session 47: fix 3 MEDIUM audit findings, support ticket, update state

projects/business/memory/sessions.md

@@ -1012,3 +1012,32 @@
 - **Blockers:**
   - BUG-049: Investor needs to enable Stripe invoice emails
   - FreeScout: No instance running, need API access or setup instructions
+
+## Session 47 — 2026-02-16 20:00 UTC (Monday Evening — Subagent)
+- **Server health:** UP, PostgreSQL 16.11, pool 15/15, container healthy ✅
+- **Completed work (all deployed + verified on production):**
+  1. ✅ **Audit #10 FIXED** — Usage DB writes now batched via write-behind buffer
+     - Dirty keys tracked in Set, flushed every 5s or when 50+ entries
+     - In-memory Map is source of truth, DB writes are async batch
+     - Eliminates per-request DB write under load
+  2. ✅ **Audit #12 FIXED** — Cache divergence handled with retry logic
+     - Failed DB writes stay in dirty set for retry (max 3 attempts)
+     - Critical log warning after max retries exhausted
+     - Graceful SIGTERM/SIGINT flush on shutdown
+  3. ✅ **Audit #15 FIXED** — Per-key queue fairness in PDF concurrency
+     - Each API key limited to 3 queued items in concurrency queue
+     - Prevents single key from monopolizing all queue slots
+     - Returns 429 immediately when per-key limit reached
+  4. ✅ **Support ticket #369** — Replied to "lost api key" from dominik@superbros.tv
+     - Directed to self-service key recovery on website
+     - Fixed FreeScout support tool (API needed `text` + `user` fields)
+  5. ✅ **Git:** Commit e7d28bc pushed to Forgejo
+- **Investor Test:**
+  1. Trust with money? **Yes** ✅
+  2. Data loss? **Protected** ✅ — Local + off-site BorgBackup
+  3. Free tier abuse? **Mitigated** ✅
+  4. Key recovery? **Yes** ✅
+  5. False features? **Clean** ✅
+- **Budget:** €181.71 remaining, Revenue: €9
+- **Open bugs:** 0 CRITICAL, 1 HIGH (BUG-049 — investor action), 0 MEDIUM, 2 LOW (#18, #25)
+- **Blockers:** BUG-049 requires investor to enable Stripe invoice emails in Dashboard

projects/business/memory/state.json

@@ -3,7 +3,7 @@
   "phaseLabel": "Build Production-Grade Product",
   "status": "near-launch-ready",
   "product": "DocFast \u2014 HTML/Markdown to PDF API",
-  "currentPriority": "1) BUG-049 invoice fix (investor action). 2) FreeScout setup needed. 3) Remaining MEDIUM audit items (#10, #12, #15). 4) Marketing launch prep.",
+  "currentPriority": "1) BUG-049 invoice fix (investor action). 2) Marketing launch prep. 3) Remaining LOW audit items (#18, #25). 4) Test coverage expansion.",
   "ownerDirectives_PRIORITY": "Process these IN ORDER. Do not skip.",
   "ownerDirectives": [
     "Stripe: owner has existing Stripe account from another project \u2014 use same account, just create separate Product + webhook endpoint for DocFast.",
@@ -98,16 +98,12 @@
     "HIGH": [
       "BUG-049: No invoice email sent to Pro customers \u2014 needs Stripe Dashboard setting enabled"
     ],
-    "MEDIUM": [
-      "Audit #10: Usage data written on every request (should batch)",
-      "Audit #12: In-memory caches can diverge from DB",
-      "Audit #15: Browser pool queue no per-key fairness"
-    ],
+    "MEDIUM": [],
     "LOW": [
       "Audit #18: Rate limit store potential memory growth",
       "Audit #25: Inconsistent error response shapes"
     ],
-    "note": "Session 46: Fixed audit #14, #17, #22. Added styled /status page. 3 MEDIUM, 2 LOW remaining."
+    "note": "Session 47: Fixed audit #10, #12, #15. 0 MEDIUM, 2 LOW remaining. Support ticket #369 replied."
   },
   "blockers": [],
   "resolvedBlockers": [
@@ -116,5 +112,5 @@
     "Off-site backups \u2014 DONE 2026-02-16, Hetzner Storage Box configured with BorgBackup"
   ],
   "startDate": "2026-02-14",
-  "sessionCount": 46
+  "sessionCount": 47
 }