playbooks

home / skills / phrazzld / claude-config / log-stripe-issues

log-stripe-issues skill

/skills/log-stripe-issues

This skill audits Stripe integration with /check-stripe and creates structured, prioritized GitHub issues to track findings.

npx playbooks add skill phrazzld/claude-config --skill log-stripe-issues

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.7 KB
---
name: log-stripe-issues
description: |
  Run /check-stripe, then create GitHub issues for all findings.
  Issues are created with priority labels and structured format.
  Use /fix-stripe instead if you want to fix issues immediately.
effort: medium
---

# /log-stripe-issues

Run Stripe integration audit and create GitHub issues for all findings.

## What This Does

1. Invoke `/check-stripe` to audit Stripe integration
2. Parse findings by priority (P0-P3)
3. Check existing issues to avoid duplicates
4. Create GitHub issues for each finding

**This is an issue-creator.** It creates work items, not fixes. Use `/fix-stripe` to fix issues.

## Process

### 1. Run Primitive

Invoke `/check-stripe` skill to get structured findings.

### 2. Check Existing Issues

```bash
gh issue list --state open --label "domain/stripe" --limit 50
```

### 3. Create Issues

For each finding:

```bash
gh issue create \
  --title "[P0] Webhook signature not verified" \
  --body "$(cat <<'EOF'
## Problem
Stripe webhook endpoint does not verify signatures. Security vulnerability.

## Impact
- Attackers can forge webhook events
- Fake payment confirmations possible
- Customer data manipulation risk
- PCI compliance violation

## Location
`app/api/webhooks/stripe/route.ts`

## Suggested Fix
Run `/fix-stripe` or manually add:
```typescript
const event = stripe.webhooks.constructEvent(
  body,
  signature,
  process.env.STRIPE_WEBHOOK_SECRET!
);
```

---
Created by `/log-stripe-issues`
EOF
)" \
  --label "priority/p0,domain/stripe,type/bug"
```

### 4. Issue Format

**Title:** `[P{0-3}] Stripe issue description`

**Labels:**
- `priority/p0` | `priority/p1` | `priority/p2` | `priority/p3`
- `domain/stripe`
- `type/bug` | `type/enhancement` | `type/chore`

**Body:**
```markdown
## Problem
What's wrong with Stripe integration

## Impact
Business/security/user impact

## Location
File:line if applicable

## Suggested Fix
Code snippet or skill to run

---
Created by `/log-stripe-issues`
```

## Priority Mapping

| Gap | Priority |
|-----|----------|
| Missing webhook secret | P0 |
| Hardcoded keys | P0 |
| Webhook verification missing | P1 |
| No customer portal | P1 |
| Subscription status not checked | P1 |
| No idempotency keys | P2 |
| Poor error handling | P2 |
| CLI profile issues | P2 |
| Advanced features | P3 |

## Output

After running:
```
Stripe Issues Created:
- P0: 1 (webhook verification)
- P1: 3 (portal, subscription checks)
- P2: 2 (idempotency, error handling)
- P3: 2 (advanced features)

Total: 8 issues created
View: gh issue list --label domain/stripe
```

## Related

- `/check-stripe` - The primitive (audit only)
- `/fix-stripe` - Fix Stripe issues
- `/stripe` - Full Stripe lifecycle
- `/stripe-health` - Webhook diagnostics
- `/groom` - Full backlog grooming

Overview

This skill runs a Stripe integration audit and creates GitHub issues for every finding. It classifies findings by priority (P0–P3), avoids duplicate issues, and posts structured issues with labels and suggested fixes. Use this to convert audit results into actionable work items; use /fix-stripe if you want automatic remediation instead.

How this skill works

The skill invokes the /check-stripe primitive to get structured findings, parses each finding into a priority bucket, and queries open GitHub issues tagged domain/stripe to avoid duplicates. For each new finding it creates a GitHub issue with a consistent title, labeled priority and domain tags, and a body that includes Problem, Impact, Location, and Suggested Fix sections. Issues are created using the GitHub CLI format so they are ready for triage.

When to use it

  • After running a Stripe integration audit to convert findings into tracked work.
  • When you need consistent, prioritized issues for security or reliability gaps.
  • Before a sprint planning session to populate the backlog with Stripe-related tasks.
  • When you want human review and triage rather than automatic fixes.
  • If you need a reproducible, labeled set of tickets for compliance or auditing.

Best practices

  • Run /check-stripe first so findings are structured and detailed.
  • Review suggested fixes and attach relevant logs or code references before assigning.
  • Keep issue titles and labels consistent to enable filtering (priority, domain, type).
  • Limit the gh issue list query to a reasonable number to avoid missing duplicates.
  • Use /fix-stripe only when you want the toolchain to attempt automated remediation.

Example use cases

  • Discovering missing webhook signature verification and creating a P0 security ticket.
  • Finding hardcoded API keys and generating an immediate remediation issue.
  • Populating sprint backlog with subscription-check tasks labeled priority/p1.
  • Tracking idempotency and error-handling gaps as P2 engineering work items.
  • Creating enhancement tickets for advanced feature gaps such as customer portal.

FAQ

Will this skill fix issues automatically?

No. This skill only creates GitHub issues. Use /fix-stripe when you want automatic remediation.

How does it avoid duplicate issues?

It lists open issues with the domain/stripe label and checks titles and key fields before creating new issues.

How are priorities assigned?

Findings map to priorities using a predefined table (e.g., missing webhook secret => P0, idempotency keys => P2).