image-skill 0.1.57 → 0.1.59

package/CHANGELOG.md

@@ -4,6 +4,26 @@ This changelog tracks the public `image-skill` CLI package and public skill
 mirror. The npm package metadata remains the authority for tarball integrity and
 provenance; this file is the human- and agent-readable release map.
 
+## 0.1.59 - 2026-06-17
+
+- Release (activation/self-fund): add
+  `credits methods --json` `data.next_actions.recommended_quote`, a ranked
+  copy-runnable quote handoff that prefers browserless agent-settleable x402
+  when available and falls back to Stripe Checkout when that is the only usable
+  live rail. The quote step is explicitly no-spend: it creates a live-money
+  payment object but does not move money, grant credits, debit credits, call a
+  provider, or write media.
+
+## 0.1.58 - 2026-06-17
+
+- Release (activation/self-fund): mirror top-up urgency and the no-spend
+  payment rail inspection command into hosted generated-asset
+  `assets show/get` `data.next_actions.self_fund`, so agents that inspect or
+  download created media can still discover the safe first self-fund step
+  before ending the session. No payment caps, auth semantics, provider routing,
+  wallet action, provider spend, media spend, hosted deploy, or production write
+  changed in this release bump.
+
 ## 0.1.57 - 2026-06-16
 
 - Release (activation/self-fund): mirror top-up urgency and the no-spend

package/SKILL.md

@@ -173,6 +173,12 @@ One Image Skill credit is `$0.01`. Operation debits are model-priced, not flat.
 | Same rail with `agent_settleable:false` but `purchasable:true`                                                                              | The rail is quoteable but settlement still needs a wallet substrate you do not have. Skip to Stripe Checkout.                                                                                                                                                  |
 | Only `stripe_checkout` available                                                                                                            | Quote with `--payment-method stripe_checkout`, then `credits buy --provider stripe` returns `checkout_handoff_url`. Hand that URL to a human sponsor. Do not strip the Stripe `#...` fragment if you fall back to the full `checkout_url`.                     |
 
+If `credits methods --json` returns `data.next_actions.recommended_quote`, use
+that action's `command` as the next authenticated quote step. It is the ranked
+handoff to the best currently usable rail. The quote command creates a
+live-money payment object but does not move money, grant credits, debit
+credits, call a provider, or write media.
+
 Credits are not granted until verified settlement or webhook fulfillment succeeds in either rail. Operator-provided promotion codes are entered on Stripe-hosted Checkout, not in the CLI. For exact bounded budgets, keep the same rail choice: use `credits quote --credits CREDITS --payment-method stripe_x402.exact.usdc` when the method is agent-settleable, and use `--payment-method stripe_checkout` only for a human Checkout fallback.
 
 At any guide stage, read `data.checks.quota.top_up`: when `recommended` is
@@ -282,7 +288,9 @@ audit trail context (recent jobs, assets, usage events, feedback acceptance,
 trace IDs, status changes) you can cite in feedback. `activity list/show` may
 also return `data.next_actions.self_fund` with the same urgency and no-spend
 inspection handoff when the ledger proves generated work and quota says top-up
-setup is recommended.
+setup is recommended. `assets show` and hosted asset-id `assets get` may return
+the same `data.next_actions.self_fund` after generated work, so downloading or
+inspecting the asset does not hide the funding setup path.
 **Do not use `activity` as a wait or recovery command.** Activity is the ledger,
 not the work queue.
 

package/bin/image-skill.mjs

@@ -15,7 +15,7 @@ import { Readable } from "node:stream";
 import { pipeline } from "node:stream/promises";
 import os from "node:os";
 
-const VERSION = "0.1.57";
+const VERSION = "0.1.59";
 const PACKAGE_NAME = "image-skill";
 const DEFAULT_API_BASE_URL = "https://api.image-skill.com";
 const DEFAULT_DOCS_BASE_URL = "https://image-skill.com";
@@ -2675,8 +2675,55 @@ function withCopyRunnablePaymentMethodCommands(result, commandPrefix) {
 }
 
 function paymentMethodCatalogWithCopyRunnableCommands(catalog, commandPrefix) {
+  const nextActions =
+    catalog.next_actions !== null && typeof catalog.next_actions === "object"
+      ? catalog.next_actions
+      : null;
+  const recommendedQuote =
+    nextActions?.recommended_quote !== null &&
+    typeof nextActions?.recommended_quote === "object"
+      ? nextActions.recommended_quote
+      : null;
   return {
     ...catalog,
+    ...(recommendedQuote === null
+      ? {}
+      : {
+          next_actions: {
+            ...nextActions,
+            recommended_quote: {
+              ...recommendedQuote,
+              command:
+                typeof recommendedQuote.command === "string"
+                  ? renderCopyRunnablePaymentCommand(
+                      commandPrefix,
+                      recommendedQuote.command,
+                    )
+                  : recommendedQuote.command,
+              quote_command:
+                typeof recommendedQuote.quote_command === "string"
+                  ? renderCopyRunnablePaymentCommand(
+                      commandPrefix,
+                      recommendedQuote.quote_command,
+                    )
+                  : recommendedQuote.quote_command,
+              buy_command:
+                typeof recommendedQuote.buy_command === "string"
+                  ? renderCopyRunnablePaymentCommand(
+                      commandPrefix,
+                      recommendedQuote.buy_command,
+                    )
+                  : recommendedQuote.buy_command,
+              status_command:
+                typeof recommendedQuote.status_command === "string"
+                  ? renderCopyRunnablePaymentCommand(
+                      commandPrefix,
+                      recommendedQuote.status_command,
+                    )
+                  : recommendedQuote.status_command,
+            },
+          },
+        }),
     methods: Array.isArray(catalog.methods)
       ? catalog.methods.map((method) => ({
           ...method,
@@ -4026,6 +4073,7 @@ async function assets(argv) {
       return shown;
     }
     const asset = shown.envelope.data?.asset ?? shown.envelope.data;
+    const nextActions = shown.envelope.data?.next_actions;
     const output =
       flagString(args, "output") ?? deriveAssetGetOutputPath(asset);
     const downloaded = await downloadUrl(asset.url, output, {
@@ -4042,6 +4090,7 @@ async function assets(argv) {
       },
       asset,
       download: downloaded.data,
+      ...(nextActions === undefined ? {} : { next_actions: nextActions }),
     };
     return shown;
   }

