opencastle 0.33.9 → 0.34.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (112) hide show
  1. package/dist/cli/init.d.ts.map +1 -1
  2. package/dist/cli/init.js +39 -17
  3. package/dist/cli/init.js.map +1 -1
  4. package/dist/cli/stack-config.d.ts.map +1 -1
  5. package/dist/cli/stack-config.js +5 -0
  6. package/dist/cli/stack-config.js.map +1 -1
  7. package/dist/cli/types.d.ts +1 -1
  8. package/dist/cli/types.d.ts.map +1 -1
  9. package/dist/orchestrator/plugins/cloudflare/config.d.ts +3 -0
  10. package/dist/orchestrator/plugins/cloudflare/config.d.ts.map +1 -0
  11. package/dist/orchestrator/plugins/cloudflare/config.js +23 -0
  12. package/dist/orchestrator/plugins/cloudflare/config.js.map +1 -0
  13. package/dist/orchestrator/plugins/coolify/config.d.ts +3 -0
  14. package/dist/orchestrator/plugins/coolify/config.d.ts.map +1 -0
  15. package/dist/orchestrator/plugins/coolify/config.js +28 -0
  16. package/dist/orchestrator/plugins/coolify/config.js.map +1 -0
  17. package/dist/orchestrator/plugins/drizzle/config.d.ts +3 -0
  18. package/dist/orchestrator/plugins/drizzle/config.d.ts.map +1 -0
  19. package/dist/orchestrator/plugins/drizzle/config.js +15 -0
  20. package/dist/orchestrator/plugins/drizzle/config.js.map +1 -0
  21. package/dist/orchestrator/plugins/expo/config.d.ts +3 -0
  22. package/dist/orchestrator/plugins/expo/config.d.ts.map +1 -0
  23. package/dist/orchestrator/plugins/expo/config.js +23 -0
  24. package/dist/orchestrator/plugins/expo/config.js.map +1 -0
  25. package/dist/orchestrator/plugins/index.d.ts.map +1 -1
  26. package/dist/orchestrator/plugins/index.js +12 -0
  27. package/dist/orchestrator/plugins/index.js.map +1 -1
  28. package/dist/orchestrator/plugins/sentry/config.d.ts +3 -0
  29. package/dist/orchestrator/plugins/sentry/config.d.ts.map +1 -0
  30. package/dist/orchestrator/plugins/sentry/config.js +28 -0
  31. package/dist/orchestrator/plugins/sentry/config.js.map +1 -0
  32. package/dist/orchestrator/plugins/stripe/config.d.ts +3 -0
  33. package/dist/orchestrator/plugins/stripe/config.d.ts.map +1 -0
  34. package/dist/orchestrator/plugins/stripe/config.js +42 -0
  35. package/dist/orchestrator/plugins/stripe/config.js.map +1 -0
  36. package/dist/orchestrator/plugins/types.d.ts +1 -1
  37. package/dist/orchestrator/plugins/types.d.ts.map +1 -1
  38. package/package.json +1 -1
  39. package/src/cli/init.ts +43 -22
  40. package/src/cli/stack-config.ts +5 -0
  41. package/src/cli/types.ts +1 -1
  42. package/src/dashboard/dist/data/convoys/demo-api-v2.json +3 -3
  43. package/src/dashboard/dist/data/convoys/demo-auth-revamp.json +4 -4
  44. package/src/dashboard/dist/data/convoys/demo-dashboard-ui.json +12 -12
  45. package/src/dashboard/dist/data/convoys/demo-data-pipeline.json +3 -3
  46. package/src/dashboard/dist/data/convoys/demo-deploy-ci.json +1 -1
  47. package/src/dashboard/dist/data/convoys/demo-docs-update.json +3 -3
  48. package/src/dashboard/dist/data/convoys/demo-perf-opt.json +4 -4
  49. package/src/dashboard/node_modules/.vite/deps/_metadata.json +6 -6
  50. package/src/dashboard/public/data/convoys/demo-api-v2.json +3 -3
  51. package/src/dashboard/public/data/convoys/demo-auth-revamp.json +4 -4
  52. package/src/dashboard/public/data/convoys/demo-dashboard-ui.json +12 -12
  53. package/src/dashboard/public/data/convoys/demo-data-pipeline.json +3 -3
  54. package/src/dashboard/public/data/convoys/demo-deploy-ci.json +1 -1
  55. package/src/dashboard/public/data/convoys/demo-docs-update.json +3 -3
  56. package/src/dashboard/public/data/convoys/demo-perf-opt.json +4 -4
  57. package/src/orchestrator/customizations/agents/skill-matrix.json +24 -4
  58. package/src/orchestrator/customizations/agents/skill-matrix.md +5 -0
  59. package/src/orchestrator/plugins/cloudflare/SKILL.md +111 -0
  60. package/src/orchestrator/plugins/cloudflare/config.ts +24 -0
  61. package/src/orchestrator/plugins/cloudflare/references/deployment.md +147 -0
  62. package/src/orchestrator/plugins/cloudflare/references/storage.md +118 -0
  63. package/src/orchestrator/plugins/cloudflare/references/workers.md +135 -0
  64. package/src/orchestrator/plugins/convex/SKILL.md +62 -20
  65. package/src/orchestrator/plugins/convex/references/auth-auth0.md +116 -0
  66. package/src/orchestrator/plugins/convex/references/auth-clerk.md +113 -0
  67. package/src/orchestrator/plugins/convex/references/auth-convex-auth.md +143 -0
  68. package/src/orchestrator/plugins/convex/references/auth-setup.md +87 -0
  69. package/src/orchestrator/plugins/convex/references/auth-workos.md +114 -0
  70. package/src/orchestrator/plugins/convex/references/components-advanced.md +134 -0
  71. package/src/orchestrator/plugins/convex/references/components.md +171 -0
  72. package/src/orchestrator/plugins/convex/references/function-budget.md +232 -0
  73. package/src/orchestrator/plugins/convex/references/hot-path-rules.md +371 -0
  74. package/src/orchestrator/plugins/convex/references/migrations-component.md +170 -0
  75. package/src/orchestrator/plugins/convex/references/migrations.md +259 -0
  76. package/src/orchestrator/plugins/convex/references/occ-conflicts.md +126 -0
  77. package/src/orchestrator/plugins/convex/references/performance-audit.md +80 -0
  78. package/src/orchestrator/plugins/convex/references/quickstart.md +176 -0
  79. package/src/orchestrator/plugins/convex/references/subscription-cost.md +252 -0
  80. package/src/orchestrator/plugins/coolify/SKILL.md +134 -0
  81. package/src/orchestrator/plugins/coolify/config.ts +29 -0
  82. package/src/orchestrator/plugins/coolify/references/applications.md +65 -0
  83. package/src/orchestrator/plugins/coolify/references/ci-cd-webhooks.md +73 -0
  84. package/src/orchestrator/plugins/coolify/references/databases-services.md +57 -0
  85. package/src/orchestrator/plugins/coolify/references/docker-compose.md +121 -0
  86. package/src/orchestrator/plugins/coolify/references/infrastructure.md +77 -0
  87. package/src/orchestrator/plugins/drizzle/SKILL.md +123 -0
  88. package/src/orchestrator/plugins/drizzle/config.ts +16 -0
  89. package/src/orchestrator/plugins/drizzle/references/migrations.md +112 -0
  90. package/src/orchestrator/plugins/drizzle/references/query-patterns.md +127 -0
  91. package/src/orchestrator/plugins/drizzle/references/schema-patterns.md +105 -0
  92. package/src/orchestrator/plugins/expo/SKILL.md +114 -0
  93. package/src/orchestrator/plugins/expo/config.ts +24 -0
  94. package/src/orchestrator/plugins/expo/references/eas-build.md +73 -0
  95. package/src/orchestrator/plugins/expo/references/native-modules.md +71 -0
  96. package/src/orchestrator/plugins/expo/references/routing.md +83 -0
  97. package/src/orchestrator/plugins/index.ts +12 -0
  98. package/src/orchestrator/plugins/linear/SKILL.md +21 -3
  99. package/src/orchestrator/plugins/sentry/SKILL.md +94 -0
  100. package/src/orchestrator/plugins/sentry/config.ts +29 -0
  101. package/src/orchestrator/plugins/sentry/references/error-patterns.md +112 -0
  102. package/src/orchestrator/plugins/sentry/references/performance.md +66 -0
  103. package/src/orchestrator/plugins/sentry/references/sdk-setup.md +108 -0
  104. package/src/orchestrator/plugins/stripe/SKILL.md +138 -0
  105. package/src/orchestrator/plugins/stripe/config.ts +43 -0
  106. package/src/orchestrator/plugins/stripe/references/api-patterns.md +57 -0
  107. package/src/orchestrator/plugins/stripe/references/projects-setup.md +30 -0
  108. package/src/orchestrator/plugins/stripe/references/upgrade-guide.md +105 -0
  109. package/src/orchestrator/plugins/types.ts +1 -1
  110. package/src/orchestrator/skills/backbone-scaffolding/EXAMPLES.md +1 -1
  111. package/src/orchestrator/skills/backbone-scaffolding/SKILL.md +32 -16
  112. package/src/orchestrator/plugins/convex/REFERENCE.md +0 -9
@@ -0,0 +1,66 @@
1
+ # Sentry Performance Tracing
2
+
3
+ ## Sampling Configuration
4
+
5
+ ```typescript
6
+ Sentry.init({
7
+ dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
8
+ // Sample 10% of transactions in production
9
+ tracesSampleRate: process.env.NODE_ENV === 'production' ? 0.1 : 1.0,
10
+ // Dynamic sampling based on transaction name
11
+ tracesSampler: (samplingContext) => {
12
+ if (samplingContext.name?.includes('/health')) return 0; // never sample health checks
13
+ if (samplingContext.name?.includes('/checkout')) return 0.5;
14
+ return 0.1;
15
+ },
16
+ });
17
+ ```
18
+
19
+ ## Custom Spans
20
+
21
+ ```typescript
22
+ import * as Sentry from '@sentry/nextjs';
23
+
24
+ const result = await Sentry.startSpan(
25
+ { name: 'process-payment', op: 'payment.process' },
26
+ async (span) => {
27
+ span.setAttribute('payment.provider', 'stripe');
28
+ span.setAttribute('payment.amount', amount);
29
+ return await stripe.charges.create({ /* ... */ });
30
+ }
31
+ );
32
+
33
+ // Nested span inside an existing transaction
34
+ await Sentry.startSpan({ name: 'db.query', op: 'db' }, async () => {
35
+ return await db.select().from(orders).where(eq(orders.id, orderId));
36
+ });
37
+ ```
38
+
39
+ ## Distributed Tracing
40
+
41
+ Sentry propagates trace context automatically via `sentry-trace` and `baggage` HTTP headers when using `fetch` or Node.js `http`. Verify in the trace view that frontend and backend spans are linked under the same trace ID.
