* feat(skills): add optional payments skills (Stripe Link, MPP, Projects) Adds four optional skills under optional-skills/payments/ wrapping the Stripe Link CLI, the Machine Payments Protocol (MPP) clients, and the Stripe Projects CLI plugin. Plus a router skill (payments) that picks between them based on user intent. All four are gated [linux, macos] — Stripe's Link CLI does not yet support Windows. The other CLIs (mppx, stripe projects) are cross-platform on paper but the payments cluster moves as a unit until Link CLI gains Windows support. Skills: - stripe-link-cli - one-time virtual cards + Shared Payment Tokens - mpp-agent - HTTP 402 payments via mppx/Tempo/Privy/AgentCash - stripe-projects - provision SaaS services + credential sync - payments - router/index skill for the cluster Hard invariants encoded in every skill: - Card PANs/wallet keys never enter agent transcripts, logs, or memory - Spend approvals are not self-bypassable (Link app / wallet UI / CLI prompt) - Final totals confirmed with user before any --request-approval call - Credential output files cleaned up after one-time use Zero core touches. Skills install via: hermes skills install official/payments/<skill> * chore(skills/payments): drop router skill — skills shouldn't depend on other skills Removed optional-skills/payments/payments/ — the router skill that existed to hand off between stripe-link-cli, mpp-agent, and stripe-projects. Per project convention: skills should be independently loadable; a router is a footgun because (a) it assumes the loader will follow its recommendation rather than just loading what the user asked for, and (b) it duplicates the trigger logic that already lives in each sub-skill's '## When to Use' section. The three remaining skills declare their own triggers and routing hints. The optional-skills catalog still groups them under '## payments', which is the appropriate place for cluster-level discoverability. Also drops 'payments' from each remaining skill's 'related_skills' list and removes the corresponding entries from the docs catalog + sidebars. * feat(skills/payments): fold in danhill-stripe review feedback - mpp-agent: add link-cli as a client option (when Link is already set up, or the 402 challenge advertises method="stripe") - stripe-link-cli: reframe Link account / payment method / approval app as first-run setup, not hard preconditions (CLI configures them on first run) - regenerate the two affected optional-skills docs pages
7.4 KiB
| title | sidebar_label | description |
|---|---|---|
| Stripe Link Cli — Agent payments via Stripe Link — cards, SPT, approvals | Stripe Link Cli | Agent payments via Stripe Link — cards, SPT, approvals |
{/* This page is auto-generated from the skill's SKILL.md by website/scripts/generate-skill-docs.py. Edit the source SKILL.md, not this page. */}
Stripe Link Cli
Agent payments via Stripe Link — cards, SPT, approvals.
Skill metadata
| Source | Optional — install with hermes skills install official/payments/stripe-link-cli |
| Path | optional-skills/payments/stripe-link-cli |
| Version | 0.1.0 |
| Author | Teknium (teknium1), Hermes Agent |
| License | MIT |
| Platforms | linux, macos |
| Tags | Payments, Stripe, Link, Checkout, MPP |
| Related skills | mpp-agent, stripe-projects |
Reference: full SKILL.md
:::info The following is the complete skill definition that Hermes loads when this skill is triggered. This is what the agent sees as instructions when the skill is active. :::
Stripe Link CLI Skill
Wraps @stripe/link-cli so Hermes can complete purchases on the user's behalf using one-time-use virtual cards or Shared Payment Tokens (SPT). Every spend is gated by an in-app approval in the Link mobile/web app — Hermes cannot self-approve.
US-only at the moment (Link account requirement). Windows is not supported by the upstream CLI — this skill is gated [linux, macos].
When to Use
Trigger phrases:
- "buy X", "pay for X", "make a purchase", "complete checkout"
- "get me a card", "I need a payment method"
- "log in to Link", "connect my Link wallet"
- HTTP 402 response from a merchant API with
www-authenticate: ... method="stripe"
If the user wants a paid API call (HTTP 402, no checkout form), the card path is wrong — use SPT via this same skill, or hand off to the mpp-agent skill.
Prerequisites
- Node.js 20+ available on
PATH(node --version) - US-based (Link account requirement)
The Link account, payment method, and spend-approval app do NOT need to be set up before Hermes attempts to pay — the CLI walks the user through them on first run:
- A Link account at https://app.link.com — created/linked during first
link-cliauth - At least one payment method — added during first run at https://app.link.com/wallet
- The Link mobile/web app — opened to approve the first spend request when it's made
No env vars required — auth state is stored locally by the CLI under its own config directory.