package/cli.md

@@ -421,6 +421,29 @@ Minimum success data shape:
   "quote_endpoint": "/v1/credit-quotes",
   "packs_endpoint": "/v1/credit-packs",
   "status_endpoint": "/v1/credit-purchases/status",
+  "next_actions": {
+    "recommended_quote": {
+      "purpose": "quote_credit_top_up",
+      "recommendation_reason": "browserless_agent_self_fund",
+      "method_id": "stripe_x402.exact.usdc",
+      "pack_id": "starter-500",
+      "command": "image-skill credits quote --pack starter-500 --payment-method stripe_x402.exact.usdc --json",
+      "quote_command_copy_runnable": true,
+      "buy_command": "image-skill credits buy --provider stripe_x402 --quote-id QUOTE_ID --idempotency-key KEY --json",
+      "status_command": "image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json",
+      "requires_auth": true,
+      "live_money": true,
+      "requires_browser": false,
+      "agent_settleable": true,
+      "command_effect": {
+        "label": "live_money_quote_no_charge",
+        "no_spend": true,
+        "payment_object": true,
+        "credit_debit": false,
+        "media_write": false
+      }
+    }
+  },
   "methods": [
     {
       "method_id": "stripe_checkout",
@@ -460,7 +483,10 @@ Public payment discovery is intentionally action-first. Limited-rollout rails
 may be returned with `available:false`, `quoteable:false`, `purchasable:false`,
 and a non-null `unavailable_reason` so headless agents can understand the path
 without trying it. Use a method only when it is returned with `available:true`,
-`quoteable:true`, and `purchasable:true`.
+`quoteable:true`, and `purchasable:true`. When
+`next_actions.recommended_quote` is present, prefer its `command` as the next
+authenticated quote step; it creates a live-money payment object but does not
+move money, grant credits, debit credits, call a provider, or write media.
 
 Hosted API equivalent:
 
@@ -1578,6 +1604,10 @@ Minimum success data:
 External URLs are rejected. Older assets created before hosted asset metadata
 was recorded may still be inspectable by Image Skill-owned URL.
 
+For hosted generated assets, when quota says top-up setup is recommended,
+`data.next_actions.self_fund` mirrors the top-up urgency and no-spend payment
+rail inspection handoff used by create/edit, jobs, and activity responses.
+
 ### `image-skill assets get`
 
 Downloads an Image Skill-owned asset URL or hosted asset id to a local file.
@@ -1591,7 +1621,9 @@ image-skill assets get \
 
 The command refuses to overwrite existing files unless `--overwrite` is
 explicit. It verifies byte length when the asset server provides a
-`content-length` header.
+`content-length` header. For hosted asset-id downloads, `assets get` preserves
+`data.next_actions.self_fund` from the asset metadata response after a
+successful download.
 
