stripe-patterns

This skill provides a standardized, production-tested framework for integrating Stripe payment workflows within AI-agent assisted environments. It acts as a safety guardrail for backend developers and system architects, ensuring that critical financial operations—such as handling checkout sessions, processing recurring subscriptions, managing invoices, and navigating complex webhooks—follow secure, idempotent, and predictable design patterns.

Designed for teams using the SAW (Safe Agentic Workflow) harness, the skill automatically loads contextual expertise when developers work on payment-related modules. It enforces strict compliance with security best practices, including mandatory webhook signature verification to prevent spoofing, test-mode safety checklists, and robust error handling to manage payment lifecycle events like successful charges, payment failures, or subscription cancellations. By utilizing these predefined templates, agents minimize common integration errors and significantly reduce the time required to implement payment logic.

• Standardized Stripe Client factory integration to maintain consistent API versions and secure configuration handling.

• Idempotency patterns for webhook handlers, utilizing database transactions and unique event tracking to prevent duplicate processing of critical state transitions.

• Mandatory webhook signature verification templates using stripe-signature headers to ensure request integrity.

• Comprehensive testing documentation patterns including evidence templates for checkout sessions, failure scenarios, and subscription status verification.

• Integrated safety checklists for development, including validation of Stripe secret keys (sk_test_ vs production), test card usage, and local development forwarding via Stripe CLI.

• Pre-defined subscription lifecycle event mapping for customer creation, updates, and deletion workflows.

• Always verify Stripe webhook secrets in the environment before deploying any payment-related code.

• Use the provided Stripe CLI local testing commands to forward webhooks to localhost during development cycles.

• Ensure all database operations regarding payments utilize RLS context to prevent unauthorized access to sensitive financial data.

• Always attach the generated payment testing evidence block to ticket comments to ensure full auditability of production-bound financial changes.

• Do not use these patterns for non-payment API routes; use the dedicated API patterns skill for general CRUD operations.