Install
Install once, globally:
npm install -g @stripe/link-cli
Or invoke ad-hoc via npx @stripe/link-cli. The skill below uses the installed link-cli form.
How to Run
All commands run through the terminal tool. The CLI auto-detects non-TTY callers and emits compact toon output by default — fine for the model. Pass --format json if a step needs structured fields.
Discover commands: link-cli --llms-full.
Get a command's schema before invoking: link-cli <command> --schema.
Procedure
1. Check / establish auth
link-cli auth status
If not authenticated, log in with a clear client name (this label shows in the user's Link app):
link-cli auth login --client-name "Hermes" --interval 5 --timeout 300
The --interval/--timeout form polls inline so the agent doesn't need to manage a _next step. Print the verification URL + phrase to the user and wait for the CLI to return.
Do not proceed past this step until auth status confirms login.
2. Evaluate the merchant before creating a spend request
Decide the credential type:
| Merchant surface | --credential-type |
|---|---|
| Standard web checkout form / Stripe Elements | card (default) |
Returns HTTP 402 with method="stripe" in www-authenticate |
shared_payment_token |
Returns HTTP 402 without method="stripe" |
unsupported — stop |
For 402 responses, do NOT decode the challenge manually. Pass the raw header:
link-cli mpp decode --challenge '<full WWW-Authenticate header>'
This validates the challenge and extracts the network ID + decoded request body.
3. List payment methods + shipping
link-cli payment-methods list
link-cli shipping-address list
Use the first entry unless the user specifies otherwise. The id from payment-methods list is the --payment-method-id in the next step.
4. Create the spend request
Confirm the final total with the user before issuing this command. Amounts are in cents.
link-cli spend-request create \
--payment-method-id <pm_id> \
--merchant-name "<name>" \
--merchant-url "<url>" \
--context "<one sentence: what is being purchased and why>" \
--amount <cents> \
--line-item "name:<item>,unit_amount:<cents>,quantity:1" \
--total "type:total,display_text:Total,amount:<cents>" \
--request-approval
For MPP merchants add --credential-type shared_payment_token.
--request-approval pings the user's Link app and polls until they approve or deny. The CLI exits non-zero on deny / timeout.
5. Retrieve the credential — SECURELY
Do not print card details to stdout. Use --output-file so the PAN never enters the agent's transcript or logs:
link-cli spend-request retrieve <lsrq_id> \
--include card \
--output-file /tmp/link-card.json \
--format json
The file is written with 0600 perms; stdout shows only redacted fields (brand, last4, expiry) plus a card_output_file path.
6. Use the credential
-
For web checkout: hand the file path to the user, OR pass it to a browser-driving tool that fills the form directly from disk. Never
read_fileorcatthe card file into the agent's reasoning context. -
For MPP merchants:
link-cli mpp pay <merchant-url> \ --spend-request-id <lsrq_id> \ --method POST \ --data '<json body>'
7. Clean up
Delete the card file as soon as the purchase is done:
rm -f /tmp/link-card.json
Optional: run as an MCP server instead
@stripe/link-cli --mcp exposes the same commands as MCP tools over stdio. To register it with Hermes' native MCP:
hermes mcp add stripe-link --command "npx" --args "@stripe/link-cli --mcp"
Then hermes mcp list should show stripe-link. The same approval rules apply — MCP doesn't bypass the Link app approval step.
Pitfalls
- US-only. Outside the US,
auth loginwill fail. Tell the user, don't keep retrying. - Card PAN must never enter agent context. Use
--output-fileevery time. If you've already retrieved without it, immediatelylink-cli auth logoutis not enough — the card is one-time-use but rotate hygiene matters. --request-approvalblocks until the user acts. If the user is asleep, the CLI will hit its timeout. Set expectations.- Multi-step
_nextcommands. Some commands return_next.commandthat must be executed to continue. When in doubt, prefer the inline-polling flags (--interval/--timeout). - Output format defaults to
toonin non-TTY mode. Fine for prose, but if a downstream step needs to parse a specific field, pass--format json. - Don't default to
card. The merchant-evaluation step (Section 2) exists because picking the wrong credential type fails the purchase silently or leaks more data than needed.
Verification
link-cli --version && link-cli auth status
Exit code 0 means installed and logged in.