@vellumai/vellum-gateway 0.4.16 → 0.4.18

package/ARCHITECTURE.md

@@ -326,7 +326,7 @@ Runtime detects needs_confirmation
 
 **Proactive expiry sweep:** The runtime runs a periodic sweep every 60 seconds (`sweepExpiredGuardianApprovals`) that finds guardian approval requests past the 30-minute TTL, auto-denies the underlying runs, and notifies both the requester and guardian via the gateway's per-channel `/deliver/<channel>` endpoint. This ensures expired approvals are closed without waiting for follow-up traffic from either party. The sweep is started automatically whenever a run orchestrator is available.
 
-**Gateway-origin ingress contract:** The `/channels/inbound` endpoint requires a valid `X-Gateway-Origin` header to prove the request originated from the gateway. When `RUNTIME_GATEWAY_ORIGIN_SECRET` is set, it is the expected header value. When not set, the runtime falls back to the bearer token. When neither is configured (local dev), validation is skipped. The gateway sends this header on all runtime-bound requests via its `runtimeHeaders()` helper. Constant-time comparison prevents timing attacks.
+**Gateway-origin ingress contract:** The JWT token exchanged during gateway-to-runtime authentication proves gateway origin (via the `aud=vellum-daemon` claim). No separate header is required.
 
 **Key modules:**
 
@@ -395,8 +395,8 @@ sequenceDiagram
     User->>TG: <replies with code>
     TG->>GW: POST /webhooks/telegram (webhook secret validated)
     GW->>GW: Verify webhook secret, normalize update
-    GW->>Daemon: POST /v1/channels/inbound (X-Gateway-Origin proof)
-    Daemon->>Daemon: Verify gateway-origin proof
+    GW->>Daemon: POST /v1/channels/inbound (JWT auth)
+    Daemon->>Daemon: Verify JWT auth
     Daemon->>Daemon: Hash secret, find pending challenge, validate expiry
     Daemon->>Daemon: Consume challenge (replay prevention)
     Daemon->>Daemon: Revoke existing binding (if any)
@@ -413,8 +413,8 @@ The channel inbound handler (`inbound-message-handler.ts`) evaluates incoming me
 
 ```mermaid
 flowchart TD
-    MSG["Inbound message arrives<br/>POST /channels/inbound"] --> GW_CHECK{"Gateway-origin<br/>proof valid?"}
-    GW_CHECK -- No --> REJECT_403["403 GATEWAY_ORIGIN_REQUIRED"]
+    MSG["Inbound message arrives<br/>POST /channels/inbound"] --> GW_CHECK{"JWT auth<br/>valid?"}
+    GW_CHECK -- No --> REJECT_403["403 Unauthorized"]
     GW_CHECK -- Yes --> HAS_SENDER{"actorExternalId<br/>present?"}
 
     HAS_SENDER -- Yes --> ACL_LOOKUP["Look up ingress member<br/>by (channel, userId/chatId)"]
@@ -465,7 +465,7 @@ sequenceDiagram
 
     NG->>TG: Message triggers tool use
     TG->>GW: POST /webhooks/telegram
-    GW->>Daemon: POST /v1/channels/inbound (X-Gateway-Origin proof)
+    GW->>Daemon: POST /v1/channels/inbound (JWT auth)
     Daemon->>Daemon: Detect non-guardian, set forceStrictSideEffects
     Daemon->>Daemon: Tool needs confirmation → create GuardianApprovalRequest
     Daemon->>GW: POST /deliver/telegram (approval prompt + inline keyboard)
@@ -474,7 +474,7 @@ sequenceDiagram
     GW-->>NG: "Waiting for guardian approval..."
     Guardian->>TG: Approve / Deny (callback_query or text)
     TG->>GW: POST /webhooks/telegram (callback_query)
-    GW->>Daemon: POST /v1/channels/inbound (X-Gateway-Origin proof)
+    GW->>Daemon: POST /v1/channels/inbound (JWT auth)
     Daemon->>Daemon: Validate guardian identity, update approval decision
     Daemon->>Daemon: Apply decision to pending run
     Daemon->>GW: POST /deliver/telegram (outcome notification)

package/README.md

@@ -41,7 +41,6 @@ bun run dev
 | `GATEWAY_RUNTIME_PROXY_ENABLED` | No | `false` | Enable runtime proxy for non-Telegram requests |
 | `GATEWAY_RUNTIME_PROXY_REQUIRE_AUTH` | No | `true` | Require bearer auth for proxied requests |
 | `RUNTIME_BEARER_TOKEN` | No | `~/.vellum/http-token` (if present) | Bearer token used by gateway when forwarding requests to assistant runtime internal endpoints (Twilio/OAuth/proxy upstream). |
-| `RUNTIME_GATEWAY_ORIGIN_SECRET` | No | Falls back to `RUNTIME_BEARER_TOKEN` | Dedicated secret sent as the `X-Gateway-Origin` header on `/channels/inbound` requests to prove gateway origin. When not set, the gateway falls back to sending `RUNTIME_BEARER_TOKEN` as the origin proof. Both gateway and runtime must share the same value. |
 | `RUNTIME_PROXY_BEARER_TOKEN` | Conditional | — | Bearer token for proxy auth (required when proxy + auth enabled) |
 | `GATEWAY_SHUTDOWN_DRAIN_MS` | No | `5000` | Graceful shutdown drain window in milliseconds |
 | `GATEWAY_RUNTIME_TIMEOUT_MS` | No | `30000` | Timeout for runtime HTTP calls (ms) |
@@ -291,7 +290,7 @@ The gateway is the **sole public ingress point** for all external webhooks, incl
 Inbound SMS follows the same gateway-only pattern as voice and Telegram:
 
 1. **Twilio → Gateway** (`/webhooks/twilio/sms`) — Gateway validates `X-Twilio-Signature` using HMAC-SHA1 with the configured `TWILIO_AUTH_TOKEN`.
