From 67dabdd247c42808d636269edb9d7f6d6c34ae91 Mon Sep 17 00:00:00 2001
From: Travis Vachon <travis.vachon@gmail.com>
Date: Tue, 27 Jan 2026 16:54:02 -0800
Subject: [PATCH] fix: remove bridge

the http bridge is no longer supported
---
 packages/cli/README.md        | 13 -------
 packages/cli/bin.js           | 15 --------
 packages/cli/bridge.js        | 68 -----------------------------------
 packages/cli/index.js         |  1 -
 packages/cli/test/bin.spec.js | 11 ------
 5 files changed, 108 deletions(-)
 delete mode 100644 packages/cli/bridge.js

diff --git a/packages/cli/README.md b/packages/cli/README.md
index bc6944cce..1ed185f49 100644
--- a/packages/cli/README.md
+++ b/packages/cli/README.md
@@ -58,8 +58,6 @@ storacha up recipies.txt
   - [`storacha proof ls`](#storacha-proof-ls)
 - Key management
   - [`storacha key create`](#storacha-key-create)
-- UCAN-HTTP Bridge
-  - [`storacha bridge generate-tokens`](#storacha-bridge-generate-tokens)
 - Advanced usage
   - [`storacha can blob add`](#storacha-can-blob-add-path)
   - [`storacha can blob ls`](#storacha-can-blob-ls)
@@ -216,17 +214,6 @@ Print a new key pair. Does not change your current signing key
 
 - `--json` Export as dag-json
 
-### `storacha bridge generate-tokens`
-
-Generate tokens that can be used as the `X-Auth-Secret` and `Authorization` headers required to use the UCAN-HTTP bridge.
-
-See the [UCAN Bridge specification](https://github.com/storacha/specs/blob/main/w3-ucan-bridge.md) for more information
-on how these are expected to be used.
-
-- `--can` One or more abilities to delegate.
-- `--expiration` Unix timestamp (in seconds) when the delegation is no longer valid. Zero indicates no expiration.
-- `--json` If set, output JSON suitable to splat into the `headers` field of a `fetch` request.
-
 ### `storacha can blob add [path]`
 
 Store a blob file to the service.
diff --git a/packages/cli/bin.js b/packages/cli/bin.js
index 31b7ce386..7ea268a03 100755
--- a/packages/cli/bin.js
+++ b/packages/cli/bin.js
@@ -8,7 +8,6 @@ import {
   Account,
   Space,
   Coupon,
-  Bridge,
   accessClaim,
   addSpace,
   listSpaces,
@@ -342,20 +341,6 @@ cli
   )
   .action(Coupon.issue)
 
-cli
-  .command('bridge generate-tokens <did>')
-  .option('-c, --can', 'One or more abilities to delegate.')
-  .option(
-    '-e, --expiration',
-    'Unix timestamp (in seconds) when the delegation is no longer valid. Zero indicates no expiration.',
-    0
-  )
-  .option(
-    '-j, --json',
-    'If set, output JSON suitable to spread into the `headers` field of a `fetch` request.'
-  )
-  .action(Bridge.generateTokens)
-
 cli
   .command('delegation create <audience-did>')
   .describe(
diff --git a/packages/cli/bridge.js b/packages/cli/bridge.js
deleted file mode 100644
index f3df16c32..000000000
--- a/packages/cli/bridge.js
+++ /dev/null
@@ -1,68 +0,0 @@
-import * as DID from '@ipld/dag-ucan/did'
-import * as Account from './account.js'
-import * as Space from './space.js'
-import { getClient } from './lib.js'
-import * as ucanto from '@ucanto/core'
-import { base64url } from 'multiformats/bases/base64'
-import cryptoRandomString from 'crypto-random-string'
-
-export { Account, Space }
-
-/**
- * @typedef {object} BridgeGenerateTokensOptions
- * @property {string} resource
- * @property {string[]|string} [can]
- * @property {number} [expiration]
- * @property {boolean} [json]
- *
- * @param {string} resource
- * @param {BridgeGenerateTokensOptions} options
- */
-export const generateTokens = async (
-  resource,
-  { can = ['store/add', 'upload/add'], expiration, json }
-) => {
-  const client = await getClient()
-
-  const resourceDID = DID.parse(resource)
-  const abilities = can ? [can].flat() : []
-  if (!abilities.length) {
-    console.error('Error: missing capabilities for delegation')
-    process.exit(1)
-  }
-
-  const capabilities = /** @type {ucanto.API.Capabilities} */ (
-    abilities.map((can) => ({ can, with: resourceDID.did() }))
-  )
-
-  const password = cryptoRandomString({ length: 32 })
-
-  const coupon = await client.coupon.issue({
-    capabilities,
-    expiration: expiration === 0 ? Infinity : expiration,
-    password,
-  })
-
-  const { ok: bytes, error } = await coupon.archive()
-  if (!bytes) {
-    console.error(error)
-    return process.exit(1)
-  }
-  const xAuthSecret = base64url.encode(new TextEncoder().encode(password))
-  const authorization = base64url.encode(bytes)
-
-  if (json) {
-    console.log(
-      JSON.stringify({
-        'X-Auth-Secret': xAuthSecret,
-        Authorization: authorization,
-      })
-    )
-  } else {
-    console.log(`
-X-Auth-Secret header: ${xAuthSecret}  
-
-Authorization header: ${authorization}
-    `)
-  }
-}
diff --git a/packages/cli/index.js b/packages/cli/index.js
index 1e5d3a1f7..b26aeba69 100644
--- a/packages/cli/index.js
+++ b/packages/cli/index.js
@@ -31,7 +31,6 @@ import * as ucanto from '@ucanto/core'
 import { ed25519 } from '@ucanto/principal'
 import chalk from 'chalk'
 export * as Coupon from './coupon.js'
-export * as Bridge from './bridge.js'
 export { Account, Space }
 import ago from 's-ago'
 
diff --git a/packages/cli/test/bin.spec.js b/packages/cli/test/bin.spec.js
index 93d112e2f..30a0c7ffc 100644
--- a/packages/cli/test/bin.spec.js
+++ b/packages/cli/test/bin.spec.js
@@ -1466,17 +1466,6 @@ export const testKey = {
   }),
 }
 
-export const testBridge = {
-  'storacha bridge generate-tokens': test(async (assert, context) => {
-    const spaceDID = await loginAndCreateSpace(context)
-    const res = await storacha
-      .args(['bridge', 'generate-tokens', spaceDID])
-      .join()
-    assert.match(res.output, /X-Auth-Secret header: u/)
-    assert.match(res.output, /Authorization header: u/)
-  }),
-}
-
 /**
  * @param {Test.Context} context
  * @param {object} options