From 6f0b8f1961c1f3e2bb55837c80a09679703fe54f Mon Sep 17 00:00:00 2001 From: Adam Johnson Date: Thu, 7 May 2026 13:37:15 -0700 Subject: [PATCH] fix(container): pin pnpm to 10.33.0 to match host MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Corepack with no version pin pulls latest pnpm (currently 11.0.8), which silently stops honoring `only-built-dependencies[]=` in `.npmrc` for global installs. The allowlist file ends up correctly written but ignored, so: - `@anthropic-ai/claude-code`'s postinstall — which downloads the platform-native Claude binary — never runs. Agents then crash at runtime with "claude native binary not installed... postinstall did not run." - `agent-browser`'s postinstall, which chmods the linux-arm64 binary, is also skipped, so the binary fails with EPERM the first time it's invoked. Pin the container's pnpm to 10.33.0 (the same version host's package.json already pins via `packageManager`). Keep the two in lockstep so a host bump triggers a deliberate container bump. Co-Authored-By: Claude Opus 4.7 (1M context) --- container/Dockerfile | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/container/Dockerfile b/container/Dockerfile index efa58b6..bc7a6be 100644 --- a/container/Dockerfile +++ b/container/Dockerfile @@ -91,7 +91,13 @@ RUN --mount=type=cache,target=/root/.bun/install/cache \ # the SDK fails at spawn time with "native binary not found". ENV PNPM_HOME="/pnpm" ENV PATH="$PNPM_HOME:$PATH" -RUN corepack enable +# Pin pnpm to match the host (package.json packageManager). pnpm 11 stopped +# honoring `only-built-dependencies[]=` in .npmrc for global installs, which +# silently skips claude-code's native-binary postinstall and agent-browser's +# bin chmod — the agent then crashes at runtime with "native binary not +# installed". Keep this in lockstep with package.json's `packageManager`. +ARG PNPM_VERSION=10.33.0 +RUN corepack enable && corepack prepare pnpm@${PNPM_VERSION} --activate RUN --mount=type=cache,target=/root/.cache/pnpm \ echo "only-built-dependencies[]=agent-browser" > /root/.npmrc && \