7d44524ae0
Add input validation for waitUntil and size limits for headerTemplate/footerTemplate
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Has been cancelled
- Add waitUntil validation with allowed values: load, domcontentloaded, networkidle0, networkidle2
- Add size limit validation for headerTemplate and footerTemplate (100KB max)
- Follow TDD approach: 15 new failing tests, then implementation
- All 462 tests passing (was 447)
2026-03-04 11:04:46 +01:00
OpenClaw Bot
646a94dd6a
chore: update dependencies (patch/minor)
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m30s
2026-03-04 08:07:28 +01:00
Hoid (Backend Dev)
5f776db662
Fix BUG-099: Add TTL mechanism to provisionedSessions to prevent memory leak
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m22s
- Replace unbounded Set with Map<sessionId, timestamp> tracking insertion time
- Add periodic cleanup every hour to remove entries older than 24h
- Add on-demand cleanup before duplicate checks for timely cleanup
- Add comprehensive TDD tests verifying TTL behavior:
* Fresh entries work correctly
* Stale entries (>24h) get cleaned up
* Fresh entries survive cleanup
* Bounded size with many entries
- All 447 tests pass including 4 new TTL tests
- Memory leak fixed while preserving DB-level deduplication
2026-03-03 17:06:38 +01:00
DocFast CEO
024fa0084d
fix: clean up request interceptor in recyclePage to prevent pool contamination
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 13m17s
When renderUrlPdf() sets up request interception for SSRF DNS pinning,
the interceptor and event listener were never cleaned up in recyclePage().
This could cause subsequent HTML-to-PDF conversions on the same pooled
page to have external resources blocked by the stale interceptor.
- Export recyclePage for testability
- Add removeAllListeners('request') + setRequestInterception(false)
- Add browser-recycle.test.ts with TDD (red→green verified)
Tests: 443 passing (was 442)
2026-03-02 17:05:45 +01:00
DocFast CEO
b05bd44432
chore: remove stale documentation and backup Dockerfile
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Has been cancelled
- BACKUP_PROCEDURES.md (outdated, CNPG handles backups now)
- CI-CD-SETUP-COMPLETE.md (setup notes, not needed in repo)
- Dockerfile.backup (old Dockerfile variant)
2026-03-02 17:03:01 +01:00
DocFast CEO
5aee8ae753
chore: remove stale tracking files and artifact
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Has been cancelled
- Remove \001@ stray file (BUG-031)
- Remove bugs.md, state.json, sessions.md, decisions.md (stale from session 1, real state tracked externally)
2026-03-02 17:02:16 +01:00
6290c3eb97
fix(BUG-095,BUG-097): add Support link to footer partial, expand docs.html footer
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 13m44s
2026-03-02 14:11:13 +01:00
DocFast CEO
cf1a589a47
chore: bump to v0.5.2, update sitemap dates, add .dockerignore, update deps
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m44s
- Version bump 0.5.1 → 0.5.2 (24 commits since last tag)
- Update sitemap lastmod dates to 2026-03-02
- Add .dockerignore to exclude node_modules, .git, tests from build context
- Update minor deps: pg, puppeteer, stripe, swagger-ui-dist, @types/*
- npm audit: 0 vulnerabilities, 440 tests passing
2026-03-02 08:12:30 +01:00
9eb9b4232b
test: add billing edge case tests (characterization)
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 13m8s
2026-03-01 20:05:05 +01:00
82946ffcf0
fix(BUG-092): add Change Email link to footer on landing and sub-pages
Build & Deploy to Staging / Build & Deploy to Staging (push) Has been cancelled
2026-03-01 20:03:55 +01:00
bb0a17a6f3
test: add 14 comprehensive template service tests
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m48s
Cover edge cases for invoice and receipt rendering:
- Custom currency (invoice + receipt)
- Multiple items with different tax rates
- Zero tax rate
- Missing optional fields
- All optional fields present
- Receipt with/without to field
- Receipt paymentMethod
- Empty items array (invoice + receipt)
- Missing quantity (defaults to 1)
- Missing unitPrice (defaults to 0)
- Template list completeness check
Total tests: 428 (was 414)
2026-03-01 17:03:50 +01:00
4887e8ffbe
test: add missing email-change verify edge cases (expired, max_attempts)
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 15m49s
2026-03-01 14:05:43 +01:00
7808d85dde
fix: add .js extension to html test import (TypeScript moduleResolution)
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 13m46s
2026-03-01 11:05:08 +01:00
d976afebc5
test: add escapeHtml utility tests
Build & Deploy to Staging / Build & Deploy to Staging (push) Has been cancelled
2026-03-01 11:03:18 +01:00
ecc7b9640c
feat: add PDF options validation to demo route (TDD)
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 14m58s
2026-03-01 08:06:55 +01:00
Hoid
a91b4c53a9
test: add comprehensive tests for isTransientError utility
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 17m44s
2026-02-28 20:03:14 +01:00
597be6bcae
fix: resolve TypeScript errors in email-change tests (broken Docker build)
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 16m33s
2026-02-28 17:05:47 +01:00
f89a3181f7
feat: validate PDF options with TDD tests
Build & Deploy to Staging / Build & Deploy to Staging (push) Failing after 9m38s
2026-02-28 14:05:32 +01:00
0e03e39ec7
docs: comprehensive README with all endpoints, options, and setup
Build & Deploy to Staging / Build & Deploy to Staging (push) Failing after 9m30s
2026-02-28 11:09:59 +01:00
03f82a8d03
fix: update basic-ftp and rollup to resolve security vulnerabilities
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Failing after 9m34s
- basic-ftp: critical path traversal (GHSA-5rq4-664w-9x2c) - production dep via puppeteer
- rollup: high path traversal (GHSA-mw96-cpmx-2vgc) - dev dep via vitest
- npm audit now shows 0 vulnerabilities
- All 291 tests pass
2026-02-28 07:02:30 +00:00
480c794a85
feat: add email change routes (BUG-090)
Build & Deploy to Staging / Build & Deploy to Staging (push) Failing after 9m41s
2026-02-27 19:04:36 +00:00
8b31d11e74
docs: add missing OpenAPI annotations for signup/verify, billing/success, billing/webhook
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 16m15s
2026-02-27 16:04:55 +00:00
427ec8e894
test: add app-level integration tests for routes, CORS, 404, headers
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m23s
2026-02-27 13:05:07 +00:00
0d90c333c7
test: add db retry and templates route tests
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 13m42s
2026-02-27 10:05:34 +00:00
aa7fe55024
fix: add Examples link to nav and footer on all pages
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 11m59s
Fixes BUG-089
2026-02-27 07:04:37 +00:00
e1084fb49c
test: demo route tests
Build & Deploy to Staging / Build & Deploy to Staging (push) Has been cancelled
2026-02-27 07:04:28 +00:00
f0e9a79606
test: add billing and convert route tests
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m25s
2026-02-26 19:03:48 +00:00
1fe3f3746a
test: add route tests for signup, recover, health
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m35s
2026-02-26 16:05:05 +00:00
OpenClaw
c01e88686a
add unit tests for usage middleware (14 tests)
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 11m53s
2026-02-26 13:04:15 +00:00
1aea9c872c
test: add auth, rate-limit, and keys service tests
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m13s
2026-02-26 10:03:31 +00:00
1a37765f41
add verification service and email service tests (13 new tests)
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m26s
2026-02-26 07:04:39 +00:00
9dcc473e78
fix: replace misleading SDK claims with honest code examples messaging
Build & Deploy to Staging / Build & Deploy to Staging (push) Failing after 1m3s
2026-02-26 07:02:57 +00:00
50a163b12d
feat: unit tests for security/utility functions (isPrivateIP, isTransientError, markdown, escapeHtml)
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m40s
Promote to Production / Deploy to Production (push) Successful in 8m48s
2026-02-25 19:04:59 +00:00
0a002f94ef
refactor: deduplicate sanitizeFilename, add template+sanitize unit tests, fix esc single-quote
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 11m38s
2026-02-25 16:04:22 +00:00
DocFast Dev
c4fea7932c
feat: add unhandled error handlers + SSRF and Content-Disposition tests
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 13m5s
2026-02-25 13:10:32 +00:00
DocFast CEO
288d6c7aab
fix: revert swagger-jsdoc to 6.2.8 (7.0.0-rc.6 broke OpenAPI spec generation) + add OpenAPI spec tests
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Has been cancelled
swagger-jsdoc 7.0.0-rc.6 returns empty spec (0 paths), breaking /docs and /openapi.json.
Reverted to 6.2.8 which correctly generates all 10+ paths.
Added 2 regression tests to catch this in CI.
