image-skill 0.1.8 → 0.1.10

package/CHANGELOG.md

@@ -4,6 +4,26 @@ This changelog tracks the public `image-skill` CLI package and public skill
 mirror. The npm package metadata remains the authority for tarball integrity and
 provenance; this file is the human- and agent-readable release map.
 
+## 0.1.10 - 2026-05-22
+
+- Stripe Checkout payment-link hardening follow-up.
+- Make `checkout_compact_url` copy-safe by preferring the short Image Skill
+  `checkout_handoff_url` whenever the hosted API provides one.
+- Keep raw Stripe `checkout_url` only as the full fallback and preserve its
+  required `#...` browser fragment.
+- Add proof coverage that the Image Skill handoff redirects to the exact Stripe
+  Checkout URL with the fragment intact.
+
+## 0.1.9 - 2026-05-22
+
+- Emergency Stripe Checkout payment-link hotfix.
+- Restored full Stripe Checkout URL preservation, including the `#...`
+  fragment required by Stripe's browser checkout app.
+- Kept `checkout_handoff_url` as the preferred short human payment link, but
+  made stale-server fallback safe by no longer fragment-stripping
+  `checkout_url`, `checkout_compact_url`, or `next.fallback_checkout_url`.
+- Do not use `image-skill@0.1.8` for live Stripe payments.
+
 ## 0.1.8 - 2026-05-22
 
 - Hardened Stripe Checkout handoff responses for mobile terminals and chat.

package/bin/image-skill.mjs

@@ -7,7 +7,7 @@ import { Readable } from "node:stream";
 import { pipeline } from "node:stream/promises";
 import os from "node:os";
 
-const VERSION = "0.1.8";
+const VERSION = "0.1.10";
 const DEFAULT_API_BASE_URL = "https://api.image-skill.com";
 const PROMPTLESS_EDIT_MODEL_IDS = new Set([
   "fal.flux-dev-redux",
@@ -1589,6 +1589,19 @@ function stripeCheckoutCopyFallbackData(data) {
 }
 
 function addCheckoutCompactUrl(record) {
+  const handoff =
+    typeof record.checkout_handoff_url === "string"
+      ? record.checkout_handoff_url
+      : null;
+  if (handoff !== null && handoff.length > 0) {
+    let changed = false;
+    if (record.checkout_compact_url !== handoff) {
+      record.checkout_compact_url = handoff;
+      changed = true;
+    }
+    return changed;
+  }
+
   const raw =
     typeof record.checkout_url === "string"
       ? record.checkout_url
@@ -1604,20 +1617,6 @@ function addCheckoutCompactUrl(record) {
     record.checkout_compact_url = compact;
     changed = true;
   }
-  if (
-    typeof record.checkout_url === "string" &&
-    record.checkout_url !== compact
-  ) {
-    record.checkout_url = compact;
-    changed = true;
-  }
-  if (
-    typeof record.fallback_checkout_url === "string" &&
-    record.fallback_checkout_url !== compact
-  ) {
-    record.fallback_checkout_url = compact;
-    changed = true;
-  }
   return changed;
 }
 
@@ -1626,14 +1625,7 @@ function stripeCheckoutCompactUrl(checkoutUrl) {
   if (trimmed.length === 0) {
     return checkoutUrl;
   }
-  try {
-    const parsed = new URL(trimmed);
-    parsed.hash = "";
-    return parsed.toString();
-  } catch {
-    const hashIndex = trimmed.indexOf("#");
-    return hashIndex === -1 ? trimmed : trimmed.slice(0, hashIndex);
-  }
+  return trimmed;
 }
 
 function isRecord(value) {

package/cli.md

@@ -337,15 +337,13 @@ fulfillment succeeds. Session creation itself must not mutate credit balances.
 
