From ccf73f9228aafa6005fd294a91091b53c7adb555 Mon Sep 17 00:00:00 2001
From: John Fawcett <john@kilcoode.ai>
Date: Fri, 3 Apr 2026 18:37:38 +0000
Subject: [PATCH 1/2] feat(container): expand apt-get block with build tools,
 ripgrep, and dev libraries

Add comprehensive package list to both Dockerfile and Dockerfile.dev:
- Build toolchain: build-essential, autoconf
- Search tools: ripgrep, jq
- Network: wget, gnupg, unzip
- Compression: bzip2, zstd
- SSL/crypto: libssl-dev, libffi-dev
- Database client libs: libdb-dev, libgdbm-dev, libgdbm6
- Python build deps: libbz2-dev, liblzma-dev, libncurses5-dev, libreadline-dev, zlib1g-dev
- Ruby build deps: libyaml-dev
- Image processing: libvips-dev
- Browser/rendering: libgbm1
- Native addon support: libc++1, libgmp-dev
- Timezone data: tzdata

Closes #1976
---
 cloudflare-gastown/container/Dockerfile     | 67 +++++++++++++++++----
 cloudflare-gastown/container/Dockerfile.dev | 67 +++++++++++++++++----
 2 files changed, 110 insertions(+), 24 deletions(-)

diff --git a/cloudflare-gastown/container/Dockerfile b/cloudflare-gastown/container/Dockerfile
index 39b2235c5f..6afc657e3b 100644
--- a/cloudflare-gastown/container/Dockerfile
+++ b/cloudflare-gastown/container/Dockerfile
@@ -1,18 +1,61 @@
 FROM oven/bun:1-slim
 
-# Install git, gh CLI, and Node.js (required by @kilocode/cli which uses #!/usr/bin/env node)
+# Install dev toolchain, search tools, build deps, gh CLI, and Node.js
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends git git-lfs curl ca-certificates && \
-    curl -fsSL https://deb.nodesource.com/setup_24.x | bash - && \
-    apt-get install -y --no-install-recommends nodejs && \
-    curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
-      -o /usr/share/keyrings/githubcli-archive-keyring.gpg && \
-    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
-      > /etc/apt/sources.list.d/github-cli.list && \
-    apt-get update && \
-    apt-get install -y --no-install-recommends gh && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
+    apt-get install -y --no-install-recommends \
+      # Version control
+      git \
+      git-lfs \
+      # Network / download
+      curl \
+      wget \
+      ca-certificates \
+      gnupg \
+      unzip \
+      # Build toolchain
+      build-essential \
+      autoconf \
+      # Search tools
+      ripgrep \
+      jq \
+      # Compression
+      bzip2 \
+      zstd \
+      # SSL / crypto
+      libssl-dev \
+      libffi-dev \
+      # Database client libs
+      libdb-dev \
+      libgdbm-dev \
+      libgdbm6 \
+      # Python build deps (for repos with Python)
+      libbz2-dev \
+      liblzma-dev \
+      libncurses5-dev \
+      libreadline-dev \
+      zlib1g-dev \
+      # Ruby build deps (for repos with Ruby)
+      libyaml-dev \
+      # Image processing (for repos with image pipelines)
+      libvips-dev \
+      # Browser/rendering (for repos with Puppeteer, Playwright)
+      libgbm1 \
+      # C++ stdlib (for native addons)
+      libc++1 \
+      # Math (for native crypto/ML deps)
+      libgmp-dev \
+      # Timezone data (for TZ-aware test suites)
+      tzdata \
+    && curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
+    && apt-get install -y --no-install-recommends nodejs \
+    && curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
+         -o /usr/share/keyrings/githubcli-archive-keyring.gpg \
+    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
+         > /etc/apt/sources.list.d/github-cli.list \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends gh \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
 
