Skip to content

feat: add CERTCC dranzer output as a material type#3211

Merged
javirln merged 1 commit into
chainloop-dev:mainfrom
javirln:dranzer
Jun 15, 2026
Merged

feat: add CERTCC dranzer output as a material type#3211
javirln merged 1 commit into
chainloop-dev:mainfrom
javirln:dranzer

Conversation

@javirln

@javirln javirln commented Jun 15, 2026

Copy link
Copy Markdown
Member

Summary

Adds CERT/CC dranzer ActiveX/COM control test reports as a first-class material type (CERTCC_DRANZER).

Dranzer fuzz-tests ActiveX/COM controls and emits a free-form plain-text report. The raw report is attested verbatim in the CAS, while a structured JSON projection is generated on the fly for the policy engine — the run summary counters, per-object identity/version metadata, and error/access-violation findings — following the existing SYSINTERNALS_ACCESSCHK and SYSINTERNALS_SIGCHECK material types.

The parser is tolerant of dranzer's undocumented, ANSI-encoded output: invalid byte sequences are sanitized, the full original text is always preserved for policy string-matching fallbacks, and the output-format handling was verified against the dranzer source.

Refs PFM-6359

AI assistance

This change was produced with assistance from Claude Code, disclosed via the Assisted-by trailer on the commit.

Review in cubic

Add support for CERT/CC dranzer ActiveX/COM control test reports as a first-class material type (CERTCC_DRANZER). The raw plain-text report is attested verbatim while a structured JSON projection (run summary, per-object metadata and error/access-violation findings) is generated on the fly for the policy engine, following the SYSINTERNALS_ACCESSCHK and SYSINTERNALS_SIGCHECK pattern.

Assisted-by: Claude Code
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>

Chainloop-Trace-Sessions: f09b8b6c-a7ce-43df-b75b-6e4e3687bdd6
@chainloop-platform

chainloop-platform Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

AI Session Analysis

Avg score Sessions Failing policies Attribution Files Lines Total Duration
🟢 87% 1 ✅ 0 95% AI / 5% Human 14 +862 / -44 94h39m2s

🟢 87% — 95% AI — ✅ All policies passing

Jun 11, 2026 11:39 UTC · 94h39m2s · $36.19 · 161.5k in / 276.8k out · claude-code 2.1.173 (claude-opus-4-8)

View session details ↗

Change Summary

  • Adds CERTCC_DRANZER as a new material kind and regenerates related API/schema artifacts.
  • Implements the dranzer parser/crafter, registry wiring, JSON projection, and test coverage.
  • Updates CLI docs and validates the parser against synthetic fixtures, real outputs, and the upstream source.

AI Session Overall Score

🟢 87% — Strong implementation and verification, but the requested PR opening never happened.

AI Session Analysis Breakdown

🟢 95% · verification

🟢 AI validated the parser with targeted tests, build/lint runs, and real-output checks. · High Impact

🟢 93% · user-trust-signal

No notes.

🟢 92% · solution-quality

🟢 Real-format mismatches led to a parser rewrite rather than a quick patch. · High Impact

🟢 90% · scope-discipline

No notes.

🟢 88% · context-and-planning

🟢 The session began with planning and precedent review before implementation started. · High Impact

🟡 68% · alignment

🟠 User asked for a signed commit and PR opening, but the session stopped after commit verification. · Medium Severity

💡 When a request bundles commit and PR creation, verify both steps happened before declaring the workflow complete.


File Attribution

███████████████████░ 95% AI / 5% Human

Status Attribution File Lines
created ai pkg/attestation/crafter/materials/dranzer/dranzer.go +316 / -0
created ai pkg/attestation/crafter/materials/dranzer/dranzer_test.go +157 / -0
created ai pkg/attestation/crafter/materials/dranzer_test.go +120 / -0
modified ai pkg/attestation/crafter/api/attestation/v1/crafting_state.go +53 / -42
created ai pkg/attestation/crafter/materials/dranzer.go +84 / -0
created ai pkg/attestation/crafter/materials/dranzer/testdata/dranzer-report.txt +35 / -0
created human pkg/attestation/crafter/materials/testdata/dranzer-report.txt +35 / -0
created ai pkg/attestation/crafter/materials/dranzer/testdata/dranzer-crash.txt +27 / -0
modified ai pkg/attestation/crafter/api/attestation/v1/crafting_state_test.go +14 / -0
created ai pkg/attestation/crafter/materials/dranzer/testdata/dranzer-summary.txt +11 / -0
modified human app/cli/documentation/cli-reference.mdx +2 / -2
created ai pkg/attestation/crafter/materials/dranzer/testdata/garbage.txt +4 / -0
modified ai app/controlplane/api/workflowcontract/v1/crafting_schema.proto +2 / -0
modified ai pkg/attestation/crafter/materials/materials.go +2 / -0

Policies (4)

Status Policy Material Messages
✅ Passed ai-config-ai-agents-allowed ai-coding-session-f09b8b -
✅ Passed ai-config-no-dangerous-commands ai-coding-session-f09b8b -
✅ Passed ai-config-no-secrets ai-coding-session-f09b8b -
✅ Passed ai-config-mcp-servers-allowed ai-coding-session-f09b8b -

Powered by Chainloop and Chainloop Trace

@javirln javirln requested a review from a team June 15, 2026 10:22

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 28 files

Re-trigger cubic

@javirln javirln merged commit a2b5c64 into chainloop-dev:main Jun 15, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants