Migrate billing from Paddle to Lemon Squeezy

docs/testing/e2e.md

@@ -7,7 +7,7 @@ This document tracks the UI/E2E automation efforts. The suites now live under `t
 - `npm install`
 - Laravel app running at `http://localhost:8000`
 - Seeded tenant admin account (see below)
-- Paddle sandbox credentials/config applied to the local `.env`
+- Lemon Squeezy sandbox credentials/config applied to the local `.env`
 
 ## Deterministic Data
 
@@ -42,7 +42,7 @@ The backend exposes `/api/_testing/...` endpoints (local/testing env only):
 | `GET /api/_testing/mailbox` | Returns every captured email (see `App\Testing\Mailbox`). |
 | `DELETE /api/_testing/mailbox` | Flushes the captured emails. |
 | `GET /api/_testing/checkout/sessions/latest` | Fetches the newest checkout session for a given email/tenant filter. |
-| `POST /api/_testing/checkout/sessions/{session}/simulate-paddle` | Triggers the Paddle webhook handler for the given session with a mock payload. |
+| `POST /api/_testing/checkout/sessions/{session}/simulate-lemonsqueezy` | Triggers the Lemon Squeezy webhook handler for the given session with a mock payload. |
 | `GET /api/_testing/events/join-token` | Resolves (and optionally regenerates) a join token + QR for a given event ID or slug. |
 | `POST /api/_testing/guest-events` | Provisions a deterministic guest/tenant event with sample tasks and returns its slug + join token. |
 
@@ -64,7 +64,7 @@ This section provides a staged, repeatable checklist for dynamic security review
 ### Environment Assumptions (Required)
 - **Run in staging/test only** — never against production data.
 - **Dedicated test tenants/users** — use seeded accounts (see above) and avoid real customer data.
-- **Sandbox billing** — Paddle sandbox and mock webhook endpoints only.
+- **Sandbox billing** — Lemon Squeezy sandbox and mock webhook endpoints only.
 - **Testing token enabled** — set `E2E_TESTING_TOKEN` and ensure the backend accepts it for `/api/_testing/*`.
 - **Stable base URL** — set `E2E_BASE_URL` to the target environment (`http://localhost:8000` or staging).
 - **Email sink** — use `/api/_testing/mailbox` instead of real email delivery.
@@ -95,7 +95,7 @@ This section provides a staged, repeatable checklist for dynamic security review
 ### Checklist: Webhooks/Billing (Dynamic)
 1) **Signature validation**: invalid signature is rejected (401/403) and logged.
 2) **Freshness**: stale timestamps are rejected; replayed webhook payloads are idempotent.
-3) **Paddle sandbox flow**: use `/api/_testing/checkout/sessions/{session}/simulate-paddle` to simulate success/failure; verify ledger updates.
+3) **Lemon Squeezy sandbox flow**: use `/api/_testing/checkout/sessions/{session}/simulate-lemonsqueezy` to simulate success/failure; verify ledger updates.
 4) **Webhook retries**: transient failures produce retry‑safe behavior (no duplicate ledger entries).
 5) **Error handling**: malformed payload returns 4xx (not 500), with minimal error detail.
 
@@ -103,9 +103,9 @@ This section provides a staged, repeatable checklist for dynamic security review
 
 | Suite | Location | Primary Coverage |
 | --- | --- | --- |
-| Purchase | `tests/ui/purchase` | Marketing site package selection, checkout flow, coupon handling, Paddle sandbox hand-off, post-purchase dashboard verification. |
+| Purchase | `tests/ui/purchase` | Marketing site package selection, checkout flow, coupon handling, Lemon Squeezy sandbox hand-off, post-purchase dashboard verification. |
 | Auth | `tests/ui/auth` | Registration/login fuzzing, password reset, Social/OAuth hooks, email delivery assertions, throttling/error UX. |
-| Admin | `tests/ui/admin` | Tenant onboarding wizard, dashboard widgets, event creation (incl. wedding preset), task assignment, join-token + QR verification, Paddle billing history. |
+| Admin | `tests/ui/admin` | Tenant onboarding wizard, dashboard widgets, event creation (incl. wedding preset), task assignment, join-token + QR verification, Lemon Squeezy billing history. |
 | Guest | `tests/ui/guest` | Guest PWA onboarding, join-token entry, offline sync, uploads/likes/tasks for ≥15 guests, achievement + notification UX. |
 
 Each suite should be executable independently to keep CI fast and to allow targeted debugging.
@@ -123,7 +123,7 @@ Traces are recorded on first retry (`playwright.config.ts`); open via `npx playw
 
 1. **Purchase suite**
    - Seed coupons via helper.
-   - Cover `/de/packages` Standard selection, coupon states (valid/invalid/expired), Paddle inline + hosted checkout using sandbox card `4000 0566 5566 5557 / CVV 100`.
+   - Cover `/de/packages` Standard selection, coupon states (valid/invalid/expired), Lemon Squeezy inline + hosted checkout using sandbox card `4000 0566 5566 5557 / CVV 100`.
    - Simulate webhook success (helper endpoint TBD) so dashboard reflects the purchase.
    - Assert confirmation emails captured via mailbox API.
 
@@ -135,7 +135,7 @@ Traces are recorded on first retry (`playwright.config.ts`); open via `npx playw
 3. **Admin suite**
    - After purchase, log into `/event-admin`, confirm latest package appears, create a wedding event, assign predefined tasks, fetch join token + QR (helper should expose raw token/URL).
    - Cover task management UX (assign, reorder, complete).
-   - Verify billing history shows the recent Paddle transaction.
+   - Verify billing history shows the recent Lemon Squeezy transaction.
 
 4. **Guest suite**
    - Use join token from Admin suite (or seed via helper) to onboard 15 simulated guests in parallel contexts.
@@ -143,7 +143,7 @@ Traces are recorded on first retry (`playwright.config.ts`); open via `npx playw
    - Validate guest-facing error states (expired token, upload failure, network loss).
 
 5. **Shared helpers (backend + Playwright)**
-   - Webhook trigger endpoint for Paddle sandbox.
+   - Webhook trigger endpoint for Lemon Squeezy sandbox.
    - Join token + QR extraction endpoint for tests.
    - Task template seeding helper.
    - Optional guest factory endpoint to mint attendees quickly.