@vellumai/assistant 0.4.13 → 0.4.15

package/src/runtime/routes/guardian-action-routes.ts

@@ -4,28 +4,29 @@
  * These endpoints let desktop clients fetch pending guardian prompts and
  * submit button decisions without relying on text parsing.
  *
- * All guardian action endpoints require a valid actor token via the
- * X-Actor-Token header (with local CLI fallback). Guardian decisions
- * additionally verify the actor is the bound guardian.
+ * All guardian action endpoints require a valid JWT bearer token.
+ * Auth is verified upstream by JWT middleware; the AuthContext is
+ * threaded through from the HTTP server layer.
+ *
+ * Guardian decisions additionally verify the actor is the bound guardian
+ * via the AuthContext's actorPrincipalId.
  */
 import {
   applyCanonicalGuardianDecision,
 } from '../../approvals/guardian-decision-primitive.js';
+import { isHttpAuthDisabled } from '../../config/env.js';
 import {
   type CanonicalGuardianRequest,
   getCanonicalGuardianRequest,
   listCanonicalGuardianRequests,
 } from '../../memory/canonical-guardian-store.js';
+import { getActiveBinding } from '../../memory/guardian-bindings.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
+import type { AuthContext } from '../auth/types.js';
 import type { ApprovalAction } from '../channel-approval-types.js';
 import type { GuardianDecisionPrompt } from '../guardian-decision-types.js';
 import { buildDecisionActions } from '../guardian-decision-types.js';
 import { httpError } from '../http-errors.js';
-import {
-  isActorBoundGuardian,
-  isLocalFallbackBoundGuardian,
-  type ServerWithRequestIP,
-  verifyHttpActorTokenWithLocalFallback,
-} from '../middleware/actor-token.js';
 
 // ---------------------------------------------------------------------------
 // GET /v1/guardian-actions/pending?conversationId=...
@@ -33,23 +34,13 @@ import {
 
 /**
  * List pending guardian decision prompts for a conversation.
- * Requires a valid actor token.
+ * Auth is verified upstream by JWT middleware.
  *
  * Returns guardian approval requests (from the channel guardian store) that
  * are still pending, mapped to the GuardianDecisionPrompt shape so clients
  * can render structured button UIs.
  */
-export function handleGuardianActionsPending(req: Request, server: ServerWithRequestIP): Response {
-  const tokenResult = verifyHttpActorTokenWithLocalFallback(req, server);
-  if (!tokenResult.ok) {
-    return httpError(
-      tokenResult.status === 401 ? 'UNAUTHORIZED' : 'FORBIDDEN',
-      tokenResult.message,
-      tokenResult.status,
-    );
-  }
-
-  const url = new URL(req.url);
+export function handleGuardianActionsPending(url: URL, _authContext: AuthContext): Response {
   const conversationId = url.searchParams.get('conversationId');
 
   if (!conversationId) {
@@ -64,29 +55,41 @@ export function handleGuardianActionsPending(req: Request, server: ServerWithReq
 // POST /v1/guardian-actions/decision
 // ---------------------------------------------------------------------------
 
