diff --git a/api/admin/create-checkout-session.js b/api/admin/create-checkout-session.js
index 06cd9a1..032b176 100644
--- a/api/admin/create-checkout-session.js
+++ b/api/admin/create-checkout-session.js
@@ -1,9 +1,17 @@
 'use strict';
 
-const Stripe = require('../../lib/stripe-client');
+const createStripeClient = require('../../lib/stripe-client');
 const db = require('../../lib/db');
 const { requireAdminAuth } = require('./_auth');
 
+function asServiceUnavailable(res, status, error) {
+  return res.status(503).json({ ok: false, status, error });
+}
+
+function asConflict(res, status, error) {
+  return res.status(409).json({ ok: false, status, error });
+}
+
 module.exports = async function handler(req, res) {
   res.setHeader('Content-Type', 'application/json; charset=utf-8');
   res.setHeader('Cache-Control', 'no-store');
@@ -14,25 +22,35 @@ module.exports = async function handler(req, res) {
   }
   if (!requireAdminAuth(req, res)) return;
 
-  if (!process.env.STRIPE_SECRET_KEY) {
-    return res.status(503).json({ ok: false, status: 'STRIPE_NOT_CONFIGURED' });
-  }
-
   const body = req.body || {};
   const claimId = typeof body.claimId === 'string' ? body.claimId.trim() : '';
   if (!claimId) return res.status(400).json({ ok: false, status: 'INVALID_CLAIM_ID' });
 
+  let stripe;
+  try {
+    stripe = createStripeClient(process.env.STRIPE_SECRET_KEY);
+  } catch (error) {
+    if (error?.code === 'STRIPE_NOT_CONFIGURED') {
+      return asServiceUnavailable(res, 'STRIPE_NOT_CONFIGURED', 'Stripe secret key is not configured.');
+    }
+    if (error?.code === 'STRIPE_SECRET_KEY_INVALID') {
+      return asServiceUnavailable(res, 'STRIPE_SECRET_KEY_INVALID', error.message);
+    }
+    console.error('ADMIN_CREATE_CHECKOUT_STRIPE_INIT_FAILED', { message: error?.message, code: error?.code, claimId });
+    return asServiceUnavailable(res, 'STRIPE_NOT_CONFIGURED', 'Stripe secret key is not configured.');
+  }
+
   try {
     const claims = db.normalizeRows(await db.query('select * from claim_requests where claim_id = $1 limit 1', [claimId]));
-    if (!claims.length) return res.status(404).json({ ok: false, status: 'CLAIM_NOT_FOUND' });
+    if (!claims.length) return res.status(404).json({ ok: false, status: 'CLAIM_NOT_FOUND', error: 'Claim not found.' });
 
     const claim = claims[0];
     if (claim.status === 'paid' || claim.payment_status === 'paid') {
-      return res.status(409).json({ ok: false, status: 'PAYMENT_ALREADY_COMPLETED' });
+      return asConflict(res, 'PAYMENT_ALREADY_COMPLETED', 'Payment is already completed for this claim.');
     }
 
     if (!['cards_published', 'payment_pending'].includes(claim.status)) {
-      return res.status(409).json({ ok: false, status: 'CLAIM_NOT_READY_FOR_PAYMENT' });
+      return asConflict(res, 'CLAIM_NOT_READY_FOR_PAYMENT', 'Claim must be cards_published before creating checkout.');
     }
 
     if (claim.status === 'payment_pending' && claim.stripe_checkout_session_id) {
@@ -45,38 +63,53 @@ module.exports = async function handler(req, res) {
       });
     }
 
-    const stripe = new Stripe(process.env.STRIPE_SECRET_KEY);
-    const priceCents = Number.parseInt(process.env.STRIPE_FOUNDING_PRICE_CENTS || '2000', 10) || 2000;
     const siteUrl = process.env.COMMANDLAYER_SITE_URL || 'https://www.commandlayer.org';
     const successUrl = `${siteUrl}/claim/status.html?claimId=${encodeURIComponent(claimId)}&payment=success`;
     const cancelUrl = `${siteUrl}/claim/status.html?claimId=${encodeURIComponent(claimId)}&payment=cancelled`;
 
