Phase 3.1: Create learn/ folder template

- Add comprehensive 5-file template structure
- 00-OVERVIEW.md: Project intro, quick start, prerequisites
- 01-CONCEPTS.md: Security concepts with real world examples
- 02-ARCHITECTURE.md: System design and technical decisions
- 03-IMPLEMENTATION.md: Code walkthrough with actual examples
- 04-CHALLENGES.md: Extension ideas from easy to expert
- README.md: Template usage guide and writing guidelines
- CHECKLIST.md: Quick reference for filling templates

Writing guidelines emphasize:
- Human voice (avoiding AI patterns like em dashes, contrast flips)
- Concrete examples over abstractions
- Real code references with file:line numbers
- Real world incidents and vulnerabilities
- Practical, actionable content
This commit is contained in:
CarterPerez-dev 2026-01-31 01:05:28 -05:00
parent 6dd4a15ee2
commit e48e6ebda3
7 changed files with 1955 additions and 0 deletions

View File

@ -0,0 +1,101 @@
# [Project Name]
## What This Is
[2-3 sentence description of what the project does. Be specific about functionality, not buzzwords.]
## Why This Matters
[Explain the real world problem this solves. Reference actual incidents, common vulnerabilities, or industry pain points. No fluff about "the evolving threat landscape" - get concrete.]
**Real world scenarios where this applies:**
- [Specific scenario 1]
- [Specific scenario 2]
- [Specific scenario 3]
## What You'll Learn
This project teaches you how [core concept] works under the hood. By building it yourself, you'll understand:
**Security Concepts:**
- [Concept 1 - explain what it is, not just list it]
- [Concept 2]
- [Concept 3]
**Technical Skills:**
- [Skill 1 - be specific about what aspect you'll actually implement]
- [Skill 2]
- [Skill 3]
**Tools and Techniques:**
- [Tool/technique 1 - explain how it's used in the project]
- [Tool/technique 2]
## Prerequisites
Before starting, you should understand:
**Required knowledge:**
- [Prerequisite 1 with specific examples of what you need to know]
- [Prerequisite 2]
- [Prerequisite 3]
**Tools you'll need:**
- [Tool 1] - [brief explanation of why]
- [Tool 2]
- [Tool 3]
**Helpful but not required:**
- [Nice to have 1]
- [Nice to have 2]
## Quick Start
Get the project running locally:
```bash
# Clone and navigate
cd PROJECTS/[difficulty]/[project-name]
# [Installation steps specific to the project]
# Keep this minimal - just enough to see it work
# Run the project
[command to start]
```
Expected output: [describe what success looks like]
## Project Structure
```
[project-name]/
├── [key directory 1]/ # [what this contains]
├── [key directory 2]/ # [what this contains]
├── [key file 1] # [what this does]
└── [key file 2] # [what this does]
```
## Next Steps
1. **Understand the concepts** - Read [01-CONCEPTS.md](./01-CONCEPTS.md) to learn the security fundamentals
2. **Study the architecture** - Read [02-ARCHITECTURE.md](./02-ARCHITECTURE.md) to see how it's designed
3. **Walk through the code** - Read [03-IMPLEMENTATION.md](./03-IMPLEMENTATION.md) for implementation details
4. **Extend the project** - Read [04-CHALLENGES.md](./04-CHALLENGES.md) for ideas to build on
## Common Issues
**[Common problem 1]**
```
[Error message or symptom]
```
Solution: [How to fix it]
**[Common problem 2]**
Solution: [How to fix it]
## Related Projects
If you found this interesting, check out:
- [Related project 1] - [why it's related]
- [Related project 2] - [why it's related]

View File

@ -0,0 +1,139 @@
# Core Security Concepts
This document explains the security concepts you'll encounter while building this project. These are not just definitions - we'll dig into why they matter and how they actually work.
## [Primary Concept]
### What It Is
[Explain the concept in plain language. No jargon without explanation. Assume the reader is smart but unfamiliar.]
### Why It Matters
[Explain the real world impact. What goes wrong without it? Reference actual breaches or incidents if relevant.]
### How It Works
[Break down the technical mechanism. Use examples and code snippets where helpful. ASCII diagrams are good.]
```
[Diagram or code example showing the concept in action]
```
### Common Attacks
[List specific attack techniques that exploit this. Be concrete about what an attacker does.]
1. **[Attack 1]** - [How it works, what the attacker gains]
2. **[Attack 2]** - [How it works, what the attacker gains]
3. **[Attack 3]** - [How it works, what the attacker gains]
### Defense Strategies
[Explain how to protect against these attacks. Connect back to what this project implements.]
## [Secondary Concept]
### What It Is
[Same structure as above]
### Why It Matters
[Real world impact]
### How It Works
[Technical mechanism]
### Common Pitfalls
[Where developers get this wrong. Based on actual mistakes you see in production code.]
**Mistake 1: [Common error]**
```[language]
# Bad
[code showing the mistake]
# Good
[code showing the correct approach]
```
**Mistake 2: [Another common error]**
[Explanation of why this is wrong]
## [Additional Concept]
[Follow same pattern for each major concept]
## How These Concepts Relate
[Show how the concepts connect to each other. Security is a system, not isolated techniques.]
```
[Concept 1]
affects
[Concept 2]
requires
[Concept 3]
```
## Industry Standards and Frameworks
### OWASP Top 10
This project addresses:
- **[OWASP Category]** - [Specific vulnerability and how this project handles it]
- **[Another category]** - [How this project relates]
### MITRE ATT&CK
Relevant techniques:
- **[Technique ID]** - [Technique name] - [How this project detects or prevents it]
- **[Another technique]** - [Connection to the project]
### CWE
Common weakness enumerations covered:
- **[CWE-XXX]** - [Weakness name] - [How this project demonstrates or prevents it]
## Real World Examples
### Case Study 1: [Actual Incident]
[Describe a real breach or vulnerability that relates to these concepts. Include:
- What happened
- How the attack worked
- What defenses failed
- How this could have been prevented]
### Case Study 2: [Another Example]
[Another real world example]
## Testing Your Understanding
Before moving to the architecture, make sure you can answer:
1. [Question that tests understanding of concept 1]
2. [Question that requires applying concept 2]
3. [Question that connects multiple concepts]
If these questions feel unclear, re-read the relevant sections. The implementation will make more sense once these fundamentals click.
## Further Reading
**Essential:**
- [Resource 1] - [Why this is valuable]
- [Resource 2] - [What you'll get from it]
**Deep dives:**
- [Advanced resource 1] - [When to read this]
- [Advanced resource 2] - [What this covers that we didn't]
**Historical context:**
- [Paper or talk] - [Why this matters for understanding the evolution]

