fix: address CodeRabbit review feedback

- Replace grep -v '^$' with sed '/^$/d' to avoid errexit on empty
  input (critical: script dies when no WebFetch domains configured)
- Add missing telemetry domains to built-in allowlist docs
- Clarify restart vs rebuild for settings changes

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: stranma

.devcontainer/init-firewall.sh

@@ -131,7 +131,7 @@ for settings_file in "$SETTINGS_DIR/settings.json" "$SETTINGS_DIR/settings.local
     fi
 done
 
-UNIQUE_DOMAINS=$(echo "$WEBFETCH_DOMAINS" | tr ' ' '\n' | sort -u | grep -v '^$')
+UNIQUE_DOMAINS=$(printf '%s\n' "$WEBFETCH_DOMAINS" | tr ' ' '\n' | sed '/^$/d' | sort -u)
 if [ -n "$UNIQUE_DOMAINS" ]; then
     while read -r domain; do
         if [[ "$domain" == \** ]]; then

docs/DECISIONS.md

@@ -200,5 +200,5 @@ When a decision is superseded or obsolete, delete it (git history preserves the
 - Only `allow` and `ask` lists are scanned (not `deny`) -- denied domains should never be whitelisted
 - Bare `WebFetch` (no domain qualifier) is ignored -- it grants tool permission but has no domain to resolve
 - Wildcard domains (e.g., `*.example.com`) are skipped with a warning -- DNS cannot resolve wildcard patterns to IPs
-- Empty domain values filtered by `grep -v '^$'` -- defensive against `WebFetch(domain:)` edge case
-- Changes require container rebuild to take effect -- firewall runs once at startup, not dynamically
+- Empty domain values filtered by `sed '/^$/d'` instead of `grep -v '^$'` -- grep exits non-zero on empty input under `set -euo pipefail`
+- WebFetch settings changes take effect on container restart (`init-firewall.sh` runs from `postStartCommand`); permission tier changes require rebuild (`onCreateCommand` copies tier to `settings.local.json`)

docs/DEVCONTAINER_PERMISSIONS.md

@@ -51,7 +51,7 @@ Regardless of tier, these layers provide defense-in-depth:
 
 The devcontainer firewall (`init-firewall.sh`) restricts all outbound traffic to a built-in allowlist plus domains from Claude Code permission settings.
 
-**Built-in domains** (always allowed): PyPI, GitHub (via API CIDR ranges), Anthropic/Claude, VS Code Marketplace, uv/Astral.
+**Built-in domains** (always allowed): PyPI, GitHub (via API CIDR ranges), Anthropic/Claude, VS Code Marketplace, uv/Astral, plus telemetry endpoints (`sentry.io`, `statsig.anthropic.com`, `statsig.com`).
 
 **WebFetch domain auto-whitelisting**: The firewall scans `.claude/settings.json` and `.claude/settings.local.json` for `WebFetch(domain:...)` patterns in `allow` and `ask` lists. Matched domains are resolved via DNS and added to the ipset allowlist.
 
@@ -62,7 +62,7 @@ The devcontainer firewall (`init-firewall.sh`) restricts all outbound traffic to
 | `WebFetch` (bare) | Ignored (no domain to resolve) |
 | `WebFetch(domain:)` (empty) | Filtered out |
 
-Changes to WebFetch settings take effect on container rebuild (`devcontainer rebuild`).
+Changes to WebFetch settings in `.claude/settings.json` or `.claude/settings.local.json` take effect on container restart. Changes to `.devcontainer/permissions/*.json` require a full rebuild (`devcontainer rebuild`).
 
 ## Tier Comparison