diff --git a/hass-n8n/Dockerfile b/hass-n8n/Dockerfile
index cf9bdfe..2ca9bb1 100644
--- a/hass-n8n/Dockerfile
+++ b/hass-n8n/Dockerfile
@@ -2,60 +2,54 @@ ARG N8N_VERSION=2.4.6
 ARG JQ_VERSION=1.7.1
 
 # ------------------------------------------------
-# 1) busybox-static (sh, sed, mkdir, etc.)
+# 1) busybox-static (sh, sed, mkdir, chown, su, etc.)
 # ------------------------------------------------
 FROM alpine:3.23 AS busybox-builder
 RUN apk add --no-cache busybox-static
 
 # ------------------------------------------------
-# 2) tools: su-exec + runtime libs (musl loader, etc.)
-# ------------------------------------------------
-FROM alpine:3.23 AS tools-builder
-RUN apk add --no-cache su-exec
-
-# ------------------------------------------------
-# 3) static jq (download)
-# jq official release provides static binaries for linux
+# 2) jq static (download correct binary for TARGETARCH)
 # ------------------------------------------------
 FROM alpine:3.23 AS jq-builder
 ARG JQ_VERSION
+ARG TARGETARCH
 RUN apk add --no-cache wget ca-certificates
-RUN wget -O /usr/local/bin/jq \
-    "https://github.com/jqlang/jq/releases/download/jq-${JQ_VERSION}/jq-linux-arm64" \
+
+RUN case "${TARGETARCH}" in \
+      amd64)  JQ_ASSET="jq-linux-amd64" ;; \
+      arm64)  JQ_ASSET="jq-linux-arm64" ;; \
+      *) echo "Unsupported TARGETARCH=${TARGETARCH}" && exit 1 ;; \
+    esac \
+ && wget -O /usr/local/bin/jq \
+    "https://github.com/jqlang/jq/releases/download/jq-${JQ_VERSION}/${JQ_ASSET}" \
  && chmod +x /usr/local/bin/jq
 
 # ------------------------------------------------
-# 4) claude-code
+# 3) claude-code
 # ------------------------------------------------
 FROM node:20-alpine AS node-builder
 RUN npm install -g @anthropic-ai/claude-code
 
 # ------------------------------------------------
-# 5) Final image (n8n distroless)
+# 4) Final image (n8n distroless)
 # ------------------------------------------------
 FROM docker.n8n.io/n8nio/n8n:${N8N_VERSION}
 
 USER root
 
-# ---- busybox (static) ----
+# busybox (static) + install applets (/bin/sh, /bin/sed, /bin/su, /bin/chown, etc.)
 COPY --from=busybox-builder /bin/busybox /bin/busybox
 RUN ["/bin/busybox", "--install", "/bin"]
 
-# ---- jq (static) ----
+# jq (static, correct arch)
 COPY --from=jq-builder /usr/local/bin/jq /usr/bin/jq
 
-# ---- su-exec + required musl runtime pieces ----
-COPY --from=tools-builder /sbin/su-exec /sbin/su-exec
-# musl loader + libc (needed for dynamically linked su-exec)
-COPY --from=tools-builder /lib/ld-musl-aarch64.so.1 /lib/ld-musl-aarch64.so.1
-COPY --from=tools-builder /lib/libc.musl-aarch64.so.1 /lib/libc.musl-aarch64.so.1
-
-ENV PATH="/usr/local/bin:/usr/bin:/bin:/sbin:${PATH}"
-
-# ---- claude-code ----
+# claude-code
 COPY --from=node-builder /usr/local/lib/node_modules /usr/local/lib/node_modules
 COPY --from=node-builder /usr/local/bin/claude /usr/local/bin/claude
 
+ENV PATH="/usr/local/bin:/usr/bin:/bin:${PATH}"
+
 WORKDIR /data
 COPY docker-entrypoint.sh /tmp/docker-entrypoint.sh
 RUN chmod +x /tmp/docker-entrypoint.sh