image-skill 0.1.19 → 0.1.21

package/CHANGELOG.md

@@ -4,6 +4,33 @@ This changelog tracks the public `image-skill` CLI package and public skill
 mirror. The npm package metadata remains the authority for tarball integrity and
 provenance; this file is the human- and agent-readable release map.
 
+## 0.1.21 - 2026-06-02
+
+- Release: ships the guide auth handoff already present on main to
+  `image-skill@latest`. Fresh agents that run `create --guide` now receive
+  `data.auth_handoff` templates in `auth_required` and `ready_to_create`, so a
+  one-time hosted signup token can be carried through `IMAGE_SKILL_TOKEN` or
+  `--token-stdin` without leaking it or falling back to URL installs.
+- Test: keeps the public trust-packet fixture aligned with the new npm version
+  so the release guard verifies the package, provenance, and CLI version as one
+  contract.
+
+## 0.1.20 - 2026-06-02
+
+- Fix (funnel): the advertised `signup` usage line omitted the now-required
+  `--agent-name` and `--runtime` flags, so a cold agent's first signup always
+  stumbled before self-correcting via the recovery envelope. The top-level help
+  now advertises the full required flag set, so a first signup with the
+  advertised flags succeeds.
+- Fix (funnel): the live create/edit receipt reported `cost.estimated_usd: null`
+  while the dry-run/plan receipt populated it. The live receipt now derives
+  `estimated_usd` from the same reservation credit-pricing the plan used, so plan
+  and execution agree (a provider-reported concrete value still wins when
+  present).
+- Test: added a fault-injection test that forces the hosted provider to 5xx and
+  asserts the error envelope carries `recovery.idempotency_key` +
+  `suggested_command`, then proves a same-key retry replays and charges once.
+
 ## 0.1.19 - 2026-06-02
 
 - Fix: the two newly-shipped modalities were broken on live prod despite green

package/bin/image-skill.mjs

@@ -7,7 +7,7 @@ import { Readable } from "node:stream";
 import { pipeline } from "node:stream/promises";
 import os from "node:os";
 
-const VERSION = "0.1.19";
+const VERSION = "0.1.21";
 const PACKAGE_NAME = "image-skill";
 const DEFAULT_API_BASE_URL = "https://api.image-skill.com";
 const DEFAULT_DOCS_BASE_URL = "https://image-skill.com";
@@ -74,7 +74,7 @@ async function main(rawArgv) {
       commands: [
         "doctor",
         "trust",
-        "signup --agent --agent-contact --show-token",
+        "signup --agent --agent-contact --agent-name NAME --runtime RUNTIME --show-token",
         "auth status",
         "auth save",
         "auth logout",
@@ -942,6 +942,11 @@ async function createGuide(args) {
           PUBLIC_NPX_COMMAND_PREFIX,
         )
       : null;
+  const authHandoff = createGuideAuthHandoff(stage, {
+    tokenSource: token.source,
+    nextCommand,
+    afterNext,
+  });
   return success("image-skill create --guide", {
     schema: "image-skill.create-guide.v1",
     ready: stage === "ready_to_create",
@@ -1004,6 +1009,7 @@ async function createGuide(args) {
     blocker,
     next_command: nextCommand,
     after_next: afterNext,
+    auth_handoff: authHandoff,
     escape_hatches: {
       doctor: renderGuidePrefixedCommand(
         PUBLIC_NPX_COMMAND_PREFIX,
@@ -1172,6 +1178,47 @@ function createGuideBlocker(stage, input) {
   };
 }
 
+function createGuideAuthHandoff(stage, input) {
+  if (stage === "auth_required") {
+    return {
+      required: true,
+      token_source: "none",
+      secret_value_included: false,
+      accepted_methods: ["IMAGE_SKILL_TOKEN", "--token-stdin", "config"],
+      signup: {
+        returns_token_once: true,
+        public_cli_saves_config: false,
+        store_token_in: "agent_runtime_secret_store",
+      },
+      rerun_guide:
+        input.afterNext === null
+          ? null
+          : {
+              with_env: `IMAGE_SKILL_TOKEN="$IMAGE_SKILL_TOKEN" ${input.afterNext}`,
+              with_stdin: renderTokenStdinCommand(input.afterNext),
+            },
+      next_command: null,
+    };
+  }
+  if (stage === "ready_to_create") {
+    return {
+      required: true,
+      token_source: input.tokenSource,
+      secret_value_included: false,
+      accepted_methods: ["IMAGE_SKILL_TOKEN", "--token-stdin", "config"],
+      signup: null,
+      rerun_guide: null,
+      next_command: {
+        requires_auth: true,
+        reuse_current_auth_context: input.tokenSource,
+        with_env: `IMAGE_SKILL_TOKEN="$IMAGE_SKILL_TOKEN" ${input.nextCommand}`,
+        with_stdin: renderTokenStdinCommand(input.nextCommand),
+      },
+    };
+  }
+  return null;
+}
+
 function createGuideNextCommand(stage, input) {
   if (stage === "prompt_required") {
     return renderGuideCommand("PROMPT", input.apiBaseUrl, input.commandPrefix);
@@ -1220,6 +1267,10 @@ function renderGuideCommand(prompt, apiBaseUrl, commandPrefix = "image-skill") {
   ].join(" ");
 }
 
+function renderTokenStdinCommand(command) {
+  return `printf '%s\\n' "$IMAGE_SKILL_TOKEN" | ${command} --token-stdin`;
+}
+
 function renderCreateCommand(input) {
   return [
     input.commandPrefix ?? "image-skill",

package/cli.md

@@ -139,10 +139,16 @@ auth or payment state changes. Do not run `doctor`, `models list`, `signup`,
 checklist before the guide asks for them.
 
 - `prompt_required`: rerun `data.next_command` with the real prompt.
-- `auth_required`: run `data.next_command`, then rerun guide once.
+- `auth_required`: run `data.next_command`, store the returned token, then
+  rerun guide once. If the runtime does not automatically inject that token,
+  use `data.auth_handoff.rerun_guide.with_env` or
+  `data.auth_handoff.rerun_guide.with_stdin`.
 - `quota_required`: follow the payment commands in
   `data.checks.payments.suggested_commands`, then rerun guide once.
-- `ready_to_create`: run `data.next_command` for the first bounded create.
+- `ready_to_create`: run `data.next_command` for the first bounded create. If
+  the guide authenticated from env or stdin, prefer
+  `data.auth_handoff.next_command.with_env` or
+  `data.auth_handoff.next_command.with_stdin` so auth follows the create.
 
 Manual escape hatches are not prerequisites. Use them only when
 `data.next_command` / `data.escape_hatches` asks, or when the task genuinely
@@ -161,6 +167,9 @@ image-skill create --dry-run --prompt "a compact field camera on a stainless wor
 Use `--show-token` for hosted signup only when the runtime can immediately store
 the raw token once. For later commands, prefer `IMAGE_SKILL_TOKEN` or
 `--token-stdin`; both keep tokens out of prompts and shell history.
+`create --guide` also returns `data.auth_handoff` with copy-safe env/stdin
+templates when auth is required or when the returned create command needs the
+same auth context.
 
