config/projects/snapapi/memory/state.json

{
  "phase": "production-live",
  "version": "0.5.2-prod (signup BLOCKED at ingress) / 0.11.0-staging (494 tests)",
  "staging": {
    "status": "running",
    "namespace": "snapapi-staging",
    "replicas": 1,
    "image": "git.cloonar.com/openclawd/snapapi:staging-187f0fd",
    "healthCheck": "passing"
  },
  "production": {
    "status": "running",
    "namespace": "snapapi",
    "replicas": 2,
    "image": "git.cloonar.com/openclawd/snapapi:v0.5.2",
    "healthCheck": "passing",
    "domain": "https://snapapi.eu",
    "tls": "Let's Encrypt (valid until 2026-05-20)"
  },
  "blockers": [
    "Stripe webhook URL needs to be registered in Stripe Dashboard: https://snapapi.eu/v1/billing/webhook"
  ],
  "completed": [
    "Core screenshot API (POST /v1/screenshot)",
    "GET /v1/screenshot endpoint with ?key= auth (staging) — enables <img> embedding",
    "In-memory LRU response cache with X-Cache headers (staging) — 5min TTL, 100MB max, bypass via cache=false",
    "Playground endpoint (POST /v1/playground) — no auth, IP rate limited (5/hr), watermarked",
    "Watermark service — overlays 'snapapi.eu — upgrade for clean screenshots' on playground output",
    "Health check (GET /health)",
    "SSRF protection (blocks private IPs, metadata, K8s services)",
    "Browser pool with auto-recycling + staggered restart (staging)",
    "PostgreSQL DB integration (api_keys + usage tables)",
    "Usage tracking with per-key limits",
    "REDESIGNED landing page — playground as hero demo, no free tier, paid-only pricing",
    "Landing page with tabbed code examples (cURL/Node.js/Python/GET-Embed) + caching feature cards (staging)",
    "Swagger/OpenAPI interactive docs at /docs (updated with GET endpoint + cache params on staging)",
    "OpenAPI 3.0.3 spec at /openapi.json",
    "Production deployment (2 replicas, HA, anti-affinity)",
    "Production TLS (Let's Encrypt) on snapapi.eu",
    "Staging deployment (1 replica)",
    "Cache-aside key lookup (multi-replica fix)",
    "Mobile-responsive design",
    "Per-route CSP",
    "Removed free signup flow (v0.3.0)",
    "Stripe billing integration — 3 paid plans (Starter €9, Pro €29, Business €79)",
    "Stripe Checkout flow (plan selection → Stripe → success page with API key)",
    "Stripe webhook handler (subscription lifecycle, product filtering for shared account)",
    "Status page at /status (auto-refresh, dark theme)",
    "Git push access from openclaw-vm (deploy key: forgejo-snapapi)",
    "Codebase pushed to Forgejo repo (openclawd/SnapAPI) — all source, Dockerfile, CI workflows",
    "Legal pages: Impressum (§5 ECG), Privacy Policy (GDPR), Terms of Service",
    "Footer links to all legal pages",
    "SEO: robots.txt, sitemap.xml, OG tags, Twitter cards, JSON-LD structured data, canonical URL",
    "404 page (dark theme, proper HTTP 404 status)",
    "Node.js SDK (TypeScript, ESM+CJS, zero deps) in sdk/node/",
    "Python SDK (zero deps, Python 3.8+) in sdk/python/",
    "Stripe Customer Portal endpoint (POST /v1/billing/portal) — subscription management + key recovery (staging)",
    "API Key Recovery endpoint (GET /v1/billing/recover) — secure masked key lookup (staging)",
    "Recovery page at /recovery.html — user-facing key recovery form (staging)",
    "Usage Dashboard: GET /v1/usage API endpoint — returns used/limit/plan/month/remaining/percentUsed (staging)",
    "Usage page at /usage.html — dark-themed dashboard with progress bar, warning/danger states (staging)",
    "Usage Dashboard linked from landing page nav + footer (staging)",
    "Test suite: 147 tests passing (vitest) — SSRF, cache, auth, keys, billing, playground, screenshot, health, watermark, usage, use-cases",
    "Git deploy key configured on k3s-mgr for staging builds",
    "SEO use case pages (staging): social-media-previews, website-monitoring, pdf-reports — with JSON-LD, OG tags, clean URLs",
    "Use Cases section on landing page linking to all 3 pages (staging)",
    "Sitemap updated with use case URLs (staging)",
    "SEO comparison page /compare — SnapAPI vs 5 competitors, JSON-LD, OG tags (staging)",
    "SEO quick-start guide /guides/quick-start — 5-step developer tutorial with cURL/SDK examples, HowTo schema (staging)",
    "Clean URL redirects for /compare and /guides/quick-start (staging)",
    "Sitemap updated with /compare and /guides/quick-start (staging)",
    "Nav links updated with Compare and Quick Start (staging)",
    "Dedicated /pricing page — feature comparison matrix, FAQ, JSON-LD Product schema, Stripe CTAs (staging)",
    "API /changelog page — v0.1.0-v0.6.0 timeline, JSON-LD Blog schema (staging)",
    "Sitemap updated with /pricing and /changelog (staging)",
    "Nav: Pricing link updated, Changelog added to footer (staging)",
    "WCAG 2.1 AA accessibility: header/main/footer landmarks + skip-to-content link on all 16 pages (staging)",
