🛡️ Cyberspace-X 2.0
A full-featured cybersecurity platform built with Vite + React + TypeScript. Cyberspace-X 2.0 provides a focused suite of security tools for network analysis, threat detection, and secure operational workflows — complete with a GitHub-style hub for code repositories, user profiles, activity tracking, and an AI-powered repository agent named Tron.
✨ Features
| Category | Highlights |
|---|
| Hub / Dashboard | GitHub-style workspace — create repositories, upload code, view commits, manage files |
| Git VCS | Real Git-compatible version control — SHA-1 commit hashes, branches, merge, file-level diffs |
| CodeFile Editor | Inline code editor with auto language detection, syntax preview, edit existing files or create new ones |
| Repository Forking | Fork public repositories into your own account, keep the fork on main, or create a new branch from main |
| Social Notifications | Follow and fork notifications with realtime panel updates, per-notification actions, read-all, and delete |
| 🤖 Tron Agent | AI repository assistant powered by OpenRouter — ask questions, search code, view history, and commit changes via natural language |
| GitHub Import | Import public GitHub repositories directly into your hub |
| User Profiles | Avatar upload & crop, bio, social links (LinkedIn, GitHub, website), phone & address |
| Location Picker | Interactive Google Maps picker with LocationIQ-powered geocoding (forward & reverse) |
| Profile README | Markdown-based profile page with GitHub-flavored rendering and asset support |
| Activity Feed | Activity logging for repository, profile, fork, and Git operations |
| Auth System | Password sign-in, GitHub OAuth, OTP email auth (passwordless), JWT, email verification, and session management |
| UI/UX | Dark theme, glassmorphism, Matrix rain animation, neon accents, Framer Motion animations, typewriter hero text, page progress bar |
| Responsive | Fully responsive across desktop, tablet, and mobile devices |
🔐 Authentication System
Cyberspace-X 2.0 supports three sign-in methods, all available from /signin and /signup:
| Method | How it works |
|---|
| Email + Password | Standard Supabase Auth (bcrypt, email verification) |
| GitHub OAuth | One-click OAuth via Supabase — grants repository access scopes |
| Email OTP (new) | Passwordless — a 6-digit code is emailed via SMTP; verifies through a custom Express backend, then creates a real Supabase session |
OTP Auth Flow
User enters email
↓
POST /auth/send-otp (Express backend)
↓ generates crypto-random 6-digit OTP
↓ stores in otp_tokens table (5-min expiry, 3 attempts max)
↓ sends branded HTML email via Nodemailer SMTP
User receives email & enters code
↓
POST /auth/verify-otp (Express backend)
↓ validates OTP (constant-time compare), expiry, attempt limit
↓ fetches or auto-creates Supabase user via Admin API
↓ generates custom JWT (7-day) + Supabase magic-link token_hash
↓
Frontend receives token_hash
↓ calls supabase.auth.verifyOtp({ token_hash, type: 'magiclink' })
↓ real Supabase session established → navigate to dashboard
Security Highlights
- 🔒 OTP stored server-side only — never exposed to the browser
- ⏱️ 5-minute expiry with one-time deletion on use
- 🛑 3-attempt limit per OTP; IP-based rate limiting via
express-rate-limit
- 🔑
SUPABASE_SERVICE_ROLE_KEY lives only in server/.env — never in frontend env vars
- ⚡ Constant-time OTP comparison (
crypto.timingSafeEqual) prevents timing attacks
- 🛡️ JWT signed with a 96-char random secret (
jsonwebtoken, 7-day expiry)
Repository Hub, Forking & Notifications
The repository hub now supports social repository workflows in addition to creating, uploading, importing, editing, and branching repositories.
Repository Forking
- Public repositories can be forked from
/tools and from another user's public profile repository list.
- Forks are copied into the signed-in user's account as private repositories with the original files included.
- During fork creation, the user can keep the fork on
main or create a new branch from main.
- Forked repositories are visible immediately in
/repository with their copied files and Git history.
- If a repository name already exists in the user's account, the fork flow generates a unique
-fork name.
Social Notifications
- Following a user creates an in-app
new_follower notification and can send a formatted follow email through the Express backend.
- Forking a repository creates a
repo_forked notification for the original repository owner.
