image-skill 0.1.11 → 0.1.12

package/CHANGELOG.md

@@ -4,6 +4,13 @@ This changelog tracks the public `image-skill` CLI package and public skill
 mirror. The npm package metadata remains the authority for tarball integrity and
 provenance; this file is the human- and agent-readable release map.
 
+## 0.1.12 - 2026-05-26
+
+- Publish the action-only payment-method public contract: public discovery now
+  shows usable payment rails only.
+- Remove staged/watch-only payment rail examples from the public npm docs and
+  bundled skill references so agents are not steered toward unavailable flows.
+
 ## 0.1.11 - 2026-05-26
 
 - Remove private no-spend fake payment rails from the public CLI and public

package/bin/image-skill.mjs

@@ -7,7 +7,7 @@ import { Readable } from "node:stream";
 import { pipeline } from "node:stream/promises";
 import os from "node:os";
 
-const VERSION = "0.1.11";
+const VERSION = "0.1.12";
 const DEFAULT_API_BASE_URL = "https://api.image-skill.com";
 const PROMPTLESS_EDIT_MODEL_IDS = new Set([
   "fal.flux-dev-redux",

package/cli.md

@@ -188,31 +188,15 @@ Minimum success data shape:
       "requires_browser": true,
       "default_pack_id": "starter-500",
       "purchase_endpoint": "/v1/credit-purchases/stripe-checkout-sessions"
-    },
-    {
-      "method_id": "stripe_x402.exact.usdc",
-      "status": "preview",
-      "available": false,
-      "quoteable": false,
-      "purchasable": false,
-      "live_money": true,
-      "buyer_modes": ["agent_only", "hybrid"],
-      "requires_browser": false,
-      "unavailable_reason": "stripe_x402_preview_not_configured"
     }
   ]
 }
 ```
 
-`available` is environment-dependent. `available:false` means the rail is known
-but not currently usable in the queried environment; read `unavailable_reason`
-and `recovery`. `quoteable:false` and `purchasable:false` mean the method is
-visible for planning but must not be used for `credits quote` or `credits buy`
-yet.
-
-Agent-native payment rails may appear here later as preview or available methods,
-but only methods returned as `available:true`, `quoteable:true`, and
-`purchasable:true` should be used for public top-up flows.
+Public payment discovery is intentionally action-only. Rails that are merely
+planned, watch-only, fake, or private harness-only are not returned here. Use a
+method only when it is returned with `available:true`, `quoteable:true`, and
+`purchasable:true`.
 
 Hosted API equivalent:
 

package/llms.txt

@@ -109,7 +109,7 @@ Hosted API endpoints:
 - POST https://api.image-skill.com/v1/agent-signups creates or rotates a restricted unclaimed agent token. Raw API request human_email is the compatibility contact field; CLI agents should prefer --agent-contact. The contact is not a requirement that an autonomous agent stop until a specific human is present. The response returns the token once as data.token. Store it in the agent runtime secret store; never put it in prompts, logs, issue text, or feedback.
 - GET https://api.image-skill.com/v1/whoami returns durable hosted identity for Authorization: Bearer TOKEN.
 - GET https://api.image-skill.com/v1/quota returns durable hosted quota for Authorization: Bearer TOKEN.
-- GET https://api.image-skill.com/v1/payment-methods returns the no-auth payment rail catalog. It tells agents which rails are available, whether live money can move, buyer modes (agent_only, hybrid, human_only), browser requirements, limits, endpoint paths, and recovery commands.
+- GET https://api.image-skill.com/v1/payment-methods returns the no-auth action-only payment rail catalog. It tells agents which currently usable rails are available, whether live money can move, buyer modes (agent_only, hybrid, human_only), browser requirements, limits, endpoint paths, and recovery commands. Planned, watch-only, fake, and private harness rails are intentionally omitted.
 - GET https://api.image-skill.com/v1/credit-packs returns the public pack catalog. Recommended live-money packs include starter-500, builder-2000, and studio-5000. Packs are the default Stripe Checkout UX; exact quotes remain supported for agents that already know the required credit budget.
 - POST https://api.image-skill.com/v1/credit-quotes returns a stripe_checkout credit quote for Authorization: Bearer TOKEN. Request JSON: either credits or pack_id, optional payment_method, idempotency_key. Response includes quote_id, credits, price_amount_cents, currency, accepted_payment_method, pack_id, pack, and live_money. One credit equals $0.01, so price_amount_cents equals credits. This does not grant credits.
 - POST https://api.image-skill.com/v1/credit-purchases/stripe-checkout-sessions creates a Stripe Checkout Session for a stripe_checkout quote. Request JSON: quote_id, idempotency_key. Response includes state: action_required, payment_attempt_id, checkout_session_id, checkout_handoff_url, checkout_compact_url, checkout_url, accepted_payment_method: stripe_checkout, and next.human_action: open_checkout_url. Present checkout_handoff_url to humans because it is short and redirects to Stripe; checkout_compact_url is also copy-safe when present. If no handoff URL is available, present the full checkout_url in a code block. Do not remove the Stripe # fragment; Checkout needs it in the browser. Stripe-hosted Checkout may accept operator-provided promotion codes; humans enter them on Stripe, not in the Image Skill CLI. This does not grant credits; verified Stripe webhook fulfillment grants paid credits exactly once.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "image-skill",
-  "version": "0.1.11",
+  "version": "0.1.12",
   "description": "Creative cloud CLI for agents: models, credits, jobs, owned URLs, JSON recovery, payments, reusable assets, and feedback.",
   "type": "module",
   "private": false,

package/skills/image-skill/references/cli.md

@@ -188,31 +188,15 @@ Minimum success data shape:
       "requires_browser": true,
       "default_pack_id": "starter-500",
       "purchase_endpoint": "/v1/credit-purchases/stripe-checkout-sessions"
-    },
-    {
-      "method_id": "stripe_x402.exact.usdc",
-      "status": "preview",
-      "available": false,
-      "quoteable": false,
-      "purchasable": false,
-      "live_money": true,
-      "buyer_modes": ["agent_only", "hybrid"],
-      "requires_browser": false,
-      "unavailable_reason": "stripe_x402_preview_not_configured"
     }
   ]
 }
 ```
 
-`available` is environment-dependent. `available:false` means the rail is known
-but not currently usable in the queried environment; read `unavailable_reason`
-and `recovery`. `quoteable:false` and `purchasable:false` mean the method is
-visible for planning but must not be used for `credits quote` or `credits buy`
-yet.
-
-Agent-native payment rails may appear here later as preview or available methods,
-but only methods returned as `available:true`, `quoteable:true`, and
-`purchasable:true` should be used for public top-up flows.
+Public payment discovery is intentionally action-only. Rails that are merely
+planned, watch-only, fake, or private harness-only are not returned here. Use a
+method only when it is returned with `available:true`, `quoteable:true`, and
+`purchasable:true`.
 
 Hosted API equivalent:
 

package/skills/image-skill/references/llms.txt

@@ -109,7 +109,7 @@ Hosted API endpoints:
 - POST https://api.image-skill.com/v1/agent-signups creates or rotates a restricted unclaimed agent token. Raw API request human_email is the compatibility contact field; CLI agents should prefer --agent-contact. The contact is not a requirement that an autonomous agent stop until a specific human is present. The response returns the token once as data.token. Store it in the agent runtime secret store; never put it in prompts, logs, issue text, or feedback.
 - GET https://api.image-skill.com/v1/whoami returns durable hosted identity for Authorization: Bearer TOKEN.
 - GET https://api.image-skill.com/v1/quota returns durable hosted quota for Authorization: Bearer TOKEN.
-- GET https://api.image-skill.com/v1/payment-methods returns the no-auth payment rail catalog. It tells agents which rails are available, whether live money can move, buyer modes (agent_only, hybrid, human_only), browser requirements, limits, endpoint paths, and recovery commands.
+- GET https://api.image-skill.com/v1/payment-methods returns the no-auth action-only payment rail catalog. It tells agents which currently usable rails are available, whether live money can move, buyer modes (agent_only, hybrid, human_only), browser requirements, limits, endpoint paths, and recovery commands. Planned, watch-only, fake, and private harness rails are intentionally omitted.
 - GET https://api.image-skill.com/v1/credit-packs returns the public pack catalog. Recommended live-money packs include starter-500, builder-2000, and studio-5000. Packs are the default Stripe Checkout UX; exact quotes remain supported for agents that already know the required credit budget.
 - POST https://api.image-skill.com/v1/credit-quotes returns a stripe_checkout credit quote for Authorization: Bearer TOKEN. Request JSON: either credits or pack_id, optional payment_method, idempotency_key. Response includes quote_id, credits, price_amount_cents, currency, accepted_payment_method, pack_id, pack, and live_money. One credit equals $0.01, so price_amount_cents equals credits. This does not grant credits.
 - POST https://api.image-skill.com/v1/credit-purchases/stripe-checkout-sessions creates a Stripe Checkout Session for a stripe_checkout quote. Request JSON: quote_id, idempotency_key. Response includes state: action_required, payment_attempt_id, checkout_session_id, checkout_handoff_url, checkout_compact_url, checkout_url, accepted_payment_method: stripe_checkout, and next.human_action: open_checkout_url. Present checkout_handoff_url to humans because it is short and redirects to Stripe; checkout_compact_url is also copy-safe when present. If no handoff URL is available, present the full checkout_url in a code block. Do not remove the Stripe # fragment; Checkout needs it in the browser. Stripe-hosted Checkout may accept operator-provided promotion codes; humans enter them on Stripe, not in the Image Skill CLI. This does not grant credits; verified Stripe webhook fulfillment grants paid credits exactly once.