42
+
43
+ For manual header forwarding:
44
+ ```typescript
45
+ import * as Sentry from '@sentry/node';
46
+
47
+ const headers = {};
48
+ Sentry.getActiveSpan()?.toTraceparent() // inject into outgoing request headers
49
+ ```
50
+
51
+ ## Core Web Vitals
52
+
53
+ Captured automatically by the browser SDK — no extra config needed. View in Sentry → Performance → Web Vitals. Configure alerts for regressions:
54
+ - LCP > 2.5s (Largest Contentful Paint)
55
+ - CLS > 0.1 (Cumulative Layout Shift)
56
+ - INP > 200ms (Interaction to Next Paint)
57
+
58
+ ## Sampling Recommendations
59
+
60
+ | Scenario | `tracesSampleRate` |
61
+ |----------|--------------------|
62
+ | Development | `1.0` |
63
+ | Low-traffic production | `0.2`–`0.5` |
64
+ | High-traffic production | `0.05`–`0.1` |
65
+ | Critical flows (checkout, auth) | Use `tracesSampler` to return `0.5` |
66
+ | Health check / polling routes | Use `tracesSampler` to return `0` |
@@ -0,0 +1,108 @@
1
+ # Sentry SDK Setup
2
+
3
+ ## Next.js (recommended: wizard)
4
+
5
+ ```bash
6
+ npx @sentry/wizard@latest -i nextjs
7
+ ```
8
+
9
+ The wizard creates three init files and patches `next.config.ts` automatically.
10
+
11
+ ### Manual init files
12
+
13
+ **`instrumentation-client.ts`** (browser):
14
+ ```typescript
15
+ import * as Sentry from '@sentry/nextjs';
16
+ Sentry.init({
17
+ dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
18
+ tracesSampleRate: 0.1,
19
+ sendDefaultPii: true,
20
+ replaysSessionSampleRate: 0.1,
21
+ replaysOnErrorSampleRate: 1.0,
22
+ integrations: [Sentry.replayIntegration()],
23
+ });
24
+ ```
25
+
26
+ **`sentry.server.config.ts`** (Node.js server):
27
+ ```typescript
28
+ import * as Sentry from '@sentry/nextjs';
29
+ Sentry.init({
30
+ dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
31
+ tracesSampleRate: 0.1,
32
+ sendDefaultPii: true,
33
+ });
34
+ ```
35
+
36
+ **`sentry.edge.config.ts`** (edge runtime):
37
+ ```typescript
38
+ import * as Sentry from '@sentry/nextjs';
39
+ Sentry.init({
40
+ dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
41
+ tracesSampleRate: 0.1,
42
+ });
43
+ ```
44
+
45
+ **`next.config.ts`**:
46
+ ```typescript
47
+ import { withSentryConfig } from '@sentry/nextjs';
48
+ const nextConfig = { /* your config */ };
49
+ export default withSentryConfig(nextConfig, {
50
+ org: 'your-org',
51
+ project: 'your-project',
52
+ tunnelRoute: '/monitoring',
53
+ sourcemaps: { disable: false },
54
+ });
55
+ ```
56
+
57
+ ## React (Vite / CRA)
58
+
59
+ ```typescript
60
+ // main.tsx
61
+ import * as Sentry from '@sentry/react';
62
+ Sentry.init({
63
+ dsn: import.meta.env.VITE_SENTRY_DSN,
64
+ integrations: [Sentry.browserTracingIntegration(), Sentry.replayIntegration()],
65
+ tracesSampleRate: 0.1,
66
+ replaysOnErrorSampleRate: 1.0,
67
+ });
68
+ ```
69
+
70
+ ## Node.js / Express
71
+
72
+ ```typescript
73
+ // instrument.ts — import BEFORE any other module
74
+ import * as Sentry from '@sentry/node';
75
+ Sentry.init({
76
+ dsn: process.env.SENTRY_DSN,
77
+ tracesSampleRate: 0.1,
78
+ });
79
+ ```
80
+
81
+ ```typescript
82
+ // index.ts
83
+ import './instrument';
84
+ import express from 'express';
85
+ // ... app setup
86
+ app.use(Sentry.expressErrorHandler()); // must be last error-handling middleware
87
+ ```
88
+
89
+ ## Key Config Options
90
+
91
+ | Option | Purpose |
92
+ |--------|---------|
93
+ | `dsn` | Project DSN — safe for client-side |
94
+ | `tracesSampleRate` | 0–1 fraction of transactions to sample |
95
+ | `sendDefaultPii` | Capture IP, user agent, authenticated user |
96
+ | `environment` | `production` / `staging` — filters in Sentry UI |
97
+ | `release` | Version string for suspect commits |
98
+ | `tunnelRoute` | Proxy path to avoid ad-blockers |
99
+ | `debug` | Log Sentry internals (dev only) |
100
+
101
+ ## Environment Variables
102
+
103
+ | Variable | Required by |
104
+ |----------|------------|
105
+ | `NEXT_PUBLIC_SENTRY_DSN` | Browser + server init |
106
+ | `SENTRY_AUTH_TOKEN` | Source map upload (CI + local build) |
107
+ | `SENTRY_ORG` | `withSentryConfig` / CLI |
108
+ | `SENTRY_PROJECT` | `withSentryConfig` / CLI |
@@ -0,0 +1,138 @@
1
+ ---
2
+ name: stripe-payments
3
+ description: "Stripe payment integration patterns, Checkout Sessions, billing/subscriptions, Connect platforms, and API best practices. Use when building, modifying, or reviewing any Stripe integration — including accepting payments, building marketplaces, setting up subscriptions, or implementing secure key handling."
