Skip to main content

Package Contract

A ProviderFlow package defines how webhook events are processed and delivered. Packages are internal/private for V1 and not part of a public marketplace.

Every package carries an ownership and maturity classification that governs support, billing, and quality gate expectations.

Package Definition

package:
name: stripe-v2
version: 2.0.0
provider: stripe
ownership: Official
maturity: GA
visibility: internal/private
description: "Stripe webhook processing package for payments"
canonical_layer: data
canonical_area: payment-processing
evidence_status: verified
compatibility:
min_platform_version: "1.0.0"

endpoints:
- name: payment-event
provider: stripe
url: https://your-domain.com/webhooks/stripe
auth: {type: api_key, key: X-Stripe-Token}
events:
- payment_intent.succeeded
- payment_intent.failed
- charge.succeeded

targets:
- name: data-warehouse
provider: stripe
url: https://api.data-warehouse.com/events
auth: {type: bearer, token: {{DATA_WAREHOUSE_TOKEN}}}
events:
- payment_intent.succeeded
- payment_intent.failed

flows:
- name: payment-events
provider: stripe
endpoint: payment-event
target: data-warehouse
events:
- payment_intent.succeeded
- payment_intent.failed

Required Fields

Package

FieldTypeRequiredDescription
namestringPackage name
versionstringPackage version (semver)
providerstringProvider name (e.g., stripe, shopify)
ownershipstringOwnership: Official, Verified Community, Community
maturitystringMaturity: Draft, Preview, Beta, Verified, GA
visibilitystringVisibility: internal/private
descriptionstringPackage description
canonical_layerstringLayer: data, infra, app
canonical_areastringArea within layer (e.g., payment-processing)

Endpoint

FieldTypeRequiredDescription
namestringUnique endpoint identifier
providerstringProvider name
urlstringWebhook endpoint URL
authobjectAuthentication configuration
eventsarrayList of event types

Target

FieldTypeRequiredDescription
namestringUnique target identifier
providerstringProvider name
urlstringDelivery endpoint URL
authobjectAuthentication configuration
eventsarrayList of event types

Flow

FieldTypeRequiredDescription
namestringUnique flow identifier
providerstringProvider name
endpointstringEndpoint name
targetstringTarget name
eventsarrayList of event types

Authentication

API Key

auth:
type: api_key
key: X-Stripe-Token
value: sk_test_xxxxx

Bearer Token

auth:
type: bearer
token: {{STRIPE_API_KEY}}

Header Auth

auth:
type: header
key: Authorization
value: Bearer {{STRIPE_API_KEY}}

Event Types

Events are provider-specific and must be defined in the contract.

Example Events

events:
- payment_intent.succeeded
- payment_intent.failed
- charge.succeeded
- charge.refunded

Visibility

Packages are internal/private for V1:

  • ✅ Operator visibility through evidence and traces
  • ✅ Validation against fixtures and goldens
  • ✅ Documentation of contract and usage
  • ❌ No public marketplace
  • ❌ No public package listings

Non-Executory

This is a declarative contract, not an executable program:

  • No JavaScript execution
  • No arbitrary runtime code
  • No dynamic loading
  • No plugins or extensions
  • Deterministic YAML/DAG processing only