 ### `image-skill jobs show`
 

package/llms.txt

@@ -65,7 +65,7 @@ First-run guide loop:
 5. At any guide stage, read data.checks.quota.top_up. When recommended is true, it includes recommendation_reason, preferred_payment_method, quote_command, quote_command_copy_runnable, quote_command_effect, and quote/buy/status command templates for the browserless x402 top-up path. On quota/payment recovery errors, read error.recovery.top_up: when delegated live-money quoting is allowed, prefer error.recovery.top_up.quote_command to open the top-up path, and use error.recovery.suggested_command for no-spend payment-method inspection. If data.stage is quota_required, data.guide_warning.next_command_safety is live_money_payment_action and data.guide_warning.payment_top_up_path summarizes the live-money path. Run data.self_fund_next_command to start the top-up. It aliases data.next_command and is the first payment command, usually an x402 or Stripe quote. First read data.checks.payments.preferred_method_summary.top_up_path: browserless_agent_self_fund means a wallet-equipped agent can complete the preferred live-money rail without a browser; human_payment_handoff means the agent can create the payment attempt but a human/browser step must complete before credits are granted. If the guide authenticated from env or stdin, prefer data.self_fund_handoff.auth.next_command.with_env or data.self_fund_handoff.auth.next_command.with_stdin so auth follows the payment command. Then follow data.self_fund_handoff.payment_commands.buy and status, and rerun data.self_fund_handoff.after_next once credits are granted. If data.stage is ready_to_create, inspect data.self_fund_preparation before consuming the remaining free allowance. When available and recommended are true, data.self_fund_preparation.quote_command is the pre-wall browserless x402 quote: it creates an authenticated live-money quote/payment object, but data.self_fund_preparation.quote_command_effect must show no provider call, no hosted create, no credit debit, no media write, and no wallet settlement until a later buy/payment step. One Image Skill credit is $0.01. Credit quotes grant prepaid value units; create/edit operations debit model-priced credits reported as cost.credit_pricing. Starter preview currently gives bounded free-preview credits plus a four-job daily cap.
 5a. When data.stage is quota_required, data.self_fund_handoff mirrors top-up urgency, urgency_score, and urgency_reasons, and exposes first_safe_command plus first_safe_command_effect. Run first_safe_command, usually image-skill credits methods --json, for no-spend rail inspection before quote/buy when delegated spend authority is absent or unclear.
 6. If data.stage is ready_to_create, data.next_command is the first bounded live create. data.guide_warning.next_command_safety must be live_media_create_credit_debit, data.guide_warning.no_spend_safe must be false, data.guide_warning.spend_required must be true, and data.guide_warning.recommended_command_field must be recommended_no_spend_command. data.auth_ready.ready and data.auth_ready.next_command_auth_ready must be true; data.auth_ready.next_command_requires_auth must be true, and the command can reuse saved config, IMAGE_SKILL_TOKEN, or --token-stdin context without exposing a raw token. data.next_command_effect.label must be live_media_create_credit_debit and its provider_call, hosted_create, credit_debit, and media_write flags are true. data.no_spend_evaluation.stop_here must be true, data.no_spend_evaluation.next_command_is_live_create must be true, and data.no_spend_evaluation.recommended_command_field must be recommended_no_spend_command. Run data.next_command only when media spend is allowed. In no-spend evaluations, or when you only need to prove readiness without media/provider work, stop before data.next_command and run data.recommended_no_spend_command instead. data.recommended_no_spend_command must equal data.no_spend_next_command. data.no_spend_next_command_effect.label must be dry_run_planned_job_no_provider_call_no_credit_debit_no_media_write: no_spend, hosted_create_dry_run, planned_job, and plan_receipt are true; activity_event is job.planned; provider_call, credit_debit, and media_write are false. This dry-run may create a recoverable planned job/activity receipt but no provider execution, debit, downloadable asset, or media write. If the guide authenticated from env or stdin, prefer data.auth_handoff.next_command.with_env or data.auth_handoff.next_command.with_stdin so auth follows the live create. In guide cost output, cost.estimated_usd_per_image and cost.estimated_debit_usd_per_image are the Image Skill debit dollars for one output; cost.estimated_provider_usd_per_image is only the upstream provider estimate. Use the guide's returned max_estimated_usd_per_image because it is sized to the credit debit the agent funds. Add --output-count N only after models show confirms the selected create model supports more than one output; credit_pricing.credits_required is the total debit across outputs, while max_estimated_usd_per_image remains a per-image Image Skill debit guard.
-7. After create, prefer data.next_actions when present: inspect_job and inspect_asset are copy-runnable no-spend recovery commands, iterate_edit is the reusable-asset edit template, and self_fund is the promoted top-up quote handoff when quota.top_up.recommended is true. self_fund mirrors urgency, urgency_score, and urgency_reasons, and exposes first_safe_command plus first_safe_command_effect for no-spend rail inspection before quote/buy. self_fund.quote_command is copy-runnable and omits --idempotency-key so the public CLI generates and returns one for retry safety; follow the quote response into buy/status. Otherwise use image-skill jobs show JOB_ID to recover status, cost, safety, timestamps, and final assets; image-skill assets get ASSET_URL_OR_ID --output ./result.png to fetch the generated asset without repeating provider work; and image-skill activity list --subject JOB_ID to find ledger events, trace, usage, asset links, and any data.next_actions.self_fund handoff to cite or follow.
+7. After create, prefer data.next_actions when present: inspect_job and inspect_asset are copy-runnable no-spend recovery commands, iterate_edit is the reusable-asset edit template, and self_fund is the promoted top-up quote handoff when quota.top_up.recommended is true. self_fund mirrors urgency, urgency_score, and urgency_reasons, and exposes first_safe_command plus first_safe_command_effect for no-spend rail inspection before quote/buy. self_fund.quote_command is copy-runnable and omits --idempotency-key so the public CLI generates and returns one for retry safety; follow the quote response into buy/status. Otherwise use image-skill jobs show JOB_ID to recover status, cost, safety, timestamps, and final assets; image-skill assets get ASSET_URL_OR_ID --output ./result.png to fetch the generated asset without repeating provider work; and image-skill activity list --subject JOB_ID to find ledger events, trace, usage, asset links, and any data.next_actions.self_fund handoff to cite or follow. Hosted asset-id assets show/get may also return data.next_actions.self_fund after generated work, so inspect that field before ending the session.
 8. Leave image-skill feedback create if the first-run flow is confusing, blocked, missing an affordance, or easier through a direct provider than through Image Skill. Feedback auth uses saved config from default signup, IMAGE_SKILL_TOKEN, or --token-stdin; if signup or guide already saved config, run feedback create normally and do not copy a raw token. Never paste tokens into feedback title, body, evidence, issues, or logs. Use image-skill activity show FEEDBACK_ID only when you need to confirm the feedback entered the hosted ledger.
 
