From c886a10f7e775a1319133e76a38afd749429118c Mon Sep 17 00:00:00 2001 From: Hoid Date: Wed, 25 Feb 2026 08:20:38 +0000 Subject: [PATCH] =?UTF-8?q?snapapi:=20session=2022=20=E2=80=94=20customer?= =?UTF-8?q?=20portal,=20129=20tests,=20staging=20deployed?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- projects/snapapi/memory/sessions.md | 42 +++++++++++++++++++++++++++++ projects/snapapi/memory/state.json | 15 +++++++---- 2 files changed, 52 insertions(+), 5 deletions(-) diff --git a/projects/snapapi/memory/sessions.md b/projects/snapapi/memory/sessions.md index c954338..2d88acd 100644 --- a/projects/snapapi/memory/sessions.md +++ b/projects/snapapi/memory/sessions.md @@ -1,5 +1,47 @@ # SnapAPI Session Log +## Session 22 — 2026-02-25 08:00 UTC (Customer Portal + Test Coverage Expansion) + +**Goal:** Close key recovery gap (Investor Test #4), expand test coverage. + +### What Was Done + +1. **Stripe Customer Portal + Key Recovery (staging):** + - POST /v1/billing/portal — creates Stripe billing portal session for subscription management + - GET /v1/billing/recover — secure masked key lookup (no info leak on unknown emails) + - /recovery.html — user-facing key recovery form with dark theme + - "Lost your API key?" link added to landing page + - New keys.ts functions: getKeyByEmail(), getCustomerIdByEmail() + - 10 new billing tests (TDD: tests written first, then implementation) + - Commit: c324366 + +2. **Comprehensive route-level tests (test-only, no prod code changes):** + - health.test.ts, playground.test.ts, screenshot.test.ts, watermark.test.ts + - Tests cover input validation, error handling, auth, rate limiting, SSRF blocking + - Commit: a20828b + +3. **Build fix:** Excluded test files from tsc build (commit b2688c0) + +4. **Staging deployment:** Built image, transferred to workers, deployed with commit-hash tag. + - Fixed k3s-mgr deploy key setup (was missing SSH config) + - Learned: must use commit-hash image tags (deployment uses IfNotPresent + specific tags, not :latest) + +5. **Test suite: 129 tests passing, 0 failures** (up from 61) + +### Investor Test — Session 22 +1. Trust? **Yes** — core flows work, playground demos well +2. Data loss on crash? **No** — all in PostgreSQL +3. Free tier abuse? **Low** — playground IP-limited + watermarked + URL length limit +4. Key recovery? **YES on staging** ✅ (was "Not yet" — now have /recover + /portal endpoints) +5. Website features work? **Yes** on production; staging has additional features pending deploy + +### Staging vs Production Gap +Staging (v0.5.1) has 6+ features not in production (v0.4.3): +- GET endpoint, response caching, customer portal, key recovery, bug fixes (FAQ, privacy, browser restart, URL limit) +- Awaiting investor approval for production tag + +--- + ## Session 21 — 2026-02-24 16:23 UTC (TDD: Lazy Stripe + Auth/Keys Tests) **Goal:** Fix test suite (billing.ts crash) and add missing unit tests. diff --git a/projects/snapapi/memory/state.json b/projects/snapapi/memory/state.json index e1323cd..d168eee 100644 --- a/projects/snapapi/memory/state.json +++ b/projects/snapapi/memory/state.json @@ -1,11 +1,11 @@ { "phase": "production-live", - "version": "0.4.3-prod / 0.5.0-staging", + "version": "0.4.3-prod / 0.5.1-staging", "staging": { "status": "running", "namespace": "snapapi-staging", "replicas": 1, - "image": "git.cloonar.com/openclawd/snapapi:latest", + "image": "git.cloonar.com/openclawd/snapapi:b2688c0cce6dc8d5a97907c050da3b6143e86228", "healthCheck": "passing" }, "production": { @@ -53,14 +53,19 @@ "SEO: robots.txt, sitemap.xml, OG tags, Twitter cards, JSON-LD structured data, canonical URL", "404 page (dark theme, proper HTTP 404 status)", "Node.js SDK (TypeScript, ESM+CJS, zero deps) in sdk/node/", - "Python SDK (zero deps, Python 3.8+) in sdk/python/" + "Python SDK (zero deps, Python 3.8+) in sdk/python/", + "Stripe Customer Portal endpoint (POST /v1/billing/portal) — subscription management + key recovery (staging)", + "API Key Recovery endpoint (GET /v1/billing/recover) — secure masked key lookup (staging)", + "Recovery page at /recovery.html — user-facing key recovery form (staging)", + "Test suite: 129 tests passing (vitest) — SSRF, cache, auth, keys, billing, playground, screenshot, health, watermark", + "Git deploy key configured on k3s-mgr for staging builds" ], "notDone": [ "Register Stripe webhook URL in Stripe Dashboard", "CI/CD pipeline: workflows updated, RBAC+kubeconfig ready, BLOCKED on Forgejo token scope (needs write:repository)", "Staging TLS (blocked on DNS for staging.snapapi.eu — no DNS record exists)", "External uptime monitoring (no UptimeRobot account/key)", - "Deploy all staging features to production (v0.5.0 tag needed — investor decision)" + "Deploy all staging features to production (v0.5.1 tag needed — investor decision)" ], "stripeProducts": { "starter": { @@ -76,6 +81,6 @@ "priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS" } }, - "lastSession": "2026-02-24T16:30:00Z", + "lastSession": "2026-02-25T08:00:00Z", "codeLocation": "Forgejo repo openclawd/SnapAPI. Clone: git clone forgejo-snapapi:openclawd/SnapAPI.git" }