mcp-twin 1.3.0 → 1.4.0

package/dist/cloud/stripe.js

@@ -0,0 +1,157 @@
+"use strict";
+/**
+ * Stripe Integration
+ * MCP Twin Cloud
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TIER_TO_PRICE = exports.PRICE_TO_TIER = exports.PRICE_IDS = void 0;
+exports.getStripe = getStripe;
+exports.isStripeConfigured = isStripeConfigured;
+exports.getOrCreateCustomer = getOrCreateCustomer;
+exports.createCheckoutSession = createCheckoutSession;
+exports.createPortalSession = createPortalSession;
+exports.getSubscription = getSubscription;
+exports.cancelSubscription = cancelSubscription;
+exports.getInvoices = getInvoices;
+exports.constructWebhookEvent = constructWebhookEvent;
+const stripe_1 = __importDefault(require("stripe"));
+// Initialize Stripe
+const stripeSecretKey = process.env.STRIPE_SECRET_KEY;
+let stripe = null;
+function getStripe() {
+    if (!stripe) {
+        if (!stripeSecretKey) {
+            throw new Error('STRIPE_SECRET_KEY environment variable is required');
+        }
+        stripe = new stripe_1.default(stripeSecretKey);
+    }
+    return stripe;
+}
+function isStripeConfigured() {
+    return !!stripeSecretKey;
+}
+// Price IDs - Set these in your Stripe dashboard
+exports.PRICE_IDS = {
+    starter_monthly: process.env.STRIPE_PRICE_STARTER || 'price_starter_monthly',
+    pro_monthly: process.env.STRIPE_PRICE_PRO || 'price_pro_monthly',
+};
+// Tier mapping from Stripe price to our tier
+exports.PRICE_TO_TIER = {
+    [exports.PRICE_IDS.starter_monthly]: 'starter',
+    [exports.PRICE_IDS.pro_monthly]: 'pro',
+};
+// Tier to price mapping
+exports.TIER_TO_PRICE = {
+    starter: exports.PRICE_IDS.starter_monthly,
+    pro: exports.PRICE_IDS.pro_monthly,
+};
+/**
+ * Create or get Stripe customer for user
+ */
+async function getOrCreateCustomer(userId, email, existingCustomerId) {
+    const stripe = getStripe();
+    if (existingCustomerId) {
+        return existingCustomerId;
+    }
+    const customer = await stripe.customers.create({
+        email,
+        metadata: {
+            userId,
+        },
+    });
+    return customer.id;
+}
+/**
+ * Create a checkout session for subscription
+ */
+async function createCheckoutSession(customerId, priceId, successUrl, cancelUrl) {
+    const stripe = getStripe();
+    const session = await stripe.checkout.sessions.create({
+        customer: customerId,
+        payment_method_types: ['card'],
+        line_items: [
+            {
+                price: priceId,
+                quantity: 1,
+            },
+        ],
+        mode: 'subscription',
+        success_url: successUrl,
+        cancel_url: cancelUrl,
+        allow_promotion_codes: true,
+    });
+    return session;
+}
+/**
+ * Create a billing portal session
+ */
+async function createPortalSession(customerId, returnUrl) {
+    const stripe = getStripe();
+    const session = await stripe.billingPortal.sessions.create({
+        customer: customerId,
+        return_url: returnUrl,
+    });
+    return session;
+}
+/**
+ * Get subscription details
+ */
+async function getSubscription(subscriptionId) {
+    const stripe = getStripe();
+    try {
+        const subscription = await stripe.subscriptions.retrieve(subscriptionId);
+        return subscription;
+    }
+    catch (error) {
+        return null;
+    }
+}
+/**
+ * Cancel subscription
+ */
+async function cancelSubscription(subscriptionId, immediately = false) {
+    const stripe = getStripe();
+    if (immediately) {
+        return stripe.subscriptions.cancel(subscriptionId);
+    }
+    // Cancel at period end
+    return stripe.subscriptions.update(subscriptionId, {
+        cancel_at_period_end: true,
+    });
+}
+/**
+ * Get customer's invoices
+ */
+async function getInvoices(customerId, limit = 10) {
+    const stripe = getStripe();
+    const invoices = await stripe.invoices.list({
+        customer: customerId,
+        limit,
+    });
+    return invoices.data;
+}
+/**
+ * Construct webhook event from request
+ */
+function constructWebhookEvent(payload, signature, webhookSecret) {
