feat: Added new e2e tests. Able to ping remote service.

Author: vercel-eddie

.devcontainer/.gitignore

@@ -0,0 +1 @@
+bridge-*/

.devcontainer/bridge-test-api-server/devcontainer.json

@@ -1,4 +1,11 @@
 {
   "name": "bridge",
-  "image": "mcr.microsoft.com/devcontainers/base:ubuntu"
+  "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
+  "mounts": [
+    "source=bridge-bashhistory,target=/commandhistory,type=volume"
+  ],
+  "postCreateCommand": "sudo chown $(id -u) /commandhistory",
+  "remoteEnv": {
+    "HISTFILE": "/commandhistory/.shell_history"
+  }
 }

.devcontainer/devcontainer.json

@@ -0,0 +1,40 @@
+{
+  "id": "bridge",
+  "version": "1.4.0",
+  "name": "Bridge Tunnel Client",
+  "description": "Connects to a bridge proxy server to intercept outbound traffic via iptables and tunnel it over gRPC.",
+  "entrypoint": "/usr/local/bin/bridge-entrypoint.sh",
+  "options": {
+    "bridgeServerAddr": {
+      "type": "string",
+      "description": "Address of the bridge proxy server (e.g. k8spf:///pod.ns:9090 or localhost:9090)",
+      "default": ""
+    },
+    "appPort": {
+      "type": "string",
+      "description": "Local app port to forward inbound requests to",
+      "default": "3000"
+    },
+    "bridgeVersion": {
+      "type": "string",
+      "description": "Version of bridge CLI to install (e.g., 'v1.0.0' or 'edge')",
+      "default": "edge"
+    },
+    "workspacePath": {
+      "type": "string",
+      "description": "Container workspace folder path — pass ${containerWorkspaceFolder} from devcontainer.json",
+      "default": ""
+    },
+    "forwardDomains": {
+      "type": "string",
+      "description": "Comma-separated list of domain patterns to intercept and resolve through the tunnel (e.g., '*.vercel.app,example.com')",
+      "default": ""
+    }
+  },
+  "capAdd": [
+    "NET_ADMIN"
+  ],
+  "installsAfter": [
+    "ghcr.io/devcontainers/features/common-utils"
+  ]
+}

