@vellumai/assistant 0.4.18 → 0.4.20

package/src/cli/mcp.ts

@@ -15,7 +15,7 @@ const log = getCliLogger('cli');
 export const HEALTH_CHECK_TIMEOUT_MS = 10_000;
 
 export async function checkServerHealth(serverId: string, config: McpServerConfig, timeoutMs = HEALTH_CHECK_TIMEOUT_MS): Promise<string> {
-  const client = new McpClient(serverId, { quiet: true });
+  const client = new McpClient(serverId);
   try {
     await Promise.race([
       client.connect(config.transport),
@@ -73,40 +73,93 @@ export function registerMcpCommand(program: Command): void {
 
       log.info(`${entries.length} MCP server(s) configured:\n`);
 
-      let didHealthCheck = false;
-      for (const [id, cfg] of entries) {
-        if (!cfg || typeof cfg !== 'object') {
-          log.info(`  ${id} (invalid config — skipped)\n`);
-          continue;
-        }
-        const enabled = cfg.enabled !== false;
-        const transport = cfg.transport;
-        const risk = cfg.defaultRiskLevel ?? 'high';
+      const isTTY = process.stdout.isTTY;
 
-        let status: string;
-        if (!enabled) {
-          status = '✗ disabled';
-        } else {
-          status = await checkServerHealth(id, cfg);
-          didHealthCheck = true;
+      if (isTTY) {
+        // TTY path: print placeholders, run health checks in parallel, update in-place with ANSI codes
+        let lineCount = 0;
+        const healthChecks: { id: string; cfg: McpServerConfig; statusLine: number }[] = [];
+
+        for (const [id, cfg] of entries) {
+          if (!cfg || typeof cfg !== 'object') {
+            log.info(`  ${id} (invalid config — skipped)\n`);
+            lineCount += 2;
+            continue;
+          }
+          const enabled = cfg.enabled !== false;
+          const transport = cfg.transport;
+          const risk = cfg.defaultRiskLevel ?? 'high';
+          const statusText = !enabled ? '✗ disabled' : '⏳ Checking...';
+
+          log.info(`  ${id}`);
+          lineCount++;
+          const statusLine = lineCount;
+          log.info(`    Status:    ${statusText}`);
+          lineCount++;
+          log.info(`    Transport: ${transport?.type ?? 'unknown'}`);
+          lineCount++;
+          if (transport?.type === 'stdio') {
+            log.info(`    Command:   ${transport.command} ${(transport.args ?? []).join(' ')}`);
+            lineCount++;
+          } else if (transport && 'url' in transport) {
+            log.info(`    URL:       ${transport.url}`);
+            lineCount++;
+          }
+          log.info(`    Risk:      ${risk}`);
+          lineCount++;
+          if (cfg.allowedTools) { log.info(`    Allowed:   ${cfg.allowedTools.join(', ')}`); lineCount++; }
+          if (cfg.blockedTools) { log.info(`    Blocked:   ${cfg.blockedTools.join(', ')}`); lineCount++; }
+          log.info('');
+          lineCount++;
+
+          if (enabled) {
+            healthChecks.push({ id, cfg, statusLine });
+          }
         }
 
-        log.info(`  ${id}`);
-        log.info(`    Status:    ${status}`);
-        log.info(`    Transport: ${transport?.type ?? 'unknown'}`);
-        if (transport?.type === 'stdio') {
-          log.info(`    Command:   ${transport.command} ${(transport.args ?? []).join(' ')}`);
-        } else if (transport && 'url' in transport) {
-          log.info(`    URL:       ${transport.url}`);
+        if (healthChecks.length === 0) return;
+
+        // Run health checks in parallel, update status lines in-place with ANSI codes
+        await Promise.all(healthChecks.map(async ({ id, cfg, statusLine }) => {
+          const health = await checkServerHealth(id, cfg);
+          const up = lineCount - statusLine;
+          process.stdout.write(`\x1b[${up}A\r\x1b[2K    Status:    ${health}\x1b[${up}B\r`);
+        }));
+      } else {
+        // Non-TTY path: run health checks sequentially, print final status directly (no ANSI codes)
+        for (const [id, cfg] of entries) {
+          if (!cfg || typeof cfg !== 'object') {
+            log.info(`  ${id} (invalid config — skipped)\n`);
+            continue;
+          }
+          const enabled = cfg.enabled !== false;
+          const transport = cfg.transport;
+          const risk = cfg.defaultRiskLevel ?? 'high';
+
+          let statusText: string;
+          if (!enabled) {
+            statusText = '✗ disabled';
+          } else {
+            statusText = await checkServerHealth(id, cfg);
+          }
+
+          log.info(`  ${id}`);
+          log.info(`    Status:    ${statusText}`);
+          log.info(`    Transport: ${transport?.type ?? 'unknown'}`);
+          if (transport?.type === 'stdio') {
+            log.info(`    Command:   ${transport.command} ${(transport.args ?? []).join(' ')}`);
+          } else if (transport && 'url' in transport) {
+            log.info(`    URL:       ${transport.url}`);
+          }
+          log.info(`    Risk:      ${risk}`);
+          if (cfg.allowedTools) { log.info(`    Allowed:   ${cfg.allowedTools.join(', ')}`); }
+          if (cfg.blockedTools) { log.info(`    Blocked:   ${cfg.blockedTools.join(', ')}`); }
+          log.info('');
         }
-        log.info(`    Risk:      ${risk}`);
-        if (cfg.allowedTools) log.info(`    Allowed:   ${cfg.allowedTools.join(', ')}`);
-        if (cfg.blockedTools) log.info(`    Blocked:   ${cfg.blockedTools.join(', ')}`);
-        log.info('');
       }
 
       // Health checks may leave MCP transports alive — force exit
-      if (didHealthCheck) process.exit(0);
+      process.exit(0);
     });
 
   mcp

package/src/config/bundled-skills/app-builder/SKILL.md

@@ -1323,14 +1323,16 @@ Call `app_create` with:
 - `description`: One-sentence summary
 - `schema_json`: JSON schema as string
 - `html`: Complete HTML document as string
-- `auto_open`: (optional, defaults to `true`) Opens the app immediately
-- `preview`: (optional) Inline preview card — see below
+- `auto_open`: (optional, defaults to `true`) Shows an inline preview card in chat after creation
+- `preview`: Always include this — see below
 
-Since `auto_open` defaults to `true`, you don't need to call `app_open` separately after `app_create`.
+Since `auto_open` defaults to `true`, an inline preview card is shown in chat after creation. The app is NOT opened in a workspace panel automatically — users open it explicitly if desired by clicking 'Open App' on the inline card. The app appears in Things (sidebar) immediately after creation via the `app_files_changed` broadcast.
 
 #### Preview metadata
 
-Both `ui_show` and `app_create` support a `preview` object for an inline chat preview card. Always include it so the user sees a compact summary without opening the app.
+Always include preview metadata in `app_create` calls. The app shows as an inline card in chat first — no workspace opens automatically. Users can click 'Open App' on the inline card to open the workspace.
+
+Both `ui_show` and `app_create` support a `preview` object for an inline chat preview card. Always include it so the user sees a compact summary of what was built.
 
 **With `ui_show`:**
 ```json
@@ -1387,7 +1389,7 @@ Both `ui_show` and `app_create` support a `preview` object for an inline chat pr
 }
 ```
 
-Preview fields: `title` (required), `subtitle`, `description`, `icon`, `metrics` (up to 3 key-value pills). The `icon` field accepts an emoji or an image URL. **Prefer an image URL whenever you have a relevant one** — logos, favicons, product images, headshots, flags, album art, or any image you encountered during research. The preview card renders image URLs as a thumbnail automatically. Fall back to emoji only when there is no natural image. When `app_create` is called with `auto_open: true` (the default), the preview is forwarded through `app_open` automatically.
+Preview fields: `title` (required), `subtitle`, `description`, `icon`, `metrics` (up to 3 key-value pills). The `icon` field accepts an emoji or an image URL. **Prefer an image URL whenever you have a relevant one** — logos, favicons, product images, headshots, flags, album art, or any image you encountered during research. The preview card renders image URLs as a thumbnail automatically. Fall back to emoji only when there is no natural image. When `app_create` is called with `auto_open: true` (the default), the inline preview card is shown in chat — the app is NOT automatically opened in a workspace panel.
 
 ### 6. Handle Iteration
 

package/src/config/bundled-skills/app-builder/TOOLS.json

@@ -37,7 +37,7 @@
           },
           "auto_open": {
             "type": "boolean",
-            "description": "Automatically open the app after creation. Defaults to true. When true, the app is immediately displayed in a dynamic_page surface without needing a separate app_open call."
+            "description": "When true (default), an inline preview card is shown in chat after creation. The app is NOT automatically opened in a workspace panel — users can open it explicitly via the 'Open App' button on the inline card."
           },
           "set_as_home_base": {
             "type": "boolean",
@@ -45,7 +45,7 @@
           },
           "preview": {
             "type": "object",
-            "description": "Optional inline preview card shown in chat. Provides a compact summary so the user sees what was built without opening the app.",
+            "description": "Inline preview card shown in chat after creation. Always include this so users see a compact summary of what was built. Required fields: title.",
             "properties": {
               "title": { "type": "string", "description": "Preview card title" },
               "subtitle": { "type": "string", "description": "Optional subtitle" },

package/src/config/bundled-skills/guardian-verify-setup/SKILL.md

@@ -11,7 +11,7 @@ You are helping your user set up guardian verification for a messaging channel (
 
 - Use the injected `INTERNAL_GATEWAY_BASE_URL` for gateway API calls.
 - Never call the daemon runtime port directly; always call the gateway URL.
-- The bearer token is stored at `~/.vellum/http-token`. Read it with: `TOKEN=$(cat ~/.vellum/http-token)`.
+- The bearer token is available as the `$GATEWAY_AUTH_TOKEN` environment variable.
 - Run shell commands for this skill with `host_bash` (not sandbox `bash`) so host auth/token and gateway routing are reliable.
 - Keep narration minimal: execute required calls first, then provide a concise status update. Do not narrate internal install/check/load chatter unless something fails.
 
@@ -39,10 +39,9 @@ Based on the chosen channel, ask for the required destination:
 Execute the outbound start request:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/outbound/start" \
   -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -d '{"channel": "<channel>", "destination": "<destination>"}'
 ```
 
@@ -77,10 +76,9 @@ Handle each error code:
 If the user says they did not receive the code or asks to resend:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/outbound/resend" \
   -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -d '{"channel": "<channel>"}'
 ```
 
@@ -107,10 +105,9 @@ Handle each error code from the resend endpoint:
 If the user wants to cancel the verification:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/outbound/cancel" \
   -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -d '{"channel": "<channel>"}'
 ```
 
@@ -126,9 +123,8 @@ For **voice** verification only: after telling the user their code and instructi
 2. Check the binding status:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/status?channel=voice" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 3. If the response shows `bound: true`: immediately send a proactive success message in the current chat — "Voice verification complete! Your phone number is now the trusted guardian." Stop polling.
@@ -153,9 +149,8 @@ When in a **rebind flow** (i.e., the `start_outbound` request included `"rebind"
 After the user reports entering the code, verify the binding was created:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/status?channel=<channel>" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 If the response shows the guardian is bound, confirm success: "Guardian verified! Your [channel] identity is now the trusted guardian."

package/src/config/bundled-skills/phone-calls/SKILL.md

@@ -49,9 +49,8 @@ The user's assistant gets its own personal phone number through Twilio. All impl
 Check whether Twilio credentials, phone number, and public ingress are already configured:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 ```bash

package/src/config/bundled-skills/sms-setup/SKILL.md

@@ -12,9 +12,8 @@ You are helping your user set up SMS messaging. This skill orchestrates Twilio s
 First, check the current SMS channel readiness state via the gateway:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Inspect the response for `hasCredentials` and `phoneNumber`.
@@ -35,9 +34,8 @@ Tell the user: _"SMS needs Twilio configured first. I've loaded the Twilio setup
 After twilio-setup completes, re-check readiness by calling the config endpoint again:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 If baseline is still not ready, report the specific failures and ask the user to address them before continuing.
@@ -47,9 +45,8 @@ If baseline is still not ready, report the specific failures and ask the user to
 Once baseline is ready, check SMS compliance status including remote (Twilio API) checks:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/compliance" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Examine the compliance results:
@@ -90,9 +87,8 @@ The `tollfreePhoneNumberSid` is returned by the compliance status response in th
 **Step 3c: Submit verification:**
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/compliance/tollfree" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{
     "tollfreePhoneNumberSid": "<compliance.tollfreePhoneNumberSid from Step 3a>",
@@ -118,9 +114,8 @@ The endpoint validates all fields before submitting to Twilio and returns clear
 **Step 3d: Update a rejected verification** (if `editAllowed` is true):
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X PATCH "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/compliance/tollfree/<verificationSid>" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{
     "businessName": "updated value",
@@ -133,9 +128,8 @@ Only include fields that need to change. The endpoint checks edit eligibility an
 **Step 3e: Delete and resubmit** (if editing is not allowed):
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X DELETE "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/compliance/tollfree/<verificationSid>" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 After deletion, return to Step 3b to collect information and resubmit. Warn the user that deleting resets their position in the review queue.
@@ -183,9 +177,8 @@ Tell the user: _"Let's send a test SMS to verify everything works. What phone nu
 After the user provides a number, send a test message via the gateway:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/test" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{"phoneNumber":"<recipient phone number>","text":"Test SMS from your Vellum assistant."}'
 ```
@@ -200,9 +193,8 @@ Report the result honestly:
 If the test fails or the user reports SMS issues, run the SMS doctor:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/doctor" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 This runs a comprehensive health diagnostic, checking channel readiness, compliance/toll-free verification status, and the last test result. Report the diagnostics and actionable items to the user.

