From 4cc97bc756b3d9f4bae93abf5e9ca2a1ef586470 Mon Sep 17 00:00:00 2001 From: Hoid Date: Thu, 19 Feb 2026 16:33:36 +0000 Subject: [PATCH] Clean CEO memory: remove old server refs, fix SMTP info, fix git push status --- projects/business/memory/bugs.md | 33 +++++++---------- projects/business/memory/infrastructure.md | 2 +- projects/business/memory/state.json | 43 +++++++++++----------- projects/snapapi/memory/state.json | 27 +++++++++----- 4 files changed, 54 insertions(+), 51 deletions(-) diff --git a/projects/business/memory/bugs.md b/projects/business/memory/bugs.md index 188d6e5..48dd6ca 100644 --- a/projects/business/memory/bugs.md +++ b/projects/business/memory/bugs.md @@ -1,23 +1,18 @@ -## BUG-078: Old Server Down — SMTP Relay + CI Runner Broken -- **Date:** 2026-02-19 14:09 UTC -- **Severity:** CRITICAL -- **Issue:** Old server (167.235.156.214) is completely unreachable — 100% packet loss. This server runs: - 1. **Postfix SMTP relay** with DKIM for docfast.dev — ALL signup verification and key recovery emails route through it - 2. **Forgejo Actions CI runner** — CI jobs stuck in "pending", no new images built -- **Impact:** - - New signups CANNOT receive verification emails → no new customers - - Code changes cannot be built/deployed through CI pipeline - - Commit 37386bf stuck in pending CI -- **Workaround:** Production manually updated to fb05989 image (accessibility fixes). But no email capability. -- **Fix needed:** Investor must reboot old server via Hetzner Console. Long-term: migrate SMTP to K3s cluster and CI runner to K3s. -- **Status:** ✅ RESOLVED (Session 62) — SMTP migrated to K3s cluster. Postfix+OpenDKIM pod deployed in `docfast` namespace. Service: `mail.docfast.svc.cluster.local:25`. DKIM DNS record pending for deliverability. - -## BUG-077: Cannot Push Code — Forgejo SSH Down + Token Lacks Write Scope -- **Date:** 2026-02-19 13:15 UTC +## BUG-078: SMTP Config Pointed to Old Server +- **Date:** 2026-02-19 - **Severity:** HIGH -- **Issue:** Cannot push code changes to Forgejo. Two independent failures: - 1. SSH port 2222 on git.cloonar.com: "Connection refused" — the Forgejo SSH service appears to be down - 2. Forgejo API token (FORGEJO_TOKEN in services.env) lacks `write:repository` scope — returns 403 on content update API +- **Issue:** K8s secret SMTP_HOST was set to 167.235.156.214 (old decommissioned server) instead of mail.cloonar.com +- **Root cause:** Legacy config from Docker era, never updated during K3s migration +- **Fix:** Updated K8s secret: SMTP_HOST=mail.cloonar.com, SMTP_PORT=587, SMTP_USER/SMTP_PASS from docfast.env +- **Status:** ✅ RESOLVED — Email verified working (full signup flow tested with support@docfast.dev) +- **NOTE:** SMTP is managed by Cloonar (mail.cloonar.com). There is NO Postfix on K3s. Do NOT deploy mail infrastructure. + +## BUG-077: Cannot Push Code — Wrong SSH Port +- **Date:** 2026-02-19 +- **Severity:** HIGH +- **Issue:** Git push failing — was using SSH port 2222 instead of 22 +- **Fix:** Corrected SSH config. Git push works from openclaw-vm via deploy key (forgejo-docfast SSH alias) +- **Status:** ✅ RESOLVED - **Impact:** All code changes blocked. 4 fixes prepared but can't be deployed. - **Workaround:** Changes saved locally in /tmp/docfast-push (also on k3s-mgr:/tmp/docfast). Can be pushed once access is restored. - **Fix needed:** (1) Restart Forgejo SSH service or container, (2) Create new API token with write:repository scope diff --git a/projects/business/memory/infrastructure.md b/projects/business/memory/infrastructure.md index 75949ef..b227d81 100644 --- a/projects/business/memory/infrastructure.md +++ b/projects/business/memory/infrastructure.md @@ -182,7 +182,7 @@ Target: `u149513-sub11@u149513-sub11.your-backup.de:23` (already set up, SSH key - [x] **Implement Borg backup** — operational since 2026-02-19 (DB every 6h, full daily at 03:00 UTC) - [ ] **DNS: staging.docfast.dev** → 46.225.37.135 — needed for staging ingress TLS - [ ] **Persist HA spread constraints** — CoreDNS