`eaedf22`

Add billing state service

Authored by mfwolffe <wolffemf@dukes.jmu.edu> yesterday

SHA: eaedf22b83ddb0a1b99b2a4323745857524cee8c
Parents: 2d00a68
Tree: 16ded76

3 changed files

Status	File	+
M	`docs/internal/billing.md`	15
A	`internal/billing/billing.go`	373
A	`internal/billing/billing_test.go`	208

docs/internal/billing.mdmodified

  - Seat snapshots for auditability.
  - Billing grace/lock state derived from processed subscription events.
 +PAYMENTS SP02 adds these as local database tables:
++
 +- `org_billing_states` stores the organization billing projection used
 +  by entitlement checks.
 +- `billing_seat_snapshots` records active and billable seat counts over
 +  time.
 +- `billing_invoices` stores invoice/payment summaries for billing UI.
 +- `billing_webhook_events` stores immutable provider event receipts for
 +  idempotent webhook processing.
++
 +New organizations receive a Free billing state from a database trigger,
 +and the migration backfills existing organizations as Free. Subscription
 +snapshot writes also keep `orgs.plan` synchronized as the
 +human-facing summary.
++
  ## Entitlement architecture
  Paid feature checks must live behind a central entitlement package, not

internal/billing/billing.goadded

 +// SPDX-License-Identifier: AGPL-3.0-or-later
++
 +// Package billing owns local paid-organization state. It stores Stripe
 +// identifiers and derived subscription state, but it does not call
 +// Stripe directly; webhook/API integration lands in SP03.
 +package billing
++
 +import (
 +	"context"
 +	"encoding/json"
 +	"errors"
 +	"fmt"
 +	"strings"
 +	"time"
++
 +	"github.com/jackc/pgx/v5"
 +	"github.com/jackc/pgx/v5/pgtype"
 +	"github.com/jackc/pgx/v5/pgxpool"
++
 +	billingdb "github.com/tenseleyFlow/shithub/internal/billing/sqlc"
 +)
++
 +type Deps struct {
 +	Pool *pgxpool.Pool
 +}
++
 +type Plan = billingdb.OrgPlan
 +type SubscriptionStatus = billingdb.BillingSubscriptionStatus
 +type State = billingdb.OrgBillingState
++
 +const (
 +	PlanFree       = billingdb.OrgPlanFree
 +	PlanTeam       = billingdb.OrgPlanTeam
 +	PlanEnterprise = billingdb.OrgPlanEnterprise
++
 +	SubscriptionStatusNone       = billingdb.BillingSubscriptionStatusNone
 +	SubscriptionStatusIncomplete = billingdb.BillingSubscriptionStatusIncomplete
 +	SubscriptionStatusTrialing   = billingdb.BillingSubscriptionStatusTrialing
 +	SubscriptionStatusActive     = billingdb.BillingSubscriptionStatusActive
 +	SubscriptionStatusPastDue    = billingdb.BillingSubscriptionStatusPastDue
 +	SubscriptionStatusCanceled   = billingdb.BillingSubscriptionStatusCanceled
 +	SubscriptionStatusUnpaid     = billingdb.BillingSubscriptionStatusUnpaid
 +	SubscriptionStatusPaused     = billingdb.BillingSubscriptionStatusPaused
 +)
++
 +var (
 +	ErrPoolRequired     = errors.New("billing: pool is required")
 +	ErrOrgIDRequired    = errors.New("billing: org id is required")
 +	ErrStripeCustomerID = errors.New("billing: stripe customer id is required")
 +	ErrInvalidPlan      = errors.New("billing: invalid plan")
 +	ErrInvalidStatus    = errors.New("billing: invalid subscription status")
 +	ErrInvalidSeatCount = errors.New("billing: seat counts cannot be negative")
 +	ErrWebhookEventID   = errors.New("billing: webhook event id is required")
 +	ErrWebhookEventType = errors.New("billing: webhook event type is required")
 +	ErrWebhookPayload   = errors.New("billing: webhook payload must be a JSON object")
 +)
++
 +// SubscriptionSnapshot is the local projection of a provider
 +// subscription event. Provider-specific conversion belongs in SP03.
