Overview
Live activity + status as of Monday, May 11, 2026 — Day 23
🚀 Today's deploys 4 pushed
⚡ Today's activity 9 events
📋 Open actions by role what's needed from each person right now
Founder (Jorge)
- Send Pilot Test Quickstart V2 to Oli + Oscar with production URL + credentials
- Set up Slack channel #xjobsfinder-pilot-bugs (private; Oli + Oscar + Jorge)
- Investigate F207 — paywall fires earlier than expected for fresh production users
- Investigate F206 — post-Google-signin lands on voice/mike page instead of dashboard
- Begin Quick Match flow on fix/resume-quick-match branch (cherry-pick F201/F202/F194 to sync with main first)
- Explore MCP connectors at https://claude.ai/settings/connectors (Linear / Slack / GitHub)
Oli (Tester)
- Run Scenario 1 (ATS resume flow) end-to-end against production. ~10 min. Production URL: https://xjobs-final-production.up.railway.app
- Run Scenario 1B (Auth flows: Forgot Password + Continue with Google) ~5 min
- Report any P0 flag (Scenario 1 steps 10, 12, 14, 15, 17, 19 / Scenario 1B steps B, C, D, G) immediately via #xjobsfinder-pilot-bugs once channel exists
- Stripe receipt photo: keep for reimbursement
Oscar (Tester)
- Same as Oli — independent run of Scenario 1 + Scenario 1B against production
- Use credentials tester+oscar-pilot1@gmail.com / TestF193!2026
- Note any UX friction beyond the 28 steps — first-time-user perspective valuable
📊 Reference status — phase progress, KPIs, week narrative (click to expand)
Phase progress7 phases · launch May 26
What's happening this week
Production is stable. Over Day 21-23 the pre-pilot fix sprint closed 9 defects in the ATS resume optimization flow: auth-gated Stripe checkout (F74), authenticated-email pre-fill (F192), durable paid_grants entitlement (F193 + F124), re-downloadable preview (F197), HTML cache headers (F198), session-preserving hard refresh (F194), forgot-password UX (F201 + F202), plus Stripe webhook routing repaired. Every fix verified end-to-end in production by the founder. The remaining open items (F199, F200, F203-F207) are tracked in the Findings section.
What you can do for now
Run the pilot quickstart — Jorge has sent you the 28-step test plan covering the ATS flow and auth flows. ~15-20 minutes total. Production URL: https://xjobs-final-production.up.railway.app. Any RED flag at the P0 checks (steps marked with stars) gets reported immediately. Everything else goes into the bug channel for triage. Thank you — your eyes catch what the founder's can't.
Product Vision
The canonical product principles and roadmap for XJobs. Read these to understand what we are building and why.
📜 Product Philosophy
Four standalone products. In-place modification, never parallel rewrite. Watermark legal frame. Memory layer as the strategic moat. Top-up pricing over subscription.
v0.1 · Day 27 · 230 lines
→ Read on GitHub🗺️ Product Roadmap
F225-F239 sequenced priorities. P0 pre-pilot blockers (ATS rebuild, watermark port, session leak). P1 foundational (memory layer, history dashboard, top-up pricing). P2 strategic value-adds. P3 long-range (Application Agent, bilingual, B2B).
v0.1 · Day 27 · 171 lines
→ Read on GitHubProject timeline
Gantt overview · Day 1 → Day 26 cards · gaps marked for backfill
Day-by-day cards
Day 1 — Project kickoff
Initial project conception, vision, founder commitment. Specifics to be reconstructed from memory + any early notes.
Days 2–7 — Initial development sprint
First wave of development. Resume builder, ATS analysis, basic UI. Vendor integrations stood up (Google OAuth, Stripe, Anthropic, ElevenLabs). Specifics need reconstruction from git log.
Day 8 — April 27 sprint
Sprint shipping multiple fixes including the Remotive job-board fallback for empty Gmail scans, scoreJob null guard, and several UI polish items. Sprint report generated. Several of these fixes were silently reverted by later cousin sessions — a pattern that drove the May 2 strategic pivot.
Day 9 — Tester rotation 1 begins
First tester rotation. Initial feedback gathered. Specifics need reconstruction.
Day 10 — Anatomy + lean-down plan
First strategic anatomy doc — XJobs codebase decomposed into 8 frontend modules. The "destination map" for eventual modularization. Phase 4 (frontend modularization) explicitly deferred to post-pilot during this work.
Day 11 — Refactor planning
Refactoring plan v2 drafted. AKA Identity Model spec written. Phase 2 execution plan articulated. Bug audit begun.
Day 12 — System architecture diagram
5-layer architecture diagram produced. Layer 1 (Browser) → Layer 2 (Frontend) → Layer 3 (Server) → Layer 4 (Postgres) → Layer 5 (Vendors). This becomes the framework for the May 2 Phase 1 audit.
Day 13 — Strategic pivot day
Morning walkthrough surfaces 14 production bugs. Mid-walkthrough, founder reframes the entire problem: "local is the baseline, prod is bloated by cousin contamination." Strategic pivot adopted: clean local first, fresh prod redeploy. Phase 1 audit begins. 18 findings catalogued by EOD afternoon. Master close-out + RAID register established.
Day 13 PM — Audit acceleration
Evening side-quest: working local demo confirmed. OAuth redirect URI fixed in Google Cloud Console. ScoreJob null guard re-applied (regression from April 27 confirmed). New issues logged: I10 (stale JWT cross-environment), I11 (double Google OAuth flow). Master close-out doc with embedded dashboard, scorecard, and Gantt produced.
Day 14 — Layer 2 deep dive
JS function inventory completed (~290 functions across 26 clusters). All 66 fetch() calls audited — 31 unique endpoints catalogued, the complete Layer 2 → Layer 3 contract. localStorage subsystem fully mapped: 85 touchpoints, 17 new findings (F38–F54). F55 logged: missing session housekeeping pattern, root cause of "user always logged in" mystery. Three governance artifacts produced: Best Practices Playbook, Agent Briefing Template, Compliance Checklist.
Day 15 — Layer 3 audit (server)
Audited api.js (2,065 lines), auth.js, email.js, index.js. Cross-referenced against Day 14's 31-endpoint frontend contract. F129/F130/F143/F147 logged. F143 resolved during session (Resend domain verified as xjobsfinder.com). Layer 3 reached 88% by EOD.
Day 15 PM — Recovery + cluster-bounding
Late-session base64 paste corrupted phase1audit.md (49 lines mojibake appended). Clean recovery via head -n 801 truncation; forensic backup retained. Env-validation cluster definitively bounded at 3 vars (F129 + F130 + F147). Lesson logged: chunked base64 file-transfer method retired.
Day 16 — Layer 4/5 audit + governance docs
Postgres + vendor audit completed. Phase 1 reaches 100% by EOD. Founder articulates governance need: an 'agent onboarding contract' so future agents inherit context instead of starting cold. Foundation laid for permanent governance documents.
Day 17 — Phase 1.5 deletion + early identity work
Phase 1.5 surgical deletion: confirmed duplicate-ID zombies removed (F5, F9, F11, F13). Started groundwork on the AKA Identity refactor: localStorage subsystem cleanup planning, identification of every state-leak surface.
Day 18 — Recurring JWT bug + late-night governance ship
Recurring Gmail OAuth JWT bug surfaced for the third time across sessions (F181). Root cause finally traced: 6 frontend call sites all manually passed userId; missing one silently produced orphan tokens. Surgical fix: server-side JWT verification on /gmail/authorize, single source of truth. Late-night session also produced two permanent governance documents: AGENT-ONBOARDING.md + HANDOFF.md.
Day 19 — JWT push + smoke test reveals new findings
F181 (server-side JWT verification) + F171 (double Gmail scan elimination) pushed to production. Production smoke test verified both fixes working. Test surfaced two pre-pilot blockers: F183 (resume state lost during user flow), F184 (signup gate not enforced). Evening: F183 v2 + F186 housekeeping shipped end-to-end. v2.0-baseline effectively delivered.
Day 20 — Polish + Part C cleanup
Part C of F186 housekeeping: user-scope the 6 remaining untagged resume writes + 4 gmail writes. F184 signup gate enforcement. Tester re-engagement message (Oli + Oscar) drafted.
Day 21 — Pre-pilot bugfix sprint begins
F74 (auth on Stripe create-checkout-session), F124 (webhook idempotency), F192 (paywall email correctness), F193 design (paid_grants entitlement system) — scoped, branched (fix/resume-ats-compliance), and three landed locally with stripe-cli forwarding validation. F197 + F198 also shipped (re-downloadable preview + HTML cache headers). 4 commits on branch by EOD.
Day 22 — Production ship + 9 fixes verified
Marathon session: F193 + F124 + db-init repair committed. F201 + F202 (Forgot Password UX) committed. Branch pushed, PR opened, merged to main. Stripe webhook re-routed to Railway endpoint. paid_grants table created in production DB. Production end-to-end validated by founder: signup → resume → ATS → paywall → $5 → DOCX → re-download. Tester quickstart V2 generated. 9 findings closed total over 2 days.
Day 26 - five-deploy bug cluster fix (Oscar investigation)
Oscar reported Quick Match returning 0% with broken UI (Target Position placeholder). Investigation cascaded through five distinct bugs across cache, server, frontend, and UX layers - all shipped same day. F215 cache poisoning protection (cf7dedb). F216 /parse-jd silent placeholder fallback replaced with proper HTTP 500 (66f5865). F218 browser alert replaced with inline error and input preservation (c920664). F220 - the big one: paste path removed, upload guardrails (file size, extension, text length, JD signal-words, resume-similarity hard reject), low-match warn modal at <30% threshold, Tips section above upload area (465fc8d). Plus subtitle copy hygiene (a41d3ed). FIVE production deploys in one day, all clean, all verified. F217 (ATS hallucinating fake experience claims for users) discovered during investigation - logged, deferred to Day 27 as P0.
Test-run intake pipeline built and deployed: Tally form embedded on dashboard (Submit a run section), Google Sheet retrofitted with 19 historical findings as RUN-0001 through RUN-0019, Tally-to-Sheets integration verified with smoke test. Loop closed: tester submits then email to Jorge then row in sheet. Same night, Oli reported F214 (Continue with Google missing on download-gate modal) - diagnosed, fixed via continueWithGoogleForDownload() wrapper calling existing googleSignIn() handler, deployed (a501d35), and personally verified on production through BOTH paths (Incognito email-entry plus regular Chrome account picker). Bug-to-fix-to-prod: under 4 hours.
