( options?: InitBridgeOptions, )
| 108 | } |
| 109 | |
| 110 | export async function initReplBridge( |
| 111 | options?: InitBridgeOptions, |
| 112 | ): Promise<ReplBridgeHandle | null> { |
| 113 | const { |
| 114 | onInboundMessage, |
| 115 | onPermissionResponse, |
| 116 | onInterrupt, |
| 117 | onSetModel, |
| 118 | onSetMaxThinkingTokens, |
| 119 | onSetPermissionMode, |
| 120 | onStateChange, |
| 121 | initialMessages, |
| 122 | getMessages, |
| 123 | previouslyFlushedUUIDs, |
| 124 | initialName, |
| 125 | perpetual, |
| 126 | outboundOnly, |
| 127 | tags, |
| 128 | } = options ?? {} |
| 129 | |
| 130 | // Wire the cse_ shim kill switch so toCompatSessionId respects the |
| 131 | // GrowthBook gate. Daemon/SDK paths skip this — shim defaults to active. |
| 132 | setCseShimGate(isCseShimEnabled) |
| 133 | |
| 134 | // 1. Runtime gate |
| 135 | if (!(await isBridgeEnabledBlocking())) { |
| 136 | logBridgeSkip('not_enabled', '[bridge:repl] Skipping: bridge not enabled') |
| 137 | return null |
| 138 | } |
| 139 | |
| 140 | // 1b. Minimum version check — deferred to after the v1/v2 branch below, |
| 141 | // since each implementation has its own floor (ncode_bridge_min_version |
| 142 | // for v1, ncode_bridge_repl_v2_config.min_version for v2). |
| 143 | |
| 144 | const bridgeTokenOverride = getBridgeTokenOverride() |
| 145 | const initialSession = getAuthRuntime().getCurrentSession() |
| 146 | |
| 147 | // 2. Check managed remote auth. Runs before the |
| 148 | // policy check so console-auth users get the actionable "/login" hint |
| 149 | // instead of a misleading policy error from a stale/wrong-org cache. |
| 150 | if ( |
| 151 | !hasManagedRemoteBootstrapAuth({ |
| 152 | accessTokenOverride: bridgeTokenOverride, |
| 153 | session: initialSession, |
| 154 | }) |
| 155 | ) { |
| 156 | logBridgeSkip('no_oauth', '[bridge:repl] Skipping: no OAuth tokens') |
| 157 | onStateChange?.('failed', '/login') |
| 158 | return null |
| 159 | } |
| 160 | |
| 161 | // 3. Check organization policy — remote control may be disabled |
| 162 | await waitForPolicyLimitsToLoad() |
| 163 | if (!isPolicyAllowed('allow_remote_control')) { |
| 164 | logBridgeSkip( |
| 165 | 'policy_denied', |
| 166 | '[bridge:repl] Skipping: allow_remote_control policy not allowed', |
| 167 | ) |
no test coverage detected