_id: ALTER TABLE ADD COLUMN
-function ensureUserIdColumn(table) {
-  try {
-    const cols = db.prepare(`PRAGMA table_info(${table})`).all();
-    if (cols.length === 0) return;
-    if (!cols.some(c => c.name === 'user_id')) {
-      db.exec(`ALTER TABLE ${table} ADD COLUMN user_id INTEGER NOT NULL DEFAULT 1`);
-      console.log(`[migration] added user_id to ${table}`);
-    }
-  } catch (e) { console.warn(`[migration] ${table}:`, e.message); }
-}
-['media', 'alarm_log', 'shares', 'audit_log'].forEach(ensureUserIdColumn);
-
-// 3) Índices em user_id rodam DEPOIS do ALTER TABLE (senão "no such column")
-try {
-  db.exec(`
-    CREATE INDEX IF NOT EXISTS idx_media_user ON media(user_id);
-    CREATE INDEX IF NOT EXISTS idx_shares_user ON shares(user_id);
-  `);
-} catch (e) { console.warn('[migration] user_id indexes:', e.message); }
-
-// Garante user default (id=1, Karlão) — donos de dados pré-multi-tenant
-function ensureDefaultUser() {
-  const existing = db.prepare('SELECT id FROM users WHERE id = 1').get();
-  if (existing) return;
-  // Senha temporária — Karlão troca via /api/auth/me PATCH ou via UI quando logar pela 1ª vez
-  // bcryptjs hash de 'ChangeMe2026!' com cost 10
-  const placeholderHash = '$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy'; // 'changeme'
-  const now = Date.now();
-  db.prepare(`INSERT INTO users (id, email, password_hash, name, created_at, updated_at) VALUES (1, ?, ?, ?, ?, ?)`)
-    .run('karlao@outlook.com', placeholderHash, 'Karlão (default)', now, now);
-  // Licença Captain (todas features) pro user default — gratuita pra sempre, é o dono do servidor
-  db.prepare(`INSERT INTO licenses (user_id, plan, status, started_at, expires_at, updated_at) VALUES (1, 'captain', 'active', ?, NULL, ?)`)
-    .run(now, now);
-  console.log('[migration] default user (id=1, karlao@outlook.com) created with captain plan');
-}
-ensureDefaultUser();
-
-// ===== Multi-tenant helpers (Users + Licenses) =====
-export function createUser(email, passwordHash, name) {
-  const now = Date.now();
-  const info = db.prepare('INSERT INTO users (email, password_hash, name, created_at, updated_at) VALUES (?, ?, ?, ?, ?)')
-    .run(email.toLowerCase().trim(), passwordHash, name || null, now, now);
-  // Toda conta nova começa free
-  db.prepare(`INSERT INTO licenses (user_id, plan, status, started_at, expires_at, updated_at) VALUES (?, 'free', 'active', ?, NULL, ?)`)
-    .run(info.lastInsertRowid, now, now);
-  return info.lastInsertRowid;
-}
-export function findUserByEmail(email) {
-  return db.prepare('SELECT * FROM users WHERE email = ?').get(email.toLowerCase().trim());
-}
-export function findUserById(id) {
-  return db.prepare('SELECT id, email, name, created_at, last_login FROM users WHERE id = ?').get(id);
-}
-export function updateLastLogin(id) {
-  db.prepare('UPDATE users SET last_login = ?, updated_at = ? WHERE id = ?').run(Date.now(), Date.now(), id);
-}
-export function getActiveLicense(userId) {
-  // Pega licença mais recente ativa (se expires_at NULL ou no futuro)
-  const now = Date.now();
-  return db.prepare(`SELECT * FROM licenses WHERE user_id = ? AND status = 'active' AND (expires_at IS NULL OR expires_at > ?) ORDER BY started_at DESC LIMIT 1`).get(userId, now);
-}
-export function setLicense(userId, plan, expiresAt, asaasSubId) {
-  const now = Date.now();
-  // Desativa licenças anteriores
-  db.prepare(`UPDATE licenses SET status = 'replaced', updated_at = ? WHERE user_id = ? AND status = 'active'`).run(now, userId);
-  db.prepare(`INSERT INTO licenses (user_id, plan, status, started_at, expires_at, asaas_subscription_id, updated_at) VALUES (?, ?, 'active', ?, ?, ?, ?)`)
-    .run(userId, plan, now, expiresAt || null, asaasSubId || null, now);
-}
-
-// ---- State (per-user JSON blob) ----
-export function getState(userId) {
-  const row = db.prepare('SELECT data, updated_at FROM state WHERE user_id = ?').get(userId);
+// ---- State (whole app data as a single JSON blob) ----
+export function getState() {
+  const row = db.prepare('SELECT data, updated_at FROM state WHERE id = 1').get();
   if (!row) return { data: null, updated_at: 0 };
   return { data: JSON.parse(row.data), updated_at: row.updated_at };
 }
 
-export function setState(userId, data) {
+export function setState(data) {
   const json = JSON.stringify(data);
   const now = Date.now();
   db.prepare(`
-    INSERT INTO state (user_id, data, updated_at) VALUES (?, ?, ?)
-    ON CONFLICT(user_id) DO UPDATE SET data = excluded.data, updated_at = excluded.updated_at
-  `).run(userId, json, now);
+    INSERT INTO state (id, data, updated_at) VALUES (1, ?, ?)
+    ON CONFLICT(id) DO UPDATE SET data = excluded.data, updated_at = excluded.updated_at
+  `).run(json, now);
   return now;
 }
 
-// ---- Media metadata (per-user) ----
-export function insertMedia(userId, m) {
+// ---- Media metadata ----
+export function insertMedia(m) {
   db.prepare(`
-    INSERT INTO media (id, user_id, parent_id, parent_type, kind, mime, size, filename, created_at)
-    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
-  `).run(m.id, userId, m.parent_id || null, m.parent_type || null, m.kind, m.mime, m.size, m.filename, m.created_at || Date.now());
+    INSERT INTO media (id, parent_id, parent_type, kind, mime, size, filename, created_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+  `).run(m.id, m.parent_id || null, m.parent_type || null, m.kind, m.mime, m.size, m.filename, m.created_at || Date.now());
 }
-export function listMedia(userId) {
-  return db.prepare('SELECT * FROM media WHERE user_id = ? ORDER BY created_at DESC').all(userId);
+export function listMedia() {
+  return db.prepare('SELECT * FROM media ORDER BY created_at DESC').all();
 }
-export function getMedia(userId, id) {
-  return db.prepare('SELECT * FROM media WHERE user_id = ? AND id = ?').get(userId, id);
+export function getMedia(id) {
+  return db.prepare('SELECT * FROM media WHERE id = ?').get(id);
 }
-export function deleteMedia(userId, id) {
-  return db.prepare('DELETE FROM media WHERE user_id = ? AND id = ?').run(userId, id);
+export function deleteMedia(id) {
+  return db.prepare('DELETE FROM media WHERE id = ?').run(id);
 }
 
