What's New in v0.3.0
This is a major feature release adding token authentication, Unix socket forwarding, Chrome for Claude integration, and daemon lifecycle commands.
Token Authentication
The control channel is now secured with a shared-secret token, preventing unauthorized container registrations.
- Random 64-character hex token generated automatically on first
dbr ensure/dbr host-daemon - Stored at
~/.config/dbr/auth-tokenwith0600permissions - Token resolution chain:
--auth-tokenflag >DCBRIDGE_AUTH_TOKENenv var >--auth-token-fileflag > default file - Disable with
--no-authfor local development/testing
Unix Socket Forwarding
Host-side Unix sockets can now be forwarded into containers, enabling tools like SSH agents, Chrome CDP, GPG agents, and Claude's Chrome extension to work transparently.
- Glob-based socket discovery via
watch_pathsin~/.config/dbr/config.toml - Automatic lifecycle tracking — sockets are forwarded when they appear and unforwarded when they disappear
- Mirror sockets created in containers with
0600permissions - Configurable scan interval, max forwards, and container path prefix
- No symlink following in scanner (
lstat) - CLI flag alternative:
--socket-watch-paths
Chrome for Claude in Devcontainers
Claude Code's "Chrome for Claude" MCP server can now communicate with the Chrome extension on the host through dbr's socket forwarding.
- Full technical deep-dive:
docs/claude-chrome-integration.md - Setup guide in the CLI Developer Guide
- Documents the
tengu_copper_bridgefeature flag workaround andclaude-chromeshell wrapper
dbr stop and dbr restart Commands
New daemon lifecycle commands for managing the host daemon:
dbr stop— sends a shutdown message to a running host daemondbr restart— stop + start in one command; useful after upgradingdbror resolving token mismatches
Other Improvements
dbr statusnow includes a Socket Forwards section showing active socket mappingsdbr ensurepasses auth flags (--no-auth,--auth-token,--auth-token-file) through to the spawned daemon- Devcontainer feature entrypoint updated for automatic auth token passing
- Security hardening: resource caps, message size limits, socket path allowlists, mirror socket permissions
- Comprehensive E2E test coverage for auth and socket forwarding
- Expanded documentation across README, CLI guide, security model, and CLAUDE.md
Installation
curl -fsSL https://github.com/bradleybeddoes/devcontainer-bridge/releases/latest/download/install.sh | bashPlatform Binaries
| Platform | Binary |
|---|---|
| macOS Apple Silicon | dbr-aarch64-apple-darwin |
| macOS Intel | dbr-x86_64-apple-darwin |
| Linux ARM64 | dbr-aarch64-unknown-linux-musl |
| Linux x86_64 | dbr-x86_64-unknown-linux-musl |
SHA256 checksums are provided for each binary.
Full Changelog: v0.2.0...v0.3.0