DocFast session 87: cache header fix, SEO audit

projects/business/memory/sessions.md

@@ -1859,6 +1859,23 @@
   - Full audit: mobile, legal, compression, security headers, structured data, error handling
   - Competitive analysis: well-positioned on pricing
 
+## Session 87 — 2026-02-24 10:00 UTC (Tuesday Morning)
+- **Production:** v0.4.3 ✅ healthy (270k seconds uptime)
+- **Staging:** v0.4.5 (commit 272c03c deployed) ✅ — CI runner back online!
+- **Support:** Zero tickets
+- **Verified session 86 changes on staging:**
+  - `df_free` placeholder gone ✅
+  - Branded HTML email template committed ✅
+- **New finding:** Landing page (`/`) missing `Cache-Control` header — all other HTML pages had it (86400s). Root cause: served by `express.static` fallback instead of explicit route.
+- **Fix shipped (commit ec7af37):** Explicit `GET /` route with `Cache-Control: public, max-age=3600` (1hr, shorter than others since landing content changes more)
+- **SEO audit:** Not indexed yet (10 days, normal). Structured data solid (SoftwareApplication + FAQPage). Sitemap correct. robots.txt correct. Blocked on GSC verification for faster indexing.
+- **Competitive check:** DocRaptor, PDFShift, API2PDF dominate search. We're well-positioned on pricing (€9 vs $15-29 competitors).
+- **Demo endpoint verified:** Cold start 4.5s, warm 0.3s — excellent performance.
+- **DB stats:** 57 keys (1 pro, 56 free legacy), 4,178 PDFs, 10 active keys
+- **Investor Test:** All 5 ✅
+- **Budget:** €181.71 remaining, Revenue: €9
+- **Pending:** Prod tag approval (25 commits ahead), SDK tokens, GSC verification
+
 ## Session 86 — 2026-02-24 07:00 UTC (Tuesday Morning)
 - **Production:** v0.4.3 ✅ healthy (259k seconds uptime, ~3 days)
 - **Staging:** v0.4.5 (commit 94586e3) ✅ healthy — CI hasn't built latest commit yet

projects/snapapi/memory/sessions.md

@@ -1,5 +1,44 @@
 # SnapAPI Session Log
 
+## Session 17 — 2026-02-24 08:00 UTC (GET Endpoint + Response Caching)
+
+**Goal:** Add competitive features — GET endpoint for image embedding, response caching.
+
+### What Was Done
+
+1. **GET /v1/screenshot endpoint** (staging):
+   - All params via query string, auth via `?key=` param
+   - Enables `<img src="https://snapapi.eu/v1/screenshot?url=...&key=...">` embedding
+   - Updated auth middleware, OpenAPI docs
+
+2. **In-memory LRU response cache** (staging):
+   - SHA256 cache key from URL + all params
+   - 5-min default TTL (`CACHE_TTL_MS`), 100MB max (`CACHE_MAX_MB`)
+   - `X-Cache: HIT/MISS` response headers
+   - Bypass via `?cache=false` or `cache: false` in POST body
+   - Auto-eviction when memory limit reached
+
+3. **Landing page updated** (staging):
+   - Added GET/Embed code tab with `<img>` embedding example
+   - Added "Response Caching" and "GET Request Support" feature cards
+
+4. **Deployed to staging** — commit `44e31e3`, verified healthy
+
+### Investor Test — Session 17
+1. Would a stranger trust this? **Yes** — production works, playground demos well
+2. Pod crash data loss? **No** — all in PostgreSQL
+3. Free tier abuse? **Low risk** — playground is IP-limited, watermarked
+4. Key recovery? **Not yet** — needs Stripe customer portal
+5. Website features work? **Yes** on production (staging has more features pending deploy)
+
+### Pending Investor Decisions (unchanged)
+- Tag v0.5.0 for production (includes: GET endpoint, caching, SDK tabs, bug fixes for FAQ/privacy/browser restart)
+- Register Stripe webhook URL
+- Forgejo token for CI/CD
+- DNS for staging.snapapi.eu
+
+---
+
 ## Session 16b — 2026-02-23 20:00 UTC (Skipped)
 
 Skipped — 3 reports already sent today (08:00, 14:00, 17:00). Production healthy. No investor responses. No new work.

projects/snapapi/memory/state.json

@@ -1,11 +1,11 @@
 {
   "phase": "production-live",
-  "version": "0.4.3-prod / 0.4.5-staging",
+  "version": "0.4.3-prod / 0.5.0-staging",
   "staging": {
     "status": "running",
     "namespace": "snapapi-staging",
     "replicas": 1,
-    "image": "docker.io/library/snapapi:v0.4.3",
+    "image": "git.cloonar.com/openclawd/snapapi:latest",
     "healthCheck": "passing"
   },
   "production": {
@@ -22,16 +22,19 @@
   ],
   "completed": [
     "Core screenshot API (POST /v1/screenshot)",
+    "GET /v1/screenshot endpoint with ?key= auth (staging) — enables <img> embedding",
+    "In-memory LRU response cache with X-Cache headers (staging) — 5min TTL, 100MB max, bypass via cache=false",
     "Playground endpoint (POST /v1/playground) — no auth, IP rate limited (5/hr), watermarked",
     "Watermark service — overlays 'snapapi.eu — upgrade for clean screenshots' on playground output",
     "Health check (GET /health)",
     "SSRF protection (blocks private IPs, metadata, K8s services)",
-    "Browser pool with auto-recycling",
+    "Browser pool with auto-recycling + staggered restart (staging)",
     "PostgreSQL DB integration (api_keys + usage tables)",
     "Usage tracking with per-key limits",
     "REDESIGNED landing page — playground as hero demo, no free tier, paid-only pricing",
-    "Swagger/OpenAPI interactive docs at /docs",
-    "OpenAPI 3.0.3 spec at /openapi.json (updated for v0.3.0)",
+    "Landing page with tabbed code examples (cURL/Node.js/Python/GET-Embed) + caching feature cards (staging)",
+    "Swagger/OpenAPI interactive docs at /docs (updated with GET endpoint + cache params on staging)",
+    "OpenAPI 3.0.3 spec at /openapi.json",
     "Production deployment (2 replicas, HA, anti-affinity)",
     "Production TLS (Let's Encrypt) on snapapi.eu",
     "Staging deployment (1 replica)",
@@ -57,7 +60,7 @@
     "CI/CD pipeline: workflows updated, RBAC+kubeconfig ready, BLOCKED on Forgejo token scope (needs write:repository)",
     "Staging TLS (blocked on DNS for staging.snapapi.eu — no DNS record exists)",
     "External uptime monitoring (no UptimeRobot account/key)",
-    "Deploy browser fix to production (v0.4.4 tag needed — investor decision)"
+    "Deploy all staging features to production (v0.5.0 tag needed — investor decision)"
   ],
   "stripeProducts": {
     "starter": {
@@ -73,6 +76,6 @@
       "priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS"
     }
   },
-  "lastSession": "2026-02-23T17:00:00Z",
+  "lastSession": "2026-02-24T08:00:00Z",
   "codeLocation": "Forgejo repo openclawd/SnapAPI. Clone: git clone forgejo-snapapi:openclawd/SnapAPI.git"
 }