Day 23 — F194 close + dashboard refresh (today)
F194 closed: both F189 wipes now conditional on session health. Hard refresh preserves JWT + activeResume + resumeCache. Verified end-to-end on production. Dashboard (this page) refreshed from Day 14 → Day 23 content. New Findings section added so testers see open issues + recent resolutions at a glance.
Days 24-25 — Final polish + Quick Match sprint start
Remaining open findings F199 (per-resume entitlement) + F200 (lifetime free quota) addressed. F206 (Google-signin redirect) + F207 (paywall premature trigger) — small surgical fixes. Quick Match flow scaffolding begins on fix/resume-quick-match branch. Tester rotation 3 feedback intake.
Days 26-34 — Pre-launch + buffer
DMARC. npm audit. Pre-launch polish. Pilot invitations sent. Soft launch prep. MCP connector exploration (Linear/Slack/GitHub) if time allows.
Day 38 — Pilot launch · BIG BANG
Pilot launches. 5+ weeks of disciplined founder work, 50+ findings catalogued and resolved or queued, complete audit trail, governance system in place. The discipline is the differentiator.
Findings
Open issues + recently resolved · what testers see, what's next, what's deferred
| ID | Title | Severity | Status | Target/Closed |
|---|---|---|---|---|
| F74 | Stripe create-checkout-session requires auth | high | resolved | closed Day 21 · May 9 |
| Pre-fix, anyone could create a Stripe checkout in any user's name. Now requires valid JWT. | ||||
| F124 | Webhook idempotency on stripe_session_id | medium | resolved | closed Day 22 · May 10 |
| UNIQUE constraint + ON CONFLICT DO NOTHING. Event replay no longer produces duplicate grants. | ||||
| F157 | Stripe webhook routing → Railway endpoint | high | resolved | closed Day 22 · May 10 |
| Production webhook moved from defunct GCF endpoint to Railway. Events reach the new server. | ||||
| F183 | Resume hydrates from DB on every page load | high | resolved | closed Day 19 · May 7 |
| New /api/resume/current endpoint; refreshUserProfile writes to both window and module scopes. Fixes 'resume lost' during OAuth round-trip. | ||||
| F186 | Session housekeeping pattern | high | resolved | closed Day 19 · May 7 |
| clearAllUserState() called on logout, auth-failure, no-token init, and page-load. Closes F55/F177/F182. | ||||
| F192 | Paywall uses authenticated email, not parsed resume | medium | resolved | closed Day 21 · May 9 |
| Stripe modal pre-fills auth user's email. Privacy/correctness fix. | ||||
| F193 | paid_grants entitlement + post-payment download | high | resolved | closed Day 22 · May 10 |
| Webhook writes paid_grants row; verify-session is the backstop. Replaces in-memory paidSessions Set with durable DB-backed entitlement. | ||||
| F194 | Conditional wipes preserve session on hard refresh | high | resolved | closed Day 23 · May 11 |
| Both F189-early-wipe and F189-wipe-on-load now conditional on session health. JWT + resume survive Cmd+Shift+R. | ||||
| F220 | Quick Match accepted any input including resume-as-JD, produced inconsistent matches and used a browser alert() on failure | high | resolved | |
| F219 | Quick Match scoring non-deterministic - same input produced 85% then 63% on consecutive attempts with inverted Skills/Experience breakdown | medium | closed-by-feature-improvement | |
| F218 | Quick Match used browser-native alert() dialog on JD parse failure - off-brand, no input preservation, no actionable guidance | medium | resolved | |
| F221 | Resume parse determinism - same resume produces inconsistent resumeData (skills count, experience years, title, workHistory) across runs, causing downstream matching variance. Probable cause: temperature: 0 is not truly deterministic in LLM extraction | critical | open | |
| F217 | ATS-optimized resume template fabricated content for every user: hardcoded "5+ years experience", "revenue 30%+", "$1M+ budgets", 5 fake Key Achievements bullets, embedded pricing section. NO skills section. Real workHistory never rendered. Now replaced with real resumeData iteration. | critical | resolved | |
| F216 | /parse-jd endpoint silently returned placeholder Target Position/skills=[] on any failure - frontend trusted as valid data and rendered broken UI | high | resolved | |
| F215 | Disk cache (server/cache.js) persisted resume parses with empty/missing skills arrays - once cached, every re-upload returned broken empty-skills result forever | high | resolved | |
| F214 | Continue with Google missing on download-gate registration modal | high | resolved | |
| F208 | Quick Match crashed on null resumeData | high | resolved | closed Day 23 · May 11 |
| Reported by tester (Oli) during Day-23 production rotation. Match analyzer threw 'Cannot read properties of null (reading skills)'. Fix: runQuickMatch now rehydrates from /api/resume/current if resumeData is null/empty, falls back to friendly 'Please upload resume first' alert. Plus defensive guard at top of calculateQuickMatchScore. | ||||
| F197 | Re-downloadable preview (24h TTL) | medium | resolved | closed Day 22 · May 10 |
| Once paid for an ATS optimization, user can re-download the same resume. One $5 = unlimited re-downloads of that preview. | ||||
