📈 Strategy War Room
Living go-to-market strategy for the independent-consultant wedge — the plan, the numbers, the rivals, and the first feature. Read anytime.
Click a document above to read it.
🧪 QA Board
Live test results — automated agent runs + manual checks. Auto-refreshes every 10s while open. Source: /api/test-results.
Loading…
📋 Changelog & Daily Log
The living record of what shipped, day by day — updated daily. Replaces the old Word-doc handoffs.
Loading…
💳 Payments & Paywall
Every paid gate at a glance — does the paywall fire, does paying unlock it, and can anything be reached without paying (or without even logging in). Verified 2026-06-25; re-run the scripts at the bottom to refresh.
The four paid features
| Feature | $ / use | Paywall fires | Paying unlocks |
|---|---|---|---|
| ATS Scan | $5 | ✅ 6/6 | ✅ 5/5 |
| Customize | $5 | ✅ 6/6 | ✅ 5/5 |
| Interview | $5–15 (by gaps) | ✅ 6/6 | ✅ 5/5 |
| AI Résumé | $5 | ✅ 6/6 | ✅ 5/5 |
Free allowance is set per-feature in Admin → plan limits. Prod = 0 (paywall on first use). Local = 1 (one free, then paywall). Pro = $19.99/mo. Usage tracked in feature_usage; the free run in subscription_cycles.
How paying works
- Per-use ($5) → Stripe Checkout → on payment the webhook writes a paid grant → the feature unlocks once.
- Pro ($19.99/mo) → Stripe →
activate-subscriptionflips the user to Pro (now auth-gated, Tier 1). - Stripe is in TEST mode — card
4242 4242 4242 4242. Locally the webhook needsstripe listen --forward-to localhost:4000/api/stripe/webhook.
🔒 Anonymous bypass status
Can a request with no login at all reach a paid endpoint? (probe: scripts/paywall-anon-probe.js)
| Endpoint | Status |
|---|---|
| Activate Pro | 🟢 gated — Tier 1 ✓ |
| Reset usage | 🟢 gated — auth + subscribers only (free user → 403) |
| Usage · Cycle create | 🟢 gated |
| Interview chat / questions / score | 🟢 gated — Tier 2 ✓ |
| Customize download | 🟢 gated — Tier 2 ✓ |
| Résumé DOCX (download) | 🟢 gated — Tier 2 ✓ (post-signup) |
| AVA chat (builder) | 🟢 open by design — anonymous build funnel; rate-limited 50/15min per IP |
Tier 1 ✓ — locked activate-subscription (was: anyone could flip any account to Pro with no payment). Tier 2 (in progress) — a global auth-attach wrapper makes every logged-in /api/ call carry the token, then each delivery endpoint is gated. Hardening complete. 9 of 10 endpoints are auth-gated; the 10th — AVA chat, the anonymous "build before you sign up" funnel — stays open by design but is now rate-limited (50 requests / 15 min per IP) to cap the Claude-cost abuse vector. activate-subscription ✓ (Tier 1) and reset-usage ✓ (now auth + subscribers-only — a free user POSTing it gets 403, verified) are both closed.
Re-run the checks
node scripts/paywall-gate-check.js # paywall fires (all 4) node scripts/paywall-pay-check.js ats # paying unlocks (per feature) node scripts/paywall-anon-probe.js # anonymous bypass status # against prod: BASE=https://xjobs-final-production.up.railway.app node scripts/paywall-gate-check.js
Full writeup: Documentation/Testing/Paywall-Gate-Tests.md.
🦸 SUPER QA
The single source of truth. Every QA agent — each tester's Sidekick plus the automated suites — is a child that reports up to the SUPER QA, which consolidates everything into one deduped, prioritized defect list (same bug from 3 testers → 1 defect), each carrying the screenshot of what was seen.
You don't need to decode the diagram below. Your only job: when something looks broken, confusing, or just off — click the red 🐞 “Found a bug?” button. This page is simply where every report lands, sorted so we fix the most important things first.
Sidekick 🐞 Oli
Sidekick 🐞 Oscar
Sidekick 🤖 Automated
financial · E2E 🤖 Health Sentinel
live error watch
Click 🦸 Consolidate and the SUPER QA will read every child's findings and build the prioritized defect list.
📖 Product Walkthrough — SME Agent
How to run the Interview Trainer end to end — present it live, or hand it to a tester. open the raw doc ↗
Loading…
🩺 Health Console
Live status of every process — a flight board for the app. 🟢 healthy · 🟡 degraded · 🔴 down. Auto-refreshes every 15s, fed by the 🤖 Health Sentinel. (Interim home — moving behind the Admin gate post-pilot.)
Loading process health…
📜 Audit Log
The full change trail from git — every change, newest first, with type, files touched, and lines added/removed. 🗑 marks removals/cleanups. Each hash links to the exact diff on GitHub. This is the immutable record: nothing changes without a commit here. Refresh with node scripts/qa/audit-log.js.
npm run verify runs the Button Matrix on every commit and fails the deploy if any handler goes dead.
💾 Backups & Restore
A MASTER BACKUP is a full, restorable snapshot of the entire codebase — code, git history, and all assets. If anything ever breaks, you can roll back to a known-good state yourself, without help. Every restore is reversible (it snapshots your current state first).
| GitHub tag | master-backup-06-26-26 | ✓ offsite |
| GitHub branch | backup/master-06-26-26 | ✓ offsite |
| Full tarball | ~/xjobs-backups/MASTER BACK UP 06-26-26.tar.gz | 239 MB · local |
Open a terminal in the project folder and run this. It lists every backup, lets you pick one, and saves your current state first so you can always undo:
bash scripts/restore-backup.sh
1) Git tag — resets the code in place to a backup (fast, reversible — it tags your current HEAD as a rescue point first).
2) Tarball — extracts a full snapshot to a new folder, so your live repo is never touched.
🗺️ Flow Blueprint
The map of every user journey — read left-to-right. Forks (⑂) show where a path diverges into alternative avenues that reconverge (⨝) before moving on. Each step is color-coded by how we cover it.
Loading the blueprint…
🎬 Teleprompter
Open this on a second device (iPad / phone) beside your screen, hit ▶ Play, and read the walkthrough naturally while you screen-record the live app. Toggle Tester (includes the report-a-bug part) vs Pilot (product only).
Tip: press Space to play/pause, R to restart. The controls live on your iPad — they won't appear in your screen recording (you record the Mac, not the iPad).