-2. **Gateway → Runtime** (`/v1/channels/inbound`) — Gateway forwards the normalized event to the runtime with `X-Gateway-Origin` proof and bearer auth.
+2. **Gateway → Runtime** (`/v1/channels/inbound`) — Gateway forwards the normalized event to the runtime with JWT bearer auth.
 3. **Runtime rejects direct SMS webhooks** — Any direct POST to `/webhooks/twilio/sms` or `/v1/calls/twilio/sms` on the runtime returns `410 GATEWAY_ONLY`.
 
 ### Signature URL Tightening
@@ -413,7 +412,7 @@ See [`benchmarking/gateway/README.md`](../benchmarking/gateway/README.md) for lo
 | "No route configured" replies | Add a routing entry or set `GATEWAY_UNMAPPED_POLICY=default` with a default assistant |
 | Runtime errors | Is `ASSISTANT_RUNTIME_BASE_URL` reachable? Check runtime logs. |
 | No reply from assistant | Is the assistant runtime processing messages? Check for `RUNTIME_HTTP_PORT` env var. |
-| 403 `GATEWAY_ORIGIN_REQUIRED` on channel inbound | The runtime rejected the request because it lacks a valid `X-Gateway-Origin` header. Ensure `RUNTIME_GATEWAY_ORIGIN_SECRET` (or `RUNTIME_BEARER_TOKEN` / `~/.vellum/http-token` as fallback) is set on both the gateway and runtime so they share the same secret. |
+| 403 on channel inbound | The runtime rejected the request because JWT authentication failed. Ensure the gateway and runtime share the same signing key (`~/.vellum/protected/actor-token-signing-key`). |
 
 ### Guardian-Specific Troubleshooting
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/vellum-gateway",
-  "version": "0.4.16",
+  "version": "0.4.18",
   "type": "module",
   "exports": {
     "./twilio/verify": "./src/twilio/verify.ts",

package/src/__tests__/browser-relay-websocket.test.ts

@@ -1,10 +1,26 @@
 import { describe, test, expect, mock, beforeEach, afterAll } from "bun:test";
 import type { GatewayConfig } from "../config.js";
+import { initSigningKey, mintToken } from "../auth/token-service.js";
+import { CURRENT_POLICY_EPOCH } from "../auth/policy.js";
 import {
   createBrowserRelayWebsocketHandler,
   getBrowserRelayWebsocketHandlers,
 } from "../http/routes/browser-relay-websocket.js";
 
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
+
+/** Mint a valid edge JWT for browser relay auth. */
+function mintEdgeToken(): string {
+  return mintToken({
+    aud: 'vellum-gateway',
+    sub: 'actor:test-assistant:test-user',
+    scope_profile: 'actor_client_v1',
+    policy_epoch: CURRENT_POLICY_EPOCH,
+    ttlSeconds: 300,
+  });
+}
+
 const WS_CONNECTING = WebSocket.CONNECTING; // 0
 const WS_OPEN = WebSocket.OPEN; // 1
 const WS_CLOSED = WebSocket.CLOSED; // 3
@@ -95,7 +111,7 @@ function createFakeUpstreamWs() {
 }
 
 describe("createBrowserRelayWebsocketHandler", () => {
-  const TEST_TOKEN = "relay-token-abc123";
+  const TEST_TOKEN = mintEdgeToken();
 
   test("upgrades when token query parameter is valid", () => {
     const config = makeConfig({});
@@ -238,7 +254,8 @@ describe("getBrowserRelayWebsocketHandlers", () => {
     handlers.message(ws as never, "hello-before-open");
 
     const MockWS = globalThis.WebSocket as unknown as ReturnType<typeof mock>;
-    expect(MockWS).toHaveBeenCalledWith("ws://runtime.internal:7821/v1/browser-relay?token=runtime-token");
+    const calledUrl = (MockWS.mock.calls[0] as unknown[])[0] as string;
+    expect(calledUrl).toMatch(/^ws:\/\/runtime\.internal:7821\/v1\/browser-relay\?token=ey/);
 
     fakeUpstream.readyState = WS_OPEN;
     fakeUpstream.emit("open");

package/src/__tests__/config.test.ts

@@ -1,4 +1,4 @@
-import { mkdirSync, mkdtempSync, rmSync, writeFileSync, unlinkSync } from "node:fs";
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { describe, test, expect } from "bun:test";
 import { tmpdir } from "node:os";
 import { join } from "node:path";

package/src/__tests__/guardian-control-plane-proxy.test.ts

@@ -1,5 +1,9 @@
 import { describe, test, expect, mock, afterEach } from "bun:test";
 import type { GatewayConfig } from "../config.js";
+import { initSigningKey } from "../auth/token-service.js";
+
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
 
 type FetchFn = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
 let fetchMock: ReturnType<typeof mock<FetchFn>> = mock(async () => new Response());
@@ -101,7 +105,7 @@ describe("guardian control-plane proxy", () => {
     ]);
   });
 
-  test("replaces caller auth with runtime auth and forwards gateway-origin proof", async () => {
+  test("replaces caller auth with runtime auth", async () => {
     let capturedHeaders: Headers | undefined;
     let capturedBody = "";
     fetchMock = mock(async (_input: string | URL | Request, init?: RequestInit) => {
@@ -127,8 +131,7 @@ describe("guardian control-plane proxy", () => {
 
     expect(res.status).toBe(200);
     expect(capturedBody).toBe('{"channel":"voice","destination":"+15551234567"}');
