Stripe

Stripe AI

Stripe AI

Stripe AI

Stripe AI

Stripe AI

Stripe AI

Stripe AI

Stripe AI

Stripe AI

Stripe AI

Built a simple invoicing SaaS tool with Claude as architect

Creating invoices is actually an easy process and free. But many are ignoring the fact that legal loops exist. Read our blog on how to correctly write terms and make sure you get paid on time. How Plainstatement was built: - 48 governance documents (charters, standards, decision logs, audit trails) - 10 frozen invariants (org boundary, provider isolation, idempotency rules) - Class 1-3 change classification system - Explicit non-goals list that kills scope creep before coding starts How it works: Every feature request goes through Claude first. It checks against invariants and non-goals, assigns risk class, and either approves or redirects to simpler solution. Example: Wanted to add multi-currency dashboard charts. Claude flagged it against frozen non-goal "no dashboard summary totals" and suggested I defer until invoice status tracking stabilizes. The result: - 5 npm dependencies (express, stripe, bcryptjs, dotenv, cookie-parser) - 270-line server.js - Vanilla JS frontend, no build step - JSON file storage - Entire codebase fits in your head The governance folder is larger than the application code. Tech stack: - Node + Express backend - Vanilla JS (no framework, no transpilation) - PM2 process manager - Stripe for billing (isolated behind service layer) Free tier: Create and download invoices, no account needed Pro tier: Save invoices, send by email, client book, business profiles Live at: plainstatement.com Code was kept to a minimal thanks to the constraint system applied. Happy to share governance structure or specific invariants if anyone's interested in applying this pattern to their projects. It's actually useful and avoids regressions and unwanted code changes. submitted by /u/howtobatman101 [link] [comments]

I built a CLI that installs the right AI agent skills for your project in one command (npx skillsense)

Hey r/ClaudeAI, I got tired of spending 20-40 minutes manually setting up skills every time I started a new project. Find the right ones, download them, put them in the right folder, check for conflicts... pure friction. So I built skillsense. npx skillsense That's it. It reads your package.json / pyproject.toml / go.mod / Cargo.toml / Gemfile, detects your stack, and installs the correct SKILL.md files into .claude/skills/ (or .opencode/, .github/skills/, .vscode/ depending on your agent). What it does: • Detects 27 stacks: Next.js, React, Vue, Django, FastAPI, Rails, Go, Rust, Prisma, Supabase, Tailwind, Stripe, Docker... • Applies combo rules (e.g. Next.js + Prisma + Supabase installs all three in the right order) • Verifies SHA-256 integrity on every download • Full rollback if anything fails • Works with Claude Code, OpenCode, GitHub Copilot, and VS Code Flags: --dry-run, --yes, --global, --agent It's open source and the catalog is a YAML file in the repo — easy to contribute new skills. GitHub: https://github.com/andresquirogadev/skillsense npm: https://www.npmjs.com/package/skillsense Happy to hear what stacks you'd want added! submitted by /u/AndresQuirogaa [link] [comments]

Built a conversational AI career tool in 5 days with no coding background — looking for honest feedback

I’m a paraprofessional with an education degree. Couldn’t find a job last week so I built one instead. Lune is a 10 question conversation that tries to surface what resumes miss. Not a resume builder, not a job board. It just asks what’s going on and tries to say something true back to you. It does passive constraint detection and gap analysis between what you say you want versus what you actually seem to need. Closing question is generated from the most specific thing you said in the whole conversation. I stress tested it against 42 synthetic personas — undocumented workers, formerly incarcerated people, grieving widowers, minors raising siblings. No failures but I also built the thing so I’m probably missing stuff. Stack if you care: Vercel, Claude Sonnet, Supabase, Resend, Stripe. Started as a single HTML file, now has a real backend. Conversation is free. I’m not trying to get paying users right now I just want people who will actually try it and tell me what’s broken or what doesn’t land. Strictly looking for feedback! submitted by /u/visaversa123 [link] [comments]

Boris Charny, creator of Claude Code, engages with external developers and accepts task performance degradation since February was not only due to user error.

