All Posts
February 15, 20260.1.28Jugg.ai

v0.1.28 — feat: integrate Stripe Checkout for credit top-ups

Release v0.1.28: Stripe Checkout for Credit Top-Ups

February 15, 2026

What changed

  • Stripe Checkout integration — The billing.topUp mutation now creates a Stripe Checkout Session and redirects users to Stripe's hosted payment page, replacing the previous system that added credits without payment verification.
  • Webhook-based fulfillment — New /api/webhooks/stripe endpoint verifies Stripe signatures and atomically adds credits only after confirmed payment.
  • Audit logging — Both checkout initiation and completed payments are recorded in the audit log with Stripe session IDs, amounts, and balance snapshots.
  • Graceful degradation — New Stripe client singleton returns null when STRIPE_SECRET_KEY is not set, so the app still boots in development without Stripe configured.
  • Tests — Unit tests cover the Stripe client module and webhook handler (signature verification, metadata validation, credit addition, audit logging).

Why it matters

Credits are now backed by real payments. The previous virtual credit system allowed unlimited credits without any payment — this release closes that security gap.

Technical notes

  • New dependency: stripe@^17.0.0
  • Two new required env vars: STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET
  • Credit updates use sql expressions for atomic increments (no race conditions)
  • Currency is GBP (£)

Release Notes

Successfully merged PR #79 and published release v0.1.28.

What was released:

  • Stripe Checkout Integration — Replaced the insecure virtual credit top-up system with a secure Stripe Checkout flow. Credits are now only added after verified payment via Stripe webhooks.

Key changes (9 files, +778/-207):

  • New Stripe client singleton with graceful degradation
  • New webhook handler at /api/webhooks/stripe with signature verification, atomic credit updates, and audit logging
  • Updated billing.topUp mutation to create Stripe Checkout Sessions
  • Updated credit top-up UI with Stripe redirect flow
  • Added comprehensive unit tests for Stripe client and webhook handler
  • Added stripe@^17.0.0 dependency

New required env vars: STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET

Release: https://github.com/Jugg-ai/Jugg-ai.jugg-ai/releases/tag/v0.1.28

More Posts

v0.1.33 — perf: replace N sequential UPDATEs in bulkUpdateOrder with single batch SQL0.1.33
Feb 15
v0.1.32 — feat: add dark-aware brand color injection to template globals.css0.1.32
Feb 15
v0.1.31 — feat(billing): add billing guard to competitorMonitor cron0.1.31
Feb 15