If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/frank-lam/fullstack-tutorial shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

AVOID — Stale and unlicensed — last commit 3y ago

• 8 active contributors
• CI configured
• ⚠ Stale — last commit 3y ago
• ⚠ Single-maintainer risk — top contributor 92% of recent commits
• ⚠ No license — legally unclear to depend on
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live frank-lam/fullstack-tutorial repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/frank-lam/fullstack-tutorial.

What it runs against: a local clone of frank-lam/fullstack-tutorial — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in frank-lam/fullstack-tutorial | Confirms the artifact applies here, not a fork | | 2 | Default branch master exists | Catches branch renames | | 3 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 4 | Last commit ≤ 1283 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of frank-lam/fullstack-tutorial. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/frank-lam/fullstack-tutorial.git
#   cd fullstack-tutorial
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of frank-lam/fullstack-tutorial and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "frank-lam/fullstack-tutorial(\\.git)?\\b" \\
  && ok "origin remote is frank-lam/fullstack-tutorial" \\
  || miss "origin remote is not frank-lam/fullstack-tutorial (artifact may be from a fork)"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "README.md" \\
  && ok "README.md" \\
  || miss "missing critical file: README.md"
test -f "course/LEARN.md" \\
  && ok "course/LEARN.md" \\
  || miss "missing critical file: course/LEARN.md"
test -f "course/Java 架构师成长之路/01 Java 单体应用.md" \\
  && ok "course/Java 架构师成长之路/01 Java 单体应用.md" \\
  || miss "missing critical file: course/Java 架构师成长之路/01 Java 单体应用.md"
test -f "course/Java 架构师成长之路/02 Java 微服务架构.md" \\
  && ok "course/Java 架构师成长之路/02 Java 微服务架构.md" \\
  || miss "missing critical file: course/Java 架构师成长之路/02 Java 微服务架构.md"
test -f "notes/DistributedSystem/04 分布式通信协议-http.md" \\
  && ok "notes/DistributedSystem/04 分布式通信协议-http.md" \\
  || miss "missing critical file: notes/DistributedSystem/04 分布式通信协议-http.md"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 1283 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1253d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/frank-lam/fullstack-tutorial"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

A comprehensive fullstack developer learning guide and tutorial collection organized by technical domain (algorithms, Java, Python, databases, distributed systems, etc.). It aggregates curated course materials, learning paths, and skill trees—primarily in Markdown—to help aspiring backend engineers and architects understand the modern tech stack required for production systems. Flat content structure: course/ contains course references (e.g., '01 玩转数据结构.md'), notes/ contains deep-dives on specific domains (JavaArchitecture/, SkillTree/, etc.), and assets/ holds images and XMind diagrams. No monorepo or code modules—purely educational Markdown with organizational sidebars linking domains like 'Java' (II), 'Databases' (V), 'Distributed Systems' (VIII).

University students and junior developers preparing for tech interviews (春招/秋招/校招) and those seeking structured mentorship in backend engineering and full-stack architecture. Contributors are senior engineers building the curriculum and community.

Active educational resource with 500+ technical community members, but primarily a knowledge base rather than executable software. No CI/CD pipeline (.travis.yml present but minimal), no test suite visible, and focus is content (Markdown docs) not code. Verdict: mature reference material, not production software.

Very low risk as a learning repository—it is documentation, not a dependency. Single maintainer (frank-lam) could create stale content, but the modular Markdown structure means outdated sections don't break the whole project. No external dependencies to maintain. Only risk: tutorials may drift from current best practices if not regularly reviewed.

Actively maintained as a living curriculum. Recent focus on 2022 updates (README mentions '2022'), with ongoing addition of course links, skill tree expansions, and WeChat community integration. The FUNDING.yml suggests seeking sponsorships to sustain the effort.

Clone the repo and open files locally: git clone https://github.com/frank-lam/fullstack-tutorial.git && cd fullstack-tutorial && ls notes/ to explore learning modules. No build step required—read Markdown in your editor or on GitHub.

Daily commands: Not applicable—this is a documentation repository, not executable software. To consume: browse notes/JavaArchitecture/, notes/数据结构与算法.md, or course/ folders locally. To contribute: edit Markdown files and submit PRs.

