feat: activate BRIDGE_MODE with local bridge defaults

Minimal changes to 3 bridge files for local bridge server support:
- bridgeEnabled.ts: bypass OAuth subscriber check (local bridge needs
  no subscription), let _openBuildDefaults control runtime gates
- bridgeConfig.ts: add localhost:4080 fallback + default token
- initReplBridge.ts: skip org policy check when using token override

Author: Flo5k5

src/bridge/bridgeConfig.ts

@@ -1,11 +1,10 @@
 /**
- * Shared bridge auth/URL resolution. Consolidates the internal-only
- * CLAUDE_BRIDGE_* dev overrides that were previously copy-pasted across
- * a dozen files — inboundAttachments, BriefTool/upload, bridgeMain,
- * initReplBridge, remoteBridgeCore, daemon workers, /rename,
- * /remote-control.
+ * Shared bridge auth/URL resolution. Consolidates the CLAUDE_BRIDGE_*
+ * dev overrides that were previously copy-pasted across a dozen files —
+ * inboundAttachments, BriefTool/upload, bridgeMain, initReplBridge,
+ * remoteBridgeCore, daemon workers, /rename, /remote-control.
  *
- * Two layers: *Override() returns the internal-only env var (or undefined);
+ * Two layers: *Override() returns the dev env var (or undefined);
  * the non-Override versions fall through to the real OAuth store/config.
  * Callers that compose with a different auth source (e.g. daemon workers
  * using IPC auth) use the Override getters directly.
@@ -14,35 +13,36 @@
 import { getOauthConfig } from '../constants/oauth.js'
 import { getClaudeAIOAuthTokens } from '../utils/auth.js'
 
-/** Ant-only dev override: CLAUDE_BRIDGE_OAUTH_TOKEN, else undefined. */
+/** Dev override: CLAUDE_BRIDGE_OAUTH_TOKEN, else undefined. */
 export function getBridgeTokenOverride(): string | undefined {
-  return (
-    (process.env.USER_TYPE === 'ant' &&
-      process.env.CLAUDE_BRIDGE_OAUTH_TOKEN) ||
-    undefined
-  )
+  return process.env.CLAUDE_BRIDGE_OAUTH_TOKEN || undefined
 }
 
-/** Ant-only dev override: CLAUDE_BRIDGE_BASE_URL, else undefined. */
+/** Dev override: CLAUDE_BRIDGE_BASE_URL, else undefined. */
 export function getBridgeBaseUrlOverride(): string | undefined {
-  return (
-    (process.env.USER_TYPE === 'ant' && process.env.CLAUDE_BRIDGE_BASE_URL) ||
-    undefined
-  )
+  return process.env.CLAUDE_BRIDGE_BASE_URL || undefined
 }
 
 /**
- * Access token for bridge API calls: dev override first, then the OAuth
- * keychain. Undefined means "not logged in".
+ * Access token for bridge API calls: env override first, then OAuth
+ * keychain, then local bridge default token.
  */
 export function getBridgeAccessToken(): string | undefined {
-  return getBridgeTokenOverride() ?? getClaudeAIOAuthTokens()?.accessToken
+  return (
+    getBridgeTokenOverride() ??
+    getClaudeAIOAuthTokens()?.accessToken ??
+    'openclaude-local-bridge'
+  )
 }
 
 /**
- * Base URL for bridge API calls: dev override first, then the production
- * OAuth config. Always returns a URL.
+ * Base URL for bridge API calls: env override first, then OAuth config,
+ * then localhost default for the local bridge server.
  */
 export function getBridgeBaseUrl(): string {
-  return getBridgeBaseUrlOverride() ?? getOauthConfig().BASE_API_URL
+  return (
+    getBridgeBaseUrlOverride() ??
+    getOauthConfig()?.BASE_API_URL ??
+    'http://localhost:4080'
+  )
 }

src/bridge/bridgeEnabled.ts

@@ -26,12 +26,11 @@ import { lt } from '../utils/semver.js'
  * is only referenced when bridge mode is enabled at build time.
  */
 export function isBridgeEnabled(): boolean {
-  // Positive ternary pattern — see docs/feature-gating.md.
-  // Negative pattern (if (!feature(...)) return) does not eliminate
-  // inline string literals from external builds.
+  // Open build: bypass isClaudeAISubscriber() (no OAuth needed for local bridge).
+  // The tengu_ccr_bridge gate defaults to true via _openBuildDefaults in the
+  // GrowthBook stub — users can override with ~/.claude/feature-flags.json.
   return feature('BRIDGE_MODE')
-    ? isClaudeAISubscriber() &&
-        getFeatureValue_CACHED_MAY_BE_STALE('tengu_ccr_bridge', false)
+    ? getFeatureValue_CACHED_MAY_BE_STALE('tengu_ccr_bridge', false)
     : false
 }
 
@@ -48,9 +47,9 @@ export function isBridgeEnabled(): boolean {
  * `isBridgeEnabled()` instead.
  */
 export async function isBridgeEnabledBlocking(): Promise<boolean> {
+  // Open build: bypass isClaudeAISubscriber() — local bridge needs no OAuth.
   return feature('BRIDGE_MODE')
-    ? isClaudeAISubscriber() &&
-        (await checkGate_CACHED_OR_BLOCKING('tengu_ccr_bridge'))
+    ? (await checkGate_CACHED_OR_BLOCKING('tengu_ccr_bridge'))
     : false
 }
 
@@ -69,17 +68,10 @@ export async function isBridgeEnabledBlocking(): Promise<boolean> {
  */
 export async function getBridgeDisabledReason(): Promise<string | null> {
   if (feature('BRIDGE_MODE')) {
-    if (!isClaudeAISubscriber()) {
-      return 'Remote Control requires a claude.ai subscription. Run `claude auth login` to sign in with your claude.ai account.'
-    }
-    if (!hasProfileScope()) {
-      return 'Remote Control requires a full-scope login token. Long-lived tokens (from `claude setup-token` or CLAUDE_CODE_OAUTH_TOKEN) are limited to inference-only for security reasons. Run `claude auth login` to use Remote Control.'
-    }
-    if (!getOauthAccountInfo()?.organizationUuid) {
-      return 'Unable to determine your organization for Remote Control eligibility. Run `claude auth login` to refresh your account information.'
-    }
+    // Open build: skip OAuth/org checks (local bridge needs no subscription).
+    // Only check the GrowthBook gate which defaults to true via _openBuildDefaults.
     if (!(await checkGate_CACHED_OR_BLOCKING('tengu_ccr_bridge'))) {
-      return 'Remote Control is not yet enabled for your account.'
+      return 'Remote Control is disabled. Enable it with: echo \'{"tengu_ccr_bridge": true}\' > ~/.claude/feature-flags.json'
     }
     return null
   }
@@ -124,6 +116,7 @@ function getOauthAccountInfo(): ReturnType<
  * on the env-based implementation regardless of this gate.
  */
 export function isEnvLessBridgeEnabled(): boolean {
+  // Open build: defaults to true via _openBuildDefaults → forces v2 (env-less) path.
   return feature('BRIDGE_MODE')
     ? getFeatureValue_CACHED_MAY_BE_STALE('tengu_bridge_repl_v2', false)
     : false