-    expect(capturedHeaders?.get("authorization")).toBe("Bearer runtime-token");
-    expect(capturedHeaders?.get("X-Gateway-Origin")).toBe("gateway-origin");
+    expect(capturedHeaders?.get("authorization")).toMatch(/^Bearer ey/);
     expect(capturedHeaders?.has("host")).toBe(false);
   });
 

package/src/__tests__/ingress-control-plane-proxy.test.ts

@@ -1,5 +1,9 @@
 import { describe, test, expect, mock, afterEach } from "bun:test";
 import type { GatewayConfig } from "../config.js";
+import { initSigningKey } from "../auth/token-service.js";
+
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
 
 type FetchFn = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
 let fetchMock: ReturnType<typeof mock<FetchFn>> = mock(async () => new Response());
@@ -116,7 +120,7 @@ describe("ingress control-plane proxy", () => {
     ]);
   });
 
-  test("replaces caller auth with runtime auth and forwards gateway-origin proof", async () => {
+  test("replaces caller auth with runtime auth", async () => {
     let capturedHeaders: Headers | undefined;
     fetchMock = mock(async (_input: string | URL | Request, init?: RequestInit) => {
       capturedHeaders = init?.headers as unknown as Headers;
@@ -136,8 +140,7 @@ describe("ingress control-plane proxy", () => {
     );
 
     expect(res.status).toBe(200);
-    expect(capturedHeaders?.get("authorization")).toBe("Bearer runtime-token");
-    expect(capturedHeaders?.get("X-Gateway-Origin")).toBe("gateway-origin");
+    expect(capturedHeaders?.get("authorization")).toMatch(/^Bearer ey/);
     expect(capturedHeaders?.has("host")).toBe(false);
   });
 

package/src/__tests__/oauth-callback.test.ts

@@ -1,5 +1,9 @@
 import { describe, test, expect, mock, afterEach } from "bun:test";
 import type { GatewayConfig } from "../config.js";
+import { initSigningKey } from "../auth/token-service.js";
+
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
 
 type FetchFn = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
 let fetchMock: ReturnType<typeof mock<FetchFn>> = mock(async () => new Response());
@@ -96,7 +100,7 @@ describe("OAuth callback handler", () => {
     expect(sentBody.error).toBeUndefined();
 
     const headers = calledInit.headers as Record<string, string>;
-    expect(headers["Authorization"]).toBe("Bearer rt-token");
+    expect(headers["Authorization"]).toMatch(/^Bearer ey/);
   });
 
   test("missing state parameter returns 400 error page", async () => {
@@ -317,7 +321,7 @@ describe("OAuth callback handler", () => {
     expect(fetchMock.mock.calls.length).toBe(MAX_CONSUMED_STATES + 1);
   });
 
-  test("omits Authorization header when runtimeBearerToken is undefined", async () => {
+  test("always sends JWT Authorization header to runtime", async () => {
     fetchMock = mock(async () =>
       Response.json({ ok: true }, { status: 200 }),
     );
@@ -334,6 +338,6 @@ describe("OAuth callback handler", () => {
 
     const calledInit = (fetchMock.mock.calls[0] as unknown[])[1] as RequestInit;
     const headers = calledInit.headers as Record<string, string>;
-    expect(headers["Authorization"]).toBeUndefined();
+    expect(headers["Authorization"]).toMatch(/^Bearer ey/);
   });
 });

package/src/__tests__/runtime-client.test.ts

@@ -1,6 +1,10 @@
 import { describe, test, expect, mock, afterEach } from "bun:test";
 import type { RuntimeAttachmentMeta, RuntimeInboundPayload } from "../runtime/client.js";
 import type { GatewayConfig } from "../config.js";
+import { initSigningKey } from "../auth/token-service.js";
+
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
 
 type FetchFn = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
 let fetchMock: ReturnType<typeof mock<FetchFn>> = mock(async () => new Response());
@@ -182,7 +186,7 @@ describe("forwardToRuntime", () => {
     expect(attachments[0].kind).toBe("generated_image");
   });
 
-  test("sends Authorization header when runtimeBearerToken is configured", async () => {
+  test("sends JWT Authorization header to runtime", async () => {
     fetchMock = mock(async () =>
       new Response(JSON.stringify(successBody), { status: 200 }),
     );
@@ -192,20 +196,7 @@ describe("forwardToRuntime", () => {
 
     const calledInit = (fetchMock.mock.calls[0] as unknown[])[1] as RequestInit;
     const headers = calledInit.headers as Record<string, string>;
-    expect(headers["Authorization"]).toBe("Bearer my-secret-token");
-  });
-
-  test("omits Authorization header when runtimeBearerToken is undefined", async () => {
-    fetchMock = mock(async () =>
-      new Response(JSON.stringify(successBody), { status: 200 }),
-    );
-
-    const config = makeConfig();
-    await forwardToRuntime(config, payload);
-
-    const calledInit = (fetchMock.mock.calls[0] as unknown[])[1] as RequestInit;
-    const headers = calledInit.headers as Record<string, string>;
-    expect(headers["Authorization"]).toBeUndefined();
