diff --git a/README.md b/README.md
index fe313b8..5738305 100644
--- a/README.md
+++ b/README.md
@@ -353,6 +353,29 @@ Regular API operations and admin/debug operations need different auth levels.
 
 ---
 
+### 33. Container-First Development
+
+Use containers wherever possible — for isolation, reproducibility, and security.
+
+- Dev environments: devcontainer (one Dockerfile for all agents)
+- Agent execution: run Claude Code in sandboxed containers (claudine)
+- Worker jobs: execute in ephemeral containers, not on the host directly
+- Dispatch workers: should spin up containers per job (isolation, cleanup, no state leakage)
+- Testing: container-based test environments matching production
+- Production: containerized services (not bare-metal pip installs)
+
+The goal is not containers for containers' sake — it's **isolation + reproducibility + disposability**. A crashed job shouldn't affect the host. A rogue agent shouldn't access other projects.
+
+**Origin:** "Wir sollten noch darauf achten so viel wie geht Container sinnvoll zu nutzen"
+
+**How to apply:**
+- Dispatch Sprint 4+: Workers should optionally run jobs inside containers
+- `claudine` already does this for Claude Code sessions
+- Dev environment already uses `.devcontainer/Dockerfile`
+- Next step: containerized worker execution (docker/podman per job)
+
+---
+
 ## (inbox — unsorted ideas)
 
 - **Least-privilege agent access**: Agents should SSH as a dedicated non-root user (e.g. `deploy@`) with scoped sudo for only what they need (systemctl, caddy reload). No root SSH long-term.