Add VS Code Extension Marketplace domains to firewall

CLAUDE.md

@@ -60,8 +60,11 @@ This repository follows the Dev Container template specification:
    - Implements network isolation using iptables and ipset
    - Allows connections only to:
      - GitHub (dynamically fetched IP ranges)
-     - npm registry
+     - npm registry (registry.npmjs.org)
+     - Python Package Index (pypi.org, files.pythonhosted.org, pypi.python.org)
+     - VS Code Extension Marketplace (marketplace.visualstudio.com, *.gallery.vsassets.io, vscode.blob.core.windows.net)
      - Anthropic API endpoints
+     - 1Password domains (for secret management)
      - Host network (for local development)
    - Preserves Docker's internal DNS resolution
    - Verifies firewall configuration after setup

README.md

@@ -135,8 +135,9 @@ See `.env.example` for all available options.
 By default, only these domains are accessible:
 - GitHub (github.com, api.github.com, etc.)
 - npm registry (registry.npmjs.org)
-- Anthropic API (api.anthropic.com)
-- Docker Hub (hub.docker.com)
+- Python Package Index (pypi.org, files.pythonhosted.org, pypi.python.org)
+- VS Code Extension Marketplace (marketplace.visualstudio.com, *.gallery.vsassets.io, vscode.blob.core.windows.net)
+- Anthropic API (api.anthropic.com, statsig.anthropic.com, sentry.io)
 - 1Password (*.1password.com, *.1password.eu, *.1password.ca, *.1passwordservices.com)
 
 #### Adding Custom Domains

image-sources/liquescent-devcontainer/scripts/init-firewall.sh

@@ -33,6 +33,11 @@ readonly BUILTIN_DOMAINS=(
     "pypi.org"
     "files.pythonhosted.org"
     "pypi.python.org"
+    # VS Code Extension Marketplace
+    "marketplace.visualstudio.com"
+    "gallery.vsassets.io"
+    "gallerycdn.vsassets.io"
+    "vscode.blob.core.windows.net"
 )
 
 # 1Password configuration