Payments
Payment Launch Pack
The paid-launch checklist for price, hosted AI cap, Stripe product and Price, Customer Portal, webhooks, billing backend, secret store, test rehearsal, and live checkout no-go rules.
Payment Pack Controls
Open payment CSVRun npm run payment:launch-pack after changing price, hosted AI cap, support, domain, billing backend, Stripe setup, Customer Portal, webhook, or secret-store state.
Safe Command Sequence
| Phase | Owner | Command | Purpose | No-Go Rule |
|---|---|---|---|---|
| 2. Offer And Price | Codex | npm run pricing:model && npm run test:pricing-model |
Refresh pricing, Stripe fee estimate, provider reserve, and hosted AI cap before the user approves the SKU. | Do not create a Stripe Price until the user-approved monthly price and hosted AI cap are saved. |
| 3. Stripe Product And Price | Codex | npm run billing:stripe-plan |
Preview the Stripe product, price readiness, Customer Portal dependency, and dashboard fields without requiring STRIPE_SECRET_KEY or creating Stripe resources. | Planning output only. Never paste Stripe secret keys, webhook secrets, or live credentials into dashboard fields, generated files, screenshots, or chat. |
| 3. Stripe Product And Price | Codex | npm run billing:stripe-plan -- --price-cents 2500 --support-email nyrasupport@gmail.com --name "NyrA Swarm Little Buddy Pro" |
Preview the exact Stripe product/price payload from the command center values without creating live Stripe resources. | Plan only until the price, support email, product name, and Customer Portal setup path are approved. |
| 3. Stripe Product And Price | User + Codex | npm run billing:stripe-setup -- --price-cents 2500 --support-email nyrasupport@gmail.com --name "NyrA Swarm Little Buddy Pro" --execute |
Create or reuse the Stripe product and monthly Price in test mode after STRIPE_SECRET_KEY is set in a temporary shell. | Use a test key first. Live Stripe creation waits for legal, support, tax, domain, and launch approvals. |
| 7. Secret Store And Rehearsal | User + Codex | npm run secret:pack |
Use the Secret Store Setup Pack for Stripe, webhook, billing URL, license, and entitlement secret placement. | Do not copy raw secret values into generated docs, command-center state, or chat. |
| 5. Billing Backend | Codex | npm run cloud:billing:check && npm run test:cloud-billing-worker |
Verify billing Worker routes, D1 schema, webhook signature handling, portal route, checkout route, and license status route. | Do not connect checkout to public launch until billing Worker/backend checks and hosted rehearsal pass. |
| 5. Billing Backend | Codex | npm run cloud:billing:config:sync && npm run test:cloud-billing-config-sync |
Apply non-secret Cloud Billing dashboard handoffs to the production billing Worker config. | This step must not write Stripe keys, webhook secrets, license secrets, Customer Portal secrets, or customer data to repo files. |
| 7. Secret Store And Rehearsal | User + Codex | npm run billing:live-preflight -- --mode test --allow-blocked |
Show remaining test-mode payment blockers without failing the whole dashboard build. | Do not proceed to hosted checkout rehearsal until blockers are understood and intentionally accepted for test mode. |
| 7. Secret Store And Rehearsal | User + Codex | npm run billing:live-rehearsal -- --mode test |
After backend deployment, verify hosted /health and optionally create a Stripe test Checkout Session. | Create a test Checkout Session only when NYRA_BILLING_REHEARSAL_EXECUTE=true is set intentionally for that run. |
| 8. Live Payment Gate | User + Codex | npm run billing:live-preflight -- --mode live |
Final guarded live-mode check before any public paid checkout path is enabled. | Live mode also requires NYRA_ALLOW_LIVE_BILLING_REHEARSAL=true immediately before the run and all paid-beta gates closed. |
Payment Launch Actions
| Phase | Priority | Owner | Status | Action | What To Do | Page | Field | Verify |
|---|---|---|---|---|---|---|---|---|
| 1. Legal And Stripe Identity | P0 | User | Waiting on user | Attorney/accountant review approved for paid beta | Mark attorney/accountant review approved only after paid-beta policies, tax, refund, privacy, and support language are cleared. | pages/billing-rehearsal.html | billingRehearsal.attorneyReviewStatus | npm run test:policy-readiness && npm run billing:live-preflight -- --mode test --allow-blocked |
| 8. Live Payment Gate | P0 | User + Codex | User + Codex gated | Billing rehearsal mode set to live for final money preflight | Keep rehearsal mode in test until test checkout, portal, webhook, support, legal, domain, secrets, and release gates pass. | pages/billing-rehearsal.html | billingRehearsal.mode | npm run billing:live-preflight -- --mode live |
| 5. Billing Backend | P0 | User | Waiting on user | Hosted billing backend HTTPS URL saved | Deploy the billing backend or billing Worker, then save its HTTPS base URL. | pages/billing-rehearsal.html | billingRehearsal.backendBaseUrl | npm run cloud:billing:check && npm run test:cloud-billing-worker |
| 4. Customer Portal And Webhooks | P0 | User | Waiting on user | Stripe webhook HTTPS endpoint saved | Create the Stripe webhook endpoint after the billing Worker/backend URL exists, select required subscription events, and save the endpoint URL. | pages/billing-rehearsal.html | billingRehearsal.webhookEndpointUrl | npm run billing:live-preflight -- --mode test --allow-blocked |