-// ---- Anchor session (per-user) ----
-export function getAnchor(userId) {
-  return db.prepare('SELECT * FROM anchor_session WHERE user_id = ?').get(userId);
+// ---- Anchor session ----
+export function getAnchor() {
+  return db.prepare('SELECT * FROM anchor_session WHERE id = 1').get();
 }
-export function setAnchor(userId, a) {
-  const cur = getAnchor(userId);
+export function setAnchor(a) {
+  const cur = getAnchor();
   if (cur) {
-    db.prepare(`UPDATE anchor_session SET active=?, boat_name=?, anchor_lat=?, anchor_lng=?, radius=?, started_at=?, last_heartbeat=?, last_lat=?, last_lng=?, last_distance=?, alarm_fired=? WHERE user_id=?`)
-      .run(a.active ? 1 : 0, a.boat_name, a.anchor_lat, a.anchor_lng, a.radius, a.started_at, a.last_heartbeat, a.last_lat, a.last_lng, a.last_distance, a.alarm_fired ? 1 : 0, userId);
+    db.prepare(`UPDATE anchor_session SET active=?, boat_name=?, anchor_lat=?, anchor_lng=?, radius=?, started_at=?, last_heartbeat=?, last_lat=?, last_lng=?, last_distance=?, alarm_fired=? WHERE id=1`)
+      .run(a.active ? 1 : 0, a.boat_name, a.anchor_lat, a.anchor_lng, a.radius, a.started_at, a.last_heartbeat, a.last_lat, a.last_lng, a.last_distance, a.alarm_fired ? 1 : 0);
   } else {
-    db.prepare(`INSERT INTO anchor_session (user_id, active, boat_name, anchor_lat, anchor_lng, radius, started_at, last_heartbeat, last_lat, last_lng, last_distance, alarm_fired) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`)
-      .run(userId, a.active ? 1 : 0, a.boat_name, a.anchor_lat, a.anchor_lng, a.radius, a.started_at, a.last_heartbeat, a.last_lat, a.last_lng, a.last_distance, a.alarm_fired ? 1 : 0);
+    db.prepare(`INSERT INTO anchor_session (id, active, boat_name, anchor_lat, anchor_lng, radius, started_at, last_heartbeat, last_lat, last_lng, last_distance, alarm_fired) VALUES (1, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`)
+      .run(a.active ? 1 : 0, a.boat_name, a.anchor_lat, a.anchor_lng, a.radius, a.started_at, a.last_heartbeat, a.last_lat, a.last_lng, a.last_distance, a.alarm_fired ? 1 : 0);
   }
 }
-export function clearAnchor(userId) {
-  db.prepare('UPDATE anchor_session SET active=0, alarm_fired=0 WHERE user_id=?').run(userId);
+export function clearAnchor() {
+  db.prepare('UPDATE anchor_session SET active=0, alarm_fired=0 WHERE id=1').run();
 }
-export function updateHeartbeat(userId, lat, lng, dist) {
-  db.prepare('UPDATE anchor_session SET last_heartbeat=?, last_lat=?, last_lng=?, last_distance=? WHERE user_id=?')
-    .run(Date.now(), lat, lng, dist, userId);
+export function updateHeartbeat(lat, lng, dist) {
+  db.prepare('UPDATE anchor_session SET last_heartbeat=?, last_lat=?, last_lng=?, last_distance=? WHERE id=1')
+    .run(Date.now(), lat, lng, dist);
 }
-export function setAlarmFired(userId, fired) {
-  db.prepare('UPDATE anchor_session SET alarm_fired=? WHERE user_id=?').run(fired ? 1 : 0, userId);
-}
-// Pra dead-man switch (busca todos anchor sessions ativos pra checar)
-export function listActiveAnchors() {
-  return db.prepare('SELECT * FROM anchor_session WHERE active = 1').all();
+export function setAlarmFired(fired) {
+  db.prepare('UPDATE anchor_session SET alarm_fired=? WHERE id=1').run(fired ? 1 : 0);
 }
 
-// ---- Alarm log (per-user) ----
-export function logAlarm(userId, type, payload, sent, failed) {
-  db.prepare('INSERT INTO alarm_log (user_id, ts, type, payload, sent, failed) VALUES (?, ?, ?, ?, ?, ?)')
-    .run(userId, Date.now(), type, JSON.stringify(payload || {}), JSON.stringify(sent || []), JSON.stringify(failed || []));
+// ---- Alarm log ----
+export function logAlarm(type, payload, sent, failed) {
+  db.prepare('INSERT INTO alarm_log (ts, type, payload, sent, failed) VALUES (?, ?, ?, ?, ?)')
+    .run(Date.now(), type, JSON.stringify(payload || {}), JSON.stringify(sent || []), JSON.stringify(failed || []));
 }
-export function recentAlarms(userId, limit = 50) {
-  return db.prepare('SELECT * FROM alarm_log WHERE user_id = ? ORDER BY ts DESC LIMIT ?').all(userId, limit);
+export function recentAlarms(limit = 50) {
+  return db.prepare('SELECT * FROM alarm_log ORDER BY ts DESC LIMIT ?').all(limit);
 }
 
-// ---- Shares (per-user) ----
-export function createShare(userId, token, boatName, expiresAt, zones) {
-  db.prepare('INSERT INTO shares (token, user_id, boat_name, created_at, expires_at, zones) VALUES (?, ?, ?, ?, ?, ?)')
-    .run(token, userId, boatName, Date.now(), expiresAt, zones ? JSON.stringify(zones) : null);
+// ---- Shares ----
+export function createShare(token, boatName, expiresAt, zones) {
+  db.prepare('INSERT INTO shares (token, boat_name, created_at, expires_at, zones) VALUES (?, ?, ?, ?, ?)')
+    .run(token, boatName, Date.now(), expiresAt, zones ? JSON.stringify(zones) : null);
 }
-export function updateShareZones(userId, token, zones) {
-  // Garante que share pertence ao user (não permite editar share alheio)
-  db.prepare('UPDATE shares SET zones = ? WHERE token = ? AND user_id = ?').run(zones ? JSON.stringify(zones) : null, token, userId);
+export function updateShareZones(token, zones) {
+  db.prepare('UPDATE shares SET zones = ? WHERE token = ?').run(zones ? JSON.stringify(zones) : null, token);
 }
 export function getShare(token) {
-  // Público — não filtra por user (qualquer um com o token vê)
   return db.prepare('SELECT * FROM shares WHERE token = ?').get(token);
 }
-export function listActiveShares(userId) {
+export function listActiveShares() {
   const now = Date.now();
-  return db.prepare('SELECT * FROM shares WHERE user_id = ? AND revoked = 0 AND expires_at > ? ORDER BY created_at DESC').all(userId, now);
+  return db.prepare('SELECT * FROM shares WHERE revoked = 0 AND expires_at > ? ORDER BY created_at DESC').all(now);
 }
-export function revokeShare(userId, token) {
-  return db.prepare('UPDATE shares SET revoked = 1 WHERE token = ? AND user_id = ?').run(token, userId);
+export function revokeShare(token) {
+  return db.prepare('UPDATE shares SET revoked = 1 WHERE token = ?').run(token);
 }
 export function addSharePosition(token, lat, lng, speed) {
   db.prepare('INSERT INTO share_positions (token, lat, lng, speed, ts) VALUES (?, ?, ?, ?, ?)')
     .run(token, lat, lng, speed || 0, Date.now());
+  // mantém apenas últimas 500 posições por share
   db.prepare(`DELETE FROM share_positions WHERE token = ? AND id NOT IN (SELECT id FROM share_positions WHERE token = ? ORDER BY ts DESC LIMIT 500)`).run(token, token);
 }
 export function getSharePositions(token, limit = 500) {
@@ -381,48 +200,13 @@ export function cleanupExpiredShares() {
   return toDelete.length;
 }
 
