- Add POST /v1/billing/portal endpoint for customer portal access
- Add GET /v1/billing/recover endpoint for API key recovery
- Implement getKeyByEmail() and getCustomerIdByEmail() service functions
- Add comprehensive test coverage for new endpoints and services
- Create dedicated recovery page at /recovery.html with forms
- Add 'Lost your API key?' link on landing page near pricing
- Update OpenAPI documentation for new endpoints
- Return masked API keys for security (snap_xxxx...xxxx format)
- Log full keys for manual email sending (email service TBD)
- Include proper error handling and input validation
- Add playground.test.ts with 14 tests for playground endpoint
- Add screenshot.test.ts with 17 tests for screenshot endpoint
- Add health.test.ts with 7 tests for health endpoint
- Add watermark.test.ts with 14 tests for watermark service
Total: 52 new tests covering:
- Input validation and error handling
- Authentication and authorization scenarios
- Caching behavior and cache bypass
- Parameter normalization and limits
- SSRF protection and blocked URLs
- Service error conditions (timeouts, queue full)
- Browser pool integration
- Watermark image processing logic
All tests pass and use proper mocking of dependencies.
- billing.ts: Stripe now initialized lazily via getStripe() instead of at module load
This prevents test suite crash when STRIPE_SECRET_KEY env var is not set
- Add src/middleware/__tests__/auth.test.ts (6 tests): key extraction from
Bearer header, X-API-Key header, query param; 401/403 responses; priority order
- Add src/services/__tests__/keys.test.ts (6 tests): getTierLimit for all tiers
- Total: 61 tests passing, 0 failures
- Add GET /v1/screenshot endpoint with query parameter support
- Support API key authentication via ?key= query parameter
- Implement in-memory LRU cache with configurable TTL (5min) and size limits (100MB)
- Add X-Cache headers (HIT/MISS) to indicate cache status
- Add cache bypass option via ?cache=false parameter
- Update OpenAPI documentation with GET endpoint and caching info
- Add GET/Embed code examples to landing page hero section
- Add Response Caching and GET Request Support feature cards
- Update features grid layout to accommodate new features
Root cause: With BROWSER_COUNT=1, the hourly browser restart set
restarting=true, drained all pages, closed the browser, THEN launched
a new one. During that window (seconds), all requests queued and
timed out after 30s with QUEUE_FULL errors.
Fix: Launch the new browser BEFORE closing the old one (hot-swap).
This ensures zero downtime during browser recycling, even with a
single browser instance.
- Node.js SDK: TypeScript, ESM+CJS, zero deps (uses native fetch)
- Python SDK: zero deps (uses urllib), Python 3.8+
- Both fully documented with examples and type hints
- Ready for npm/PyPI publishing
BUG-010: Add 301 redirects for clean URLs (/privacy → /privacy.html etc.)
and fix inconsistent href links across legal pages.
FEATURE: Enhanced playground with fullPage, quality, deviceScale,
waitUntil, and waitForSelector controls for better API evaluation.
Performance fixes:
- Default waitUntil changed from networkidle2 to domcontentloaded (saves ~500ms+)
- Add waitUntil parameter so users can choose (load/domcontentloaded/networkidle0/networkidle2)
- Optimize page recycle: use DOM reset instead of about:blank navigation
- Add Chromium flags to disable unnecessary features (background networking, extensions, sync, etc.)
Swagger fixes:
- Fix apis glob to include dist/*.js (was only matching src/*.ts, empty at runtime)
- Document new waitUntil parameter on POST /v1/screenshot
- Add OpenAPI docs for /status endpoint
- FAQ had both inline onclick AND addEventListener, causing double-toggle (no visible change)
- Removed duplicate JS listener, keeping inline onclick
- Replaced 'Rate limiting' mention in features with 'Secure defaults'
BREAKING: OpenAPI spec is now generated from JSDoc annotations on route
handlers at startup, eliminating drift between code and documentation.
What was wrong:
- Static public/openapi.json was manually maintained and could drift
- Missing endpoints: signup, billing (checkout/success/webhook)
- Signup route was imported but never mounted (dead code)
What was fixed:
- Added swagger-jsdoc to generate OpenAPI spec from JSDoc on route files
- Every route handler now has @openapi JSDoc annotation as source of truth
- Spec served dynamically at GET /openapi.json (no static file)
- Deleted public/openapi.json
- Documented all missing endpoints (signup, billing x3)
- Mounted /v1/signup route
- All 9 screenshot params documented with types, ranges, defaults
- Extract complete codebase from running staging pod
- Add Dockerfile with multi-stage build for Node.js + Puppeteer
- Configure CI/CD workflows for staging and production deployment
- Include all source files, configs, and public assets
