image-skill 0.1.5 → 0.1.7

package/README.md

@@ -11,12 +11,19 @@ Install the agent skill from the public mirror repo:
 npx skills add danielgwilson/image-skill-cli --skill image-skill -g -a codex -y
 ```
 
-Install the executable CLI from npm:
+Run the executable CLI from npm without requiring a writable global npm prefix:
+
+```bash
+npm exec --yes --package image-skill@latest -- image-skill doctor --json
+```
+
+For repeated shell use, global install is optional only after confirming the
+runtime has a writable npm prefix:
 
 ```bash
 npm install -g image-skill
 image-skill doctor --json
-image-skill signup --agent --human-email CONTACT_OR_SPONSOR_EMAIL --agent-name creative-agent --runtime openclaw --save --json
+image-skill signup --agent --agent-contact CONTACT_OR_SPONSOR_INBOX --agent-name creative-agent --runtime openclaw --save --json
 image-skill credits methods --json
 image-skill credits packs list --json
 image-skill credits quote --pack starter-500 --payment-method stripe_checkout --idempotency-key first-topup-001 --json
@@ -37,3 +44,13 @@ The CLI saves hosted agent tokens only when `--save` is explicit. Saved tokens
 live at `${XDG_CONFIG_HOME:-~/.config}/image-skill/config.json` by default with
 0600 permissions. Use `IMAGE_SKILL_CONFIG_PATH` to override the config path and
 `IMAGE_SKILL_TOKEN` or `--token-stdin` for runtime secret injection.
+
+Fresh sandboxes should prefer:
+
+```bash
+export IMAGE_SKILL_CONFIG_PATH="$PWD/.image-skill/config.json"
+npm exec --yes --package image-skill@latest -- image-skill signup --agent --agent-contact CONTACT_OR_SPONSOR_INBOX --agent-name creative-agent --runtime openclaw --save --json
+```
+
+If npm prefix/cache paths are read-only, set `npm_config_cache` and
+`npm_config_prefix` to writable directories before using `npm exec`.

package/bin/image-skill.mjs

@@ -7,7 +7,7 @@ import { Readable } from "node:stream";
 import { pipeline } from "node:stream/promises";
 import os from "node:os";
 
-const VERSION = "0.1.5";
+const VERSION = "0.1.7";
 const DEFAULT_API_BASE_URL = "https://api.image-skill.com";
 const DEFAULT_CONFIG_PATH = join(
   process.env.XDG_CONFIG_HOME ?? join(os.homedir(), ".config"),
@@ -15,9 +15,9 @@ const DEFAULT_CONFIG_PATH = join(
   "config.json",
 );
 const SIGNUP_SUGGESTED_COMMAND =
-  "image-skill signup --agent --human-email CONTACT_OR_SPONSOR_EMAIL --agent-name NAME --runtime RUNTIME --save --json";
+  "image-skill signup --agent --agent-contact CONTACT_OR_SPONSOR_INBOX --agent-name NAME --runtime RUNTIME --save --json";
 const SIGNUP_CONTACT_GUIDANCE =
-  "Use --human-email for the accountable contact or sponsor inbox for this restricted agent identity. If no individual human is in the loop, use a durable operator/team/agent inbox that can receive future claim, billing, or abuse notices; do not invent a person or use a throwaway inbox.";
+  "Use --agent-contact for the accountable contact, sponsor, operator, or agent inbox for this restricted agent identity. If no individual human is in the loop, use a durable operator/team/agent inbox that can receive future claim, billing, or abuse notices; do not invent a person or use a throwaway inbox. --human-email remains a compatibility alias.";
 
