hermes-agent/website/docs/user-guide/skills/optional/payments/payments-stripe-link-cli.md
Teknium 5bfed0fe07
feat(skills): add optional payments skills (Stripe Link, MPP, Projects) (#31343)
* feat(skills): add optional payments skills (Stripe Link, MPP, Projects)

Adds four optional skills under optional-skills/payments/ wrapping the
Stripe Link CLI, the Machine Payments Protocol (MPP) clients, and the
Stripe Projects CLI plugin. Plus a router skill (payments) that picks
between them based on user intent.

All four are gated [linux, macos] — Stripe's Link CLI does not yet
support Windows. The other CLIs (mppx, stripe projects) are
cross-platform on paper but the payments cluster moves as a unit until
Link CLI gains Windows support.

Skills:
- stripe-link-cli  - one-time virtual cards + Shared Payment Tokens
- mpp-agent        - HTTP 402 payments via mppx/Tempo/Privy/AgentCash
- stripe-projects  - provision SaaS services + credential sync
- payments         - router/index skill for the cluster

Hard invariants encoded in every skill:
- Card PANs/wallet keys never enter agent transcripts, logs, or memory
- Spend approvals are not self-bypassable (Link app / wallet UI / CLI prompt)
- Final totals confirmed with user before any --request-approval call
- Credential output files cleaned up after one-time use

Zero core touches. Skills install via:
  hermes skills install official/payments/<skill>

* chore(skills/payments): drop router skill — skills shouldn't depend on other skills

Removed optional-skills/payments/payments/ — the router skill that
existed to hand off between stripe-link-cli, mpp-agent, and
stripe-projects.

Per project convention: skills should be independently loadable; a
router is a footgun because (a) it assumes the loader will follow its
recommendation rather than just loading what the user asked for, and
(b) it duplicates the trigger logic that already lives in each
sub-skill's '## When to Use' section.

The three remaining skills declare their own triggers and routing
hints. The optional-skills catalog still groups them under '## payments',
which is the appropriate place for cluster-level discoverability.

Also drops 'payments' from each remaining skill's 'related_skills' list
and removes the corresponding entries from the docs catalog + sidebars.

* feat(skills/payments): fold in danhill-stripe review feedback

- mpp-agent: add link-cli as a client option (when Link is already set
  up, or the 402 challenge advertises method="stripe")
- stripe-link-cli: reframe Link account / payment method / approval app
  as first-run setup, not hard preconditions (CLI configures them on
  first run)
- regenerate the two affected optional-skills docs pages
2026-06-15 15:28:42 -07:00

7.4 KiB

title sidebar_label description
Stripe Link Cli — Agent payments via Stripe Link — cards, SPT, approvals Stripe Link Cli Agent payments via Stripe Link — cards, SPT, approvals

{/* This page is auto-generated from the skill's SKILL.md by website/scripts/generate-skill-docs.py. Edit the source SKILL.md, not this page. */}

Stripe Link Cli

Agent payments via Stripe Link — cards, SPT, approvals.

Skill metadata

Source Optional — install with hermes skills install official/payments/stripe-link-cli
Path optional-skills/payments/stripe-link-cli
Version 0.1.0
Author Teknium (teknium1), Hermes Agent
License MIT
Platforms linux, macos
Tags Payments, Stripe, Link, Checkout, MPP
Related skills mpp-agent, stripe-projects

Reference: full SKILL.md

:::info The following is the complete skill definition that Hermes loads when this skill is triggered. This is what the agent sees as instructions when the skill is active. :::

Stripe Link CLI Skill

Wraps @stripe/link-cli so Hermes can complete purchases on the user's behalf using one-time-use virtual cards or Shared Payment Tokens (SPT). Every spend is gated by an in-app approval in the Link mobile/web app — Hermes cannot self-approve.

US-only at the moment (Link account requirement). Windows is not supported by the upstream CLI — this skill is gated [linux, macos].

When to Use

Trigger phrases:

  • "buy X", "pay for X", "make a purchase", "complete checkout"
  • "get me a card", "I need a payment method"
  • "log in to Link", "connect my Link wallet"
  • HTTP 402 response from a merchant API with www-authenticate: ... method="stripe"

If the user wants a paid API call (HTTP 402, no checkout form), the card path is wrong — use SPT via this same skill, or hand off to the mpp-agent skill.