| 4. Customer Portal And Webhooks | P0 | User | Waiting on user | Customer Portal configured for cancellation, invoices, and payment methods | Configure Customer Portal cancellation, invoice history, and payment method updates, then mark the dashboard yes after a test portal roundtrip. | pages/billing-rehearsal.html | billingRehearsal.customerPortalConfigured | npm run billing:live-preflight -- --mode test --allow-blocked |
| 9. Other Payment Handoff | P0 | User | Secret store | Deployment env has live Stripe secret key beginning with sk_live_ | Set STRIPE_SECRET_KEY in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard. | pages/billing-rehearsal.html | deployment secret store: STRIPE_SECRET_KEY | npm run billing:live-preflight -- --mode test --allow-blocked |
| 9. Other Payment Handoff | P0 | User | Secret store | Deployment env has Stripe webhook signing secret beginning with whsec_ | Set STRIPE_WEBHOOK_SECRET in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard. | pages/billing-rehearsal.html | deployment secret store: STRIPE_WEBHOOK_SECRET | npm run billing:live-preflight -- --mode test --allow-blocked |
| 3. Stripe Product And Price | P0 | User | Secret store | Deployment env has Stripe monthly Price ID beginning with price_ | Create the Stripe monthly Price after the approved price exists, then set NYRA_STRIPE_PRICE_PRO_MONTHLY in the billing Worker secret store. | pages/billing-rehearsal.html | deployment secret store: NYRA_STRIPE_PRICE_PRO_MONTHLY | npm run billing:stripe-setup -- --price-cents <MONTHLY_PRICE_CENTS> --execute |
| 9. Other Payment Handoff | P0 | User | Secret store | Deployment env has HTTPS checkout success URL | Set NYRA_BILLING_SUCCESS_URL in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard. | pages/billing-rehearsal.html | deployment secret store: NYRA_BILLING_SUCCESS_URL | npm run billing:live-preflight -- --mode test --allow-blocked |
| 9. Other Payment Handoff | P0 | User | Secret store | Deployment env has HTTPS checkout cancel URL | Set NYRA_BILLING_CANCEL_URL in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard. | pages/billing-rehearsal.html | deployment secret store: NYRA_BILLING_CANCEL_URL | npm run billing:live-preflight -- --mode test --allow-blocked |
| 9. Other Payment Handoff | P0 | User | Secret store | Deployment env has HTTPS Customer Portal return URL | Set NYRA_BILLING_RETURN_URL in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard. | pages/billing-rehearsal.html | deployment secret store: NYRA_BILLING_RETURN_URL | npm run billing:live-preflight -- --mode test --allow-blocked |
| 9. Other Payment Handoff | P0 | User | Secret store | Deployment env has long random license API token | Set NYRA_LICENSE_API_TOKEN in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard. | pages/billing-rehearsal.html | deployment secret store: NYRA_LICENSE_API_TOKEN | npm run billing:live-preflight -- --mode test --allow-blocked |
| 9. Other Payment Handoff | P0 | User | Secret store | Deployment env has long random license signing secret | Set NYRA_LICENSE_SIGNING_SECRET in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard. | pages/billing-rehearsal.html | deployment secret store: NYRA_LICENSE_SIGNING_SECRET | npm run billing:live-preflight -- --mode test --allow-blocked |
| 6. Support And Domain | P0 | User | Waiting on user | Support inbox roundtrip confirmed | Create or confirm the support inbox, send a test ticket, reply, and mark the roundtrip confirmed. | pages/billing-rehearsal.html | billingRehearsal.supportInboxConfirmed | npm run test:support-readiness |
| 7. Secret Store And Rehearsal | P0 | User | Secret missing | STRIPE_SECRET_KEY | Cloudflare billing Worker secret and temporary billing rehearsal shell; verify with npm run billing:live-preflight -- --mode test --allow-blocked. | pages/billing-rehearsal.html | deployment secret store: STRIPE_SECRET_KEY | npm run billing:live-preflight -- --mode test --allow-blocked |
| 7. Secret Store And Rehearsal | P0 | User | Secret missing | STRIPE_WEBHOOK_SECRET | Cloudflare billing Worker secret and temporary billing rehearsal shell; verify with npm run billing:live-preflight -- --mode test --allow-blocked. | pages/billing-rehearsal.html | deployment secret store: STRIPE_WEBHOOK_SECRET | npm run billing:live-preflight -- --mode test --allow-blocked |
| 3. Stripe Product And Price | P0 | User | Secret missing | NYRA_STRIPE_PRICE_PRO_MONTHLY | Cloudflare billing Worker secret and temporary billing rehearsal shell; verify with npm run billing:live-preflight -- --mode test --allow-blocked. | pages/billing-rehearsal.html | deployment secret store: NYRA_STRIPE_PRICE_PRO_MONTHLY | npm run billing:live-preflight -- --mode test --allow-blocked |
| 6. Support And Domain | P0 | User | Secret missing | NYRA_BILLING_SUCCESS_URL | Cloudflare billing Worker secret or hosted backend environment variable; verify with npm run billing:live-preflight -- --mode test --allow-blocked. | pages/billing-rehearsal.html | deployment secret store: NYRA_BILLING_SUCCESS_URL | npm run billing:live-preflight -- --mode test --allow-blocked |
| 6. Support And Domain | P0 | User | Secret missing | NYRA_BILLING_CANCEL_URL | Cloudflare billing Worker secret or hosted backend environment variable; verify with npm run billing:live-preflight -- --mode test --allow-blocked. | pages/billing-rehearsal.html | deployment secret store: NYRA_BILLING_CANCEL_URL | npm run billing:live-preflight -- --mode test --allow-blocked |