.devcontainer/local-features/bridge/devcontainer-feature.json

@@ -0,0 +1,140 @@
+#!/bin/bash
+set -e
+
+# GitHub repository for bridge releases
+REPO="vercel-eddie/bridge"
+
+# Install required tools
+install_dependencies() {
+    if ! command -v curl &> /dev/null; then
+        if command -v apt-get &> /dev/null; then
+            apt-get update && apt-get install -y curl ca-certificates
+        elif command -v apk &> /dev/null; then
+            apk add --no-cache curl ca-certificates
+        elif command -v yum &> /dev/null; then
+            yum install -y curl ca-certificates
+        fi
+    fi
+
+    # Install iptables if not present (needed for traffic interception)
+    if ! command -v iptables &> /dev/null; then
+        if command -v apt-get &> /dev/null; then
+            apt-get update && apt-get install -y iptables
+        elif command -v apk &> /dev/null; then
+            apk add --no-cache iptables
+        elif command -v yum &> /dev/null; then
+            yum install -y iptables
+        fi
+    fi
+}
+
+# Detect architecture
+get_arch() {
+    local arch=$(uname -m)
+    case "$arch" in
+        x86_64) echo "amd64" ;;
+        aarch64|arm64) echo "arm64" ;;
+        *) echo "Unsupported architecture: $arch" >&2; exit 1 ;;
+    esac
+}
+
+# Get the latest release version from GitHub
+get_latest_version() {
+    curl -fsSL "https://api.github.com/repos/${REPO}/releases/latest" | \
+        grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'
+}
+
+# Download and install bridge binary
+install_bridge() {
+    if [ -x /usr/local/bin/bridge ]; then
+        echo "Bridge binary already installed, skipping download"
+        return 0
+    fi
+
+    local version="${BRIDGEVERSION:-edge}"
+
+    # In dev mode the binary is expected to be provided via bind mount at runtime.
+    if [ "$version" = "dev" ]; then
+        echo "Dev mode: skipping binary download (expecting bind mount at runtime)"
+        return 0
+    fi
+
+    local arch=$(get_arch)
+    local os="linux"
+
+    # Resolve 'latest' to actual version
+    if [ "$version" = "latest" ]; then
+        version=$(get_latest_version)
+        if [ -z "$version" ]; then
+            echo "Failed to fetch latest version" >&2
+            exit 1
+        fi
+    fi
+
+    echo "Installing bridge ${version} for ${os}-${arch}..."
+
+    local binary_name="bridge-${os}-${arch}"
+    local download_url="https://github.com/${REPO}/releases/download/${version}/${binary_name}"
+
+    echo "Downloading from: ${download_url}"
+
+    if ! curl -fsSL -o /usr/local/bin/bridge "${download_url}"; then
+        echo "Failed to download bridge binary" >&2
+        exit 1
+    fi
+
+    chmod +x /usr/local/bin/bridge
+    echo "Bridge ${version} installed successfully"
+}
+
+# Write environment configuration to /etc/profile.d (sourced by entrypoint)
+write_env_config() {
+    cat > /etc/profile.d/bridge.sh << EOF
+export BRIDGE_SERVER_ADDR="${BRIDGESERVERADDR:-}"
+export APP_PORT="${APPPORT:-3000}"
+export FORWARD_DOMAINS="${FORWARDDOMAINS:-$FORWARD_DOMAINS}"
+EOF
+}
+
+# Create entrypoint script
+create_entrypoint() {
+    # First part: bake the workspace path at install time (unquoted heredoc
+    # so ${WORKSPACEPATH} is expanded now, not at runtime)
+    cat > /usr/local/bin/bridge-entrypoint.sh << EOF
+#!/bin/bash
+# Baked at install time from feature option "workspacePath"
+BRIDGE_WORKSPACE_PATH="${WORKSPACEPATH:-}"
+EOF
+
+    # Second part: runtime logic (quoted heredoc — no expansion at install time)
+    cat >> /usr/local/bin/bridge-entrypoint.sh << 'RUNTIME'
+
+# Source profile in case env vars aren't inherited
+[ -f /etc/profile.d/bridge.sh ] && source /etc/profile.d/bridge.sh
+
+# Run bridge intercept as root (required for iptables)
+if [ -n "$BRIDGE_SERVER_ADDR" ]; then
+    sudo BRIDGE_SERVER_ADDR="$BRIDGE_SERVER_ADDR" \
+         FORWARD_DOMAINS="$FORWARD_DOMAINS" \
+         KUBECONFIG="${KUBECONFIG:-}" \
+         /usr/local/bin/bridge intercept > /tmp/bridge-intercept.log 2>&1 &
+fi
+
+exec "$@"
+RUNTIME
+    chmod +x /usr/local/bin/bridge-entrypoint.sh
+}
+
+# Main installation
+main() {
+    echo "Installing Bridge Tunnel Client..."
+
+    install_dependencies
+    install_bridge
+    write_env_config
+    create_entrypoint
+
+    echo "Bridge Tunnel Client installation complete"
+}
+
+main

.devcontainer/local-features/bridge/install.sh

@@ -24,23 +24,23 @@ make
 - [k3d](https://k3d.io/) (`brew install k3d`)
 - Go 1.25+
 
-### 1. Create a k3d cluster
+### 1. Create a k3d cluster with a registry
 
 ```bash
-k3d cluster create bridge
+k3d cluster create bridge --registry-create bridge-registry:0.0.0.0:5111
 ```
 
-This creates a lightweight k3s cluster running in Docker. Your kubeconfig context is automatically switched to `k3d-bridge`.
+This creates a lightweight k3s cluster with a local container registry at `k3d-bridge-registry.localhost:5111`. Your kubeconfig context is automatically switched to `k3d-bridge`.
 
 ### 2. Seed the cluster
 
-Build images, import them into k3d, and apply the Kubernetes manifests:
+Build images, push to the registry, and apply the Kubernetes manifests:
 
 ```bash
-go run deploy/main.go -cluster bridge
+go run deploy/main.go
 ```
 
-This deploys the bridge administrator (namespace `bridge`) and a test HTTP server (namespace `test-workloads`).
+This deploys the bridge administrator (namespace `bridge`) and a test HTTP server (namespace `test-workloads`). Re-run to pick up code changes — images are pushed and deployments are restarted automatically.
 
 ### 3. Build the CLI
 
@@ -62,6 +62,20 @@ Create a bridge to the test server:
 ./bridge create test-api-server -n test-workloads --connect
 ```
 
+To test local changes to the devcontainer feature (intercept, DNS, etc.), first set up hardlinks to the feature files:
+
+```bash
+mkdir -p .devcontainer/local-features/bridge
+ln features/bridge/install.sh .devcontainer/local-features/bridge/install.sh
+ln features/bridge/devcontainer-feature.json .devcontainer/local-features/bridge/devcontainer-feature.json
+```
+
+Then run with the local feature ref:
+
+```bash
+./bridge create test-api-server -n test-workloads --feature-ref ../local-features/bridge -f .devcontainer/devcontainer.json --force --connect
+```
+
 Or start just the administrator port-forward to verify connectivity:
 
 ```bash
@@ -71,7 +85,7 @@ kubectl port-forward -n bridge svc/administrator 9090:9090
 ### Teardown
 
 ```bash
-k3d cluster delete bridge
+k3d cluster delete bridge --registry-delete k3d-bridge-registry
 ```
 
 ## Architecture

README.md

@@ -79,6 +79,13 @@ export declare type CreateBridgeResponse = Message<"bridge.v1.CreateBridgeRespon
    * @generated from field: int32 port = 3;
    */
   port: number;
+
+  /**
+   * The name of the Deployment that owns the bridged pod.
+   *
+   * @generated from field: string deployment_name = 4 [json_name = "deployment_name"];
+   */
+  deploymentName: string;
 };
 
 /**

api/go/bridge/v1/administrator.pb.go

@@ -8,7 +8,7 @@ import { fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2
  * Describes the file bridge/v1/administrator.proto.
  */
 export const file_bridge_v1_administrator = /*@__PURE__*/
-  fileDesc("Ch1icmlkZ2UvdjEvYWRtaW5pc3RyYXRvci5wcm90bxIJYnJpZGdlLnYxIpwBChNDcmVhdGVCcmlkZ2VSZXF1ZXN0EhwKCWRldmljZV9pZBgBIAEoCVIJZGV2aWNlX2lkEiwKEXNvdXJjZV9kZXBsb3ltZW50GAIgASgJUhFzb3VyY2VfZGVwbG95bWVudBIqChBzb3VyY2VfbmFtZXNwYWNlGAMgASgJUhBzb3VyY2VfbmFtZXNwYWNlEg0KBWZvcmNlGAQgASgIIlMKFENyZWF0ZUJyaWRnZVJlc3BvbnNlEhEKCW5hbWVzcGFjZRgBIAEoCRIaCghwb2RfbmFtZRgCIAEoCVIIcG9kX25hbWUSDAoEcG9ydBgDIAEoBSIyChJMaXN0QnJpZGdlc1JlcXVlc3QSHAoJZGV2aWNlX2lkGAEgASgJUglkZXZpY2VfaWQixwEKCkJyaWRnZUluZm8SHAoJZGV2aWNlX2lkGAEgASgJUglkZXZpY2VfaWQSLAoRc291cmNlX2RlcGxveW1lbnQYAiABKAlSEXNvdXJjZV9kZXBsb3ltZW50EioKEHNvdXJjZV9uYW1lc3BhY2UYAyABKAlSEHNvdXJjZV9uYW1lc3BhY2USEQoJbmFtZXNwYWNlGAQgASgJEh4KCmNyZWF0ZWRfYXQYBSABKAlSCmNyZWF0ZWRfYXQSDgoGc3RhdHVzGAYgASgJIj0KE0xpc3RCcmlkZ2VzUmVzcG9uc2USJgoHYnJpZGdlcxgBIAMoCzIVLmJyaWRnZS52MS5CcmlkZ2VJbmZvImEKE0RlbGV0ZUJyaWRnZVJlcXVlc3QSHAoJZGV2aWNlX2lkGAEgASgJUglkZXZpY2VfaWQSLAoRc291cmNlX2RlcGxveW1lbnQYAiABKAlSEXNvdXJjZV9kZXBsb3ltZW50IhYKFERlbGV0ZUJyaWRnZVJlc3BvbnNlMoYCChRBZG1pbmlzdHJhdG9yU2VydmljZRJPCgxDcmVhdGVCcmlkZ2USHi5icmlkZ2UudjEuQ3JlYXRlQnJpZGdlUmVxdWVzdBofLmJyaWRnZS52MS5DcmVhdGVCcmlkZ2VSZXNwb25zZRJMCgtMaXN0QnJpZGdlcxIdLmJyaWRnZS52MS5MaXN0QnJpZGdlc1JlcXVlc3QaHi5icmlkZ2UudjEuTGlzdEJyaWRnZXNSZXNwb25zZRJPCgxEZWxldGVCcmlkZ2USHi5icmlkZ2UudjEuRGVsZXRlQnJpZGdlUmVxdWVzdBofLmJyaWRnZS52MS5EZWxldGVCcmlkZ2VSZXNwb25zZUKiAQoNY29tLmJyaWRnZS52MUISQWRtaW5pc3RyYXRvclByb3RvUAFaOGdpdGh1Yi5jb20vdmVyY2VsLWVkZGllL2JyaWRnZS9hcGkvZ28vYnJpZGdlL3YxO2JyaWRnZXYxogIDQlhYqgIJQnJpZGdlLlYxygIJQnJpZGdlXFYx4gIVQnJpZGdlXFYxXEdQQk1ldGFkYXRh6gIKQnJpZGdlOjpWMWIGcHJvdG8z");
+  fileDesc("Ch1icmlkZ2UvdjEvYWRtaW5pc3RyYXRvci5wcm90bxIJYnJpZGdlLnYxIpwBChNDcmVhdGVCcmlkZ2VSZXF1ZXN0EhwKCWRldmljZV9pZBgBIAEoCVIJZGV2aWNlX2lkEiwKEXNvdXJjZV9kZXBsb3ltZW50GAIgASgJUhFzb3VyY2VfZGVwbG95bWVudBIqChBzb3VyY2VfbmFtZXNwYWNlGAMgASgJUhBzb3VyY2VfbmFtZXNwYWNlEg0KBWZvcmNlGAQgASgIIn0KFENyZWF0ZUJyaWRnZVJlc3BvbnNlEhEKCW5hbWVzcGFjZRgBIAEoCRIaCghwb2RfbmFtZRgCIAEoCVIIcG9kX25hbWUSDAoEcG9ydBgDIAEoBRIoCg9kZXBsb3ltZW50X25hbWUYBCABKAlSD2RlcGxveW1lbnRfbmFtZSIyChJMaXN0QnJpZGdlc1JlcXVlc3QSHAoJZGV2aWNlX2lkGAEgASgJUglkZXZpY2VfaWQixwEKCkJyaWRnZUluZm8SHAoJZGV2aWNlX2lkGAEgASgJUglkZXZpY2VfaWQSLAoRc291cmNlX2RlcGxveW1lbnQYAiABKAlSEXNvdXJjZV9kZXBsb3ltZW50EioKEHNvdXJjZV9uYW1lc3BhY2UYAyABKAlSEHNvdXJjZV9uYW1lc3BhY2USEQoJbmFtZXNwYWNlGAQgASgJEh4KCmNyZWF0ZWRfYXQYBSABKAlSCmNyZWF0ZWRfYXQSDgoGc3RhdHVzGAYgASgJIj0KE0xpc3RCcmlkZ2VzUmVzcG9uc2USJgoHYnJpZGdlcxgBIAMoCzIVLmJyaWRnZS52MS5CcmlkZ2VJbmZvImEKE0RlbGV0ZUJyaWRnZVJlcXVlc3QSHAoJZGV2aWNlX2lkGAEgASgJUglkZXZpY2VfaWQSLAoRc291cmNlX2RlcGxveW1lbnQYAiABKAlSEXNvdXJjZV9kZXBsb3ltZW50IhYKFERlbGV0ZUJyaWRnZVJlc3BvbnNlMoYCChRBZG1pbmlzdHJhdG9yU2VydmljZRJPCgxDcmVhdGVCcmlkZ2USHi5icmlkZ2UudjEuQ3JlYXRlQnJpZGdlUmVxdWVzdBofLmJyaWRnZS52MS5DcmVhdGVCcmlkZ2VSZXNwb25zZRJMCgtMaXN0QnJpZGdlcxIdLmJyaWRnZS52MS5MaXN0QnJpZGdlc1JlcXVlc3QaHi5icmlkZ2UudjEuTGlzdEJyaWRnZXNSZXNwb25zZRJPCgxEZWxldGVCcmlkZ2USHi5icmlkZ2UudjEuRGVsZXRlQnJpZGdlUmVxdWVzdBofLmJyaWRnZS52MS5EZWxldGVCcmlkZ2VSZXNwb25zZUKiAQoNY29tLmJyaWRnZS52MUISQWRtaW5pc3RyYXRvclByb3RvUAFaOGdpdGh1Yi5jb20vdmVyY2VsLWVkZGllL2JyaWRnZS9hcGkvZ28vYnJpZGdlL3YxO2JyaWRnZXYxogIDQlhYqgIJQnJpZGdlLlYxygIJQnJpZGdlXFYx4gIVQnJpZGdlXFYxXEdQQk1ldGFkYXRh6gIKQnJpZGdlOjpWMWIGcHJvdG8z");
 
 /**
  * Describes the message bridge.v1.CreateBridgeRequest.

api/ts/bridge/v1/administrator_pb.d.ts

@@ -43,6 +43,7 @@ spec:
       containers:
         - name: administrator
           image: "{{ADMINISTRATOR_IMAGE}}"
+          imagePullPolicy: Always
           command: ["bridge", "administrator"]
           env:
             - name: POD_NAMESPACE