package/src/config/bundled-skills/telegram-setup/SKILL.md

@@ -39,7 +39,7 @@ After the token is collected, call the composite setup endpoint which validates
 
 ```bash
 curl -sf -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/telegram/setup" \
-  -H "Authorization: Bearer $(cat ~/.vellum/http-token)" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{}'
 ```
@@ -101,7 +101,7 @@ Before reporting success, confirm the guardian binding was actually created. Che
 
 ```bash
 curl -sf "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/status?channel=telegram" \
-  -H "Authorization: Bearer $(cat ~/.vellum/http-token)"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 If the binding is absent and the user said they completed the verification:
@@ -120,7 +120,7 @@ Summarize what was done:
 - Guardian identity: {verified | not configured}
 - Guardian verification status: {verified via outbound flow | skipped}
 - Routing configuration validated
-- To re-check guardian status later, use: `curl -sf "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/status?channel=telegram" -H "Authorization: Bearer $(cat ~/.vellum/http-token)"`
+- To re-check guardian status later, use: `curl -sf "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/status?channel=telegram" -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"`
 
 The gateway automatically detects credentials from the vault, reconciles the Telegram webhook registration, and begins accepting Telegram webhooks shortly. In single-assistant mode, routing is automatically configured — no manual environment variable configuration or webhook registration is needed. If the webhook secret changes later, the gateway's credential watcher will automatically re-register the webhook. If the ingress URL changes (e.g., tunnel restart), the assistant daemon triggers an immediate internal reconcile so the webhook re-registers automatically without a gateway restart.
 

package/src/config/bundled-skills/trusted-contacts/SKILL.md

@@ -11,7 +11,7 @@ You are helping your user manage trusted contacts and invite links for the Vellu
 
 - Use the injected `INTERNAL_GATEWAY_BASE_URL` for gateway API calls.
 - Use gateway control-plane routes only: this skill calls `/v1/ingress/*` and `/v1/integrations/telegram/config` on the gateway, never the daemon runtime port directly.
-- The bearer token is stored at `~/.vellum/http-token`. Read it with: `TOKEN=$(cat ~/.vellum/http-token)`.
+- The bearer token is available as the `$GATEWAY_AUTH_TOKEN` environment variable.
 
 ## Concepts
 
@@ -29,9 +29,8 @@ You are helping your user manage trusted contacts and invite links for the Vellu
 Use this to show the user who currently has access, or to look up a specific contact.
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/members" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Optional query parameters for filtering:
@@ -42,7 +41,7 @@ Optional query parameters for filtering:
 Example with filters:
 ```bash
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/members?sourceChannel=telegram&status=active" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 The response contains `{ ok: true, members: [...] }` where each member has:
@@ -65,10 +64,9 @@ Use this when the user wants to grant someone access to message the assistant. *
 Ask the user: *"I'll add [name/identifier] on [channel] as an allowed contact. Should I proceed?"*
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/members" \
   -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -d '{
     "sourceChannel": "<channel>",
     "externalUserId": "<user_id>",
@@ -97,9 +95,8 @@ Ask the user: *"I'll revoke access for [name/identifier]. They will no longer be
 First, list members to find the member's `id`, then revoke:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X DELETE "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/members/<member_id>" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{"reason": "<optional reason>"}'
 ```
@@ -113,10 +110,9 @@ Use this when the user wants to explicitly block someone. Blocking is stronger t
 Ask the user: *"I'll block [name/identifier]. They will be permanently denied from messaging the assistant. Should I proceed?"*
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/members/<member_id>/block" \
   -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -d '{"reason": "<optional reason>"}'
 ```
 
@@ -127,11 +123,9 @@ Use this when the guardian wants to invite someone to message the assistant on T
 **Important**: The shell snippet below emits a `<vellum-sensitive-output>` directive containing the raw invite token. The tool executor automatically strips this directive and replaces the raw token with a placeholder so the LLM never sees it. The placeholder is resolved back to the real token in the final assistant reply.
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
-
 INVITE_JSON=$(curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/invites" \
   -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -d '{
     "sourceChannel": "telegram",
     "maxUses": 1,
@@ -160,7 +154,7 @@ fi
 # Prefer backend-provided canonical link when available.
 if [ -z "$INVITE_URL" ]; then
   BOT_CONFIG_JSON=$(curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/telegram/config" \
-    -H "Authorization: Bearer $TOKEN")
+    -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN")
   BOT_USERNAME=$(printf '%s' "$BOT_CONFIG_JSON" | tr -d '\n' | sed -n 's/.*"botUsername"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')
   if [ -z "$BOT_USERNAME" ]; then
     echo "error:no_share_url_or_bot_username"
@@ -201,9 +195,8 @@ If the Telegram bot username is not available (integration not set up), tell the
 Use this to show the guardian their active (and optionally all) invite links.
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/invites?sourceChannel=telegram" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Optional query parameters:
@@ -232,9 +225,8 @@ Ask the user: *"I'll revoke the invite link [note or ID]. It will no longer be u
 First, list invites to find the invite's `id`, then revoke:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X DELETE "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/invites/<invite_id>" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Replace `<invite_id>` with the invite's `id` from the list response.
@@ -246,11 +238,9 @@ Use this when the guardian wants to authorize a specific phone number to call th
 **Important**: The response includes a `voiceCode` field that is only returned at creation time and cannot be retrieved later. Extract and present it clearly.
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
-
 INVITE_JSON=$(curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/invites" \
   -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -d '{
     "sourceChannel": "voice",
     "expectedExternalUserId": "<phone_number_E164>",
@@ -303,9 +293,8 @@ If the user provides a phone number without the `+` country code prefix, ask the
 Use this to show the guardian their active voice invites.
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/invites?sourceChannel=voice" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Optional query parameters:
@@ -327,9 +316,8 @@ Ask the user: *"I'll revoke the voice invite for [phone number or note]. The cod
 First, list voice invites to find the invite's `id`, then revoke:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X DELETE "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/invites/<invite_id>" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Replace `<invite_id>` with the invite's `id` from the list response. The same revoke endpoint is used for both Telegram and voice invites.

