(refactor): Added security considerations. Renamed isolated to hardened to more explicit description. Added Codespaces variant.

.devcontainer/airgapped/devcontainer.json

@@ -55,19 +55,19 @@
   "postStartCommand": "echo '🚀 Dev container is ready for Web3 development!'",
 
 
-    // Mount isolation configuration for security and development workflow
+    // Mount hardening configuration for security and development workflow
     // If you need to extract something from within the container, you can use docker cp, but use it at your own risk. 
     // If you want to develop your devcontainer, you should comment this things, otherwise your changes inside the live container won't persist.
-    // Disables mounting the host workspace into the container for isolation.
+    // Disables mounting the host workspace into the container for hardening.
     "workspaceMount": "type=tmpfs,destination=/workspace,tmpfs-mode=1777",
-    // Sets a workspace path entirely isolated within the container
+    // Sets a hardened workspace
     "workspaceFolder": "/workspace",
 
     // Docker run arguments for security hardening and resource management
     "runArgs": [
 
       // Temporary filesystem mounts with security restrictions
-      // These provide isolated, size-limited temporary storage
+      // These provide size-limited temporary storage
       "--tmpfs=/tmp:rw,noexec,nosuid,size=512m",      // Main temporary directory
       "--tmpfs=/var/tmp:rw,noexec,nosuid,size=512m",  // System temporary directory
       "--tmpfs=/dev/shm:rw,noexec,nosuid,size=64m",   // Shared memory directory
@@ -76,7 +76,7 @@
       // This reduces the attack surface by removing unnecessary privileges
       "--cap-drop=ALL",
 
-      // Security options for container isolation
+      // Security options for container hardening
       // A few security additions (AppArmor & no new privileges)
       "--security-opt", "no-new-privileges",           // Prevent privilege escalation
       "--security-opt", "apparmor:docker-default",     // Use Docker's default AppArmor profile

.devcontainer/auditor/devcontainer.json

@@ -58,9 +58,9 @@
         }
     },
 
-    // Mount copying host folder into container, no isolation.
+    // Mount copying host folder into container, no hardening.
     "workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,consistency=cached",
-    // Sets a workspace path entirely isolated within the container
+    // Sets a hardened workspace path 
     "workspaceFolder": "/workspace",
 
     // Docker run arguments for security hardening and resource management

.devcontainer/codespaces/devcontainer.json

@@ -0,0 +1,38 @@
+{
+    // For format details, see https://aka.ms/devcontainer.json.
+    // This is a Dev Container for Github Codespaces based on eth-security-toolbox image created by Trail of Bits
+    // check https://github.com/trailofbits/eth-security-toolbox for more information.
+    "name": "Codespaces TRG's DevContainer",
+
+    // Build configuration - uses the eth-security-toolbox image
+    "image": "ghcr.io/trailofbits/eth-security-toolbox:nightly",
+    // Configure tool-specific properties for VS Code
+    "customizations": {
+        "vscode": {
+            // Specialized extensions for smart contract auditing and development
+            "extensions": [ 
+                // check out https://marketplace.visualstudio.com/items?itemName=tintinweb.ethereum-security-bundle for more information
+                "tintinweb.ethereum-security-bundle", // includes what is listed above ^
+                "tintinweb.vscode-ethover",
+                "trailofbits.weaudit",
+                "trailofbits.contract-explorer",
+                "trailofbits.sarif-explorer"
+            ],
+            // VS Code settings optimized for auditing workflows
+            "settings": {
+                    // Security settings - killswitch for automated tasks
+                    "task.autoDetect": "off",                    // Disable automatic task detection
+                    "task.problemMatchers.autoDetect": "off",    // Disable automatic problem matchers
+
+                    // Trust and security configuration
+                    "security.workspace.trust.enabled": false,   // Trust no one by default
+
+                    // Privacy settings - killswitch for telemetry
+                    "telemetry.telemetryLevel": "off",           // Disable all telemetry collection
+
+                    // Terminal configuration
+                    "terminal.integrated.defaultProfile.linux": "bash"
+            }
+        }
+    },
+}