Overview
Live activity + status — auto-derived in real time (no manual updates)
🛰 Live Project Status · auto-derived, no manual updates
loading…🚀 Today's deploys Jun 9 · branch in dev
feature/ava-conversational, NOT yet on main/prod. AVA is now a full voice-first guided conversation (talk or type → résumé built live): typed/verified contact card, guided industry→role→experience chips, skills checklist, structured role form (Present-default dates), sample-accomplishment picker with [bracket] metric placeholders highlighted yellow + a fill-in helper, review/edit-redact, 3-style template picker (recolors the .docx too), and DB-persisted résumés. No double-charge: re-entry offers free Edit (capped at 3) vs paid Build new; interview is a separate gate. Interview Confidence Builder gets a live traffic-light scorecard (amber-not-red, coaches not grades), pacing controls (Next question / Next skill), and one-click/Enter submit. Edge-TTS (natural female voice) crypto fix.⚡ Today's activity 9 events
📋 Open actions by role what's needed from each person right now
Founder (Jorge)
- Send Pilot Test Quickstart V2 to Oli + Oscar with production URL + credentials
- Set up Slack channel #xjobsfinder-pilot-bugs (private; Oli + Oscar + Jorge)
- Investigate F207 — paywall fires earlier than expected for fresh production users
- Investigate F206 — post-Google-signin lands on voice/mike page instead of dashboard
- Begin Quick Match flow on fix/resume-quick-match branch (cherry-pick F201/F202/F194 to sync with main first)
- Explore MCP connectors at https://claude.ai/settings/connectors (Linear / Slack / GitHub)
Oli (Tester)
- Run Scenario 1 (ATS resume flow) end-to-end against production. ~10 min. Production URL: https://xjobs-final-production.up.railway.app
- Run Scenario 1B (Auth flows: Forgot Password + Continue with Google) ~5 min
- Report any P0 flag (Scenario 1 steps 10, 12, 14, 15, 17, 19 / Scenario 1B steps B, C, D, G) immediately via #xjobsfinder-pilot-bugs once channel exists
- Stripe receipt photo: keep for reimbursement
Oscar (Tester)
- Same as Oli — independent run of Scenario 1 + Scenario 1B against production
- Use credentials tester+oscar-pilot1@gmail.com / TestF193!2026
- Note any UX friction beyond the 28 steps — first-time-user perspective valuable
📊 Reference status — phase progress, KPIs, week narrative (click to expand)
Phase progress7 phases · launch May 26
What's happening this week
Production is stable. Over Day 21-23 the pre-pilot fix sprint closed 9 defects in the ATS resume optimization flow: auth-gated Stripe checkout (F74), authenticated-email pre-fill (F192), durable paid_grants entitlement (F193 + F124), re-downloadable preview (F197), HTML cache headers (F198), session-preserving hard refresh (F194), forgot-password UX (F201 + F202), plus Stripe webhook routing repaired. Every fix verified end-to-end in production by the founder. The remaining open items (F199, F200, F203-F207) are tracked in the Findings section.
What you can do for now
Run the pilot quickstart — Jorge has sent you the 28-step test plan covering the ATS flow and auth flows. ~15-20 minutes total. Production URL: https://xjobs-final-production.up.railway.app. Any RED flag at the P0 checks (steps marked with stars) gets reported immediately. Everything else goes into the bug channel for triage. Thank you — your eyes catch what the founder's can't.
Product Vision
The canonical product principles and roadmap for XJobs. Read these to understand what we are building and why.
📜 Career Optimization, Agentic
Five Career Optimization Agents (Ava Resume Builder, ATS Compliance, Job Exchange, Interview Prep, Tracker). Five operating principles: each agent stands alone; in-place modification with yellow highlights, never parallel rewrite; watermark as legal frame; hand-hold without coupling (dating model); memory is the moat. Top-up credits, not subscription.
v0.1 · Day 27 · 230 lines
→ Read on GitHub🗺️ Product Roadmap
F225-F239 sequenced priorities. P0 pre-pilot blockers (ATS rebuild, watermark port, session leak). P1 foundational (memory layer, history dashboard, top-up pricing). P2 strategic value-adds. P3 long-range (Application Agent, bilingual, B2B).
v0.1 · Day 27 · 171 lines
→ Read on GitHubProject timeline
Gantt overview · Day 1 → Day 26 cards · gaps marked for backfill
Day-by-day cards
Day 1 — Project kickoff
Initial project conception, vision, founder commitment. Specifics to be reconstructed from memory + any early notes.
Days 2–7 — Initial development sprint
First wave of development. Resume builder, ATS analysis, basic UI. Vendor integrations stood up (Google OAuth, Stripe, Anthropic, ElevenLabs). Specifics need reconstruction from git log.
Day 8 — April 27 sprint
Sprint shipping multiple fixes including the Remotive job-board fallback for empty Gmail scans, scoreJob null guard, and several UI polish items. Sprint report generated. Several of these fixes were silently reverted by later cousin sessions — a pattern that drove the May 2 strategic pivot.
Day 9 — Tester rotation 1 begins
First tester rotation. Initial feedback gathered. Specifics need reconstruction.
Day 10 — Anatomy + lean-down plan
First strategic anatomy doc — XJobs codebase decomposed into 8 frontend modules. The "destination map" for eventual modularization. Phase 4 (frontend modularization) explicitly deferred to post-pilot during this work.
Day 11 — Refactor planning
Refactoring plan v2 drafted. AKA Identity Model spec written. Phase 2 execution plan articulated. Bug audit begun.
Day 12 — System architecture diagram
5-layer architecture diagram produced. Layer 1 (Browser) → Layer 2 (Frontend) → Layer 3 (Server) → Layer 4 (Postgres) → Layer 5 (Vendors). This becomes the framework for the May 2 Phase 1 audit.
Day 13 — Strategic pivot day
Morning walkthrough surfaces 14 production bugs. Mid-walkthrough, founder reframes the entire problem: "local is the baseline, prod is bloated by cousin contamination." Strategic pivot adopted: clean local first, fresh prod redeploy. Phase 1 audit begins. 18 findings catalogued by EOD afternoon. Master close-out + RAID register established.
Day 13 PM — Audit acceleration
Evening side-quest: working local demo confirmed. OAuth redirect URI fixed in Google Cloud Console. ScoreJob null guard re-applied (regression from April 27 confirmed). New issues logged: I10 (stale JWT cross-environment), I11 (double Google OAuth flow). Master close-out doc with embedded dashboard, scorecard, and Gantt produced.
Day 14 — Layer 2 deep dive
JS function inventory completed (~290 functions across 26 clusters). All 66 fetch() calls audited — 31 unique endpoints catalogued, the complete Layer 2 → Layer 3 contract. localStorage subsystem fully mapped: 85 touchpoints, 17 new findings (F38–F54). F55 logged: missing session housekeeping pattern, root cause of "user always logged in" mystery. Three governance artifacts produced: Best Practices Playbook, Agent Briefing Template, Compliance Checklist.
Day 15 — Layer 3 audit (server)
Audited api.js (2,065 lines), auth.js, email.js, index.js. Cross-referenced against Day 14's 31-endpoint frontend contract. F129/F130/F143/F147 logged. F143 resolved during session (Resend domain verified as xjobsfinder.com). Layer 3 reached 88% by EOD.
