Note pnpm version pinning in container runtime

advanced/container-runtime.mdx

@@ -45,7 +45,7 @@
 | Health check | `docker info` | `container system status` |
 | Platform | macOS, Linux, Windows (WSL2) | macOS 15+ only |
 
 ### Switching runtimes
 
 Run the `/convert-to-apple-container` skill in Claude Code. To revert, use `git revert`.
 
@@ -57,15 +57,15 @@
 - **Bun** (pinned to 1.3.12) — runs agent-runner TypeScript directly (no compilation)
 - **Chromium** — browser automation via agent-browser
 - **Claude Code SDK** — `@anthropic-ai/claude-code` installed globally via pnpm
 - **tini** — PID 1 signal forwarding (ensures outbound.db writes finalize on SIGTERM)
-- **pnpm** (via corepack) — for global Node CLI installs
+- **pnpm** (pinned to 10.33.0 via corepack) — for global Node CLI installs. The version is pinned to match the host's `packageManager` field because pnpm 11 stopped honoring the `only-built-dependencies[]=` allowlist for global installs, which silently skipped `claude-code`'s native-binary postinstall and caused runtime crashes.
 - **System tools** — `curl`, `git`, `ca-certificates`, `unzip`
 - **Optional CJK fonts** — `fonts-noto-cjk` (~200 MB, opt-in via `INSTALL_CJK_FONTS=true`)
 
 ### Key design decisions
 
 - **Source is NOT baked in** — `/app/src` is a read-only bind mount from the host. Source changes never require an image rebuild.
 - **`only-built-dependencies` allowlist** in `.npmrc` for `agent-browser` and `@anthropic-ai/claude-code`
 - **Runs as `node` user** (non-root) with `/workspace/group` as working directory
 - **Entrypoint**: `tini -> entrypoint.sh -> exec bun run /app/src/index.ts`
 
@@ -94,7 +94,7 @@
 | `messages_in` | Inbound messages, tasks, system notifications |
 | `delivered` | Tracks delivery outcomes for outbound message IDs |
 | `destinations` | Live destination map (channels and other agents) |
 | `session_routing` | Default reply routing (channel_type, platform_id, thread_id) |
 
 ### outbound.db (container writes, host reads)
 
@@ -109,7 +109,7 @@
 
 Three invariants are critical for correctness:
 
 1. **`journal_mode=DELETE`** — WAL's mmapped `-shm` doesn't refresh across Docker mounts
 2. **Host opens-writes-closes per operation** — closing invalidates the container's page cache
 3. **One writer per file** — DELETE-mode journal unlink isn't atomic across the mount
 
@@ -117,7 +117,7 @@
 
 ### Spawning containers
 
 Containers are spawned by the `spawnContainer` function. Wake calls are deduplicated via an in-flight promise map.
 
 <Steps>
   <Step title="Read agent group config">
@@ -157,7 +157,7 @@
 | Agent-runner source | `/app/src` | RO | Bind mount from host |
 | Container skills | `/app/skills` | RO | Shared skill definitions |
 | Claude SDK state | `/home/node/.claude` | RW | SDK state + skill symlinks |
 | Additional mounts | `/workspace/extra/{name}` | Per-config | Validated against allowlist |
 | Provider mounts | Various | Per-provider | Provider-contributed |
 
 ### Timeouts and stale detection
@@ -165,7 +165,7 @@
 Containers have two timeout/detection mechanisms:
 
 1. **Container timeout** — maximum runtime before force kill (default: 30 minutes)
 2. **Stale detection** — host sweep checks `.heartbeat` mtime and `processing_ack` age to detect stuck containers
 
 ### Container shutdown
 
@@ -204,7 +204,7 @@
 
 <Accordion title="Inspect container mounts">
   ```bash
   docker inspect nanoclaw-{session-id} | jq '.[0].Mounts'
   ```
 </Accordion>