View File

@ -0,0 +1,370 @@
# System Architecture
This document breaks down how the system is designed and why certain architectural decisions were made.
## High Level Architecture
```
[ASCII diagram showing major components and how they connect]
Example:
┌─────────────┐
│ Client │
└──────┬──────┘
┌─────────────┐
│ Component │
└──────┬──────┘
┌─────────────┐
│ Storage │
└─────────────┘
```
### Component Breakdown
**[Component 1]**
- Purpose: [What this component does]
- Responsibilities: [Specific tasks it handles]
- Interfaces: [How other components interact with it]
**[Component 2]**
- Purpose: [What this component does]
- Responsibilities: [Specific tasks it handles]
- Interfaces: [How other components interact with it]
**[Component 3]**
- Purpose: [What this component does]
- Responsibilities: [Specific tasks it handles]
- Interfaces: [How other components interact with it]
## Data Flow
### [Primary Use Case Flow]
Step by step walkthrough of what happens when [primary operation]:
```
1. [Action] → [Component]
[What happens, what data is passed]
2. [Component] → [Next component]
[Processing that occurs, transformations]
3. [Next component] → [Result]
[Final output or state change]
```
Example with code references:
```
1. User sends request → API endpoint (src/routes/endpoint.py:42)
Validates input, extracts credentials
2. API → Service layer (src/services/auth.py:108)
Business logic runs, queries database
3. Service → Response (src/routes/endpoint.py:67)
Formats result, returns to user
```
### [Secondary Use Case Flow]
[Repeat for other major operations]
## Design Patterns
### [Pattern 1 Used in Project]
**What it is:**
[Brief explanation of the pattern]
**Where we use it:**
[Specific files or components that implement this pattern]
**Why we chose it:**
[Advantages for this specific use case, alternatives considered]
**Trade-offs:**
- Pros: [What you gain]
- Cons: [What you give up]
Example implementation:
```[language]
[Code snippet showing the pattern in action from the actual project]
```
### [Pattern 2]
[Same structure]
## Layer Separation
[If applicable - explain the layer architecture]
```
┌────────────────────────────────────┐
│ Layer 1: [Name] │
│ - [Responsibility] │
│ - [What it doesn't do] │
└────────────────────────────────────┘
┌────────────────────────────────────┐
│ Layer 2: [Name] │
│ - [Responsibility] │
│ - [What it doesn't do] │
└────────────────────────────────────┘
┌────────────────────────────────────┐
│ Layer 3: [Name] │
│ - [Responsibility] │
│ - [What it doesn't do] │
└────────────────────────────────────┘
```
### Why Layers?
[Explain the benefits of this separation]
- [Benefit 1]
- [Benefit 2]
- [Benefit 3]
### What Lives Where
**[Layer 1]:**
- Files: [Which files belong to this layer]
- Imports: [Can import from which other layers]
- Forbidden: [What this layer should never do]
**[Layer 2]:**
[Same structure]
**[Layer 3]:**
[Same structure]
## Data Models
### [Model 1]
```[language]
[Actual data structure from the project]
```
**Fields explained:**
- `[field_name]`: [What this stores, why it's needed, any constraints]
- `[field_name]`: [Explanation]
- `[field_name]`: [Explanation]
**Relationships:**
- [How this model connects to others]
- [Why these relationships exist]
### [Model 2]
[Same structure for each major data model]
## Security Architecture
### Threat Model
What we're protecting against:
1. **[Threat 1]** - [Specific attack scenario]
2. **[Threat 2]** - [Specific attack scenario]
3. **[Threat 3]** - [Specific attack scenario]
What we're NOT protecting against (out of scope):
- [Thing 1] - [Why this is out of scope]
- [Thing 2] - [Reason]
### Defense Layers
[Explain how security is implemented at different levels]
```
Layer 1: [Defense mechanism]
Layer 2: [Defense mechanism]
Layer 3: [Defense mechanism]
```
**Why multiple layers?**
[Explain defense in depth for this specific project]
## Storage Strategy
### [Storage Type 1]
**What we store:**
- [Data type 1]
- [Data type 2]
**Why this storage:**
[Explain choice - performance, durability, cost, etc]
**Schema design:**
```
[Show key structure or table design]
```
### [Storage Type 2]
[If using multiple storage backends]
## Configuration
### Environment Variables
```bash
[VARIABLE_NAME] # [What it configures, default value, why you'd change it]
[VARIABLE_NAME] # [Explanation]
```
### Configuration Strategy
[Explain how config is managed - files, env vars, secrets, etc]
**Development:**
[How config works in dev]
**Production:**
[How config works in prod, security considerations]
## Performance Considerations
### Bottlenecks
Where this system gets slow under load:
1. **[Bottleneck 1]** - [Why this happens, when it matters]
2. **[Bottleneck 2]** - [Explanation]
### Optimizations
What we did to make it faster:
- **[Optimization 1]**: [What we changed, impact it had]
- **[Optimization 2]**: [Details]
### Scalability
**Vertical scaling:**
[How to scale up - more CPU/RAM]
[Where limits are]
**Horizontal scaling:**
[How to scale out - more instances]
[What needs to change to support this]
## Design Decisions
### [Major Decision 1]
**What we chose:**
[The approach taken]
**Alternatives considered:**
- [Option A] - Rejected because [reason]
- [Option B] - Rejected because [reason]
**Trade-offs:**
[What we gained and what we gave up with this choice]
### [Major Decision 2]
[Same structure for each significant architectural choice]
## Deployment Architecture
[If applicable - how this runs in production]
```
[Diagram showing deployment topology]
```
**Components:**
- [Service 1]: [What it runs, how many instances, why]
- [Service 2]: [Details]
**Infrastructure:**
- [Database/cache/etc]: [How it's deployed]
## Error Handling Strategy
### Error Types
1. **[Error category 1]** - [What causes this, how we handle it]
2. **[Error category 2]** - [Details]
### Recovery Mechanisms
[How the system recovers from failures]
**[Failure scenario 1]:**
- Detection: [How we know it happened]
- Response: [What the system does]
- Recovery: [How to get back to normal]
## Extensibility
### Where to Add Features
Want to add [type of feature]? Here's where it goes:
1. [Step 1 with file references]
2. [Step 2]
3. [Step 3]
### Plugin Architecture
[If applicable - how the system can be extended without modifying core code]
## Limitations
Current architectural limitations:
1. **[Limitation 1]** - [What you can't do, why not, how to fix it]
2. **[Limitation 2]** - [Details]
These are not bugs, they're conscious trade-offs. Fixing them would require [what changes].
## Comparison to Similar Systems
### [Similar tool/approach 1]
How we're different:
- [Difference 1]
- [Difference 2]
Why we made different choices:
[Reasoning specific to this use case]
### [Similar tool/approach 2]
[Same structure]
## Evolution
### Version 1.0 Design
[If relevant - how the architecture has changed]
Initial design was [approach]. We changed to current design because [reason].
### Future Improvements
Planned architectural changes:
1. **[Improvement 1]** - [Why we want this, what it enables]
2. **[Improvement 2]** - [Details]
## Key Files Reference
Quick map of where to find things:
- `[file/directory]` - [What's implemented here]
- `[file/directory]` - [Purpose]
- `[file/directory]` - [What to look at]
## Next Steps
Now that you understand the architecture:
1. Read [03-IMPLEMENTATION.md](./03-IMPLEMENTATION.md) for code walkthrough
2. Try modifying [specific component] to understand [concept]