+    expect(headers["Authorization"]).toMatch(/^Bearer ey/);
   });
 });
 
@@ -282,7 +273,7 @@ describe("forwardTwilioVoiceWebhook", () => {
     expect(sentBody.originalUrl).toBe(originalUrl);
 
     const headers = calledInit.headers as Record<string, string>;
-    expect(headers["Authorization"]).toBe("Bearer rt-tok");
+    expect(headers["Authorization"]).toMatch(/^Bearer ey/);
   });
 });
 

package/src/__tests__/runtime-health-proxy.test.ts

@@ -1,5 +1,9 @@
 import { describe, test, expect, mock, afterEach } from "bun:test";
 import type { GatewayConfig } from "../config.js";
+import { initSigningKey } from "../auth/token-service.js";
+
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
 
 type FetchFn = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
 let fetchMock: ReturnType<typeof mock<FetchFn>> = mock(async () => new Response());
@@ -84,7 +88,7 @@ describe("runtime health proxy", () => {
     expect(await res.json()).toEqual({ status: "healthy" });
   });
 
-  test("replaces caller auth with runtime auth and forwards gateway-origin proof", async () => {
+  test("replaces caller auth with runtime auth", async () => {
     let capturedHeaders: Headers | undefined;
     fetchMock = mock(async (_input: string | URL | Request, init?: RequestInit) => {
       capturedHeaders = init?.headers as unknown as Headers;
@@ -102,8 +106,7 @@ describe("runtime health proxy", () => {
     );
 
     expect(res.status).toBe(200);
-    expect(capturedHeaders?.get("authorization")).toBe("Bearer runtime-token");
-    expect(capturedHeaders?.get("X-Gateway-Origin")).toBe("gateway-origin");
+    expect(capturedHeaders?.get("authorization")).toMatch(/^Bearer ey/);
     expect(capturedHeaders?.has("host")).toBe(false);
   });
 

package/src/__tests__/runtime-proxy-auth.test.ts

@@ -1,4 +1,4 @@
-import { describe, test, expect, mock, afterEach, beforeAll } from "bun:test";
+import { describe, test, expect, mock, afterEach } from "bun:test";
 import type { GatewayConfig } from "../config.js";
 import { initSigningKey, mintToken } from "../auth/token-service.js";
 import { CURRENT_POLICY_EPOCH } from "../auth/policy.js";

package/src/__tests__/runtime-proxy.test.ts

@@ -1,5 +1,9 @@
 import { describe, test, expect, mock, afterEach } from "bun:test";
 import type { GatewayConfig } from "../config.js";
+import { initSigningKey } from "../auth/token-service.js";
+
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
 
 type FetchFn = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
 let fetchMock: ReturnType<typeof mock<FetchFn>> = mock(async () => new Response());
@@ -223,7 +227,7 @@ describe("runtime proxy handler", () => {
     expect(capturedSignal).toBeInstanceOf(AbortSignal);
   });
 
-  test("forwards authorization header when auth is not required", async () => {
+  test("replaces client authorization with JWT service token when auth is not required", async () => {
     let capturedHeaders: Headers | undefined;
     fetchMock = mock(async (_input: string | URL | Request, init?: RequestInit) => {
       capturedHeaders = init?.headers as unknown as Headers;
@@ -236,10 +240,11 @@ describe("runtime proxy handler", () => {
     });
     await handler(req);
 
-    expect(capturedHeaders!.get("authorization")).toBe("Bearer upstream-token");
+    // When auth is not required, gateway still mints a JWT service token for the runtime
+    expect(capturedHeaders!.get("authorization")).toMatch(/^Bearer ey/);
   });
 
-  test("replaces client authorization with configured bearer token for upstream", async () => {
+  test("replaces client authorization with JWT token for upstream", async () => {
     let capturedHeaders: Headers | undefined;
     fetchMock = mock(async (_input: string | URL | Request, init?: RequestInit) => {
       capturedHeaders = init?.headers as unknown as Headers;
@@ -254,7 +259,7 @@ describe("runtime proxy handler", () => {
     });
     await handler(req);
 
-    expect(capturedHeaders!.get("authorization")).toBe("Bearer daemon-token");
+    expect(capturedHeaders!.get("authorization")).toMatch(/^Bearer ey/);
   });
 
   test("truncates long upstream error bodies in logs", async () => {
@@ -397,48 +402,4 @@ describe("runtime proxy handler", () => {
       expect(fetchCalls.length).toBe(1);
     });
   });
-
-  // ── Gateway-origin header on proxied requests ────────────────────────
-
-  describe("gateway-origin header", () => {
-    test("sets X-Gateway-Origin header when runtimeBearerToken is configured", async () => {
-      let capturedHeaders: Headers | undefined;
-      fetchMock = mock(async (_input: string | URL | Request, init?: RequestInit) => {
-        capturedHeaders = init?.headers as unknown as Headers;
-        return new Response("ok", { status: 200 });
-      });
-
-      const handler = createRuntimeProxyHandler(
-        makeConfig({}),
-      );
-      const req = new Request("http://localhost:7830/v1/channels/inbound", {
