Vigilant

Inspiration

In a world increasingly driven by data, security isn't just about locking doors—it's about intelligent monitoring. I wanted to build Vigilant not just as a standard web application, but as a robust security ecosystem. My inspiration came from the concept of "Digital Vigilance": a system that is always awake, processing threats in real-time, and securely managing evidence. I wanted to challenge myself to build a backend infrastructure that is containerized, scalable, and ready for modern deployment, moving beyond simple localhost experiments.

What it does

Vigilant is a full-stack security application where the backend serves as the critical "nervous system." Hosted on Hugging Face Spaces, it acts as a secure gateway that:

Orchestrates Data: seamless communication between the client frontend and the Supabase (PostgreSQL) database.
Enforces Security: Implements strict CORS policies and rate-limiting to prevent abuse.
Manages Assets: Handles secure file uploads and evidence logging.
Containerized Environment: Runs in a custom Docker container to ensure consistency across development and production.

How we built it

The core architecture is built on a high-performance stack designed for reliability:

Runtime: Node.js (v18/v20) ensuring non-blocking I/O for high concurrency.
Framework: Express.js for RESTful API routing.
Database: Supabase for real-time data persistence and authentication.
DevOps: Docker & Hugging Face Spaces for container orchestration.

To ensure the backend could handle the load, we optimized the request throughput $ T $ by minimizing the middleware overhead $ O_{mw} $, modeled roughly as:

$$T = \frac{1}{\sum (t_{db} + t_{net} + O_{mw})}$$

Where $ t_{db} $ is database latency and $ t_{net} $ is network propagation. We achieved this by using lightweight middleware and efficient query structuring.

Challenges we ran into

Building a production-ready backend on a cloud PaaS like Hugging Face presented unique DevOps challenges that went far beyond simple coding:

Docker Permission Hell: We faced critical issues with Linux user permissions ($ UID~1000 $ vs. root). The build would fail because the default user couldn't write to the application directory.
- Solution: We refactored the Dockerfile to leverage the non-root node user and explicitly set ownership using chown for the working directories.
The Proxy Dilemma: Since Hugging Face Spaces puts applications behind a load balancer, our security middleware initially rejected connections, unable to verify the client's IP.
- Solution: We configured Express to trust the upstream proxy (app.set('trust proxy', 1)), allowing us to correctly parse X-Forwarded-For headers.
Context & Structure: We learned the hard way that Docker build contexts are sensitive. Moving our entry points from a subfolder to the root directory was a pivotal moment in getting the deployment to succeed.

Accomplishments that we're proud of

Zero-Downtime Deployment: Successfully deploying a containerized Node.js app that auto-restarts on failure.
Security First: Implementing a backend that properly handles CORS credentials, allowing secure cross-origin requests from our Vercel frontend.
Architecture Decoupling: Successfully separating the Frontend (UI) from the Backend (Logic), allowing them to scale independently.

What we learned

This project was a masterclass in Cloud Engineering. I learned that code that works on localhost doesn't always work in the cloud. I gained deep insights into:

How Reverse Proxies manipulate HTTP headers.
The importance of Environment Variables for keeping database keys secure.
The nuances of Docker Layers and how to optimize build times.

What's next for Vigilant

The backend is now stable. The next phase involves integrating Computer Vision. We plan to connect Hugging Face's inference API to Vigilant, allowing the backend to automatically tag and analyze uploaded images for potential security threats.