Skip to content

🚀 On-chain AI Code Audit & Provenance Stamp

🗂️ Project Overview

  • Student ID:20230712
  • Name:Youngjoon Cho
  • Project Title: On-chain AI Code Audit & Provenance Stamp
  • Summary (3–4 sentences):
    This project is a system that permanently records the ratio of AI-generated code and security risk analysis results on the blockchain to prevent tampering.
    A specific commit in the Git repository is hashed, and the code analysis report is stored on IPFS. The corresponding CID and hash are then recorded in a smart contract.
    This allows any third party to re-verify the code at any time and clearly determine responsibility for security risk and AI-generated code.

1. 🧩 Problem: What Problem Are You Solving?

Problems

  • AI-generated code boosts productivity but raises concerns over unknown origins, reduced quality, and security vulnerabilities
  • Lack of methods to verify trustworthiness of open-source or project code
  • Centralized code hosting (e.g., GitHub) cannot fully prevent record tampering

Existing Limitations

  • Git can track code change history, but not AI-generation ratio or security analysis results
  • Relies on platform-provided data without independent verification

Value

  • Ensuring transparency and trust in AI code usage is critical for both open-source and commercial software

2. 💡 Solution: Your Proposed Approach

Proposed Solution

  1. Collect Git commit hash and project tree hash in local or CI environments
  2. Perform AI code ratio analysis and security scoring (AI analyzer)
  3. Generate analysis report in JSON format
  4. Upload to IPFS (Storacha) → generate CID
  5. Record CID and commit hash in a smart contract

AI & Blockchain Integration

  • AI: Detect AI-generated code ratio and security vulnerabilities
  • Blockchain: Permanently store hashes and analysis results, ensuring tamper-proof trust evidence

  • (Optional) Include a diagram to show the system architecture or workflow.


3. 🔗 Why Blockchain (and Token)?

Why Blockchain

  • Recording IPFS CID and code hash on-chain enables verification without relying on central servers
  • Third parties can download the code, recompute its hash, and check against the record instantly

Token

  • Used Base Sepolia ETH for test
  • Could be added for contributor rewards or trust/reputation system in future

4. 🛠️ MVP or Prototype

  • Current status: ☑ Prototype
  • Key Features:
  • Automatic extraction of Git commit and tree hashes
  • AI code ratio analysis and security scoring
  • IPFS upload of analysis report (Storacha CLI)
  • On-chain recording of CID + hash (smart contract)
  • Code repository: [GitHub] [test_repo]
  • Contract: [BaseScan]
  • Example Output:

    Call the API

    curl -X POST http://localhost:8080/analyze \
      -H "Content-Type: application/json" \
      -d '{
        "project": "joonny-kr/test_repo",
        "repo_url": "https://github.com/joonny-kr/test_repo",
        "repo_path": null,
        "commit": null,
        "ai_hint": null,
        "store_source_on_ipfs": null
      }'
    

    API Result

    {"job_id":"867a7809-7701-464f-a982-8472dab3e342"}
    

    Call the API

    curl http://localhost:8080/jobs/867a7809-7701-464f-a982-8472dab3e342
    

    API Result

    {
      "id": "867a7809-7701-464f-a982-8472dab3e342",
      "status": "done",
      "input": {
        "project": "joonny-kr/test_repo",
        "repo_path": null,
        "repo_url": "https://github.com/joonny-kr/test_repo",
        "commit": null,
        "ai_hint": null,
        "store_source_on_ipfs": null
      },
      "result": {
        "commit": "f152c8e19544f980dda77c212d37ef48fae9d84d",
        "tree_sha256": "b767c644a2d7799cf30c62498332ac30a194cb0f2dc14bf4c11d0832436f47f8",
        "ai_percentage": 26.7,
        "security_score": 90,
        "report_cid": "bafybeidwul7iqelgg426yjq5takqemrthxrrq3fvk22fhcmola2ils4cla",
        "tx_hash": "0x806066ff7baf522fde5c4c3b93cefdf661261d163df59735e318d93ad17e5513",
        "analyzed_at": 1754832946
      },
      "error": null,
      "created_at": 1754832946
    }
    

    Result

    [IFPS] [BaseScan(Sepolia)]

    Demo Frontend(in local host)


5. 📬 Submission to Hackathons or Grant Programs

  • Name of the program you submitted to: Devfolio:Onchain Summer Awards
  • Submission link: [Devfolio]
  • Short summary of your submitted description: A decentralized code provenance and audit platform that analyzes GitHub repositories, detects AI-generated code ratio and security risks, stores the report on IPFS, and permanently records the proof on-chain for tamper-proof verification.
    스크린샷 2025-08-11 002155

6. 🤔 Reflection & Future Work

Lessons Learned

  • Ensuring permanent data integrity using IPFS and blockchain
  • Implementing Rust-based Web3 API and smart contract calls

Challenges

  • Handling Storacha CLI authentication/upload errors
  • Designing commit hash and on-chain data structures

Future Plans

  • Release as a GitHub Actions plugin
  • Improve AI-generated code detection accuracy
  • Introduce token-based trust/reward system

7. 📚 References