View File

@ -0,0 +1,545 @@
# Implementation Guide
This document walks through the actual code. We'll build key features step by step and explain the decisions along the way.
## File Structure Walkthrough
```
[project-name]/
├── [directory]/
│ ├── [file1] # [What this implements]
│ └── [file2] # [What this implements]
├── [directory]/
│ └── [file] # [What this implements]
└── [key file] # [What this implements]
```
## Building [Core Feature 1]
### Step 1: [First Step]
What we're building: [Specific functionality]
Create `[filename]`:
```[language]
[Code with inline comments explaining the important parts]
```
**Why this code works:**
- [Line/section 1]: [Explanation of what it does and why]
- [Line/section 2]: [Explanation]
- [Line/section 3]: [Explanation]
**Common mistakes here:**
```[language]
# Wrong approach
[Code showing what NOT to do]
# Why this fails: [Explanation of the problem]
```
### Step 2: [Second Step]
Now we need to [next functionality].
In `[filename]` (lines XX-YY):
```[language]
[Relevant code snippet from the actual project]
```
**What's happening:**
1. [Step by step breakdown]
2. [Explanation]
3. [Explanation]
**Why we do it this way:**
[Explain the reasoning - performance, security, maintainability, etc]
**Alternative approaches:**
- [Approach A]: Works but [drawback]
- [Approach B]: Simpler but [limitation]
### Step 3: [Third Step]
[Continue pattern for each major step]
## Building [Core Feature 2]
### The Problem
[Describe what challenge this feature solves]
### The Solution
[High level approach before diving into code]
### Implementation
In `[filename]`:
```[language]
[Code implementation]
```
**Key parts explained:**
**[Function/class name]** (`[filename]:[line]`)
```[language]
[Focused code snippet]
```
This handles [specific responsibility]. The reason we [design choice] is because [explanation].
**[Another function/class]** (`[filename]:[line]`)
```[language]
[Code snippet]
```
[Explanation of what this does differently and why]
### Testing This Feature
```[language]
[Test code or example usage]
```
Expected output:
```
[What you should see]
```
If you see [error], it means [problem and fix].
## Security Implementation
### [Security Feature 1]
File: `[filename]`
```[language]
[Security related code]
```
**What this prevents:**
[Specific attack or vulnerability]
**How it works:**
1. [Step 1]
2. [Step 2]
3. [Step 3]
**What happens if you remove this:**
[Demonstrate why this security measure is necessary]
### [Security Feature 2]
[Same pattern for each security mechanism]
## Data Flow Example
Let's trace a complete request through the system.
**Scenario:** [Specific user action]
### Request Comes In
```[language]
# Entry point: [filename]:[line]
[Code at entry point]
```
At this point:
- [State/data description]
- [What's been validated]
- [What happens next]
### Processing Layer
```[language]
# Processing: [filename]:[line]
[Code in processing layer]
```
This code:
- [Action 1]
- [Action 2]
- [Why it's structured this way]
### Storage/Output
```[language]
# Final step: [filename]:[line]
[Code that completes the operation]
```
The result is [outcome]. We store/return it as [format] because [reason].
## Error Handling Patterns
### [Error Type 1]
When [condition] happens, we need to [response].
```[language]
# [filename]:[line]
try:
[operation that might fail]
except [SpecificException] as e:
[error handling]
```
**Why this specific handling:**
[Explanation of the error handling strategy]
**What NOT to do:**
```[language]
# Bad: catching everything
try:
[operation]
except Exception:
pass # Silently fails - terrible idea
```
This hides actual problems. Always handle specific exceptions.
### [Error Type 2]
[Continue for major error cases]
## Performance Optimizations
### [Optimization 1]
**Before:**
```[language]
[Slow/naive implementation]
```
This was slow because [reason]. With [example scenario], it took [time/resources].
**After:**
```[language]
[Optimized implementation]
```
**What changed:**
- [Change 1]: [Impact]
- [Change 2]: [Impact]
**Benchmarks:**
- Before: [metric]
- After: [metric]
- Improvement: [percentage/factor]
### [Optimization 2]
[Same pattern]
## Configuration Management
### Loading Config
```[language]
# [filename]:[line]
[Config loading code]
```
**Why this approach:**
[Explain the config strategy]
**Validation:**
```[language]
[Config validation code if applicable]
```
We validate early because [reason]. If config is wrong, we want to fail fast at startup, not mysteriously later.
## Database/Storage Operations
### [Operation Type 1]
```[language]
# [filename]:[line]
[Database operation code]