+    const stripe = getStripe();
+    return stripe.webhooks.constructEvent(payload, signature, webhookSecret);
+}
+exports.default = {
+    getStripe,
+    isStripeConfigured,
+    getOrCreateCustomer,
+    createCheckoutSession,
+    createPortalSession,
+    getSubscription,
+    cancelSubscription,
+    getInvoices,
+    constructWebhookEvent,
+    PRICE_IDS: exports.PRICE_IDS,
+    PRICE_TO_TIER: exports.PRICE_TO_TIER,
+    TIER_TO_PRICE: exports.TIER_TO_PRICE,
+};
+//# sourceMappingURL=stripe.js.map

package/dist/cloud/stripe.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stripe.js","sourceRoot":"","sources":["../../src/cloud/stripe.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;AASH,8BAQC;AAED,gDAEC;AAuBD,kDAmBC;AAKD,sDAwBC;AAKD,kDAYC;AAKD,0CAWC;AAKD,gDAcC;AAKD,kCAYC;AAKD,sDAOC;AA3KD,oDAA4B;AAE5B,oBAAoB;AACpB,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;AAEtD,IAAI,MAAM,GAAkB,IAAI,CAAC;AAEjC,SAAgB,SAAS;IACvB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;QACD,MAAM,GAAG,IAAI,gBAAM,CAAC,eAAe,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,kBAAkB;IAChC,OAAO,CAAC,CAAC,eAAe,CAAC;AAC3B,CAAC;AAED,iDAAiD;AACpC,QAAA,SAAS,GAAG;IACvB,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,uBAAuB;IAC5E,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,mBAAmB;CACjE,CAAC;AAEF,6CAA6C;AAChC,QAAA,aAAa,GAA2B;IACnD,CAAC,iBAAS,CAAC,eAAe,CAAC,EAAE,SAAS;IACtC,CAAC,iBAAS,CAAC,WAAW,CAAC,EAAE,KAAK;CAC/B,CAAC;AAEF,wBAAwB;AACX,QAAA,aAAa,GAA2B;IACnD,OAAO,EAAE,iBAAS,CAAC,eAAe;IAClC,GAAG,EAAE,iBAAS,CAAC,WAAW;CAC3B,CAAC;AAEF;;GAEG;AACI,KAAK,UAAU,mBAAmB,CACvC,MAAc,EACd,KAAa,EACb,kBAAkC;IAElC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,IAAI,kBAAkB,EAAE,CAAC;QACvB,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC;QAC7C,KAAK;QACL,QAAQ,EAAE;YACR,MAAM;SACP;KACF,CAAC,CAAC;IAEH,OAAO,QAAQ,CAAC,EAAE,CAAC;AACrB,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,qBAAqB,CACzC,UAAkB,EAClB,OAAe,EACf,UAAkB,EAClB,SAAiB;IAEjB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;QACpD,QAAQ,EAAE,UAAU;QACpB,oBAAoB,EAAE,CAAC,MAAM,CAAC;QAC9B,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,OAAO;gBACd,QAAQ,EAAE,CAAC;aACZ;SACF;QACD,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,UAAU;QACvB,UAAU,EAAE,SAAS;QACrB,qBAAqB,EAAE,IAAI;KAC5B,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,mBAAmB,CACvC,UAAkB,EAClB,SAAiB;IAEjB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC;QACzD,QAAQ,EAAE,UAAU;QACpB,UAAU,EAAE,SAAS;KACtB,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,eAAe,CACnC,cAAsB;IAEtB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QACzE,OAAO,YAAY,CAAC;IACtB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,kBAAkB,CACtC,cAAsB,EACtB,cAAuB,KAAK;IAE5B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IACrD,CAAC;IAED,uBAAuB;IACvB,OAAO,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,cAAc,EAAE;QACjD,oBAAoB,EAAE,IAAI;KAC3B,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,WAAW,CAC/B,UAAkB,EAClB,QAAgB,EAAE;IAElB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QAC1C,QAAQ,EAAE,UAAU;QACpB,KAAK;KACN,CAAC,CAAC;IAEH,OAAO,QAAQ,CAAC,IAAI,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CACnC,OAAe,EACf,SAAiB,EACjB,aAAqB;IAErB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,OAAO,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC,OAAO,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;AAC3E,CAAC;AAED,kBAAe;IACb,SAAS;IACT,kBAAkB;IAClB,mBAAmB;IACnB,qBAAqB;IACrB,mBAAmB;IACnB,eAAe;IACf,kBAAkB;IAClB,WAAW;IACX,qBAAqB;IACrB,SAAS,EAAT,iBAAS;IACT,aAAa,EAAb,qBAAa;IACb,aAAa,EAAb,qBAAa;CACd,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "mcp-twin",
   "displayName": "MCP Twin - Hot Reload",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "Zero-downtime MCP server management. CLI + Cloud API for multi-tenant hosting, observability, and billing.",
   "author": {
     "name": "Prax Labs",
@@ -98,6 +98,7 @@
     "@types/jsonwebtoken": "^9.0.10",
     "@types/node": "^20.19.27",
     "@types/pg": "^8.16.0",
+    "@types/stripe": "^8.0.416",