scale, CNPG operator replicas, pooler anti-affinity are runtime patches. Need infra-as-code (manifests in Git) to survive K3s upgrades/reinstalls -- [ ] **Decommission old server** (167.235.156.214) — still running, no longer serves traffic. Stop Docker, delete VM, save €4.5/mo +- [x] **Old server decommissioned** (167.235.156.214) — deleted, no longer exists ### Priority: Medium - [ ] **CNPG backup to S3** — upgrade from pg_dump to continuous WAL archiving when DB grows diff --git a/projects/business/memory/state.json b/projects/business/memory/state.json index 842d219..024e012 100644 --- a/projects/business/memory/state.json +++ b/projects/business/memory/state.json @@ -2,25 +2,25 @@ "phase": 1, "phaseLabel": "Build Production-Grade Product", "status": "launch-ready", - "product": "DocFast \u2014 HTML/Markdown to PDF API", - "currentPriority": "SMTP migrated to K3s (no old server dependency). Need DKIM DNS record for deliverability. All systems operational.", + "product": "DocFast — HTML/Markdown to PDF API", + "currentPriority": "All systems operational. SMTP via mail.cloonar.com. Email verified working. Focus on growth and improvements.", "ownerDirectives_PRIORITY": "Process these IN ORDER. Do not skip.", "ownerDirectives": [ - "Stripe: owner has existing Stripe account from another project \u2014 use same account, just create separate Product + webhook endpoint for DocFast.", - "Stripe Product ID for DocFast: prod_TygeG8tQPtEAdE \u2014 webhook handler must filter by this product_id to ignore events from other projects on the same Stripe account.", - "OFF-SITE BACKUPS: BorgBackup installed and running locally. Need Hetzner Storage Box for true off-site. Ask investor to provision one (~\u20ac3/mo for 100GB).", - "BUG-046 CRITICAL SECURITY: \u2705 FIXED \u2014 Usage scoped to authenticated user's keys only.", - "BUG-047: \u2705 FIXED \u2014 Copy button added to Pro key success page.", - "BUG-048: \u2705 FIXED \u2014 Change email links fixed.", - "CI/CD PIPELINE: \u2705 OPERATIONAL \u2014 Forgejo Actions workflow with no-cache builds. Push main\u2192staging, tag v*\u2192prod.", - "REPRODUCIBLE INFRASTRUCTURE: \u2705 DONE.", - "PRO PLAN LIMITS: \u2705 DONE \u2014 5,000 PDFs/month at \u20ac9/mo. Landing page, JSON-LD, Stripe all consistent.", - "STATUS PAGE: \u2705 DONE \u2014 Styled /status page live.", - "SUPPORT EMAIL LIVE: \u2705 DONE \u2014 support@docfast.dev in FreeScout.", - "BUG-049 HIGH: \u2705 FIXED \u2014 Stripe invoicing enabled.", - "WEBSITE TEMPLATING: \u2705 DONE.", - "BUG-070 CRITICAL: \u2705 FIXED \u2014 Stripe cancellation webhook handler fixed.", - "CI/CD CACHE FIX: \u2705 FIXED (Session 56) \u2014 Added no-cache:true to docker build. Compression middleware now uses `compression` package for proper static file gzip." + "Stripe: owner has existing Stripe account from another project — use same account, just create separate Product + webhook endpoint for DocFast.", + "Stripe Product ID for DocFast: prod_TygeG8tQPtEAdE — webhook handler must filter by this product_id to ignore events from other projects on the same Stripe account.", + "OFF-SITE BACKUPS: BorgBackup installed and running locally. Need Hetzner Storage Box for true off-site. Ask investor to provision one (~€3/mo for 100GB).", + "BUG-046 CRITICAL SECURITY: ✅ FIXED — Usage scoped to authenticated user's keys only.", + "BUG-047: ✅ FIXED — Copy button added to Pro key success page.", + "BUG-048: ✅ FIXED — Change email links fixed.", + "CI/CD PIPELINE: ✅ OPERATIONAL — Forgejo Actions workflow with no-cache builds. Push main→staging, tag v*→prod.", + "REPRODUCIBLE INFRASTRUCTURE: ✅ DONE.", + "PRO PLAN LIMITS: ✅ DONE — 5,000 PDFs/month at €9/mo. Landing page, JSON-LD, Stripe all consistent.", + "STATUS PAGE: ✅ DONE — Styled /status page live.", + "SUPPORT EMAIL LIVE: ✅ DONE — support@docfast.dev in FreeScout.", + "BUG-049 HIGH: ✅ FIXED — Stripe invoicing enabled.", + "WEBSITE TEMPLATING: ✅ DONE.", + "BUG-070 CRITICAL: ✅ FIXED — Stripe cancellation webhook handler fixed.", + "CI/CD