-// ---- Payments (Asaas) ----
-export function createPayment(p) {
-  const now = Date.now();
-  const info = db.prepare(`INSERT INTO payments (user_id, asaas_payment_id, asaas_customer_id, plan, cycle, value, billing_type, status, invoice_url, due_date, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`)
-    .run(p.user_id, p.asaas_payment_id || null, p.asaas_customer_id || null, p.plan, p.cycle, p.value, p.billing_type, p.status || 'PENDING', p.invoice_url || null, p.due_date, now, now);
-  return info.lastInsertRowid;
+// ---- Audit log (ações sensíveis: who/what/when para investigação de incidentes) ----
+export function audit(action, entity, entityId, summary, ip) {
+  db.prepare('INSERT INTO audit_log (ts, action, entity, entity_id, summary, ip) VALUES (?, ?, ?, ?, ?, ?)')
+    .run(Date.now(), action, entity || null, entityId || null, summary ? JSON.stringify(summary) : null, ip || null);
 }
-export function findPaymentByAsaasId(asaasId) {
-  return db.prepare('SELECT * FROM payments WHERE asaas_payment_id = ?').get(asaasId);
-}
-export function updatePaymentStatus(asaasId, status, paidAt) {
-  db.prepare('UPDATE payments SET status = ?, paid_at = ?, updated_at = ? WHERE asaas_payment_id = ?')
-    .run(status, paidAt || null, Date.now(), asaasId);
-}
-export function listUserPayments(userId, limit = 50) {
-  return db.prepare('SELECT * FROM payments WHERE user_id = ? ORDER BY created_at DESC LIMIT ?').all(userId, limit);
-}
-export function setUserAsaasCustomerId(userId, customerId) {
-  // Cache de mapeamento user → asaas customer pra reaproveitar em pagamentos futuros
-  // Guardado no campo do user (vou adicionar coluna se não existir)
-  try {
-    const cols = db.prepare("PRAGMA table_info(users)").all();
-    if (!cols.some(c => c.name === 'asaas_customer_id')) {
-      db.exec('ALTER TABLE users ADD COLUMN asaas_customer_id TEXT');
-    }
-    db.prepare('UPDATE users SET asaas_customer_id = ? WHERE id = ?').run(customerId, userId);
-  } catch (e) { console.warn('[db] setAsaasCustomerId:', e.message); }
-}
-export function getUserAsaasCustomerId(userId) {
-  try {
-    const row = db.prepare('SELECT asaas_customer_id FROM users WHERE id = ?').get(userId);
-    return row?.asaas_customer_id || null;
-  } catch { return null; }
-}
-
-// ---- Audit log (per-user) ----
-export function audit(userId, action, entity, entityId, summary, ip) {
-  db.prepare('INSERT INTO audit_log (user_id, ts, action, entity, entity_id, summary, ip) VALUES (?, ?, ?, ?, ?, ?, ?)')
-    .run(userId, Date.now(), action, entity || null, entityId || null, summary ? JSON.stringify(summary) : null, ip || null);
-}
-export function recentAudit(userId, limit = 100) {
-  return db.prepare('SELECT * FROM audit_log WHERE user_id = ? ORDER BY ts DESC LIMIT ?').all(userId, limit);
+export function recentAudit(limit = 100) {
+  return db.prepare('SELECT * FROM audit_log ORDER BY ts DESC LIMIT ?').all(limit);
 }
 
 export const dataDir = DATA_DIR;

server/src/index.js

@@ -6,9 +6,7 @@ import fs from 'node:fs';
 import { fileURLToPath } from 'node:url';
 import * as db from './db.js';
 import { dispatchAlarm, dispatchTest, listConfiguredChannels } from './notifications.js';
-import { validate, setStateSchema, updateZonesSchema, signupSchema, loginSchema, checkoutSchema } from './schemas/index.js';
-import { hashPassword, verifyPassword, signAccessToken, signRefreshToken, verifyToken, PLANS, planFeatures } from './auth.js';
-import * as billing from './billing.js';
+import { validate, setStateSchema, updateZonesSchema } from './schemas/index.js';
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const PORT = parseInt(process.env.PORT || '3000');
@@ -46,209 +44,17 @@ const publicShareLimiter = rateLimit({
   message: { error: 'Too many requests, slow down.' },
 });
 
-// Auth middleware: aceita JWT (multi-tenant) OU BOAT_TOKEN legado (mapeia ao user 1)
+// Auth middleware
 function requireAuth(req, res, next) {
   const auth = req.headers.authorization || '';
   const token = auth.startsWith('Bearer ') ? auth.slice(7) : '';
-  if (!token) return res.status(401).json({ error: 'Missing token' });
-
-  // Fallback BOAT_TOKEN: backwards-compat com app legado do dono (Karlão), mapeia pro user default id=1
-  if (token === TOKEN) {
-    req.user = { id: 1, email: 'karlao@outlook.com', viaBoatToken: true };
-    return next();
-  }
-
-  // JWT
-  const payload = verifyToken(token);
-  if (!payload || payload.type !== 'access' || !payload.uid) {
-    return res.status(401).json({ error: 'Invalid token' });
-  }
-  // Carrega user fresh do DB pra confirmar que ainda existe
-  const user = db.findUserById(payload.uid);
-  if (!user) return res.status(401).json({ error: 'User not found' });
-  req.user = user;
+  if (token !== TOKEN) return res.status(401).json({ error: 'Unauthorized' });
   next();
 }
 
 // ==== Public endpoints ====
 app.get('/api/health', (req, res) => res.json({ ok: true, ts: Date.now() }));
 