| F198 | No-cache headers on all HTML routes | medium | resolved | closed Day 22 · May 10 |
| no-store / no-cache / must-revalidate on every HTML response. Testers always see fresh HTML after deploy. | ||||
| F201 | Forgot Password echoes entered email back | low | resolved | closed Day 22 · May 10 |
| Reset success message reads 'If an account exists for <typed-email>...' Catches typos at submit time. | ||||
| F202 | OAuth-only users get Google-hint, not silent skip | medium | resolved | closed Day 22 · May 10 |
| Forgot Password on Google-signed-up account shows blue 'Use Sign in with Google' panel. Acceptable enumeration trade-off. | ||||
| F199 | paid_grant not pegged to resume_id | high | open | target: Day 24-25 |
| Affects Quick Match flow when shipped — user pays for resume A, gets free downloads of resume B. Doesn't impact current ATS flow. | ||||
| F200 | Free quota refreshes every 30 days | medium | open | target: Day 24-25 |
| cycleStart math gives lifetime → 30 days. Slow leak; won't show in pilot but contradicts product model. | ||||
| F203 | Signup accepts typo'd email domains | medium | open | target: Post-pilot |
| gmaiil, yahpo, gnail etc. accepted without warning. Phantom users created. Founder hit this 3 times in one debugging session. | ||||
| F206 | Post-Google-signin lands on voice/mike page | low | open | target: Day 24 |
| Cosmetic but visible. Should land on dashboard. Trace /api/auth/google/callback redirect target. | ||||
| F207 | Paywall fires earlier than expected for fresh users | low | open | target: Day 24 |
| Observed during Day 22 production validation. Paywall on FIRST download instead of second. Likely cycleStart math or plan_limits fallback. | ||||
| F204 | No email confirmation at signup | medium | deferred | target: Post-pilot |
| Security hardening. Add verification flow before public launch. | ||||
| F205 | No password-reset audit table | low | deferred | target: Post-pilot |
| Debugging requires server log scrape + Resend dashboard. Polish item. | ||||
Test results
What was tested · where · how it behaved · honest pass-fail tracking
Environments under test
| Field | Local (dev box) | Production (Railway) |
|---|---|---|
| URL | http://localhost:4000 | https://xjobs-final-production.up.railway.app (also https://dashboard.xjobsfinder.com → project status page) |
| Build | fix/resume-ats-compliance @ 608b6b7 then e849c20 (F194) | main @ e849c20 (F194 LIVE) + 91ddbc5 (dashboard routing revert) + Day-23 commits |
| Tested by | Founder (Jorge) | Founder live walkthrough Day 22 (Stripe test mode, real card) |
| Test dates | Day 21 (May 9) + Day 22 (May 10) + Day 23 (May 11) | Day 22 (May 10) end-to-end + ad-hoc verifications Day 23 |
| Stripe mode | test, stripe-cli forwarding to localhost:4000/api/stripe/webhook | test, Railway webhook endpoint at https://xjobs-final-production.up.railway.app/api/stripe/webhook |
| Notes | Deep test bench. Every fix verified here BEFORE production deploy. Console logs captured per scenario. | F201, F202, F1, F10, F163 not yet re-verified in production — same code path as local, no schema diff, presumed stable. Tester rotation 3 will close these as PASS. |
Scenario 1 — ATS resume flow + auth flows
| ID | Test case | LOCAL | PRODUCTION |
|---|---|---|---|
| F74 | Stripe checkout requires auth (401 without Bearer) | PASS | PASS |
|
Local: /api/stripe/create-checkout-session returns 401 with no Bearer token; 200 with valid JWT. Production: Verified live: tester paid $5 successfully, no auth-bypass possible. | |||
| F124 | Webhook idempotency on stripe_session_id | PASS | PASS |
|
Local: UNIQUE constraint + ON CONFLICT DO NOTHING. Re-running same event = no dup row. Production: Production webhook deliveries return 200; no duplicate grants observed. | |||
| F183 | Resume hydrates from DB on every page load | RESOLVED | PASS |
|
Local: Pre-F194 was BLOCKED — early-wipe destroyed state before hydrate could fire. Post-F194 verified: console shows [F183] resume hydrated (both scopes), skills: 5 after hard refresh. Production: Live tester verified: 15 skills hydrate after hard refresh; dashboard shows resume. | |||
| F186 | Session housekeeping (clearAllUserState) | RESOLVED | PASS |
|
Local: Was over-firing on authenticated reload (F194 root). Now conditional on session health. Production: Production hard-refresh preserves JWT + user record + activeResume key. | |||
| F192 | Paywall uses authenticated email, not parsed resume | PASS | PASS |
|
Local: Stripe modal pre-fills auth user's email even when resume contained a different email. Production: Live tester verified: Stripe email matched signup, not the email in their resume. | |||
| F193 | paid_grants entitlement + post-payment download | PASS | PASS |
|
Local: Local stripe-cli forwarded webhook; paid_grants row created; download succeeded. Production: Live tester paid $5, DOCX auto-downloaded, no 'still syncing' alert. Webhook 200 returned. | |||
| F194 | Hard refresh preserves JWT + resume cache | RESOLVED | PASS |
|
Local: Both F189 wipes now conditional. Console shows '[F189] healthy auth reload — preserved state (F194 fix)'. Production: Production: 4 keys (xjobs_token, xjobs_user, activeResume_<id>, resumeCache_<file>) survive Cmd+Shift+R. | |||