- The notification bell subscribes to Supabase Realtime changes on
public.notifications, so open panels update without closing or waiting for polling.
- The notification panel supports Read all messages, selecting a single notification, marking one notification as read, deleting one notification, and navigating to the sender profile.
Required Social Migrations
These migrations must be applied for the social notification and fork flows:
20260514120000_add_social_follow_notifications.sql
20260515093000_enable_realtime_for_notifications.sql
20260515100000_extend_notifications_for_repo_forks.sql
Apply them with:
supabase db push
Tron - AI Repository Agent
Tron is a built-in AI assistant that lives at /tron. It connects to your repositories and lets you interact with them using plain English.
What Tron Can Do
| Capability | Example prompt |
|---|
| List files | "What files are in this repo?" |
| Read file content | "Show me the contents of App.tsx" |
| Search code | "Find all TODO comments" |
| Commit history | "Show me the last 10 commits" |
| Commit diffs | "What changed between the last two commits?" |
| Create commits | "Rename the variable foo to bar in utils.ts" |
| Create branches | "Create a new branch called feature/login" |
How It Works
Tron uses a multi-step agentic loop (up to 7 tool calls per query) powered by free models from OpenRouter. It selects the right repository tool, executes it, and reasons until a final answer is ready. Write operations (commits) require explicit confirmation before execution.
Setup
Add your OpenRouter key to .env:
VITE_OPENROUTER_API_KEY=your_openrouter_api_key_here
Get a free API key at openrouter.ai. The default model is nvidia/nemotron-3-super-120b-a12b:free — no paid plan required.
🛠️ Tech Stack
📋 Prerequisites
Make sure you have these installed before proceeding:
- Node.js v18 or later
- npm v9 or later (comes with Node.js)
- Git
- Supabase CLI (optional — only needed to run migrations or a local Supabase instance)
- Docker Desktop (optional — only needed for local Supabase)
🚀 Getting Started
1. Clone the Repository
git clone https://github.com/itzTron/cyberx-project.git
cd cyberx-project
2. Install Frontend Dependencies
npm install
3. Create the Frontend Environment File
Copy the example .env and fill in your keys:
Linux / macOS:
cp .env.example .env
Windows PowerShell:
Copy-Item .env.example .env
4. Configure Frontend Environment Variables
Open .env in your editor and set the required values:
# ── OTP Auth Backend ──────────────────────────────────────────────
VITE_API_BASE_URL=http://localhost:3001
# Optional legacy alias still supported by the app:
# VITE_SERVER_URL=http://localhost:3001
# ── Supabase (Required) ──────────────────────────────────────────
VITE_SUPABASE_PROJECT_ID=your_project_id
VITE_SUPABASE_URL=https://your-project-id.supabase.co
VITE_SUPABASE_ANON_KEY=your_supabase_anon_key
# ── OpenRouter (Required for Tron AI Agent) ───────────────────────
VITE_OPENROUTER_API_KEY=your_openrouter_api_key_here
VITE_OPENROUTER_MODEL=nvidia/nemotron-3-super-120b-a12b:free
VITE_OPENROUTER_FALLBACK_MODELS=nvidia/nemotron-3-nano-30b-a3b:free,google/gemma-4-26b-a4b-it:free
# ── Google Maps (Optional – interactive map picker) ───────────────
VITE_GOOGLE_MAPS_API_KEY=your_google_maps_api_key
# ── LocationIQ (Optional – address geocoding) ─────────────────────
VITE_LOCATIONIQ_API_KEY=your_locationiq_api_key
5. Set Up the OTP Auth Backend
The OTP email authentication system runs as a separate Express server.
cd server
npm install
Copy the example env and fill in your values:
Linux / macOS:
cp .env.example .env
Windows PowerShell:
Copy-Item .env.example .env
Open server/.env and configure:
# Supabase — service role key (NEVER expose to the browser)
SUPABASE_URL=https://your-project-id.supabase.co
SUPABASE_SERVICE_ROLE_KEY=your_service_role_key # Project Settings → API
# JWT secret — generate with:
# node -e "console.log(require('crypto').randomBytes(48).toString('hex'))"
JWT_SECRET=your_long_random_secret
# SMTP — Gmail App Password recomm