A declared fleet of base OCI images we keep security-patched. The whole job — what to patch (source = registry/repository/tag), how (patch, default: apply all pending security updates), where to publish (destination = repository/tag under a run-time registry), and what to assert (expect, optional version floor) — lives in the model instance's globalArguments.images, so a single swamp model method run <instance> patch --input registry=<registry[/namespace]> builds, verifies, and pushes every image. The destination registry is the registry arg (or globalArguments.registry), so one instance retargets to a different registry per run. No workflow. Verify is foreknowledge-free (asserts no security updates remain pending on every platform), which fits a scheduled cadence; an optional per-image expect adds a version floor. Composes the pure logic of @hivemq/oci/image/patch and the buildx wrapper of @hivemq/docker; it is the only one of the three that drives buildx. Motivated by PLT-941 (openssl CVE-2026-45447): own the patch cadence instead of waiting on upstream base rebuilds.