Tech Path Finder

About the Project

Tech Path Finder is a platform for preparing IT professionals for career advancement. Structured courses on Agile, Python, Django, FastAPI, Kubernetes, System Design, and dozens of other topics are combined with quizzes, exams, AI-evaluated mock interviews, and practical code review exercises.

The platform addresses a specific problem: developers don't know exactly what to study to advance to the next level, and they waste time on chaotic content consumption without feedback about their actual knowledge gaps.

The core idea is personalization through data: the system doesn't just test — it builds a user's competency profile over time. Knowledge that isn't applied gradually "decays," and the platform reminds you before this becomes a problem in an interview.

Key Features

Learning and Knowledge Assessment

65+ courses across categories: Agile/Scrum, Python, Django, FastAPI, Kubernetes, Docker, AWS, System Design, LLM/RAG, design patterns, and more. Each course contains:

Theory — Markdown articles with diagrams, terminology glossary
Quizzes — questions at three difficulty levels (junior / middle / senior) with detailed explanations
Exams — 20 deterministic questions per variant, attempt history
Progress — topic completion and answer accuracy tracking

Knowledge Decay Algorithm

The platform's core mechanism: the proficiency score for each topic decreases over time if the user doesn't return to the material:

proficiency = accuracy × recency_factor × 100
recency_factor = max(0.3, 1 - days_since_last_answer / 30)

Topics are automatically classified as "critical" (< 40%), "weak" (40–65%), or "not started" — and the system builds a personalized review queue.

AI-Evaluated Mock Interviews

Structured mock interview sessions by language and level (junior/middle/senior):

Question loading by variants (express or full format)
User answers evaluated by AI model via OpenRouter
Final score and feedback on each answer
Cost: 10 credits per session

Code Review

Practical exercises with real code:

Exercise repository organized by language (Python, Go, Java, Ruby, and others)
User finds bugs and violations — system compares against reference solution
Three scoring levels: 0 / 0.5 / 1.0 points
Daily challenge with a random exercise
Tracking of weak error types by language

Gamification

XP system: trigger events (topic completion +50 XP, exam +100 XP, streaks +25/100 XP)
Achievements: unlocked by milestones (topics, accuracy, streaks)
Streaks: daily activity rewarded with bonus XP
Progress dashboard: activity heatmap, difficulty dynamics, exam history

Architectural Solutions

PythonFastAPIPostgreSQLRedisKafkaCeleryNext.jsReactTypeScriptTailwind CSSDockerNginxOpenTelemetryJaegerPrometheus

Backend: Domain-Driven Design

13 independent domains, each with their own api.py, service.py, models.py, schemas.py:

Domain	Responsibility
auth	JWT, OAuth (Google/Yandex/GitHub), password recovery
users	Profiles, achievements, XP, settings
content	Quizzes, exams, progress, recommendations
interview	Mock interviews, AI evaluation, credit spending
code_review	Code exercises, daily challenges
billing	Credit system, promo codes, refunds
admin	Analytics, user management, report moderation

Frontend: Feature-Sliced Design

Next.js 16 (App Router) + React 19 with three route groups:

(main) — authenticated pages with navigation
(auth) — public pages (login, registration, password recovery)
(admin) — admin panel

All API calls are Server Actions with 'use server'. Tokens are read from httpOnly cookies exclusively on the server — no token ever reaches client-side code.

Content as Code

65+ courses versioned in Git as JSON/Markdown files in /data/:

data/
  agile/
    meta.json           # Category metadata
    ceremonies.json     # Subtopic questions with explanations
    ceremonies.md       # Theory article
    glossary.json       # Terminology glossary
    exam.json           # 20 deterministic questions

Content updates = Git commit + redeploy. No CMS, no database for content.

Infrastructure

nginx → next.js (:3000) + fastapi (:8000)
├── postgres     # Primary database
├── redis        # Sessions, rate limiting, cache
├── kafka        # Event streaming, audit log
├── celery       # Background tasks, email
├── jaeger       # Distributed tracing
└── plausible    # Privacy-first analytics

Technical Challenges and Solutions

Answer Shuffling Without Index Leakage

Problem: If answer options are shuffled only on the frontend, users can memorize the position of the correct answer in the original array.

Solution: Fisher-Yates shuffling is performed on the server with each request. The client submits the index in the shuffled option space; the server converts it back to the original space for validation. Users only ever see shuffled options.

Rate Limiting via Lua + Redis

Problem: Protecting sensitive endpoints from brute force and abuse without external dependencies.

Solution: Atomic sliding window via Lua script in Redis — INCR + EXPIRE in a single transaction. Different limits per endpoint:

POST /auth/login        → 5 / 15 minutes / IP
POST /auth/register     → 3 / hour / IP
POST /auth/forgot-pw    → 3 / hour / IP

Credit Billing Without Race Conditions

Problem: Atomic credit deduction on parallel requests without double-spending.

Solution: Ledger pattern — append-only CreditTransaction table + denormalized cache User.credits_balance. Atomic update via SELECT FOR UPDATE. Mock interview session idempotency via idempotency keys.

Refresh Tokens Without Race Conditions

Problem: With simultaneous requests using an expired token, both might try to refresh — one gets an invalidated token.

Solution: Atomic GETDEL from Redis on refresh — the token is read and deleted in a single operation. The second request gets None and must go to /auth/refresh again with the already-refreshed token.

Observability from Scratch

Full observability stack without vendor lock-in:

Tracing: FastAPI + SQLAlchemy + Redis instrumented via OpenTelemetry → Jaeger
Metrics: Prometheus + custom metrics (registrations, XP, topic completions)
Health checks: /health + /health/ready checking DB and Redis
Graceful shutdown: in-flight request drain with 30-second timeout

Security

Passwords: bcrypt with 12 rounds
JWT: HS256, access (30 min) + refresh (7 days) in httpOnly cookies
OAuth: state parameter verified via Redis (TTL 1 hour) against CSRF
Sensitive fields: Fernet encryption when APP_ENCRYPTION_KEY is present
SQL: parameterized queries via SQLAlchemy
Linting: Bandit + Ruff in pre-commit hooks

Results

65+

Courses

10 000+

Questions in database

Backend domains

90%

Test coverage

What Got Built

Full SaaS from scratch — from architecture to deployment
Knowledge decay algorithm providing real personalization without ML overhead
Content as code — 65 courses updated via Git without a CMS
Production-ready stack with tracing, metrics, and graceful shutdown

Lessons Learned

Content as code works better than a CMS for technical courses: versioning, content code review, rollbacks — all out of the box via Git.

The knowledge decay algorithm is a surprisingly simple yet powerful solution. No need for full spaced repetition with a scheduler. A time-decay function is enough to make recommendations noticeably better.

DDD domain separation paid off from the first month: each domain evolves independently, tests are isolated, and onboarding a new developer takes minutes, not days.

JWT in httpOnly cookies via Server Actions is an elegant solution to the token security problem on the frontend. Client code never sees tokens; XSS cannot steal them.

Table of Contents