A full tech-interview preparation platform: 10,000+ questions, in-browser code execution, AI-generated video lessons, and paid subscriptions. Built solo, run in production with paying users.
Interview prep content is scattered, shallow, and mostly text. I wanted one platform that takes an engineer from DSA fundamentals to system design interviews with content that actually executes: real code you can run, real system design diagrams, and video explanations generated by an AI pipeline I control end to end.
It also had to be a real business, not a side project: payments, subscription tiers, premium gating, email flows, and the operational discipline that comes with strangers paying you money.
DSA, System Design (HLD), Object Design (LLD), design patterns, six programming languages, backend engineering, production bug scenarios, and more.
Monaco editor with a sandboxed execution service: memory caps, timeouts, and isolation, so users run real code against test cases safely.
Animated explainer videos produced by my own pipeline (script generation, TTS, Playwright rendering), streamed via CloudFront with premium gating.
Razorpay integration with monthly, yearly, and capped founding-member lifetime plans. Server-side plan enforcement with expiry handling.
XP, streaks, badges, certificates, and fine-grained progress tracking to keep learners coming back.
A simulated terminal component inside lessons, so beginners practice Linux commands directly in the content instead of just reading about them.
A React SPA on Vercel talks to a Rust API on Fly.io (Mumbai) through Cloudflare. Content and users live in SQLite on a persistent volume, chosen deliberately: one writer, read-heavy workload, and sub-10ms p99 without a database server to babysit. Video streams from a private S3 bucket behind CloudFront.
Stack: Rust (Actix-web 4, SQLx, Tokio), React + TypeScript + Vite, shadcn/ui, Monaco, SQLite, Razorpay, Brevo, Cloudflare, Fly.io, S3 + CloudFront, Python + LLM APIs for the content pipeline.
One morning the user count jumped from ~40 real users to 8,649. Someone was hitting the register endpoint directly at ~6 requests/minute with harvested email addresses. I traced it through the proxy chain, found registration IPs were never logged, and shipped a layered fix: strict per-IP rate limiting on registration (with correct client IP extraction behind Cloudflare and Fly's proxies), Cloudflare WAF rules, env-gated Turnstile verification, and kept the email-verification gate that had already made the fake accounts harmless. Registrations now 429 correctly under attack patterns.
Instead of reaching for Postgres + Redis + a bigger server, I treated the workload honestly: read-heavy, single-writer. SQLite on an NVMe volume with async SQLx, an in-process response cache for heavy content queries, and gzip/brotli compression got p99 under 10ms. The boring architecture is the fast one.
The code runner needed real isolation, not just a timeout. I built the sandbox service with memory caps, wall-clock and CPU timeouts, and process isolation, then hardened it further after an audit flagged the memory ceiling. Users get instant feedback; the box stays alive.
I built a factory instead: LLM agents write lesson scripts against an authoring guide, a validator checks every visualization JSON, Google TTS narrates, and Playwright records the animated render. Fleets of parallel agents authored whole course sections; I reviewed and shipped. The same pipeline now powers marketing shorts.
Classic production-only failure: the SPA's Content-Security-Policy had no media-src for the CDN, so players silently failed. Fixed the header, added a Playwright post-deploy check that actually plays a video frame, because curl returning 200 proves nothing about client-side behavior.