Cloud-Native IDE
Dokit
Frontend Tech Stack
Yjs
Backend Tech Stack
BQ
Ng
AWS
RAG
Dokit: Cloud-Native IDE
Overview
Dokit is a cloud-native collaborative development platform that provisions isolated, containerized environments in the browser. Build, edit, and run code with real-time multiplayer synchronization, a project-aware AI assistant, and instant preview routing. It eliminates local setup friction by delivering secure runtimes, bidirectional cloud storage sync, and shared workspaces.
Key Features
Cloud Runtimes & Container Sandboxing
- On-Demand Linux Containers: Provision and tear down isolated Linux environments dynamically via the Docker Engine API.
- Secure Sandbox Isolation: Run workspace containers under a restricted, non-root dokituser using gosu with limited (/workspace) filesystem access.
- Dynamic Environment Customization: Install backend runtimes (Python, Go, Rust, Java) and CLI utilities on the fly from the workspace terminal.
- Fine-Grained RBAC: Enforce project-level Role-Based Access Control (RBAC) with read/write access permissions mapping collaborators.
Real-Time Collaboration & Sync
- Multiplayer Code Editing: Edit code concurrently with conflict-free workspace integration powered by Yjs CRDTs and CodeMirror 6.
- Collaborator Presence: Track live cursors, active selections, and global member presence over WebSockets.
- Bidirectional File Syncing: Synchronize filesystem updates instantly between the container and the web editor via Linux inotify and Socket.IO.
- Background Cloud Sync: Persist workspace changes automatically to Cloudflare R2 using BullMQ background job queues, ensuring seamless workspace recovery on container restarts.
Project-Aware AI Assistant (ASTra)
- Retrieval-Augmented Generation (RAG): Search and explain codebases contextually using local Ollama embeddings (nomic-embed-text) and pgvector similarity search.
- Multi-Language AST Parsing: Chunk codebases intelligently using regex-based language-specific parsing pipelines supporting JS, TS, Python, Go, Rust, and C/C++.
- Maximal Marginal Relevance (MMR): Re-rank search results dynamically to retrieve diverse, relevant context.
- Incremental Chat History: Maintain multi-turn developer chat history with automated chat thread summarization and persistence.
Developer Workflows & Templates
- One-Click GitHub Import: Import and auto-provision any public GitHub repository directly into an interactive development workspace.
- Project Templates: Spin up pre-configured environments for Node.js, React (Vite), Express, FastAPI, Go API, or Blank projects:
- Node.js — Modern JavaScript runtime
- React + Vite — Fast React development with Vite
- Express — Backend API development
- FastAPI — High-performance Python framework
- Go API — Scalable backend in Go
- Blank — Empty canvas for custom setups
- Public Developer Profiles: Render developer portfolios from a customizable profile.md with featured projects.
- Workspace Exporting: Download entire workspace folders as .zip archives for local backups or offline execution.
- Access Request Management: Users can request contributor access to collaborate on public projects.
Secure Snippet Sharing (Code Links)
- Instant Snippet Sharing: Generate secure, shareable links for individual code snippets.
- Granular Access Permissions: Restrict snippet viewing access using Argon2-encrypted passwords and restricted allowed user lists.
- Link Lifespan: Set snippet expiration date and time.
- Owner Workspaces: Code link owners can modify snippet titles, descriptions, code content, visibility, and credentials directly within the viewing interface.
Dynamic Routing & Networking
- Wildcard Preview Domains: Route HTTP preview traffic dynamically to running dev servers via Nginx ([port]-[projectId].dokit.backends.live).
- Secure Proxying: Proxy terminal WebSocket sessions and preview HTTP requests with internal authorization sub-requests.
Hardened Security & Authentication
- Two-Factor Authentication (2FA): Secure accounts with TOTP verification using AES-encrypted secrets and backup recovery codes.
- Robust Session Management: Use short-lived JWT access tokens with secure rotation and instant, remote session revocation.
- Infrastructure Throttling: Protect API endpoints using a Redis-based sliding-window rate limiter and strictly validate payloads via Zod.
- Access Auditing: Monitor session locations via MaxMind GeoIP and trigger optional sign-in notification emails.
- Project Visibility: Share projects with Public, Private, or Password-Protected visibility states.