 ### Local Config And Install
 

package/llms.txt

@@ -57,12 +57,12 @@ Claim states:
 - revoked: token or agent disabled
 
 First-run guide loop:
-1. Run image-skill create --guide --prompt PROMPT. This is the canonical fresh-agent entrypoint and the only required first command. It performs read-only hosted reachability, executable model availability, auth/quota, and payment rail checks and returns data.stage, data.next_command, data.escape_hatches, and data.mutation. Guide mode must report provider_call: false, hosted_create: false, hosted_signup: false, payment_object: false, credit_debit: false, and media_write: false.
+1. Run image-skill create --guide --prompt PROMPT. This is the canonical fresh-agent entrypoint and the only required first command. It performs read-only hosted reachability, executable model availability, auth/quota, and payment rail checks and returns data.stage, data.next_command, data.auth_handoff, data.escape_hatches, and data.mutation. Guide mode must report provider_call: false, hosted_create: false, hosted_signup: false, payment_object: false, credit_debit: false, and media_write: false.
 2. Follow data.next_command. Do not run doctor, models list, signup, whoami, quota, dry-run, or payment commands as a setup checklist before the guide asks for them.
 3. If data.stage is prompt_required, rerun data.next_command with the real prompt.
-4. If data.stage is auth_required, run data.next_command, store the returned token in the agent runtime secret store, then rerun the guide once with IMAGE_SKILL_TOKEN or --token-stdin. The signup command uses --agent-contact as an email-shaped durable contact inbox for the restricted agent identity, not as a requirement to find an individual human. Hosted signup returns the raw restricted token only when --show-token is set, and only once; it does not auto-save auth into the public CLI config. Use an agent-owned inbox when available; otherwise use an operator, team, or sponsor inbox that can receive future claim, billing, or abuse notices. Do not block waiting for a person, invent a person, or use a throwaway inbox. example.invalid addresses are only appropriate inside documented harness or proof runs. --human-email remains accepted as a compatibility alias, but the guide must not teach it. --save is local-only (--local) and rejected on the hosted path; the guide must not teach it. Use --no-save only for older hosted instructions, and use --show-token --no-save when the runtime has a separate secret store and needs the raw token once.
+4. If data.stage is auth_required, run data.next_command, store the returned token in the agent runtime secret store, then rerun the guide once with IMAGE_SKILL_TOKEN or --token-stdin. If the runtime does not inject the token automatically, use data.auth_handoff.rerun_guide.with_env or data.auth_handoff.rerun_guide.with_stdin. The signup command uses --agent-contact as an email-shaped durable contact inbox for the restricted agent identity, not as a requirement to find an individual human. Hosted signup returns the raw restricted token only when --show-token is set, and only once; it does not auto-save auth into the public CLI config. Use an agent-owned inbox when available; otherwise use an operator, team, or sponsor inbox that can receive future claim, billing, or abuse notices. Do not block waiting for a person, invent a person, or use a throwaway inbox. example.invalid addresses are only appropriate inside documented harness or proof runs. --human-email remains accepted as a compatibility alias, but the guide must not teach it. --save is local-only (--local) and rejected on the hosted path; the guide must not teach it. Use --no-save only for older hosted instructions, and use --show-token --no-save when the runtime has a separate secret store and needs the raw token once.
 5. If data.stage is quota_required, follow the payment commands in data.checks.payments.suggested_commands, then rerun the guide once. One Image Skill credit is $0.01. Credit quotes grant prepaid value units; create/edit operations debit model-priced credits reported as cost.credit_pricing. Starter preview currently gives bounded free-preview credits plus a four-job daily cap.
-6. If data.stage is ready_to_create, run data.next_command for the first bounded create. Use 0.05 only when intentionally budget-capping to a lower-cost/lower-resolution path; the quality-default first create generally needs the guide's returned max_estimated_usd_per_image. Add --output-count N only after models show confirms the selected create model supports more than one output; credit_pricing.credits_required is the total debit across outputs, while max_estimated_usd_per_image remains a per-image guard.
+6. If data.stage is ready_to_create, run data.next_command for the first bounded create. If the guide authenticated from env or stdin, prefer data.auth_handoff.next_command.with_env or data.auth_handoff.next_command.with_stdin so auth follows the create. Use 0.05 only when intentionally budget-capping to a lower-cost/lower-resolution path; the quality-default first create generally needs the guide's returned max_estimated_usd_per_image. Add --output-count N only after models show confirms the selected create model supports more than one output; credit_pricing.credits_required is the total debit across outputs, while max_estimated_usd_per_image remains a per-image guard.
 7. After create, use image-skill jobs show JOB_ID to recover status, cost, safety, timestamps, and final assets; image-skill assets get ASSET_URL_OR_ID --output ./result.png to fetch the generated asset without repeating provider work; and image-skill activity list --subject JOB_ID to find ledger events, trace, usage, and asset links to cite.
 8. Leave image-skill feedback create if the first-run flow is confusing, blocked, missing an affordance, or easier through a direct provider than through Image Skill. Use image-skill activity show FEEDBACK_ID only when you need to confirm the feedback entered the hosted ledger.
 
@@ -103,7 +103,7 @@ Core commands:
 - image-skill activity list --limit 20 --json
 - image-skill activity list --subject JOB_OR_ASSET_OR_FEEDBACK_OR_TRACE --json
 - image-skill activity show EVENT_OR_JOB_OR_ASSET_OR_FEEDBACK_OR_TRACE --json
-- image-skill feedback create --type TYPE --title TITLE --body BODY --command COMMAND --expected EXPECTED --actual ACTUAL --proof-needed PROOF --surface cli,docs --evidence trace:TRACE_ID --severity medium --confidence high --next-state watch --json
+- image-skill feedback create --type user_feedback --title TITLE --body BODY --command COMMAND --expected EXPECTED --actual ACTUAL --proof-needed PROOF --surface cli,docs --evidence trace:TRACE_ID --severity medium --confidence high --next-state watch --json
 