| F197 | Re-downloadable preview (24h TTL) | PASS | PASS |
|
Local: After paying, 2nd/3rd/4th download succeed without paywall. Production: curl returns count=2 for 'F197: preview persists' marker in prod HTML. Live tester re-downloaded successfully. | |||
| F198 | No-cache headers on HTML routes | PASS | PASS |
|
Local: Response includes cache-control: no-store, no-cache, must-revalidate. Production: Production curl confirms headers present on /api/v1/health and root HTML. | |||
| F201 | Forgot Password echoes entered email back | PASS | not yet |
|
Local: Test 1 (typo): green message echoes 'bogus.typo@gmaiil.com'. Test 3 (real user): green message echoes 'jorgenreyes@yahoo.com'. Production: Not yet re-verified in production. Same code path as local; presumed stable but flag if you observe. | |||
| F202 | OAuth-only users get Google-hint | PASS | not yet |
|
Local: jorgenoelreyes@gmail.com (Google-only user) → blue 'Use Sign in with Google' panel with email echoed back. Continue with Google → picker → signed in. Production: Not yet re-verified in production. Same code path as local; presumed stable but flag if you observe. | |||
| Continue with Google | OAuth account picker (regular Chrome with Google session) | PASS | not yet |
|
Local: Day-22 false alarm closed. Code at server/auth.js:317 has prompt: 'select_account' correctly set. Production: Tester should verify in regular Chrome (not incognito) with active Google session. | |||
| F1 | ATS scan quota meters synchronous | PASS | not yet |
|
Local: Multiple meters showing identical values (1 free run). No visible discrepancy. Production: Re-check during pilot rotation. | |||
| F10 | Single ATS panel rendered (no duplicates) | PASS | not yet |
|
Local: Single ATS panel visible. No duplicate panels. Production: Re-check during pilot rotation. | |||
| F102 | Server-side pricing source-of-truth | PARTIAL | PARTIAL |
|
Local: Server now requires auth + uses authenticated email; PRODUCTS table has no canonical price column so client-supplied amountCents still consulted. Full server-side authority deferred. Production: Same partial state in production. Not pilot-blocking; flag for post-pilot. | |||
| F163 | ATS analysis no longer crashes on render | PASS | PASS |
|
Local: ATS analysis completed without crash from renderATSCompliance. Production: Live tester ran ATS analysis to completion in production. | |||
Reading the table. A green PASS or RESOLVED means the case was actively verified in that environment on the listed date. PARTIAL means the case passes for the user-visible flow but has a known caveat tracked elsewhere. BLOCKED means another finding is preventing the case from being verified — when that blocker closes, this case is re-run. "not yet" means the code path is shared with local (so we presume parity) but we haven't re-verified in production specifically. Tester rotation 3 will close those out and update this matrix.
Submit a test run
Closing the loop, every test execution flows through here, auto-logs to the team sheet, email lands in Jorge inbox
Test scripts
Canonical test plans organized by product flow · same scripts for every tester · downloadable DOCX per stage
✅ Flow D — ATS Compliance
🎯 Flow A — Quick Match
| Stage | Title | Status | Summary | Download |
|---|---|---|---|---|
| 1 |
Preconditions + Entry
v1.0 · May 11, 2026 (Day 23) · 7-10 min per env · covers: F183 · F194 · F208
|
ready | Verifies precursor: resume in memory + Quick Match entry point reachable. 15 numbered steps across 3 paths. | ⬇ DOCX |
| 2 |
JD input + Matching Engine
|
not yet written | Paste JD, click Analyze, score appears, gap list appears. | not written yet |
| 3 |
Gap selection
|
not yet written | Checkbox UX (if exists today), user selects which gaps to incorporate. | not written yet |
| 4 |
Customization paywall
|
not yet written | $5 Stripe checkout, modal pre-fills auth user's email (F192). | not written yet |
| 5 |
Customization runs
|
not yet written | AI rewrites resume bullets grounded in user experience. | not written yet |
| 6 |
Tracker write
|
not yet written | Customized resume saved to tracker with full metadata. | not written yet |
| 7 |
Download
|
not yet written | DOCX downloads cleanly from tracker, re-download works (F197). | not written yet |
| 8 |
Hard refresh persistence
|
not yet written | Tracker row still visible after Cmd+Shift+R. | not written yet |
| 9 |
Interview handoff
|
not yet written | From tracker row, launch Interview Coach with context. | not written yet |
| 10 |
Re-runs + edge cases
|
not yet written | Second customization for same job, different JD same resume, Pro tier bypass. | not written yet |
📧 Flow B — Scan Gmail
🤖 Flow C — Build with AI (Ava)
🎤 Flow E — Interview (standalone)
For testers reporting results: Fill in the Results Template inside each script. Send back to Jorge via Slack (#xjobsfinder-pilot-bugs once channel is set up) or email reply. Capture screenshots at each FAIL box. Capture Console output (DevTools) whenever the script asks for it. The more evidence at fails, the faster the fix.