```
**Important details:**
- [Transaction handling]: [Why it matters]
- [Connection management]: [How we avoid leaks]
- [Query optimization]: [Why we wrote it this way]
### Migrations
[If applicable]
When you change [data structure], run:
```bash
[migration command]
```
This updates [what changes] without losing [what's preserved].
## Integration Points
### [External System/API 1]
How we integrate with [system]:
```[language]
# [filename]:[line]
[Integration code]
```
**Authentication:**
[How auth is handled]
**Error handling:**
[What happens when external system fails]
**Rate limiting:**
[How we avoid getting throttled]
### [External System 2]
[Same pattern]
## Testing Strategy
### Unit Tests
Example test for [component]:
```[language]
# tests/[filename]
[Test code]
```
**What this tests:**
- [Behavior 1]
- [Behavior 2]
**Why these specific assertions:**
[Explain what could break and how test catches it]
### Integration Tests
```[language]
# tests/[filename]
[Integration test code]
```
This tests [end-to-end scenario]. We need this because unit tests don't catch [specific integration issues].
### Running Tests
```bash
[test command]
```
If tests fail with [error], check [common cause].
## Common Implementation Pitfalls
### Pitfall 1: [Common Mistake]
**Symptom:**
[What the developer sees]
**Cause:**
```[language]
# The problematic code
[What they probably wrote]
```
**Fix:**
```[language]
# Correct approach
[How to do it right]
```
**Why this matters:**
[Real impact of the mistake]
### Pitfall 2: [Another Mistake]
[Same pattern for common errors you actually see in this domain]
## Debugging Tips
### [Issue Type 1]
**Problem:** [Description]
**How to debug:**
1. Check [location 1] for [evidence]
2. Look at [logs/output] for [pattern]
3. Verify [assumption]
**Common causes:**
- [Cause 1]
- [Cause 2]
### [Issue Type 2]
[Continue for common debugging scenarios]
## Code Organization Principles
### Why [File/Module] is Structured This Way
```
[module]/
├── [file1] # [Responsibility]
└── [file2] # [Responsibility]
```
We separate [concern 1] from [concern 2] because:
- [Reason 1]
- [Reason 2]
This makes [benefit].
### Naming Conventions
- `[pattern]` = [What this naming means]
- `[pattern]` = [Convention explanation]
Following these patterns makes it easier to [benefit].
## Extending the Code
### Adding a New [Feature Type]
Want to add [capability]? Here's the process:
1. **Create [component]** in `[location]`
```[language]
[Template code to start from]
```
2. **Register [component]** in `[location]`
```[language]
[Registration code]
```
3. **Add tests** in `[location]`
```[language]
[Test template]
```
### Plugin Pattern
[If applicable - how to extend without modifying core]
Create `plugins/[name].py`:
```[language]
[Plugin template code]
```
The system discovers plugins by [mechanism]. Your plugin must implement [interface].
## Code Style and Standards
### Formatting
We use [linter/formatter]:
```bash
[command to run it]
```
Key rules:
- [Rule 1]: [Why]
- [Rule 2]: [Why]
### Type Annotations
[If applicable]
```[language]
# Good
[properly typed code]
# Bad
[untyped code]
```
Types catch [specific bugs] at [development stage] instead of [runtime].
## Dependencies
### Why Each Dependency
- **[package1]** ([version]): [What we use it for, why this package specifically]
- **[package2]** ([version]): [Purpose and reasoning]
- **[package3]** ([version]): [Explanation]
### Dependency Security
Check for vulnerabilities:
```bash
[security scan command]
```
If you see [vulnerability type], [how to handle it].
## Build and Deploy
### Building
```bash
[build commands]
```
This produces [artifacts]. The build process:
1. [Step 1]
2. [Step 2]
3. [Step 3]
### Local Development
```bash
# Start development environment
[dev command]
# Hot reload is enabled - changes to [files] reload automatically
```
### Production Deployment
[High level deployment process]
Key differences from dev:
- [Difference 1]
- [Difference 2]
## Performance Profiling
### Finding Bottlenecks
```bash
[profiling command]
```
Look for:
- [Metric 1] above [threshold] = [problem]
- [Metric 2] indicates [bottleneck]
### Memory Profiling
[If relevant]
```bash
[memory profiling command]
```
Common memory leaks in this codebase:
- [Pattern 1]: [How to spot and fix]
- [Pattern 2]: [Details]
## Next Steps
You've seen how the code works. Now:
1. **Try the challenges** - [04-CHALLENGES.md](./04-CHALLENGES.md) has extension ideas
2. **Modify the code** - Change [component] to [variation] to test your understanding
3. **Read related projects** - [Link to related project] builds on these concepts

