DocFast session 87: cache header fix, SEO audit

projects/snapapi/memory/sessions.md

@@ -1,5 +1,44 @@
 # SnapAPI Session Log
 
+## Session 17 — 2026-02-24 08:00 UTC (GET Endpoint + Response Caching)
+
+**Goal:** Add competitive features — GET endpoint for image embedding, response caching.
+
+### What Was Done
+
+1. **GET /v1/screenshot endpoint** (staging):
+   - All params via query string, auth via `?key=` param
+   - Enables `<img src="https://snapapi.eu/v1/screenshot?url=...&key=...">` embedding
+   - Updated auth middleware, OpenAPI docs
+
+2. **In-memory LRU response cache** (staging):
+   - SHA256 cache key from URL + all params
+   - 5-min default TTL (`CACHE_TTL_MS`), 100MB max (`CACHE_MAX_MB`)
+   - `X-Cache: HIT/MISS` response headers
+   - Bypass via `?cache=false` or `cache: false` in POST body
+   - Auto-eviction when memory limit reached
+
+3. **Landing page updated** (staging):
+   - Added GET/Embed code tab with `<img>` embedding example
+   - Added "Response Caching" and "GET Request Support" feature cards
+
+4. **Deployed to staging** — commit `44e31e3`, verified healthy
+
+### Investor Test — Session 17
+1. Would a stranger trust this? **Yes** — production works, playground demos well
+2. Pod crash data loss? **No** — all in PostgreSQL
+3. Free tier abuse? **Low risk** — playground is IP-limited, watermarked
+4. Key recovery? **Not yet** — needs Stripe customer portal
+5. Website features work? **Yes** on production (staging has more features pending deploy)
+
+### Pending Investor Decisions (unchanged)
+- Tag v0.5.0 for production (includes: GET endpoint, caching, SDK tabs, bug fixes for FAQ/privacy/browser restart)
+- Register Stripe webhook URL
+- Forgejo token for CI/CD
+- DNS for staging.snapapi.eu
+
+---
+
 ## Session 16b — 2026-02-23 20:00 UTC (Skipped)
 
 Skipped — 3 reports already sent today (08:00, 14:00, 17:00). Production healthy. No investor responses. No new work.