2025
After the VS Code IPC escape problem killed Part 1's security model, Part 2 builds a standalone Docker image that drops VS Code entirely — with a working iptables firewall, auth persistence, per-language CLAUDE.md injection, and a live security test.