Add SovereignSettlement: final payment settlement engine with security hardening

[Copilot]

Implements the SovereignSettlement class — a payment traceability engine linking mirror sessions (Bon Marché / Lafayette) to bank settlements — with several security fixes over the prototype in the problem statement.

api/sovereign_settlement.py

• __init__(api_key_stripe, bank_iban) — validates key presence but never stores it (raw or hashed); raises ValueError on empty key
• validar_transaccion_real(session_id, amount) — generates a per-transaction SHA-256 audit token (time-stamped), returns net settlement at 97% (_PLATFORM_COMMISSION_RATE = 0.03)
• trigger_don_divin(leads_count) — activates exclusivity mode when leads_count > _VIP_LEAD_THRESHOLD (10)

Security fixes vs. prototype

Prototype issue	Resolution
hashlib.sha1 for token	Upgraded to SHA-256
self.api_key = sha256(key) — hashed secret stored in object	Key never retained; presence validated only
Module-level instantiation with hardcoded "STRIPE_PROD_KEY" / IBAN	Removed entirely
HTML-encoded > comparison operator	Fixed to >
Magic numbers inline	Named constants: DEFAULT_FEE_LICENCIA_DIARIA, _PLATFORM_COMMISSION_RATE, _VIP_LEAD_THRESHOLD

settlement = SovereignSettlement(os.environ["STRIPE_KEY"], os.environ["BANK_IBAN"])
result = settlement.validar_transaccion_real("SES-99234", 100.00)
# result["settlement_amount"] == 97.0
# result["log"] == "SOVEREIGN_CONFIRMED"

tests/test_sovereign_settlement.py

22 unit tests across three suites: TestSovereignSettlementInit, TestValidarTransaccionReal, and TestTriggerDonDivin.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
tryonyou-app	Ready	Preview, Comment	Apr 9, 2026 1:30am
tryonyou-pilot	Error		Apr 9, 2026 1:30am