SnapAPI session 65: PDF output feature + QA pass (490 tests)
This commit is contained in:
Hoid
parent
f3bba0a57f
commit
9f484a15cb
3 changed files with 66 additions and 4 deletions
|
|
@ -124,6 +124,24 @@
|
|||
- **Production:** Awaiting investor approval for v* tag
|
||||
|
||||
### BUG-011: No URL length limit (HIGH) — FIXED (staging)
|
||||
|
||||
## Open
|
||||
|
||||
### BUG-020: /status returns 200 instead of 301 redirect (LOW)
|
||||
- **Severity:** LOW
|
||||
- **Endpoint:** `GET /status`
|
||||
- **Expected:** 301 redirect to `/status.html` (consistent with /privacy, /terms, /impressum, /compare, /blog, /guides/quick-start which all 301)
|
||||
- **Actual:** Returns 200 serving the page directly
|
||||
- **Found:** Session 65b QA (2026-03-06)
|
||||
- **Impact:** Inconsistent clean URL behavior. All other clean URLs redirect to .html, /status does not. SEO implications (duplicate content at two URLs without redirect).
|
||||
|
||||
### BUG-021: Long URL validation untestable via playground due to shared rate limit (LOW)
|
||||
- **Severity:** LOW (testing gap, not a code bug)
|
||||
- **Endpoint:** `POST /v1/playground`
|
||||
- **Expected:** URL >2048 chars returns 400
|
||||
- **Actual:** Cannot verify — SSRF protection tests consume the 5 req/hour playground rate limit, so subsequent long URL test gets 429 instead of 400
|
||||
- **Found:** Session 65b QA (2026-03-06)
|
||||
- **Impact:** URL length validation cannot be independently verified via playground when other playground tests run first. Consider: rate limit should not apply before URL validation, or URL validation tests need a separate endpoint.
|
||||
- **Found:** Session 17 QA
|
||||
- **Impact:** Extremely long URLs could waste server resources
|
||||
- **Fix:** Added 2048 character URL length limit in SSRF validation (returns 400)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,46 @@
|
|||
# SnapAPI Session Log
|
||||
|
||||
## Session 65 — 2026-03-06 15:00 CET (PDF Feature + QA)
|
||||
|
||||
**Goal:** Add high-value PDF output feature + comprehensive staging QA pass.
|
||||
|
||||
**Health Check:**
|
||||
- Production: ✅ healthy, 2 replicas, v0.5.2 (VULNERABLE — BUG-016 still exploitable)
|
||||
- Staging: ✅ healthy, 1 replica, upgraded to staging-pdf (af76370)
|
||||
|
||||
**Work Done:**
|
||||
|
||||
### 1. Comprehensive Staging QA (sub-agent: snapapi-qa-65b)
|
||||
- 55 checks across 6 categories
|
||||
- **Result: ✅ PASS** — staging quality is good
|
||||
- 2 low-severity bugs found:
|
||||
- BUG-020 (LOW): /status returns 200 instead of 301 redirect (inconsistent with other clean URLs)
|
||||
- BUG-021 (LOW): Long URL validation untestable via playground due to rate limit ordering
|
||||
- All API endpoints, SSRF protection, 22 HTML pages, link audit, rate limiting: PASS
|
||||
|
||||
### 2. PDF Output Feature (sub-agent: snapapi-dev-pdf-2)
|
||||
- `format: "pdf"` option on POST/GET /v1/screenshot and playground
|
||||
- PDF options: pdfFormat (a4/letter/legal/a3), pdfLandscape, pdfPrintBackground, pdfScale (0.1-2.0), pdfMargin
|
||||
- Mutual exclusivity with selector/clip validated (400)
|
||||
- Playground: PDF works, watermark skipped
|
||||
- Content-Disposition: attachment; filename="screenshot.pdf"
|
||||
- 16 new tests (TDD: RED → GREEN)
|
||||
- Pushed: commit af76370
|
||||
- Deployed to staging, verified: 200 application/pdf
|
||||
|
||||
**Test Suite:** 490 tests passing (up from 474)
|
||||
|
||||
**Investor Test:**
|
||||
1. Stranger trust with money? **Yes on staging, NO on production**
|
||||
2. Data loss on crash? **No** (CNPG PostgreSQL)
|
||||
3. Free tier abuse? **⚠️ YES on production** — BUG-016 still active
|
||||
4. Key recovery? **Yes on staging**
|
||||
5. All website features work? **Yes on staging** — PDF output, 4 blog posts, 16+ pages
|
||||
|
||||
**Production Status:** ⛔ VULNERABLE — 37+ commits behind staging. Strongly recommend production deploy approval.
|
||||
|
||||
---
|
||||
|
||||
## Session 64 — 2026-03-06 12:00 CET (Quality & SEO)
|
||||
|
||||
**Goal:** OpenAPI spec cleanup + new blog post for SEO while blocked on production deploy.
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
{
|
||||
"phase": "production-live",
|
||||
"version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.9.0-staging (474 tests)",
|
||||
"version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.10.0-staging (490 tests)",
|
||||
"staging": {
|
||||
"status": "running",
|
||||
"namespace": "snapapi-staging",
|
||||
"replicas": 1,
|
||||
"image": "git.cloonar.com/openclawd/snapapi:staging-e7ef9d7",
|
||||
"image": "git.cloonar.com/openclawd/snapapi:staging-pdf",
|
||||
"healthCheck": "passing"
|
||||
},
|
||||
"production": {
|
||||
|
|
@ -106,7 +106,10 @@
|
|||
"Test suite: 459 tests passing (staging)",
|
||||
"OpenAPI spec cleanup: dynamic version from package.json, removed dead Signup tag, added cache to POST body (staging)",
|
||||
"Blog post: How to Capture Dark Mode Screenshots Automatically — darkMode parameter, CSS injection, dual OG images (staging)",
|
||||
"Test suite: 474 tests passing (staging)"
|
||||
"Test suite: 474 tests passing (staging)",
|
||||
"PDF output: format=pdf with paper size (a4/letter/legal/a3), landscape, printBackground, scale, margin options (staging)",
|
||||
"PDF in playground (no watermark), Content-Disposition header, mutual exclusivity with selector/clip (staging)",
|
||||
"Test suite: 490 tests passing (staging)"
|
||||
],
|
||||
"notDone": [
|
||||
"Register Stripe webhook URL in Stripe Dashboard",
|
||||
|
|
@ -129,6 +132,6 @@
|
|||
"priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS"
|
||||
}
|
||||
},
|
||||
"lastSession": "2026-03-06T11:00:00Z",
|
||||
"lastSession": "2026-03-06T14:00:00Z",
|
||||
"codeLocation": "Forgejo repo openclawd/SnapAPI. Clone: git clone forgejo-snapapi:openclawd/SnapAPI.git"
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue