EcoSec: Sentinel

Secure code. Sustainable computing.

Comment

Inspiration:

The tech industry is facing a dual crisis: a rising tide of cyber threats and an escalating carbon footprint from massive data centers. Through my ongoing deep dives into OWASP vulnerabilities and Capture The Flag (CTF) challenges, I realized that security is often prioritized at the expense of performance. Conversely, "GreenOps" (optimizing code to reduce energy consumption) is rarely discussed alongside cybersecurity. I wanted to build a tool that bridges this gap. Code shouldn't just be secure, it should be sustainable. EcoSec Sentinel was born from the idea that we can automatically audit code for both critical vulnerabilities and computational bloat in a single, unified protocol.

What it does:

EcoSec Sentinel is a browser-based, automated auditing dashboard. Developers can paste their raw JavaScript or Python code into the terminal, and the system initiates a "Dual-Audit Sequence":

1. Security Risk Matrix: It scans the code against standard vulnerability signatures (like SQL Injection, XSS, and broken access controls) and assigns a precise threat score.

2. Energy Waste Matrix: It calculates the algorithmic complexity (Big-O notation). Inefficient loops or logic that cause unnecessary CPU load (and thus carbon emissions) are flagged with an Energy Debt score.

3. Automated Refactoring: The engine doesn't just complain, it acts. It outputs a fully refactored, optimized version of the code that neutralizes the security threat while flattening the complexity curve.

How we built it:

The project is built on the MERN stack ecosystem, tailored for high performance.

The Engine: The backend runs on Node.js and Express, seamlessly integrating the Google Gemini 1.5 Flash API. By engineering a highly specific system prompt, we turned Gemini into an elite DevSecOps auditor capable of returning strict, parseable JSON data.

The Interface: I have a strong preference for dark mode, glassmorphism, and minimalist UI/UX design. The frontend is built with React and Tailwind CSS v4. We implemented a "cyber-hacker" aesthetic using custom CSS keyframes for glitch effects, scanning lines, and terminal typography (JetBrains Mono).

The Output: We integrated react-syntax-highlighter to ensure the refactored code outputs exactly like a premium VS Code window.

Challenges we ran into:

The "Last Percent" Handshake: Getting the frontend scanning overlay to perfectly sync with the Gemini API's response time required careful state management and asynchronous debugging.

Tailwind v4 Migration: Upgrading to the brand new Tailwind v4 mid-hackathon broke our PostCSS pipeline. We had to rapidly refactor our configuration files and adapt to the new @import "tailwindcss" structure while the clock was ticking.

LLM Formatting Bleed: Forcing an AI model to strictly output raw JSON without conversational filler or markdown backticks required extensive tuning of the prompt architecture.

Accomplishments that we're proud of:

Building a functional, API-connected tool with a premium, enterprise-grade interface in under 24 hours. The visual hierarchy of the dashboard, balancing glowing neon accents with readable, muted data points, makes complex security metrics instantly understandable.

What we learned:

We deepened our understanding of integrating Large Language Models into strict programmatic workflows. We also learned how to leverage modern CSS (backdrop filters, radial gradients, and keyframe animations) to build an immersive user experience without relying on heavy external animation libraries.

What's next for EcoSec: Sentinel:

CI/CD Integration: Building a GitHub Action so EcoSec can automatically audit pull requests before they are merged. Database Persistence: Integrating MongoDB to allow users to track their "Energy Debt" reduction over time across multiple projects. Expanded Language Support: Tuning the AI to specifically audit Rust and Go for enterprise-level cloud infrastructure.

Built With

Share this project:

Updates