@willjackson/claude-code-bridge 0.7.0 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +83 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -22,10 +22,10 @@ Claude Code Bridge connects your local Claude Code to remote environments via We
|
|
|
22
22
|
LOCAL MACHINE REMOTE MACHINE
|
|
23
23
|
┌──────────────────────┐ ┌──────────────────────┐
|
|
24
24
|
│ │ │ │
|
|
25
|
-
│ Claude Code │
|
|
26
|
-
│ + │
|
|
25
|
+
│ Claude Code │ ws:// or │ Bridge Client │
|
|
26
|
+
│ + │ wss:// │ --with-handlers │
|
|
27
27
|
│ Bridge Host ────────────────────► │
|
|
28
|
-
│ (port 8766) │
|
|
28
|
+
│ (port 8766) │ (TLS) │ Executes commands │
|
|
29
29
|
│ │ │ on your files │
|
|
30
30
|
└──────────────────────┘ └──────────────────────┘
|
|
31
31
|
```
|
|
@@ -78,6 +78,46 @@ Replace `HOST_IP` with your local machine's IP address.
|
|
|
78
78
|
|
|
79
79
|
That's it! Claude Code now has access to files on the remote machine.
|
|
80
80
|
|
|
81
|
+
## Secure Connections (TLS + Auth)
|
|
82
|
+
|
|
83
|
+
For production or untrusted networks, enable TLS encryption and authentication.
|
|
84
|
+
|
|
85
|
+
### Generate Certificates
|
|
86
|
+
|
|
87
|
+
```bash
|
|
88
|
+
# Self-signed certificate (for testing)
|
|
89
|
+
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/CN=localhost"
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
### Start with TLS + Token Auth
|
|
93
|
+
|
|
94
|
+
**Local machine (host):**
|
|
95
|
+
|
|
96
|
+
```bash
|
|
97
|
+
claude-bridge start --cert cert.pem --key key.pem --auth-token mysecret123
|
|
98
|
+
```
|
|
99
|
+
|
|
100
|
+
**Remote machine (client):**
|
|
101
|
+
|
|
102
|
+
```bash
|
|
103
|
+
claude-bridge start --with-handlers --connect wss://HOST_IP:8765 --ca cert.pem --auth-token mysecret123
|
|
104
|
+
```
|
|
105
|
+
|
|
106
|
+
### Authentication Options
|
|
107
|
+
|
|
108
|
+
| Option | Description |
|
|
109
|
+
|--------|-------------|
|
|
110
|
+
| `--auth-token <token>` | Require a shared secret token |
|
|
111
|
+
| `--auth-password <pw>` | Require password authentication |
|
|
112
|
+
| `--auth-ip <cidr>` | Allow only specific IPs (e.g., `192.168.0.0/16`) |
|
|
113
|
+
| `--auth-require-all` | Require ALL auth methods to pass (default: any) |
|
|
114
|
+
|
|
115
|
+
Combine methods for defense in depth:
|
|
116
|
+
|
|
117
|
+
```bash
|
|
118
|
+
claude-bridge start --auth-token secret --auth-ip 10.0.0.0/8 --auth-require-all
|
|
119
|
+
```
|
|
120
|
+
|
|
81
121
|
## What You Can Do
|
|
82
122
|
|
|
83
123
|
Once connected, Claude Code gains these MCP tools:
|
|
@@ -112,12 +152,24 @@ claude-bridge start [--port 8765] [--launch-claude] [-- claude-args]
|
|
|
112
152
|
# Client mode (remote machine)
|
|
113
153
|
claude-bridge start --with-handlers --connect ws://HOST:PORT
|
|
114
154
|
|
|
155
|
+
# Secure connections
|
|
156
|
+
claude-bridge start --cert cert.pem --key key.pem --auth-token secret
|
|
157
|
+
claude-bridge start --with-handlers --connect wss://HOST:PORT --ca cert.pem --auth-token secret
|
|
158
|
+
|
|
115
159
|
# Utilities
|
|
116
160
|
claude-bridge status # Check if bridge is running
|
|
117
161
|
claude-bridge stop # Stop the bridge daemon
|
|
118
162
|
claude-bridge info # Show system info
|
|
119
163
|
```
|
|
120
164
|
|
|
165
|
+
### TLS Options
|
|
166
|
+
|
|
167
|
+
| Option | Description |
|
|
168
|
+
|--------|-------------|
|
|
169
|
+
| `--cert <path>` | TLS certificate file |
|
|
170
|
+
| `--key <path>` | TLS private key file |
|
|
171
|
+
| `--ca <path>` | CA certificate (for verifying self-signed certs) |
|
|
172
|
+
|
|
121
173
|
## Configuration
|
|
122
174
|
|
|
123
175
|
Create `~/.claude-bridge/config.yml` for persistent settings:
|
|
@@ -127,10 +179,28 @@ instanceName: my-bridge
|
|
|
127
179
|
listen:
|
|
128
180
|
port: 8765
|
|
129
181
|
host: 0.0.0.0
|
|
182
|
+
tls:
|
|
183
|
+
cert: /path/to/cert.pem
|
|
184
|
+
key: /path/to/key.pem
|
|
185
|
+
auth:
|
|
186
|
+
type: token # none, token, password, ip, or combined
|
|
187
|
+
token: ${BRIDGE_AUTH_TOKEN} # use environment variable
|
|
130
188
|
interaction:
|
|
131
189
|
taskTimeout: 300000
|
|
132
190
|
```
|
|
133
191
|
|
|
192
|
+
For client connections:
|
|
193
|
+
|
|
194
|
+
```yaml
|
|
195
|
+
connect:
|
|
196
|
+
url: wss://remote-host:8765
|
|
197
|
+
tls:
|
|
198
|
+
ca: /path/to/ca.pem
|
|
199
|
+
auth:
|
|
200
|
+
type: token
|
|
201
|
+
token: ${BRIDGE_AUTH_TOKEN}
|
|
202
|
+
```
|
|
203
|
+
|
|
134
204
|
## Troubleshooting
|
|
135
205
|
|
|
136
206
|
**Can't connect?**
|
|
@@ -138,6 +208,16 @@ interaction:
|
|
|
138
208
|
- Check firewall allows port 8765
|
|
139
209
|
- Confirm IP is reachable: `ping HOST_IP`
|
|
140
210
|
|
|
211
|
+
**TLS connection failing?**
|
|
212
|
+
- Ensure client uses `wss://` (not `ws://`) when connecting to TLS host
|
|
213
|
+
- For self-signed certs, client must use `--ca cert.pem`
|
|
214
|
+
- Check certificate hasn't expired
|
|
215
|
+
|
|
216
|
+
**Authentication failing?**
|
|
217
|
+
- Verify tokens match exactly on both sides
|
|
218
|
+
- For IP auth, ensure client IP is in allowed CIDR range
|
|
219
|
+
- Check with `-v` flag for detailed auth error messages
|
|
220
|
+
|
|
141
221
|
**Commands not executing?**
|
|
142
222
|
- Ensure client uses `--with-handlers`
|
|
143
223
|
- Check client console for errors
|