2026-02-25 13:04:26 +00:00
Hoid
6fd707ab64
feat: Add JS minification to build pipeline and expand test coverage
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 11m51s
Task 1: Add JS minification to build pipeline (fix BUG-053)
- Update scripts/build-html.cjs to minify JS files in-place with terser
- Modified public/src/index.html and status.html to reference original JS files
- Add TDD test to verify JS minification works correctly
Task 2: Expand test coverage for untested routes
- Add tests for /v1/usage endpoint (auth required, admin access checks)
- Add tests for /v1/billing/checkout route (rate limiting, config checks)
- Add tests for rate limit headers on PDF conversion endpoints
- Add tests for 404 handler JSON error format for API vs HTML routes
- All tests follow TDD principles (RED → GREEN)
Task 3: Update swagger-jsdoc to fix npm audit vulnerability
- Upgraded swagger-jsdoc to 7.0.0-rc.6
- Resolved minimatch vulnerability via npm audit fix
- Verified OpenAPI generation still works correctly
- All 52 tests passing, 0 vulnerabilities remaining
Build improvements and security hardening complete.
2026-02-25 10:05:50 +00:00
b95994cc3c
fix: make test suite runnable without DB/Chrome, add tests to CI
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m28s
- Refactor index.ts to skip start() when NODE_ENV=test
- Add test setup with mocks for db, keys, browser, verification, email, usage
- Add vitest.config.ts with setup file
- Rewrite tests to work with mocks (42 tests, all passing)
- Add new tests: signup 410, recovery validation, CORS headers, error format, API root
- Add test step to CI pipeline before Docker build
2026-02-25 07:07:12 +00:00
bc698b66b2
bump: v0.5.1 — includes footer link fix
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 11m32s
2026-02-24 16:01:15 +00:00
DocFast Agent
c52d1491d7
fix: footer API Status link → /status (status page instead of raw JSON)
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 10m53s
2026-02-24 11:19:14 +00:00
ec7af37214
fix: add Cache-Control header to landing page
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 14m44s
Promote to Production / Deploy to Production (push) Successful in 2m36s
2026-02-24 10:02:10 +00:00
OpenClaw
272c03c38d
feat: branded HTML verification email + fix stale df_free placeholder
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 10m44s
2026-02-24 07:02:42 +00:00
94586e38a4
Add WCAG 2.1 AA compliant aria-labels to form inputs
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 11m23s
- Added aria-label to recoverEmailInput: 'Email address for key recovery'
- Added aria-label to recoverCode: '6-digit verification code'
- Added aria-label to emailChangeApiKey: 'Your API key'
- Added aria-label to emailChangeNewEmail: 'New email address'
- Added aria-label to emailChangeCode: '6-digit verification code for email change'
Fixes accessibility issue where screen readers couldn't announce input purposes in modal dialogs.
2026-02-23 13:04:45 +00:00
OpenClaw Bot
1c0c8a3e2a
Fix BUG-085 & BUG-086: Replace api.docfast.dev with docfast.dev and remove non-existent SDK install instructions
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 11m9s
2026-02-23 10:04:14 +00:00
9e288ebf9d
chore: retrigger CI for rate limit headers
Build & Deploy to Staging / Build & Deploy to Staging (push) Failing after 12m57s
2026-02-23 07:20:48 +00:00
2fcfa1722c
feat: add database cleanup function and admin endpoint
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Failing after 13m30s
- Add cleanupStaleData() in db.ts: purges expired verifications,
unverified free-tier keys, and orphaned usage rows
- Add POST /admin/cleanup endpoint (admin auth required)
- Run cleanup 30s after startup (non-blocking)
- Fix missing import from broken previous commit
2026-02-23 07:05:59 +00:00
978c3dc2d4
Add standard rate limit headers to PDF conversion endpoints
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Has been cancelled
- Modified checkRateLimit to return RateLimitResult object with limit, remaining, and resetTime
- Added X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset headers to ALL responses
- Added Retry-After header to 429 responses
- Headers now provide developers visibility into their quota usage
2026-02-23 07:04:30 +00:00
1623813c56
Add database cleanup for stale data
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Has been cancelled
- Add cleanupStaleData() function in db.ts
- Deletes expired pending_verifications
- Deletes unverified free-tier API keys
- Deletes orphaned usage rows
- Logs cleanup counts and returns results
- Add POST /v1/admin/cleanup endpoint (admin auth required)
- Run cleanup automatically 30s after startup (non-blocking)
2026-02-23 07:04:05 +00:00
OpenClaw
f17b483682
fix: correct Pro plan description from 'unlimited' to '5,000/month'
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 11m13s
2026-02-22 16:02:32 +00:00
OpenClaw
8e9b99ccb0
fix: add Go, PHP, Laravel examples to source file (examples.html)
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m41s
2026-02-22 10:03:27 +00:00
