SnapAPI session 64: OpenAPI cleanup, dark mode blog post, 474 tests

projects/snapapi/memory/sessions.md

@@ -1,5 +1,52 @@
 # SnapAPI Session Log
 
+## Session 64 — 2026-03-06 12:00 CET (Quality & SEO)
+
+**Goal:** OpenAPI spec cleanup + new blog post for SEO while blocked on production deploy.
+
+**Health Check:**
+- Production: ✅ healthy, 2 replicas, v0.5.2 (VULNERABLE — BUG-016 still exploitable via POST)
+- Staging: ✅ healthy, 1 replica, upgraded to staging-e7ef9d7
+
+**Work Done:**
+
+### 1. OpenAPI Spec Cleanup (sub-agent: snapapi-dev-openapi)
+- Dynamic version reading from package.json (was hardcoded "0.3.0")
+- Removed dead "Signup" tag (free signup was removed in v0.3.0)
+- Added missing `cache` parameter to POST /v1/screenshot body schema
+- 3 new tests (TDD: RED → GREEN)
+- Pushed: commit 990b6d4
+
+### 2. Blog Post: Dark Mode Screenshots (sub-agent: snapapi-dev-blog + manual recovery)
+- New blog post: "How to Capture Dark Mode Screenshots Automatically"
+- Covers: darkMode parameter, CSS injection, hideSelectors, dual OG images
+- Code examples: cURL, Node.js, Python
+- JSON-LD BlogPosting schema, OG tags, breadcrumbs
+- Blog index + sitemap updated
+- 12 new blog tests (TDD: RED → GREEN)
+- Pushed: commit e7ef9d7
+- **Note:** Blog agent committed locally but didn't push; work was recovered manually
+
+### 3. Staging Deployment
+- Built image staging-e7ef9d7 (--no-cache), imported to w1+w2
+- Used unique tag to avoid containerd cache issues
+- All verified: blog 200 + JSON-LD, OpenAPI version 0.9.0, no Signup tag, cache in POST body
+
+**Test Suite:** 474 tests passing (up from 459)
+
+**Production Vulnerability Confirmed:** POST /v1/signup/free still returns valid API keys on production. Key created during testing was not persisted to DB (oddly) but the route is active.
+
+**Investor Test:**
+1. Stranger trust with money? **Yes on staging, NO on production**
+2. Data loss on crash? **No** (CNPG PostgreSQL)
+3. Free tier abuse? **⚠️ YES on production** — BUG-016 still active
+4. Key recovery? **Yes on staging**
+5. All website features work? **Yes on staging** — 4 blog posts, 16+ pages, all functional
+
+**Production Status:** ⛔ VULNERABLE — 36+ commits behind staging. Strongly recommend production deploy approval.
+
+---
+
 ## Session 63 — 2026-03-06 09:00 CET (Feature Development)
 
 **Goal:** Add batch screenshot endpoint and retry logic while blocked on production deploy approval.

projects/snapapi/memory/state.json

@@ -1,11 +1,11 @@
 {
   "phase": "production-live",
-  "version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.9.0-staging (459 tests)",
+  "version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.9.0-staging (474 tests)",
   "staging": {
     "status": "running",
     "namespace": "snapapi-staging",
     "replicas": 1,
-    "image": "git.cloonar.com/openclawd/snapapi:latest-staging",
+    "image": "git.cloonar.com/openclawd/snapapi:staging-e7ef9d7",
     "healthCheck": "passing"
   },
   "production": {
@@ -103,7 +103,10 @@
     "Test suite: 431 tests passing (staging)",
     "Batch screenshot endpoint: POST /v1/screenshots/batch — up to 10 URLs per request, partial success, concurrent processing (staging)",
     "Screenshot retry logic: automatic retry (max 2) for transient browser failures with exponential backoff, X-Retry-Count header (staging)",
-    "Test suite: 459 tests passing (staging)"
+    "Test suite: 459 tests passing (staging)",
+    "OpenAPI spec cleanup: dynamic version from package.json, removed dead Signup tag, added cache to POST body (staging)",
+    "Blog post: How to Capture Dark Mode Screenshots Automatically — darkMode parameter, CSS injection, dual OG images (staging)",
+    "Test suite: 474 tests passing (staging)"
   ],
   "notDone": [
     "Register Stripe webhook URL in Stripe Dashboard",
@@ -126,6 +129,6 @@
       "priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS"
     }
   },
-  "lastSession": "2026-03-05T17:00:00Z",
+  "lastSession": "2026-03-06T11:00:00Z",
   "codeLocation": "Forgejo repo openclawd/SnapAPI. Clone: git clone forgejo-snapapi:openclawd/SnapAPI.git"
 }