trailofbits/claude-code-devcontainer — reverse-engineered prompt

Build me a sandboxed dev container setup for using Claude Code safely on untrusted projects. I want to run Claude with bypassPermissions turned on, but keep it isolated from my real files so it can review code, run commands, and make changes without risking my host machine.

Include a simple install script and a friendly devc command that can set up the template in any project, start or rebuild the container, open a shell, run commands inside it, destroy all related Docker resources, and upgrade Claude Code. It should work from the terminal and also support reopening the project in VS Code or Cursor using Dev Containers.

Please support both single project containers and a shared workspace where I can clone several related repos. Add optional token based Claude login for headless use, session syncing back to the host so Claude insights can see container sessions, and a safe way to mount specific host folders, including read only mounts. Keep the defaults secure and document the tradeoffs clearly.