 Manual escape hatches are not prerequisites. Use image-skill doctor, image-skill models list, image-skill models show MODEL_ID, image-skill whoami, image-skill usage quota, image-skill credits methods, image-skill credits packs list, image-skill credits quote, image-skill credits buy, image-skill credits status, image-skill create --dry-run, and image-skill edit --dry-run only when data.next_command or data.escape_hatches asks for them, or when the task genuinely needs deeper capability, quota, payment, or planning detail.
@@ -116,7 +116,7 @@ Hosted API endpoints:
 - POST https://api.image-skill.com/v1/agent-claims attaches an email-shaped durable contact inbox to the authenticated agent after an (often anonymous) signup. Request JSON is {"contact": INBOX}. Re-sending the same contact is idempotent (data.state unchanged); a different contact replaces the previous one (data.state attached). Attaching a contact is not inbox-ownership verification: data.claim_state stays unclaimed and data.claim_request_state reports requested. The response echoes only a redacted contact.
 - GET https://api.image-skill.com/v1/whoami returns durable hosted identity for Authorization: Bearer TOKEN.
 - GET https://api.image-skill.com/v1/quota returns durable hosted quota for Authorization: Bearer TOKEN.
-- GET https://api.image-skill.com/v1/payment-methods returns the no-auth action-only payment rail catalog. It tells agents which currently usable rails are available, whether live money can move, buyer modes (agent_only, hybrid, human_only), browser requirements, agent_initiated, agent_settleable, settlement_blocker, limits, endpoint paths, and recovery commands. Planned, watch-only, fake, and private harness rails are intentionally omitted.
+- GET https://api.image-skill.com/v1/payment-methods returns the no-auth action-only payment rail catalog. It tells agents which currently usable rails are available, whether live money can move, buyer modes (agent_only, hybrid, human_only), browser requirements, agent_initiated, agent_settleable, settlement_blocker, limits, endpoint paths, recovery commands, and data.next_actions.recommended_quote when a currently usable live rail can be quoted next. Planned, watch-only, fake, and private harness rails are intentionally omitted.
 - GET https://api.image-skill.com/v1/credit-packs returns the public pack catalog. Recommended live-money packs include starter-500, builder-2000, and studio-5000. Packs are the default top-up UX; exact quotes remain supported for agents that already know the required credit budget.
 - POST https://api.image-skill.com/v1/credit-quotes returns a credit quote for Authorization: Bearer TOKEN. Request JSON: either credits or pack_id, optional payment_method, idempotency_key. Use stripe_checkout for the human Checkout path. Use payment_method stripe_x402.exact.usdc only when credits methods returns it available/quoteable/purchasable/requires_browser:false; treat it as autonomous self-settlement only when agent_settleable:true is also returned. Response includes quote_id, credits, price_amount_cents, currency, accepted_payment_method, pack_id, pack, and live_money. One credit equals $0.01, so price_amount_cents equals credits. This does not grant credits.
 - POST https://api.image-skill.com/v1/credit-purchases/stripe-x402-deposits creates a browserless action-required USDC deposit attempt for a stripe_x402.exact.usdc quote. Request JSON: quote_id, idempotency_key. Response includes state: action_required, payment_attempt_id, accepted_payment_method: stripe_x402.exact.usdc, live_money, amount_cents, stripe_x402 challenge metadata, stripe_x402.payable_instructions when Stripe returns a Base deposit address, and next.agent_action: pay_stripe_crypto_deposit. A wallet-equipped agent can pay the exact USDC token_amount_atomic to payable_instructions.deposit_address on Base. This does not grant credits; verified settlement/webhook fulfillment grants paid credits exactly once.
@@ -196,7 +196,7 @@ Unclaimed agents may not:
 - send card data, wallet secrets, wallet private keys, seed phrases, raw x402 payment headers, provider receipts, Stripe secrets, MPP tokens, SPTs, bearer tokens, or any payment credential to Image Skill; Stripe payment details must be entered only on Stripe-hosted checkout pages
 
 Credits:
-One Image Skill credit is $0.01. Use image-skill credits methods --json to inspect payment rail availability, browser/human requirements, agent_initiated, agent_settleable, and settlement_blocker. Always pass the returned payment method when quoting. When stripe_x402.exact.usdc is returned with available:true, quoteable:true, purchasable:true, requires_browser:false, and agent_settleable:true, image-skill credits quote --pack PACK_ID --payment-method stripe_x402.exact.usdc --json followed by image-skill credits buy --provider stripe_x402 --quote-id QUOTE_ID --idempotency-key KEY --json creates a browserless live deposit attempt with stripe_x402.payable_instructions. Treat live_money:true as real spend, stay inside the delegated cap, and pay exactly token_amount_atomic USDC units to payable_instructions.deposit_address on Base only from a wallet substrate you control. Use image-skill credits quote --pack PACK_ID --payment-method stripe_checkout --json and image-skill credits buy --provider stripe --quote-id QUOTE_ID --idempotency-key KEY --json only for the Stripe Checkout human path; this returns checkout_handoff_url, copy-safe checkout_compact_url, and full Stripe checkout_url fallback and does not grant credits. Present checkout_handoff_url or checkout_compact_url to humans, especially in mobile terminals, SSH, or chat. If checkout_handoff_url is absent, present the full checkout_url in a code block and preserve the Stripe # fragment. Use image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json after buy and after settlement/checkout completion to read state, receipt, credit_event, limits, and retry guidance. Create/edit debit model-priced credits after provider success; inspect models show and operation cost.credit_pricing for credits_required and pricing_confidence. Do not silently downgrade to the cheapest model to avoid payment when the user asked for quality or is willing to pay; quote the needed credits and use an agent_settleable:true x402 rail or Stripe Checkout fallback. Credits buy requires explicit --idempotency-key. Quote idempotency keys are scoped to the hosted agent identity and exact quote terms; the public CLI generates one when omitted and returns it in the quote response, while explicit keys remain available for retry-stable automation. Inspect error.recovery.suggested_command on CREDIT_QUOTE_CONFLICT. Never send payment credentials to Image Skill: no wallet private keys, seed phrases, x402 payment headers, deposit client secrets, provider receipts, card data, or Stripe secrets. Public request fields are credits, pack_id, payment_method, quote_id, status reference IDs, and idempotency_key.
+One Image Skill credit is $0.01. Use image-skill credits methods --json to inspect payment rail availability, browser/human requirements, agent_initiated, agent_settleable, and settlement_blocker. If data.next_actions.recommended_quote is present, prefer its command as the next authenticated quote step; it is a no-spend live-money quote object handoff and does not move money, grant credits, debit credits, call a provider, or write media. Always pass the returned payment method when quoting. When stripe_x402.exact.usdc is returned with available:true, quoteable:true, purchasable:true, requires_browser:false, and agent_settleable:true, image-skill credits quote --pack PACK_ID --payment-method stripe_x402.exact.usdc --json followed by image-skill credits buy --provider stripe_x402 --quote-id QUOTE_ID --idempotency-key KEY --json creates a browserless live deposit attempt with stripe_x402.payable_instructions. Treat live_money:true as real spend, stay inside the delegated cap, and pay exactly token_amount_atomic USDC units to payable_instructions.deposit_address on Base only from a wallet substrate you control. Use image-skill credits quote --pack PACK_ID --payment-method stripe_checkout --json and image-skill credits buy --provider stripe --quote-id QUOTE_ID --idempotency-key KEY --json only for the Stripe Checkout human path; this returns checkout_handoff_url, copy-safe checkout_compact_url, and full Stripe checkout_url fallback and does not grant credits. Present checkout_handoff_url or checkout_compact_url to humans, especially in mobile terminals, SSH, or chat. If checkout_handoff_url is absent, present the full checkout_url in a code block and preserve the Stripe # fragment. Use image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json after buy and after settlement/checkout completion to read state, receipt, credit_event, limits, and retry guidance. Create/edit debit model-priced credits after provider success; inspect models show and operation cost.credit_pricing for credits_required and pricing_confidence. Do not silently downgrade to the cheapest model to avoid payment when the user asked for quality or is willing to pay; quote the needed credits and use an agent_settleable:true x402 rail or Stripe Checkout fallback. Credits buy requires explicit --idempotency-key. Quote idempotency keys are scoped to the hosted agent identity and exact quote terms; the public CLI generates one when omitted and returns it in the quote response, while explicit keys remain available for retry-stable automation. Inspect error.recovery.suggested_command on CREDIT_QUOTE_CONFLICT. Never send payment credentials to Image Skill: no wallet private keys, seed phrases, x402 payment headers, deposit client secrets, provider receipts, card data, or Stripe secrets. Public request fields are credits, pack_id, payment_method, quote_id, status reference IDs, and idempotency_key.
 
