home / skills / phrazzld / claude-config / stripe-reconcile

stripe-reconcile skill

/skills/stripe-reconcile

This skill helps you fix Stripe configuration drift and audit issues by applying targeted configuration fixes and delegating code fixes when needed.

npx playbooks add skill phrazzld/claude-config --skill stripe-reconcile

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.8 KB
---
name: stripe-reconcile
description: |
  Fix issues found by stripe-audit. Reconciles configuration drift,
  fixes code patterns, and resolves discrepancies.
effort: high
---

# Stripe Reconcile

Fix issues identified by the audit.

## Branching

Assumes you start on `master`/`main`. Before making code changes:

```bash
git checkout -b fix/stripe-reconcile-$(date +%Y%m%d)
```

Configuration-only changes (env vars, dashboard settings) don't require a branch. Code changes do.

## Objective

Take audit findings and fix them. Configuration issues get fixed directly. Code issues get delegated to Codex.

## Process

**1. Triage Findings**

From the audit report, categorize:

**Configuration fixes** (do directly):
- Missing env vars
- Wrong webhook URL
- Dashboard settings

**Code fixes** (delegate to Codex):
- Missing trial_end handling
- Idempotency implementation
- Access control corrections

**Design issues** (may need stripe-design):
- Wrong checkout mode
- Missing webhook events
- Architectural problems

**2. Fix Configuration**

For env var issues:
```bash
# Example: missing prod webhook secret
npx convex env set --prod STRIPE_WEBHOOK_SECRET "whsec_..."
```

For webhook URL issues:
- Update in Stripe Dashboard
- Or use Stripe CLI: `stripe webhook_endpoints update <id> --url "https://..."`

Verify fixes immediately.

**3. Delegate Code Fixes to Codex**

For each code issue, create a focused Codex task:

```bash
codex exec --full-auto "Fix: [specific issue from audit]. \
Current code in [file]. Problem: [what's wrong]. \
Fix: [what it should do]. Reference [pattern file] for correct approach. \
Run pnpm typecheck after." \
--output-last-message /tmp/codex-fix.md 2>/dev/null
```

Then review: `git diff --stat && pnpm typecheck`

**4. Verify Each Fix**

After fixing, verify:
- Configuration: `npx convex env list --prod | grep STRIPE`
- Webhook URL: `curl -I -X POST <url>`
- Code: `pnpm typecheck && pnpm test`

**5. Re-audit**

After all fixes, run a quick re-audit to confirm issues resolved.

## Common Fixes

**Missing env var on prod**
```bash
npx convex env set --prod STRIPE_WEBHOOK_SECRET "$(printf '%s' 'whsec_...')"
```
(Use printf to avoid trailing newlines)

**Webhook URL redirect**
Update to canonical domain in Stripe Dashboard. If `example.com` redirects to `www.example.com`, use `www.example.com`.

**Missing trial_end handling**
In checkout session creation, calculate remaining trial and pass to Stripe:
```typescript
const trialEnd = user.trialEndsAt && user.trialEndsAt > Date.now()
  ? Math.floor(user.trialEndsAt / 1000)
  : undefined;
// Pass in subscription_data.trial_end
```

**Missing idempotency**
Store `lastStripeEventId` on user, check before processing webhook.

## Output

For each finding:
- What was fixed
- How it was fixed
- Verification result

Any remaining issues that couldn't be auto-fixed.

Overview

This skill automates remediation for issues found by a Stripe audit. It reconciles configuration drift, fixes common code patterns, and coordinates targeted code changes via Codex. The goal is to convert audit findings into verified fixes and a final re-audit status.

How this skill works

The skill inspects the audit report and classifies findings as configuration, code, or design issues. Configuration fixes (env vars, webhook endpoints, dashboard settings) are applied directly and verified. Code fixes are packaged into focused Codex tasks, executed, reviewed, and type/test checked before final verification and re-audit.

When to use it

  • After running stripe-audit and receiving a findings report.
  • When production environment variables for Stripe are missing or incorrect.
  • When webhooks, webhook secrets, or dashboard settings diverge from expected values.
  • When code-level problems are flagged (trial handling, idempotency, access control).
  • When you need a repeatable process to verify and re-audit Stripe integration.

Best practices

  • Start on main/master and create a feature branch for code changes; config-only fixes can be applied directly.
  • Triage findings into configuration, code, and design buckets before acting.
  • Use precise, focused Codex tasks for code fixes and require typecheck/test pass before merging.
  • Verify each change immediately with simple checks (env list, curl for webhook URL, pnpm typecheck & test).
  • Document each audited finding with the fix, method used, and verification result.

Example use cases

  • Set a missing STRIPE_WEBHOOK_SECRET in production using environment tooling and verify it is present.
  • Update a webhook endpoint in the Stripe Dashboard or via the Stripe CLI to the canonical domain.
  • Create a Codex task to add idempotency checks by storing and validating lastStripeEventId before processing webhooks.
  • Modify checkout session creation to calculate and pass subscription_data.trial_end when user trial remains.
  • Run a full re-audit after fixes to confirm no remaining issues.

FAQ

Do I always need a branch for changes?

Create a branch for any code changes; small configuration updates can be applied directly to production.

How do I verify webhook URL fixes?

Confirm the endpoint in the Stripe Dashboard or update via the Stripe CLI, then use curl -I -X POST against the URL to check reachability.