feat(iot): controle Smart Life/Tuya — Casa do Barco v1.12.0

Servidor (proxy assinado):
- server/src/tuya.js: cliente Tuya OpenAPI com HMAC-SHA256 + token cache
  (2h TTL, retry 1x em token expirado), helpers categoryLabel
- 3 endpoints novos em server/src/index.js (todos requireAuth):
  * GET  /api/iot/devices              → lista devices da conta Smart Life
  * GET  /api/iot/status/:deviceId     → DPs (data points) atuais
  * POST /api/iot/command/:deviceId    → envia comandos {code,value}
- Audit log via db.audit('iot_command', ...) pra histórico de toggles
- 503 graceful quando TUYA_ACCESS_ID/SECRET ausentes

Client (UI):
- Card 🏠 Casa do Barco em Arquivo (após Bluetooth, antes Raymarine)
- Modal "Adicionar dispositivo" lista devices da conta Smart Life,
  permite escolher quais aparecem no Shivão (multi-select via toque)
- Cards por device com ícone por categoria (cz=tomada, dj=lâmpada,
  fs=ventilador, kt=ar-cond, sd=robô, etc.) + toggle ON/OFF + status
  online/offline + tempo desde último ping
- Toggle optimistic UI: marca novo estado imediato, reverte se falhar
- Polling 10s pra sync de status, pausa em background (economiza
  Starlink + bateria)
- Backoff: 3 falhas consec → marca offline, retry 30s
- state.smartDevices[] persistido no localStorage (mesmo padrão btDevices)

Setup (admin, 1x):
- Karlão precisa criar projeto em iot.tuya.com (5 min, gratuito) e
  adicionar TUYA_ACCESS_ID + TUYA_ACCESS_SECRET no env Coolify
- Documentação completa no .env.example com passo a passo
- Sem credenciais: card mostra "⚙ Tuya não configurado"

Bumps:
- APP_VERSION 1.11.0 → 1.12.0
- sw.js VERSION shivao-v1.11.0 → shivao-v1.12.0
- mobile/package.json + build.gradle (versionCode 32→33)
- LATEST_APK_URL atualizado pro release v1.12.0

Fix gitignore:
- .env.example em pastas nested (server/.env.example) estava bloqueado
  por **/.env.* — adicionado !**/.env.example pra liberar.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

.gitignore

@@ -15,6 +15,7 @@ server/data/
 !.env.example
 **/.env
 **/.env.*
+!**/.env.example
 
 # OS / IDE
 .DS_Store

mobile/android/app/build.gradle

@@ -7,8 +7,8 @@ android {
         applicationId "br.com.pontualtech.shivao"
         minSdkVersion rootProject.ext.minSdkVersion
         targetSdkVersion rootProject.ext.targetSdkVersion
-        versionCode 10
-        versionName "1.7.0"
+        versionCode 33
+        versionName "1.12.0"
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
         aaptOptions {
              // Files and dirs to omit from the packaged assets dir, modified to accommodate modern web apps.

mobile/android/app/capacitor.build.gradle

@@ -9,6 +9,7 @@ android {
 
 apply from: "../capacitor-cordova-android-plugins/cordova.variables.gradle"
 dependencies {
+    implementation project(':capacitor-community-bluetooth-le')
     implementation project(':capacitor-app')
     implementation project(':capacitor-geolocation')
     implementation project(':capacitor-local-notifications')

mobile/android/app/src/main/AndroidManifest.xml

@@ -51,4 +51,11 @@
     <uses-feature android:name="android.hardware.location.gps" android:required="false" />
     <uses-feature android:name="android.hardware.sensor.barometer" android:required="false" />
     <uses-feature android:name="android.hardware.sensor.compass" android:required="false" />
+
+    <!-- Bluetooth LE (BMS de bateria, fones, smart shunts) -->
+    <uses-permission android:name="android.permission.BLUETOOTH" android:maxSdkVersion="30" />
+    <uses-permission android:name="android.permission.BLUETOOTH_ADMIN" android:maxSdkVersion="30" />
+    <uses-permission android:name="android.permission.BLUETOOTH_SCAN" android:usesPermissionFlags="neverForLocation" />
+    <uses-permission android:name="android.permission.BLUETOOTH_CONNECT" />
+    <uses-feature android:name="android.hardware.bluetooth_le" android:required="false" />
 </manifest>

