84 /100
Strong for local payment testing when limited to test mode and webhook workflows.
Structured output 86/100
Whether the CLI can return JSON, YAML, or stable machine-readable output.
Non-interactive use 82/100
Whether common workflows can run predictably without an interactive prompt.
Safety boundaries 66/100
Whether read-only, dry-run, scoped auth, and destructive command boundaries are clear.
安装方式
Homebrew
$ brew install stripe/stripe-cli/stripe Docker
$ docker run --rm -it stripe/stripe-cli 常用命令
Listen for webhooks · 安全
$ stripe listen --forward-to localhost:3000/api/webhooks/stripe Forwards test webhooks to local development.
Trigger checkout event · 安全
$ stripe trigger checkout.session.completed Creates a test event for webhook validation.
Create live refund · 高风险
$ stripe refunds create --charge ch_... Moves money and must not be agent-autonomous.
Agent 使用示例
Claude Code
Use Stripe CLI in test mode to trigger webhook events and verify handlers. Never run live refund or cancellation commands without approval. 安全说明
- Listen and trigger commands are good for local webhook testing.
- Commands that create, refund, or cancel live resources must require explicit approval.
- Use test mode keys for agent-driven development work.
TL;DR
Stripe CLI 很适合本地支付开发,但 Agent 应该被限制在测试模式、Webhook 转发和测试事件范围内。
Agent 安全流程
- 确认项目使用的是 test keys。
- 用
stripe listen --forward-to localhost:3000/api/webhooks/stripe转发测试 Webhook。 - 触发
checkout.session.completed等代表性测试事件。 - 检查本地服务日志和 Webhook handler 输出。
- 总结哪些事件通过、失败或没有被处理。
必须确认
不能让 Agent 在没有明确确认的情况下创建 live refund、取消订阅、更新真实客户或修改账号级设置。