SecCollab is a real-time collaborative development environment with AI-powered security analysis. Built with the MERN stack, it allows teams to write, review, and secure code together.
- Real-time Collaboration: Multiple developers can work on the same project simultaneously
- AI Security Auditor: Powered by Google Gemini AI to detect security vulnerabilities
- In-Browser Code Execution: Run Node.js applications directly in the browser using WebContainer
- Live Code Editor: Multi-file editing with syntax highlighting
- Project Management: Create and manage multiple projects with team members
- Secure Authentication: JWT-based authentication with bcrypt password hashing
- Message History: Persistent chat and collaboration history
The AI security auditor (SECURE-AI) analyzes code for:
- JWT handling issues
- Missing authentication checks
- MongoDB injection vulnerabilities
- XSS and CSRF vulnerabilities
- Unsafe eval usage
- Weak cryptography
- Secret leakage
- Input validation issues
- Node.js (v18 or higher)
- MongoDB (v5 or higher)
- Redis (optional - will use in-memory fallback)
- Google Gemini API key (for AI features)
- Navigate to the backend directory:
cd backend- Install dependencies:
npm install- Create
.envfile from example:
cp .env.example .env-
Update
.envwith your configuration:- Set
MONGODB_URIto your MongoDB connection string - Set
JWT_SECRETto a strong random string - Set
GOOGLE_AI_KEYto your Google Gemini API key - (Optional) Configure Redis credentials
- Set
-
Start the backend server:
npm run runThe backend will run on http://localhost:3000
- Navigate to the frontend directory:
cd frontend- Install dependencies:
npm install- Create
.envfile from example:
cp .env.example .env-
Update
.envif needed (default points tohttp://localhost:3000) -
Start the development server:
npm run devThe frontend will run on http://localhost:5173
-
Register an Account: Navigate to
/registerand create a new account- Password must be at least 8 characters with uppercase, lowercase, and numbers
-
Create a Project: Click "New Project" on the home page
-
Invite Collaborators: Click "Add collaborator" to invite team members
-
Start Coding:
- Create files using the "+" button in the file explorer
- Edit code in the editor
- Files auto-save on blur
-
Run Your Code: Click "Run" to execute your Node.js application in the browser
-
Request Security Analysis: Type
@ai [your request]in the chat to trigger AI security analysis
Example commands:
@ai analyze this code for security issues@ai check for SQL injection vulnerabilities@ai review authentication implementation
The AI will:
- Analyze your code
- Identify security issues with severity levels
- Suggest fixes
- Automatically apply safe fixes to your file tree
- Express.js: Web framework
- MongoDB: Database for projects, users, and messages
- Mongoose: ODM for MongoDB
- Socket.IO: Real-time communication
- Redis: Token blacklisting and rate limiting
- Google Gemini AI: Security analysis
- JWT: Authentication
- bcrypt: Password hashing
- React 19: UI framework
- Vite: Build tool
- TailwindCSS: Styling
- Socket.IO Client: Real-time updates
- WebContainer API: In-browser Node.js runtime
- Axios: HTTP client
- React Router: Navigation
- highlight.js: Syntax highlighting
- markdown-to-jsx: Markdown rendering
Recent security enhancements:
- ✅ Rate limiting on authentication and file operations
- ✅ Strong password requirements (min 8 chars, complexity)
- ✅ Input validation and sanitization
- ✅ File size limits (1MB per file, 10MB total)
- ✅ CORS configuration
- ✅ Redis token blacklisting
- ✅ Error boundaries for graceful error handling
- ✅ Memory leak prevention (socket and process cleanup)
Ai_Dev/
├── backend/
│ ├── controllers/ # Request handlers
│ ├── models/ # Database models
│ ├── routes/ # API routes
│ ├── services/ # Business logic
│ ├── middleware/ # Auth, validation, rate limiting
│ ├── db/ # Database connection
│ ├── server.js # Socket.IO server
│ └── app.js # Express app
├── frontend/
│ ├── src/
│ │ ├── components/ # Reusable components
│ │ ├── screens/ # Page components
│ │ ├── context/ # React context
│ │ ├── config/ # Configuration files
│ │ ├── routes/ # Route definitions
│ │ └── auth/ # Authentication guards
│ └── public/
└── README.md
POST /users/register- Register new userPOST /users/login- Login userGET /users/logout- Logout userGET /users/profile- Get user profileGET /users/all- Get all users
POST /projects/create- Create new projectGET /projects/all- Get user's projectsGET /projects/get-project/:id- Get project by IDPUT /projects/add-user- Add collaboratorsPUT /projects/update-file-tree- Update project filesPOST /projects/add-message- Add message (deprecated - use socket)
- Socket event:
project-messagewith@aiprefix triggers analysis
SecCollab uses a dark terminal aesthetic with green accents:
- Background:
#050805,#0a0f0a,#0d140d - Primary text:
#d1f7c4 - Accent:
#7CFFA1 - Borders:
#133113 - Interactive:
#0f3d0f,#145214
Contributions are welcome! Please follow these steps:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the ISC License.
Vashu
- Google Gemini AI for security analysis capabilities
- WebContainer team for in-browser Node.js runtime
- The open-source community for amazing tools and libraries
For issues, questions, or suggestions, please open an issue on the GitHub repository.
Built with ❤️ for secure collaborative development