+/**
+ * Verify that the actor from AuthContext is the bound guardian for the
+ * vellum channel. Returns an error Response if not, or null if allowed.
+ */
+function requireBoundGuardian(authContext: AuthContext): Response | null {
+  // Dev bypass: when auth is disabled, skip guardian binding check
+  // (mirrors enforcePolicy dev bypass in route-policy.ts)
+  if (isHttpAuthDisabled()) {
+    return null;
+  }
+  if (!authContext.actorPrincipalId) {
+    return httpError('FORBIDDEN', 'Actor is not the bound guardian for this channel', 403);
+  }
+  const binding = getActiveBinding(DAEMON_INTERNAL_ASSISTANT_ID, 'vellum');
+  if (!binding) {
+    // No binding yet -- in pre-bootstrap state, allow through
+    return null;
+  }
+  if (binding.guardianExternalUserId !== authContext.actorPrincipalId) {
+    return httpError('FORBIDDEN', 'Actor is not the bound guardian for this channel', 403);
+  }
+  return null;
+}
+
 /**
  * Submit a guardian action decision.
- * Requires a valid actor token for a bound guardian.
+ * Requires AuthContext with a bound guardian actor.
  *
  * Routes all decisions through the unified canonical guardian decision
  * primitive which handles CAS resolution, resolver dispatch, and grant
  * minting.
  */
-export async function handleGuardianActionDecision(req: Request, server: ServerWithRequestIP): Promise<Response> {
-  const tokenResult = verifyHttpActorTokenWithLocalFallback(req, server);
-  if (!tokenResult.ok) {
-    return httpError(
-      tokenResult.status === 401 ? 'UNAUTHORIZED' : 'FORBIDDEN',
-      tokenResult.message,
-      tokenResult.status,
-    );
-  }
-  const isBoundGuardian = tokenResult.claims
-    ? isActorBoundGuardian(tokenResult.claims)
-    : isLocalFallbackBoundGuardian();
-  if (!isBoundGuardian) {
-    return httpError('FORBIDDEN', 'Actor is not the bound guardian for this channel', 403);
-  }
+export async function handleGuardianActionDecision(req: Request, authContext: AuthContext): Promise<Response> {
+  const guardianError = requireBoundGuardian(authContext);
+  if (guardianError) return guardianError;
 
   const body = await req.json() as {
     requestId?: string;
@@ -104,9 +107,9 @@ export async function handleGuardianActionDecision(req: Request, server: ServerW
     return httpError('BAD_REQUEST', 'action is required', 400);
   }
 
-  const VALID_ACTIONS = new Set<string>(['approve_once', 'approve_always', 'reject']);
+  const VALID_ACTIONS = new Set<string>(['approve_once', 'approve_10m', 'approve_thread', 'approve_always', 'reject']);
   if (!VALID_ACTIONS.has(action)) {
-    return httpError('BAD_REQUEST', `Invalid action: ${action}. Must be one of: approve_once, approve_always, reject`, 400);
+    return httpError('BAD_REQUEST', `Invalid action: ${action}. Must be one of: approve_once, approve_10m, approve_thread, approve_always, reject`, 400);
   }
 
   // Verify conversationId scoping before applying the canonical decision.
@@ -118,17 +121,9 @@ export async function handleGuardianActionDecision(req: Request, server: ServerW
     }
   }
 
-  // Resolve the actor's external user ID: from the token claims if present,
-  // otherwise from the vellum guardian binding (local fallback).
-  const actorExternalUserId = tokenResult.claims
-    ? tokenResult.claims.guardianPrincipalId
-    : tokenResult.guardianContext.guardianExternalUserId;
-
-  // Resolve the actor's principal ID: from the token claims if present,
-  // otherwise from the vellum guardian binding (local fallback).
-  const actorPrincipalId = tokenResult.claims
-    ? tokenResult.claims.guardianPrincipalId
-    : tokenResult.guardianContext.guardianPrincipalId ?? undefined;
+  // Resolve actor identity from the AuthContext (set by JWT middleware).
+  const actorExternalUserId = authContext.actorPrincipalId ?? undefined;
+  const actorPrincipalId = authContext.actorPrincipalId ?? undefined;
 
   const canonicalResult = await applyCanonicalGuardianDecision({
     requestId,
@@ -223,7 +218,7 @@ function mapCanonicalRequestToPrompt(
     ?? (req.toolName ? `Approve tool: ${req.toolName}` : `Guardian request: ${req.kind}`);
 
   // pending_question requests are typically voice-originated and need
-  // approve/reject only (no approve_always — guardian-on-behalf invariant).
+  // approve/reject only (no approve_always -- guardian-on-behalf invariant).
   const actions = buildDecisionActions({ forGuardianOnBehalf: true });
 
   const expiresAt = req.expiresAt

package/src/runtime/routes/guardian-approval-interception.ts

@@ -18,6 +18,7 @@ import { runApprovalConversationTurn } from '../approval-conversation-turn.js';
 import { composeApprovalMessageGenerative } from '../approval-message-composer.js';
 import { parseApprovalDecision } from '../channel-approval-parser.js';
 import type {
+  ApprovalAction,
   ApprovalDecisionResult,
 } from '../channel-approval-types.js';
 import {
@@ -275,12 +276,12 @@ export async function handleApprovalInterception(
         }
 
