Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -106,9 +106,15 @@ The trail on disk — 10 chained entries, each sealing the one before:

Attacker rewrites entry #4 (truecopy's block) to read 'pass'…
verifyAuditFile() → {"ok":false,"at":4} ❌ BROKEN — tamper detected at entry #4

A sneakier tamper — the attacker DELETES the newest verdicts (a valid PREFIX
still verifies by the chain alone). redstamp 0.5.1 anchors the chain head, and
the gate holds {head, count} in memory as it records:
verifyAuditFile(trail) → {"ok":true,"entries":8} ⚠️ prefix still checks out
verifyAuditFile(trail, checkpoint) → {"ok":false,"at":8,"reason":"truncated"} ❌ TRUNCATION caught
```

`npm run demo:audit` runs this live; `npm test` asserts it (intact chain verifies; an edit, and a mid-log deletion, both break it and pinpoint where). strongroom additionally seals its own secret-access log with an HMAC **tip**, so even truncating or re-rooting that log is detectable.
`npm run demo:audit` runs this live; `npm test` asserts it (intact chain verifies; an edit, a mid-log deletion, **and a tail-truncation** each break it and pinpoint where). Tail-truncation — deleting the most-recent entries — is the one tamper a bare hash chain can't see, because a valid prefix still verifies. **redstamp 0.5.1** closes it: it anchors the chain head in a checkpoint (`verifyAuditFile(path, { head, count })`), so a log rewound to hide the verdict that just stopped an attacker is caught — the same guarantee strongroom already gives its secret-access log with an HMAC **tip**.

## Related Own Your Stack tools

Expand Down
25 changes: 23 additions & 2 deletions demo/audit-demo.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,25 @@ forgeEntry(trailPath, tamperAt, { decision: 'pass', verdict: 'clean' });
const broken = verifyAuditFile(trailPath);
L(' verifyAuditFile() → ' + JSON.stringify(broken) + ' ❌ BROKEN — tamper detected at entry #' + broken.at);
L('\n The edit is silent in the file but LOUD in the chain: you cannot rewrite history');
L(' without breaking the seal. (strongroom protects its own secret-access log the same way,');
L(' with an additional HMAC tip — strongroomAudit.verify(): ' + JSON.stringify(strongroomAudit.verify()) + ')');
L(' without breaking the seal.');

// The other tamper a plain chain can't see: DELETING the newest verdicts. A valid
// PREFIX still verifies — so redstamp 0.5.1 pins the head. The gate keeps the chain
// head + length in memory as it records (a checkpoint an on-disk attacker can't
// reach); verifying against it catches a truncation the bare chain waves through.
const fresh = runTrilogy();
fresh.audit.flush(fresh.trailPath);
const checkpoint = { head: fresh.audit.entries.at(-1).hash, count: fresh.audit.entries.length };
const freshLines = fs.readFileSync(fresh.trailPath, 'utf8').split('\n').filter((l) => l.trim());
fs.writeFileSync(fresh.trailPath, freshLines.slice(0, -2).join('\n') + '\n'); // lop off the newest two
const barePrefix = verifyAuditFile(fresh.trailPath);
const vsCheckpoint = verifyAuditFile(fresh.trailPath, checkpoint);
L('\nA sneakier tamper — the attacker DELETES the last two verdicts instead of editing one:');
L(' verifyAuditFile() alone → ' + JSON.stringify(barePrefix) + ' ⚠️ a truncated prefix still checks out');
L(' …against the gate\'s checkpoint → ' + JSON.stringify(vsCheckpoint) + ' ❌ TRUNCATION caught');
L('\n redstamp 0.5.1 anchors the chain head, so truncating the newest entries is caught too —');
L(' the same protection strongroom gives its secret-access log with an HMAC tip.');
L(' strongroomAudit.verify(): ' + JSON.stringify(strongroomAudit.verify()));

L('\nvet it · contain it · key it never holds · and PROVE every decision ✅\n');

Expand All @@ -72,3 +89,7 @@ if (!ok.ok || broken.ok || broken.at !== tamperAt) {
console.error('demo failed: the audit trail did not verify intact then break at the tampered entry');
process.exit(1);
}
if (!barePrefix.ok || vsCheckpoint.ok || vsCheckpoint.reason !== 'truncated') {
console.error('demo failed: tail-truncation was not caught against the checkpoint');
process.exit(1);
}
24 changes: 12 additions & 12 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,9 @@
"fuzz": "node fuzz/run.mjs"
},
"dependencies": {
"@askalf/redstamp": "git+https://github.com/askalf/redstamp.git#4022dcd48dc867ef82a8a4c2a6f32f7599b3f701",
"@askalf/truecopy": "git+https://github.com/askalf/truecopy.git#55582d9b89dfdb9bbe6eea8face7ecc85ac21e24",
"@askalf/strongroom": "git+https://github.com/askalf/strongroom.git#9718edcae54b9bdee9f725cc4d5edae4abc2bbf8",
"@askalf/redstamp": "git+https://github.com/askalf/redstamp.git#27c26851e175045a3e274042c96760cf52dce9da",
"@askalf/truecopy": "git+https://github.com/askalf/truecopy.git#951460e003ab16ef86ea5f297c6523c09b4fba4e",
"@askalf/strongroom": "git+https://github.com/askalf/strongroom.git#43c9ca600ced5f9acc755590bc324e95764a5195",
"@modelcontextprotocol/sdk": "^1.29.0",
"zod": "^4.4.3"
},
Expand Down
23 changes: 23 additions & 0 deletions test/audit.test.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,29 @@ test('deleting an entry (truncating the chain mid-log) is also caught', () => {
assert.equal(v.ok, false, 'removing a link must break the chain');
});

test('tail-truncation (dropping the NEWEST verdicts) is caught against the gate\'s checkpoint', () => {
// A plain hash chain catches an edit or a MIDDLE deletion, but a valid PREFIX
// still verifies — so lopping off the most-recent entries (an attacker hiding
// the verdict that just stopped them) slips a bare verify(). redstamp 0.5.1
// pins the chain head: the gate holds { head, count } in memory as it records
// (a checkpoint an attacker who only rewrites the on-disk log cannot reach),
// and verifying against it catches the truncation.
const { audit, trailPath } = runTrilogy({ home: fs.mkdtempSync(path.join(os.tmpdir(), 'oys-audit-trunc-')) });
audit.flush(trailPath);
const checkpoint = { head: audit.entries.at(-1).hash, count: audit.entries.length };

const lines = fs.readFileSync(trailPath, 'utf8').split('\n').filter((l) => l.trim());
assert.ok(lines.length >= 3, 'precondition: several entries to truncate');
fs.writeFileSync(trailPath, lines.slice(0, -2).join('\n') + '\n'); // drop the newest two

// the chain alone still passes the surviving prefix — this is the gap the checkpoint closes
assert.equal(verifyAuditFile(trailPath).ok, true, 'a truncated prefix passes the bare chain');
// against the trusted checkpoint, the truncation is caught and named
const caught = verifyAuditFile(trailPath, checkpoint);
assert.equal(caught.ok, false, 'tail-truncation must be caught against the checkpoint');
assert.equal(caught.reason, 'truncated');
});

test('a fresh, untampered AuditLog roots at GENESIS and chains forward', () => {
// smallest possible unit, independent of the trilogy scenario
const a = new AuditLog();
Expand Down