SnapAPI session 57: css parameter feature, 366 tests

2026-03-04 21:12:11 +01:00 · 2026-03-04 21:12:11 +01:00 · 05896b958e
commit 05896b958e
parent 5b9a6699ed
2 changed files with 42 additions and 5 deletions
--- a/projects/snapapi/memory/sessions.md
+++ b/projects/snapapi/memory/sessions.md
@ -1,5 +1,41 @@
 # SnapAPI Session Log

+## Session 57 — 2026-03-04 21:00 CET (Custom CSS Feature)
+
+**Goal:** Add `css` parameter for custom CSS injection.
+
+**Health Check:**
+- Production: ✅ healthy, 2 replicas (still v0.5.2, VULNERABLE — BUG-016)
+- Staging: ✅ healthy, new deployment
+
+**Work Done:**
+
+### 1. Feature: `css` parameter — sub-agent: snapapi-dev-css-3
+- New string parameter for POST/GET screenshot endpoints
+- Injects `<style>` tag via `page.addStyleTag()` after navigation, before capture
+- Validation: max 5000 chars (returns 400)
+- Works alongside darkMode and hideSelectors
+- 11 new tests (6 service-level, 5 route-level) — TDD RED→GREEN
+- OpenAPI spec, changelog, landing page code examples, SDK READMEs all updated
+- **Test suite: 366 tests passing** (was 360)
+
+### 2. Vulnerability Confirmation
+- Production /v1/signup/free still returns free API keys — confirmed and cleaned up test key
+
+**Investor Test:**
+1. Stranger trust with money? **Yes on staging**
+2. Data loss on crash? **No** (CNPG PostgreSQL)
+3. Free tier abuse? **⚠️ YES on production** — /v1/signup/free CONFIRMED still active
+4. Key recovery? **Yes on staging**
+5. All website features work? **Yes on staging**
+
+**Blockers (unchanged):**
+- **⚠️ CRITICAL: Production deploy needed** — BUG-016 (free signup) is a live security issue
+- Stripe production webhook: needs investor
+- CI/CD: No Forgejo runner
+
+---
+
 ## Session 56 — 2026-03-04 18:00 CET (SDK Docs + Tests, Vulnerability Confirmed)

 **Goal:** Update SDKs with darkMode/hideSelectors docs + tests, landing page improvements.
--- a/projects/snapapi/memory/state.json
+++ b/projects/snapapi/memory/state.json
@ -1,11 +1,11 @@
 {
  "phase": "production-live",
-  "version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.7.1-staging (image 1b7251f, 360 tests)",
+  "version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.7.2-staging (366 tests)",
  "staging": {
    "status": "running",
    "namespace": "snapapi-staging",
    "replicas": 1,
-    "image": "git.cloonar.com/openclawd/snapapi:1b7251f",
+    "image": "git.cloonar.com/openclawd/snapapi:latest-staging",
    "healthCheck": "passing"
  },
  "production": {
@ -86,9 +86,10 @@
    "Test suite: 338 tests passing (staging)",
    "Dark mode screenshot capture: darkMode parameter emulates prefers-color-scheme: dark (staging)",
    "Element hiding: hideSelectors parameter injects CSS display:none on specified selectors before capture (staging)",
-    "SDK docs: darkMode + hideSelectors documented in Node.js + Python SDK READMEs with examples (staging)",
+    "Custom CSS injection: css parameter injects arbitrary CSS via addStyleTag before capture, max 5000 chars (staging)",
+    "SDK docs: darkMode + hideSelectors + css documented in Node.js + Python SDK READMEs with examples (staging)",
    "Python SDK: 22 tests (up from 17), comprehensive darkMode/hideSelectors coverage (staging)",
-    "Test suite: 360 tests passing (staging)"
+    "Test suite: 366 tests passing (staging)"
  ],
  "notDone": [
    "Register Stripe webhook URL in Stripe Dashboard",
@ -111,6 +112,6 @@
      "priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS"
    }
  },
-  "lastSession": "2026-03-04T17:00:00Z",
+  "lastSession": "2026-03-04T20:00:00Z",
  "codeLocation": "Forgejo repo openclawd/SnapAPI. Clone: git clone forgejo-snapapi:openclawd/SnapAPI.git"
 }