Skip to content

feat: add Sysinternals sigcheck output as a material type#3184

Merged
javirln merged 1 commit into
chainloop-dev:mainfrom
javirln:sigcheck
Jun 10, 2026
Merged

feat: add Sysinternals sigcheck output as a material type#3184
javirln merged 1 commit into
chainloop-dev:mainfrom
javirln:sigcheck

Conversation

@javirln

@javirln javirln commented Jun 10, 2026

Copy link
Copy Markdown
Member

Adds a SYSINTERNALS_SIGCHECK material type that ingests Sysinternals sigcheck output.

sigcheck emits CSV, but the Rego policy engine evaluates JSON only. The material is therefore transformed into a JSON array of records at evaluation time (delimiter auto-detected between comma and tab, BOM-aware), following the existing JUnit and Jacoco handling in GetEvaluableContent. Policies can then read the records under input.elements[_].

The crafter validates the report via a structural fingerprint (presence of the Path and Verified columns), stores the original CSV in the CAS, and annotates the material with the tool name.

This change was developed with AI assistance (Claude Code), as disclosed via the Assisted-by commit trailer.

Adds a SYSINTERNALS_SIGCHECK material type that ingests Sysinternals
sigcheck CSV output. Because the policy engine evaluates JSON only, the
CSV is transformed into a JSON array of records at evaluation time
(delimiter auto-detected, BOM-aware), consistent with the existing JUnit
and Jacoco handling. The crafter validates the report and stores the
original CSV in the CAS.

Assisted-by: Claude Code
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>

Chainloop-Trace-Sessions: 8fed5172-740a-4468-9572-6e160777444d
@chainloop-platform

chainloop-platform Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

AI Session Analysis

Avg score Sessions Failing policies Attribution Files Lines Total Duration
🟡 83% 1 ✅ 0 98% AI / 2% Human 15 +556 / -5 1h9m51s

🟡 83% — 98% AI — ✅ All policies passing

Jun 10, 2026 14:45 UTC · 1h9m51s · $42.45 · 875.4k in / 251.9k out · claude-code 2.1.170 (claude-opus-4-8)

View session details ↗

Change Summary

  • Adds a SYSINTERNALS_SIGCHECK material type for Chainloop.
  • Parses sigcheck CSV or TSV into JSON for policy evaluation and wires it into GetEvaluableContent.
  • Adds a crafter, testdata, generated schema or docs updates, and a real-file verification pass.

AI Session Overall Score

🟡 83% — Good planning and trust, but scope cleanup and verification evidence need reviewer attention.


File Attribution

███████████████████░ 98% AI / 2% Human

Status Attribution File Lines
created ai pkg/attestation/crafter/materials/sigcheck/sigcheck_test.go +155 / -0
created ai pkg/attestation/crafter/materials/sigcheck/sigcheck.go +146 / -0
created ai pkg/attestation/crafter/materials/sigcheck_test.go +133 / -0
created ai pkg/attestation/crafter/materials/sigcheck.go +80 / -0
modified ai pkg/attestation/crafter/api/attestation/v1/crafting_state_test.go +14 / -1
modified ai pkg/attestation/crafter/api/attestation/v1/crafting_state.go +11 / -1
modified human app/cli/documentation/cli-reference.mdx +2 / -2
modified ai app/controlplane/api/workflowcontract/v1/crafting_schema.proto +3 / -0
created ai pkg/attestation/crafter/materials/testdata/sigcheck-report.csv +3 / -0
modified human go.mod +1 / -1
created ai pkg/attestation/crafter/api/attestation/v1/testdata/sigcheck-report.csv +2 / -0
modified ai pkg/attestation/crafter/materials/materials.go +2 / -0
created human pkg/attestation/crafter/materials/testdata/sigcheck-report-tab.csv +2 / -0
modified ai app/controlplane/api/workflowcontract/v1/crafting_schema_validations.go +1 / -0
created ai pkg/attestation/crafter/materials/testdata/sigcheck-report-empty.csv +1 / -0

Policies (4)

Status Policy Material Messages
✅ Passed ai-config-ai-agents-allowed ai-coding-session-8fed51 -
✅ Passed ai-config-no-dangerous-commands ai-coding-session-8fed51 -
✅ Passed ai-config-no-secrets ai-coding-session-8fed51 -
✅ Passed ai-config-mcp-servers-allowed ai-coding-session-8fed51 -

Powered by Chainloop and Chainloop Trace

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 29 files

Re-trigger cubic

@javirln javirln requested a review from a team June 10, 2026 16:01
@javirln javirln enabled auto-merge (squash) June 10, 2026 18:05

@migmartri migmartri left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We probably want to update the readme and the documentation page

@javirln javirln merged commit acdfa1f into chainloop-dev:main Jun 10, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants