Summary
The gastown container Dockerfile is too minimal for real-world development tasks. Agents frequently need tools that aren't installed:
- ripgrep (
rg) — agents attempt to use it constantly for code search. It's not installed, so they fall back to slower grep -r or use the CLI's built-in search (which is less flexible).
- build-essential — customer request. Many repos need
gcc/make/g++ for native module compilation (node-gyp, Python C extensions, Rust FFI).
- Common dev libraries —
libssl-dev, libffi-dev, zlib1g-dev, etc. are needed to build projects that have native dependencies.
Current State
The Dockerfile (container/Dockerfile) installs only:
git, git-lfscurl, ca-certificates- Node.js 24
gh CLI@kilocode/cli, @kilocode/plugin, pnpm
Proposed Dockerfile Change
Replace the current apt-get install block with a comprehensive dev toolchain:
FROM oven/bun:1-slim
RUN apt-get update && \
apt-get install -y --no-install-recommends \
# Version control
git \
git-lfs \
# Network / download
curl \
wget \
ca-certificates \
gnupg \
unzip \
# Build toolchain
build-essential \
autoconf \
# Search tools
ripgrep \
jq \
# Compression
bzip2 \
zstd \
# SSL / crypto
libssl-dev \
libffi-dev \
# Database client libs
libdb-dev \
libgdbm-dev \
libgdbm6 \
# Python build deps (for repos with Python)
libbz2-dev \
liblzma-dev \
libncurses5-dev \
libreadline-dev \
zlib1g-dev \
# Ruby build deps (for repos with Ruby)
libyaml-dev \
# Image processing (for repos with image pipelines)
libvips-dev \
# Browser/rendering (for repos with Puppeteer, Playwright)
libgbm1 \
# C++ stdlib (for native addons)
libc++1 \
# Math (for native crypto/ML deps)
libgmp-dev \
# Timezone data (for TZ-aware test suites)
tzdata \
&& curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
&& apt-get install -y --no-install-recommends nodejs \
&& curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
-o /usr/share/keyrings/githubcli-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
> /etc/apt/sources.list.d/github-cli.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends gh \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*Image Size Impact
The current image is ~350MB. Adding these packages will increase it to ~600-800MB. This is acceptable because:
- Cloudflare Containers cache layers — the base layer is pulled once per region
- Cold start is dominated by process startup, not image pull (after first pull)
- The alternative is agents failing on
rg, make, gcc, etc. and wasting LLM tokens on workarounds
If size becomes a concern, we could split into a "slim" and "full" image and let users choose via town settings. But for now, one comprehensive image is simpler.
Also Consider (future)
These are NOT in scope for this issue but worth noting:
These should be separate issues since they're large installs with their own configuration needs.
Dockerfile.dev
The dev Dockerfile (container/Dockerfile.dev) should receive the same changes for local development parity.
Files
cloudflare-gastown/container/Dockerfilecloudflare-gastown/container/Dockerfile.dev
Acceptance Criteria
Summary
The gastown container Dockerfile is too minimal for real-world development tasks. Agents frequently need tools that aren't installed:
rg) — agents attempt to use it constantly for code search. It's not installed, so they fall back to slowergrep -ror use the CLI's built-in search (which is less flexible).gcc/make/g++for native module compilation (node-gyp, Python C extensions, Rust FFI).libssl-dev,libffi-dev,zlib1g-dev, etc. are needed to build projects that have native dependencies.Current State
The Dockerfile (
container/Dockerfile) installs only:git,git-lfscurl,ca-certificatesghCLI@kilocode/cli,@kilocode/plugin,pnpmProposed Dockerfile Change
Replace the current
apt-get installblock with a comprehensive dev toolchain:Image Size Impact
The current image is ~350MB. Adding these packages will increase it to ~600-800MB. This is acceptable because:
rg,make,gcc, etc. and wasting LLM tokens on workaroundsIf size becomes a concern, we could split into a "slim" and "full" image and let users choose via town settings. But for now, one comprehensive image is simpler.
Also Consider (future)
These are NOT in scope for this issue but worth noting:
python3,python3-pip,python3-venv) — many repos need Python for scripts, tests, or toolingrustup) — growing number of repos have Rust componentsdotnet-sdk-8.0) — customer request in [Gastown] Polecat containers missing libicu dependency for .NET tests #1654 forlibicuThese should be separate issues since they're large installs with their own configuration needs.
Dockerfile.dev
The dev Dockerfile (
container/Dockerfile.dev) should receive the same changes for local development parity.Files
cloudflare-gastown/container/Dockerfilecloudflare-gastown/container/Dockerfile.devAcceptance Criteria
ripgrep(rg) available in the containerbuild-essential(gcc,g++,make) availablejqavailableDockerfile.devupdated to matchrgfor code search without fallback