diff --git a/docker-compose.yml b/docker-compose.yml
index d9e5e440..1345bc93 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
   
   postgres:
-    image: postgres:16-alpine
+    image: postgres:18.1-alpine
     container_name: memoh-postgres
     environment:
       POSTGRES_DB: memoh
@@ -75,7 +75,7 @@ services:
       dockerfile: docker/Dockerfile.agent
     container_name: memoh-agent
     volumes:
-      - ./config.toml:/app/config.toml:ro
+      - ./config.toml:/config.toml:ro
     ports:
       - "8081:8081"
     depends_on:
diff --git a/scripts/containerd-install.sh b/scripts/containerd-install.sh
index 8551e3ed..c459f636 100755
--- a/scripts/containerd-install.sh
+++ b/scripts/containerd-install.sh
@@ -7,25 +7,97 @@ if [ "$(uname -s)" = "Darwin" ]; then
   exit $?
 fi
 
-if command -v containerd >/dev/null 2>&1 && command -v nerdctl >/dev/null 2>&1; then
+if command -v containerd >/dev/null 2>&1 && command -v nerdctl >/dev/null 2>&1 && command -v buildctl >/dev/null 2>&1 && command -v buildkitd >/dev/null 2>&1; then
   containerd --version
   nerdctl --version
+  buildctl --version
   exit 0
 fi
 
-if command -v apt-get >/dev/null 2>&1; then
-  sudo apt-get update
-  sudo apt-get install -y containerd nerdctl
-elif command -v dnf >/dev/null 2>&1; then
-  sudo dnf install -y containerd nerdctl
-elif command -v yum >/dev/null 2>&1; then
-  sudo yum install -y containerd nerdctl
-elif command -v apk >/dev/null 2>&1; then
-  sudo apk add --no-cache containerd nerdctl
-else
-  echo "No supported package manager found. Install containerd manually."
-  exit 1
+if ! command -v containerd >/dev/null 2>&1; then
+  if command -v apt-get >/dev/null 2>&1; then
+    sudo apt-get update
+    sudo apt-get install -y containerd
+  elif command -v dnf >/dev/null 2>&1; then
+    sudo dnf install -y containerd
+  elif command -v yum >/dev/null 2>&1; then
+    sudo yum install -y containerd
+  elif command -v apk >/dev/null 2>&1; then
+    sudo apk add --no-cache containerd
+  else
+    echo "No supported package manager found. Install containerd manually."
+    exit 1
+  fi
+fi
+
+if ! command -v nerdctl >/dev/null 2>&1 || ! command -v buildctl >/dev/null 2>&1 || ! command -v buildkitd >/dev/null 2>&1; then
+  OS="$(uname -s | tr '[:upper:]' '[:lower:]')"
+  ARCH="$(uname -m)"
+  NERDCTL_VERSION="${NERDCTL_VERSION:-}"
+
+  if [ "$OS" != "linux" ]; then
+    echo "Automatic nerdctl installation from release is only supported on Linux."
+    exit 1
+  fi
+
+  case "$ARCH" in
+    x86_64|amd64)
+      ARCH="amd64"
+      ;;
+    aarch64|arm64)
+      ARCH="arm64"
+      ;;
+    *)
+      echo "Unsupported architecture for nerdctl release: $ARCH"
+      exit 1
+      ;;
+  esac
+
+  if [ -z "$NERDCTL_VERSION" ]; then
+    RELEASES_API_URL="https://api.github.com/repos/containerd/nerdctl/releases/latest"
+    if command -v curl >/dev/null 2>&1; then
+      NERDCTL_VERSION="$(curl -fsSL "$RELEASES_API_URL" | sed -n 's/.*"tag_name":[[:space:]]*"v\{0,1\}\([^"]*\)".*/\1/p' | head -n1)"
+    elif command -v wget >/dev/null 2>&1; then
+      NERDCTL_VERSION="$(wget -qO- "$RELEASES_API_URL" | sed -n 's/.*"tag_name":[[:space:]]*"v\{0,1\}\([^"]*\)".*/\1/p' | head -n1)"
+    fi
+  fi
+
+  if [ -z "$NERDCTL_VERSION" ]; then
+    echo "Failed to detect latest nerdctl version. Set NERDCTL_VERSION manually."
+    exit 1
+  fi
+
+  NERDCTL_TARBALL="nerdctl-full-${NERDCTL_VERSION}-linux-${ARCH}.tar.gz"
+  NERDCTL_URL="https://github.com/containerd/nerdctl/releases/download/v${NERDCTL_VERSION}/${NERDCTL_TARBALL}"
+  TMP_DIR="$(mktemp -d)"
+  TMP_TARBALL="${TMP_DIR}/${NERDCTL_TARBALL}"
+
+  cleanup() {
+    rm -rf "$TMP_DIR"
+  }
+  trap cleanup EXIT INT TERM
+
+  if command -v curl >/dev/null 2>&1; then
+    curl -fsSL "$NERDCTL_URL" -o "$TMP_TARBALL"
+  elif command -v wget >/dev/null 2>&1; then
+    wget -qO "$TMP_TARBALL" "$NERDCTL_URL"
+  else
+    echo "curl or wget is required to download nerdctl."
+    exit 1
+  fi
+
+  tar -xzf "$TMP_TARBALL" -C "$TMP_DIR"
+  sudo install -m 0755 "$TMP_DIR/bin/nerdctl" /usr/local/bin/nerdctl
+  sudo install -m 0755 "$TMP_DIR/bin/buildctl" /usr/local/bin/buildctl
+  sudo install -m 0755 "$TMP_DIR/bin/buildkitd" /usr/local/bin/buildkitd
+
+  if command -v systemctl >/dev/null 2>&1 && [ -f "$TMP_DIR/lib/systemd/system/buildkit.service" ]; then
+    sudo install -m 0644 "$TMP_DIR/lib/systemd/system/buildkit.service" /etc/systemd/system/buildkit.service
+    sudo systemctl daemon-reload
+    sudo systemctl enable --now buildkit.service || true
+  fi
 fi
 
 containerd --version
 nerdctl --version
+buildctl --version
diff --git a/scripts/mcp-image-up.sh b/scripts/mcp-image-up.sh
index d5636a8f..f849552d 100755
--- a/scripts/mcp-image-up.sh
+++ b/scripts/mcp-image-up.sh
@@ -4,7 +4,7 @@ set -e
 IMAGE="memoh-mcp:dev"
 
 if [ "$(uname -s)" = "Darwin" ]; then
-  limactl shell default -- nerdctl build -f cmd/mcp/Dockerfile -t "$IMAGE" .
+  limactl shell default -- nerdctl build -f docker/Dockerfile.mcp -t "$IMAGE" .
   # Import into rootful containerd so the Go agent can find the image
   limactl shell default -- sh -c "nerdctl save $IMAGE | sudo nerdctl load"
   exit $?
@@ -15,4 +15,4 @@ if ! command -v nerdctl >/dev/null 2>&1; then
   exit 1
 fi
 
-nerdctl build -f cmd/mcp/Dockerfile -t "$IMAGE" .
+nerdctl build -f docker/Dockerfile.mcp -t "$IMAGE" .