P4.1 · License gating: HMAC + Stripe + Worker email webhook

What

Offline-validated license keys for Pro tier.

License format

cookpanion-PRO.{base64url(payload)}.{base64url(hmac-sha256(payload, SECRET))}

Where payload = { email, tier: 'pro', issuedAt, mode: 'monthly' | 'lifetime' }.

Components

1. Plugin-side validator (src/license.ts): parses key, recomputes HMAC with embedded PUBLIC_SIGNING_KEY (same secret, baked into the plugin bundle — yes, anyone can generate keys with it; that's fine for indie scale, reconsider if MRR > $1k).
2. Stripe Payment Links: one for $4/mo subscription, one for $29 lifetime.
3. Cloudflare Worker webhook: receives Stripe checkout.session.completed, generates a license, emails via Resend.

Settings UI change

Add a "License key" field. On save: validate offline. If valid → set tier = 'pro' in runtime state; Pro features unlock immediately.

Acceptance criteria

• End-to-end purchase flow: click Payment Link → pay → receive email within 30s → paste key → Pro unlocked.
• Invalid keys fail silently (no leak of what's wrong — security best practice).
• Uninstalling and reinstalling the plugin preserves Pro status if the key is re-entered (no phone-home).