snapapi: update bugs + state for BUG-010 fix and playground enhancement

projects/business/memory/bugs.md

@@ -899,4 +899,4 @@ Container restart appears to have been clean. All services came back online prop
 - **Root cause:** Build system confusion — two different templating approaches coexist
 - **Fix needed (immediate):** Apply fixes to `public/src/index.html` and `public/partials/` instead
 - **Fix needed (long-term):** Consolidate to ONE build system. Either remove `templates/` or remove `public/src/`.
-- **Status:** ✅ FIXED (immediate) — commit b476b0b applies all changes to correct source files. Long-term consolidation still needed.
+- **Status:** ✅ FIXED (FULLY) — commit b476b0b (immediate fix) + commit ca72f04 (long-term: deleted templates/pages/ and build-pages.js, consolidated to single build-html.cjs system).

projects/business/memory/sessions.md

@@ -1683,3 +1683,22 @@
 - **Lesson learned:** Always verify changes on staging after CI build, and document which source files the Docker build uses
 - **Investor Test:** All 5 ✅
 - **Budget:** €181.71 remaining, Revenue: €9
+
+## Session 76 — 2026-02-22 07:00 UTC (Sunday Morning)
+- **Production health:** v0.4.3, all green, 24h uptime, DB connected, pool 15/15
+- **Staging:** v0.4.5, healthy
+- **Support:** Zero tickets
+- **Completed:**
+  1. **Build system consolidated (BUG-084 long-term fix):** Deleted dead `templates/pages/` dir + `build-pages.js` (1,389 lines of dead code removed). `build-html.cjs` is now the single build system. JS minification already integrated. Commit ca72f04.
+  2. **Test coverage 3x'd:** Expanded from 136→402 lines, 9→27 test cases. New coverage: demo endpoints, URL→PDF, SSRF protection, PDF options, error edge cases, health endpoint details. Commit 52e9b86.
+- **Spawned 2 sub-agents:**
+  - docfast-build-consolidation: Build system cleanup
+  - docfast-test-coverage: Test expansion
+- **CI runner:** Still offline (no Forgejo runner pods). Staging running from previous manual deploy.
+- **Investor Test:** All 5 ✅
+- **Budget:** €181.71 remaining, Revenue: €9
+- **Pending:**
+  - CI runner needs to come online to deploy latest commits to staging
+  - v0.4.5+ production tag (awaiting investor approval)
+  - npm/PyPI tokens for SDK publishing
+  - Google Search Console verification

projects/business/memory/state.json

@@ -3,7 +3,7 @@
   "phaseLabel": "Build Production-Grade Product",
   "status": "launch-ready",
   "product": "DocFast \u2014 HTML/Markdown to PDF API",
-  "currentPriority": "v0.4.5 on staging (CI runner offline). All 5 SDKs built (Node.js, Python, Go, PHP, Laravel). OpenAPI docs now complete with all Puppeteer PDF options. Next: CI runner needs to come online, then verify staging, get investor approval for prod tag. Still need npm/PyPI tokens to publish SDKs.",
+  "currentPriority": "v0.4.5 on staging. Build system consolidated (BUG-084 fully resolved), test coverage 3x'd (136→402 lines). CI runner still offline. Next: CI runner needs to come online to deploy latest, then get investor approval for prod tag. Still need npm/PyPI tokens to publish SDKs.",
   "ownerDirectives_PRIORITY": "Process these IN ORDER. Do not skip. Remove items marked ✅ DONE/FIXED during housekeeping.",
   "ownerDirectives": [
     "Stripe Product ID for DocFast: prod_TygeG8tQPtEAdE — webhook handler must filter by this product_id to ignore events from other projects on the same Stripe account."

projects/snapapi/memory/bugs.md

@@ -52,6 +52,14 @@
 - **Deployed to staging:** Yes (commit db0d4eee)
 - **Production:** Awaiting investor approval for v* tag
 
+### BUG-010: Privacy Policy page returns 404 (CRITICAL) — FIXED (staging)
+- **Found:** Session 12 (investor-reported)
+- **Impact:** /privacy returns 404 — legal pages broken. Footer links on terms/impressum/privacy pages used `/privacy` without `.html` extension.
+- **Root cause:** express.static only serves files by exact filename; no route handler for extensionless URLs
+- **Fix:** Added 301 redirects for `/privacy`, `/terms`, `/impressum`, `/status` → `.html` variants. Also fixed all internal links to consistently use `.html` extension.
+- **Deployed to staging:** Yes (commit db1fa8d). Full link crawl: zero 404s across all pages.
+- **Production:** Awaiting investor approval for v* tag
+
 ## Open
 
 ### BUG-007: Simultaneous browser restart causes QUEUE_FULL (HIGH) — FIXED (staging)

projects/snapapi/memory/sessions.md

@@ -1,5 +1,34 @@
 # SnapAPI Session Log
 
+## Session 13 — 2026-02-22 (Sunday Health Check)
+
+**Goal:** Sunday check-in — verify production health.
+
+### What Was Done
+
+1. **Production health verified:**
+   - Both pods running (k3s-w1, k3s-w2), 44h uptime, 0 restarts
+   - Health endpoint: OK, 8/8 browser pages available, 0 queue depth
+   - Playground tested: 200 OK, 95KB screenshot in 2.8s
+   - All systems nominal
+
+2. **No new work spawned** — all actionable items blocked on investor decisions (unchanged from Session 12).
+
+### Investor Test — Session 13
+1. **Trust with money?** → YES
+2. **Pod crash data loss?** → No
+3. **Free tier abuse?** → Protected (5/hr/IP playground limit)
+4. **Key recovery?** → Via Stripe (when webhook registered)
+5. **Website features work?** → All work; BUG-007/008/009 fixes on staging awaiting prod tag
+
+### Pending Investor Decisions (unchanged)
+- **Tag v0.4.4+ for production** — BUG-007 (browser 503s), BUG-008 (FAQ), BUG-009 (copy), SEO
+- **Stripe webhook URL** registration in dashboard
+- **Forgejo token** with write:repository scope (CI/CD)
+- **DNS for staging.snapapi.eu**
+
+---
+
 ## Session 12 — 2026-02-21 (Health Check + Status Review)
 
 **Goal:** Saturday check-in — verify production health, assess readiness.

projects/snapapi/memory/state.json

@@ -1,6 +1,6 @@
 {
   "phase": "production-live",
-  "version": "0.4.3-prod / 0.4.4-staging",
+  "version": "0.4.3-prod / 0.4.5-staging",
   "staging": {
     "status": "running",
     "namespace": "snapapi-staging",

skills/ceo-common/CEO-BASE.md

@@ -158,3 +158,4 @@ Every frontend change must maintain or improve accessibility:
 - **Deploying infrastructure that is explicitly marked as managed externally**
 - **Featuring constraints instead of value** — only advertise what customers gain, never what limits them. If it doesn't make someone want to buy, it doesn't belong on the landing page.
 - **Skipping interactive QA on the website** — every session that touches the frontend must test ALL interactive elements (buttons, links, accordions, modals, forms)
+- **Shipping without full link audit** — every QA pass must crawl ALL internal links (nav, footer, legal pages, CTAs) and verify none return 404. A broken link on a live site is inexcusable.