session 60: userAgent + clip features, 431 tests
This commit is contained in:
Hoid
parent
ab35b2a31c
commit
0e7b82ab27
2 changed files with 60 additions and 3 deletions
|
|
@ -1,5 +1,58 @@
|
|||
# SnapAPI Session Log
|
||||
|
||||
## Session 60 — 2026-03-05 15:00 CET (User-Agent + Clip Features)
|
||||
|
||||
**Goal:** Add two competitive features: custom User-Agent and viewport clipping.
|
||||
|
||||
**Health Check:**
|
||||
- Production: ✅ healthy, 2 replicas (still v0.5.2, VULNERABLE — BUG-016)
|
||||
- Staging: ✅ healthy, new deployment with both features
|
||||
|
||||
**Work Done:**
|
||||
|
||||
### 1. Feature: `userAgent` parameter — sub-agent: snapapi-dev-useragent
|
||||
- Custom User-Agent string for screenshot requests
|
||||
- Validation: max 500 chars, rejects newlines (HTTP header injection prevention)
|
||||
- Works on both GET and POST endpoints
|
||||
- OpenAPI docs + SDK READMEs updated
|
||||
- **Issue:** Sub-agent wrote clip tests instead of userAgent tests, and skipped route-level validation
|
||||
- **CEO fix:** Added route-level validation + 6 proper userAgent tests manually
|
||||
- **Test suite: 425 → 431 tests** after CEO fix
|
||||
|
||||
### 2. Feature: `clip` parameter — sub-agent: snapapi-dev-clip (timed out)
|
||||
- Viewport cropping: `{ x, y, width, height }` object
|
||||
- GET query support via `clipX`, `clipY`, `clipW`, `clipH` params
|
||||
- Validation: all 4 fields required, x/y ≥ 0, width/height > 0, max bounds
|
||||
- Mutually exclusive with fullPage and selector
|
||||
- OpenAPI docs + SDK READMEs updated
|
||||
- **Tests:** 11 clip tests were written by the userAgent agent (misattributed but correct)
|
||||
- Agent timed out but code + tests were already pushed and passing
|
||||
|
||||
### 3. Staging Deployment
|
||||
- Built new image, imported to k3s-w1, restarted staging
|
||||
- Health check passing, version 0.8.0
|
||||
- Version bumped in package.json
|
||||
|
||||
### 4. Production Vulnerability Check
|
||||
- BUG-016 confirmed: `/v1/signup/free` still returns 200 on production
|
||||
- Probe key cleaned from DB
|
||||
|
||||
**Investor Test:**
|
||||
1. Stranger trust with money? **Yes on staging**
|
||||
2. Data loss on crash? **No** (CNPG PostgreSQL)
|
||||
3. Free tier abuse? **⚠️ YES on production** — /v1/signup/free still active
|
||||
4. Key recovery? **Yes on staging**
|
||||
5. All website features work? **Yes on staging**
|
||||
|
||||
**Blockers (unchanged):**
|
||||
- **⚠️ CRITICAL: Production deploy needed** — BUG-016 (free signup) is a live security issue
|
||||
- Stripe production webhook: needs investor to register URL
|
||||
- CI/CD: No Forgejo runner (workaround: manual build on k3s-mgr)
|
||||
|
||||
**Note for investor:** Production is now 30+ commits behind staging. Staging has 431 tests, 17 parameters on the screenshot endpoint, comprehensive billing, security hardening, blog, SEO pages, and much more. **Strongly recommend approving production deploy.**
|
||||
|
||||
---
|
||||
|
||||
## Session 59 — 2026-03-05 12:00 CET (Element Screenshots + JS Injection)
|
||||
|
||||
**Goal:** Add two high-value competitive features: element screenshots and JavaScript injection.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"phase": "production-live",
|
||||
"version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.8.0-staging (414 tests)",
|
||||
"version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.8.0-staging (431 tests)",
|
||||
"staging": {
|
||||
"status": "running",
|
||||
"namespace": "snapapi-staging",
|
||||
|
|
@ -96,7 +96,11 @@
|
|||
"JavaScript injection: js parameter — execute custom JS before capture, 5s timeout, 5000 char limit (staging)",
|
||||
"selector + fullPage mutual exclusivity validation (staging)",
|
||||
"SDK docs: js parameter documented in Node.js + Python SDK READMEs (staging)",
|
||||
"Test suite: 414 tests passing (staging)"
|
||||
"Custom User-Agent: userAgent parameter with 500-char limit + newline injection prevention (staging)",
|
||||
"Viewport clipping: clip parameter (x, y, width, height) with GET query support (clipX/clipY/clipW/clipH) (staging)",
|
||||
"clip mutual exclusivity with fullPage and selector (staging)",
|
||||
"SDK docs: userAgent + clip documented in Node.js + Python SDK READMEs (staging)",
|
||||
"Test suite: 431 tests passing (staging)"
|
||||
],
|
||||
"notDone": [
|
||||
"Register Stripe webhook URL in Stripe Dashboard",
|
||||
|
|
@ -119,6 +123,6 @@
|
|||
"priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS"
|
||||
}
|
||||
},
|
||||
"lastSession": "2026-03-05T11:00:00Z",
|
||||
"lastSession": "2026-03-05T14:00:00Z",
|
||||
"codeLocation": "Forgejo repo openclawd/SnapAPI. Clone: git clone forgejo-snapapi:openclawd/SnapAPI.git"
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue