Phil Smy

Got a buggy, outdated, or terrifying-to-deploy Rails app? I fix that. 1-week sprints. Clean commits. Zero drama. → philsmy.gumroad.com/l/rails-rescue Rails Rescue is live.

Rails SaaS founders: If Stripe billing is messy in your app, I offer a billing audit. I review: webhooks event handling idempotency job retries subscription state You get a clear report and fixes. DM if interested.

Most SaaS founders spend months building features. But the thing that breaks revenue is usually: Stripe events background jobs failed retries state drift Boring infrastructure. If you run a Rails SaaS and billing feels fragile, I can audit it. DM me.

If an AI agent had direct access to your database and your APIs — would it still need your product? I've been sitting with that question for months. Here's where I landed. open.substack.com/pub/philonrail…

Rails founders rarely monitor this metric: Webhook failure rate. If webhooks fail quietly, subscriptions drift out of sync. Customers get wrong access. Refunds start appearing. I fix this for SaaS companies. DM if your billing stack worries you.

One of the easiest SaaS bugs to miss: A Stripe webhook fails once. Your app processes the next event. Now Stripe and your database disagree. Nothing crashes. Revenue slowly drifts. I help Rails SaaS founders audit and fix billing systems. DM if you want me to look at yours.

I asked ChatGPT to write Japanese song lyrics out in romanji. This was its response (after doing it).

When I audit a Rails SaaS billing system, I check 5 things first: Webhook delivery logs Idempotency handling Subscription state sync Retry logic Background job health If one of those is wrong, revenue leaks usually follow.

@GregNotSure @heygurisingh Please stop trying to bring logic and reason to X.

@heygurisingh Enough with this "kills market XYZ" narrative. Around 20 years ago, new 3D drawing software allowed 10 people to do the work of 100. This didn't "kill" anything but turned 3D into a powerhouse for movies. You guys don't understand the real world. Better tools don't "kill" stuff.

🚨BREAKING: MIT just dropped an AI model that converts photos into fully editable CAD programs and it quietly kills the $150/hour CAD modeling industry. It's called GenCAD. You give it an image. It gives you the complete parametric command sequence lines, arcs, extrusions ready for manufacturing. Not meshes. Not point clouds. Actual editable CAD. - Autoregressive transformers + diffusion models for image-to-CAD translation - Outperforms every existing method on unconditional and conditional CAD generation - Retrieves matching designs from 7K+ CAD databases using just a photo - Trained on 840K+ images - Generates multiple valid designs from a single input The team also built CAD-Coder on top of this -- a vision-language model that writes CadQuery Python code from images with 100% valid syntax rate. Beats GPT-4.5 and Qwen2.5-VL-72B. Built at MIT. Published in ASME Journal of Mechanical Design. 100% Open Source.

Rails actually makes Stripe integrations easier than most stacks. ActiveJob background workers good ORM clear service layers The problem is rarely Rails. It’s production discipline around the system.

Most SaaS founders think Stripe solves billing. Stripe solves payments. You still have to solve: webhook reliability idempotency background job retries state reconciliation I fix Stripe billing problems in Rails apps. If your billing system feels fragile, DM me.

@corbin_braun Shipping fast is great. The part that usually bites later is the webhook layer. Retries, duplicate events, and partial state updates can quietly break billing or email flows if the handlers aren’t idempotent.

"AI vibe coding is a joke" Me: ships full drip campaign system in 1 day 11 React Email templates 7-stage lifecycle emails (Day 0 → Day 30) Abandoned checkout recovery Rate limiting + cooldowns Dynamic template content Activity-based re-engagement Stripe webhook → email queue Unsubscribe compliance The joke is thinking you still need Mailchimp for this.

Creating the transaction in a pending state usually works well. Another pattern is creating the record when the Checkout Session or PaymentIntent is created, not when the webhook arrives. Then the webhook only updates state instead of creating the transaction. It avoids the race between the UI and the webhook.

We have add to Apple and add to Google Wallet buttons when a user sees their ticket in Avenue. Now we also want to add these buttons in checkout flow, but the issue is that we are creating a transaction after getting a webhook from stripe so this won't work directly, as the user might click these buttons in checkout flow before the transaction is created in the database. Now I am going to refactor the flow, I'll either create transactions in pending state or I'll use the intent id and use that to track wether transaction is created or not.