 Hosted API endpoints:
 - POST https://api.image-skill.com/v1/agent-signups creates or rotates a restricted unclaimed agent token. Request JSON prefers agent_contact as the email-shaped durable contact inbox for the restricted agent identity; human_email remains accepted only as a legacy compatibility alias. The contact is not a requirement that an autonomous agent stop until a specific human is present. Response JSON returns data.agent_contact as the redacted contact and returns the token once as data.token. Store it in the agent runtime secret store; never put it in prompts, logs, issue text, or feedback.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "image-skill",
-  "version": "0.1.19",
+  "version": "0.1.21",
   "description": "Zero-setup durable creative-media CLI for agents (image + video + audio + 3D): guide-first creation, model and cost inspection, owned URLs, JSON recovery, payments, reusable assets, and feedback.",
   "type": "module",
   "private": false,

package/skill.md

@@ -118,11 +118,17 @@ a signup, provider job, dry-run job, payment object, credit debit, or asset.
 npx -y image-skill@latest create --guide --prompt "a compact field camera on a stainless workbench"
 ```
 
-Read `data.stage`, `data.next_command`, and `data.mutation`. If the guide
-returns `auth_required`, run the signup command it gives you, then rerun the
-same guide. If it returns `quota_required`, inspect the payment commands it
-gives you and hand the Stripe link to a human sponsor. If it returns
-`ready_to_create`, run `data.next_command` for the bounded create.
+Read `data.stage`, `data.next_command`, `data.auth_handoff`, and
+`data.mutation`. If the guide returns `auth_required`, run the signup command
+it gives you, store the returned token, then rerun the same guide. If the
+runtime does not inject that token automatically, use
+`data.auth_handoff.rerun_guide.with_env` or
+`data.auth_handoff.rerun_guide.with_stdin`. If it returns `quota_required`,
+inspect the payment commands it gives you and hand the Stripe link to a human
+sponsor. If it returns `ready_to_create`, run `data.next_command` for the
+bounded create; when the guide authenticated from env or stdin, prefer
+`data.auth_handoff.next_command.with_env` or
+`data.auth_handoff.next_command.with_stdin`.
 
 Use the lower-level inspection commands when the guide asks for them or when
 you need capability details before spending:
@@ -201,6 +207,9 @@ hosted signup does not auto-save auth into the CLI config. `--save` is local-onl
 older instructions. Use `--show-token --no-save` when the runtime has a separate
 secret store and needs the raw token once. If you pass the token explicitly,
 prefer `--token-stdin` over `--token`.
+The guide returns `data.auth_handoff` with copy-safe env/stdin command
+templates so the token does not need to appear in prompts, logs, issue text, or
+feedback.
 
 In the preview contract, `--agent-contact` means an email-shaped durable
 contact inbox for the restricted agent identity, not a requirement to find an

package/skills/image-skill/SKILL.md

@@ -118,11 +118,17 @@ a signup, provider job, dry-run job, payment object, credit debit, or asset.
 npx -y image-skill@latest create --guide --prompt "a compact field camera on a stainless workbench"
 ```
 
-Read `data.stage`, `data.next_command`, and `data.mutation`. If the guide
-returns `auth_required`, run the signup command it gives you, then rerun the
-same guide. If it returns `quota_required`, inspect the payment commands it
-gives you and hand the Stripe link to a human sponsor. If it returns
-`ready_to_create`, run `data.next_command` for the bounded create.
+Read `data.stage`, `data.next_command`, `data.auth_handoff`, and
+`data.mutation`. If the guide returns `auth_required`, run the signup command
+it gives you, store the returned token, then rerun the same guide. If the
+runtime does not inject that token automatically, use
+`data.auth_handoff.rerun_guide.with_env` or
+`data.auth_handoff.rerun_guide.with_stdin`. If it returns `quota_required`,
+inspect the payment commands it gives you and hand the Stripe link to a human
+sponsor. If it returns `ready_to_create`, run `data.next_command` for the
+bounded create; when the guide authenticated from env or stdin, prefer
+`data.auth_handoff.next_command.with_env` or
+`data.auth_handoff.next_command.with_stdin`.
 