Roadmap
Product items tracked by phase · pre-pilot → pilot → post-pilot Q3 → post-pilot Q4+
🔴 Pre-pilot (must land by May 26)
| ID | Title | Priority | Status | ETA |
|---|---|---|---|---|
| tester-quickstart | Send pilot quickstart to Oli + Oscar | critical | scheduled | Day 23-24 ASAP |
| Highest-leverage pending action. 5 minutes of founder time = ~30 hours of tester coverage. V2 quickstart docx already exists. | ||||
| F211-data | Tracker data-model migration | high | scheduled | Day 24-25 |
| Add role_title, outcome, notes, last_accessed_at columns to resumes table. Update Customize flow to write at row creation. ~1 hour. Protects 15 days of pilot data quality. | ||||
| slack-channel | Slack #xjobsfinder-pilot-bugs | high | scheduled | Day 23-24 |
| Channel for parallel tester reports. Without it, reports queue in email. 90 seconds to set up. Compounds for 15 days. | ||||
| F207 | Paywall premature trigger investigation | low | scheduled | Day 24 |
| Observed during Day-22 production validation. Diagnostic needed. ~30 min. | ||||
| F206 | Post-Google-signin redirect fix | low | scheduled | Day 24 |
| Lands on /voice page instead of dashboard. ~10 min single-line fix in auth.js callback. | ||||
🟡 Pilot window (May 26 - Jun 9)
| ID | Title | Priority | Status | ETA |
|---|---|---|---|---|
| F203 | Email typo domain validation | medium | logged | during pilot |
| Signup accepts gmaiil/yahpo/etc. Phantom users created. Founder hit 3 in one debugging session. | ||||
| F199 | paid_grant pegged to resume_id | high | logged | Q3 early |
| Affects Quick Match — user pays for resume A, gets free downloads of resume B. Blocks Quick Match v2 GA. | ||||
| F200 | Free quota refresh lifetime (not monthly) | medium | logged | during pilot |
| cycleStart math gives 30-day refresh; should be lifetime. Slow leak; won't show in pilot but contradicts product model. | ||||
🟢 Post-pilot Q3 (Jun-Aug 2026)
| ID | Title | Priority | Status | ETA |
|---|---|---|---|---|
| F209 | Interview Agent — top-level CTA + Builder | high | spec authored | Q3 2026 |
| Repositioning Interview from end-of-funnel buried feature to first-class revenue surface. Conversational Builder (5-7 Qs), three entry points, cheatsheet artifact. Full spec: Interview-Agent-Framework-Spec-v1.0-2026-05-11.docx | ||||
| F211-ui | Tracker findability UI (search + filter + sort) | high | logged | Q3 2026 |
| Power-user findability. Search across JD + resume + company. Filter by company / role / date / outcome. Sort by recency / score / outcome. Data model lands pre-pilot; UI here. | ||||
| F212 | Outcome tracking UI | medium | logged | Q3 2026 |
| Status dropdown on each tracker row (callback / interview / offer / declined / no_response / waiting / withdrew). Drives long-tail member value. | ||||
| mcp-connectors | MCP connectors (Linear / Slack / GitHub) | low | logged | Q3 2026 |
| Compounding leverage: bug-in-Slack → automatic Linear issue → patch → push. ~30 min setup once. | ||||
🔵 Post-pilot Q4+ (Sep+ 2026)
| ID | Title | Priority | Status | ETA |
|---|---|---|---|---|
| F213 | Pro / Consultant tier UX + entitlement gating | medium | logged | Q4 2026 |
| Tier-aware UI views, Pro/Consultant upgrade pages, entitlement-check middleware. Schema ready (users.role + paid_grants), UX work needed. | ||||
| voice-mode | Voice mode for Interview Agent | low | logged | TBD evaluate |
| Practice out loud with the agent (ElevenLabs already wired). Defer; let pilot data signal demand. | ||||
| F204 | Email confirmation at signup | medium | deferred | post-pilot |
| Security hardening. Add verification flow before public launch. | ||||
| F205 | Password-reset audit table | low | deferred | post-pilot |
| Debugging quality. Track every password reset request server-side. | ||||
Decisions log
Strategic pivots and architectural calls · with rationale and quote when relevant
Local-as-baseline strategic pivot
May 2, 2026Halted all production patching. Adopted: clean local first, fresh prod redeploy from clean baseline. Tag v2.0-baseline at end of Phase 2.5.
"Our local version is the baseline. The server version was somehow contaminated by cousin. Prod is the mere result of a BLOATED local code so it is misbehaving inherently."
Production frozen until v2.0-baseline ships
May 2, 2026No production deploys allowed during architectural cleanup. Tester comms drafted to communicate freeze. Prevents drift between local cleanup and prod state.
Phase 4 (frontend modularization) deferred to post-pilot
May 2, 20268-module decomposition (per Anatomy doc) is the target architecture but will not happen pre-pilot. Phase 1.5 + Phase 2 alone deliver enough cleanup for a clean baseline. Modularization can happen post-launch.