| 6. Support And Domain | P0 | User | Secret missing | NYRA_BILLING_RETURN_URL | Cloudflare billing Worker secret or hosted backend environment variable; verify with npm run billing:live-preflight -- --mode test --allow-blocked. | pages/billing-rehearsal.html | deployment secret store: NYRA_BILLING_RETURN_URL | npm run billing:live-preflight -- --mode test --allow-blocked |
| 7. Secret Store And Rehearsal | P0 | User | Secret missing | NYRA_LICENSE_API_TOKEN | Cloudflare billing Worker secret and desktop activation configuration; verify with npm run cloud:billing:check && npm run test:cloud-billing-worker. | pages/billing-rehearsal.html | deployment secret store: NYRA_LICENSE_API_TOKEN | npm run cloud:billing:check && npm run test:cloud-billing-worker |
| 7. Secret Store And Rehearsal | P0 | User | Secret missing | NYRA_LICENSE_SIGNING_SECRET | Cloudflare billing Worker and mobile bridge Worker secret; verify with npm run cloud:billing:check && npm run test:cloud-billing-worker && npm run cloud:mobile-bridge:check. | pages/billing-rehearsal.html | deployment secret store: NYRA_LICENSE_SIGNING_SECRET | npm run cloud:billing:check && npm run test:cloud-billing-worker && npm run cloud:mobile-bridge:check |
Required Webhook Events
| Event | Status |
|---|---|
checkout.session.completed | Required |
invoice.paid | Required |
invoice.payment_failed | Required |
customer.subscription.updated | Required |
customer.subscription.deleted | Required |
Live Payment Rule
Keep checkout disabled until business/legal identity, support inbox roundtrip, public domain, policy/legal review, Customer Portal, webhook endpoint, backend URL, secret store, test-mode checkout, entitlement activation, release trust, and deployability preflight are all green.
Never store raw Stripe, webhook, license, or command-center secrets in repo files, dashboard state, Markdown, CSV, screenshots, or chat.
Agent Run Log
Each manual intake or scheduled cloud marker becomes a visible build handoff. Use this to confirm the dashboard was read and routed.
No intake runs loaded yet.
Payment Launch Pack JSON
{
"schemaVersion": 1,
"generatedAt": "2026-06-17T22:59:03.770Z",
"status": "PAYMENT_LAUNCH_WAITING_ON_HANDOFFS",
"label": "Payment Launch Waiting On Handoffs",
"offer": {
"productName": "NyrA Swarm Little Buddy Pro",
"supportEmail": "nyrasupport@gmail.com",
"monthlyPriceCents": "2500",
"modeledMonthlyPriceCents": 2500,
"priceStatus": "Approved value saved",
"hostedAiCap": "300 hosted AI messages/month until measured usage proves more headroom",
"hostedAiCapStatus": "Approved cap saved",
"trialPolicy": "No trial for first paid launch",
"trialPolicyStatus": "Saved",
"byokTiming": "BYOK later, not first paid launch",
"byokTimingStatus": "Saved"
},
"billingRehearsal": {
"label": "Blocked until monthly price, hosted AI cap, support ticket roundtrip, domain/backend URL, business identity, Customer Portal, attorney/accountant review, and deployment secrets are ready",
"mode": "test",
"backendBaseUrl": "",
"webhookEndpointUrl": "",
"customerPortalConfigured": "No",
"supportInboxConfirmed": "No"
},
"cloudBilling": {
"label": "Cloudflare Worker + D1 billing backend scaffold implemented locally; live deployment remains blocked on Cloudflare account, D1 database ID, billing domain, Stripe secrets, price, Customer Portal, support, and legal review",
"workerUrl": "",
"d1DatabaseId": "",
"secretStatus": "Not configured"
},
"releaseCandidate": {
"status": "INTERNAL_ALPHA_ONLY",
"label": "Internal Alpha Only",
"paidBetaAllowed": false
},
"requiredWebhookEvents": [
"checkout.session.completed",
"invoice.paid",
"invoice.payment_failed",
"customer.subscription.updated",
"customer.subscription.deleted"
],
"recommendedWebhookEvents": [
"entitlements.active_entitlement_summary.updated"
],
"actions": [
{
"id": "legal-review",
"source": "deployability-blockers",
"phase": "1. Legal And Stripe Identity",
"priority": "P0",
"owner": "User",
"status": "Waiting on user",
"label": "Attorney/accountant review approved for paid beta",
"detail": "attorneyReviewStatus=Not approved",
"action": "Mark attorney/accountant review approved only after paid-beta policies, tax, refund, privacy, and support language are cleared.",
"evidenceNeeded": "Save billingRehearsal.attorneyReviewStatus and upload evidence to legal-review when available.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "billingRehearsal.attorneyReviewStatus",
"uploadSlot": "legal-review",
"verificationCommand": "npm run test:policy-readiness && npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Do not mark this ready until the saved dashboard state or uploaded evidence proves it."
},
{
"id": "billing-live-mode",
"source": "deployability-blockers",
"phase": "8. Live Payment Gate",
"priority": "P0",
"owner": "User + Codex",
"status": "User + Codex gated",
"label": "Billing rehearsal mode set to live for final money preflight",
"detail": "billingRehearsal.mode=test",
"action": "Keep rehearsal mode in test until test checkout, portal, webhook, support, legal, domain, secrets, and release gates pass.",
"evidenceNeeded": "Save billingRehearsal.mode and upload evidence to stripe-screenshots when available.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "billingRehearsal.mode",
"uploadSlot": "stripe-screenshots",
"verificationCommand": "npm run billing:live-preflight -- --mode live",
"noGoRule": "Do not mark this ready until the saved dashboard state or uploaded evidence proves it."
