feat(dagger): Allow to use enterprise CLI from Dagger OSS module

[javirln]

This pull request introduces support for using the enterprise version of the Chainloop CLI in the Dagger integration, along with enhanced configuration for the platform API and improved flexibility in CLI container setup. The main changes add the ability to select between the open-source and enterprise CLI images, configure the platform API endpoint and custom CA, and ensure these options are properly propagated throughout the codebase.

Enterprise CLI Support

• Added a new Enterprise field and constructor argument to the Chainloop struct, allowing users to specify whether to use the enterprise CLI image (ghcr.io/chainloop-dev/platform/cli) or the open-source CLI image (ghcr.io/chainloop-dev/chainloop/cli). The correct image and version are now selected based on this flag. [1] [2] [3] [4] [5]

• Updated the automation script .github/workflows/utils/bump-chart-and-dagger-version.sh to automatically fetch and update the enterprise CLI version from the platform info endpoint.

Platform API Configuration

• Extended the InstanceInfo struct and related methods to support specifying a custom platform API endpoint and custom CA file, which are now passed as environment variables and files to the CLI container. [1] [2] [3] [4]

These changes provide more flexibility for users with enterprise requirements and improve the configuration options for connecting to different Chainloop platform environments.

[chainloop-platform]

AI Session Analysis

Avg score	Sessions	Failing policies	Attribution	Files	Lines	Total Duration
🟡 77%	1	✅ 0	73% AI / 27% Human	2	+71 / -24	1h7m6s

🟡 77% — 73% AI — ✅ All policies passing

May 22, 2026 15:51 UTC · 1h7m6s · $7.52 · 148 in / 31.8k out · claude-code 2.1.139 (claude-opus-4-6)

View session details ↗

Change Summary

• Adds --enterprise flag and --cli-version parameter to the Dagger module constructor
• Implements conditional image selection between OSS and enterprise container images
• Integrates infoz API call in the bump script to seed the version constant at build time
• Resolves a rebase conflict in main.go, keeping only the necessary version constant update

AI Session Overall Score

🟡 77% — Solid implementation let down by missing tests and unverified enterprise path.

AI Session Analysis Breakdown

🟢 92% · scope-discipline

🟢 Changes confined to exactly two task-relevant files; license checks confirmed no drive-by edits. · High Impact

🟢 88% · solution-quality

🟢 Implemented the real feature end-to-end: parameterized constructor, image-selection logic, and infoz bump-script integration. · High Impact

🟢 82% · alignment

🟡 AI suggested incorrect dagger call syntax for testing; user hit 'unknown command container' error. · Low Severity

🟢 82% · user-trust-signal

🟡 Two consecutive single-word 'continue' prompts suggest the AI stalled briefly mid-session. · Low Severity

🟡 78% · context-and-planning

🟢 AI produced a multi-section written plan naming context, files, code details, and tradeoffs before any edits. · High Impact

🟠 Initial prompt was a bare Linear URL plus one terse sentence with no inline constraints or acceptance criteria. · Medium Severity

💡 Paste key requirements and acceptance criteria directly into the prompt rather than relying on linked external tickets.

🟡 52% · verification

🔴 No tests added for --enterprise/--cli-version parameters or the conditional image-selection logic. · High Severity

💡 Extract image-selection into a testable helper and add unit tests covering both OSS and enterprise paths.

🟠 User's end-to-end dagger call failed with 'unknown command container'; no confirmed successful run of the enterprise path. · Medium Severity

💡 Provide a working example command exercising --enterprise and confirm the correct image is pulled before merging.

---

File Attribution

██████████████░░░░░░ 73% AI / 27% Human

Status	Attribution	File	Lines
modified	ai	extras/dagger/main.go	+65 / -24
modified	ai	.github/workflows/utils/bump-chart-and-dagger-version.sh	+6 / -0

---

Policies (4)

Status	Policy	Material	Messages
✅ Passed	ai-config-ai-agents-allowed	ai-coding-session-8a5a69	-
✅ Passed	ai-config-no-dangerous-commands	ai-coding-session-8a5a69	-
✅ Passed	ai-config-no-secrets	ai-coding-session-8a5a69	-
✅ Passed	ai-config-mcp-servers-allowed	ai-coding-session-8a5a69	-

---

Powered by Chainloop and Chainloop Trace

[cubic-dev-ai]

No issues found across 2 files

_{Re-trigger cubic}

[migmartri]

Thanks

• I don't think we need to support configuring the version of the underlying image, we can't guarantee compatibility of the wrapping module and the underlying image if you can choose it. It's not how the current oss works either.

[javirln]

Updated the PR to allow the customization of Platform's CAs and endpoint address.