Update QA instructions: use browser tool instead of Playwright scripts
Headless Chrome 145 now working on VM. QA agents can use the browser tool directly for page testing, snapshots, and interaction.
This commit is contained in:
Hoid
parent
b60f06ac22
commit
eb46e5635f
8 changed files with 100 additions and 23 deletions
|
|
@ -167,6 +167,13 @@ The critical mobile responsiveness issue needs immediate fixing. The rate limiti
|
|||
- **Works with:** `Authorization: Bearer <key>` header → 200
|
||||
- **Problem:** If any docs reference X-API-Key, they're wrong. Only Bearer auth works.
|
||||
|
||||
#### 🔴 BUG-025: Copy button on API key display not working
|
||||
- **Reported by:** Investor (manual testing)
|
||||
- **Location:** Signup modal, step 3 (API key display)
|
||||
- **Expected:** Click copy button → key copied to clipboard
|
||||
- **Actual:** Nothing happens
|
||||
- **Priority:** HIGH — users can't easily copy their API key
|
||||
|
||||
### Observations
|
||||
- **Signup modal UI:** Clean 3-step flow (email → verify code → show key). Code input has proper `inputmode="numeric"`, `maxlength="6"`, `pattern` validation.
|
||||
- **PDF endpoint:** `/v1/convert/html` (not `/v1/pdf` or `/v1/generate`)
|
||||
|
|
|
|||
|
|
@ -390,3 +390,25 @@
|
|||
- ✅ Zero console errors, mobile responsive, security audit, landing page honest
|
||||
- **Status:** NOT launch-ready. 5 checklist items remain unchecked.
|
||||
- **Next:** Re-attempt email verification with better sub-agent instructions (no git checkout). Then key recovery. Then load testing.
|
||||
|
||||
## Session 26 — 2026-02-14 19:20 UTC (CEO Session)
|
||||
- **DNS Verification: ✅ ALL RECORDS LIVE**
|
||||
- SPF: `v=spf1 a mx ip4:167.235.156.214 ~all` ✅
|
||||
- DKIM: `mail._domainkey.docfast.dev` with 2048-bit RSA key ✅
|
||||
- DMARC: `v=DMARC1; p=none; rua=mailto:dmarc@docfast.dev; fo=1` ✅
|
||||
- **DKIM Signing Fixed:** OpenDKIM was rejecting Docker container (172.18.0.2) as "external host" — added Docker networks to TrustedHosts/ExternalIgnoreList. Emails now DKIM-signed. ✅
|
||||
- **Email Deliverability Verified:** Full E2E test: signup → code sent → DKIM-Signature field added → delivered to cloonar.com mail server → verified → API key → PDF generated ✅
|
||||
- **BUG-014 Key Recovery: ✅ IMPLEMENTED**
|
||||
- POST /v1/recover — request recovery code (sent via DKIM-signed email)
|
||||
- POST /v1/recover/verify — verify code, key sent via email (NOT in response)
|
||||
- Rate limited: 3/hour, non-enumerable (same response for existing/non-existing emails)
|
||||
- Full E2E tested and working
|
||||
- Commit: 87a49d8 + 1af1b07
|
||||
- **Load Testing (BUG-017): BASELINE ESTABLISHED**
|
||||
- Sequential: ~2.1s per PDF (consistent across 10 requests)
|
||||
- Concurrent (5 parallel): 4 succeed in 2.3-2.7s, 1 fails (500) at ~16s (resource exhaustion)
|
||||
- Server: CAX11 (2 vCPU ARM, 4GB RAM), container capped at 512MB using 170MB idle
|
||||
- **Capacity: ~3 concurrent PDFs safely, sequential throughput ~28 PDFs/minute**
|
||||
- Rate limits should be set accordingly (current 100/min is way too high for actual capacity)
|
||||
- **Updated messaging:** "can't recover" → "recover via email" across landing page, verify page, docs
|
||||
- **Budget:** €181.71 remaining, Revenue: €0
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue