diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e6f3c22..6e31b4b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,150 +11,149 @@ on:
     branches:
     - '*'
 
+env:
+  llvm-version: 18
+  image-version: 22.04
+
 jobs:
   lint:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-${{ env.image-version }}
+    container:
+      image:
+        ghcr.io/trailofbits/patchestry-ubuntu-${{ env.image-version }}-llvm-${{ env.llvm-version }}-dev:latest
 
     steps:
     - uses: actions/checkout@v4
 
     - uses: actions/setup-python@v5
-      with: { python-version: "3.8" }
+      with: { python-version: "3.10" }
 
     - name: Install codespell
       run: pip3 install codespell
 
-    - name: Install clang-format
-      run: sudo apt-get update -q
-        && sudo apt-get install clang-format -q -y
-
     - name: Lint
-      run: cmake -D FORMAT_COMMAND=clang-format -P cmake/lint.cmake
+      run: cmake -D FORMAT_COMMAND=clang-format-${{ env.llvm-version }} -P cmake/lint.cmake
 
     - name: Spell check
       run: cmake -P cmake/spell.cmake
 
-  coverage:
-    needs: [lint]
-
-    runs-on: ubuntu-22.04
-    if: github.repository_owner == 'lifting-bits'
-
-    steps:
-    - uses: actions/checkout@v4
-
-    - name: Install LCov
-      run: sudo apt-get update -q
-        && sudo apt-get install lcov -q -y
+  # coverage:
+  #   needs: [lint]
 
-    - name: Configure
-      run: cmake --preset=ci-coverage
+  #   runs-on: ubuntu-22.04
+  #   if: github.repository_owner == 'lifting-bits'
+  #   container:
+  #     image:
+  #       ghcr.io/trailofbits/patchestry-ubuntu-${{ matrix.image-version }}-llvm-${{ matrix.llvm-version }}-dev:latest
 
-    - name: Build
-      run: cmake --build build/coverage -j $(nproc)
+  #   steps:
+  #   - uses: actions/checkout@v4
 
-    - name: Test
-      working-directory: build/coverage
-      run: ctest --output-on-failure --no-tests=error -j $(nproc)
+  #   - name: Install LCov
+  #     run: sudo apt-get update -q
+  #       && sudo apt-get install lcov -q -y
 
-    - name: Process coverage info
-      run: cmake --build build/coverage -t coverage
+  #   - name: Configure
+  #     run: cmake --preset=ci-coverage
 
-    - name: Submit to codecov.io
-      uses: codecov/codecov-action@v4
-      with:
-        file: build/coverage/coverage.info
+  #   - name: Build
+  #     run: cmake --build build/coverage -j $(nproc)
 
-  sanitize:
-    needs: [lint]
+  #   - name: Test
+  #     working-directory: build/coverage
+  #     run: ctest --output-on-failure --no-tests=error -j $(nproc)
 
-    runs-on: ubuntu-22.04
+  #   - name: Process coverage info
+  #     run: cmake --build build/coverage -t coverage
 
-    env: { CXX: clang++-14 }
+  #   - name: Submit to codecov.io
+  #     uses: codecov/codecov-action@v4
+  #     with:
+  #       file: build/coverage/coverage.info
 
-    steps:
-    - uses: actions/checkout@v4
+  # sanitize:
+  #   needs: [lint]
 
-    - name: Configure
-      run: cmake --preset=ci-sanitize
+  #   runs-on: ubuntu-22.04
+  #   container:
+  #     image:
+  #       ghcr.io/trailofbits/patchestry-ubuntu-${{ matrix.image-version }}-llvm-${{ matrix.llvm-version }}-dev:latest
 
-    - name: Build
-      run: cmake --build build/sanitize -j $(nproc)
+  #   env: { CXX: clang++-14 }
 
-    - name: Test
-      working-directory: build/sanitize
-      env:
-        ASAN_OPTIONS: "strict_string_checks=1:\
-          detect_stack_use_after_return=1:\
-          check_initialization_order=1:\
-          strict_init_order=1:\
-          detect_leaks=1"
-        UBSAN_OPTIONS: print_stacktrace=1
-      run: ctest --output-on-failure --no-tests=error -j $(nproc)
+  #   steps:
+  #   - uses: actions/checkout@v4
 
-  test:
-    needs: [lint]
+  #   - name: Configure
+  #     run: cmake --preset=ci-sanitize
 
-    strategy:
-      matrix:
-        os: [macos-12, ubuntu-22.04]
+  #   - name: Build
+  #     run: cmake --build build/sanitize -j $(nproc)
 
-    runs-on: ${{ matrix.os }}
+  #   - name: Test
+  #     working-directory: build/sanitize
+  #     env:
+  #       ASAN_OPTIONS: "strict_string_checks=1:\
+  #         detect_stack_use_after_return=1:\
+  #         check_initialization_order=1:\
+  #         strict_init_order=1:\
+  #         detect_leaks=1"
+  #       UBSAN_OPTIONS: print_stacktrace=1
+  #     run: ctest --output-on-failure --no-tests=error -j $(nproc)
 
-    steps:
-    - uses: actions/checkout@v4
+  # test:
+  #   needs: [lint]
 
-    - name: Install static analyzers
-      if: matrix.os == 'ubuntu-22.04'
-      run: >-
-        sudo apt-get install clang-tidy-14 cppcheck -y -q
+  #   runs-on: ubuntu-22.04
+  #   container:
+  #     image:
+  #       ghcr.io/trailofbits/patchestry-ubuntu-${{ matrix.image-version }}-llvm-${{ matrix.llvm-version }}-dev:latest
 
-        sudo update-alternatives --install
-        /usr/bin/clang-tidy clang-tidy
-        /usr/bin/clang-tidy-14 140
+  #   steps:
+  #   - uses: actions/checkout@v4
 
-    - name: Configure
-      shell: pwsh
-      run: cmake "--preset=ci-$("${{ matrix.os }}".split("-")[0])"
+  #   - name: Configure
+  #     shell: pwsh
+  #     run: cmake "--preset=ci-$("${{ matrix.os }}".split("-")[0])"
 
-    - name: Build
-      run: cmake --build build --config Release -j $(nproc)
+  #   - name: Build
+  #     run: cmake --build build --config Release -j $(nproc)
 
-    - name: Install
-      run: cmake --install build --config Release --prefix prefix
+  #   - name: Install
+  #     run: cmake --install build --config Release --prefix prefix
 
-    - name: Test
-      working-directory: build
-      run: ctest --output-on-failure --no-tests=error -C Release -j $(nproc)
+  #   - name: Test
+  #     working-directory: build
+  #     run: ctest --output-on-failure --no-tests=error -C Release -j $(nproc)
 
-  docs:
-    # Deploy docs only when builds succeed
-    needs: [sanitize, test]
+  # docs:
+  #   # Deploy docs only when builds succeed
+  #   needs: [sanitize, test]
 
-    runs-on: ubuntu-22.04
-    if: github.ref == 'refs/heads/main'
-      && github.event_name == 'push'
-      && github.repository_owner == 'lifting-bits'
+  #   runs-on: ubuntu-22.04
+  #   if: github.ref == 'refs/heads/main'
+  #     && github.event_name == 'push'
+  #     && github.repository_owner == 'lifting-bits'
 
-    steps:
-    - uses: actions/checkout@v4
+  #   steps:
+  #   - uses: actions/checkout@v4
 
-    - uses: actions/setup-python@v5
-      with: { python-version: "3.8" }
+  #   - uses: actions/setup-python@v5
+  #     with: { python-version: "3.8" }
 
-    - name: Install m.css dependencies
-      run: pip3 install jinja2 Pygments
+  #   - name: Install m.css dependencies
+  #     run: pip3 install jinja2 Pygments
 
-    - name: Install Doxygen
-      run: sudo apt-get update -q
-        && sudo apt-get install doxygen -q -y
+  #   - name: Install Doxygen
+  #     run: sudo apt-get update -q
+  #       && sudo apt-get install doxygen -q -y
 
-    - name: Build docs
-      run: cmake "-DPROJECT_SOURCE_DIR=$PWD" "-DPROJECT_BINARY_DIR=$PWD/build"
-        -P cmake/docs-ci.cmake
+  #   - name: Build docs
+  #     run: cmake "-DPROJECT_SOURCE_DIR=$PWD" "-DPROJECT_BINARY_DIR=$PWD/build"
+  #       -P cmake/docs-ci.cmake
 
-    - name: Deploy docs
-      uses: peaceiris/actions-gh-pages@v4
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        publish_dir: build/docs/html
+  #   - name: Deploy docs
+  #     uses: peaceiris/actions-gh-pages@v4
+  #     with:
+  #       github_token: ${{ secrets.GITHUB_TOKEN }}
+  #       publish_dir: build/docs/html