{"id":51025372,"url":"https://github.com/edycutjong/silo","last_synced_at":"2026-06-21T19:01:51.041Z","repository":{"id":366118067,"uuid":"1275111083","full_name":"edycutjong/silo","owner":"edycutjong","description":"๐Ÿ›ก๏ธ Zero-knowledge whistleblower drop shielding source identity inside secure enclaves.","archived":false,"fork":false,"pushed_at":"2026-06-20T09:39:09.000Z","size":2407,"stargazers_count":0,"open_issues_count":16,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-20T11:21:23.175Z","etag":null,"topics":["cryptography","express","intel-tdx","nextjs","privacy","tee","verifiable-credentials","whistleblower"],"latest_commit_sha":null,"homepage":"https://silo.edycu.dev","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/edycutjong.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-06-20T09:07:05.000Z","updated_at":"2026-06-20T09:39:13.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/edycutjong/silo","commit_stats":null,"previous_names":["edycutjong/silo"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/edycutjong/silo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fsilo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fsilo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fsilo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fsilo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/edycutjong","download_url":"https://codeload.github.com/edycutjong/silo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fsilo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34622271,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-21T02:00:05.568Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","express","intel-tdx","nextjs","privacy","tee","verifiable-credentials","whistleblower"],"created_at":"2026-06-21T19:01:49.504Z","updated_at":"2026-06-21T19:01:51.034Z","avatar_url":"https://github.com/edycutjong.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n \u003cimg src=\"docs/icon-animated.svg\" alt=\"Silo Logo\" width=\"120px\"\u003e\n \u003ch1\u003eSilo ๐Ÿ›ก๏ธ\u003c/h1\u003e\n \u003cp\u003e\u003cem\u003eZero-Knowledge Whistleblower Drop Shielding Source Identity inside Secure Enclaves\u003c/em\u003e\u003c/p\u003e\n\n \u003cimg src=\"docs/readme-hero.png\" alt=\"Silo Hero Banner\" width=\"100%\"\u003e\n\n \u003cbr/\u003e\n\n [![Live Demo](https://img.shields.io/badge/๐Ÿš€_Live-Demo-06b6d4?style=for-the-badge)](https://silo.edycu.dev)\n [![Agent API](https://img.shields.io/badge/๐Ÿค–_Agent-API-06b6d4?style=for-the-badge)](https://agent.silo.edycu.dev)\n [![Pitch Video](https://img.shields.io/badge/๐ŸŽฌ_Pitch-Video-ef4444?style=for-the-badge)](https://youtu.be/dummy-silo-pitch-demo-url)\n [![Pitch Deck](https://img.shields.io/badge/๐Ÿ“Š_Pitch-Deck-f59e0b?style=for-the-badge)](https://silo.edycu.dev/pitch.html)\n [![Sponsor Challenge](https://img.shields.io/badge/DoraHacks-Terminal_3_Bounty-8b5cf6?style=for-the-badge)](https://dorahacks.io/hackathon/t3adkdevchallenge)\n\n \u003cbr/\u003e\n\n ![Next.js 14](https://img.shields.io/badge/Next.js_14-black?style=flat\u0026logo=next.js)\n ![Rust WASM](https://img.shields.io/badge/Rust_WASM-orange?style=flat\u0026logo=rust)\n ![TypeScript](https://img.shields.io/badge/TypeScript-3178C6?style=flat\u0026logo=typescript\u0026logoColor=white)\n ![Express](https://img.shields.io/badge/Express_4-lightgrey?style=flat\u0026logo=express)\n [![CI](https://github.com/edycutjong/silo/actions/workflows/ci.yml/badge.svg)](https://github.com/edycutjong/silo/actions/workflows/ci.yml)\n\n\u003c/div\u003e\n\n---\n\n## ๐Ÿ“ธ See it in Action\n\n\u003cdiv align=\"center\"\u003e\n \u003cimg src=\"ui/public/og-image.png\" alt=\"Silo Dashboard Walkthrough\" width=\"100%\"\u003e\n\u003c/div\u003e\n\n\u003e **Whistleblowing made secure in three steps:** \n\u003e 1. Whistleblower uploads evidence and enters contact details in browser (sealed client-side).