-        method: "POST",
-        headers: { "content-type": "application/json" },
-        body: JSON.stringify({ message: "hello" }),
-      });
-      await handler(req);
-
-      expect(capturedHeaders!.get("x-gateway-origin")).toBe("runtime-secret");
-    });
-
-    test("does not set X-Gateway-Origin header when no runtimeBearerToken", async () => {
-      let capturedHeaders: Headers | undefined;
-      fetchMock = mock(async (_input: string | URL | Request, init?: RequestInit) => {
-        capturedHeaders = init?.headers as unknown as Headers;
-        return new Response("ok", { status: 200 });
-      });
-
-      const handler = createRuntimeProxyHandler(
-        makeConfig({}),
-      );
-      const req = new Request("http://localhost:7830/v1/channels/inbound", {
-        method: "POST",
-        headers: { "content-type": "application/json" },
-        body: JSON.stringify({ message: "hello" }),
-      });
-      await handler(req);
-
-      expect(capturedHeaders!.has("x-gateway-origin")).toBe(false);
-    });
-  });
 });

package/src/__tests__/slack-deliver.test.ts

@@ -57,8 +57,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
   return merged;
 }
 
-const TOKEN = "test-deliver-token";
-
 function makeRequest(
   body: unknown,
   headers?: Record<string, string>,

package/src/__tests__/telegram-control-plane-proxy.test.ts

@@ -1,5 +1,9 @@
 import { describe, test, expect, mock, afterEach } from "bun:test";
 import type { GatewayConfig } from "../config.js";
+import { initSigningKey } from "../auth/token-service.js";
+
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
 
 type FetchFn = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
 let fetchMock: ReturnType<typeof mock<FetchFn>> = mock(async () => new Response());
@@ -101,7 +105,7 @@ describe("telegram control-plane proxy", () => {
     ]);
   });
 
-  test("replaces caller auth with runtime auth and forwards gateway-origin proof", async () => {
+  test("replaces caller auth with runtime auth", async () => {
     let capturedHeaders: Headers | undefined;
     fetchMock = mock(async (_input: string | URL | Request, init?: RequestInit) => {
       capturedHeaders = init?.headers as unknown as Headers;
@@ -122,8 +126,7 @@ describe("telegram control-plane proxy", () => {
     );
 
     expect(res.status).toBe(200);
-    expect(capturedHeaders?.get("authorization")).toBe("Bearer runtime-token");
-    expect(capturedHeaders?.get("X-Gateway-Origin")).toBe("gateway-origin");
+    expect(capturedHeaders?.get("authorization")).toMatch(/^Bearer ey/);
     expect(capturedHeaders?.has("host")).toBe(false);
   });
 

package/src/__tests__/telegram-deliver-auth.test.ts

@@ -1,5 +1,10 @@
 import { describe, test, expect, mock, afterEach } from "bun:test";
 import type { GatewayConfig } from "../config.js";
+import { initSigningKey, mintToken } from "../auth/token-service.js";
+import { CURRENT_POLICY_EPOCH } from "../auth/policy.js";
+
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
 
 type FetchFn = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
 let fetchMock: ReturnType<typeof mock<FetchFn>> = mock(async () => new Response());
@@ -10,7 +15,18 @@ mock.module("../fetch.js", () => ({
 
 const { createTelegramDeliverHandler } = await import("../http/routes/telegram-deliver.js");
 
-const TOKEN = "test-deliver-token";
+/** Mint a valid daemon JWT for deliver auth. */
+function mintDeliverToken(): string {
+  return mintToken({
+    aud: 'vellum-daemon',
+    sub: 'svc:gateway:self',
+    scope_profile: 'gateway_service_v1',
+    policy_epoch: CURRENT_POLICY_EPOCH,
+    ttlSeconds: 300,
+  });
+}
+
+const TOKEN = mintDeliverToken();
 
 function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
   const merged: GatewayConfig = {
@@ -354,22 +370,6 @@ describe("/deliver/telegram bearer auth enforcement", () => {
     expect(body.ok).toBe(true);
   });
 
-  test("returns 503 when no token is configured and bypass is not set", async () => {
-    const handler = createTelegramDeliverHandler(
-      makeConfig({}),
-    );
-    const req = new Request("http://localhost:7830/deliver/telegram", {
-      method: "POST",
-      headers: { "content-type": "application/json" },
-      body: JSON.stringify({ chatId: "123", text: "hello" }),
-    });
-    const res = await handler(req);
-
-    expect(res.status).toBe(503);
-    const body = await res.json();
-    expect(body.error).toBe("Service not configured: bearer token required");
-  });
-
   test("allows unauthenticated access when bypass flag is set and no token configured", async () => {
     mockTelegramApi();
     const handler = createTelegramDeliverHandler(
@@ -387,23 +387,6 @@ describe("/deliver/telegram bearer auth enforcement", () => {
     expect(body.ok).toBe(true);
   });
 
-  test("bypass flag is ignored when a bearer token is configured (auth still required)", async () => {