 Agents should present or open `checkout_handoff_url` for humans. It is a short
 Image Skill URL that redirects to Stripe Checkout and is safe to copy from
-mobile terminals, SSH clients, and wrapped chat output. `checkout_url` remains
-the Stripe compatibility fallback and is fragment-stripped by current API/CLI
-responses for human copy/paste; do not ask a person to copy it when
-`checkout_handoff_url` is present.
-
-If a stale server or older client exposes a raw Stripe URL with a long `#...`
-fragment, remove the fragment and use `checkout_compact_url` for human
-copy/paste. Present any fallback Stripe URL in a fenced code block so terminal
-wrapping does not corrupt it.
+mobile terminals, SSH clients, and wrapped chat output. `checkout_compact_url`
+is also copy-safe and equals the Image Skill handoff when the hosted API can
+provide one. `checkout_url` is the raw Stripe compatibility fallback only; do
+not present it unless no handoff URL is available. Do not trim Stripe Checkout
+URLs: the long `#...` fragment is required by Stripe Checkout in the browser.
+Present any fallback Stripe URL in a fenced code block so terminal wrapping does
+not corrupt it.
 
 ```bash
 image-skill credits buy \
@@ -366,8 +364,8 @@ Minimum success data:
   "accepted_payment_method": "stripe_checkout",
   "checkout_session_id": "cs_...",
   "checkout_handoff_url": "https://api.image-skill.com/pay/payatt_...",
-  "checkout_compact_url": "https://checkout.stripe.com/c/pay/cs_...",
-  "checkout_url": "https://checkout.stripe.com/c/pay/cs_...",
+  "checkout_compact_url": "https://api.image-skill.com/pay/payatt_...",
+  "checkout_url": "https://checkout.stripe.com/c/pay/cs_...#fid...",
   "credits": 500,
   "amount_cents": 500,
   "currency": "USD",
@@ -375,9 +373,9 @@ Minimum success data:
   "next": {
     "human_action": "open_checkout_url",
     "checkout_handoff_url": "https://api.image-skill.com/pay/payatt_...",
-    "checkout_compact_url": "https://checkout.stripe.com/c/pay/cs_...",
-    "fallback_checkout_url": "https://checkout.stripe.com/c/pay/cs_...",
-    "after_payment": "open checkout_handoff_url, or checkout_compact_url if only a Stripe URL is available, then poll image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json or image-skill usage quota --json; credits are granted only after verified webhook fulfillment"
+    "checkout_compact_url": "https://api.image-skill.com/pay/payatt_...",
+    "fallback_checkout_url": "https://checkout.stripe.com/c/pay/cs_...#fid...",
+    "after_payment": "open checkout_handoff_url or checkout_compact_url; use the full checkout_url only if no Image Skill handoff URL is available, and preserve its Stripe # fragment. Then poll image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json or image-skill usage quota --json; credits are granted only after verified webhook fulfillment"
   }
 }
 ```
@@ -422,8 +420,8 @@ Minimum action-required data:
     "payment_attempt_id": "payatt_...",
     "checkout_session_id": "cs_...",
     "checkout_handoff_url": "https://api.image-skill.com/pay/payatt_...",
-    "checkout_compact_url": "https://checkout.stripe.com/c/pay/cs_...",
-    "checkout_url": "https://checkout.stripe.com/c/pay/cs_...",
+    "checkout_compact_url": "https://api.image-skill.com/pay/payatt_...",
+    "checkout_url": "https://checkout.stripe.com/c/pay/cs_...#fid...",
     "attempt_status": "requires_action"
   },
   "receipt": null,
@@ -432,7 +430,7 @@ Minimum action-required data:
     "retry_after_seconds": 10,
     "human_action": "open_checkout_url",
     "checkout_handoff_url": "https://api.image-skill.com/pay/payatt_...",
-    "checkout_compact_url": "https://checkout.stripe.com/c/pay/cs_..."
+    "checkout_compact_url": "https://api.image-skill.com/pay/payatt_..."
   }
 }
 ```

package/llms.txt

@@ -69,7 +69,7 @@ First-run flow:
 6a. image-skill credits methods --json to inspect payment rails, availability, buyer modes, browser requirements, and recovery commands before quoting or buying.
 6b. image-skill credits packs list --json to inspect recommended live-money packs.
 6c. image-skill credits quote --pack starter-500 --payment-method stripe_checkout --idempotency-key KEY --json for the default Stripe Checkout top-up path. Use --credits CREDITS instead of --pack only when the required exact budget is already known.
-6d. image-skill credits buy --provider stripe --quote-id QUOTE_ID --idempotency-key KEY --json when the agent has a stripe_checkout quote and needs a payment handoff. Present or open checkout_handoff_url for humans. If no handoff URL is available, present checkout_compact_url in a code block; it is the Stripe Checkout URL with any long # fragment removed for mobile copy/paste. Treat checkout_url as a fragment-stripped compatibility fallback. Credits are granted only after verified Stripe webhook fulfillment succeeds.
