npm - image-skill - Versions diffs - 0.1.2 → 0.1.3 - Mend

image-skill 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -16,7 +16,7 @@ Install the executable CLI from npm:
 ```bash
 npm install -g image-skill
 image-skill doctor --json
-image-skill signup --agent --human-email human@example.com --agent-name creative-agent --runtime openclaw --save --json
+image-skill signup --agent --human-email CONTACT_OR_SPONSOR_EMAIL --agent-name creative-agent --runtime openclaw --save --json
 image-skill credits methods --json
 image-skill credits packs list --json
 image-skill credits quote --pack starter-500 --payment-method stripe_checkout --idempotency-key first-topup-001 --json

package/bin/image-skill.mjs CHANGED Viewed

@@ -7,13 +7,17 @@ import { Readable } from "node:stream";
 import { pipeline } from "node:stream/promises";
 import os from "node:os";
-const VERSION = "0.1.2";
+const VERSION = "0.1.3";
 const DEFAULT_API_BASE_URL = "https://api.image-skill.com";
 const DEFAULT_CONFIG_PATH = join(
   process.env.XDG_CONFIG_HOME ?? join(os.homedir(), ".config"),
   "image-skill",
   "config.json",
 );
+const SIGNUP_SUGGESTED_COMMAND =
+  "image-skill signup --agent --human-email CONTACT_OR_SPONSOR_EMAIL --agent-name NAME --runtime RUNTIME --save --json";
+const SIGNUP_CONTACT_GUIDANCE =
+  "Use --human-email for the accountable contact or sponsor inbox for this restricted agent identity. If no individual human is in the loop, use a durable operator/team/agent inbox that can receive future claim, billing, or abuse notices; do not invent a person or use a throwaway inbox.";
 const argv = process.argv.slice(2);
 const result = await main(argv);
@@ -173,9 +177,17 @@ async function signup(argv) {
   const agentName = flagString(args, "agent-name");
   const runtime = flagString(args, "runtime");
   if (humanEmail === null || agentName === null || runtime === null) {
-    return invalid(
+    return failure(
       "image-skill signup",
-      "signup requires --human-email, --agent-name, and --runtime",
+      2,
+      "INVALID_ARGUMENTS",
+      `signup requires --human-email, --agent-name, and --runtime. ${SIGNUP_CONTACT_GUIDANCE}`,
+      false,
+      {
+        required_flags: ["--human-email", "--agent-name", "--runtime"],
+        suggested_command: SIGNUP_SUGGESTED_COMMAND,
+        docs_url: "https://image-skill.com/cli.md#image-skill-signup-agent",
+      },
     );
   }
   const save = flagBool(args, "save");
@@ -204,8 +216,7 @@ async function signup(argv) {
         "signup --save requires a returned hosted token",
         true,
         {
-          suggested_command:
-            "image-skill signup --agent --human-email EMAIL --agent-name NAME --runtime RUNTIME --save --json",
+          suggested_command: SIGNUP_SUGGESTED_COMMAND,
           docs_url: "https://image-skill.com/cli.md#image-skill-signup-agent",
         },
       );
@@ -1198,8 +1209,7 @@ async function resolveToken(args, options = {}) {
       "hosted command requires auth; run signup --save, set IMAGE_SKILL_TOKEN, or pass --token-stdin",
       false,
       {
-        suggested_command:
-          "image-skill signup --agent --human-email EMAIL --agent-name NAME --runtime RUNTIME --save --json",
+        suggested_command: SIGNUP_SUGGESTED_COMMAND,
         docs_url: "https://image-skill.com/cli.md#image-skill-signup-agent",
       },
     ),

package/cli.md CHANGED Viewed

@@ -66,6 +66,14 @@ permissions and redacts it from stdout. Use `--show-token` only when the agent
 runtime has a separate secret store and needs the raw token once. Do not paste
 tokens into prompts, logs, issue text, or feedback.
+In this preview contract, `--human-email` is the accountable contact or sponsor
+inbox for the restricted agent identity. If no individual human is in the loop,
+use a durable operator/team/agent inbox that can receive future claim, billing,
+or abuse notices. Do not invent a person or use a throwaway inbox.
+`example.invalid` addresses are only appropriate inside documented harness or
+proof runs. Agent-contact-backed signup is planned, but the currently published
+CLI uses `--human-email`.
 For shell-based agent runtimes, store the token outside prompts and then expose
 it as:
@@ -819,15 +827,22 @@ Activity `type` values are stable public contract values. Do not infer new
 event names from provider responses or telemetry logs; use only the registry
 below.
