Skip to content

feat(stack-stripe): --webhook-endpoint flag creates and persists whsec#4

Open
masonwyatt23 wants to merge 2 commits intomainfrom
feat/stack-add-stripe-webhook
Open

feat(stack-stripe): --webhook-endpoint flag creates and persists whsec#4
masonwyatt23 wants to merge 2 commits intomainfrom
feat/stack-add-stripe-webhook

Conversation

@masonwyatt23
Copy link
Copy Markdown
Contributor

@masonwyatt23 masonwyatt23 commented Apr 29, 2026

Summary

  • stack add stripe --webhook-endpoint <url> [--events <e1,e2,...>] now calls POST /v1/webhook_endpoints, captures the whsec_… signing secret, and stores STRIPE_WEBHOOK_SECRET + STRIPE_WEBHOOK_ENDPOINT_ID in Phantom — fully agent-driveable with no Stripe dashboard copy-paste.
  • Default event list (when --events is omitted): customer.subscription.{created,updated,deleted,trial_will_end} + invoice.payment_failed.
  • --secret-key-from-vault skips the interactive sk_… paste and reuses the existing vault entry.
  • ProviderContext gains an optional hints field so providers can inspect CLI flags during login() (not only during provision()), enabling the vault-bypass path.
  • Plain stack add stripe (no webhook flag) is unchanged — regression-guarded by test (f).

Files changed

  • packages/core/src/providers/stripe.ts — rewritten from makeApiKeyProvider factory to a hand-written Provider with full webhook flow
  • packages/core/src/providers/_base.tsProviderContext.hints?: Record<string,unknown> added
  • packages/core/src/pipeline.ts — threads opts.hints into ctx so login() can read it
  • packages/cli/src/commands/add.ts--webhook-endpoint, --events, --secret-key-from-vault flags + buildHints() helper
  • packages/core/src/__tests__/stripe-webhook.test.ts — 8 new tests (all mock fetch, never hit real Stripe)
  • README.md — doc snippet showing all three invocation forms

Test plan

  • bun test in packages/core — 265 pass, 0 fail (includes 8 new stripe-webhook tests)
  • bun run typecheck at repo root — clean
  • Test (a): successful creation stores all 3 secrets in vault
  • Test (b): custom --events forwarded to Stripe POST body
  • Test (c): default events used when --events omitted
  • Test (d): --secret-key-from-vault throws STRIPE_AUTH_REQUIRED when vault empty
  • Test (e): Stripe 400 propagates as STRIPE_WEBHOOK_CREATE_FAILED
  • Test (f): plain stack add stripe flow (no webhook) unchanged

🤖 Generated with Claude Code

@masonwyatt23 @claude
feat(stack-stripe): --webhook-endpoint flag creates and persists whsec
a90162a 
stack add stripe --webhook-endpoint <url> [--events <e1,e2>] now:
  - reuses or interactively pastes sk_live_… (or reads from vault via
    --secret-key-from-vault)
  - POSTs to /v1/webhook_endpoints using the Stripe secret key
  - captures the whsec_… signing secret and we_… endpoint ID
  - stores STRIPE_WEBHOOK_SECRET + STRIPE_WEBHOOK_ENDPOINT_ID in Phantom
    so a future rotate command can update the same endpoint

Default event list is the subscription-lifecycle set (5 events). Custom
events passed via --events override it.

ProviderContext gains an optional `hints` field so providers can read
CLI flags during login(), not only during provision().

8 new tests cover: successful creation, custom events, default events,
missing-vault error path, Stripe API error propagation, and regression
guard for the plain sk_… flow.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 29, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
ashlr-stack Ready Ready Preview, Comment Apr 30, 2026 1:50am

Request Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@masonwyatt23