Prerequisites

  • Node.js 20+ available on PATH (node --version)
  • US-based (Link account requirement)

The Link account, payment method, and spend-approval app do NOT need to be set up before Hermes attempts to pay — the CLI walks the user through them on first run:

  • A Link account at https://app.link.com — created/linked during first link-cli auth
  • At least one payment method — added during first run at https://app.link.com/wallet
  • The Link mobile/web app — opened to approve the first spend request when it's made

No env vars required — auth state is stored locally by the CLI under its own config directory.

Install

Install once, globally:

npm install -g @stripe/link-cli

Or invoke ad-hoc via npx @stripe/link-cli. The skill below uses the installed link-cli form.

How to Run

All commands run through the terminal tool. The CLI auto-detects non-TTY callers and emits compact toon output by default — fine for the model. Pass --format json if a step needs structured fields.

Discover commands: link-cli --llms-full. Get a command's schema before invoking: link-cli <command> --schema.

Procedure

1. Check / establish auth

link-cli auth status

If not authenticated, log in with a clear client name (this label shows in the user's Link app):

link-cli auth login --client-name "Hermes" --interval 5 --timeout 300

The --interval/--timeout form polls inline so the agent doesn't need to manage a _next step. Print the verification URL + phrase to the user and wait for the CLI to return.

Do not proceed past this step until auth status confirms login.

2. Evaluate the merchant before creating a spend request

Decide the credential type:

Merchant surface --credential-type
Standard web checkout form / Stripe Elements card (default)
Returns HTTP 402 with method="stripe" in www-authenticate shared_payment_token
Returns HTTP 402 without method="stripe" unsupported — stop

For 402 responses, do NOT decode the challenge manually. Pass the raw header:

link-cli mpp decode --challenge '<full WWW-Authenticate header>'

This validates the challenge and extracts the network ID + decoded request body.

3. List payment methods + shipping

link-cli payment-methods list
link-cli shipping-address list

Use the first entry unless the user specifies otherwise. The id from payment-methods list is the --payment-method-id in the next step.

4. Create the spend request

Confirm the final total with the user before issuing this command. Amounts are in cents.

link-cli spend-request create \
  --payment-method-id <pm_id> \
  --merchant-name "<name>" \
  --merchant-url "<url>" \
  --context "<one sentence: what is being purchased and why>" \
  --amount <cents> \
  --line-item "name:<item>,unit_amount:<cents>,quantity:1" \
  --total "type:total,display_text:Total,amount:<cents>" \
  --request-approval

For MPP merchants add --credential-type shared_payment_token.

--request-approval pings the user's Link app and polls until they approve or deny. The CLI exits non-zero on deny / timeout.

5. Retrieve the credential — SECURELY

Do not print card details to stdout. Use --output-file so the PAN never enters the agent's transcript or logs:

link-cli spend-request retrieve <lsrq_id> \
  --include card \
  --output-file /tmp/link-card.json \
  --format json

The file is written with 0600 perms; stdout shows only redacted fields (brand, last4, expiry) plus a card_output_file path.

6. Use the credential

  • For web checkout: hand the file path to the user, OR pass it to a browser-driving tool that fills the form directly from disk. Never read_file or cat the card file into the agent's reasoning context.

  • For MPP merchants:

    link-cli mpp pay <merchant-url> \
      --spend-request-id <lsrq_id> \
      --method POST \
      --data '<json body>'
    

7. Clean up

Delete the card file as soon as the purchase is done:

rm -f /tmp/link-card.json

Optional: run as an MCP server instead

@stripe/link-cli --mcp exposes the same commands as MCP tools over stdio. To register it with Hermes' native MCP:

hermes mcp add stripe-link --command "npx" --args "@stripe/link-cli --mcp"

Then hermes mcp list should show stripe-link. The same approval rules apply — MCP doesn't bypass the Link app approval step.

Pitfalls

  • US-only. Outside the US, auth login will fail. Tell the user, don't keep retrying.
  • Card PAN must never enter agent context. Use --output-file every time. If you've already retrieved without it, immediately link-cli auth logout is not enough — the card is one-time-use but rotate hygiene matters.
  • --request-approval blocks until the user acts. If the user is asleep, the CLI will hit its timeout. Set expectations.
  • Multi-step _next commands. Some commands return _next.command that must be executed to continue. When in doubt, prefer the inline-polling flags (--interval/--timeout).
  • Output format defaults to toon in non-TTY mode. Fine for prose, but if a downstream step needs to parse a specific field, pass --format json.
  • Don't default to card. The merchant-evaluation step (Section 2) exists because picking the wrong credential type fails the purchase silently or leaks more data than needed.

Verification

link-cli --version && link-cli auth status

Exit code 0 means installed and logged in.