Skip to content
Build your own
81 views·0 installs·May 23, 2026
Shared stack plan · /s/5wI4q41j

Build a Stripe billing automation that processes HIPAA-bound patient records…

Build a Stripe billing automation that processes HIPAA-bound patient records, syncs to Salesforce, and posts daily reports to Slack — needs GitHub Actions deployment

Install with one command
$ npx mcpflix install 5wI4q41j

Writes claude_desktop_config.json, prompts for any required API keys, and drops skills into ~/.claude/skills/. Backed up automatically.

What this stack is

What you're building

  • Entities: HIPAA-bound patient records (PHI) — 1000s/day, Stripe billing transactions — recurring + one-time charges, Salesforce CRM sync — account + opportunity records, Daily reports — aggregated metrics + exceptions, GitHub Actions deployment pipeline
  • Constraints: HIPAA compliance — PHI encryption at rest & in transit, audit logging, access controls, PCI DSS scope — no direct card handling (Stripe tokenization only), Deterministic billing — idempotency keys, no LLM-driven charge creation, Real-time sync latency — <5 min Salesforce updates, Daily report window — 23:59 UTC cutoff
  • Out of scope: Patient authentication or identity verification (assume pre-verified), Refund arbitration or chargeback handling (manual review only), Custom Stripe webhook retry logic (use Stripe's built-in retries), Salesforce custom field schema design (assume fields exist)

Why this stack fits mcp-postgres stores encrypted patient billing state + audit logs with schema introspection; mcp-server-github-actions triggers deterministic charge + sync workflows on schedule; blocksuser-mcp-linear or aaronsb-jira-cloud-mcp routes billing exceptions to ops tickets; ask-slack-mcp-server posts daily digests without human intervention. Stripe + Salesforce integrations remain in deterministic server code (not AI-driven) to preserve compliance and idempotency.

Architecture

Loading diagram…

MCP Servers

PostgreSQL MCP

mcp-postgres

Official Anthropic server; read-only schema introspection and query execution for compliance audits. Stores encrypted patient records and billing state with immutable audit trail.

GitHub Actions MCP

mcp-server-github-actions

Dispatch scheduled workflows that execute Stripe charges, Salesforce syncs, and state logging in deterministic server code (not LLM-driven) to preserve idempotency and compliance.

Slack MCP

ask-slack-mcp-server

HTTP bridge for posting aggregated metrics and exception summaries to #billing channel without human intervention.

Jira Cloud MCP

@aaronsb/jira-cloud-mcp

Create tickets for failed charges, sync errors, and HIPAA audit flags; enables ops to triage without manual email.

Install everything in one go

Copy a single setup guide that includes the MCP config and the skills installer script — paste into a doc to keep, or follow it section by section.

Implementation Plan

  1. Install MCP servers and save stack ⏱ 15m

Run npx mcpflix install <stack-id> to configure PostgreSQL, GitHub Actions, Slack, and Jira MCPs in Claude Code. The CLI will prompt for connection strings (Postgres), GitHub PAT, Slack bot token, and Jira API token, then write them to claude_desktop_config.json in one pass.

Done when:

  • Running npx mcpflix install writes mcpServers entries for postgres, github-actions, slack, and jira without prompting again
  • claude_desktop_config.json contains encrypted env vars for all four MCPs

Files: ~/.claude/claude_desktop_config.json

Accounts: GitHub, Slack workspace, Jira Cloud, PostgreSQL instance Env vars: POSTGRES_URL, GITHUB_PAT, SLACK_BOT_TOKEN, JIRA_API_TOKEN Services: Node 18+

Verify:

Loading code…
  1. Create PostgreSQL audit schema for PHI ⏱ 30m · ⚠ high-risk

In Claude Code, use the PostgreSQL MCP to introspect your existing schema, then create an audit_log table with encrypted patient_id, billing_event, timestamp, and actor columns. Use pgcrypto extension (pgcrypto_encrypt()) to encrypt PHI at rest. Add row-level security (RLS) policies so only authenticated billing service can read/write. This table is the single source of truth for HIPAA compliance.

Done when:

  • PostgreSQL schema includes audit_log table with pgcrypto encryption on patient_id
  • RLS policies enforce that only the billing service role can SELECT/INSERT
  • Querying SELECT COUNT(*) FROM audit_log returns 0 initially

Files: migrations/001_audit_schema.sql

Env vars: POSTGRES_URL Services: PostgreSQL 13+, pgcrypto extension enabled

Verify:

Loading code…

Rollback: psql $POSTGRES_URL -f migrations/001_audit_schema.sql.rollback

  1. Set up GitHub Actions billing workflow ⏱ 60m · ⚠ high-risk

Create .github/workflows/billing-daily.yml that runs at 23:59 UTC. The workflow should: (1) fetch pending charges from Postgres via psql query, (2) call Stripe API with idempotency keys to create charges (deterministic, no LLM), (3) log results to audit table, (4) sync successful charges to Salesforce via REST API, (5) post a summary to Slack via webhook. Use GitHub Secrets for Stripe SK, Salesforce token, and Slack webhook URL. Do NOT let Claude Code drive charge creation — only the workflow can call Stripe.

