🚀 On-chain AI Code Audit & Provenance Stamp¶
🗂️ Project Overview¶
- Student ID:20230712
- Name:Youngjoon Cho
- Project Title: On-chain AI Code Audit & Provenance Stamp
- Summary (3–4 sentences):
This project is a system that permanently records the ratio of AI-generated code and security risk analysis results on the blockchain to prevent tampering.
A specific commit in the Git repository is hashed, and the code analysis report is stored on IPFS. The corresponding CID and hash are then recorded in a smart contract.
This allows any third party to re-verify the code at any time and clearly determine responsibility for security risk and AI-generated code.
1. 🧩 Problem: What Problem Are You Solving?¶
Problems¶
- AI-generated code boosts productivity but raises concerns over unknown origins, reduced quality, and security vulnerabilities
- Lack of methods to verify trustworthiness of open-source or project code
- Centralized code hosting (e.g., GitHub) cannot fully prevent record tampering
Existing Limitations¶
- Git can track code change history, but not AI-generation ratio or security analysis results
- Relies on platform-provided data without independent verification
Value¶
- Ensuring transparency and trust in AI code usage is critical for both open-source and commercial software
2. 💡 Solution: Your Proposed Approach¶
Proposed Solution¶
- Collect Git commit hash and project tree hash in local or CI environments
- Perform AI code ratio analysis and security scoring (AI analyzer)
- Generate analysis report in JSON format
- Upload to IPFS (Storacha) → generate CID
- Record CID and commit hash in a smart contract
AI & Blockchain Integration¶
- AI: Detect AI-generated code ratio and security vulnerabilities
-
Blockchain: Permanently store hashes and analysis results, ensuring tamper-proof trust evidence
-
(Optional) Include a diagram to show the system architecture or workflow.
3. 🔗 Why Blockchain (and Token)?¶
Why Blockchain¶
- Recording IPFS CID and code hash on-chain enables verification without relying on central servers
- Third parties can download the code, recompute its hash, and check against the record instantly
Token¶
- Used Base Sepolia ETH for test
- Could be added for contributor rewards or trust/reputation system in future
4. 🛠️ MVP or Prototype¶
- Current status: ☑ Prototype
- Key Features:
- Automatic extraction of Git commit and tree hashes
- AI code ratio analysis and security scoring
- IPFS upload of analysis report (Storacha CLI)
- On-chain recording of CID + hash (smart contract)
- Code repository: [GitHub] [test_repo]
- Contract: [BaseScan]
-
Example Output:
Call the API curl -X POST http://localhost:8080/analyze \ -H "Content-Type: application/json" \ -d '{ "project": "joonny-kr/test_repo", "repo_url": "https://github.com/joonny-kr/test_repo", "repo_path": null, "commit": null, "ai_hint": null, "store_source_on_ipfs": null }'
API Result {"job_id":"867a7809-7701-464f-a982-8472dab3e342"}
Call the API curl http://localhost:8080/jobs/867a7809-7701-464f-a982-8472dab3e342
API Result { "id": "867a7809-7701-464f-a982-8472dab3e342", "status": "done", "input": { "project": "joonny-kr/test_repo", "repo_path": null, "repo_url": "https://github.com/joonny-kr/test_repo", "commit": null, "ai_hint": null, "store_source_on_ipfs": null }, "result": { "commit": "f152c8e19544f980dda77c212d37ef48fae9d84d", "tree_sha256": "b767c644a2d7799cf30c62498332ac30a194cb0f2dc14bf4c11d0832436f47f8", "ai_percentage": 26.7, "security_score": 90, "report_cid": "bafybeidwul7iqelgg426yjq5takqemrthxrrq3fvk22fhcmola2ils4cla", "tx_hash": "0x806066ff7baf522fde5c4c3b93cefdf661261d163df59735e318d93ad17e5513", "analyzed_at": 1754832946 }, "error": null, "created_at": 1754832946 }
Result¶
Demo Frontend(in local host)¶
![]() |
![]() |
![]() |
5. 📬 Submission to Hackathons or Grant Programs¶
- Name of the program you submitted to: Devfolio:Onchain Summer Awards
- Submission link: [Devfolio]
- Short summary of your submitted description: A decentralized code provenance and audit platform that analyzes GitHub repositories, detects AI-generated code ratio and security risks, stores the report on IPFS, and permanently records the proof on-chain for tamper-proof verification.
6. 🤔 Reflection & Future Work¶
Lessons Learned¶
- Ensuring permanent data integrity using IPFS and blockchain
- Implementing Rust-based Web3 API and smart contract calls
Challenges¶
- Handling Storacha CLI authentication/upload errors
- Designing commit hash and on-chain data structures
Future Plans¶
- Release as a GitHub Actions plugin
- Improve AI-generated code detection accuracy
- Introduce token-based trust/reward system