Strong for local payment testing when limited to test mode and webhook workflows.
Whether the CLI can return JSON, YAML, or stable machine-readable output.
Whether common workflows can run predictably without an interactive prompt.
Whether read-only, dry-run, scoped auth, and destructive command boundaries are clear.
安装方式
$ brew install stripe/stripe-cli/stripe $ docker run --rm -it stripe/stripe-cli 常用命令
$ stripe listen --forward-to localhost:3000/api/webhooks/stripe Forwards test webhooks to local development.
$ stripe trigger checkout.session.completed Creates a test event for webhook validation.
$ stripe refunds create --charge ch_... Moves money and must not be agent-autonomous.
Agent 使用示例
Use Stripe CLI in test mode to trigger webhook events and verify handlers. Never run live refund or cancellation commands without approval. 安全说明
- Listen and trigger commands are good for local webhook testing.
- Commands that create, refund, or cancel live resources must require explicit approval.
- Use test mode keys for agent-driven development work.
TL;DR
Stripe CLI 很适合本地支付开发,但 Agent 应该被限制在测试模式、Webhook 转发和测试事件范围内。
Agent 安全流程
1. 确认项目使用的是 test keys。 2. 用 `stripe listen --forward-to localhost:3000/api/webhooks/stripe` 转发测试 Webhook。 3. 触发 `checkout.session.completed` 等代表性测试事件。 4. 检查本地服务日志和 Webhook handler 输出。 5. 总结哪些事件通过、失败或没有被处理。
必须确认
不能让 Agent 在没有明确确认的情况下创建 live refund、取消订阅、更新真实客户或修改账号级设置。