EXTENSIONS
User-built models, drivers, vaults, and reports — the parts that plug into swamp.
Filter by what you need and pull what fits.
Base Images
A declared fleet of base OCI images we keep security-patched. The whole job — what to patch (`source` = registry/repository/tag), how (`patch`, default: apply all pending security updates), where to publish (`destination` = repository/tag under a run-time `registry`), and what to assert (`expect`, optional version floor) — lives in the model instance's `globalArguments.images`, so a single `swamp model method run <instance> patch --input registry=<registry[/namespace]>` builds, verifies, and pushes every image. The destination registry is the `registry` arg (or `globalArguments.registry`), so one instance retargets to a different registry per run. No workflow. Verify is foreknowledge-free (asserts no security updates remain pending on every platform), which fits a scheduled cadence; an optional per-image `expect` adds a version floor. Composes the pure logic of @hivemq/oci/image/patch and the buildx wrapper of @hivemq/docker; it is the only one of the three that drives buildx. Motivated by PLT-941 (openssl CVE-2026-45447): own the patch cadence instead of waiting on upstream base rebuilds.
Docker Compose Refresher
Keep :latest-tagged (and untagged) services in local or SSH-reachable docker compose projects up to date. Compares each running container's image digest against the registry (docker buildx imagetools) so already-current services are left untouched, then pulls and recreates only stale ones with a health-gate. Dry-run by default. Supports sudo-prefixed docker and per-host SSH config.
Oci/image/patch
Take a single base OCI image identifier and emit its security-patched counterpart under the HiveMQ naming convention (<registry>/<namespace>/<flattened>:<tag>-hivemq-patched-<date>). A pure logic model (`plan` generates the security-upgrade Dockerfile + derives the re-homed target; `verify` asserts the expected fixed package versions) plus a bundled workflow that orchestrates a container CLI wrapper around it: plan, build the multi-arch image, verify the expected versions on every platform of it, then push. Two workflow variants ship: the Apple @hivemq/container engine (self-hosted macOS) and @hivemq/docker (standard Linux/GitHub-hosted runners). Motivated by PLT-941 (openssl CVE-2026-45447): own the patch cadence instead of waiting on upstream base rebuilds. Registry credentials are injected from a swamp vault at run time and never persisted in a committed instance.
Docker
Thin swamp wrapper around the `docker` CLI. Image-lifecycle subset: `build` (single-platform, locally runnable), `run`, `buildInspectPlatforms` (build each arch single-arch with `buildx --load` + run an inspection command, capturing all output in one `inspected` resource — the verify-before-push primitive), `login`, and `buildx build --push` (multi-arch build + push). Each method mirrors a `docker` subcommand so workflows can drive the build/run/publish lifecycle without bespoke shell steps.
Container Image
Build, push, and inspect OCI container images. Registry-agnostic — works with ECR, GHCR, DockerHub, or any OCI-compliant registry. Supports docker, podman, nerdctl, and buildah. Produces typed, versioned build metadata.
Arcane
Management of an Arcane Docker instance via its REST API — GitOps sync setup, compose project lifecycle with validated mode-aware deploy, swarm stack deploy (render-validated, convergence-polled) + secret/config rotation, and volume/prune cleanup.
Image Updater
Auto-applier for docker image updates — pulls + restarts compose stacks with deny lists, cooling periods, and a per-run cap.
Docker
Manage Docker Engine and Docker Compose lifecycle on remote hosts over SSH, including install, build, run, inspect, exec, and compose service operations.
Portainer
Portainer API wrapper — snapshot endpoints/containers/stacks across every docker host, and drive container actions (start/stop/restart/kill/pause/unpause) plus image pulls from swamp workflows.
Image Updates
Docker image update tracker — compares local image digests against the registry to surface available updates per container.
Docker Host
Docker container discovery across a Proxmox cluster — SSHes to each PVE node, runs `pct exec <vmid> docker ps` on every docker-tagged LXC.
Docker Image Test
Local Docker image smoke testing for swamp: build image matrices, run containers, poll health checks, capture logs, and clean up.