         // Decision-bearing disposition from the engine
-        let decisionAction = engineResult.disposition as 'approve_once' | 'approve_always' | 'reject';
+        let decisionAction = engineResult.disposition as ApprovalAction;
 
-        // Belt-and-suspenders: guardians cannot approve_always even if the
-        // engine returns it (the engine's allowedActions validation should
+        // Belt-and-suspenders: guardians cannot use broad allow modes even if
+        // the engine returns them (the engine's allowedActions validation should
         // already prevent this, but enforce it here too).
-        if (decisionAction === 'approve_always') {
+        if (decisionAction === 'approve_always' || decisionAction === 'approve_10m' || decisionAction === 'approve_thread') {
           decisionAction = 'approve_once';
         }
 
@@ -838,7 +839,7 @@ export async function handleApprovalInterception(
     }
 
     // Decision-bearing disposition — map to ApprovalDecisionResult and apply
-    const decisionAction = engineResult.disposition as 'approve_once' | 'approve_always' | 'reject';
+    const decisionAction = engineResult.disposition as ApprovalAction;
     const engineDecision: ApprovalDecisionResult = {
       action: decisionAction,
       source: 'plain_text',

package/src/runtime/routes/guardian-bootstrap-routes.ts

@@ -3,10 +3,10 @@
  *
  * Idempotent bootstrap endpoint for the vellum guardian channel.
  * Creates or confirms a guardianPrincipalId and channel='vellum'
- * guardian binding, then mints and returns an actor token bound
- * to (assistantId, guardianPrincipalId, deviceId).
+ * guardian binding, then mints and returns a JWT access token bound
+ * to (assistantId, guardianPrincipalId) with a paired refresh token.
  *
- * Only the hashed token is persisted.
+ * Only the hashed tokens are persisted.
  */
 
 import { createHash } from 'node:crypto';
@@ -18,10 +18,14 @@ import {
   getActiveBinding,
 } from '../../memory/guardian-bindings.js';
 import { getLogger } from '../../util/logger.js';
-import { mintCredentialPair } from '../actor-refresh-token-service.js';
 import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
+import { mintCredentialPair } from '../auth/credential-service.js';
 import { httpError } from '../http-errors.js';
-import type { ServerWithRequestIP } from '../middleware/actor-token.js';
+
+/** Bun server shape needed for requestIP -- avoids importing the full Bun type. */
+type ServerWithRequestIP = {
+  requestIP(req: Request): { address: string; family: string; port: number } | null;
+};
 
 const log = getLogger('guardian-bootstrap');
 
@@ -68,7 +72,7 @@ const LOOPBACK_ADDRESSES = new Set(['127.0.0.1', '::1', '::ffff:127.0.0.1']);
  * Handle POST /v1/integrations/guardian/vellum/bootstrap
  *
  * Body: { platform: 'macos', deviceId: string }
- * Returns: { guardianPrincipalId, actorToken, isNew }
+ * Returns: { guardianPrincipalId, accessToken, isNew }
  *
  * This endpoint is loopback-only (macOS local use only). iOS devices
  * obtain actor tokens exclusively through the QR pairing flow.
@@ -118,8 +122,8 @@ export async function handleGuardianBootstrap(req: Request, server: ServerWithRe
 
     return Response.json({
       guardianPrincipalId,
-      actorToken: credentials.actorToken,
-      actorTokenExpiresAt: credentials.actorTokenExpiresAt,
+      accessToken: credentials.accessToken,
+      accessTokenExpiresAt: credentials.accessTokenExpiresAt,
       refreshToken: credentials.refreshToken,
       refreshTokenExpiresAt: credentials.refreshTokenExpiresAt,
       refreshAfter: credentials.refreshAfter,

package/src/runtime/routes/guardian-refresh-routes.ts

@@ -6,7 +6,7 @@
  */
 
 import { getLogger } from '../../util/logger.js';
-import { rotateCredentials } from '../actor-refresh-token-service.js';
+import { rotateCredentials } from '../auth/credential-service.js';
 import { httpError } from '../http-errors.js';
 