     "@types/uuid": "^10.0.0",
     "jest": "^29.0.0",
     "typescript": "^5.0.0"
@@ -111,6 +112,7 @@
     "helmet": "^8.1.0",
     "jsonwebtoken": "^9.0.3",
     "pg": "^8.16.3",
+    "stripe": "^20.1.0",
     "uuid": "^13.0.0"
   }
 }

package/src/cloud/routes/billing.ts

@@ -0,0 +1,460 @@
+/**
+ * Billing Routes
+ * MCP Twin Cloud
+ */
+
+import { Router, Request, Response } from 'express';
+import { query, queryOne } from '../db';
+import { authenticateApiKey, User } from '../auth';
+import {
+  isStripeConfigured,
+  getOrCreateCustomer,
+  createCheckoutSession,
+  createPortalSession,
+  getInvoices,
+  constructWebhookEvent,
+  TIER_TO_PRICE,
+  PRICE_TO_TIER,
+} from '../stripe';
+
+const router = Router();
+
+/**
+ * GET /api/billing/status
+ * Get billing status and current plan
+ */
+router.get('/status', authenticateApiKey, async (req: Request, res: Response) => {
+  try {
+    if (!isStripeConfigured()) {
+      res.json({
+        configured: false,
+        message: 'Stripe is not configured. Set STRIPE_SECRET_KEY to enable billing.',
+      });
+      return;
+    }
+
+    const user = await queryOne<User>(
+      'SELECT id, email, tier, stripe_customer_id, stripe_subscription_id FROM users WHERE id = $1',
+      [req.user!.id]
+    );
+
+    if (!user) {
+      res.status(404).json({
+        error: { code: 'NOT_FOUND', message: 'User not found' },
+      });
+      return;
+    }
+
+    res.json({
+      configured: true,
+      tier: user.tier,
+      hasSubscription: !!user.stripe_subscription_id,
+      customerId: user.stripe_customer_id ? `cus_...${user.stripe_customer_id.slice(-4)}` : null,
+    });
+  } catch (error: any) {
+    console.error('[Billing] Status error:', error);
+    res.status(500).json({
+      error: { code: 'INTERNAL_ERROR', message: 'Failed to get billing status' },
+    });
+  }
+});
+
+/**
+ * GET /api/billing/plans
+ * Get available plans
+ */
+router.get('/plans', async (req: Request, res: Response) => {
+  res.json({
+    plans: [
+      {
+        id: 'free',
+        name: 'Free',
+        price: 0,
+        interval: null,
+        features: [
+          '1 twin',
+          '10,000 requests/month',
+          '24-hour log retention',
+          'Community support',
+        ],
+      },
+      {
+        id: 'starter',
+        name: 'Starter',
+        price: 29,
+        interval: 'month',
+        priceId: TIER_TO_PRICE.starter,
+        features: [
+          '5 twins',
+          '100,000 requests/month',
+          '7-day log retention',
+          'Email support',
+        ],
+      },
+      {
+        id: 'pro',
+        name: 'Professional',
+        price: 149,
+        interval: 'month',
+        priceId: TIER_TO_PRICE.pro,
+        features: [
+          'Unlimited twins',
+          '1,000,000 requests/month',
+          '30-day log retention',
+          'Priority support',
+          'Custom integrations',
+        ],
+      },
+      {
+        id: 'enterprise',
+        name: 'Enterprise',
+        price: null,
+        interval: null,
+        features: [
+          'Unlimited everything',
+          '90-day log retention',
+          'Dedicated support',
+          'SLA guarantee',
+          'SSO/SAML',
+          'Custom contracts',
+        ],
+        contactSales: true,
+      },
+    ],
+  });
+});
+
+/**
+ * POST /api/billing/checkout
+ * Create a Stripe checkout session
+ */
+router.post('/checkout', authenticateApiKey, async (req: Request, res: Response) => {
+  try {
+    if (!isStripeConfigured()) {
+      res.status(400).json({
+        error: {
+          code: 'STRIPE_NOT_CONFIGURED',
+          message: 'Stripe is not configured',
+        },
+      });
+      return;
+    }
+
+    const { plan, successUrl, cancelUrl } = req.body;
+
+    if (!plan || !successUrl || !cancelUrl) {
+      res.status(400).json({
+        error: {
+          code: 'VALIDATION_ERROR',
+          message: 'plan, successUrl, and cancelUrl are required',
+        },
+      });
+      return;
+    }
+
+    const priceId = TIER_TO_PRICE[plan];
