chore: integrate Claude Code into devcontainer for autonomus development

[shumkov]

Issue being fixed or feature implemented

Integrate Claude Code into the Dev Container to enable autonomous AI-assisted
development with full sandbox isolation. This gives developers (and Claude itself) a
ready-to-go environment where Claude Code can build, test, and iterate on Dash Platform
code without manual setup or permission prompts.

What was done?

Claude Code integration

• Added [ghcr.io/anthropics/devcontainer-features/claude-code](https://github.com/anth
  ropics/devcontainer-features) as a devcontainer feature
• Host ~/.claude/ config (credentials, skills, plugins) is staged by init-host.sh
  and copied into a persistent Docker volume by post-create.sh, then the staged copy is
  cleaned up
• bypassPermissions mode is forced in Claude settings so Claude Code runs autonomously
  without prompts
• ANTHROPIC_API_KEY is forwarded from the host environment as a fallback auth method
• Persistent named volume for ~/.claude/ survives container rebuilds (conversation
  history, config)

Optional network firewall (.devcontainer/init-firewall.sh)

• iptables-based outbound firewall restricting Claude Code and other tools to
  whitelisted services only (Anthropic API, npm, crates.io, GitHub, Docker Hub, VS Code
  marketplace)
• Disabled by default — documented how to enable for stricter sandboxing

Devcontainer modernization

• Replaced static image reference (ghcr.io/dashpay/platform/devcontainer:0.1.0) with a
  local Dockerfile build
• Added devcontainer features: Node.js 24, Docker-in-Docker, GitHub CLI, common-utils,
  jq-likes
• Added VS Code extensions: Claude Code, rust-analyzer, ESLint, Prettier, GitLens,
  Docker, LLDB, TOML
• Configured named Docker volumes for cargo cache, build target, and shell history
• Added developer tools: ripgrep, fd-find, fzf, git-delta, vim, nano
• Bumped wasm-bindgen-cli to 0.2.108, added wasm-pack

Git worktree support

• init-host.sh resolves the main .git directory and mounts it into the container
• post-create.sh creates symlinks so git operations work transparently from worktrees

Documentation

• Added .devcontainer/README.md covering prerequisites, auth options (OAuth + API
  key), VS Code and CLI usage, firewall setup, persistent data, and troubleshooting
• Updated root README.md with Dev Container as recommended setup method

How Has This Been Tested?

• Built and opened the devcontainer in VS Code on macOS (arm64) from both main repo and
  a git worktree
• Verified Claude Code launches with bypassPermissions mode and host credentials
• Verified git operations (status, commit, push) work inside the container from a
  worktree
• Verified Docker-in-Docker is functional for dashmate usage
• Verified persistent volumes survive container rebuilds (cargo cache, Claude config,
  shell history)

Breaking Changes

None. The devcontainer previously pointed to a static image. This replaces it with a
local build — existing users will get the new configuration on next rebuild.

Checklist:

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added or updated relevant unit/integration/functional/e2e tests
• I have added "!" to the title and described breaking changes in the corresponding
  section if my code contains any
• I have made corresponding changes to the documentation if needed

For repository code-owners and collaborators only

• I have assigned this pull request to a milestone

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces a comprehensive development container setup for the Dash Platform, including a customized Dockerfile with extended tooling (protoc, Rust, cargo-binstall, wasm tools), initialization scripts for host and firewall configuration, VS Code integration with features and extensions, and detailed documentation for local development workflows.

Changes

Cohort / File(s)	Summary
Devcontainer Configuration .devcontainer/Dockerfile, .devcontainer/devcontainer.json, .devcontainer/.claude-config-resolved	Dockerfile expanded with timezone support, system dependencies, architecture-aware binary installation (protoc, git-delta, cargo-binstall), Rust toolchain provisioning, wasm tooling (wasm-bindgen-cli, wasm-pack), and directory setup. devcontainer.json converted from static image reference to parameterized build-based configuration with VS Code extensions, features (common utilities, Git, GitHub CLI, Node, Docker-in-Docker, Claude code), mounts, and environment variables.
Devcontainer Initialization Scripts .devcontainer/init-host.sh, .devcontainer/init-firewall.sh, .devcontainer/post-create.sh	New host initialization script ensures Git and Claude config staging; new firewall script restricts outbound traffic via iptables with DNS-resolved IP allowlists and GitHub CIDR ranges; new post-create script configures Git worktrees, Cargo ownership, shell history persistence, and Claude Code settings within container.
Documentation & Gitignore .devcontainer/README.md, .gitignore	Comprehensive devcontainer documentation covering setup, prerequisites, usage, authentication, networking, and troubleshooting; gitignore updated to exclude machine-specific files (.claude-host-config, .main-git-resolved).
Root README README.md	Added Dev Container section with CLI installation and usage instructions; introduced Manual setup section; updated Node.js requirement from v20 to v24 and wasm-bindgen-cli from 0.2.103 to 0.2.108.

Sequence Diagram(s)

sequenceDiagram
    actor Host as Host Machine
    participant InitHost as init-host.sh
    participant DockerBuild as Docker Build
    participant Container as Container
    participant PostCreate as post-create.sh
    participant VSCode as VS Code

    Host->>InitHost: Runs (initializeCommand)
    InitHost->>InitHost: Setup Git config & Claude staging
    InitHost->>InitHost: Resolve Git worktree symlink
    
    Host->>DockerBuild: Build container
    DockerBuild->>DockerBuild: Install toolchain (Rust, protoc, etc.)
    DockerBuild->>Container: Create vscode user & workspace
    
    Container->>Container: Container starts
    Container->>PostCreate: Runs (postCreateCommand)
    PostCreate->>PostCreate: Configure Git worktree support
    PostCreate->>PostCreate: Set Cargo ownership
    PostCreate->>PostCreate: Copy Claude config from staging
    PostCreate->>PostCreate: Configure shell history & settings
    
    Container->>VSCode: Environment ready
    VSCode->>VSCode: Load extensions & settings
    VSCode->>Host: Ready for development

Loading

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰✨ A burrow of code, no more setup pain!
Docker and scripts dance in the container's domain,
With Rust, Git, and wasm all perfectly aligned,
The devcontainer springs forth, a developer's find!
Now hop right in, Claude and VS Code in tow! 🚀

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main objective: integrating Claude Code into the devcontainer for autonomous development. It directly reflects the primary change across all modified files.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/devcontainer

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (6)

.devcontainer/init-firewall.sh (2)

92-92: Consider using conntrack instead of deprecated state module.

The --state option is deprecated in favor of -m conntrack --ctstate. This is a minor compatibility note for newer iptables versions.

Suggested update

-iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.devcontainer/init-firewall.sh at line 92, Replace the deprecated state
match in the iptables rule: update the rule that currently uses "-m state
--state ESTABLISHED,RELATED -j ACCEPT" (found in the init-firewall script) to
use the conntrack match instead by switching to "-m conntrack --ctstate
ESTABLISHED,RELATED -j ACCEPT" so it uses the modern conntrack module while
preserving the same behavior.

---

62-68: Consider validating GitHub CIDR ranges before adding to iptables.

The GitHub meta API response is used directly in iptables rules without validation. A compromised or malformed response could inject unexpected rules. While the 2>/dev/null || true on line 112 suppresses errors, explicit validation would be safer.

Suggested validation

 # GitHub (dynamic IP ranges - added as CIDR rules below since ipset doesn't support /16 etc.)
-GITHUB_IPS=$(curl -s https://api.github.com/meta 2>/dev/null | jq -r '.web[], .api[], .git[], .actions[]' 2>/dev/null || true)
+GITHUB_IPS=$(curl -sf --max-time 10 https://api.github.com/meta 2>/dev/null | jq -r '.web[], .api[], .git[], .actions[]' 2>/dev/null | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+(/[0-9]+)?$' || true)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.devcontainer/init-firewall.sh around lines 62 - 68, The script currently
assigns GITHUB_IPS from the GitHub meta API and feeds those values into firewall
rules; instead validate each entry before applying rules: after GITHUB_IPS is
populated, iterate its items and verify each is a valid IPv4/IPv6 address or
CIDR (use a strict regex or syscalls like ipcalc/ip in the shell) and reject
anything that doesn't match, log rejected/malformed entries, and only pass
sanitized CIDR strings to resolve_and_allow or the iptables commands; implement
this validation where GITHUB_IPS is set and before any use of
resolve_and_allow/iptables so resolve_and_allow and iptables only ever receive
trusted, validated CIDR/IP strings.

.devcontainer/post-create.sh (1)

44-49: Redundant dotfile copy loop — same issue as in init-host.sh.

The cp -a "$HOST_CONFIG"/. "$CLAUDE_DIR"/ on line 44 already copies hidden files. The subsequent loop duplicates this.

Suggested simplification

 if [ -d "$HOST_CONFIG" ] && [ "$(ls -A "$HOST_CONFIG" 2>/dev/null)" ]; then
     echo "Copying Claude config from host..."
     cp -a "$HOST_CONFIG"/. "$CLAUDE_DIR"/ 2>/dev/null || true
-    for item in "$HOST_CONFIG"/.*; do
-        basename="$(basename "$item")"
-        [ "$basename" = "." ] || [ "$basename" = ".." ] && continue
-        cp -a "$item" "$CLAUDE_DIR/$basename" 2>/dev/null || true
-    done
     chmod 600 "$CLAUDE_DIR/.credentials.json" 2>/dev/null || true

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.devcontainer/post-create.sh around lines 44 - 49, The duplicate copy is
caused by the initial cp -a "$HOST_CONFIG"/. "$CLAUDE_DIR"/ which already copies
hidden files, followed by the for loop (for item in "$HOST_CONFIG"/.*) that
re-copies dotfiles; remove the entire loop (the for ... do ... done block) and
keep the single cp -a "$HOST_CONFIG"/. "$CLAUDE_DIR"/ command so hidden files
are copied once and behavior matches the init-host.sh approach.

.devcontainer/init-host.sh (1)

14-22: Redundant dotfile copy loop — cp -a dir/. already copies hidden files.

The command on line 16 (cp -a "$HOME/.claude"/. "$CLAUDE_STAGING"/) already copies all contents including dotfiles. The loop on lines 18-22 duplicates this work.

Suggested simplification

 if [ -d "$HOME/.claude" ] && [ "$(ls -A "$HOME/.claude" 2>/dev/null)" ]; then
     mkdir -p "$CLAUDE_STAGING"
     cp -a "$HOME/.claude"/. "$CLAUDE_STAGING"/ 2>/dev/null || true
-    # Also copy dotfiles
-    for item in "$HOME/.claude"/.*; do
-        base="$(basename "$item")"
-        [ "$base" = "." ] || [ "$base" = ".." ] && continue
-        cp -a "$item" "$CLAUDE_STAGING/$base" 2>/dev/null || true
-    done
     # Also copy ~/.claude.json (onboarding state, outside ~/.claude/)
     [ -f "$HOME/.claude.json" ] && cp -a "$HOME/.claude.json" "$CLAUDE_STAGING/.claude.json.root" 2>/dev/null || true
 fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.devcontainer/init-host.sh around lines 14 - 22, The dotfile copy loop is
redundant because the existing cp -a "$HOME/.claude"/. "$CLAUDE_STAGING"/
already copies hidden files; remove the entire for-loop that iterates over
"$HOME/.claude"/.* (the block that computes base and cp -a "$item"
"$CLAUDE_STAGING/$base") and keep the mkdir -p "$CLAUDE_STAGING" and the single
cp -a "$HOME/.claude"/. "$CLAUDE_STAGING"/ 2>/dev/null || true call so
CLAUDE_STAGING population and existing error suppression remain intact.

.devcontainer/Dockerfile (2)

1-2: Consider pinning the base image version for reproducibility.

The :ubuntu tag will pull whatever the latest Ubuntu-based devcontainer image is at build time. For more reproducible builds, consider pinning to a specific version (e.g., :ubuntu-24.04 or using a digest).

That said, for a devcontainer where staying current may be desirable, this is an acceptable trade-off.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.devcontainer/Dockerfile around lines 1 - 2, The Dockerfile uses an unpinned
base image "FROM mcr.microsoft.com/devcontainers/base:ubuntu" which makes builds
non-reproducible; update that FROM line to reference a specific, pinned tag or
digest (for example "mcr.microsoft.com/devcontainers/base:ubuntu-24.04" or a
sha256 digest) so builds are deterministic, and document the chosen pin in the
Dockerfile comment; locate the FROM instruction in the Dockerfile and replace
the ":ubuntu" tag with the chosen version or digest.

---

64-71: TOML parsing is fragile and may break with different formatting.

The current parsing assumes channel = "version" with spaces around =. TOML allows channel="version" (no spaces), which would cause awk '{print $3}' to fail.

Consider a more robust extraction:

♻️ More robust TOML parsing

 COPY --chown=vscode:vscode rust-toolchain.toml /tmp/rust-toolchain.toml
-RUN TOOLCHAIN_VERSION="$(grep channel /tmp/rust-toolchain.toml | awk '{print $3}' | tr -d '"')" && \
+RUN TOOLCHAIN_VERSION="$(grep -oP 'channel\s*=\s*"\K[^"]+' /tmp/rust-toolchain.toml)" && \
     curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- \

Alternatively, using sed:

TOOLCHAIN_VERSION="$(sed -n 's/^channel[[:space:]]*=[[:space:]]*"\([^"]*\)".*/\1/p' /tmp/rust-toolchain.toml)"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.devcontainer/Dockerfile around lines 64 - 71, The current RUN that sets
TOOLCHAIN_VERSION from rust-toolchain.toml using grep/awk is fragile (it depends
on spacing); change the extraction used in the RUN command to a robust
regex-based parser (e.g., sed) that captures the value of channel regardless of
spaces or quoting, so TOOLCHAIN_VERSION is correctly set from
rust-toolchain.toml before invoking the rustup installer; keep the rest of the
RUN flow (invoking sh.rustup.rs with --default-toolchain and --target
wasm32-unknown-unknown and removing /tmp/rust-toolchain.toml) unchanged, and
reference the variables and files exactly as used: TOOLCHAIN_VERSION,
rust-toolchain.toml, and the existing RUN invocation.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.devcontainer/.claude-config-resolved:
- Line 1: Remove the machine-specific file .devcontainer/.claude-config-resolved
from the repository and stop tracking it: add an appropriate ignore pattern
(e.g., .devcontainer/.claude-config-resolved or a broader
.devcontainer/*.resolved) to .gitignore, remove the tracked file from git (git
rm --cached or git rm as appropriate), and commit the change so the personal
path (/Users/ivanshumkov/.claude) is not stored in the repo; ensure the
.devcontainer/.claude-config-resolved entry is present in .gitignore to prevent
future commits of that generated, user-specific file.

In @.devcontainer/README.md:
- Around line 108-114: The README statement saying the host's `~/.claude/`
directory is "mounted read-only" is inaccurate because the scripts init-host.sh
and post-create.sh actually copy the config into a staging area and then into a
persistent Docker volume; update the text in .devcontainer/README.md to say the
config is copied into a persistent Docker volume (not mounted), and keep/clarify
the notes that post-create.sh forces bypassPermissions and skips the safety
confirmation prompt and that host-specific path references are copied as-is and
may log harmless warnings in-container.

---

Nitpick comments:
In @.devcontainer/Dockerfile:
- Around line 1-2: The Dockerfile uses an unpinned base image "FROM
mcr.microsoft.com/devcontainers/base:ubuntu" which makes builds
non-reproducible; update that FROM line to reference a specific, pinned tag or
digest (for example "mcr.microsoft.com/devcontainers/base:ubuntu-24.04" or a
sha256 digest) so builds are deterministic, and document the chosen pin in the
Dockerfile comment; locate the FROM instruction in the Dockerfile and replace
the ":ubuntu" tag with the chosen version or digest.
- Around line 64-71: The current RUN that sets TOOLCHAIN_VERSION from
rust-toolchain.toml using grep/awk is fragile (it depends on spacing); change
the extraction used in the RUN command to a robust regex-based parser (e.g.,
sed) that captures the value of channel regardless of spaces or quoting, so
TOOLCHAIN_VERSION is correctly set from rust-toolchain.toml before invoking the
rustup installer; keep the rest of the RUN flow (invoking sh.rustup.rs with
--default-toolchain and --target wasm32-unknown-unknown and removing
/tmp/rust-toolchain.toml) unchanged, and reference the variables and files
exactly as used: TOOLCHAIN_VERSION, rust-toolchain.toml, and the existing RUN
invocation.

In @.devcontainer/init-firewall.sh:
- Line 92: Replace the deprecated state match in the iptables rule: update the
rule that currently uses "-m state --state ESTABLISHED,RELATED -j ACCEPT" (found
in the init-firewall script) to use the conntrack match instead by switching to
"-m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT" so it uses the modern
conntrack module while preserving the same behavior.
- Around line 62-68: The script currently assigns GITHUB_IPS from the GitHub
meta API and feeds those values into firewall rules; instead validate each entry
before applying rules: after GITHUB_IPS is populated, iterate its items and
verify each is a valid IPv4/IPv6 address or CIDR (use a strict regex or syscalls
like ipcalc/ip in the shell) and reject anything that doesn't match, log
rejected/malformed entries, and only pass sanitized CIDR strings to
resolve_and_allow or the iptables commands; implement this validation where
GITHUB_IPS is set and before any use of resolve_and_allow/iptables so
resolve_and_allow and iptables only ever receive trusted, validated CIDR/IP
strings.

In @.devcontainer/init-host.sh:
- Around line 14-22: The dotfile copy loop is redundant because the existing cp
-a "$HOME/.claude"/. "$CLAUDE_STAGING"/ already copies hidden files; remove the
entire for-loop that iterates over "$HOME/.claude"/.* (the block that computes
base and cp -a "$item" "$CLAUDE_STAGING/$base") and keep the mkdir -p
"$CLAUDE_STAGING" and the single cp -a "$HOME/.claude"/. "$CLAUDE_STAGING"/
2>/dev/null || true call so CLAUDE_STAGING population and existing error
suppression remain intact.