},
{
"id": "billing-backend-url",
"source": "deployability-blockers",
"phase": "5. Billing Backend",
"priority": "P0",
"owner": "User",
"status": "Waiting on user",
"label": "Hosted billing backend HTTPS URL saved",
"detail": "backendBaseUrl=blank",
"action": "Deploy the billing backend or billing Worker, then save its HTTPS base URL.",
"evidenceNeeded": "Save billingRehearsal.backendBaseUrl and upload evidence to cloud-handoff when available.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "billingRehearsal.backendBaseUrl",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run cloud:billing:check && npm run test:cloud-billing-worker",
"noGoRule": "Do not mark this ready until the saved dashboard state or uploaded evidence proves it."
},
{
"id": "billing-webhook-url",
"source": "deployability-blockers",
"phase": "4. Customer Portal And Webhooks",
"priority": "P0",
"owner": "User",
"status": "Waiting on user",
"label": "Stripe webhook HTTPS endpoint saved",
"detail": "webhookEndpointUrl=blank",
"action": "Create the Stripe webhook endpoint after the billing Worker/backend URL exists, select required subscription events, and save the endpoint URL.",
"evidenceNeeded": "Save billingRehearsal.webhookEndpointUrl and upload evidence to stripe-screenshots when available.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "billingRehearsal.webhookEndpointUrl",
"uploadSlot": "stripe-screenshots",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Do not mark this ready until the saved dashboard state or uploaded evidence proves it."
},
{
"id": "customer-portal",
"source": "deployability-blockers",
"phase": "4. Customer Portal And Webhooks",
"priority": "P0",
"owner": "User",
"status": "Waiting on user",
"label": "Customer Portal configured for cancellation, invoices, and payment methods",
"detail": "customerPortalConfigured=No",
"action": "Configure Customer Portal cancellation, invoice history, and payment method updates, then mark the dashboard yes after a test portal roundtrip.",
"evidenceNeeded": "Save billingRehearsal.customerPortalConfigured and upload evidence to stripe-screenshots when available.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "billingRehearsal.customerPortalConfigured",
"uploadSlot": "stripe-screenshots",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Do not mark this ready until the saved dashboard state or uploaded evidence proves it."
},
{
"id": "env-stripe_secret_key",
"source": "deployability-blockers",
"phase": "9. Other Payment Handoff",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has live Stripe secret key beginning with sk_live_",
"detail": "STRIPE_SECRET_KEY=missing",
"action": "Set STRIPE_SECRET_KEY in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: STRIPE_SECRET_KEY",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "env-stripe_webhook_secret",
"source": "deployability-blockers",
"phase": "9. Other Payment Handoff",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has Stripe webhook signing secret beginning with whsec_",
"detail": "STRIPE_WEBHOOK_SECRET=missing",
"action": "Set STRIPE_WEBHOOK_SECRET in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: STRIPE_WEBHOOK_SECRET",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "env-nyra_stripe_price_pro_monthly",
"source": "deployability-blockers",
"phase": "3. Stripe Product And Price",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has Stripe monthly Price ID beginning with price_",
"detail": "NYRA_STRIPE_PRICE_PRO_MONTHLY=missing",
"action": "Create the Stripe monthly Price after the approved price exists, then set NYRA_STRIPE_PRICE_PRO_MONTHLY in the billing Worker secret store.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_STRIPE_PRICE_PRO_MONTHLY",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:stripe-setup -- --price-cents <MONTHLY_PRICE_CENTS> --execute",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "env-nyra_billing_success_url",
"source": "deployability-blockers",
"phase": "9. Other Payment Handoff",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has HTTPS checkout success URL",
"detail": "NYRA_BILLING_SUCCESS_URL=missing",
"action": "Set NYRA_BILLING_SUCCESS_URL in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_BILLING_SUCCESS_URL",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "env-nyra_billing_cancel_url",
"source": "deployability-blockers",
"phase": "9. Other Payment Handoff",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has HTTPS checkout cancel URL",
"detail": "NYRA_BILLING_CANCEL_URL=missing",
"action": "Set NYRA_BILLING_CANCEL_URL in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_BILLING_CANCEL_URL",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "env-nyra_billing_return_url",
"source": "deployability-blockers",
"phase": "9. Other Payment Handoff",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has HTTPS Customer Portal return URL",
"detail": "NYRA_BILLING_RETURN_URL=missing",
"action": "Set NYRA_BILLING_RETURN_URL in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_BILLING_RETURN_URL",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "env-nyra_license_api_token",
"source": "deployability-blockers",
"phase": "9. Other Payment Handoff",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has long random license API token",
"detail": "NYRA_LICENSE_API_TOKEN=missing",
"action": "Set NYRA_LICENSE_API_TOKEN in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_LICENSE_API_TOKEN",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "env-nyra_license_signing_secret",
"source": "deployability-blockers",
"phase": "9. Other Payment Handoff",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has long random license signing secret",
"detail": "NYRA_LICENSE_SIGNING_SECRET=missing",
"action": "Set NYRA_LICENSE_SIGNING_SECRET in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_LICENSE_SIGNING_SECRET",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "support-roundtrip",
"source": "deployability-blockers",
"phase": "6. Support And Domain",
"priority": "P0",
"owner": "User",
"status": "Waiting on user",
"label": "Support inbox roundtrip confirmed",
"detail": "supportInboxConfirmed=No",
"action": "Create or confirm the support inbox, send a test ticket, reply, and mark the roundtrip confirmed.",
"evidenceNeeded": "Save billingRehearsal.supportInboxConfirmed and upload evidence to domain-email when available.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "billingRehearsal.supportInboxConfirmed",
"uploadSlot": "domain-email",
"verificationCommand": "npm run test:support-readiness",
"noGoRule": "Do not mark this ready until the saved dashboard state or uploaded evidence proves it."
},
{
"id": "secret-STRIPE_SECRET_KEY",
"source": "secret-store-pack",
"phase": "7. Secret Store And Rehearsal",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "STRIPE_SECRET_KEY",
"detail": "Stripe Checkout, Customer Portal, subscription lookups, and billing API requests.",
"action": "Cloudflare billing Worker secret and temporary billing rehearsal shell; verify with npm run billing:live-preflight -- --mode test --allow-blocked.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: STRIPE_SECRET_KEY",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
},
{
"id": "secret-STRIPE_WEBHOOK_SECRET",
"source": "secret-store-pack",
"phase": "7. Secret Store And Rehearsal",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "STRIPE_WEBHOOK_SECRET",
"detail": "Stripe webhook signature verification for subscription and entitlement events.",
"action": "Cloudflare billing Worker secret and temporary billing rehearsal shell; verify with npm run billing:live-preflight -- --mode test --allow-blocked.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: STRIPE_WEBHOOK_SECRET",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
},
{
"id": "secret-NYRA_STRIPE_PRICE_PRO_MONTHLY",
"source": "secret-store-pack",
"phase": "3. Stripe Product And Price",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "NYRA_STRIPE_PRICE_PRO_MONTHLY",
"detail": "Checkout Session creation for the monthly Pro subscription price.",
"action": "Cloudflare billing Worker secret and temporary billing rehearsal shell; verify with npm run billing:live-preflight -- --mode test --allow-blocked.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_STRIPE_PRICE_PRO_MONTHLY",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
},
{
"id": "secret-NYRA_BILLING_SUCCESS_URL",
"source": "secret-store-pack",
"phase": "6. Support And Domain",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "NYRA_BILLING_SUCCESS_URL",
"detail": "Checkout success redirect after Stripe payment.",
"action": "Cloudflare billing Worker secret or hosted backend environment variable; verify with npm run billing:live-preflight -- --mode test --allow-blocked.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_BILLING_SUCCESS_URL",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
},
{
"id": "secret-NYRA_BILLING_CANCEL_URL",
"source": "secret-store-pack",
"phase": "6. Support And Domain",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "NYRA_BILLING_CANCEL_URL",
"detail": "Checkout cancellation redirect back to the launch or app flow.",
"action": "Cloudflare billing Worker secret or hosted backend environment variable; verify with npm run billing:live-preflight -- --mode test --allow-blocked.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_BILLING_CANCEL_URL",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
},
{
"id": "secret-NYRA_BILLING_RETURN_URL",
"source": "secret-store-pack",
"phase": "6. Support And Domain",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "NYRA_BILLING_RETURN_URL",
"detail": "Customer Portal return redirect after subscription management.",
"action": "Cloudflare billing Worker secret or hosted backend environment variable; verify with npm run billing:live-preflight -- --mode test --allow-blocked.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_BILLING_RETURN_URL",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
},
{
"id": "secret-NYRA_LICENSE_API_TOKEN",
"source": "secret-store-pack",
"phase": "7. Secret Store And Rehearsal",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "NYRA_LICENSE_API_TOKEN",
"detail": "Private license status API access and customer-safe device activation.",
"action": "Cloudflare billing Worker secret and desktop activation configuration; verify with npm run cloud:billing:check && npm run test:cloud-billing-worker.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_LICENSE_API_TOKEN",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run cloud:billing:check && npm run test:cloud-billing-worker",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
},
{
"id": "secret-NYRA_LICENSE_SIGNING_SECRET",
"source": "secret-store-pack",
"phase": "7. Secret Store And Rehearsal",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "NYRA_LICENSE_SIGNING_SECRET",
"detail": "HMAC signing of device-scoped license access tokens accepted by billing and mobile bridge APIs.",
"action": "Cloudflare billing Worker and mobile bridge Worker secret; verify with npm run cloud:billing:check && npm run test:cloud-billing-worker && npm run cloud:mobile-bridge:check.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_LICENSE_SIGNING_SECRET",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run cloud:billing:check && npm run test:cloud-billing-worker && npm run cloud:mobile-bridge:check",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
}
],
"phases": [
{
"phase": "1. Legal And Stripe Identity",
"actions": [
{
"id": "legal-review",
"source": "deployability-blockers",
"phase": "1. Legal And Stripe Identity",
"priority": "P0",
"owner": "User",
"status": "Waiting on user",
"label": "Attorney/accountant review approved for paid beta",
"detail": "attorneyReviewStatus=Not approved",
"action": "Mark attorney/accountant review approved only after paid-beta policies, tax, refund, privacy, and support language are cleared.",
"evidenceNeeded": "Save billingRehearsal.attorneyReviewStatus and upload evidence to legal-review when available.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "billingRehearsal.attorneyReviewStatus",
"uploadSlot": "legal-review",
"verificationCommand": "npm run test:policy-readiness && npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Do not mark this ready until the saved dashboard state or uploaded evidence proves it."
}
]
},
{
"phase": "8. Live Payment Gate",
"actions": [
{
"id": "billing-live-mode",
"source": "deployability-blockers",
"phase": "8. Live Payment Gate",
"priority": "P0",
"owner": "User + Codex",
"status": "User + Codex gated",
"label": "Billing rehearsal mode set to live for final money preflight",
"detail": "billingRehearsal.mode=test",
"action": "Keep rehearsal mode in test until test checkout, portal, webhook, support, legal, domain, secrets, and release gates pass.",
"evidenceNeeded": "Save billingRehearsal.mode and upload evidence to stripe-screenshots when available.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "billingRehearsal.mode",
"uploadSlot": "stripe-screenshots",
"verificationCommand": "npm run billing:live-preflight -- --mode live",
"noGoRule": "Do not mark this ready until the saved dashboard state or uploaded evidence proves it."