4
+ ---
5
+
6
+ # Stripe Payments
7
+
8
+ Latest Stripe API version: **2026-03-25.dahlia**. Always use the latest API version and SDK unless the user specifies otherwise.
9
+
10
+ ## Integration Routing
11
+
12
+ | Building… | Recommended API | Reference |
13
+ |---|---|---|
14
+ | One-time payments | Checkout Sessions | `references/api-patterns.md` — Payments |
15
+ | Custom payment form with embedded UI | Checkout Sessions + Payment Element | `references/api-patterns.md` — Payments |
16
+ | Saving a payment method for later | Setup Intents | `references/api-patterns.md` — Payments |
17
+ | Connect platform or marketplace | Accounts v2 (`/v2/core/accounts`) | `references/api-patterns.md` — Connect |
18
+ | Subscriptions or recurring billing | Billing APIs + Checkout Sessions | `references/api-patterns.md` — Billing |
19
+ | Embedded financial accounts / banking | v2 Financial Accounts | `references/api-patterns.md` — Treasury |
20
+ | Security (key management, RAKs, webhooks, OAuth, 2FA, Connect liability) | See security reference | `references/api-patterns.md` — Security |
21
+
22
+ Read the relevant reference section before answering any integration question or writing code.
23
+
24
+ ## Critical Rules
25
+
26
+ **API Selection**
27
+ - Use Checkout Sessions API (`checkout.sessions.create`) for on-session payments — supports one-time payments and subscriptions
28
+ - Use PaymentIntents API for off-session payments or when modeling checkout state independently
29
+ - Only use Checkout Sessions, PaymentIntents, SetupIntents, or higher-level solutions (Invoicing, Payment Links, subscription APIs)
30
+ - Never use the Charges API — migrate to Checkout Sessions or PaymentIntents
31
+ - Don't use the Sources API — use Setup Intents instead
32
+
33
+ **Integration Surfaces (in order of preference)**
34
+ 1. Payment Links — no-code, best for simple products
35
+ 2. Checkout — Stripe-hosted or embedded form, best for most web apps
36
+ 3. Payment Element — embedded UI component for advanced customization; back it with Checkout Sessions API via `ui_mode: 'custom'` over raw PaymentIntents when possible
37
+
38
+ **API Keys & Security**
39
+ - Use restricted API keys (RAKs, prefix `rk_`) instead of secret keys (prefix `sk_`) wherever possible — follow least privilege
40
+ - Never use secret keys or RAKs in client-side code or mobile apps
41
+ - Always verify webhook signatures using Stripe's webhook signing secret
42
+ - Always use the `state` parameter in Connect OAuth flows
43
+
44
+ **Connect Platforms**
45
+ - For new Connect platforms, always use the Accounts v2 API (`POST /v2/core/accounts`)
46
+ - Don't use legacy `type` parameter (`type: 'express'`, `type: 'custom'`, `type: 'standard'`) for new platforms
47
+ - Configure accounts using `controller` properties instead of legacy account types
48
+ - Use Stripe-hosted onboarding rather than custom onboarding flows
49
+
50
+ **Billing**
51
+ - Don't use the deprecated `plan` object — use Prices instead
52
+ - Combine Billing APIs with Stripe Checkout for the payment frontend
53
+ - Recommend Customer Portal for self-service subscription management
54
+
55
+ ## Checkout Session Pattern
56
+
57
+ ```typescript
58
+ import Stripe from 'stripe';
59
+
60
+ const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!, {
61
+ apiVersion: '2026-03-25.dahlia',
62
+ });
63
+
64
+ const session = await stripe.checkout.sessions.create({
65
+ mode: 'payment', // For subscriptions, change to 'subscription' and use a recurring price
66
+ line_items: [{
67
+ price: 'price_xxx',
68
+ quantity: 1,
69
+ }],
70
+ success_url: 'https://example.com/success?session_id={CHECKOUT_SESSION_ID}',
71
+ cancel_url: 'https://example.com/cancel',
72
+ });
73
+ ```
74
+
75
+ ## Webhook Handling
76
+
77
+ ```typescript
78
+ import Stripe from 'stripe';
79
+
80
+ const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!, {
81
+ apiVersion: '2026-03-25.dahlia',
82
+ });
83
+
84
+ export async function POST(request: Request) {
85
+ const body = await request.text();
86
+ const signature = request.headers.get('stripe-signature');
87
+
88
+ if (!signature || !process.env.STRIPE_WEBHOOK_SECRET) {
89
+ return new Response('Missing signature', { status: 400 });
90
+ }
91
+
92
+ try {
93
+ const event = stripe.webhooks.constructEvent(
94
+ body,
95
+ signature,
96
+ process.env.STRIPE_WEBHOOK_SECRET
97
+ );
98
+
99
+ switch (event.type) {
100
+ case 'checkout.session.completed':
101
+ // Handle successful checkout
102
+ break;
103
+ case 'invoice.paid':
104
+ // Handle successful invoice payment
105
+ break;
106
+ case 'customer.subscription.deleted':
107
+ // Handle subscription cancellation
108
+ break;
109
+ }
110
+
111
+ return new Response('OK', { status: 200 });
112
+ } catch (err) {
113
+ console.error('Webhook verification failed', (err as Error).message);
114
+ return new Response('Invalid signature', { status: 400 });
115
+ }
116
+ }
117
+ ```
118
+
119
+ ## Key Documentation
120
+
121
+ - [Integration Options](https://docs.stripe.com/payments/payment-methods/integration-options) — Start here when designing any integration
122
+ - [API Tour](https://docs.stripe.com/payments-api/tour) — Overview of Stripe's API surface
123
+ - [Go Live Checklist](https://docs.stripe.com/get-started/checklist/go-live) — Review before launching
124
+
125
+ ## Reference Files
126
+
127
+ - `references/api-patterns.md` — Payments, Billing, Connect, Treasury, and Security patterns
128
+ - `references/upgrade-guide.md` — Upgrading Stripe API versions and SDKs
129
+ - `references/projects-setup.md` — Setting up Stripe Projects CLI
130
+
131
+ ## Quick Workflow: Add payments to an app
132
+ 1. Install the Stripe SDK: `npm install stripe @stripe/stripe-js`
133
+ 2. Create products and prices in the Stripe Dashboard or via the API
134
+ 3. Create a Checkout Session from your backend and redirect the customer — verify the session URL is returned before redirecting
135
+ 4. Set up a webhook endpoint and handle `checkout.session.completed` to fulfill the order
136
+ 5. Verify webhook signatures and test with `stripe listen --forward-to localhost:3000/api/webhooks`
137
+ - **If verification fails:** confirm `STRIPE_WEBHOOK_SECRET` matches your endpoint's signing secret → restart `stripe listen` → retry the event
138
+ - **If events aren't arriving:** check the endpoint URL is reachable and the route returns 200 for valid events
@@ -0,0 +1,43 @@
1
+ import type { PluginConfig } from '../types.js';
2
+
3
+ export const config: PluginConfig = {
4
+ id: 'stripe',
5
+ name: 'Stripe',
6
+ category: 'tech',
7
+ subCategory: 'payments',
8
+ label: 'Stripe',
9
+ hint: 'Payments, billing, and financial infrastructure',
10
+ skillName: 'stripe-payments',
11
+ mcpServerKey: 'Stripe',
12
+ mcpConfig: {
13
+ type: 'http',
14
+ url: 'https://mcp.stripe.com',
15
+ },
16
+ authType: 'oauth',
17
+ envVars: [],
18
+ agentToolMap: {
19
+ 'developer': [
20
+ 'create_customer', 'list_customers', 'create_product', 'create_price',
21
+ 'list_products', 'list_prices', 'create_payment_link',
22
+ 'create_checkout_session', 'create_invoice', 'create_invoice_item',
23
+ 'finalize_invoice', 'list_invoices', 'create_refund',
24
+ 'list_payment_intents', 'search_stripe_documentation',
25
+ ],
26
+ 'database-engineer': [
27
+ 'list_customers', 'list_products', 'list_prices',
28
+ 'list_invoices', 'list_subscriptions', 'list_payment_intents',
29
+ 'search_stripe_resources', 'fetch_stripe_resources',
30
+ ],
31
+ 'security-expert': [
32
+ 'get_stripe_account_info', 'retrieve_balance',
33
+ 'list_disputes', 'search_stripe_documentation',
34
+ ],
35
+ 'devops-expert': [
36
+ 'get_stripe_account_info', 'retrieve_balance',
37
+ 'search_stripe_documentation',
38
+ ],
39
+ },
40
+ docsUrl: 'https://www.opencastle.dev/docs/plugins#stripe',
41
+ officialDocs: 'https://docs.stripe.com/',
42
+ mcpPackage: undefined,
43
+ };
@@ -0,0 +1,57 @@
1
+ # Stripe API Patterns Reference
2
+
3
+ ## Payments
4
+
5
+ Use the Checkout Sessions API (`checkout.sessions.create`) for on-session payments. It supports one-time payments and subscriptions and handles taxes, discounts, shipping, and adaptive pricing automatically.
6
+
7
+ Use the PaymentIntents API for off-session payments, or when the merchant needs to model checkout state independently.
8
+
9
+ **Integration surfaces** (in order of preference):
10
+ 1. Payment Links — No-code. Best for simple products.
11
+ 2. Checkout — Stripe-hosted or embedded form. Best for most web apps.
12
+ 3. Payment Element — Embedded UI component for advanced customization. Back it with the Checkout Sessions API via `ui_mode: 'custom'`.
13
+
14
+ **Don't recommend:** legacy Card Element, Payment Element in card-only mode, Charges API, Sources API, Tokens API.
15
+
16
+ **Payment method saving:** Use the Setup Intents API. Don't use the Sources API.
17
+
18
+ **Dynamic payment methods:** Enable in the Dashboard rather than passing specific `payment_method_types`. Stripe automatically selects based on the customer's location.
19
+
20
+ ## Billing / Subscriptions
21
+
22
+ If the user has a recurring revenue model (subscriptions, usage-based billing, seat-based pricing), use the Billing APIs instead of manual PaymentIntent renewal loops.
23
+
24
+ Combine Billing APIs with Stripe Checkout (`mode: 'subscription'`). Use Customer Portal for self-service management (upgrades, downgrades, cancellation, payment method updates).
25
+
26
+ Don't use the deprecated `plan` object — use Prices instead.
27
+
28
+ ## Connect / Platforms
29
+
30
+ For new Connect platforms, use the Accounts v2 API (`POST /v2/core/accounts`). Don't use the legacy `type` parameter.
