image-skill 0.1.26 → 0.1.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +9 -0
- package/bin/image-skill.mjs +17 -6
- package/cli.md +3 -0
- package/package.json +1 -1
- package/skills/image-skill/references/cli.md +3 -0
package/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,15 @@ provenance; this file is the human- and agent-readable release map.
|
|
|
6
6
|
|
|
7
7
|
## Unreleased
|
|
8
8
|
|
|
9
|
+
## 0.1.27 - 2026-06-02
|
|
10
|
+
|
|
11
|
+
- Fix (activation): default hosted signup now reports saved auth as a positive
|
|
12
|
+
`data.auth_handoff.status: "saved_config_ready"` state, keeps `data.token`
|
|
13
|
+
null, and suppresses the generic hosted token-returned warning when the
|
|
14
|
+
public CLI saved the token instead of showing it. Fresh agents can rerun the
|
|
15
|
+
guide or continue with `whoami`, feedback, credits, create, or edit without
|
|
16
|
+
hunting for a raw token or running a separate `auth save`.
|
|
17
|
+
|
|
9
18
|
## 0.1.26 - 2026-06-02
|
|
10
19
|
|
|
11
20
|
- Fix (activation): public CLI subcommand help flags now return command help
|
package/bin/image-skill.mjs
CHANGED
|
@@ -7,7 +7,7 @@ import { Readable } from "node:stream";
|
|
|
7
7
|
import { pipeline } from "node:stream/promises";
|
|
8
8
|
import os from "node:os";
|
|
9
9
|
|
|
10
|
-
const VERSION = "0.1.
|
|
10
|
+
const VERSION = "0.1.27";
|
|
11
11
|
const PACKAGE_NAME = "image-skill";
|
|
12
12
|
const DEFAULT_API_BASE_URL = "https://api.image-skill.com";
|
|
13
13
|
const DEFAULT_DOCS_BASE_URL = "https://image-skill.com";
|
|
@@ -31,6 +31,8 @@ const SIGNUP_SUGGESTED_COMMAND =
|
|
|
31
31
|
"image-skill signup --agent --agent-contact AGENT_OR_OPERATOR_INBOX --agent-name NAME --runtime RUNTIME --json";
|
|
32
32
|
const SIGNUP_CONTACT_GUIDANCE =
|
|
33
33
|
"Preview signup currently requires an email-shaped durable contact inbox, not an individual human email. Use an agent-owned inbox when available; otherwise use an operator, team, or sponsor inbox that can receive future claim, billing, or abuse notices. Do not block waiting for a person, invent a person, or use a throwaway inbox. --human-email remains a compatibility alias.";
|
|
34
|
+
const HOSTED_SIGNUP_TOKEN_RETURNED_WARNING =
|
|
35
|
+
"hosted restricted token is returned once; store it in the agent runtime secret store and never paste it into prompts, logs, issues, or product feedback";
|
|
34
36
|
const PUBLIC_NPX_COMMAND_PREFIX = "npx -y image-skill@latest";
|
|
35
37
|
const CREDIT_UNIT_USD = 0.01;
|
|
36
38
|
const PAYMENT_CREDENTIAL_FLAGS = new Set([
|
|
@@ -662,7 +664,9 @@ async function signup(argv) {
|
|
|
662
664
|
rewriteSignupContactFailure(result);
|
|
663
665
|
|
|
664
666
|
const token = result.envelope.data?.token;
|
|
665
|
-
const warnings =
|
|
667
|
+
const warnings = result.envelope.warnings.filter(
|
|
668
|
+
(warning) => warning !== HOSTED_SIGNUP_TOKEN_RETURNED_WARNING,
|
|
669
|
+
);
|
|
666
670
|
if (result.envelope.ok && shouldSave) {
|
|
667
671
|
if (typeof token !== "string" || token.trim().length === 0) {
|
|
668
672
|
return failure(
|
|
@@ -687,9 +691,6 @@ async function signup(argv) {
|
|
|
687
691
|
} catch (error) {
|
|
688
692
|
return configWriteFailure("image-skill signup", error);
|
|
689
693
|
}
|
|
690
|
-
warnings.push(
|
|
691
|
-
"hosted restricted token was saved to the public CLI config with 0600 permissions; later commands can authenticate from config without repeating signup",
|
|
692
|
-
);
|
|
693
694
|
}
|
|
694
695
|
if (result.envelope.ok && showToken) {
|
|
695
696
|
warnings.push(
|
|
@@ -710,15 +711,25 @@ async function signup(argv) {