 Telemetry:
 - command or endpoint name

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "image-skill",
-  "version": "0.1.57",
+  "version": "0.1.59",
   "description": "Zero-setup durable creative-media CLI for agents (image + video + audio + 3D): guide-first creation, model and cost inspection, owned URLs, JSON recovery, payments, reusable assets, and feedback.",
   "type": "module",
   "private": false,

package/skill.md

@@ -173,6 +173,12 @@ One Image Skill credit is `$0.01`. Operation debits are model-priced, not flat.
 | Same rail with `agent_settleable:false` but `purchasable:true`                                                                              | The rail is quoteable but settlement still needs a wallet substrate you do not have. Skip to Stripe Checkout.                                                                                                                                                  |
 | Only `stripe_checkout` available                                                                                                            | Quote with `--payment-method stripe_checkout`, then `credits buy --provider stripe` returns `checkout_handoff_url`. Hand that URL to a human sponsor. Do not strip the Stripe `#...` fragment if you fall back to the full `checkout_url`.                     |
 
+If `credits methods --json` returns `data.next_actions.recommended_quote`, use
+that action's `command` as the next authenticated quote step. It is the ranked
+handoff to the best currently usable rail. The quote command creates a
+live-money payment object but does not move money, grant credits, debit
+credits, call a provider, or write media.
+
 Credits are not granted until verified settlement or webhook fulfillment succeeds in either rail. Operator-provided promotion codes are entered on Stripe-hosted Checkout, not in the CLI. For exact bounded budgets, keep the same rail choice: use `credits quote --credits CREDITS --payment-method stripe_x402.exact.usdc` when the method is agent-settleable, and use `--payment-method stripe_checkout` only for a human Checkout fallback.
 
 At any guide stage, read `data.checks.quota.top_up`: when `recommended` is
@@ -282,7 +288,9 @@ audit trail context (recent jobs, assets, usage events, feedback acceptance,
 trace IDs, status changes) you can cite in feedback. `activity list/show` may
 also return `data.next_actions.self_fund` with the same urgency and no-spend
 inspection handoff when the ledger proves generated work and quota says top-up
-setup is recommended.
+setup is recommended. `assets show` and hosted asset-id `assets get` may return
+the same `data.next_actions.self_fund` after generated work, so downloading or
+inspecting the asset does not hide the funding setup path.
 **Do not use `activity` as a wait or recovery command.** Activity is the ledger,
 not the work queue.
 

package/skills/image-skill/SKILL.md

@@ -173,6 +173,12 @@ One Image Skill credit is `$0.01`. Operation debits are model-priced, not flat.
 | Same rail with `agent_settleable:false` but `purchasable:true`                                                                              | The rail is quoteable but settlement still needs a wallet substrate you do not have. Skip to Stripe Checkout.                                                                                                                                                  |
 | Only `stripe_checkout` available                                                                                                            | Quote with `--payment-method stripe_checkout`, then `credits buy --provider stripe` returns `checkout_handoff_url`. Hand that URL to a human sponsor. Do not strip the Stripe `#...` fragment if you fall back to the full `checkout_url`.                     |
 
+If `credits methods --json` returns `data.next_actions.recommended_quote`, use
+that action's `command` as the next authenticated quote step. It is the ranked
+handoff to the best currently usable rail. The quote command creates a
+live-money payment object but does not move money, grant credits, debit
+credits, call a provider, or write media.
+
 Credits are not granted until verified settlement or webhook fulfillment succeeds in either rail. Operator-provided promotion codes are entered on Stripe-hosted Checkout, not in the CLI. For exact bounded budgets, keep the same rail choice: use `credits quote --credits CREDITS --payment-method stripe_x402.exact.usdc` when the method is agent-settleable, and use `--payment-method stripe_checkout` only for a human Checkout fallback.
 
 At any guide stage, read `data.checks.quota.top_up`: when `recommended` is
@@ -282,7 +288,9 @@ audit trail context (recent jobs, assets, usage events, feedback acceptance,
 trace IDs, status changes) you can cite in feedback. `activity list/show` may
 also return `data.next_actions.self_fund` with the same urgency and no-spend
 inspection handoff when the ledger proves generated work and quota says top-up
-setup is recommended.
+setup is recommended. `assets show` and hosted asset-id `assets get` may return
+the same `data.next_actions.self_fund` after generated work, so downloading or
+inspecting the asset does not hide the funding setup path.
 **Do not use `activity` as a wait or recovery command.** Activity is the ledger,
 not the work queue.
 

package/skills/image-skill/references/cli.md

@@ -421,6 +421,29 @@ Minimum success data shape:
   "quote_endpoint": "/v1/credit-quotes",
   "packs_endpoint": "/v1/credit-packs",
   "status_endpoint": "/v1/credit-purchases/status",
+  "next_actions": {
+    "recommended_quote": {
+      "purpose": "quote_credit_top_up",
+      "recommendation_reason": "browserless_agent_self_fund",
+      "method_id": "stripe_x402.exact.usdc",
+      "pack_id": "starter-500",
+      "command": "image-skill credits quote --pack starter-500 --payment-method stripe_x402.exact.usdc --json",
+      "quote_command_copy_runnable": true,
+      "buy_command": "image-skill credits buy --provider stripe_x402 --quote-id QUOTE_ID --idempotency-key KEY --json",
+      "status_command": "image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json",
+      "requires_auth": true,
+      "live_money": true,
+      "requires_browser": false,
+      "agent_settleable": true,
+      "command_effect": {
+        "label": "live_money_quote_no_charge",
+        "no_spend": true,
+        "payment_object": true,
+        "credit_debit": false,
+        "media_write": false
+      }
+    }
+  },
   "methods": [
     {
       "method_id": "stripe_checkout",
@@ -460,7 +483,10 @@ Public payment discovery is intentionally action-first. Limited-rollout rails
 may be returned with `available:false`, `quoteable:false`, `purchasable:false`,
 and a non-null `unavailable_reason` so headless agents can understand the path
 without trying it. Use a method only when it is returned with `available:true`,
-`quoteable:true`, and `purchasable:true`.
+`quoteable:true`, and `purchasable:true`. When
+`next_actions.recommended_quote` is present, prefer its `command` as the next
+authenticated quote step; it creates a live-money payment object but does not
+move money, grant credits, debit credits, call a provider, or write media.
 
 Hosted API equivalent:
 
@@ -1578,6 +1604,10 @@ Minimum success data:
 External URLs are rejected. Older assets created before hosted asset metadata
 was recorded may still be inspectable by Image Skill-owned URL.
 
+For hosted generated assets, when quota says top-up setup is recommended,
+`data.next_actions.self_fund` mirrors the top-up urgency and no-spend payment
+rail inspection handoff used by create/edit, jobs, and activity responses.
+
 ### `image-skill assets get`
 
 Downloads an Image Skill-owned asset URL or hosted asset id to a local file.
@@ -1591,7 +1621,9 @@ image-skill assets get \
 
 The command refuses to overwrite existing files unless `--overwrite` is
 explicit. It verifies byte length when the asset server provides a
-`content-length` header.
+`content-length` header. For hosted asset-id downloads, `assets get` preserves
+`data.next_actions.self_fund` from the asset metadata response after a
+successful download.
 
 ### `image-skill jobs show`
 

package/skills/image-skill/references/llms.txt

@@ -65,7 +65,7 @@ First-run guide loop:
 5. At any guide stage, read data.checks.quota.top_up. When recommended is true, it includes recommendation_reason, preferred_payment_method, quote_command, quote_command_copy_runnable, quote_command_effect, and quote/buy/status command templates for the browserless x402 top-up path. On quota/payment recovery errors, read error.recovery.top_up: when delegated live-money quoting is allowed, prefer error.recovery.top_up.quote_command to open the top-up path, and use error.recovery.suggested_command for no-spend payment-method inspection. If data.stage is quota_required, data.guide_warning.next_command_safety is live_money_payment_action and data.guide_warning.payment_top_up_path summarizes the live-money path. Run data.self_fund_next_command to start the top-up. It aliases data.next_command and is the first payment command, usually an x402 or Stripe quote. First read data.checks.payments.preferred_method_summary.top_up_path: browserless_agent_self_fund means a wallet-equipped agent can complete the preferred live-money rail without a browser; human_payment_handoff means the agent can create the payment attempt but a human/browser step must complete before credits are granted. If the guide authenticated from env or stdin, prefer data.self_fund_handoff.auth.next_command.with_env or data.self_fund_handoff.auth.next_command.with_stdin so auth follows the payment command. Then follow data.self_fund_handoff.payment_commands.buy and status, and rerun data.self_fund_handoff.after_next once credits are granted. If data.stage is ready_to_create, inspect data.self_fund_preparation before consuming the remaining free allowance. When available and recommended are true, data.self_fund_preparation.quote_command is the pre-wall browserless x402 quote: it creates an authenticated live-money quote/payment object, but data.self_fund_preparation.quote_command_effect must show no provider call, no hosted create, no credit debit, no media write, and no wallet settlement until a later buy/payment step. One Image Skill credit is $0.01. Credit quotes grant prepaid value units; create/edit operations debit model-priced credits reported as cost.credit_pricing. Starter preview currently gives bounded free-preview credits plus a four-job daily cap.
 5a. When data.stage is quota_required, data.self_fund_handoff mirrors top-up urgency, urgency_score, and urgency_reasons, and exposes first_safe_command plus first_safe_command_effect. Run first_safe_command, usually image-skill credits methods --json, for no-spend rail inspection before quote/buy when delegated spend authority is absent or unclear.
 6. If data.stage is ready_to_create, data.next_command is the first bounded live create. data.guide_warning.next_command_safety must be live_media_create_credit_debit, data.guide_warning.no_spend_safe must be false, data.guide_warning.spend_required must be true, and data.guide_warning.recommended_command_field must be recommended_no_spend_command. data.auth_ready.ready and data.auth_ready.next_command_auth_ready must be true; data.auth_ready.next_command_requires_auth must be true, and the command can reuse saved config, IMAGE_SKILL_TOKEN, or --token-stdin context without exposing a raw token. data.next_command_effect.label must be live_media_create_credit_debit and its provider_call, hosted_create, credit_debit, and media_write flags are true. data.no_spend_evaluation.stop_here must be true, data.no_spend_evaluation.next_command_is_live_create must be true, and data.no_spend_evaluation.recommended_command_field must be recommended_no_spend_command. Run data.next_command only when media spend is allowed. In no-spend evaluations, or when you only need to prove readiness without media/provider work, stop before data.next_command and run data.recommended_no_spend_command instead. data.recommended_no_spend_command must equal data.no_spend_next_command. data.no_spend_next_command_effect.label must be dry_run_planned_job_no_provider_call_no_credit_debit_no_media_write: no_spend, hosted_create_dry_run, planned_job, and plan_receipt are true; activity_event is job.planned; provider_call, credit_debit, and media_write are false. This dry-run may create a recoverable planned job/activity receipt but no provider execution, debit, downloadable asset, or media write. If the guide authenticated from env or stdin, prefer data.auth_handoff.next_command.with_env or data.auth_handoff.next_command.with_stdin so auth follows the live create. In guide cost output, cost.estimated_usd_per_image and cost.estimated_debit_usd_per_image are the Image Skill debit dollars for one output; cost.estimated_provider_usd_per_image is only the upstream provider estimate. Use the guide's returned max_estimated_usd_per_image because it is sized to the credit debit the agent funds. Add --output-count N only after models show confirms the selected create model supports more than one output; credit_pricing.credits_required is the total debit across outputs, while max_estimated_usd_per_image remains a per-image Image Skill debit guard.
-7. After create, prefer data.next_actions when present: inspect_job and inspect_asset are copy-runnable no-spend recovery commands, iterate_edit is the reusable-asset edit template, and self_fund is the promoted top-up quote handoff when quota.top_up.recommended is true. self_fund mirrors urgency, urgency_score, and urgency_reasons, and exposes first_safe_command plus first_safe_command_effect for no-spend rail inspection before quote/buy. self_fund.quote_command is copy-runnable and omits --idempotency-key so the public CLI generates and returns one for retry safety; follow the quote response into buy/status. Otherwise use image-skill jobs show JOB_ID to recover status, cost, safety, timestamps, and final assets; image-skill assets get ASSET_URL_OR_ID --output ./result.png to fetch the generated asset without repeating provider work; and image-skill activity list --subject JOB_ID to find ledger events, trace, usage, asset links, and any data.next_actions.self_fund handoff to cite or follow.
+7. After create, prefer data.next_actions when present: inspect_job and inspect_asset are copy-runnable no-spend recovery commands, iterate_edit is the reusable-asset edit template, and self_fund is the promoted top-up quote handoff when quota.top_up.recommended is true. self_fund mirrors urgency, urgency_score, and urgency_reasons, and exposes first_safe_command plus first_safe_command_effect for no-spend rail inspection before quote/buy. self_fund.quote_command is copy-runnable and omits --idempotency-key so the public CLI generates and returns one for retry safety; follow the quote response into buy/status. Otherwise use image-skill jobs show JOB_ID to recover status, cost, safety, timestamps, and final assets; image-skill assets get ASSET_URL_OR_ID --output ./result.png to fetch the generated asset without repeating provider work; and image-skill activity list --subject JOB_ID to find ledger events, trace, usage, asset links, and any data.next_actions.self_fund handoff to cite or follow. Hosted asset-id assets show/get may also return data.next_actions.self_fund after generated work, so inspect that field before ending the session.
 8. Leave image-skill feedback create if the first-run flow is confusing, blocked, missing an affordance, or easier through a direct provider than through Image Skill. Feedback auth uses saved config from default signup, IMAGE_SKILL_TOKEN, or --token-stdin; if signup or guide already saved config, run feedback create normally and do not copy a raw token. Never paste tokens into feedback title, body, evidence, issues, or logs. Use image-skill activity show FEEDBACK_ID only when you need to confirm the feedback entered the hosted ledger.
 
