Skip to content
Flows
Payment Flow QA
QA60-90 minutes
0/5 steps0%

Step 1 of 5

Audit the money path

Trace where amounts come from and who declares success.

Prompt capsule

Audit the payment implementation. Trace and report: where amounts/prices are defined (must be server-side - flag any client-sent amount that the server trusts); how checkout sessions are created; who declares success (must be server verification with the provider, never the redirect alone); where payment records live and their state model; how paid access is granted. Produce the money-path diagram in text and flag every trust violation.

Paste into Claude · Complete implementation prompt with explicit requirements

Expected after this step

A traced money path with every trust violation flagged.

Should not happen

  • Success pages granting access without server verification
  • Refresh on success double-granting purchases
  • Client-editable amounts reaching the provider
  • Declined payments leaving half-granted states

Verify before continuing

Do not move on until every check is true. The complete button stays locked until then.

Do not continue if…

  • !Success pages granting access without server verification
  • !Refresh on success double-granting purchases
  • !Client-editable amounts reaching the provider
  • !Declined payments leaving half-granted states

If the AI messes this up

Use this when the AI fakes progress or breaks the feature. It forces a real fix.

The audit shows the client sending amounts or declaring success. Those are critical: move price lookup and success verification server-side before any further testing.

Your notes for this step