-    const handler = createTelegramDeliverHandler(
-      makeConfig({ telegramDeliverAuthBypass: true }),
-    );
-    const req = new Request("http://localhost:7830/deliver/telegram", {
-      method: "POST",
-      headers: { "content-type": "application/json" },
-      body: JSON.stringify({ chatId: "123", text: "hello" }),
-    });
-    const res = await handler(req);
-
-    // Token is configured, so missing Authorization header is still rejected
-    expect(res.status).toBe(401);
-    const body = await res.json();
-    expect(body.error).toBe("Unauthorized");
-  });
-
   test("still rejects non-POST methods before auth check", async () => {
     const handler = createTelegramDeliverHandler(makeConfig());
     const req = new Request("http://localhost:7830/deliver/telegram", {

package/src/__tests__/telegram-reconcile-route.test.ts

@@ -1,5 +1,23 @@
 import { describe, test, expect, beforeEach, afterEach, mock } from "bun:test";
 import type { GatewayConfig } from "../config.js";
+import { initSigningKey, mintToken } from "../auth/token-service.js";
+import { CURRENT_POLICY_EPOCH } from "../auth/policy.js";
+
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
+
+/** Mint a valid daemon JWT for reconcile auth. */
+function mintDaemonToken(): string {
+  return mintToken({
+    aud: 'vellum-daemon',
+    sub: 'svc:gateway:self',
+    scope_profile: 'gateway_service_v1',
+    policy_epoch: CURRENT_POLICY_EPOCH,
+    ttlSeconds: 300,
+  });
+}
+
+const TOKEN = mintDaemonToken();
 
 type FetchFn = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
 let fetchMock: ReturnType<typeof mock<FetchFn>> = mock(async () => new Response());
@@ -125,15 +143,6 @@ describe("POST /internal/telegram/reconcile", () => {
     expect(res.status).toBe(405);
   });
 
-  test("returns 503 when no bearer token is configured", async () => {
-    const config = makeConfig({});
-    const handler = createTelegramReconcileHandler(config);
-    const res = await handler(makeRequest("POST", "any-token"));
-    expect(res.status).toBe(503);
-    const body = await res.json();
-    expect(body.error).toContain("bearer token required");
-  });
-
   test("returns 401 for missing auth header", async () => {
     const config = makeConfig();
     const handler = createTelegramReconcileHandler(config);
@@ -151,7 +160,7 @@ describe("POST /internal/telegram/reconcile", () => {
   test("triggers reconcile with correct auth", async () => {
     const config = makeConfig();
     const handler = createTelegramReconcileHandler(config);
-    const res = await handler(makeRequest("POST", "test-token"));
+    const res = await handler(makeRequest("POST", TOKEN));
     expect(res.status).toBe(200);
     const body = await res.json();
     expect(body.ok).toBe(true);
@@ -163,7 +172,7 @@ describe("POST /internal/telegram/reconcile", () => {
     const config = makeConfig({ ingressPublicBaseUrl: "https://old.example.com" });
     const handler = createTelegramReconcileHandler(config);
     const res = await handler(
-      makeRequest("POST", "test-token", {
+      makeRequest("POST", TOKEN, {
         ingressPublicBaseUrl: "https://new.example.com/",
       }),
     );
@@ -176,7 +185,7 @@ describe("POST /internal/telegram/reconcile", () => {
     const config = makeConfig({ ingressPublicBaseUrl: "https://old.example.com" });
     const handler = createTelegramReconcileHandler(config);
     const res = await handler(
-      makeRequest("POST", "test-token", {
+      makeRequest("POST", TOKEN, {
         ingressPublicBaseUrl: "",
       }),
     );
@@ -190,7 +199,7 @@ describe("POST /internal/telegram/reconcile", () => {
     const req = new Request("http://localhost:7830/internal/telegram/reconcile", {
       method: "POST",
       headers: {
-        authorization: "Bearer test-token",
+        authorization: `Bearer ${TOKEN}`,
       },
     });
     const res = await handler(req);
@@ -204,7 +213,7 @@ describe("POST /internal/telegram/reconcile", () => {
     });
     const config = makeConfig();
     const handler = createTelegramReconcileHandler(config);
-    const res = await handler(makeRequest("POST", "test-token"));
+    const res = await handler(makeRequest("POST", TOKEN));
     expect(res.status).toBe(502);
     const body = await res.json();
     expect(body.error).toBe("Reconciliation failed");
@@ -216,7 +225,7 @@ describe("POST /internal/telegram/reconcile", () => {
     const req = new Request("http://localhost:7830/internal/telegram/reconcile", {
       method: "POST",
       headers: {
-        authorization: "Bearer test-token",
+        authorization: `Bearer ${TOKEN}`,
         "content-type": "application/json",
       },
       body: "not-json{",
@@ -263,12 +272,12 @@ describe("POST /internal/telegram/reconcile", () => {
     // is still running, leaving Telegram pointed at the first URL.