In a discussion on Hacker News, Boris changes his stance after examining a user's bug transcripts from "it's just a user setting issue" to "there's a flaw in the adaptive thinking feature". Initial Position: It's a Settings Issue. His first post explains the degradation as an expected side effect of two intentional changes: hiding the thinking process (a UI change) and lowering the default effort level. The implicit message is "Performance hasn't degraded. You're just using the new, lower-cost default. If you want the old performance, change your settings back to /effort high." This might be interpreted as a soft rejection of the idea that the model itself is worse. Shift to Acknowledgment: When confronted with evidence from users who are already using the highest effort settings and still see problems, his position shifts. After analyzing the bug reports provided by a user, he moves from a general explanation about settings to a specific diagnosis of a technical flaw. Final Position: Acknowledgment of a Specific Flaw. By the end of his key interactions, Boris explicitly validates the users' experience. He concedes that the "adaptive thinking" feature is "under-allocating reasoning," which directly confirms the performance degradation users are reporting. He is not admitting the model is worse. This is Boris's final message: "On the model behavior: your sessions were sending effort=high on every request (confirmed in telemetry), so this isn't the effort default. The data points at adaptive thinking under-allocating reasoning on certain turns — the specific turns where it fabricated (stripe API version, git SHA suffix, apt package list) had zero reasoning emitted, while the turns with deep reasoning were correct. we're investigating with the model team. interim workaround: CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING=1 forces a fixed reasoning budget instead of letting the model decide per-turn." I personally greatly appreciate the transparency shown in this very public discussion. Having key Anthropic technical staff directly engage with external developers like this can only help bridge the trust divide. submitted by /u/sixbillionthsheep [link] [comments]

Vibe coded a full SaaS, how do I actually make sure it’s secure before launching?

I’ve built a SaaS almost entirely with AI assistance (Claude) and I’m getting close to wanting real users on it. The stack is Next.js, Supabase, Stripe Connect, and Vercel. It’s got multiple user roles with different permissions, payments, email notifications, and a fair bit of data that really shouldn’t be visible across accounts. I’m not a senior dev, I can sort of read and understand the code but I didn’t write most of it from scratch. That’s what’s making me nervous. It looks fine but I don’t fully know what I don’t know. ∙ Anything Stripe Connect specific I should be auditing? ∙ Are there any tools that can scan for obvious vulnerabilities? Has anyone gone through this process with a vibe coded app? What did your security checklist look like and where did you find the gaps? submitted by /u/becauseadele [link] [comments]

I built a Claude Code hook that turns vague session names into useful titles

Got tired of seeing random session titles on Claude Code while trying to resume sessions So I built claude-rename, a small Claude Code hook that automatically gives your sessions descriptive titles like: fix-stripe-webhook-retry refactor-auth-middleware k8s-helm-ingress-setup What it does: * Auto-names new Claude Code sessions after the first meaningful exchange * Uses Claude itself to generate the title * No separate API key needed * Also supports backfilling old sessions * Works as a hook plus a CLI for list, rename, backfill, status, uninstall Why: I wanted claude --resume to be something I could actually scan quickly without guessing which session was which. I also wanted something lightweight that did not require extra credentials or a separate service, so quickly coded this with claude Check it out and open to feedback: https://github.com/sathwick-p/claude-rename submitted by /u/Super-Commercial6445 [link] [comments]

I build a risk toolkit for investment portfolio's

I've been investing though DeGiro and I was always frustrated about the lack of risk metrics. There is a P&L and that's it, I want to know how volatile my portfolio is, how well diversified I am against crashes and loads of other things. I discovered Claude Code and 2 weeks later I had built Drawdn, a risk dashboard for retail investors. Stress tests against real crashes, Monte Carlo simulations, portfolio optimizer, deep dive per holding, alerts. Next.js + Python risk engine, ~280 tests, Stripe billing. I'm pretty happy how it turned out and just launched early access today. If you invest and want to see what a crash would do to your portfolio: drawdn.com/crash-test , no signup, just enter your tickers. I'm making some costs on data and the risk calculations, but I have a good free tier for a solid risk analysis of your own portfolio. Would love feedback, and happy to talk about the workflow. submitted by /u/Hour-Associate-7628 [link] [comments]

I built an AI job search system with Claude Code that scored 740+ offers and landed me a job. Just open sourced it.