 RUN git lfs install --system
 
diff --git a/cloudflare-gastown/container/Dockerfile.dev b/cloudflare-gastown/container/Dockerfile.dev
index 474ef23155..35f1f61f9d 100644
--- a/cloudflare-gastown/container/Dockerfile.dev
+++ b/cloudflare-gastown/container/Dockerfile.dev
@@ -1,18 +1,61 @@
 FROM --platform=linux/arm64 oven/bun:1-slim
 
-# Install git, gh CLI, and Node.js (required by @kilocode/cli which uses #!/usr/bin/env node)
+# Install dev toolchain, search tools, build deps, gh CLI, and Node.js
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends git git-lfs curl ca-certificates && \
-    curl -fsSL https://deb.nodesource.com/setup_24.x | bash - && \
-    apt-get install -y --no-install-recommends nodejs && \
-    curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
-      -o /usr/share/keyrings/githubcli-archive-keyring.gpg && \
-    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
-      > /etc/apt/sources.list.d/github-cli.list && \
-    apt-get update && \
-    apt-get install -y --no-install-recommends gh && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
+    apt-get install -y --no-install-recommends \
+      # Version control
+      git \
+      git-lfs \
+      # Network / download
+      curl \
+      wget \
+      ca-certificates \
+      gnupg \
+      unzip \
+      # Build toolchain
+      build-essential \
+      autoconf \
+      # Search tools
+      ripgrep \
+      jq \
+      # Compression
+      bzip2 \
+      zstd \
+      # SSL / crypto
+      libssl-dev \
+      libffi-dev \
+      # Database client libs
+      libdb-dev \
+      libgdbm-dev \
+      libgdbm6 \
+      # Python build deps (for repos with Python)
+      libbz2-dev \
+      liblzma-dev \
+      libncurses5-dev \
+      libreadline-dev \
+      zlib1g-dev \
+      # Ruby build deps (for repos with Ruby)
+      libyaml-dev \
+      # Image processing (for repos with image pipelines)
+      libvips-dev \
+      # Browser/rendering (for repos with Puppeteer, Playwright)
+      libgbm1 \
+      # C++ stdlib (for native addons)
+      libc++1 \
+      # Math (for native crypto/ML deps)
+      libgmp-dev \
+      # Timezone data (for TZ-aware test suites)
+      tzdata \
+    && curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
+    && apt-get install -y --no-install-recommends nodejs \
+    && curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
+         -o /usr/share/keyrings/githubcli-archive-keyring.gpg \
+    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
+         > /etc/apt/sources.list.d/github-cli.list \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends gh \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
 
 RUN git lfs install --system
 

From cd48bbb8092b4c93d6c36b08d270dbcf0e6e5a06 Mon Sep 17 00:00:00 2001
From: John Fawcett <john@kilcoode.ai>
Date: Fri, 3 Apr 2026 18:57:56 +0000
Subject: [PATCH 2/2] fix(container): remove shell comments from inside
 backslash-continued apt-get install
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Shell comments inside backslash-continued lines break the apt-get
install command — the # starts a comment that swallows the rest of
the logical line, dropping all subsequent packages. Move category
info to a block comment above the RUN statement instead.
---
 cloudflare-gastown/container/Dockerfile     | 29 +++++++++++----------
 cloudflare-gastown/container/Dockerfile.dev | 29 +++++++++++----------
 2 files changed, 30 insertions(+), 28 deletions(-)

diff --git a/cloudflare-gastown/container/Dockerfile b/cloudflare-gastown/container/Dockerfile
index 6afc657e3b..b835a33329 100644
--- a/cloudflare-gastown/container/Dockerfile
+++ b/cloudflare-gastown/container/Dockerfile
@@ -1,50 +1,51 @@
 FROM oven/bun:1-slim
 
 # Install dev toolchain, search tools, build deps, gh CLI, and Node.js
+# Package categories:
+#   version control: git, git-lfs
+#   network/download: curl, wget, ca-certificates, gnupg, unzip
+#   build toolchain: build-essential, autoconf
+#   search tools: ripgrep, jq
+#   compression: bzip2, zstd
+#   SSL/crypto: libssl-dev, libffi-dev
+#   database client libs: libdb-dev, libgdbm-dev, libgdbm6
+#   Python build deps: libbz2-dev, liblzma-dev, libncurses5-dev, libreadline-dev, zlib1g-dev
+#   Ruby build deps: libyaml-dev
+#   image processing: libvips-dev
+#   browser/rendering: libgbm1
+#   C++ stdlib: libc++1
+#   math: libgmp-dev
+#   timezone data: tzdata
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
-      # Version control
       git \
       git-lfs \
-      # Network / download
       curl \
       wget \
       ca-certificates \
       gnupg \
       unzip \
-      # Build toolchain
       build-essential \
       autoconf \
-      # Search tools
       ripgrep \
       jq \
-      # Compression
       bzip2 \
       zstd \
-      # SSL / crypto
       libssl-dev \
       libffi-dev \
-      # Database client libs
       libdb-dev \
       libgdbm-dev \
       libgdbm6 \
-      # Python build deps (for repos with Python)
       libbz2-dev \
       liblzma-dev \
       libncurses5-dev \
       libreadline-dev \
       zlib1g-dev \
-      # Ruby build deps (for repos with Ruby)
       libyaml-dev \
-      # Image processing (for repos with image pipelines)
       libvips-dev \
-      # Browser/rendering (for repos with Puppeteer, Playwright)
       libgbm1 \
-      # C++ stdlib (for native addons)
       libc++1 \
-      # Math (for native crypto/ML deps)
       libgmp-dev \
-      # Timezone data (for TZ-aware test suites)
       tzdata \
     && curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
     && apt-get install -y --no-install-recommends nodejs \
diff --git a/cloudflare-gastown/container/Dockerfile.dev b/cloudflare-gastown/container/Dockerfile.dev
index 35f1f61f9d..a4bebc5dbf 100644
--- a/cloudflare-gastown/container/Dockerfile.dev
+++ b/cloudflare-gastown/container/Dockerfile.dev
@@ -1,50 +1,51 @@
 FROM --platform=linux/arm64 oven/bun:1-slim
 
 # Install dev toolchain, search tools, build deps, gh CLI, and Node.js
+# Package categories:
+#   version control: git, git-lfs
+#   network/download: curl, wget, ca-certificates, gnupg, unzip
+#   build toolchain: build-essential, autoconf
+#   search tools: ripgrep, jq
+#   compression: bzip2, zstd
+#   SSL/crypto: libssl-dev, libffi-dev
+#   database client libs: libdb-dev, libgdbm-dev, libgdbm6
+#   Python build deps: libbz2-dev, liblzma-dev, libncurses5-dev, libreadline-dev, zlib1g-dev
+#   Ruby build deps: libyaml-dev
+#   image processing: libvips-dev
+#   browser/rendering: libgbm1
+#   C++ stdlib: libc++1
+#   math: libgmp-dev
+#   timezone data: tzdata
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
-      # Version control
       git \
       git-lfs \
-      # Network / download
       curl \
       wget \
       ca-certificates \
       gnupg \
       unzip \
-      # Build toolchain
       build-essential \
       autoconf \
-      # Search tools
       ripgrep \
       jq \
-      # Compression
       bzip2 \
       zstd \
-      # SSL / crypto
       libssl-dev \
       libffi-dev \
-      # Database client libs
       libdb-dev \
       libgdbm-dev \
       libgdbm6 \
-      # Python build deps (for repos with Python)
       libbz2-dev \
       liblzma-dev \
       libncurses5-dev \
       libreadline-dev \
       zlib1g-dev \
-      # Ruby build deps (for repos with Ruby)
       libyaml-dev \
-      # Image processing (for repos with image pipelines)
       libvips-dev \
-      # Browser/rendering (for repos with Puppeteer, Playwright)
       libgbm1 \
-      # C++ stdlib (for native addons)
       libc++1 \
-      # Math (for native crypto/ML deps)
       libgmp-dev \
-      # Timezone data (for TZ-aware test suites)
       tzdata \
     && curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
     && apt-get install -y --no-install-recommends nodejs \