# Dewemoji Migration Test Guide (Provider + Frontend)

Follow this after pulling latest `main`.

## 1) Prepare local env

1. Open `app/.env`.
2. Set local app URL:
   - `APP_URL=http://127.0.0.1:8000`
3. Start in sandbox first:
   - `DEWEMOJI_BILLING_MODE=sandbox`
   - `DEWEMOJI_LICENSE_ACCEPT_ALL=false`
4. Keep CORS local during testing:
   - `DEWEMOJI_ALLOWED_ORIGINS=http://127.0.0.1:8000,http://localhost:8000`

## 2) Run app

1. In `app/`, run:
   - `php artisan migrate`
2. Start server:
   - `php artisan serve --host=127.0.0.1 --port=8000`
3. Open `http://127.0.0.1:8000`.

## 3) Provider parity test (Live mode)

### A. Gumroad live mapping test

1. Switch to live mode in `.env`:
   - `DEWEMOJI_BILLING_MODE=live`
   - `DEWEMOJI_LICENSE_ACCEPT_ALL=false`
   - `DEWEMOJI_PRO_KEYS=`
   - `DEWEMOJI_GUMROAD_ENABLED=true`
   - `DEWEMOJI_GUMROAD_VERIFY_URL=https://api.gumroad.com/v2/licenses/verify`
   - `DEWEMOJI_GUMROAD_PRODUCT_IDS=<your_product_id>`
2. Restart `php artisan serve`.
3. Test verify:
```bash
curl -X POST "http://127.0.0.1:8000/v1/license/verify" \
  -H "Content-Type: application/json" \
  -d '{"key":"<real_gumroad_key>"}'
```
4. Expect `ok=true`, `source="gumroad"`, tier header `X-Dewemoji-Tier: pro`.

### B. Mayar live mapping test

1. In `.env`, configure:
   - `DEWEMOJI_MAYAR_ENABLED=true`
   - `DEWEMOJI_MAYAR_VERIFY_URL=<real_mayar_verify_url>`
   - OR (`DEWEMOJI_MAYAR_API_BASE` + `DEWEMOJI_MAYAR_ENDPOINT_VERIFY`)
   - `DEWEMOJI_MAYAR_API_KEY=<or secret key>`
2. Test verify:
```bash
curl -X POST "http://127.0.0.1:8000/v1/license/verify" \
  -H "Content-Type: application/json" \
  -d '{"key":"<real_mayar_key>"}'
```
3. Expect `ok=true`, `source="mayar"`.

### C. Negative check (important)

1. Verify with invalid key.
2. Expect `401` + `error="invalid_license"` + diagnostics in `details.gumroad` / `details.mayar`.

## 4) Activation lifecycle test

1. Verify key is valid first.
2. Activate device:
```bash
curl -X POST "http://127.0.0.1:8000/v1/license/activate" \
  -H "Content-Type: application/json" \
  -d '{"key":"<valid_key>","email":"you@example.com","product":"chrome","device_id":"chrome-profile-1"}'
```
3. Expect `ok=true`, `pro=true`.
4. Deactivate:
```bash
curl -X POST "http://127.0.0.1:8000/v1/license/deactivate" \
  -H "Content-Type: application/json" \
  -d '{"key":"<valid_key>","product":"chrome","device_id":"chrome-profile-1"}'
```
5. Expect `ok=true`.

## 5) Frontend parity test

Open and verify these URLs:

1. `/` (discover page)
2. `/browse`
3. `/<category>` example: `/animals`
4. `/<category>/<subcategory>` example: `/animals/animal-mammal`
5. `/emoji/grinning-face`
6. `/pricing`
7. `/api-docs`
8. `/support`
9. `/privacy`
10. `/terms`
11. `/robots.txt`
12. `/sitemap.xml`

Checks:
- Home search updates URL without full reload.
- Category routes prefill filters correctly.
- Pricing links point to Gumroad URLs.
- Support page loads and shows API/auth guidance.
- `robots.txt` contains sitemap URL.
- `sitemap.xml` includes core pages and emoji URLs.

## 6) Automated test pass

From `app/` run:

```bash
php artisan test
```

Expected: all tests pass.

## 7) Switch back to safe local mode (recommended)

After live-provider testing, return to:
- `DEWEMOJI_BILLING_MODE=sandbox`
- disable provider flags unless actively testing them.