.devcontainer/codespaces/motd

@@ -0,0 +1,29 @@
+
+┌──        ┌──┐      ──┬──
+├─         └──┐        │
+└──THEREUM─┴──┴ECURITY─┴OOLBOX
+
+https://github.com/trailofbits/eth-security-toolbox
+
+by   ################
+    ##########TRAIL#
+         ####       
+        ####    ###########
+       ####    ###########
+      \###    ####     ####
+     /\\# of ####     ####
+    /  \    ############ 
+    \__/   ####      ####
+          \###      ####
+         /\\#########
+        /__\\##BITS#
+
+Security Tools and Resources Installed:
+
+https://github.com/crytic/echidna
+https://github.com/crytic/medusa
+https://github.com/crytic/slither
+https://github.com/crytic/building-secure-contracts
+
+Use `solc-select` to switch between different versions of `solc`
+

.devcontainer/eth-security-toolbox/devcontainer.json

@@ -36,9 +36,9 @@
         }
     },
 
-    // Mount copying host folder into container, no isolation.
+    // Mount copying host folder into container, no hardening.
     "workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,consistency=cached",
-    // Sets a workspace path entirely isolated within the container
+    // Sets a workspace path entirely hardened within the container
     "workspaceFolder": "/workspace",
 
     // Docker run arguments for security hardening and resource management
@@ -48,7 +48,7 @@
       // "--read-only",
 
       // Temporary filesystem mounts with security restrictions
-      // These provide isolated, size-limited temporary storage
+      // These provide hardened, size-limited temporary storage
       "--tmpfs=/tmp:rw,noexec,nosuid,size=512m",      // Main temporary directory
       "--tmpfs=/var/tmp:rw,noexec,nosuid,size=512m",  // System temporary directory
       "--tmpfs=/dev/shm:rw,noexec,nosuid,size=64m",   // Shared memory directory
@@ -57,7 +57,7 @@
       // This reduces the attack surface by removing unnecessary privileges
       "--cap-drop=ALL",
 
-      // Security options for container isolation
+      // Security options for container hardening
       // A few security additions (AppArmor & no new privileges)
       "--security-opt", "no-new-privileges",           // Prevent privilege escalation
       "--security-opt", "apparmor:docker-default",     // Use Docker's default AppArmor profile

.devcontainer/isolated/devcontainer.json → .devcontainer/hardened/devcontainer.json

@@ -3,7 +3,7 @@
   // This is the HARDENED version of TRG's DevContainer - provides enhanced security
   // with capability dropping, security options, and resource limits while maintaining
   // network connectivity for development.
-  "name": "Isolated TRG's DevContainer",
+  "name": "Hardened TRG's DevContainer",
 
   // Build configuration - uses the local Dockerfile in this directory
   "build": {
@@ -23,7 +23,7 @@
   // Container environment variables
   "containerEnv": {
     "SHELL": "/bin/zsh",  // Use zsh as the default shell
-    "DEVCONTAINER_ID_LABEL": "isolated-web3-devcontainer"  // Label for container identification
+    "DEVCONTAINER_ID_LABEL": "hardened-web3-devcontainer"  // Label for container identification
   },
 
   // Configure tool-specific properties for VS Code
@@ -65,19 +65,18 @@
   "postStartCommand": "echo '🚀 Dev container is ready for Web3 development!'",
 
 
-    // Mount isolation configuration for security and development workflow
+    // Mount hardening configuration for security and development workflow
     // If you need to extract something from within the container, you can use docker cp, but use it at your own risk. 
     // If you want to develop your devcontainer, you should comment this things, otherwise your changes inside the live container won't persist.
-    // Disables mounting the host workspace into the container for isolation.
+    // Disables mounting the host workspace into the container for hardening.
     "workspaceMount": "type=tmpfs,destination=/workspace,tmpfs-mode=1777",
-    // Sets a workspace path entirely isolated within the container
     "workspaceFolder": "/workspace",
 
     // Docker run arguments for security hardening and resource management
     "runArgs": [
 
       // Temporary filesystem mounts with security restrictions
-      // These provide isolated, size-limited temporary storage
+      // These provide hardened, size-limited temporary storage
       "--tmpfs=/tmp:rw,noexec,nosuid,size=512m",      // Main temporary directory
       "--tmpfs=/var/tmp:rw,noexec,nosuid,size=512m",  // System temporary directory
       "--tmpfs=/dev/shm:rw,noexec,nosuid,size=64m",   // Shared memory directory
@@ -86,7 +85,7 @@
       // This reduces the attack surface by removing unnecessary privileges
       "--cap-drop=ALL",
 