Audit organized by 5 architectural layers, not flat type taxonomy
May 2, 2026Per Day 12 system diagram. Each layer audited independently before crossing boundaries. Better than alphabetical or chronological organization for surfacing structural issues.
Three-document governance system established
May 3, 2026Best Practices Playbook (founder reference) + Agent Briefing Template (paste at session start) + Session Compliance Checklist (end-of-session audit). Together: complete agent-partnership governance with full enforcement via end-of-session ritual.
"It is probably a bit of a maintenance nightmare but worth the investment upfront." — founder articulating the discipline tradeoff
F55 + I12 logged — "user always logged in" mystery diagnosed
May 3, 2026Connected F38 (auth in localStorage) + F50 (5 writes / 1 cleanup) + F51 (PII never cleared) + F54 (logout incomplete) into a single architectural diagnosis: missing session housekeeping pattern. Resolution queued to Phase 2.
Pre-pilot fix sprint — ship pay flow end-to-end
May 9, 2026 (Day 21)Adopted: spend Day 21-22 closing the ATS-compliance flow defects so testers can run a complete journey in production. F74, F124, F192, F193, F197, F198 scoped as one branch (fix/resume-ats-compliance). Locally verified via stripe-cli forwarding before merge to main.
Stripe webhook routing moved from defunct GCF to Railway
May 10, 2026 (Day 22)Production webhook endpoint was still pointed at us-central1-xjobs-app.cloudfunctions.net (disabled). New endpoint added in Stripe dashboard pointing at Railway. STRIPE_WEBHOOK_SECRET env var updated. Old GCF endpoint left disabled (F157 closed).
paid_grants entitlement DB table created in production
May 10, 2026 (Day 22)Production Postgres was missing paid_grants. CREATE TABLE run via Railway's Postgres query interface. db:init script doesn't run on Railway deploys; one-off SQL is acceptable when schema additions are idempotent (CREATE IF NOT EXISTS).
F189-early-wipe is now CONDITIONAL on session health
May 11, 2026 (Day 23)Original F189 wiped localStorage on every page load to close session-bleed. Side effect: legitimate hard-refresh destroyed JWT + activeResume keys, kicking authenticated users to login. Fix: wipe only fires when (a) no token + orphan state, (b) token without user record, (c) corrupt user record. Healthy auth reload preserves everything; server validation via refreshUserProfile is the correct gate.
We need the dashboard to be independent so that the testers and I can see it and track bugs and project updates through it — founder, clarifying scope after a misread routing change
dashboard.xjobsfinder.com kept as project-status URL
May 11, 2026 (Day 23)Custom domain serves Documentation/Dashboard/XJobs-Tester-Preview.html (this page), not app.html. App stays at xjobs-final-production.up.railway.app. Two URLs, two audiences. Tester quickstart references both clearly.
Interview Agent Framework v1.0 — product spec authored
May 11, 2026 (Day 23 PM)Full architectural spec for repositioning Interview Agent from end-of-funnel buried feature to first-class top-level CTA. Covers: three entry points (standalone, post-customization, pre-ATS), conversational Interview Builder (Ava-style 5-7 questions producing framework object), cheatsheet artifact as parallel to customized resume, tracker integration, entitlement model + future Pro/Consultant tiering. Spec deliverable: Interview-Agent-Framework-Spec-v1.0-2026-05-11.docx in repo Documentation/Specs/. Implementation deferred to Q3 (post-pilot). Cross-references findings F209, F210, F211, F212, F213.
$5 transactions are the funnel. The accumulating tracker is why members stay. — Day-23 architectural session, identifying the member-archive thesis
F211 reframed: FIFO rejected, findability + outcome tracking adopted
May 11, 2026 (Day 23 PM)Initial F211 design proposed a 5-resume cap with FIFO auto-archive. Founder use case (100 resumes/year as consultant) revealed this would actively harm the power-user persona. Reframed: NO cap on tracker. Findability via search + filter + sort. Outcome tracking column (F212) on every row. Pre-pilot work: data-model columns must land before May 26 so retroactive data is captured correctly (role_title, outcome, notes, last_accessed_at). UI work post-pilot Q3.
I literally create about 100 resumes per year as an independent consultant — that is one of the BIGGEST pain points as I don't remember when, who and what. — founder identifying himself as the customer voice that overrides the elegant-but-wrong FIFO design
How we work
The discipline behind the build · why every session counts
Why this matters for you
You're testing a product built by one founder partnered with AI. Most people assume that means low quality. We're proving the opposite. Every session is documented. Every decision is captured. Every risk is tracked. When you see a feature change, a tester pause, or a release date — there's a paper trail behind it.
The rhythm
Daily: Each working session ends with a written closeout. State of the project, decisions made, what's next. No mental TODO lists.
Weekly: Strategic review. Phase progress assessed. Risks updated. Tester feedback integrated.
Per release: Tagged baseline. Tested smoke paths. Then deployed. Never the other way around.
What this looks like in practice
When you report a bug, it gets logged with an ID, a severity, and a phase target. You can see when it'll be addressed. When we pause testing, you know why and when it resumes. When the pilot launches May 26, it'll be against a baseline we've audited end-to-end — not a hopeful guess.
