Follow-up from PR #52 — deferred past merge to keep the rev-6 async-only narrative clean. Container CVE sweep is independent of PR #52's feature work.
Functional description
The agent's Docker image (bgagent-local:latest, based on python:3.13-slim / Debian 12 bookworm) currently contains 6 HIGH-severity CVEs flagged by the grype scanner. These are pre-existing base-image issues from transitive dependencies of gh (the GitHub CLI) and build-essential, not from PR #52's code.
Who cares: security scanners (whose reports feed compliance dashboards), anyone running ABCA in a regulated environment. Users don't see this directly, but the image fails security audits as-is.
Why we deferred: PR #52 shipped the rev-6 async-only rework + --trace upload. Mixing a container CVE sweep into the same PR would muddy the bisect story if a regression later traced back to one or the other.
Affected components (partial list; full set in grype output):
libngtcp2 (HTTP/3 library pulled transitively via curl / gh)- The bundled
gh binary (via apt)
- Possibly others —
mise //agent:security surfaces the full list.
Technical plan
-
Re-scan current image on latest python:3.13-slim pull to confirm which CVEs remain after an upstream base rebuild. The set may shrink naturally if Debian has since published security patches.
-
Patch the remaining set — choose the approach that balances reproducibility and audit-cleanliness:
apt-get upgrade -y inside the existing RUN layer to pick up Debian security patches without waiting for base rebuilds (acceptable but reduces reproducibility slightly).- Targeted
apt-get install <pkg>=<version> bumps for specific CVEs (more surgical, easier to audit).
- Pin
gh to a specific version downloaded via https://github.com/cli/cli/releases/ rather than the apt repo, for deterministic CVE tracking of the most fragile dependency.
-
Re-run grype — confirm HIGH count drops to zero, or document any residuals with a grype-ignore file + inline justification.
-
Smoke test — confirm the rebuilt image still runs the full agent pipeline against a deployed stack (AgentCore runtime accepts the new container, agent boots, tool-use works, trace upload works end-to-end).
Acceptance criteria
mise //agent:security (grype) reports 0 HIGH/CRITICAL CVEs on the rebuilt image.- Existing agent smoke tests pass on the rebuilt image.
agent/README.md documents the apt-get upgrade / pinning cadence so future regressions are caught early.- Prek
pre-push stage agent:security:image passes cleanly, without ignore files (or with documented ignores and justifications).
Out of scope
- Migration to a different base distro (Alpine, Chainguard, distroless) — larger surgery; separate discussion.
- Changing the Python version.
References
Functional description
The agent's Docker image (
bgagent-local:latest, based onpython:3.13-slim/ Debian 12 bookworm) currently contains 6 HIGH-severity CVEs flagged by the grype scanner. These are pre-existing base-image issues from transitive dependencies ofgh(the GitHub CLI) andbuild-essential, not from PR #52's code.Who cares: security scanners (whose reports feed compliance dashboards), anyone running ABCA in a regulated environment. Users don't see this directly, but the image fails security audits as-is.
Why we deferred: PR #52 shipped the rev-6 async-only rework +
--traceupload. Mixing a container CVE sweep into the same PR would muddy the bisect story if a regression later traced back to one or the other.Affected components (partial list; full set in grype output):
libngtcp2(HTTP/3 library pulled transitively viacurl/gh)ghbinary (via apt)mise //agent:securitysurfaces the full list.Technical plan
Re-scan current image on latest
python:3.13-slimpull to confirm which CVEs remain after an upstream base rebuild. The set may shrink naturally if Debian has since published security patches.Patch the remaining set — choose the approach that balances reproducibility and audit-cleanliness:
apt-get upgrade -yinside the existingRUNlayer to pick up Debian security patches without waiting for base rebuilds (acceptable but reduces reproducibility slightly).apt-get install <pkg>=<version>bumps for specific CVEs (more surgical, easier to audit).ghto a specific version downloaded viahttps://github.com/cli/cli/releases/rather than the apt repo, for deterministic CVE tracking of the most fragile dependency.Re-run grype — confirm HIGH count drops to zero, or document any residuals with a grype-ignore file + inline justification.
Smoke test — confirm the rebuilt image still runs the full agent pipeline against a deployed stack (AgentCore runtime accepts the new container, agent boots, tool-use works, trace upload works end-to-end).
Acceptance criteria
mise //agent:security(grype) reports 0 HIGH/CRITICAL CVEs on the rebuilt image.agent/README.mddocuments theapt-get upgrade/ pinning cadence so future regressions are caught early.pre-pushstageagent:security:imagepasses cleanly, without ignore files (or with documented ignores and justifications).Out of scope
References
agent/Dockerfile— current base image and package install layersmise //agent:security/ grype task output (run locally for the live CVE list)