NOMOS
Get started
Connect providers

Stripe Connect

Stripe accounts via the Connect platform. Non-refreshable; rotate on schedule.

Stripe integration goes through Connect: Nomos is registered as a Connect platform, and each customer's Stripe account is linked via OAuth.

Stripe Connect tokens don't refresh.

Plan for periodic re-consent. Nomos surfaces expiry 14 days out in the Connections panel.

Connect

  1. 1
    Open picker

    ConnectionsStripe.

  2. 2
    Stripe OAuth screen

    Sign in with your Stripe account, pick which account (live or test). Approve.

    Stripe Connect OAuth consent
    Test-mode accounts work the same as live; the prefix on the account id reveals which is which.

Commands

  • /stripe/customer/list, /stripe/customer/get, /stripe/customer/create, /stripe/customer/update
  • /stripe/invoice/list, /stripe/invoice/get, /stripe/invoice/create, /stripe/invoice/send (step-up), /stripe/invoice/void (step-up)
  • /stripe/payment_intent/get, /stripe/payment_intent/list, /stripe/payment_intent/refund (step-up)
  • /stripe/subscription/list, /stripe/subscription/get, /stripe/subscription/cancel (step-up)
  • /stripe/charge/list, /stripe/charge/get, /stripe/charge/refund (step-up)
  • /stripe/product/*, /stripe/price/*

Starter policies

  • stripe:read-only — everything read; no creates, no refunds.
  • stripe:safe-default — read + customer create + invoice create. Refunds, voids, sends require step-up.
  • stripe:billing-bot — pinned to one customer's data via resource.customerId.

Cedar fragment — never refund without cosigner

cedar
permit (
  principal,
  action in [Action::"/stripe/customer/list", Action::"/stripe/invoice/list",
             Action::"/stripe/invoice/get"],
  resource
);

forbid (
  principal,
  action in [Action::"/stripe/charge/refund",
             Action::"/stripe/payment_intent/refund",
             Action::"/stripe/subscription/cancel"],
  resource
) when { !context.cosigner };
Next →DiscordServer channels + DMs.