View File

@ -0,0 +1,420 @@
# Extension Challenges
You've built the base project. Now make it yours by extending it with new features.
These challenges are ordered by difficulty. Start with the easier ones to build confidence, then tackle the harder ones when you want to dive deeper.
## Easy Challenges
### Challenge 1: [Extension Idea]
**What to build:**
[Specific feature to add]
**Why it's useful:**
[Real world scenario where this matters]
**What you'll learn:**
- [Skill/concept 1]
- [Skill/concept 2]
**Hints:**
- Look at `[filename]` - you'll need to modify [component]
- The key is [concept/technique]
- Don't forget to handle [edge case]
**Test it works:**
[How to verify the feature works correctly]
### Challenge 2: [Another Extension]
[Same format for each challenge]
### Challenge 3: [Another Extension]
[Continue pattern]
## Intermediate Challenges
### Challenge 4: [More Complex Feature]
**What to build:**
[Feature description]
**Real world application:**
[Where you'd actually use this in production]
**What you'll learn:**
- [New concept 1]
- [New concept 2]
- [Integration with existing code]
**Implementation approach:**
1. **Add [component]** to handle [responsibility]
- Files to create: `[filename]`
- Files to modify: `[filename]`
2. **Integrate with [existing system]**
- Hook into [entry point]
- Pass data through [flow]
3. **Test edge cases:**
- What if [scenario 1]?
- How do you handle [scenario 2]?
**Hints:**
- You'll need [technology/library]
- The tricky part is [specific challenge]
- Consider [design pattern] for [aspect]
**Extra credit:**
[Additional variation to make it more sophisticated]
### Challenge 5: [Another Intermediate Feature]
[Continue pattern]
## Advanced Challenges
### Challenge 6: [Complex Integration]
**What to build:**
[Significant new capability]
**Why this is hard:**
[What makes this challenging - multiple components, complex state, performance, etc]
**What you'll learn:**
- [Advanced concept 1]
- [Advanced concept 2]
- [System design skill]
**Architecture changes needed:**
```
[Diagram showing how the new feature fits in]
```
**Implementation steps:**
1. **Research phase**
- Read about [technology/concept]
- Understand [standard/protocol/algorithm]
- Look at [reference implementation]
2. **Design phase**
- Decide between [approach A] vs [approach B]
- Consider impact on [existing component]
- Plan database/storage changes
3. **Implementation phase**
- Start with [minimal version]
- Add [capability 1]
- Add [capability 2]
4. **Testing phase**
- Unit test [component]
- Integration test [flow]
- Performance test under [load scenario]
**Gotchas:**
- [Common mistake 1]: [How to avoid]
- [Common mistake 2]: [How to avoid]
**Resources:**
- [RFC/spec/documentation] - [What to focus on]
- [Blog post/paper] - [Key insights]
### Challenge 7: [Another Advanced Feature]
[Continue pattern]
## Expert Challenges
### Challenge 8: [Major Feature Requiring Significant Work]
**What to build:**
[Ambitious extension that changes how the system works]
**Estimated time:**
[Realistic estimate - days or weeks]
**Prerequisites:**
You should have completed [earlier challenges] first because this builds on [concepts].
**What you'll learn:**
- [Expert level concept 1]
- [Expert level concept 2]
- [Real world engineering skill]
**Planning this feature:**
Before you code, think through:
- How does this affect existing functionality?
- What are the performance implications?
- How do you migrate existing data/users?
- What's your rollback plan if it breaks?
**High level architecture:**
```
[Detailed architecture diagram of the new feature]
```
**Implementation phases:**
**Phase 1: Foundation** (X-Y hours)
- [What to build first]
- [Why this order]
**Phase 2: Core Feature** (X-Y hours)
- [Main functionality]
- [Key algorithms/logic]
**Phase 3: Integration** (X-Y hours)
- [Connect to existing system]
- [Handle compatibility]
**Phase 4: Polish** (X-Y hours)
- [Error handling]
- [Performance optimization]
- [Documentation]
**Testing strategy:**
- [Test type 1]: [What to verify]
- [Test type 2]: [Scenarios to cover]
- [Test type 3]: [Edge cases]
**Known challenges:**
1. **[Challenge 1]**
- Problem: [What goes wrong]
- Hint: [Direction toward solution]
2. **[Challenge 2]**
- Problem: [Issue]
- Hint: [Guidance]
**Success criteria:**
Your implementation should:
- [ ] [Requirement 1]
- [ ] [Requirement 2]
- [ ] [Requirement 3]
- [ ] Handle [edge case]
- [ ] Pass [performance benchmark]
### Challenge 9: [Another Expert Challenge]
[Continue pattern]
## Mix and Match
Combine features for bigger projects:
**Project Idea 1: [Combined Feature Set]**
- Combine Challenge X + Challenge Y
- Add [new integration]
- Result: [What you end up with]
**Project Idea 2: [Another Combination]**
- [Details]
## Real World Integration Challenges
### Integrate with [External System/API]
**The goal:**
Make this project work with [real service].
**What you'll need:**
- [Service] account/API key
- Understanding of [protocol/API]
- Handle [authentication method]
**Implementation plan:**
1. [Step 1]
2. [Step 2]
3. [Step 3]
**Watch out for:**
- [Rate limits]
- [Authentication refresh]
- [Error handling]
### Deploy to [Platform]
**The goal:**
Get this running in production on [cloud platform/service].
**What you'll learn:**
- [Infrastructure as code]
- [Deployment automation]
- [Production monitoring]
**Steps:**
1. [Infrastructure setup]
2. [Configuration management]
3. [Deployment pipeline]
4. [Monitoring setup]
**Production checklist:**
- [ ] [Security requirement]
- [ ] [Performance requirement]
- [ ] [Monitoring requirement]
- [ ] [Backup/recovery]
## Performance Challenges
### Challenge: Handle [Scale Metric]
**The goal:**
Make this system handle [specific load] without falling over.
**Current bottleneck:**
[Component] can only handle [current limit] because [reason].
**Optimization approaches:**
**Approach 1: [Technique]**
- How: [Implementation]
- Gain: [Performance improvement]
- Tradeoff: [What you give up]
**Approach 2: [Another technique]**
- How: [Details]
- Gain: [Improvement]
- Tradeoff: [Cost]
**Benchmark it:**
```bash
[Load testing command]
```
Target metrics:
- [Metric 1]: [Goal]
- [Metric 2]: [Goal]
### Challenge: Reduce [Resource Usage]
**The goal:**
Cut [memory/CPU/bandwidth] usage by [percentage].
**Profile first:**
```bash
[profiling command]
```
**Common optimization areas:**
- [Area 1]: [What's inefficient, how to fix]
- [Area 2]: [Details]
## Security Challenges
### Challenge: Add [Security Feature]
**What to implement:**
[Specific security mechanism]
**Threat model:**
This protects against:
- [Attack 1]
- [Attack 2]
**Implementation:**
[Where to add it, how it works]
**Testing the security:**
- Try to [bypass method 1]
- Attempt [attack vector 2]
- Verify [security property holds]
### Challenge: Pass [Security Standard]
**The goal:**
Make this project compliant with [OWASP/CIS/NIST standard].
**Current gaps:**
- [Gap 1]: [What's missing]
- [Gap 2]: [What needs fixing]
**Remediation:**
[How to address each gap]
## Contribution Ideas
Finished a challenge? Share it back:
1. **Fork the repo**
2. **Implement your extension** in a new branch
3. **Document it** - add to learn folder
4. **Submit a PR** with:
- Your implementation
- Tests
- Documentation
- Example usage
Good extensions might get merged into the main project.
## Challenge Yourself Further
### Build Something New
Use the concepts you learned here to build:
- [Related tool 1] - [What it would do]
- [Related tool 2] - [Purpose]
- [Variation] - [How it's different]
### Study Real Implementations
Compare your implementation to production tools:
- [Tool 1] - [What they do differently]
- [Tool 2] - [Interesting design choices]
Read their code, understand their tradeoffs, steal their good ideas.
### Write About It
Document your extension:
- Blog post explaining [what you built]
- Tutorial for others to follow
- Comparison with [alternative approach]
Teaching others is the best way to verify you understand it.
## Getting Help
Stuck on a challenge?
1. **Debug systematically**
- What did you expect?
- What actually happened?
- What's the smallest test case that reproduces it?
2. **Read the existing code**
- [Similar feature] does something related
- [Component] might have the pattern you need
3. **Search for similar problems**
- [Forum/community]
- [Stack Overflow tag]
4. **Ask for help**
- Post in [discussion forum]
- Include: what you tried, what happened, what you expected
- Don't just paste error messages - explain your understanding
## Challenge Completion
Track your progress:
- [ ] Easy Challenge 1
- [ ] Easy Challenge 2
- [ ] Easy Challenge 3
- [ ] Intermediate Challenge 4
- [ ] Intermediate Challenge 5
- [ ] Advanced Challenge 6
- [ ] Advanced Challenge 7
- [ ] Expert Challenge 8
- [ ] Expert Challenge 9
Completed all of them? You've mastered this project. Time to build something new or contribute back to the community.