+6d. image-skill credits buy --provider stripe --quote-id QUOTE_ID --idempotency-key KEY --json when the agent has a stripe_checkout quote and needs a payment handoff. Present or open checkout_handoff_url for humans; checkout_compact_url is also copy-safe when present. If no handoff URL is available, present the full checkout_url in a code block. Do not remove the Stripe # fragment; Checkout needs it in the browser. Credits are granted only after verified Stripe webhook fulfillment succeeds.
 6e. image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json after buy or checkout completion to read durable payment state, receipt, credit_event, limits, and retry guidance without inferring from quota text.
 6f. image-skill credits quote --credits 10 --json and image-skill credits fake-purchase --quote-id QUOTE_ID --idempotency-key KEY --json only for fake/test credit-ledger proof. This moves no live money, accepts no payment credential, and returns live_money:false.
 7. image-skill create --dry-run --prompt PROMPT --json for zero-cost planning.
@@ -122,7 +122,7 @@ Hosted API endpoints:
 - GET https://api.image-skill.com/v1/payment-methods returns the no-auth payment rail catalog. It tells agents which rails are available, whether live money can move, buyer modes (agent_only, hybrid, human_only), browser requirements, limits, endpoint paths, and recovery commands.
 - GET https://api.image-skill.com/v1/credit-packs returns the public pack catalog. Recommended live-money packs include starter-500, builder-2000, and studio-5000. Packs are the default Stripe Checkout UX; exact quotes remain supported for agents that already know the required credit budget.
 - POST https://api.image-skill.com/v1/credit-quotes returns a fake/test or stripe_checkout credit quote for Authorization: Bearer TOKEN. Request JSON: either credits or pack_id, optional payment_method, idempotency_key. Response includes quote_id, credits, price_amount_cents, currency, accepted_payment_method, pack_id, pack, and live_money. One credit equals $0.01, so price_amount_cents equals credits. This does not grant credits.
-- POST https://api.image-skill.com/v1/credit-purchases/stripe-checkout-sessions creates a Stripe Checkout Session for a stripe_checkout quote. Request JSON: quote_id, idempotency_key. Response includes state: action_required, payment_attempt_id, checkout_session_id, checkout_handoff_url, checkout_compact_url, checkout_url, accepted_payment_method: stripe_checkout, and next.human_action: open_checkout_url. Present checkout_handoff_url to humans because it is short and redirects to Stripe. If no handoff URL is available, present checkout_compact_url in a code block; it strips any long Stripe # fragment while preserving the server-visible Checkout URL. Treat checkout_url as a fragment-stripped compatibility fallback. This does not grant credits; verified Stripe webhook fulfillment grants paid credits exactly once.
+- POST https://api.image-skill.com/v1/credit-purchases/stripe-checkout-sessions creates a Stripe Checkout Session for a stripe_checkout quote. Request JSON: quote_id, idempotency_key. Response includes state: action_required, payment_attempt_id, checkout_session_id, checkout_handoff_url, checkout_compact_url, checkout_url, accepted_payment_method: stripe_checkout, and next.human_action: open_checkout_url. Present checkout_handoff_url to humans because it is short and redirects to Stripe; checkout_compact_url is also copy-safe when present. If no handoff URL is available, present the full checkout_url in a code block. Do not remove the Stripe # fragment; Checkout needs it in the browser. This does not grant credits; verified Stripe webhook fulfillment grants paid credits exactly once.
 - GET https://api.image-skill.com/v1/credit-purchases/status returns durable payment state for Authorization: Bearer TOKEN. Query with exactly one of quote_id, payment_attempt_id, checkout_session_id, or receipt_id. Response includes state, quote, payment_attempt, receipt, credit_event, provider_event, limits, and next.
 - POST https://api.image-skill.com/v1/credit-purchases confirms a fake/test quote for Authorization: Bearer TOKEN. Request JSON: quote_id, idempotency_key. Response includes receipt_id, credit_event_id, credits_granted, accepted_payment_method: fake, balance_after, and live_money:false. This grants bounded payment-backed credits without moving live money.
 - GET https://api.image-skill.com/v1/models returns the public model registry. GET https://api.image-skill.com/v1/models/MODEL_ID returns one model's capability-preserving schema.
@@ -199,7 +199,7 @@ Unclaimed agents may not:
 - send card data, wallet secrets, provider receipts, Stripe secrets, MPP tokens, SPTs, or any payment credential to Image Skill; Stripe payment details must be entered only on Stripe-hosted checkout pages
 
 Credits:
-One Image Skill credit is $0.01. Use image-skill credits methods --json to inspect payment rail availability and whether a browser/human action is required. Use image-skill credits packs list --json to inspect recommended Stripe Checkout packs. Use image-skill credits quote --pack PACK_ID --payment-method stripe_checkout --json for the default live-money top-up path. Use image-skill credits quote --credits CREDITS --json for exact bounded custom top-ups when the required budget is already known. The default payment_method is fake. Use image-skill credits buy --provider stripe --json to create a hosted Stripe Checkout Session for a stripe_checkout quote; this returns checkout_handoff_url, checkout_compact_url, and fragment-stripped checkout_url and does not grant credits. Present checkout_handoff_url to humans, especially in mobile terminals, SSH, or chat. If checkout_handoff_url is absent, present checkout_compact_url in a code block instead of asking a human to copy a full raw Stripe URL. Use image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json after buy and after checkout completion to read state, receipt, credit_event, limits, and retry guidance. Use image-skill credits fake-purchase --json only to exercise the quote, receipt, credit-ledger, and activity-audit contract before live settlement rails are enabled. Create/edit debit model-priced credits after provider success; inspect models show and operation cost.credit_pricing for credits_required and pricing_confidence. Do not silently downgrade to the cheapest model to avoid payment when the user asked for quality or is willing to pay; quote the needed credits and use the payment handoff. Credits buy and fake-purchase require explicit --idempotency-key. Quote idempotency keys are scoped to the hosted agent identity and exact quote terms; use per-run/per-step quote keys and inspect error.recovery.suggested_command on CREDIT_QUOTE_CONFLICT. Never send payment credentials to Image Skill; Stripe collects payment details on Stripe-hosted pages. Public request fields are credits, pack_id, payment_method, quote_id, status reference IDs, and idempotency_key.
+One Image Skill credit is $0.01. Use image-skill credits methods --json to inspect payment rail availability and whether a browser/human action is required. Use image-skill credits packs list --json to inspect recommended Stripe Checkout packs. Use image-skill credits quote --pack PACK_ID --payment-method stripe_checkout --json for the default live-money top-up path. Use image-skill credits quote --credits CREDITS --json for exact bounded custom top-ups when the required budget is already known. The default payment_method is fake. Use image-skill credits buy --provider stripe --json to create a hosted Stripe Checkout Session for a stripe_checkout quote; this returns checkout_handoff_url, copy-safe checkout_compact_url, and full checkout_url fallback and does not grant credits. Present checkout_handoff_url or checkout_compact_url to humans, especially in mobile terminals, SSH, or chat. If checkout_handoff_url is absent, present the full checkout_url in a code block and preserve the Stripe # fragment. Use image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json after buy and after checkout completion to read state, receipt, credit_event, limits, and retry guidance. Use image-skill credits fake-purchase --json only to exercise the quote, receipt, credit-ledger, and activity-audit contract before live settlement rails are enabled. Create/edit debit model-priced credits after provider success; inspect models show and operation cost.credit_pricing for credits_required and pricing_confidence. Do not silently downgrade to the cheapest model to avoid payment when the user asked for quality or is willing to pay; quote the needed credits and use the payment handoff. Credits buy and fake-purchase require explicit --idempotency-key. Quote idempotency keys are scoped to the hosted agent identity and exact quote terms; use per-run/per-step quote keys and inspect error.recovery.suggested_command on CREDIT_QUOTE_CONFLICT. Never send payment credentials to Image Skill; Stripe collects payment details on Stripe-hosted pages. Public request fields are credits, pack_id, payment_method, quote_id, status reference IDs, and idempotency_key.
 
 Telemetry:
 - command or endpoint name

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "image-skill",
-  "version": "0.1.8",
+  "version": "0.1.10",
   "description": "Creative cloud CLI for agents: models, credits, jobs, owned URLs, JSON recovery, payments, reusable assets, and feedback.",
   "type": "module",
   "private": false,

package/skill.md

@@ -228,12 +228,12 @@ delegated-card adapters. Packs are the default Stripe Checkout UX; exact
 budget. `credits methods --json` tells agents which rails are currently
 available, which buyer modes they support, and whether browser/human action is
 required before an agent tries to quote or buy. `credits buy --provider stripe`
-returns `checkout_handoff_url` for humans, `checkout_compact_url` for stale
-handoff fallback, and a fragment-stripped Stripe `checkout_url` fallback for a
-`stripe_checkout` quote and does not grant credits until verified webhook
+returns `checkout_handoff_url` for humans, `checkout_compact_url` as the
+copy-safe handoff, and full Stripe `checkout_url` only as a fallback for a
+`stripe_checkout` quote. It does not grant credits until verified webhook
