Trust-VerifEye-Showcase
[](#) [](#) [](#) [](#) *Acting as a real-time Security Operations Center (SOC) inside your browser with a strict 'Bring Your Own Key' (BYOK) architecture.*
Trust VerifEye is a localized, privacy-first Chrome Extension that acts as a personal Security Operations Center (SOC) analyst for everyday users. It evaluates domain integrity in real-time and leverages Large Language Models (LLMs) to detect sophisticated phishing attempts, fake stores, and structural web risks.
View the live extension on the Chrome Web Store.
๐ The Architecture (How it Works)
Unlike traditional blocklists that rely on outdated databases, Trust VerifEye uses a Two-Stage Triage Engine to evaluate websites dynamically.
๐ง Want to see under the hood? Read the full Architecture & Engineering Post-Mortem for a deep dive into the triage engine, performance optimizations, and security audits.
Phase 1: 100-Point Heuristic Triage
Before any network calls are made, the background service worker evaluates the current URL against a strict physical structural check:
- IP Address Resolution: Flags domains bypassing DNS mapping.
- Top-Level Domain (TLD) Threat Intel: Docks points for historically abused extensions (
.zip,.tk,.xyz). - Shared Hosting Detection: Identifies unverified subdomains on platforms often abused for temporary phishing (e.g.,
vercel.app,github.io). - Brand Mismatching: Cross-references URL substrings against regional enterprise brands to catch typo-squatting.
Phase 2: AI Waterfall Analysis
If a website scores below the safety threshold (80/100), the extension initiates a localized API call to Googleโs Gemini AI.
- Contextual Judgment: Acts as a SOC analyst to review flagged metadata. If the AI determines a flagged site is actually a legitimate organizational portal or safe developer tool, it triggers a Purple โAI Vouchedโ Override.
- Plain-English Explanations: Explains the specific risks (or reasons for safety) to the user in actionable human language.
- Threat Intel Export: Generates one-click markdown reports of technical flags and AI summaries for IT ticketing.
- Smart Caching: Implements a caching layer (24-hour TTL) to minimize redundant API calls and optimize performance.
๐ Tech Stack & Engineering Highlights
This project was built entirely with vanilla web technologies to maintain an ultra-lightweight footprint and zero dependencies.
- Core: JavaScript (ES6+), HTML5, CSS3.
- Extension API: Chrome Manifest V3 (Service Workers, Local Storage, Messaging API).
- AI Integration: Google Gemini REST API waterfall (
flash-lite-previewโflashโ2.5-flash). - UI/UX: Custom Glassmorphism 2.0, dual-font typography system (Raleway/Inter), and localized state management.
๐ Privacy & Security (Zero-Telemetry Design)
As a cybersecurity tool, user privacy is the foundational design principle.
- Bring Your Own Key (BYOK): The extension operates strictly on a BYOK model, requiring the user to input their own free Gemini API key.
- 100% Local Sandboxing: The API key, Trusted Domain lists, and all historical telemetry (Trust Quotient, sites blocked, recent activity) are stored exclusively in
chrome.storage.local. - No Dev-Tracking: No data, browsing history, telemetry, or analytics are ever transmitted to the developer or third-party servers.
๐ธ Interface Showcase
| ๐ก Warning State | ๐ด Critical Block | ๐ฃ AI Vouched (Safe) |
|---|---|---|
| Heuristic flags detected | Confirmed phishing trap | Flags detected, but AI verified safe |
๐ SOC Analytics Dashboard
The localized telemetry engine tracking your personal "Trust Quotient" and 7-day risk history.
Note: The source code for this extension is kept private to protect the proprietary heuristic detection logic. However, the architecture, design patterns, and deployment are fully demonstrated via the live Web Store application.