Skip to content

feat: parallelization, HTML report overhaul, Zig parser, dynamic test hardening#23

Merged
ar7casper merged 1 commit intomasterfrom
sync-to-public
Apr 14, 2026
Merged

feat: parallelization, HTML report overhaul, Zig parser, dynamic test hardening#23
ar7casper merged 1 commit intomasterfrom
sync-to-public

Conversation

@ar7casper
Copy link
Copy Markdown
Collaborator

@ar7casper ar7casper commented Apr 14, 2026

Syncs accumulated work from internal development into the public repo.

What's in this release

Added

  • Parallelization across all pipeline stages (Stage 1, Stage 2, Enhance, Dynamic Test).
    Thread-safe TokenTracker and ProgressReporter; shared HTTP client and token-bucket
    RateLimiter.
  • Checkpoint / resume system (libs/openant-core/core/checkpoint.py) — interrupted scans
    resume without re-running completed work.
  • Zig parser (libs/openant-core/parsers/zig/).
  • HTML report overhaul (apps/openant-cli/internal/report/):
    • Two themes (dark and Knostic light)
    • Repo/commit/language/duration/cost in the header
    • Findings numbered (#N) with anchor IDs
    • Collapsible verdict group sections (vulnerable/bypassable open by default)
    • Two-level sort: verdict, then dynamic test outcome (CONFIRMED first)
    • File paths link to the repo at the scanned commit
    • Pipeline Costs & Timing with per-step breakdown and totals row
    • Executive Summary cross-links to findings; priority labels replace fabricated timeframes
  • Dynamic testing hardening: structured result classification (CONFIRMED / NOT_REPRODUCED /
    BLOCKED / INCONCLUSIVE / ERROR), retry logic, checkpoint-aware resume.

Changed

  • Finding verifier (utilities/finding_verifier.py) and context enhancer
    (utilities/context_enhancer.py) overhauled for parallel, agentic execution.
  • Report data pipeline: Python computes a ReportData JSON blob; Go renders the HTML template.

Fixed

  • Cost tracking: no more negative totals under parallel execution; per-unit cost in progress
    output.
  • merge_dynamic_results no longer contaminates stdout.
  • HTML entities (>, <) render correctly (previously double-escaped).
  • "Max iterations reached" verifier timeouts now mark findings inconclusive.
  • Unified checkpoint resume behavior across phases.
  • Stdin race during interactive signal forwarding.

@ar7casper @claude
release: parallelization, HTML report overhaul, Zig parser, dynamic t…
b589cd8 
…est hardening

Syncs accumulated work from internal development.

Added:
- Parallelization across all pipeline stages (Stage 1, Stage 2, Enhance,
  Dynamic Test). Thread-safe TokenTracker and ProgressReporter, shared
  HTTP client, token-bucket RateLimiter.
- Checkpoint/resume system (libs/openant-core/core/checkpoint.py) —
  interrupted scans resume without re-running completed work.
- Zig parser (libs/openant-core/parsers/zig/).
- HTML report overhaul: two themes (dark + Knostic light); repo,
  commit, language, duration, and cost in the header; findings
  numbered with anchor IDs; collapsible verdict group sections
  (vulnerable/bypassable open by default); two-level sort (verdict,
  then dynamic test outcome); file paths link to the repo at the
  scanned commit; Pipeline Costs & Timing with totals row;
  Executive Summary cross-links to findings; priority labels replace
  fabricated timeframes.
- Dynamic testing hardening: structured result classification
  (CONFIRMED / NOT_REPRODUCED / BLOCKED / INCONCLUSIVE / ERROR),
  retry logic, checkpoint-aware resume.

Changed:
- Finding verifier and context enhancer overhauled for parallel,
  agentic execution.
- Report data pipeline: Python computes a ReportData JSON blob; Go
  renders the HTML template.

Fixed:
- Cost tracking: no more negative totals under parallel execution;
  per-unit cost in progress output.
- merge_dynamic_results no longer contaminates stdout.
- HTML entities (>, <) render correctly (previously double-escaped).
- "Max iterations reached" verifier timeouts now mark findings
  inconclusive.
- Unified checkpoint resume behavior across phases.
- Stdin race during interactive signal forwarding.

Sastinel (internal fork origin) references scrubbed from all tracked
files. Internal-only working notes removed. CHANGELOG.md added.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ar7casper ar7casper changed the title Release: parallelization, HTML report overhaul, Zig parser, dynamic test hardening feat: parallelization, HTML report overhaul, Zig parser, dynamic test hardening Apr 14, 2026
@ar7casper ar7casper merged commit d710b90 into master Apr 14, 2026
2 checks passed
@ar7casper ar7casper deleted the sync-to-public branch April 14, 2026 12:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgeyshis dgeyshis dgeyshis approved these changes

@sounil sounil Awaiting requested review from sounil sounil is a code owner

@shahar-davidson shahar-davidson Awaiting requested review from shahar-davidson shahar-davidson is a code owner

@yotamleo yotamleo Awaiting requested review from yotamleo yotamleo is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ar7casper @dgeyshis