@vellumai/assistant 0.4.2 → 0.4.4

package/src/config/vellum-skills/sms-setup/SKILL.md

@@ -9,20 +9,18 @@ You are helping your user set up SMS messaging. This skill orchestrates Twilio s
 
 ## Step 1: Check Channel Readiness
 
-First, check the current SMS channel readiness state by sending the `channel_readiness` IPC message:
-
-```json
-{
-  "type": "channel_readiness",
-  "action": "get",
-  "channel": "sms"
-}
+First, check the current SMS channel readiness state via the gateway:
+
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
+  -H "Authorization: Bearer $TOKEN"
 ```
 
-Inspect the `channel_readiness_response`. The response contains `snapshots` with each channel's readiness state.
+Inspect the response for `hasCredentials` and `phoneNumber`.
 
-- If the SMS channel shows `ready: true` and all `localChecks` pass, skip to Step 3.
-- If any local checks fail, proceed to Step 2 to fix the baseline.
+- If both are present and all baseline requirements are met, skip to Step 3.
+- If credentials or phone number are missing, proceed to Step 2 to fix the baseline.
 
 ## Step 2: Establish Baseline (Twilio Setup)
 
@@ -34,47 +32,35 @@ skill_load skill=twilio-setup
 
 Tell the user: *"SMS needs Twilio configured first. I've loaded the Twilio setup guide — let's walk through it."*
 
-After twilio-setup completes, re-check readiness:
+After twilio-setup completes, re-check readiness by calling the config endpoint again:
 
-```json
-{
-  "type": "channel_readiness",
-  "action": "refresh",
-  "channel": "sms"
-}
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
+  -H "Authorization: Bearer $TOKEN"
 ```
 
 If baseline is still not ready, report the specific failures and ask the user to address them before continuing.
 
 ## Step 3: Remote Compliance Check
 
-Once baseline is ready, run a full readiness check including remote (Twilio API) checks:
+Once baseline is ready, check SMS compliance status including remote (Twilio API) checks:
 
-```json
-{
-  "type": "channel_readiness",
-  "action": "refresh",
-  "channel": "sms",
-  "includeRemote": true
-}
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/compliance" \
+  -H "Authorization: Bearer $TOKEN"
 ```
 
-Examine the remote check results:
-- If all remote checks pass, proceed to Step 4.
+Examine the compliance results:
+- If all checks pass, proceed to Step 4.
 - If compliance issues are found (e.g., toll-free verification needed), guide the user through the compliance flow.
 
 ### Toll-Free Verification Submission
 
-When the remote check returns `toll_free_verification` as a failing check, use the daemon's built-in IPC compliance actions. These handle credential lookup, phone number SID resolution, field validation, and Twilio API calls internally.
+When the compliance check returns a toll-free verification requirement, use the gateway's compliance endpoints. These handle credential lookup, phone number SID resolution, field validation, and Twilio API calls internally.
 
-**Step 3a: Check compliance status.** First check if a verification already exists:
-
-```json
-{
-  "type": "twilio_config",
-  "action": "sms_compliance_status"
-}
-```
+**Step 3a: Check compliance status.** First check if a verification already exists (use the response from the compliance check above):
 
 The response includes a `compliance` object with `numberType`, `tollfreePhoneNumberSid`, `verificationSid`, `verificationStatus`, `rejectionReason`, `rejectionReasons`, `editAllowed`, and `editExpiration` fields. For toll-free numbers, `tollfreePhoneNumberSid` contains the Twilio phone number SID needed for verification submission.
 
@@ -98,15 +84,16 @@ The response includes a `compliance` object with `numberType`, `tollfreePhoneNum
 | Opt-in type | `optInType` | `VERBAL`, `WEB_FORM`, `PAPER_FORM`, `VIA_TEXT`, `MOBILE_QR_CODE` |
 | Opt-in image URL | `optInImageUrls` | Array of URLs showing opt-in mechanism (can be website URL) |
 
-The `tollfreePhoneNumberSid` is returned by the `sms_compliance_status` response in the `compliance` object. Use `compliance.tollfreePhoneNumberSid` from the Step 3a response as the value for `verificationParams.tollfreePhoneNumberSid` when submitting. Do NOT ask for EIN, business registration number, or business registration authority. Explain that Twilio labels some fields as "business" fields even for individual submitters.
+The `tollfreePhoneNumberSid` is returned by the compliance status response in the `compliance` object. Use `compliance.tollfreePhoneNumberSid` from the Step 3a response as the value for `tollfreePhoneNumberSid` when submitting. Do NOT ask for EIN, business registration number, or business registration authority. Explain that Twilio labels some fields as "business" fields even for individual submitters.
 
 **Step 3c: Submit verification:**
 
-```json
-{
-  "type": "twilio_config",
-  "action": "sms_submit_tollfree_verification",
-  "verificationParams": {
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/compliance/tollfree" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{
     "tollfreePhoneNumberSid": "<compliance.tollfreePhoneNumberSid from Step 3a>",
     "businessName": "...",
     "businessWebsite": "...",
@@ -118,11 +105,10 @@ The `tollfreePhoneNumberSid` is returned by the `sms_compliance_status` response
     "optInType": "VERBAL",
     "messageVolume": "100",
     "businessType": "SOLE_PROPRIETOR"
-  }
-}
+  }'
 ```
 
