Personal Developer Platform

RFC-compliant OAuth 2.0 Authorization Server (personal-sso) paired with an AI-powered NestJS Resource Server (portfolio-be) — built from the protocol spec up.

Auth layer: Implements RFC 7591 Dynamic Client Registration, RFC 6749 Authorization Code + PKCE S256, RFC 7009 revocation, and RFC 8414 discovery. Owns the complete flow: GitHub federation, Redis-backed ephemeral state (txn records, auth codes, RT hashes), salted ticket JWTs for the consent leg, and single-use auth codes DEL'd before any failable check to prevent replay. Non-rotating refresh tokens by design. Two-layer ACL gates at the env level before any DB lookup. Soft-deleted clients use a partial unique index so revoked registrations stay available for re-registration.

Portfolio API + AI features: NestJS Resource Server with BullMQ repeatable jobs for LeetCode (hourly) and GitHub (6-hourly) stats aggregation. Two Groq AI features: chunk-streamed SSE piping Llama 3.1-8B completions directly to the client as they arrive, and a structured portfolio gap analysis (Llama 3.3-70B) with career-focused prompt engineering and class-validator output validation before write. Auto-trigger implemented as a global NestJS interceptor that debounces admin mutations into a single delayed BullMQ job using native jobId deduplication — rapid saves collapse into one Groq call automatically.

Infrastructure: Shared Postgres (schema-isolated) + Redis (key-prefix isolated) across services on a self-managed Coolify VPS. GitHub App-triggered deploys, multi-stage Docker builds, Traefik TLS.