Done when:

  • Workflow runs on schedule 0 23 * * * (23:59 UTC)
  • Workflow uses GitHub Secrets for Stripe, Salesforce, Slack tokens
  • Stripe charge calls include idempotency_key header
  • Workflow logs all actions to PostgreSQL audit_log table

Files: .github/workflows/billing-daily.yml

Accounts: Stripe account, Salesforce org, Slack workspace Env vars: STRIPE_SECRET_KEY, SALESFORCE_TOKEN, SLACK_WEBHOOK_URL Services: GitHub Actions enabled

Verify:

Loading code…

Rollback: git revert <commit-hash> && git push

  1. Create Stripe charge + Salesforce sync server code ⏱ 60m · ⚠ high-risk

In your repo root, create src/billing-service.ts (or .js) with three deterministic functions: (1) chargePatient(patientId, amount, idempotencyKey) — calls Stripe API with the key and returns charge ID, (2) syncToSalesforce(chargeId, patientId) — upserts an Opportunity record in Salesforce with charge metadata, (3) logAuditEvent(patientId, event, chargeId) — inserts into PostgreSQL audit_log with encrypted PHI. These functions are called by the GitHub Actions workflow, not by Claude Code. Include error handling and retry logic for Salesforce (exponential backoff, max 3 retries).

Done when:

  • chargePatient() function includes idempotency_key in Stripe API call
  • syncToSalesforce() includes exponential backoff retry logic
  • logAuditEvent() encrypts patient_id before INSERT
  • All three functions have TypeScript types and JSDoc comments

Files: src/billing-service.ts, src/types.ts

Env vars: STRIPE_SECRET_KEY, SALESFORCE_TOKEN, POSTGRES_URL Services: Node 18+, npm

Verify:

Loading code…

Rollback: git revert <commit-hash> && npm run build

  1. Configure Jira exception routing ⏱ 30m · • medium-risk

In Claude Code, use the Jira MCP to create a project for billing ops (e.g., 'BILLING'). Then, in your billing-service.ts, add a function createBillingException(error, patientId, chargeId) that calls Jira API to create a ticket with severity label ('critical' for failed charges, 'info' for sync delays). The GitHub Actions workflow should call this function on any error. This ensures ops sees exceptions in Jira within minutes, not hours.

Done when:

  • Jira project 'BILLING' exists and is accessible via API token
  • createBillingException() creates a ticket with error details and patient_id (encrypted in description)
  • GitHub Actions workflow calls createBillingException() on Stripe or Salesforce errors

Files: src/jira-service.ts

Accounts: Jira Cloud Env vars: JIRA_API_TOKEN, JIRA_INSTANCE_URL

Verify:

Loading code…
  1. Build daily Slack digest reporter ⏱ 45m

Create src/slack-reporter.ts with a function postDailyDigest() that queries PostgreSQL for yesterday's billing metrics (total charges, success rate, failed count, Salesforce sync lag), formats them as a Slack Block Kit message, and posts to #billing via the Slack MCP. Run this function at 00:05 UTC (5 min after the billing workflow completes). Include a summary of any Jira tickets created overnight so ops can glance at exceptions.

Done when:

  • postDailyDigest() queries PostgreSQL audit_log for yesterday's events
  • Slack message includes: total charges, success %, failed count, Salesforce sync lag
  • Slack message includes link to BILLING Jira project for overnight exceptions
  • Workflow runs at 00:05 UTC daily

Files: src/slack-reporter.ts, .github/workflows/billing-daily.yml

Env vars: SLACK_BOT_TOKEN, POSTGRES_URL Services: Slack workspace

Verify:

Loading code…
  1. Run security audit and deploy ⏱ 30m · ⚠ high-risk

Before merging, run /security-audit to scan billing-service.ts, jira-service.ts, and the GitHub Actions workflow for hardcoded secrets, missing encryption, and OWASP issues. Fix any findings. Then run /pr-ready to typecheck, test, and lint. Once passing, create a PR, get approval, and merge to main. GitHub Actions will deploy on merge.

Done when:

  • /security-audit reports 0 hardcoded secrets and 0 OWASP issues
  • /pr-ready passes typecheck, tests, and lint
  • PR is approved and merged to main
  • GitHub Actions deployment workflow runs and succeeds

Accounts: GitHub with write access to main Services: GitHub Actions

Verify:

Loading code…

Rollback: git revert <merge-commit-hash> && git push

  1. Verify end-to-end billing flow in staging ⏱ 30m · • medium-risk

In a staging environment, manually trigger the GitHub Actions workflow with a test patient record. Verify: (1) Stripe charge is created with correct idempotency key, (2) audit_log entry appears in PostgreSQL with encrypted patient_id, (3) Salesforce Opportunity is created/updated, (4) Slack digest posts at 00:05 UTC, (5) any errors create Jira tickets. Do NOT run against production data until all checks pass.

Done when:

  • Stripe charge appears in Stripe dashboard with correct amount and idempotency key
  • PostgreSQL audit_log contains entry with encrypted patient_id
  • Salesforce Opportunity record exists with charge metadata
  • Slack message posts to #billing-staging with correct metrics
  • No Jira exceptions created (all steps succeed)

Accounts: Staging Stripe account, Staging Salesforce org, Staging Slack channel Services: PostgreSQL staging instance

Verify:

Loading code…

Build your own — or save this one

Describe your project and our AI will design a complete stack — architecture diagram, MCP servers, skills, and step-by-step setup. Sign up free to save and share your own.