@dooor-ai/trust
Version:
TEE Attestation and Confidential Computing utilities for Dooor OS
184 lines • 7.41 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuditExecutorService = void 0;
const crypto_1 = require("crypto");
const fs = require("fs");
const path = require("path");
class AuditExecutorService {
constructor() {
this.currentSession = null;
}
async downloadAuditorCode(url) {
console.log(`[AuditExecutorService] Downloading from: ${url}`);
try {
const response = await fetch(url);
if (!response.ok) {
throw new Error(`Failed to download: ${response.status} ${response.statusText}`);
}
const code = await response.text();
console.log(`[AuditExecutorService] Downloaded ${code.length} bytes`);
return code;
}
catch (error) {
console.error(`[AuditExecutorService] Download Error: ${error.message}`);
throw error;
}
}
calculateHash(content) {
return (0, crypto_1.createHash)('sha256').update(content, 'utf8').digest('hex');
}
async getGitState() {
return {
commit_hash: 'current_commit_hash_placeholder',
branch: 'main',
timestamp: new Date().toISOString(),
repo_merkle_root: 'merkle_root_placeholder'
};
}
readInternalFile(filePath) {
console.log(`[AuditExecutorService] Reading: ${filePath}`);
const allowedPaths = [
'src/agents-nl/',
'src/app.module.ts',
'package.json'
];
const isAllowed = allowedPaths.some(allowed => filePath.startsWith(allowed));
if (!isAllowed) {
throw new Error(`Access denied to file: ${filePath}`);
}
try {
const fullPath = path.join(process.cwd(), filePath);
const content = fs.readFileSync(fullPath, 'utf8');
this.addExecutionStep('read_file', {
file_path: filePath,
file_hash: this.calculateHash(content),
file_size: content.length
});
return content;
}
catch (error) {
console.error(`[AuditExecutorService] Error reading ${filePath}: ${error.message}`);
throw error;
}
}
async geminiAnalyze(content, prompt) {
console.log(`[AuditExecutorService] Analyzing content length: ${content.length}`);
const analysis = {
security_score: 85,
findings: [
{
type: 'info',
message: 'Module structure follows NestJS best practices',
line: null,
severity: 'low'
},
{
type: 'suggestion',
message: 'Consider adding input validation decorators',
line: 15,
severity: 'medium'
}
],
summary: 'The module appears to be well-structured with standard NestJS patterns.',
analysis_timestamp: new Date().toISOString()
};
this.addExecutionStep('gemini_analysis', {
input_hash: this.calculateHash(content + prompt),
output_hash: this.calculateHash(JSON.stringify(analysis)),
prompt_type: 'security_analysis'
});
return analysis;
}
addExecutionStep(action, data) {
if (!this.currentSession)
return;
const step = {
step: this.currentSession.execution_trace.length + 1,
action,
timestamp: new Date().toISOString(),
data,
hash: this.calculateHash(JSON.stringify({
step: this.currentSession.execution_trace.length + 1,
action,
data,
previous_hash: this.currentSession.execution_trace.length > 0
? this.currentSession.execution_trace[this.currentSession.execution_trace.length - 1].hash
: 'genesis'
}))
};
this.currentSession.execution_trace.push(step);
console.log(`[AuditExecutorService] Added step ${step.step}: ${action}`);
}
async executeAuditorFunction() {
console.log(`[AuditExecutorService] Running auditor analysis...`);
const agentModulePath = 'src/agents-nl/agents-nl.module.ts';
const moduleContent = this.readInternalFile(agentModulePath);
const analysis = await this.geminiAnalyze(moduleContent, `Analyze this NestJS code for security vulnerabilities. Focus on:
1. Input validation and sanitization
2. Authentication and authorization mechanisms
3. Data exposure risks
4. Dependency security
5. Business logic flaws
Provide a security score (0-100) and detailed findings.`);
return {
files_analyzed: [agentModulePath],
analysis_results: analysis,
execution_timestamp: new Date().toISOString(),
auditor_version: '1.0.0'
};
}
async executePublicAudit() {
const sessionId = `audit-${new Date().toISOString().replace(/[:.]/g, '-')}`;
console.log(`[AuditExecutorService] Starting audit session: ${sessionId}`);
this.currentSession = {
session_id: sessionId,
tee_attestation_jwt: 'tee-jwt-placeholder',
git_state: await this.getGitState(),
auditor_verification: {
source_url: '',
code_hash: '',
download_timestamp: ''
},
execution_trace: [],
final_result: null,
cryptographic_proof: {
execution_chain_hash: '',
tee_signature: ''
}
};
try {
const auditorUrl = 'https://raw.githubusercontent.com/Dooor-AI/tee-auditor/main/auditor.js';
const auditorCode = await this.downloadAuditorCode(auditorUrl);
const codeHash = this.calculateHash(auditorCode);
this.currentSession.auditor_verification = {
source_url: auditorUrl,
code_hash: `sha256:${codeHash}`,
download_timestamp: new Date().toISOString()
};
this.addExecutionStep('download_auditor', {
source_url: auditorUrl,
code_hash: codeHash,
code_size: auditorCode.length
});
console.log(`[AuditExecutorService] Executing auditor analysis...`);
const auditResult = await this.executeAuditorFunction();
this.currentSession.final_result = auditResult;
const executionChainHash = this.calculateHash(JSON.stringify(this.currentSession.execution_trace));
this.currentSession.cryptographic_proof = {
execution_chain_hash: executionChainHash,
tee_signature: `tee_signed:${executionChainHash}`
};
console.log(`[AuditExecutorService] Audit completed successfully: ${sessionId}`);
return this.currentSession;
}
catch (error) {
console.error(`[AuditExecutorService] Audit failed: ${error.message}`);
throw error;
}
}
getLatestAuditSession() {
return this.currentSession;
}
}
exports.AuditExecutorService = AuditExecutorService;
//# sourceMappingURL=audit-executor.service.js.map