Inspiration

During my time working across full-stack roles—from early front-end gigs in Australia to recent senior positions in the U.S. and now Western Australia—I noticed how fragmented and overwhelming cybersecurity guidance can be for developers and small teams. I wanted to build a tool that distills complex security best practices into actionable, contextual advice—something that fits seamlessly into a developer’s workflow without requiring deep infosec expertise.

What it does

ElenChus is an intelligent, web-based security advisor that helps developers identify and remediate common vulnerabilities in their applications. By analyzing code snippets, architecture decisions, or deployment configurations, ElenChus provides real-time, tailored recommendations grounded in industry standards like OWASP and NIST. It’s designed to be pragmatic—no fluff, just clear steps to reduce risk.

How I built it

I built ElenChus as a full-stack application using Next.js (with TypeScript) for the frontend and Node.js + Express for the backend API. The core logic leverages a Retrieval-Augmented Generation (RAG) pipeline: instead of relying on raw LLM outputs, user inputs are matched against a curated knowledge base of verified security patterns, then augmented with context-aware suggestions. Data is stored in PostgreSQL, and the app is deployed on Vercel with CI/CD via GitHub Actions. I also integrated basic auth and rate limiting to ensure responsible usage.

Challenges I ran into

Balancing accuracy with usability was tough. Early versions either gave overly generic advice or got too technical for non-security folks. Tuning the RAG system to retrieve only high-confidence, relevant guidance—without hallucinating—required careful prompt engineering and validation. I also had to optimize latency; security checks shouldn’t slow down a dev’s flow. Finally, keeping the UI clean while presenting nuanced risk information took several design iterations.

Accomplishments that I'm proud of

  • Built a fully functional, production-ready security assistant that delivers actionable, evidence-based recommendations not just theoretical warnings.
  • Achieved sub-second response times for most queries by optimizing vector search and caching strategies.
  • Designed a minimalist but informative UX that makes security approachable, inspired by Lexington Themes’ clean aesthetic.
  • Kept the entire stack transparent, maintainable, and deployable with zero external dependencies beyond open standards.

What I learned

This project reinforced the value of starting small and iterating with real user needs in mind. I deepened my understanding of secure system design—not just from a coding perspective, but in how humans actually interact with security tools. I also confirmed that RAG + human-in-the-loop review is far more reliable than end-to-end LLMs for high-stakes domains like cybersecurity.

What's next for ElenChus

  • Add support for scanning full repositories (via GitHub integration) to detect anti-patterns at scale.
  • Introduce team collaboration features—shared findings, audit trails, and policy templates.
  • Expand the knowledge base to cover cloud-native (AWS/Azure/GCP) and AI-specific risks.
  • Open-source the core engine so the community can contribute rules and validations.

Built With

Share this project:

Updates