     const [res1, res2] = await Promise.all([
       handler(
-        makeRequest("POST", "test-token", {
+        makeRequest("POST", TOKEN, {
           ingressPublicBaseUrl: "https://first.com",
         }),
       ),
       handler(
-        makeRequest("POST", "test-token", {
+        makeRequest("POST", TOKEN, {
           ingressPublicBaseUrl: "https://second.com",
         }),
       ),

package/src/__tests__/telegram-send-attachments.test.ts

@@ -1,6 +1,10 @@
 import { describe, test, expect, mock, afterEach } from "bun:test";
 import type { RuntimeAttachmentMeta } from "../runtime/client.js";
 import type { GatewayConfig } from "../config.js";
+import { initSigningKey } from "../auth/token-service.js";
+
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
 
 type FetchFn = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
 let fetchMock: ReturnType<typeof mock<FetchFn>> = mock(async () => new Response());

package/src/__tests__/telegram-webhook-handler.test.ts

@@ -1,5 +1,9 @@
 import { describe, test, expect, mock, afterEach, beforeEach } from "bun:test";
 import type { GatewayConfig } from "../config.js";
+import { initSigningKey } from "../auth/token-service.js";
+
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
 
 type FetchFn = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
 let fetchMock: ReturnType<typeof mock<FetchFn>> = mock(async () => new Response());
@@ -557,41 +561,3 @@ describe("telegram webhook handler: callback_query forwarding", () => {
   });
 });
 
-describe("telegram webhook handler: gateway-origin marker", () => {
-  test("forwards X-Gateway-Origin header when runtimeBearerToken is configured", async () => {
-    const bearerToken = "secret-runtime-token";
-    const config = makeConfig({
-      routingEntries: [{ type: "conversation_id", key: "12345", assistantId: "assistant-a" }],
-    });
-    installFetchMock();
-    const { handler } = createTelegramWebhookHandler(config);
-
-    const payload = makeTelegramPayload("hello", 8001);
-    const req = makeWebhookRequest(payload);
-    const res = await handler(req);
-
-    expect(res.status).toBe(200);
-
-    const runtimeCall = fetchCalls.find((c) => c.url.includes("/inbound"));
-    expect(runtimeCall).toBeDefined();
-    expect(runtimeCall!.headers?.["x-gateway-origin"]).toBe(bearerToken);
-  });
-
-  test("does not include X-Gateway-Origin header when no runtimeBearerToken", async () => {
-    const config = makeConfig({
-      routingEntries: [{ type: "conversation_id", key: "12345", assistantId: "assistant-a" }],
-    });
-    installFetchMock();
-    const { handler } = createTelegramWebhookHandler(config);
-
-    const payload = makeTelegramPayload("hello", 8002);
-    const req = makeWebhookRequest(payload);
-    const res = await handler(req);
-
-    expect(res.status).toBe(200);
-
-    const runtimeCall = fetchCalls.find((c) => c.url.includes("/inbound"));
-    expect(runtimeCall).toBeDefined();
-    expect(runtimeCall!.headers?.["x-gateway-origin"]).toBeUndefined();
-  });
-});

package/src/__tests__/twilio-webhooks.test.ts

@@ -1,6 +1,10 @@
 import { describe, test, expect, mock, afterEach } from "bun:test";
 import { createHmac } from "node:crypto";
 import type { GatewayConfig } from "../config.js";
+import { initSigningKey } from "../auth/token-service.js";
+
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
 
 type FetchFn = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
 let fetchMock: ReturnType<typeof mock<FetchFn>> = mock(async () => new Response());

package/src/auth/scopes.ts

@@ -42,6 +42,9 @@ const PROFILE_SCOPES: Record<ScopeProfile, ReadonlySet<Scope>> = {
   ipc_v1: new Set<Scope>([
     'ipc.all',
   ]),
+  ui_page_v1: new Set<Scope>([
+    'settings.read',
+  ]),
 };
 
 // ---------------------------------------------------------------------------

package/src/auth/types.ts

@@ -13,7 +13,8 @@ export type ScopeProfile =
   | 'actor_client_v1'
   | 'gateway_ingress_v1'
   | 'gateway_service_v1'
-  | 'ipc_v1';
+  | 'ipc_v1'
+  | 'ui_page_v1';
 
 // ---------------------------------------------------------------------------
 // Individual scope strings

package/src/http/routes/sms-deliver.test.ts

@@ -1,5 +1,10 @@
 import { describe, it, expect, mock, afterEach } from "bun:test";
 import type { GatewayConfig } from "../../config.js";
+import { initSigningKey, mintToken } from "../../auth/token-service.js";
+import { CURRENT_POLICY_EPOCH } from "../../auth/policy.js";
+
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
 
 type FetchFn = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
 let fetchMock: ReturnType<typeof mock<FetchFn>> = mock(async () => new Response());
@@ -12,7 +17,18 @@ const { createSmsDeliverHandler } = await import("./sms-deliver.js");
 
 // --- Helpers ---------------------------------------------------------------
 
-const TOKEN = "test-deliver-token";
+/** Mint a valid daemon JWT for deliver auth. */
+function mintDeliverToken(): string {
+  return mintToken({
+    aud: 'vellum-daemon',
+    sub: 'svc:gateway:self',
+    scope_profile: 'gateway_service_v1',
+    policy_epoch: CURRENT_POLICY_EPOCH,
+    ttlSeconds: 300,
+  });
+}
+
+const TOKEN = mintDeliverToken();
 
 function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
   const merged: GatewayConfig = {
@@ -97,17 +113,6 @@ describe("/deliver/sms", () => {
     expect(res.status).toBe(405);
   });
 
-  it("rejects when no bearer token and bypass not set with 503", async () => {
-    const handler = createSmsDeliverHandler(
-      makeConfig({}),
-    );
-    const req = makeRequest({ to: "+15559876543", text: "hello" });
-    const res = await handler(req);
-    expect(res.status).toBe(503);
-    const body = await res.json();
-    expect(body.error).toBe("Service not configured: bearer token required");
-  });
-
   it("rejects request without Authorization header with 401", async () => {
     const handler = createSmsDeliverHandler(makeConfig());
     const req = makeRequest({ to: "+15559876543", text: "hello" });

package/src/http/routes/telegram-deliver.test.ts

@@ -1,7 +1,12 @@
 import { describe, it, expect, mock, beforeEach } from "bun:test";
 import type { GatewayConfig } from "../../config.js";
+import { initSigningKey, mintToken } from "../../auth/token-service.js";
+import { CURRENT_POLICY_EPOCH } from "../../auth/policy.js";
 import { createTelegramDeliverHandler } from "./telegram-deliver.js";
 
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
+
 // ---- Mocks ----
 
 // Track calls to sendTelegramReply so we can assert on approval passthrough.
