PCI scope¶
PCI scope statement — Gaby + Stripe connector¶
Scope: SAQ-A eligible (merchant outsourcing all payment processing to a validated third-party). Gaby never receives, stores, or transmits cardholder data.
What Gaby does not touch¶
| Data type | Handled by Gaby? |
|---|---|
| Primary account number (PAN) | No |
| Cardholder name | No (Stripe redacts in API responses) |
| Service code | No |
| Expiration date | No |
| CVC / CVV2 | No |
| PIN / PIN block | No |
| Track data (magnetic stripe) | No |
| Full card image data | No |
Stripe's own REST API never returns full PAN. Card metadata available via the API is limited to last-4, brand, exp_month/exp_year, funding type, and address postal (for AVS). These are returned by Stripe, passed through Gaby verbatim, and never reconstructed into cardholder data.
What crosses the Gaby process boundary¶
Exactly one value: the Stripe API key. Gaby handles it as follows:
- At rest: envelope-encrypted via
SecretBox(libsodium secretbox) with a workspace-scoped data key derived from the master key. - In memory: only inside the
gaby-stripeMCP subprocess; never on the main API process's heap. - On the wire: TLS 1.2+ to
api.stripe.com. - In logs: Gaby's per-connector
Scrubbermasks any value matchingsk_(live|test)_[A-Za-z0-9]{8,}across stdout, stderr, andHandshakeErrormessages.
Per-tool PAN-adjacency¶
| Tool | PAN-adjacent? | Notes |
|---|---|---|
healthcheck |
No | Only calls /v1/balance. |
get_customer |
No | Card objects returned by Stripe show last-4 only. |
list_recent_charges |
No | Same — Stripe redacts PAN. |
list_failed_invoices |
No | Invoice lines include amount/currency; no PAN. |
get_subscription |
No | Returns plan + item references; no PAN. |
No write tools. v0.3 hardening removed
issue_refundand every other money-touching write from the Gaby tool surface. Refund and similar cases escalate to a billing-role human who acts in Stripe directly. Seedocs/operations/escalation.mdfor the policy.
Operator guidance¶
- Use a Stripe restricted key scoped to only the permissions Gaby
needs. The connector runs a probe on first
healthcheckand warns if the key has write access beyond refunds. - Rotate the API key on staff offboarding. Gaby re-reads the encrypted value at process start; no cache invalidation dance.
- Do not surface Stripe responses in logs verbatim. The Gaby
safety pipeline's
Scrubbercovers secrets, but PII in charge metadata (email, billing address) should stay inside the agent investigation surface, not observability sinks.
Out of scope for this document¶
- SAQ-D workflows (direct PAN handling) — not applicable.
- Stripe's own PCI attestation — published separately by Stripe.
- End-customer card collection UI — that's the merchant's checkout, not Gaby's surface.
Version + review¶
- Document version: 1.0
- First issued: 2026-04-18 (Gaby v0.3 Iter 15M)
- Re-review required: on every change to
connectors/stripe/or Gaby's secret-handling surface.