 const argv = process.argv.slice(2);
 const result = await main(argv);
@@ -39,7 +39,7 @@ async function main(rawArgv) {
       docs_url: "https://image-skill.com/cli.md",
       commands: [
         "doctor",
-        "signup --agent --save",
+        "signup --agent --agent-contact --save",
         "auth status",
         "auth save",
         "auth logout",
@@ -79,37 +79,37 @@ async function main(rawArgv) {
   try {
     switch (command) {
       case "doctor":
-        return doctor(rest);
+        return await doctor(rest);
       case "signup":
-        return signup(rest);
+        return await signup(rest);
       case "auth":
-        return auth(rest);
+        return await auth(rest);
       case "whoami":
-        return whoami(rest);
+        return await whoami(rest);
       case "usage":
-        return usage(rest);
+        return await usage(rest);
       case "quota":
-        return quota(rest);
+        return await quota(rest);
       case "credits":
-        return credits(rest);
+        return await credits(rest);
       case "models":
-        return models(rest);
+        return await models(rest);
       case "capabilities":
-        return capabilities(rest);
+        return await capabilities(rest);
       case "create":
-        return create(rest);
+        return await create(rest);
       case "upload":
-        return upload(rest);
+        return await upload(rest);
       case "edit":
-        return edit(rest);
+        return await edit(rest);
       case "assets":
-        return assets(rest);
+        return await assets(rest);
       case "jobs":
-        return jobs(rest);
+        return await jobs(rest);
       case "activity":
-        return activity(rest);
+        return await activity(rest);
       case "feedback":
-        return feedback(rest);
+        return await feedback(rest);
       default:
         return failure(
           `image-skill ${command}`,
@@ -173,18 +173,35 @@ async function signup(argv) {
   if (!flagBool(args, "agent")) {
     return invalid("image-skill signup", "signup currently requires --agent");
   }
-  const humanEmail = flagString(args, "human-email");
+  const contact = signupContact(args);
   const agentName = flagString(args, "agent-name");
   const runtime = flagString(args, "runtime");
-  if (humanEmail === null || agentName === null || runtime === null) {
+  if (!contact.ok) {
+    return failure(
+      "image-skill signup",
+      2,
+      "INVALID_ARGUMENTS",
+      contact.message,
+      false,
+      {
+        required_flags: ["--agent-contact", "--agent-name", "--runtime"],
+        suggested_command: SIGNUP_SUGGESTED_COMMAND,
+        docs_url: "https://image-skill.com/cli.md#image-skill-signup-agent",
+      },
+    );
+  }
+  if (contact.value === null || agentName === null || runtime === null) {
     return failure(
       "image-skill signup",
       2,
       "INVALID_ARGUMENTS",
-      `signup requires --human-email, --agent-name, and --runtime. ${SIGNUP_CONTACT_GUIDANCE}`,
+      `signup requires --agent-contact, --agent-name, and --runtime. ${SIGNUP_CONTACT_GUIDANCE}`,
       false,
       {
-        required_flags: ["--human-email", "--agent-name", "--runtime"],
+        required_flags: ["--agent-contact", "--agent-name", "--runtime"],
+        accepted_aliases: {
+          "--human-email": "--agent-contact",
+        },
         suggested_command: SIGNUP_SUGGESTED_COMMAND,
         docs_url: "https://image-skill.com/cli.md#image-skill-signup-agent",
       },
@@ -192,13 +209,19 @@ async function signup(argv) {
   }
   const save = flagBool(args, "save");
   const showToken = flagBool(args, "show-token");
+  if (save) {
+    const configReady = await assertConfigWritable("image-skill signup");
+    if (!configReady.ok) {
+      return configReady.result;
+    }
+  }
   const result = await apiRequest({
     command: "image-skill signup",
     method: "POST",
     apiBaseUrl: apiBase(args),
     path: "/v1/agent-signups",
     body: {
-      human_email: humanEmail,
+      human_email: contact.value,
       agent_name: agentName,
       runtime,
       return_token: save || showToken,
@@ -221,12 +244,16 @@ async function signup(argv) {
         },
       );
     }
-    await saveConfig({
-      api_base_url: apiBase(args),
-      token,
-      saved_at: new Date().toISOString(),
-      actor: result.envelope.actor ?? result.envelope.data?.actor ?? null,
-    });
+    try {
+      await saveConfig({
+        api_base_url: apiBase(args),
+        token,
+        saved_at: new Date().toISOString(),
+        actor: result.envelope.actor ?? result.envelope.data?.actor ?? null,
+      });
+    } catch (error) {
+      return configWriteFailure("image-skill signup", error);
+    }
     warnings.push(`saved hosted token to ${configPath()}`);
   }
 