 const log = getLogger('guardian-refresh');
@@ -15,7 +15,7 @@ const log = getLogger('guardian-refresh');
  * Handle POST /v1/integrations/guardian/vellum/refresh
  *
  * Body: { platform: 'ios' | 'macos', deviceId: string, refreshToken: string }
- * Returns: { guardianPrincipalId, actorToken, actorTokenExpiresAt, refreshToken, refreshTokenExpiresAt, refreshAfter }
+ * Returns: { guardianPrincipalId, accessToken, accessTokenExpiresAt, refreshToken, refreshTokenExpiresAt, refreshAfter }
  */
 export async function handleGuardianRefresh(req: Request): Promise<Response> {
   try {

package/src/runtime/routes/inbound-message-handler.ts

@@ -26,9 +26,9 @@ import { checkIngressForSecrets } from '../../security/secret-ingress.js';
 import { canonicalizeInboundIdentity } from '../../util/canonicalize-identity.js';
 import { IngressBlockedError } from '../../util/errors.js';
 import { getLogger } from '../../util/logger.js';
-import { readHttpToken } from '../../util/platform.js';
 import { notifyGuardianOfAccessRequest } from '../access-request-helper.js';
 import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
+import { mintDaemonDeliveryToken } from '../auth/token-service.js';
 import {
   buildApprovalUIMetadata,
   getApprovalInfoByConversation,
@@ -70,7 +70,6 @@ import {
   GUARDIAN_APPROVAL_TTL_MS,
   type GuardianContext,
   stripVerificationFailurePrefix,
-  verifyGatewayOrigin,
 } from './channel-route-shared.js';
 import { handleApprovalInterception } from './guardian-approval-interception.js';
 import { deliverGeneratedApprovalPrompt } from './guardian-approval-prompt.js';
@@ -96,24 +95,22 @@ function parseGuardianVerifyCode(content: string): string | undefined {
 export async function handleChannelInbound(
   req: Request,
   processMessage?: MessageProcessor,
-  bearerToken?: string,
   assistantId: string = DAEMON_INTERNAL_ASSISTANT_ID,
-  gatewayOriginSecret?: string,
   approvalCopyGenerator?: ApprovalCopyGenerator,
   approvalConversationGenerator?: ApprovalConversationGenerator,
   _guardianActionCopyGenerator?: GuardianActionCopyGenerator,
   _guardianFollowUpConversationGenerator?: GuardianFollowUpConversationGenerator,
 ): Promise<Response> {
-  // Reject requests that lack valid gateway-origin proof. This ensures
-  // channel inbound messages can only arrive via the gateway (which
-  // performs webhook-level verification) and not via direct HTTP calls.
-  if (!verifyGatewayOrigin(req, bearerToken, gatewayOriginSecret)) {
-    log.warn('Rejected channel inbound request: missing or invalid gateway-origin proof');
-    return Response.json(
-      { error: 'Forbidden: missing gateway-origin proof', code: 'GATEWAY_ORIGIN_REQUIRED' },
-      { status: 403 },
-    );
-  }
+  // Gateway-origin proof is enforced by route-policy middleware (svc_gateway
+  // principal type required) before this handler runs. The exchange JWT
+  // itself proves gateway origin.
+
+  // Factory that mints a fresh short-lived JWT for each daemon-to-gateway
+  // delivery callback. The JWT has a 60-second TTL, so long-running
+  // background operations (typing heartbeats, approval watchers, reply
+  // delivery) must call this at each delivery attempt rather than reusing
+  // a single token from request start.
+  const mintBearerToken = (): string => mintDaemonDeliveryToken();
 
   const body = await req.json() as {
     sourceChannel?: string;
@@ -308,7 +305,7 @@ export async function handleChannelInbound(
           senderName: body.actorDisplayName,
           senderUsername: body.actorUsername,
           replyCallbackUrl: body.replyCallbackUrl,
-          bearerToken,
+          bearerToken: mintBearerToken(),
           assistantId,
           canonicalAssistantId,
         });
@@ -345,7 +342,7 @@ export async function handleChannelInbound(
               chatId: conversationExternalId,
               text: replyText,
               assistantId,
-            }, bearerToken);
+            }, mintBearerToken());
           } catch (err) {
             log.error({ err, conversationExternalId }, 'Failed to deliver ACL rejection reply');
           }
@@ -394,7 +391,7 @@ export async function handleChannelInbound(
             senderName: body.actorDisplayName,
             senderUsername: body.actorUsername,
             replyCallbackUrl: body.replyCallbackUrl,
-            bearerToken,
+            bearerToken: mintBearerToken(),
             assistantId,
             canonicalAssistantId,
           });
@@ -434,7 +431,7 @@ export async function handleChannelInbound(
                 chatId: conversationExternalId,
                 text: replyText,
                 assistantId,
-              }, bearerToken);
+              }, mintBearerToken());
             } catch (err) {
               log.error({ err, conversationExternalId }, 'Failed to deliver ACL rejection reply');
             }
@@ -451,7 +448,7 @@ export async function handleChannelInbound(
               chatId: conversationExternalId,
               text: "Sorry, you haven't been approved to message this assistant.",
               assistantId,
-            }, bearerToken);
+            }, mintBearerToken());
           } catch (err) {
             log.error({ err, conversationExternalId }, 'Failed to deliver ACL rejection reply');
           }
@@ -567,7 +564,7 @@ export async function handleChannelInbound(
           chatId: pendingReply.chatId,
           text: pendingReply.text,
           assistantId: pendingReply.assistantId,
-        }, bearerToken);
+        }, mintBearerToken());
         channelDeliveryStore.clearPendingVerificationReply(result.eventId);
         log.info({ eventId: result.eventId }, 'Retried pending verification reply: delivered');
       } catch (retryErr) {
@@ -864,7 +861,7 @@ export async function handleChannelInbound(
           chatId: conversationExternalId,
           text: replyText,
           assistantId,
-        }, bearerToken);
+        }, mintBearerToken());
       } catch (err) {
         // The challenge is already consumed and side effects applied, so
         // we cannot simply re-throw and let the gateway retry the full
@@ -887,7 +884,7 @@ export async function handleChannelInbound(
               chatId: conversationExternalId,
               text: replyText,
               assistantId,
-            }, bearerToken);
+            }, mintBearerToken());
             log.info({ eventId: result.eventId }, 'Verification reply delivered on self-retry');
             channelDeliveryStore.clearPendingVerificationReply(result.eventId);
           } catch (retryErr) {
@@ -992,7 +989,7 @@ export async function handleChannelInbound(
         replyCallbackUrl,
         guardianChatId: conversationExternalId,
         assistantId: canonicalAssistantId,
-        bearerToken,
+        bearerToken: mintBearerToken(),
       },
     });
 
@@ -1004,7 +1001,7 @@ export async function handleChannelInbound(
             chatId: conversationExternalId,
             text: routerResult.replyText,
             assistantId: canonicalAssistantId,
-          }, bearerToken);
+          }, mintBearerToken());
         } catch (err) {
           log.error({ err, conversationExternalId }, 'Failed to deliver canonical router reply');
         }
@@ -1042,7 +1039,7 @@ export async function handleChannelInbound(
       sourceChannel,
       actorExternalId: canonicalSenderId ?? rawSenderId,
       replyCallbackUrl,
-      bearerToken,
+      bearerToken: mintBearerToken(),
       guardianCtx,
       assistantId: canonicalAssistantId,
       approvalCopyGenerator,
@@ -1200,7 +1197,7 @@ export async function handleChannelInbound(
       commandIntent,
       sourceLanguageCode,
       replyCallbackUrl,
-      bearerToken,
+      mintBearerToken,
       assistantId: canonicalAssistantId,
       approvalCopyGenerator,
     });
@@ -1348,7 +1345,8 @@ interface BackgroundProcessingParams {
   metadataHints: string[];
   metadataUxBrief?: string;
   replyCallbackUrl?: string;
-  bearerToken?: string;
+  /** Factory that mints a fresh delivery JWT for each HTTP attempt. */
+  mintBearerToken: () => string;
   assistantId?: string;
   approvalCopyGenerator?: ApprovalCopyGenerator;
   commandIntent?: Record<string, unknown>;
@@ -1384,7 +1382,7 @@ function shouldEmitTelegramTyping(
 function startTelegramTypingHeartbeat(
   callbackUrl: string,
   chatId: string,
-  bearerToken?: string,
+  mintBearerToken: () => string,
   assistantId?: string,
 ): () => void {
   let active = true;
@@ -1396,7 +1394,7 @@ function startTelegramTypingHeartbeat(
     void deliverChannelReply(
       callbackUrl,
       { chatId, chatAction: 'typing', assistantId },
-      bearerToken,
+      mintBearerToken(),
     ).catch((err) => {
       log.debug({ err, chatId }, 'Failed to deliver Telegram typing indicator');
     }).finally(() => {
@@ -1423,7 +1421,7 @@ function startPendingApprovalPromptWatcher(params: {
   guardianExternalUserId?: string;
   requesterExternalUserId?: string;
   replyCallbackUrl: string;
-  bearerToken?: string;
+  mintBearerToken: () => string;
   assistantId?: string;
   approvalCopyGenerator?: ApprovalCopyGenerator;
 }): () => void {
@@ -1435,7 +1433,7 @@ function startPendingApprovalPromptWatcher(params: {
     guardianExternalUserId,
     requesterExternalUserId,
     replyCallbackUrl,
-    bearerToken,
+    mintBearerToken,
     assistantId,
     approvalCopyGenerator,
   } = params;
@@ -1467,7 +1465,7 @@ function startPendingApprovalPromptWatcher(params: {
             chatId: externalChatId,
             sourceChannel,
             assistantId: assistantId ?? DAEMON_INTERNAL_ASSISTANT_ID,
-            bearerToken,
+            bearerToken: mintBearerToken(),
             prompt,
             uiMetadata: buildApprovalUIMetadata(prompt, info),
             messageContext: {
@@ -1535,7 +1533,7 @@ function startTrustedContactApprovalNotifier(params: {
   guardianTrustClass: GuardianContext['trustClass'];
   guardianExternalUserId?: string;
   replyCallbackUrl: string;
-  bearerToken?: string;
+  mintBearerToken: () => string;
   assistantId?: string;
 }): () => void {
   const {
@@ -1545,7 +1543,7 @@ function startTrustedContactApprovalNotifier(params: {
     guardianTrustClass,
     guardianExternalUserId,
     replyCallbackUrl,
-    bearerToken,
+    mintBearerToken,
     assistantId,
   } = params;
 
@@ -1588,7 +1586,7 @@ function startTrustedContactApprovalNotifier(params: {
               chatId: externalChatId,
               text: waitingText,
               assistantId: assistantId ?? DAEMON_INTERNAL_ASSISTANT_ID,
-            }, bearerToken);
+            }, mintBearerToken());
           } catch (err) {
             log.warn({ err, conversationId }, 'Failed to deliver trusted-contact pending-approval notification');
             // Remove from notified set so delivery is retried on next poll
@@ -1630,7 +1628,7 @@ function processChannelMessageInBackground(params: BackgroundProcessingParams):
     metadataHints,
     metadataUxBrief,
     replyCallbackUrl,
-    bearerToken,
+    mintBearerToken,
     assistantId,
     approvalCopyGenerator,
     commandIntent,
@@ -1642,7 +1640,7 @@ function processChannelMessageInBackground(params: BackgroundProcessingParams):
       ? replyCallbackUrl
       : undefined;
     const stopTypingHeartbeat = typingCallbackUrl
-      ? startTelegramTypingHeartbeat(typingCallbackUrl, externalChatId, bearerToken, assistantId)
+      ? startTelegramTypingHeartbeat(typingCallbackUrl, externalChatId, mintBearerToken, assistantId)
       : undefined;
     const stopApprovalWatcher = replyCallbackUrl
       ? startPendingApprovalPromptWatcher({
@@ -1653,7 +1651,7 @@ function processChannelMessageInBackground(params: BackgroundProcessingParams):
         guardianExternalUserId: guardianCtx.guardianExternalUserId,
         requesterExternalUserId: guardianCtx.requesterExternalUserId,
         replyCallbackUrl,
-        bearerToken,
+        mintBearerToken,
         assistantId,
         approvalCopyGenerator,
       })
@@ -1666,7 +1664,7 @@ function processChannelMessageInBackground(params: BackgroundProcessingParams):
         guardianTrustClass: guardianCtx.trustClass,
         guardianExternalUserId: guardianCtx.guardianExternalUserId,
         replyCallbackUrl,
-        bearerToken,
+        mintBearerToken,
         assistantId,
       })
       : undefined;
@@ -1701,7 +1699,7 @@ function processChannelMessageInBackground(params: BackgroundProcessingParams):
           conversationId,
           externalChatId,
           replyCallbackUrl,
-          bearerToken,
+          mintBearerToken(),
           assistantId,
           {
             onSegmentDelivered: (count) =>
@@ -1735,11 +1733,7 @@ function deliverBootstrapVerificationTelegram(
 ): void {
   const attemptDelivery = async (): Promise<boolean> => {
     const gatewayUrl = getGatewayInternalBaseUrl();
-    const bearerToken = readHttpToken();
-    if (!bearerToken) {
-      log.error('Cannot deliver bootstrap verification Telegram message: no runtime HTTP token available');
-      return false;
-    }
+    const bearerToken = mintDaemonDeliveryToken();
     const url = `${gatewayUrl}/deliver/telegram`;
     const resp = await fetch(url, {
       method: 'POST',

package/src/runtime/routes/pairing-routes.ts

@@ -10,16 +10,16 @@ import {
 import type { ServerMessage } from '../../daemon/ipc-contract.js';
 import { PairingStore } from '../../daemon/pairing-store.js';
 import { getLogger } from '../../util/logger.js';
-import { mintCredentialPair } from '../actor-refresh-token-service.js';
 import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
+import { mintCredentialPair } from '../auth/credential-service.js';
 import { ensureVellumGuardianBinding } from '../guardian-vellum-migration.js';
 import { httpError } from '../http-errors.js';
 
 const log = getLogger('runtime-http');
 
 interface PairingCredentials {
-  actorToken: string;
-  actorTokenExpiresAt: number;
+  accessToken: string;
+  accessTokenExpiresAt: number;
   refreshToken: string;
   refreshTokenExpiresAt: number;
   refreshAfter: number;
@@ -50,8 +50,8 @@ function mintPairingCredentials(deviceId: string, platform: string): PairingCred
 
     log.info({ assistantId, platform }, 'Minted credentials during pairing');
     return {
-      actorToken: credentials.actorToken,
-      actorTokenExpiresAt: credentials.actorTokenExpiresAt,
+      accessToken: credentials.accessToken,
+      accessTokenExpiresAt: credentials.accessTokenExpiresAt,
       refreshToken: credentials.refreshToken,
       refreshTokenExpiresAt: credentials.refreshTokenExpiresAt,
       refreshAfter: credentials.refreshAfter,
@@ -213,8 +213,8 @@ export async function handlePairingRequest(req: Request, ctx: PairingHandlerCont
         localLanUrl: entry.localLanUrl,
         ...(ctx.featureFlagToken ? { featureFlagToken: ctx.featureFlagToken } : {}),
         ...(credentials ? {
-          actorToken: credentials.actorToken,
-          actorTokenExpiresAt: credentials.actorTokenExpiresAt,
+          accessToken: credentials.accessToken,
+          accessTokenExpiresAt: credentials.accessTokenExpiresAt,
           refreshToken: credentials.refreshToken,
           refreshTokenExpiresAt: credentials.refreshTokenExpiresAt,
           refreshAfter: credentials.refreshAfter,
@@ -312,8 +312,8 @@ export function handlePairingStatus(url: URL, ctx: PairingHandlerContext): Respo
       localLanUrl: entry.localLanUrl,
       ...(ctx.featureFlagToken ? { featureFlagToken: ctx.featureFlagToken } : {}),
       ...(credentialEntry ? {
-        actorToken: credentialEntry.credentials.actorToken,
-        actorTokenExpiresAt: credentialEntry.credentials.actorTokenExpiresAt,
+        accessToken: credentialEntry.credentials.accessToken,
+        accessTokenExpiresAt: credentialEntry.credentials.accessTokenExpiresAt,
         refreshToken: credentialEntry.credentials.refreshToken,
         refreshTokenExpiresAt: credentialEntry.credentials.refreshTokenExpiresAt,
         refreshAfter: credentialEntry.credentials.refreshAfter,