diff --git a/claude/Dockerfile b/claude/Dockerfile
index 1abcb7f..6d6c0fd 100644
--- a/claude/Dockerfile
+++ b/claude/Dockerfile
@@ -39,57 +39,54 @@ COPY settings.json /etc/claude-code/managed-settings.json
 # Install Claude Code stable release
 RUN curl -fsSL https://claude.ai/install.sh | bash -s stable
 
-# Install MCP servers globally — entry points land in /usr/local/lib/node_modules/
-RUN npm install -g \
-  @modelcontextprotocol/server-github \
-  @yoda.digital/gitlab-mcp-server \
-  @aashari/mcp-server-atlassian-jira \
-  @aashari/mcp-server-atlassian-confluence
-
-# Patch transitive CVEs bundled inside MCP server node_modules:
+# Install MCP servers, patch transitive CVEs, scrub credentials and cache — all in one
+# layer so nothing is committed to the image between install and cleanup.
+#
+# CVEs patched:
 #   CVE-2025-66414, CVE-2026-0621 — @modelcontextprotocol/sdk <1.25.2
 #   GHSA-345p-7cg4-v4c7           — @modelcontextprotocol/sdk <1.26.0
-#   CVE-2026-33671                — picomatch <4.0.4 (also covers npm bundled copy above)
+#   CVE-2026-33671                — picomatch <4.0.4
 #   GHSA-f886-m6hf-6m8v           — brace-expansion <5.0.5
-RUN for pkg_dir in \
-      /usr/local/lib/node_modules/@modelcontextprotocol/server-github \
-      /usr/local/lib/node_modules/@yoda.digital/gitlab-mcp-server \
-      /usr/local/lib/node_modules/@aashari/mcp-server-atlassian-jira \
-      /usr/local/lib/node_modules/@aashari/mcp-server-atlassian-confluence; do \
-    [ -d "$pkg_dir" ] && \
-      cd "$pkg_dir" && \
-      npm install --no-audit --no-fund \
-        @modelcontextprotocol/sdk@1.26.0 \
-        picomatch@4.0.4 \
-        brace-expansion@5.0.5 \
-      || true; \
-  done \
+RUN npm install -g \
+      @modelcontextprotocol/server-github \
+      @yoda.digital/gitlab-mcp-server \
+      @aashari/mcp-server-atlassian-jira \
+      @aashari/mcp-server-atlassian-confluence \
+  && for pkg_dir in \
+       /usr/local/lib/node_modules/@modelcontextprotocol/server-github \
+       /usr/local/lib/node_modules/@yoda.digital/gitlab-mcp-server \
+       /usr/local/lib/node_modules/@aashari/mcp-server-atlassian-jira \
+       /usr/local/lib/node_modules/@aashari/mcp-server-atlassian-confluence; do \
+       [ -d "$pkg_dir" ] && \
+         cd "$pkg_dir" && \
+         npm install --no-audit --no-fund \
+           @modelcontextprotocol/sdk@1.26.0 \
+           picomatch@4.0.4 \
+           brace-expansion@5.0.5 \
+         || true; \
+     done \
   && find /usr/local/lib/node_modules -name "picomatch" -type d | while read dir; do \
-      ver=$(node -p "require('$dir/package.json').version" 2>/dev/null); \
-      [ "$ver" = "4.0.3" ] || continue; \
-      prefix=$(dirname "$(dirname "$dir")"); \
-      npm install --prefix "$prefix" picomatch@4.0.4 \
-        --no-save --no-audit --no-fund 2>/dev/null || true; \
-    done \
+       ver=$(node -p "require('$dir/package.json').version" 2>/dev/null); \
+       [ "$ver" = "4.0.3" ] || continue; \
+       prefix=$(dirname "$(dirname "$dir")"); \
+       npm install --prefix "$prefix" picomatch@4.0.4 \
+         --no-save --no-audit --no-fund 2>/dev/null || true; \
+     done \
   && cd /tmp \
   && npm pack brace-expansion@5.0.5 --no-audit 2>/dev/null \
   && tar xzf brace-expansion-5.0.5.tgz \
   && find /usr/local/lib/node_modules -name "package.json" -path "*/brace-expansion/package.json" \
      | xargs grep -l '"version": "5.0.4"' 2>/dev/null \
      | while read pj; do \
-         echo "Patching brace-expansion at $(dirname "$pj")"; \
          cp -r /tmp/package/. "$(dirname "$pj")/"; \
        done \
-  && rm -rf /tmp/brace-expansion-5.0.5.tgz /tmp/package
-
-# Remove any npm auth credentials written during install.
-# npm automatically picks up GITHUB_TOKEN and NPM_TOKEN from the build environment
-# and persists them in .npmrc files — scrub all of them before the image is finalised.
-RUN find /root /home /usr/local/etc -name ".npmrc" -o -name "npmrc" \
-      | xargs grep -l "_authToken\|_auth\b" 2>/dev/null \
-      | xargs rm -f 2>/dev/null || true \
+  && rm -rf /tmp/brace-expansion-5.0.5.tgz /tmp/package \
+  && find /root /home /usr/local/etc -name ".npmrc" -o -name "npmrc" \
+     | xargs grep -l "_authToken\|_auth\b" 2>/dev/null \
+     | xargs rm -f 2>/dev/null || true \
   && npm config delete //npm.pkg.github.com/:_authToken 2>/dev/null || true \
-  && npm config delete //registry.npmjs.org/:_authToken 2>/dev/null || true
+  && npm config delete //registry.npmjs.org/:_authToken 2>/dev/null || true \
+  && npm cache clean --force
 
 # Workspace and Claude config dir — owned by the built-in node user (uid 1000).
 # Pre-creating ~/.claude ensures the named volume is initialised with the