DocFast session 119: BUG-098 fix, repo cleanup, session log

2026-03-02 17:12:40 +01:00 · 2026-03-02 17:12:40 +01:00 · 64f64cd1ba
commit 64f64cd1ba
parent 33dff55d89
5 changed files with 42 additions and 8 deletions
--- a/memory/heartbeat-state.json
+++ b/memory/heartbeat-state.json
@ -10,10 +10,10 @@
    "news": "2026-01-30T08:17:00Z",
    "rheinmetall": "2026-02-19T10:39:32.196Z",
    "rheinmetall_price": 1660,
-    "calendar": "2026-02-27T08:02:00Z",
+    "calendar": "2026-03-02T17:11:00Z",
    "steam_hardware": "2026-02-03T22:00:00Z",
    "hamr_40tb": "2026-02-04T21:10:00Z",
-    "notes": "1 event: Reinigungshilfe 10-15"
+    "notes": "tomorrow: Sessel Lieferung 12-17"
  },
  "watchlist": {
    "hamr_40tb": {
@ -43,5 +43,6 @@
      "lastKnownVersion": null,
      "status": "Feb 26 update: auto-memory, /copy command"
    }
-  }
+  },
+  "notes": "Tomorrow: Sessel Lieferung 12-17"
 }
--- a/memory/real-portfolio.json
+++ b/memory/real-portfolio.json
@ -27,6 +27,16 @@
  ],
  "totalInvested": 22200,
  "priceHistory": [
+    {
+      "timestamp": "2026-03-02T16:00:00Z",
+      "PICK": 63.31,
+      "note": "4:00 PM Vienna - PICK down -1.6% to $63.31 (from $64.34). Defense ETFs remain +14% YTD despite intraday volatility. Oil/gold holding gains. Broad selloff continues; defensive positioning outperforming."
+    },
+    {
+      "timestamp": "2026-03-02T15:01:00Z",
+      "PICK": 64.34,
+      "note": "3:01 PM Vienna - PICK steady $64.34 (+0.33% today). Defense ETFs +14% YTD. US-Iran war escalating, Brent toward $80. Broad equities down >1%, defense/commodities safe-haven strength intact."
+    },
    {
      "timestamp": "2026-03-02T14:09:00Z",
      "PICK": 64.34,
@ -55,6 +65,6 @@
      "note": "RHM at €1,663.50; recent earnings miss (-22.78%). Gold/metals/mining outperforming in 2026. Defense sector stable amid geopolitical tensions."
    }
  ],
-  "lastAnalysis": "2026-03-02T14:09:00Z",
-  "updateNote": "2:09 PM Vienna - PICK $64.34 (+0.33% today). Broad market down >1% (S&P, Nasdaq futures) as US-Iran war escalates & oil surges toward $80. Gold at $5,387 (22% YoY gain), silver spiking. Defense & commodities safe-haven outperformers. RHM thesis intact: Germany +45% defense budget 2026, NATO targeting 5% GDP by 2035. PICK miners benefit from commodity volatility & precious metals surge. No fresh opportunities identified—thesis alignment strong. HOLD all positions."
+  "lastAnalysis": "2026-03-02T15:01:00Z",
+  "updateNote": "3:01 PM Vienna - PICK $64.34 (+0.33% today). Defense ETFs up 14% YTD amid US-Iran escalation; oil toward $80/bbl, Strait of Hormuz disruption fears. Gold continues safe-haven run (+22% YoY). Broad equity selloff (-1%+) contrasts with defense/commodities strength. RHM thesis intact: German defense budget +45% in 2026, NATO 5% GDP target by 2035. PICK benefits from commodity volatility & precious metals demand. RHM.DE & DFNS.PA API gaps but geopolitical backdrop strongly favorable. No new opportunities identified—portfolio thesis aligned. HOLD all positions."
 }
--- a/projects/business/memory/bugs.md
+++ b/projects/business/memory/bugs.md
@ -1,3 +1,11 @@
+## BUG-098: Request interceptor leaks across browser pool pages after URL-to-PDF conversion
+- **Date:** 2026-03-02
+- **Severity:** MEDIUM
+- **Issue:** In `src/services/browser.ts`, `renderUrlPdf()` calls `page.setRequestInterception(true)` and adds a `page.on("request", ...)` listener for SSRF DNS pinning. `recyclePage()` never cleans these up. When the page is returned to the pool and reused, the stale interceptor blocks external resource requests (fonts, images, stylesheets) for subsequent HTML-to-PDF conversions. Successive URL-to-PDF calls on the same page also stack listeners.