View File

@ -0,0 +1,116 @@
# Learn Folder Checklist
Quick reference for what to include in each file.
## 00-OVERVIEW.md
- [ ] **What This Is** - 2-3 sentence project description
- [ ] **Why This Matters** - Real world problem it solves
- [ ] **Real world scenarios** - 3 specific use cases
- [ ] **What You'll Learn** - Security concepts, technical skills, tools
- [ ] **Prerequisites** - Required knowledge, tools needed, nice-to-haves
- [ ] **Quick Start** - Installation steps that work
- [ ] **Project Structure** - Key directories and files
- [ ] **Next Steps** - Links to other learn files
- [ ] **Common Issues** - 2-3 frequent problems with solutions
- [ ] **Related Projects** - Links to similar projects
## 01-CONCEPTS.md
- [ ] **Primary Concept** - What it is, why it matters, how it works
- [ ] **Common Attacks** - 3+ specific attack techniques
- [ ] **Defense Strategies** - How to protect against attacks
- [ ] **Secondary Concept** - Same structure
- [ ] **Common Pitfalls** - Code examples of mistakes vs correct approach
- [ ] **How Concepts Relate** - Connection diagram
- [ ] **Industry Standards** - OWASP, MITRE, CWE mappings
- [ ] **Real World Examples** - 2+ actual incidents/breaches
- [ ] **Testing Your Understanding** - 3+ questions
- [ ] **Further Reading** - Essential and deep dive resources
## 02-ARCHITECTURE.md
- [ ] **High Level Architecture** - ASCII diagram with components
- [ ] **Component Breakdown** - Purpose and responsibilities of each
- [ ] **Data Flow** - Step by step walkthrough with code references
- [ ] **Design Patterns** - Patterns used, why, trade-offs
- [ ] **Layer Separation** - If applicable, explain layers
- [ ] **Data Models** - Key structures with field explanations
- [ ] **Security Architecture** - Threat model and defense layers
- [ ] **Storage Strategy** - What's stored where and why
- [ ] **Configuration** - Environment variables and strategy
- [ ] **Performance Considerations** - Bottlenecks and optimizations
- [ ] **Design Decisions** - Major choices, alternatives, trade-offs
- [ ] **Deployment Architecture** - How it runs in production
- [ ] **Error Handling** - Strategy for different error types
- [ ] **Extensibility** - Where and how to add features
- [ ] **Limitations** - Current architectural constraints
- [ ] **Comparison** - How this differs from similar systems
## 03-IMPLEMENTATION.md
- [ ] **File Structure** - Walkthrough of directory layout
- [ ] **Building Core Feature 1** - Step by step with code
- [ ] **Building Core Feature 2** - Same structure
- [ ] **Security Implementation** - How security features work
- [ ] **Data Flow Example** - Complete request trace through system
- [ ] **Error Handling** - Patterns with code examples
- [ ] **Performance Optimizations** - Before/after with benchmarks
- [ ] **Configuration Management** - Loading and validation
- [ ] **Database Operations** - CRUD with transaction handling
- [ ] **Integration Points** - External systems/APIs
- [ ] **Testing Strategy** - Unit and integration test examples
- [ ] **Common Pitfalls** - Mistakes with symptoms, causes, fixes
- [ ] **Debugging Tips** - How to troubleshoot common issues
- [ ] **Code Organization** - Why files structured this way
- [ ] **Extending the Code** - Template for adding features
- [ ] **Code Style** - Linting, formatting, type annotations
- [ ] **Dependencies** - Why each dependency, security scanning
- [ ] **Build and Deploy** - Commands for building and running
## 04-CHALLENGES.md
- [ ] **Easy Challenges** (3+) - Simple extensions with hints
- [ ] **Intermediate Challenges** (2+) - More complex features
- [ ] **Advanced Challenges** (2+) - Significant new capabilities
- [ ] **Expert Challenges** (1+) - Major features with detailed planning
- [ ] **Mix and Match** - Combined project ideas
- [ ] **Real World Integration** - External system connections
- [ ] **Performance Challenges** - Scale and optimization tasks
- [ ] **Security Challenges** - Additional security features
- [ ] **Contribution Ideas** - How to share back
- [ ] **Challenge Yourself Further** - Build new things, study others
- [ ] **Getting Help** - Debugging and asking for help
- [ ] **Challenge Completion** - Checklist to track progress
## For Each Challenge
- [ ] **What to build** - Specific feature description
- [ ] **Why it's useful** - Real world application
- [ ] **What you'll learn** - Skills and concepts
- [ ] **Hints** - Guidance without full solution
- [ ] **Test it works** - Verification steps
## Writing Quality Checks
- [ ] No em dashes (use periods or commas)
- [ ] Minimal "it's not X, it's Y" contrast flips
- [ ] Inconsistent hyphenation (mix it up)
- [ ] Concrete examples, not abstractions
- [ ] Real code from the project (not toy examples)
- [ ] File and line number references
- [ ] ASCII diagrams where helpful
- [ ] Real world incidents referenced
- [ ] Common mistakes shown
- [ ] Human voice (not AI marketing speak)
## Before Publishing
- [ ] All links work
- [ ] Code examples tested
- [ ] Quick start instructions verified
- [ ] Consistent formatting
- [ ] No placeholder text left
- [ ] Reviewed by someone else if possible
- [ ] Spelling and grammar checked
- [ ] Makes sense to someone unfamiliar with the project