}
]
},
{
"phase": "5. Billing Backend",
"actions": [
{
"id": "billing-backend-url",
"source": "deployability-blockers",
"phase": "5. Billing Backend",
"priority": "P0",
"owner": "User",
"status": "Waiting on user",
"label": "Hosted billing backend HTTPS URL saved",
"detail": "backendBaseUrl=blank",
"action": "Deploy the billing backend or billing Worker, then save its HTTPS base URL.",
"evidenceNeeded": "Save billingRehearsal.backendBaseUrl and upload evidence to cloud-handoff when available.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "billingRehearsal.backendBaseUrl",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run cloud:billing:check && npm run test:cloud-billing-worker",
"noGoRule": "Do not mark this ready until the saved dashboard state or uploaded evidence proves it."
}
]
},
{
"phase": "4. Customer Portal And Webhooks",
"actions": [
{
"id": "billing-webhook-url",
"source": "deployability-blockers",
"phase": "4. Customer Portal And Webhooks",
"priority": "P0",
"owner": "User",
"status": "Waiting on user",
"label": "Stripe webhook HTTPS endpoint saved",
"detail": "webhookEndpointUrl=blank",
"action": "Create the Stripe webhook endpoint after the billing Worker/backend URL exists, select required subscription events, and save the endpoint URL.",
"evidenceNeeded": "Save billingRehearsal.webhookEndpointUrl and upload evidence to stripe-screenshots when available.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "billingRehearsal.webhookEndpointUrl",
"uploadSlot": "stripe-screenshots",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Do not mark this ready until the saved dashboard state or uploaded evidence proves it."
},
{
"id": "customer-portal",
"source": "deployability-blockers",
"phase": "4. Customer Portal And Webhooks",
"priority": "P0",
"owner": "User",
"status": "Waiting on user",
"label": "Customer Portal configured for cancellation, invoices, and payment methods",
"detail": "customerPortalConfigured=No",
"action": "Configure Customer Portal cancellation, invoice history, and payment method updates, then mark the dashboard yes after a test portal roundtrip.",
"evidenceNeeded": "Save billingRehearsal.customerPortalConfigured and upload evidence to stripe-screenshots when available.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "billingRehearsal.customerPortalConfigured",
"uploadSlot": "stripe-screenshots",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Do not mark this ready until the saved dashboard state or uploaded evidence proves it."
}
]
},
{
"phase": "9. Other Payment Handoff",
"actions": [
{
"id": "env-stripe_secret_key",
"source": "deployability-blockers",
"phase": "9. Other Payment Handoff",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has live Stripe secret key beginning with sk_live_",
"detail": "STRIPE_SECRET_KEY=missing",
"action": "Set STRIPE_SECRET_KEY in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: STRIPE_SECRET_KEY",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "env-stripe_webhook_secret",
"source": "deployability-blockers",
"phase": "9. Other Payment Handoff",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has Stripe webhook signing secret beginning with whsec_",
"detail": "STRIPE_WEBHOOK_SECRET=missing",
"action": "Set STRIPE_WEBHOOK_SECRET in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: STRIPE_WEBHOOK_SECRET",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "env-nyra_billing_success_url",
"source": "deployability-blockers",
"phase": "9. Other Payment Handoff",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has HTTPS checkout success URL",
"detail": "NYRA_BILLING_SUCCESS_URL=missing",
"action": "Set NYRA_BILLING_SUCCESS_URL in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_BILLING_SUCCESS_URL",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "env-nyra_billing_cancel_url",
"source": "deployability-blockers",
"phase": "9. Other Payment Handoff",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has HTTPS checkout cancel URL",
"detail": "NYRA_BILLING_CANCEL_URL=missing",
"action": "Set NYRA_BILLING_CANCEL_URL in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_BILLING_CANCEL_URL",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "env-nyra_billing_return_url",
"source": "deployability-blockers",
"phase": "9. Other Payment Handoff",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has HTTPS Customer Portal return URL",
"detail": "NYRA_BILLING_RETURN_URL=missing",
"action": "Set NYRA_BILLING_RETURN_URL in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_BILLING_RETURN_URL",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "env-nyra_license_api_token",
"source": "deployability-blockers",
"phase": "9. Other Payment Handoff",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has long random license API token",
"detail": "NYRA_LICENSE_API_TOKEN=missing",
"action": "Set NYRA_LICENSE_API_TOKEN in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_LICENSE_API_TOKEN",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "env-nyra_license_signing_secret",
"source": "deployability-blockers",
"phase": "9. Other Payment Handoff",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has long random license signing secret",
"detail": "NYRA_LICENSE_SIGNING_SECRET=missing",
"action": "Set NYRA_LICENSE_SIGNING_SECRET in the deployment secret store or a temporary shell. Do not paste secrets into the dashboard.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_LICENSE_SIGNING_SECRET",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
}
]
},
{
"phase": "3. Stripe Product And Price",
"actions": [
{
"id": "env-nyra_stripe_price_pro_monthly",
"source": "deployability-blockers",
"phase": "3. Stripe Product And Price",
"priority": "P0",
"owner": "User",
"status": "Secret store",
"label": "Deployment env has Stripe monthly Price ID beginning with price_",
"detail": "NYRA_STRIPE_PRICE_PRO_MONTHLY=missing",
"action": "Create the Stripe monthly Price after the approved price exists, then set NYRA_STRIPE_PRICE_PRO_MONTHLY in the billing Worker secret store.",
"evidenceNeeded": "Set this value in the deployment secret store or temporary shell only; never paste raw secrets into dashboard files.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_STRIPE_PRICE_PRO_MONTHLY",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:stripe-setup -- --price-cents <MONTHLY_PRICE_CENTS> --execute",
"noGoRule": "Never paste raw Stripe, webhook, license, or billing secrets into dashboard fields, repo files, Markdown, CSV, screenshots, or chat."
