diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index 250fc94d..0bbba112 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -3,8 +3,8 @@ FROM ubuntu:22.04
 ENV DEBIAN_FRONTEND=noninteractive
 ENV LANG=C.UTF-8
 
-# Optional build args to install Ubuntu mainline kernel headers (e.g., 6.10)
-# Note: Container still uses host kernel; headers are for building only.
+# Kernel version args retained for devcontainer compatibility.
+# The container still uses the runtime kernel exposed by the host.
 ARG INSTALL_MAINLINE_HEADERS=false
 ARG KERNEL_VER=6.10.14
 ARG KERNEL_UBUNTU_TAG=061014
@@ -12,6 +12,7 @@ ARG KERNEL_UBUNTU_TAG=061014
 RUN apt-get update && apt-get install -y --no-install-recommends \
     build-essential \
     zlib1g-dev libzstd-dev pkg-config \
+    cmake \
     clang \
     llvm \
     libelf-dev \
@@ -42,9 +43,12 @@ RUN groupadd --gid $USER_GID $USERNAME \
     && echo "$USERNAME ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/$USERNAME \
     && chmod 0440 /etc/sudoers.d/$USERNAME
 
-# Optional Rust install (kept from original); runs as root by default
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-ENV PATH="/root/.cargo/bin:${PATH}"
+# Copy bpftool binary to /usr/local/bin to avoid noexec issues with /tmp
+RUN cp /tmp/linux/tools/bpf/bpftool/bpftool /usr/local/bin/bpftool && chmod +x /usr/local/bin/bpftool
 
+# Install Rust for the vscode user (not root)
 USER $USERNAME
-WORKDIR /home/$USERNAME/workspace
\ No newline at end of file
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+ENV PATH="/home/${USERNAME}/.cargo/bin:${PATH}"
+
+WORKDIR /home/$USERNAME/workspace
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 90e10db7..e90af043 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -20,12 +20,16 @@
       "extensions": [
         "ms-vscode.cpptools",
         "llvm-vs-code-extensions.vscode-clangd",
-        "golang.go"
+        "golang.go",
+        "tamasfe.even-better-toml",
+        "vadimcn.vscode-lldb",
+        "SeaQL.firedbg-rust",
+        "rust-lang.rust-analyzer"
       ]
     }
   },
   "remoteUser": "vscode",
   "postStartCommand": "sudo mount -t bpf bpf /sys/fs/bpf || true && sudo mount -t debugfs none /sys/kernel/debug || true && sudo sysctl -w kernel.unprivileged_bpf_disabled=0 || true && sudo ulimit -l unlimited || true",
-  "postCreateCommand": "git clone git@github.com:arxignis/citadel.git /home/vscode/workspace",
+  "postCreateCommand": "if [ -r /sys/kernel/btf/vmlinux ]; then /usr/local/bin/bpftool btf dump file /sys/kernel/btf/vmlinux format c > /home/vscode/vmlinux.h; else echo 'Skipping vmlinux.h generation: /sys/kernel/btf/vmlinux is unavailable'; fi && git clone git@github.com:arxignis/citadel.git /home/vscode/workspace && mkdir -p /home/vscode/workspace/src/security/firewall/bpf/include && if [ -f /home/vscode/vmlinux.h ]; then cp /home/vscode/vmlinux.h /home/vscode/workspace/src/security/firewall/bpf/include/vmlinux.h; fi",
   "workspaceFolder": "/home/vscode/workspace"
-}
+}
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 1977f751..6091a037 100644
--- a/.gitignore
+++ b/.gitignore
@@ -52,3 +52,6 @@ synapse
 .claude
 .DS_Store
 AGENTS.md
+
+# BPF vmlinux.h (generated from kernel headers)
+src/security/firewall/bpf/include/vmlinux.h