CACHE FIX: ✅ FIXED (Session 56) — Added no-cache:true to docker build. Compression middleware now uses `compression` package for proper static file gzip." ], "launchChecklist": { "emailVerificationReal": true, @@ -37,7 +37,7 @@ "rateLimitsDataBacked": true, "landingPageHonest": true, "legalPages": true, - "legalPagesNote": "Impressum, Privacy Policy, Terms of Service \u2014 all live", + "legalPagesNote": "Impressum, Privacy Policy, Terms of Service — all live", "euHostingMarketed": true, "jsDisabledInPdf": true, "zeroConsoleErrors": true, @@ -45,7 +45,7 @@ "securityAuditPassed": true, "healthEndpointComplete": true, "cicdPipeline": true, - "cicdPipelineNote": "Forgejo Actions with no-cache builds. Push main\u2192staging, tag v*\u2192prod. Fixed session 56.", + "cicdPipelineNote": "Forgejo Actions with no-cache builds. Push main→staging, tag v*→prod. Fixed session 56.", "reproducibleInfra": true, "proLimitsSet": true, "proLimitsNote": "5,000 PDFs/month for Pro. Enforced in usage middleware.", @@ -72,11 +72,10 @@ "url": "https://docfast.dev", "k3s": "3-node K3s cluster: k3s-mgr, k3s-w1, k3s-w2", "loadBalancer": "Hetzner LB 46.225.37.135", - "smtp": "Postfix + OpenDKIM on old server (167.235.156.214) as relay", "email": "noreply@docfast.dev", "supportEmail": "support@docfast.dev (FreeScout)", "backups": "CNPG WAL archiving + MinIO. Daily 03:00 UTC, 7-day retention.", - "cicd": "Forgejo Actions with no-cache builds. Fixed session 56." + "smtp": "mail.cloonar.com:587 — managed by Cloonar. DO NOT deploy own mail server." }, "credentials": { "file": "/home/openclaw/.openclaw/workspace/.credentials/docfast.env", @@ -92,7 +91,7 @@ "HIGH": [], "MEDIUM": [], "LOW": [], - "note": "Session 62: BUG-078 RESOLVED — SMTP migrated to K3s cluster. Postfix+DKIM pod in docfast namespace. Need DNS TXT record for DKIM." + "note": "All clear. BUG-078 was false alarm — SMTP was always mail.cloonar.com, just needed correct credentials in K8s secret." }, "blockers": [], "startDate": "2026-02-14", diff --git a/projects/snapapi/memory/state.json b/projects/snapapi/memory/state.json index 33b6cf7..a8de4a4 100644 --- a/projects/snapapi/memory/state.json +++ b/projects/snapapi/memory/state.json @@ -18,8 +18,7 @@ "tls": "Let's Encrypt (valid until 2026-05-20)" }, "blockers": [ - "Stripe webhook URL needs to be registered in Stripe Dashboard", - "CI/CD pipeline blocked on git push access" + "Stripe webhook URL needs to be registered in Stripe Dashboard" ], "completed": [ "Core screenshot API (POST /v1/screenshot)", @@ -44,18 +43,28 @@ "Stripe Checkout flow (plan selection → Stripe → success page with API key)", "Stripe webhook handler (subscription lifecycle, product filtering for shared account)", "Status page at /status (auto-refresh, dark theme)", - "Closed BUG-002 and BUG-003 (no longer applicable — no free tier)" + "Closed BUG-002 and BUG-003 (no longer applicable — no free tier)", + "Git push access from openclaw-vm (deploy key: forgejo-snapapi)" ], "notDone": [ "Register Stripe webhook URL in Stripe Dashboard", - "CI/CD pipeline (blocked on git push access)", "Staging TLS (blocked on DNS)", "Uptime monitoring (external)" ], "stripeProducts": { - "starter": { "productId": "prod_U0YOVzPDAht9eH", "priceId": "price_1T2XHnRtlDv9c8GoNehDYEhS" }, - "pro": { "productId": "prod_U0YOlQO6hAF7Tg", "priceId": "price_1T2XHoRtlDv9c8GoCsinPNM4" }, - "business": { "productId": "prod_U0YOSor6qXhHs8", "priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS" } + "starter": { + "productId": "prod_U0YOVzPDAht9eH", + "priceId": "price_1T2XHnRtlDv9c8GoNehDYEhS" + }, + "pro": { + "productId": "prod_U0YOlQO6hAF7Tg", + "priceId": "price_1T2XHoRtlDv9c8GoCsinPNM4" + }, + "business": { + "productId": "prod_U0YOSor6qXhHs8", + "priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS" + } }, - "lastSession": "2026-02-19T13:35:00Z" -} + "lastSession": "2026-02-19T13:35:00Z", + "codeLocation": "Forgejo repo openclawd/SnapAPI. Clone: git clone forgejo-snapapi:openclawd/SnapAPI.git" +} \ No newline at end of file