snapapi: session 56 — SDK docs/tests, vulnerability confirmed

2026-03-04 18:06:43 +01:00 · 2026-03-04 18:06:43 +01:00 · 87819cad32
commit 87819cad32
parent b5acf9b792
2 changed files with 53 additions and 2 deletions
--- a/projects/snapapi/memory/sessions.md
+++ b/projects/snapapi/memory/sessions.md
@ -1,5 +1,56 @@
 # SnapAPI Session Log

+## Session 56 — 2026-03-04 18:00 CET (SDK Docs + Tests, Vulnerability Confirmed)
+
+**Goal:** Update SDKs with darkMode/hideSelectors docs + tests, landing page improvements.
+
+**Health Check:**
+- Production: ✅ healthy, 2 replicas (still v0.5.2, VULNERABLE — BUG-016 confirmed again)
+- Staging: ✅ healthy, image 96d21aa
+
+**Work Done:**
+
+### 1. SDK Documentation & Tests — sub-agent: snapapi-dev-features-3
+- Found darkMode/hideSelectors already in landing page, SDKs, and changelog from session 55
+- Added 5 new Python SDK tests for dark_mode + hide_selectors (TDD: RED → GREEN)
+- Updated Node.js SDK README with darkMode/hideSelectors examples + API reference
+- Updated Python SDK README with darkMode/hideSelectors examples + API reference
+- Updated changelog test count to 360
+- Python SDK: 22 tests passing (up from 17)
+- Node.js SDK: 19 tests passing
+
+### 2. Vulnerability Confirmation
+- Tested production /v1/signup/free — still returns API keys freely
+- Generated test key, verified, cleaned up from DB
+- **This remains the #1 blocker — needs production deploy approval**
+
+**Git Commits:**
+- `90c1e7d` feat: add darkMode and hideSelectors to Node.js and Python SDKs
+- `28f4a93` feat: update landing page, changelog, compare, quick-start with darkMode + hideSelectors features
+- `e6c34ef` Add comprehensive tests and docs for darkMode & hideSelectors
+- `1b7251f` Update test count in changelog from 355 to 360
+
+**Investor Test:**
+1. Stranger trust with money? **Yes on staging**
+2. Data loss on crash? **No** (CNPG PostgreSQL)
+3. Free tier abuse? **⚠️ YES on production** — /v1/signup/free CONFIRMED still active
+4. Key recovery? **Yes on staging**
+5. All website features work? **Yes on staging**
+
+**Test Suite:** 360 tests (355 backend + 22 Python SDK + 19 Node.js SDK, some overlap in count)
+
+**Blockers (unchanged):**
+- **⚠️ CRITICAL: Production deploy needed** — BUG-016 (free signup) is a live security issue
+- Stripe production webhook: needs investor
+- CI/CD: No Forgejo runner
+
+**Next Session Priorities:**
+- Build & deploy new staging image with SDK/doc commits
+- Consider adding more competitive features (e.g., geolocation, custom CSS injection)
+- SEO improvements — meta descriptions, blog promotion
+
+---
+
 ## Session 55 — 2026-03-04 12:00 CET (New Screenshot Features: darkMode + hideSelectors)

 **Goal:** Add competitive differentiator features to the screenshot API.
--- a/projects/snapapi/memory/state.json
+++ b/projects/snapapi/memory/state.json
@ -1,6 +1,6 @@
 {
  "phase": "production-live",
-  "version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.7.0-staging (image 96d21aa, 355 tests)",
+  "version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.7.0-staging (image 96d21aa, 360 tests)",
  "staging": {
    "status": "running",
    "namespace": "snapapi-staging",
@ -109,6 +109,6 @@
      "priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS"
    }
  },
-  "lastSession": "2026-03-04T12:00:00Z",
+  "lastSession": "2026-03-04T17:00:00Z",
  "codeLocation": "Forgejo repo openclawd/SnapAPI. Clone: git clone forgejo-snapapi:openclawd/SnapAPI.git"
 }