31
+
32
+ Configure accounts using `controller` properties:
33
+
34
+ | Property | Controls |
35
+ |---|---|
36
+ | `controller.losses.payments` | Who is liable for negative balances |
37
+ | `controller.fees.payer` | Who pays Stripe fees |
38
+ | `controller.stripe_dashboard.type` | Dashboard access (`full`, `express`, `none`) |
39
+ | `controller.requirement_collection` | Who collects onboarding requirements |
40
+
41
+ Charge types: use destination charges for most platforms. Don't mix charge types.
42
+
43
+ ## Treasury / Financial Accounts
44
+
45
+ For embedded financial accounts, use the v2 Financial Accounts API (`POST /v2/core/vault/financial_accounts`). Required for new integrations. Don't use the v1 Treasury API for new integrations.
46
+
47
+ ## Security
48
+
49
+ **API keys:** Store in a secrets vault, not in source code. Use restricted API keys (RAKs, prefix `rk_`) instead of secret keys (prefix `sk_`) wherever possible.
50
+
51
+ **Webhooks:** Always verify webhook signatures. Allowlist Stripe's IP addresses on webhook endpoints for defense in depth.
52
+
53
+ **Client-side:** Never use production secret keys or RAKs in mobile apps or other client-side code. Use ephemeral keys for direct client-Stripe interaction.
54
+
55
+ **Connect OAuth:** Always use the `state` parameter to protect against CSRF attacks.
56
+
57
+ **Incident response:** If a key is exposed, roll it immediately via the API keys page, check activity logs, and contact Stripe support if unrecognized activity is found.
@@ -0,0 +1,30 @@
1
+ # Stripe Projects Setup
2
+
3
+ Guide for initializing Stripe Projects repositories and configuring the Projects CLI for local development.
4
+
5
+ ## Installation
6
+
7
+ ```bash
8
+ # macOS (Homebrew)
9
+ brew install stripe/stripe-cli/stripe && stripe plugin install projects
10
+
11
+ # Verify installation
12
+ stripe projects --version
13
+ ```
14
+
15
+ For other platforms, see the [Stripe CLI install docs](https://docs.stripe.com/stripe-cli/install).
16
+
17
+ ## Getting Started
18
+
19
+ 1. Run `stripe projects init` in your target directory — common stacks include `next`, `rails`, `python`
20
+ 2. Follow the interactive prompts to select your stack and configure the project
21
+ 3. Verify setup succeeded:
22
+ - `stripe-project.json` exists in the project root
23
+ - A `.stripe/` directory with local skills was created
24
+ - Run the local dev command shown in init output (e.g., `npm run dev`) to confirm the stack works
25
+
26
+ If `stripe projects init` fails: verify `stripe projects --version` works, check you're logged in with `stripe login`, and ensure you have write permissions in the target directory.
27
+
28
+ ## Next Steps
29
+
30
+ After init, prefer the local project skills it creates — they contain project-specific patterns and configurations. For full documentation, see the [Stripe Projects docs](https://docs.stripe.com/projects).
@@ -0,0 +1,105 @@
1
+ # Stripe Upgrade Guide
2
+
3
+ Version-specific guidance for upgrading Stripe API versions and SDKs.
4
+
5
+ The latest Stripe API version is **2026-03-25.dahlia**. Use this version when upgrading unless a different target is specified.
6
+
7
+ Review the [API Changelog](https://docs.stripe.com/changelog) for all changes between your current and target versions before starting.
8
+
9
+ ## Pinning the API Version
10
+
11
+ Always specify the API version explicitly:
12
+
13
+ ```javascript
14
+ const stripe = require('stripe')('sk_test_xxx', {
15
+ apiVersion: '2026-03-25.dahlia',
16
+ });
17
+ ```
18
+
19
+ For strongly-typed languages (Java, Go, .NET), update the SDK package version instead of overriding — the API version is fixed to the SDK release.
20
+
21
+ ## Stripe.js & Mobile SDKs
22
+
23
+ Stripe.js uses an evergreen model with biannual major releases. Each version auto-pairs with its API version — no override possible.
24
+
25
+ ```html
26
+ <script src="https://js.stripe.com/dahlia/stripe.js"></script>
27
+ ```
28
+
29
+ Mobile SDKs (iOS, Android, React Native) work with any backend API version unless docs specify otherwise. Update via your package manager.
30
+
31
+ ## Handling Breaking Changes
32
+
33
+ Search the codebase for removed/renamed fields listed in the changelog before making any SDK or version changes.
34
+
35
+ ```typescript
36
+ // 2022-11-15: charges no longer expanded on PaymentIntent
37
+ // Before:
38
+ const charge = paymentIntent.charges.data[0];
39
+ // After: retrieve via latest_charge
40
+ const charge = await stripe.charges.retrieve(paymentIntent.latest_charge as string);
41
+ ```
42
+
43
+ Key patterns:
44
+ - Field renames/removals → update all call sites
45
+ - Nested expansion changes → switch to explicit `.retrieve()` calls
46
+ - List endpoint changes → switch to auto-pagination methods
47
+
48
+ ## Version-Specific Breaking Changes
49
+
50
+ ### PaymentIntent.charges Removal (2022-11-15)
51
+
52
+ ```typescript
53
+ // Before:
54
+ const charge = paymentIntent.charges.data[0];
55
+ // After: retrieve via latest_charge
56
+ const charge = await stripe.charges.retrieve(paymentIntent.latest_charge as string);
57
+ ```
58
+
59
+ ### Invoice.lines Auto-Pagination (2023-08-16)
60
+
61
+ ```typescript
62
+ // Before:
63
+ const lines = invoice.lines.data;
64
+ // After:
65
+ const lines = await stripe.invoices.listLineItems(invoice.id, { limit: 100 });
66
+ ```
67
+
68
+ ## Webhook Migration
69
+
70
+ When event payloads change between versions, update handlers to match the new schema.