In @.devcontainer/post-create.sh:
- Around line 44-49: The duplicate copy is caused by the initial cp -a
"$HOST_CONFIG"/. "$CLAUDE_DIR"/ which already copies hidden files, followed by
the for loop (for item in "$HOST_CONFIG"/.*) that re-copies dotfiles; remove the
entire loop (the for ... do ... done block) and keep the single cp -a
"$HOST_CONFIG"/. "$CLAUDE_DIR"/ command so hidden files are copied once and
behavior matches the init-host.sh approach.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 78184f6 and 82fff6a.

📒 Files selected for processing (9)

• .devcontainer/.claude-config-resolved
• .devcontainer/Dockerfile
• .devcontainer/README.md
• .devcontainer/devcontainer.json
• .devcontainer/init-firewall.sh
• .devcontainer/init-host.sh
• .devcontainer/post-create.sh
• .gitignore
• README.md

[coderabbitai]

⚠️ Potential issue | 🟠 Major

This file should not be committed — it contains a machine-specific path and exposes a developer's username.

This file contains a hardcoded personal path (/Users/ivanshumkov/.claude) which:

1. Exposes personal information (username)
2. Is machine-specific and won't work for other developers
3. Appears to be generated during the init process

This file should be removed from the commit and added to .gitignore:

Proposed .gitignore addition

 # Devcontainer host-resolved symlink (machine-specific)
 .devcontainer/.main-git-resolved
 .devcontainer/.claude-host-config
+.devcontainer/.claude-config-resolved

Then remove this file from the repository:

git rm .devcontainer/.claude-config-resolved

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.devcontainer/.claude-config-resolved at line 1, Remove the machine-specific
file .devcontainer/.claude-config-resolved from the repository and stop tracking
it: add an appropriate ignore pattern (e.g.,
.devcontainer/.claude-config-resolved or a broader .devcontainer/*.resolved) to
.gitignore, remove the tracked file from git (git rm --cached or git rm as
appropriate), and commit the change so the personal path
(/Users/ivanshumkov/.claude) is not stored in the repo; ensure the
.devcontainer/.claude-config-resolved entry is present in .gitignore to prevent
future commits of that generated, user-specific file.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Documentation inconsistency: config is copied, not mounted.

Line 108 states the host's ~/.claude/ directory is "mounted read-only," but the actual implementation in init-host.sh and post-create.sh copies the config into a staging area and then into a persistent volume. This distinction matters for users troubleshooting credential issues.

Suggested clarification

-Your host's `~/.claude/` directory is mounted read-only into the container. On first create, the `post-create.sh` script:
+Your host's `~/.claude/` directory is copied into the container on each rebuild. The `post-create.sh` script:
 
-1. Copies your entire `~/.claude/` config (credentials, skills, plugins, etc.) into a persistent Docker volume
+1. Moves your `~/.claude/` config (credentials, skills, plugins, etc.) from a staging area into a persistent Docker volume

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	Your host's `~/.claude/` directory is mounted read-only into the container. On first create, the `post-create.sh` script:
	1. Copies your entire `~/.claude/` config (credentials, skills, plugins, etc.) into a persistent Docker volume
	2. Forces `bypassPermissions` mode on top of your settings
	3. Skips the safety confirmation prompt
	Host config items that reference host-specific paths (MCP servers, hooks, etc.) are copied as-is. They will log warnings if the referenced binaries don't exist in the container — this is harmless.
	Your host's `~/.claude/` directory is copied into the container on each rebuild. The `post-create.sh` script:
	1. Moves your `~/.claude/` config (credentials, skills, plugins, etc.) from a staging area into a persistent Docker volume
	2. Forces `bypassPermissions` mode on top of your settings
	3. Skips the safety confirmation prompt
	Host config items that reference host-specific paths (MCP servers, hooks, etc.) are copied as-is. They will log warnings if the referenced binaries don't exist in the container — this is harmless.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.devcontainer/README.md around lines 108 - 114, The README statement saying
the host's `~/.claude/` directory is "mounted read-only" is inaccurate because
the scripts init-host.sh and post-create.sh actually copy the config into a
staging area and then into a persistent Docker volume; update the text in
.devcontainer/README.md to say the config is copied into a persistent Docker
volume (not mounted), and keep/clarify the notes that post-create.sh forces
bypassPermissions and skips the safety confirmation prompt and that
host-specific path references are copied as-is and may log harmless warnings
in-container.