 fulfillment succeeds. Present or open `checkout_handoff_url` first. If it is
-absent, present `checkout_compact_url` in a code block; older raw Stripe URLs
-can be long, wrapped, and fragile in mobile terminals. `credits fake-purchase`
+absent, present the full `checkout_url` in a code block; do not remove the
+Stripe `#...` fragment because Checkout needs it in the browser. `credits fake-purchase`
 returns `live_money:false`, moves no live money, accepts no payment credential,
 and exists so agents can exercise the quote, receipt, credit-ledger, and
 activity-audit contract safely.
@@ -538,9 +538,9 @@ closed if durable hosted feedback storage is unavailable.
   top-ups when the required budget is already known.
 - Use `credits buy --provider stripe --json` only to create a Stripe-hosted
   checkout action. Present `checkout_handoff_url` to humans; if it is absent,
-  present `checkout_compact_url` in a code block. Treat `checkout_url` as a
-  fragment-stripped Stripe compatibility fallback. Session creation itself does
-  not grant credits.
+  present the full `checkout_url` in a code block. Do not remove the
+  Stripe `#...` fragment; Checkout needs it in the browser. Session creation
+  itself does not grant credits.
 - Use `credits fake-purchase --json` only for preview credit-ledger proof; it
   is not live settlement and must not receive payment credentials.
 - Treat credits as prepaid cents of Image Skill value. Operation debits are

package/skills/image-skill/SKILL.md

@@ -228,12 +228,12 @@ delegated-card adapters. Packs are the default Stripe Checkout UX; exact
 budget. `credits methods --json` tells agents which rails are currently
 available, which buyer modes they support, and whether browser/human action is
 required before an agent tries to quote or buy. `credits buy --provider stripe`
-returns `checkout_handoff_url` for humans, `checkout_compact_url` for stale
-handoff fallback, and a fragment-stripped Stripe `checkout_url` fallback for a
-`stripe_checkout` quote and does not grant credits until verified webhook
+returns `checkout_handoff_url` for humans, `checkout_compact_url` as the
+copy-safe handoff, and full Stripe `checkout_url` only as a fallback for a
+`stripe_checkout` quote. It does not grant credits until verified webhook
 fulfillment succeeds. Present or open `checkout_handoff_url` first. If it is
-absent, present `checkout_compact_url` in a code block; older raw Stripe URLs
-can be long, wrapped, and fragile in mobile terminals. `credits fake-purchase`
+absent, present the full `checkout_url` in a code block; do not remove the
+Stripe `#...` fragment because Checkout needs it in the browser. `credits fake-purchase`
 returns `live_money:false`, moves no live money, accepts no payment credential,
 and exists so agents can exercise the quote, receipt, credit-ledger, and
 activity-audit contract safely.
@@ -538,9 +538,9 @@ closed if durable hosted feedback storage is unavailable.
   top-ups when the required budget is already known.
 - Use `credits buy --provider stripe --json` only to create a Stripe-hosted
   checkout action. Present `checkout_handoff_url` to humans; if it is absent,
-  present `checkout_compact_url` in a code block. Treat `checkout_url` as a
-  fragment-stripped Stripe compatibility fallback. Session creation itself does
-  not grant credits.
+  present the full `checkout_url` in a code block. Do not remove the
+  Stripe `#...` fragment; Checkout needs it in the browser. Session creation
+  itself does not grant credits.
 - Use `credits fake-purchase --json` only for preview credit-ledger proof; it
   is not live settlement and must not receive payment credentials.
 - Treat credits as prepaid cents of Image Skill value. Operation debits are

package/skills/image-skill/references/cli.md

@@ -337,15 +337,13 @@ fulfillment succeeds. Session creation itself must not mutate credit balances.
 
 Agents should present or open `checkout_handoff_url` for humans. It is a short
 Image Skill URL that redirects to Stripe Checkout and is safe to copy from
-mobile terminals, SSH clients, and wrapped chat output. `checkout_url` remains
-the Stripe compatibility fallback and is fragment-stripped by current API/CLI
-responses for human copy/paste; do not ask a person to copy it when
-`checkout_handoff_url` is present.
-
-If a stale server or older client exposes a raw Stripe URL with a long `#...`
-fragment, remove the fragment and use `checkout_compact_url` for human
-copy/paste. Present any fallback Stripe URL in a fenced code block so terminal
-wrapping does not corrupt it.
+mobile terminals, SSH clients, and wrapped chat output. `checkout_compact_url`
+is also copy-safe and equals the Image Skill handoff when the hosted API can
+provide one. `checkout_url` is the raw Stripe compatibility fallback only; do
+not present it unless no handoff URL is available. Do not trim Stripe Checkout
+URLs: the long `#...` fragment is required by Stripe Checkout in the browser.
+Present any fallback Stripe URL in a fenced code block so terminal wrapping does
+not corrupt it.
 
 ```bash
 image-skill credits buy \
@@ -366,8 +364,8 @@ Minimum success data:
   "accepted_payment_method": "stripe_checkout",
   "checkout_session_id": "cs_...",
   "checkout_handoff_url": "https://api.image-skill.com/pay/payatt_...",
-  "checkout_compact_url": "https://checkout.stripe.com/c/pay/cs_...",
-  "checkout_url": "https://checkout.stripe.com/c/pay/cs_...",
+  "checkout_compact_url": "https://api.image-skill.com/pay/payatt_...",
+  "checkout_url": "https://checkout.stripe.com/c/pay/cs_...#fid...",
   "credits": 500,
   "amount_cents": 500,
   "currency": "USD",
@@ -375,9 +373,9 @@ Minimum success data:
   "next": {
     "human_action": "open_checkout_url",
     "checkout_handoff_url": "https://api.image-skill.com/pay/payatt_...",
-    "checkout_compact_url": "https://checkout.stripe.com/c/pay/cs_...",
-    "fallback_checkout_url": "https://checkout.stripe.com/c/pay/cs_...",
-    "after_payment": "open checkout_handoff_url, or checkout_compact_url if only a Stripe URL is available, then poll image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json or image-skill usage quota --json; credits are granted only after verified webhook fulfillment"
+    "checkout_compact_url": "https://api.image-skill.com/pay/payatt_...",
+    "fallback_checkout_url": "https://checkout.stripe.com/c/pay/cs_...#fid...",
+    "after_payment": "open checkout_handoff_url or checkout_compact_url; use the full checkout_url only if no Image Skill handoff URL is available, and preserve its Stripe # fragment. Then poll image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json or image-skill usage quota --json; credits are granted only after verified webhook fulfillment"
   }
 }
 ```
@@ -422,8 +420,8 @@ Minimum action-required data:
     "payment_attempt_id": "payatt_...",
     "checkout_session_id": "cs_...",
     "checkout_handoff_url": "https://api.image-skill.com/pay/payatt_...",
-    "checkout_compact_url": "https://checkout.stripe.com/c/pay/cs_...",
-    "checkout_url": "https://checkout.stripe.com/c/pay/cs_...",
+    "checkout_compact_url": "https://api.image-skill.com/pay/payatt_...",
+    "checkout_url": "https://checkout.stripe.com/c/pay/cs_...#fid...",
     "attempt_status": "requires_action"
   },
   "receipt": null,
@@ -432,7 +430,7 @@ Minimum action-required data:
     "retry_after_seconds": 10,
     "human_action": "open_checkout_url",
     "checkout_handoff_url": "https://api.image-skill.com/pay/payatt_...",
-    "checkout_compact_url": "https://checkout.stripe.com/c/pay/cs_..."
+    "checkout_compact_url": "https://api.image-skill.com/pay/payatt_..."
   }
 }
 ```

package/skills/image-skill/references/llms.txt

@@ -69,7 +69,7 @@ First-run flow:
 6a. image-skill credits methods --json to inspect payment rails, availability, buyer modes, browser requirements, and recovery commands before quoting or buying.
 6b. image-skill credits packs list --json to inspect recommended live-money packs.
 6c. image-skill credits quote --pack starter-500 --payment-method stripe_checkout --idempotency-key KEY --json for the default Stripe Checkout top-up path. Use --credits CREDITS instead of --pack only when the required exact budget is already known.
-6d. image-skill credits buy --provider stripe --quote-id QUOTE_ID --idempotency-key KEY --json when the agent has a stripe_checkout quote and needs a payment handoff. Present or open checkout_handoff_url for humans. If no handoff URL is available, present checkout_compact_url in a code block; it is the Stripe Checkout URL with any long # fragment removed for mobile copy/paste. Treat checkout_url as a fragment-stripped compatibility fallback. Credits are granted only after verified Stripe webhook fulfillment succeeds.
+6d. image-skill credits buy --provider stripe --quote-id QUOTE_ID --idempotency-key KEY --json when the agent has a stripe_checkout quote and needs a payment handoff. Present or open checkout_handoff_url for humans; checkout_compact_url is also copy-safe when present. If no handoff URL is available, present the full checkout_url in a code block. Do not remove the Stripe # fragment; Checkout needs it in the browser. Credits are granted only after verified Stripe webhook fulfillment succeeds.
 6e. image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json after buy or checkout completion to read durable payment state, receipt, credit_event, limits, and retry guidance without inferring from quota text.
 6f. image-skill credits quote --credits 10 --json and image-skill credits fake-purchase --quote-id QUOTE_ID --idempotency-key KEY --json only for fake/test credit-ledger proof. This moves no live money, accepts no payment credential, and returns live_money:false.
 7. image-skill create --dry-run --prompt PROMPT --json for zero-cost planning.
@@ -122,7 +122,7 @@ Hosted API endpoints:
 - GET https://api.image-skill.com/v1/payment-methods returns the no-auth payment rail catalog. It tells agents which rails are available, whether live money can move, buyer modes (agent_only, hybrid, human_only), browser requirements, limits, endpoint paths, and recovery commands.
 - GET https://api.image-skill.com/v1/credit-packs returns the public pack catalog. Recommended live-money packs include starter-500, builder-2000, and studio-5000. Packs are the default Stripe Checkout UX; exact quotes remain supported for agents that already know the required credit budget.
 - POST https://api.image-skill.com/v1/credit-quotes returns a fake/test or stripe_checkout credit quote for Authorization: Bearer TOKEN. Request JSON: either credits or pack_id, optional payment_method, idempotency_key. Response includes quote_id, credits, price_amount_cents, currency, accepted_payment_method, pack_id, pack, and live_money. One credit equals $0.01, so price_amount_cents equals credits. This does not grant credits.
-- POST https://api.image-skill.com/v1/credit-purchases/stripe-checkout-sessions creates a Stripe Checkout Session for a stripe_checkout quote. Request JSON: quote_id, idempotency_key. Response includes state: action_required, payment_attempt_id, checkout_session_id, checkout_handoff_url, checkout_compact_url, checkout_url, accepted_payment_method: stripe_checkout, and next.human_action: open_checkout_url. Present checkout_handoff_url to humans because it is short and redirects to Stripe. If no handoff URL is available, present checkout_compact_url in a code block; it strips any long Stripe # fragment while preserving the server-visible Checkout URL. Treat checkout_url as a fragment-stripped compatibility fallback. This does not grant credits; verified Stripe webhook fulfillment grants paid credits exactly once.
+- POST https://api.image-skill.com/v1/credit-purchases/stripe-checkout-sessions creates a Stripe Checkout Session for a stripe_checkout quote. Request JSON: quote_id, idempotency_key. Response includes state: action_required, payment_attempt_id, checkout_session_id, checkout_handoff_url, checkout_compact_url, checkout_url, accepted_payment_method: stripe_checkout, and next.human_action: open_checkout_url. Present checkout_handoff_url to humans because it is short and redirects to Stripe; checkout_compact_url is also copy-safe when present. If no handoff URL is available, present the full checkout_url in a code block. Do not remove the Stripe # fragment; Checkout needs it in the browser. This does not grant credits; verified Stripe webhook fulfillment grants paid credits exactly once.
 - GET https://api.image-skill.com/v1/credit-purchases/status returns durable payment state for Authorization: Bearer TOKEN. Query with exactly one of quote_id, payment_attempt_id, checkout_session_id, or receipt_id. Response includes state, quote, payment_attempt, receipt, credit_event, provider_event, limits, and next.
 - POST https://api.image-skill.com/v1/credit-purchases confirms a fake/test quote for Authorization: Bearer TOKEN. Request JSON: quote_id, idempotency_key. Response includes receipt_id, credit_event_id, credits_granted, accepted_payment_method: fake, balance_after, and live_money:false. This grants bounded payment-backed credits without moving live money.
 - GET https://api.image-skill.com/v1/models returns the public model registry. GET https://api.image-skill.com/v1/models/MODEL_ID returns one model's capability-preserving schema.
@@ -199,7 +199,7 @@ Unclaimed agents may not:
 - send card data, wallet secrets, provider receipts, Stripe secrets, MPP tokens, SPTs, or any payment credential to Image Skill; Stripe payment details must be entered only on Stripe-hosted checkout pages
 
 Credits:
-One Image Skill credit is $0.01. Use image-skill credits methods --json to inspect payment rail availability and whether a browser/human action is required. Use image-skill credits packs list --json to inspect recommended Stripe Checkout packs. Use image-skill credits quote --pack PACK_ID --payment-method stripe_checkout --json for the default live-money top-up path. Use image-skill credits quote --credits CREDITS --json for exact bounded custom top-ups when the required budget is already known. The default payment_method is fake. Use image-skill credits buy --provider stripe --json to create a hosted Stripe Checkout Session for a stripe_checkout quote; this returns checkout_handoff_url, checkout_compact_url, and fragment-stripped checkout_url and does not grant credits. Present checkout_handoff_url to humans, especially in mobile terminals, SSH, or chat. If checkout_handoff_url is absent, present checkout_compact_url in a code block instead of asking a human to copy a full raw Stripe URL. Use image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json after buy and after checkout completion to read state, receipt, credit_event, limits, and retry guidance. Use image-skill credits fake-purchase --json only to exercise the quote, receipt, credit-ledger, and activity-audit contract before live settlement rails are enabled. Create/edit debit model-priced credits after provider success; inspect models show and operation cost.credit_pricing for credits_required and pricing_confidence. Do not silently downgrade to the cheapest model to avoid payment when the user asked for quality or is willing to pay; quote the needed credits and use the payment handoff. Credits buy and fake-purchase require explicit --idempotency-key. Quote idempotency keys are scoped to the hosted agent identity and exact quote terms; use per-run/per-step quote keys and inspect error.recovery.suggested_command on CREDIT_QUOTE_CONFLICT. Never send payment credentials to Image Skill; Stripe collects payment details on Stripe-hosted pages. Public request fields are credits, pack_id, payment_method, quote_id, status reference IDs, and idempotency_key.
+One Image Skill credit is $0.01. Use image-skill credits methods --json to inspect payment rail availability and whether a browser/human action is required. Use image-skill credits packs list --json to inspect recommended Stripe Checkout packs. Use image-skill credits quote --pack PACK_ID --payment-method stripe_checkout --json for the default live-money top-up path. Use image-skill credits quote --credits CREDITS --json for exact bounded custom top-ups when the required budget is already known. The default payment_method is fake. Use image-skill credits buy --provider stripe --json to create a hosted Stripe Checkout Session for a stripe_checkout quote; this returns checkout_handoff_url, copy-safe checkout_compact_url, and full checkout_url fallback and does not grant credits. Present checkout_handoff_url or checkout_compact_url to humans, especially in mobile terminals, SSH, or chat. If checkout_handoff_url is absent, present the full checkout_url in a code block and preserve the Stripe # fragment. Use image-skill credits status --payment-attempt-id PAYMENT_ATTEMPT_ID --json after buy and after checkout completion to read state, receipt, credit_event, limits, and retry guidance. Use image-skill credits fake-purchase --json only to exercise the quote, receipt, credit-ledger, and activity-audit contract before live settlement rails are enabled. Create/edit debit model-priced credits after provider success; inspect models show and operation cost.credit_pricing for credits_required and pricing_confidence. Do not silently downgrade to the cheapest model to avoid payment when the user asked for quality or is willing to pay; quote the needed credits and use the payment handoff. Credits buy and fake-purchase require explicit --idempotency-key. Quote idempotency keys are scoped to the hosted agent identity and exact quote terms; use per-run/per-step quote keys and inspect error.recovery.suggested_command on CREDIT_QUOTE_CONFLICT. Never send payment credentials to Image Skill; Stripe collects payment details on Stripe-hosted pages. Public request fields are credits, pack_id, payment_method, quote_id, status reference IDs, and idempotency_key.
 
 Telemetry:
 - command or endpoint name