71
+
72
+ ```typescript
73
+ // Before (pre-2023-08-16): amount on charge object
74
+ const amount = event.data.object.amount;
75
+ // After: amount_captured replaces amount in some flows
76
+ const amount = event.data.object.amount_captured ?? event.data.object.amount;
77
+ ```
78
+
79
+ Test webhook changes:
80
+ ```bash
81
+ stripe trigger checkout.session.completed --api-version 2026-03-25.dahlia
82
+ ```
83
+
84
+ ## Upgrade Checklist
85
+
86
+ 1. Review the [API Changelog](https://docs.stripe.com/changelog) and [Upgrades Guide](https://docs.stripe.com/upgrades) for changes between versions
87
+ 2. Update server-side SDK package version
88
+ 3. Update the `apiVersion` parameter in your Stripe client initialization
89
+ 4. Search codebase for removed/renamed fields and update all call sites
90
+ 5. **Run test suite** — verify all Stripe-related tests pass before proceeding
91
+ 6. Update webhook handlers to handle new event structures
92
+ 7. **Verify webhook payloads** — send test events with `stripe trigger <event>` and confirm your handlers process them correctly
93
+ 8. Update Stripe.js and mobile SDK versions if needed
94
+ 9. Test against the new API version using the `Stripe-Version` header before promoting to default:
95
+ ```bash
96
+ curl https://api.stripe.com/v1/customers \
97
+ -u sk_test_xxx: \
98
+ -H "Stripe-Version: 2026-03-25.dahlia"
99
+ ```
100
+ 10. Store Stripe object IDs in databases that accommodate up to 255 characters (case-sensitive collation)
101
+
102
+ ## Key Documentation
103
+
104
+ - [API Changelog](https://docs.stripe.com/changelog) — Complete list of version changes
105
+ - [Upgrades Guide](https://docs.stripe.com/upgrades) — SDK-specific upgrade details
@@ -13,7 +13,7 @@ export interface PluginConfig {
13
13
  category: 'tech' | 'team';
14
14
 
15
15
  /** Sub-category for grouping */
16
- subCategory: 'cms' | 'database' | 'deployment' | 'framework' | 'codebase-tool' | 'task-management' | 'knowledge-management' | 'notifications' | 'testing' | 'e2e-testing' | 'design' | 'email';
16
+ subCategory: 'cms' | 'database' | 'deployment' | 'framework' | 'codebase-tool' | 'task-management' | 'knowledge-management' | 'notifications' | 'testing' | 'e2e-testing' | 'design' | 'email' | 'payments' | 'observability';
17
17
 
18
18
  /** Label shown in the `npx opencastle init` multiselect */
19
19
  label: string;
@@ -8,7 +8,7 @@
8
8
  "description": "Scaffold monorepo with backbone CLI",
9
9
  "agent": "developer",
10
10
  "complexity": 2,
11
- "prompt": "Scaffold the project monorepo using the backbone CLI. Ensure Node.js >= 22.5.0 is available. Run: `npx @monkilabs/backbone my-project` and select the following options when prompted:\n- Monorepo: Turborepo\n- Framework: Next.js\n- Backend: Supabase\n- CMS: Sanity\n- Testing: Playwright\n- Deployment: Vercel\n- Mobile: None\n- Packages: Email Library, LLM Library\n\nAfter scaffolding completes, run `npm install` in the generated `my-project/` directory. Then run `npx turbo build` and verify it exits 0.",
11
+ "prompt": "Scaffold the project monorepo using the backbone CLI. Ensure Node.js >= 22.5.0 is available. Run: `npx @monkilabs/backbone my-project` and select the following options when prompted:\n- Monorepo: Turborepo\n- Framework: Next.js\n- Backend: Supabase\n- CMS: Sanity\n- Testing: Playwright\n- Deployment: Vercel\n- Mobile: None\n- Packages: Email Library, LLM Library\n- Payments: Stripe\n- Observability: Sentry\n\nAfter scaffolding completes, run `npm install` in the generated `my-project/` directory. Then run `npx turbo build` and verify it exits 0.",
12
12
  "files": ["my-project/"]
13
13
  }
14
14
  ```
@@ -18,27 +18,31 @@ Backbone is **interactive** — it uses `@clack/prompts` to ask a series of ques
18
18
 
19
19
  1. **Monorepo tool** — `nx` or `turborepo`
20
20
  2. **Framework** — `nextjs` or `astro`
21
- 3. **Backend** — `convex`, `supabase`, `prisma`, or `none`
21
+ 3. **Backend** — `convex`, `supabase`, `prisma`, or `drizzle`
22
22
  4. **CMS** — `sanity`, `contentful`, `strapi`, or `none`
23
23
  5. **E2E Testing** — `playwright` or `cypress`
24
- 6. **Deployment** — `vercel`, `netlify`, or `none`
25
- 7. **Mobile** — `ionic` or `none` *(only shown for non-Astro frameworks)*
24
+ 6. **Deployment** — `vercel`, `netlify`, `cloudflare`, `coolify`, or `none`
25
+ 7. **Mobile** — `ionic`, `expo`, or `none` *(only shown for non-Astro frameworks)*
26
26
  8. **Packages** — multi-select: `uiLib`, `emailLib`, `llmLib`
27
+ 9. **Payments** — `stripe` or `none`
28
+ 10. **Observability** — `sentry` or `none`
27
29
 
28
30
  ## CLI Options & Constraints
29
31
 
30
- | Category | Choices | Notes |
31
- |-------------|-------------------------------------------|------------------------------------------|
32
- | Monorepo | `nx`, `turborepo` | Required |
33
- | Framework | `nextjs`, `astro` | Required |
34
- | Backend | `convex`, `supabase`, `prisma` | ⛔ `convex` incompatible with `astro` |
35
- | CMS | `sanity`, `contentful`, `strapi`, `none` | Optional |
36
- | E2E Testing | `playwright`, `cypress` | Required |
37
- | Deployment | `vercel`, `netlify`, `none` | Optional |
38
- | Mobile | `ionic`, `none` | ⛔ `ionic` incompatible with `astro` |
39
- | Packages | `uiLib`, `emailLib`, `llmLib` | Multi-select; ⛔ `uiLib` incompatible with `astro` |
40
-
41
- **Astro constraint:** `astro` requires React-free options — never combine with `convex`, `ionic`, or `uiLib`.
