effaced-stripe

effaced-stripe — first-party Stripe resolver for effaced.

StripeResolver

class StripeResolver:
    def __init__(api_key: str, *, http_client: HTTPClient | None = None) -> None

Exports and erases a subject’s PII held in Stripe.

Expects refs of kind "stripe" (refs are routed to the resolver whose name equals their kind — ADR 0008) whose value is the Stripe customer id. Erasure uses Stripe’s customer deletion, which Stripe itself implements as a GDPR-aware redaction.

Idempotency: a customer Stripe no longer knows yields already_absent=True — success, never an error.

Error taxonomy (see effaced_stripe.errors): authentication, permission, and malformed-request failures raise ResolverError; rate limits, connection faults, and Stripe-side errors propagate so the saga runner retries. SDK-internal retries are disabled (max_network_retries=0) — the saga runner owns retry and backoff (ADR 0010).

Fields:

• name (str): Stable resolver name recorded in manifests and audits.

StripeResolver.erase_subject

async def erase_subject(ref: SubjectRef) -> ResolverErasure

Delete the customer in Stripe (Art. 17).

Args:

• ref (SubjectRef): kind="stripe", value=<customer id>.

Returns:

• ResolverErasure — The outcome; already_absent=True if Stripe already had no
• ResolverErasure — such customer.

Raises:

• ResolverError — The key is invalid, lacks a permission, or the request was malformed — retrying cannot succeed.

StripeResolver.export_subject

async def export_subject(ref: SubjectRef) -> ResolverExport

Collect the customer’s Stripe-held PII (Art. 15).

Args:

• ref (SubjectRef): kind="stripe", value=<customer id>.

Returns:

• ResolverExport — Customer profile, addresses, and payment-method metadata —
• ResolverExport — never full card numbers (Stripe does not expose them). Empty
• ResolverExport — when Stripe holds no such customer.

Raises:

• ResolverError — The key is invalid, lacks a permission, or the request was malformed — retrying cannot succeed.