264
.github/learn-folder-template/README.md vendored Normal file
View File

@ -0,0 +1,264 @@
# Learn Folder Template
This directory contains templates for creating consistent, high quality educational documentation for each project.
## What Goes in a learn/ Folder
Every completed project should have a `learn/` directory with these four files:
1. **00-OVERVIEW.md** - Project introduction, prerequisites, quick start
2. **01-CONCEPTS.md** - Security concepts and theory
3. **02-ARCHITECTURE.md** - System design and technical decisions
4. **03-IMPLEMENTATION.md** - Code walkthrough and how to build it
5. **04-CHALLENGES.md** - Extension ideas and next steps
## Using These Templates
### For New Projects
When you start a new project:
1. Copy this entire template directory to your project:
```bash
cp -r .github/learn-folder-template PROJECTS/[difficulty]/[project-name]/learn
cd PROJECTS/[difficulty]/[project-name]/learn
```
2. Remove this README (you don't need it in the project):
```bash
rm README.md
```
3. Fill in each template:
- Replace `[placeholders]` with actual content
- Delete sections that don't apply
- Add sections specific to your project
- Keep the overall structure
4. Write as you build - don't wait until the end
### For Existing Projects
Backfilling learn/ folders:
1. Start with 00-OVERVIEW.md - this is the easiest
2. Then do 01-CONCEPTS.md - what security ideas does this teach?
3. Then 02-ARCHITECTURE.md - how is it designed?
4. Then 03-IMPLEMENTATION.md - walk through the actual code
5. Finally 04-CHALLENGES.md - how can others extend it?
Don't try to do all files at once. One file per session works fine.
## Writing Guidelines
### Tone and Style
**Do:**
- Write like you're explaining to a smart friend
- Use concrete examples and real code
- Explain WHY, not just WHAT
- Reference actual vulnerabilities and incidents
- Show common mistakes and how to avoid them
- Use diagrams and code snippets liberally
**Don't:**
- Sound like a marketing brochure
- Use buzzwords without explaining them
- Assume the reader knows everything (or nothing)
- Write walls of text - break it up
- Skip the hard parts
### Content Depth
**00-OVERVIEW.md** - Surface level, get them excited and oriented
- 5-10 minute read
- Focus on what and why
- Light on technical details
**01-CONCEPTS.md** - Medium depth, teach the theory
- 15-20 minute read
- Explain security concepts thoroughly
- Use examples and diagrams
- Reference standards (OWASP, MITRE, etc)
**02-ARCHITECTURE.md** - Deep dive on system design
- 20-30 minute read
- Show the big picture
- Explain design decisions and tradeoffs
- Include diagrams
**03-IMPLEMENTATION.md** - Deepest, actual code walkthrough
- 30-45 minute read
- Reference real files and line numbers
- Show actual code from the project
- Explain step by step
**04-CHALLENGES.md** - Mixed depth based on difficulty
- 10-15 minute read
- Range from easy to expert
- Provide hints, not full solutions
- Encourage experimentation
### Code Examples
Always show real code from the actual project, not toy examples:
```python
# Good - actual code from the project
# src/auth/service.py:42-56
async def authenticate_user(email: str, password: str) -> User:
user = await user_repo.find_by_email(email)
if not user or not verify_password(password, user.password_hash):
raise InvalidCredentials()
return user
```
```python
# Bad - generic example
def login(username, password):
# check if valid
return user
```
### Avoiding AI Voice
Watch out for these telltale AI patterns:
**Em dashes** - Don't use them. Use periods or commas instead.
```
Bad: "It's not just about security — it's about building robust systems"
Good: "This teaches security and system design"
```
**Contrast flips** - The "it's not X, it's Y" pattern
```
Bad: "It's not about memorizing syntax — it's about understanding concepts"
Good: "Focus on understanding concepts, not memorizing syntax"
```
**Perfect hyphenation** - Don't hyphenate every compound modifier
```
Bad: "real-time analysis using state-of-the-art machine-learning algorithms"
Good: "real-time analysis using state of the art machine learning algorithms"
```
Mix it up. Sometimes hyphenate, sometimes don't. Humans are inconsistent.
**Generic enthusiasm**
```
Bad: "Embark on an exciting journey into the world of cybersecurity!"
Good: "Learn how rate limiting works by building one from scratch"
```
### Diagrams
ASCII diagrams work great:
```
┌─────────────┐
│ Client │
└──────┬──────┘
┌─────────────┐
│ API │
└──────┬──────┘
┌─────────────┐
│ Database │
└─────────────┘
```
Use them for:
- Architecture overviews
- Data flow
- State machines
- Layer diagrams
### Real World References
Ground concepts in reality:
**Good:**
"In the 2017 Equifax breach, attackers exploited a known Apache Struts vulnerability (CVE-2017-5638). This project teaches you how to scan for such vulnerabilities in your dependencies."
**Bad:**
"In today's evolving threat landscape, vulnerability management is critical."
## Quality Checklist
Before submitting a learn/ folder, check:
### 00-OVERVIEW.md
- [ ] Explains what the project does in 2-3 sentences
- [ ] Lists specific prerequisites with examples
- [ ] Includes quick start instructions that work
- [ ] Shows expected output
- [ ] Links to other learn/ files
### 01-CONCEPTS.md
- [ ] Explains each security concept thoroughly
- [ ] Includes real world examples or breaches
- [ ] Shows common attacks and defenses
- [ ] References OWASP/MITRE/CWE where relevant
- [ ] Includes "testing your understanding" questions
### 02-ARCHITECTURE.md
- [ ] High level architecture diagram
- [ ] Component breakdown
- [ ] Design decisions with reasoning
- [ ] Data flow examples
- [ ] Performance and security considerations
### 03-IMPLEMENTATION.md
- [ ] References actual files and line numbers
- [ ] Shows real code from the project
- [ ] Explains WHY, not just WHAT
- [ ] Includes common pitfalls
- [ ] Provides debugging tips
### 04-CHALLENGES.md
- [ ] Mix of difficulty levels
- [ ] Specific, actionable challenges
- [ ] Hints without full solutions
- [ ] Real world applications
- [ ] Connection to other projects
### General
- [ ] No em dashes
- [ ] Minimal "it's not X, it's Y" patterns
- [ ] Inconsistent hyphenation (like a human)
- [ ] Concrete examples, not abstractions
- [ ] Code examples are real, not toys
- [ ] Diagrams where helpful
- [ ] Links work
- [ ] Formatting is consistent
## Examples
Good examples to reference:
- **PROJECTS/advanced/bug-bounty-platform/learn/** - Comprehensive, well structured
- **PROJECTS/advanced/api-rate-limiter/learn/** - Good technical depth
These aren't perfect but they're solid templates to learn from.
## Getting Help
Questions about writing learn/ docs?
1. Look at existing examples
2. Ask in discussions
3. Draft one file and get feedback before doing all five
4. Iterate based on feedback
## Contributing Improvements
Found ways to improve these templates?
1. Make changes to `.github/learn-folder-template/`
2. Submit PR with explanation
3. Update this README if structure changes
The templates should evolve as we learn what works best.