Show HN: Corral – Auth and Stripe billing that AI coding agents can set up
5 points| rgthelen | 12 days ago |github.com
The problem isn't the agent. It's that auth-to-billing-to-gating is genuinely hard to wire, and there's no machine-readable spec for how to do it.
Corral is an open-source CLI (MIT) that gives your agent a spec it can read (llms.txt), then scaffolds auth + Stripe billing into your existing project. It detects your framework (Express, Next.js, Hono, Fastify, and 13+ more), embeds into your existing server (doesn't create a new one), and generates working components: profile page, admin dashboard, plan gating, Stripe checkout, usage metering. One YAML config file controls everything.
The agent workflow is 9 commands. Every command supports --json. Errors include a "fix" field. Exit 0 means deploy-ready.
I hardened this across 10 framework/DB combos with blind agent tests: 3 AI models, 3 rounds each, then a 10-agent fleet. Found and fixed real edge cases like Express 4 vs 5 route patterns, Vite proxy ordering, and agents creating duplicate servers instead of embedding into existing ones.
To try it, paste this into any AI coding agent:
Read: https://llama-farm.github.io/corral/llms.txt
Add auth and Stripe billing to my app.
GitHub: https://github.com/llama-farm/corral npm: npx create-corral init Docs: https://llama-farm.github.io/corral/
mhamann|12 days ago
Have you thought about supporting additional auth providers? Or providing a way for other auth services to add support for their products?
rgthelen|12 days ago
corral add provider github Under the hood, Corral is built on Better Auth, which has a plugin architecture. Any Better Auth plugin works with Corral — so if someone builds a provider plugin for Better Auth, it automatically works here too. We're not reinventing auth crypto, just making it agent-installable.
On the crypto payments front — that's actually a great use case for Corral's plugin model. The billing layer is modular (Stripe today, but the gating/metering layer doesn't care where the payment event comes from). A BTC/USDC payment plugin that fires the same "user upgraded to plan X" event would slot right in. Interesting idea.
rgthelen|12 days ago
Let me know what you think!
rachelradulo|12 days ago
rgthelen|12 days ago
rachelradulo|12 days ago
rgthelen|12 days ago
The server-express.ts template generates the webhook route with the raw body parser before express.json() (Stripe requires the raw body for signature verification — agents almost always get this wrong). The route handles checkout.session.completed, customer.subscription.updated, and customer.subscription.deleted events and auto-updates the user's plan in your database.
So when your agent runs corral init, the webhook endpoint is already in your server at /api/corral/webhook, with Stripe signature verification wired in. Your agent just needs to:
corral stripe sync — creates the products/prices in Stripe Set STRIPE_WEBHOOK_SECRET in .env For local dev: stripe listen --forward-to localhost:3000/api/corral/webhook That's it. The agent doesn't have to figure out raw body parsing, event routing, or idempotency — the template handles all of it. And since corral doctor checks for the webhook secret in your env, the agent gets told if it's missing.
The worst Stripe webhook bugs I found during testing were (1) express.json() parsing the body before the webhook route sees it, and (2) agents putting the webhook route after auth middleware that rejects unsigned requests. Both are baked into the template ordering now.
bobbyradford|12 days ago