mobile/android/capacitor.settings.gradle

@@ -2,6 +2,9 @@
 include ':capacitor-android'
 project(':capacitor-android').projectDir = new File('../node_modules/@capacitor/android/capacitor')
 
+include ':capacitor-community-bluetooth-le'
+project(':capacitor-community-bluetooth-le').projectDir = new File('../node_modules/@capacitor-community/bluetooth-le/android')
+
 include ':capacitor-app'
 project(':capacitor-app').projectDir = new File('../node_modules/@capacitor/app/android')
 

mobile/package-lock.json

@@ -1,13 +1,14 @@
 {
   "name": "shivao-mobile",
-  "version": "1.2.0",
+  "version": "1.9.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "shivao-mobile",
-      "version": "1.2.0",
+      "version": "1.9.0",
       "dependencies": {
+        "@capacitor-community/bluetooth-le": "^6.1.0",
         "@capacitor/android": "^6.1.2",
         "@capacitor/app": "^6.0.1",
         "@capacitor/core": "^6.1.2",
@@ -21,6 +22,18 @@
         "@capacitor/cli": "^6.1.2"
       }
     },
+    "node_modules/@capacitor-community/bluetooth-le": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/@capacitor-community/bluetooth-le/-/bluetooth-le-6.1.0.tgz",
+      "integrity": "sha512-hnNChEwV+xNOVqDYI4bfkQtFtvEyzBMlgYs+6xsLYTJVl0v8h6Hn3nCwjW9l6LH0tMzYaRYlFLCiGHKPHt1N0Q==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/web-bluetooth": "^0.0.20"
+      },
+      "peerDependencies": {
+        "@capacitor/core": "^6.0.0"
+      }
+    },
     "node_modules/@capacitor/android": {
       "version": "6.2.1",
       "resolved": "https://registry.npmjs.org/@capacitor/android/-/android-6.2.1.tgz",
@@ -343,6 +356,12 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@types/web-bluetooth": {
+      "version": "0.0.20",
+      "resolved": "https://registry.npmjs.org/@types/web-bluetooth/-/web-bluetooth-0.0.20.tgz",
+      "integrity": "sha512-g9gZnnXVq7gM7v3tJCWV/qw7w+KeOlSHAhgF9RytFyifW6AF61hdT2ucrYhPq9hLs5JIryeupHV3qGk95dH9ow==",
+      "license": "MIT"
+    },
     "node_modules/@xmldom/xmldom": {
       "version": "0.9.10",
       "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.9.10.tgz",

mobile/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shivao-mobile",
-  "version": "1.7.0",
+  "version": "1.12.0",
   "description": "Shivao app nativo (Capacitor wrapper Android/iOS)",
   "main": "index.js",
   "type": "module",
@@ -12,6 +12,7 @@
     "ios:open": "npx cap open ios"
   },
   "dependencies": {
+    "@capacitor-community/bluetooth-le": "^6.1.0",
     "@capacitor/android": "^6.1.2",
     "@capacitor/app": "^6.0.1",
     "@capacitor/core": "^6.1.2",

server/.env.example

@@ -0,0 +1,81 @@
+# ======================================================
+# SHIVAO CLOUD - Configuração
+# Copie este arquivo para .env e preencha os valores
+# ======================================================
+
+# --- Autenticação ---
+# Token único do barco. GERE UMA STRING ALEATÓRIA LONGA!
+# Sugestão: openssl rand -hex 32
+BOAT_TOKEN=troque-este-valor-por-uma-string-aleatoria-longa-e-secreta
+
+# --- Dead-man switch ---
+# Se o app não enviar heartbeat por X segundos enquanto fundeado,
+# o servidor dispara o alarme automaticamente. Padrão: 300 (5 min)
+HEARTBEAT_TIMEOUT_SEC=300
+
+# ======================================================
+# CANAIS DE NOTIFICAÇÃO (configure os que quiser usar)
+# ======================================================
+
+# --- Telegram (RECOMENDADO - grátis, instantâneo) ---
+# 1. No Telegram, fale com @BotFather → /newbot → anote o token
+# 2. Inicie conversa com seu novo bot
+# 3. Acesse https://api.telegram.org/bot<TOKEN>/getUpdates → anote o chat.id
+# Você pode enviar para múltiplos chats separando por vírgula
+TELEGRAM_BOT_TOKEN=
+TELEGRAM_CHAT_IDS=
+
+# --- ntfy.sh (push notifications grátis sem cadastro) ---
+# Instale o app ntfy no celular, escolha um tópico secreto único
+# Ex: shivao-alertas-x7k9p2 — qualquer pessoa com o nome ouve, então use algo aleatório
+NTFY_TOPIC=
+NTFY_SERVER=https://ntfy.sh
+
+# --- E-mail (SMTP) ---
+# Para Gmail: ative 2FA, crie "App password" em
+# https://myaccount.google.com/apppasswords
+SMTP_HOST=
+SMTP_PORT=587
+SMTP_SECURE=false
+SMTP_USER=
+SMTP_PASS=
+SMTP_FROM=Shivao Alertas <alerts@example.com>
+# Múltiplos destinatários separados por vírgula
+SMTP_TO=
+
+# --- Twilio SMS / WhatsApp (PAGO) ---
+# Crie conta em twilio.com
+TWILIO_ACCOUNT_SID=
+TWILIO_AUTH_TOKEN=
+TWILIO_FROM_NUMBER=
+TWILIO_WHATSAPP_FROM=
+# Múltiplos números (com DDI, ex: +5521999998888) separados por vírgula
+TWILIO_SMS_TO=
+TWILIO_WHATSAPP_TO=
+
+# --- Webhook genérico ---
+# Para Discord, Slack, n8n, ou seu próprio endpoint
+# Recebe POST com JSON {boat, message, lat, lng, distance, ...}
+WEBHOOK_URL=
+
+# ======================================================
+# IOT (Smart Life / Tuya) — controlar dispositivos do barco
+# ======================================================
+# Tuya é o fabricante por trás do app Smart Life. Lâmpadas/tomadas
+# brand X (Positivo, Multilaser, Intelbras, RWS) são todas Tuya.
+#
+# Setup (5 min, gratuito):
+#  1. Crie conta em https://iot.tuya.com (use mesmo email do Smart Life)
+#  2. Cloud → Development → Create Cloud Project
+#     - Industry: Smart Home
+#     - Method: Custom Development
+#     - Data Center: escolha o mesmo da app Smart Life
+#       (Eu → Account & Security → Region)
+#  3. Aba Service API → autorize: IoT Core, Authorization, Smart Home Basic
+#  4. Aba Devices → Link Tuya App Account → escaneia QR Code com Smart Life
+#  5. Copie da aba Overview: Access ID + Access Secret
+TUYA_ACCESS_ID=
+TUYA_ACCESS_SECRET=
+# Data center: tuyaus (US, default Brasil), tuyaeu (Europa), tuyacn (China),
+# tuyain (Índia). Mude se sua conta estiver em outra região.
+TUYA_BASE_URL=https://openapi.tuyaus.com

server/public/sw.js

@@ -1,7 +1,7 @@
 // Shivao Service Worker — offline real
 // Estratégia: shell precachado, tiles cache-first, windy network-first, /api passa direto.
 // Versão usada nos cache names — bumpa essa string pra invalidar caches antigos em deploys.
-const VERSION = 'shivao-v1.7.0';
+const VERSION = 'shivao-v1.12.0';
 const SHELL_CACHE = `shivao-shell-${VERSION}`;
 const TILES_CACHE = 'shivao-tiles-v1'; // separado pra não invalidar tiles em update do shell
 const WINDY_CACHE = `shivao-windy-${VERSION}`;

server/src/index.js

@@ -12,6 +12,7 @@ import { hashPassword, verifyPassword, signAccessToken, signRefreshToken, verify
 import * as billing from './billing.js';
 import { initRealtime, broadcastStateChange, getOnlineCount } from './realtime.js';
 import * as gcal from './google-calendar.js';
+import * as tuya from './tuya.js';
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const PORT = parseInt(process.env.PORT || '3000');
@@ -126,6 +127,125 @@ app.get('/api/auth/me', requireAuth, (req, res) => {
   res.json(req.user);
 });
 
+// Diagnostic log endpoint — recebe log do BLE pra debugar
+app.post('/api/bms/diag-log', requireAuth, (req, res) => {
+  const { log } = req.body || {};
+  if (!log || typeof log !== 'string') return res.status(400).json({ error: 'log string required' });
+  const dir = path.join(db.dataDir, 'diag-logs');
+  try { fs.mkdirSync(dir, { recursive: true }); } catch {}
+  const ts = new Date().toISOString().replace(/[:.]/g, '-');
+  const file = path.join(dir, `${req.user.id}-${ts}.txt`);
+  try {
+    fs.writeFileSync(file, log.slice(0, 50000));
+    db.audit(req.user.id, 'bms_diag_log', 'bluetooth', null, { bytes: log.length, file: path.basename(file) }, req.ip);
+    res.json({ ok: true, file: path.basename(file) });
+  } catch (e) {
+    res.status(500).json({ error: e.message });
+  }
+});
+
+// ADMIN: lista TODOS os logs (BOAT_TOKEN apenas)
+app.get('/api/bms/diag-log/_all', requireAuth, (req, res) => {
+  if (!req.user.viaBoatToken) return res.status(403).json({ error: 'admin only' });
+  const dir = path.join(db.dataDir, 'diag-logs');
+  try {
+    if (!fs.existsSync(dir)) return res.json({ files: [] });
+    const files = fs.readdirSync(dir).map(f => {
+      const stat = fs.statSync(path.join(dir, f));
+      return { name: f, size: stat.size, mtime: stat.mtime };
+    }).sort((a, b) => b.mtime - a.mtime);
+    res.json({ files });
+  } catch (e) { res.status(500).json({ error: e.message }) }
+});
+
+// Lista logs disponíveis (debug)
+app.get('/api/bms/diag-log', requireAuth, (req, res) => {
+  const dir = path.join(db.dataDir, 'diag-logs');
+  try {
+    if (!fs.existsSync(dir)) return res.json({ files: [] });
+    const files = fs.readdirSync(dir)
+      .filter(f => f.startsWith(`${req.user.id}-`))
+      .map(f => {
+        const stat = fs.statSync(path.join(dir, f));
+        return { name: f, size: stat.size, mtime: stat.mtime };
+      })
+      .sort((a, b) => b.mtime - a.mtime);
+    res.json({ files });
+  } catch (e) {
+    res.status(500).json({ error: e.message });
+  }
+});
+
+// Lê conteúdo de um log específico
+app.get('/api/bms/diag-log/:file', requireAuth, (req, res) => {
+  const file = req.params.file.replace(/[^a-zA-Z0-9._-]/g, '');
+  // Admin (BOAT_TOKEN) lê qualquer; user normal só os próprios