-    const session = await stripe.checkout.sessions.create({
-      mode: 'payment',
-      success_url: successUrl,
-      cancel_url: cancelUrl,
-      line_items: [{
-        quantity: 1,
-        price_data: {
-          currency: 'usd',
-          unit_amount: priceCents,
-          product_data: { name: 'Founding Activation' }
+    let session;
+    try {
+      session = await stripe.checkout.sessions.create({
+        mode: 'payment',
+        success_url: successUrl,
+        cancel_url: cancelUrl,
+        line_items: [{
+          quantity: 1,
+          price_data: {
+            currency: 'usd',
+            unit_amount: 2000,
+            product_data: {
+              name: 'CommandLayer Founding Activation',
+              description: '10 Trust Verification agent namespaces'
+            }
+          }
+        }],
+        metadata: {
+          claimId,
+          tenant: claim.tenant || '',
+          packId: claim.pack_id || '',
+          product: 'founding_activation'
         }
-      }],
-      metadata: {
-        claimId,
-        tenant: claim.tenant || '',
-        packId: claim.pack_id || '',
-        product: 'founding_activation'
+      });
+    } catch (error) {
+      console.error('ADMIN_CREATE_CHECKOUT_SESSION_FAILED', { message: error?.message, code: error?.code, claimId });
+      const payload = {
+        ok: false,
+        status: 'CHECKOUT_SESSION_CREATE_FAILED',
+        error: 'Unable to create Stripe checkout session.'
+      };
+      if (process.env.NODE_ENV !== 'production') {
+        payload.debug = { message: error?.message || 'Unknown Stripe error', code: error?.code || null };
       }
-    });
+      return res.status(502).json(payload);
+    }
 
     await db.query(
       `insert into claim_payments (claim_id, provider, stripe_checkout_session_id, amount_cents, currency, status, metadata_json)
        values ($1, 'stripe', $2, $3, 'usd', 'pending', $4::jsonb)
        on conflict (stripe_checkout_session_id)
        do update set status = excluded.status, metadata_json = excluded.metadata_json, updated_at = now()`,
-      [claimId, session.id, priceCents, JSON.stringify({ checkoutUrl: session.url || null })]
+      [claimId, session.id, 2000, JSON.stringify({ checkoutUrl: session.url || null })]
     );
 
     const fromStatus = claim.status;
@@ -88,7 +121,7 @@ module.exports = async function handler(req, res) {
            payment_currency = 'usd',
            stripe_checkout_session_id = $3
        where claim_id = $1`,
-      [claimId, priceCents, session.id]
+      [claimId, 2000, session.id]
     );
 
     await db.query(
@@ -107,7 +140,7 @@ module.exports = async function handler(req, res) {
 