|
|
|
710
711
|
saved: shouldSave,
|
|
711
712
|
config_path: shouldSave ? configPath() : null,
|
|
712
713
|
reason: shouldSave
|
|
713
|
-
? "
|
|
714
|
+
? "auth is ready in the public CLI config; no raw token copy step is required"
|
|
714
715
|
: showToken
|
|
715
716
|
? "hosted signup returned the token once for the agent runtime secret store"
|
|
716
717
|
: "hosted signup did not request a raw token or save config because --no-save was set",
|
|
717
718
|
},
|
|
718
719
|
auth_handoff: {
|
|
720
|
+
status: shouldSave
|
|
721
|
+
? "saved_config_ready"
|
|
722
|
+
: showToken
|
|
723
|
+
? "manual_token_handoff"
|
|
724
|
+
: "not_saved",
|
|
725
|
+
saved_auth_ready: shouldSave,
|
|
719
726
|
accepted_methods: ["config", "IMAGE_SKILL_TOKEN", "--token-stdin"],
|
|
720
727
|
token_source_after_signup: shouldSave ? "config" : "not_saved",
|
|
721
728
|
secret_value_included: showToken,
|
|
729
|
+
raw_token_copy_required: !shouldSave,
|
|
730
|
+
rerun_guide_hint: shouldSave
|
|
731
|
+
? "Rerun the guide command you just ran; the CLI will authenticate from saved config."
|
|
732
|
+
: "Rerun the guide with IMAGE_SKILL_TOKEN or --token-stdin after storing the returned token.",
|
|
722
733
|
next_step: shouldSave
|
|
723
734
|
? "Run whoami, usage quota, feedback create, credits, create, or edit normally; the CLI will read the saved config."
|
|
724
735
|
: "Store data.token in the agent runtime secret store immediately, then pass it with IMAGE_SKILL_TOKEN or --token-stdin.",
|
package/cli.md
CHANGED
|
@@ -91,6 +91,9 @@ Hosted signup saves the restricted `isk_r_` token to the public CLI config by
|
|
|
91
91
|
default with `0600` permissions, so later hosted commands can authenticate from
|
|
92
92
|
config without repeating signup or carrying a raw token through prompts. Set
|
|
93
93
|
`IMAGE_SKILL_CONFIG_PATH` first when the default config home may be read-only.
|
|
94
|
+
Successful default signup reports `data.auth_handoff.status` as
|
|
95
|
+
`saved_config_ready`, keeps `data.token` null, and should not require any
|
|
96
|
+
token-copy step.
|
|
94
97
|
The raw token is returned only when `--show-token` is set, and only once. Use
|
|
95
98
|
`--show-token --no-save` when the agent runtime has a separate secret store and
|
|
96
99
|
does not want local config. Do not paste tokens into prompts, logs, issue text,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "image-skill",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.27",
|
|
4
4
|
"description": "Zero-setup durable creative-media CLI for agents (image + video + audio + 3D): guide-first creation, model and cost inspection, owned URLs, JSON recovery, payments, reusable assets, and feedback.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"private": false,
|
|
@@ -91,6 +91,9 @@ Hosted signup saves the restricted `isk_r_` token to the public CLI config by
|
|
|
91
91
|
default with `0600` permissions, so later hosted commands can authenticate from
|
|
92
92
|
config without repeating signup or carrying a raw token through prompts. Set
|
|
93
93
|
`IMAGE_SKILL_CONFIG_PATH` first when the default config home may be read-only.
|
|
94
|
+
Successful default signup reports `data.auth_handoff.status` as
|
|
95
|
+
`saved_config_ready`, keeps `data.token` null, and should not require any
|
|
96
|
+
token-copy step.
|
|
94
97
|
The raw token is returned only when `--show-token` is set, and only once. Use
|
|
95
98
|
`--show-token --no-save` when the agent runtime has a separate secret store and
|
|
96
99
|
does not want local config. Do not paste tokens into prompts, logs, issue text,
|