From 8a6b14d7e26bc75bce6bc0bc818cf1a98b311333 Mon Sep 17 00:00:00 2001
From: Ben Vinegar <ben@benv.ca>
Date: Tue, 24 Feb 2026 23:15:11 -0500
Subject: [PATCH] docs: add guidance for resolving runtime binaries by full
 path

Prevents future bugs where bare 'npm' or 'node' calls fail because
the embedded runtime is not on root's PATH.
---
 bin/AGENTS.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bin/AGENTS.md b/bin/AGENTS.md
index 9533823..7f5c0c8 100644
--- a/bin/AGENTS.md
+++ b/bin/AGENTS.md
@@ -18,6 +18,7 @@ Scope: shell CLI and operational scripts under `bin/`.
 - Reuse shared helpers (`shell-common.sh`, `paths-common.sh`, `release-common.sh`, etc.) instead of duplicating constants or logging/error patterns.
 - Prefer portable shell patterns; distro-specific branches are acceptable when reliability improves.
 - Any security-relevant shell change must include/adjust tests.
+- **Never call `node`, `npm`, etc. by bare name** in scripts that run as root. The embedded runtime is not on root's PATH. Use `runtime-node.sh` helpers (`bb_resolve_runtime_node_bin`, `bb_resolve_runtime_node_bin_dir`) to resolve the full path first.
 
 ## Critical files