package/src/config/bundled-skills/twilio-setup/SKILL.md

@@ -11,17 +11,16 @@ You are helping your user configure Twilio for voice calls and SMS messaging. Tw
 ## Quick Start
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 # 1. Check current status
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 # 2. Store credentials (after collecting via credential_store prompt)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/credentials" \
-  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" -H "Content-Type: application/json" \
   -d '{"accountSid":"ACxxx","authToken":"xxx"}'
 # 3. Provision or assign a number
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers/provision" \
-  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" -H "Content-Type: application/json" \
   -d '{"country":"US","areaCode":"415"}'
 ```
 
@@ -67,9 +66,8 @@ All HTTP examples below include the optional `assistantId` query parameter in as
 First, check whether Twilio is already configured:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 The response includes:
@@ -96,9 +94,8 @@ If credentials are not yet stored, guide the user through Twilio account setup:
 After both credentials are collected, retrieve them from secure storage and send them to the gateway:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/credentials" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{"accountSid":"<value from credential_store for twilio/account_sid>","authToken":"<value from credential_store for twilio/auth_token>"}'
 ```
@@ -116,9 +113,8 @@ The assistant needs a phone number to make calls and send SMS. There are two pat
 If the user wants to buy a new number through Twilio:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers/provision" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{"country":"US","areaCode":"415"}'
 ```
@@ -143,9 +139,8 @@ If ingress is not yet configured, webhook setup is skipped gracefully — the nu
 If the user already has a Twilio phone number, first list available numbers:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 The response includes a `numbers` array with each number's `phoneNumber`, `friendlyName`, and `capabilities` (voice, SMS). Present these to the user and let them choose.
@@ -153,9 +148,8 @@ The response includes a `numbers` array with each number's `phoneNumber`, `frien
 Then assign the chosen number:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers/assign" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{"phoneNumber":"+14155551234"}'
 ```
@@ -173,9 +167,8 @@ credential_store action=store service=twilio field=phone_number value=+141555512
 Then assign it through the gateway:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers/assign" \
-  -H "Authorization: Bearer $TOKEN" \
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN" \
   -H "Content-Type: application/json" \
   -d '{"phoneNumber":"+14155551234"}'
 ```
@@ -211,9 +204,8 @@ Webhook URLs are automatically configured on the Twilio phone number when provis
 After configuration, verify by checking the config endpoint again.
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Confirm:
@@ -251,13 +243,12 @@ After the guardian-verify-setup skill completes verification for a channel, load
 To re-check guardian status later, query the channel(s) that were verified:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 # Check SMS guardian status
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/status?channel=sms" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 # Check voice guardian status
 curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/guardian/status?channel=voice" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 Check the status for whichever channel(s) the user actually verified (SMS, voice, or both). Report the guardian verification result per channel: **"Guardian identity — SMS: {verified | not configured}, Voice: {verified | not configured}."**
@@ -280,9 +271,8 @@ SMS is available automatically once Twilio is configured — no additional featu
 If the user wants to disconnect Twilio:
 
 ```bash
-TOKEN=$(cat ~/.vellum/http-token)
 curl -s -X DELETE "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/credentials" \
-  -H "Authorization: Bearer $TOKEN"
+  -H "Authorization: Bearer $GATEWAY_AUTH_TOKEN"
 ```
 
 This removes the stored Account SID and Auth Token. Phone number assignments are preserved. Voice calls and SMS will stop working until credentials are reconfigured.