Back
Cloud-Native IDE

Dokit

    Frontend Tech Stack
    Yjs
    Backend Tech Stack
    BQ
    Ng
    AWS
    RAG

    Dokit: Cloud-Native IDE

    Overview

    Dokit is a cloud-native collaborative development platform that provisions isolated, containerized environments in the browser. Build, edit, and run code with real-time multiplayer synchronization, a project-aware AI assistant, and instant preview routing. It eliminates local setup friction by delivering secure runtimes, bidirectional cloud storage sync, and shared workspaces.

    Key Features

    Cloud Runtimes & Container Sandboxing

    • On-Demand Linux Containers: Provision and tear down isolated Linux environments dynamically via the Docker Engine API.
    • Secure Sandbox Isolation: Run workspace containers under a restricted, non-root dokituser using gosu with limited (/workspace) filesystem access.
    • Dynamic Environment Customization: Install backend runtimes (Python, Go, Rust, Java) and CLI utilities on the fly from the workspace terminal.
    • Fine-Grained RBAC: Enforce project-level Role-Based Access Control (RBAC) with read/write access permissions mapping collaborators.

    Real-Time Collaboration & Sync

    • Multiplayer Code Editing: Edit code concurrently with conflict-free workspace integration powered by Yjs CRDTs and CodeMirror 6.
    • Collaborator Presence: Track live cursors, active selections, and global member presence over WebSockets.
    • Bidirectional File Syncing: Synchronize filesystem updates instantly between the container and the web editor via Linux inotify and Socket.IO.
    • Background Cloud Sync: Persist workspace changes automatically to Cloudflare R2 using BullMQ background job queues, ensuring seamless workspace recovery on container restarts.

    Project-Aware AI Assistant (ASTra)

    • Retrieval-Augmented Generation (RAG): Search and explain codebases contextually using local Ollama embeddings (nomic-embed-text) and pgvector similarity search.
    • Multi-Language AST Parsing: Chunk codebases intelligently using regex-based language-specific parsing pipelines supporting JS, TS, Python, Go, Rust, and C/C++.
    • Maximal Marginal Relevance (MMR): Re-rank search results dynamically to retrieve diverse, relevant context.
    • Incremental Chat History: Maintain multi-turn developer chat history with automated chat thread summarization and persistence.

    Developer Workflows & Templates

    • One-Click GitHub Import: Import and auto-provision any public GitHub repository directly into an interactive development workspace.
    • Project Templates: Spin up pre-configured environments for Node.js, React (Vite), Express, FastAPI, Go API, or Blank projects:
      • Node.js — Modern JavaScript runtime
      • React + Vite — Fast React development with Vite
      • Express — Backend API development
      • FastAPI — High-performance Python framework
      • Go API — Scalable backend in Go
      • Blank — Empty canvas for custom setups
    • Public Developer Profiles: Render developer portfolios from a customizable profile.md with featured projects.
    • Workspace Exporting: Download entire workspace folders as .zip archives for local backups or offline execution.
    • Access Request Management: Users can request contributor access to collaborate on public projects.

    Secure Snippet Sharing (Code Links)

    • Instant Snippet Sharing: Generate secure, shareable links for individual code snippets.
    • Granular Access Permissions: Restrict snippet viewing access using Argon2-encrypted passwords and restricted allowed user lists.
    • Link Lifespan: Set snippet expiration date and time.
    • Owner Workspaces: Code link owners can modify snippet titles, descriptions, code content, visibility, and credentials directly within the viewing interface.

    Dynamic Routing & Networking

    • Wildcard Preview Domains: Route HTTP preview traffic dynamically to running dev servers via Nginx ([port]-[projectId].dokit.backends.live).
    • Secure Proxying: Proxy terminal WebSocket sessions and preview HTTP requests with internal authorization sub-requests.

    Hardened Security & Authentication

    • Two-Factor Authentication (2FA): Secure accounts with TOTP verification using AES-encrypted secrets and backup recovery codes.
    • Robust Session Management: Use short-lived JWT access tokens with secure rotation and instant, remote session revocation.
    • Infrastructure Throttling: Protect API endpoints using a Redis-based sliding-window rate limiter and strictly validate payloads via Zod.
    • Access Auditing: Monitor session locations via MaxMind GeoIP and trigger optional sign-in notification emails.
    • Project Visibility: Share projects with Public, Private, or Password-Protected visibility states.

    Resources