Document library
Strategic and project documents · evidence of the work
Strategy + planning
- App Development Best Practices Playbookv1.0
- Agent Briefing Templatev1.0
- Session Compliance Checklistv1.0
- Local-Baseline Reset (the pivot)May 2
- Anatomy + Lean-Down PlanApr 29
- Refactoring Plan v2May 2
- Phase 2 Execution Planv1
- Roadmap Enhancementsv1.2
Daily close-outs
- Day 10 Close-OutApr 30
- Day 11 Close-Out Part IIApr 30
- Day 12 Close-Out + EveningMay 1
- Day 13 Close-Out + PM MasterMay 2
- Day 14 Close-OutMay 3
- Day 15 + 15 PM Close-OutsMay 4
- Day 16 PM MasterMay 5
- Day 18 Master + AddendumMay 6
- Day 19 MasterMay 7
- Day 21 HandoffMay 9
- Day 22 Production ValidationMay 10
- Day 23 Dashboard RefreshMay 11
Product specifications
- Interview Agent Framework Specv1.0 · May 11
Tester materials
- Pilot Test Tester Quickstart (FINAL V2)May 10
- TestExec Audit (Jorge)May 9
- Regression Matrix (xlsx)May 9
Reports
- Sprint Report (April 27)Apr 27
- Email Infrastructure Setup RecordMay 1
- Stripe Webhook Re-routing RecordMay 10
- F194 Session Preservation SurgeryMay 11
- F208 Quick Match Null-Resume FixMay 11
This dashboard
- Tester preview (this page)v1.3
- Last refreshedMay 11
- Refresh cadenceper session
Operations - Founder Reference
Hidden by default. Bookmark this URL with #operations on the end.
Quick reference - the things you forget
Daily open ritual (5 min)
Daily close ritual (15-25 min target)
Situational - what to do when things look wrong
| Symptom | What to do |
|---|---|
| "User logged in" in fresh incognito | F177/F182 family - should be closed by F186. Run env-status, hard-refresh, check console for [housekeeping] line. |
| Match scores all 50% / 0/N | F183 regression. Check console for [F183] resume hydrated (both scopes). If missing, /api/resume/current is failing. |
| Connect Gmail shows sign-in form | F181 regression. Check /gmail/authorize route in api.js still has JWT verification. |
| env-status.sh shows DRIFT (production) | Railway deploy may have failed. Wait 2 min, re-run. If persists, check Railway logs. |
| env-status.sh shows DRIFT (local vs origin) | You forgot to push, OR you pulled changes you don't have. git status + git log --oneline -5 tells the truth. |
| "This used to work" report | F180 foot-cannon. First check: URL bar - localhost or file://? File:// = stale Downloads copy. NOT a real bug. |
| Local server EADDRINUSE port 4000 | Another node process running. lsof -ti :4000 | xargs kill -9 |
| Production looks broken | 1) env-status to confirm what's deployed. 2) If genuinely broken: git revert <bad-commit> && git push. |
The 4 canonical documents
| Document | When to update | Use it for |
|---|---|---|
| AGENT-ONBOARDING.md | Only when patterns change | The contract every agent reads. 19 sections. |
| HANDOFF.md | Every session close | CURRENT STATE block + append-only session log. |
| phase1audit.md | When findings change | The truth about every bug. Append-only. |
| SPRINT.md | End of every working day | Day-by-day plan. Replaces old DAY-N-MASTER pattern. |
Quick commands - copy-pasteable
| Need | Command |
|---|---|
| Check env sync | bash ~/xjobs-final/scripts/env-status.sh |
| What's the current production SHA | curl -s https://xjobs-final-production.up.railway.app/api/version | python3 -m json.tool |
| What's my local HEAD | cd ~/xjobs-final && git log --oneline -1 |
| Recent commits | git log --oneline -10 |
| Working tree status | git status |
| Start local server | cd ~/xjobs-final && node server/index.js |
| Kill stuck server on port 4000 | lsof -ti :4000 | xargs kill -9 |
| Find a finding in the audit | grep -n "F183" ~/xjobs-final/Documentation/Audit/phase1audit.md |
Canonical documents - one-click access
Click any document to open it in a new tab. Use Cmd+A then Cmd+C to copy the entire contents, then paste into a new agent chat as needed.
| Document | Use it for | Open |
|---|---|---|
| AGENT-ONBOARDING.md | The contract every new agent reads first. Paste into chat at session start. | Open in tab |
| HANDOFF.md | Current state + per-session log. Paste into chat at session start, after onboarding. | Open in tab |
| SPRINT.md | Day-by-day plan from Day 20 to pilot. Day cards show what is planned. | Open in tab |
| phase1audit.md | 1758 lines of finding history. Reference when investigating known bugs. | Open in tab |
Tip: to start a new agent session quickly, open AGENT-ONBOARDING.md and HANDOFF.md, copy each into the new chat in that order. The agent now has full context.
Recent close-outs - last 5 in Documentation/Weekly/
Auto-populated from the repo. Most recently modified files first. Older files stay in the repo as archive but stop appearing here once newer ones are added.
| Filename | Modified | Open |
|---|---|---|
| Loading... | ||
"Slowly but surely beats the race."