     return res.status(200).json({ ok: true, status: 'CHECKOUT_SESSION_CREATED', claimId, checkoutUrl: session.url || null, sessionId: session.id });
   } catch (error) {
-    console.error('ADMIN_CREATE_CHECKOUT_SESSION_FAILED', { message: error.message, code: error.code });
+    console.error('ADMIN_CREATE_CHECKOUT_SESSION_UNEXPECTED', { message: error?.message, code: error?.code, claimId });
     return res.status(500).json({ ok: false, status: 'ADMIN_CREATE_CHECKOUT_SESSION_FAILED', error: 'Failed to create checkout session.' });
   }
 };
diff --git a/lib/stripe-client.js b/lib/stripe-client.js
index 4aa4e56..163e1a2 100644
--- a/lib/stripe-client.js
+++ b/lib/stripe-client.js
@@ -1,2 +1,20 @@
 'use strict';
-module.exports = require('stripe');
+
+const Stripe = require('stripe');
+
+function createStripeError(code, message) {
+  const error = new Error(message);
+  error.code = code;
+  return error;
+}
+
+module.exports = function createStripeClient(secretKey, options = {}) {
+  const key = typeof secretKey === 'string' ? secretKey.trim() : '';
+  if (!key) {
+    throw createStripeError('STRIPE_NOT_CONFIGURED', 'Stripe secret key is not configured.');
+  }
+  if (key.startsWith('pk_')) {
+    throw createStripeError('STRIPE_SECRET_KEY_INVALID', 'Stripe secret key must be a server secret key (sk_*), not a publishable key.');
+  }
+  return new Stripe(key, options);
+};
diff --git a/public/admin/claims.html b/public/admin/claims.html
index 074d1a6..c106dd2 100644
--- a/public/admin/claims.html
+++ b/public/admin/claims.html
@@ -8,14 +8,14 @@
   <style>
     *, *::before, *::after { box-sizing: border-box; }
     body { margin:0; background:#f8fafc; color:#111827; font-family: Inter, system-ui, sans-serif; }
-    .container { max-width:1200px; margin:0 auto; padding:24px; }
+    .container { max-width:1400px; width:min(1400px, calc(100% - 48px)); margin:0 auto; padding:24px 0 48px; }
     .panel { background:#fff; border:1px solid #e5e7eb; border-radius:14px; padding:18px; box-shadow:0 1px 2px rgba(0,0,0,.04); min-width:0; }
     .auth { margin:14px 0 18px; }
-    .grid { display:grid; grid-template-columns:minmax(280px,360px) minmax(0,1fr); gap:16px; }
-    @media (max-width: 800px) { .grid { grid-template-columns: 1fr; } }
+    .admin-grid { display:grid; grid-template-columns:420px minmax(0,1fr); gap:20px; align-items:start; }
+    @media (max-width: 980px) { .admin-grid { grid-template-columns: 1fr; } }
     .btn { border:1px solid #d1d5db; border-radius:10px; padding:8px 12px; background:#fff; cursor:pointer; }
-    .btn-primary { background:#2563eb; border-color:#2563eb; color:#fff; } .btn-secondary { background:#eef2ff; }
-    .btn-danger { background:#fee2e2; border-color:#fecaca; color:#991b1b; } .btn-muted { background:#f3f4f6; }
+    .btn-primary { background:#2563eb; border-color:#2563eb; color:#fff; } .btn-secondary { background:#f3f4f6; color:#111827; }
+    .btn-danger { background:#dc2626; border-color:#dc2626; color:#fff; } .btn-muted { background:#f3f4f6; }
     input,textarea { border:1px solid #d1d5db; border-radius:10px; padding:10px; width:100%; min-width:0; }
     .row { display:flex; gap:8px; flex-wrap:wrap; align-items:center; min-width:0; }
     .muted { color:#6b7280; }
@@ -23,19 +23,30 @@
     table { width:100%; border-collapse:collapse; table-layout:fixed; }
     th,td { padding:10px; border-bottom:1px solid #f1f5f9; text-align:left; overflow-wrap:anywhere; word-break:break-word; }
     .clickable{cursor:pointer;} .selected{background:#eef2ff;}
-    .badge{padding:4px 10px; border-radius:999px; font-size:12px; font-weight:700; display:inline-block;}
+    .badge{padding:4px 10px; border-radius:999px; font-size:12px; font-weight:700; display:inline-flex; white-space:nowrap; width:auto; max-width:max-content;}