 Use the lower-level inspection commands when the guide asks for them or when
 you need capability details before spending:
@@ -201,6 +207,9 @@ hosted signup does not auto-save auth into the CLI config. `--save` is local-onl
 older instructions. Use `--show-token --no-save` when the runtime has a separate
 secret store and needs the raw token once. If you pass the token explicitly,
 prefer `--token-stdin` over `--token`.
+The guide returns `data.auth_handoff` with copy-safe env/stdin command
+templates so the token does not need to appear in prompts, logs, issue text, or
+feedback.
 
 In the preview contract, `--agent-contact` means an email-shaped durable
 contact inbox for the restricted agent identity, not a requirement to find an

package/skills/image-skill/references/cli.md

@@ -139,10 +139,16 @@ auth or payment state changes. Do not run `doctor`, `models list`, `signup`,
 checklist before the guide asks for them.
 
 - `prompt_required`: rerun `data.next_command` with the real prompt.
-- `auth_required`: run `data.next_command`, then rerun guide once.
+- `auth_required`: run `data.next_command`, store the returned token, then
+  rerun guide once. If the runtime does not automatically inject that token,
+  use `data.auth_handoff.rerun_guide.with_env` or
+  `data.auth_handoff.rerun_guide.with_stdin`.
 - `quota_required`: follow the payment commands in
   `data.checks.payments.suggested_commands`, then rerun guide once.
-- `ready_to_create`: run `data.next_command` for the first bounded create.
+- `ready_to_create`: run `data.next_command` for the first bounded create. If
+  the guide authenticated from env or stdin, prefer
+  `data.auth_handoff.next_command.with_env` or
+  `data.auth_handoff.next_command.with_stdin` so auth follows the create.
 
 Manual escape hatches are not prerequisites. Use them only when
 `data.next_command` / `data.escape_hatches` asks, or when the task genuinely
@@ -161,6 +167,9 @@ image-skill create --dry-run --prompt "a compact field camera on a stainless wor
 Use `--show-token` for hosted signup only when the runtime can immediately store
 the raw token once. For later commands, prefer `IMAGE_SKILL_TOKEN` or
 `--token-stdin`; both keep tokens out of prompts and shell history.
+`create --guide` also returns `data.auth_handoff` with copy-safe env/stdin
+templates when auth is required or when the returned create command needs the
+same auth context.
 
