diff --git a/memory/heartbeat-state.json b/memory/heartbeat-state.json index 1840fc1..3b772da 100644 --- a/memory/heartbeat-state.json +++ b/memory/heartbeat-state.json @@ -10,10 +10,10 @@ "news": "2026-01-30T08:17:00Z", "rheinmetall": "2026-02-19T10:39:32.196Z", "rheinmetall_price": 1660, - "calendar": "2026-02-27T08:02:00Z", + "calendar": "2026-03-02T17:11:00Z", "steam_hardware": "2026-02-03T22:00:00Z", "hamr_40tb": "2026-02-04T21:10:00Z", - "notes": "1 event: Reinigungshilfe 10-15" + "notes": "tomorrow: Sessel Lieferung 12-17" }, "watchlist": { "hamr_40tb": { @@ -43,5 +43,6 @@ "lastKnownVersion": null, "status": "Feb 26 update: auto-memory, /copy command" } - } + }, + "notes": "Tomorrow: Sessel Lieferung 12-17" } \ No newline at end of file diff --git a/memory/real-portfolio.json b/memory/real-portfolio.json index edbf1ef..5ad7d69 100644 --- a/memory/real-portfolio.json +++ b/memory/real-portfolio.json @@ -27,6 +27,16 @@ ], "totalInvested": 22200, "priceHistory": [ + { + "timestamp": "2026-03-02T16:00:00Z", + "PICK": 63.31, + "note": "4:00 PM Vienna - PICK down -1.6% to $63.31 (from $64.34). Defense ETFs remain +14% YTD despite intraday volatility. Oil/gold holding gains. Broad selloff continues; defensive positioning outperforming." + }, + { + "timestamp": "2026-03-02T15:01:00Z", + "PICK": 64.34, + "note": "3:01 PM Vienna - PICK steady $64.34 (+0.33% today). Defense ETFs +14% YTD. US-Iran war escalating, Brent toward $80. Broad equities down >1%, defense/commodities safe-haven strength intact." + }, { "timestamp": "2026-03-02T14:09:00Z", "PICK": 64.34, @@ -55,6 +65,6 @@ "note": "RHM at €1,663.50; recent earnings miss (-22.78%). Gold/metals/mining outperforming in 2026. Defense sector stable amid geopolitical tensions." } ], - "lastAnalysis": "2026-03-02T14:09:00Z", - "updateNote": "2:09 PM Vienna - PICK $64.34 (+0.33% today). Broad market down >1% (S&P, Nasdaq futures) as US-Iran war escalates & oil surges toward $80. Gold at $5,387 (22% YoY gain), silver spiking. Defense & commodities safe-haven outperformers. RHM thesis intact: Germany +45% defense budget 2026, NATO targeting 5% GDP by 2035. PICK miners benefit from commodity volatility & precious metals surge. No fresh opportunities identified—thesis alignment strong. HOLD all positions." + "lastAnalysis": "2026-03-02T15:01:00Z", + "updateNote": "3:01 PM Vienna - PICK $64.34 (+0.33% today). Defense ETFs up 14% YTD amid US-Iran escalation; oil toward $80/bbl, Strait of Hormuz disruption fears. Gold continues safe-haven run (+22% YoY). Broad equity selloff (-1%+) contrasts with defense/commodities strength. RHM thesis intact: German defense budget +45% in 2026, NATO 5% GDP target by 2035. PICK benefits from commodity volatility & precious metals demand. RHM.DE & DFNS.PA API gaps but geopolitical backdrop strongly favorable. No new opportunities identified—portfolio thesis aligned. HOLD all positions." } diff --git a/projects/business/memory/bugs.md b/projects/business/memory/bugs.md index f54edc3..5a591aa 100644 --- a/projects/business/memory/bugs.md +++ b/projects/business/memory/bugs.md @@ -1,3 +1,11 @@ +## BUG-098: Request interceptor leaks across browser pool pages after URL-to-PDF conversion +- **Date:** 2026-03-02 +- **Severity:** MEDIUM +- **Issue:** In `src/services/browser.ts`, `renderUrlPdf()` calls `page.setRequestInterception(true)` and adds a `page.on("request", ...)` listener for SSRF DNS pinning. `recyclePage()` never cleans these up. When the page is returned to the pool and reused, the stale interceptor blocks external resource requests (fonts, images, stylesheets) for subsequent HTML-to-PDF conversions. Successive URL-to-PDF calls on the same page also stack listeners. +- **Impact:** After a URL-to-PDF conversion, any HTML-to-PDF conversion reusing the same page may fail to load external resources. Low probability in practice (depends on pool cycling) but a real data corruption vector. +- **Fix:** Add `page.removeAllListeners("request")` and `page.setRequestInterception(false)` to `recyclePage()`. +- **Status:** ✅ FIXED — commit 024fa00. recyclePage now calls removeAllListeners("request") + setRequestInterception(false). 