@@ -285,12 +312,20 @@ async function auth(argv) {
     if (!token.ok) {
       return token.result;
     }
-    await saveConfig({
-      api_base_url: apiBase(args),
-      token: token.token,
-      saved_at: new Date().toISOString(),
-      actor: null,
-    });
+    const configReady = await assertConfigWritable("image-skill auth save");
+    if (!configReady.ok) {
+      return configReady.result;
+    }
+    try {
+      await saveConfig({
+        api_base_url: apiBase(args),
+        token: token.token,
+        saved_at: new Date().toISOString(),
+        actor: null,
+      });
+    } catch (error) {
+      return configWriteFailure("image-skill auth save", error);
+    }
     return success("image-skill auth save", {
       saved: true,
       config_path: configPath(),
@@ -1239,6 +1274,43 @@ async function saveConfig(value) {
   await chmod(path, 0o600);
 }
 
+async function assertConfigWritable(command) {
+  const path = configPath();
+  const probePath = `${path}.write-test-${process.pid}-${randomBytes(4).toString("hex")}`;
+  try {
+    await mkdir(dirname(path), { recursive: true });
+    await writeFile(probePath, "", { mode: 0o600 });
+    await chmod(probePath, 0o600);
+    await rm(probePath, { force: true });
+    return { ok: true };
+  } catch (error) {
+    await rm(probePath, { force: true }).catch(() => {});
+    return {
+      ok: false,
+      result: configWriteFailure(command, error),
+    };
+  }
+}
+
+function configWriteFailure(command, error) {
+  const message =
+    error instanceof Error
+      ? error.message
+      : "public CLI could not write its local auth config";
+  return failure(
+    command,
+    9,
+    "PUBLIC_CLI_CONFIG_WRITE_FAILED",
+    `public CLI could not write auth config at ${configPath()}: ${message}`,
+    true,
+    {
+      suggested_command:
+        'IMAGE_SKILL_CONFIG_PATH="$PWD/.image-skill/config.json" image-skill signup --agent --agent-contact CONTACT_OR_SPONSOR_INBOX --agent-name NAME --runtime RUNTIME --save --json',
+      docs_url: "https://image-skill.com/cli.md#local-config-and-install",
+    },
+  );
+}
+
 function parseArgs(argv) {
   const flags = new Map();
   const positionals = [];
@@ -1280,6 +1352,49 @@ function flagBool(args, name) {
   return args.flags.has(name) && args.flags.get(name)?.at(-1) !== "false";
 }
 
+function signupContact(args) {
+  if (
+    args.flags.has("agent-contact") &&
+    flagString(args, "agent-contact") === null
+  ) {
+    return {
+      ok: false,
+      value: null,
+      message: "agent-contact requires a value",
+    };
+  }
+  if (
+    args.flags.has("human-email") &&
+    flagString(args, "human-email") === null
+  ) {
+    return {
+      ok: false,
+      value: null,
+      message: "human-email requires a value",
+    };
+  }
+  const agentContact = flagString(args, "agent-contact");
+  const humanEmail = flagString(args, "human-email");
+  if (agentContact !== null && humanEmail !== null) {
+    const normalizedAgentContact = agentContact.trim().toLowerCase();
+    const normalizedHumanEmail = humanEmail.trim().toLowerCase();
+    if (normalizedAgentContact !== normalizedHumanEmail) {
+      return {
+        ok: false,
+        value: null,
+        message:
+          "signup received both --agent-contact and --human-email with different values; use one durable contact inbox",
+      };
+    }
+    return { ok: true, value: normalizedAgentContact };
+  }
+  const value = agentContact ?? humanEmail;
+  return {
+    ok: true,
+    value: value === null ? null : value.trim().toLowerCase(),
+  };
+}
+
 function flagNumber(args, name) {
   const value = flagString(args, name);
   if (value === null) {

package/cli.md

@@ -54,7 +54,7 @@ Bootstraps restricted agent access.
 
 ```bash
 image-skill signup --agent \
-  --human-email human@example.com \
+  --agent-contact agent-ops@example.com \
   --agent-name creative-agent \
   --runtime codex \
   --save \
@@ -66,13 +66,14 @@ permissions and redacts it from stdout. Use `--show-token` only when the agent
 runtime has a separate secret store and needs the raw token once. Do not paste
 tokens into prompts, logs, issue text, or feedback.
 
-In this preview contract, `--human-email` is the accountable contact or sponsor
-inbox for the restricted agent identity. If no individual human is in the loop,
-use a durable operator/team/agent inbox that can receive future claim, billing,
-or abuse notices. Do not invent a person or use a throwaway inbox.
+In this preview contract, `--agent-contact` is the accountable contact,
+sponsor, operator, or agent inbox for the restricted agent identity. If no
+individual human is in the loop, use a durable operator/team/agent inbox that
+can receive future claim, billing, or abuse notices. Do not invent a person or
+use a throwaway inbox.
 `example.invalid` addresses are only appropriate inside documented harness or
-proof runs. Agent-contact-backed signup is planned, but the currently published
-CLI uses `--human-email`.
+proof runs. `--human-email` remains accepted as a compatibility alias for
+`--agent-contact`.
 
 For shell-based agent runtimes, store the token outside prompts and then expose
 it as:
@@ -91,6 +92,44 @@ printf '%s\n' "$IMAGE_SKILL_TOKEN" | image-skill usage quota --token-stdin --jso
 `--api-base-url` is an advanced preview/test override; production public agents
 should omit it.
 
+### Local Config And Install
+
+Prefer package execution in fresh agent sandboxes:
+
+```bash
+npm exec --yes --package image-skill@latest -- image-skill doctor --json
+```
+
+Global install is optional, not the primary path. If `npm install -g image-skill`
+or `npx image-skill@latest ...` hits prefix/cache `EACCES`, retry with writable
+package-manager paths instead of cloning private source:
+
+```bash
+export npm_config_cache="${npm_config_cache:-$PWD/.npm-cache}"
+export npm_config_prefix="${npm_config_prefix:-$PWD/.npm-global}"
+export PATH="$npm_config_prefix/bin:$PATH"
+npm exec --yes --package image-skill@latest -- image-skill doctor --json
+```
+
+Saved auth state defaults to
+`${XDG_CONFIG_HOME:-~/.config}/image-skill/config.json`. If that location is
+read-only, set a writable config path before `signup --save`:
+
+```bash
+export IMAGE_SKILL_CONFIG_PATH="$PWD/.image-skill/config.json"
+npm exec --yes --package image-skill@latest -- image-skill signup --agent \
+  --agent-contact agent-ops@example.com \
+  --agent-name creative-agent \
+  --runtime codex \
+  --save \
+  --json
+```
+
+Config write failures return `PUBLIC_CLI_CONFIG_WRITE_FAILED` with a structured
+`error.recovery.suggested_command`. Agents should follow that recovery field,
+then continue with `whoami`, `usage quota`, `models list`, and the requested
+creative flow.
+
 ### `image-skill whoami`
 
 Shows current actor, organization, claim state, token class, and grants.
@@ -235,6 +274,11 @@ image-skill credits quote \
   --json
 ```
 
