From 8a6823bc2f3b38b6ec7878a62246c03be7127a6e Mon Sep 17 00:00:00 2001
From: HiranoMasaaki <lambda.groove@gmail.com>
Date: Thu, 19 Mar 2026 17:54:55 +0900
Subject: [PATCH 1/2] chore: add patch changeset for root container change

Add deployment Dockerfile comments guiding users to install dependencies
and configure non-root users in their own derived images.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .changeset/root-container-bump.md | 5 +++++
 README.md                         | 5 +++++
 2 files changed, 10 insertions(+)
 create mode 100644 .changeset/root-container-bump.md

diff --git a/.changeset/root-container-bump.md b/.changeset/root-container-bump.md
new file mode 100644
index 00000000..46e142be
--- /dev/null
+++ b/.changeset/root-container-bump.md
@@ -0,0 +1,5 @@
+---
+"perstack": patch
+---
+
+Run container as root by default; remove sudo package and non-root user
diff --git a/README.md b/README.md
index 23d4a5df..f9ff9b22 100644
--- a/README.md
+++ b/README.md
@@ -160,6 +160,11 @@ Swap models, change agent topology, or scale the harness — without touching ap
 
 ```dockerfile
 FROM perstack/perstack:latest
+
+# Install extra dependencies and configure a non-root user here if needed:
+# RUN apt-get update && apt-get install -y --no-install-recommends git && rm -rf /var/lib/apt/lists/*
+# RUN useradd -m agent && USER agent
+
 COPY perstack.toml .
 RUN perstack install
 ENTRYPOINT ["perstack", "run", "my-expert"]

From e8454710e2d8658487849a1705e7bb5f0eea0d66 Mon Sep 17 00:00:00 2001
From: HiranoMasaaki <lambda.groove@gmail.com>
Date: Thu, 19 Mar 2026 17:55:56 +0900
Subject: [PATCH 2/2] fix: correct Dockerfile syntax in deployment example

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f9ff9b22..2c1c3bf3 100644
--- a/README.md
+++ b/README.md
@@ -163,7 +163,8 @@ FROM perstack/perstack:latest
 
 # Install extra dependencies and configure a non-root user here if needed:
 # RUN apt-get update && apt-get install -y --no-install-recommends git && rm -rf /var/lib/apt/lists/*
-# RUN useradd -m agent && USER agent
+# RUN useradd -m agent
+# USER agent
 
 COPY perstack.toml .
 RUN perstack install