From 14d0eaa2b315193d052401a92f62463053790283 Mon Sep 17 00:00:00 2001
From: Krystie <krystie@openclaw.local>
Date: Fri, 17 Apr 2026 21:29:35 -0700
Subject: [PATCH] Add deployment env contract for license server

---
 .env.example |  7 +++++++
 README.md    | 41 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 .env.example

diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..0f9756c
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,7 @@
+PORT=3010
+APP_BASE_URL=https://licenses.dashcaddy.net
+DASHCADDY_WEBSITE_URL=https://dashcaddy.net
+STRIPE_SECRET_KEY=sk_live_your_secret_key_here
+STRIPE_PUBLISHABLE_KEY=pk_live_your_publishable_key_here
+STRIPE_WEBHOOK_SECRET=whsec_your_webhook_secret_here
+DATA_DIR=./data
diff --git a/README.md b/README.md
index 2f429a5..571c2e1 100644
--- a/README.md
+++ b/README.md
@@ -31,3 +31,44 @@ and exposes license validation/deactivation endpoints for DashCaddy instances.
 3. Implement webhook ingestion and event processing
 4. Implement validate/deactivate endpoints
 5. Add admin tooling for manual recovery and support workflows
+
+
+## Current implementation status
+
+Implemented now:
+- Stripe Checkout session creation
+- Stripe webhook ingestion scaffold with subscription/license sync
+- File-backed persistence for customers, subscriptions, and licenses
+- License validation endpoint
+- License deactivation endpoint
+- One-machine-at-a-time activation enforcement
+
+Still required before production:
+- durable database
+- email delivery for license keys
+- deployment on Contabo
+- Stripe webhook registration
+- end-to-end live checkout verification
+
+## Environment
+
+```env
+PORT=3010
+APP_BASE_URL=https://licenses.dashcaddy.net
+DASHCADDY_WEBSITE_URL=https://dashcaddy.net
+STRIPE_SECRET_KEY=sk_live_...
+STRIPE_PUBLISHABLE_KEY=pk_live_...
+STRIPE_WEBHOOK_SECRET=whsec_...
+DATA_DIR=./data
+```
+
+## HTTP endpoints
+
+- `GET /health`
+- `GET /api/public/config`
+- `GET /api/public/plans`
+- `POST /api/checkout/session`
+- `POST /api/stripe/webhook`
+- `POST /api/license/validate`
+- `POST /api/license/deactivate`
+- `GET /api/admin/debug/store`