 Manual escape hatches are not prerequisites. Use image-skill doctor, image-skill models list, image-skill models show MODEL_ID, image-skill whoami, image-skill usage quota, image-skill credits methods, image-skill credits packs list, image-skill credits quote, image-skill credits buy, image-skill credits status, image-skill create --dry-run, and image-skill edit --dry-run only when data.next_command or data.escape_hatches asks for them, or when the task genuinely needs deeper capability, quota, payment, or planning detail.
@@ -116,7 +116,7 @@ Hosted API endpoints:
 - POST https://api.image-skill.com/v1/agent-claims attaches an email-shaped durable contact inbox to the authenticated agent after an (often anonymous) signup. Request JSON is {"contact": INBOX}. Re-sending the same contact is idempotent (data.state unchanged); a different contact replaces the previous one (data.state attached). Attaching a contact is not inbox-ownership verification: data.claim_state stays unclaimed and data.claim_request_state reports requested. The response echoes only a redacted contact.
 - GET https://api.image-skill.com/v1/whoami returns durable hosted identity for Authorization: Bearer TOKEN.
 - GET https://api.image-skill.com/v1/quota returns durable hosted quota for Authorization: Bearer TOKEN.
-- GET https://api.image-skill.com/v1/payment-methods returns the no-auth action-only payment rail catalog. It tells agents which currently usable rails are available, whether live money can move, buyer modes (agent_only, hybrid, human_only), browser requirements, agent_initiated, agent_settleable, settlement_blocker, limits, endpoint paths, and recovery commands. Planned, watch-only, fake, and private harness rails are intentionally omitted.
+- GET https://api.image-skill.com/v1/payment-methods returns the no-auth action-only payment rail catalog. It tells agents which currently usable rails are available, whether live money can move, buyer modes (agent_only, hybrid, human_only), browser requirements, agent_initiated, agent_settleable, settlement_blocker, limits, endpoint paths, recovery commands, and data.next_actions.recommended_quote when a currently usable live rail can be quoted next. Planned, watch-only, fake, and private harness rails are intentionally omitted.
 - GET https://api.image-skill.com/v1/credit-packs returns the public pack catalog. Recommended live-money packs include starter-500, builder-2000, and studio-5000. Packs are the default top-up UX; exact quotes remain supported for agents that already know the required credit budget.
 - POST https://api.image-skill.com/v1/credit-quotes returns a credit quote for Authorization: Bearer TOKEN. Request JSON: either credits or pack_id, optional payment_method, idempotency_key. Use stripe_checkout for the human Checkout path. Use payment_method stripe_x402.exact.usdc only when credits methods returns it available/quoteable/purchasable/requires_browser:false; treat it as autonomous self-settlement only when agent_settleable:true is also returned. Response includes quote_id, credits, price_amount_cents, currency, accepted_payment_method, pack_id, pack, and live_money. One credit equals $0.01, so price_amount_cents equals credits. This does not grant credits.
 - POST https://api.image-skill.com/v1/credit-purchases/stripe-x402-deposits creates a browserless action-required USDC deposit attempt for a stripe_x402.exact.usdc quote. Request JSON: quote_id, idempotency_key. Response includes state: action_required, payment_attempt_id, accepted_payment_method: stripe_x402.exact.usdc, live_money, amount_cents, stripe_x402 challenge metadata, stripe_x402.payable_instructions when Stripe returns a Base deposit address, and next.agent_action: pay_stripe_crypto_deposit. A wallet-equipped agent can pay the exact USDC token_amount_atomic to payable_instructions.deposit_address on Base. This does not grant credits; verified settlement/webhook fulfillment grants paid credits exactly once.
@@ -196,7 +196,7 @@ Unclaimed agents may not:
 - send card data, wallet secrets, wallet private keys, seed phrases, raw x402 payment headers, provider receipts, Stripe secrets, MPP tokens, SPTs, bearer tokens, or any payment credential to Image Skill; Stripe payment details must be entered only on Stripe-hosted checkout pages
 