Edit: title should say "scored 740+ listings" not "offers": it evaluated 740+ job postings, not 740 actual job offers. my bad on the wording. A few weeks ago I shared a video of this system on r/SideProject (534 upvotes). A lot of people asked for the code, so I cleaned it up and open sourced it. What it is: A Claude Code project that turns your terminal into a job search command center. You paste a job URL, and it evaluates the offer, generates a tailored PDF resume, and tracks everything. How Claude helps: Claude Code reads a CLAUDE.md with 14 skill modes and acts as the engine for everything — evaluating fit across 10 dimensions, rewriting your CV per listing, scanning 45+ company career pages, preparing STAR interview stories, even filling application forms. It's not a wrapper around an API — it's Claude Code with custom skills. What's in the repo: 14 skill modes (evaluate, scan, PDF, batch, interview prep, negotiation...) Go terminal dashboard (Bubble Tea) to browse your pipeline 45+ companies pre-configured (Anthropic, OpenAI, ElevenLabs, Stripe...) ATS-optimized PDF generation via Playwright Onboarding wizard — Claude walks you through setup in 5 minutes Scoring system focused on quality over quantity (this is NOT a spray-and-pray tool) Important: The system is designed to help you apply only where there's a real match. It scores fit so you focus on high-quality applications instead of wasting everyone's time. Always review before submitting. Free, MIT licensed, no paid tiers: https://github.com/santifer/career-ops Full case study with architecture: https://santifer.io/career-ops-system I used it to evaluate 740+ offers before landing my current role as Head of Applied AI. Happy to answer questions about the architecture or how to customize it for your own search. submitted by /u/Beach-Independent [link] [comments]

I built a platform with Claude Code that turns your GitHub repo into a pay per use micro SaaS

I've spent a lot of my free time building single-purpose tools for myself and it's usually some combination of agents and CLIs that the agents call. The same is true for a lot of my coworkers and friends, and honestly, some of these tools are genuinely great at what they were built to do. The problem is that some of these want to be monetized but turning one into an actual product involves a lot of extra work that has nothing to do with why the tool is valuable and you have to sink time into something with potentially no ROI. So I built Qhatu where you can give it a GitHub repo and it: Deploys it with a customized frontend (generated from templates based on your code) Adds Stripe + agentic payment protocols (MPP / x402) so buyers can pay per use with no subscriptions You keep your prompts and code private while giving people a way to actually use and pay for your tool. It's free to sign up, list your tool, and deploy it. The onboarding flow uses Anthropic APIs to analyze submitted repos, generate Dockerfiles, and create the storefront UI. Claude basically powers the core "repo in, product out" pipeline, it reads your code, figures out what it does, and sets everything up. I need to figure out how to bring this cost down though, and limit repo size. Would love feedback from this community since a lot of these tools are being built with Claude. What would you want to see before listing something you've built? submitted by /u/OnlyJustOnce [link] [comments]

I built an AI agent marketplace — 142 agents, 27 categories, works with Claude Code via MCP

There's no good place to buy and sell AI agents. So I built one. AiPayGen (https://aipaygen.com/market) is a marketplace where you can browse 142 agents across 27 categories — finance, legal, healthcare, DevOps, security, marketing, and more. Creators keep 70% of every sale. It works as an MCP server, so you can use it directly in Claude Code: pip install aipaygen-mcp claude mcp add aipaygen -- aipaygen-mcp Then inside Claude Code: - list_marketplace category="finance" — browse agents - invoke_catalog_api — use any agent directly - memory_store / memory_recall — persistent memory across sessions - scrape_website / scrape_tweets — web scraping built in - research / summarize / translate — 65+ AI tools included For creators: list your agent at aipaygen.com/market/list — set your price, we handle Stripe billing + USDC escrow, you keep 70%. Agents can also hire other agents autonomously using the A2A protocol — your agent can discover, negotiate with, and pay other agents in the marketplace. Free key gives $0.10 credits (~16 calls), no card needed. Plans from $4.99/mo. GitHub (MIT licensed): https://github.com/Damien829/aipaygen Marketplace: https://aipaygen.com/market Docs: https://aipaygen.com/docs submitted by /u/GoodCommission3521 [link] [comments]

I built a payment guardrail MCP server for Claude Code — your agent can now buy things without ever seeing your credit card number.

Hey r/ClaudeAI, If you've been building agentic workflows with Claude Code, you've probably hit this wall: you want your agent to handle purchases autonomously, but handing it your real credit card is a terrible idea. A hallucination loop, a prompt injection, or just a bad tool call — and your card is either extracted or maxed out. I spent the last few months building pop-pay to solve this specifically for Claude Code users. How it works with Claude Code: 0. Run `pop-init-vault` — encrypts your card credentials into `~/.config/pop-pay/vault.enc`(one-time setup) Run `pop-launch` — it starts Chrome with CDP enabled and prints the exact `claude mcp add` commands for your machine Add the pop-pay MCP server and Playwright MCP (both in one step) Add a short block to your `CLAUDE.md`— done From there, when Claude reaches a checkout page, it calls `request_virtual_card()`. pop-pay evaluates the intent against your policy, and if approved, injects the card credentials directly into the payment iframe via CDP. **Claude only receives a masked confirmation (`****-****-****-4242`) — the raw PAN never enters the context window.** Security hardening (v0.6.0–v0.6.4):0. Run `pop-init-vault` — encrypts your card credentials into `~/.config/pop-pay/vault.enc` (one-time setup) Credentials are stored in an AES-256-GCM encrypted vault (`pop-init-vault`) — no plaintext `.env`. The PyPI build compiles the key derivation salt into a Cython extension; the salt never exists as a Python object — only the final derived key does. We ran a red team and caught three issues we hadn't planned for: a `get_compiled_salt()` function was leaking the compiled salt directly (fixed in v0.6.1), `strings` scanning on the binary revealed the plaintext salt (patched with XOR obfuscation in v0.6.2), and we found a downgrade attack path where an agent could delete the `.so` and force re-encryption with the public salt (blocked by a tamper-evident `.vault_mode` marker in v0.6.4). Full results in `SECURITY.md`. Current release is v0.6.17. SQLite never stores raw card numbers or CVV. An injection-time TOCTOU guard prevents redirect-to-attacker attacks between approval and injection. What "two-layer guardrail" means in practice: - Layer 1 (always on): keyword + pattern engine — catches hallucination loops, prompt injection attempts in the reasoning payload, phishing URLs. Zero API cost, runs locally. - Layer 2 (optional): LLM semantic evaluation — for fuzzy cases. Uses any OpenAI-compatible endpoint including local models. Layer 2 only runs if Layer 1 passes, so you're not spending tokens on obvious rejections. **The policy is yours:** ``` POP_ALLOWED_CATEGORIES=["aws", "github", "stripe"] POP_MAX_PER_TX=50.0 POP_MAX_DAILY=200.0 ``` If Claude tries to buy something outside the allowed list — even with a convincing-sounding reason — it gets blocked. Repo: https://github.com/TPEmist/Point-One-Percent Would love feedback from anyone building with Claude Code + MCP. Specifically curious whether the CDP injection approach holds up on sites you're actually using. What checkout flows have you hit that break this kind of DOM injection? Launching on Product Hunt April 8 if you want to follow along. https://reddit.com/link/1saz2fu/video/v2ae90w4ivsg1/player submitted by /u/ChemicalUnhappy5284 [link] [comments]

Checklist for release.

Hi, I have been vibe coding an API + Fully custom website connected to API to handle keys, and also a CMS for myself, like a control center. It has been 6 months now of non stop coding, I started with 2 Gemini 2.5 accounts, then 3.0 and 3.1 couldn't handle it anymore and is completely useless now, so I switched to 2 Claude accounts, and now just 1 claude max is enough and the best. I have been reading a lot of posts lately from real Devs saying vibe coding a real app/project is impossible and that there are so many edge cases, and crazy database layers to do that no vibe coder or Claude could ever fix/make. I was wondering if any real full stack coder could point me in the right direction to find basic checks, and more advanced security checks/fixes, and how to handle high volumes. In the past 2 months I have fixed over 10,000 bugs, security vulnerabilities, edge cases and so on, now when I push Claude, it really doesn't find anything, not even low level bugs. but of course I want to be sure. to resume, I want to be sure: -Custom stripe subscription system is perfectly handled in all cases.(CRON properly charges, monthly, yearly, retries etc..) -API usage is perfectly handled on all endpoints -Account management -database access is always possible I also have an overage system like Claude, is there any info I need to know about this? Important stuff? They can add balance, still use API, turn off, auto fill etc... I use Cloudflare(pro), Supabase(pro), wordpress(custom plugin + custom php pages). thank you in advance. submitted by /u/francesco_puig [link] [comments]

Switched from MCPs to CLIs for Claude Code and honestly never going back

I went pretty hard on MCPs at first. Set up a bunch of them, thought I was doing things “the right way.” But after actually using them for a bit… it just got frustrating. Claude would mess up parameters, auth would randomly break, stuff would time out. And everything felt slower than it should be. Once I started using CLIs. Turns out Claude is genuinely excellent with them. Makes sense, it's been trained on years of shell scripts, docs, Stack Overflow answers, GitHub issues. It knows the flags, it knows the edge cases, it composes commands in ways that would take me 20 minutes to figure out. With MCPs I felt like I was constraining it. With CLIs I jactually just get out of the way. Here's what I'm actually running day to day: gh (GitHub CLI) — PRs, issues, code search, all of it. --json flag with --jq for precise output. Claude chains these beautifully. Create issue → assign → open PR → request review, etc. Ripgrep - Fast code search across large repos. Way better than grep. Claude uses it constantly to find symbols, trace usage, and navigate unfamiliar codebases. composio — Universal CLI for connecting agents to numerous tools with managed auth. Lets you access APIs, MCPs, and integrations from one interface without wiring everything yourself. stripe — Webhook testing, event triggering, log tailing. --output json makes it agent-friendly. Saved me from having to babysit payment flows manually. supabase — Local dev, DB management, edge functions. Claude knows this one really well. supabase start + a few db commands and your whole local environment is up. vercel — Deploy, env vars, domain management. Token-based auth means no browser dance. Claude just runs vercel --token $TOKEN and it works. sentry-cli — Release management, source maps, log tailing. --format json throughout. I use this for Claude to diagnose errors without me copy-pasting stack traces. neon — Postgres branch management from terminal. Underrated one. Claude can spin up a branch, test a migration, and tear it down. Huge for not wrecking prod. I've been putting together a list of CLIs that actually work well with Claude Code (structured output, non-interactive mode, API key auth, the things that matter for agents) Would love to know any other clis that you've been using in your daily workflows, or if you've built any personal tools. I will add it here. I’ve been putting together a longer list here with install + auth notes if that’s useful: https://github.com/ComposioHQ/awesome-agent-clis submitted by /u/geekeek123 [link] [comments]

New to coding - security measures?

Hi everyone- I'm not even going to pretend like I'm experienced with coding. I know basic HTML, but I know what Claude is working with is so far above that. I'm building an extremely basic scheduling application. In theory, it would be a low cost SAAS, with no payment information rolling through or stored within the site. Everything would be done through Stripe and their portal, so I feel OK there. However, the site would still store first name, last name, email address, and phone numbers. That should be the limit of the sensitive information. What measures can I take to ensure that my database is secure? My worst nightmare is any sort of data leak and since I'm using applications I'm not super familiar with (but am beginning to learn and understand), I want to do everything I can. Obviously, I assume the best answer is to do some sort of pen testing. Is there anything short of paying an arm and a leg for that? I've tried to prompt Claude to review for security issues within my APIs, but I know the nature of AI and its aim to please, so I'm not fully trusting. Any help or education is greatly appreciated! submitted by /u/OkSchedule5422 [link] [comments]

the products that Claude Code recommends are about to win everything

when you’re building with Claude Code and you need a database, payment processor, or analytics tool, what happens? the AI recommends one. you go with it because you trust it and you’re moving fast. that’s agentic purchasing already happening. the AI agent just made a buying decision on behalf of a business. you probably didn’t think of it that way. now scale that up. Ramp just gave AI agents their own credit cards. Mastercard and Google are building transaction verification for agents. Stripe’s Agentic Commerce Protocol found that the number one factor in showing up in agent recommendations is structured, machine-readable product data. not marketing. documentation. some companies are already building for this. Vercel has documentation specifically for AI and an open agent skills ecosystem. Resend publishes markdown versions of their pricing page because it helps agents parse how pricing works. the implication: products with the best APIs, clearest docs, and most structured pricing will be what agents default to. not because of SEO or ads but because the agent can actually understand what the product does and what it costs. for those building products right now: are you thinking about how AI agents evaluate and recommend your product? or is this still too far off to worry about? submitted by /u/New_Indication2213 [link] [comments]