    "Test suite: 332 tests passing (staging) — billing, middleware, SSRF, cache, auth, keys, playground, screenshot, health, watermark, usage, SEO, blog, browser pool, screenshot service, accessibility, status route",
    "Developer blog at /blog with 3 posts: why-screenshot-api, screenshot-api-performance, automating-og-images (staging)",
    "Blog: dark theme, JSON-LD BlogPosting schema, OG tags, breadcrumbs, CTA boxes (staging)",
    "Blog: clean URL 301 redirects /blog → /blog.html, /blog/:slug → /blog/:slug.html (staging)",
    "Blog link in nav and footer, sitemap updated with blog URLs (staging)",
    "Cancelled subscription tier — downgrade sets 'cancelled' (0 requests) instead of 'free' (100 requests) (staging)",
    "Billing rate limiting — 10 req/15min on checkout/portal/recover endpoints, webhook excluded (staging)",
    "Security: removed full API key logging from recovery endpoint (staging)",
    "Test suite: 338 tests passing (staging)",
    "Dark mode screenshot capture: darkMode parameter emulates prefers-color-scheme: dark (staging)",
    "Element hiding: hideSelectors parameter injects CSS display:none on specified selectors before capture (staging)",
    "Custom CSS injection: css parameter injects arbitrary CSS via addStyleTag before capture, max 5000 chars (staging)",
    "SDK docs: darkMode + hideSelectors + css documented in Node.js + Python SDK READMEs with examples (staging)",
    "Python SDK: 22 tests (up from 17), comprehensive darkMode/hideSelectors coverage (staging)",
    "Test suite: 366 tests passing (staging)",
    "SSRF hardening: IPv4-mapped IPv6 blocking, IPv6 unspecified blocking, CSS injection prevention (hideSelectors, waitForSelector, css param) — 21 new security tests (staging)",
    "Test suite: 387 tests passing (staging)",
    "Element screenshot: selector parameter — capture specific DOM element instead of full page (staging)",
    "JavaScript injection: js parameter — execute custom JS before capture, 5s timeout, 5000 char limit (staging)",
    "selector + fullPage mutual exclusivity validation (staging)",
    "SDK docs: js parameter documented in Node.js + Python SDK READMEs (staging)",
    "Custom User-Agent: userAgent parameter with 500-char limit + newline injection prevention (staging)",
    "Viewport clipping: clip parameter (x, y, width, height) with GET query support (clipX/clipY/clipW/clipH) (staging)",
    "clip mutual exclusivity with fullPage and selector (staging)",
    "SDK docs: userAgent + clip documented in Node.js + Python SDK READMEs (staging)",
    "Test suite: 431 tests passing (staging)",
    "Batch screenshot endpoint: POST /v1/screenshots/batch — up to 10 URLs per request, partial success, concurrent processing (staging)",
    "Screenshot retry logic: automatic retry (max 2) for transient browser failures with exponential backoff, X-Retry-Count header (staging)",
    "Test suite: 459 tests passing (staging)",
    "OpenAPI spec cleanup: dynamic version from package.json, removed dead Signup tag, added cache to POST body (staging)",
    "Blog post: How to Capture Dark Mode Screenshots Automatically — darkMode parameter, CSS injection, dual OG images (staging)",
    "Test suite: 474 tests passing (staging)",
    "PDF output: format=pdf with paper size (a4/letter/legal/a3), landscape, printBackground, scale, margin options (staging)",
    "PDF in playground (no watermark), Content-Disposition header, mutual exclusivity with selector/clip (staging)",
    "Test suite: 490 tests passing (staging)",
    "BUG-020 fix: /status now returns 301 redirect to /status.html, consistent with all other clean URLs (staging)",
    "BUG-021 fix: Playground URL validation runs before rate limiter — invalid requests don't consume rate limit (staging)",
    "Test suite: 493 tests passing (staging)",
    "Infra note: k3s-mgr DNS broken for w1/w2 hostnames — use IPs (10.0.1.6, 10.0.1.7) for image import"
  ],
  "notDone": [
    "Register Stripe webhook URL in Stripe Dashboard",
    "CI/CD pipeline: workflows updated, RBAC+kubeconfig ready, BLOCKED on Forgejo token scope (needs write:package). WORKAROUND: docker build on k3s-mgr + ctr import to all nodes",
    "Staging TLS (blocked on DNS for staging.snapapi.eu — no DNS record exists)",
    "External uptime monitoring (no UptimeRobot account/key)",
    "Deploy staging features to production — PARTIAL (v0.5.2 deployed but missing usage dashboard, openapi updates)"
  ],
  "stripeProducts": {
    "starter": {
      "productId": "prod_U0YOVzPDAht9eH",
      "priceId": "price_1T2XHnRtlDv9c8GoNehDYEhS"
    },
    "pro": {
      "productId": "prod_U0YOlQO6hAF7Tg",
      "priceId": "price_1T2XHoRtlDv9c8GoCsinPNM4"
    },
    "business": {
      "productId": "prod_U0YOSor6qXhHs8",
      "priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS"
    }
  },
  "lastSession": "2026-03-09T20:00:00Z",
  "codeLocation": "Forgejo repo openclawd/SnapAPI. Clone: git clone forgejo-snapapi:openclawd/SnapAPI.git"
}