How does this skill help with Stripe webhooks?

It proactively checks if your webhook URL returns a redirect status code, which Stripe does not follow, and ensures signature verification is correctly implemented to prevent unauthorized requests.

When is the best time to use this skill?

It should be invoked during the initial integration setup, before any production deployment, and immediately following any billing-related incident for rapid debugging.

How does it handle multi-platform deployments?

The skill includes specific scripts and patterns to compare configuration sets between different platforms, such as Vercel and Convex, ensuring production parity.

Can it prevent 'Invalid character in header' errors?

Yes, it identifies and suggests trimming for environment variables that may have trailing whitespace, a common cause of header injection errors in production environments.

Billing & Security Best Practices

Name: Billing & Security Best Practices
Author: phrazzld

byphrazzld

•

E-commerce Solutions

Ensures secure and reliable payment and authentication integrations by applying production-tested patterns for Stripe, Clerk, and webhooks.

About

The billing-security skill bridges the gap between clean code and fragile configurations by codifying lessons from real-world production incidents. It provides automated guidance for environment variable hygiene, such as trimming whitespace and validating API key formats, while also verifying webhook reachability to prevent silent failures caused by 3xx redirects. This skill is essential for developers using split architectures like Vercel and Convex, ensuring configuration parity across platforms and validating Stripe-specific parameter constraints before they cause runtime errors at checkout.

Key Features

Stripe-specific parameter constraint and mode validation
Webhook reachability checks to detect problematic URL redirects
2 GitHub stars
Cross-platform configuration parity for Vercel and Convex
Automated environment variable validation and whitespace trimming
OODA-V based debugging workflow for billing incident resolution

Use Cases

Debugging 'Invalid character in header' errors or silent webhook failures
Pre-deployment audits to verify environment and webhook configuration
Initial setup of Stripe, Clerk, or third-party auth providers

About

Key Features

Stripe-specific parameter constraint and mode validation
Webhook reachability checks to detect problematic URL redirects
2 GitHub stars
Cross-platform configuration parity for Vercel and Convex
Automated environment variable validation and whitespace trimming
OODA-V based debugging workflow for billing incident resolution

Use Cases

Debugging 'Invalid character in header' errors or silent webhook failures
Pre-deployment audits to verify environment and webhook configuration
Initial setup of Stripe, Clerk, or third-party auth providers