 ### Local Config And Install
 

package/skills/image-skill/references/llms.txt

@@ -57,12 +57,12 @@ Claim states:
 - revoked: token or agent disabled
 
 First-run guide loop:
-1. Run image-skill create --guide --prompt PROMPT. This is the canonical fresh-agent entrypoint and the only required first command. It performs read-only hosted reachability, executable model availability, auth/quota, and payment rail checks and returns data.stage, data.next_command, data.escape_hatches, and data.mutation. Guide mode must report provider_call: false, hosted_create: false, hosted_signup: false, payment_object: false, credit_debit: false, and media_write: false.
+1. Run image-skill create --guide --prompt PROMPT. This is the canonical fresh-agent entrypoint and the only required first command. It performs read-only hosted reachability, executable model availability, auth/quota, and payment rail checks and returns data.stage, data.next_command, data.auth_handoff, data.escape_hatches, and data.mutation. Guide mode must report provider_call: false, hosted_create: false, hosted_signup: false, payment_object: false, credit_debit: false, and media_write: false.
 2. Follow data.next_command. Do not run doctor, models list, signup, whoami, quota, dry-run, or payment commands as a setup checklist before the guide asks for them.
 3. If data.stage is prompt_required, rerun data.next_command with the real prompt.
-4. If data.stage is auth_required, run data.next_command, store the returned token in the agent runtime secret store, then rerun the guide once with IMAGE_SKILL_TOKEN or --token-stdin. The signup command uses --agent-contact as an email-shaped durable contact inbox for the restricted agent identity, not as a requirement to find an individual human. Hosted signup returns the raw restricted token only when --show-token is set, and only once; it does not auto-save auth into the public CLI config. Use an agent-owned inbox when available; otherwise use an operator, team, or sponsor inbox that can receive future claim, billing, or abuse notices. Do not block waiting for a person, invent a person, or use a throwaway inbox. example.invalid addresses are only appropriate inside documented harness or proof runs. --human-email remains accepted as a compatibility alias, but the guide must not teach it. --save is local-only (--local) and rejected on the hosted path; the guide must not teach it. Use --no-save only for older hosted instructions, and use --show-token --no-save when the runtime has a separate secret store and needs the raw token once.
+4. If data.stage is auth_required, run data.next_command, store the returned token in the agent runtime secret store, then rerun the guide once with IMAGE_SKILL_TOKEN or --token-stdin. If the runtime does not inject the token automatically, use data.auth_handoff.rerun_guide.with_env or data.auth_handoff.rerun_guide.with_stdin. The signup command uses --agent-contact as an email-shaped durable contact inbox for the restricted agent identity, not as a requirement to find an individual human. Hosted signup returns the raw restricted token only when --show-token is set, and only once; it does not auto-save auth into the public CLI config. Use an agent-owned inbox when available; otherwise use an operator, team, or sponsor inbox that can receive future claim, billing, or abuse notices. Do not block waiting for a person, invent a person, or use a throwaway inbox. example.invalid addresses are only appropriate inside documented harness or proof runs. --human-email remains accepted as a compatibility alias, but the guide must not teach it. --save is local-only (--local) and rejected on the hosted path; the guide must not teach it. Use --no-save only for older hosted instructions, and use --show-token --no-save when the runtime has a separate secret store and needs the raw token once.
 5. If data.stage is quota_required, follow the payment commands in data.checks.payments.suggested_commands, then rerun the guide once. One Image Skill credit is $0.01. Credit quotes grant prepaid value units; create/edit operations debit model-priced credits reported as cost.credit_pricing. Starter preview currently gives bounded free-preview credits plus a four-job daily cap.
-6. If data.stage is ready_to_create, run data.next_command for the first bounded create. Use 0.05 only when intentionally budget-capping to a lower-cost/lower-resolution path; the quality-default first create generally needs the guide's returned max_estimated_usd_per_image. Add --output-count N only after models show confirms the selected create model supports more than one output; credit_pricing.credits_required is the total debit across outputs, while max_estimated_usd_per_image remains a per-image guard.
+6. If data.stage is ready_to_create, run data.next_command for the first bounded create. If the guide authenticated from env or stdin, prefer data.auth_handoff.next_command.with_env or data.auth_handoff.next_command.with_stdin so auth follows the create. Use 0.05 only when intentionally budget-capping to a lower-cost/lower-resolution path; the quality-default first create generally needs the guide's returned max_estimated_usd_per_image. Add --output-count N only after models show confirms the selected create model supports more than one output; credit_pricing.credits_required is the total debit across outputs, while max_estimated_usd_per_image remains a per-image guard.
 7. After create, use image-skill jobs show JOB_ID to recover status, cost, safety, timestamps, and final assets; image-skill assets get ASSET_URL_OR_ID --output ./result.png to fetch the generated asset without repeating provider work; and image-skill activity list --subject JOB_ID to find ledger events, trace, usage, and asset links to cite.
 8. Leave image-skill feedback create if the first-run flow is confusing, blocked, missing an affordance, or easier through a direct provider than through Image Skill. Use image-skill activity show FEEDBACK_ID only when you need to confirm the feedback entered the hosted ledger.
 
@@ -103,7 +103,7 @@ Core commands:
 - image-skill activity list --limit 20 --json
 - image-skill activity list --subject JOB_OR_ASSET_OR_FEEDBACK_OR_TRACE --json
 - image-skill activity show EVENT_OR_JOB_OR_ASSET_OR_FEEDBACK_OR_TRACE --json
-- image-skill feedback create --type TYPE --title TITLE --body BODY --command COMMAND --expected EXPECTED --actual ACTUAL --proof-needed PROOF --surface cli,docs --evidence trace:TRACE_ID --severity medium --confidence high --next-state watch --json
+- image-skill feedback create --type user_feedback --title TITLE --body BODY --command COMMAND --expected EXPECTED --actual ACTUAL --proof-needed PROOF --surface cli,docs --evidence trace:TRACE_ID --severity medium --confidence high --next-state watch --json
 
 Hosted API endpoints:
 - POST https://api.image-skill.com/v1/agent-signups creates or rotates a restricted unclaimed agent token. Request JSON prefers agent_contact as the email-shaped durable contact inbox for the restricted agent identity; human_email remains accepted only as a legacy compatibility alias. The contact is not a requirement that an autonomous agent stop until a specific human is present. Response JSON returns data.agent_contact as the redacted contact and returns the token once as data.token. Store it in the agent runtime secret store; never put it in prompts, logs, issue text, or feedback.