- darkMode: emulates prefers-color-scheme: dark before navigation
- hideSelectors: injects CSS to hide elements before capture
- POST: accepts string or string array
- GET: accepts comma-separated string
- Validation: max 10 selectors, each max 200 chars
- OpenAPI docs updated for both GET and POST endpoints
- 13 new tests added (service + route)
- Add 'cancelled' tier (0 req/month) for downgraded subscriptions
- Remove full API key from recovery endpoint logs (security)
- Add IP-based rate limiting (10/15min) to billing endpoints
- Bump version to 0.7.0
- 4 new tests (338 total)
The /v1/signup/free endpoint was still mounted despite free tier
being removed in v0.3.0. Anyone could generate unlimited free API keys.
- Removed signup route registration from index.ts
- Deleted src/routes/signup.ts (dead code)
- Added signup-removed.test.ts verifying 404 on signup endpoints
- Cleaned up leaked test key from production DB
334 tests passing.
- Create src/routes/__tests__/status.test.ts (GET /status and /status.html)
- Add blog post: public/blog/automating-og-images.html (~1000 words)
- Update public/blog.html with new post entry
- Update public/sitemap.xml with new URL
- Add blog tests for automating-og-images post
- Update existing blog tests for new post references
Tests: 332 passed, 1 skipped
- Wrap nav in <header> landmark on all pages
- Wrap content in <main id='main-content'> on all pages
- Add skip-to-content link (visually hidden, visible on focus)
- Add skip-link CSS styles
- Add 65 accessibility tests covering all 16 full-layout pages
- All 288 tests passing
- Blog index page (public/blog.html) with dark theme
- Post 1: Why You Need a Screenshot API (~800 words)
- Post 2: Screenshot API Performance & Caching (~600 words)
- Express routes: /blog → /blog.html, /blog/:slug → /blog/:slug.html
- Blog link added to nav and footer on index.html
- Sitemap updated with blog URLs
- Full test coverage (19 new tests, 190 total passing)
- Pricing page with full comparison table, feature matrix, FAQ, JSON-LD Product schema
- Changelog page with all versions v0.1.0-v0.6.0, JSON-LD Blog schema
- 301 redirects for clean URLs
- Added to sitemap.xml
- Pricing in main nav, changelog in footer
- 14 new tests (171 total)
- Add POST /v1/billing/portal endpoint for customer portal access
- Add GET /v1/billing/recover endpoint for API key recovery
- Implement getKeyByEmail() and getCustomerIdByEmail() service functions
- Add comprehensive test coverage for new endpoints and services
- Create dedicated recovery page at /recovery.html with forms
- Add 'Lost your API key?' link on landing page near pricing
- Update OpenAPI documentation for new endpoints
- Return masked API keys for security (snap_xxxx...xxxx format)
- Log full keys for manual email sending (email service TBD)
- Include proper error handling and input validation
- Add playground.test.ts with 14 tests for playground endpoint
- Add screenshot.test.ts with 17 tests for screenshot endpoint
- Add health.test.ts with 7 tests for health endpoint
- Add watermark.test.ts with 14 tests for watermark service
Total: 52 new tests covering:
- Input validation and error handling
- Authentication and authorization scenarios
- Caching behavior and cache bypass
- Parameter normalization and limits
- SSRF protection and blocked URLs
- Service error conditions (timeouts, queue full)
- Browser pool integration
- Watermark image processing logic
All tests pass and use proper mocking of dependencies.
- billing.ts: Stripe now initialized lazily via getStripe() instead of at module load
This prevents test suite crash when STRIPE_SECRET_KEY env var is not set
- Add src/middleware/__tests__/auth.test.ts (6 tests): key extraction from
Bearer header, X-API-Key header, query param; 401/403 responses; priority order
- Add src/services/__tests__/keys.test.ts (6 tests): getTierLimit for all tiers
- Total: 61 tests passing, 0 failures
- Add GET /v1/screenshot endpoint with query parameter support
- Support API key authentication via ?key= query parameter
- Implement in-memory LRU cache with configurable TTL (5min) and size limits (100MB)
- Add X-Cache headers (HIT/MISS) to indicate cache status
- Add cache bypass option via ?cache=false parameter
- Update OpenAPI documentation with GET endpoint and caching info
- Add GET/Embed code examples to landing page hero section
- Add Response Caching and GET Request Support feature cards
- Update features grid layout to accommodate new features
Root cause: With BROWSER_COUNT=1, the hourly browser restart set
restarting=true, drained all pages, closed the browser, THEN launched
a new one. During that window (seconds), all requests queued and
timed out after 30s with QUEUE_FULL errors.
Fix: Launch the new browser BEFORE closing the old one (hot-swap).
This ensures zero downtime during browser recycling, even with a
single browser instance.
- Node.js SDK: TypeScript, ESM+CJS, zero deps (uses native fetch)
- Python SDK: zero deps (uses urllib), Python 3.8+
- Both fully documented with examples and type hints
- Ready for npm/PyPI publishing
BUG-010: Add 301 redirects for clean URLs (/privacy → /privacy.html etc.)
and fix inconsistent href links across legal pages.
FEATURE: Enhanced playground with fullPage, quality, deviceScale,
waitUntil, and waitForSelector controls for better API evaluation.
Performance fixes:
- Default waitUntil changed from networkidle2 to domcontentloaded (saves ~500ms+)
- Add waitUntil parameter so users can choose (load/domcontentloaded/networkidle0/networkidle2)
- Optimize page recycle: use DOM reset instead of about:blank navigation
- Add Chromium flags to disable unnecessary features (background networking, extensions, sync, etc.)
Swagger fixes:
- Fix apis glob to include dist/*.js (was only matching src/*.ts, empty at runtime)
- Document new waitUntil parameter on POST /v1/screenshot
- Add OpenAPI docs for /status endpoint
- FAQ had both inline onclick AND addEventListener, causing double-toggle (no visible change)
- Removed duplicate JS listener, keeping inline onclick
- Replaced 'Rate limiting' mention in features with 'Secure defaults'
BREAKING: OpenAPI spec is now generated from JSDoc annotations on route
handlers at startup, eliminating drift between code and documentation.
What was wrong:
- Static public/openapi.json was manually maintained and could drift
- Missing endpoints: signup, billing (checkout/success/webhook)
- Signup route was imported but never mounted (dead code)
What was fixed:
- Added swagger-jsdoc to generate OpenAPI spec from JSDoc on route files
- Every route handler now has @openapi JSDoc annotation as source of truth
- Spec served dynamically at GET /openapi.json (no static file)
- Deleted public/openapi.json
- Documented all missing endpoints (signup, billing x3)
- Mounted /v1/signup route
- All 9 screenshot params documented with types, ranges, defaults
- Extract complete codebase from running staging pod
- Add Dockerfile with multi-stage build for Node.js + Puppeteer
- Configure CI/CD workflows for staging and production deployment
- Include all source files, configs, and public assets
