Inspiration
During my time working across full-stack roles—from early front-end gigs in Australia to recent senior positions in the U.S. and now Western Australia—I noticed how fragmented and overwhelming cybersecurity guidance can be for developers and small teams. I wanted to build a tool that distills complex security best practices into actionable, contextual advice—something that fits seamlessly into a developer’s workflow without requiring deep infosec expertise.
What it does
ElenChus is an intelligent, web-based security advisor that helps developers identify and remediate common vulnerabilities in their applications. By analyzing code snippets, architecture decisions, or deployment configurations, ElenChus provides real-time, tailored recommendations grounded in industry standards like OWASP and NIST. It’s designed to be pragmatic—no fluff, just clear steps to reduce risk.
How I built it
I built ElenChus as a full-stack application using Next.js (with TypeScript) for the frontend and Node.js + Express for the backend API. The core logic leverages a Retrieval-Augmented Generation (RAG) pipeline: instead of relying on raw LLM outputs, user inputs are matched against a curated knowledge base of verified security patterns, then augmented with context-aware suggestions. Data is stored in PostgreSQL, and the app is deployed on Vercel with CI/CD via GitHub Actions. I also integrated basic auth and rate limiting to ensure responsible usage.
Challenges I ran into
Balancing accuracy with usability was tough. Early versions either gave overly generic advice or got too technical for non-security folks. Tuning the RAG system to retrieve only high-confidence, relevant guidance—without hallucinating—required careful prompt engineering and validation. I also had to optimize latency; security checks shouldn’t slow down a dev’s flow. Finally, keeping the UI clean while presenting nuanced risk information took several design iterations.
Accomplishments that I'm proud of
- Built a fully functional, production-ready security assistant that delivers actionable, evidence-based recommendations not just theoretical warnings.
- Achieved sub-second response times for most queries by optimizing vector search and caching strategies.
- Designed a minimalist but informative UX that makes security approachable, inspired by Lexington Themes’ clean aesthetic.
- Kept the entire stack transparent, maintainable, and deployable with zero external dependencies beyond open standards.
What I learned
This project reinforced the value of starting small and iterating with real user needs in mind. I deepened my understanding of secure system design—not just from a coding perspective, but in how humans actually interact with security tools. I also confirmed that RAG + human-in-the-loop review is far more reliable than end-to-end LLMs for high-stakes domains like cybersecurity.
What's next for ElenChus
- Add support for scanning full repositories (via GitHub integration) to detect anti-patterns at scale.
- Introduce team collaboration features—shared findings, audit trails, and policy templates.
- Expand the knowledge base to cover cloud-native (AWS/Azure/GCP) and AI-specific risks.
- Open-source the core engine so the community can contribute rules and validations.
Built With
- alpine
- astro
- express.js
- mongodb
- node.js
- react
- router

Log in or sign up for Devpost to join the conversation.