-// ===== Auth endpoints (multi-tenant SaaS) =====
-app.post('/api/auth/signup', validate(signupSchema), async (req, res) => {
-  const { email, password, name } = req.body;
-  if (db.findUserByEmail(email)) return res.status(409).json({ error: 'Email já cadastrado' });
-  try {
-    const hash = await hashPassword(password);
-    const id = db.createUser(email, hash, name);
-    db.audit(id, 'user_signup', 'user', String(id), { email }, req.ip);
-    const user = db.findUserById(id);
-    db.updateLastLogin(id);
-    res.json({
-      user,
-      accessToken: signAccessToken(user),
-      refreshToken: signRefreshToken(user),
-    });
-  } catch (e) {
-    res.status(400).json({ error: e.message });
-  }
-});
-
-app.post('/api/auth/login', validate(loginSchema), async (req, res) => {
-  const { email, password } = req.body;
-  const user = db.findUserByEmail(email);
-  if (!user) return res.status(401).json({ error: 'Credenciais inválidas' });
-  const ok = await verifyPassword(password, user.password_hash);
-  if (!ok) return res.status(401).json({ error: 'Credenciais inválidas' });
-  db.updateLastLogin(user.id);
-  db.audit(user.id, 'user_login', 'user', String(user.id), {}, req.ip);
-  const safe = db.findUserById(user.id);
-  res.json({
-    user: safe,
-    accessToken: signAccessToken(safe),
-    refreshToken: signRefreshToken(safe),
-  });
-});
-
-app.post('/api/auth/refresh', (req, res) => {
-  const { refreshToken } = req.body || {};
-  if (!refreshToken) return res.status(400).json({ error: 'refreshToken required' });
-  const payload = verifyToken(refreshToken);
-  if (!payload || payload.type !== 'refresh') return res.status(401).json({ error: 'Invalid refresh' });
-  const user = db.findUserById(payload.uid);
-  if (!user) return res.status(401).json({ error: 'User not found' });
-  res.json({ accessToken: signAccessToken(user) });
-});
-
-app.get('/api/auth/me', requireAuth, (req, res) => {
-  res.json(req.user);
-});
-
-// Plans + license info
-app.get('/api/license', requireAuth, (req, res) => {
-  const lic = db.getActiveLicense(req.user.id) || { plan: 'free', status: 'active', expires_at: null };
-  res.json({
-    plan: lic.plan,
-    status: lic.status,
-    expires_at: lic.expires_at,
-    features: planFeatures(lic.plan),
-    plans: PLANS,
-    billingEnabled: billing.isAsaasConfigured(),
-  });
-});
-
-// ===== Billing endpoints (Asaas) =====
-app.get('/api/billing/status', (req, res) => {
-  res.json({ configured: billing.isAsaasConfigured() });
-});
-
-app.post('/api/billing/checkout', requireAuth, validate(checkoutSchema), async (req, res) => {
-  if (!billing.isAsaasConfigured()) return res.status(503).json({ error: 'Billing não configurado no servidor (ASAAS_API_KEY ausente)' });
-  if (req.user.viaBoatToken) return res.status(403).json({ error: 'Use uma conta com login (não BOAT_TOKEN) pra fazer upgrade' });
-
-  const { plan, cycle, billingType } = req.body;
-  try {
-    const value = billing.priceFor(plan, cycle);
-    let customerId = db.getUserAsaasCustomerId(req.user.id);
-    if (!customerId) {
-      customerId = await billing.getOrCreateCustomer(req.user);
-      db.setUserAsaasCustomerId(req.user.id, customerId);
-    }
-    const payment = await billing.createPayment({
-      customerId, plan, cycle, value, billingType,
-      description: `Shivao ${PLANS[plan].name} (${cycle === 'monthly' ? 'mensal' : 'anual'})`,
-    });
-    db.createPayment({
-      user_id: req.user.id,
-      asaas_payment_id: payment.id,
-      asaas_customer_id: customerId,
-      plan, cycle, value, billing_type: billingType,
-      status: payment.status,
-      invoice_url: payment.invoiceUrl,
-      due_date: new Date(payment.dueDate).getTime(),
-    });
-    db.audit(req.user.id, 'checkout_created', 'payment', payment.id, { plan, cycle, value, billingType }, req.ip);
-
-    // Pra PIX, busca QR code
-    let pix = null;
-    if (billingType === 'PIX') {
-      try { pix = await billing.getPixQrCode(payment.id); } catch (e) { console.warn('[pix qrcode]', e.message); }
-    }
-    res.json({
-      paymentId: payment.id,
-      invoiceUrl: payment.invoiceUrl,
-      bankSlipUrl: payment.bankSlipUrl,
-      status: payment.status,
-      value: payment.value,
-      dueDate: payment.dueDate,
-      pix: pix ? { qrCode: pix.encodedImage, payload: pix.payload, expiresAt: pix.expirationDate } : null,
-    });
-  } catch (e) {
-    console.error('[checkout]', e);
-    res.status(500).json({ error: e.message });
-  }
-});
-
-app.get('/api/billing/payment/:id', requireAuth, async (req, res) => {
-  const local = db.findPaymentByAsaasId(req.params.id);
-  if (!local || local.user_id !== req.user.id) return res.status(404).json({ error: 'not found' });
-  // Reconcilia com Asaas se ainda PENDING (pra caso webhook ter falhado)
-  if (local.status === 'PENDING' && billing.isAsaasConfigured()) {
-    try {
-      const fresh = await billing.getPaymentStatus(req.params.id);
-      if (fresh.status !== local.status) {
-        db.updatePaymentStatus(req.params.id, fresh.status, billing.isPaidStatus(fresh.status) ? Date.now() : null);
-        if (billing.isPaidStatus(fresh.status)) {
-          db.setLicense(local.user_id, local.plan, billing.computeExpiresAt(local.cycle), local.asaas_payment_id);
-          db.audit(local.user_id, 'license_activated', 'payment', req.params.id, { plan: local.plan, cycle: local.cycle, source: 'reconcile' }, req.ip);
-        }
-      }
-      return res.json({ ...local, status: fresh.status });
-    } catch (e) { /* fallthrough returns cached */ }
-  }
-  res.json(local);
-});
-
-app.get('/api/billing/payments', requireAuth, (req, res) => {
-  res.json(db.listUserPayments(req.user.id));
-});
-
-// Webhook Asaas: chama isso quando status muda. Precisa ser configurado no painel Asaas → Integrações
-// URL: https://shivao.pontualtech.work/api/billing/asaas-webhook
-// Header asaas-access-token: ASAAS_WEBHOOK_TOKEN (defina o mesmo no Coolify env)
-app.post('/api/billing/asaas-webhook', (req, res) => {
-  const headerToken = req.headers['asaas-access-token'];
-  if (!billing.verifyWebhookToken(headerToken)) {
-    console.warn('[asaas-webhook] invalid token');
-    return res.status(401).json({ error: 'Invalid webhook token' });
-  }
-  const event = req.body;
-  if (!event || !event.event || !event.payment) {
-    return res.status(400).json({ error: 'Invalid payload' });
-  }
-  const p = event.payment;
-  const local = db.findPaymentByAsaasId(p.id);
-  if (!local) {
-    console.warn('[asaas-webhook] payment not found:', p.id);
-    // Aceitar 200 mesmo assim — Asaas não retentar
-    return res.json({ ok: true, ignored: true });
-  }
-  db.updatePaymentStatus(p.id, p.status, billing.isPaidStatus(p.status) ? Date.now() : null);
-  // Ativar licença se pago
-  if (billing.isPaidStatus(p.status)) {
-    db.setLicense(local.user_id, local.plan, billing.computeExpiresAt(local.cycle), p.id);
-    db.audit(local.user_id, 'license_activated', 'payment', p.id, { plan: local.plan, cycle: local.cycle, event: event.event }, req.ip);
-    console.log(`[asaas-webhook] license activated user=${local.user_id} plan=${local.plan}`);
-  } else if (billing.isFailedStatus(p.status)) {
-    // Pagamento estornado: revogar se a licença vinculada a esse payment
-    const lic = db.getActiveLicense(local.user_id);
-    if (lic && lic.asaas_subscription_id === p.id) {
-      db.setLicense(local.user_id, 'free', null, null);
-      db.audit(local.user_id, 'license_revoked', 'payment', p.id, { reason: p.status }, req.ip);
-    }
-  }
-  res.json({ ok: true });
-});
-
 // Digital Asset Links — verifica TWA do APK Android e remove a barra de URL do Chrome
 app.get('/.well-known/assetlinks.json', (req, res) => {
   res.json([{
@@ -263,180 +69,6 @@ app.get('/.well-known/assetlinks.json', (req, res) => {
   }]);
 });
 
