test(e2e): add full Paddle E2E coverage to webbilling-demo (WST-564)

[rogersole]

Summary

Full Paddle E2E coverage for examples/webbilling-demo (WST-564). This PR now targets main and contains the entire stack; #916, #917, #918, #919 and #920 remain open as individually reviewable slices of the same commits — merging this one merges everything (close the slices afterwards). Supersedes #820 (credit @nicfix for the original groundwork).

Test suite (src/tests/paddle/, 11 tests)

Test	Modes	Notes
Config guard	–	Fails loudly on CI if VITE_RC_PADDLE_E2E_API_KEY is missing instead of silently skipping (skips locally)
Happy-path purchase	inline + overlay	Real sandbox purchases; inline also asserts sandbox banner, RC order summary, processing state; both end on the entitlement-gated success page
Email as query param	inline + overlay	Paddle omits the email field entirely when customerEmail is provided (verified against the sandbox; mode-independent since the email travels via /checkout/start)
RC Paywall purchase	inline + overlay	V2 paywall → package selection → Continue → checkout → success; gated by ALLOW_PAYWALLS_TESTS
Cancel/close	inline + overlay	Inline via the RC return button; overlay via Paddle's own 'Return to {seller}' control; no payment completion needed
Error path	mode-agnostic	checkout/start returning paddle_billing_params: null → error screen

Key infrastructure

• forcePaddleCheckoutMode(page, "inline" | "overlay"): rewrites paddle_billing_params.inline_checkout_enabled in the real /checkout/start response, so one E2E project deterministically covers both presentation modes regardless of the backend per-project flag (WST-700).
• completePaddleCheckoutForm(frame, ...): mode-agnostic form fill using Paddle's own test ids, Andorra to skip the postcode field, and a submit re-click loop (Paddle silently swallows submits that land while the async email authentication is in flight).
• Frame locators verified against the live sandbox: inline scoped to the RC container; overlay via iframe.paddle-frame, iframe[name='paddle_frame'].
• Harness: the /v1/events stub now only intercepts RevenueCat's endpoint (Paddle has its own); userId/email fixtures test-scoped.
• Env plumbing + docs: VITE_RC_PADDLE_E2E_API_KEY, VITE_SKIP_PADDLE_TESTS, CircleCI exports, README setup section.

CI

• Chromium-only on CI (like the Stripe Checkout suite); firefox/webkit run locally.
• Happy paths run fully on CI — the WST-709 spike ([DO NOT MERGE] spike(e2e): validate Paddle CI purchase completion (WST-709) #923) confirmed Paddle sandbox completes purchases from CircleCI IPs (no Stripe-style CAPTCHA gating).
• Requires E2E_RC_PADDLE_E2E_API_KEY in CircleCI (configured) and paddle_e2e_test offering with entitlement + V2 paywall (configured).

Test plan

• tsc --noEmit, eslint, prettier clean
• Full suite green locally with real sandbox purchases, repeatedly
• CI completion validated (spike [DO NOT MERGE] spike(e2e): validate Paddle CI purchase completion (WST-709) #923)
• CI green on this branch

🤖 Generated with Claude Code

---

Note

Low Risk
Changes are confined to demo E2E tests, docs, and CircleCI env exports; no production SDK or billing logic is modified.

Overview
Adds full Paddle E2E coverage to examples/webbilling-demo, parallel to the existing Stripe Checkout suite.

New Playwright specs under src/tests/paddle/ cover inline and overlay checkout (happy path, email via query param, RC Paywall, cancel/close, and checkout/start missing paddle_billing_params). forcePaddleCheckoutMode rewrites inline_checkout_enabled on the real /checkout/start response so both modes run from one E2E project. Shared helpers handle Paddle iframe locators, sandbox card fill (Andorra, submit retry loop), and navigation with VITE_RC_PADDLE_E2E_API_KEY.

Harness updates: SKIP_PADDLE_TESTS / skipPaddleTestsIfDisabled, CI guard so a missing Paddle key fails on CI instead of silent skip, userId/email fixtures scoped per test, and /v1/events stubbing limited to RevenueCat hosts so Paddle traffic is not blocked. CircleCI, .env.example, and README document VITE_RC_PADDLE_E2E_API_KEY and VITE_SKIP_PADDLE_TESTS; Paddle runs Chromium-only on CI.

^{Reviewed by Cursor Bugbot for commit 521c28e. Bugbot is set up for automated code reviews on this repo. Configure here.}

[vicfergar]

LGTM overall, but I left a few suggestions.

It might also be worth checking why the number of skipped tests increased:

# In main:
  64 skipped
  162 passed

# In this branch:
  82 skipped (+18)
  176 passed (+14)

[rogersole]

Re: the skipped-test increase — pulled the actual CI outputs from both runs and decoded them (test-e2e #14937 on this branch vs test-e2e #14894 on main):

	main (#14894)	this branch (#14937)	Δ
entries	228 (76 tests × 3 browsers)	258 (86 × 3)	+30
passed	164	176	+12
skipped	64	82	+18

The +30 entries are the new Paddle suite: 10 tests × 3 browsers. Expected split is +20 skipped (firefox + webkit skip the whole suite on CI — same chromium-only policy as the existing stripe-checkout suite; all browsers run locally) and +10 passed (chromium runs everything: config guard, error path, 2 cancels, and 6 real sandbox purchases across inline/overlay). The observed +18/+12 differs from that by exactly 2 tests, which is run-to-run noise — both runs had 2 flaky retries, and the Stripe Checkout completion tests skip nondeterministically when Stripe presents a CAPTCHA (SKIP_STRIPE_TESTS_ON_CAPTCHA).

The ~64-skip baseline is identical in both runs and fully accounted for:

• 33 — tax-calculation "real" variants (11 tests): always skipped on firefox/webkit (22), and snoozed on chromium via VITE_SKIP_TAX_REAL_TESTS_UNTIL=2026-08-30 (11) — visible in both run logs.
• 18 — Stripe Checkout suite (9 tests) on firefox/webkit (pre-existing chromium-only policy).
• ~13 — chromium Stripe CAPTCHA skips (2 in both runs) plus the handful of pre-existing conditional in-test skips, ±the flaky-retry noise.

Bottom line: zero unexpected skips, no Paddle test ever skips on chromium, and the baseline skip behavior is byte-for-byte the same as main.

[rogersole]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit eafccba. Configure here.}