-The daemon validates all fields before submitting to Twilio and returns clear error messages for invalid values.
+The endpoint validates all fields before submitting to Twilio and returns clear error messages for invalid values.
 
 **On success:** The response contains `compliance.verificationSid` and `compliance.verificationStatus` (typically `PENDING_REVIEW`). Tell the user Twilio typically reviews within 1-5 business days.
 
@@ -130,36 +116,33 @@ The daemon validates all fields before submitting to Twilio and returns clear er
 
 **Step 3d: Update a rejected verification** (if `editAllowed` is true):
 
-```json
-{
-  "type": "twilio_config",
-  "action": "sms_update_tollfree_verification",
-  "verificationSid": "<sid from compliance status>",
-  "verificationParams": {
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s -X PATCH "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/compliance/tollfree/<verificationSid>" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{
     "businessName": "updated value",
     "useCaseSummary": "updated value"
-  }
-}
+  }'
 ```
 
-Only include fields that need to change. The daemon checks edit eligibility and expiration before attempting the update.
+Only include fields that need to change. The endpoint checks edit eligibility and expiration before attempting the update.
 
 **Step 3e: Delete and resubmit** (if editing is not allowed):
 
-```json
-{
-  "type": "twilio_config",
-  "action": "sms_delete_tollfree_verification",
-  "verificationSid": "<sid from compliance status>"
-}
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s -X DELETE "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/compliance/tollfree/<verificationSid>" \
+  -H "Authorization: Bearer $TOKEN"
 ```
 
 After deletion, return to Step 3b to collect information and resubmit. Warn the user that deleting resets their position in the review queue.
 
 **Common errors:**
 - `"Customer profiles submitted with verifications must be either ISV Starters or Secondary Customer Profiles"` — The number is linked to a Primary Customer Profile in Trust Hub, which blocks toll-free verification. Tell the user and suggest they resolve the profile assignment in the Twilio Console.
-- Missing required fields — The daemon validates and reports which fields are missing.
-- Invalid enum values — The daemon validates `optInType`, `messageVolume`, and `useCaseCategories` and reports valid values.
+- Missing required fields — The endpoint validates and reports which fields are missing.
+- Invalid enum values — The endpoint validates `optInType`, `messageVolume`, and `useCaseCategories` and reports valid values.
 
 **On success:** Tell the user the verification has been submitted and is now `PENDING_REVIEW`. Twilio typically reviews within 1-5 business days. They'll receive status updates at the notification email provided.
 
@@ -195,11 +178,31 @@ Tell the user: *"Let's send a test SMS to verify everything works. What phone nu
 
 **Trial account limitation:** On Twilio trial accounts, SMS can only be sent to verified phone numbers. If the send fails with a "not verified" error, tell the user to verify the recipient number in the Twilio Console under Verified Caller IDs, or upgrade their account.
 