@stoictraderke @mysticwillz Yes, Stripe signs webhook payloads with the Stripe-Signature header. That prevents forged requests, but it does not solve duplicates. You still need idempotent processing because Stripe can retry the same event multiple times.

@mysticwillz What about HMAC signing on webhooks to prevent forged payloads?

You use Stripe for payments. A webhook arrives saying payment succeeded. You process the order and send confirmation. Then the duplicate webhook arrives 30 seconds later. How do you handle duplicate Stripe webhooks without double-processing orders?

@Laikmosh @mysticwillz Stripe idempotency keys apply to API requests you send to Stripe. Webhook events are different. The usual pattern is storing the Stripe event.id and rejecting duplicates. Also make the handler idempotent because Stripe retries events if your endpoint fails.

@mysticwillz Each payment you send to stripe comes with an idempotent key that comes back with the webhook, that is exactly for that use case

@mysticwillz The Stripe event id is the key. Store processed event ids in a table and reject duplicates. Also make the handler idempotent so retries don’t corrupt state. Stripe retries events for hours if your endpoint fails. Most real bugs come from partial updates before the retry.

@DanKulkov @MiguelFdezDev Stripe webhooks quietly breaking is one of the most common SaaS issues. Nothing crashes. But subscriptions drift out of sync with the app. I’ve audited Rails apps where this went unnoticed for weeks. Billing infrastructure needs monitoring too.

@MiguelFdezDev yes stripe webhook failed OF COURSE!

"Build free tools" But which one? Meet — Lead Magnet Examples 🔥 We collected 200,000 lead magnet keywords. Generators, analyzers, templates, plugins, apps. 1. Pick your niche 2. Build free tools your US audience is searching for right now 3. Get more traffic Link 🔗👇

@WorkflowWhisper Stripe webhooks must verify the signature before parsing the payload. If the endpoint trusts the JSON body, someone can POST a fake payment_intent.succeeded event. I’ve seen this in production systems more than once.

just watched opus 4.6 find a security hole in my payment workflow the one processing $847K/year for 18 months fed it my synta config at 6:47am it flagged line 94 in 8 seconds "this webhook accepts unvalidated input from stripe" then showed me the exact exploit how someone could inject fake payment confirmations and trigger product deliveries without paying i went pale checked my logs someone already tried it 3 times last month failed because of a random rate limit i added for different reasons pure luck opus rewrote the entire validation layer in 12 minutes tested it against 47 attack vectors all blocked the AI that finds zero-days just saved my ass from becoming one synta(.)io/security if you want the validated config

@bloggersarvesh I’m curious why this is focused on local businesses only. I guess because it is about optimizing Google maps searches?

You’re going to be tempted to bookmark this for later. DON'T. Read it now. It will change your business forever.

@thisdudelikesAI That is quite old. Not ‘someone just’

11.8K stars on GitHub. Growing fast. 100% Opensource. github.com/lightpanda-io/…

🚨BREAKING: Someone just open-sourced a headless browser that runs 11x faster than Chrome and uses 9x less memory. It's called Lightpanda and it's built from scratch specifically for AI agents, scraping, and automation. Not a Chromium fork. Not a hack. A completely new browser written in Zig. Here's why this changes everything for AI builders: ↓

@TechLayoffLover Why do people believe this garbage?

Amazon just confirmed 16,000 layoffs but sources inside are telling me the real story is so much worse Word from three different VPs: the 16K number is just "Phase One" - internal docs show another 14,000 cuts planned for Q2 A director in AWS walked me through their new "efficiency matrix" - entire teams being replaced by 2-3 senior engineers running Claude Sonnet workflows The Alexa division got completely hollowed out. 847 engineers two months ago. 23 remaining after this week. All hardware development moved to a Bangalore team of 31 contractors with Cursor access Here's the sick part: they're making the outgoing engineers document their entire decision-making process into "knowledge transfer sessions" that are being recorded and fed directly into training datasets One L7 told me he spent his final two weeks creating detailed prompt libraries and workflow documentation. Thought he was being helpful for the transition Turns out he was literally training the AI agent that replaced his entire org The contractors offshore are using his exact prompts and shipping features 40% faster than his old team of 12 Americans ever did Internal Slack shows leadership celebrating "operational excellence" while badges get deactivated in real-time They're calling it "right-sizing for the AI era" in the all-hands But the P&L sheets I'm seeing show $280M in salary savings this quarter alone The knowledge extraction is complete If you're still at Amazon and haven't started job hunting, you're already dead