refactor: remove bridge protocol

src/config/config.legacy-config-detection.rejects-routing-allowfrom.test.ts

@@ -218,17 +218,14 @@ describe("legacy config detection", () => {
     expect(res.config?.gateway?.auth?.mode).toBe("token");
     expect((res.config?.gateway as { token?: string })?.token).toBeUndefined();
   });
-  it("migrates gateway.bind and bridge.bind from 'tailnet' to 'auto'", async () => {
+  it("migrates gateway.bind from 'tailnet' to 'auto'", async () => {
     vi.resetModules();
     const { migrateLegacyConfig } = await import("./config.js");
     const res = migrateLegacyConfig({
       gateway: { bind: "tailnet" as const },
-      bridge: { bind: "tailnet" as const },
     });
     expect(res.changes).toContain("Migrated gateway.bind from 'tailnet' to 'auto'.");
-    expect(res.changes).toContain("Migrated bridge.bind from 'tailnet' to 'auto'.");
     expect(res.config?.gateway?.bind).toBe("auto");
-    expect(res.config?.bridge?.bind).toBe("auto");
   });
   it('rejects telegram.dmPolicy="open" without allowFrom "*"', async () => {
     vi.resetModules();

src/config/legacy.migrations.part-3.ts

@@ -145,7 +145,7 @@ export const LEGACY_CONFIG_MIGRATIONS_PART_3: LegacyConfigMigration[] = [
   },
   {
     id: "bind-tailnet->auto",
-    describe: "Remap gateway/bridge bind 'tailnet' to 'auto'",
+    describe: "Remap gateway bind 'tailnet' to 'auto'",
     apply: (raw, changes) => {
       const migrateBind = (obj: Record<string, unknown> | null | undefined, key: string) => {
         if (!obj) return;
@@ -158,9 +158,6 @@ export const LEGACY_CONFIG_MIGRATIONS_PART_3: LegacyConfigMigration[] = [
 
       const gateway = getRecord(raw.gateway);
       migrateBind(gateway, "gateway");
-
-      const bridge = getRecord(raw.bridge);
-      migrateBind(bridge, "bridge");
     },
   },
 ];

src/config/types.clawdbot.ts

@@ -4,13 +4,7 @@ import type { LoggingConfig, SessionConfig, WebConfig } from "./types.base.js";
 import type { BrowserConfig } from "./types.browser.js";
 import type { ChannelsConfig } from "./types.channels.js";
 import type { CronConfig } from "./types.cron.js";
-import type {
-  BridgeConfig,
-  CanvasHostConfig,
-  DiscoveryConfig,
-  GatewayConfig,
-  TalkConfig,
-} from "./types.gateway.js";
+import type { CanvasHostConfig, DiscoveryConfig, GatewayConfig, TalkConfig } from "./types.gateway.js";
 import type { HooksConfig } from "./types.hooks.js";
 import type {
   AudioConfig,
@@ -81,7 +75,6 @@ export type ClawdbotConfig = {
   channels?: ChannelsConfig;
   cron?: CronConfig;
   hooks?: HooksConfig;
-  bridge?: BridgeConfig;
   discovery?: DiscoveryConfig;
   canvasHost?: CanvasHostConfig;
   talk?: TalkConfig;

src/config/types.gateway.ts

@@ -1,27 +1,13 @@
-export type BridgeBindMode = "auto" | "lan" | "loopback" | "custom";
+export type GatewayBindMode = "auto" | "lan" | "loopback" | "custom";
 
-export type BridgeConfig = {
-  enabled?: boolean;
-  port?: number;
-  /**
-   * Bind address policy for the node bridge server.
-   * - auto: Tailnet IPv4 if available, else 0.0.0.0 (fallback to all interfaces)
-   * - lan: 0.0.0.0 (all interfaces, no fallback)
-   * - loopback: 127.0.0.1 (local-only)
-   * - custom: User-specified IP, fallback to 0.0.0.0 if unavailable (requires customBindHost on gateway)
-   */
-  bind?: BridgeBindMode;
-  tls?: BridgeTlsConfig;
-};
-
-export type BridgeTlsConfig = {
-  /** Enable TLS for the node bridge server. */
+export type GatewayTlsConfig = {
+  /** Enable TLS for the gateway server. */
   enabled?: boolean;
   /** Auto-generate a self-signed cert if cert/key are missing (default: true). */
   autoGenerate?: boolean;
-  /** PEM certificate path for the bridge server. */
+  /** PEM certificate path for the gateway server. */
   certPath?: string;
-  /** PEM private key path for the bridge server. */
+  /** PEM private key path for the gateway server. */
   keyPath?: string;
   /** Optional PEM CA bundle for TLS clients (mTLS or custom roots). */
   caPath?: string;
@@ -127,7 +113,6 @@ export type GatewayHttpConfig = {
   endpoints?: GatewayHttpEndpointsConfig;
 };
 
-export type GatewayTlsConfig = BridgeTlsConfig;
 
 export type GatewayConfig = {
   /** Single multiplexed port for Gateway WS + HTTP (default: 18789). */
@@ -145,7 +130,7 @@ export type GatewayConfig = {
    * - custom: User-specified IP, fallback to 0.0.0.0 if unavailable (requires customBindHost)
    * Default: loopback (127.0.0.1).
    */
-  bind?: BridgeBindMode;
+  bind?: GatewayBindMode;
   /** Custom IP address for bind="custom" mode. Fallback: 0.0.0.0. */
   customBindHost?: string;
   controlUi?: GatewayControlUiConfig;

src/config/zod-schema.ts

@@ -195,26 +195,6 @@ export const ClawdbotSchema = z
       .strict()
       .optional(),
     channels: ChannelsSchema,
-    bridge: z
-      .object({
-        enabled: z.boolean().optional(),
-        port: z.number().int().positive().optional(),
-        bind: z
-          .union([z.literal("auto"), z.literal("lan"), z.literal("tailnet"), z.literal("loopback")])
-          .optional(),
-        tls: z
-          .object({
-            enabled: z.boolean().optional(),
-            autoGenerate: z.boolean().optional(),
-            certPath: z.string().optional(),
-            keyPath: z.string().optional(),
-            caPath: z.string().optional(),
-          })
-          .strict()
-          .optional(),
-      })
-      .strict()
-      .optional(),
     discovery: z
       .object({
         wideArea: z
@@ -251,7 +231,12 @@ export const ClawdbotSchema = z
         port: z.number().int().positive().optional(),
         mode: z.union([z.literal("local"), z.literal("remote")]).optional(),
         bind: z
-          .union([z.literal("auto"), z.literal("lan"), z.literal("tailnet"), z.literal("loopback")])
+          .union([
+            z.literal("auto"),
+            z.literal("lan"),
+            z.literal("loopback"),
+            z.literal("custom"),
+          ])
           .optional(),
         controlUi: z
           .object({