+  if (!req.user.viaBoatToken && !file.startsWith(`${req.user.id}-`)) {
+    return res.status(403).json({ error: 'forbidden' });
+  }
+  const fullPath = path.join(db.dataDir, 'diag-logs', file);
+  try {
+    if (!fs.existsSync(fullPath)) return res.status(404).json({ error: 'not found' });
+    const content = fs.readFileSync(fullPath, 'utf8');
+    res.type('text/plain').send(content);
+  } catch (e) {
+    res.status(500).json({ error: e.message });
+  }
+});
+
+// ===== IoT (Smart Life / Tuya) =====
+// Proxy assinado pra Tuya Cloud API. Access Secret nunca vai pro client.
+
+app.get('/api/iot/devices', requireAuth, async (req, res) => {
+  if (!tuya.isEnabled()) return tuya.disabledResponse(res);
+  try {
+    const r = await tuya.listDevices();
+    if (r.error) return res.status(502).json({ error: r.error, code: r.code });
+    // Enriquece com label humano
+    const devices = r.devices.map(d => ({ ...d, category_label: tuya.categoryLabel(d.category) }));
+    res.json({ devices });
+  } catch (e) {
+    res.status(500).json({ error: e.message });
+  }
+});
+
+app.get('/api/iot/status/:deviceId', requireAuth, async (req, res) => {
+  if (!tuya.isEnabled()) return tuya.disabledResponse(res);
+  const deviceId = (req.params.deviceId || '').replace(/[^a-zA-Z0-9]/g, '');
+  if (!deviceId) return res.status(400).json({ error: 'deviceId required' });
+  try {
+    const r = await tuya.getDeviceStatus(deviceId);
+    if (r.error) return res.status(502).json({ error: r.error, code: r.code });
+    res.json({ status: r.status });
+  } catch (e) {
+    res.status(500).json({ error: e.message });
+  }
+});
+
+app.post('/api/iot/command/:deviceId', requireAuth, async (req, res) => {
+  if (!tuya.isEnabled()) return tuya.disabledResponse(res);
+  const deviceId = (req.params.deviceId || '').replace(/[^a-zA-Z0-9]/g, '');
+  const { commands } = req.body || {};
+  if (!deviceId) return res.status(400).json({ error: 'deviceId required' });
+  if (!Array.isArray(commands) || commands.length === 0) {
+    return res.status(400).json({ error: 'commands array required' });
+  }
+  // Validação básica: cada item precisa ter code:string + value
+  for (const c of commands) {
+    if (!c || typeof c.code !== 'string') {
+      return res.status(400).json({ error: 'each command needs {code:string, value:any}' });
+    }
+  }
+  try {
+    const r = await tuya.sendCommand(deviceId, commands);
+    if (!r.ok) return res.status(502).json({ error: r.error, code: r.code });
+    db.audit(req.user.id, 'iot_command', 'tuya', deviceId, { commands }, req.ip);
+    res.json({ ok: true });
+  } catch (e) {
+    res.status(500).json({ error: e.message });
+  }
+});
+
 // ===== Google Login via OAuth redirect (pra apps Capacitor onde GSI popup não funciona) =====
 // In-memory store: session_id → { tokens, createdAt }. Auto-expira em 10min.
 const pendingGoogleSessions = new Map();
@@ -347,7 +467,7 @@ app.get('/.well-known/assetlinks.json', (req, res) => {
 });
 
 // Atalho: /apk redireciona pra última APK release no Forgejo
-const LATEST_APK_URL = 'https://git.pontualtech.work/karlao/shivao-projeto/releases/download/v1.7.0/Shivao-v1.7.0.apk';
+const LATEST_APK_URL = 'https://git.pontualtech.work/karlao/shivao-projeto/releases/download/v1.12.0/Shivao-v1.12.0.apk';
 app.get('/apk', (req, res) => res.redirect(302, LATEST_APK_URL));
 
