v0.3.0

What's New in v0.3.0

This is a major feature release adding token authentication, Unix socket forwarding, Chrome for Claude integration, and daemon lifecycle commands.

Token Authentication

The control channel is now secured with a shared-secret token, preventing unauthorized container registrations.

• Random 64-character hex token generated automatically on first dbr ensure / dbr host-daemon
• Stored at ~/.config/dbr/auth-token with 0600 permissions
• Token resolution chain: --auth-token flag > DCBRIDGE_AUTH_TOKEN env var > --auth-token-file flag > default file
• Disable with --no-auth for local development/testing

Unix Socket Forwarding

Host-side Unix sockets can now be forwarded into containers, enabling tools like SSH agents, Chrome CDP, GPG agents, and Claude's Chrome extension to work transparently.

• Glob-based socket discovery via watch_paths in ~/.config/dbr/config.toml
• Automatic lifecycle tracking — sockets are forwarded when they appear and unforwarded when they disappear
• Mirror sockets created in containers with 0600 permissions
• Configurable scan interval, max forwards, and container path prefix
• No symlink following in scanner (lstat)
• CLI flag alternative: --socket-watch-paths

Chrome for Claude in Devcontainers

Claude Code's "Chrome for Claude" MCP server can now communicate with the Chrome extension on the host through dbr's socket forwarding.

• Full technical deep-dive: docs/claude-chrome-integration.md
• Setup guide in the CLI Developer Guide
• Documents the tengu_copper_bridge feature flag workaround and claude-chrome shell wrapper

dbr stop and dbr restart Commands

New daemon lifecycle commands for managing the host daemon:

• dbr stop — sends a shutdown message to a running host daemon
• dbr restart — stop + start in one command; useful after upgrading dbr or resolving token mismatches

Other Improvements

• dbr status now includes a Socket Forwards section showing active socket mappings
• dbr ensure passes auth flags (--no-auth, --auth-token, --auth-token-file) through to the spawned daemon
• Devcontainer feature entrypoint updated for automatic auth token passing
• Security hardening: resource caps, message size limits, socket path allowlists, mirror socket permissions
• Comprehensive E2E test coverage for auth and socket forwarding
• Expanded documentation across README, CLI guide, security model, and CLAUDE.md

Installation

curl -fsSL https://github.com/bradleybeddoes/devcontainer-bridge/releases/latest/download/install.sh | bash

Platform Binaries

Platform	Binary
macOS Apple Silicon	dbr-aarch64-apple-darwin
macOS Intel	dbr-x86_64-apple-darwin
Linux ARM64	dbr-aarch64-unknown-linux-musl
Linux x86_64	dbr-x86_64-unknown-linux-musl

SHA256 checksums are provided for each binary.

Full Changelog: v0.2.0...v0.3.0

v0.3.0-alpha.2

Full Changelog: v0.3.0-alpha.1...v0.3.0-alpha.2

v0.3.0-alpha.1

Full Changelog: v0.2.0...v0.3.0-alpha.1

v0.2.0

Full Changelog: v0.1.0...v0.2.0

Full Changelog: v0.1.0...v0.2.0

v0.1.11

Full Changelog: v0.1.10...v0.1.11

v0.1.10

Full Changelog: v0.1.9...v0.1.10

v0.1.9

Full Changelog: v0.1.8...v0.1.9

Full Changelog: v0.1.8...v0.1.9

Full Changelog: v0.1.8...v0.1.9

Full Changelog: v0.1.8...v0.1.9

Full Changelog: v0.1.8...v0.1.9

v0.1.8

Fix: Reliable daemon auto-start

Root cause identified: docker exec -t (with TTY allocation) kills ALL background processes when the shell exits immediately after &. The kernel sends SIGHUP to the process group before the child process can even exec — no amount of nohup, setsid, or signal handling can win this race.

The fix: dbr-start-daemon is a hardlink to the binary. When postStartCommand runs dbr-start-daemon, the binary runs as the exec session's foreground process (not backgrounded by a shell wrapper). The binary launches the daemon via a shell one-liner and waits for it to complete, keeping the exec session alive while the daemon starts.

Important: Existing containers with cached Docker layers will still have the old shell wrapper. To pick up the fix, rebuild with --no-cache or manually replace the wrapper:

docker exec -u root <container> ln -f /usr/local/bin/dbr /usr/local/bin/dbr-start-daemon

Full Changelog: v0.1.7...v0.1.8

v0.1.7

Fix: Reliable daemon auto-start via hardlink binary

dbr-start-daemon is now a hardlink to the dbr binary (instead of a shell wrapper). When invoked, the binary detects its argv[0] and delegates to the proven shell daemonization pattern:

nohup dbr container-daemon --log-level warn >/dev/null 2>&1 & sleep 1

This solves the Docker image layer caching problem — the shell wrapper in install.sh was cached and never updated, but the binary is always freshly downloaded from GitHub releases at install time.

Also includes idempotency: scans /proc to detect if the daemon is already running before spawning.

Full Changelog: v0.1.6...v0.1.7

v0.1.6

Changes since v0.1.5

• Fix daemon killed by TTY exec session teardown — The devcontainer CLI runs postStartCommand via docker exec -t (with TTY). When the shell exited immediately after backgrounding the daemon with &, Docker tore down the exec session before the daemon finished forking, killing it. Added sleep 1 after backgrounding to give the daemon time to fully start and detach.

Binaries

File	Platform
dbr-aarch64-apple-darwin	macOS Apple Silicon
dbr-x86_64-apple-darwin	macOS Intel
dbr-aarch64-unknown-linux-musl	Linux ARM64 (static)
dbr-x86_64-unknown-linux-musl	Linux x86_64 (static)

Full Changelog: v0.1.5...v0.1.6