1 test added (TDD red→green verified). 443 tests total. Deployed to staging. + ## BUG-097: Footer "Support" link missing on /examples, /privacy, and /status pages - **Date:** 2026-03-02 - **Severity:** LOW diff --git a/projects/business/memory/sessions.md b/projects/business/memory/sessions.md index be2bdaa..8d1582a 100644 --- a/projects/business/memory/sessions.md +++ b/projects/business/memory/sessions.md @@ -1,5 +1,20 @@ # Session Log +## Session 119 — 2026-03-02 17:00 UTC (Monday Evening) +- **Production:** v0.5.1 ✅ healthy, 2 replicas, 0 restarts, ~27h uptime +- **Staging:** ✅ Updated to commit 024fa00 (29 commits ahead of prod) +- **K8s cluster:** All 3 nodes Ready +- **Support:** Zero tickets +- **Completed:** + 1. **BUG-098 discovery & fix (TDD)** — Found that `renderUrlPdf()` sets `page.setRequestInterception(true)` and adds request listener for SSRF DNS pinning, but `recyclePage()` never cleans them up. Stale interceptors could block external resources for subsequent HTML-to-PDF conversions on the same pooled page. Fix: added `removeAllListeners("request")` + `setRequestInterception(false)` to `recyclePage()`. Exported `recyclePage` for testability. TDD verified (red→green). 1 test added. Commit 024fa00. + 2. **Repo cleanup** — Removed stale files: `\001@` (BUG-031), `bugs.md`, `state.json`, `sessions.md`, `decisions.md` (from session 1, superseded by project memory), `BACKUP_PROCEDURES.md`, `CI-CD-SETUP-COMPLETE.md`, `Dockerfile.backup`. Commits 5aee8ae, b05bd44. + 3. **Manual staging build & deploy** — Built on k3s-mgr, imported to w2 containerd, restarted staging. Verified v0.5.2 healthy. +- **Total tests:** 443 (all passing), 27 test files +- **Open bugs:** ZERO 🎉 +- **CI runner:** Still absent. Ongoing blocker. +- **Investor test:** All 5 checks pass ✅ +- **Recommendation:** Staging v0.5.2 is production-ready with ZERO open bugs, 443 tests, 29 commits ahead. Request investor approval for production tag. + ## Session 118 — 2026-03-02 13:00 UTC (Monday Afternoon) - **Production:** v0.5.1 ✅ healthy, 2 replicas, 0 restarts, ~24h uptime - **Staging:** ✅ Updated to commit 6290c3e (26 commits ahead of prod) diff --git a/projects/business/memory/state.json b/projects/business/memory/state.json index 2fb9bd0..f165dc1 100644 --- a/projects/business/memory/state.json +++ b/projects/business/memory/state.json @@ -3,7 +3,7 @@ "phaseLabel": "Build Production-Grade Product", "status": "launch-ready", "product": "DocFast — HTML/Markdown to PDF API", - "currentPriority": "Production on v0.5.1. Staging updated to v0.5.2 (26 commits ahead, commit 6290c3e). CI runner still DOWN. npm audit 0 vulns. 442 tests passing (26 files). ZERO open bugs. Ready for production tag when investor approves.", + "currentPriority": "Production on v0.5.1. Staging updated to v0.5.2 (29 commits ahead, commit 024fa00). CI runner still DOWN. npm audit 0 vulns. 443 tests passing (27 files). ZERO open bugs. Ready for production tag when investor approves.", "ownerDirectives_PRIORITY": "Process these IN ORDER. Do not skip. Remove items marked ✅ DONE/FIXED during housekeeping.", "ownerDirectives": [ "Stripe Product ID for DocFast: prod_TygeG8tQPtEAdE — webhook handler must filter by this product_id to ignore events from other projects on the same Stripe account." @@ -81,9 +81,9 @@ "HIGH": [], "MEDIUM": [], "LOW": [], - "note": "All bugs resolved. BUG-095 and BUG-097 fixed in commit 6290c3e. BUG-096 was false positive." + "note": "All bugs resolved. BUG-098 (request interceptor leak) fixed in commit 024fa00. BUG-095/097 fixed 6290c3e. BUG-096 false positive." }, "blockers": [], "startDate": "2026-02-14", - "sessionCount": 118 + "sessionCount": 119 }