 +type SubscriptionSnapshot struct {
 +	OrgID                    int64
 +	Plan                     Plan
 +	Status                   SubscriptionStatus
 +	StripeSubscriptionID     string
 +	StripeSubscriptionItemID string
 +	CurrentPeriodStart       time.Time
 +	CurrentPeriodEnd         time.Time
 +	CancelAtPeriodEnd        bool
 +	TrialEnd                 time.Time
 +	CanceledAt               time.Time
 +	LastWebhookEventID       string
 +}
++
 +type SeatSnapshot struct {
 +	OrgID                int64
 +	StripeSubscriptionID string
 +	ActiveMembers        int
 +	BillableSeats        int
 +	Source               string
 +}
++
 +type WebhookEvent struct {
 +	ProviderEventID string
 +	EventType       string
 +	APIVersion      string
 +	Payload         []byte
 +}
++
 +func GetOrgBillingState(ctx context.Context, deps Deps, orgID int64) (State, error) {
 +	if err := validateDeps(deps); err != nil {
 +		return State{}, err
 +	}
 +	if orgID == 0 {
 +		return State{}, ErrOrgIDRequired
 +	}
 +	return billingdb.New().GetOrgBillingState(ctx, deps.Pool, orgID)
 +}
++
 +func SetStripeCustomer(ctx context.Context, deps Deps, orgID int64, customerID string) (State, error) {
 +	if err := validateDeps(deps); err != nil {
 +		return State{}, err
 +	}
 +	if orgID == 0 {
 +		return State{}, ErrOrgIDRequired
 +	}
 +	customerID = strings.TrimSpace(customerID)
 +	if customerID == "" {
 +		return State{}, ErrStripeCustomerID
 +	}
 +	return billingdb.New().SetStripeCustomer(ctx, deps.Pool, billingdb.SetStripeCustomerParams{
 +		OrgID:            orgID,
 +		StripeCustomerID: pgText(customerID),
 +	})
 +}
++
 +func ApplySubscriptionSnapshot(ctx context.Context, deps Deps, snap SubscriptionSnapshot) (State, error) {
 +	if err := validateDeps(deps); err != nil {
 +		return State{}, err
 +	}
 +	if snap.OrgID == 0 {
 +		return State{}, ErrOrgIDRequired
 +	}
 +	if !validPlan(snap.Plan) {
 +		return State{}, fmt.Errorf("%w: %q", ErrInvalidPlan, snap.Plan)
 +	}
 +	if !validStatus(snap.Status) {
 +		return State{}, fmt.Errorf("%w: %q", ErrInvalidStatus, snap.Status)
 +	}
 +	row, err := billingdb.New().ApplySubscriptionSnapshot(ctx, deps.Pool, billingdb.ApplySubscriptionSnapshotParams{
 +		OrgID:                    snap.OrgID,
 +		Plan:                     snap.Plan,
 +		SubscriptionStatus:       snap.Status,
 +		StripeSubscriptionID:     pgText(snap.StripeSubscriptionID),
 +		StripeSubscriptionItemID: pgText(snap.StripeSubscriptionItemID),
 +		CurrentPeriodStart:       pgTime(snap.CurrentPeriodStart),
 +		CurrentPeriodEnd:         pgTime(snap.CurrentPeriodEnd),
 +		CancelAtPeriodEnd:        snap.CancelAtPeriodEnd,
 +		TrialEnd:                 pgTime(snap.TrialEnd),
 +		CanceledAt:               pgTime(snap.CanceledAt),
 +		LastWebhookEventID:       strings.TrimSpace(snap.LastWebhookEventID),
 +	})
 +	if err != nil {
 +		return State{}, err
 +	}
 +	return stateFromApply(row), nil
 +}
++
 +func RecordWebhookEvent(ctx context.Context, deps Deps, event WebhookEvent) (billingdb.BillingWebhookEvent, bool, error) {
 +	if err := validateDeps(deps); err != nil {
 +		return billingdb.BillingWebhookEvent{}, false, err
 +	}
 +	event.ProviderEventID = strings.TrimSpace(event.ProviderEventID)
 +	event.EventType = strings.TrimSpace(event.EventType)
 +	event.APIVersion = strings.TrimSpace(event.APIVersion)
 +	if event.ProviderEventID == "" {
 +		return billingdb.BillingWebhookEvent{}, false, ErrWebhookEventID
 +	}
 +	if event.EventType == "" {
 +		return billingdb.BillingWebhookEvent{}, false, ErrWebhookEventType
 +	}
 +	if !jsonObject(event.Payload) {
 +		return billingdb.BillingWebhookEvent{}, false, ErrWebhookPayload
 +	}
 +	row, err := billingdb.New().CreateWebhookEventReceipt(ctx, deps.Pool, billingdb.CreateWebhookEventReceiptParams{
 +		ProviderEventID: event.ProviderEventID,
 +		EventType:       event.EventType,
 +		ApiVersion:      event.APIVersion,
 +		Payload:         event.Payload,
 +	})
 +	if err != nil {
 +		if errors.Is(err, pgx.ErrNoRows) {
 +			return billingdb.BillingWebhookEvent{}, false, nil
 +		}
 +		return billingdb.BillingWebhookEvent{}, false, err
 +	}
 +	return row, true, nil
 +}
++
 +func SyncSeatSnapshot(ctx context.Context, deps Deps, snap SeatSnapshot) (billingdb.BillingSeatSnapshot, error) {
 +	if err := validateDeps(deps); err != nil {
 +		return billingdb.BillingSeatSnapshot{}, err
 +	}
 +	if snap.OrgID == 0 {
 +		return billingdb.BillingSeatSnapshot{}, ErrOrgIDRequired
 +	}
 +	if snap.ActiveMembers < 0 || snap.BillableSeats < 0 {
 +		return billingdb.BillingSeatSnapshot{}, ErrInvalidSeatCount
 +	}
 +	source := strings.TrimSpace(snap.Source)
 +	if source == "" {
 +		source = "local"
 +	}
 +	row, err := billingdb.New().CreateSeatSnapshot(ctx, deps.Pool, billingdb.CreateSeatSnapshotParams{
 +		OrgID:                snap.OrgID,
 +		StripeSubscriptionID: pgText(snap.StripeSubscriptionID),
 +		ActiveMembers:        int32(snap.ActiveMembers),
 +		BillableSeats:        int32(snap.BillableSeats),
 +		Source:               source,
 +	})
 +	if err != nil {
 +		return billingdb.BillingSeatSnapshot{}, err
 +	}
 +	return billingdb.BillingSeatSnapshot(row), nil
 +}
++
 +func MarkPastDue(ctx context.Context, deps Deps, orgID int64, graceUntil time.Time, lastWebhookEventID string) (State, error) {
 +	if err := validateDeps(deps); err != nil {
 +		return State{}, err
 +	}
 +	if orgID == 0 {
 +		return State{}, ErrOrgIDRequired
 +	}
 +	return billingdb.New().MarkPastDue(ctx, deps.Pool, billingdb.MarkPastDueParams{
 +		OrgID:              orgID,
 +		GraceUntil:         pgTime(graceUntil),
 +		LastWebhookEventID: strings.TrimSpace(lastWebhookEventID),
 +	})
 +}
++
 +func MarkCanceled(ctx context.Context, deps Deps, orgID int64, lastWebhookEventID string) (State, error) {
 +	if err := validateDeps(deps); err != nil {
 +		return State{}, err
 +	}
 +	if orgID == 0 {
 +		return State{}, ErrOrgIDRequired
 +	}
 +	row, err := billingdb.New().MarkCanceled(ctx, deps.Pool, billingdb.MarkCanceledParams{
 +		OrgID:              orgID,
 +		LastWebhookEventID: strings.TrimSpace(lastWebhookEventID),
 +	})
 +	if err != nil {
 +		return State{}, err
 +	}
 +	return stateFromCanceled(row), nil
 +}
++
 +func ClearBillingLock(ctx context.Context, deps Deps, orgID int64) (State, error) {
 +	if err := validateDeps(deps); err != nil {
 +		return State{}, err
 +	}
 +	if orgID == 0 {
 +		return State{}, ErrOrgIDRequired
 +	}
 +	row, err := billingdb.New().ClearBillingLock(ctx, deps.Pool, orgID)
 +	if err != nil {
 +		return State{}, err
 +	}
 +	return stateFromClear(row), nil
 +}
++
 +func validateDeps(deps Deps) error {
 +	if deps.Pool == nil {
 +		return ErrPoolRequired
 +	}
 +	return nil
 +}
++
 +func validPlan(plan Plan) bool {
 +	switch plan {
 +	case PlanFree, PlanTeam, PlanEnterprise:
 +		return true
 +	default:
 +		return false
 +	}
 +}
++
 +func validStatus(status SubscriptionStatus) bool {
 +	switch status {
 +	case SubscriptionStatusNone,
 +		SubscriptionStatusIncomplete,
 +		SubscriptionStatusTrialing,
 +		SubscriptionStatusActive,
 +		SubscriptionStatusPastDue,
 +		SubscriptionStatusCanceled,
 +		SubscriptionStatusUnpaid,
 +		SubscriptionStatusPaused:
 +		return true
 +	default:
 +		return false
 +	}
 +}
++
 +func pgText(s string) pgtype.Text {
 +	s = strings.TrimSpace(s)
 +	return pgtype.Text{String: s, Valid: s != ""}
 +}
++
 +func pgTime(t time.Time) pgtype.Timestamptz {
 +	return pgtype.Timestamptz{Time: t, Valid: !t.IsZero()}
 +}
++
 +func jsonObject(payload []byte) bool {
 +	var v map[string]any
 +	return json.Unmarshal(payload, &v) == nil && v != nil
 +}
++
 +func stateFromApply(row billingdb.ApplySubscriptionSnapshotRow) State {
 +	return State{
 +		OrgID:                    row.OrgID,
 +		Provider:                 row.Provider,
 +		StripeCustomerID:         row.StripeCustomerID,
 +		StripeSubscriptionID:     row.StripeSubscriptionID,
 +		StripeSubscriptionItemID: row.StripeSubscriptionItemID,
 +		Plan:                     row.Plan,
 +		SubscriptionStatus:       row.SubscriptionStatus,
 +		BillableSeats:            row.BillableSeats,
 +		SeatSnapshotAt:           row.SeatSnapshotAt,
 +		CurrentPeriodStart:       row.CurrentPeriodStart,
 +		CurrentPeriodEnd:         row.CurrentPeriodEnd,
 +		CancelAtPeriodEnd:        row.CancelAtPeriodEnd,
 +		TrialEnd:                 row.TrialEnd,
 +		PastDueAt:                row.PastDueAt,
 +		CanceledAt:               row.CanceledAt,
 +		LockedAt:                 row.LockedAt,
 +		LockReason:               row.LockReason,
 +		GraceUntil:               row.GraceUntil,
 +		LastWebhookEventID:       row.LastWebhookEventID,
 +		CreatedAt:                row.CreatedAt,
 +		UpdatedAt:                row.UpdatedAt,
 +	}
 +}
++
 +func stateFromCanceled(row billingdb.MarkCanceledRow) State {
 +	return State{
 +		OrgID:                    row.OrgID,
 +		Provider:                 row.Provider,
 +		StripeCustomerID:         row.StripeCustomerID,
 +		StripeSubscriptionID:     row.StripeSubscriptionID,
 +		StripeSubscriptionItemID: row.StripeSubscriptionItemID,
 +		Plan:                     row.Plan,
 +		SubscriptionStatus:       row.SubscriptionStatus,
 +		BillableSeats:            row.BillableSeats,
 +		SeatSnapshotAt:           row.SeatSnapshotAt,
 +		CurrentPeriodStart:       row.CurrentPeriodStart,
 +		CurrentPeriodEnd:         row.CurrentPeriodEnd,
 +		CancelAtPeriodEnd:        row.CancelAtPeriodEnd,
 +		TrialEnd:                 row.TrialEnd,
 +		PastDueAt:                row.PastDueAt,
 +		CanceledAt:               row.CanceledAt,
 +		LockedAt:                 row.LockedAt,
 +		LockReason:               row.LockReason,
 +		GraceUntil:               row.GraceUntil,
 +		LastWebhookEventID:       row.LastWebhookEventID,
 +		CreatedAt:                row.CreatedAt,
 +		UpdatedAt:                row.UpdatedAt,
 +	}
 +}
++
 +func stateFromClear(row billingdb.ClearBillingLockRow) State {
 +	return State{
 +		OrgID:                    row.OrgID,
 +		Provider:                 row.Provider,
 +		StripeCustomerID:         row.StripeCustomerID,
 +		StripeSubscriptionID:     row.StripeSubscriptionID,
 +		StripeSubscriptionItemID: row.StripeSubscriptionItemID,
 +		Plan:                     row.Plan,
 +		SubscriptionStatus:       row.SubscriptionStatus,
 +		BillableSeats:            row.BillableSeats,
 +		SeatSnapshotAt:           row.SeatSnapshotAt,
 +		CurrentPeriodStart:       row.CurrentPeriodStart,
 +		CurrentPeriodEnd:         row.CurrentPeriodEnd,
 +		CancelAtPeriodEnd:        row.CancelAtPeriodEnd,
 +		TrialEnd:                 row.TrialEnd,
 +		PastDueAt:                row.PastDueAt,
 +		CanceledAt:               row.CanceledAt,
 +		LockedAt:                 row.LockedAt,
 +		LockReason:               row.LockReason,
 +		GraceUntil:               row.GraceUntil,
 +		LastWebhookEventID:       row.LastWebhookEventID,
 +		CreatedAt:                row.CreatedAt,
 +		UpdatedAt:                row.UpdatedAt,
 +	}
 +}

internal/billing/billing_test.goadded

 +// SPDX-License-Identifier: AGPL-3.0-or-later
++
 +package billing_test
++
 +import (
 +	"context"
 +	"io"
 +	"log/slog"
 +	"testing"
 +	"time"
++
 +	"github.com/jackc/pgx/v5/pgxpool"
++
 +	"github.com/tenseleyFlow/shithub/internal/billing"
 +	billingdb "github.com/tenseleyFlow/shithub/internal/billing/sqlc"
 +	"github.com/tenseleyFlow/shithub/internal/orgs"
 +	orgsdb "github.com/tenseleyFlow/shithub/internal/orgs/sqlc"
 +	"github.com/tenseleyFlow/shithub/internal/testing/dbtest"
 +	usersdb "github.com/tenseleyFlow/shithub/internal/users/sqlc"
 +)
++
 +const fixtureHash = "$argon2id$v=19$m=16384,t=1,p=1$" +
 +	"AAAAAAAAAAAAAAAA$" +
 +	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
++
 +func setup(t *testing.T) (*pgxpool.Pool, billing.Deps, orgsdb.Org) {
 +	t.Helper()
 +	pool := dbtest.NewTestDB(t)
 +	ctx := context.Background()
 +	u, err := usersdb.New().CreateUser(ctx, pool, usersdb.CreateUserParams{
 +		Username: "alice", DisplayName: "Alice", PasswordHash: fixtureHash,
 +	})
 +	if err != nil {
 +		t.Fatalf("create user: %v", err)
 +	}
 +	odeps := orgs.Deps{
 +		Pool:   pool,
 +		Logger: slog.New(slog.NewTextHandler(io.Discard, nil)),
 +	}
 +	org, err := orgs.Create(ctx, odeps, orgs.CreateParams{
 +		Slug: "acme", DisplayName: "Acme Inc", CreatedByUserID: u.ID,
 +	})
 +	if err != nil {
 +		t.Fatalf("create org: %v", err)
 +	}
 +	return pool, billing.Deps{Pool: pool}, org
 +}
++
 +func TestBillingStateTransitions(t *testing.T) {
 +	pool, deps, org := setup(t)
 +	ctx := context.Background()
++
 +	state, err := billing.GetOrgBillingState(ctx, deps, org.ID)
 +	if err != nil {
 +		t.Fatalf("GetOrgBillingState: %v", err)
 +	}
 +	if state.Plan != billing.PlanFree || state.SubscriptionStatus != billing.SubscriptionStatusNone {
 +		t.Fatalf("new org state: plan=%s status=%s", state.Plan, state.SubscriptionStatus)
 +	}
++
 +	state, err = billing.SetStripeCustomer(ctx, deps, org.ID, "cus_test")
 +	if err != nil {
 +		t.Fatalf("SetStripeCustomer: %v", err)
 +	}
 +	if !state.StripeCustomerID.Valid || state.StripeCustomerID.String != "cus_test" {
 +		t.Fatalf("stripe customer not set: %+v", state.StripeCustomerID)
 +	}
++
 +	start := time.Now().UTC().Truncate(time.Second)
 +	state, err = billing.ApplySubscriptionSnapshot(ctx, deps, billing.SubscriptionSnapshot{
 +		OrgID:                    org.ID,
 +		Plan:                     billing.PlanTeam,
 +		Status:                   billing.SubscriptionStatusActive,
 +		StripeSubscriptionID:     "sub_test",
 +		StripeSubscriptionItemID: "si_test",
 +		CurrentPeriodStart:       start,
 +		CurrentPeriodEnd:         start.Add(30 * 24 * time.Hour),
 +		LastWebhookEventID:       "evt_active",
 +	})
 +	if err != nil {
 +		t.Fatalf("ApplySubscriptionSnapshot active: %v", err)
 +	}
 +	assertState(t, state, billing.PlanTeam, billing.SubscriptionStatusActive)
 +	if state.LockedAt.Valid || state.LockReason.Valid {
 +		t.Fatalf("active subscription should not be locked: %+v", state)
 +	}
 +	assertOrgPlan(t, pool, org.ID, orgsdb.OrgPlanTeam)
++
 +	grace := start.Add(7 * 24 * time.Hour)
 +	state, err = billing.MarkPastDue(ctx, deps, org.ID, grace, "evt_past_due")
 +	if err != nil {
 +		t.Fatalf("MarkPastDue: %v", err)
 +	}
 +	assertState(t, state, billing.PlanTeam, billing.SubscriptionStatusPastDue)
 +	if !state.LockedAt.Valid || !state.LockReason.Valid || state.LockReason.BillingLockReason != billingdb.BillingLockReasonPastDue {
 +		t.Fatalf("past_due should set lock fields: %+v", state)
 +	}
 +	if !state.GraceUntil.Valid {
 +		t.Fatalf("past_due should set grace_until")
 +	}
++
 +	state, err = billing.ApplySubscriptionSnapshot(ctx, deps, billing.SubscriptionSnapshot{
 +		OrgID:                    org.ID,
 +		Plan:                     billing.PlanTeam,
 +		Status:                   billing.SubscriptionStatusActive,
 +		StripeSubscriptionID:     "sub_test",
 +		StripeSubscriptionItemID: "si_test",
 +		CurrentPeriodStart:       start,
 +		CurrentPeriodEnd:         start.Add(30 * 24 * time.Hour),
 +		LastWebhookEventID:       "evt_recovered",
 +	})
 +	if err != nil {
 +		t.Fatalf("ApplySubscriptionSnapshot recovered: %v", err)
 +	}
 +	assertState(t, state, billing.PlanTeam, billing.SubscriptionStatusActive)
 +	if state.LockedAt.Valid || state.LockReason.Valid || state.GraceUntil.Valid || state.PastDueAt.Valid {
 +		t.Fatalf("recovered subscription should clear lock/grace/past_due: %+v", state)
 +	}
++
 +	state, err = billing.MarkCanceled(ctx, deps, org.ID, "evt_canceled")
