Environments
Know which environment you are testing and which checks prove the rail is ready.
Environment policy
`local-dev` is the fast mock-encryption product loop. `sepolia` is the public-testnet target that uses the real Zama FHEVM stack and deployed manifests.
Keep environment explicit in projects, API keys, checkout sessions, webhook endpoints, events, and delivery records so the same read model can move from local-dev to Sepolia without hidden defaults.
| Environment | Use | Required proof |
|---|---|---|
| local-dev | Fast product loop and CI smoke. | npm run verify:local |
| sepolia | Public demo with real FHEVM encryption. | Deploy contracts with `npm --workspace contracts run deploy:sepolia`, then run the UI with `NEXT_PUBLIC_CONTRACT_ENV=sepolia`. |
| production | Not enabled in this hackathon build. | Real merchant signer custody, public HTTPS webhook, monitoring, and rate limits. |
Local readiness
Local-dev must stay clean: private checkout uses `PrivateCheckoutSettlement`, mock cUSDT uses `ConfidentialUSDMock`, and there is no transparent invoice fallback.
Use `env/local-dev.*.env` for Docker Postgres. Use `env/supabase.*.env` only as a database override while the chain remains local-dev.
npm run reset:local-dev
npm run verify:localSepolia readiness
Sepolia deployment reads `env/sepolia.contracts.env`, writes `generated/contracts/addresses/sepolia.json`, and regenerates the TypeScript/Rust contract clients.
Local dashboards and CardForge can still run on `127.0.0.1`; chain/RPC/manifest move to Sepolia, and browser FHE operations use Zama's official test relayer via `SepoliaConfig`.
set -a
. env/sepolia.contracts.env
set +a
npm --workspace contracts run deploy:sepoliaReady to wire a merchant project?
Create the project in the console, then keep external checkout creation on the project API-key path.