     .mono{font-family: ui-monospace, SFMono-Regular, Menlo, monospace; font-size:12px;}
     .truncate{max-width:220px; white-space:nowrap; overflow:hidden; text-overflow:ellipsis; display:inline-block; vertical-align:bottom;}
     .created{background:#e5e7eb;} .approved{background:#dbeafe;color:#1e40af;} .cards_published{background:#ede9fe;color:#5b21b6;}
     .failed{background:#fee2e2;color:#991b1b;} .rejected{background:#ffedd5;color:#9a3412;} .live{background:#dcfce7;color:#166534;}
     .error-panel{border:1px solid #fecaca;background:#fef2f2;color:#991b1b;padding:10px;border-radius:10px;margin-bottom:12px;}
     .card-url-row{display:grid;grid-template-columns:minmax(0,1fr) auto auto; gap:8px; align-items:center; padding:8px 0; border-bottom:1px solid #f1f5f9;}
+    .claims-list { display:flex; flex-direction:column; gap:8px; }
+    .claim-item { border:1px solid #e5e7eb; border-radius:12px; padding:10px 12px; background:#fff; cursor:pointer; }
+    .claim-item.selected { border-color:#2563eb; background:#eef2ff; }
+    .claim-head, .claim-meta { display:flex; justify-content:space-between; gap:12px; align-items:center; }
+    .claim-meta { color:#6b7280; font-size:13px; }
+    .pipeline { display:flex; gap:6px; overflow-x:auto; white-space:nowrap; padding-bottom:2px; }
+    .detail-panel { min-width:0; overflow:hidden; }
+    .ens-wrap { overflow-wrap:anywhere; }
+    .auth-row { display:flex; gap:10px; align-items:center; flex-wrap:wrap; }
+    .auth-row input { max-width:420px; }
+
   </style>
 </head>
 <body><div class="container">
   <h1>CommandLayer Claims Admin</h1><p class="muted">Internal operator dashboard for claim review and activation pipeline.</p>
-  <div class="panel auth"><div class="row"><input id="apiKey" type="password" placeholder="Admin API key" style="max-width:320px"><button id="saveKey" class="btn">Save key</button><button id="loadClaims" class="btn btn-primary">Load claims</button><span id="status" class="muted"></span></div></div>
-  <div class="grid"><div class="panel"><h3>Claims <span id="claimsCount" class="muted"></span></h3><div class="table-scroll"><table><thead><tr><th>Claim</th><th>Tenant</th><th>Pack</th><th>Status</th><th>Agents</th><th>Created</th></tr></thead><tbody id="claimsBody"></tbody></table></div></div><div id="detailPanel" class="panel" style="min-width:0;"><p class="muted">Select a claim to review.</p></div></div>
+  <div class="panel auth"><div class="auth-row"><input id="apiKey" type="password" placeholder="Admin API key"><button id="saveKey" class="btn btn-secondary">Save key</button><button id="loadClaims" class="btn btn-primary">Load claims</button><span id="status" class="muted"></span></div></div>
+  <div class="admin-grid"><div class="panel"><h3>Claims <span id="claimsCount" class="muted"></span></h3><div id="claimsBody" class="claims-list"></div></div><div id="detailPanel" class="panel detail-panel"><p class="muted">Select a claim to review.</p></div></div>
 </div>
 <script>
 (() => {
@@ -45,18 +56,18 @@ <h1>CommandLayer Claims Admin</h1><p class="muted">Internal operator dashboard f
 const short=(v,n=10)=>v?`${v.slice(0,n)}…`:''; const dt=(v)=>v?new Date(v).toLocaleString():'-';
 const badge=(status)=>`<span class="badge ${status}">${status}</span>`;
 const copyBtn=(txt)=>`<button class='btn btn-muted copy-url' data-url='${txt.replaceAll("'", '&#39;')}'>Copy URL</button>`;
-function renderClaims(){const b=document.getElementById('claimsBody');b.innerHTML='';document.getElementById('claimsCount').textContent=`(${s.claims.length} loaded)`;for(const c of s.claims){const tr=document.createElement('tr');tr.className=`clickable ${s.selected===c.claimId?'selected':''}`;tr.innerHTML=`<td class='mono'>${short(c.claimId,12)}</td><td>${c.tenant||'-'}</td><td>${c.packId||'-'}</td><td>${badge(c.status)}</td><td>${c.agentCount||0}</td><td>${dt(c.createdAt)}</td>`;tr.onclick=()=>loadDetail(c.claimId);b.appendChild(tr);}}
+function renderClaims(){const b=document.getElementById('claimsBody');b.innerHTML='';document.getElementById('claimsCount').textContent=`(${s.claims.length} loaded)`;for(const c of s.claims){const row=document.createElement('button');row.type='button';row.className=`claim-item ${s.selected===c.claimId?'selected':''}`;row.innerHTML=`<div class='claim-head'><span class='mono'>${short(c.claimId,14)}</span>${badge(c.status)}</div><div class='claim-meta'><span>${c.tenant||'-'}</span><span>${c.packId||'-'} · ${c.agentCount||0} agents</span></div><div class='claim-meta'><span>${dt(c.createdAt)}</span></div>`;row.onclick=()=>loadDetail(c.claimId);b.appendChild(row);}}
 async function loadClaims(){status('Loading claims...');const r=await fetch('/api/admin/claims',{headers:{Authorization:headers().Authorization}});const d=await r.json();if(!r.ok||!d.ok){status(`${r.status} ${d.status}`);return;}s.claims=d.claims||[];renderClaims();status(`Loaded ${s.claims.length} claims.`);}
 async function loadDetail(id){s.selected=id;renderClaims();const r=await fetch(`/api/admin/claim?claimId=${encodeURIComponent(id)}`,{headers:{Authorization:headers().Authorization}});const d=await r.json();if(!r.ok||!d.ok)return; s.detail=d; renderDetail();}
 async function action(action,p={}){const r=await fetch('/api/admin/claim-action',{method:'POST',headers:headers(),body:JSON.stringify({claimId:s.selected,action,actor:'admin',...p})});const d=await r.json();if(!r.ok||!d.ok){s.error=`${d.status}: ${d.error}`;renderDetail();return;}s.error=null;await loadClaims();await loadDetail(s.selected);} 
 async function publish(){const r=await fetch('/api/admin/publish-agent-cards',{method:'POST',headers:headers(),body:JSON.stringify({claimId:s.selected})});const d=await r.json();if(!r.ok||!d.ok){s.error=`${d.status}: ${d.error}`;renderDetail();return;}s.error=null;await loadClaims();await loadDetail(s.selected);} 
-async function createCheckoutSession(claimId){if(!claimId){s.error='400 — claimId is required';renderDetail();return;}s.error=null;s.checkoutUrl=null;s.checkoutLoading=true;renderDetail();try{const r=await fetch('/api/admin/create-checkout-session',{method:'POST',headers:headers(),body:JSON.stringify({claimId})});const d=await r.json().catch(()=>({}));if(!r.ok||!d.ok){s.error=`${r.status} — ${d.error||d.status||'Request failed'}`;return;}s.checkoutUrl=d.checkoutUrl||d.url||null;await loadClaims();await loadDetail(claimId);}catch(e){s.error=`500 — ${e?.message||'Request failed'}`;}finally{s.checkoutLoading=false;renderDetail();}}
+async function createCheckoutSession(claimId){if(!claimId){s.error='400 — claimId is required';renderDetail();return;}s.error=null;s.checkoutUrl=null;s.checkoutLoading=true;renderDetail();try{const r=await fetch('/api/admin/create-checkout-session',{method:'POST',headers:headers(),body:JSON.stringify({claimId})});const d=await r.json().catch(()=>({}));if(!r.ok||!d.ok){const detail=d?.debug?.message?`\nDetails: ${d.debug.message}`:'';s.error=`Checkout failed:\n${d.status||r.status} — ${d.error||'Request failed'}${detail}`;return;}s.checkoutUrl=d.checkoutUrl||d.url||null;await loadClaims();await loadDetail(claimId);}catch(e){s.error=`500 — ${e?.message||'Request failed'}`;}finally{s.checkoutLoading=false;renderDetail();}}
 function checkoutUrlFromClaim(claim){return s.checkoutUrl || claim?.stripe_checkout_url || claim?.payment_checkout_url || null;}
 function openCheckout(claim){const url=checkoutUrlFromClaim(claim);if(url)window.open(url,'_blank');}
 function copyCheckout(claim){const url=checkoutUrlFromClaim(claim);if(url)navigator.clipboard.writeText(url);}
 
-function pipeline(status){const steps=['created','approved','cards_published','payment_pending','paid','erc8004','ens_provisioned','live'];return `<div class='row'>${steps.map(x=>`<span class='badge ${status===x|| (x==='created')|| (status==='approved'&&x==='created')|| (status==='cards_published'&&(x==='created'||x==='approved')) ? (['payment_pending','paid','erc8004','ens_provisioned'].includes(x)?'created':x):'created'}'>${x.replaceAll('_',' ')}</span>`).join('')}</div><p class='muted'>Future steps are coming next.</p>`}
-function renderDetail(){const el=document.getElementById('detailPanel');if(!s.detail){el.innerHTML='<p class="muted">Select a claim to review.</p>';return;}const {claim,agents=[],events=[],transitions=[],cards=[]}=s.detail;const urls=cards.map(c=>c.card_url).filter(Boolean);const missing=claim.status==='cards_published'&&agents.some(a=>!a.card_url);const firstUrl=urls[0];el.innerHTML=`${s.error?`<div class='error-panel'>${s.error}</div>`:''}<h3>Claim <span class='mono'>${short(claim.claim_id,16)}</span> <button id='copyClaim' class='btn btn-muted'>Copy</button> ${badge(claim.status)}</h3><p class='muted'>Tenant: ${claim.tenant||'-'} · Wallet: <span class='mono'>${claim.authenticated_address||'-'}</span> · Pack: ${claim.pack_id||'-'} · Agents: ${agents.length} · Created: ${dt(claim.created_at)}</p><h4>Pipeline</h4>${pipeline(claim.status)}<h4>Next action</h4><div class='row'><input id='reasonInput' placeholder='Reason'><input id='notesInput' placeholder='Notes'></div><div class='row' id='actions'></div><h4>Agents</h4><div class='table-scroll'><table><thead><tr><th>ENS</th><th>Capability</th><th>Parent</th><th>Card</th><th>Actions</th></tr></thead><tbody>${agents.map(a=>`<tr><td class='mono'>${a.ens||'-'}</td><td>${a.capability||'-'}</td><td>${a.canonical_parent||'-'}</td><td>${a.card_status||'-'}</td><td>${a.card_url?`<a href='${a.card_url}' target='_blank'>open</a> · <button class='btn btn-muted copy-url' data-url='${a.card_url}'>copy</button>`:'-'}</td></tr>`).join('')}</tbody></table></div>${claim.status==='payment_pending'?`<h4>Payment pending</h4><p class='muted'>Checkout has been created. Open it to complete payment.</p><p class='mono'>${claim.stripe_checkout_session_id||'-'}</p>`:''}${claim.status==='paid'?`<h4>Payment received</h4><p class='muted'>Next: ERC-8004 registration</p>`:''}${claim.status==='cards_published'?`<h4>Agent cards published</h4><p class='muted'>Founding Activation: $20 first year for 10 Trust Verification namespaces.</p><p class='muted'>${urls.length} cards${missing?' · Missing card URLs detected':''}</p>${s.checkoutUrl?`<div class='panel'><strong>Checkout created</strong><div class='row'><a class='btn btn-secondary' href='${s.checkoutUrl}' target='_blank' rel='noopener'>Open checkout</a><button id='copyCheckoutUrl' type='button' class='btn btn-secondary' data-url='${s.checkoutUrl}'>Copy checkout URL</button></div><div class='mono' style='overflow-wrap:anywhere;'>${s.checkoutUrl}</div></div>`:''}<div class='row'><button id='copyUrls' type='button' class='btn btn-secondary'>Copy all URLs</button>${firstUrl?`<button id='openFirst' type='button' class='btn btn-secondary'>Open first card</button>`:''}</div><div>${urls.map(u=>`<div class='card-url-row'><span class='mono truncate' title='${u}'>${u.split('/').pop()?.replace(/\.json$/,'')||u}</span><a href='${u}' target='_blank'>Open</a>${copyBtn(u)}</div>`).join('')}</div>${missing?`<p class='error-panel'>Some cards are missing URLs. Use Repair / Publish cards.</p>`:''}`:''}<h4>Events</h4>${events.map(e=>`<div class='panel' style='margin-bottom:8px'><strong>${e.event_type}</strong><div style='overflow-wrap:anywhere;'>${e.message||''}</div><div class='muted'>${dt(e.created_at)}</div><details><summary>metadata</summary><pre style='white-space:pre-wrap;overflow-wrap:anywhere;'>${JSON.stringify(e.event_json||{},null,2)}</pre></details></div>`).join('')||'<p class="muted">No events.</p>'}<h4>Transitions</h4>${transitions.map(t=>`<div class='panel' style='margin-bottom:8px'>${t.from_status||'-'} → ${t.to_status||'-'} · ${t.action||'-'} · ${t.actor||'-'}<div class='muted'>${dt(t.created_at)} ${t.reason?`· ${t.reason}`:''}</div></div>`).join('')||'<p class="muted">No transitions.</p>'}<details><summary>Show raw JSON</summary><pre style='white-space:pre-wrap;overflow-wrap:anywhere;'>${JSON.stringify(s.detail,null,2)}</pre></details>`;
+function pipeline(status){const steps=['created','approved','cards_published','payment_pending','paid','erc8004','ens_provisioned','live'];return `<div class='pipeline'>${steps.map(x=>`<span class='badge ${status===x|| (x==='created')|| (status==='approved'&&x==='created')|| (status==='cards_published'&&(x==='created'||x==='approved')) ? (['payment_pending','paid','erc8004','ens_provisioned'].includes(x)?'created':x):'created'}'>${x.replaceAll('_',' ')}</span>`).join('')}</div><p class='muted'>Future steps are coming next.</p>`}