-After the user provides a number, send a test message using the messaging tools:
-- Use `messaging_send` with `platform: "sms"`, `conversation_id: "<phone number>"`, and a test message like "Test SMS from your Vellum assistant."
-- Report the result honestly:
-  - If the send succeeds: *"The message was accepted by Twilio. Note: 'accepted' means Twilio received it for delivery, not that it reached the handset yet. Delivery can take a few seconds to a few minutes. If verification is still pending, carriers may silently drop the message."*
-  - If the send fails: report the error and suggest troubleshooting steps
+After the user provides a number, send a test message via the gateway:
+
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/test" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"phoneNumber":"<recipient phone number>","text":"Test SMS from your Vellum assistant."}'
+```
+
+Report the result honestly:
+- If the send succeeds: *"The message was accepted by Twilio. Note: 'accepted' means Twilio received it for delivery, not that it reached the handset yet. Delivery can take a few seconds to a few minutes. If verification is still pending, carriers may silently drop the message."*
+- If the send fails: report the error and suggest troubleshooting steps
+
+### SMS Diagnostics
+
+If the test fails or the user reports SMS issues, run the SMS doctor:
+
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/sms/doctor" \
+  -H "Authorization: Bearer $TOKEN"
+```
+
+This runs a comprehensive health diagnostic, checking channel readiness, compliance/toll-free verification status, and the last test result. Report the diagnostics and actionable items to the user.
 
 ## Step 5: Final Status Report
 
@@ -229,17 +232,3 @@ Common issues:
 - **"Twilio error on send"** — Check credentials, phone number assignment, and ingress
 - **"Trial account limitations"** — Explain that trial accounts can only send to verified numbers
 - **"Customer profiles must be ISV Starters or Secondary"** — The toll-free number is linked to a Primary Customer Profile in Trust Hub. Must be unlinked or reassigned before verification can be submitted.
-
-## Accessing the Twilio API
-
-The skill references IPC messages (`channel_readiness`, `twilio_config`) that are sent via Unix socket to the daemon. The assistant does not have an HTTP endpoint for IPC. Use the following pattern to send IPC messages:
-
-```bash
-cd "$(git rev-parse --show-toplevel)/assistant" && bun -e '
-import { sendOneMessage } from "./src/cli/ipc-client.js";
-const res = await sendOneMessage({ type: "twilio_config", action: "get" });
-console.log(JSON.stringify(res, null, 2));
-'
-```
-
-All compliance operations (status checks, verification submission, updates, and deletion) are handled through the `twilio_config` IPC actions — no direct Twilio REST calls are needed.

package/src/config/vellum-skills/trusted-contacts/SKILL.md

@@ -254,6 +254,8 @@ INVITE_JSON=$(curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/invites" \
   -d '{
     "sourceChannel": "voice",
     "expectedExternalUserId": "<phone_number_E164>",
+    "friendName": "<invitee display name>",
+    "guardianName": "<guardian display name>",
     "maxUses": 1,
     "note": "<optional note, e.g. the person it is for>"
   }')
@@ -263,6 +265,8 @@ printf '%s\n' "$INVITE_JSON"
 Required fields:
 - `sourceChannel` — must be `"voice"`
 - `expectedExternalUserId` — the invitee's phone number in E.164 format (e.g., `+15551234567`)
+- `friendName` — the invitee's display name (e.g., "Mom", "Dr. Smith"). Used during the voice verification call to personalize the experience.
+- `guardianName` — the guardian's display name (e.g., "Alex"). Used during the voice verification call so the invitee knows who invited them.
 
 Optional fields:
 - `maxUses` — how many times the code can be used (default: 1)
@@ -270,8 +274,9 @@ Optional fields:
 - ~~`voiceCodeDigits`~~ — always 6 digits; this parameter is accepted but ignored
 - `note` — a human-readable label for the invite (e.g., "For Mom", "Dr. Smith")
 
-The create response contains `{ ok: true, invite: { id, voiceCode, expectedExternalUserId, ... } }`.
+The create response contains `{ ok: true, invite: { id, voiceCode, expectedExternalUserId, friendName, guardianName, ... } }`.
 - `voiceCode` is the numeric code the invitee must enter and is only returned at creation time.
+- `friendName` and `guardianName` are echoed back in the response.
 - Voice invite responses do **not** include `token` or `share.url`. Do not try to build or send a deep link for voice invites.
 
 **Presenting to the guardian**: Give the guardian clear instructions to relay to the invitee:
@@ -348,6 +353,8 @@ Replace `<invite_id>` with the invite's `id` from the list response. The same re
   - `sourceChannel is required for create` — when creating an invite, always pass `"sourceChannel": "telegram"` for Telegram or `"sourceChannel": "voice"` for voice invites.
   - `expectedExternalUserId is required for voice invites` — voice invites must include the invitee's phone number.
   - `expectedExternalUserId must be in E.164 format` — the phone number must start with `+` followed by country code and number (e.g., `+15551234567`).
+  - `friendName is required for voice invites` — voice invites must include the invitee's display name.
+  - `guardianName is required for voice invites` — voice invites must include the guardian's display name.
   - `Invite not found or already revoked` — the invite ID may be invalid or the invite is already revoked.
 
 ## Typical Workflows

package/src/config/vellum-skills/twilio-setup/SKILL.md

@@ -6,7 +6,26 @@ includes: ["public-ingress"]
 metadata: {"vellum": {"emoji": "\ud83d\udcf1"}}
 ---
 
-You are helping your user configure Twilio for voice calls and SMS messaging. Twilio is the shared telephony provider for both the **phone-calls** and **SMS messaging** capabilities. When this skill is invoked, walk through each step below using the `twilio_config` IPC contract and existing tools.
+You are helping your user configure Twilio for voice calls and SMS messaging. Twilio is the shared telephony provider for both the **phone-calls** and **SMS messaging** capabilities. When this skill is invoked, walk through each step below using the Twilio HTTP control-plane endpoints and existing tools.
+
+## Quick Start
+
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+# 1. Check current status
+curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
+  -H "Authorization: Bearer $TOKEN"
+# 2. Store credentials (after collecting via credential_store prompt)
+curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/credentials" \
+  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
+  -d '{"accountSid":"ACxxx","authToken":"xxx"}'
+# 3. Provision or assign a number
+curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers/provision" \
+  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
+  -d '{"country":"US","areaCode":"415"}'
+```
+
+For voice call setup after Twilio is configured, use `phone-calls` + `call_start`.
 
 ## Overview
 
@@ -16,42 +35,40 @@ This skill manages the full Twilio lifecycle:
 - **Phone number assignment** — Assign an existing Twilio number to the assistant
 - **Status checking** — Verify credentials and assigned number
 
-All operations go through the `twilio_config` IPC handler on the daemon, which validates inputs, stores credentials securely, and manages phone number state.
+All operations go through the Twilio HTTP control-plane endpoints on the gateway, which validates inputs, stores credentials securely, and manages phone number state.
 
 ### Multi-Assistant Setups
 
-In a multi-assistant environment (multiple assistants sharing the same daemon), some `twilio_config` actions are **assistant-scoped** while others are **global** (shared across all assistants):
+In a multi-assistant environment (multiple assistants sharing the same daemon), some actions are **assistant-scoped** while others are **global** (shared across all assistants):
 
 **Global actions** (ignore `assistantId` — credentials are shared across all assistants):
-- `set_credentials` — Stores Account SID and Auth Token in global secure storage (`credential:twilio:*` keys). All assistants share the same Twilio account credentials.
-- `clear_credentials` — Removes the globally stored Account SID and Auth Token. This affects all assistants.
+- `POST /v1/integrations/twilio/credentials` — Stores Account SID and Auth Token in global secure storage (`credential:twilio:*` keys). All assistants share the same Twilio account credentials.
+- `DELETE /v1/integrations/twilio/credentials` — Removes the globally stored Account SID and Auth Token. This affects all assistants.
 
-**Assistant-scoped actions** (use `assistantId` to scope phone number configuration per assistant):
-- `get` — Returns the phone number assigned to the specified assistant (falls back to the legacy global number if no per-assistant mapping exists).
-- `assign_number` — Assigns a phone number to a specific assistant via the per-assistant mapping.
-- `provision_number` — Provisions a new number and assigns it to the specified assistant.
-- `list_numbers` — Lists all phone numbers on the shared Twilio account (uses global credentials).
+**Assistant-scoped actions** (use `assistantId` query parameter to scope phone number configuration per assistant):
+- `GET /v1/integrations/twilio/config` — Returns the phone number assigned to the specified assistant (falls back to the legacy global number if no per-assistant mapping exists).
+- `POST /v1/integrations/twilio/numbers/assign` — Assigns a phone number to a specific assistant via the per-assistant mapping.
+- `POST /v1/integrations/twilio/numbers/provision` — Provisions a new number and assigns it to the specified assistant.
+- `GET /v1/integrations/twilio/numbers` — Lists all phone numbers on the shared Twilio account (uses global credentials).
 
-Include `assistantId` in assistant-scoped actions whenever:
+Include `assistantId` as a query parameter in assistant-scoped requests whenever:
 - Multiple assistants share the same Twilio account but use different phone numbers
 - You want to ensure configuration changes only affect a specific assistant
 - The user has explicitly selected or referenced a particular assistant
 
-All IPC examples below include the optional `assistantId` field in assistant-scoped actions. Omit it in single-assistant setups. For global actions (`set_credentials`, `clear_credentials`), the `assistantId` field is accepted but ignored.
+All HTTP examples below include the optional `assistantId` query parameter in assistant-scoped requests. Omit it in single-assistant setups. For global actions (credentials), the `assistantId` parameter is accepted but ignored.
 
 ## Step 1: Check Current Configuration
 
-First, check whether Twilio is already configured by sending the `twilio_config` IPC message with `action: "get"`:
+First, check whether Twilio is already configured:
 
-```json
-{
-  "type": "twilio_config",
-  "action": "get",
-  "assistantId": "<optional — omit for single-assistant setups>"
-}
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
+  -H "Authorization: Bearer $TOKEN"
 ```
 
-The daemon returns a `twilio_config_response` with:
+The response includes:
 - `hasCredentials` — whether Account SID and Auth Token are stored
 - `phoneNumber` — the currently assigned phone number (if any)
 
@@ -71,20 +88,19 @@ If credentials are not yet stored, guide the user through Twilio account setup:
 - Call `credential_store` with `action: "prompt"`, `service: "twilio"`, `field: "account_sid"`, `label: "Twilio Account SID"`, `description: "Enter your Account SID from the Twilio Console dashboard"`, and `placeholder: "ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"`.
 - Call `credential_store` with `action: "prompt"`, `service: "twilio"`, `field: "auth_token"`, `label: "Twilio Auth Token"`, `description: "Enter your Auth Token from the Twilio Console dashboard"`, and `placeholder: "your_auth_token"`.
 
-After both credentials are collected, retrieve them from secure storage and pass them to the daemon:
+After both credentials are collected, retrieve them from secure storage and send them to the gateway:
 
-```json
-{
-  "type": "twilio_config",
-  "action": "set_credentials",
-  "accountSid": "<value from credential_store for twilio/account_sid>",
-  "authToken": "<value from credential_store for twilio/auth_token>"
-}
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/credentials" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"accountSid":"<value from credential_store for twilio/account_sid>","authToken":"<value from credential_store for twilio/auth_token>"}'
 ```
 
-Both `accountSid` and `authToken` are required — the daemon validates the credentials against the Twilio API before storing them. If credentials are invalid, the daemon returns an error. Tell the user and ask them to re-enter via the secure prompt.
+Both `accountSid` and `authToken` are required — the endpoint validates the credentials against the Twilio API before storing them. If credentials are invalid, the response returns an error. Tell the user and ask them to re-enter via the secure prompt.
 
-**Note:** `set_credentials` is a global operation — credentials are stored once and shared across all assistants. The `assistantId` field is accepted but ignored.
+**Note:** Setting credentials is a global operation — credentials are stored once and shared across all assistants. The `assistantId` parameter is accepted but ignored.
 
 ## Step 3: Get a Phone Number
 
@@ -92,24 +108,22 @@ The assistant needs a phone number to make calls and send SMS. There are two pat
 
 ### Option A: Provision a New Number
 
-If the user wants to buy a new number through Twilio, send:
+If the user wants to buy a new number through Twilio:
 
