playbooks

home / skills / phrazzld / claude-config / fix-stripe

fix-stripe skill

/skills/fix-stripe

This skill audits Stripe issues, fixes the highest-priority problem, verifies the fix, and reports results to streamline payments.

npx playbooks add skill phrazzld/claude-config --skill fix-stripe

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
3.7 KB
---
name: fix-stripe
description: |
  Run /check-stripe, then fix the highest priority Stripe issue.
  Creates one fix per invocation. Invoke again for next issue.
  Use /log-stripe-issues to create issues without fixing.
---

# /fix-stripe

Fix the highest priority Stripe integration issue.

## What This Does

1. Invoke `/check-stripe` to audit Stripe integration
2. Identify highest priority issue
3. Fix that one issue
4. Verify the fix
5. Report what was done

**This is a fixer.** It fixes one issue at a time. Run again for next issue. Use `/stripe` for full lifecycle.

## Process

### 1. Run Primitive

Invoke `/check-stripe` skill to get prioritized findings.

### 2. Fix Priority Order

Fix in this order:
1. **P0**: Missing webhook secret, hardcoded keys
2. **P1**: Webhook verification, customer portal, subscription checks
3. **P2**: Idempotency, error handling
4. **P3**: Advanced features

### 3. Execute Fix

**Missing webhook secret (P0):**
Add to `.env.local`:
```
STRIPE_WEBHOOK_SECRET=whsec_...
```

Get from Stripe Dashboard or CLI:
```bash
stripe listen --print-secret
```

**Hardcoded keys (P0):**
Replace hardcoded keys with environment variables:
```typescript
// Before
const stripe = new Stripe('sk_test_...', { apiVersion: '2024-12-18.acacia' });

// After
const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!, { apiVersion: '2024-12-18.acacia' });
```

**Webhook verification missing (P1):**
Update webhook handler:
```typescript
export async function POST(req: Request) {
  const body = await req.text();
  const signature = req.headers.get('stripe-signature')!;

  let event: Stripe.Event;
  try {
    event = stripe.webhooks.constructEvent(
      body,
      signature,
      process.env.STRIPE_WEBHOOK_SECRET!
    );
  } catch (err) {
    return new Response('Webhook signature verification failed', { status: 400 });
  }

  // Handle event...
}
```

**No customer portal (P1):**
Add billing portal endpoint:
```typescript
// app/api/stripe/portal/route.ts
export async function POST(req: Request) {
  const { customerId } = await req.json();

  const session = await stripe.billingPortal.sessions.create({
    customer: customerId,
    return_url: `${process.env.NEXT_PUBLIC_APP_URL}/settings`,
  });

  return Response.json({ url: session.url });
}
```

**Subscription status not checked (P1):**
Add subscription check middleware:
```typescript
async function requireActiveSubscription(userId: string) {
  const subscription = await getSubscription(userId);
  if (!subscription || subscription.status !== 'active') {
    throw new Error('Active subscription required');
  }
}
```

### 4. Verify

After fix:
```bash
# Test webhook verification
stripe trigger checkout.session.completed

# Check portal works
curl -X POST http://localhost:3000/api/stripe/portal \
  -H "Content-Type: application/json" \
  -d '{"customerId": "cus_test"}'
```

### 5. Report

```
Fixed: [P0] Webhook signature not verified

Updated: app/api/webhooks/stripe/route.ts
- Added signature verification with constructEvent()
- Added error handling for invalid signatures

Verified: stripe trigger checkout.session.completed → verified

Next highest priority: [P1] No customer portal
Run /fix-stripe again to continue.
```

## Branching

Before making changes:
```bash
git checkout -b fix/stripe-$(date +%Y%m%d)
```

## Single-Issue Focus

Payment integrations are critical. Fix one thing at a time:
- Test each change thoroughly
- Easy to rollback specific fixes
- Clear audit trail for PCI

Run `/fix-stripe` repeatedly to work through the backlog.

## Related

- `/check-stripe` - The primitive (audit only)
- `/log-stripe-issues` - Create issues without fixing
- `/stripe` - Full Stripe lifecycle
- `/stripe-health` - Webhook diagnostics

Overview

This skill runs an audit on a Stripe integration and fixes the single highest-priority issue it finds. It performs one focused change per invocation, verifies the fix, and reports what changed and what to run next. Invoke repeatedly to work through remaining issues in priority order.

How this skill works

First it invokes the /check-stripe primitive to gather prioritized findings. It picks the top-priority item (P0 → P1 → P2 → P3), applies a targeted fix, runs verification steps (webhook triggers, endpoint calls), and returns a concise report of files changed and validation results. Use /log-stripe-issues if you prefer creating issues without applying fixes.

When to use it

  • You have a failing or incomplete Stripe integration and need a focused repair.
  • You want automated, audit-driven remediation that changes one item at a time.
  • You need safe, easy-to-review commits for payment-related fixes.
  • You prefer iterative fixes to minimize risk and simplify rollbacks.
  • You want to move through a backlog of Stripe issues in priority order.

Best practices

  • Run /check-stripe first to get the prioritized findings before fixing.
  • Create a feature branch for each fix (git checkout -b fix/stripe-YYYYMMDD).
  • Make only one logical change per invocation to keep diffs small and auditable.
  • Verify fixes locally or in a staging environment using stripe trigger and curl tests.
  • Store secrets in environment variables (never hardcode API keys or webhook secrets).

Example use cases

  • Add a missing webhook secret to .env.local and enable constructEvent() verification.
  • Replace hardcoded Stripe keys with environment variables and update config initialization.
  • Add a billing portal endpoint so customers can manage subscriptions and payment methods.
  • Introduce middleware to require an active subscription before accessing paid routes.
  • Fix idempotency or error handling on payment endpoints one issue at a time.

FAQ

Will the skill fix multiple Stripe issues in one run?

No. It fixes exactly one highest-priority issue per invocation to keep changes small and reviewable.

How do I proceed after a fix is applied?

Confirm verification steps passed, commit the branch, and run /fix-stripe again to address the next item.