+    if (!priceId) {
+      res.status(400).json({
+        error: {
+          code: 'INVALID_PLAN',
+          message: `Invalid plan: ${plan}. Valid plans: starter, pro`,
+        },
+      });
+      return;
+    }
+
+    const user = await queryOne<User>(
+      'SELECT id, email, stripe_customer_id FROM users WHERE id = $1',
+      [req.user!.id]
+    );
+
+    if (!user) {
+      res.status(404).json({
+        error: { code: 'NOT_FOUND', message: 'User not found' },
+      });
+      return;
+    }
+
+    // Get or create Stripe customer
+    const customerId = await getOrCreateCustomer(
+      user.id,
+      user.email,
+      user.stripe_customer_id
+    );
+
+    // Update user with customer ID if new
+    if (!user.stripe_customer_id) {
+      await query(
+        'UPDATE users SET stripe_customer_id = $1 WHERE id = $2',
+        [customerId, user.id]
+      );
+    }
+
+    // Create checkout session
+    const session = await createCheckoutSession(
+      customerId,
+      priceId,
+      successUrl,
+      cancelUrl
+    );
+
+    res.json({
+      sessionId: session.id,
+      url: session.url,
+    });
+  } catch (error: any) {
+    console.error('[Billing] Checkout error:', error);
+    res.status(500).json({
+      error: { code: 'INTERNAL_ERROR', message: 'Failed to create checkout session' },
+    });
+  }
+});
+
+/**
+ * POST /api/billing/portal
+ * Create a Stripe billing portal session
+ */
+router.post('/portal', authenticateApiKey, async (req: Request, res: Response) => {
+  try {
+    if (!isStripeConfigured()) {
+      res.status(400).json({
+        error: {
+          code: 'STRIPE_NOT_CONFIGURED',
+          message: 'Stripe is not configured',
+        },
+      });
+      return;
+    }
+
+    const { returnUrl } = req.body;
+
+    if (!returnUrl) {
+      res.status(400).json({
+        error: {
+          code: 'VALIDATION_ERROR',
+          message: 'returnUrl is required',
+        },
+      });
+      return;
+    }
+
+    const user = await queryOne<User>(
+      'SELECT stripe_customer_id FROM users WHERE id = $1',
+      [req.user!.id]
+    );
+
+    if (!user?.stripe_customer_id) {
+      res.status(400).json({
+        error: {
+          code: 'NO_SUBSCRIPTION',
+          message: 'No billing account found. Subscribe to a plan first.',
+        },
+      });
+      return;
+    }
+
+    const session = await createPortalSession(user.stripe_customer_id, returnUrl);
+
+    res.json({
+      url: session.url,
+    });
+  } catch (error: any) {
+    console.error('[Billing] Portal error:', error);
+    res.status(500).json({
+      error: { code: 'INTERNAL_ERROR', message: 'Failed to create portal session' },
+    });
+  }
+});
+
+/**
+ * GET /api/billing/invoices
+ * Get user's invoices
+ */
+router.get('/invoices', authenticateApiKey, async (req: Request, res: Response) => {
+  try {
+    if (!isStripeConfigured()) {
+      res.json({ invoices: [] });
+      return;
+    }
+
+    const user = await queryOne<User>(
+      'SELECT stripe_customer_id FROM users WHERE id = $1',
+      [req.user!.id]
+    );
+
+    if (!user?.stripe_customer_id) {
+      res.json({ invoices: [] });
+      return;
+    }
+
+    const invoices = await getInvoices(user.stripe_customer_id);
+
+    res.json({
+      invoices: invoices.map((inv) => ({
+        id: inv.id,
+        number: inv.number,
+        status: inv.status,
+        amount: inv.amount_due / 100,
+        currency: inv.currency,
+        created: new Date(inv.created * 1000).toISOString(),
+        pdfUrl: inv.invoice_pdf,
+        hostedUrl: inv.hosted_invoice_url,
+      })),
+    });
+  } catch (error: any) {
+    console.error('[Billing] Invoices error:', error);
+    res.status(500).json({
+      error: { code: 'INTERNAL_ERROR', message: 'Failed to get invoices' },
+    });
+  }
+});
+
+/**
+ * POST /api/billing/webhook
+ * Handle Stripe webhooks
+ */
+router.post(
+  '/webhook',
+  // Use raw body for webhook signature verification
+  async (req: Request, res: Response) => {
+    const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET;
+
+    if (!webhookSecret) {
+      console.error('[Billing] STRIPE_WEBHOOK_SECRET not configured');
+      res.status(400).json({ error: 'Webhook not configured' });
+      return;
+    }
+
+    const signature = req.headers['stripe-signature'] as string;
+
+    if (!signature) {
+      res.status(400).json({ error: 'Missing stripe-signature header' });
+      return;
+    }
+
+    let event;
+
+    try {
+      // req.body should be raw buffer for webhook verification
+      const rawBody = req.body;
+      event = constructWebhookEvent(rawBody, signature, webhookSecret);
+    } catch (err: any) {
+      console.error('[Billing] Webhook signature verification failed:', err.message);
+      res.status(400).json({ error: `Webhook Error: ${err.message}` });
+      return;
+    }
+
+    console.log(`[Billing] Webhook received: ${event.type}`);
+
+    try {
+      switch (event.type) {
+        case 'checkout.session.completed': {
+          const session = event.data.object as any;
+          await handleCheckoutComplete(session);
+          break;
+        }
+
+        case 'customer.subscription.created':
+        case 'customer.subscription.updated': {
+          const subscription = event.data.object as any;
+          await handleSubscriptionUpdate(subscription);
+          break;
+        }
+
+        case 'customer.subscription.deleted': {
+          const subscription = event.data.object as any;
+          await handleSubscriptionDeleted(subscription);
+          break;
+        }
+
+        case 'invoice.payment_failed': {
+          const invoice = event.data.object as any;
+          await handlePaymentFailed(invoice);
+          break;
+        }
+
+        default:
+          console.log(`[Billing] Unhandled event type: ${event.type}`);
+      }
+
+      res.json({ received: true });
+    } catch (error: any) {
+      console.error('[Billing] Webhook handler error:', error);
+      res.status(500).json({ error: 'Webhook handler failed' });
+    }
+  }
+);
+
+/**
+ * Handle checkout.session.completed
+ */
+async function handleCheckoutComplete(session: any): Promise<void> {
+  const customerId = session.customer;
+  const subscriptionId = session.subscription;
+
+  console.log(`[Billing] Checkout complete for customer ${customerId}`);
+
+  // Update user with subscription ID
+  await query(
+    `UPDATE users
+     SET stripe_subscription_id = $1, updated_at = NOW()
+     WHERE stripe_customer_id = $2`,
+    [subscriptionId, customerId]
+  );
+}
+
+/**
+ * Handle subscription created/updated
+ */
+async function handleSubscriptionUpdate(subscription: any): Promise<void> {
+  const customerId = subscription.customer;
+  const status = subscription.status;
+  const priceId = subscription.items.data[0]?.price?.id;
+
+  console.log(`[Billing] Subscription update: ${customerId} -> ${status} (${priceId})`);
+
+  if (status === 'active' || status === 'trialing') {
+    // Determine tier from price
+    const tier = PRICE_TO_TIER[priceId] || 'free';
+
+    await query(
+      `UPDATE users
+       SET tier = $1, stripe_subscription_id = $2, updated_at = NOW()
+       WHERE stripe_customer_id = $3`,
+      [tier, subscription.id, customerId]
+    );
+
+    console.log(`[Billing] User upgraded to ${tier}`);
+  }
+}
+
+/**
+ * Handle subscription deleted
+ */
+async function handleSubscriptionDeleted(subscription: any): Promise<void> {
+  const customerId = subscription.customer;
+
+  console.log(`[Billing] Subscription deleted for ${customerId}`);
+
+  // Downgrade to free tier
+  await query(
+    `UPDATE users
+     SET tier = 'free', stripe_subscription_id = NULL, updated_at = NOW()
+     WHERE stripe_customer_id = $1`,
+    [customerId]
+  );
+}
+
+/**
+ * Handle payment failed
+ */
+async function handlePaymentFailed(invoice: any): Promise<void> {
+  const customerId = invoice.customer;
+
+  console.log(`[Billing] Payment failed for ${customerId}`);
+
+  // Could send email notification, etc.
+  // For now just log it
+}
+
+export default router;