-```json
-{
-  "type": "twilio_config",
-  "action": "provision_number",
-  "areaCode": "415",
-  "country": "US",
-  "assistantId": "<optional — omit for single-assistant setups>"
-}
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers/provision" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"country":"US","areaCode":"415"}'
 ```
 
 - `areaCode` is optional — ask the user if they have a preferred area code
 - `country` defaults to `"US"` — ask if they want a different country (ISO 3166-1 alpha-2)
 
-The daemon provisions the number via the Twilio API, automatically assigns it to the assistant (persisting to both secure storage and config), and configures Twilio webhooks (voice, status callback, SMS) if a public ingress URL is available. The response includes the new `phoneNumber`. No separate `assign_number` call is needed.
+The endpoint provisions the number via the Twilio API, automatically assigns it to the assistant (persisting to both secure storage and config), and configures Twilio webhooks (voice, status callback, SMS) if a public ingress URL is available. The response includes the new `phoneNumber`. No separate assign call is needed.
 
-**Webhook auto-configuration:** When `ingress.publicBaseUrl` is configured, the daemon automatically sets the following webhooks on the Twilio phone number:
+**Webhook auto-configuration:** When `ingress.publicBaseUrl` is configured, the endpoint automatically sets the following webhooks on the Twilio phone number:
 - Voice webhook: `{publicBaseUrl}/webhooks/twilio/voice`
 - Voice status callback: `{publicBaseUrl}/webhooks/twilio/status`
 - SMS webhook: `{publicBaseUrl}/webhooks/twilio/sms`
@@ -122,28 +136,25 @@ If ingress is not yet configured, webhook setup is skipped gracefully — the nu
 
 If the user already has a Twilio phone number, first list available numbers:
 
-```json
-{
-  "type": "twilio_config",
-  "action": "list_numbers",
-  "assistantId": "<optional — omit for single-assistant setups>"
-}
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers" \
+  -H "Authorization: Bearer $TOKEN"
 ```
 
 The response includes a `numbers` array with each number's `phoneNumber`, `friendlyName`, and `capabilities` (voice, SMS). Present these to the user and let them choose.
 
 Then assign the chosen number:
 
-```json
-{
-  "type": "twilio_config",
-  "action": "assign_number",
-  "phoneNumber": "+14155551234",
-  "assistantId": "<optional — omit for single-assistant setups>"
-}
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers/assign" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"phoneNumber":"+14155551234"}'
 ```
 
-The phone number must be in E.164 format. Like `provision_number`, `assign_number` also auto-configures Twilio webhooks when a public ingress URL is available.
+The phone number must be in E.164 format. Like provisioning, assigning also auto-configures Twilio webhooks when a public ingress URL is available.
 
 ### Option C: Manual Entry
 
@@ -153,15 +164,14 @@ If the user wants to enter a number directly (e.g., they know it already), store
 credential_store action=store service=twilio field=phone_number value=+14155551234
 ```
 
-Then assign it through the IPC:
+Then assign it through the gateway:
 
-```json
-{
-  "type": "twilio_config",
-  "action": "assign_number",
-  "phoneNumber": "+14155551234",
-  "assistantId": "<optional — omit for single-assistant setups>"
-}
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s -X POST "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/numbers/assign" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"phoneNumber":"+14155551234"}'
 ```
 
 ## Step 4: Set Up Public Ingress
@@ -187,11 +197,17 @@ skill_load skill=public-ingress
 - ConversationRelay WebSocket: `{publicBaseUrl}/webhooks/twilio/relay` (wss://)
 - SMS webhook: `{publicBaseUrl}/webhooks/twilio/sms`
 
-Webhook URLs are automatically configured on the Twilio phone number when `provision_number` or `assign_number` is called with a valid ingress URL. No manual Twilio Console webhook configuration is needed.
+Webhook URLs are automatically configured on the Twilio phone number when provisioning or assigning a number with a valid ingress URL. No manual Twilio Console webhook configuration is needed.
 
 ## Step 5: Verify Setup
 
-After configuration, verify by sending `twilio_config` with `action: "get"` again.
+After configuration, verify by checking the config endpoint again.
+
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config" \
+  -H "Authorization: Bearer $TOKEN"
+```
 
 Confirm:
 - `hasCredentials` is `true`
@@ -251,18 +267,17 @@ SMS is available automatically once Twilio is configured — no additional featu
 
 ## Clearing Credentials
 
-If the user wants to disconnect Twilio, send:
+If the user wants to disconnect Twilio:
 
-```json
-{
-  "type": "twilio_config",
-  "action": "clear_credentials"
-}
+```bash
+TOKEN=$(cat ~/.vellum/http-token)
+curl -s -X DELETE "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/credentials" \
+  -H "Authorization: Bearer $TOKEN"
 ```
 
 This removes the stored Account SID and Auth Token. Phone number assignments are preserved. Voice calls and SMS will stop working until credentials are reconfigured.
 
-**Note:** `clear_credentials` is a global operation — it removes credentials for all assistants, not just the current one. The `assistantId` field is accepted but ignored. In multi-assistant setups, warn the user that clearing credentials will affect all assistants sharing this Twilio account.
+**Note:** Clearing credentials is a global operation — it removes credentials for all assistants, not just the current one. The `assistantId` parameter is accepted but ignored. In multi-assistant setups, warn the user that clearing credentials will affect all assistants sharing this Twilio account.
 
