feat: add system metadata assertion #630
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @strantalis, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request introduces a new capability to automatically embed system-level metadata as an assertion within the TDF manifest during the encryption process. This feature enhances data provenance by capturing details about the environment where the TDF was created, such as the TDF specification version, SDK version, operating system, and browser/platform information. Users can enable this via a new systemMetadataAssertion flag in the encryption parameters.
Highlights
- New Assertion Type: Introduced a
SystemMetadatatype and agetSystemMetadataAssertionConfigfunction inlib/tdf3/src/assertions.tsto programmatically generate a structured assertion containing system environment details such as TDF spec version, SDK version, creation date, OS, and browser/platform information. - Opt-in Mechanism for System Metadata: Added a
systemMetadataAssertionboolean flag to theEncryptParamstype and awithSystemMetadataAssertionmethod to theEncryptParamsBuilderinlib/tdf3/src/client/builders.ts. This allows users to easily enable or disable the automatic inclusion of system metadata during the encryption process. - Automatic Assertion Inclusion in TDF Manifest: Implemented logic within the TDF encryption pipeline in
lib/tdf3/src/tdf.tsto automatically create and sign the system metadata assertion using the encryption key (HS256), then embed it into the TDF manifest when thesystemMetadataAssertionflag is enabled. - Comprehensive Testing: A new end-to-end test case was added in
lib/tests/mocha/encrypt-decrypt.spec.tsto validate that the system metadata assertion is correctly generated, included in the manifest with the expected structure and content, and that the TDF can still be successfully decrypted.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request adds a feature to include a system metadata assertion in TDFs. The review focuses on enhancing the clarity of the metadata fields being collected and discussing the implications of the chosen signing mechanism for the new assertion. Addressing these points will help ensure the metadata is both meaningful and appropriately secured.
|
there is no need to include this twice
|
This pull request introduces a new feature to include system metadata assertions during the encryption process in the
tdf3library. The changes add support for automatically generating and embedding metadata about the system environment into the manifest of encrypted files. This functionality is configurable and has been thoroughly tested with new unit tests.Feature: System Metadata Assertions
Core Implementation:
lib/tdf3/src/assertions.ts: Added theSystemMetadatatype to define the structure of system metadata, and implemented thegetSystemMetadataAssertionConfigfunction to generate default metadata assertions. This includes details such as TDF specification version, SDK version, operating system, and browser user agent.lib/tdf3/src/tdf.ts: Modified thewriteStreamfunction to include system metadata assertions in the manifest if thesystemMetadataAssertionflag is enabled in the encryption configuration.Configuration Enhancements:
lib/tdf3/src/client/builders.ts: Added thesystemMetadataAssertionproperty toEncryptParamsand a correspondingwithSystemMetadataAssertionmethod inEncryptParamsBuilderfor enabling this feature during encryption. [1] [2]lib/tdf3/src/tdf.ts: Updated theEncryptConfigurationtype to include thesystemMetadataAssertionflag.Client Integration:
lib/tdf3/src/client/index.ts: Passed thesystemMetadataAssertionflag to the encryption configuration within theClientclass.Testing: Unit Tests for System Metadata Assertions
lib/tests/mocha/encrypt-decrypt.spec.ts: Added a new test case to verify the inclusion and correctness of system metadata assertions in the manifest during encryption and decryption processes. This ensures that the metadata is correctly generated, embedded, and validated.These changes enhance the encryption process by providing additional metadata for debugging, auditing, or compliance purposes, while maintaining flexibility through optional configuration.