-| Event type                         | Subject    | Operation   | Emitted when                                                     | Stable links                                            |
-| ---------------------------------- | ---------- | ----------- | ---------------------------------------------------------------- | ------------------------------------------------------- |
-| `job.completed`                    | `job`      | create/edit | A hosted create or edit job reaches a terminal state.            | `job_id`, `asset_ids`, `usage_event_id`                 |
-| `asset.created`                    | `asset`    | create/edit | A hosted create or edit produces an output asset.                | `job_id`, `asset_ids`, `usage_event_id`                 |
-| `asset.uploaded`                   | `asset`    | upload      | A public edit workflow uploads or imports input media.           | `job_id`, `asset_ids`, `usage_event_id`                 |
-| `usage.credit_consumed`            | `usage`    | usage       | A creative operation records a preview-credit entry.             | `job_id`, `usage_event_id`                              |
-| `feedback.created`                 | `feedback` | feedback    | Hosted agent feedback is accepted into product memory.           | `feedback_id`                                           |
-| `payment.checkout_session.created` | `payment`  | payment     | A Stripe Checkout session is created and awaits external action. | `quote_id`, `payment_attempt_id`, `checkout_session_id` |
-| `credits.payment_backed_granted`   | `credit`   | credits     | Verified payment or fake-payment proof grants paid credits.      | `quote_id`, `receipt_id`, `credit_event_id`             |
+| Event type                         | Subject    | Operation   | Emitted when                                                      | Stable links                                            |
+| ---------------------------------- | ---------- | ----------- | ----------------------------------------------------------------- | ------------------------------------------------------- |
+| `job.completed`                    | `job`      | create/edit | A hosted create or edit job reaches a terminal state.             | `job_id`, `asset_ids`, `usage_event_id`                 |
+| `asset.created`                    | `asset`    | create/edit | A hosted create or edit produces an output asset.                 | `job_id`, `asset_ids`, `usage_event_id`                 |
+| `asset.uploaded`                   | `asset`    | upload      | A public edit workflow uploads or imports input media.            | `job_id`, `asset_ids`, `usage_event_id`                 |
+| `usage.credit_consumed`            | `usage`    | usage       | A creative operation records a preview-credit entry.              | `job_id`, `usage_event_id`                              |
+| `feedback.created`                 | `feedback` | feedback    | Hosted agent feedback is accepted into product memory.            | `feedback_id`                                           |
+| `feedback.github_queue.processed`  | `feedback` | feedback    | Feedback is processed by the GitHub implementation queue handoff. | `feedback_id`                                           |
+| `payment.checkout_session.created` | `payment`  | payment     | A Stripe Checkout session is created and awaits external action.  | `quote_id`, `payment_attempt_id`, `checkout_session_id` |
+| `credits.payment_backed_granted`   | `credit`   | credits     | Verified payment or fake-payment proof grants paid credits.       | `quote_id`, `receipt_id`, `credit_event_id`             |
+`feedback.github_queue.processed` includes `details.github_queue` with
+machine-readable lifecycle fields such as `state`, `reason`, `issue_urls`,
+`issue_numbers`, `mode`, and `github_mutation`. Agents should use it to learn
+whether submitted feedback was promoted, skipped, deduped, blocked, or already
+mirrored without reading private repository artifacts.
 If a response includes an event type outside this registry, treat it as a
 contract bug and submit `image-skill feedback create --json` with the event ID

package/llms.txt CHANGED Viewed

@@ -44,7 +44,7 @@ Claim states:
 First-run flow:
 1. image-skill doctor --json
-2. image-skill signup --agent --human-email EMAIL --agent-name NAME --runtime RUNTIME --save --json. The preview hosted signup path currently requires human_email; future payment-backed and agent-contact-backed signup paths are planned. Use --show-token only when the runtime has a separate secret store and needs the raw token once.
+2. image-skill signup --agent --human-email EMAIL --agent-name NAME --runtime RUNTIME --save --json. The preview hosted signup path currently requires human_email as the accountable contact or sponsor inbox for the restricted agent identity. If no individual human is in the loop, use a durable operator/team/agent inbox that can receive future claim, billing, or abuse notices; do not invent a person or use a throwaway inbox. example.invalid addresses are only appropriate inside documented harness or proof runs. Future payment-backed and agent-contact-backed signup paths are planned. Use --show-token only when the runtime has a separate secret store and needs the raw token once.
 3. Reuse the saved CLI auth for later commands, or store the returned data.token from --show-token in the agent runtime secret store and expose it as IMAGE_SKILL_TOKEN.
 4. image-skill whoami --json
 5. image-skill usage quota --json
@@ -98,7 +98,7 @@ Core commands:
 - image-skill feedback create --type TYPE --title TITLE --body BODY --command COMMAND --expected EXPECTED --actual ACTUAL --proof-needed PROOF --surface cli,docs --evidence trace:TRACE_ID --severity medium --confidence high --next-state watch --json
 Hosted API endpoints:
-- POST https://api.image-skill.com/v1/agent-signups creates or rotates a restricted unclaimed agent token. The response returns the token once as data.token. Store it in the agent runtime secret store; never put it in prompts, logs, issue text, or feedback.
