UNPKG

@dooor-ai/trust

Version:

TEE Attestation and Confidential Computing utilities for Dooor OS

244 lines 11 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
"use strict"; var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; }; var __metadata = (this && this.__metadata) || function (k, v) { if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v); }; var _a; Object.defineProperty(exports, "__esModule", { value: true }); exports.AuditController = void 0; const common_1 = require("@nestjs/common"); const swagger_1 = require("@nestjs/swagger"); const audit_executor_service_1 = require("../services/audit-executor.service"); let AuditController = class AuditController { constructor(auditExecutorService) { this.auditExecutorService = auditExecutorService; } async getHealth() { try { return { status: 'healthy', message: 'Transparent TEE Code Auditor is operational', capabilities: { github_access: true, file_reading: true, cryptographic_proof: true, tee_attestation: true }, auditor_source: 'https://github.com/dooor/tee-auditor-opensource', last_health_check: new Date().toISOString() }; } catch (error) { throw new common_1.HttpException({ status: 'unhealthy', error: error.message }, common_1.HttpStatus.SERVICE_UNAVAILABLE); } } async getVerification() { const latestSession = this.auditExecutorService.getLatestAuditSession(); return { auditor_transparency: { public_repository: 'https://github.com/Dooor-AI/tee-auditor', source_code_url: 'https://raw.githubusercontent.com/Dooor-AI/tee-auditor/main/auditor.js', verification_instructions: [ 'Download auditor.js from the public repository', 'Calculate SHA256 hash of the downloaded code', 'Compare hash with auditor_verification.code_hash below', 'Verify TEE attestation JWT for hardware-level trust', 'Check execution trace for step-by-step audit proof' ] }, latest_audit: latestSession ? { session_id: latestSession.session_id, auditor_code_hash: latestSession.auditor_verification.code_hash, execution_chain_hash: latestSession.cryptographic_proof.execution_chain_hash, tee_signature: latestSession.cryptographic_proof.tee_signature, timestamp: latestSession.git_state.timestamp } : null, verification_endpoints: { run_audit: '/tee/auditor/run', get_results: '/tee/auditor/results', execution_log: '/tee/auditor/execution-log' } }; } async runAudit() { try { const auditSession = await this.auditExecutorService.executePublicAudit(); return { message: 'Transparent audit completed successfully', session_id: auditSession.session_id, summary: { files_analyzed: auditSession.final_result?.files_analyzed?.length || 0, security_score: auditSession.final_result?.analysis_results?.security_score || null, critical_findings: auditSession.final_result?.analysis_results?.findings?.filter((f) => f.severity === 'high' || f.severity === 'critical').length || 0 }, verification: { auditor_hash: auditSession.auditor_verification.code_hash, execution_chain_hash: auditSession.cryptographic_proof.execution_chain_hash, tee_signature: auditSession.cryptographic_proof.tee_signature }, transparency_proof: { public_auditor_url: auditSession.auditor_verification.source_url, execution_steps: auditSession.execution_trace.length, timestamp: auditSession.git_state.timestamp } }; } catch (error) { throw new common_1.HttpException({ message: 'Audit execution failed', error: error.message, timestamp: new Date().toISOString() }, common_1.HttpStatus.INTERNAL_SERVER_ERROR); } } async getResults() { const latestSession = this.auditExecutorService.getLatestAuditSession(); if (!latestSession) { throw new common_1.HttpException({ message: 'No audit results available. Run an audit first.' }, common_1.HttpStatus.NOT_FOUND); } return { session_id: latestSession.session_id, audit_results: latestSession.final_result, verification: { auditor_code_hash: latestSession.auditor_verification.code_hash, public_source: latestSession.auditor_verification.source_url, execution_chain_hash: latestSession.cryptographic_proof.execution_chain_hash, tee_signature: latestSession.cryptographic_proof.tee_signature }, git_state: latestSession.git_state, execution_summary: { total_steps: latestSession.execution_trace.length, execution_time: latestSession.git_state.timestamp } }; } async getExecutionLog() { const latestSession = this.auditExecutorService.getLatestAuditSession(); if (!latestSession) { throw new common_1.HttpException({ message: 'No execution log available. Run an audit first.' }, common_1.HttpStatus.NOT_FOUND); } return { session_id: latestSession.session_id, execution_trace: latestSession.execution_trace, verification_info: { each_step_is_hashed: true, hash_chain_verified: true, cryptographic_proof: latestSession.cryptographic_proof.execution_chain_hash }, transparency_notes: [ 'Each step includes a cryptographic hash', 'Step hashes form a tamper-proof chain', 'Files read are logged with content hashes', 'Gemini analysis inputs/outputs are hashed', 'Full execution is signed by TEE private key' ] }; } async verifySession() { return this.getVerification(); } }; exports.AuditController = AuditController; __decorate([ (0, common_1.Get)('health'), (0, swagger_1.ApiOperation)({ summary: 'Check transparent auditor health status', description: 'Verifies the auditor system is operational and can access GitHub' }), (0, swagger_1.ApiResponse)({ status: 200, description: 'Auditor health status and capabilities' }), __metadata("design:type", Function), __metadata("design:paramtypes", []), __metadata("design:returntype", Promise) ], AuditController.prototype, "getHealth", null); __decorate([ (0, common_1.Get)('verification'), (0, swagger_1.ApiOperation)({ summary: 'Get auditor verification information', description: 'Returns cryptographic proof and hash verification data' }), (0, swagger_1.ApiResponse)({ status: 200, description: 'Verification information for transparency' }), __metadata("design:type", Function), __metadata("design:paramtypes", []), __metadata("design:returntype", Promise) ], AuditController.prototype, "getVerification", null); __decorate([ (0, common_1.Post)('run'), (0, swagger_1.ApiOperation)({ summary: 'Execute transparent audit', description: 'Downloads public auditor code and executes security analysis with full cryptographic proof' }), (0, swagger_1.ApiResponse)({ status: 200, description: 'Audit execution completed with cryptographic proof' }), (0, swagger_1.ApiResponse)({ status: 500, description: 'Audit execution failed' }), __metadata("design:type", Function), __metadata("design:paramtypes", []), __metadata("design:returntype", Promise) ], AuditController.prototype, "runAudit", null); __decorate([ (0, common_1.Get)('results'), (0, swagger_1.ApiOperation)({ summary: 'Get latest audit results', description: 'Returns detailed results from the latest audit execution' }), (0, swagger_1.ApiResponse)({ status: 200, description: 'Latest audit results with full analysis' }), (0, swagger_1.ApiResponse)({ status: 404, description: 'No audit results available' }), __metadata("design:type", Function), __metadata("design:paramtypes", []), __metadata("design:returntype", Promise) ], AuditController.prototype, "getResults", null); __decorate([ (0, common_1.Get)('execution-log'), (0, swagger_1.ApiOperation)({ summary: 'Get detailed execution log', description: 'Returns step-by-step execution trace for transparency verification' }), (0, swagger_1.ApiResponse)({ status: 200, description: 'Detailed execution log with cryptographic hashes' }), __metadata("design:type", Function), __metadata("design:paramtypes", []), __metadata("design:returntype", Promise) ], AuditController.prototype, "getExecutionLog", null); __decorate([ (0, common_1.Get)('verify/:sessionId'), (0, swagger_1.ApiOperation)({ summary: 'Verify specific audit session', description: 'Provides verification data for a specific audit session' }), (0, swagger_1.ApiResponse)({ status: 200, description: 'Session verification data' }), __metadata("design:type", Function), __metadata("design:paramtypes", []), __metadata("design:returntype", Promise) ], AuditController.prototype, "verifySession", null); exports.AuditController = AuditController = __decorate([ (0, swagger_1.ApiTags)('TEE Code Auditor - Transparent'), (0, common_1.Controller)('tee/auditor'), __metadata("design:paramtypes", [typeof (_a = typeof audit_executor_service_1.AuditExecutorService !== "undefined" && audit_executor_service_1.AuditExecutorService) === "function" ? _a : Object]) ], AuditController); //# sourceMappingURL=audit.controller.js.map