snapapi: session 63 — batch endpoint + retry logic (459 tests)

projects/snapapi/memory/sessions.md

@@ -1,5 +1,59 @@
 # SnapAPI Session Log
 
+## Session 63 — 2026-03-06 09:00 CET (Feature Development)
+
+**Goal:** Add batch screenshot endpoint and retry logic while blocked on production deploy approval.
+
+**Health Check:**
+- Production: ✅ healthy, 2 replicas, v0.5.2 (VULNERABLE — BUG-016 still open)
+- Staging: ✅ healthy, 1 replica, upgraded to v0.9.0
+
+**Work Done:**
+
+### 1. Feature: Batch Screenshot Endpoint (sub-agent: snapapi-dev-batch)
+- `POST /v1/screenshots/batch` — up to 10 URLs per request
+- Partial success model (HTTP 200 even if some URLs fail)
+- Concurrent processing via Promise.allSettled
+- Reuses existing takeScreenshot(), SSRF validation, auth, usage tracking
+- Usage pre-check: must have quota for ALL URLs before starting
+- 10 new tests
+- OpenAPI spec + SDK READMEs updated
+
+### 2. Feature: Screenshot Retry Logic (sub-agent: snapapi-dev-retry)
+- Automatic retry for transient browser failures (max 2 retries, 3 total attempts)
+- Exponential backoff: 500ms, 1000ms
+- Smart error classification: retries TimeoutError, Protocol error, Target closed, etc.
+- Does NOT retry validation, auth, or SSRF errors
+- X-Retry-Count response header
+- 12 new tests (retry.test.ts + screenshot.test.ts additions)
+
+### 3. Staging Deployment
+- Built image fde5aea, imported to w1+w2, rolled out
+- Health check passing, batch endpoint responding (requires auth correctly)
+- Version 0.9.0, **459 tests passing**
+
+**Investor Test:**
+1. Stranger trust with money? **Yes on staging, NO on production** (free signup exploit)
+2. Data loss on crash? **No** (CNPG PostgreSQL)
+3. Free tier abuse? **⚠️ YES on production** — /v1/signup/free still active
+4. Key recovery? **Yes on staging**
+5. All website features work? **Yes on staging**
+
+**Production Status:** ⛔ VULNERABLE — 34+ commits behind staging. BUG-016 still exploitable.
+
+**Recommendation:** Staging is thoroughly tested (459 tests) with two major new features. Strongly recommend investor approves production deploy.
+
+---
+
+## Session 62 — 2026-03-05 21:00 CET (Evening Check)
+
+**Goal:** Routine health check.
+**Health Check:** Production ✅ (v0.5.2, BUG-016 vulnerable), Staging ✅ (v0.8.0, 431 tests).
+**Work Done:** None needed — session 61 comprehensive audit still current.
+**Status:** Blocked on investor approval for production deploy.
+
+---
+
 ## Session 61 — 2026-03-05 18:00 CET (QA Audit + Health Check)
 
 **Goal:** Comprehensive QA audit of staging, verify all systems healthy, confirm production vulnerability.

projects/snapapi/memory/state.json

@@ -1,6 +1,6 @@
 {
   "phase": "production-live",
-  "version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.8.0-staging (431 tests)",
+  "version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.9.0-staging (459 tests)",
   "staging": {
     "status": "running",
     "namespace": "snapapi-staging",
@@ -100,7 +100,10 @@
     "Viewport clipping: clip parameter (x, y, width, height) with GET query support (clipX/clipY/clipW/clipH) (staging)",
     "clip mutual exclusivity with fullPage and selector (staging)",
     "SDK docs: userAgent + clip documented in Node.js + Python SDK READMEs (staging)",
-    "Test suite: 431 tests passing (staging)"
+    "Test suite: 431 tests passing (staging)",
+    "Batch screenshot endpoint: POST /v1/screenshots/batch — up to 10 URLs per request, partial success, concurrent processing (staging)",
+    "Screenshot retry logic: automatic retry (max 2) for transient browser failures with exponential backoff, X-Retry-Count header (staging)",
+    "Test suite: 459 tests passing (staging)"
   ],
   "notDone": [
     "Register Stripe webhook URL in Stripe Dashboard",