- BUG-056: Fix sitemap namespace sitemapns.org -> sitemaps.org
- BUG-062: Extend <main> to wrap all page content (hero+features+pricing+EU section)
- BUG-064: Add sr-only <label> elements to all modal form inputs (signup, recovery, change-email)
- BUG-051/052: Remove duplicate X-Content-Type-Options headers from nginx (let helmet handle)
- BUG-057: Fix JSON-LD and pricing card: Pro plan is 2,500 PDFs/month not 5,000
- BUG-059: Add meta description, canonical URL, og: tags to /docs page
- BUG-063: Change eu-hosting h3 to h2 (correct heading hierarchy)
- BUG-065/066: Add aria-modal=true, role=dialog to modals; aria-label=Close to close buttons
- BUG-068: Add hash-based modal open for #change-email on page load
- Add .sr-only CSS utility class to base and index styles
- Created build-time templating system using existing build-html.cjs
- Extracted index.html into source template with partials:
_styles_index.html, _nav_index.html, _modals.html
- All 4 templated pages (index, impressum, privacy, terms) use partials
- docs.html excluded (Swagger UI, completely different structure)
- Added HTML build step to Dockerfile
- Built output is byte-identical to original files
- Set Pro tier limit to 2,500 PDFs/month (was unlimited/5000)
- Added Pro limit enforcement in usage middleware
- Updated landing page, JSON-LD, and Stripe product description
- Created build-time HTML templating (partials for nav/footer/styles)
- Source files in public/src/, partials in public/partials/
- Build script: node scripts/build-html.cjs
- Deleted stale backup file
- Fixed index.html nav logo to use <a> tag for consistency
BUG-046 (CRITICAL): getUsageStats() now accepts apiKey param and returns
only that key usage instead of all users. Route passes req.apiKeyInfo.key.
BUG-047: Added visible Copy button to Pro key success page in billing.ts.
BUG-048: Added class="open-email-change" to Change Email links in all
HTML pages so the JS modal opener can find them.
- Docker healthcheck: Use Node.js instead of curl (not installed in slim image)
- Pricing: Change from USD ($) to EUR (€) in frontend and backend Stripe integration
- Static assets: Add Cache-Control headers (1 day) for /public and /docs files
- Update sitemap.xml to include /v1/health endpoint
- Add proper 404 handling (JSON for API paths, HTML for browser paths)
- Create optimized nginx config with gzip, cache headers, specific locations
- Add logrotate configuration for DocFast logs
- Add security headers and static asset caching
- Replace JSON file storage with PostgreSQL (pg package)
- Add db.ts service for connection pool and schema init
- Rewrite keys.ts, verification.ts, usage.ts for async PostgreSQL
- Update all routes for async function signatures
- Add migration script (scripts/migrate-to-postgres.mjs)
- Update docker-compose.yml with DATABASE_* env vars
- Change SLA from 99.9% to 99.5% in landing page
Fix BUG-032: Add 375px mobile breakpoint for terminal gap issues
- Reduced container padding to 12px on smallest screens
- Optimized code-section margins and padding
- Improved terminal header and code-block spacing
- Enhanced hero section padding for mobile
- Fix swagger-ui symlink in Dockerfile (was pointing to /opt/docfast instead of /app)
- Add CSP directives to allow inline scripts/styles and Google Fonts
- Add email-change.ts route with rate limiting (3/hr) and verification
- Add updateKeyEmail to keys service
- Add email-change route to index.ts with CORS support
Investor Directive 1: Key recovery now shows key in browser after email verification code.
- Removed sendRecoveryEmail function entirely
- Recovery endpoint returns apiKey in JSON response (shown once in browser)
- Added full recovery modal UI (email → code → key displayed)
- Added "Lost your API key?" links throughout signup flow
Investor Directive 3: Rate limits adjusted to match server capacity.
- Global rate limit: 100/min → 30/min (server handles ~28 PDFs/min)
- CORS: recover routes now restricted to docfast.dev origin
- POST /v1/recover: request recovery code
- POST /v1/recover/verify: verify code, receive key via email
- Key sent via email only (not in API response) for security
- Rate limited to 3 attempts per hour
- Non-enumerable: same response whether email exists or not
- DKIM-signed emails via postfix/opendkim
- POST /v1/signup/free now returns verification code (temp in response)
- New POST /v1/signup/verify endpoint to verify code and get API key
- Codes expire after 15 minutes, max 3 attempts
- Frontend updated with 2-step signup modal (email → code → key)
- Legacy token verification kept for existing links
- Signup now requires email verification before API key is revealed
- Verification token sent via email (Resend) with console fallback
- GET /verify?token=xxx shows API key in styled HTML page
- Handles expired (24h), invalid, and already-verified tokens
- Frontend modal shows 'check your email' instead of key
- Keeps existing rate limiting
- Add !important declarations to override any conflicting styles
- Force overflow-x: hidden on html and body globally
- Apply universal max-width: 100% on mobile
- Specifically target code blocks with word-break and overflow fixes
- Reduce container padding to prevent width issues
This should definitively resolve horizontal scrolling on 375px viewports.
- Add overflow-x: hidden on body and container for mobile viewports
- Improve code block responsive behavior with pre-wrap and word-break
- Constrain code-section width to prevent viewport overflow
- Fix trust-grid horizontal overflow on small screens
This fixes the QA-reported issue where pages scroll horizontally
to 488px on 375px mobile viewports.
BUG-007: Unwrap req.body.data for template endpoint (docs show wrapped format)
BUG-008: Default PDF margins set to 0 (user can override via request body)
BUG-006: Copy button shows Copied! for 2s then reverts
- Added /v1/signup/free endpoint for instant API key provisioning
- Built unified key store (services/keys.ts) with file-based persistence
- Refactored auth middleware to use key store (no more hardcoded env keys)
- Refactored usage middleware to check key tier from store
- Updated billing to use key store for Pro key provisioning
- Landing page: replaced mailto: link with signup modal
- Landing page: Pro checkout button now properly calls /v1/billing/checkout
- Added Docker volume for persistent key storage
- Success page now renders HTML instead of raw JSON
- Tested: signup → key → PDF generation works end-to-end
