Back to blog
2026-06-14 Thijs Creemers

Release: v1.0.1-alpha-31

We just tagged v1.0.1-alpha-31. This release lands the Stripe adapter for the extended IPaymentProvider port introduced in alpha-30 (BOU-63), fixes the release pipeline so tagged alpha versions are actually installable, and refreshes Maven, npm and CI dependencies.

Added: Stripe adapter for the extended IPaymentProvider port

In alpha-30 the Stripe and Mollie adapters stubbed the new port methods with {:type :not-implemented}. The Stripe adapter now fully implements them (BOU-63):

  • Checkout Sessionmode payment with configurable success/cancel URLs (falling back to :redirect-url), setup_future_usage=off_session and customer_creation=always so a checkout can store a mandate, customer reuse via :provider-customer-id, and metadata propagated to both the session and the PaymentIntent.

  • Off-session PaymentIntentcreate-off-session-payment charges a saved payment method with off_session=true confirm=true. Card errors (card_declined, authentication_required) return {:status :failed} rather than throwing; auth/config errors still throw.

  • get-payment-status — prefix dispatch: cs_ ids poll Checkout Sessions (with an expanded payment_intent so completed checkouts expose provider-customer-id / provider-payment-method-id), pi_ ids poll PaymentIntents directly. 401/403 throw; other failures degrade to :pending for Mollie symmetry.

  • expire-checkout-sessionPOST /checkout/sessions/{id}/expire.

Pure status mapping and request shaping live in core/provider.clj (functional core / imperative shell): the core never throws — unknown setup-future-usage values are ignored via map lookup, requires_action maps to :pending when polling and :failed for off-session charges, canceled maps to :failed in the off-session context, and metadata keys/values are truncated to Stripe’s 40/500-char limits so oversized user metadata can’t fail the request. Degraded status polls return {:status :pending} without a :provider-payment-id key, so merging callers can’t clobber a stored payment id with nil.

Fixed: tagged alpha releases are now installable

install.sh resolves BOUNDARY_TAG via the GitHub /releases/latest endpoint, which excludes prereleases. Alpha releases were being marked prerelease, so they never became "latest" and were silently uninstallable — alpha-29 hit exactly this. publish.yml now sets prerelease: false and make_latest: true on the GitHub release, and grants the workflow contents: write so the release is created automatically alongside the Clojars deploy (BOU follow-up to alpha-29’s manual release). The publish job is also locked to the repo owner as defence-in-depth.

Changed: dependency and CI refresh

Root and all libs/*/deps.edn bumped to current versions, including Clojure 1.12.4 → 1.12.5, next.jdbc 1.3.1093 → 1.3.1108, HoneySQL 2.7.1368 → 2.7.1388, Nippy 3.4.2 → 3.6.2, embedded-postgres binaries 16.6.0 → 18.4.0, H2 2.3.232 → 2.4.240, and clj-kondo 2026.04.15 → 2026.05.25. CI actions running on the deprecated Node 20 runtime were moved to Node 24 ahead of the 2026-06-16 cutoff (setup-node v4 → v6, setup-clojure 13.5.2 → 13.6.1, action-gh-release v2 → v3).

Version alignment

All 25 libraries bumped to v1.0.1-alpha-31 to maintain lockstep versioning.

Upgrade

Re-run the installer to pick up the latest release:

curl -fsSL https://get.boundary-app.org | bash

The Stripe adapter changes are additive — existing IPaymentProvider consumers keep working. If you were stuck on alpha-28 because alpha-29/alpha-30 wouldn’t install, this release fixes that: the installer now resolves the latest tagged alpha correctly.

Feedback and issues welcome on GitHub.