+- **Impact:** After a URL-to-PDF conversion, any HTML-to-PDF conversion reusing the same page may fail to load external resources. Low probability in practice (depends on pool cycling) but a real data corruption vector.
+- **Fix:** Add `page.removeAllListeners("request")` and `page.setRequestInterception(false)` to `recyclePage()`.
+- **Status:** ✅ FIXED — commit 024fa00. recyclePage now calls removeAllListeners("request") + setRequestInterception(false). 1 test added (TDD red→green verified). 443 tests total. Deployed to staging.
+
 ## BUG-097: Footer "Support" link missing on /examples, /privacy, and /status pages
 - **Date:** 2026-03-02
 - **Severity:** LOW
--- a/projects/business/memory/sessions.md
+++ b/projects/business/memory/sessions.md
@ -1,5 +1,20 @@
 # Session Log

+## Session 119 — 2026-03-02 17:00 UTC (Monday Evening)
+- **Production:** v0.5.1 ✅ healthy, 2 replicas, 0 restarts, ~27h uptime
+- **Staging:** ✅ Updated to commit 024fa00 (29 commits ahead of prod)
+- **K8s cluster:** All 3 nodes Ready
+- **Support:** Zero tickets
+- **Completed:**
+  1. **BUG-098 discovery & fix (TDD)** — Found that `renderUrlPdf()` sets `page.setRequestInterception(true)` and adds request listener for SSRF DNS pinning, but `recyclePage()` never cleans them up. Stale interceptors could block external resources for subsequent HTML-to-PDF conversions on the same pooled page. Fix: added `removeAllListeners("request")` + `setRequestInterception(false)` to `recyclePage()`. Exported `recyclePage` for testability. TDD verified (red→green). 1 test added. Commit 024fa00.
+  2. **Repo cleanup** — Removed stale files: `\001@` (BUG-031), `bugs.md`, `state.json`, `sessions.md`, `decisions.md` (from session 1, superseded by project memory), `BACKUP_PROCEDURES.md`, `CI-CD-SETUP-COMPLETE.md`, `Dockerfile.backup`. Commits 5aee8ae, b05bd44.
+  3. **Manual staging build & deploy** — Built on k3s-mgr, imported to w2 containerd, restarted staging. Verified v0.5.2 healthy.
+- **Total tests:** 443 (all passing), 27 test files
+- **Open bugs:** ZERO 🎉
+- **CI runner:** Still absent. Ongoing blocker.
+- **Investor test:** All 5 checks pass ✅
+- **Recommendation:** Staging v0.5.2 is production-ready with ZERO open bugs, 443 tests, 29 commits ahead. Request investor approval for production tag.
+
 ## Session 118 — 2026-03-02 13:00 UTC (Monday Afternoon)
 - **Production:** v0.5.1 ✅ healthy, 2 replicas, 0 restarts, ~24h uptime
 - **Staging:** ✅ Updated to commit 6290c3e (26 commits ahead of prod)
--- a/projects/business/memory/state.json
+++ b/projects/business/memory/state.json
@ -3,7 +3,7 @@
  "phaseLabel": "Build Production-Grade Product",
  "status": "launch-ready",
  "product": "DocFast — HTML/Markdown to PDF API",
-  "currentPriority": "Production on v0.5.1. Staging updated to v0.5.2 (26 commits ahead, commit 6290c3e). CI runner still DOWN. npm audit 0 vulns. 442 tests passing (26 files). ZERO open bugs. Ready for production tag when investor approves.",
+  "currentPriority": "Production on v0.5.1. Staging updated to v0.5.2 (29 commits ahead, commit 024fa00). CI runner still DOWN. npm audit 0 vulns. 443 tests passing (27 files). ZERO open bugs. Ready for production tag when investor approves.",
  "ownerDirectives_PRIORITY": "Process these IN ORDER. Do not skip. Remove items marked ✅ DONE/FIXED during housekeeping.",
  "ownerDirectives": [
    "Stripe Product ID for DocFast: prod_TygeG8tQPtEAdE — webhook handler must filter by this product_id to ignore events from other projects on the same Stripe account."
@ -81,9 +81,9 @@
    "HIGH": [],
    "MEDIUM": [],
    "LOW": [],
-    "note": "All bugs resolved. BUG-095 and BUG-097 fixed in commit 6290c3e. BUG-096 was false positive."
+    "note": "All bugs resolved. BUG-098 (request interceptor leak) fixed in commit 024fa00. BUG-095/097 fixed 6290c3e. BUG-096 false positive."
  },
  "blockers": [],
  "startDate": "2026-02-14",
-  "sessionCount": 118
+  "sessionCount": 119
 }