Exécutez n'importe quel Skill dans Manus
en un clic

Exécutez n'importe quel Skill dans Manus en un clic

stripe-webhook-hardening

Étoiles14

Forks3

Mis à jour17 mai 2026 à 08:15

Harden Stripe webhook handlers against three failure-prone invariants — raw-body signature verification, negative-lifecycle handling, and idempotent side effects. Use when reviewing, implementing, or hardening Stripe webhook routes, or when the user says "stripe webhooks", "webhook hardening", "signature verification", "idempotent webhooks", or "webhook review."

Installation

Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.

Exécuter dans Manus

Source

Kevin-Liu-01

Kevin-Liu-01/Agent-Machines

Ouvrir le dépôt GitHub Voir les dépôts du créateur

Téléchargement

Exécuter dans Manus

Métiers associésSOC

Basé sur la classification professionnelle SOC

Développeurs de logicielsProfessions informatiques et mathématiques·SOC 15-1252

SKILL.md

readonly

name	stripe-webhook-hardening
description	Harden Stripe webhook handlers against three failure-prone invariants — raw-body signature verification, negative-lifecycle handling, and idempotent side effects. Use when reviewing, implementing, or hardening Stripe webhook routes, or when the user says "stripe webhooks", "webhook hardening", "signature verification", "idempotent webhooks", or "webhook review."

Stripe Webhook Hardening

Harden Stripe webhook handlers against the three ways generated webhook code most commonly fails in production.

The Three Invariants

1. Raw-Body Signature Verification

The route MUST read the raw request body and verify stripe-signature before any JSON parsing. stripe.webhooks.constructEvent(rawBody, sig, secret) is the only valid entry point.

Failure mode: parsing JSON before constructEvent makes signature verification impossible — the signature covers the raw bytes, not the parsed object.

2. Negative-Lifecycle Handling

Failure and cancellation events (invoice.payment_failed, customer.subscription.deleted) MUST change real product state, not just log.

Failure mode: treating these as log-only events means users keep access after payment failure or cancellation.

3. Idempotent Side Effects

Every side effect MUST be replay-safe. Stripe retries and may deliver the same event more than once.

Implementation options (all valid):

Store processed event IDs (good default)
Use a stable business idempotency key (e.g., checkout_session.id)
Use naturally idempotent state-setting updates (e.g., UPDATE SET status = 'canceled')

The stronger invariant is that the mutation itself must be replay-safe.

Review Checklist

Does the route read raw request body and verify stripe-signature before any parsing?
Do failure and cancellation events change real product state, not just log?
Is every side effect idempotent under replay?
Are there tests and an operational verification path through the Stripe dashboard?

Architecture

Webhook routes should be thin ingress adapters. Shared billing helpers own verification, dispatch, idempotency, and state transitions. One shared billing path handles all billing mutations.

Dedalus Canon

apps/website/app/api/(webhooks)/stripe/route.ts — fail-closed ingress pattern
apps/website/services/stripe/webhooks/payment-handlers.ts — invoice.payment_failed state update + checkout idempotency key
apps/website/services/stripe/webhooks/subscription-handlers.ts — customer.subscription.deleted → downgrade to Hobby

Verification Workflow

Missing or invalid signature test → returns 400
Replay test → proves duplicate delivery is safe
invoice.payment_failed → assert access state changes
customer.subscription.deleted → assert access state changes
Production check: Stripe Dashboard → Developers → Webhooks → Recent deliveries

Scope

Use this skill for webhook implementation or hardening
Use stripe-webhook-review for explicit audit with PASS/FAIL/UNCLEAR output
Use stripe for querying or mutating Stripe objects through the typed CLI wrapper

Plus depuis ce dépôt

même dépôt

dedalus-machines

Kevin-Liu-01/Agent-Machines

How Agent Machines work -- providers (Dedalus, E2B, Sprites), agent runtimes (Hermes, OpenClaw, Claude Code, Codex), MCP catalog, bootstrap, and closed-loop verification. Use when asked about the runtime, scaling, sleep/wake, destroy, or inspecting this environment.

2026-05-2114

reticle-aesthetic

Kevin-Liu-01/Agent-Machines

Build landing page sections, hero blocks, and marketing surfaces in the Reticle/Sigil engineering-instrument-grid aesthetic. Use when creating new landing sections, hero components, marketing pages, or when the user says "reticle", "hero", "landing page", "new section", "instrument panel", "grid cell", or wants to match the existing Agent Machines visual language.

2026-05-1914

aframe-webxr

Kevin-Liu-01/Agent-Machines

Declarative web framework for building browser-based 3D, VR, and AR experiences using HTML and entity-component architecture. Use this skill when creating WebXR applications, VR experiences, AR experiences, 360-degree media viewers, or immersive web content with minimal JavaScript. Triggers on tasks involving A-Frame, WebXR, VR development, AR development, entity-component-system, declarative 3D, or HTML-based 3D scenes. Built on Three.js with accessible HTML-first approach.

2026-05-1714

animejs

Kevin-Liu-01/Agent-Machines

Versatile JavaScript animation engine for DOM, CSS, SVG, and JavaScript objects. Use when creating timeline-based animations, stagger effects, SVG morphing, keyframe sequences, or complex choreographed animations. Triggers on tasks involving Anime.js, timeline animations, staggered sequences, SVG path animations, morphing, or multi-step animation choreography. Alternative to GSAP for SVG-heavy animations and React-independent projects.

2026-05-1714

babylonjs-engine

Kevin-Liu-01/Agent-Machines

Comprehensive skill for Babylon.js 3D web rendering engine. Use this skill when building real-time 3D experiences, browser-based games, interactive visualizations, or immersive web applications. Triggers on tasks involving Babylon.js, 3D scenes, WebGL/WebGPU rendering, entity-component systems, physics simulations, PBR materials, shadow mapping, or 3D model loading. Alternative to Three.js with built-in editor integration and game engine features.

2026-05-1714

barba-js

Kevin-Liu-01/Agent-Machines

Page transitions library for creating fluid, smooth transitions between website pages. Use this skill when implementing page transitions, creating SPA-like experiences, adding animated route changes, or building websites with smooth navigation. Triggers on tasks involving Barba.js, page transitions, routing, view management, transition hooks, GSAP integration, or smooth page navigation. Works with gsap-scrolltrigger for transition animations.

2026-05-1714

name	stripe-webhook-hardening
description	Harden Stripe webhook handlers against three failure-prone invariants — raw-body signature verification, negative-lifecycle handling, and idempotent side effects. Use when reviewing, implementing, or hardening Stripe webhook routes, or when the user says "stripe webhooks", "webhook hardening", "signature verification", "idempotent webhooks", or "webhook review."

Stripe Webhook Hardening

Harden Stripe webhook handlers against the three ways generated webhook code most commonly fails in production.

The Three Invariants

1. Raw-Body Signature Verification

The route MUST read the raw request body and verify stripe-signature before any JSON parsing. stripe.webhooks.constructEvent(rawBody, sig, secret) is the only valid entry point.

Failure mode: parsing JSON before constructEvent makes signature verification impossible — the signature covers the raw bytes, not the parsed object.

2. Negative-Lifecycle Handling

Failure and cancellation events (invoice.payment_failed, customer.subscription.deleted) MUST change real product state, not just log.

Failure mode: treating these as log-only events means users keep access after payment failure or cancellation.

3. Idempotent Side Effects

Every side effect MUST be replay-safe. Stripe retries and may deliver the same event more than once.

Implementation options (all valid):

Store processed event IDs (good default)
Use a stable business idempotency key (e.g., checkout_session.id)
Use naturally idempotent state-setting updates (e.g., UPDATE SET status = 'canceled')

The stronger invariant is that the mutation itself must be replay-safe.

Review Checklist

Does the route read raw request body and verify stripe-signature before any parsing?
Do failure and cancellation events change real product state, not just log?
Is every side effect idempotent under replay?
Are there tests and an operational verification path through the Stripe dashboard?

Architecture

Webhook routes should be thin ingress adapters. Shared billing helpers own verification, dispatch, idempotency, and state transitions. One shared billing path handles all billing mutations.

Dedalus Canon

apps/website/app/api/(webhooks)/stripe/route.ts — fail-closed ingress pattern
apps/website/services/stripe/webhooks/payment-handlers.ts — invoice.payment_failed state update + checkout idempotency key
apps/website/services/stripe/webhooks/subscription-handlers.ts — customer.subscription.deleted → downgrade to Hobby

Verification Workflow

Missing or invalid signature test → returns 400
Replay test → proves duplicate delivery is safe
invoice.payment_failed → assert access state changes
customer.subscription.deleted → assert access state changes
Production check: Stripe Dashboard → Developers → Webhooks → Recent deliveries

Scope

Use this skill for webhook implementation or hardening
Use stripe-webhook-review for explicit audit with PASS/FAIL/UNCLEAR output
Use stripe for querying or mutating Stripe objects through the typed CLI wrapper