1  /**
 2   * Shared bridge auth/URL resolution. Consolidates the ant-only
 3   * CLAUDE_BRIDGE_* dev overrides that were previously copy-pasted across
 4   * a dozen files — inboundAttachments, BriefTool/upload, bridgeMain,
 5   * initReplBridge, remoteBridgeCore, daemon workers, /rename,
 6   * /remote-control.
 7   *
 8   * Two layers: *Override() returns the ant-only env var (or undefined);
 9   * the non-Override versions fall through to the real OAuth store/config.
10   * Callers that compose with a different auth source (e.g. daemon workers
11   * using IPC auth) use the Override getters directly.
12   */
13  
14  import { getOauthConfig } from '../constants/oauth.js'
15  import { getClaudeAIOAuthTokens } from '../utils/auth.js'
16  
17  /** Ant-only dev override: CLAUDE_BRIDGE_OAUTH_TOKEN, else undefined. */
18  export function getBridgeTokenOverride(): string | undefined {
19    return (
20      (process.env.USER_TYPE === 'ant' &&
21        process.env.CLAUDE_BRIDGE_OAUTH_TOKEN) ||
22      undefined
23    )
24  }
25  
26  /** Ant-only dev override: CLAUDE_BRIDGE_BASE_URL, else undefined. */
27  export function getBridgeBaseUrlOverride(): string | undefined {
28    return (
29      (process.env.USER_TYPE === 'ant' && process.env.CLAUDE_BRIDGE_BASE_URL) ||
30      undefined
31    )
32  }
33  
34  /**
35   * Access token for bridge API calls: dev override first, then the OAuth
36   * keychain. Undefined means "not logged in".
37   */
38  export function getBridgeAccessToken(): string | undefined {
39    return getBridgeTokenOverride() ?? getClaudeAIOAuthTokens()?.accessToken
40  }
41  
42  /**
43   * Base URL for bridge API calls: dev override first, then the production
44   * OAuth config. Always returns a URL.
45   */
46  export function getBridgeBaseUrl(): string {
47    return getBridgeBaseUrlOverride() ?? getOauthConfig().BASE_API_URL
48  }