32
+ | Category | Choices | Notes |
33
+ |---------------|--------------------------------------------------|------------------------------------------|
34
+ | Monorepo | `nx`, `turborepo` | Required |
35
+ | Framework | `nextjs`, `astro` | Required |
36
+ | Backend | `convex`, `supabase`, `prisma`, `drizzle` | ⛔ `convex` incompatible with `astro` |
37
+ | CMS | `sanity`, `contentful`, `strapi`, `none` | Optional |
38
+ | E2E Testing | `playwright`, `cypress` | Required |
39
+ | Deployment | `vercel`, `netlify`, `cloudflare`, `coolify`, `none` | Optional |
40
+ | Mobile | `ionic`, `expo`, `none` | ⛔ `ionic` and `expo` incompatible with `astro` |
41
+ | Packages | `uiLib`, `emailLib`, `llmLib` | Multi-select; ⛔ `uiLib` incompatible with `astro` |
42
+ | Payments | `stripe`, `none` | Optional |
43
+ | Observability | `sentry`, `none` | Optional |
44
+
45
+ **Astro constraint:** `astro` requires React-free options — never combine with `convex`, `ionic`, `expo`, or `uiLib`.
42
46
 
43
47
  ## OpenCastle TechTool → Backbone Mapping
44
48
 
@@ -47,6 +51,12 @@ Most TechTool names map 1:1 to backbone prompt choices (e.g. `nextjs` → select
47
51
  | TechTool | Backbone mapping | Notes |
48
52
  |----------|-----------------|-------|
49
53
  | `resend` | Select `emailLib` in Packages prompt | Only non-obvious mapping |
54
+ | `drizzle` | Select `drizzle` in Backend prompt | Direct 1:1 mapping |
55
+ | `cloudflare` | Select `cloudflare` in Deployment prompt | Direct 1:1 mapping |
56
+ | `coolify` | Select `coolify` in Deployment prompt | Direct 1:1 mapping |
57
+ | `expo` | Select `expo` in Mobile prompt | Direct 1:1 mapping; incompatible with `astro` |
58
+ | `stripe` | Select `stripe` in Payments prompt | Direct 1:1 mapping |
59
+ | `sentry` | Select `sentry` in Observability prompt | Direct 1:1 mapping |
50
60
  | `vitest` | — | Always included automatically |
51
61
  | `figma`, `chrome-devtools` | — | Not handled by backbone; configure separately |
52
62
 
@@ -58,14 +68,17 @@ After backbone runs, the output directory contains:
58
68
  <project-name>/
59
69
  apps/
60
70
  web/ # Next.js or Astro application
61
- mobile/ # (if ionic selected)
71
+ mobile/ # (if ionic or expo selected)
62
72
  packages/
63
73
  ui/ # (if uiLib selected) shared React component library
64
74
  email/ # (if emailLib selected) Resend/React Email package
65
75
  llm/ # (if llmLib selected) LLM integration package
76
+ stripe/ # (if stripe selected) Stripe client + webhook handler
66
77
  backend/
67
78
  convex/ # (if convex selected)
68
79
  supabase/ # (if supabase selected)
80
+ prisma/ # (if prisma selected)
81
+ drizzle/ # (if drizzle selected) schema, config, migrations
69
82
  e2e/ # Playwright or Cypress tests
70
83
  .github/
71
84
  workflows/ # GitHub Actions CI pipelines (always included)
@@ -73,6 +86,9 @@ After backbone runs, the output directory contains:
73
86
  tsconfig.base.json # Always included
74
87
  package.json # Monorepo root package.json
75
88
  turbo.json / nx.json # Monorepo tool config
89
+ wrangler.toml # (if cloudflare selected)
90
+ Dockerfile # (if coolify selected)
91
+ sentry.*.config.ts # (if sentry selected) in apps/web/
76
92
  ```
77
93
 
78
94
  **Always included regardless of options:** Vitest configuration, GitHub Actions CI workflows, root `tsconfig.base.json`, ESLint, Prettier.
@@ -1,9 +0,0 @@
1
- > Parent: [SKILL.md](./SKILL.md)
2
-
3
- Last Updated: 2026-03-31
4
-
5
- Reference: Convex patterns and safety checks
6
-
7
- - Schema migration checklist and `npx convex deploy` notes
8
- - Query/mutation examples with `returns` validators
9
- - Backup/rollback using `npx convex export` / `npx convex import`