 ## Troubleshooting
 
@@ -284,5 +299,5 @@ Run Step 3 to provision or assign a phone number.
 
 ### "Number not found" when assigning
 - The number must be owned by the same Twilio account
-- Use `list_numbers` to see available numbers
+- Use the list numbers endpoint to see available numbers
 - Ensure the number is in E.164 format (`+` followed by country code and number)

package/src/daemon/call-pointer-generators.ts

@@ -0,0 +1,59 @@
+import {
+  buildPointerGenerationPrompt,
+  getPointerFallbackMessage,
+  includesRequiredFacts,
+  POINTER_COPY_MAX_TOKENS,
+  POINTER_COPY_SYSTEM_PROMPT,
+  POINTER_COPY_TIMEOUT_MS,
+} from '../calls/call-pointer-message-composer.js';
+import { loadConfig } from '../config/loader.js';
+import { getFailoverProvider } from '../providers/registry.js';
+import type { PointerCopyGenerator } from '../runtime/http-types.js';
+
+/**
+ * Create the daemon-owned pointer copy generator that resolves providers
+ * and calls `provider.sendMessage` to generate pointer message text.
+ * This keeps all provider awareness in the daemon lifecycle, away from
+ * the runtime composer.
+ */
+export function createPointerCopyGenerator(): PointerCopyGenerator {
+  return async (context, options = {}) => {
+    const config = loadConfig();
+    let provider;
+    try {
+      provider = getFailoverProvider(config.provider, config.providerOrder);
+    } catch {
+      return null;
+    }
+
+    const fallbackText = options.fallbackText?.trim() || getPointerFallbackMessage(context);
+    const requiredFacts = options.requiredFacts
+      ?.map((f) => f.trim())
+      .filter((f) => f.length > 0);
+    const prompt = buildPointerGenerationPrompt(context, fallbackText, requiredFacts);
+
+    const response = await provider.sendMessage(
+      [{ role: 'user', content: [{ type: 'text', text: prompt }] }],
+      [],
+      POINTER_COPY_SYSTEM_PROMPT,
+      {
+        config: {
+          max_tokens: options.maxTokens ?? POINTER_COPY_MAX_TOKENS,
+          modelIntent: 'latency-optimized',
+        },
+        signal: AbortSignal.timeout(options.timeoutMs ?? POINTER_COPY_TIMEOUT_MS),
+      },
+    );
+
+    const block = response.content.find((entry) => entry.type === 'text');
+    const text = block && 'text' in block ? block.text.trim() : '';
+    if (!text) return null;
+    const cleaned = text
+      .replace(/^["'`]+/, '')
+      .replace(/["'`]+$/, '')
+      .trim();
+    if (!cleaned) return null;
+    if (!includesRequiredFacts(cleaned, requiredFacts)) return null;
+    return cleaned;
+  };
+}

package/src/daemon/computer-use-session.ts

@@ -79,7 +79,7 @@ export class ComputerUseSession {
   private pendingSurfaceActions = new Map<string, {
     resolve: (result: ToolExecutionResult) => void;
   }>();
-  private surfaceState = new Map<string, { surfaceType: SurfaceType; data: SurfaceData }>();
+  private surfaceState = new Map<string, { surfaceType: SurfaceType; data: SurfaceData; title?: string }>();
   private terminalNotified = false;
   private prompter: PermissionPrompter | null = null;
 
@@ -337,7 +337,7 @@ export class ComputerUseSession {
         const awaitAction = (input.await_action as boolean) ?? isInteractive;
 
         // Track surface state for ui_update merging
-        this.surfaceState.set(surfaceId, { surfaceType, data });
+        this.surfaceState.set(surfaceId, { surfaceType, data, title });
 
         this.sendToClient({
           type: 'ui_surface_show',
@@ -532,9 +532,6 @@ export class ComputerUseSession {
         maxTokens: 4096,
         maxInputTokens: cuConfig.contextWindow.maxInputTokens,
         toolChoice: { type: 'any' },
-        // Allow MAX_STEPS non-terminal actions plus one terminal turn
-        // (computer_use_done/computer_use_respond), since AgentLoop caps tool turns globally.
-        maxToolUseTurns: MAX_STEPS + 1,
       },
       toolDefs,
       toolExecutor,