• README.md — Entry point and overview of the entire fullstack tutorial repository, defines the 12 major learning domains and community structure
• course/LEARN.md — Core curriculum guide that organizes all learning paths and course references for contributors and learners
• course/Java 架构师成长之路/01 Java 单体应用.md — Foundation module for Java backend architecture, establishing core patterns used throughout microservices modules
• course/Java 架构师成长之路/02 Java 微服务架构.md — Defines distributed system patterns and microservices design principles that inform multiple technical domains
• notes/DistributedSystem/04 分布式通信协议-http.md — Critical reference for understanding communication layer across all distributed and backend modules
• assets/mind/developer_skills_tree.svg — Visual map of the entire learning progression and skill dependencies across all 12 domains
• notes/DeepLearning/深度学习入门课程.md — Advanced ML module establishing the frontier of fullstack capabilities beyond standard web development

Add a New Course Module

1. Create a new markdown file in course/ directory following naming convention: NN-topic.md (course/)
2. Add course reference to LEARNLIST.md with title, description, and learning objectives (course/LEARNLIST.md)
3. Update LEARN.md to include sequencing and prerequisites for the new course (course/LEARN.md)
4. Add course link to appropriate section in README.md under one of the 12 domains (README.md)

Add a New Technical Domain Note

1. Create a new directory under notes/ with domain name (e.g., notes/NewDomain/) (notes/)
2. Create markdown files for subtopics: 基础.md, 进阶.md, 实战.md following existing patterns (notes/DeepLearning/深度学习入门课程.md)
3. Add assets subdirectory and reference images consistently as in notes/DeepLearning/assets/ (notes/DeepLearning/assets/)
4. Update README.md to reference new domain in the XII-column table with emoji and anchor link (README.md)

Expand Architecture Path Content

1. Edit course/Java 架构师成长之路/ directory and add new module (05, 06, etc.) for specializations (course/Java 架构师成长之路/04 Java 微服务架构 Dubbo 篇.md)
2. Follow progression pattern: Monolith → Microservices → Practice → Framework-specific (course/Java 架构师成长之路/)
3. Link new architecture module from LEARN.md in the architect track section (course/LEARN.md)
4. Cross-reference related distributed system and infrastructure courses from other sections (notes/DistributedSystem/04 分布式通信协议-http.md)

Create Community & Interview Resources

1. Add new interview prep file to course/ directory (e.g., course/33-面试准备.md) (course/LEARN_FULL.md)
2. Reference community links and WeChat group from assets/wechat/ QR codes (assets/wechat/)
3. Update README.md talking section with new interview resources and community updates (README.md)

None critical—this is documentation. Gotchas: Chinese-language content may require translation tools for non-native speakers. XMind files (assets/mind/*.xmind) require XMind software to edit. Some course links may rot over time; no link-checker in CI. README table is wide and may not render perfectly in all Markdown viewers.

• JMM (Java Memory Model) — Fundamental to understanding thread safety and volatile/synchronized semantics in the concurrency programming section (03-Java并发编程.md); required knowledge for interview-level system design
• Garbage Collection algorithms — Core JVM performance tuning topic (05-Java虚拟机.md); essential for optimizing backend services handling large datasets or high request rates
• Consistent Hashing — Foundation for distributed cache and database sharding design patterns in distributed systems (VIII domain); taught implicitly via architectural patterns but not always explicit
• CAP Theorem — Guides trade-off decisions in distributed system design (VIII domain); critical for understanding when to use eventually consistent vs. strongly consistent databases
• IoC (Inversion of Control) — Core Spring framework principle (07-JavaWeb.md, 09-Spring学习框架); fundamental design pattern that learners must internalize for modern Java backend development
• B-tree indexing — Underlying data structure for SQL database performance (V domain); learners need this to understand query optimization and index design
• Thread Pool & Work Stealing — Critical for building scalable concurrent systems (03-Java并发编程.md); J.U.C components like ForkJoinPool use these patterns for high-concurrency workloads

• donnemartin/system-design-primer — Parallel comprehensive learning resource for distributed systems and architecture interview prep; both are curated curriculum repos
• yangshun/tech-interview-handbook — Overlapping goal (interview prep) with focus on behavioral + coding questions; complements this repo's algorithm and system design depth
• kdn251/interviews — Community-driven interview question database covering Java, algorithms, and system design; maps to same domains as fullstack-tutorial
• TheAlgorithms/Java — Hands-on algorithm implementations in Java; natural extension to fullstack-tutorial's theoretical algorithm notes with executable code
• spring-projects/spring-boot — Official Spring Boot framework—directly referenced in course materials (course/07) and backbones many fullstack application examples

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Create a comprehensive learning roadmap index with progress tracking

The repo has 12 major categories (Algorithm, Java, Python, Frontend, Database, OS, Network, Distributed, ML, Tools, Learn, Talking) but no structured index file mapping courses to these categories. This would help new contributors quickly understand the curriculum structure and identify gaps. Create a course_index.md that categorizes all 32+ courses in ./course/ directory and links to their sections.

