@vellumai/assistant 0.4.18 → 0.4.19

package/docs/runbook-trusted-contacts.md

@@ -5,11 +5,13 @@ Operational procedures for inspecting, managing, and debugging the trusted conta
 ## Prerequisites
 
 ```bash
-# Read the bearer token
-TOKEN=$(cat ~/.vellum/http-token)
-
 # Base URL (adjust if using a non-default port)
 BASE=http://localhost:7830
+
+# Bearer token: if running via the assistant's shell tools, $GATEWAY_AUTH_TOKEN
+# is injected automatically. For manual operator use, mint a token via the CLI
+# or use one from the daemon (e.g. from a recent shell env export).
+TOKEN=$GATEWAY_AUTH_TOKEN
 ```
 
 ## 1. Inspect Trusted Contacts (Members)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/assistant",
-  "version": "0.4.18",
+  "version": "0.4.19",
   "type": "module",
   "bin": {
     "vellum": "./src/index.ts"

package/src/__tests__/channel-approvals.test.ts

@@ -132,9 +132,11 @@ describe("getChannelApprovalPrompt", () => {
     const result = getChannelApprovalPrompt("conv-1");
     expect(result).not.toBeNull();
     expect(result!.promptText).toContain("shell");
-    expect(result!.actions).toHaveLength(3);
+    expect(result!.actions).toHaveLength(5);
     expect(result!.actions.map((a) => a.id)).toEqual([
       "approve_once",
+      "approve_10m",
+      "approve_thread",
       "approve_always",
       "reject",
     ]);
@@ -174,6 +176,8 @@ describe("getChannelApprovalPrompt", () => {
     expect(result).not.toBeNull();
     expect(result!.actions.map((a) => a.id)).toEqual([
       "approve_once",
+      "approve_10m",
+      "approve_thread",
       "approve_always",
       "reject",
     ]);
@@ -189,6 +193,8 @@ describe("getChannelApprovalPrompt", () => {
     expect(result).not.toBeNull();
     expect(result!.actions.map((a) => a.id)).toEqual([
       "approve_once",
+      "approve_10m",
+      "approve_thread",
       "approve_always",
       "reject",
     ]);

package/src/__tests__/conversation-routes-guardian-reply.test.ts

@@ -79,6 +79,14 @@ mock.module("../runtime/local-actor-identity.js", () => ({
   }),
 }));
 
+mock.module("../runtime/guardian-context-resolver.js", () => ({
+  resolveGuardianContext: () => ({
+    trustClass: "guardian",
+    sourceChannel: "vellum",
+  }),
+  toGuardianRuntimeContext: (ctx: unknown) => ctx,
+}));
+
 import type { AuthContext } from "../runtime/auth/types.js";
 import { handleSendMessage } from "../runtime/routes/conversation-routes.js";
 

package/src/__tests__/daemon-server-session-init.test.ts

@@ -131,6 +131,8 @@ class MockSession {
     this.guardianContext = ctx;
   }
 
+  setAuthContext(): void {}
+
   setChannelCapabilities(): void {}
 
   setCommandIntent(): void {}

package/src/__tests__/gmail-integration.test.ts

@@ -11,6 +11,13 @@ const toolsManifestPath = resolve(
   "../config/bundled-skills/messaging/TOOLS.json",
 );
 const toolsManifest = JSON.parse(readFileSync(toolsManifestPath, "utf-8"));
+const slackToolsManifestPath = resolve(
+  __dirname,
+  "../config/bundled-skills/slack/TOOLS.json",
+);
+const slackToolsManifest = JSON.parse(
+  readFileSync(slackToolsManifestPath, "utf-8"),
+);
 
 describe("Messaging tool contract", () => {
   const expectedGmailToolNames = [
@@ -70,19 +77,21 @@ describe("Messaging tool contract", () => {
   });
 
   test("TOOLS.json manifest contains all expected slack_* tool names", () => {
-    const manifestToolNames: string[] = toolsManifest.tools.map(
+    const slackToolNames: string[] = slackToolsManifest.tools.map(
       (t: { name: string }) => t.name,
     );
     for (const name of expectedSlackToolNames) {
-      expect(manifestToolNames).toContain(name);
+      expect(slackToolNames).toContain(name);
     }
   });
 
-  test("TOOLS.json manifest contains at least the expected number of tools", () => {
+  test("TOOLS.json manifests contain at least the expected number of tools", () => {
     const expectedMinimum =
       expectedGmailToolNames.length +
       expectedMessagingToolNames.length +
       expectedSlackToolNames.length;
-    expect(toolsManifest.tools.length).toBeGreaterThanOrEqual(expectedMinimum);
+    const totalTools =
+      toolsManifest.tools.length + slackToolsManifest.tools.length;
+    expect(totalTools).toBeGreaterThanOrEqual(expectedMinimum);
   });
 });

package/src/__tests__/handle-user-message-secret-resume.test.ts

@@ -1,7 +1,12 @@
 import * as net from "node:net";
 import { describe, expect, mock, test } from "bun:test";
 
-mock.module("../config/env.js", () => ({ isHttpAuthDisabled: () => true }));
+const actualEnv = await import("../config/env.js");
+mock.module("../config/env.js", () => ({
+  ...actualEnv,
+  isHttpAuthDisabled: () => true,
+  isMonitoringEnabled: () => false,
+}));
 
 const { handleUserMessage } = await import("../daemon/handlers/sessions.js");
 
@@ -47,6 +52,7 @@ describe("handleUserMessage secret redirect continuation", () => {
       setAssistantId: () => {},
       setChannelCapabilities: () => {},
       setGuardianContext: () => {},
+      setAuthContext: () => {},
       setCommandIntent: () => {},
       updateClient: () => {},
       emitActivityState: () => {},

package/src/__tests__/handlers-user-message-approval-consumption.test.ts

@@ -116,6 +116,7 @@ interface TestSession {
   setTurnInterfaceContext: (ctx: unknown) => void;
   setAssistantId: (assistantId: string) => void;
   setGuardianContext: (ctx: unknown) => void;
+  setAuthContext: (ctx: unknown) => void;
   setCommandIntent: (intent: unknown) => void;
   updateClient: (
     sendToClient: (msg: ServerMessage) => void,
@@ -180,6 +181,7 @@ function makeSession(overrides: Partial<TestSession> = {}): TestSession {
     setTurnInterfaceContext: () => {},
     setAssistantId: () => {},
     setGuardianContext: () => {},
+    setAuthContext: () => {},
     setCommandIntent: () => {},
     updateClient: () => {},
     emitActivityState: () => {},

package/src/__tests__/ingress-reconcile.test.ts

@@ -66,6 +66,13 @@ mock.module("../providers/registry.js", () => ({
   initializeProviders: () => {},
 }));
 
+// Mock token service — triggerGatewayReconcile now uses mintDaemonDeliveryToken
+// instead of readHttpToken for the Bearer token.
+let mintedToken: string | null = null;
+mock.module("../runtime/auth/token-service.js", () => ({
+  mintDaemonDeliveryToken: () => mintedToken ?? "test-delivery-token",
+}));
+
 import { handleIngressConfig } from "../daemon/handlers/config.js";
 import type { HandlerContext } from "../daemon/handlers/shared.js";
 import type {
@@ -121,6 +128,7 @@ describe("Ingress reconcile trigger in handleIngressConfig", () => {
   beforeEach(() => {
     rawConfigStore = {};
     httpTokenValue = null;
+    mintedToken = null;
     reconcileCalls = [];
     fetchShouldFail = false;
 
@@ -186,7 +194,7 @@ describe("Ingress reconcile trigger in handleIngressConfig", () => {
 
   // ── Token present/missing behavior ──────────────────────────────────────
 
-  test("skips reconcile trigger when no HTTP bearer token is available", async () => {
+  test("always triggers reconcile even when readHttpToken returns null (uses mintDaemonDeliveryToken)", async () => {
     httpTokenValue = null;
 
     const msg: IngressConfigRequest = {
@@ -206,12 +214,12 @@ describe("Ingress reconcile trigger in handleIngressConfig", () => {
     const res = sent[0] as { type: string; success: boolean };
     expect(res.success).toBe(true);
 
-    // No reconcile call should have been made
-    expect(reconcileCalls).toHaveLength(0);
+    // Reconcile is always triggered using mintDaemonDeliveryToken
+    expect(reconcileCalls).toHaveLength(1);
   });
 
-  test("triggers reconcile when HTTP bearer token is available", async () => {
-    httpTokenValue = "test-bearer-token";
+  test("triggers reconcile with mintDaemonDeliveryToken bearer token", async () => {
+    mintedToken = "test-bearer-token";
 
     const msg: IngressConfigRequest = {
       type: "ingress_config",

package/src/__tests__/mcp-cli.test.ts

@@ -144,7 +144,7 @@ describe("vellum mcp list", () => {
     expect(stdout).toContain("stdio");
     expect(stdout).toContain("npx -y some-mcp-server");
     expect(stdout).toContain("low");
-  });
+  }, 15_000);
 
   test("--json outputs valid JSON", () => {
     writeConfig({

package/src/__tests__/recording-intent-handler.test.ts

@@ -1,7 +1,12 @@
 import * as net from "node:net";
 import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
 
-mock.module("../config/env.js", () => ({ isHttpAuthDisabled: () => true }));
+const actualEnv = await import("../config/env.js");
+mock.module("../config/env.js", () => ({
+  ...actualEnv,
+  isHttpAuthDisabled: () => true,
+  isMonitoringEnabled: () => false,
+}));
 
 // ─── Mocks (must be before any imports that depend on them) ─────────────────
 
@@ -351,7 +356,9 @@ mock.module("../subagent/index.js", () => ({
 
 // ── Mock IPC protocol helpers ──────────────────────────────────────────────
 
+const actualIpcProtocol = await import("../daemon/ipc-protocol.js");
 mock.module("../daemon/ipc-protocol.js", () => ({
+  ...actualIpcProtocol,
   normalizeThreadType: (t: string) => t ?? "primary",
 }));
 
@@ -414,6 +421,7 @@ function createCtx(overrides?: Partial<HandlerContext>): {
     setAssistantId: noop,
     setChannelCapabilities: noop,
     setGuardianContext: noop,
+    setAuthContext: noop,
     setCommandIntent: noop,
     updateClient: noop,
     processMessage: async () => {},

package/src/__tests__/send-endpoint-busy.test.ts

@@ -108,6 +108,7 @@ function makeCompletingSession(): Session {
     setChannelCapabilities: () => {},
     setAssistantId: () => {},
     setGuardianContext: () => {},
+    setAuthContext: () => {},
     setCommandIntent: () => {},
     setTurnChannelContext: () => {},
     setTurnInterfaceContext: () => {},
@@ -160,6 +161,7 @@ function makeHangingSession(): Session {
     setChannelCapabilities: () => {},
     setAssistantId: () => {},
     setGuardianContext: () => {},
+    setAuthContext: () => {},
     setCommandIntent: () => {},
     setTurnChannelContext: () => {},
     setTurnInterfaceContext: () => {},
@@ -236,7 +238,11 @@ function makePendingApprovalSession(
     },
     setChannelCapabilities: () => {},
     setAssistantId: () => {},
-    setGuardianContext: () => {},
+    guardianContext: undefined as unknown,
+    setGuardianContext(this: { guardianContext: unknown }, ctx: unknown) {
+      this.guardianContext = ctx;
+    },
+    setAuthContext: () => {},
     setCommandIntent: () => {},
     setTurnChannelContext: () => {},
     setTurnInterfaceContext: () => {},
@@ -290,7 +296,7 @@ describe("POST /v1/messages — queue-if-busy and hub publishing", () => {
     createBinding({
       assistantId: "self",
       channel: "vellum",
-      guardianExternalUserId: "guardian-vellum",
+      guardianExternalUserId: "dev-bypass",
       guardianDeliveryChatId: "vellum",
       guardianPrincipalId: "test-principal-id",
     });

package/src/__tests__/sms-messaging-provider.test.ts

@@ -37,6 +37,10 @@ mock.module("../util/platform.js", () => ({
   readHttpToken: () => "runtime-token",
 }));
 
+mock.module("../runtime/auth/token-service.js", () => ({
+  mintDaemonDeliveryToken: () => "runtime-token",
+}));
+
 mock.module("../config/loader.js", () => ({
   loadConfig: () => configState,
 }));

package/src/__tests__/system-prompt.test.ts

@@ -72,6 +72,7 @@ const {
   ensurePromptFiles,
   stripCommentLines,
   buildExternalCommsIdentitySection,
+  buildPhoneCallsRoutingSection,
 } = await import("../config/system-prompt.js");
 
 /** Strip the Configuration and Skills sections so base-prompt tests stay focused. */
@@ -224,6 +225,26 @@ describe("buildSystemPrompt", () => {
     expect(section).toContain("Occasional variations are acceptable");
   });
 
+  test("includes phone calls routing section", () => {
+    const result = buildSystemPrompt();
+    expect(result).toContain("## Routing: Phone Calls");
+    expect(result).toContain('skill: "phone-calls"');
+  });
+
+  test("buildPhoneCallsRoutingSection returns section with expected content", () => {
+    const section = buildPhoneCallsRoutingSection();
+    expect(section).toContain("## Routing: Phone Calls");
+    expect(section).toContain("Trigger phrases");
+    expect(section).toContain("Exclusivity rules");
+    expect(section).toContain("phone-calls");
+    expect(section).toContain("Do NOT improvise Twilio setup instructions");
+  });
+
+  test("phone calls routing section excluded from low tier", () => {
+    const result = buildSystemPrompt("low");
+    expect(result).not.toContain("## Routing: Phone Calls");
+  });
+
   test("includes memory persistence section in high tier", () => {
     const result = buildSystemPrompt("high");
     expect(result).toContain("## Memory Persistence");

package/src/__tests__/tool-execution-abort-cleanup.test.ts

@@ -78,7 +78,9 @@ mock.module("../tools/network/script-proxy/index.js", () => ({
 }));
 
 mock.module("../util/platform.js", () => ({
+  getRootDir: () => "/tmp",
   getDataDir: () => "/tmp",
+  getRootDir: () => "/tmp",
   getSocketPath: () => "/tmp/vellum.sock",
 }));
 

package/src/cli/mcp.ts

@@ -15,7 +15,7 @@ const log = getCliLogger('cli');
 export const HEALTH_CHECK_TIMEOUT_MS = 10_000;
 
 export async function checkServerHealth(serverId: string, config: McpServerConfig, timeoutMs = HEALTH_CHECK_TIMEOUT_MS): Promise<string> {
-  const client = new McpClient(serverId, { quiet: true });
+  const client = new McpClient(serverId);
   try {
     await Promise.race([
       client.connect(config.transport),
@@ -73,40 +73,93 @@ export function registerMcpCommand(program: Command): void {
 
       log.info(`${entries.length} MCP server(s) configured:\n`);
 
-      let didHealthCheck = false;
-      for (const [id, cfg] of entries) {
-        if (!cfg || typeof cfg !== 'object') {
-          log.info(`  ${id} (invalid config — skipped)\n`);
-          continue;
-        }
-        const enabled = cfg.enabled !== false;
-        const transport = cfg.transport;
-        const risk = cfg.defaultRiskLevel ?? 'high';
+      const isTTY = process.stdout.isTTY;
 
-        let status: string;
-        if (!enabled) {
-          status = '✗ disabled';
-        } else {
-          status = await checkServerHealth(id, cfg);
-          didHealthCheck = true;
+      if (isTTY) {
+        // TTY path: print placeholders, run health checks in parallel, update in-place with ANSI codes
+        let lineCount = 0;
+        const healthChecks: { id: string; cfg: McpServerConfig; statusLine: number }[] = [];
+
+        for (const [id, cfg] of entries) {
+          if (!cfg || typeof cfg !== 'object') {
+            log.info(`  ${id} (invalid config — skipped)\n`);
+            lineCount += 2;
+            continue;
+          }
+          const enabled = cfg.enabled !== false;
+          const transport = cfg.transport;
+          const risk = cfg.defaultRiskLevel ?? 'high';
+          const statusText = !enabled ? '✗ disabled' : '⏳ Checking...';
+
+          log.info(`  ${id}`);
+          lineCount++;
+          const statusLine = lineCount;
+          log.info(`    Status:    ${statusText}`);
+          lineCount++;
+          log.info(`    Transport: ${transport?.type ?? 'unknown'}`);
+          lineCount++;
+          if (transport?.type === 'stdio') {
+            log.info(`    Command:   ${transport.command} ${(transport.args ?? []).join(' ')}`);
+            lineCount++;
+          } else if (transport && 'url' in transport) {
+            log.info(`    URL:       ${transport.url}`);
+            lineCount++;
+          }
+          log.info(`    Risk:      ${risk}`);
+          lineCount++;
+          if (cfg.allowedTools) { log.info(`    Allowed:   ${cfg.allowedTools.join(', ')}`); lineCount++; }
+          if (cfg.blockedTools) { log.info(`    Blocked:   ${cfg.blockedTools.join(', ')}`); lineCount++; }
+          log.info('');
+          lineCount++;
+
+          if (enabled) {
+            healthChecks.push({ id, cfg, statusLine });
+          }
         }
 
-        log.info(`  ${id}`);
-        log.info(`    Status:    ${status}`);
-        log.info(`    Transport: ${transport?.type ?? 'unknown'}`);
-        if (transport?.type === 'stdio') {
-          log.info(`    Command:   ${transport.command} ${(transport.args ?? []).join(' ')}`);
-        } else if (transport && 'url' in transport) {
-          log.info(`    URL:       ${transport.url}`);
+        if (healthChecks.length === 0) return;
+
+        // Run health checks in parallel, update status lines in-place with ANSI codes
+        await Promise.all(healthChecks.map(async ({ id, cfg, statusLine }) => {
+          const health = await checkServerHealth(id, cfg);
+          const up = lineCount - statusLine;
+          process.stdout.write(`\x1b[${up}A\r\x1b[2K    Status:    ${health}\x1b[${up}B\r`);
+        }));
+      } else {
+        // Non-TTY path: run health checks sequentially, print final status directly (no ANSI codes)
+        for (const [id, cfg] of entries) {
+          if (!cfg || typeof cfg !== 'object') {
+            log.info(`  ${id} (invalid config — skipped)\n`);
+            continue;
+          }
+          const enabled = cfg.enabled !== false;
+          const transport = cfg.transport;
+          const risk = cfg.defaultRiskLevel ?? 'high';
+
+          let statusText: string;
+          if (!enabled) {
+            statusText = '✗ disabled';
+          } else {
+            statusText = await checkServerHealth(id, cfg);
+          }
+
+          log.info(`  ${id}`);
+          log.info(`    Status:    ${statusText}`);
+          log.info(`    Transport: ${transport?.type ?? 'unknown'}`);
+          if (transport?.type === 'stdio') {
+            log.info(`    Command:   ${transport.command} ${(transport.args ?? []).join(' ')}`);
+          } else if (transport && 'url' in transport) {
+            log.info(`    URL:       ${transport.url}`);
+          }
+          log.info(`    Risk:      ${risk}`);
+          if (cfg.allowedTools) { log.info(`    Allowed:   ${cfg.allowedTools.join(', ')}`); }
+          if (cfg.blockedTools) { log.info(`    Blocked:   ${cfg.blockedTools.join(', ')}`); }
+          log.info('');
         }
-        log.info(`    Risk:      ${risk}`);
-        if (cfg.allowedTools) log.info(`    Allowed:   ${cfg.allowedTools.join(', ')}`);
-        if (cfg.blockedTools) log.info(`    Blocked:   ${cfg.blockedTools.join(', ')}`);
-        log.info('');
       }
 
       // Health checks may leave MCP transports alive — force exit
-      if (didHealthCheck) process.exit(0);
+      process.exit(0);
     });
 
   mcp

package/src/config/bundled-skills/guardian-verify-setup/SKILL.md

@@ -11,7 +11,7 @@ You are helping your user set up guardian verification for a messaging channel (
 
 - Use the injected `INTERNAL_GATEWAY_BASE_URL` for gateway API calls.
 - Never call the daemon runtime port directly; always call the gateway URL.
-- The bearer token is stored at `~/.vellum/http-token`. Read it with: `TOKEN=$(cat ~/.vellum/http-token)`.
+- The bearer token is available as the `$GATEWAY_AUTH_TOKEN` environment variable.
 - Run shell commands for this skill with `host_bash` (not sandbox `bash`) so host auth/token and gateway routing are reliable.
 - Keep narration minimal: execute required calls first, then provide a concise status update. Do not narrate internal install/check/load chatter unless something fails.
 
@@ -39,10 +39,9 @@ Based on the chosen channel, ask for the required destination:
 Execute the outbound start request:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/outbound/start" \
   -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -d '{"channel": "<channel>", "destination": "<destination>"}'
 ```
 
@@ -77,10 +76,9 @@ Handle each error code:
 If the user says they did not receive the code or asks to resend:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/outbound/resend" \
   -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -d '{"channel": "<channel>"}'
 ```
 
@@ -107,10 +105,9 @@ Handle each error code from the resend endpoint:
 If the user wants to cancel the verification:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/outbound/cancel" \
   -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -d '{"channel": "<channel>"}'
 ```
 
@@ -126,9 +123,8 @@ For **voice** verification only: after telling the user their code and instructi
 2. Check the binding status:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/status?channel=voice" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 3. If the response shows `bound: true`: immediately send a proactive success message in the current chat — "Voice verification complete! Your phone number is now the trusted guardian." Stop polling.
@@ -153,9 +149,8 @@ When in a **rebind flow** (i.e., the `start_outbound` request included `"rebind"
 After the user reports entering the code, verify the binding was created:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/status?channel=<channel>" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 If the response shows the guardian is bound, confirm success: "Guardian verified! Your [channel] identity is now the trusted guardian."

package/src/config/bundled-skills/phone-calls/SKILL.md

@@ -49,9 +49,8 @@ The user's assistant gets its own personal phone number through Twilio. All impl
 Check whether Twilio credentials, phone number, and public ingress are already configured:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 ```bash

package/src/config/bundled-skills/sms-setup/SKILL.md

@@ -12,9 +12,8 @@ You are helping your user set up SMS messaging. This skill orchestrates Twilio s
 First, check the current SMS channel readiness state via the gateway:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Inspect the response for `hasCredentials` and `phoneNumber`.
@@ -35,9 +34,8 @@ Tell the user: _"SMS needs Twilio configured first. I've loaded the Twilio setup
 After twilio-setup completes, re-check readiness by calling the config endpoint again:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 If baseline is still not ready, report the specific failures and ask the user to address them before continuing.
@@ -47,9 +45,8 @@ If baseline is still not ready, report the specific failures and ask the user to
 Once baseline is ready, check SMS compliance status including remote (Twilio API) checks:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/compliance" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Examine the compliance results:
@@ -90,9 +87,8 @@ The `tollfreePhoneNumberSid` is returned by the compliance status response in th
 **Step 3c: Submit verification:**
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/compliance/tollfree" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{
     "tollfreePhoneNumberSid": "<compliance.tollfreePhoneNumberSid from Step 3a>",
@@ -118,9 +114,8 @@ The endpoint validates all fields before submitting to Twilio and returns clear
 **Step 3d: Update a rejected verification** (if `editAllowed` is true):
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X PATCH "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/compliance/tollfree/<verificationSid>" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{
     "businessName": "updated value",
@@ -133,9 +128,8 @@ Only include fields that need to change. The endpoint checks edit eligibility an
 **Step 3e: Delete and resubmit** (if editing is not allowed):
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X DELETE "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/compliance/tollfree/<verificationSid>" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 After deletion, return to Step 3b to collect information and resubmit. Warn the user that deleting resets their position in the review queue.
@@ -183,9 +177,8 @@ Tell the user: _"Let's send a test SMS to verify everything works. What phone nu
 After the user provides a number, send a test message via the gateway:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/test" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{"phoneNumber":"<recipient phone number>","text":"Test SMS from your Vellum assistant."}'
 ```
@@ -200,9 +193,8 @@ Report the result honestly:
 If the test fails or the user reports SMS issues, run the SMS doctor:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/doctor" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 This runs a comprehensive health diagnostic, checking channel readiness, compliance/toll-free verification status, and the last test result. Report the diagnostics and actionable items to the user.

package/src/config/bundled-skills/telegram-setup/SKILL.md

@@ -39,7 +39,7 @@ After the token is collected, call the composite setup endpoint which validates
 
 ```bash
 curl -sf -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/telegram/setup" \
-  -H "Authorization: Bearer $(cat ~/.vellum/http-token)" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{}'
 ```
@@ -101,7 +101,7 @@ Before reporting success, confirm the guardian binding was actually created. Che
 
 ```bash
 curl -sf "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/status?channel=telegram" \
-  -H "Authorization: Bearer $(cat ~/.vellum/http-token)"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 If the binding is absent and the user said they completed the verification:
@@ -120,7 +120,7 @@ Summarize what was done:
 - Guardian identity: {verified | not configured}
 - Guardian verification status: {verified via outbound flow | skipped}
 - Routing configuration validated
-- To re-check guardian status later, use: `curl -sf "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/status?channel=telegram" -H "Authorization: Bearer $(cat ~/.vellum/http-token)"`
+- To re-check guardian status later, use: `curl -sf "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/status?channel=telegram" -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"`
 
 The gateway automatically detects credentials from the vault, reconciles the Telegram webhook registration, and begins accepting Telegram webhooks shortly. In single-assistant mode, routing is automatically configured — no manual environment variable configuration or webhook registration is needed. If the webhook secret changes later, the gateway's credential watcher will automatically re-register the webhook. If the ingress URL changes (e.g., tunnel restart), the assistant daemon triggers an immediate internal reconcile so the webhook re-registers automatically without a gateway restart.
 

package/src/config/bundled-skills/trusted-contacts/SKILL.md

@@ -11,7 +11,7 @@ You are helping your user manage trusted contacts and invite links for the Vellu
 
 - Use the injected `INTERNAL_GATEWAY_BASE_URL` for gateway API calls.
 - Use gateway control-plane routes only: this skill calls `/v1/ingress/*` and `/v1/integrations/telegram/config` on the gateway, never the daemon runtime port directly.
-- The bearer token is stored at `~/.vellum/http-token`. Read it with: `TOKEN=$(cat ~/.vellum/http-token)`.
+- The bearer token is available as the `$GATEWAY_AUTH_TOKEN` environment variable.
 
 ## Concepts
 
@@ -29,9 +29,8 @@ You are helping your user manage trusted contacts and invite links for the Vellu
 Use this to show the user who currently has access, or to look up a specific contact.
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/members" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Optional query parameters for filtering:
@@ -42,7 +41,7 @@ Optional query parameters for filtering:
 Example with filters:
 ```bash
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/members?sourceChannel=telegram&status=active" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 The response contains `{ ok: true, members: [...] }` where each member has:
@@ -65,10 +64,9 @@ Use this when the user wants to grant someone access to message the assistant. *
 Ask the user: *"I'll add [name/identifier] on [channel] as an allowed contact. Should I proceed?"*
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/members" \
   -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -d '{
     "sourceChannel": "<channel>",
     "externalUserId": "<user_id>",
@@ -97,9 +95,8 @@ Ask the user: *"I'll revoke access for [name/identifier]. They will no longer be
 First, list members to find the member's `id`, then revoke:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X DELETE "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/members/<member_id>" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{"reason": "<optional reason>"}'
 ```
@@ -113,10 +110,9 @@ Use this when the user wants to explicitly block someone. Blocking is stronger t
 Ask the user: *"I'll block [name/identifier]. They will be permanently denied from messaging the assistant. Should I proceed?"*
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/members/<member_id>/block" \
   -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -d '{"reason": "<optional reason>"}'
 ```
 
@@ -127,11 +123,9 @@ Use this when the guardian wants to invite someone to message the assistant on T
 **Important**: The shell snippet below emits a `<vellum-sensitive-output>` directive containing the raw invite token. The tool executor automatically strips this directive and replaces the raw token with a placeholder so the LLM never sees it. The placeholder is resolved back to the real token in the final assistant reply.
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
-
 INVITE_JSON=$(curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/invites" \
   -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -d '{
     "sourceChannel": "telegram",
     "maxUses": 1,
@@ -160,7 +154,7 @@ fi
 # Prefer backend-provided canonical link when available.
 if [ -z "$INVITE_URL" ]; then
   BOT_CONFIG_JSON=$(curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/telegram/config" \
-    -H "Authorization: Bearer $TOKEN")
+    -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN")
   BOT_USERNAME=$(printf '%s' "$BOT_CONFIG_JSON" | tr -d '\n' | sed -n 's/.*"botUsername"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')
   if [ -z "$BOT_USERNAME" ]; then
     echo "error:no_share_url_or_bot_username"
@@ -201,9 +195,8 @@ If the Telegram bot username is not available (integration not set up), tell the
 Use this to show the guardian their active (and optionally all) invite links.
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/invites?sourceChannel=telegram" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Optional query parameters:
@@ -232,9 +225,8 @@ Ask the user: *"I'll revoke the invite link [note or ID]. It will no longer be u
 First, list invites to find the invite's `id`, then revoke:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X DELETE "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/invites/<invite_id>" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Replace `<invite_id>` with the invite's `id` from the list response.
@@ -246,11 +238,9 @@ Use this when the guardian wants to authorize a specific phone number to call th
 **Important**: The response includes a `voiceCode` field that is only returned at creation time and cannot be retrieved later. Extract and present it clearly.
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
-
 INVITE_JSON=$(curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/invites" \
   -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -d '{
     "sourceChannel": "voice",
     "expectedExternalUserId": "<phone_number_E164>",
@@ -303,9 +293,8 @@ If the user provides a phone number without the `+` country code prefix, ask the
 Use this to show the guardian their active voice invites.
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/invites?sourceChannel=voice" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Optional query parameters:
@@ -327,9 +316,8 @@ Ask the user: *"I'll revoke the voice invite for [phone number or note]. The cod
 First, list voice invites to find the invite's `id`, then revoke:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X DELETE "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/invites/<invite_id>" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Replace `<invite_id>` with the invite's `id` from the list response. The same revoke endpoint is used for both Telegram and voice invites.

package/src/config/bundled-skills/twilio-setup/SKILL.md

@@ -11,17 +11,16 @@ You are helping your user configure Twilio for voice calls and SMS messaging. Tw
 ## Quick Start
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 # 1. Check current status
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 # 2. Store credentials (after collecting via credential_store prompt)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/credentials" \
-  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" -H "Content-Type: application/json" \
   -d '{"accountSid":"ACxxx","authToken":"xxx"}'
 # 3. Provision or assign a number
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers/provision" \
-  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" -H "Content-Type: application/json" \
   -d '{"country":"US","areaCode":"415"}'
 ```
 
@@ -67,9 +66,8 @@ All HTTP examples below include the optional `assistantId` query parameter in as
 First, check whether Twilio is already configured:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 The response includes:
@@ -96,9 +94,8 @@ If credentials are not yet stored, guide the user through Twilio account setup:
 After both credentials are collected, retrieve them from secure storage and send them to the gateway:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/credentials" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{"accountSid":"<value from credential_store for twilio/account_sid>","authToken":"<value from credential_store for twilio/auth_token>"}'
 ```
@@ -116,9 +113,8 @@ The assistant needs a phone number to make calls and send SMS. There are two pat
 If the user wants to buy a new number through Twilio:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers/provision" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{"country":"US","areaCode":"415"}'
 ```
@@ -143,9 +139,8 @@ If ingress is not yet configured, webhook setup is skipped gracefully — the nu
 If the user already has a Twilio phone number, first list available numbers:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 The response includes a `numbers` array with each number's `phoneNumber`, `friendlyName`, and `capabilities` (voice, SMS). Present these to the user and let them choose.
@@ -153,9 +148,8 @@ The response includes a `numbers` array with each number's `phoneNumber`, `frien
 Then assign the chosen number:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers/assign" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{"phoneNumber":"+14155551234"}'
 ```
@@ -173,9 +167,8 @@ credential_store action=store service=twilio field=phone_number value=+141555512
 Then assign it through the gateway:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers/assign" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{"phoneNumber":"+14155551234"}'
 ```
@@ -211,9 +204,8 @@ Webhook URLs are automatically configured on the Twilio phone number when provis
 After configuration, verify by checking the config endpoint again.
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Confirm:
@@ -251,13 +243,12 @@ After the guardian-verify-setup skill completes verification for a channel, load
 To re-check guardian status later, query the channel(s) that were verified:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 # Check SMS guardian status
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/status?channel=sms" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 # Check voice guardian status
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/status?channel=voice" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Check the status for whichever channel(s) the user actually verified (SMS, voice, or both). Report the guardian verification result per channel: **"Guardian identity — SMS: {verified | not configured}, Voice: {verified | not configured}."**
@@ -280,9 +271,8 @@ SMS is available automatically once Twilio is configured — no additional featu
 If the user wants to disconnect Twilio:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X DELETE "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/credentials" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 This removes the stored Account SID and Auth Token. Phone number assignments are preserved. Voice calls and SMS will stop working until credentials are reconfigured.

package/src/config/system-prompt.ts

@@ -145,6 +145,7 @@ export function buildSystemPrompt(tier: ResponseTier = 'high'): string {
     parts.push(buildAttachmentSection());
     parts.push(buildInChatConfigurationSection());
     parts.push(buildVoiceSetupRoutingSection());
+    parts.push(buildPhoneCallsRoutingSection());
     parts.push(buildChannelCommandIntentSection());
   }
 
@@ -373,6 +374,37 @@ export function buildVoiceSetupRoutingSection(): string {
   ].join('\n');
 }
 
+export function buildPhoneCallsRoutingSection(): string {
+  return [
+    '## Routing: Phone Calls',
+    '',
+    'When the user asks to set up phone calling, place a call, configure Twilio for voice, or anything related to outbound/inbound phone calls, load the **Phone Calls** skill.',
+    '',
+    '### Trigger phrases',
+    '- "Set up phone calling" / "enable calls"',
+    '- "Make a call to..." / "call [number/business]"',
+    '- "Configure Twilio" (in context of voice calls, not SMS)',
+    '- "Can you make phone calls?"',
+    '- "Set up my phone number" (for calling, not SMS)',
+    '',
+    '### What it does',
+    'The skill handles the full phone calling lifecycle:',
+    '1. Twilio credential setup (delegates to twilio-setup skill)',
+    '2. Public ingress configuration (delegates to public-ingress skill)',
+    '3. Enabling the calls feature',
+    '4. Placing outbound calls and receiving inbound calls',
+    '5. Voice quality configuration (standard Twilio TTS or ElevenLabs)',
+    '',
+    'Load with: `skill_load` using `skill: "phone-calls"`',
+    '',
+    '### Exclusivity rules',
+    '- Do NOT improvise Twilio setup instructions from general knowledge — always load the skill first.',
+    '- Do NOT confuse with voice-setup (local PTT/wake word/microphone) or guardian-verify-setup (channel verification).',
+    '- If the user says "voice" in the context of phone calls or Twilio, load phone-calls, not voice-setup.',
+    '- For guardian voice verification specifically, load guardian-verify-setup instead.',
+  ].join('\n');
+}
+
 function buildToolPermissionSection(): string {
   return [
     '## Tool Permissions',

package/src/mcp/client.ts

@@ -30,15 +30,13 @@ export class McpClient {
   private transport: StdioClientTransport | SSEClientTransport | StreamableHTTPClientTransport | null = null;
   private connected = false;
   private oauthProvider: McpOAuthProvider | null = null;
-  private quiet: boolean;
 
   get isConnected(): boolean {
     return this.connected;
   }
 
-  constructor(serverId: string, opts?: { quiet?: boolean }) {
+  constructor(serverId: string) {
     this.serverId = serverId;
-    this.quiet = opts?.quiet ?? false;
     this.client = new Client({
       name: 'vellum-assistant',
       version: '1.0.0',
@@ -61,7 +59,7 @@ export class McpClient {
       }
     }
 
-    if (!this.quiet) console.log(`[MCP] Connecting to server "${this.serverId}"...`);
+    log.info({ serverId: this.serverId }, 'Connecting to MCP server');
     this.transport = this.createTransport(transportConfig);
 
     try {
@@ -82,13 +80,11 @@ export class McpClient {
         if (isAuthError) {
           // Auth-related — user can run `vellum mcp auth <name>` to authenticate.
           log.info({ serverId: this.serverId, err }, 'MCP server requires authentication');
-          if (!this.quiet) console.log(`[MCP] Server "${this.serverId}" requires authentication. Run "vellum mcp auth ${this.serverId}" to authenticate.`);
           return;
         }
 
         // Non-auth error (DNS, TLS, timeout, etc.) — log and re-throw
         log.error({ serverId: this.serverId, err }, 'MCP server connection failed');
-        if (!this.quiet) console.error(`[MCP] Server "${this.serverId}" connection failed: ${err instanceof Error ? err.message : err}`);
         throw err;
       }
 
@@ -96,7 +92,6 @@ export class McpClient {
     }
 
     this.connected = true;
-    if (!this.quiet) console.log(`[MCP] Server "${this.serverId}" connected successfully`);
     log.info({ serverId: this.serverId }, 'MCP client connected');
   }
 

package/src/security/secure-keys.ts

@@ -148,11 +148,19 @@ export function getSecureKey(account: string): string | undefined {
  * Returns `true` on success, `false` on failure.
  */
 export function setSecureKey(account: string, value: string): boolean {
-  return withKeychainFallback(
+  const result = withKeychainFallback(
     () => keychain.setKey(account, value),
     () => encryptedStore.setKey(account, value),
     false,
   );
+  // When writing to the encrypted store after a keychain downgrade, clean up
+  // any stale keychain entry so the gateway's credential-reader (which tries
+  // keychain first) does not read an outdated value.
+  if (result && downgradedFromKeychain && getBackend() === "encrypted") {
+    keychainMissCache.delete(account);
+    try { keychain.deleteKey(account); } catch { /* best-effort */ }
+  }
+  return result;
 }
 
 /**
@@ -278,7 +286,15 @@ export async function setSecureKeyAsync(
   value: string,
 ): Promise<boolean> {
   const backend = await getBackendAsync();
-  if (backend === "encrypted") return encryptedStore.setKey(account, value);
+  if (backend === "encrypted") {
+    const result = encryptedStore.setKey(account, value);
+    // Clean up stale keychain entry (mirrors setSecureKey logic).
+    if (result && downgradedFromKeychain) {
+      keychainMissCache.delete(account);
+      try { await keychain.deleteKeyAsync(account); } catch { /* best-effort */ }
+    }
+    return result;
+  }
   if (backend !== "keychain") return false;
 
   const result = await keychain.setKeyAsync(account, value);

package/src/tools/terminal/safe-env.ts

@@ -6,6 +6,7 @@
  * Shared by the sandbox bash tool and skill sandbox runner.
  */
 import { getGatewayInternalBaseUrl, getIngressPublicBaseUrl } from '../../config/env.js';
+import { isSigningKeyInitialized, mintEdgeRelayToken } from '../../runtime/auth/token-service.js';
 
 const SAFE_ENV_VARS = [
   'PATH',
@@ -42,5 +43,11 @@ export function buildSanitizedEnv(): Record<string, string> {
   // back to the internal base so commands remain functional in local-only mode.
   const publicGatewayBase = getIngressPublicBaseUrl()?.replace(/\/+$/, '');
   env.GATEWAY_BASE_URL = publicGatewayBase || internalGatewayBase;
+  // Mint a short-lived JWT for gateway authentication when the signing key
+  // is available (daemon context). CLI-only contexts without daemon startup
+  // will not have the key initialized — gracefully skip.
+  if (isSigningKeyInitialized()) {
+    env.GATEWAY_AUTH_TOKEN = mintEdgeRelayToken();
+  }
   return env;
 }