@@ -68,7 +73,18 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
   return merged;
 }
 
-const TOKEN = "test-deliver-token";
+/** Mint a valid daemon JWT for deliver auth. */
+function mintDeliverToken(): string {
+  return mintToken({
+    aud: 'vellum-daemon',
+    sub: 'svc:gateway:self',
+    scope_profile: 'gateway_service_v1',
+    policy_epoch: CURRENT_POLICY_EPOCH,
+    ttlSeconds: 300,
+  });
+}
+
+const TOKEN = mintDeliverToken();
 
 function makeRequest(body: unknown, headers?: Record<string, string>): Request {
   return new Request("http://localhost:7830/deliver/telegram", {
@@ -97,17 +113,6 @@ describe("telegram-deliver endpoint basics", () => {
     expect(body.error).toBe("Method not allowed");
   });
 
-  it("rejects when no bearer token and bypass not set with 503", async () => {
-    const handler = createTelegramDeliverHandler(
-      makeConfig({ telegramDeliverAuthBypass: false }),
-    );
-    const req = makeRequest({ chatId: "123", text: "hello" });
-    const res = await handler(req);
-    expect(res.status).toBe(503);
-    const body = await res.json();
-    expect(body.error).toBe("Service not configured: bearer token required");
-  });
-
   it("rejects request without Authorization header with 401", async () => {
     const handler = createTelegramDeliverHandler(
       makeConfig({ telegramDeliverAuthBypass: false }),

package/src/http/routes/whatsapp-deliver.test.ts

@@ -1,5 +1,10 @@
 import { describe, it, expect, mock, beforeEach } from "bun:test";
 import type { GatewayConfig } from "../../config.js";
+import { initSigningKey, mintToken } from "../../auth/token-service.js";
+import { CURRENT_POLICY_EPOCH } from "../../auth/policy.js";
+
+const TEST_SIGNING_KEY = Buffer.from('test-signing-key-at-least-32-bytes-long');
+initSigningKey(TEST_SIGNING_KEY);
 
 // ---- Mocks ----
 
@@ -16,7 +21,18 @@ const { createWhatsAppDeliverHandler } = await import("./whatsapp-deliver.js");
 
 // ---- Helpers ----
 
-const TOKEN = "test-deliver-token";
+/** Mint a valid daemon JWT for deliver auth. */
+function mintDeliverToken(): string {
+  return mintToken({
+    aud: 'vellum-daemon',
+    sub: 'svc:gateway:self',
+    scope_profile: 'gateway_service_v1',
+    policy_epoch: CURRENT_POLICY_EPOCH,
+    ttlSeconds: 300,
+  });
+}
+
+const TOKEN = mintDeliverToken();
 
 function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
   const merged: GatewayConfig = {
@@ -94,22 +110,9 @@ describe("/deliver/whatsapp", () => {
     expect(body.error).toBe("Method not allowed");
   });
 
-  it("rejects when no bearer token and bypass not set with 503", async () => {
-    const handler = createWhatsAppDeliverHandler(
-      makeConfig({
-        whatsappDeliverAuthBypass: false,
-      }),
-    );
-    const req = makeRequest({ to: "+15559876543", text: "hello" });
-    const res = await handler(req);
-    expect(res.status).toBe(503);
-    const body = await res.json();
-    expect(body.error).toBe("Service not configured: bearer token required");
-  });
-
   it("rejects request without Authorization header with 401", async () => {
     const handler = createWhatsAppDeliverHandler(
-      makeConfig({}),
+      makeConfig({ whatsappDeliverAuthBypass: false }),
     );
     const req = makeRequest({ to: "+15559876543", text: "hello" });
     const res = await handler(req);
@@ -120,7 +123,7 @@ describe("/deliver/whatsapp", () => {
 
   it("rejects request with wrong bearer token with 401", async () => {
     const handler = createWhatsAppDeliverHandler(
-      makeConfig({}),
+      makeConfig({ whatsappDeliverAuthBypass: false }),
     );
     const req = makeRequest({ to: "+15559876543", text: "hello" }, {
       authorization: "Bearer wrong-token",
@@ -133,7 +136,7 @@ describe("/deliver/whatsapp", () => {
 
   it("accepts request with correct bearer token", async () => {
     const handler = createWhatsAppDeliverHandler(
-      makeConfig({}),
+      makeConfig({ whatsappDeliverAuthBypass: false }),
     );
     const req = makeRequest({ to: "+15559876543", text: "hello" }, {
       authorization: `Bearer ${TOKEN}`,

package/src/index.ts

@@ -2,12 +2,12 @@ process.title = "vellum-gateway";
 
 import { randomBytes } from "node:crypto";
 import { AuthRateLimiter } from "./auth-rate-limiter.js";
-import { loadOrCreateSigningKey, initSigningKey, verifyToken } from "./auth/token-service.js";
+import { loadOrCreateSigningKey, initSigningKey } from "./auth/token-service.js";
 import { validateEdgeToken } from "./auth/token-exchange.js";
 import { resolveScopeProfile } from "./auth/scopes.js";
 import type { Scope } from "./auth/types.js";
 import { ConfigFileWatcher } from "./config-file-watcher.js";
-import { loadConfig, isSlackChannelConfigured, type GatewayConfig } from "./config.js";
+import { loadConfig, isSlackChannelConfigured } from "./config.js";
 import { CredentialWatcher } from "./credential-watcher.js";
 import { createRuntimeProxyHandler } from "./http/routes/runtime-proxy.js";
 import {