-      // Security options for container isolation
+      // Security options for container hardening
       // A few security additions (AppArmor & no new privileges)
       "--security-opt", "no-new-privileges",           // Prevent privilege escalation
       "--security-opt", "apparmor:docker-default",     // Use Docker's default AppArmor profile

.devcontainer/legacy/devcontainer.json

@@ -21,10 +21,10 @@
     // }
   },
 
-  // Mount isolation. If you need to extract something from within the container, you can use docker cp, but use it at your own risk. If you want to develop your devcontainer, you should comment this things, otherwise your changes inside the live container won't persist.
+  // Mount hardening. If you need to extract something from within the container, you can use docker cp, but use it at your own risk. If you want to develop your devcontainer, you should comment this things, otherwise your changes inside the live container won't persist.
   // Disables mounting the host workspace into the container.
   "workspaceMount": "type=tmpfs,destination=/workspace",
-  // Sets a workspace path entirely isolated within the container
+  // Sets a workspace path entirely hardened within the container
   "workspaceFolder": "/home/vscode/quests",
   "runArgs": [
     // Read only filesystem except for explicitly writable volumes (check mounts)

.devcontainer/minimal/devcontainer.json

@@ -1,6 +1,6 @@
 {
     // For format details, see https://aka.ms/devcontainer.json.
-    // This is the MINIMAL version of TRG's DevContainer - provides essential security isolation
+    // This is the MINIMAL version of TRG's DevContainer - provides essential security hardening
     // with a balanced approach between security and usability for Web3 development.
     "name": "Minimal TRG's DevContainer",
 
@@ -25,7 +25,7 @@
       // }
     },
 
-    // Mount copying host folder into container, no isolation.
+    // Mount copying host folder into container, no hardening.
     "workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,consistency=cached",
     "workspaceFolder": "/workspace",
 
@@ -36,7 +36,7 @@
       // "--read-only",
 
       // Temporary filesystem mounts with security restrictions
-      // These provide isolated, size-limited temporary storage
+      // These provide hardened, size-limited temporary storage
       "--tmpfs=/tmp:rw,noexec,nosuid,size=512m",      // Main temporary directory
       "--tmpfs=/var/tmp:rw,noexec,nosuid,size=512m",  // System temporary directory
       "--tmpfs=/dev/shm:rw,noexec,nosuid,size=64m",   // Shared memory directory
@@ -45,7 +45,7 @@
       // This reduces the attack surface by removing unnecessary privileges
       "--cap-drop=ALL",
 
-      // Security options for container isolation
+      // Security options for container hardening
       // A few security additions (AppArmor & no new privileges)
       "--security-opt", "no-new-privileges",           // Prevent privilege escalation
       "--security-opt", "apparmor:docker-default",     // Use Docker's default AppArmor profile

.devcontainer/paranoid/Dockerfile

@@ -1,9 +1,9 @@
 # syntax=docker/dockerfile:1.8
 # check=error=true
 # 
-# ISOLATED TRG DevContainer Dockerfile
-# This Dockerfile creates a highly isolated development environment for Web3 security research
-# with maximum security isolation, read-only filesystem, and network isolation.
+# PARANOID TRG DevContainer Dockerfile
+# This Dockerfile creates a highly paranoid development environment for Web3 security research
+# with maximum security hardening, read-only filesystem, and network hardening.
 # 
 # Key security features:
 # - Non-root user execution

.devcontainer/paranoid/devcontainer.json

@@ -1,7 +1,7 @@
 {
   // For format details, see https://aka.ms/devcontainer.json.
-  // This is the ISOLATED version of TRG's DevContainer - provides maximum security isolation
-  // with a read-only filesystem and network isolation for high-security Web3 development.
+  // This is the hardened version of TRG's DevContainer - provides maximum security hardening
+  // with a read-only filesystem and network hardening for high-security Web3 development.
   "name": "(EXPERIMENTAL) Paranoid TRG's DevContainer",
 
