From f9be6baa4ec09c81aeab36d6ec300e723a4a863a Mon Sep 17 00:00:00 2001
From: BBQ <bbq@BBQdeMacBook-Air.local>
Date: Fri, 13 Feb 2026 01:55:11 +0800
Subject: [PATCH] fix(containerd): add pid:host for CNI netns access and
 runtime deps to MCP image

- Add pid: host to containerd service so server can access MCP container
  network namespaces via /proc/PID/ns/net for CNI setup
- Add Node.js, npm, Python 3, uv to embedded MCP image rootfs so users
  can run npx/uvx MCP servers inside containers
---
 docker-compose.yml           |  1 +
 docker/Dockerfile.containerd | 13 ++++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 66eeadf5..9825fe0d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -44,6 +44,7 @@ services:
       dockerfile: docker/Dockerfile.containerd
     container_name: memoh-containerd
     privileged: true
+    pid: host
     volumes:
       - containerd_sock:/run/containerd
       - containerd_data:/var/lib/containerd
diff --git a/docker/Dockerfile.containerd b/docker/Dockerfile.containerd
index 6551ee0e..ae847b5d 100644
--- a/docker/Dockerfile.containerd
+++ b/docker/Dockerfile.containerd
@@ -24,7 +24,18 @@ RUN --mount=type=cache,target=/go/pkg/mod \
 # ---- Stage 2: Assemble MCP image rootfs ----
 FROM alpine:latest AS mcp-rootfs
 
-RUN apk add --no-cache grep
+# Base utilities
+RUN apk add --no-cache grep curl bash
+
+# Node.js + npm (provides npx for JS/TS MCP servers)
+RUN apk add --no-cache nodejs npm
+
+# Python 3 + uv (provides uvx for Python MCP servers)
+RUN apk add --no-cache python3 && \
+    curl -LsSf https://astral.sh/uv/install.sh | sh && \
+    ln -sf /root/.local/bin/uv /usr/local/bin/uv && \
+    ln -sf /root/.local/bin/uvx /usr/local/bin/uvx
+
 COPY --from=mcp-builder /out/mcp /opt/mcp
 COPY cmd/mcp/template /opt/mcp-template