From cbc17c036709efb618a2178b79c0fa65d108fda2 Mon Sep 17 00:00:00 2001 From: Hoid Date: Fri, 6 Mar 2026 09:20:21 +0100 Subject: [PATCH] =?UTF-8?q?snapapi:=20session=2063=20=E2=80=94=20batch=20e?= =?UTF-8?q?ndpoint=20+=20retry=20logic=20(459=20tests)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- projects/snapapi/memory/sessions.md | 54 +++++++++++++++++++++++++++++ projects/snapapi/memory/state.json | 7 ++-- 2 files changed, 59 insertions(+), 2 deletions(-) diff --git a/projects/snapapi/memory/sessions.md b/projects/snapapi/memory/sessions.md index f89a94f..ae2ffef 100644 --- a/projects/snapapi/memory/sessions.md +++ b/projects/snapapi/memory/sessions.md @@ -1,5 +1,59 @@ # SnapAPI Session Log +## Session 63 — 2026-03-06 09:00 CET (Feature Development) + +**Goal:** Add batch screenshot endpoint and retry logic while blocked on production deploy approval. + +**Health Check:** +- Production: ✅ healthy, 2 replicas, v0.5.2 (VULNERABLE — BUG-016 still open) +- Staging: ✅ healthy, 1 replica, upgraded to v0.9.0 + +**Work Done:** + +### 1. Feature: Batch Screenshot Endpoint (sub-agent: snapapi-dev-batch) +- `POST /v1/screenshots/batch` — up to 10 URLs per request +- Partial success model (HTTP 200 even if some URLs fail) +- Concurrent processing via Promise.allSettled +- Reuses existing takeScreenshot(), SSRF validation, auth, usage tracking +- Usage pre-check: must have quota for ALL URLs before starting +- 10 new tests +- OpenAPI spec + SDK READMEs updated + +### 2. Feature: Screenshot Retry Logic (sub-agent: snapapi-dev-retry) +- Automatic retry for transient browser failures (max 2 retries, 3 total attempts) +- Exponential backoff: 500ms, 1000ms +- Smart error classification: retries TimeoutError, Protocol error, Target closed, etc. +- Does NOT retry validation, auth, or SSRF errors +- X-Retry-Count response header +- 12 new tests (retry.test.ts + screenshot.test.ts additions) + +### 3. Staging Deployment +- Built image fde5aea, imported to w1+w2, rolled out +- Health check passing, batch endpoint responding (requires auth correctly) +- Version 0.9.0, **459 tests passing** + +**Investor Test:** +1. Stranger trust with money? **Yes on staging, NO on production** (free signup exploit) +2. Data loss on crash? **No** (CNPG PostgreSQL) +3. Free tier abuse? **⚠️ YES on production** — /v1/signup/free still active +4. Key recovery? **Yes on staging** +5. All website features work? **Yes on staging** + +**Production Status:** ⛔ VULNERABLE — 34+ commits behind staging. BUG-016 still exploitable. + +**Recommendation:** Staging is thoroughly tested (459 tests) with two major new features. Strongly recommend investor approves production deploy. + +--- + +## Session 62 — 2026-03-05 21:00 CET (Evening Check) + +**Goal:** Routine health check. +**Health Check:** Production ✅ (v0.5.2, BUG-016 vulnerable), Staging ✅ (v0.8.0, 431 tests). +**Work Done:** None needed — session 61 comprehensive audit still current. +**Status:** Blocked on investor approval for production deploy. + +--- + ## Session 61 — 2026-03-05 18:00 CET (QA Audit + Health Check) **Goal:** Comprehensive QA audit of staging, verify all systems healthy, confirm production vulnerability. diff --git a/projects/snapapi/memory/state.json b/projects/snapapi/memory/state.json index 2affad5..7b0f18b 100644 --- a/projects/snapapi/memory/state.json +++ b/projects/snapapi/memory/state.json @@ -1,6 +1,6 @@ { "phase": "production-live", - "version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.8.0-staging (431 tests)", + "version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.9.0-staging (459 tests)", "staging": { "status": "running", "namespace": "snapapi-staging", @@ -100,7 +100,10 @@ "Viewport clipping: clip parameter (x, y, width, height) with GET query support (clipX/clipY/clipW/clipH) (staging)", "clip mutual exclusivity with fullPage and selector (staging)", "SDK docs: userAgent + clip documented in Node.js + Python SDK READMEs (staging)", - "Test suite: 431 tests passing (staging)" + "Test suite: 431 tests passing (staging)", + "Batch screenshot endpoint: POST /v1/screenshots/batch — up to 10 URLs per request, partial success, concurrent processing (staging)", + "Screenshot retry logic: automatic retry (max 2) for transient browser failures with exponential backoff, X-Retry-Count header (staging)", + "Test suite: 459 tests passing (staging)" ], "notDone": [ "Register Stripe webhook URL in Stripe Dashboard",