 // Página A4 imprimível com QR Code + instruções (cola no barco/marina)

server/src/tuya.js

@@ -0,0 +1,165 @@
+// Tuya OpenAPI client — Smart Life devices via HMAC-SHA256 signing
+// Docs: https://developer.tuya.com/en/docs/cloud/cloud-api-best-practice
+//
+// Why server-side: Access Secret never goes to client (PWA), pra evitar token
+// leak via DevTools. Client só conhece deviceId; server assina e proxia.
+
+import crypto from 'node:crypto';
+
+const ACCESS_ID = process.env.TUYA_ACCESS_ID || '';
+const ACCESS_SECRET = process.env.TUYA_ACCESS_SECRET || '';
+// Tuya tem 5 data centers. Escolha o mesmo da conta Smart Life (Eu → Account → Region):
+//   us  = openapi.tuyaus.com   (default North America)
+//   eu  = openapi.tuyaeu.com   (Europe)
+//   cn  = openapi.tuyacn.com   (China)
+//   in  = openapi.tuyain.com   (India)
+//   sg  = openapi-sg.iotbing.com (South Asia)
+// Brasil normalmente cai no US.
+const BASE_URL = process.env.TUYA_BASE_URL || 'https://openapi.tuyaus.com';
+
+let cachedToken = null; // {access_token, expires_at_ms}
+
+export function isEnabled() {
+  return !!(ACCESS_ID && ACCESS_SECRET);
+}
+
+export function disabledResponse(res) {
+  return res.status(503).json({
+    error: 'tuya_not_configured',
+    message: 'Configure TUYA_ACCESS_ID + TUYA_ACCESS_SECRET no env do servidor.',
+    setup_url: 'https://iot.tuya.com',
+  });
+}
+
+function sha256(str) {
+  return crypto.createHash('sha256').update(str, 'utf8').digest('hex');
+}
+
+function hmacSha256(key, str) {
+  return crypto.createHmac('sha256', key).update(str, 'utf8').digest('hex').toUpperCase();
+}
+
+// stringToSign = HTTPMethod + "\n" + Content-SHA256 + "\n" + Headers + "\n" + Url
+// Headers fica vazio porque não usamos signedHeaders custom.
+function buildStringToSign(method, urlPath, body) {
+  const contentSha = sha256(body || '');
+  return `${method.toUpperCase()}\n${contentSha}\n\n${urlPath}`;
+}
+
+// Para token endpoint: sign = client_id + t + nonce + stringToSign
+// Para business endpoints: sign = client_id + access_token + t + nonce + stringToSign
+function buildSignature(method, urlPath, body, withToken) {
+  const t = String(Date.now());
+  const nonce = crypto.randomBytes(16).toString('hex');
+  const stringToSign = buildStringToSign(method, urlPath, body);
+  const tokenPart = withToken && cachedToken ? cachedToken.access_token : '';
+  const str = ACCESS_ID + tokenPart + t + nonce + stringToSign;
+  const sign = hmacSha256(ACCESS_SECRET, str);
+  return { sign, t, nonce };
+}
+
+async function fetchToken() {
+  const urlPath = '/v1.0/token?grant_type=1';
+  const { sign, t, nonce } = buildSignature('GET', urlPath, '', false);
+  const r = await fetch(BASE_URL + urlPath, {
+    method: 'GET',
+    headers: {
+      'client_id': ACCESS_ID,
+      'sign': sign,
+      'sign_method': 'HMAC-SHA256',
+      't': t,
+      'nonce': nonce,
+    },
+  });
+  const j = await r.json();
+  if (!j.success) throw new Error(`tuya_token_failed: ${j.code} ${j.msg}`);
+  cachedToken = {
+    access_token: j.result.access_token,
+    refresh_token: j.result.refresh_token,
+    expires_at_ms: Date.now() + (j.result.expire_time * 1000) - 60000, // refresh 1min antes
+  };
+  return cachedToken;
