Skip to content

Private Skill Access

Paid skills should start as a fulfillment problem, not as a platform problem.

The public MkDocs site can explain the offer, publish examples, and route people to payment. It should not contain private skill files or pretend to enforce entitlements.

Offer Shape

The smallest viable offer is:

  • one public page that explains the skill library
  • one Stripe Payment Link for the subscription
  • one manual fulfillment path after payment
  • one cancellation and billing-management path through Stripe Customer Portal

This tests whether people want the material before building subscriber infrastructure.

Manual Fulfillment

Manual fulfillment is acceptable until it becomes visibly painful.

Use one of these delivery channels:

  • private GitHub repository invitation
  • private Google Drive or Dropbox folder
  • customer-only email with attached releases
  • password-protected archive link rotated per release

The constraint is revocation. If cancellation matters immediately, use a private GitHub repository or another system where access can be removed cleanly.

Subscriber Ledger

Keep a small private ledger outside the public site:

customer_email
stripe_customer_id
stripe_subscription_id
plan
access_channel
access_granted_at
last_checked_at
status
notes

The ledger is operational state. It does not belong in the public repository.

Automation Trigger

Automate only after one of these happens:

  • manual fulfillment takes more than 30 minutes per week
  • cancellations become frequent enough that revocation lag matters
  • there are multiple plans or per-seat entitlements
  • private content needs browser-based access instead of file delivery

Automated Shape

The automated version needs five pieces:

  • authentication: user identity and login
  • Stripe Checkout or Payment Links: payment and subscription creation
  • Stripe webhooks: subscription status changes
  • entitlement store: who can access which material
  • private delivery surface: app, signed download, or repository access workflow

MkDocs remains the public documentation and trust surface. The private delivery surface should be a separate app or service.

Failure Modes

  • A public static build accidentally contains private files.
  • A canceled subscriber keeps access because revocation is manual and forgotten.
  • Stripe says someone paid, but there is no local entitlement record.
  • A customer changes email and identity matching breaks.
  • The paid offer turns into infrastructure work before there is evidence of demand.

The first version should be boring enough that these failures are visible.