Stats
Actions
Tags
From godmode
Integrates Stripe for one-time payments, subscriptions, invoicing, tax calculation via Stripe Tax/TaxJar, and PCI-DSS compliance with webhooks and dunning flows.
How this skill is triggered — by the user, by Claude, or both
Slash command
/godmode:payThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- `/godmode:pay`, "integrate Stripe", "accept payments"
/godmode:pay, "integrate Stripe", "accept payments"grep -r "stripe\|paypal\|braintree" \
package.json requirements.txt 2>/dev/null
Model: one-time | subscription | metered | marketplace
Currency: <primary, multi-currency?>
Methods: cards, wallets, bank, BNPL
Tax: US sales tax | EU VAT | provider (Stripe Tax)
Compliance: PCI-DSS level, refund policy
const stripe = new Stripe(process.env.STRIPE_SECRET_KEY);
const pi = await stripe.paymentIntents.create({
amount, currency, customer: customerId,
automatic_payment_methods: { enabled: true },
metadata, idempotency_key: `pi_${orderId}`,
});
Flow: Client initiates -> Server creates PaymentIntent -> Returns client_secret -> Client uses Elements (card data NEVER touches server) -> Confirms -> Webhook: payment_intent.succeeded -> Fulfill order.
IF PayPal: Orders API v2, capture server-side. Always verify webhook signatures.
Events & Actions:
Created -> provision features
Payment succeeded -> extend access, receipt
Payment failed -> retry 3x with dunning
Updated -> prorate, adjust features
Canceled -> access until period end, downgrade
Dunning schedule:
Day 0: retry immediately
Day 3: email "Update payment"
Day 7: email "Account at risk"
Day 14: email "Last chance"
Day 21: cancel, downgrade to free
Lifecycle: DRAFT -> OPEN -> PAID | VOID. Format: INV-{YYYY}-{sequential}. Store in DB + PDF in S3. Include line items, subtotal, tax, discounts, total.
Use Stripe Tax, TaxJar, or Avalara -- NEVER calculate tax yourself. US: nexus ($100K/200 txns). EU VAT: B2C = customer-country rate; B2B = reverse charge with VIES-validated VAT ID.
IF PCI scope expanded: run compliance check. WHEN payment fails: check idempotency key first.
Target SAQ-A: card data via Stripe.js iframe, never touches server. HTTPS everywhere, API keys in secrets manager, webhook signatures verified, no card data in logs, idempotency keys on all writes.
const event = stripe.webhooks.constructEvent(
req.body, req.headers['stripe-signature'],
process.env.STRIPE_WEBHOOK_SECRET
);
// Check idempotency by event.id
// Process in DB transaction
res.status(200).json({ received: true });
Return 200 within 30s. Process async if slow. Store raw events. Reconcile daily.
Append .godmode/pay-results.tsv:
timestamp component provider status details
KEEP if: webhook verification passes AND idempotency
on all writes AND no card data touches server.
DISCARD if: verification missing OR duplicate charges
OR PCI scope expanded.
STOP when ALL of:
- Webhook signatures verified
- Idempotency keys on all writes
- Event replay = zero duplicate side effects
- SAQ-A compliant
On failure: git reset --hard HEAD~1. Never pause.
| Failure | Action |
|---|---|
| API key missing | Print env var names, link dashboard |
| Webhook sig fails | Verify secret, use stripe listen |
| Payment fails | Map error codes to user messages |
| Duplicate charges | Check idempotency, refund dupes |
| Tax calc fails | Verify provider credentials |
npx claudepluginhub arbazkhan971/godmodeImplements Stripe payment processing for checkout sessions, subscriptions, webhooks, refunds, and PCI-compliant flows in web/mobile apps. Covers SCA, customer management, and Stripe Connect.
Guides Stripe payment integration including checkout, subscriptions, webhooks, refunds, and PCI-compliant flows. Useful for implementing payment processing in web/mobile apps.