+function renderDetail(){const el=document.getElementById('detailPanel');if(!s.detail){el.innerHTML='<p class="muted">Select a claim to review.</p>';return;}const {claim,agents=[],events=[],transitions=[],cards=[]}=s.detail;const urls=cards.map(c=>c.card_url).filter(Boolean);const missing=claim.status==='cards_published'&&agents.some(a=>!a.card_url);const firstUrl=urls[0];el.innerHTML=`${s.error?`<div class='error-panel'>${s.error}</div>`:''}<h3>Claim <span class='mono'>${short(claim.claim_id,16)}</span> <button id='copyClaim' class='btn btn-muted'>Copy</button> ${badge(claim.status)}</h3><p class='muted'>Tenant: ${claim.tenant||'-'} · Wallet: <span class='mono'>${claim.authenticated_address||'-'}</span> · Pack: ${claim.pack_id||'-'} · Agents: ${agents.length} · Created: ${dt(claim.created_at)}</p><h4>Pipeline</h4>${pipeline(claim.status)}<h4>Next action</h4><div class='row'><input id='reasonInput' placeholder='Reason'><input id='notesInput' placeholder='Notes'></div><div class='row' id='actions'></div><h4>Agents</h4><div class='table-scroll'><table><thead><tr><th>ENS</th><th>Capability</th><th>Parent</th><th>Card</th><th>Actions</th></tr></thead><tbody>${agents.map(a=>`<tr><td class='mono ens-wrap'>${a.ens||'-'}</td><td>${a.capability||'-'}</td><td>${a.canonical_parent||'-'}</td><td>${a.card_status||'-'}</td><td>${a.card_url?`<a href='${a.card_url}' target='_blank'>Open</a> <button class='btn btn-muted copy-url' data-url='${a.card_url}'>Copy</button>`:'-'}</td></tr>`).join('')}</tbody></table></div>${claim.status==='payment_pending'?`<h4>Payment pending</h4><p class='muted'>Checkout has been created. Open it to complete payment.</p><p class='mono'>${claim.stripe_checkout_session_id||'-'}</p>`:''}${claim.status==='paid'?`<h4>Payment received</h4><p class='muted'>Next: ERC-8004 registration</p>`:''}${claim.status==='cards_published'?`<h4>Agent cards published</h4><p class='muted'>Founding Activation: $20 first year for 10 Trust Verification namespaces.</p><p class='muted'>${urls.length} cards${missing?' · Missing card URLs detected':''}</p>${s.checkoutUrl?`<div class='panel'><strong>Checkout created</strong><div class='row'><a class='btn btn-secondary' href='${s.checkoutUrl}' target='_blank' rel='noopener'>Open checkout</a><button id='copyCheckoutUrl' type='button' class='btn btn-secondary' data-url='${s.checkoutUrl}'>Copy checkout URL</button></div><div class='mono' style='overflow-wrap:anywhere;'>${s.checkoutUrl}</div></div>`:''}<div class='row'><button id='copyUrls' type='button' class='btn btn-secondary'>Copy all URLs</button>${firstUrl?`<button id='openFirst' type='button' class='btn btn-secondary'>Open first card</button>`:''}</div><div>${urls.map(u=>`<div class='card-url-row'><span class='mono truncate' title='${u}'>${u.split('/').pop()?.replace(/\.json$/,'')||u}</span><a href='${u}' target='_blank'>Open</a>${copyBtn(u)}</div>`).join('')}</div>${missing?`<p class='error-panel'>Some cards are missing URLs. Use Repair / Publish cards.</p>`:''}`:''}<h4>Events</h4>${events.map(e=>`<div class='panel' style='margin-bottom:8px'><strong>${e.event_type}</strong><div style='overflow-wrap:anywhere;'>${e.message||''}</div><div class='muted'>${dt(e.created_at)}</div><details><summary>metadata</summary><pre style='white-space:pre-wrap;overflow-wrap:anywhere;'>${JSON.stringify(e.event_json||{},null,2)}</pre></details></div>`).join('')||'<p class="muted">No events.</p>'}<h4>Transitions</h4>${transitions.map(t=>`<div class='panel' style='margin-bottom:8px'>${t.from_status||'-'} → ${t.to_status||'-'} · ${t.action||'-'} · ${t.actor||'-'}<div class='muted'>${dt(t.created_at)} ${t.reason?`· ${t.reason}`:''}</div></div>`).join('')||'<p class="muted">No transitions.</p>'}<details><summary>Show raw JSON</summary><pre style='white-space:pre-wrap;overflow-wrap:anywhere;'>${JSON.stringify(s.detail,null,2)}</pre></details>`;
 const a=document.getElementById('actions');const mk=(t,c,cls='btn',opts={})=>{const b=document.createElement('button');b.type='button';b.textContent=t;b.className=cls;b.disabled=Boolean(opts.disabled);if(opts.id)b.id=opts.id;b.onclick=c;a.appendChild(b);};
 if(claim.status==='created'){mk('Approve',()=>action('approve',{notes:document.getElementById('notesInput').value}),'btn btn-primary');mk('Reject',()=>action('reject',{reason:document.getElementById('reasonInput').value}),'btn btn-secondary');mk('Mark failed',()=>action('mark_failed',{reason:document.getElementById('reasonInput').value}),'btn btn-danger');}
 if(claim.status==='approved'){mk('Publish agent cards',()=>publish(),'btn btn-primary');mk('Mark failed',()=>action('mark_failed',{reason:document.getElementById('reasonInput').value}),'btn btn-danger');mk('Add note',()=>action('add_note',{notes:document.getElementById('notesInput').value,reason:document.getElementById('reasonInput').value}),'btn');}
diff --git a/tests/api-payments.test.js b/tests/api-payments.test.js
index 759ce8a..3f3a24a 100644
--- a/tests/api-payments.test.js
+++ b/tests/api-payments.test.js
@@ -24,10 +24,12 @@ function loadWebhook(mockQuery, stripeMock){
 
 const StripeMock = function(){return{checkout:{sessions:{create:async()=>({id:'cs_1',url:'https://checkout.stripe.test/cs_1'})}},webhooks:{constructEvent:()=>({})}}};
 
-test('missing STRIPE_SECRET_KEY returns STRIPE_NOT_CONFIGURED', async()=>{delete process.env.STRIPE_SECRET_KEY; process.env.ADMIN_API_KEY='k'; const h=loadCheckout(async()=>[],StripeMock); const r=makeRes(); await h({method:'POST',headers:{authorization:'Bearer k'},body:{claimId:'clm_1'}},r); assert.equal(r.body.status,'STRIPE_NOT_CONFIGURED');});
+test('missing STRIPE_SECRET_KEY returns STRIPE_NOT_CONFIGURED', async()=>{delete process.env.STRIPE_SECRET_KEY; process.env.ADMIN_API_KEY='k'; const h=loadCheckout(()=>[],()=>{const e=new Error('missing');e.code='STRIPE_NOT_CONFIGURED';throw e;}); const r=makeRes(); await h({method:'POST',headers:{authorization:'Bearer k'},body:{claimId:'clm_1'}},r); assert.equal(r.statusCode,503); assert.equal(r.body.status,'STRIPE_NOT_CONFIGURED');});
+test('pk_ STRIPE_SECRET_KEY returns STRIPE_SECRET_KEY_INVALID', async()=>{process.env.ADMIN_API_KEY='k'; const h=loadCheckout(()=>[],()=>{const e=new Error('bad');e.code='STRIPE_SECRET_KEY_INVALID';throw e;}); const r=makeRes(); await h({method:'POST',headers:{authorization:'Bearer k'},body:{claimId:'clm_1'}},r); assert.equal(r.statusCode,503); assert.equal(r.body.status,'STRIPE_SECRET_KEY_INVALID');});
 test('unauthorized admin checkout rejected', async()=>{process.env.STRIPE_SECRET_KEY='sk';process.env.ADMIN_API_KEY='k'; const h=loadCheckout(async()=>[],StripeMock); const r=makeRes(); await h({method:'POST',headers:{},body:{claimId:'clm_1'}},r); assert.equal(r.statusCode,401);});
 test('claim not cards_published rejected', async()=>{process.env.STRIPE_SECRET_KEY='sk';process.env.ADMIN_API_KEY='k'; const h=loadCheckout(async(q)=>String(q).includes('from claim_requests')?[{claim_id:'clm_1',status:'approved'}]:[],StripeMock); const r=makeRes(); await h({method:'POST',headers:{authorization:'Bearer k'},body:{claimId:'clm_1'}},r); assert.equal(r.body.status,'CLAIM_NOT_READY_FOR_PAYMENT');});
-test('cards_published claim creates checkout session + updates', async()=>{process.env.STRIPE_SECRET_KEY='sk';process.env.ADMIN_API_KEY='k'; const calls=[]; const h=loadCheckout(async(q,p)=>{calls.push(String(q)); if(String(q).includes('from claim_requests')) return [{claim_id:'clm_1',status:'cards_published',tenant:'commandlayer',pack_id:'founding'}]; return [];},StripeMock); const r=makeRes(); await h({method:'POST',headers:{authorization:'Bearer k'},body:{claimId:'clm_1'}},r); assert.equal(r.body.status,'CHECKOUT_SESSION_CREATED'); assert.ok(calls.some(c=>c.includes("set status = 'payment_pending'"))); assert.ok(calls.some(c=>c.includes('payment.checkout_created'))); assert.ok(calls.some(c=>c.includes('cards_published')&&c.includes('payment_pending')));});
+test('stripe session creation failure does not update claim status', async()=>{process.env.STRIPE_SECRET_KEY='sk';process.env.ADMIN_API_KEY='k'; const calls=[]; const h=loadCheckout(async(q)=>{calls.push(String(q)); if(String(q).includes('from claim_requests')) return [{claim_id:'clm_1',status:'cards_published',tenant:'commandlayer',pack_id:'founding'}]; return [];},function(){return{checkout:{sessions:{create:async()=>{const e=new Error('boom');e.code='api_error';throw e;}}}}}); const r=makeRes(); await h({method:'POST',headers:{authorization:'Bearer k'},body:{claimId:'clm_1'}},r); assert.equal(r.body.status,'CHECKOUT_SESSION_CREATE_FAILED'); assert.equal(calls.some(c=>c.includes("set status = 'payment_pending'")),false);});
+test('cards_published claim creates checkout and returns checkoutUrl', async()=>{process.env.STRIPE_SECRET_KEY='sk';process.env.ADMIN_API_KEY='k'; const calls=[]; const h=loadCheckout(async(q,p)=>{calls.push(String(q)); if(String(q).includes('from claim_requests')) return [{claim_id:'clm_1',status:'cards_published',tenant:'commandlayer',pack_id:'founding'}]; return [];},StripeMock); const r=makeRes(); await h({method:'POST',headers:{authorization:'Bearer k'},body:{claimId:'clm_1'}},r); assert.equal(r.body.status,'CHECKOUT_SESSION_CREATED'); assert.equal(r.body.checkoutUrl,'https://checkout.stripe.test/cs_1'); assert.ok(calls.some(c=>c.includes("set status = 'payment_pending'"))); assert.ok(calls.some(c=>c.includes('payment.checkout_created'))); assert.ok(calls.some(c=>c.includes('cards_published')&&c.includes('payment_pending')));});
 
 test('webhook invalid signature rejected', async()=>{process.env.STRIPE_SECRET_KEY='sk';process.env.STRIPE_WEBHOOK_SECRET='wh'; const Bad=function(){return{webhooks:{constructEvent:()=>{throw new Error('bad')}}}}; const h=loadWebhook(async()=>[],Bad); const r=makeRes(); await h({method:'POST',headers:{'stripe-signature':'x'},body:'{}'},r); assert.equal(r.body.status,'WEBHOOK_SIGNATURE_INVALID');});