-// Termos de Uso
-app.get('/termos', (req, res) => {
-  res.type('html').send(`<!DOCTYPE html><html lang="pt-BR"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Termos de Uso · Shivao</title><style>body{font-family:Georgia,serif;max-width:780px;margin:40px auto;padding:0 20px;color:#0e2a3d;background:#efe5cd;line-height:1.7}h1,h2{font-style:italic;color:#a07832}h1{border-bottom:2px solid #a07832;padding-bottom:8px}h2{margin-top:32px}.warn{background:#8c343422;border-left:4px solid #8c3434;padding:12px 16px;margin:20px 0}a{color:#3f7768}small{opacity:.7}</style></head><body>
-<h1>Termos de Uso — Shivao</h1>
-<p><small>Última atualização: 27 de abril de 2026 · Versão 1.0</small></p>
-
-<p>Ao usar o aplicativo <strong>Shivao</strong> (operado por <strong>PontualTech</strong>, CNPJ 32.772.178/0001-47), você concorda com estes termos. Leia com atenção.</p>
-
-<h2>1. Aceitação</h2>
-<p>O uso do app implica aceitação completa destes termos. Se não concorda, não use.</p>
-
-<h2>2. Cadastro e conta</h2>
-<ul>
-<li>Você precisa ter ≥18 anos OU autorização do responsável legal.</li>
-<li>Informações verdadeiras e atualizadas. Senha é responsabilidade sua.</li>
-<li>1 conta por usuário. Compartilhamento de credenciais é proibido.</li>
-<li>Podemos suspender contas com violação destes termos.</li>
-</ul>
-
-<h2>3. Planos, pagamentos e renovação</h2>
-<ul>
-<li><strong>Free:</strong> grátis, recursos limitados (vigia local + diário 10 últimas).</li>
-<li><strong>Pro/Captain:</strong> assinatura mensal ou anual via Asaas (PIX, cartão, boleto).</li>
-<li><strong>Renovação:</strong> ao fim do ciclo, você renova manualmente. Sem cobrança automática surpresa.</li>
-<li><strong>Reembolso:</strong> 7 dias de arrependimento (CDC art. 49) — devolução integral via mesmo método. Após 7 dias: pro-rata do tempo restante.</li>
-</ul>
-
-<h2>4. Uso permitido</h2>
-<ul>
-<li>Uso pessoal ou profissional náutico (lazer, trabalho, charters).</li>
-<li>1 usuário = 1 ou múltiplos barcos (no plano Captain).</li>
-<li>Compartilhamento público de posição é OK pra tripulação/familia (links temporários).</li>
-</ul>
-
-<h2>5. Uso PROIBIDO</h2>
-<ul>
-<li>❌ Engenharia reversa do app ou backend (exceto pra interoperar legalmente).</li>
-<li>❌ Revender o serviço como white-label sem licença comercial.</li>
-<li>❌ Atacar a infraestrutura (DDoS, brute-force, exploit).</li>
-<li>❌ Cadastrar bots ou contas falsas em massa.</li>
-<li>❌ Usar pra atividade ilegal (pesca em área proibida, navegação clandestina, etc).</li>
-</ul>
-
-<h2>6. Limitação de responsabilidade — IMPORTANTE</h2>
-<div class="warn"><strong>⚠️ AVISO CRÍTICO PARA NAVEGAÇÃO:</strong>
-<p>O Shivao é uma <strong>FERRAMENTA AUXILIAR</strong> de navegação e segurança. <strong>NÃO substitui</strong>:</p>
-<ul>
-<li>Equipamentos náuticos certificados (chartplotter, AIS, VHF, balsas).</li>
-<li>Cartas náuticas oficiais (Marinha do Brasil, NOAA).</li>
-<li>Atenção do skipper.</li>
-<li>Comunicação com a Capitania dos Portos.</li>
-</ul>
-<p>Não nos responsabilizamos por:</p>
-<ul>
-<li>Decisões tomadas com base no app (rota, fundeio, meteorologia).</li>
-<li>Falha de GPS, internet, sensores ou notificações.</li>
-<li>Danos materiais, pessoais ou ambientais decorrentes do uso.</li>
-<li>Perda de dados (faça backups regulares).</li>
-</ul>
-<p><strong>O comandante da embarcação é o único responsável pela segurança a bordo.</strong></p></div>
-
-<h2>7. Propriedade intelectual</h2>
-<ul>
-<li>Código, logo, nome "Shivao" pertencem à PontualTech.</li>
-<li>Seus dados (viagens, mídia) pertencem a VOCÊ — exporte quando quiser, exclua a qualquer momento.</li>
-<li>Bibliotecas open source: Leaflet (BSD-2), OpenStreetMap (ODbL), express-rate-limit (MIT), bcryptjs (MIT), jsonwebtoken (MIT).</li>
-</ul>
-
-<h2>8. Suspensão e cancelamento</h2>
-<ul>
-<li>Você pode cancelar a qualquer momento via app (Aba Conta → Sair → Excluir conta).</li>
-<li>Podemos suspender se houver violação destes termos, com aviso por e-mail (exceto urgências de segurança).</li>
-<li>Após cancelamento: 30 dias pra reativar, depois exclusão permanente.</li>
-</ul>
-
-<h2>9. Mudanças nos termos</h2>
-<p>Notificaremos por e-mail mudanças materiais com 30 dias de antecedência. Versão atual em <a href="https://shivao.pontualtech.work/termos">shivao.pontualtech.work/termos</a>.</p>
-
-<h2>10. Lei aplicável e foro</h2>
-<p>Estes termos seguem a lei brasileira. Foro: comarca de São Paulo/SP. Disputas de consumo podem usar <a href="https://www.consumidor.gov.br">consumidor.gov.br</a> antes de judicializar.</p>
-
-<h2>11. Contato</h2>
-<p>Suporte: <a href="mailto:contato@pontualtech.com.br">contato@pontualtech.com.br</a><br>
-Privacidade/LGPD: <a href="mailto:dpo@pontualtech.com.br">dpo@pontualtech.com.br</a></p>
-
-<hr style="margin:40px 0;border:none;border-top:1px solid #a07832">
-<p style="text-align:center"><small>Shivao · Diário de Bordo · PontualTech · ${new Date().getFullYear()}</small></p>
-</body></html>`);
-});
-
-// Política de Privacidade (URL pública obrigatória pra Play Store + LGPD)
-app.get('/politica', (req, res) => {
