fix(install): upgrade Node.js via nvm when system version is below minimum

[ericksoa]

Summary

• install_nodejs() returned early when any Node.js was found on PATH, even if the version was below MIN_NODE_VERSION (22.16.0). Now checks the version and falls through to the nvm upgrade path when too old.
• ensure_nvm_loaded() skipped sourcing nvm.sh when any node was on PATH, preventing newly-installed Node 22 from being activated. Added --force flag used by the install path.

Fixes #1078

Test plan

• Nightly e2e passes on ubuntu-24.04 runner (Node 20 pre-installed)
• Fresh install (no Node) still works
• Install with Node >=22.16.0 still short-circuits correctly

Summary by CodeRabbit

• Improvements

  • Installer: better Node/npm detection comparing both Node and npm minimums, warns when inadequate and proceeds to upgrade via nvm; forces environment loader during upgrades; best-effort default Node aliasing after install.
  • Tool shim: creates/updates a user-local shim when the tool is already present.
  • Network probes: increased curl connect and total timeouts for endpoint/model checks.

• Tests

  • Updated preflight and probe tests to reflect nvm-upgrade flow, failure messaging, and new curl timeout values.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7a8b92f0-107c-439d-a260-4899c7242d42

📥 Commits

Reviewing files that changed from the base of the PR and between de7db4f and a38dd77.

📒 Files selected for processing (3)

• bin/lib/onboard.js
• install.sh
• test/credential-exposure.test.js

✅ Files skipped from review due to trivial changes (1)

• test/credential-exposure.test.js

---

📝 Walkthrough

Walkthrough

install.sh now forces nvm sourcing during upgrades, verifies both node and npm versions before skipping installation, and ensures nvm is invoked for upgrades; tests and onboarding curl timeouts were updated to reflect the new behavior and timing changes.

Changes

Cohort / File(s)	Summary
Installer script install.sh	ensure_nvm_loaded() gains --force to bypass the "node on PATH" early return; install_nodejs() now checks node --version and npm --version, requires Node >= MIN_NODE_VERSION and npm major >= MIN_NPM_MAJOR to skip; otherwise warns and proceeds to upgrade via nvm, calling ensure_nvm_loaded --force before/after nvm install and setting nvm alias default 22 after nvm use 22.
Preflight test test/install-preflight.test.js	Updated to simulate failing curl, expect an nvm-upgrade attempt and the "Failed to download nvm installer" message, and assert the revised "found but NemoClaw requires … (>=22.16.0)" style version text.
Onboard probe timing bin/lib/onboard.js	Increased curl timing args in getCurlTimingArgs() from --connect-timeout 5/--max-time 20 to --connect-timeout 10/--max-time 60.
Credential exposure test test/credential-exposure.test.js	Updated assertions to match the new curl timing args (--connect-timeout 10, --max-time 60).

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor User
    participant Installer
    participant SystemNode as "system node/npm"
    participant NVM as "nvm (nvm.sh / installer)"
    participant Curl as "curl (remote)"

    User->>Installer: run install script
    Installer->>SystemNode: detect `node` and `npm` versions
    alt node >= MIN_NODE_VERSION and npm >= MIN_NPM_MAJOR
        SystemNode-->>Installer: acceptable versions
        Installer->>User: proceed without nvm
    else node present but < MIN_NODE_VERSION or npm too old
        SystemNode-->>Installer: old/insufficient versions
        Installer->>Installer: warn and select nvm upgrade path
        Installer->>NVM: ensure_nvm_loaded --force (source nvm.sh)
        Installer->>NVM: nvm install <desired node>
        NVM->>Curl: download nvm installer
        Curl-->>NVM: may fail (test simulates failure)
        NVM-->>Installer: report download result / errors
        Installer->>User: emit upgrade attempt and any failure messages
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I sniffed each PATH and read versions true,
I added a flag to wake nvm anew.
When old Node stood firm, I gave it a nudge,
Called --force, then watched the install trudge.
A carrot cheer for upgrades — hop hop, review!

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	All changes are directly related to the linked issue objectives: install.sh modifications address Node.js version checking and nvm loading; test updates validate the new behavior; onboard.js timeout adjustments are likely unrelated.	The curl timeout changes in onboard.js (connect-timeout 5→10, max-time 20→60) appear unrelated to the Node.js upgrade fix; clarify the scope or move these changes to a separate PR.
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: upgrading Node.js via nvm when system version is below minimum, which is the core objective.
Linked Issues check	✅ Passed	All objectives from issue #1078 are addressed: install_nodejs() now checks version and proceeds to nvm upgrade path when below minimum; ensure_nvm_loaded() supports --force flag to source nvm.sh even when node exists; installer avoids exit on old Node.js by enabling nvm upgrade.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/installer-node-version-upgrade

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@install.sh`:
- Around line 397-405: In ensure_supported_runtime(), the early return when
command_exists node and node version >= MIN_NODE_VERSION must also verify npm
meets the required minimum (e.g., MIN_NPM_VERSION or npm >=10); currently the
code returns based only on node. Change the logic in the node-present branch
(where current_version is set via node --version) to also run npm --version
(capture npm_version), and only return when version_gte "${current_version#v}"
"$MIN_NODE_VERSION" AND version_gte "${npm_version}" "$MIN_NPM_VERSION";
otherwise emit the existing warn message and fall through to the nvm upgrade
path. Ensure you reference current_version, npm_version, MIN_NODE_VERSION,
MIN_NPM_VERSION, and the function ensure_supported_runtime().

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: aaeeb8c1-b63b-45a6-9ca5-8d5901750ad3

📥 Commits

Reviewing files that changed from the base of the PR and between a146385 and c6a0cad.

📒 Files selected for processing (1)

• install.sh