\n\u003e 2. Secure enclave authenticates real-world human status via OTP without persisting contact credentials.\n\u003e 3. Enclave signs the report manifest VC and routes ongoing two-way communications blind via HTTP placeholders.\n\n---\n\n## ๐Ÿ’ก The Problem \u0026 The Solution\n\nWhistleblowers put their lives and careers on the line to expose truth, yet standard submission forms demand names, email addresses, and log IP addresses. Even when hotlines use OTP to verify a source is real (confirming insider credibility), they store the plaintext phone number or email. If the newsroom's database is compromised, the whistleblower's identity is instantly burned.\n\n**Silo** solves this by using Terminal 3 secure hardware enclaves to decouple evidence credibility from reporter identity:\n- **Zero-knowledge Credibility Verification:** The enclave verifies the source's phone/email OTP and issues a cryptographic \"Verified Human\" Verifiable Credential. The unsecure coordinator agent and database only see anonymous metadata.\n- **Enclave Hashing \u0026 Stash Storage:** Evidence documents are compiled directly into the Terminal 3 `stash` and hashed inside the enclave boundary, guaranteeing complete tamper detection.\n- **Blind Egress Routing:** Relayed follow-up chat messages replace direct contact info with secure profile variables, shielding the source even during active conversation.\n\n---\n\n## ๐Ÿ—๏ธ Architecture \u0026 Tech Stack\n\n### High-Level Flow\n```mermaid\nsequenceDiagram\n autonumber\n actor Whistleblower\n participant UI as Dashboard UI\n participant Agent as Coordinator Agent (Express)\n participant TEE as Rust WASM Contract (TEE)\n participant HostAPI as T3 Host APIs (Stash/OTP/KV)\n actor Journalist\n\n Whistleblower-\u003e\u003eUI: Upload PDF + Enter Phone Number\n UI-\u003e\u003eAgent: Open Session \u0026 Register Profile Variable\n Agent-\u003e\u003eTEE: open_drop()\n TEE-\u003e\u003eHostAPI: stash / kv_store\n UI-\u003e\u003eAgent: Submit SMS OTP code\n Agent-\u003e\u003eTEE: verify_source()\n TEE-\u003e\u003eHostAPI: otp_verify\n TEE--\u003e\u003eAgent: Return Verified Status (No phone details)\n Agent-\u003e\u003eTEE: submit_report()\n TEE-\u003e\u003eHostAPI: signing::issue_vc\n Agent-\u003e\u003eJournalist: Deliver signed report VC\n Journalist-\u003e\u003eUI: View Report details \u0026 click Validate\n UI-\u003e\u003eAgent: Fetch document from stash \u0026 check hash\n Agent--\u003e\u003eUI: Hash match / mismatch warning\n```\n\n### Stack Breakdown\n- **Secure Sandbox (WASM):** Rust `wasm32-unknown-unknown` contract running inside the hardware isolated boundary.\n- **API Proxy (Agent):** TypeScript + Express gateway mocking and interfacing with TEE Host APIs.\n- **Dashboard UI (Frontend):** Next.js 14, React, Tailwind CSS styled with cyber-noir Outfit/Orbitron styling.\n\n---\n\n## ๐Ÿ† Sponsor Tracks Targeted \u0026 Defense\n\nWe target the **Best Agent Track** of the Terminal 3 Agent Dev Kit Bounty Challenge by building a production-hardened whistleblower enclave gateway utilizing:\n- **`stash`**: Safe, blind document ingestion hashing files inside the enclave.\n- **`otp`**: Verification of real-world identifiers without exposure to the developer/database.\n- **`http-with-placeholders`**: Outbox dispatch and relayed chat replacing receiver variables.\n- **`signing`**: Attesting report manifests via EdDSA SD-JWT credentials.\n- **`kv-store`**: Persistent session records tracking pseudonym bindings.\n\n---\n\n## ๐Ÿš€ Getting Started\n\n### Prerequisites\n- Node.js \u0026ge; 20.9.0\n- Rust \u0026 cargo\n\n### Installation \u0026 Run\n\n1. Clone the repository and navigate to the project directory:\n ```bash\n git clone https://github.com/edycutjong/silo.git\n cd silo\n ```\n\n2. Seed mock newsrooms and profiles:\n ```bash\n python3 scripts/seed.py\n ```\n\n3. Run the Coordinator Agent:\n ```bash\n cd agent\n npm install\n npm run build\n npm run start\n ```\n\n4. Run the Dashboard UI:\n ```bash\n cd ../ui\n npm install\n npm run dev\n ```\n\n5. Access the dashboard at `http://localhost:3000`.\n\n---\n\n## ๐Ÿงช Testing \u0026 CI\n\nWe maintain a rigorous test harness ensuring 100% code path reliability:\n- **Rust Unit Tests:** 29 unit tests validating WASM memory bounds, hashing logic, and OTP states, including error-handling and allocator states (100% line coverage).\n- **Express Integration Tests:** 49 distinct test cases covering report submission, per-session OTP binding, blind relay routing, admin-token enforcement, database resets, and download checks (100% statement and branch coverage).\n- **Playwright E2E Tests:** 5 E2E tests verifying layout, tab navigation, and responsive viewport states.\n\n```bash\n# Run Rust contract tests\ncd contract \u0026\u0026 cargo test\n\n# Run Agent Integration tests \u0026 coverage\ncd agent \u0026\u0026 npm run test:coverage\n\n# Run UI build check \u0026 tests\ncd ui \u0026\u0026 npm run ci\n\n# Run Playwright E2E tests\ncd ui \u0026\u0026 npx playwright test\n```\n\n| Quality Layer | Tool | Status |\n|---|---|---|\n| Code Quality | ESLint + TypeScript strict mode | โœ… |\n| Unit Testing | Cargo test + Jest (100% green) | โœ… |\n| E2E Testing | Playwright (3 suites, 5 tests) | โœ… |\n| Security (SAST) | CodeQL Action | โœ… |\n| Secret Scanning | TruffleHog Scan | โœ… |\n| Performance | Lighthouse CI audit | โœ… |\n\n---\n\n## ๐Ÿ“ Project Structure\n```text\nsilo/\nโ”œโ”€โ”€ contract/ # Rust WASM Contract (TEE logic)\nโ”‚ โ”œโ”€โ”€ src/lib.rs # Memory boundary \u0026 host API integration\nโ”‚ โ””โ”€โ”€ Cargo.toml\nโ”œโ”€โ”€ agent/ # TypeScript Express Coordinator Agent\nโ”‚ โ”œโ”€โ”€ src/index.ts # Server listening entrypoint\nโ”‚ โ”œโ”€โ”€ src/app.ts # Express endpoints, routes \u0026 middleware\nโ”‚ โ”œโ”€โ”€ src/__tests__/ # Jest unit \u0026 integration tests (100% coverage)\nโ”‚ โ””โ”€โ”€ src/lib/ # Database and WASM compilation\nโ”œโ”€โ”€ ui/ # Next.js 14 Dashboard UI\nโ”‚ โ”œโ”€โ”€ src/app/page.tsx # Double-sided portal UI\nโ”‚ โ””โ”€โ”€ e2e/ # Playwright E2E tests\nโ”œโ”€โ”€ scripts/ # Latency benchmarks \u0026 readiness audits\nโ””โ”€โ”€ README.md\n```\n\n---\n\n## ๐Ÿ“… Roadmap\n- **30 Days:** Multi-media evidence streaming uploads, and support for multi-party whistleblowing.\n- **60 Days:** Support for economic whistleblower payouts using zero-knowledge escrow contracts.\n- **90 Days:** Mobile-native drop SDKs for secure leak submissions on Android/iOS.\n\n---\n\n## ๐Ÿ“„ License\n[MIT](LICENSE) ยฉ 2026 Edy Cu\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedycutjong%2Fsilo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fedycutjong%2Fsilo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedycutjong%2Fsilo/lists"}