   // Build configuration - uses the local Dockerfile in this directory
@@ -52,24 +52,24 @@
   },
 
   // Commands to run during container lifecycle
-  "initializeCommand": "echo 'Initializing isolated dev container...'",
+  "initializeCommand": "echo 'Initializing hardened dev container...'",
   "postStartCommand": "echo '🚀 Dev container is ready for Web3 development!'",
 
-  // Workspace configuration - isolated within container
+  // Workspace configuration - hardened within container
   "workspaceFolder": "/workspace",
-  // Mount workspace as tmpfs for complete isolation - no host file access.
+  // Mount workspace as tmpfs for complete hardening - no host file access.
   // This ensures that the workspace is ephemeral and does not persist data.
   "workspaceMount": "type=tmpfs,destination=/workspace,tmpfs-mode=1777",
 
-  // Docker run arguments for security and isolation
+  // Docker run arguments for security and hardening
   "runArgs": [
       // Security hardening - drop all Linux capabilities to reduce attack surface
       "--cap-drop=ALL",
 
       // Read-only filesystem for maximum security, preventing any persistent changes
       "--read-only",
 
-      // Security options for container isolation
+      // Security options for container hardening
       "--security-opt",
       "no-new-privileges:true",      // Prevent privilege escalation from within the container
       "--security-opt",

.github/workflows/main.yml

@@ -21,7 +21,7 @@ jobs:
         subFolder:
           - .devcontainer/auditor
           - .devcontainer/minimal
-          - .devcontainer/isolated
+          - .devcontainer/hardened
           - .devcontainer/airgapped
           - .devcontainer/eth-security-toolbox
     steps:
@@ -100,7 +100,7 @@ jobs:
           push: never
 
       - name: Test Auditor Tools
-        if: success() && steps.check.outputs.exists == 'true' && steps.changed.outputs.changed == 'true' && contains(fromJSON('[".devcontainer/auditor", ".devcontainer/isolated", ".devcontainer/airgapped"]'), matrix.subFolder)
+        if: success() && steps.check.outputs.exists == 'true' && steps.changed.outputs.changed == 'true' && contains(fromJSON('[".devcontainer/auditor", ".devcontainer/hardened", ".devcontainer/airgapped"]'), matrix.subFolder)
         uses: devcontainers/ci@v0.3
         with:
           subFolder: ${{ matrix.subFolder }}
@@ -114,8 +114,8 @@ jobs:
             echo "✅ Auditor tools verification completed"
           push: never
 
-      - name: Test Filesystem Isolation
-        if: success() && steps.check.outputs.exists == 'true' && steps.changed.outputs.changed == 'true' && matrix.subFolder == '.devcontainer/isolated'
+      - name: Test Filesystem Hardening
+        if: success() && steps.check.outputs.exists == 'true' && steps.changed.outputs.changed == 'true' && matrix.subFolder == '.devcontainer/hardened'
         uses: devcontainers/ci@v0.3
         with:
           subFolder: ${{ matrix.subFolder }}
@@ -134,20 +134,20 @@ jobs:
             else
               echo "✅ /workspace does not exist inside the container (no host mount)"
             fi
-            echo "✅ /workspace isolation verification completed"
+            echo "✅ /workspace Hardening verification completed"
           push: never
 
-      - name: Test Network Isolation
+      - name: Test Network Hardening
         if: success() && steps.check.outputs.exists == 'true' && steps.changed.outputs.changed == 'true' && matrix.subFolder == '.devcontainer/airgapped'
         uses: devcontainers/ci@v0.3
         with:
           subFolder: ${{ matrix.subFolder }}
           configFile: ${{ matrix.subFolder }}/devcontainer.json
 
           runCmd: |
-            echo "🧪 Testing Network Isolation..."
-            if (curl -sS https://www.google.com); then echo "❌ Network is not isolated"; exit 1; else echo "✅ Network is isolated"; fi
-            echo "✅ Network isolation verification completed"
+            echo "🧪 Testing Network Hardening..."
+            if (curl -sS https://www.google.com); then echo "❌ Network is not hardened"; exit 1; else echo "✅ Network is hardened"; fi
+            echo "✅ Network Hardening verification completed"
           push: never