- Wired the checkout wizard for Google “comfort login”: added Socialite controller + dependency, new Google env

hooks in config/services.php/.env.example, and updated wizard steps/controllers to store session payloads,
attach packages, and surface localized success/error states.
- Retooled payment handling for both Stripe and PayPal, adding richer status management in CheckoutController/
PayPalController, fallback flows in the wizard’s PaymentStep.tsx, and fresh feature tests for intent
creation, webhooks, and the wizard CTA.
- Introduced a consent-aware Matomo analytics stack: new consent context, cookie-banner UI, useAnalytics/
useCtaExperiment hooks, and MatomoTracker component, then instrumented marketing pages (Home, Packages,
Checkout) with localized copy and experiment tracking.
- Polished package presentation across marketing UIs by centralizing formatting in PresentsPackages, surfacing
localized description tables/placeholders, tuning badges/layouts, and syncing guest/marketing translations.
- Expanded docs & reference material (docs/prp/*, TODOs, public gallery overview) and added a Playwright smoke
test for the hero CTA while reconciling outstanding checklist items.

app/Policies/OAuthClientPolicy.php

@@ -0,0 +1,38 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\OAuthClient;
+use App\Models\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class OAuthClientPolicy
+{
+    use HandlesAuthorization;
+
+    public function viewAny(User $user): bool
+    {
+        return $user->role === 'super_admin';
+    }
+
+    public function view(User $user, OAuthClient $oauthClient): bool
+    {
+        return $user->role === 'super_admin';
+    }
+
+    public function create(User $user): bool
+    {
+        return $user->role === 'super_admin';
+    }
+
+    public function update(User $user, OAuthClient $oauthClient): bool
+    {
+        return $user->role === 'super_admin';
+    }
+
+    public function delete(User $user, OAuthClient $oauthClient): bool
+    {
+        return $user->role === 'super_admin';
+    }
+}
+

app/Policies/PurchaseHistoryPolicy.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\PurchaseHistory;
+use App\Models\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class PurchaseHistoryPolicy
+{
+    use HandlesAuthorization;
+
+    public function viewAny(User $user): bool
+    {
+        return $user->role === 'super_admin';
+    }
+
+    public function view(User $user, PurchaseHistory $purchaseHistory): bool
+    {
+        return $user->role === 'super_admin';
+    }
+}
+

app/Policies/TenantPolicy.php

@@ -0,0 +1,73 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Tenant;
+use App\Models\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class TenantPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        return $user->role === 'super_admin';
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, Tenant $tenant): bool
+    {
+        if ($user->role === 'tenant_admin') {
+            return (int) $user->tenant_id === (int) $tenant->getKey();
+        }
+
+        return false;
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        return $user->role === 'super_admin';
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, Tenant $tenant): bool
+    {
+        return $user->role === 'super_admin';
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Tenant $tenant): bool
+    {
+        return $user->role === 'super_admin';
+    }
+
+    /**
+     * Custom ability for adjusting credits.
+     */
+    public function adjustCredits(User $user, Tenant $tenant): bool
+    {
+        return $user->role === 'super_admin';
+    }
+
+    /**
+     * Custom ability for suspending a tenant.
+     */
+    public function suspend(User $user, Tenant $tenant): bool
+    {
+        return $user->role === 'super_admin';
+    }
+}
+