-  res.type('html').send(`<!DOCTYPE html><html lang="pt-BR"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Política de Privacidade · Shivao</title><style>body{font-family:Georgia,serif;max-width:780px;margin:40px auto;padding:0 20px;color:#0e2a3d;background:#efe5cd;line-height:1.7}h1,h2{font-style:italic;color:#a07832}h1{border-bottom:2px solid #a07832;padding-bottom:8px}h2{margin-top:32px}code{background:#fff;padding:2px 6px;border-radius:3px;font-size:.9em}a{color:#3f7768}small{opacity:.7}</style></head><body>
-<h1>Política de Privacidade — Shivao</h1>
-<p><small>Última atualização: 27 de abril de 2026 · Versão 1.0</small></p>
-
-<p>O <strong>Shivao</strong> é um aplicativo de diário de bordo náutico operado por <strong>PontualTech</strong> (CNPJ 32.772.178/0001-47, São Paulo/SP, Brasil). Esta política descreve como coletamos, usamos e protegemos seus dados pessoais, em conformidade com a <strong>LGPD (Lei 13.709/2018)</strong> e o <strong>GDPR (Regulamento UE 2016/679)</strong>.</p>
-
-<h2>1. Quais dados coletamos</h2>
-<ul>
-<li><strong>Conta:</strong> e-mail, senha (hash bcrypt), nome opcional.</li>
-<li><strong>Dados de bordo:</strong> registros de viagens, manutenções, fotos/áudios/vídeos que VOCÊ adicionar, posições GPS quando você ativa rastreio ou vigia.</li>
-<li><strong>Pagamentos:</strong> processados pela Asaas (parceiro PCI-DSS). Não armazenamos número de cartão.</li>
-<li><strong>Logs técnicos:</strong> IP, timestamps, ações sensíveis (criar/revogar share, sync de estado) — guardados por 90 dias para auditoria de segurança.</li>
-</ul>
-
-<h2>2. O que NÃO coletamos</h2>
-<ul>
-<li>❌ Analytics de comportamento (Google Analytics, Facebook Pixel, etc).</li>
-<li>❌ Tracking entre apps/sites.</li>
-<li>❌ Anúncios de terceiros.</li>
-<li>❌ Compartilhamento com brokers de dados.</li>
-</ul>
-
-<h2>3. Para que usamos seus dados</h2>
-<ul>
-<li>Operar o serviço (sync, vigia de fundeio, alarme remoto).</li>
-<li>Processar pagamentos (apenas Asaas).</li>
-<li>Enviar e-mails operacionais (recuperação de senha, confirmação de pagamento, alerta de fundeio).</li>
-<li>Cumprir obrigações legais (notas fiscais, intimações judiciais quando aplicável).</li>
-</ul>
-
-<h2>4. Onde seus dados ficam</h2>
-<p>Servidores próprios em data center na Alemanha (Hetzner Online GmbH, certificado ISO 27001), gerenciados pela PontualTech. Backups criptografados.</p>
-
-<h2>5. Permissões do app Android</h2>
-<ul>
-<li><strong>Localização (incluindo background):</strong> imprescindível pra GPS de viagens, vigia de fundeio com alarme de drift e compartilhamento ao vivo.</li>
-<li><strong>Câmera/Microfone/Galeria:</strong> apenas quando você anexar mídia a um registro.</li>
-<li><strong>Notificações:</strong> alarme local de fundeio (toca som + vibra mesmo com tela apagada).</li>
-<li><strong>Sensores (bússola, barômetro):</strong> usados localmente no celular, não transmitidos.</li>
-</ul>
-
-<h2>6. Compartilhamento de posição ao vivo</h2>
-<p>Quando você cria um link público de compartilhamento, qualquer pessoa com o link vê a posição do barco em tempo real. Você controla a duração e pode revogar a qualquer momento. Os links usam tokens randômicos de 96 bits (impossíveis de adivinhar).</p>
-
-<h2>7. Seus direitos (LGPD/GDPR)</h2>
-<p>Você pode, a qualquer momento, solicitar:</p>
-<ul>
-<li>Acesso aos seus dados (exportar tudo via app).</li>
-<li>Correção de dados incorretos.</li>
-<li>Exclusão da conta e todos os dados (delete em até 30 dias).</li>
-<li>Portabilidade (exportar GPX/CSV/JSON).</li>
-<li>Revogar consentimento (cancelar assinatura).</li>
-</ul>
-<p>Solicitações por <a href="mailto:dpo@pontualtech.com.br">dpo@pontualtech.com.br</a>.</p>
-
-<h2>8. Retenção de dados</h2>
-<ul>
-<li>Conta ativa: enquanto você usar.</li>
-<li>Conta cancelada: 30 dias (período de arrependimento), depois exclusão permanente.</li>
-<li>Logs de auditoria: 90 dias.</li>
-<li>Notas fiscais: 5 anos (exigência legal).</li>
-</ul>
-
-<h2>9. Cookies</h2>
-<p>O app usa apenas <code>localStorage</code> e <code>IndexedDB</code> locais (não são cookies HTTP). Sem cookies de tracking de terceiros.</p>
-
-<h2>10. Crianças</h2>
-<p>O Shivao não é destinado a menores de 13 anos. Não coletamos dados de menores intencionalmente.</p>
-
-<h2>11. Mudanças nesta política</h2>
-<p>Notificaremos por e-mail mudanças materiais com 30 dias de antecedência. Versão atual e histórico em <a href="https://shivao.pontualtech.work/politica">shivao.pontualtech.work/politica</a>.</p>
-
-<h2>12. Contato e DPO</h2>
-<p><strong>Encarregado de Dados (DPO):</strong> Karlão · <a href="mailto:dpo@pontualtech.com.br">dpo@pontualtech.com.br</a></p>
-<p><strong>Suporte:</strong> <a href="mailto:contato@pontualtech.com.br">contato@pontualtech.com.br</a></p>
-<p><strong>ANPD (autoridade brasileira):</strong> <a href="https://www.gov.br/anpd">gov.br/anpd</a></p>
-
-<hr style="margin:40px 0;border:none;border-top:1px solid #a07832">
-<p style="text-align:center"><small>Shivao · Diário de Bordo · PontualTech · ${new Date().getFullYear()}</small></p>
-</body></html>`);
-});
-
 // PWA manifest (necessário pra "Add to Home Screen" + APK via PWABuilder)
 app.get('/manifest.json', (req, res) => {
   res.json({
@@ -472,16 +104,16 @@ app.get('/api/info', requireAuth, (req, res) => {
   });
 });
 
-// --- State sync (whole JSON blob, per-user) ---
+// --- State sync (whole JSON blob) ---
 app.get('/api/data', requireAuth, (req, res) => {
-  const s = db.getState(req.user.id);
+  const s = db.getState();
   res.json(s);
 });
 
 app.post('/api/data', requireAuth, validate(setStateSchema), (req, res) => {
   const { data } = req.body;
-  const ts = db.setState(req.user.id, data);
-  db.audit(req.user.id, 'state_set', 'state', null, { bytes: JSON.stringify(data).length }, req.ip);
+  const ts = db.setState(data);
+  db.audit('state_set', 'state', null, { bytes: JSON.stringify(data).length }, req.ip);
   res.json({ ok: true, updated_at: ts });
 });
 
@@ -512,28 +144,28 @@ app.post('/api/media', requireAuth, upload.single('file'), (req, res) => {
     filename: req.file.filename,
     created_at: parseInt(req.body.created_at) || Date.now()
   };
-  // remove existing if any (overwrite — escopo do user)
-  const ex = db.getMedia(req.user.id, id);
+  // remove existing if any (overwrite)
+  const ex = db.getMedia(id);
   if (ex && ex.filename !== meta.filename) {
     try { fs.unlinkSync(path.join(mediaDir, ex.filename)); } catch (e) {}
-    db.deleteMedia(req.user.id, id);
+    db.deleteMedia(id);
   } else if (ex) {
-    db.deleteMedia(req.user.id, id);
+    db.deleteMedia(id);
   }
-  db.insertMedia(req.user.id, meta);
-  db.audit(req.user.id, 'media_insert', 'media', id, { kind: meta.kind, mime: meta.mime, size: meta.size }, req.ip);
+  db.insertMedia(meta);
+  db.audit('media_insert', 'media', id, { kind: meta.kind, mime: meta.mime, size: meta.size }, req.ip);
   res.json({ ok: true, id, url: `/api/media/${id}` });
 });
 
 app.get('/api/media/list', requireAuth, (req, res) => {
-  res.json(db.listMedia(req.user.id).map(m => ({
+  res.json(db.listMedia().map(m => ({
     id: m.id, parent_id: m.parent_id, parent_type: m.parent_type,
     kind: m.kind, mime: m.mime, size: m.size, created_at: m.created_at
   })));
 });
 
 app.get('/api/media/:id', requireAuth, (req, res) => {
-  const m = db.getMedia(req.user.id, req.params.id);
+  const m = db.getMedia(req.params.id);
   if (!m) return res.status(404).json({ error: 'not found' });
   const filepath = path.join(mediaDir, m.filename);
   if (!fs.existsSync(filepath)) return res.status(404).json({ error: 'file missing' });
@@ -543,11 +175,11 @@ app.get('/api/media/:id', requireAuth, (req, res) => {
 });
 
 app.delete('/api/media/:id', requireAuth, (req, res) => {
-  const m = db.getMedia(req.user.id, req.params.id);
+  const m = db.getMedia(req.params.id);
   if (!m) return res.status(404).json({ error: 'not found' });
   try { fs.unlinkSync(path.join(mediaDir, m.filename)); } catch (e) {}
-  db.deleteMedia(req.user.id, req.params.id);
-  db.audit(req.user.id, 'media_delete', 'media', req.params.id, { kind: m.kind, size: m.size }, req.ip);
+  db.deleteMedia(req.params.id);
+  db.audit('media_delete', 'media', req.params.id, { kind: m.kind, size: m.size }, req.ip);
   res.json({ ok: true });
 });
 
@@ -556,7 +188,7 @@ app.post('/api/anchor/start', requireAuth, (req, res) => {
   const { boat_name, anchor_lat, anchor_lng, radius } = req.body;
   if (typeof anchor_lat !== 'number' || typeof anchor_lng !== 'number')
     return res.status(400).json({ error: 'lat/lng required' });
-  db.setAnchor(req.user.id, {
+  db.setAnchor({
     active: true,
     boat_name: boat_name || 'Veleiro',
     anchor_lat, anchor_lng,
@@ -573,13 +205,13 @@ app.post('/api/anchor/start', requireAuth, (req, res) => {
 
 app.post('/api/anchor/heartbeat', requireAuth, (req, res) => {
   const { lat, lng, distance } = req.body;
-  db.updateHeartbeat(req.user.id, lat, lng, distance || 0);
-  const a = db.getAnchor(req.user.id);
+  db.updateHeartbeat(lat, lng, distance || 0);
+  const a = db.getAnchor();
   res.json({ ok: true, active: !!a?.active });
 });
 
 app.post('/api/anchor/alarm', requireAuth, async (req, res) => {
-  const a = db.getAnchor(req.user.id);
+  const a = db.getAnchor();
   const payload = {
     boat: req.body.boat_name || a?.boat_name || 'Veleiro',
     lat: req.body.lat ?? a?.last_lat,
@@ -589,36 +221,36 @@ app.post('/api/anchor/alarm', requireAuth, async (req, res) => {
     reason: req.body.reason || 'drift',
     ts: Date.now()
   };
-  db.setAlarmFired(req.user.id, true);
+  db.setAlarmFired(true);
   const result = await dispatchAlarm(payload);
-  db.logAlarm(req.user.id, 'drift', payload, result.sent, result.failed);
+  db.logAlarm('drift', payload, result.sent, result.failed);
   res.json(result);
 });
 
 app.post('/api/anchor/stop', requireAuth, (req, res) => {
-  db.clearAnchor(req.user.id);
+  db.clearAnchor();
   res.json({ ok: true });
 });
 
 app.get('/api/anchor/status', requireAuth, (req, res) => {
-  res.json(db.getAnchor(req.user.id) || { active: 0 });
+  res.json(db.getAnchor() || { active: 0 });
 });
 
 // --- Test endpoint ---
 app.post('/api/test', requireAuth, async (req, res) => {
   const result = await dispatchTest();
-  db.logAlarm(req.user.id, 'test', {}, result.sent, result.failed);
+  db.logAlarm('test', {}, result.sent, result.failed);
   res.json(result);
 });
 
 app.get('/api/alarms', requireAuth, (req, res) => {
-  res.json(db.recentAlarms(req.user.id, 50));
+  res.json(db.recentAlarms(50));
 });
 
