E2E: billing-stripe.spec.ts skipped (401 unauthenticated on checkout probe)

[ZappoMan]

Summary

Four Playwright billing Stripe E2E tests in tests/e2e/web/specs/billing/billing-stripe.spec.ts are skipped on preview CI because the pre-run checkout probe fails with 401 unauthenticated from the billing-stripe Edge Function.

Observed behavior

[e2e] Stripe checkout probe: not ready — billing-stripe checkout failed (401): {"error":"unauthenticated"}
  - Billing Stripe flows › upgrades Free to Pro via Stripe Checkout
  - Billing Stripe flows › shows annual switch option for paid plan
  - Billing Stripe flows › loads invoices page after upgrade
  - Billing Stripe flows › schedules downgrade to Free after Pro subscription

  4 skipped
  15 passed

The spec uses probeStripeCheckoutReady() in beforeAll and skips all four tests when the probe is not ready (billing-stripe.spec.ts).

Expected behavior

When preview billing is configured (Stripe test keys, synced plans, BILLING_ALLOWED_ORIGINS, deployed billing-stripe), the probe should reach Stripe Checkout and the four tests should run in the shared-state Playwright project.

Likely investigation areas

1. Auth session in reused CI artifacts — shared-state runs after e2e-chromium with E2E_SKIP_GLOBAL_SETUP=1 and downloaded .auth/ storage state. The probe uses e2eStorageStatePath; the session JWT may be expired or not accepted by preview Supabase when the serial job starts.
2. Edge anon key mismatch — billing-stripe validates the caller via auth.getUser() using SUPABASE_ANON_KEY or BILLING_SUPABASE_ANON_KEY (supabase/functions/billing-stripe/index.ts). Confirm preview deploy sets BILLING_SUPABASE_ANON_KEY to match the web app VITE_SUPABASE_ANON_KEY.
3. Authorization header on checkout invoke — Verify the web billing client sends the logged-in user's access token when POSTing to billing-stripe from /billing/plans (Playwright sees the 401 on the network response).
4. Preview billing deploy — Confirm billing-stripe is deployed, plans are synced (npm run billing:sync-stripe), and BILLING_ALLOWED_ORIGINS includes the PR preview origin.

References

• Probe: tests/e2e/web/fixtures/stripe-checkout.fixture.ts (probeStripeCheckoutReady)
• Edge auth gate: supabase/functions/billing-stripe/index.ts (401 when auth.getUser() fails)
• Docs: docs/stripe-billing-setup.md (401 troubleshooting), docs/TESTING.md (Stripe billing E2E section)
• CI: .github/workflows/e2e-web-pr-approval.yml (e2e-serial job, shared-state project)

Acceptance criteria

• Preview E2E run reports 0 skipped for billing-stripe.spec.ts (or documents an intentional skip with a separate env gate)
• Probe log shows Stripe checkout probe: ready
• All four Stripe billing flows pass reliably without retries

[MrBlue-1996]

Quick pass from the public code: the failing 401 is happening exactly at the billing-stripe auth gate (auth.getUser() after forwarding the Authorization header). The Edge function path itself looks intentional.

The fastest PR here is probably not more Stripe logic. I would add a pre-check in the Playwright probe that proves the shared-state session is still valid before clicking checkout, and make the skip reason say whether the storage state has no Supabase session, the JWT is expired, or the Edge anon key is mismatched. That turns the current generic 401 unauthenticated into a concrete CI/env failure.

I can do that small public-code PR for $79. No Supabase/Stripe login, secrets, or preview access needed. Contact: rwestgate602@gmail.com

[ZappoMan]

@MrBlue-1996

Thanks for taking a look and for the detailed read on the 401 at the billing-stripe auth gate — that matches what we’re seeing in the public CI logs as well.

BeakerStack is open source, so we don’t pay for bug fixes or small PRs. If you’d like to contribute, you’re welcome to open a PR against develop with the session pre-check and clearer skip reasons you described (no secrets or preview access required). We’ll review it like any other contribution per CONTRIBUTING.md.

Appreciate the offer either way.