Day 15 PM — Recovery + cluster-bounding
Late-session base64 paste corrupted phase1audit.md (49 lines mojibake appended). Clean recovery via head -n 801 truncation; forensic backup retained. Env-validation cluster definitively bounded at 3 vars (F129 + F130 + F147). Lesson logged: chunked base64 file-transfer method retired.
Day 16 — Layer 4/5 audit + governance docs
Postgres + vendor audit completed. Phase 1 reaches 100% by EOD. Founder articulates governance need: an 'agent onboarding contract' so future agents inherit context instead of starting cold. Foundation laid for permanent governance documents.
Day 17 — Phase 1.5 deletion + early identity work
Phase 1.5 surgical deletion: confirmed duplicate-ID zombies removed (F5, F9, F11, F13). Started groundwork on the AKA Identity refactor: localStorage subsystem cleanup planning, identification of every state-leak surface.
Day 18 — Recurring JWT bug + late-night governance ship
Recurring Gmail OAuth JWT bug surfaced for the third time across sessions (F181). Root cause finally traced: 6 frontend call sites all manually passed userId; missing one silently produced orphan tokens. Surgical fix: server-side JWT verification on /gmail/authorize, single source of truth. Late-night session also produced two permanent governance documents: AGENT-ONBOARDING.md + HANDOFF.md.
Day 19 — JWT push + smoke test reveals new findings
F181 (server-side JWT verification) + F171 (double Gmail scan elimination) pushed to production. Production smoke test verified both fixes working. Test surfaced two pre-pilot blockers: F183 (resume state lost during user flow), F184 (signup gate not enforced). Evening: F183 v2 + F186 housekeeping shipped end-to-end. v2.0-baseline effectively delivered.
Day 20 — Polish + Part C cleanup
Part C of F186 housekeeping: user-scope the 6 remaining untagged resume writes + 4 gmail writes. F184 signup gate enforcement. Tester re-engagement message (Oli + Oscar) drafted.
Day 21 — Pre-pilot bugfix sprint begins
F74 (auth on Stripe create-checkout-session), F124 (webhook idempotency), F192 (paywall email correctness), F193 design (paid_grants entitlement system) — scoped, branched (fix/resume-ats-compliance), and three landed locally with stripe-cli forwarding validation. F197 + F198 also shipped (re-downloadable preview + HTML cache headers). 4 commits on branch by EOD.
Day 22 — Production ship + 9 fixes verified
Marathon session: F193 + F124 + db-init repair committed. F201 + F202 (Forgot Password UX) committed. Branch pushed, PR opened, merged to main. Stripe webhook re-routed to Railway endpoint. paid_grants table created in production DB. Production end-to-end validated by founder: signup → resume → ATS → paywall → $5 → DOCX → re-download. Tester quickstart V2 generated. 9 findings closed total over 2 days.
Day 26 - five-deploy bug cluster fix (Oscar investigation)
Oscar reported Quick Match returning 0% with broken UI (Target Position placeholder). Investigation cascaded through five distinct bugs across cache, server, frontend, and UX layers - all shipped same day. F215 cache poisoning protection (cf7dedb). F216 /parse-jd silent placeholder fallback replaced with proper HTTP 500 (66f5865). F218 browser alert replaced with inline error and input preservation (c920664). F220 - the big one: paste path removed, upload guardrails (file size, extension, text length, JD signal-words, resume-similarity hard reject), low-match warn modal at <30% threshold, Tips section above upload area (465fc8d). Plus subtitle copy hygiene (a41d3ed). FIVE production deploys in one day, all clean, all verified. F217 (ATS hallucinating fake experience claims for users) discovered during investigation - logged, deferred to Day 27 as P0.
Test-run intake pipeline built and deployed: Tally form embedded on dashboard (Submit a run section), Google Sheet retrofitted with 19 historical findings as RUN-0001 through RUN-0019, Tally-to-Sheets integration verified with smoke test. Loop closed: tester submits then email to Jorge then row in sheet. Same night, Oli reported F214 (Continue with Google missing on download-gate modal) - diagnosed, fixed via continueWithGoogleForDownload() wrapper calling existing googleSignIn() handler, deployed (a501d35), and personally verified on production through BOTH paths (Incognito email-entry plus regular Chrome account picker). Bug-to-fix-to-prod: under 4 hours.
Day 23 — F194 close + dashboard refresh (today)
F194 closed: both F189 wipes now conditional on session health. Hard refresh preserves JWT + activeResume + resumeCache. Verified end-to-end on production. Dashboard (this page) refreshed from Day 14 → Day 23 content. New Findings section added so testers see open issues + recent resolutions at a glance.
Days 24-25 — Final polish + Quick Match sprint start
Remaining open findings F199 (per-resume entitlement) + F200 (lifetime free quota) addressed. F206 (Google-signin redirect) + F207 (paywall premature trigger) — small surgical fixes. Quick Match flow scaffolding begins on fix/resume-quick-match branch. Tester rotation 3 feedback intake.
Days 26-34 — Pre-launch + buffer
DMARC. npm audit. Pre-launch polish. Pilot invitations sent. Soft launch prep. MCP connector exploration (Linear/Slack/GitHub) if time allows.
Day 38 — Pilot launch · BIG BANG
Pilot launches. 5+ weeks of disciplined founder work, 50+ findings catalogued and resolved or queued, complete audit trail, governance system in place. The discipline is the differentiator.
Findings
Open issues + recently resolved · what testers see, what's next, what's deferred
| ID | Title | Severity | Status | Target/Closed |
|---|---|---|---|---|
| F255 | 3-pane overwrites green "resume fixed" screen after optimization — analyzeATSStandards recalculates raw score (65) via setTimeout, stomping the optimized score (95) green card | high | resolved | closed Day 37 · Jun 2 |
| After processATSAfterPayment optimized the resume and re-scored to 95, showJobSourceSelector correctly rendered the green "score >= 80" card with Quick Match. But showAtsResultView fired via setTimeout(0) and recalculated from analyzeATSStandards() which returns the raw structural score (65), overwriting the green card with the yellow warning + purple button. Fix: skip the 3-pane re-render when window.atsOptimized is true. Found via [TRACER] logs during E2E testing. | ||||
| F254 | fireAts auto-runs full ATS optimization pipeline (animations, TTS, 3-pane view) on post-OAuth return — user only wanted to download | high | resolved | closed Day 36 · May 30 |
| runAtsPathBAfterAuth called processATSAfterPayment() which ran the full pipeline: processing animation, optimizeResume(), TTS voice narration, and showJobSourceSelector() with the 3-pane result view. User had already seen all of this pre-auth — they just needed the download. Fix: replaced processATSAfterPayment() with silent optimizeResume() + analyzeATSCompliance(), letting the existing previewId poll handle the download. Found during E2E Test 2.7. | ||||
| F253 | Late housekeeping IIFE wipes localStorage during OAuth landing — destroys resumeCache + pendingAts before post-OAuth handler stores token | high | resolved | closed Day 36 · May 30 |
| F189 early-wipe had OAuth guard (auth_token in URL → defer), but the second housekeeping IIFE at line ~15663 did not. It saw "no token" and called clearAllUserState, wiping resumeCache, pendingAts flag, and QM results before the post-OAuth handler could store the JWT. Fix: added same auth_token URL check to late housekeeping IIFE. Found during E2E Test 2.7. | ||||
| F74 | Stripe create-checkout-session requires auth | high | resolved | closed Day 21 · May 9 |
| Pre-fix, anyone could create a Stripe checkout in any user's name. Now requires valid JWT. | ||||
| F124 | Webhook idempotency on stripe_session_id | medium | resolved | closed Day 22 · May 10 |
| UNIQUE constraint + ON CONFLICT DO NOTHING. Event replay no longer produces duplicate grants. | ||||
| F157 | Stripe webhook routing → Railway endpoint | high | resolved | closed Day 22 · May 10 |
| Production webhook moved from defunct GCF endpoint to Railway. Events reach the new server. | ||||
| F183 | Resume hydrates from DB on every page load | high | resolved | closed Day 19 · May 7 |
| New /api/resume/current endpoint; refreshUserProfile writes to both window and module scopes. Fixes 'resume lost' during OAuth round-trip. | ||||
| F186 | Session housekeeping pattern | high | resolved | closed Day 19 · May 7 |
| clearAllUserState() called on logout, auth-failure, no-token init, and page-load. Closes F55/F177/F182. | ||||
| F192 | Paywall uses authenticated email, not parsed resume | medium | resolved | closed Day 21 · May 9 |
| Stripe modal pre-fills auth user's email. Privacy/correctness fix. | ||||
| F193 | paid_grants entitlement + post-payment download | high | resolved | closed Day 22 · May 10 |
| Webhook writes paid_grants row; verify-session is the backstop. Replaces in-memory paidSessions Set with durable DB-backed entitlement. | ||||
| F194 | Conditional wipes preserve session on hard refresh | high | resolved | closed Day 23 · May 11 |
| Both F189-early-wipe and F189-wipe-on-load now conditional on session health. JWT + resume survive Cmd+Shift+R. | ||||
| F220 | Quick Match accepted any input including resume-as-JD, produced inconsistent matches and used a browser alert() on failure | high | resolved | |
| F219 | Quick Match scoring non-deterministic - same input produced 85% then 63% on consecutive attempts with inverted Skills/Experience breakdown | medium | closed-by-feature-improvement | |
| F218 | Quick Match used browser-native alert() dialog on JD parse failure - off-brand, no input preservation, no actionable guidance | medium | resolved | |
| F221 | Resume parse determinism - same resume produces inconsistent resumeData (skills count, experience years, title, workHistory) across runs, causing downstream matching variance. Probable cause: temperature: 0 is not truly deterministic in LLM extraction | critical | open | |
| F217 | ATS-optimized resume template fabricated content for every user: hardcoded "5+ years experience", "revenue 30%+", "$1M+ budgets", 5 fake Key Achievements bullets, embedded pricing section. NO skills section. Real workHistory never rendered. Now replaced with real resumeData iteration. | critical | resolved | |
| F216 | /parse-jd endpoint silently returned placeholder Target Position/skills=[] on any failure - frontend trusted as valid data and rendered broken UI | high | resolved | |
| F215 | Disk cache (server/cache.js) persisted resume parses with empty/missing skills arrays - once cached, every re-upload returned broken empty-skills result forever | high | resolved | |
| F214 | Continue with Google missing on download-gate registration modal | high | resolved | |
| F208 | Quick Match crashed on null resumeData | high | resolved | closed Day 23 · May 11 |
| Reported by tester (Oli) during Day-23 production rotation. Match analyzer threw 'Cannot read properties of null (reading skills)'. Fix: runQuickMatch now rehydrates from /api/resume/current if resumeData is null/empty, falls back to friendly 'Please upload resume first' alert. Plus defensive guard at top of calculateQuickMatchScore. | ||||
| F197 | Re-downloadable preview (24h TTL) | medium | resolved | closed Day 22 · May 10 |
| Once paid for an ATS optimization, user can re-download the same resume. One $5 = unlimited re-downloads of that preview. | ||||
| F198 | No-cache headers on all HTML routes | medium | resolved | closed Day 22 · May 10 |
| no-store / no-cache / must-revalidate on every HTML response. Testers always see fresh HTML after deploy. | ||||
| F201 | Forgot Password echoes entered email back | low | resolved | closed Day 22 · May 10 |
| Reset success message reads 'If an account exists for <typed-email>...' Catches typos at submit time. | ||||
| F202 | OAuth-only users get Google-hint, not silent skip | medium | resolved | closed Day 22 · May 10 |
| Forgot Password on Google-signed-up account shows blue 'Use Sign in with Google' panel. Acceptable enumeration trade-off. | ||||
| F199 | paid_grant not pegged to resume_id | high | open | target: Day 24-25 |
| Affects Quick Match flow when shipped — user pays for resume A, gets free downloads of resume B. Doesn't impact current ATS flow. | ||||
| F200 | Free quota refreshes every 30 days | medium | open | target: Day 24-25 |
| cycleStart math gives lifetime → 30 days. Slow leak; won't show in pilot but contradicts product model. | ||||
| F203 | Signup accepts typo'd email domains | medium | open | target: Post-pilot |
| gmaiil, yahpo, gnail etc. accepted without warning. Phantom users created. Founder hit this 3 times in one debugging session. | ||||
| F206 | Post-Google-signin lands on voice/mike page | low | open | target: Day 24 |
| Cosmetic but visible. Should land on dashboard. Trace /api/auth/google/callback redirect target. | ||||
| F207 | Paywall fires earlier than expected for fresh users | low | open | target: Day 24 |
| Observed during Day 22 production validation. Paywall on FIRST download instead of second. Likely cycleStart math or plan_limits fallback. | ||||
| F204 | No email confirmation at signup | medium | deferred | target: Post-pilot |
| Security hardening. Add verification flow before public launch. | ||||
| F205 | No password-reset audit table | low | deferred | target: Post-pilot |
| Debugging requires server log scrape + Resend dashboard. Polish item. | ||||
Test results
What was tested · where · how it behaved · honest pass-fail tracking
Environments under test
| Field | Local (dev box) | Production (Railway) |
|---|---|---|
| URL | http://localhost:4000 | https://xjobs-final-production.up.railway.app (also https://dashboard.xjobsfinder.com → project status page) |
| Build | fix/resume-ats-compliance @ 608b6b7 then e849c20 (F194) | main @ e849c20 (F194 LIVE) + 91ddbc5 (dashboard routing revert) + Day-23 commits |
| Tested by | Founder (Jorge) | Founder live walkthrough Day 22 (Stripe test mode, real card) |
| Test dates | Day 21 (May 9) + Day 22 (May 10) + Day 23 (May 11) | Day 22 (May 10) end-to-end + ad-hoc verifications Day 23 |
| Stripe mode | test, stripe-cli forwarding to localhost:4000/api/stripe/webhook | test, Railway webhook endpoint at https://xjobs-final-production.up.railway.app/api/stripe/webhook |
| Notes | Deep test bench. Every fix verified here BEFORE production deploy. Console logs captured per scenario. | F201, F202, F1, F10, F163 not yet re-verified in production — same code path as local, no schema diff, presumed stable. Tester rotation 3 will close these as PASS. |
Scenario 1 — ATS resume flow + auth flows
| ID | Test case | LOCAL | PRODUCTION |
|---|---|---|---|
| F74 | Stripe checkout requires auth (401 without Bearer) | PASS | PASS |
|
Local: /api/stripe/create-checkout-session returns 401 with no Bearer token; 200 with valid JWT. Production: Verified live: tester paid $5 successfully, no auth-bypass possible. | |||
| F124 | Webhook idempotency on stripe_session_id | PASS | PASS |
|
Local: UNIQUE constraint + ON CONFLICT DO NOTHING. Re-running same event = no dup row. Production: Production webhook deliveries return 200; no duplicate grants observed. | |||
| F183 | Resume hydrates from DB on every page load | RESOLVED | PASS |
|
Local: Pre-F194 was BLOCKED — early-wipe destroyed state before hydrate could fire. Post-F194 verified: console shows [F183] resume hydrated (both scopes), skills: 5 after hard refresh. Production: Live tester verified: 15 skills hydrate after hard refresh; dashboard shows resume. | |||
| F186 | Session housekeeping (clearAllUserState) | RESOLVED | PASS |
|
Local: Was over-firing on authenticated reload (F194 root). Now conditional on session health. Production: Production hard-refresh preserves JWT + user record + activeResume key. | |||
| F192 | Paywall uses authenticated email, not parsed resume | PASS | PASS |
|
Local: Stripe modal pre-fills auth user's email even when resume contained a different email. Production: Live tester verified: Stripe email matched signup, not the email in their resume. | |||
| F193 | paid_grants entitlement + post-payment download | PASS | PASS |
|
Local: Local stripe-cli forwarded webhook; paid_grants row created; download succeeded. Production: Live tester paid $5, DOCX auto-downloaded, no 'still syncing' alert. Webhook 200 returned. | |||
| F194 | Hard refresh preserves JWT + resume cache | RESOLVED | PASS |
|
Local: Both F189 wipes now conditional. Console shows '[F189] healthy auth reload — preserved state (F194 fix)'. Production: Production: 4 keys (xjobs_token, xjobs_user, activeResume_<id>, resumeCache_<file>) survive Cmd+Shift+R. | |||
| F197 | Re-downloadable preview (24h TTL) | PASS | PASS |
|
Local: After paying, 2nd/3rd/4th download succeed without paywall. Production: curl returns count=2 for 'F197: preview persists' marker in prod HTML. Live tester re-downloaded successfully. | |||
| F198 | No-cache headers on HTML routes | PASS | PASS |
|
Local: Response includes cache-control: no-store, no-cache, must-revalidate. Production: Production curl confirms headers present on /api/v1/health and root HTML. | |||
| F201 | Forgot Password echoes entered email back | PASS | not yet |
|
Local: Test 1 (typo): green message echoes 'bogus.typo@gmaiil.com'. Test 3 (real user): green message echoes 'jorgenreyes@yahoo.com'. Production: Not yet re-verified in production. Same code path as local; presumed stable but flag if you observe. | |||
| F202 | OAuth-only users get Google-hint | PASS | not yet |
|
Local: jorgenoelreyes@gmail.com (Google-only user) → blue 'Use Sign in with Google' panel with email echoed back. Continue with Google → picker → signed in. Production: Not yet re-verified in production. Same code path as local; presumed stable but flag if you observe. | |||
| Continue with Google | OAuth account picker (regular Chrome with Google session) | PASS | not yet |
|
Local: Day-22 false alarm closed. Code at server/auth.js:317 has prompt: 'select_account' correctly set. Production: Tester should verify in regular Chrome (not incognito) with active Google session. | |||
| F1 | ATS scan quota meters synchronous | PASS | not yet |
|
Local: Multiple meters showing identical values (1 free run). No visible discrepancy. Production: Re-check during pilot rotation. | |||
| F10 | Single ATS panel rendered (no duplicates) | PASS | not yet |
|
Local: Single ATS panel visible. No duplicate panels. Production: Re-check during pilot rotation. | |||
| F102 | Server-side pricing source-of-truth | PARTIAL | PARTIAL |
|
Local: Server now requires auth + uses authenticated email; PRODUCTS table has no canonical price column so client-supplied amountCents still consulted. Full server-side authority deferred. Production: Same partial state in production. Not pilot-blocking; flag for post-pilot. | |||
| F163 | ATS analysis no longer crashes on render | PASS | PASS |
|
Local: ATS analysis completed without crash from renderATSCompliance. Production: Live tester ran ATS analysis to completion in production. | |||
Reading the table. A green PASS or RESOLVED means the case was actively verified in that environment on the listed date. PARTIAL means the case passes for the user-visible flow but has a known caveat tracked elsewhere. BLOCKED means another finding is preventing the case from being verified — when that blocker closes, this case is re-run. "not yet" means the code path is shared with local (so we presume parity) but we haven't re-verified in production specifically. Tester rotation 3 will close those out and update this matrix.
Submit a test run
Closing the loop, every test execution flows through here, auto-logs to the team sheet, email lands in Jorge inbox
Test scripts — Master Test Pack
One standardized script per flow · the single source of truth · same scripts for testers and the pilot group · report via the 🐞 button (rolls up to SUPER QA)
🌐 Cross-browser coverage by design. We are deliberately testing across browsers to catch browser-specific issues that one tester alone would miss. Assignments for this round: Oli on Chrome (Cmd+Shift+N for Incognito), Oscar on Firefox (Cmd+Shift+P for Private), Jorge on Safari (Cmd+Shift+N for Private). Edge coverage queued for pilot v2.
⚠️ Browser hygiene matters. Always test in a fresh Incognito / Private window. Regular browsers accumulate state across sessions — old tokens, cached resumes, quota counters — which can cause confusing behavior that is not actually a bug. If a bug only appears in one browser, that is valuable signal — note your browser when submitting findings. If a bug reproduces across browsers, that is a real code issue worth fixing.
🧪 Pilot Test Pack — the standard set (one script per flow)
Everyone — testers and pilot group — runs these 7 scripts the same way and reports with the 🐞 Found a bug? button (rolls up to SUPER QA). Read the cover first, then your assigned flow. 📖 Cover & how-to-run →
| # | Flow | Script | Video | ~Time |
|---|---|---|---|---|
| 1 | Auth & Recovery | open | — | 8m |
| 2 | Resume · Fix it (ATS) | open | — | 12m |
| 3 | Resume · Build it (AVA) | open | — | 10m |
| 4 | Jobs · Find (Gmail/Yahoo/Boards) | open | — | 8m |
| 5 | Match · Quick Match → Exchange | open | — | 12m |
| 6 | Land · Interview (SME/Coach/Trainer) | open | — | 12m |
| 7 | Payments · Paywall & Upgrade | open | — | 8m |
Browsers: Oli = Chrome · Oscar = Firefox · pilot = your own. ⭐ steps = report immediately. Each script has a 🎥 "what to record" section — drop the video link into this table as you record. Status: 2026-06-25 · all 7 drafted.
📋 Action Items — what to prioritize
The live backlog: due dates, % complete, mark-done. Sorted soonest-first. Editable right here — and a floating dock keeps the top priorities in view on every screen.
Roadmap
Product items tracked by phase · pre-pilot → pilot → post-pilot Q3 → post-pilot Q4+
🔴 Pre-pilot (must land by May 26)
| ID | Title | Priority | Status | ETA |
|---|---|---|---|---|
| tester-quickstart | Send pilot quickstart to Oli + Oscar | critical | scheduled | Day 23-24 ASAP |
| Highest-leverage pending action. 5 minutes of founder time = ~30 hours of tester coverage. V2 quickstart docx already exists. | ||||
| F211-data | Tracker data-model migration | high | scheduled | Day 24-25 |
| Add role_title, outcome, notes, last_accessed_at columns to resumes table. Update Customize flow to write at row creation. ~1 hour. Protects 15 days of pilot data quality. | ||||
| slack-channel | Slack #xjobsfinder-pilot-bugs | high | scheduled | Day 23-24 |
| Channel for parallel tester reports. Without it, reports queue in email. 90 seconds to set up. Compounds for 15 days. | ||||
| F207 | Paywall premature trigger investigation | low | scheduled | Day 24 |
| Observed during Day-22 production validation. Diagnostic needed. ~30 min. | ||||
| F206 | Post-Google-signin redirect fix | low | scheduled | Day 24 |
| Lands on /voice page instead of dashboard. ~10 min single-line fix in auth.js callback. | ||||
🟡 Pilot window (May 26 - Jun 9)
| ID | Title | Priority | Status | ETA |
|---|---|---|---|---|
| F203 | Email typo domain validation | medium | logged | during pilot |
| Signup accepts gmaiil/yahpo/etc. Phantom users created. Founder hit 3 in one debugging session. | ||||
| F199 | paid_grant pegged to resume_id | high | logged | Q3 early |
| Affects Quick Match — user pays for resume A, gets free downloads of resume B. Blocks Quick Match v2 GA. | ||||
| F200 | Free quota refresh lifetime (not monthly) | medium | logged | during pilot |
| cycleStart math gives 30-day refresh; should be lifetime. Slow leak; won't show in pilot but contradicts product model. | ||||
🟢 Post-pilot Q3 (Jun-Aug 2026)
| ID | Title | Priority | Status | ETA |
|---|---|---|---|---|
| F209 | Interview Agent — top-level CTA + Builder | high | spec authored | Q3 2026 |
| Repositioning Interview from end-of-funnel buried feature to first-class revenue surface. Conversational Builder (5-7 Qs), three entry points, cheatsheet artifact. Full spec: Interview-Agent-Framework-Spec-v1.0-2026-05-11.docx | ||||
| F211-ui | Tracker findability UI (search + filter + sort) | high | logged | Q3 2026 |
| Power-user findability. Search across JD + resume + company. Filter by company / role / date / outcome. Sort by recency / score / outcome. Data model lands pre-pilot; UI here. | ||||
| F212 | Outcome tracking UI | medium | logged | Q3 2026 |
| Status dropdown on each tracker row (callback / interview / offer / declined / no_response / waiting / withdrew). Drives long-tail member value. | ||||
| mcp-connectors | MCP connectors (Linear / Slack / GitHub) | low | logged | Q3 2026 |
| Compounding leverage: bug-in-Slack → automatic Linear issue → patch → push. ~30 min setup once. | ||||
🔵 Post-pilot Q4+ (Sep+ 2026)
| ID | Title | Priority | Status | ETA |
|---|---|---|---|---|
| F213 | Pro / Consultant tier UX + entitlement gating | medium | logged | Q4 2026 |
| Tier-aware UI views, Pro/Consultant upgrade pages, entitlement-check middleware. Schema ready (users.role + paid_grants), UX work needed. | ||||
| voice-mode | Voice mode for Interview Agent | low | logged | TBD evaluate |
| Practice out loud with the agent (ElevenLabs already wired). Defer; let pilot data signal demand. | ||||
| F204 | Email confirmation at signup | medium | deferred | post-pilot |
| Security hardening. Add verification flow before public launch. | ||||
| F205 | Password-reset audit table | low | deferred | post-pilot |
| Debugging quality. Track every password reset request server-side. | ||||
Decisions log
Strategic pivots and architectural calls · with rationale and quote when relevant
Quick Match rebuilt as honest, job-history-aware matching (v2)
June 3-4, 2026Killed substring matching (Go matched MonGOdb, Java matched JavaScript). New /api/match/deep judges the JD's real requirements against what the candidate ACTUALLY DID per role (the bullets) — met/gap + evidence (which role) + recency — and scores RELEVANT (not total) experience + seniority + role/title fit; off-target experience isn't credited. parse-jd owns clean atomic skill extraction; the deep matcher matches verbatim. Headline score is now the weighted blend (skills + experience + location + salary…), so a strong-skills/low-seniority candidate reads honestly in the 60s, not skill-only in the 100s. UI: gap-only, full-width color-coded collapsible category matrix with checkboxes, credentials greyed (can't manufacture a CFA), live header score. The gap→Customize→interview handoff is untouched. Proven on the real SMBC JD + résumé, zero false positives. Docs: QuickMatch-v2-Engine.md, PILOT-Build-2026-06-04.md. Tag pilot-1.0.
"Those buckets don't do justice… we need to go through each job and see what the candidate did… for every job description we need the key words and then go fish them in the resume or fuzzy match them." — and: "match RELEVANT experience, not total. 20 years in the market but only the last 2 jobs were as a developer."
Interview agent made human + multilingual; voice moved to free Edge neural
June 4, 2026The brain emoji is gone; the interviewer is a human photo with a name and a persona by vertical, with a GENDER-MATCHED voice (face and voice are one unit), and a speaking glow while it talks. Gaps drive it: 5 questions per gap → 3 gaps = 15. The whole experience runs in the user's chosen language — set once globally and persisted — across questions (Claude), voice, mic, AND displayed agent prose (QM note, customized bullets, ATS recommendations), via a cached /api/translate + a MutationObserver that auto-localizes any .i18n element. Voice default flipped to FREE Microsoft Edge neural (~100 languages, no key); ElevenLabs is an optional premium toggle; Azure Neural is the cheap supported path at scale. Docs: Interview-Agent-v2.md, Multilingual-Architecture.md.
"The BRAIN has got to go… we need someone more trustworthy… choose a picture and a voice by vertical." — and: "All of these APIs amount to a higher price for me, especially when we go global, which is immediately. Is there a free voice like 11 Labs?"
Interview priced by gap count, server-enforced
June 4, 2026The intended model (1-3 gaps $5, 4-6 $10, 7+ $15) existed in pricing.js but was DEAD CODE — the actual charge was a flat salary-tier price the client sent and Stripe trusted. Fixed: the checkout now derives the amount from getFeaturePrice('interview', gapCount) server-side (correct AND tamper-proof), and the Practice Interview button shows the right tier live as gaps are checked.
ATS rebuilt as a real, honest gate (four-pillar engine)
June 1-2, 2026Killed the "lipstick on the pig" scorecard (fake categories, auto-awarded format points). Rebuilt the ATS as a four-pillar engine — Format, Completeness, Quality, Integrity — calibrated to documented real-world ATS behavior. Added REAL .docx inspection (tables, columns, images, text boxes, header/footer contact, fonts) with a hard-fail cap, the founder's date-gap / recency / "last 10-12 years" Integrity checks, a "see your resume as the ATS reads it" robot view, honest projected scores (no resume is "invincible"), and a not-a-resume upload guard. Pass bar held at 80. Spec: Documentation/Audit/pilot-flows/01-ATS-calibration-2026-06-01.md. Guards: e2e 07/08/09.
"The ATS gate is a credibility deposit, not the product. If we clear a resume that a real employer's ATS rejects, the user never trusts the job-finding engine. We must be the harsher gate." — and: "NO RESUME IS PERFECT... you don't want to soup up the user's head to make him think his resume is invincible."
Local-as-baseline strategic pivot
May 2, 2026Halted all production patching. Adopted: clean local first, fresh prod redeploy from clean baseline. Tag v2.0-baseline at end of Phase 2.5.
"Our local version is the baseline. The server version was somehow contaminated by cousin. Prod is the mere result of a BLOATED local code so it is misbehaving inherently."
Production frozen until v2.0-baseline ships
May 2, 2026No production deploys allowed during architectural cleanup. Tester comms drafted to communicate freeze. Prevents drift between local cleanup and prod state.
Phase 4 (frontend modularization) deferred to post-pilot
May 2, 20268-module decomposition (per Anatomy doc) is the target architecture but will not happen pre-pilot. Phase 1.5 + Phase 2 alone deliver enough cleanup for a clean baseline. Modularization can happen post-launch.
Audit organized by 5 architectural layers, not flat type taxonomy
May 2, 2026Per Day 12 system diagram. Each layer audited independently before crossing boundaries. Better than alphabetical or chronological organization for surfacing structural issues.
Three-document governance system established
May 3, 2026Best Practices Playbook (founder reference) + Agent Briefing Template (paste at session start) + Session Compliance Checklist (end-of-session audit). Together: complete agent-partnership governance with full enforcement via end-of-session ritual.
"It is probably a bit of a maintenance nightmare but worth the investment upfront." — founder articulating the discipline tradeoff
F55 + I12 logged — "user always logged in" mystery diagnosed
May 3, 2026Connected F38 (auth in localStorage) + F50 (5 writes / 1 cleanup) + F51 (PII never cleared) + F54 (logout incomplete) into a single architectural diagnosis: missing session housekeeping pattern. Resolution queued to Phase 2.
Pre-pilot fix sprint — ship pay flow end-to-end
May 9, 2026 (Day 21)Adopted: spend Day 21-22 closing the ATS-compliance flow defects so testers can run a complete journey in production. F74, F124, F192, F193, F197, F198 scoped as one branch (fix/resume-ats-compliance). Locally verified via stripe-cli forwarding before merge to main.
Stripe webhook routing moved from defunct GCF to Railway
May 10, 2026 (Day 22)Production webhook endpoint was still pointed at us-central1-xjobs-app.cloudfunctions.net (disabled). New endpoint added in Stripe dashboard pointing at Railway. STRIPE_WEBHOOK_SECRET env var updated. Old GCF endpoint left disabled (F157 closed).
paid_grants entitlement DB table created in production
May 10, 2026 (Day 22)Production Postgres was missing paid_grants. CREATE TABLE run via Railway's Postgres query interface. db:init script doesn't run on Railway deploys; one-off SQL is acceptable when schema additions are idempotent (CREATE IF NOT EXISTS).
F189-early-wipe is now CONDITIONAL on session health
May 11, 2026 (Day 23)Original F189 wiped localStorage on every page load to close session-bleed. Side effect: legitimate hard-refresh destroyed JWT + activeResume keys, kicking authenticated users to login. Fix: wipe only fires when (a) no token + orphan state, (b) token without user record, (c) corrupt user record. Healthy auth reload preserves everything; server validation via refreshUserProfile is the correct gate.
We need the dashboard to be independent so that the testers and I can see it and track bugs and project updates through it — founder, clarifying scope after a misread routing change
dashboard.xjobsfinder.com kept as project-status URL
May 11, 2026 (Day 23)Custom domain serves Documentation/Dashboard/XJobs-Tester-Preview.html (this page), not app.html. App stays at xjobs-final-production.up.railway.app. Two URLs, two audiences. Tester quickstart references both clearly.
Interview Agent Framework v1.0 — product spec authored
May 11, 2026 (Day 23 PM)Full architectural spec for repositioning Interview Agent from end-of-funnel buried feature to first-class top-level CTA. Covers: three entry points (standalone, post-customization, pre-ATS), conversational Interview Builder (Ava-style 5-7 questions producing framework object), cheatsheet artifact as parallel to customized resume, tracker integration, entitlement model + future Pro/Consultant tiering. Spec deliverable: Interview-Agent-Framework-Spec-v1.0-2026-05-11.docx in repo Documentation/Specs/. Implementation deferred to Q3 (post-pilot). Cross-references findings F209, F210, F211, F212, F213.
$5 transactions are the funnel. The accumulating tracker is why members stay. — Day-23 architectural session, identifying the member-archive thesis
F211 reframed: FIFO rejected, findability + outcome tracking adopted
May 11, 2026 (Day 23 PM)Initial F211 design proposed a 5-resume cap with FIFO auto-archive. Founder use case (100 resumes/year as consultant) revealed this would actively harm the power-user persona. Reframed: NO cap on tracker. Findability via search + filter + sort. Outcome tracking column (F212) on every row. Pre-pilot work: data-model columns must land before May 26 so retroactive data is captured correctly (role_title, outcome, notes, last_accessed_at). UI work post-pilot Q3.
I literally create about 100 resumes per year as an independent consultant — that is one of the BIGGEST pain points as I don't remember when, who and what. — founder identifying himself as the customer voice that overrides the elegant-but-wrong FIFO design
How we work
The discipline behind the build · why every session counts
Why this matters for you
You're testing a product built by one founder partnered with AI. Most people assume that means low quality. We're proving the opposite. Every session is documented. Every decision is captured. Every risk is tracked. When you see a feature change, a tester pause, or a release date — there's a paper trail behind it.
The rhythm
Daily: Each working session ends with a written closeout. State of the project, decisions made, what's next. No mental TODO lists.
Weekly: Strategic review. Phase progress assessed. Risks updated. Tester feedback integrated.
Per release: Tagged baseline. Tested smoke paths. Then deployed. Never the other way around.
What this looks like in practice
When you report a bug, it gets logged with an ID, a severity, and a phase target. You can see when it'll be addressed. When we pause testing, you know why and when it resumes. When the pilot launches May 26, it'll be against a baseline we've audited end-to-end — not a hopeful guess.
Document library
Strategic and project documents · evidence of the work
Pilot build — Quick Match v2 + Interview + Multilingual
- Pilot Build Log (master)Jun 4
- Quick Match v2 — Engine, Gap Matrix, Scoring & PricingJun 4
- Interview Agent v2 — Human, Persona-Matched, MultilingualJun 4
- Multilingual Architecture + Voice ProvidersJun 4
Strategy + planning
- App Development Best Practices Playbookv1.0
- Agent Briefing Templatev1.0
- Session Compliance Checklistv1.0
- Local-Baseline Reset (the pivot)May 2
- Anatomy + Lean-Down PlanApr 29
- Refactoring Plan v2May 2
- Phase 2 Execution Planv1
- Roadmap Enhancementsv1.2
Daily close-outs
- Day 10 Close-OutApr 30
- Day 11 Close-Out Part IIApr 30
- Day 12 Close-Out + EveningMay 1
- Day 13 Close-Out + PM MasterMay 2
- Day 14 Close-OutMay 3
- Day 15 + 15 PM Close-OutsMay 4
- Day 16 PM MasterMay 5
- Day 18 Master + AddendumMay 6
- Day 19 MasterMay 7
- Day 21 HandoffMay 9
- Day 22 Production ValidationMay 10
- Day 23 Dashboard RefreshMay 11
Product specifications
- ⬇ ATS Business Requirements + Traceability Matrix (BR→FR→TC→code) · DOCXv1.0 · Jun 2
- ⬇ Flow D ATS Test Script (v3.0 · 16 steps · four-pillar) · DOCXJun 2
- ATS Calibration Audit (four-pillar engine + real .docx inspection)v1 · Jun 2
- ATS Flow Audit + RequirementsMay 31
- Pilot-Readiness Audit (consolidated)May 31
- Interview Agent Framework Specv1.0 · May 11
Tester materials
- Pilot Test Tester Quickstart (FINAL V2)May 10
- TestExec Audit (Jorge)May 9
- Regression Matrix (xlsx)May 9
Reports
- Sprint Report (April 27)Apr 27
- Email Infrastructure Setup RecordMay 1
- Stripe Webhook Re-routing RecordMay 10
- F194 Session Preservation SurgeryMay 11
- F208 Quick Match Null-Resume FixMay 11
This dashboard
- Tester preview (this page)v1.3
- Last refreshedMay 11
- Refresh cadenceper session
Operations - Founder Reference
Hidden by default. Bookmark this URL with #operations on the end.
Quick reference - the things you forget
Daily open ritual (5 min)
Daily close ritual (15-25 min target)
Situational - what to do when things look wrong
| Symptom | What to do |
|---|---|
| "User logged in" in fresh incognito | F177/F182 family - should be closed by F186. Run env-status, hard-refresh, check console for [housekeeping] line. |
| Match scores all 50% / 0/N | F183 regression. Check console for [F183] resume hydrated (both scopes). If missing, /api/resume/current is failing. |
| Connect Gmail shows sign-in form | F181 regression. Check /gmail/authorize route in api.js still has JWT verification. |
| env-status.sh shows DRIFT (production) | Railway deploy may have failed. Wait 2 min, re-run. If persists, check Railway logs. |
| env-status.sh shows DRIFT (local vs origin) | You forgot to push, OR you pulled changes you don't have. git status + git log --oneline -5 tells the truth. |
| "This used to work" report | F180 foot-cannon. First check: URL bar - localhost or file://? File:// = stale Downloads copy. NOT a real bug. |
| Local server EADDRINUSE port 4000 | Another node process running. lsof -ti :4000 | xargs kill -9 |
| Production looks broken | 1) env-status to confirm what's deployed. 2) If genuinely broken: git revert <bad-commit> && git push. |
The 4 canonical documents
| Document | When to update | Use it for |
|---|---|---|
| AGENT-ONBOARDING.md | Only when patterns change | The contract every agent reads. 19 sections. |
| HANDOFF.md | Every session close | CURRENT STATE block + append-only session log. |
| phase1audit.md | When findings change | The truth about every bug. Append-only. |
| SPRINT.md | End of every working day | Day-by-day plan. Replaces old DAY-N-MASTER pattern. |
Quick commands - copy-pasteable
| Need | Command |
|---|---|
| Check env sync | bash ~/xjobs-final/scripts/env-status.sh |
| What's the current production SHA | curl -s https://xjobs-final-production.up.railway.app/api/version | python3 -m json.tool |
| What's my local HEAD | cd ~/xjobs-final && git log --oneline -1 |
| Recent commits | git log --oneline -10 |
| Working tree status | git status |
| Start local server | cd ~/xjobs-final && node server/index.js |
| Kill stuck server on port 4000 | lsof -ti :4000 | xargs kill -9 |
| Find a finding in the audit | grep -n "F183" ~/xjobs-final/Documentation/Audit/phase1audit.md |
Canonical documents - one-click access
Click any document to open it in a new tab. Use Cmd+A then Cmd+C to copy the entire contents, then paste into a new agent chat as needed.
| Document | Use it for | Open |
|---|---|---|
| AGENT-ONBOARDING.md | The contract every new agent reads first. Paste into chat at session start. | Open in tab |
| HANDOFF.md | Current state + per-session log. Paste into chat at session start, after onboarding. | Open in tab |
| SPRINT.md | Day-by-day plan from Day 20 to pilot. Day cards show what is planned. | Open in tab |
| phase1audit.md | 1758 lines of finding history. Reference when investigating known bugs. | Open in tab |
Tip: to start a new agent session quickly, open AGENT-ONBOARDING.md and HANDOFF.md, copy each into the new chat in that order. The agent now has full context.
Recent close-outs - last 5 in Documentation/Weekly/
Auto-populated from the repo. Most recently modified files first. Older files stay in the repo as archive but stop appearing here once newer ones are added.
| Filename | Modified | Open |
|---|---|---|
| Loading... | ||
"Slowly but surely beats the race."