一键在 Manus 中运行任何 Skill

$pwd:

ee-billing

Name: Ee Billing
Author: gridaco

// Surface workflow for billing in Grida — Stripe (subscriptions) + Metronome (AI credit ledger). The stable contracts: `grida_billing.*` is not REST-exposed (views/RPCs only), `fn_billing_apply_*` are the single mutation points, webhook receivers are `GRIDA-SEC-001`, BYOK is the `GRIDA-SEC-003` carve-out. Use when touching `editor/lib/billing/`, `editor/scripts/billing/`, the `grida_billing` schema, the webhook receivers, or the entitlement gate. Companion to `ee`.

在 Manus 中运行

$ git log --oneline --stat

stars:2,508

forks:135

updated:2026年5月22日 12:46

SKILL.md

readonly

name

ee-billing

description

Surface workflow for billing in Grida — Stripe (subscriptions) + Metronome (AI credit ledger). The stable contracts: `grida_billing.*` is not REST-exposed (views/RPCs only), `fn_billing_apply_*` are the single mutation points, webhook receivers are `GRIDA-SEC-001`, BYOK is the `GRIDA-SEC-003` carve-out. Use when touching `editor/lib/billing/`, `editor/scripts/billing/`, the `grida_billing` schema, the webhook receivers, or the entitlement gate. Companion to `ee`.

ee-billing

This is the surface skill for billing — the workflow once the ee anchor has placed billing on the EE side and the contributor setup is done. Setup itself is documented; cite it, don't restate it:

docs/contributing/billing — local Stripe + Metronome sandbox, cloudflared tunnel, env vars, troubleshooting.
docs/wg/platform/billing/ — design notes: AI credits master plan, Metronome integration, known issues.
docs/platform/billing — user-facing copy.

Stable surface (the contract)

These shapes are locked. A change that breaks any of them must be intentional and called out in the PR description.

grida_billing.* schema — not REST-exposed. Public reads go through v_billing_* views; writes only through fn_billing_* RPCs. Don't add a new direct-access surface; add a view or an RPC. Schema discipline lives in database / supabase/AGENTS.md.
public.fn_billing_apply_stripe_event — the only place Stripe-driven subscription state mutates. Mutating from a new direction (UI form, ad-hoc RPC, hand-written migration) corrupts the projector model.
public.fn_billing_apply_metronome_event — same role for Metronome credit / alert / payment_gate events.
Webhook receivers — /webhooks/stripe and /webhooks/metronome are the only billing ingress; both are signature-verified per GRIDA-SEC-001.
editor/lib/billing/metronome.ts — the service module surface: provisionOrg, addStripeChargedCommit, setAutoReload, getEntitlement, ingestUsageEvent. New billing actions go through this module, not adjacent to it.

Substrates

Two external clouds; both use per-contributor sandbox accounts. Credentials are never shared. Live keys are refused at boot.

Stripe — subscriptions + payment processing. Provision via pnpm tsx editor/scripts/billing/cli.ts setup:stripe. Idempotent; re-run after every supabase db reset (writes price IDs into the catalog).
Metronome — AI credit ledger. Provision via pnpm tsx editor/scripts/billing/cli.ts setup:metronome. Same idempotency / re-run rule.

editor/scripts/billing/cli.ts is the single entry point for every billing script; run without arguments for the full subcommand list. See editor/scripts/billing/README.md.

The seam: how OSS reads entitlement

OSS code that needs to gate on a paid plan, AI credit balance, or org entitlement does not import billing internals. The seam is getEntitlement (from editor/lib/billing/metronome.ts) and its typed wrappers. New gates go through this function so fail-closed and BYOK behavior stay centralized.

BYOK carve-out — `GRIDA-SEC-003`

If BYOK_OPENROUTER_API_KEY or BYOK_AI_GATEWAY_API_KEY is set in editor/.env.local, the AI-SDK text path routes through the contributor's provider and bypasses billing.

Auth is never bypassed. A resolvable org is still required.
Text/chat only. Image and audio still go through Replicate and still bill, even under BYOK.
Never set BYOK_* on a hosted or preview deploy. It disables billing and the org-id sanity gate for every org. See SECURITY.md (GRIDA-SEC-003).

Working on billing

Read docs/contributing/billing for setup before the first change. Don't skip cloudflared if you need Metronome — webhook delivery requires public HTTPS.
Tag every billing file with GRIDA-EE: billing per the ee skill.
Webhook receivers also carry GRIDA-SEC-001 — the security review runs first.
Don't mutate grida_billing.* outside fn_billing_apply_* or the migration that creates it.
Run the E2E suite before opening the PR (refuses to start unless every channel is demonstrably test-mode): pnpm --filter editor vitest run lib/billing/__tests__/e2e.
For schema changes, the database skill governs — grida_billing is a regular grida_* schema under that discipline.

Known issues

docs/wg/platform/billing/known-issues is the living register (KI-BILL-NNN). Add to it when you mitigate or accept an issue; don't quietly bake the mitigation into a PR without registering it.

See also: ee (the EE anchor), security (GRIDA-SEC-001, GRIDA-SEC-003), database (schema discipline for grida_billing).

related-skills.json

同仓库

ai-models.md

from "gridaco/grida"

Research, compare, and update AI model configurations. Covers text model tiers, image generation models, image tool models, pricing data sourcing, and the budget/rate-limit system. Use when bumping model versions, adding new models, updating pricing, or auditing model specs against provider documentation.

2026-05-272.5k

sdk-design.md

from "gridaco/grida"

Doctrine for designing and evolving any **SDK** Grida ships — TypeScript, Rust, or otherwise. "SDK" here means a surface that crosses a foreign-or-foreign-treated boundary: published packages, separately-versioned consumers, FFI bindings, public-by-design modules. An SDK's job is to refuse; a strict, honest surface rejects the wrong contents and keeps the package testable in isolation. Default is "core, not customizable"; customization is the exception, defended by a deciding table. Use when authoring or evolving any such surface — `@grida/*` published packages, `crates/*` published or FFI-exported, intent/message vocabularies, any contract a second author will compile against. Internal-only helper packages are welcome to follow, not forced. Companion skill for two-sided contract work: $sdk-seam. Critique partners: $pedantic, $etiology. Related: $naming.

2026-05-222.5k

sdk-seam.md

from "gridaco/grida"

Discipline for the seam between two SDKs (or two sides of one contract) that the same hand writes. The failure mode: "we own both sides" produces dirty contracts no foreign reviewer would accept. The exercise: pretend the other side is FFI, IPC, or a network protocol you cannot rewrite. Spawn an adversarial subagent profiled as the producer's maintainer; negotiate the change as a feature request, not a PR. Companion to $sdk-design. Language-agnostic — applies to a TS package + its consumer, a Rust crate + its WASM binding, two services sharing a wire format, or any other boundary the same author writes both ends of.

2026-05-222.5k

ee.md

from "gridaco/grida"

Working pattern for enterprise-edition features in Grida — the commercial/hosted concerns (entitlement, BYOD, billing) on top of the OSS core. Anchor for the `GRIDA-EE: <surface>` grep marker, `(ee)` route group, `*-hosted` package suffix, and namespaced `grida_*` schema. Use when adding or touching an EE-only feature, or deciding whether a feature is EE territory. Surface skills (`ee-billing`) are siblings.

2026-05-222.5k

oss-standards.md

from "gridaco/grida"

Pre-PR discipline for a public-by-default repo. What a reviewer enforces beyond CI: secrets and internal data in diffs or screenshots, docs that name their reader, and the cleaning pass where incomplete or confusing artifacts get dropped. Use before opening any PR against `gridaco/grida` or when finalizing work for review.

2026-05-222.5k

code-react.md

from "gridaco/grida"

React-specific code shape in the Grida editor. Hooks cannot be tested or benchmarked and silently break tuned UX under layered composition, so they are barred from the engine and main system — load-bearing logic lives in classes and namespaces, hooks only as thin edge wires. `data-testid` follows component-root discipline: one per significant component, not scattered. Use when authoring React in `editor/grida-canvas-react/`, `editor/components/`, `editor/scaffolds/`, or `editor/app/*`.

2026-05-222.5k

package.json

"author": "gridaco"

"repository": "gridaco/grida"

打开 GitHub 仓库查看创作者相关仓库

$ install --global

$ download --local

在 Manus 中运行

$ useful --forSOC

软件开发工程师计算机与数学类职业15-1252L4

name

ee-billing

description

ee-billing

This is the surface skill for billing — the workflow once the ee anchor has placed billing on the EE side and the contributor setup is done. Setup itself is documented; cite it, don't restate it:

docs/contributing/billing — local Stripe + Metronome sandbox, cloudflared tunnel, env vars, troubleshooting.
docs/wg/platform/billing/ — design notes: AI credits master plan, Metronome integration, known issues.
docs/platform/billing — user-facing copy.

Stable surface (the contract)

These shapes are locked. A change that breaks any of them must be intentional and called out in the PR description.

grida_billing.* schema — not REST-exposed. Public reads go through v_billing_* views; writes only through fn_billing_* RPCs. Don't add a new direct-access surface; add a view or an RPC. Schema discipline lives in database / supabase/AGENTS.md.
public.fn_billing_apply_stripe_event — the only place Stripe-driven subscription state mutates. Mutating from a new direction (UI form, ad-hoc RPC, hand-written migration) corrupts the projector model.
public.fn_billing_apply_metronome_event — same role for Metronome credit / alert / payment_gate events.
Webhook receivers — /webhooks/stripe and /webhooks/metronome are the only billing ingress; both are signature-verified per GRIDA-SEC-001.
editor/lib/billing/metronome.ts — the service module surface: provisionOrg, addStripeChargedCommit, setAutoReload, getEntitlement, ingestUsageEvent. New billing actions go through this module, not adjacent to it.

Substrates

Two external clouds; both use per-contributor sandbox accounts. Credentials are never shared. Live keys are refused at boot.

Stripe — subscriptions + payment processing. Provision via pnpm tsx editor/scripts/billing/cli.ts setup:stripe. Idempotent; re-run after every supabase db reset (writes price IDs into the catalog).
Metronome — AI credit ledger. Provision via pnpm tsx editor/scripts/billing/cli.ts setup:metronome. Same idempotency / re-run rule.

editor/scripts/billing/cli.ts is the single entry point for every billing script; run without arguments for the full subcommand list. See editor/scripts/billing/README.md.

The seam: how OSS reads entitlement

BYOK carve-out — `GRIDA-SEC-003`

If BYOK_OPENROUTER_API_KEY or BYOK_AI_GATEWAY_API_KEY is set in editor/.env.local, the AI-SDK text path routes through the contributor's provider and bypasses billing.

Auth is never bypassed. A resolvable org is still required.
Text/chat only. Image and audio still go through Replicate and still bill, even under BYOK.
Never set BYOK_* on a hosted or preview deploy. It disables billing and the org-id sanity gate for every org. See SECURITY.md (GRIDA-SEC-003).

Working on billing

Read docs/contributing/billing for setup before the first change. Don't skip cloudflared if you need Metronome — webhook delivery requires public HTTPS.
Tag every billing file with GRIDA-EE: billing per the ee skill.
Webhook receivers also carry GRIDA-SEC-001 — the security review runs first.
Don't mutate grida_billing.* outside fn_billing_apply_* or the migration that creates it.
Run the E2E suite before opening the PR (refuses to start unless every channel is demonstrably test-mode): pnpm --filter editor vitest run lib/billing/__tests__/e2e.
For schema changes, the database skill governs — grida_billing is a regular grida_* schema under that discipline.

Known issues

docs/wg/platform/billing/known-issues is the living register (KI-BILL-NNN). Add to it when you mitigate or accept an issue; don't quietly bake the mitigation into a PR without registering it.

See also: ee (the EE anchor), security (GRIDA-SEC-001, GRIDA-SEC-003), database (schema discipline for grida_billing).

ee-billing

ee-billing

Stable surface (the contract)

Substrates

The seam: how OSS reads entitlement

BYOK carve-out — GRIDA-SEC-003

Working on billing

Known issues

同仓库更多 Skills

同仓库更多 Skills

ee-billing

Stable surface (the contract)

Substrates

The seam: how OSS reads entitlement

BYOK carve-out — GRIDA-SEC-003

Working on billing

Known issues

BYOK carve-out — `GRIDA-SEC-003`

BYOK carve-out — `GRIDA-SEC-003`