fix: remediate container scan vulnerabilities (3 Critical, 25 High)

[drew]

Summary

Address 28 vulnerabilities (3 Critical, 25 High) across three container images: cluster, sandbox, and ci. All findings originate from upstream base images and pre-compiled binaries — none are in project source code.

Full plan: .opencode/plans/container-vulnerability-remediation.md

Findings Overview

Image	Critical	High	Root Cause
cluster	2	7	Stale k3s base image (v1.29.8-k3s1) bundles old Go modules and Alpine/BusyBox
sandbox	1	11	Unpinned Node.js 22.x, unpinned npm install -g, Debian apt packages (vim-tiny, python)
ci	0	5	Stale Docker CLI (27.5.1) bundles old Go modules

Workstream 1: CI Image — Low Risk, Do First

Files: deploy/docker/Dockerfile.ci

• Upgrade Docker CLI 27.5.1 → 29.3.0 (ARG DOCKER_VERSION)
• Upgrade Docker Buildx v0.21.1 → latest stable (ARG BUILDX_VERSION)
• Verify mise run docker:build:ci succeeds
• Verify CI pipeline (checks.yml) passes on rebuilt image

Resolves: GHSA-pwhc-rpq9-4c8w, GHSA-p436-gjf2-799p, GHSA-hcg3-q754-cr77, GHSA-9h8m-3fm2-qjrq, GHSA-6v2p-p543-phr9

Workstream 2: Cluster Image — High Risk, 2 Criticals

Files: mise.toml, deploy/docker/Dockerfile.cluster, deploy/docker/cluster-entrypoint.sh, deploy/helm/navigator/, deploy/kube/manifests/*.yaml

• Upgrade k3s v1.29.8-k3s1 → v1.34.5+k3s1 in mise.toml and Dockerfile.cluster
• Audit Helm chart templates for removed Kubernetes APIs (1.29→1.34 spans 5 minor versions)
• Audit deploy/kube/manifests/*.yaml for deprecated apiVersion fields
• Review cluster-entrypoint.sh for k3s 1.34 compatibility
• Verify mise run docker:build:cluster succeeds
• Verify mise run sandbox succeeds (full local cluster lifecycle)
• E2E tests pass

Resolves: GHSA-v778-237x-gjrc (Critical), CVE-2022-48174 (Critical), GHSA-mh63-6h87-95cp, GHSA-cgrx-mc8f-2prm, GHSA-8pgv-569h-w5rw, GHSA-4f99-4q7p-p3gh, GHSA-47m2-4cr7-mhcw, GHSA-4374-p667-p6c8, CVE-2024-36623

Workstream 3: Sandbox Image — 1 Critical, 11 High

Files: deploy/docker/sandbox/Dockerfile.base

• Rebuild image to pick up latest Node.js 22.x patches (fixes 5 Node.js CVEs)
• Pin npm global packages: npm install -g opencode-ai@<ver> @openai/codex@<ver> openclaw@<ver>
• Force-upgrade tar to >=7.5.10 after global install (npm -g install tar@latest)
• Remove vim-tiny from apt-get install (nano is already available)
• Evaluate upgrading python:3.12-slim → python:3.13-slim for CVE-2025-13836 (or accept risk — requires malicious server + sandbox network policy mitigates)
• Run npm audit inside built image to confirm clean
• Verify coding agents still work: opencode-ai --version, codex --version, openclaw --version
• E2E tests pass

Resolves: CVE-2025-55130 (Critical), CVE-2026-21637, CVE-2025-59466, CVE-2025-59465, CVE-2025-55131, GHSA-wc8c-qw6v-h7f6, GHSA-r6q2-hw4h-h46w, GHSA-qffp-2rhf-9h96, GHSA-8qq5-rm4j-mr97, GHSA-83g3-92jg-28cx, GHSA-34x7-hfp2-rc4v, CVE-2026-28421, CVE-2026-28417, CVE-2025-13836

Risks

Risk	Mitigation
k3s 1.34 breaks Helm chart deployment	Full E2E suite; review k3s changelogs
Docker CLI 29.x breaking changes	Docker maintains backward compat; test with checks.yml
Upstream npm packages don't update tar	Force-upgrade tar globally after install
Python 3.12 CVE accepted	Sandbox network policy limits outbound; monitor for image updates