87 lines
5.4 KiB
JSON
87 lines
5.4 KiB
JSON
{
|
|
"phase": 1,
|
|
"phaseLabel": "Build Production-Grade Product",
|
|
"status": "near-launch-ready",
|
|
"product": "DocFast — HTML/Markdown to PDF API",
|
|
"currentPriority": "1) E2E Pro payment test (real Stripe payment). 2) CI/CD secrets setup. 3) Pro plan limits (5,000 PDFs/mo). 4) Website templating refactor. 5) Marketing launch.",
|
|
"ownerDirectives_PRIORITY": "Process these IN ORDER. Do not skip.",
|
|
"ownerDirectives": [
|
|
"Stripe: owner has existing Stripe account from another project — use same account, just create separate Product + webhook endpoint for DocFast.",
|
|
"Stripe Product ID for DocFast: prod_TygeG8tQPtEAdE — webhook handler must filter by this product_id to ignore events from other projects on the same Stripe account.",
|
|
"OFF-SITE BACKUPS: BorgBackup installed and running locally. Need Hetzner Storage Box for true off-site. Ask investor to provision one (~€3/mo for 100GB).",
|
|
"WEBSITE TEMPLATING: The landing page is all static HTML with duplicated headers/footers across pages — error-prone and hard to maintain. Fix this. Choose an appropriate approach (build-time templating, SSI, web components, etc.) and refactor so header/footer/shared elements have a single source of truth. CEO decides the approach.",
|
|
"PRO PLAN LIMITS: Pro plan currently shows 'unlimited PDFs' — this is wrong. Research competitors (PDFShift, DocRaptor, html2pdf.app, etc.) and set competitive PDF limits for the Pro tier. Must be sustainable on our CAX11 server. Update pricing page, API enforcement, and Stripe product description accordingly.",
|
|
"BUG-046 CRITICAL SECURITY: Usage endpoint exposes OTHER users' API key usage data. This is a data leak / GDPR violation. Fix immediately — usage must be scoped to the authenticated user's keys only. Investigate why the security agent missed this. Review and harden all endpoints for proper auth scoping.",
|
|
"BUG-047: Pro key success page has no copy button for the API key. Add a click-to-copy button so users can easily copy their new key.",
|
|
"BUG-048: Change email functionality is broken. Investigate and fix.",
|
|
"CI/CD PIPELINE: Forgejo Actions workflow created. Needs 3 repository secrets added in Forgejo settings (SERVER_HOST, SERVER_USER, SSH_PRIVATE_KEY).",
|
|
"REPRODUCIBLE INFRASTRUCTURE: DONE — setup.sh, docker-compose, configs, disaster recovery docs all in infrastructure/ directory."
|
|
],
|
|
"launchChecklist": {
|
|
"emailVerificationReal": true,
|
|
"smtpWorking": true,
|
|
"dnsRecordsLive": true,
|
|
"userAccountSystem": false,
|
|
"proPaymentFlow": true,
|
|
"proPaymentFlowNote": "E2E tested 2026-02-16. Payment + Pro key provisioning works. UX issues: no copy button (BUG-047).",
|
|
"postgresqlMigration": true,
|
|
"keyRecovery": true,
|
|
"databaseBackups": true,
|
|
"databaseBackupsNote": "BorgBackup: LOCAL daily at 03:00 UTC + OFF-SITE at 03:30 UTC to Hetzner Storage Box. 7 daily + 4 weekly + 3 monthly retention. PostgreSQL dumps + Docker volumes + nginx + SSL + DKIM.",
|
|
"loadTested": true,
|
|
"rateLimitsDataBacked": true,
|
|
"landingPageHonest": true,
|
|
"legalPages": true,
|
|
"legalPagesNote": "Impressum, Privacy Policy, Terms of Service — all live",
|
|
"euHostingMarketed": true,
|
|
"jsDisabledInPdf": true,
|
|
"zeroConsoleErrors": true,
|
|
"mobileResponsive": true,
|
|
"securityAuditPassed": true,
|
|
"healthEndpointComplete": true,
|
|
"cicdPipeline": "partial",
|
|
"cicdPipelineNote": "Forgejo Actions workflow + rollback script created. Needs 3 secrets added to repo settings.",
|
|
"reproducibleInfra": true,
|
|
"reproducibleInfraNote": "Full infrastructure/ directory with setup.sh, docker-compose, nginx, postfix configs, disaster recovery README."
|
|
},
|
|
"loadTestResults": {
|
|
"sequential": "~2.1s per PDF, ~28/min",
|
|
"concurrent": "3 safe, 5th fails at ~16s",
|
|
"server": "CAX11 (2 vCPU ARM, 4GB RAM), container 512MB cap"
|
|
},
|
|
"infrastructure": {
|
|
"domain": "docfast.dev",
|
|
"url": "https://docfast.dev",
|
|
"server": "docfast-1 (CAX11, nbg1)",
|
|
"serverIP": "167.235.156.214",
|
|
"sshKey": "/home/openclaw/.ssh/docfast",
|
|
"smtp": "Postfix + OpenDKIM configured. DKIM-signed emails working. SPF/DKIM/DMARC DNS records live.",
|
|
"email": "noreply@docfast.dev",
|
|
"backups": "BorgBackup LOCAL daily at 03:00 UTC + OFF-SITE at 03:30 UTC. Remote: ssh://u149513-sub11@u149513-sub11.your-backup.de:23/./docfast-1 (repokey-blake2 encryption). PostgreSQL dumps + Docker volumes + configs.",
|
|
"cicd": "Forgejo Actions workflow (pending secrets setup)",
|
|
"infraDocs": "infrastructure/ directory with full provisioning scripts"
|
|
},
|
|
"credentials": {
|
|
"file": "/home/openclaw/.openclaw/workspace/.credentials/docfast.env",
|
|
"keys": ["HETZNER_API_TOKEN", "STRIPE_SECRET_KEY", "STRIPE_WEBHOOK_SECRET"],
|
|
"NEVER_READ_DIRECTLY": true
|
|
},
|
|
"team": {
|
|
"structure": "CEO + specialist sub-agents",
|
|
"ceo": "Plans, delegates, reviews. Does NOT code. Only one who makes financial decisions.",
|
|
"specialists": ["Backend Developer", "UI/UX Developer", "QA Tester", "Security Expert", "Marketing Agent"]
|
|
},
|
|
"openBugs": {
|
|
"CRITICAL": [],
|
|
"HIGH": [],
|
|
"MEDIUM": [],
|
|
"LOW": [],
|
|
"note": "All bugs (040-048) resolved as of Session 41. BUG-046 (usage data leak), BUG-047 (copy button), BUG-048 (change email) fixed."
|
|
},
|
|
"blockers": [
|
|
"E2E Pro payment test (needs investor to make real test payment)",
|
|
"CI/CD secrets (3 secrets in Forgejo repo settings)"
|
|
],
|
|
"startDate": "2026-02-14",
|
|
"sessionCount": 41
|
|
}
|