+- POST https://api.image-skill.com/v1/agent-signups creates or rotates a restricted unclaimed agent token. Request human_email is the preview contact/sponsor inbox, not a requirement that an autonomous agent stop until a specific human is present. The response returns the token once as data.token. Store it in the agent runtime secret store; never put it in prompts, logs, issue text, or feedback.
 - GET https://api.image-skill.com/v1/whoami returns durable hosted identity for Authorization: Bearer TOKEN.
 - GET https://api.image-skill.com/v1/quota returns durable hosted quota for Authorization: Bearer TOKEN.
 - GET https://api.image-skill.com/v1/payment-methods returns the no-auth payment rail catalog. It tells agents which rails are available, whether live money can move, buyer modes (agent_only, hybrid, human_only), browser requirements, limits, endpoint paths, and recovery commands.
@@ -116,7 +116,7 @@ Hosted API endpoints:
 - GET https://api.image-skill.com/v1/jobs/JOB_ID returns hosted job metadata for Authorization: Bearer TOKEN when the job belongs to the actor organization.
 - GET https://api.image-skill.com/v1/activity returns hosted activity ledger events for Authorization: Bearer TOKEN. Optional query: limit, subject. Activity is for ledger context, not job recovery.
 - GET https://api.image-skill.com/v1/activity/REFERENCE returns hosted activity events related to one event, job, asset, usage, feedback, or trace reference.
-- Public activity event types are: job.completed, asset.created, asset.uploaded, usage.credit_consumed, feedback.created, payment.checkout_session.created, credits.payment_backed_granted. Treat any other activity type as a contract bug and leave feedback with event ID plus trace ID.
+- Public activity event types are: job.completed, asset.created, asset.uploaded, usage.credit_consumed, feedback.created, feedback.github_queue.processed, payment.checkout_session.created, credits.payment_backed_granted. Treat any other activity type as a contract bug and leave feedback with event ID plus trace ID.
 - POST https://api.image-skill.com/v1/cli runs public CLI-compatible commands over JSON argv.
 - GET https://api.image-skill.com/healthz checks API readiness.
@@ -205,8 +205,11 @@ trace references. Activity is broader than jobs and can include completed
 outputs, uploads, usage events, and feedback. Activity does not replace jobs
 show/wait for polling, recovery, retry judgment, or final job state.
 Current activity event registry: job.completed, asset.created, asset.uploaded,
-usage.credit_consumed, feedback.created, payment.checkout_session.created,
-credits.payment_backed_granted.
+usage.credit_consumed, feedback.created, feedback.github_queue.processed,
+payment.checkout_session.created, credits.payment_backed_granted.
+Feedback GitHub queue lifecycle events expose `details.github_queue.state`,
+`reason`, and public issue references when available, so agents can tell what
+happened to submitted feedback without inspecting private Actions artifacts.
 Feedback:
 Use image-skill feedback create --json when the workflow fails, succeeds with friction, reveals confusing behavior, or suggests a missing feature. Feedback should include command, expected behavior, actual behavior, proof needed, surface, evidence, severity, confidence, and next state.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "image-skill",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Thin hosted CLI for Image Skill, a creative runtime for agents.",
   "type": "module",
   "private": false,

package/skill.md CHANGED Viewed

@@ -62,6 +62,14 @@ image-skill signup --agent \
 permissions and redacts it from stdout. Use `--show-token` only when the agent
 runtime has a separate secret store and needs the raw token once.
+In the preview contract, `--human-email` means the accountable contact or
+sponsor inbox for the restricted agent identity. If no individual human is in
+the loop, use a durable operator/team/agent inbox that can receive future claim,
+billing, or abuse notices. Do not invent a person or use a throwaway inbox.
+`example.invalid` addresses are only appropriate inside documented harness or
+proof runs. Agent-contact-backed signup is planned, but the currently published
+CLI uses `--human-email`.
 If the runtime supports stdin secret handoff, prefer `--token-stdin` for
 `whoami`, `usage quota`, `quota`, `create`, and `feedback create` instead of
 placing the token in command args.
@@ -73,10 +81,10 @@ image-skill whoami --json
 image-skill usage quota --json
 ```
-The preview hosted signup path currently uses a human sponsor email. Future
-payment-backed and agent-contact-backed signup paths are planned so capable
-agents can become bounded paying users without making human claim the only
-path to meaningful usage.
+The preview hosted signup path currently uses the contact/sponsor email field
+above. Future payment-backed and agent-contact-backed signup paths are planned
+so capable agents can become bounded paying users without making human claim the
+only path to meaningful usage.
 Credit quote and buy flow: