session 137: BUG-106/107 fixed, multi-pod cache consistency

memory/portfolio.json

@@ -55,11 +55,11 @@
   "lastUpdated": "2026-03-06T09:15:00Z",
   "closingSnapshot": {
     "date": "2026-03-06",
-    "DFNS": 62.05,
+    "DFNS": 62.30,
-    "portfolioValue": 1103.16,
+    "portfolioValue": 1107.94,
-    "dailyPL": 20.99,
+    "dailyPL": 19.38,
-    "dailyPLpct": 1.94,
+    "dailyPLpct": 1.78,
-    "totalReturn": 10.32
+    "totalReturn": 10.79
   },
   "pendingActions": []
 }

memory/real-portfolio.json

@@ -26,9 +26,21 @@
     }
   ],
   "totalInvested": 22200,
-  "lastAnalysis": "2026-03-06T16:00:00Z",
+  "lastAnalysis": "2026-03-06T18:10:00Z",
   "updateNote": "4:00 PM Vienna Thursday - RHM.DE €1,626–€1,638 range (+3.7% daily support). PICK $59.72 (-2.47% day, down from $61.23—mining weakness accelerating). DFNS.PA API unavailable but defense sector outperforming. RHM earnings March 11 catalyst key. PICK below $60 signals potential uranium rotation if <$58 support breaks. Defense thesis intact on geopolitical tensions. HOLD all positions; monitor PICK support at $58.",
   "priceHistory": [
+    {
+      "timestamp": "2026-03-06T18:10:00Z",
+      "RHM.DE": 1579.5,
+      "PICK": 57.06,
+      "note": "6:10 PM Vienna Friday (MARKET CLOSED) - RHM.DE €1,579.50 market close (held €1,600 support, -3.4% daily). PICK $57.06 market close (-2.94% day, confirmed below $58 rotation trigger all session). DFNS.PA API unavailable but defense sector outperforming per web search (One Big Beautiful Bill Act $113B front-loaded military modernization, Lockheed/RTX rallying). Mining weakness persists but copper/gold expected outperformers 2026 per sector research. RHM earnings catalyst March 11 remains key. HOLD RHM/DFNS; PICK rotation to copper/gold ETF viable on next weakness. No better N26 opportunities identified. API rate-limited."
+    },
+    {
+      "timestamp": "2026-03-06T17:08:00Z",
+      "RHM.DE": 1579.5,
+      "PICK": 57.06,
+      "note": "5:08 PM Vienna Friday (market close ~5:30 PM) - RHM.DE €1,579.50 holding support (-3.4% day). PICK $57.06 (-2.94% day, well below $58 rotation trigger). DFNS.PA API unavailable but defense thesis intact (earnings catalyst March 11, €129B defense budget approved). Mining weakness accelerating; uranium ETFs also down 5% today. HOLD all positions; PICK rotation to uranium viable next week on better entry. No new N26-accessible opportunities identified. Rate-limited on broader scans."
+    },
     {
       "timestamp": "2026-03-06T16:00:00Z",
       "PICK": 57.06,

projects/business/memory/bugs.md

@@ -1,3 +1,19 @@
+## BUG-107: Recover route uses in-memory cache only — recovery fails silently across pods
+- **Date:** 2026-03-06
+- **Severity:** MEDIUM
+- **Issue:** `POST /v1/recover` and `/v1/recover/verify` use `getAllKeys()` (in-memory cache) to find a user's key by email. In a 2-replica setup, if the key was created or email changed on another pod, the cache is stale. Recovery silently returns "recovery_sent" without actually sending an email (because it doesn't find the key), or verify returns "No API key found" despite the key existing in DB.
+- **Impact:** Users may be unable to recover their API key if they hit the "wrong" pod. Silent failure — no error shown.
+- **Fix:** Fall back to DB query when in-memory lookup fails.
+- **Status:** ✅ FIXED — commit b964b98. DB fallback in recover/verify endpoint. 2 TDD tests added (recover-db-fallback.test.ts). 520 tests total.
+
+## BUG-106: downgradeByCustomer only checks in-memory cache — cancellations can silently fail
+- **Date:** 2026-03-06
+- **Severity:** HIGH
+- **Issue:** `downgradeByCustomer()` in `src/services/keys.ts` only checks `keysCache` (in-memory). In 2-replica production, if a Stripe cancellation webhook hits a pod that doesn't have the key cached (pod restart, key created on other pod), the function returns `false` without checking DB. Customer keeps Pro access despite canceling their subscription.
+- **Impact:** Revenue leakage — canceled customers retain Pro tier indefinitely. Silent failure with no error log.
+- **Fix:** Add DB fallback: query `api_keys` table by `stripe_customer_id` when not found in cache, then update tier in DB and hydrate local cache.
+- **Status:** ✅ FIXED — commit b964b98. DB fallback + cache hydration. 2 TDD tests added (keys-downgrade.test.ts). 520 tests total.
+
 ## BUG-105: Go and PHP examples show non-existent SDK code
 - **Date:** 2026-03-05
 - **Severity:** MEDIUM

projects/business/memory/sessions.md

@@ -1,5 +1,26 @@
 # Session Log
 
+## Session 137 — 2026-03-06 19:00 UTC (Friday Evening)
+- **Production:** v0.5.1 ✅ healthy, 2 replicas, 0 restarts, ~8d uptime
+- **Staging:** v0.5.2 ✅ commit b964b98 (46+ commits ahead of prod)
+- **K8s cluster:** All 3 nodes Ready
+- **Support:** Zero tickets
+- **Completed:**
+  1. **Codebase audit — multi-pod cache consistency** — Identified two bugs where in-memory cache-only lookups silently fail in multi-replica deployments.
+  2. **BUG-106 fix (TDD): downgradeByCustomer DB fallback** — `downgradeByCustomer()` now queries the DB when cache misses, preventing canceled Stripe customers from retaining Pro access. Cache hydrated on fallback path. 2 TDD tests added.
+  3. **BUG-107 fix (TDD): recover route DB fallback** — `POST /v1/recover/verify` now falls back to DB when in-memory cache doesn't contain the email. Prevents silent recovery failures across pods. 2 TDD tests added.
+  4. **Infrastructure health check** — All 3 K8s nodes Ready, both prod replicas healthy, DB connected (PostgreSQL 17.4), browser pool 15/15.
+- **Total tests:** 520 (all passing, 0 errors), 38 test files
+- **Open bugs:** ZERO 🎉
+- **CI runner:** Still absent. Managed by Cloonar — needs investor action.
+- **Investor test:**
+  1. Would a stranger trust this with money? Yes ✅
+  2. Pod crash = data loss? No — CNPG WAL archiving + MinIO ✅
+  3. Free tier abuse? No — removed, demo rate-limited ✅
+  4. Pro key recovery? Yes — now with DB fallback across pods ✅
+  5. Every feature works? Yes ✅
+- **Recommendation:** Staging v0.5.2 production-ready. 46+ commits ahead with 520 tests. Awaiting investor approval for production tag.
+
 ## Session 136 — 2026-03-06 16:00 UTC (Friday Late Afternoon)
 - **Production:** v0.5.1 ✅ healthy, 2 replicas, 0 restarts, ~8d uptime
 - **Staging:** v0.5.2 ✅ commit 4473641 (45+ commits ahead of prod)

projects/business/memory/state.json

@@ -3,7 +3,7 @@
   "phaseLabel": "Build Production-Grade Product",
   "status": "launch-ready",
   "product": "DocFast — HTML/Markdown to PDF API",
-  "currentPriority": "Production on v0.5.1. Staging v0.5.2 (45+ commits ahead). npm audit 0 vulns. 516 tests passing (36 files). ZERO open bugs. ZERO unhandled test errors (fixed timer leaks). Ready for production tag when investor approves.",
+  "currentPriority": "Production on v0.5.1. Staging v0.5.2 (46+ commits ahead). npm audit 0 vulns. 520 tests passing (38 files). ZERO open bugs. Multi-pod cache consistency fixed (BUG-106, BUG-107). Ready for production tag when investor approves.",
   "ownerDirectives_PRIORITY": "Process these IN ORDER. Do not skip. Remove items marked ✅ DONE/FIXED during housekeeping.",
   "ownerDirectives": [
     "Stripe Product ID for DocFast: prod_TygeG8tQPtEAdE — webhook handler must filter by this product_id to ignore events from other projects on the same Stripe account."
@@ -83,7 +83,7 @@
     "LOW": [],
     "note": "All bugs resolved. BUG-105 fixed 4f6659c. BUG-104 fixed 503e651. BUG-103 (template validation bypass) fixed 47571c8. BUG-102 (sanitized options ignored) fixed ba2e542. BUG-101 (body limits) fixed c03f217. BUG-100 (flush poisoning) fixed d2f819d. BUG-099 (memory leak) fixed 5f776db. BUG-098 (interceptor leak) fixed 024fa00."
   },
-  "sessionCount": 136
+  "sessionCount": 137
   },
   "blockers": [],
   "startDate": "2026-02-14"