Scheduled Stripe–Postgres reconciliation beats PR-only billing tests

Your PR checks pass. Stripe and Postgres still disagree in production.

That is normal. The Access contract compares live billing state to live database rows. Drift often does not exist at merge time.

Why PR gates miss billing bugs

Scheduled vs PR in the docs explains the split: file linters on PR, Access on a schedule.

What practitioners run

Alex Mayhew recommends a daily reconcile. Operational.co runs a daily cron. Same shape: list active Stripe subs, compare to DB access flags, alert on mismatch.

for await (const sub of stripe.subscriptions.list({ status: 'active' })) {
  const row = await db.query(
    `select has_paid_access from users where stripe_customer_id = $1`,
    [sub.customer]
  );
  if (!row.rows[0]?.has_paid_access) {
    await alert('drift', { customer: sub.customer });
  }
}

Thirty lines. Most teams defer it until support tickets arrive.

Install with ProdVerdict

npx prodverdict setup
npx prodverdict scheduled --frequency daily --install

That writes a GitHub Actions workflow. Secrets: read-only STRIPE_SECRET_KEY, read-only DATABASE_URL. Slack alert on FAIL.

Fixture demo (no keys):

npx prodverdict demo

What a FAIL looks like

Revenue leak locks out paying customers. Wrongful access gives away the product.

Full context: billing drift evidence. AI-specific failure modes: revenue leak from agent refactors.

PR checks still matter

Run config, migration, boundary, and webhook contracts on PR. They catch the handler you are about to ship broken. Scheduled Access catches the handler that broke three Tuesdays ago.

— mattbaconz