Add Node.js 22 to claude and devstral Docker images

[bobnautic]

Summary

• docker/claude/Dockerfile and docker/devstral/Dockerfile were missing Node.js, making tools and plugins that depend on it non-functional
• Both images now install Node.js 22 via NodeSource, consistent with the other agent images (auggie, codex, copilot, gemini, opencode) which all use node:22 base images
• Node.js is installed within the existing apt-get layer to avoid adding extra image layers

Why NodeSource instead of plain apt

debian:bookworm-slim's default apt repo ships Node.js 18. NodeSource pins the install to Node.js 22, keeping all agent images on the same major version.

Summary by CodeRabbit

• Chores
  • Updated Docker build environments to include Node.js 22.x support.

[coderabbitai]

📝 Walkthrough

Walkthrough

Two Docker images now provision Node.js 22.x through NodeSource setup during their initial package installation steps. No other build processes, environment variables, or runtime behavior were modified.

Changes

Cohort / File(s)	Summary
Node.js Installation in Docker Images docker/claude/Dockerfile, docker/devstral/Dockerfile	Added NodeSource repository setup and nodejs package installation (v22.x) to the base system package installation step in both images.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Poem

🐰 A rabbit in Docker did dwell,
Installing Node with a spell,
Packages aligned,
Dependencies bind,
And containers run smooth as a shell! 🐇

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely describes the main change: adding Node.js 22 to two specific Docker images.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

docker/devstral/Dockerfile (2)

4-11: Optional: use --no-install-recommends for consistency with the claude image and smaller layer size.

docker/claude/Dockerfile uses --no-install-recommends on its package install (line 7) but this file does not. Adding it here (both for the base deps and the nodejs install) trims recommended-but-not-required packages and keeps the two agent images aligned.

♻️ Proposed change

-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     curl \
     ca-certificates \
     git \
     bash \
     && curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
-    && apt-get install -y nodejs \
+    && apt-get install -y --no-install-recommends nodejs \
     && rm -rf /var/lib/apt/lists/*

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker/devstral/Dockerfile` around lines 4 - 11, The Dockerfile RUN step
installs packages without --no-install-recommends; update the apt-get install
invocations in the RUN command so both the initial apt-get install -y
(installing curl, ca-certificates, git, bash) and the subsequent apt-get install
-y nodejs use --no-install-recommends (e.g., replace apt-get install -y with
apt-get install -y --no-install-recommends) to reduce image size and match the
claude image behavior while preserving the existing curl setup and cleanup (rm
-rf /var/lib/apt/lists/*).

---

9-10: Same NodeSource hardening concern as docker/claude/Dockerfile.

The curl ... | bash - approach to NodeSource setup has the same supply-chain considerations flagged in docker/claude/Dockerfile (lines 20-21). The newer manual GPG-key + apt-source method is preferred. Not repeating the full diff here.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker/devstral/Dockerfile` around lines 9 - 10, The Dockerfile currently
uses a piped curl installer for NodeSource (the line with "curl -fsSL
https://deb.nodesource.com/setup_22.x | bash -") which is a supply-chain risk;
replace that step with the manual GPG-key + apt-source flow: fetch and add the
NodeSource GPG public key, add the NodeSource apt repository for node_22.x to
/etc/apt/sources.list.d (using the distro codename), run apt-get update, then
apt-get install -y nodejs; remove the piped curl invocation and ensure the
subsequent apt-get install -y nodejs continues to install from the newly added
NodeSource repository.

docker/claude/Dockerfile (1)

20-21: The setup script approach is NodeSource's current recommendation; consider the manual method for enhanced auditability (optional).

NodeSource explicitly recommends the setup_22.x script approach for Node.js 22 on Debian as of 2026, so the current method is aligned with their guidance. However, if you prefer explicit control and auditability over supply-chain steps, you can replicate what the script does internally by manually importing the GPG key and adding the apt source. This makes provisioning decisions transparent without executing a remote script.

♻️ Manual approach alternative (optional)

 RUN apt-get update && apt-get install -y --no-install-recommends \
     bash \
     ca-certificates \
     curl \
     git \
     gosu \
     jq \
     libgcc-s1 \
     libstdc++6 \
     passwd \
     python3 \
     ripgrep \
     xclip \
+    gnupg \
-    && curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
-    && apt-get install -y --no-install-recommends nodejs \
+    && mkdir -p /etc/apt/keyrings \
+    && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key \
+       | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
+    && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_22.x nodistro main" \
+       > /etc/apt/sources.list.d/nodesource.list \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends nodejs \
     && rm -rf /var/lib/apt/lists/*

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker/claude/Dockerfile` around lines 20 - 21, The Dockerfile currently uses
the remote NodeSource setup script (curl -fsSL
https://deb.nodesource.com/setup_22.x | bash -) before installing nodejs; to
improve auditability replace that pipeline with an explicit sequence: fetch and
verify the NodeSource GPG key, add the NodeSource apt repository entry for
"setup_22.x" to sources.list.d, run apt-get update, then install nodejs with
apt-get install -y --no-install-recommends nodejs; locate the lines containing
"curl -fsSL https://deb.nodesource.com/setup_22.x | bash -", "setup_22.x", and
"nodejs" and implement the manual GPG import + apt source add and update steps
instead of executing the remote script.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docker/devstral/Dockerfile`:
- Around line 9-10: Remove the unnecessary Node.js install steps: delete the
curl NodeSource setup command ("curl -fsSL https://deb.nodesource.com/setup_22.x
| bash -") and the subsequent "apt-get install -y nodejs" invocation from the
Dockerfile so the image no longer installs nodejs at build time; the devstral
agent uses the precompiled 'vibe' binary and does not require Node runtime.

---

Nitpick comments:
In `@docker/claude/Dockerfile`:
- Around line 20-21: The Dockerfile currently uses the remote NodeSource setup
script (curl -fsSL https://deb.nodesource.com/setup_22.x | bash -) before
installing nodejs; to improve auditability replace that pipeline with an
explicit sequence: fetch and verify the NodeSource GPG key, add the NodeSource
apt repository entry for "setup_22.x" to sources.list.d, run apt-get update,
then install nodejs with apt-get install -y --no-install-recommends nodejs;
locate the lines containing "curl -fsSL https://deb.nodesource.com/setup_22.x |
bash -", "setup_22.x", and "nodejs" and implement the manual GPG import + apt
source add and update steps instead of executing the remote script.

In `@docker/devstral/Dockerfile`:
- Around line 4-11: The Dockerfile RUN step installs packages without
--no-install-recommends; update the apt-get install invocations in the RUN
command so both the initial apt-get install -y (installing curl,
ca-certificates, git, bash) and the subsequent apt-get install -y nodejs use
--no-install-recommends (e.g., replace apt-get install -y with apt-get install
-y --no-install-recommends) to reduce image size and match the claude image
behavior while preserving the existing curl setup and cleanup (rm -rf
/var/lib/apt/lists/*).
- Around line 9-10: The Dockerfile currently uses a piped curl installer for
NodeSource (the line with "curl -fsSL https://deb.nodesource.com/setup_22.x |
bash -") which is a supply-chain risk; replace that step with the manual GPG-key
+ apt-source flow: fetch and add the NodeSource GPG public key, add the
NodeSource apt repository for node_22.x to /etc/apt/sources.list.d (using the
distro codename), run apt-get update, then apt-get install -y nodejs; remove the
piped curl invocation and ensure the subsequent apt-get install -y nodejs
continues to install from the newly added NodeSource repository.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e6f9d411-6a62-4cd0-9ff9-b1061594d37b

📥 Commits

Reviewing files that changed from the base of the PR and between a03cbcf and 98e903b.

📒 Files selected for processing (2)

• docker/claude/Dockerfile
• docker/devstral/Dockerfile

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Look for any Node.js / npm / npx invocations in devstral-related scripts or configs
rg -nP --hidden -g '!**/node_modules/**' '\b(node|npm|npx)\b' docker/devstral/ 2>/dev/null
fd -t f . docker/devstral/
cat agents.json 2>/dev/null | head -100

Repository: VibePod/vibepod-agents

Length of output: 2910

---

🏁 Script executed:

cat docker/devstral/Dockerfile

Repository: VibePod/vibepod-agents

Length of output: 1076

---

🏁 Script executed:

# Search for any MCP server or plugin configuration that might require Node
rg -i 'mcp|plugin|server' docker/devstral/ --hidden

Repository: VibePod/vibepod-agents

Length of output: 48

---

🏁 Script executed:

# Check the vibe install script to understand what's being installed
curl -s https://mistral.ai/vibe/install.sh 2>/dev/null | head -50

Repository: VibePod/vibepod-agents

Length of output: 48

---

🏁 Script executed:

# Search entire repo for vibe or node references
rg -i 'vibe|node.*version|nodejs' --type json --type yaml --type md | head -30

Repository: VibePod/vibepod-agents

Length of output: 2300

---

🏁 Script executed:

# Check if there's any documentation about vibe or its requirements
fd -e md -e txt . | xargs grep -l -i 'vibe\|node.*requirement' 2>/dev/null | head -10

Repository: VibePod/vibepod-agents

Length of output: 76

---

🏁 Script executed:

# Look for any build scripts or configuration that might indicate node usage
fd -e package.json -e package-lock.json . | head -5

Repository: VibePod/vibepod-agents

Length of output: 48

---

Remove Node.js installation—vibe does not require it at runtime.

The devstral agent sources vibe from mistralai/mistral-vibe (GitHub release), a compiled binary similar to claude. Unlike npm-based agents (gemini, opencode, auggie, copilot, codex), vibe is not invoked through Node.js: the version command is simply vibe --version, and no node|npm|npx usage appears in the Dockerfile or devstral config. The Node.js installation adds ~50–100 MB to the image and widens the attack surface unnecessarily. Remove lines 9–10 to match the actual functional requirements of the agent.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker/devstral/Dockerfile` around lines 9 - 10, Remove the unnecessary
Node.js install steps: delete the curl NodeSource setup command ("curl -fsSL
https://deb.nodesource.com/setup_22.x | bash -") and the subsequent "apt-get
install -y nodejs" invocation from the Dockerfile so the image no longer
installs nodejs at build time; the devstral agent uses the precompiled 'vibe'
binary and does not require Node runtime.