+}
+
+async function ensureToken() {
+  if (cachedToken && Date.now() < cachedToken.expires_at_ms) return cachedToken;
+  return await fetchToken();
+}
+
+// Request genérico assinado a um endpoint Tuya OpenAPI
+async function tuyaRequest(method, urlPath, body) {
+  await ensureToken();
+  const bodyStr = body ? JSON.stringify(body) : '';
+  const { sign, t, nonce } = buildSignature(method, urlPath, bodyStr, true);
+  const r = await fetch(BASE_URL + urlPath, {
+    method,
+    headers: {
+      'client_id': ACCESS_ID,
+      'access_token': cachedToken.access_token,
+      'sign': sign,
+      'sign_method': 'HMAC-SHA256',
+      't': t,
+      'nonce': nonce,
+      'Content-Type': 'application/json',
+    },
+    body: bodyStr || undefined,
+  });
+  const j = await r.json();
+  // Token expirado mid-flight: invalida + retry 1x
+  if (j.code === 1010 || j.code === 1011 || j.code === 1004) {
+    cachedToken = null;
+    return tuyaRequest(method, urlPath, body);
+  }
+  return j;
+}
+
+// ===== APIs públicas =====
+
+// Lista todos os devices vinculados ao app Smart Life autorizado
+// (vinculado em iot.tuya.com → Cloud → Devices → Link Tuya App Account)
+export async function listDevices(uid) {
+  // uid é opcional; sem uid retorna devices da org. Pra Karlão (1 conta) ok sem.
+  const res = await tuyaRequest('GET', '/v1.3/iot-03/devices?source_type=tuyaUser&source_id=' + (uid || ''), null);
+  if (!res.success) return { error: res.msg, code: res.code, devices: [] };
+  return {
+    devices: (res.result?.list || []).map(d => ({
+      id: d.id,
+      name: d.name,
+      online: d.online,
+      product_id: d.product_id,
+      product_name: d.product_name,
+      category: d.category, // 'cz' = socket, 'dj' = light, 'kg' = switch, 'fs' = fan, etc.
+      icon: d.icon,
+      ip: d.ip,
+    })),
+  };
+}
+
+// Status atual do device (lista de DPs / data points)
+export async function getDeviceStatus(deviceId) {
+  const res = await tuyaRequest('GET', `/v1.0/iot-03/devices/${deviceId}/status`, null);
+  if (!res.success) return { error: res.msg, code: res.code };
+  // Result é array tipo [{code:'switch_1', value:true}, {code:'bright_value', value:600}]
+  return { status: res.result || [] };
+}
+
+// Dispara comando: array de {code, value}
+// Ex pra ligar: [{code:'switch_1', value:true}]
+// Ex pra dimmer: [{code:'switch_led', value:true}, {code:'bright_value_v2', value:800}]
+export async function sendCommand(deviceId, commands) {
+  const res = await tuyaRequest('POST', `/v1.0/iot-03/devices/${deviceId}/commands`, { commands });
+  if (!res.success) return { ok: false, error: res.msg, code: res.code };
+  return { ok: true };
+}
+
+// Categoria → função humanizada (ajuda UI a renderizar ícone certo)
+export function categoryLabel(cat) {
+  const map = {
+    cz: 'Tomada', dj: 'Lâmpada', kg: 'Interruptor', fs: 'Ventilador',
+    dd: 'Fita LED', xdd: 'Luminária', dc: 'Cordão LED', tdq: 'Disjuntor',
+    cwwsq: 'Alimentador', kt: 'Ar-condicionado', wsdcg: 'Sensor temp/umid',
+    mcs: 'Sensor porta', co2bj: 'Sensor CO2', sd: 'Robô aspirador',
+    cl: 'Cortina', clkg: 'Switch cortina', wnykq: 'Termostato',
+  };
+  return map[cat] || cat || 'Dispositivo';
+}