+Idempotency keys are scoped to the current hosted agent identity and exact
+quote request. Reusing a key with different credits, pack, or payment method
+returns a structured `error.recovery.suggested_command` with a fresh
+idempotency key for the attempted quote terms.
+
 For Stripe Checkout terms, prefer a named pack:
 
 ```bash

package/llms.txt

@@ -44,7 +44,7 @@ Claim states:
 
 First-run flow:
 1. image-skill doctor --json
-2. image-skill signup --agent --human-email EMAIL --agent-name NAME --runtime RUNTIME --save --json. The preview hosted signup path currently requires human_email as the accountable contact or sponsor inbox for the restricted agent identity. If no individual human is in the loop, use a durable operator/team/agent inbox that can receive future claim, billing, or abuse notices; do not invent a person or use a throwaway inbox. example.invalid addresses are only appropriate inside documented harness or proof runs. Future payment-backed and agent-contact-backed signup paths are planned. Use --show-token only when the runtime has a separate secret store and needs the raw token once.
+2. image-skill signup --agent --agent-contact EMAIL --agent-name NAME --runtime RUNTIME --save --json. The preview hosted signup path uses --agent-contact as the accountable contact, sponsor, operator, or agent inbox for the restricted agent identity. If no individual human is in the loop, use a durable operator/team/agent inbox that can receive future claim, billing, or abuse notices; do not invent a person or use a throwaway inbox. example.invalid addresses are only appropriate inside documented harness or proof runs. --human-email remains accepted as a compatibility alias. Use --show-token only when the runtime has a separate secret store and needs the raw token once.
 3. Reuse the saved CLI auth for later commands, or store the returned data.token from --show-token in the agent runtime secret store and expose it as IMAGE_SKILL_TOKEN.
 4. image-skill whoami --json
 5. image-skill usage quota --json
@@ -67,7 +67,7 @@ First-run flow:
 
 Core commands:
 - image-skill doctor --json
-- image-skill signup --agent --human-email EMAIL --agent-name NAME --runtime RUNTIME --save --json
+- image-skill signup --agent --agent-contact EMAIL --agent-name NAME --runtime RUNTIME --save --json
 - image-skill whoami --json
 - image-skill usage quota --json
 - image-skill quota --json (compatibility alias)
@@ -98,7 +98,7 @@ Core commands:
 - image-skill feedback create --type TYPE --title TITLE --body BODY --command COMMAND --expected EXPECTED --actual ACTUAL --proof-needed PROOF --surface cli,docs --evidence trace:TRACE_ID --severity medium --confidence high --next-state watch --json
 
 Hosted API endpoints:
-- POST https://api.image-skill.com/v1/agent-signups creates or rotates a restricted unclaimed agent token. Request human_email is the preview contact/sponsor inbox, not a requirement that an autonomous agent stop until a specific human is present. The response returns the token once as data.token. Store it in the agent runtime secret store; never put it in prompts, logs, issue text, or feedback.
+- POST https://api.image-skill.com/v1/agent-signups creates or rotates a restricted unclaimed agent token. Raw API request human_email is the compatibility contact field; CLI agents should prefer --agent-contact. The contact is not a requirement that an autonomous agent stop until a specific human is present. The response returns the token once as data.token. Store it in the agent runtime secret store; never put it in prompts, logs, issue text, or feedback.
 - GET https://api.image-skill.com/v1/whoami returns durable hosted identity for Authorization: Bearer TOKEN.
 - GET https://api.image-skill.com/v1/quota returns durable hosted quota for Authorization: Bearer TOKEN.
 - GET https://api.image-skill.com/v1/payment-methods returns the no-auth payment rail catalog. It tells agents which rails are available, whether live money can move, buyer modes (agent_only, hybrid, human_only), browser requirements, limits, endpoint paths, and recovery commands.
@@ -181,7 +181,7 @@ Unclaimed agents may not:
 - send card data, wallet secrets, provider receipts, Stripe secrets, MPP tokens, SPTs, or any payment credential to Image Skill; Stripe payment details must be entered only on Stripe-hosted checkout pages
 
 Credits:
-One Image Skill credit is $0.01. Use image-skill credits methods --json to inspect payment rail availability and whether a browser/human action is required. Use image-skill credits packs list --json to inspect recommended Stripe Checkout packs. Use image-skill credits quote --pack PACK_ID --payment-method stripe_checkout --json for the default live-money top-up path. Use image-skill credits quote --credits CREDITS --json for exact bounded custom top-ups when the required budget is already known. The default payment_method is fake. Use image-skill credits buy --provider stripe --json to create a hosted Stripe Checkout Session for a stripe_checkout quote; this returns checkout_url and does not grant credits. Use image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json after buy and after checkout completion to read state, receipt, credit_event, limits, and retry guidance. Use image-skill credits fake-purchase --json only to exercise the quote, receipt, credit-ledger, and activity-audit contract before live settlement rails are enabled. Create/edit debit model-priced credits after provider success; inspect models show and operation cost.credit_pricing for credits_required and pricing_confidence. Credits buy and fake-purchase require explicit --idempotency-key. Never send payment credentials to Image Skill; Stripe collects payment details on Stripe-hosted pages. Public request fields are credits, pack_id, payment_method, quote_id, status reference IDs, and idempotency_key.
+One Image Skill credit is $0.01. Use image-skill credits methods --json to inspect payment rail availability and whether a browser/human action is required. Use image-skill credits packs list --json to inspect recommended Stripe Checkout packs. Use image-skill credits quote --pack PACK_ID --payment-method stripe_checkout --json for the default live-money top-up path. Use image-skill credits quote --credits CREDITS --json for exact bounded custom top-ups when the required budget is already known. The default payment_method is fake. Use image-skill credits buy --provider stripe --json to create a hosted Stripe Checkout Session for a stripe_checkout quote; this returns checkout_url and does not grant credits. Use image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json after buy and after checkout completion to read state, receipt, credit_event, limits, and retry guidance. Use image-skill credits fake-purchase --json only to exercise the quote, receipt, credit-ledger, and activity-audit contract before live settlement rails are enabled. Create/edit debit model-priced credits after provider success; inspect models show and operation cost.credit_pricing for credits_required and pricing_confidence. Credits buy and fake-purchase require explicit --idempotency-key. Quote idempotency keys are scoped to the hosted agent identity and exact quote terms; use per-run/per-step quote keys and inspect error.recovery.suggested_command on CREDIT_QUOTE_CONFLICT. Never send payment credentials to Image Skill; Stripe collects payment details on Stripe-hosted pages. Public request fields are credits, pack_id, payment_method, quote_id, status reference IDs, and idempotency_key.
 
 Telemetry:
 - command or endpoint name

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "image-skill",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "description": "Thin hosted CLI for Image Skill, a creative runtime for agents.",
   "type": "module",
   "private": false,

package/skill.md

@@ -35,12 +35,18 @@ supports skills.sh-compatible installation:
 npx skills add danielgwilson/image-skill-cli --skill image-skill -g -a codex -y
 ```
 
-Install the executable CLI from npm:
+Run the executable CLI from npm without relying on a writable global npm
+prefix:
 
 ```bash
-npm install -g image-skill
+npm exec --yes --package image-skill@latest -- image-skill doctor --json
 ```
 
+For repeated shell use, use global package linking only after confirming the
+runtime has a writable npm prefix. In fresh sandboxes, prefer `npm exec`/`npx` and set
+`IMAGE_SKILL_CONFIG_PATH` to a writable persistent path if the default config
+home is read-only.
+
 Check service and client health:
 
 ```bash
@@ -51,7 +57,7 @@ Bootstrap restricted agent access:
 
 ```bash
 image-skill signup --agent \
-  --human-email HUMAN_EMAIL \
+  --agent-contact CONTACT_OR_SPONSOR_INBOX \
   --agent-name AGENT_NAME \
   --runtime RUNTIME_NAME \
   --save \
@@ -62,18 +68,40 @@ image-skill signup --agent \
 permissions and redacts it from stdout. Use `--show-token` only when the agent
 runtime has a separate secret store and needs the raw token once.
 
-In the preview contract, `--human-email` means the accountable contact or
-sponsor inbox for the restricted agent identity. If no individual human is in
-the loop, use a durable operator/team/agent inbox that can receive future claim,
-billing, or abuse notices. Do not invent a person or use a throwaway inbox.
+In the preview contract, `--agent-contact` means the accountable contact,
+sponsor, operator, or agent inbox for the restricted agent identity. If no
+individual human is in the loop, use a durable operator/team/agent inbox that
+can receive future claim, billing, or abuse notices. Do not invent a person or
+use a throwaway inbox.
 `example.invalid` addresses are only appropriate inside documented harness or
-proof runs. Agent-contact-backed signup is planned, but the currently published
-CLI uses `--human-email`.
+proof runs. `--human-email` remains accepted as a compatibility alias for
+`--agent-contact`.
 
 If the runtime supports stdin secret handoff, prefer `--token-stdin` for
 `whoami`, `usage quota`, `quota`, `create`, and `feedback create` instead of
 placing the token in command args.
 
+## Local Config And Install
+
+The CLI stores saved hosted tokens only when `--save` is explicit. By default
+that file lives at `${XDG_CONFIG_HOME:-~/.config}/image-skill/config.json` with
+0600 permissions. If a sandbox or hosted executor has a read-only home or npm
+prefix, keep using the public package through `npm exec` and point auth state at
+a writable path:
+
+```bash
+export IMAGE_SKILL_CONFIG_PATH="$PWD/.image-skill/config.json"
+npm exec --yes --package image-skill@latest -- image-skill signup --agent \
+  --agent-contact CONTACT_OR_SPONSOR_INBOX \
+  --agent-name AGENT_NAME \
+  --runtime RUNTIME_NAME \
+  --save \
+  --json
+```
+
+Do not clone private source or fall back to direct provider APIs because global
+package linking or the default config directory is blocked.
+
 Inspect identity and quota:
 
 ```bash
@@ -81,10 +109,10 @@ image-skill whoami --json
 image-skill usage quota --json
 ```
 
-The preview hosted signup path currently uses the contact/sponsor email field
-above. Future payment-backed and agent-contact-backed signup paths are planned
-so capable agents can become bounded paying users without making human claim the
-only path to meaningful usage.
+The preview hosted signup path currently uses the agent-contact inbox above.
+Future payment-backed signup paths are planned so capable agents can become
+bounded paying users without making human claim the only path to meaningful
+usage.
 
 Credit quote and buy flow: