Skip to content

feat: Stripe secrets pipeline — env wiring, client refactor, health check, k6 test#184

Open
GTC6244 wants to merge 8 commits intonextfrom
GTC6244/stripe-secrets-ci-docker
Open

feat: Stripe secrets pipeline — env wiring, client refactor, health check, k6 test#184
GTC6244 wants to merge 8 commits intonextfrom
GTC6244/stripe-secrets-ci-docker

Conversation

@GTC6244
Copy link
Copy Markdown
Contributor

@GTC6244 GTC6244 commented Mar 26, 2026
edited
Loading

Summary

  • Wire STRIPE_SECRET_KEY and STRIPE_PUBLISHABLE_KEY into docker-compose.phala.yml as Phala CVM encrypted env vars (same ${VAR} pattern as BASE_CHAIN_RPC)
  • Refactor Stripe HTTP client: 30s request timeout, StripeResponse { status, body } struct preserving HTTP status codes, shared parse_stripe_response() helper (DRY)
  • Add billing_keys_present: bool to health endpoint (informational only — does NOT affect 200/503 status)
  • Add k6 billing correctness spec: GET /billing/stripe_config verifies publishable key is returned on deployed server
  • Update deploy-phala.yml header with complete secret inventory (GitHub secrets + Phala CVM encrypted env vars)
  • Add TODOS.md with P2 startup Stripe key validation (depends on client refactor shipping here)
  • Log error before silently disabling billing if reqwest client fails to build

Context

Billing code exists and works locally, but is silently disabled in all deployed environments because Stripe keys were never injected. This PR closes the gap: keys flow through Phala CVM → container env → stripe::init() → billing enabled. The client refactor (HTTP status preservation + timeouts) unblocks the P2 startup validation TODO.

Test Coverage

COVERAGE: 11/12 paths tested (92%)
QUALITY:  ★★★: 9  ★★: 2  ★: 0
GAPS: 1 minor (billing_keys_present=true, blocked by private fields — trivial is_some() logic)

Pre-Landing Review

Pre-Landing Review: 2 issues (0 critical, 2 informational) — all auto-fixed.

Plan Completion

8/10 DONE, 2 NOT DONE (both explicitly deferred during eng review):

  • Stripe webhook endpoint → future work
  • Startup key validation → deferred to TODOS.md as P2

TODOS

  • TODOS.md created with P2 startup Stripe key validation item

Test plan

  • 7 stripe/health unit tests pass (6 parse_stripe_response + 1 billing_keys_present)
  • All existing tests pass (1 pre-existing macOS failure: lit-actions socket present in dev)
  • k6 billing.spec.ts validates GET /billing/stripe_config returns pk_* key on deployed server
  • Manual: configure Phala CVM encrypted env vars for chipotle-next with test sandbox keys

🤖 Generated with Claude Code

Copilot AI review requested due to automatic review settings March 26, 2026 20:07
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a planning/TODO document describing upcoming work for Stripe secret injection and a follow-up improvement to validate Stripe keys at startup, to avoid silent billing failures.

Changes:

  • Introduces TODOS.md with a P2 item for startup Stripe key validation (GET /v1/balance) and associated rollout/behavior notes.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@GTC6244 GTC6244 self-assigned this Mar 26, 2026
@GTC6244 @claude
feat: Stripe secrets pipeline — client refactor, health check, k6 test
0426a17 
Wire STRIPE_SECRET_KEY and STRIPE_PUBLISHABLE_KEY into docker-compose.phala.yml
as Phala CVM encrypted env vars (same pattern as BASE_CHAIN_RPC). Refactor the
Stripe HTTP client with a 30s request timeout and StripeResponse struct that
preserves HTTP status codes — prerequisite for the P2 startup key validation
TODO. Add billing_keys_present field to the health endpoint (informational only,
does not affect 200/503 status). Add k6 billing correctness spec that verifies
GET /billing/stripe_config returns a publishable key on the deployed server.
Update deploy-phala.yml header with complete secret inventory.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@GTC6244 GTC6244 changed the title feat: Stripe secrets CI/Docker pipeline planning & TODOS feat: Stripe secrets pipeline — env wiring, client refactor, health check, k6 test Mar 26, 2026
GTC6244 and others added 2 commits March 26, 2026 16:47
@GTC6244
Merge remote-tracking branch 'origin/next' into GTC6244/stripe-secret…
9fa608f 
…s-ci-docker
@GTC6244 @claude
fix: review fixes — log client build errors, update stale TODOS refs
07c88a0 
- Log error before silently disabling billing if reqwest client fails
- Replace stale line numbers and branch names in TODOS.md with stable refs

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@GTC6244 GTC6244 requested a review from Garandor March 26, 2026 20:56
@GTC6244 GTC6244 requested a review from a team March 28, 2026 15:15
@GTC6244 @claude
feat: pass Stripe secrets via -e flags on phala deploy
488316b 
Matching the pattern from PR #199 — secrets must be explicitly passed
as -e flags to the Phala CLI, not just referenced in docker-compose.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Garandor Garandor Awaiting requested review from Garandor

At least 1 approving review is required to merge this pull request.

Assignees

@GTC6244 GTC6244

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GTC6244