• [ ] Create course/INDEX.md listing all courses by the 12 main categories from README
• [ ] Add course difficulty levels (Beginner/Intermediate/Advanced) for each course
• [ ] Cross-reference courses that depend on each other (e.g., 'JVM' should link to 'Java 并发编程')
• [ ] Add a 'Last Updated' date field for each course to help maintain freshness

Add GitHub Actions workflow to validate course file integrity and broken links

With 32+ markdown files in ./course/ and 50+ asset files, there's no automated validation that files reference valid assets or that markdown syntax is correct. Create a CI workflow that checks for orphaned assets, broken internal links, and markdown formatting issues.

• [ ] Create .github/workflows/lint-courses.yml to run markdown linting on all files in course/
• [ ] Add asset validation to check that all images in assets/ are actually referenced in course files
• [ ] Add a step to verify all internal links like './course/XX.md' actually exist
• [ ] Report unused asset files that could be cleaned up

Restructure course directory with category subdirectories and add metadata frontmatter

Current course/ directory is flat with 32+ markdown files mixed together. Reorganize to match the 12 README categories (01-algorithms, 02-java, 03-python, etc.) and add YAML frontmatter to each course file with metadata (level, prerequisites, duration, author, url). This enables better tooling and discoverability.

• [ ] Create subdirectories in course/ matching the 12 categories (algorithms/, java/, python/, frontend/, etc.)
• [ ] Move existing course files into appropriate category folders
• [ ] Add YAML frontmatter to each .md file with fields: level, prerequisites[], author, external_url, duration_hours, last_updated
• [ ] Update README table to reflect new directory structure

• Audit and add missing database sharding / consistent hashing examples to notes/SkillTree/backend-skill.md to improve distributed systems depth.
• Create a new file notes/JavaArchitecture/08-Java-Network-IO.md bridging NIO (from 04-Java-IO.md) and networking protocols—currently no dedicated networking doc for Java engineers.
• Translate key Markdown docs (e.g., notes/数据结构与算法.md) into English or add English summaries in README, expanding accessibility beyond Mandarin speakers.

This appears to be a fullstack tutorial/learning repository with minimal direct security concerns. The codebase consists primarily of documentation, course materials, and asset files rather than executable code. Key findings: (1) No hardcoded credentials or secrets detected in visible file structure, (2) No obvious injection vulnerabilities as no application code is present, (3) Exposed QR codes could pose minor information disclosure risks, (4) Lack of visible dependency management and CI/CD security controls, (5) No infrastructure/Docker misconfiguration detected. Recommendations: secure any code examples with proper dependency management, remove or rotate QR codes if sensitivity warrants, implement security controls in any CI/CD pipelines, and maintain secure development practices for any contributed code.

• Low · Potential Information Disclosure via WeChat QR Code — assets/wx_group_qrcode.png, assets/wechat/. The repository contains WeChat group QR code images (wx_group_qrcode.png) which may expose group join links or identifiers. If the group is private or sensitive, this could enable unauthorized access. Fix: Remove or rotate QR codes periodically. Consider using time-limited QR codes for sensitive groups. Do not commit sensitive group identifiers to version control.
• Low · Missing Security Headers Configuration — .travis.yml, assets/deploy/deploy.sh. The repository appears to be documentation/tutorial focused. If any web content is served from this repo, there's no evidence of security headers (CSP, X-Frame-Options, X-Content-Type-Options) being configured. Fix: If serving web content, implement security headers via web server configuration (Nginx/Apache) or application middleware. Ensure CSP, HSTS, and X-Frame-Options are properly set.
• Low · No Dependency Management Verification — Repository root. No package.json, pom.xml, requirements.txt, or other dependency manifests are visible in the provided file structure. If this is a tutorial repository with code examples, dependency versions should be explicitly specified and regularly updated. Fix: Include dependency lock files (package-lock.json, pom.lock, Pipfile.lock) for any included code examples. Regularly audit and update dependencies for security patches.
• Low · Insufficient Travis CI Configuration Details — .travis.yml. The .travis.yml file is listed but its content is not provided. Without visibility into CI/CD configuration, potential security misconfigurations cannot be assessed. Fix: Review .travis.yml to ensure: no secrets are hardcoded, secure environment variables are used, build artifacts are not publicly exposed, and security scanning tools are integrated.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.