-// Auditoria (consulta autenticada — quem fez o quê e quando nos endpoints sensíveis do user)
+// Auditoria (consulta autenticada — quem fez o quê e quando nos endpoints sensíveis)
 app.get('/api/audit', requireAuth, (req, res) => {
   const limit = Math.min(parseInt(req.query.limit) || 100, 500);
-  res.json(db.recentAudit(req.user.id, limit));
+  res.json(db.recentAudit(limit));
 });
 
 // ==== LIVE SHARE ====
@@ -630,8 +262,8 @@ app.post('/api/share/create', requireAuth, (req, res) => {
     return res.status(400).json({ error: 'invalid duration' });
   const token = crypto.randomBytes(12).toString('base64url');
   const expiresAt = Date.now() + durationMinutes * 60 * 1000;
-  db.createShare(req.user.id, token, boatName || 'Shivao', expiresAt, zones);
-  db.audit(req.user.id, 'share_create', 'share', token, { boatName: boatName || 'Shivao', expiresAt, zonesCount: Array.isArray(zones) ? zones.length : 0 }, req.ip);
+  db.createShare(token, boatName || 'Shivao', expiresAt, zones);
+  db.audit('share_create', 'share', token, { boatName: boatName || 'Shivao', expiresAt, zonesCount: Array.isArray(zones) ? zones.length : 0 }, req.ip);
   const proto = req.headers['x-forwarded-proto'] || req.protocol;
   const host = req.headers['x-forwarded-host'] || req.headers.host;
   const url = `${proto}://${host}/share/${token}`;
@@ -639,21 +271,21 @@ app.post('/api/share/create', requireAuth, (req, res) => {
 });
 
 app.get('/api/share/list', requireAuth, (req, res) => {
-  res.json(db.listActiveShares(req.user.id).map(s => ({
+  res.json(db.listActiveShares().map(s => ({
     token: s.token, boatName: s.boat_name, expiresAt: s.expires_at, createdAt: s.created_at
   })));
 });
 
 app.delete('/api/share/:token', requireAuth, (req, res) => {
-  db.revokeShare(req.user.id, req.params.token);
-  db.audit(req.user.id, 'share_revoke', 'share', req.params.token, {}, req.ip);
+  db.revokeShare(req.params.token);
+  db.audit('share_revoke', 'share', req.params.token, {}, req.ip);
   res.json({ ok: true });
 });
 
 app.post('/api/share/:token/zones', requireAuth, validate(updateZonesSchema), (req, res) => {
   const { zones } = req.body;
-  db.updateShareZones(req.user.id, req.params.token, zones);
-  db.audit(req.user.id, 'share_zones_update', 'share', req.params.token, { zonesCount: zones.length }, req.ip);
+  db.updateShareZones(req.params.token, zones);
+  db.audit('share_zones_update', 'share', req.params.token, { zonesCount: zones.length }, req.ip);
   res.json({ ok: true });
 });
 
@@ -661,8 +293,8 @@ app.post('/api/share/position', requireAuth, (req, res) => {
   const { lat, lng, speed, boatName } = req.body;
   if (typeof lat !== 'number' || typeof lng !== 'number')
     return res.status(400).json({ error: 'lat/lng required' });
-  // posta apenas para shares do user logado
-  const active = db.listActiveShares(req.user.id);
+  // posta para todos os shares ativos do barco
+  const active = db.listActiveShares();
   let posted = 0;
   for (const s of active) {
     if (boatName && s.boat_name && s.boat_name !== boatName) continue;
@@ -804,35 +436,29 @@ setInterval(() => {
   } catch (e) { console.warn(e); }
 }, 24 * 3600 * 1000);
 
-// ==== Dead-man switch background check (multi-user) ====
-const lastDeadmanFire = new Map(); // user_id -> ts
+// ==== Dead-man switch background check ====
+let lastDeadmanFire = 0;
 async function checkDeadman() {
+  const a = db.getAnchor();
+  if (!a || !a.active) return;
   const now = Date.now();
-  const sessions = db.listActiveAnchors();
-  for (const a of sessions) {
-    if (!a.active) continue;
-    const since = now - (a.last_heartbeat || a.started_at);
-    if (since < HEARTBEAT_TIMEOUT) continue;
-    const last = lastDeadmanFire.get(a.user_id) || 0;
-    if (now - last < HEARTBEAT_TIMEOUT) continue;
-    lastDeadmanFire.set(a.user_id, now);
-    console.log(`[deadman] user=${a.user_id} no heartbeat in ${Math.round(since/1000)}s — firing alarm`);
-    const payload = {
-      boat: a.boat_name || 'Veleiro',
-      lat: a.last_lat, lng: a.last_lng,
-      distance: a.last_distance,
-      radius: a.radius,
-      reason: 'heartbeat_lost',
-      ts: now,
-      minutes_lost: Math.round(since / 60000)
-    };
-    try {
-      const result = await dispatchAlarm(payload);
-      db.logAlarm(a.user_id, 'heartbeat_lost', payload, result.sent, result.failed);
-    } catch (e) {
-      console.warn(`[deadman] dispatch failed user=${a.user_id}:`, e.message);
-    }
-  }
+  const since = now - (a.last_heartbeat || a.started_at);
+  if (since < HEARTBEAT_TIMEOUT) return;
+  // already fired recently? avoid spam
+  if (now - lastDeadmanFire < HEARTBEAT_TIMEOUT) return;
+  lastDeadmanFire = now;
+  console.log(`[deadman] No heartbeat in ${Math.round(since/1000)}s — firing remote alarm`);
+  const payload = {
+    boat: a.boat_name || 'Veleiro',
+    lat: a.last_lat, lng: a.last_lng,
+    distance: a.last_distance,
+    radius: a.radius,
+    reason: 'heartbeat_lost',
+    ts: now,
+    minutes_lost: Math.round(since / 60000)
+  };
+  const result = await dispatchAlarm(payload);
+  db.logAlarm('heartbeat_lost', payload, result.sent, result.failed);
 }
 setInterval(checkDeadman, 30000); // check every 30s
 

server/src/schemas/index.js

@@ -30,25 +30,6 @@ export const updateZonesSchema = z.object({
   zones: z.array(zoneSchema).max(100),
 });
 
-// ===== Auth (signup + login) =====
-export const signupSchema = z.object({
-  email: z.string().email().max(200),
-  password: z.string().min(8).max(100),
-  name: z.string().max(100).optional(),
-});
-
-export const loginSchema = z.object({
-  email: z.string().email().max(200),
-  password: z.string().min(1).max(100),
-});
-
-// ===== Billing (checkout) =====
-export const checkoutSchema = z.object({
-  plan: z.enum(['pro', 'captain']),
-  cycle: z.enum(['monthly', 'yearly']),
-  billingType: z.enum(['PIX', 'CREDIT_CARD', 'BOLETO', 'UNDEFINED']).default('PIX'),
-});
-
 // ===== Middleware genérico =====
 // Uso: app.post('/x', requireAuth, validate(mySchema), handler)
 // Em caso de falha: 400 com até 5 issues do Zod (path + message).