 Credits:
-One Image Skill credit is $0.01. Use image-skill credits methods --json to inspect payment rail availability, browser/human requirements, agent_initiated, agent_settleable, and settlement_blocker. Always pass the returned payment method when quoting. When stripe_x402.exact.usdc is returned with available:true, quoteable:true, purchasable:true, requires_browser:false, and agent_settleable:true, image-skill credits quote --pack PACK_ID --payment-method stripe_x402.exact.usdc --json followed by image-skill credits buy --provider stripe_x402 --quote-id QUOTE_ID --idempotency-key KEY --json creates a browserless live deposit attempt with stripe_x402.payable_instructions. Treat live_money:true as real spend, stay inside the delegated cap, and pay exactly token_amount_atomic USDC units to payable_instructions.deposit_address on Base only from a wallet substrate you control. Use image-skill credits quote --pack PACK_ID --payment-method stripe_checkout --json and image-skill credits buy --provider stripe --quote-id QUOTE_ID --idempotency-key KEY --json only for the Stripe Checkout human path; this returns checkout_handoff_url, copy-safe checkout_compact_url, and full Stripe checkout_url fallback and does not grant credits. Present checkout_handoff_url or checkout_compact_url to humans, especially in mobile terminals, SSH, or chat. If checkout_handoff_url is absent, present the full checkout_url in a code block and preserve the Stripe # fragment. Use image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json after buy and after settlement/checkout completion to read state, receipt, credit_event, limits, and retry guidance. Create/edit debit model-priced credits after provider success; inspect models show and operation cost.credit_pricing for credits_required and pricing_confidence. Do not silently downgrade to the cheapest model to avoid payment when the user asked for quality or is willing to pay; quote the needed credits and use an agent_settleable:true x402 rail or Stripe Checkout fallback. Credits buy requires explicit --idempotency-key. Quote idempotency keys are scoped to the hosted agent identity and exact quote terms; the public CLI generates one when omitted and returns it in the quote response, while explicit keys remain available for retry-stable automation. Inspect error.recovery.suggested_command on CREDIT_QUOTE_CONFLICT. Never send payment credentials to Image Skill: no wallet private keys, seed phrases, x402 payment headers, deposit client secrets, provider receipts, card data, or Stripe secrets. Public request fields are credits, pack_id, payment_method, quote_id, status reference IDs, and idempotency_key.
+One Image Skill credit is $0.01. Use image-skill credits methods --json to inspect payment rail availability, browser/human requirements, agent_initiated, agent_settleable, and settlement_blocker. If data.next_actions.recommended_quote is present, prefer its command as the next authenticated quote step; it is a no-spend live-money quote object handoff and does not move money, grant credits, debit credits, call a provider, or write media. Always pass the returned payment method when quoting. When stripe_x402.exact.usdc is returned with available:true, quoteable:true, purchasable:true, requires_browser:false, and agent_settleable:true, image-skill credits quote --pack PACK_ID --payment-method stripe_x402.exact.usdc --json followed by image-skill credits buy --provider stripe_x402 --quote-id QUOTE_ID --idempotency-key KEY --json creates a browserless live deposit attempt with stripe_x402.payable_instructions. Treat live_money:true as real spend, stay inside the delegated cap, and pay exactly token_amount_atomic USDC units to payable_instructions.deposit_address on Base only from a wallet substrate you control. Use image-skill credits quote --pack PACK_ID --payment-method stripe_checkout --json and image-skill credits buy --provider stripe --quote-id QUOTE_ID --idempotency-key KEY --json only for the Stripe Checkout human path; this returns checkout_handoff_url, copy-safe checkout_compact_url, and full Stripe checkout_url fallback and does not grant credits. Present checkout_handoff_url or checkout_compact_url to humans, especially in mobile terminals, SSH, or chat. If checkout_handoff_url is absent, present the full checkout_url in a code block and preserve the Stripe # fragment. Use image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json after buy and after settlement/checkout completion to read state, receipt, credit_event, limits, and retry guidance. Create/edit debit model-priced credits after provider success; inspect models show and operation cost.credit_pricing for credits_required and pricing_confidence. Do not silently downgrade to the cheapest model to avoid payment when the user asked for quality or is willing to pay; quote the needed credits and use an agent_settleable:true x402 rail or Stripe Checkout fallback. Credits buy requires explicit --idempotency-key. Quote idempotency keys are scoped to the hosted agent identity and exact quote terms; the public CLI generates one when omitted and returns it in the quote response, while explicit keys remain available for retry-stable automation. Inspect error.recovery.suggested_command on CREDIT_QUOTE_CONFLICT. Never send payment credentials to Image Skill: no wallet private keys, seed phrases, x402 payment headers, deposit client secrets, provider receipts, card data, or Stripe secrets. Public request fields are credits, pack_id, payment_method, quote_id, status reference IDs, and idempotency_key.
 
 Telemetry:
 - command or endpoint name