},
{
"id": "secret-NYRA_STRIPE_PRICE_PRO_MONTHLY",
"source": "secret-store-pack",
"phase": "3. Stripe Product And Price",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "NYRA_STRIPE_PRICE_PRO_MONTHLY",
"detail": "Checkout Session creation for the monthly Pro subscription price.",
"action": "Cloudflare billing Worker secret and temporary billing rehearsal shell; verify with npm run billing:live-preflight -- --mode test --allow-blocked.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_STRIPE_PRICE_PRO_MONTHLY",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
}
]
},
{
"phase": "6. Support And Domain",
"actions": [
{
"id": "support-roundtrip",
"source": "deployability-blockers",
"phase": "6. Support And Domain",
"priority": "P0",
"owner": "User",
"status": "Waiting on user",
"label": "Support inbox roundtrip confirmed",
"detail": "supportInboxConfirmed=No",
"action": "Create or confirm the support inbox, send a test ticket, reply, and mark the roundtrip confirmed.",
"evidenceNeeded": "Save billingRehearsal.supportInboxConfirmed and upload evidence to domain-email when available.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "billingRehearsal.supportInboxConfirmed",
"uploadSlot": "domain-email",
"verificationCommand": "npm run test:support-readiness",
"noGoRule": "Do not mark this ready until the saved dashboard state or uploaded evidence proves it."
},
{
"id": "secret-NYRA_BILLING_SUCCESS_URL",
"source": "secret-store-pack",
"phase": "6. Support And Domain",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "NYRA_BILLING_SUCCESS_URL",
"detail": "Checkout success redirect after Stripe payment.",
"action": "Cloudflare billing Worker secret or hosted backend environment variable; verify with npm run billing:live-preflight -- --mode test --allow-blocked.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_BILLING_SUCCESS_URL",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
},
{
"id": "secret-NYRA_BILLING_CANCEL_URL",
"source": "secret-store-pack",
"phase": "6. Support And Domain",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "NYRA_BILLING_CANCEL_URL",
"detail": "Checkout cancellation redirect back to the launch or app flow.",
"action": "Cloudflare billing Worker secret or hosted backend environment variable; verify with npm run billing:live-preflight -- --mode test --allow-blocked.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_BILLING_CANCEL_URL",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
},
{
"id": "secret-NYRA_BILLING_RETURN_URL",
"source": "secret-store-pack",
"phase": "6. Support And Domain",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "NYRA_BILLING_RETURN_URL",
"detail": "Customer Portal return redirect after subscription management.",
"action": "Cloudflare billing Worker secret or hosted backend environment variable; verify with npm run billing:live-preflight -- --mode test --allow-blocked.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_BILLING_RETURN_URL",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
}
]
},
{
"phase": "7. Secret Store And Rehearsal",
"actions": [
{
"id": "secret-STRIPE_SECRET_KEY",
"source": "secret-store-pack",
"phase": "7. Secret Store And Rehearsal",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "STRIPE_SECRET_KEY",
"detail": "Stripe Checkout, Customer Portal, subscription lookups, and billing API requests.",
"action": "Cloudflare billing Worker secret and temporary billing rehearsal shell; verify with npm run billing:live-preflight -- --mode test --allow-blocked.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: STRIPE_SECRET_KEY",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
},
{
"id": "secret-STRIPE_WEBHOOK_SECRET",
"source": "secret-store-pack",
"phase": "7. Secret Store And Rehearsal",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "STRIPE_WEBHOOK_SECRET",
"detail": "Stripe webhook signature verification for subscription and entitlement events.",
"action": "Cloudflare billing Worker secret and temporary billing rehearsal shell; verify with npm run billing:live-preflight -- --mode test --allow-blocked.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: STRIPE_WEBHOOK_SECRET",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run billing:live-preflight -- --mode test --allow-blocked",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
},
{
"id": "secret-NYRA_LICENSE_API_TOKEN",
"source": "secret-store-pack",
"phase": "7. Secret Store And Rehearsal",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "NYRA_LICENSE_API_TOKEN",
"detail": "Private license status API access and customer-safe device activation.",
"action": "Cloudflare billing Worker secret and desktop activation configuration; verify with npm run cloud:billing:check && npm run test:cloud-billing-worker.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_LICENSE_API_TOKEN",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run cloud:billing:check && npm run test:cloud-billing-worker",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
},
{
"id": "secret-NYRA_LICENSE_SIGNING_SECRET",
"source": "secret-store-pack",
"phase": "7. Secret Store And Rehearsal",
"priority": "P0",
"owner": "User",
"status": "Secret missing",
"label": "NYRA_LICENSE_SIGNING_SECRET",
"detail": "HMAC signing of device-scoped license access tokens accepted by billing and mobile bridge APIs.",
"action": "Cloudflare billing Worker and mobile bridge Worker secret; verify with npm run cloud:billing:check && npm run test:cloud-billing-worker && npm run cloud:mobile-bridge:check.",
"evidenceNeeded": "Set via Wrangler secret, deployment secret manager, or temporary shell only. Generated docs may show placeholders only.",
"dashboardPage": "pages/billing-rehearsal.html",
"dashboardField": "deployment secret store: NYRA_LICENSE_SIGNING_SECRET",
"uploadSlot": "cloud-handoff",
"verificationCommand": "npm run cloud:billing:check && npm run test:cloud-billing-worker && npm run cloud:mobile-bridge:check",
"noGoRule": "Never paste raw secret values into dashboard fields, Markdown files, CSV files, screenshots, source code, repo state, or chat."
}
]
}
],
"paymentCommands": [
{
"id": "refresh-pricing-model",
"phase": "2. Offer And Price",
"owner": "Codex",
"command": "npm run pricing:model && npm run test:pricing-model",
"purpose": "Refresh pricing, Stripe fee estimate, provider reserve, and hosted AI cap before the user approves the SKU.",
"noGoRule": "Do not create a Stripe Price until the user-approved monthly price and hosted AI cap are saved."
},
{
"id": "stripe-plan-no-secret",
"phase": "3. Stripe Product And Price",
"owner": "Codex",
"command": "npm run billing:stripe-plan",
"purpose": "Preview the Stripe product, price readiness, Customer Portal dependency, and dashboard fields without requiring STRIPE_SECRET_KEY or creating Stripe resources.",
"noGoRule": "Planning output only. Never paste Stripe secret keys, webhook secrets, or live credentials into dashboard fields, generated files, screenshots, or chat."
},
{
"id": "stripe-setup-dry-run",
"phase": "3. Stripe Product And Price",
"owner": "Codex",
"command": "npm run billing:stripe-plan -- --price-cents 2500 --support-email nyrasupport@gmail.com --name \"NyrA Swarm Little Buddy Pro\"",
"purpose": "Preview the exact Stripe product/price payload from the command center values without creating live Stripe resources.",
"noGoRule": "Plan only until the price, support email, product name, and Customer Portal setup path are approved."
},
{
"id": "stripe-setup-test-execute",
"phase": "3. Stripe Product And Price",
"owner": "User + Codex",
"command": "npm run billing:stripe-setup -- --price-cents 2500 --support-email nyrasupport@gmail.com --name \"NyrA Swarm Little Buddy Pro\" --execute",
"purpose": "Create or reuse the Stripe product and monthly Price in test mode after STRIPE_SECRET_KEY is set in a temporary shell.",
"noGoRule": "Use a test key first. Live Stripe creation waits for legal, support, tax, domain, and launch approvals."
},
{
"id": "set-billing-worker-secrets",
"phase": "7. Secret Store And Rehearsal",
"owner": "User + Codex",
"command": "npm run secret:pack",
"purpose": "Use the Secret Store Setup Pack for Stripe, webhook, billing URL, license, and entitlement secret placement.",
"noGoRule": "Do not copy raw secret values into generated docs, command-center state, or chat."
},
{
"id": "verify-billing-worker",
"phase": "5. Billing Backend",
"owner": "Codex",
"command": "npm run cloud:billing:check && npm run test:cloud-billing-worker",
"purpose": "Verify billing Worker routes, D1 schema, webhook signature handling, portal route, checkout route, and license status route.",
"noGoRule": "Do not connect checkout to public launch until billing Worker/backend checks and hosted rehearsal pass."
},
{
"id": "sync-billing-worker-config",
"phase": "5. Billing Backend",
"owner": "Codex",
"command": "npm run cloud:billing:config:sync && npm run test:cloud-billing-config-sync",
"purpose": "Apply non-secret Cloud Billing dashboard handoffs to the production billing Worker config.",
"noGoRule": "This step must not write Stripe keys, webhook secrets, license secrets, Customer Portal secrets, or customer data to repo files."
},
{
"id": "test-mode-preflight",
"phase": "7. Secret Store And Rehearsal",
"owner": "User + Codex",
"command": "npm run billing:live-preflight -- --mode test --allow-blocked",
"purpose": "Show remaining test-mode payment blockers without failing the whole dashboard build.",
"noGoRule": "Do not proceed to hosted checkout rehearsal until blockers are understood and intentionally accepted for test mode."
},
{
"id": "hosted-test-rehearsal",
"phase": "7. Secret Store And Rehearsal",
"owner": "User + Codex",
"command": "npm run billing:live-rehearsal -- --mode test",
"purpose": "After backend deployment, verify hosted /health and optionally create a Stripe test Checkout Session.",
"noGoRule": "Create a test Checkout Session only when NYRA_BILLING_REHEARSAL_EXECUTE=true is set intentionally for that run."
},
{
"id": "live-mode-final-gate",
"phase": "8. Live Payment Gate",
"owner": "User + Codex",
"command": "npm run billing:live-preflight -- --mode live",
"purpose": "Final guarded live-mode check before any public paid checkout path is enabled.",
"noGoRule": "Live mode also requires NYRA_ALLOW_LIVE_BILLING_REHEARSAL=true immediately before the run and all paid-beta gates closed."
}
],
"counts": {
"totalActions": 22,
"userActions": 22,
"secretActions": 16,
"paymentCommands": 10,
"p0Actions": 22
},
"outputs": {
"json": "docs/launch_command_center/payment-launch-pack.json",
"csv": "docs/launch_command_center/payment-launch-pack.csv",
"report": "docs/launch_command_center/PAYMENT_LAUNCH_PACK.md",
"dashboard": "docs/launch_command_center/pages/payment-launch-pack.html"
}
}