diff --git a/Dockerfile b/Dockerfile
index e5acf2d..7db0078 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,9 +5,12 @@ FROM node:22-alpine AS deps
 
 WORKDIR /app
 
-# Copy manifests and install production deps only (no devDependencies)
+# Copy manifests and install production deps only (no devDependencies).
+# build-base provides the C++ toolchain needed to compile better-sqlite3's
+# native addon. It stays in the deps stage and is NOT copied to runtime.
 COPY package.json package-lock.json ./
-RUN npm ci --omit=dev --ignore-scripts
+RUN apk add --no-cache python3 make g++ && \
+    npm ci --omit=dev
 
 # ---------------------------------------------------------------------------
 # Stage 2 — runtime image (minimal attack surface)
@@ -27,6 +30,10 @@ LABEL custom.hardware.requirement="None - runs on any Docker-supported platform
 # The /app directory is owned by root; data directory is owned by node
 WORKDIR /app
 
+# libstdc++ is required at runtime to load the better-sqlite3 native addon.
+# The build tools (g++, make, python3) remain in the deps stage only.
+RUN apk add --no-cache libstdc++
+
 # Copy production deps from deps stage
 COPY --from=deps /app/node_modules ./node_modules