 +	if err != nil {
 +		t.Fatalf("MarkCanceled: %v", err)
 +	}
 +	assertState(t, state, billing.PlanFree, billing.SubscriptionStatusCanceled)
 +	if !state.LockedAt.Valid || !state.LockReason.Valid || state.LockReason.BillingLockReason != billingdb.BillingLockReasonCanceled {
 +		t.Fatalf("canceled subscription should set canceled lock: %+v", state)
 +	}
 +	assertOrgPlan(t, pool, org.ID, orgsdb.OrgPlanFree)
++
 +	state, err = billing.ClearBillingLock(ctx, deps, org.ID)
 +	if err != nil {
 +		t.Fatalf("ClearBillingLock: %v", err)
 +	}
 +	assertState(t, state, billing.PlanFree, billing.SubscriptionStatusNone)
 +	if state.LockedAt.Valid || state.LockReason.Valid || state.GraceUntil.Valid {
 +		t.Fatalf("free state should clear billing lock: %+v", state)
 +	}
 +}
++
 +func TestRecordWebhookEventIsIdempotent(t *testing.T) {
 +	_, deps, _ := setup(t)
 +	ctx := context.Background()
++
 +	event := billing.WebhookEvent{
 +		ProviderEventID: "evt_test",
 +		EventType:       "customer.subscription.updated",
 +		APIVersion:      "2024-06-20",
 +		Payload:         []byte(`{"id":"evt_test"}`),
 +	}
 +	row, created, err := billing.RecordWebhookEvent(ctx, deps, event)
 +	if err != nil {
 +		t.Fatalf("RecordWebhookEvent first: %v", err)
 +	}
 +	if !created || row.ProviderEventID != "evt_test" {
 +		t.Fatalf("first receipt created=%v row=%+v", created, row)
 +	}
++
 +	_, created, err = billing.RecordWebhookEvent(ctx, deps, event)
 +	if err != nil {
 +		t.Fatalf("RecordWebhookEvent duplicate: %v", err)
 +	}
 +	if created {
 +		t.Fatalf("duplicate receipt should not be created")
 +	}
 +}
++
 +func TestSyncSeatSnapshotUpdatesBillingState(t *testing.T) {
 +	_, deps, org := setup(t)
 +	ctx := context.Background()
++
 +	snap, err := billing.SyncSeatSnapshot(ctx, deps, billing.SeatSnapshot{
 +		OrgID:                org.ID,
 +		StripeSubscriptionID: "sub_test",
 +		ActiveMembers:        2,
 +		BillableSeats:        2,
 +	})
 +	if err != nil {
 +		t.Fatalf("SyncSeatSnapshot: %v", err)
 +	}
 +	if snap.ActiveMembers != 2 || snap.BillableSeats != 2 || snap.Source != "local" {
 +		t.Fatalf("unexpected snapshot: %+v", snap)
 +	}
 +	state, err := billing.GetOrgBillingState(ctx, deps, org.ID)
 +	if err != nil {
 +		t.Fatalf("GetOrgBillingState: %v", err)
 +	}
 +	if state.BillableSeats != 2 || !state.SeatSnapshotAt.Valid {
 +		t.Fatalf("state did not record seat snapshot: %+v", state)
 +	}
 +}
++
 +func assertState(t *testing.T, state billing.State, plan billing.Plan, status billing.SubscriptionStatus) {
 +	t.Helper()
 +	if state.Plan != plan || state.SubscriptionStatus != status {
 +		t.Fatalf("state: want plan=%s status=%s, got plan=%s status=%s", plan, status, state.Plan, state.SubscriptionStatus)
 +	}
 +}
++
 +func assertOrgPlan(t *testing.T, pool *pgxpool.Pool, orgID int64, want orgsdb.OrgPlan) {
 +	t.Helper()
 +	row, err := orgsdb.New().GetOrgByID(context.Background(), pool, orgID)
 +	if err != nil {
 +		t.Fatalf("GetOrgByID: %v", err)
 +	}
 +	if row.Plan != want {
 +		t.Fatalf("org plan: want %s, got %s", want, row.Plan)
 +	}
 +}